summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnas Nashif <anas.nashif@intel.com>2012-11-13 12:30:55 -0800
committerAnas Nashif <anas.nashif@intel.com>2012-11-13 12:30:55 -0800
commitf251dedaa31b48f7c05a4b53c112b40ebca890ef (patch)
treed6c78a1b273417506edb030c96772c8459f5831e
downloadxmlsec1-f251dedaa31b48f7c05a4b53c112b40ebca890ef.tar.gz
xmlsec1-f251dedaa31b48f7c05a4b53c112b40ebca890ef.tar.bz2
xmlsec1-f251dedaa31b48f7c05a4b53c112b40ebca890ef.zip
Imported Upstream version 1.2.18upstream/1.2.18
-rw-r--r--AUTHORS8
-rw-r--r--COPYING105
-rw-r--r--ChangeLog1810
-rw-r--r--Copyright105
-rw-r--r--HACKING199
-rw-r--r--INSTALL38
-rw-r--r--Makefile.am186
-rw-r--r--Makefile.in1155
-rw-r--r--NEWS1
-rw-r--r--README15
-rw-r--r--TODO156
-rw-r--r--aclocal.m41197
-rw-r--r--apps/Makefile.am84
-rw-r--r--apps/Makefile.in694
-rw-r--r--apps/cmdline.c355
-rw-r--r--apps/cmdline.h89
-rw-r--r--apps/crypto.c396
-rw-r--r--apps/crypto.h70
-rw-r--r--apps/xmlsec.c3058
-rwxr-xr-xconfig.guess1502
-rw-r--r--config.h.in134
-rwxr-xr-xconfig.sub1714
-rwxr-xr-xconfigure17363
-rw-r--r--configure.in1633
-rwxr-xr-xdepcomp630
-rw-r--r--docs/Makefile.am65
-rw-r--r--docs/Makefile.in721
-rw-r--r--docs/api/Makefile.am209
-rw-r--r--docs/api/Makefile.in664
-rw-r--r--docs/api/chapters/compiling-and-linking.sgml252
-rw-r--r--docs/api/chapters/creating-templates.sgml325
-rw-r--r--docs/api/chapters/examples.sgml102
-rw-r--r--docs/api/chapters/init-and-shutdown.sgml104
-rw-r--r--docs/api/chapters/new-crypto.sgml487
-rw-r--r--docs/api/chapters/sign-and-encrypt.sgml286
-rw-r--r--docs/api/chapters/using-contexts.sgml138
-rw-r--r--docs/api/chapters/using-keys.sgml26
-rw-r--r--docs/api/chapters/using-keysmngr.sgml592
-rw-r--r--docs/api/chapters/using-transforms.sgml67
-rw-r--r--docs/api/chapters/using-x509-certs.sgml197
-rw-r--r--docs/api/chapters/verify-and-decrypt.sgml265
-rw-r--r--docs/api/home.pngbin0 -> 654 bytes
-rw-r--r--docs/api/images/diagrams.sxdbin0 -> 13616 bytes
-rw-r--r--docs/api/images/encryption-structure.pngbin0 -> 32989 bytes
-rw-r--r--docs/api/images/key.pngbin0 -> 1722 bytes
-rw-r--r--docs/api/images/keysmngr.pngbin0 -> 2227 bytes
-rw-r--r--docs/api/images/sign-enc-model.pngbin0 -> 6273 bytes
-rw-r--r--docs/api/images/signature-structure.pngbin0 -> 33332 bytes
-rw-r--r--docs/api/images/structure.pngbin0 -> 16236 bytes
-rw-r--r--docs/api/images/transform.pngbin0 -> 2659 bytes
-rw-r--r--docs/api/images/transforms-chain.pngbin0 -> 4087 bytes
-rw-r--r--docs/api/images/verif-dec-model.pngbin0 -> 6000 bytes
-rw-r--r--docs/api/index.html307
-rw-r--r--docs/api/index.sgml43
-rw-r--r--docs/api/left.pngbin0 -> 459 bytes
-rw-r--r--docs/api/right.pngbin0 -> 472 bytes
-rw-r--r--docs/api/up.pngbin0 -> 406 bytes
-rw-r--r--docs/api/xmlsec-app.html1525
-rw-r--r--docs/api/xmlsec-base64.html357
-rw-r--r--docs/api/xmlsec-bn.html705
-rw-r--r--docs/api/xmlsec-buffer.html603
-rw-r--r--docs/api/xmlsec-custom-keys-manager.html475
-rw-r--r--docs/api/xmlsec-decrypt-with-keys-mngr.html396
-rw-r--r--docs/api/xmlsec-decrypt-with-signle-key.html326
-rw-r--r--docs/api/xmlsec-dl.html245
-rw-r--r--docs/api/xmlsec-encrypt-dynamic-template.html386
-rw-r--r--docs/api/xmlsec-encrypt-template-file.html364
-rw-r--r--docs/api/xmlsec-encrypt-with-session-key.html495
-rw-r--r--docs/api/xmlsec-encryption-klasses.html101
-rw-r--r--docs/api/xmlsec-errors.html744
-rw-r--r--docs/api/xmlsec-examples-sign-dynamimc-template.html406
-rw-r--r--docs/api/xmlsec-examples-sign-template-file.html388
-rw-r--r--docs/api/xmlsec-examples-sign-x509.html447
-rw-r--r--docs/api/xmlsec-examples.html119
-rw-r--r--docs/api/xmlsec-gcrypt-app.html578
-rw-r--r--docs/api/xmlsec-gcrypt-crypto.html1128
-rw-r--r--docs/api/xmlsec-gcrypt-ref.html107
-rw-r--r--docs/api/xmlsec-gcrypt.sgml15
-rw-r--r--docs/api/xmlsec-gnutls-app.html576
-rw-r--r--docs/api/xmlsec-gnutls-crypto.html1076
-rw-r--r--docs/api/xmlsec-gnutls-ref.html107
-rw-r--r--docs/api/xmlsec-gnutls.sgml15
-rw-r--r--docs/api/xmlsec-index.html1570
-rw-r--r--docs/api/xmlsec-index.sgml1471
-rw-r--r--docs/api/xmlsec-io.html226
-rw-r--r--docs/api/xmlsec-keyinfo.html700
-rw-r--r--docs/api/xmlsec-keys.html1161
-rw-r--r--docs/api/xmlsec-keysdata.html2067
-rw-r--r--docs/api/xmlsec-keysmngr.html743
-rw-r--r--docs/api/xmlsec-list.html643
-rw-r--r--docs/api/xmlsec-membuf.html143
-rw-r--r--docs/api/xmlsec-mscrypto-app.html747
-rw-r--r--docs/api/xmlsec-mscrypto-certkeys.html252
-rw-r--r--docs/api/xmlsec-mscrypto-crypto.html1153
-rw-r--r--docs/api/xmlsec-mscrypto-keysstore.html209
-rw-r--r--docs/api/xmlsec-mscrypto-ref.html113
-rw-r--r--docs/api/xmlsec-mscrypto-x509.html478
-rw-r--r--docs/api/xmlsec-mscrypto.sgml21
-rw-r--r--docs/api/xmlsec-nodeset.html542
-rw-r--r--docs/api/xmlsec-notes-compiling-others.html102
-rw-r--r--docs/api/xmlsec-notes-compiling-unix.html223
-rw-r--r--docs/api/xmlsec-notes-compiling-windows.html138
-rw-r--r--docs/api/xmlsec-notes-compiling.html117
-rw-r--r--docs/api/xmlsec-notes-contexts.html229
-rw-r--r--docs/api/xmlsec-notes-custom-keys-store.html250
-rw-r--r--docs/api/xmlsec-notes-decrypt.html205
-rw-r--r--docs/api/xmlsec-notes-dynamic-encryption-templates.html240
-rw-r--r--docs/api/xmlsec-notes-dynamic-signature-templates.html250
-rw-r--r--docs/api/xmlsec-notes-encrypt.html223
-rw-r--r--docs/api/xmlsec-notes-include-files.html141
-rw-r--r--docs/api/xmlsec-notes-init-shutdown.html194
-rw-r--r--docs/api/xmlsec-notes-keys-manager-sign-enc.html307
-rw-r--r--docs/api/xmlsec-notes-keys-mngr-verify-decrypt.html179
-rw-r--r--docs/api/xmlsec-notes-keys.html120
-rw-r--r--docs/api/xmlsec-notes-keysmngr.html140
-rw-r--r--docs/api/xmlsec-notes-new-crypto-functions.html151
-rw-r--r--docs/api/xmlsec-notes-new-crypto-key-stores.html83
-rw-r--r--docs/api/xmlsec-notes-new-crypto-keys.html103
-rw-r--r--docs/api/xmlsec-notes-new-crypto-klasses.html217
-rw-r--r--docs/api/xmlsec-notes-new-crypto-sharing-results.html125
-rw-r--r--docs/api/xmlsec-notes-new-crypto-simple-keys-mngr.html102
-rw-r--r--docs/api/xmlsec-notes-new-crypto-skeleton.html254
-rw-r--r--docs/api/xmlsec-notes-new-crypto-transforms.html170
-rw-r--r--docs/api/xmlsec-notes-new-crypto.html136
-rw-r--r--docs/api/xmlsec-notes-overview.html102
-rw-r--r--docs/api/xmlsec-notes-sign-encrypt.html120
-rw-r--r--docs/api/xmlsec-notes-sign-x509.html176
-rw-r--r--docs/api/xmlsec-notes-sign.html210
-rw-r--r--docs/api/xmlsec-notes-simple-keys-store.html177
-rw-r--r--docs/api/xmlsec-notes-structure.html115
-rw-r--r--docs/api/xmlsec-notes-templates.html114
-rw-r--r--docs/api/xmlsec-notes-transforms.html154
-rw-r--r--docs/api/xmlsec-notes-verify-decrypt.html120
-rw-r--r--docs/api/xmlsec-notes-verify-x509.html180
-rw-r--r--docs/api/xmlsec-notes-verify.html210
-rw-r--r--docs/api/xmlsec-notes-x509.html114
-rw-r--r--docs/api/xmlsec-notes.html115
-rw-r--r--docs/api/xmlsec-nss-app.html740
-rw-r--r--docs/api/xmlsec-nss-bignum.html176
-rw-r--r--docs/api/xmlsec-nss-crypto.html978
-rw-r--r--docs/api/xmlsec-nss-keysstore.html209
-rw-r--r--docs/api/xmlsec-nss-pkikeys.html211
-rw-r--r--docs/api/xmlsec-nss-ref.html115
-rw-r--r--docs/api/xmlsec-nss-x509.html467
-rw-r--r--docs/api/xmlsec-nss.sgml23
-rw-r--r--docs/api/xmlsec-openssl-app.html800
-rw-r--r--docs/api/xmlsec-openssl-bn.html170
-rw-r--r--docs/api/xmlsec-openssl-crypto.html1329
-rw-r--r--docs/api/xmlsec-openssl-evp.html184
-rw-r--r--docs/api/xmlsec-openssl-ref.html113
-rw-r--r--docs/api/xmlsec-openssl-x509.html567
-rw-r--r--docs/api/xmlsec-openssl.sgml21
-rw-r--r--docs/api/xmlsec-parser.html223
-rw-r--r--docs/api/xmlsec-ref.html149
-rw-r--r--docs/api/xmlsec-reference.html106
-rw-r--r--docs/api/xmlsec-signature-klasses.html101
-rw-r--r--docs/api/xmlsec-templates.html1290
-rw-r--r--docs/api/xmlsec-transforms.html3059
-rw-r--r--docs/api/xmlsec-verify-with-key.html318
-rw-r--r--docs/api/xmlsec-verify-with-keys-mngr.html388
-rw-r--r--docs/api/xmlsec-verify-with-restrictions.html715
-rw-r--r--docs/api/xmlsec-verify-with-x509.html369
-rw-r--r--docs/api/xmlsec-version.html143
-rw-r--r--docs/api/xmlsec-x509.html181
-rw-r--r--docs/api/xmlsec-xmldsig.html853
-rw-r--r--docs/api/xmlsec-xmlenc.html584
-rw-r--r--docs/api/xmlsec-xmlsec.html300
-rw-r--r--docs/api/xmlsec-xmltree.html1529
-rw-r--r--docs/api/xmlsec.sgml307
-rw-r--r--docs/authors.html59
-rw-r--r--docs/bugs.html106
-rw-r--r--docs/c14n.html73
-rw-r--r--docs/documentation.html65
-rw-r--r--docs/download.html115
-rw-r--r--docs/faq.html449
-rw-r--r--docs/images/bart.gifbin0 -> 27329 bytes
-rw-r--r--docs/images/libxml2-logo.pngbin0 -> 5524 bytes
-rw-r--r--docs/images/libxslt-logo.pngbin0 -> 5450 bytes
-rw-r--r--docs/images/logo.gifbin0 -> 1780 bytes
-rw-r--r--docs/images/openssl-logo.pngbin0 -> 6807 bytes
-rw-r--r--docs/images/xmlsec-logo.gifbin0 -> 359 bytes
-rw-r--r--docs/index.html109
-rw-r--r--docs/news.html545
-rw-r--r--docs/related.html165
-rw-r--r--docs/xmldsig-verifier.html138
-rw-r--r--docs/xmldsig.html646
-rw-r--r--docs/xmlenc.html464
-rw-r--r--docs/xmlsec-man.html291
-rw-r--r--docs/xmlsec.xsl194
-rw-r--r--examples/Makefile40
-rw-r--r--examples/Makefile.w3288
-rw-r--r--examples/README126
-rw-r--r--examples/binary.dat1
-rw-r--r--examples/decrypt1.c223
-rw-r--r--examples/decrypt2.c293
-rw-r--r--examples/decrypt3.c372
-rw-r--r--examples/deskey.bin1
-rw-r--r--examples/encrypt1-res.xml13
-rw-r--r--examples/encrypt1-tmpl.xml13
-rw-r--r--examples/encrypt1.c219
-rw-r--r--examples/encrypt2-doc.xml9
-rw-r--r--examples/encrypt2-res.xml14
-rw-r--r--examples/encrypt2.c244
-rw-r--r--examples/encrypt3-doc.xml9
-rw-r--r--examples/encrypt3-res.xml27
-rw-r--r--examples/encrypt3.c340
-rw-r--r--examples/mywin32make.bat18
-rw-r--r--examples/rootcert.pem25
-rw-r--r--examples/rsacert.pem83
-rw-r--r--examples/rsakey.pem27
-rw-r--r--examples/rsapub.pem9
-rw-r--r--examples/sign1-res.xml31
-rw-r--r--examples/sign1-tmpl.xml27
-rw-r--r--examples/sign1.c212
-rw-r--r--examples/sign2-doc.xml9
-rw-r--r--examples/sign2-res.xml30
-rw-r--r--examples/sign2.c248
-rw-r--r--examples/sign3-doc.xml9
-rw-r--r--examples/sign3-res.xml58
-rw-r--r--examples/sign3.c261
-rw-r--r--examples/verify1.c215
-rw-r--r--examples/verify2.c285
-rw-r--r--examples/verify3.c266
-rw-r--r--examples/verify4-bad-res.xml90
-rw-r--r--examples/verify4-bad-tmpl.xml54
-rw-r--r--examples/verify4-res.xml80
-rw-r--r--examples/verify4-tmpl.xml47
-rw-r--r--examples/verify4.c309
-rw-r--r--examples/xkms-server.c839
-rw-r--r--examples/xmldsigverify.c381
-rw-r--r--include/Makefile.am4
-rw-r--r--include/Makefile.in656
-rw-r--r--include/xmlsec/Makefile.am63
-rw-r--r--include/xmlsec/Makefile.in767
-rw-r--r--include/xmlsec/app.h424
-rw-r--r--include/xmlsec/base64.h67
-rw-r--r--include/xmlsec/bn.h99
-rw-r--r--include/xmlsec/buffer.h108
-rw-r--r--include/xmlsec/crypto.h75
-rw-r--r--include/xmlsec/dl.h56
-rw-r--r--include/xmlsec/errors.h504
-rw-r--r--include/xmlsec/exports.h111
-rw-r--r--include/xmlsec/gcrypt/Makefile.am13
-rw-r--r--include/xmlsec/gcrypt/Makefile.in564
-rw-r--r--include/xmlsec/gcrypt/app.h96
-rw-r--r--include/xmlsec/gcrypt/crypto.h460
-rw-r--r--include/xmlsec/gcrypt/symbols.h104
-rw-r--r--include/xmlsec/gnutls/Makefile.am14
-rw-r--r--include/xmlsec/gnutls/Makefile.in565
-rw-r--r--include/xmlsec/gnutls/app.h96
-rw-r--r--include/xmlsec/gnutls/crypto.h462
-rw-r--r--include/xmlsec/gnutls/symbols.h104
-rw-r--r--include/xmlsec/gnutls/x509.h110
-rw-r--r--include/xmlsec/io.h54
-rw-r--r--include/xmlsec/keyinfo.h285
-rw-r--r--include/xmlsec/keys.h278
-rw-r--r--include/xmlsec/keysdata.h837
-rw-r--r--include/xmlsec/keysmngr.h264
-rw-r--r--include/xmlsec/list.h194
-rw-r--r--include/xmlsec/membuf.h44
-rw-r--r--include/xmlsec/mscrypto/Makefile.am16
-rw-r--r--include/xmlsec/mscrypto/Makefile.in567
-rw-r--r--include/xmlsec/mscrypto/app.h116
-rw-r--r--include/xmlsec/mscrypto/certkeys.h42
-rw-r--r--include/xmlsec/mscrypto/crypto.h516
-rw-r--r--include/xmlsec/mscrypto/keysstore.h48
-rw-r--r--include/xmlsec/mscrypto/symbols.h114
-rw-r--r--include/xmlsec/mscrypto/x509.h92
-rw-r--r--include/xmlsec/nodeset.h139
-rw-r--r--include/xmlsec/nss/Makefile.am17
-rw-r--r--include/xmlsec/nss/Makefile.in568
-rw-r--r--include/xmlsec/nss/app.h118
-rw-r--r--include/xmlsec/nss/bignum.h37
-rw-r--r--include/xmlsec/nss/crypto.h469
-rw-r--r--include/xmlsec/nss/keysstore.h46
-rw-r--r--include/xmlsec/nss/pkikeys.h44
-rw-r--r--include/xmlsec/nss/symbols.h106
-rw-r--r--include/xmlsec/nss/x509.h91
-rw-r--r--include/xmlsec/openssl/Makefile.am16
-rw-r--r--include/xmlsec/openssl/Makefile.in567
-rw-r--r--include/xmlsec/openssl/app.h128
-rw-r--r--include/xmlsec/openssl/bn.h35
-rw-r--r--include/xmlsec/openssl/crypto.h561
-rw-r--r--include/xmlsec/openssl/evp.h44
-rw-r--r--include/xmlsec/openssl/symbols.h123
-rw-r--r--include/xmlsec/openssl/x509.h109
-rw-r--r--include/xmlsec/parser.h51
-rw-r--r--include/xmlsec/private.h489
-rw-r--r--include/xmlsec/private/Makefile.am12
-rw-r--r--include/xmlsec/private/Makefile.in563
-rw-r--r--include/xmlsec/private/xkms.h121
-rw-r--r--include/xmlsec/private/xslt.h34
-rw-r--r--include/xmlsec/skeleton/Makefile.am13
-rw-r--r--include/xmlsec/skeleton/app.h97
-rw-r--r--include/xmlsec/skeleton/crypto.h40
-rw-r--r--include/xmlsec/skeleton/symbols.h117
-rw-r--r--include/xmlsec/soap.h130
-rw-r--r--include/xmlsec/strings.h610
-rw-r--r--include/xmlsec/templates.h162
-rw-r--r--include/xmlsec/transforms.h994
-rw-r--r--include/xmlsec/version.h61
-rw-r--r--include/xmlsec/version.h.in61
-rw-r--r--include/xmlsec/x509.h80
-rw-r--r--include/xmlsec/xkms.h652
-rw-r--r--include/xmlsec/xmldsig.h281
-rw-r--r--include/xmlsec/xmlenc.h163
-rw-r--r--include/xmlsec/xmlsec.h216
-rw-r--r--include/xmlsec/xmltree.h275
-rwxr-xr-xinstall-sh520
-rwxr-xr-xltmain.sh8413
-rw-r--r--m4/libtool.m47377
-rw-r--r--m4/ltoptions.m4368
-rw-r--r--m4/ltsugar.m4123
-rw-r--r--m4/ltversion.m423
-rw-r--r--m4/lt~obsolete.m492
-rw-r--r--man/Makefile.am52
-rw-r--r--man/Makefile.in582
-rw-r--r--man/xmlsec1-config.134
-rw-r--r--man/xmlsec1.1269
-rwxr-xr-xmissing376
-rwxr-xr-xscripts/build_release.sh33
-rwxr-xr-xscripts/change-release.sh34
-rwxr-xr-xscripts/push_release.sh30
-rwxr-xr-xscripts/remove-gtkdoclink.pl20
-rwxr-xr-xscripts/test_errors.pl38
-rwxr-xr-xscripts/test_release.sh12
-rw-r--r--src/Makefile.am71
-rw-r--r--src/Makefile.in878
-rw-r--r--src/app.c1498
-rw-r--r--src/base64.c1034
-rw-r--r--src/bn.c1060
-rw-r--r--src/buffer.c674
-rw-r--r--src/c14n.c801
-rw-r--r--src/dl.c994
-rw-r--r--src/enveloped.c152
-rw-r--r--src/errors.c242
-rw-r--r--src/gcrypt/Makefile.am55
-rw-r--r--src/gcrypt/Makefile.in764
-rw-r--r--src/gcrypt/README9
-rw-r--r--src/gcrypt/app.c663
-rw-r--r--src/gcrypt/asn1.c602
-rw-r--r--src/gcrypt/asn1.h39
-rw-r--r--src/gcrypt/asymkeys.c1920
-rw-r--r--src/gcrypt/ciphers.c855
-rw-r--r--src/gcrypt/crypto.c315
-rw-r--r--src/gcrypt/digests.c614
-rw-r--r--src/gcrypt/globals.h30
-rw-r--r--src/gcrypt/hmac.c823
-rw-r--r--src/gcrypt/kw_aes.c593
-rw-r--r--src/gcrypt/kw_des.c607
-rw-r--r--src/gcrypt/signatures.c1490
-rw-r--r--src/gcrypt/symkeys.c441
-rw-r--r--src/globals.h25
-rw-r--r--src/gnutls/Makefile.am58
-rw-r--r--src/gnutls/Makefile.in786
-rw-r--r--src/gnutls/README6
-rw-r--r--src/gnutls/app.c998
-rw-r--r--src/gnutls/asymkeys.c455
-rw-r--r--src/gnutls/ciphers.c82
-rw-r--r--src/gnutls/crypto.c351
-rw-r--r--src/gnutls/digests.c112
-rw-r--r--src/gnutls/globals.h31
-rw-r--r--src/gnutls/hmac.c141
-rw-r--r--src/gnutls/kw_aes.c72
-rw-r--r--src/gnutls/kw_des.c51
-rw-r--r--src/gnutls/signatures.c148
-rw-r--r--src/gnutls/symkeys.c125
-rw-r--r--src/gnutls/x509.c1960
-rw-r--r--src/gnutls/x509utils.c1687
-rw-r--r--src/gnutls/x509utils.h143
-rw-r--r--src/gnutls/x509vfy.c802
-rw-r--r--src/io.c496
-rw-r--r--src/keyinfo.c1561
-rw-r--r--src/keys.c1415
-rw-r--r--src/keysdata.c1387
-rw-r--r--src/keysmngr.c745
-rw-r--r--src/kw_aes_des.c493
-rw-r--r--src/kw_aes_des.h148
-rw-r--r--src/list.c534
-rw-r--r--src/membuf.c209
-rw-r--r--src/mscrypto/Makefile.am62
-rw-r--r--src/mscrypto/Makefile.in799
-rw-r--r--src/mscrypto/README39
-rw-r--r--src/mscrypto/app.c1289
-rw-r--r--src/mscrypto/certkeys.c2615
-rw-r--r--src/mscrypto/ciphers.c937
-rw-r--r--src/mscrypto/crypto.c889
-rw-r--r--src/mscrypto/csp_calg.h105
-rw-r--r--src/mscrypto/csp_oid.h114
-rw-r--r--src/mscrypto/digests.c668
-rw-r--r--src/mscrypto/globals.h39
-rw-r--r--src/mscrypto/hmac.c963
-rw-r--r--src/mscrypto/keysstore.c620
-rw-r--r--src/mscrypto/kt_rsa.c631
-rw-r--r--src/mscrypto/kw_aes.c662
-rw-r--r--src/mscrypto/kw_des.c730
-rw-r--r--src/mscrypto/mingw-crypt32.def36
-rw-r--r--src/mscrypto/private.h130
-rw-r--r--src/mscrypto/signatures.c960
-rw-r--r--src/mscrypto/symkeys.c824
-rw-r--r--src/mscrypto/x509.c2281
-rw-r--r--src/mscrypto/x509vfy.c1406
-rw-r--r--src/mscrypto/xmlsec-mingw.h210
-rw-r--r--src/nodeset.c610
-rw-r--r--src/nss/Makefile.am57
-rw-r--r--src/nss/Makefile.in798
-rw-r--r--src/nss/README128
-rw-r--r--src/nss/app.c1598
-rw-r--r--src/nss/bignum.c163
-rw-r--r--src/nss/ciphers.c838
-rw-r--r--src/nss/crypto.c444
-rw-r--r--src/nss/digests.c576
-rw-r--r--src/nss/globals.h24
-rw-r--r--src/nss/hmac.c855
-rw-r--r--src/nss/keysstore.c485
-rw-r--r--src/nss/keytrans.c753
-rw-r--r--src/nss/kw_aes.c681
-rw-r--r--src/nss/kw_des.c663
-rw-r--r--src/nss/pkikeys.c1554
-rw-r--r--src/nss/signatures.c841
-rw-r--r--src/nss/symkeys.c440
-rw-r--r--src/nss/x509.c2223
-rw-r--r--src/nss/x509vfy.c808
-rw-r--r--src/openssl/Makefile.am56
-rw-r--r--src/openssl/Makefile.in790
-rw-r--r--src/openssl/README17
-rw-r--r--src/openssl/app.c1628
-rw-r--r--src/openssl/bn.c163
-rw-r--r--src/openssl/ciphers.c856
-rw-r--r--src/openssl/crypto.c491
-rw-r--r--src/openssl/digests.c682
-rw-r--r--src/openssl/evp.c1559
-rw-r--r--src/openssl/globals.h24
-rw-r--r--src/openssl/hmac.c857
-rw-r--r--src/openssl/kt_rsa.c876
-rw-r--r--src/openssl/kw_aes.c513
-rw-r--r--src/openssl/kw_des.c563
-rw-r--r--src/openssl/signatures.c1065
-rw-r--r--src/openssl/symkeys.c447
-rw-r--r--src/openssl/x509.c2414
-rw-r--r--src/openssl/x509vfy.c1284
-rw-r--r--src/parser.c571
-rw-r--r--src/skeleton/Makefile.am45
-rw-r--r--src/skeleton/README0
-rw-r--r--src/skeleton/app.c499
-rw-r--r--src/skeleton/crypto.c260
-rw-r--r--src/skeleton/globals.h24
-rw-r--r--src/soap.c1322
-rw-r--r--src/strings.c597
-rw-r--r--src/templates.c2091
-rw-r--r--src/transforms.c2902
-rw-r--r--src/x509.c97
-rw-r--r--src/xkms.c4981
-rw-r--r--src/xmldsig.c1795
-rw-r--r--src/xmlenc.c1339
-rw-r--r--src/xmlsec.c185
-rw-r--r--src/xmltree.c1908
-rw-r--r--src/xpath.c1148
-rw-r--r--src/xslt.c617
-rw-r--r--tests/01-phaos-xmlenc-3/Readme.txt52
-rw-r--r--tests/01-phaos-xmlenc-3/bad-alg-enc-element-aes128-kw-3des.xml29
-rw-r--r--tests/01-phaos-xmlenc-3/dh-priv-key.derbin0 -> 114 bytes
-rw-r--r--tests/01-phaos-xmlenc-3/enc-content-3des-kw-aes192.data9
-rw-r--r--tests/01-phaos-xmlenc-3/enc-content-3des-kw-aes192.tmpl22
-rw-r--r--tests/01-phaos-xmlenc-3/enc-content-3des-kw-aes192.xml30
-rw-r--r--tests/01-phaos-xmlenc-3/enc-content-aes128-kw-3des.data9
-rw-r--r--tests/01-phaos-xmlenc-3/enc-content-aes128-kw-3des.tmpl22
-rw-r--r--tests/01-phaos-xmlenc-3/enc-content-aes128-kw-3des.xml30
-rw-r--r--tests/01-phaos-xmlenc-3/enc-content-aes192-kw-aes256.data9
-rw-r--r--tests/01-phaos-xmlenc-3/enc-content-aes192-kw-aes256.tmpl22
-rw-r--r--tests/01-phaos-xmlenc-3/enc-content-aes192-kw-aes256.xml30
-rw-r--r--tests/01-phaos-xmlenc-3/enc-content-aes256-kt-rsa1_5.data9
-rw-r--r--tests/01-phaos-xmlenc-3/enc-content-aes256-kt-rsa1_5.tmpl24
-rw-r--r--tests/01-phaos-xmlenc-3/enc-content-aes256-kt-rsa1_5.xml63
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-3des-ka-dh.xml83
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-3des-kt-rsa1_5.data9
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-3des-kt-rsa1_5.tmpl23
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-3des-kt-rsa1_5.xml61
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha1.data9
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha1.tmpl22
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha1.xml63
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha256.xml63
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha512.xml63
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-3des-kw-3des.data9
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-3des-kw-3des.tmpl22
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-3des-kw-3des.xml29
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-aes128-ka-dh.xml83
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-aes128-kt-rsa1_5.data9
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-aes128-kt-rsa1_5.tmpl20
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-aes128-kt-rsa1_5.xml61
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-aes128-kt-rsa_oaep_sha1.data9
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-aes128-kt-rsa_oaep_sha1.tmpl22
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-aes128-kt-rsa_oaep_sha1.xml63
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-aes128-kw-aes128.data9
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-aes128-kw-aes128.tmpl22
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-aes128-kw-aes128.xml29
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-aes128-kw-aes256.data9
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-aes128-kw-aes256.tmpl22
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-aes128-kw-aes256.xml29
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-aes192-ka-dh.xml83
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-aes192-kt-rsa_oaep_sha1.data9
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-aes192-kt-rsa_oaep_sha1.tmpl22
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-aes192-kt-rsa_oaep_sha1.xml63
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-aes192-kw-aes192.data9
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-aes192-kw-aes192.tmpl22
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-aes192-kw-aes192.xml29
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-aes256-ka-dh.xml83
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-aes256-kw-aes256.data9
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-aes256-kw-aes256.tmpl22
-rw-r--r--tests/01-phaos-xmlenc-3/enc-element-aes256-kw-aes256.xml29
-rw-r--r--tests/01-phaos-xmlenc-3/enc-text-3des-kw-aes256.data9
-rw-r--r--tests/01-phaos-xmlenc-3/enc-text-3des-kw-aes256.tmpl23
-rw-r--r--tests/01-phaos-xmlenc-3/enc-text-3des-kw-aes256.xml32
-rw-r--r--tests/01-phaos-xmlenc-3/enc-text-aes128-kw-aes192.data9
-rw-r--r--tests/01-phaos-xmlenc-3/enc-text-aes128-kw-aes192.tmpl21
-rw-r--r--tests/01-phaos-xmlenc-3/enc-text-aes128-kw-aes192.xml28
-rw-r--r--tests/01-phaos-xmlenc-3/enc-text-aes192-kt-rsa1_5.data9
-rw-r--r--tests/01-phaos-xmlenc-3/enc-text-aes192-kt-rsa1_5.tmpl20
-rw-r--r--tests/01-phaos-xmlenc-3/enc-text-aes192-kt-rsa1_5.xml62
-rw-r--r--tests/01-phaos-xmlenc-3/enc-text-aes256-kt-rsa_oaep_sha1.data9
-rw-r--r--tests/01-phaos-xmlenc-3/enc-text-aes256-kt-rsa_oaep_sha1.tmpl22
-rw-r--r--tests/01-phaos-xmlenc-3/enc-text-aes256-kt-rsa_oaep_sha1.xml64
-rw-r--r--tests/01-phaos-xmlenc-3/key.txt117
-rw-r--r--tests/01-phaos-xmlenc-3/keys.xml61
-rw-r--r--tests/01-phaos-xmlenc-3/payment.xml9
-rw-r--r--tests/01-phaos-xmlenc-3/rsa-priv-key.derbin0 -> 1216 bytes
-rw-r--r--tests/01-phaos-xmlenc-3/rsa-priv-key.p12bin0 -> 2454 bytes
-rw-r--r--tests/aleksey-xkms-01/bad-request-name-not-supported.xml2
-rw-r--r--tests/aleksey-xkms-01/bad-request-name.xml10
-rw-r--r--tests/aleksey-xkms-01/compound-example-1-no-match.xml7
-rw-r--r--tests/aleksey-xkms-01/compound-example-1.xml51
-rw-r--r--tests/aleksey-xkms-01/keys/cert1.derbin0 -> 1137 bytes
-rw-r--r--tests/aleksey-xkms-01/keys/cert1.pem26
-rw-r--r--tests/aleksey-xkms-01/keys/cert2.derbin0 -> 1065 bytes
-rw-r--r--tests/aleksey-xkms-01/keys/cert2.pem25
-rw-r--r--tests/aleksey-xkms-01/keys/cert3.derbin0 -> 1041 bytes
-rw-r--r--tests/aleksey-xkms-01/keys/cert3.pem24
-rwxr-xr-xtests/aleksey-xkms-01/keys/create-keys.sh73
-rw-r--r--tests/aleksey-xkms-01/keys/key1-pk8.derbin0 -> 677 bytes
-rw-r--r--tests/aleksey-xkms-01/keys/key1.derbin0 -> 608 bytes
-rw-r--r--tests/aleksey-xkms-01/keys/key1.p12bin0 -> 2206 bytes
-rw-r--r--tests/aleksey-xkms-01/keys/key1.pem18
-rw-r--r--tests/aleksey-xkms-01/keys/key2-pk8.derbin0 -> 389 bytes
-rw-r--r--tests/aleksey-xkms-01/keys/key2.derbin0 -> 320 bytes
-rw-r--r--tests/aleksey-xkms-01/keys/key2.p12bin0 -> 1846 bytes
-rw-r--r--tests/aleksey-xkms-01/keys/key2.pem9
-rw-r--r--tests/aleksey-xkms-01/keys/key3-pk8.derbin0 -> 389 bytes
-rw-r--r--tests/aleksey-xkms-01/keys/key3.derbin0 -> 318 bytes
-rw-r--r--tests/aleksey-xkms-01/keys/key3.p12bin0 -> 1822 bytes
-rw-r--r--tests/aleksey-xkms-01/keys/key3.pem9
-rw-r--r--tests/aleksey-xkms-01/keys/openssl.cnf106
-rw-r--r--tests/aleksey-xkms-01/keys/req2.pem11
-rw-r--r--tests/aleksey-xkms-01/keys/req3.pem11
-rw-r--r--tests/aleksey-xkms-01/locate-example-1-bad-service.xml2
-rw-r--r--tests/aleksey-xkms-01/locate-example-1-no-match.xml2
-rw-r--r--tests/aleksey-xkms-01/locate-example-1.xml18
-rw-r--r--tests/aleksey-xkms-01/locate-example-2-no-match.xml2
-rw-r--r--tests/aleksey-xkms-01/locate-example-2.xml39
-rw-r--r--tests/aleksey-xkms-01/locate-opaque-client-data-no-match.xml2
-rw-r--r--tests/aleksey-xkms-01/locate-opaque-client-data.xml32
-rw-r--r--tests/aleksey-xkms-01/readme.txt117
-rw-r--r--tests/aleksey-xkms-01/soap11-bad-request-name-msg-invalid.xml9
-rw-r--r--tests/aleksey-xkms-01/soap11-bad-request-name.xml14
-rw-r--r--tests/aleksey-xkms-01/soap11-locate-example-1-no-match.xml6
-rw-r--r--tests/aleksey-xkms-01/soap11-locate-example-1-unsupported.xml13
-rw-r--r--tests/aleksey-xkms-01/soap11-locate-example-1.xml23
-rw-r--r--tests/aleksey-xkms-01/soap12-bad-request-name-msg-invalid.xml11
-rw-r--r--tests/aleksey-xkms-01/soap12-bad-request-name.xml14
-rw-r--r--tests/aleksey-xkms-01/soap12-locate-example-1-no-match.xml6
-rw-r--r--tests/aleksey-xkms-01/soap12-locate-example-1-unsupported.xml9
-rw-r--r--tests/aleksey-xkms-01/soap12-locate-example-1.xml23
-rw-r--r--tests/aleksey-xkms-01/status-request-success.xml2
-rw-r--r--tests/aleksey-xkms-01/status-request.xml7
-rw-r--r--tests/aleksey-xkms-01/validate-example-1-no-match.xml2
-rw-r--r--tests/aleksey-xkms-01/validate-example-1.xml65
-rw-r--r--tests/aleksey-xmldsig-01/README47
-rw-r--r--tests/aleksey-xmldsig-01/dtd-hmac-91.dtd1
-rw-r--r--tests/aleksey-xmldsig-01/dtd-hmac-91.tmpl27
-rw-r--r--tests/aleksey-xmldsig-01/dtd-hmac-91.xml27
-rw-r--r--tests/aleksey-xmldsig-01/enveloped-gost.tmpl31
-rw-r--r--tests/aleksey-xmldsig-01/enveloped-gost.xml42
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-dsa-x509chain.tmpl18
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-dsa-x509chain.xml87
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-expired-cert.tmpl18
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-expired-cert.xml85
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-md5-hmac-md5-64.tmpl16
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-md5-hmac-md5-64.xml15
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-md5-hmac-md5.tmpl14
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-md5-hmac-md5.xml13
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-md5-rsa-md5.tmpl17
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-md5-rsa-md5.xml85
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160-64.tmpl16
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160-64.xml15
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160.tmpl14
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160.xml13
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-ripemd160-rsa-ripemd160.tmpl17
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-ripemd160-rsa-ripemd160.xml85
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-rsa-x509chain.tmpl18
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-rsa-x509chain.xml85
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-sha1-hmac-sha1-64.tmpl16
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-sha1-hmac-sha1-64.xml15
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-sha1-hmac-sha1.tmpl14
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-sha1-hmac-sha1.xml13
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-sha1-rsa-sha1.tmpl17
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-sha1-rsa-sha1.xml85
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-sha224-hmac-sha224-64.tmpl16
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-sha224-hmac-sha224-64.xml15
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-sha224-hmac-sha224.tmpl14
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-sha224-hmac-sha224.xml13
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-sha224-rsa-sha224.tmpl17
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-sha224-rsa-sha224.xml85
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-sha256-hmac-sha256-64.tmpl16
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-sha256-hmac-sha256-64.xml15
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-sha256-hmac-sha256.tmpl14
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-sha256-hmac-sha256.xml13
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-sha256-rsa-sha256.tmpl17
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-sha256-rsa-sha256.xml85
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-sha384-hmac-sha384-64.tmpl16
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-sha384-hmac-sha384-64.xml15
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-sha384-hmac-sha384.tmpl14
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-sha384-hmac-sha384.xml13
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-sha384-rsa-sha384.tmpl17
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-sha384-rsa-sha384.xml103
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-sha512-hmac-sha512-64.tmpl16
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-sha512-hmac-sha512-64.xml16
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-sha512-hmac-sha512.tmpl14
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-sha512-hmac-sha512.xml15
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-sha512-rsa-sha512.tmpl17
-rw-r--r--tests/aleksey-xmldsig-01/enveloping-sha512-rsa-sha512.xml104
-rwxr-xr-xtests/aleksey-xmldsig-01/x509data-sn-test.tmpl27
-rwxr-xr-xtests/aleksey-xmldsig-01/x509data-sn-test.xml40
-rw-r--r--tests/aleksey-xmldsig-01/x509data-test.tmpl31
-rw-r--r--tests/aleksey-xmldsig-01/x509data-test.xml117
-rw-r--r--tests/aleksey-xmldsig-01/xpointer-hmac.tmpl29
-rw-r--r--tests/aleksey-xmldsig-01/xpointer-hmac.xml28
-rw-r--r--tests/aleksey-xmlenc-01/enc-aes128cbc-keyname.data1
-rw-r--r--tests/aleksey-xmlenc-01/enc-aes128cbc-keyname.tmpl11
-rw-r--r--tests/aleksey-xmlenc-01/enc-aes128cbc-keyname.xml12
-rw-r--r--tests/aleksey-xmlenc-01/enc-aes192cbc-keyname-ref.data1
-rw-r--r--tests/aleksey-xmlenc-01/enc-aes192cbc-keyname-ref.xml21
-rw-r--r--tests/aleksey-xmlenc-01/enc-aes192cbc-keyname.data1
-rw-r--r--tests/aleksey-xmlenc-01/enc-aes192cbc-keyname.tmpl11
-rw-r--r--tests/aleksey-xmlenc-01/enc-aes192cbc-keyname.xml12
-rw-r--r--tests/aleksey-xmlenc-01/enc-aes256cbc-keyname.data1
-rw-r--r--tests/aleksey-xmlenc-01/enc-aes256cbc-keyname.tmpl10
-rw-r--r--tests/aleksey-xmlenc-01/enc-aes256cbc-keyname.xml12
-rw-r--r--tests/aleksey-xmlenc-01/enc-des3cbc-aes192-keyname.data1
-rw-r--r--tests/aleksey-xmlenc-01/enc-des3cbc-aes192-keyname.tmpl16
-rw-r--r--tests/aleksey-xmlenc-01/enc-des3cbc-aes192-keyname.xml18
-rw-r--r--tests/aleksey-xmlenc-01/enc-des3cbc-keyname-content.data7
-rw-r--r--tests/aleksey-xmlenc-01/enc-des3cbc-keyname-content.tmpl11
-rw-r--r--tests/aleksey-xmlenc-01/enc-des3cbc-keyname-content.xml15
-rw-r--r--tests/aleksey-xmlenc-01/enc-des3cbc-keyname-element-root.data7
-rw-r--r--tests/aleksey-xmlenc-01/enc-des3cbc-keyname-element-root.tmpl11
-rw-r--r--tests/aleksey-xmlenc-01/enc-des3cbc-keyname-element-root.xml15
-rw-r--r--tests/aleksey-xmlenc-01/enc-des3cbc-keyname-element.data9
-rw-r--r--tests/aleksey-xmlenc-01/enc-des3cbc-keyname-element.tmpl11
-rw-r--r--tests/aleksey-xmlenc-01/enc-des3cbc-keyname-element.xml17
-rw-r--r--tests/aleksey-xmlenc-01/enc-des3cbc-keyname.data1
-rw-r--r--tests/aleksey-xmlenc-01/enc-des3cbc-keyname.tmpl8
-rw-r--r--tests/aleksey-xmlenc-01/enc-des3cbc-keyname.xml8
-rw-r--r--tests/aleksey-xmlenc-01/enc-des3cbc-keyname2.data1
-rw-r--r--tests/aleksey-xmlenc-01/enc-des3cbc-keyname2.tmpl10
-rw-r--r--tests/aleksey-xmlenc-01/enc-des3cbc-keyname2.xml12
-rw-r--r--tests/keys/README203
-rw-r--r--tests/keys/ca2cert.derbin0 -> 1049 bytes
-rw-r--r--tests/keys/ca2cert.pem66
-rw-r--r--tests/keys/ca2key.pem9
-rw-r--r--tests/keys/cacert.derbin0 -> 1105 bytes
-rw-r--r--tests/keys/cacert.pem72
-rw-r--r--tests/keys/cakey.pem18
-rw-r--r--tests/keys/demoCA/cacert.pem72
-rw-r--r--tests/keys/demoCA/careq.pem14
-rw-r--r--tests/keys/demoCA/index.txt6
-rw-r--r--tests/keys/demoCA/newcerts/01.pem65
-rw-r--r--tests/keys/demoCA/newcerts/02.pem93
-rw-r--r--tests/keys/demoCA/newcerts/03.pem60
-rw-r--r--tests/keys/demoCA/newcerts/04.pem60
-rw-r--r--tests/keys/demoCA/newcerts/05.pem83
-rw-r--r--tests/keys/demoCA/private/cakey.pem18
-rw-r--r--tests/keys/demoCA/serial1
-rw-r--r--tests/keys/dsacert.derbin0 -> 1144 bytes
-rw-r--r--tests/keys/dsacert.pem78
-rw-r--r--tests/keys/dsakey.derbin0 -> 250 bytes
-rw-r--r--tests/keys/dsakey.p12bin0 -> 4047 bytes
-rw-r--r--tests/keys/dsakey.p8-derbin0 -> 243 bytes
-rw-r--r--tests/keys/dsakey.p8-pem8
-rw-r--r--tests/keys/dsakey.pem14
-rw-r--r--tests/keys/expiredcert.derbin0 -> 991 bytes
-rw-r--r--tests/keys/expiredcert.pem61
-rw-r--r--tests/keys/expiredkey.derbin0 -> 317 bytes
-rw-r--r--tests/keys/expiredkey.p12bin0 -> 4056 bytes
-rw-r--r--tests/keys/expiredkey.pem9
-rw-r--r--tests/keys/expiredreq.pem11
-rw-r--r--tests/keys/gost2001ca.derbin0 -> 527 bytes
-rw-r--r--tests/keys/gost2001ca.pem13
-rw-r--r--tests/keys/hmackey.bin1
-rw-r--r--tests/keys/keys.xml83
-rw-r--r--tests/keys/largersacert.derbin0 -> 1437 bytes
-rw-r--r--tests/keys/largersacert.pem100
-rw-r--r--tests/keys/largersakey-win.p12bin0 -> 6656 bytes
-rw-r--r--tests/keys/largersakey-winxp.p12bin0 -> 6683 bytes
-rw-r--r--tests/keys/largersakey.derbin0 -> 2348 bytes
-rw-r--r--tests/keys/largersakey.p12bin0 -> 6532 bytes
-rw-r--r--tests/keys/largersakey.p8-derbin0 -> 2413 bytes
-rw-r--r--tests/keys/largersakey.p8-pem53
-rw-r--r--tests/keys/largersakey.pem51
-rw-r--r--tests/keys/largersareq.pem30
-rw-r--r--tests/keys/merlincert.pem20
-rw-r--r--tests/keys/openssl.cnf316
-rw-r--r--tests/keys/rsacert.derbin0 -> 995 bytes
-rw-r--r--tests/keys/rsacert.pem61
-rw-r--r--tests/keys/rsakey-win.p12bin0 -> 4166 bytes
-rw-r--r--tests/keys/rsakey-winxp.p12bin0 -> 4193 bytes
-rw-r--r--tests/keys/rsakey.derbin0 -> 320 bytes
-rw-r--r--tests/keys/rsakey.p12bin0 -> 4042 bytes
-rw-r--r--tests/keys/rsakey.p8-derbin0 -> 389 bytes
-rw-r--r--tests/keys/rsakey.p8-pem11
-rw-r--r--tests/keys/rsakey.pem9
-rw-r--r--tests/merlin-c14n-three/Readme.txt20
-rw-r--r--tests/merlin-c14n-three/c14n-0.txt15
-rw-r--r--tests/merlin-c14n-three/c14n-1.txt15
-rw-r--r--tests/merlin-c14n-three/c14n-10.txt15
-rw-r--r--tests/merlin-c14n-three/c14n-11.txt15
-rw-r--r--tests/merlin-c14n-three/c14n-12.txt15
-rw-r--r--tests/merlin-c14n-three/c14n-13.txt15
-rw-r--r--tests/merlin-c14n-three/c14n-14.txt15
-rw-r--r--tests/merlin-c14n-three/c14n-15.txt0
-rw-r--r--tests/merlin-c14n-three/c14n-16.txt0
-rw-r--r--tests/merlin-c14n-three/c14n-17.txt15
-rw-r--r--tests/merlin-c14n-three/c14n-18.txt15
-rw-r--r--tests/merlin-c14n-three/c14n-19.txt15
-rw-r--r--tests/merlin-c14n-three/c14n-2.txt15
-rw-r--r--tests/merlin-c14n-three/c14n-20.txt15
-rw-r--r--tests/merlin-c14n-three/c14n-21.txt15
-rw-r--r--tests/merlin-c14n-three/c14n-22.txt15
-rw-r--r--tests/merlin-c14n-three/c14n-23.txt15
-rw-r--r--tests/merlin-c14n-three/c14n-24.txt1
-rw-r--r--tests/merlin-c14n-three/c14n-25.txt0
-rw-r--r--tests/merlin-c14n-three/c14n-26.txt15
-rw-r--r--tests/merlin-c14n-three/c14n-27.txt430
-rw-r--r--tests/merlin-c14n-three/c14n-3.txt15
-rw-r--r--tests/merlin-c14n-three/c14n-4.txt15
-rw-r--r--tests/merlin-c14n-three/c14n-5.txt15
-rw-r--r--tests/merlin-c14n-three/c14n-6.txt1
-rw-r--r--tests/merlin-c14n-three/c14n-7.txt1
-rw-r--r--tests/merlin-c14n-three/c14n-8.txt15
-rw-r--r--tests/merlin-c14n-three/c14n-9.txt15
-rw-r--r--tests/merlin-c14n-three/signature.xml526
-rw-r--r--tests/merlin-exc-c14n-one/Readme.txt3
-rw-r--r--tests/merlin-exc-c14n-one/exc-signature.tmpl52
-rw-r--r--tests/merlin-exc-c14n-one/exc-signature.xml73
-rw-r--r--tests/merlin-xmldsig-twenty-three/Readme.txt63
-rw-r--r--tests/merlin-xmldsig-twenty-three/certs/badb.derbin0 -> 850 bytes
-rw-r--r--tests/merlin-xmldsig-twenty-three/certs/badb.pem20
-rw-r--r--tests/merlin-xmldsig-twenty-three/certs/balor.derbin0 -> 851 bytes
-rw-r--r--tests/merlin-xmldsig-twenty-three/certs/balor.pem20
-rw-r--r--tests/merlin-xmldsig-twenty-three/certs/bres.pem20
-rw-r--r--tests/merlin-xmldsig-twenty-three/certs/ca.derbin0 -> 862 bytes
-rw-r--r--tests/merlin-xmldsig-twenty-three/certs/ca.pem20
-rw-r--r--tests/merlin-xmldsig-twenty-three/certs/lugh-cert.derbin0 -> 851 bytes
-rw-r--r--tests/merlin-xmldsig-twenty-three/certs/lugh-cert.pem20
-rw-r--r--tests/merlin-xmldsig-twenty-three/certs/lugh.derbin0 -> 442 bytes
-rw-r--r--tests/merlin-xmldsig-twenty-three/certs/lugh.pem12
-rw-r--r--tests/merlin-xmldsig-twenty-three/certs/macha.derbin0 -> 852 bytes
-rw-r--r--tests/merlin-xmldsig-twenty-three/certs/macha.pem20
-rw-r--r--tests/merlin-xmldsig-twenty-three/certs/merlin.derbin0 -> 847 bytes
-rw-r--r--tests/merlin-xmldsig-twenty-three/certs/merlin.pem21
-rw-r--r--tests/merlin-xmldsig-twenty-three/certs/morigu.pem20
-rw-r--r--tests/merlin-xmldsig-twenty-three/certs/nemain.derbin0 -> 852 bytes
-rw-r--r--tests/merlin-xmldsig-twenty-three/certs/nemain.pem20
-rw-r--r--tests/merlin-xmldsig-twenty-three/signature-enveloped-dsa.tmpl22
-rw-r--r--tests/merlin-xmldsig-twenty-three/signature-enveloped-dsa.xml43
-rw-r--r--tests/merlin-xmldsig-twenty-three/signature-enveloping-b64-dsa.tmpl21
-rw-r--r--tests/merlin-xmldsig-twenty-three/signature-enveloping-b64-dsa.xml42
-rw-r--r--tests/merlin-xmldsig-twenty-three/signature-enveloping-dsa.tmpl18
-rw-r--r--tests/merlin-xmldsig-twenty-three/signature-enveloping-dsa.xml39
-rw-r--r--tests/merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1-40.tmpl16
-rw-r--r--tests/merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1-40.xml17
-rw-r--r--tests/merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1.tmpl14
-rw-r--r--tests/merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1.xml15
-rw-r--r--tests/merlin-xmldsig-twenty-three/signature-enveloping-rsa.tmpl18
-rw-r--r--tests/merlin-xmldsig-twenty-three/signature-enveloping-rsa.xml31
-rw-r--r--tests/merlin-xmldsig-twenty-three/signature-external-b64-dsa.tmpl20
-rw-r--r--tests/merlin-xmldsig-twenty-three/signature-external-b64-dsa.xml41
-rw-r--r--tests/merlin-xmldsig-twenty-three/signature-external-dsa.tmpl17
-rw-r--r--tests/merlin-xmldsig-twenty-three/signature-external-dsa.xml38
-rw-r--r--tests/merlin-xmldsig-twenty-three/signature-keyname.tmpl16
-rw-r--r--tests/merlin-xmldsig-twenty-three/signature-keyname.xml17
-rw-r--r--tests/merlin-xmldsig-twenty-three/signature-retrievalmethod-rawx509crt.tmpl16
-rw-r--r--tests/merlin-xmldsig-twenty-three/signature-retrievalmethod-rawx509crt.xml17
-rw-r--r--tests/merlin-xmldsig-twenty-three/signature-x509-crt-crl.tmpl17
-rw-r--r--tests/merlin-xmldsig-twenty-three/signature-x509-crt-crl.xml47
-rw-r--r--tests/merlin-xmldsig-twenty-three/signature-x509-crt.tmpl17
-rw-r--r--tests/merlin-xmldsig-twenty-three/signature-x509-crt.xml38
-rw-r--r--tests/merlin-xmldsig-twenty-three/signature-x509-is.tmpl17
-rw-r--r--tests/merlin-xmldsig-twenty-three/signature-x509-is.xml24
-rw-r--r--tests/merlin-xmldsig-twenty-three/signature-x509-ski.tmpl17
-rw-r--r--tests/merlin-xmldsig-twenty-three/signature-x509-ski.xml21
-rw-r--r--tests/merlin-xmldsig-twenty-three/signature-x509-sn.tmpl17
-rw-r--r--tests/merlin-xmldsig-twenty-three/signature-x509-sn.xml21
-rw-r--r--tests/merlin-xmldsig-twenty-three/signature.tmpl245
-rw-r--r--tests/merlin-xmldsig-twenty-three/signature.xml269
-rw-r--r--tests/merlin-xmlenc-five/Readme.txt117
-rw-r--r--tests/merlin-xmlenc-five/bad-encrypt-content-aes128-cbc-kw-aes192.xml42
-rw-r--r--tests/merlin-xmlenc-five/decryption-transform-except.xml83
-rw-r--r--tests/merlin-xmlenc-five/decryption-transform.xml73
-rw-r--r--tests/merlin-xmlenc-five/dh0.p8bin0 -> 409 bytes
-rw-r--r--tests/merlin-xmlenc-five/dh1.p8bin0 -> 409 bytes
-rw-r--r--tests/merlin-xmlenc-five/dsa.p8bin0 -> 333 bytes
-rw-r--r--tests/merlin-xmlenc-five/encrypt-content-aes128-cbc-kw-aes192.data27
-rw-r--r--tests/merlin-xmlenc-five/encrypt-content-aes128-cbc-kw-aes192.tmpl20
-rw-r--r--tests/merlin-xmlenc-five/encrypt-content-aes128-cbc-kw-aes192.xml45
-rw-r--r--tests/merlin-xmlenc-five/encrypt-content-aes192-cbc-dh-sha512.xml113
-rw-r--r--tests/merlin-xmlenc-five/encrypt-content-aes256-cbc-prop.data27
-rw-r--r--tests/merlin-xmlenc-five/encrypt-content-aes256-cbc-prop.tmpl18
-rw-r--r--tests/merlin-xmlenc-five/encrypt-content-aes256-cbc-prop.xml42
-rw-r--r--tests/merlin-xmlenc-five/encrypt-content-tripledes-cbc.data27
-rw-r--r--tests/merlin-xmlenc-five/encrypt-content-tripledes-cbc.tmpl11
-rw-r--r--tests/merlin-xmlenc-five/encrypt-content-tripledes-cbc.xml35
-rw-r--r--tests/merlin-xmlenc-five/encrypt-data-aes128-cbc.data1
-rw-r--r--tests/merlin-xmlenc-five/encrypt-data-aes128-cbc.tmpl11
-rw-r--r--tests/merlin-xmlenc-five/encrypt-data-aes128-cbc.xml12
-rw-r--r--tests/merlin-xmlenc-five/encrypt-data-aes192-cbc-kw-aes256.data1
-rw-r--r--tests/merlin-xmlenc-five/encrypt-data-aes192-cbc-kw-aes256.tmpl20
-rw-r--r--tests/merlin-xmlenc-five/encrypt-data-aes192-cbc-kw-aes256.xml22
-rw-r--r--tests/merlin-xmlenc-five/encrypt-data-aes256-cbc-kw-tripledes.data1
-rw-r--r--tests/merlin-xmlenc-five/encrypt-data-aes256-cbc-kw-tripledes.tmpl20
-rw-r--r--tests/merlin-xmlenc-five/encrypt-data-aes256-cbc-kw-tripledes.xml22
-rw-r--r--tests/merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p-sha256.xml46
-rw-r--r--tests/merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p.data1
-rw-r--r--tests/merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p.tmpl21
-rw-r--r--tests/merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p.xml43
-rw-r--r--tests/merlin-xmlenc-five/encrypt-element-aes128-cbc-rsa-1_5.data27
-rw-r--r--tests/merlin-xmlenc-five/encrypt-element-aes128-cbc-rsa-1_5.tmpl19
-rw-r--r--tests/merlin-xmlenc-five/encrypt-element-aes128-cbc-rsa-1_5.xml63
-rw-r--r--tests/merlin-xmlenc-five/encrypt-element-aes192-cbc-ref.data36
-rw-r--r--tests/merlin-xmlenc-five/encrypt-element-aes192-cbc-ref.xml42
-rw-r--r--tests/merlin-xmlenc-five/encrypt-element-aes256-cbc-carried-kw-aes256.xml57
-rw-r--r--tests/merlin-xmlenc-five/encrypt-element-aes256-cbc-kw-aes256-dh-ripemd160.xml122
-rw-r--r--tests/merlin-xmlenc-five/encrypt-element-aes256-cbc-retrieved-kw-aes256.data40
-rw-r--r--tests/merlin-xmlenc-five/encrypt-element-aes256-cbc-retrieved-kw-aes256.xml47
-rw-r--r--tests/merlin-xmlenc-five/encrypt-element-tripledes-cbc-kw-aes128.data27
-rw-r--r--tests/merlin-xmlenc-five/encrypt-element-tripledes-cbc-kw-aes128.tmpl20
-rw-r--r--tests/merlin-xmlenc-five/encrypt-element-tripledes-cbc-kw-aes128.xml43
-rw-r--r--tests/merlin-xmlenc-five/encsig-hmac-sha256-dh.xml98
-rw-r--r--tests/merlin-xmlenc-five/encsig-hmac-sha256-kw-tripledes-dh.xml108
-rw-r--r--tests/merlin-xmlenc-five/encsig-hmac-sha256-rsa-1_5.xml46
-rw-r--r--tests/merlin-xmlenc-five/encsig-hmac-sha256-rsa-oaep-mgf1p.xml51
-rw-r--r--tests/merlin-xmlenc-five/encsig-ripemd160-hmac-ripemd160-kw-tripledes.tmpl25
-rw-r--r--tests/merlin-xmlenc-five/encsig-ripemd160-hmac-ripemd160-kw-tripledes.xml27
-rw-r--r--tests/merlin-xmlenc-five/encsig-sha256-hmac-sha256-kw-aes128.xml27
-rw-r--r--tests/merlin-xmlenc-five/encsig-sha384-hmac-sha384-kw-aes192.xml27
-rw-r--r--tests/merlin-xmlenc-five/encsig-sha512-hmac-sha512-kw-aes256.xml28
-rw-r--r--tests/merlin-xmlenc-five/ids.p12bin0 -> 499 bytes
-rw-r--r--tests/merlin-xmlenc-five/keys.xml42
-rw-r--r--tests/merlin-xmlenc-five/plaintext.xml24
-rw-r--r--tests/merlin-xmlenc-five/rsa.p8bin0 -> 312 bytes
-rw-r--r--tests/merlin-xmlenc-five/rsapriv.derbin0 -> 609 bytes
-rw-r--r--tests/merlin-xmlenc-five/rsapriv.p12bin0 -> 2140 bytes
-rw-r--r--tests/merlin-xmlenc-five/rsapriv.p8-derbin0 -> 677 bytes
-rw-r--r--tests/merlin-xmlenc-five/rsapriv.p8-pem17
-rw-r--r--tests/merlin-xmlenc-five/rsapriv.pem15
-rw-r--r--tests/merlin-xmlenc-five/rsapub.pem6
-rw-r--r--tests/merlin-xpath-filter2-three/Readme.txt23
-rw-r--r--tests/merlin-xpath-filter2-three/sign-spec-c14n-0.txt11
-rw-r--r--tests/merlin-xpath-filter2-three/sign-spec-c14n-1.txt0
-rw-r--r--tests/merlin-xpath-filter2-three/sign-spec-c14n-2.txt25
-rw-r--r--tests/merlin-xpath-filter2-three/sign-spec.tmpl50
-rw-r--r--tests/merlin-xpath-filter2-three/sign-spec.xml122
-rw-r--r--tests/merlin-xpath-filter2-three/sign-xfdl-c14n-0.txt3986
-rw-r--r--tests/merlin-xpath-filter2-three/sign-xfdl.tmpl4153
-rw-r--r--tests/merlin-xpath-filter2-three/sign-xfdl.xml4225
-rw-r--r--tests/nss.supp220
-rw-r--r--tests/nssdb/cert8.dbbin0 -> 65536 bytes
-rw-r--r--tests/nssdb/key3.dbbin0 -> 16384 bytes
-rw-r--r--tests/nssdb/secmod.dbbin0 -> 16384 bytes
-rw-r--r--tests/openssl.supp63
-rw-r--r--tests/phaos-xmldsig-three/README.txt248
-rw-r--r--tests/phaos-xmldsig-three/certs/crl.derbin0 -> 418 bytes
-rw-r--r--tests/phaos-xmldsig-three/certs/dsa-ca-cert.derbin0 -> 911 bytes
-rw-r--r--tests/phaos-xmldsig-three/certs/dsa-cert.derbin0 -> 915 bytes
-rw-r--r--tests/phaos-xmldsig-three/certs/enc-dsa-key.derbin0 -> 374 bytes
-rw-r--r--tests/phaos-xmldsig-three/certs/enc-rsa-key.derbin0 -> 678 bytes
-rw-r--r--tests/phaos-xmldsig-three/certs/hmackey.bin1
-rw-r--r--tests/phaos-xmldsig-three/certs/rsa-ca-cert.derbin0 -> 722 bytes
-rw-r--r--tests/phaos-xmldsig-three/certs/rsa-cert.derbin0 -> 724 bytes
-rw-r--r--tests/phaos-xmldsig-three/document-stylesheet.xml7
-rw-r--r--tests/phaos-xmldsig-three/document.b644
-rw-r--r--tests/phaos-xmldsig-three/document.xml6
-rw-r--r--tests/phaos-xmldsig-three/document.xsl45
-rw-r--r--tests/phaos-xmldsig-three/signature-big.xml39
-rw-r--r--tests/phaos-xmldsig-three/signature-dsa-detached.xml1
-rw-r--r--tests/phaos-xmldsig-three/signature-dsa-enveloped.xml6
-rw-r--r--tests/phaos-xmldsig-three/signature-dsa-enveloping.xml6
-rw-r--r--tests/phaos-xmldsig-three/signature-dsa-manifest.xml1
-rw-r--r--tests/phaos-xmldsig-three/signature-hmac-md5-c14n-enveloping.xml6
-rw-r--r--tests/phaos-xmldsig-three/signature-hmac-sha1-40-c14n-comments-detached.xml1
-rw-r--r--tests/phaos-xmldsig-three/signature-hmac-sha1-40-exclusive-c14n-comments-detached.xml1
-rw-r--r--tests/phaos-xmldsig-three/signature-hmac-sha1-exclusive-c14n-comments-detached.xml1
-rw-r--r--tests/phaos-xmldsig-three/signature-hmac-sha1-exclusive-c14n-enveloped.xml6
-rw-r--r--tests/phaos-xmldsig-three/signature-rsa-detached-b64-transform.xml1
-rw-r--r--tests/phaos-xmldsig-three/signature-rsa-detached-xpath-transform.xml1
-rw-r--r--tests/phaos-xmldsig-three/signature-rsa-detached-xslt-transform-bad-retrieval-method.xml6
-rw-r--r--tests/phaos-xmldsig-three/signature-rsa-detached-xslt-transform-retrieval-method.xml39
-rw-r--r--tests/phaos-xmldsig-three/signature-rsa-detached-xslt-transform.xml39
-rw-r--r--tests/phaos-xmldsig-three/signature-rsa-detached.xml1
-rw-r--r--tests/phaos-xmldsig-three/signature-rsa-enveloped-bad-digest-val.xml6
-rw-r--r--tests/phaos-xmldsig-three/signature-rsa-enveloped-bad-sig.xml6
-rw-r--r--tests/phaos-xmldsig-three/signature-rsa-enveloped.xml6
-rw-r--r--tests/phaos-xmldsig-three/signature-rsa-enveloping.xml6
-rw-r--r--tests/phaos-xmldsig-three/signature-rsa-manifest-x509-data-cert-chain.xml1
-rw-r--r--tests/phaos-xmldsig-three/signature-rsa-manifest-x509-data-cert.xml1
-rw-r--r--tests/phaos-xmldsig-three/signature-rsa-manifest-x509-data-issuer-serial.xml1
-rw-r--r--tests/phaos-xmldsig-three/signature-rsa-manifest-x509-data-ski.xml1
-rw-r--r--tests/phaos-xmldsig-three/signature-rsa-manifest-x509-data-subject-name.xml1
-rw-r--r--tests/phaos-xmldsig-three/signature-rsa-manifest.xml1
-rw-r--r--tests/phaos-xmldsig-three/signature-rsa-xpath-transform-enveloped.xml6
-rw-r--r--tests/phaos-xmldsig-three/signature-rsa-~x509-data-crl.xml1
-rwxr-xr-xtests/testDSig.sh875
-rwxr-xr-xtests/testEnc.sh411
-rwxr-xr-xtests/testKeys.sh69
-rwxr-xr-xtests/testRes.sh20
-rwxr-xr-xtests/testXKMS.sh129
-rwxr-xr-xtests/testrun.sh443
-rw-r--r--tests/xmldsig2ed-tests/c14n11/xml-base-input.xml17
-rw-r--r--tests/xmldsig2ed-tests/defCan-1.tmpl2
-rw-r--r--tests/xmldsig2ed-tests/defCan-1.xml2
-rw-r--r--tests/xmldsig2ed-tests/defCan-2.tmpl2
-rw-r--r--tests/xmldsig2ed-tests/defCan-2.xml2
-rw-r--r--tests/xmldsig2ed-tests/defCan-3.tmpl2
-rw-r--r--tests/xmldsig2ed-tests/defCan-3.xml2
-rw-r--r--tests/xmldsig2ed-tests/xpointer-1-SUN.xml21
-rw-r--r--tests/xmldsig2ed-tests/xpointer-2-SUN.xml21
-rw-r--r--tests/xmldsig2ed-tests/xpointer-3-SUN.xml21
-rw-r--r--tests/xmldsig2ed-tests/xpointer-4-SUN.xml21
-rw-r--r--tests/xmldsig2ed-tests/xpointer-5-SUN.xml21
-rw-r--r--tests/xmldsig2ed-tests/xpointer-6-SUN.xml21
-rw-r--r--win32/Makefile.msvc699
-rw-r--r--win32/README.txt168
-rw-r--r--win32/configure.js395
-rw-r--r--win32/libxmlsec.def.src25
-rw-r--r--win32/mycfg.bat21
-rw-r--r--xmlsec-config.in243
-rw-r--r--xmlsec-gcrypt.pc.in11
-rw-r--r--xmlsec-gnutls.pc.in11
-rw-r--r--xmlsec-nss.pc.in11
-rw-r--r--xmlsec-openssl.pc.in11
-rw-r--r--xmlsec.pc.in11
-rw-r--r--xmlsec.spec.in185
-rw-r--r--xmlsec1-config243
-rw-r--r--xmlsec1-gcrypt.pc11
-rw-r--r--xmlsec1-gnutls.pc11
-rw-r--r--xmlsec1-nss.pc11
-rw-r--r--xmlsec1-openssl.pc11
-rw-r--r--xmlsec1.m4172
-rw-r--r--xmlsec1.pc11
-rw-r--r--xmlsec1.spec185
-rw-r--r--xmlsec1Conf.sh13
-rw-r--r--xmlsecConf.sh.in13
960 files changed, 257524 insertions, 0 deletions
diff --git a/AUTHORS b/AUTHORS
new file mode 100644
index 00000000..3003d13e
--- /dev/null
+++ b/AUTHORS
@@ -0,0 +1,8 @@
+Aleksey Sanin <aleksey@aleksey.com>
+
+Windows port: Igor Zlatkovic <igor@stud.fh-frankfurt.de>
+Debian port: John Belmonte <jvb@prairienet.org>
+xmlsec-nss: Tej Arora <tej@netscape.com>, AOL Inc.
+xmlsec-mscrypto: Wouter Ketting <wsh@xs4all.nl>, Cordys R&D BV
+GOST support: Dmitry Belyavsky <beldmit@cryptocom.ru>, Cryptocom LTD (http://www.cryptocom.ru)
+
diff --git a/COPYING b/COPYING
new file mode 100644
index 00000000..23e43728
--- /dev/null
+++ b/COPYING
@@ -0,0 +1,105 @@
+xmlsec, xmlsec-openssl, xmlsec-gnutls, xmlsec-gcrypt libraries
+------------------------------------------------------------------------------
+
+Copyright (C) 2002-2010 Aleksey Sanin. All Rights Reserved.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is fur-
+nished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FIT-
+NESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ALEKSEY SANIN BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CON-
+NECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of Aleksey Sanin shall not
+be used in advertising or otherwise to promote the sale, use or other deal-
+ings in this Software without prior written authorization from him.
+
+
+xmlsec-nss library
+------------------------------------------------------------------------------
+Copyright (C) 2002-2010 Aleksey Sanin. All Rights Reserved.
+Copyright (c) 2003 America Online, Inc. All rights reserved.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is fur-
+nished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+Portions of the Software were created using source code and/or APIs
+governed by the Mozilla Public License (MPL). The MPL is available
+at http://www.mozilla.org/MPL/MPL-1.1.html. The MPL permits such
+portions to be distributed with code not governed by MPL, as long
+as the requirements of MPL are fulfilled for such portions.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FIT-
+NESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ALEKSEY SANIN BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CON-
+NECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of Aleksey Sanin shall not
+be used in advertising or otherwise to promote the sale, use or other deal-
+ings in this Software without prior written authorization from him.
+
+
+xmlsec-mscrypto library
+------------------------------------------------------------------------------
+
+Copyright (C) 2002-2010 Aleksey Sanin. All Rights Reserved.
+Copyright (C) 2003 Cordys R&D BV, All rights reserved.
+Copyright (C) 2007 Roumen Petrov.
+Copyright (c) 2005-2006 Cryptocom LTD (http://www.cryptocom.ru).
+
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is fur-
+nished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FIT-
+NESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ALEKSEY SANIN BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CON-
+NECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of Aleksey Sanin shall not
+be used in advertising or otherwise to promote the sale, use or other deal-
+ings in this Software without prior written authorization from him.
+
+
+
+References
+------------------------------------------------------------------------------
+
+* AOL
+http://www.aleksey.com/pipermail/xmlsec/2003/005488.html
+http://www.aleksey.com/pipermail/xmlsec/attachments/20030729/0e25648e/attachment.htm
+
+* Cordys R&D BV
+http://www.aleksey.com/pipermail/xmlsec/2003/005581.html
+
+* Cryptocom LTD
+http://www.aleksey.com/pipermail/xmlsec/2006/007410.html
+
diff --git a/ChangeLog b/ChangeLog
new file mode 100644
index 00000000..7941b6be
--- /dev/null
+++ b/ChangeLog
@@ -0,0 +1,1810 @@
+2011-05-11 Aleksey Sanin <aleksey@aleksey.com>
+ * 1.2.18 release
+
+2011-05-01 Aleksey Sanin <aleksey@aleksey.com>
+ * Fixed crasher in 64 bit (reported by Roumen)
+
+2011-03-31 Aleksey Sanin <aleksey@aleksey.com>
+ * 1.2.17 release
+
+2011-03-30 Aleksey Sanin <aleksey@aleksey.com>
+ * Preparations for 1.2.17 release
+
+2011-03-29 Aleksey Sanin <aleksey@aleksey.com>
+ * Fixed security issue with libxslt (CVE-2011-1425, reported by Nicolas Gregoire)
+
+2011-02-05 Aleksey Sanin <aleksey@aleksey.com>
+ * Fixed pkcs12 file loading (based on patch from Andre de Souza Pinto)
+
+2010-11-23 Aleksey Sanin <aleksey@aleksey.com>
+ * Fixed comments (based on patch from Wolfgang Woehl)
+
+2010-11-09 Aleksey Sanin <aleksey@aleksey.com>
+ * Fixed extra quotes in configure (bug #631258)
+
+2010-07-19 Aleksey Sanin <aleksey@aleksey.com>
+ * Fixed configure issue with empty --with-libxml/libxsl and config scripts in /bin directory
+
+2010-06-27 Aleksey Sanin <aleksey@aleksey.com>
+ * Fixed gcrypt init/shutdown (patch from Roumen)
+
+2010-04-25 Aleksey Sanin <aleksey@aleksey.com>
+ * 1.2.16 release
+
+2010-04-24 Aleksey Sanin <aleksey@aleksey.com>
+ * Preparation for 1.2.16 release
+
+2010-05-23 Aleksey Sanin <aleksey@aleksey.com>
+ * Added X509Data support to xmlsec-gnutls
+
+2010-05-12 Aleksey Sanin <aleksey@aleksey.com>
+ * Several patches from Roumen: support NSS/NSPR from seamonkey
+ package; reorder libxmlsec as dep. lib for mingw; fix gcrypt/src/asn1.h
+ include; fix Unicode build for mingw
+ * Added RSA/SHA1/SHA256/SHA384/SHA512/MD5/RIPEMD160 for xmlsec-gnutls
+ * Added DSA/SHA1 for xmlsec-gnutls
+
+2010-05-10 Aleksey Sanin <aleksey@aleksey.com>
+ * Added RSA/SHA1/SHA256/SHA384/SHA512/MD5/RIPEMD160 for xmlsec-gcrypt
+ * Added DSA/SHA1 for xmlsec-gcrypt
+
+2010-05-09 Aleksey Sanin <aleksey@aleksey.com>
+ * Added DES KW support for xmlsec-mscrypto
+ * Added DES KW support for xmlsec-gnutls
+ * Separated xmlsec-gnutls and xmlsec-gcrypt libraries
+
+2010-05-08 Aleksey Sanin <aleksey@aleksey.com>
+ * Added AES KW support for xmlsec-mscrypto
+ * Added AES KW support for xmlsec-gnutls
+
+2010-04-30 Aleksey Sanin <aleksey@aleksey.com>
+ * Added RSA/OAEP support for xmlsec-mscrypto
+
+2010-04-29 Aleksey Sanin <aleksey@aleksey.com>
+ * 1.2.15 release
+
+2010-04-28 Aleksey Sanin <aleksey@aleksey.com>
+ * Preparation for 1.2.15 release
+
+2010-04-27 Aleksey Sanin <aleksey@aleksey.com>
+ * Converted xmlsec-mscrypto to unicode and provided a compile time
+ option to switch between unicode/non-unicode builds
+ * Deleted support for old gnutls, new required version 2.8.0
+ * Added SHA256/384/512 support for xmlsec-gnutls
+
+2010-04-26 Aleksey Sanin <aleksey@aleksey.com>
+ * Added support for HMAC with MD5, SHA1, SHA256/384/512 in xmlsec-mscrypto
+ * Added support for MD5 RSA/MD5 in xmlsec-mscrypto
+
+2010-04-25 Aleksey Sanin <aleksey@aleksey.com>
+ * Added support for SHA256/384/512 for digest, HMAC and RSA in xmlsec-nss
+ (requires nss 3.8 + nspr 4.3 or greater)
+ * Added support for MD5 for digest and RSA in xmlsec-nss
+ * Minor fixes to xmlsec-nss (xmlsec bug #118630), bumping nss min
+ version to 3.9 + nspr 4.4.1 or greater
+ Other minor fixes for xmlsec-nss
+
+2010-04-24 Aleksey Sanin <aleksey@aleksey.com>
+ * Fix PK_CONFIG problem (reported by Roumen)
+ * Enable --crypto for transform checks
+
+2010-04-23 Aleksey Sanin <aleksey@aleksey.com>
+ * Enable RSA/SHA2 support in xmlsec-mscrypto
+ * Misc. cleanups in xmlsec-mscrypto
+ * Fix PK_CONFIG problem (reported by Roumen)
+ * Fix DSA support in xmlsec-nss (https://bugzilla.mozilla.org/show_bug.cgi?id=561598)
+
+2010-04-23 Aleksey Sanin <aleksey@aleksey.com>
+ * Fix search for certificates with UTF-8 subject on Windows in xmlsec-mscrypto
+ * Remove spaces at the end of lines
+
+2010-04-22 Aleksey Sanin <aleksey@aleksey.com>
+ * Fix search for certificates with Unicode subject on Windows in xmlsec-mscrypto
+ * Copy *.manifest files to installation for Windows builds
+ * Convert tabs to spaces
+
+2010-04-21 Aleksey Sanin <aleksey@aleksey.com>
+ * Fix key name conversion to unicode problem in xmlsec-mscrypto
+
+2010-04-20 Aleksey Sanin <aleksey@aleksey.com>
+ * Fix compile warnings in xmlsec-openssl
+ * Fix linking order issue (based on patch from Roumen)
+
+2010-03-30 Aleksey Sanin <aleksey@aleksey.com>
+ * Fix typo Copyrigth -> Copyright
+ * Add xmlsec-mscrypto to the top level copyright file
+ * Refresh the copyright date to 2010
+ * Add references to licenses
+
+2010-03-18 Aleksey Sanin <aleksey@aleksey.com>
+ * Ensure we have only one copy of key's cert after reading pkcs12
+ from openssl
+
+2010-01-13 Aleksey Sanin <aleksey@aleksey.com>
+ * Fix valgrind's invalid read with chained XPath transforms (based
+ on patch from Frank Gross).
+
+2009-09-05 Aleksey Sanin <aleksey@aleksey.com>
+ * preparation for 1.2.14 release
+
+2009-11-05 Aleksey Sanin <aleksey@aleksey.com>
+ * Use installed ltdl on *nix and native code on Windows
+
+2009-10-25 Aleksey Sanin <aleksey@aleksey.com>
+ * Fix --with-libxslt-src (patch from Roumen)
+
+2009-09-12 Aleksey Sanin <aleksey@aleksey.com>
+ * Preparation for 1.2.13 release
+
+2009-08-24 Aleksey Sanin <aleksey@aleksey.com>
+ * Fix XML dump format
+
+2009-08-06 Aleksey Sanin <aleksey@aleksey.com>
+ * fix build for openssl 1.0 (based on patch from Roumen Petrov)
+ * cleanup test invocation scripts
+ * cleanup configure.in
+
+2009-07-29 Aleksey Sanin <aleksey@aleksey.com>
+ * fix a couple minor issues (based on patch from Arfrever
+ Frehtes Taifersar Arahesis)
+
+2009-07-17 Aleksey Sanin <aleksey@aleksey.com>
+ * preparation for 1.2.13 release
+
+2009-07-14 Aleksey Sanin <aleksey@aleksey.com>
+ * increase default min hmac size to 80 bits
+ * added support for --with-libxml-src and --with-libxslt-src
+ ./configure options
+
+2009-06-25 Aleksey Sanin <aleksey@aleksey.com>
+ * implemented c14n 1.1 transform + tests
+
+2009-06-15 Aleksey Sanin <aleksey@aleksey.com>
+ * configure.in docs/download.html docs/index.html docs/news.html
+ include/xmlsec/version.h: preparation for new 1.2.12 release
+
+2009-06-15 Aleksey Sanin <aleksey@aleksey.com>
+ * added support for the GOST implemented by Russian Crypto Pro CSP
+ (patch from Dennis Prochko)
+
+2009-06-15 Aleksey Sanin <aleksey@aleksey.com>
+ * fixed HMAC vuln with small values of HMAC length
+
+2009-06-13 Aleksey Sanin <aleksey@aleksey.com>
+ * fixing gnutls detection (bug #585629)
+
+2009-06-09 Aleksey Sanin <aleksey@aleksey.com>
+ * update SVN to GIT references in docs
+
+2009-06-09 Aleksey Sanin <aleksey@aleksey.com>
+ * adding configurable Base64 line length
+
+2008-09-10 Aleksey Sanin <aleksey@aleksey.com>
+ * fixing bug #501315 (patch from Antony Dovgal)
+
+2008-08-26 Aleksey Sanin <aleksey@aleksey.com>
+ * apps/xmlsec.c: fix integer division (patch from Mikhail)
+
+2008-06-10 Aleksey Sanin <aleksey@aleksey.com>
+ * src/mscrypto/x509.c src/openssl/x509.c src/nss/x509.c: fix crash
+ in the error reporting (based on patch from Frank Gross)
+
+2008-06-04 Aleksey Sanin <aleksey@aleksey.com>
+ * src/templates.c src/keyinfo.c src/xmltree.c src/mscrypto/x509.c
+ src/openssl/x509.c src/nss/x509.c include/xmlsec/xmltree.h:
+ added new function xmlSecNodeEncodeAndSetContent for encoding
+ special chars in the node content (bug reported by Cliff Hones)
+
+2008-06-04 Aleksey Sanin <aleksey@aleksey.com>
+ * src/xmltree.c, src/xmlenc.c, include/xmlsec/xmltree.h, include/xmlsec/xmlenc.h:
+ add an option to return the replaced (encrypted) node(s) to the caller
+ (based on the patch from Frank Gross)
+
+2008-05-23 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/mscrypto/app.c: fix MS certificates ref counting
+
+2007-11-06 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in docs/download.html docs/index.html docs/news.html
+ include/xmlsec/version.h: preparation for new 1.2.11 release
+
+2007-07-19 Aleksey Sanin <aleksey@aleksey.com>
+
+ * bug #454397 - mingw build: added missing files
+
+2007-07-19 Aleksey Sanin <aleksey@aleksey.com>
+
+ * bug #454397 - mingw build: normal way to pass def file to linker
+ (patch from Roumen Petrov)
+
+2007-07-17 Aleksey Sanin <aleksey@aleksey.com>
+
+ * bug #454397 - mingw build: (cross-compilation) and several
+ minor cleanups (patch from Roumen Petrov)
+
+2007-06-16 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in: configure fixes (patch from Roumen Petrov)
+
+2007-06-06 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/mscrypto/*: better support for non micorsoft CSP's (patch from
+ Wouter and Ed Shallow)
+
+2007-02-12 Aleksey Sanin <aleksey@aleksey.com>
+
+ * Makefile.am xmlsec1.m4: automake macro for xmlsec1 (from Heiko Ronsdorf)
+
+2006-09-04 Aleksey Sanin <aleksey@aleksey.com>
+
+ * include/xmlsec/openssl/app.h src/openssl/app.c src/openssl/x509vfy.c:
+ added xmlSecOpenSSLAppKeysMngrAddCertsFile() function
+ (David Norrel)
+
+2006-08-15 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/openssl/x509vfy.c: fixed loading certs from a directory
+ during openssl x509 store init (based on idea from David Norrel)
+
+2006-06-12 Aleksey Sanin <aleksey@aleksey.com>
+
+ * include/xmlsec/templates.h, src/templates.c, src/xmltree.c:
+ support for custom namespaces prefixes for xmldisg namespace
+ (based on patch from Barry Ferg)
+
+2006-06-12 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in docs/download.html docs/index.html docs/news.html
+ include/xmlsec/version.h: preparation for new 1.2.10 release
+
+2006-06-12 Aleksey Sanin <aleksey@aleksey.com>
+
+ * xmlsec-config.in: lib64/ folder patch from Daniel
+
+2006-06-08 Aleksey Sanin <aleksey@aleksey.com>
+
+ * config.h.in configure.in xmlsec-nss.pc.in: support different
+ packages for NSPR/NSS
+
+2006-05-20 Aleksey Sanin <aleksey@aleksey.com>
+ Added xmlSecOpenSSLX509StoreAdoptCrl() function
+
+2006-03-10 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/nss/app.c, src/openssl/x509vfy.c, src/xmldsig.c,
+ src/xmlsec-ltdl.c, src/xmlsec-ltdl.patch: cleanup Coverity
+ complaints
+
+2006-02-26 Aleksey Sanin <aleksey@aleksey.com>
+ * apps/xmlsec.c tests/testDSig.sh: added an ability to skip
+ tests for transforms not available in given built
+ * tests/: added GOST test from Dmitry Belyavsky
+
+2006-02-16 Aleksey Sanin <aleksey@aleksey.com>
+ * src/mscrypto/certkeys.c: fixed memleak in msrypto
+
+2006-02-14 Aleksey Sanin <aleksey@aleksey.com>
+ * include/xmlsec/mscrypto/x509.h src/mscrypto/x509vfy.h:
+ added an option for disabling system trusted certs
+ for mscrypto store (based on patch from Dmitry Belyavsky)
+
+2006-02-10 Aleksey Sanin <aleksey@aleksey.com>
+ * authors docs/authors.html
+ include/xmlsec/app.h include/xmlsec/private.h
+ include/xmlsec/strings.h include/xmlsec/mscrypto/crypto.h
+ include/xmlsec/mscrypto/symbols.h src/app.c src/dl.c
+ src/strings.c src/transforms.c src/mscrypto/certkeys.c
+ src/mscrypto/crypto.c src/mscrypto/digests.c
+ src/mscrypto/signatures.c src/skeleton/crypto.c:
+ added support for GOST94 for digests and
+ GOST 2001 keys/signatures: mscrypto only (patch from
+ Dmitry Belyavsky)
+
+2005-12-20 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/mscrypto/x509vfy.c: check MSCrypto store for certs
+ (patch from Dmitry Belyavsky); replace tabs with spaces
+
+2005-12-15 Aleksey Sanin <aleksey@aleksey.com>
+
+ * include/xmlsec/templates.h src/templates.c: functions
+ for adding X509IssuerName and X509SerialNumber nodes
+ to the template (patch from Dmitry Belyavsky)
+
+2005-11-14 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in: fixing shrext vs. shrext_cmds conflict
+
+2005-09-25 Aleksey Sanin <aleksey@aleksey.com>
+ * src/nss/pkikeys.c: fixing xmlsec-nss crash
+ * configure.in: change crypto libs order to be openssl/nss/gnutls
+
+2005-07-12 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in docs/download.html docs/index.html docs/news.html:
+ preparation for new 1.2.9 release
+
+2005-07-12 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/xmltree.c: fixing a problem with namespaces in the
+ nodes created by "template" functions
+
+2005-07-10 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/openssl/evp.c: added hack from Erwann ABALEA:
+ OpenSSL ENGINE keys are always private since we can't query
+ engine and do real check
+
+2005-07-10 Aleksey Sanin <aleksey@aleksey.com>
+
+ * docs/* include/* src/* tests/*: added support for
+ RSA-MD5/RIPEMD160/SHA224/SHA256/SHA384/SHA512 for OpenSSL 0.9.8
+
+2005-07-10 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in docs/ include/ src/ tests/: implemented
+ SHA224/256/384/512, HMAC-SHA224/256/384/512, MD5 for OpenSSL 0.9.8
+
+2005-07-10 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in docs/xmldsig.html docs/xmlenc.html
+ include/xmlsec/app.h include/xmlsec/private.h include/xmlsec/strings.h
+ include/xmlsec/openssl/crypto.h include/xmlsec/openssl/symbols.h
+ src/app.c src/dl.c src/strings.c: preparations for SHA224/256/384/512
+ and friends
+
+2005-07-09 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in tests/aleksey-xmldsig-01/* tests/keys/*
+ tests/merlin-xmldsig-twenty-three/signature.tmpl
+ tests/testDSig.sh: updating test certificates for picky
+ OpenSSL 0.9.8
+
+
+2005-07-08 Aleksey Sanin <aleksey@aleksey.com>
+ * configure.in src/openssl/x509vfy.c: initial support
+ for OpenSSL 0.9.8
+
+2005-05-12 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/openssl/app.c: fixed "disable-x509" build option
+ (patch from Bernd Becker)
+
+2005-05-11 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/openssl/signatures.c: fixed "disable-dsa" build option
+ (patch from Bernd Becker)
+
+Wed 6 Apr 2005 00:18:21 CEST Igor Zlatkovic <igor@zlatkovic.com>
+
+ * .cvsignore: added Eclipse project files
+
+2005-03-31 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/xmltree.c: fixing warning from Solaris (bug #172201)
+
+2005-03-30 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in docs/download.html docs/index.html docs/news.html
+ include/xmlsec/version.h: preparing new release 1.2.8
+
+Tue 22 Mar 2005 20:10:19 CET Igor Zlatkovic <igor@zlatkovic.com>
+
+ * apps/xmlsec.c: changed the type of the --depth parameter to
+ number.
+
+2005-03-06 Aleksey Sanin <aleksey@aleksey.com>
+
+ * include/xmlsec/nss/crypto.h src/nss/Makefile.am src/nss/crypto.c
+ src/nss/keytrans.c src/nss/kt_rsa.c: better rsa pkcs transform
+ using nss wrap/unwrap code (based on the OO.org patch)
+
+2005-03-06 Aleksey Sanin <aleksey@aleksey.com>
+
+ * include/xmlsec/nss/crypto.h src/nss/app.c
+ src/nss/crypto.c src/nss/x509.c: fixed nss initialization
+ problem
+
+2005-03-05 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/nss/pkikeys.c: check that input public and private
+ keys have the same type (based on the OO.org patch)
+
+2005-03-05 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/nss/digests.c src/nss/hmac.c src/nss/pkikeys.c
+ src/nss/signatures.c src/nss/x509.c src/nss/x509vfy.c:
+ print more detailed error message (based on the OO.org patch)
+
+2005-03-04 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/mscrypto/x509vfy.c: fixed cert search (based on the OO.org patch)
+
+2005-03-01 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/mscrypto/app.c: added stubs for adding keys to mscrypto
+ keys manager from ms key handle
+
+2005-02-28 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/mscrypto/certkeys.c: WinNT 4.0 support (based on the OO.org patch)
+
+2005-02-28 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/mscrypto/certkeys.c: preparation for WinNT 4.0 support
+
+2005-02-28 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/mscrypto/x509.c: enable private key search for
+ a given certificate (based on the OO.org patch)
+
+2005-02-27 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/mscrypto/certkeys.c: use default context when
+ getting public key from a cert (based on the OO.org patch)
+ * src/mscrypto/x509vfy.c: search both trusted and untrusted
+ cert stores when cert with given parameters is needed or
+ when certs chain is constructed (based on the OO.org patch)
+
+2005-02-27 Aleksey Sanin <aleksey@aleksey.com>
+
+ * include/xmlsec/mscrypto/app.h include/xmlsec/mscrypto/x509.h
+ src/mscrypto/app.c src/mscrypto/x509vfy.c:
+ added function to add custom MS cert stores
+ to the xmlsec-mscrypto default keys manager
+ (based on the OO.org patch).
+
+2005-02-22 Aleksey Sanin <aleksey@aleksey.com>
+
+ * docs/*: updated docs
+
+2005-02-22 Aleksey Sanin <aleksey@aleksey.com>
+
+ * docs/index.html docs/news.html include/xmlsec/templates.h
+ src/templates.c: added functions to create <X509Data/> node
+ children in the signature template
+
+2005-02-22 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/bn.c src/mscrypto/crypto.c src/mscrypto/x509.c
+ src/mscrypto/x509vfy.c tests/testDSig.sh
+ tests/aleksey-xmldsig-01/x509data-sn-test.tmpl
+ tests/aleksey-xmldsig-01/x509data-sn-test.xml
+ tests/keys/README tests/keys/*: support for
+ negative serial numbers, mscrypto cleanup
+
+2005-02-21 Aleksey Sanin <aleksey@aleksey.com>
+
+ * docs/* docs/api/* man/*: updated docs
+
+2005-02-21 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in, docs/download.html, docs/index.html, docs/news.html,
+ include/xmlsec/version.h: preparing new release 1.2.7
+
+2005-01-26 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/bn.c: fixed xmlSecBnFromString function (patch from Michael Mi)
+
+2004-11-08 Aleksey Sanin <aleksey@aleksey.com>
+
+ * include/xmlsec/keysmngr.h src/keysmngr.c: added
+ xmlSecSimpleKeysStoreGetKeys() function
+
+2004-11-07 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/xmltree.c: fixed xmlSecGenerateID
+
+2004-10-27 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/dl.c: set dl memory functions before initialization (from
+ Daniel Vogelheim patch)
+
+2004-10-14 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/openssl/x509vfy.c: fixed bug #155329 (parsing quoted values
+ in the certificate subject)
+
+2004-09-18 Aleksey Sanin <aleksey@aleksey.com>
+ * config.h.in configure.in inlude/xmlsec/private.h src/xmltree.c:
+ use xmlParseInNodeContext function to parse encrypted text in
+ xmlSecReplaceNodeBuffer, this bumps libxml2 requirements to 2.6.12
+ (bug #142358)
+
+2004-08-25 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in docs/download.html docs/index.html
+ docs/news.html include/xmlsec/version.h: preparing
+ new release
+
+2004-06-21 Aleksey Sanin <aleksey@aleksey.com>
+
+ * include/xmlsec/app.h include/xmlsec/gnutls/app.h
+ src/app.c src/gnutls/app.c src/skeleton/app.c: added functions
+ to load keys and certificates from memory (Bernd Becker)
+
+2004-06-21 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/bn.c: keep a '0' character when we remove '0' from the beggining
+
+2004-06-17 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/xmlenc.c: added NULL check
+ * src/xmltree.c: fixed memory leak
+
+2004-06-16 Aleksey Sanin <aleksey@aleksey.com>
+
+ * Fixed xmlSecTmplNodeWriteNsList() function
+
+2004-06-09 Igor Zlatkovic <igor@zlatkovic.com>
+
+ * win32/configure.js win32/Makefile.* minor changes for the new
+ layout of the Windows binary package
+
+2004-05-13 Aleksey Sanin <aleksey@aleksey.com>
+
+ * examples/xmldsigverify.c: disable extended debug output
+ (fixed a hole found by Pawel)
+
+2004-04-19 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/nodeset.c: fixing C14N bug with processing namespaces from attributes
+
+2004-04-13 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in docs/download.html docs/index.html docs/news.html:
+ 1.2.5 release preparation
+
+2004-03-16 Aleksey Sanin <aleksey@aleksey.com>
+
+ * include/xmlsec/strings.h src/mscrypto/certkeys.c
+ src/nss/pkikeys.c src/openssl/evp.c src/strings.c: added J node
+ for DSAKeyValue
+ * tests/phaos-xmldsig-three/* tests/testDSig.sh: added new
+ phaos-xmldsig-three XMLDSig tests vectors
+
+Mon Feb 23 17:44:29 2004 Aleksey Sanin <aleksey@aleksey.com>
+
+ * examples/xkms-server.c: finished xkms-server example
+
+Thu Feb 19 16:01:38 2004 Aleksey Sanin <aleksey@aleksey.com>
+
+ * examples/.cvsignore examples/Makefile examples/Makefile.w32
+ examples/xkms-server.c: started work on xkms server example
+
+Thu Feb 19 12:32:55 2004 Aleksey Sanin <aleksey@aleksey.com>
+
+ * include/xmlsec/xkms.h include/xmlsec/xmltree.h src/xkms.c
+ src/xmlsec.c src/xmltree.c: added ID attribute generation for xkms
+ * tests/aleksey-xkms-01/* tests/testXKMS.sh: modified xkms tests
+ to ignore Id attribute in comparison
+
+Fri Feb 13 00:05:02 2004 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in include/xmlsec/private.h: fixed libxslt configuration
+ problem
+
+Mon Feb 9 08:40:26 2004 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/xmltree.c: fixed bug with encrypting nodes with
+ no content (reported by Tomas Seiger)
+
+Sat Feb 7 22:42:11 2004 Aleksey Sanin <aleksey@aleksey.com>
+
+ * include/xmlsec/* src/* tests/*: added XKMS SOAP 1.2 bindings
+
+Thu Feb 5 23:37:24 2004 Aleksey Sanin <aleksey@aleksey.com>
+
+ * apps/xmlsec.c include/* src/* tests/*: added XKMS SOAP 1.1 bindings
+
+Thu Feb 5 16:26:40 2004 Aleksey Sanin <aleksey@aleksey.com>
+
+ * apps/xmlsec.c: added new params for xkms
+ * include/xmlsec/Makefile.am include/xmlsec/private/xkms.h:
+ added new private xmlsec headers folder
+ * include/xmlsec/xmltree.h src/xmltree.c: created code for
+ reading/writing qname values
+ * include/xmlsec/strings.h include/xmlsec/soap.h
+ src/strings.h src/soap.c src/Makefile.am: created basic soap
+ messages parsing framework
+ * include/xmlsec/xkms.h src/xkms.c: added xkms request format
+ enum and parameters
+ * tests/aleksey-xkms-01/ tests/testXKMS.sh: added new tests
+
+Wed Feb 4 01:26:51 2004 Aleksey Sanin <aleksey@aleksey.com>
+
+ * apps/xmlsec.c: created new --xkms-format parameter
+ (plain/soap-1.1/soap-1.2)
+ * configure.in xmlsec.spec.in include/xmlsec/Makefile.am
+ include/xmlsec/private/*: move internal xkms declarations to
+ a newly created "xmlsec/private" includes folder
+ * include/xmlsec/strings.h include/xmlsec/xkms.h
+ src/strings.c src/xkms.c tests/testXKMS.sh: preparation for soap
+ request/response suppport
+
+Tue Feb 3 22:44:36 2004 Aleksey Sanin <aleksey@aleksey.com>
+
+ * apps/xmlsec.c: combined xkms server commands into one
+ * include/xmlsec/* src/*: added ValidateRequest/ValidateResult
+ StatusRequest/StatusResult and CompoundRequest/CompoundResult
+ * tests/aleksey-xkms-01/* tests/testXKMS.sh: added new negative
+ test cases
+
+Tue Feb 3 18:12:10 2004 Aleksey Sanin <aleksey@aleksey.com>
+
+ * apps/xmlsec.c: added xkms server "expected service" param
+ * include/xmlsec/* src/*: created errors fallback when processing
+ xkms requests
+ * tests/aleksey-xkms-01/* tests/testXKMS.sh: added more negative
+ test cases
+
+Tue Feb 3 01:40:29 2004 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in: tweaked my debug environment
+ * include/xmlsec/xmltree.h src/xmltree.c: created string2int and string2bitmap
+ helper klasses
+ * include/xmlsec/keys.h src/keyinfo.c src/keys.c: added KeyUseWith list
+ to the KeyReq object
+ * include/xmlsec/strings.h src/strings.c: added some xkms strings
+ * include/xmlsec/xkms.h src/xkms.c: LocateRequest (except signatures)
+ and most of LocateResult
+
+Mon Feb 2 16:55:13 2004 Aleksey Sanin <aleksey@aleksey.com>
+
+ * include/xmlsec/xkms.h src/strings.c src/xkms.c: read xkms RequestAbstractType
+ and write xkms ResponseQbstractType (no signatures)
+ * Makefile.am tests/testXKMS.sh: created check-xkms target and script
+ * tests/aleksey-xkms-01: even more keys (der/pkcs12 formats),
+ "key not found" tests
+
+Mon Feb 2 13:12:07 2004 Aleksey Sanin <aleksey@aleksey.com>
+
+ * apps/xmlsec.c include/xmlsec/xkms.h include/xmlsec/xmlsec.h src/xkms.c:
+ updated xkms schemas from xkms 2.0, renamed a couple functions
+
+ * tests/aleksey-xkms-01: copied new examples from xkms 2.0 spec
+ and created keys for using with these examples
+
+Mon Jan 26 11:48:42 2004 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in docs/download.html docs/index.html docs/news.html
+ include/xmlsec/version.h: preparation for 1.2.4 release
+ * docs/related.html: added link to PyXmlSec project
+
+Fri Jan 23 16:30:38 2004 Aleksey Sanin <aleksey@aleksey.com>
+
+ * docs/xmlsec-man.html man/xmlsec1-config.1 man/xmlsec1.1
+ xmlsec-config.in: make xmlsec1-config man page generic
+
+Fri Jan 23 09:34:10 2004 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in: and one more config bug from John
+
+Thu Jan 22 16:24:44 2004 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in: and one more gnutls configuration bug from John
+
+Thu 22 Jan 2004 10:56:33 AM PST <aleksey@aleksey.com>
+
+ * src/buffer.c src/list.c: don' pass NULL to xmlRealloc()
+
+Mon Jan 12 13:05:18 2004 Aleksey Sanin <aleksey@aleksey.com>
+
+ * examples/encrypt3.c include/xmlsec/crypto.h include/xmlsec/nss: make
+ exmaples compile with nss (again reported by John)
+
+Mon Jan 12 10:30:24 2004 Aleksey Sanin <aleksey@aleksey.com>
+
+ * xmlsec-config.in: fixed nss configuration bug (reproted by John)
+
+Sat Jan 10 19:03:17 2004 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in src/gnutls/ciphers.c src/gnutls/digests.c src/gnutls/hmac.c:
+ restored support for gnutls < 1.0 by request from John
+
+Mon Jan 5 12:55:44 2004 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in docs/download.html docs/index.html
+ docs/news.html docs/xmlsec-man.html include/xmlsec/version.h
+ man/xmlsec1-config.1 man/xmlsec1.1: preparing 1.2.3 release
+
+Mon Jan 5 12:42:52 2004 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in src/gnutls/ciphers.c src/gnutls/digests.c
+ src/gnutls/hmac.c: upgraded gnutls to 1.0.4 (bug #129190)
+
+Thu 13 Nov 2003 08:19:55 AM PST <aleksey@aleksey.com>
+
+ * src/mscrypto/app.c: fixed non-initialized values (Glenn)
+
+2003-11-11 Aleksey Sanin <aleksey@aleksey.com>
+
+ * docs/download.html docs/index.html docs/news.html
+ man/xmlsec1.1: preparing 1.2.2 release
+
+Mon Nov 10 21:22:36 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/bn.c: fixed xmlSecBnToDecString problem (reported by Edward)
+
+Thu Nov 6 22:52:57 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in: use pkgconfig for configuration if possible
+ (based on Daniel's idea)
+ * include/xmlsec/private.h include/xmlsec/xmltree.h
+ src/errors.c src/openssl/app.c: made xmlSecStrPrintf and
+ xmlSecStrVPrintf declarations private to xmlsec to fix
+ examples build failure
+
+Wed Nov 5 14:19:11 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in: fixed "--with-html-doc" option (patch from Daniel)
+
+Wed Nov 5 13:39:47 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in: fixed "--with-mozilla-ver" option for ./configure
+ script (patch from Daniel)
+
+Wed Oct 29 07:55:17 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in include/xmlsec/xmltree.h src/dl.c
+ src/errors.c src/mscrypto/crypto.c src/nss/crypto.c
+ src/openssl/app.c: fixed snprintf and vsnprintf warnings (bug #125684)
+
+Mon Oct 20 19:34:35 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in: created "--with-html-dir" option
+ to specify docs installation path
+
+Mon Oct 20 08:40:46 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in: load correct static openssl library when
+ more than one one openssl version is available (patch
+ from Roumen, bug #124534)
+
+Mon Oct 13 19:43:52 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in docs/download.html docs/index.html docs/news.html
+ include/xmlsec/version.h: new 1.2.1 release
+
+Mon Oct 13 19:29:55 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in docs/Makefile.am: added support for XMLSEC_DOCDIR
+ environment variable to ./configure script and removed *.sgml
+ files from docs installation
+
+Sat Oct 11 21:16:54 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * include/xmlsec/strings.h include/xmlsec/templates.h
+ src/strings.c src/templates.c: added template functions
+ for creating <enc:KeyReference/> and <enc:DataReference/>
+ nodes (based on patch from Wouter)
+
+Thu 09 Oct 2003 03:59:02 PM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/nodeset.c src/transforms.c: don't ignore nodes on the document
+ root element level (bug #124245)
+
+Sun Oct 5 01:05:30 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * include/xmlsec/transforms.h include/xmlsec/xmldsig.h
+ src/transforms.c src/xmldsig.c src/xpath.c apps/xmlsec.c
+ docs/faq.html: implemented Visa 3D hack to process some
+ URI attributes without XPath/XInclude engines
+
+Thu Oct 2 10:28:59 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/dl.c src/openssl/app.c src/openssl/x509vfy.c: fixing
+ compilation warnings reported in bug #123692
+
+Wed Oct 1 19:05:13 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/gnutls/README src/mscrypto/README src/nss/README
+ src/openssl/README: updated README files
+
+Wed 01 Oct 2003 09:11:58 AM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * include/xmlsec/dl.h: moved closing bracket for "extern "C"
+ a couple lines up to be in the right place (bug #123640)
+
+Mon 29 Sep 2003 07:27:14 PM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * docs/download.html docs/index.html docs/news.html: preparation
+ for 1.2.0 release
+
+Mon 29 Sep 2003 07:07:07 PM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/mscrypto: 2nd code review pass
+
+Sat Sep 27 18:31:20 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * include/xmlsec/openssl/crypto.h src/openssl/app.c
+ src/openssl/crypto.c src/openssl/x509vfy.c: added "default trusted certs"
+ folder and make it an input parameter to xmlSecOpenSSLAppInit method.
+ * examples/xmldsigverify.c: make use of this change
+
+Sat 27 Sep 2003 05:23:41 PM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * examples/ docs/tests/ docs/ : created new xmldsigverify script
+ and upgraded tests
+
+Fri 26 Sep 2003 05:27:08 PM PDT Aleksey Sanin <aleksey@aleksey.com>
+ * src/mscrypto/ include/xmlsec/mscrypto/ : added API documentation
+ from Wouter
+ * docs/ : re-run the docs generation to pickup the new documentation
+
+Thu Sep 25 23:10:19 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * docs/authors.html: added "authors and contributors" page
+ * docs/ man/: regenerated docs to include xmlsec-mscrypto and link to new
+ authors.html page
+ * include/ src/: api reference documentation updates
+
+Thu Sep 25 20:47:11 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * include/xmlsec/keysdata.h: introduced new cert-pem and cert-der
+ key formats (public key in a certificate)
+ * include/xmlsec/nss/app.h nclude/xmlsec/nss/x509.h
+ include/xmlsec/openssl/app.h include/xmlsec/openssl/x509.h
+ src/nss/app.c src/nss/crypto.c src/nss/x509.c
+ src/openssl/app.c src/openssl/x509.c
+ src/mscrypto/app.c: implemented support for new formats
+ in OpenSSL, NSS and MSCrypto
+ * apps/xmlsec.c: added "--pubkey-cert-pem" and "--pubkey-cert-der" options
+ * tests/testDSig.sh tests/merlin-xmldsig-twenty-three/certs/lugh-cert.der:
+ use certificate for public keys
+
+Thu 25 Sep 2003 05:51:37 PM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * include/ src/ win32/ docs/ Makefile.am configure.in: merging
+ from XMLSEC_MSCRYPTO_083103 branch - new xmlsec-mscrypto library
+ implemented by Wouter, general functions for reading keys and certs
+ from memory (openssl/nss/mscrypto), default error callback for nss,
+ moving private keys in 01-phaos-enc tests to pkcs12 file.
+
+Thu Sep 25 11:39:22 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * apps/xmlsec.c: added root nodes namespaces registration
+ for "--node-xpath" command line option processing (by request
+ from Jan-Olof)
+
+Sat 20 Sep 2003 11:19:14 AM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * HACKING: added more info about hacking with xmlsec
+
+Tue Sep 16 11:28:03 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * docs/download.html docs/index.html docs/news.html: preparation
+ for 1.1.2 release
+
+Tue Sep 16 02:28:41 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/Makefile.am: link xmlsec lib with dl librarias
+
+Sun 14 Sep 2003 02:13:51 AM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * tests/testEnc.sh: added "--session-key <key>" paramater
+ to all tests with <EncryptedKey/> (problem reported by Wouter)
+
+Fri 12 Sep 2003 09:43:21 PM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * include/xmlsec/buffer.h src/buffer.c: added functions to convert
+ binary buffer to hex string and vice versa (based on patch from Remy)
+
+Thu Sep 11 17:08:15 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/Makefile.am src/dl.c src/xmlsec-ltdl.h src/xmlsec-ltdl.patch
+ win32/Makefile.msvc: use ltdl on Windows too
+
+Thu Sep 11 16:39:18 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/ltdl.* src/Makefile.am: upgraded to ltdl from libtool 1.4
+
+Wed Sep 10 18:12:52 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * xmlsec.spec.in: separated xmlsec and xmlsec-devel RPM
+ pacakges into xmlsec, xmlsec-openssl, xmlsec-devel and xmlsec-openssl-devel
+
+Wed Sep 10 13:19:10 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * include/xmlsec/version.h include/xmlsec/version.h.in
+ include/xmlsec/xmlsec.h src/xmlsec.c
+ src/gnutls/crypto.c src/nss/crypto.c
+ src/openssl/crypto.c src/skeleton/crypto.c:
+ apps/xmlsec.c examples/*.c
+ docs/api/chapters/init-and-shutdown.sgml: implemented new
+ function and macroses to check loaded xmlsec library
+ version from xmlsec-crypto libraries and apps
+
+Wed Sep 10 12:36:17 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/dl.c win32/Makefile.msvc win32/mycfg.bat: implemented
+ dynamic xmlsec-crypto libraries loading for Windows
+
+Wed Sep 10 00:02:55 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * Makefile.am configure.in xmlsec-config.in xmlsec.pc.in: added
+ support for xmlsec-crypto DL mode in xmlsec.pc and xmlsec-config files
+
+ * examples/*: added support for xmlsec-crypto DL mode to examples
+
+ * include/xmlsec/app.h include/xmlsec/private.h
+ include/xmlsec/version.h include/xmlsec/x509.h
+ src/app.c src/x509.c src/xkms.c: new API reference documentation
+
+ * docs/* man/* : included info about xmlsec-crypto DL mode in
+ tutorial and re-build docs to include new api reference docs
+
+ * tests/testDSig.sh tests/testEnc.sh tests/testKeys.sh: added
+ additional information printout
+
+ * win32/Makefile.msvc: excluded XKMS from windows builds
+
+Tue Sep 9 16:14:01 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * win32/Makefile.msvc win32/configure.js win32/mycfg.bat win32/mycfg_nss.bat:
+ windows build cleanup (bug #121579)
+
+Tue Sep 9 12:52:00 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * Makefile.am apps/* configure.in include/* src/* tests/*: implemented
+ loading xmlsec-crypto libraries as plugins (bug #121579)
+ * win32/: change build to allow building of more than one
+ xmlsec-crypto library (bug #121579)
+
+Sun 24 Aug 2003 05:20:14 PM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * docs/faq.html: upgraded licenses FAQ section to include
+ information about xmlsec-nss and xmlsec-gnutls
+
+Fri Aug 22 11:06:28 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * win32/Makefile.msvc: fixed linkinig problem on Windows (bug #120498)
+
+Fri Aug 22 09:54:04 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in include/xmlsec/errors.h: determine if __FUNCTION__ or
+ __func__ are defined from ./configure script. This should fix bug #120469
+ and prevent this problem from happening in the future.
+ * src/c14n.c src/openssl/kt_rsa.c src/transforms.c: fixed minor
+ warnings because of using strcmp, strchr, etc. functions with xmlChar*
+ variables by switching to xmlStrcmp, xmlStrchr, etc. (also bug #120469)
+
+Wed Aug 20 21:26:00 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in docs/api/sgml/version.sgml docs/api/xmlsec-version.html
+ docs/index.html docs/news.html docs/xmlsec-man.html
+ include/xmlsec/version.h man/xmlsec1-config.1 man/xmlsec1.1: new 1.1.1
+ release preparation
+ * docs/*: re-run docs generation/formatting
+
+Fri Aug 8 22:18:45 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/xpath.c: register namespaces before processing XPointer
+ expression in the URI attribute (bug #119462, reported by Steve)
+
+Fri Aug 8 09:06:53 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * include/xmlsec/keys.h src/keys.c: added xmlsec-core functions to
+ read keys from memory (patch from Joachim)
+
+Thu Aug 7 11:38:43 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * include/xmlsec/openssl/app.h src/openssl/app.c: added functions
+ to read keys and certs in xmlsec-openssl from memory and BIOs
+ (bug #119350, patch based on the code from Joachim)
+
+Wed Aug 6 08:57:20 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * Makefile.am configure.in xmlsec-gnutls.pc.in xmlsec-nss.pc.in
+ xmlsec-openssl.pc.in xmlsecConf.sh.in:
+ config bug fixing and improvements from Roumen
+
+Mon Aug 4 19:39:52 2003 Aleksey Sanin <aleksey@aleksey.com>i
+
+ * include/xmlsec/Makefile.am include/xmlsec/x509.h src/Makefile.am
+ src/x509.c src/openssl/x509.c win32/Makefile.msvc: moved code for
+ reading X509Data node content from xmlsec-openssl to xmlsec-core
+ to allow sharing with xmlsec-nss
+ * src/nss/README src/nss/x509.c: added X509Data templates support
+ for xmslec-nss (bug #118636, based on patch from Tej)
+
+Mon 04 Aug 2003 04:06:02 PM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * docs: rebuilding docs to get nss api reference
+
+Mon Aug 4 14:47:02 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * Makefile.am xmlsec.spec.in: added HACKING file to the distribution
+ * docs/download.html docs/index.html docs/news.html: updated docs
+ for new 1.1.0 release
+
+Wed Jul 30 18:35:15 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * xmlsec-gnutls.pc.in xmlsec-nss.pc.in xmlsec-openssl.pc.in: and
+ one more change for the same bug #118685 - don't put "crypto"
+ in version, use xmlsec1-crypto name instead of xmlsec-crypto,
+ don't include nss flags and libs for xmlsec1-nss.pc
+
+Wed Jul 30 15:23:17 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * Makefile.am configure.in xmlsec-gnutls.pc.in xmlsec-nss.pc.in
+ xmlsec-openssl.pc.in xmlsec.pc.in: more *.pc files fixes
+ for the same bug #118685
+
+Wed Jul 30 11:49:20 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * Makefile.am configure.in xmlsec-gnutls.pc.in xmlsec-nss.pc.in
+ xmlsec-openssl.pc.in: created separate *.pc files for xmlsec-crypto
+ libraries (bug #118685 reported by John)
+
+Tue Jul 29 20:20:33 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/nss/README: created xmlsec bugs for remian xmlsec-nss problems
+
+Tue 29 Jul 2003 07:41:18 PM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/ include/ docs/ man/ configure.in: merged xmlsec-nss
+ from the branch (Tej)
+
+Tue Jul 29 08:44:24 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/openssl/x509.c: minor patches for errors (Roumen)
+ * src/xmltree.c: fixed xmlIsEmptyNode() to return false
+ if there is an element child
+
+Mon Jul 28 12:02:40 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * include/xmlsec/keyinfo.h: added XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE flag
+ * include/xmlsec/xmltree.h src/xmltree.c: added xmlSecIsEmptyNode and
+ xmlSecIsEmptyString functions
+ * src/openssl/x509.c: added an ability to write complex X509Data node
+ content (based on patch from Roumen)
+ * tests/testDSig.sh tests/aleksey-xmldsig-01/x509data-test.*: new test for
+ complex X509Data node writing
+ * tests/keys/ca2key.p12 tests/keys/dsakey.p12 tests/keys/rsakey.p12: new
+ pkcs12 keys for tests
+
+Sun 20 Jul 2003 08:10:53 PM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * apps/ include/ src/ docs/api/ Copyright: updated copyrights
+ everywhere
+
+Fri 18 Jul 2003 10:30:33 AM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * HACKING: added a coding and commiting rules
+
+Wed 16 Jul 2003 10:11:23 PM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * examples/README, examples/binary.dat: added examples of using
+ command line tool
+
+Wed 16 Jul 2003 12:50:00 AM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * examples/myw32make.bat win32/mycfg-nss.bat: rename these
+ files to clear exec bit (John)
+
+ * man/Makefile.am: use "--no-info" option in help2man
+
+Mon Jul 14 11:06:16 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in docs/api/sgml/version.sgml docs/download.html
+ docs/api/xmlsec-version.html docs/index.html docs/news.html
+ docs/xmlsec-man.html include/xmlsec/version.h man/xmlsec1-config.1
+ man/xmlsec1.1: preparation for 1.0.4 release
+ * docs/api/xmlsec-notes-encrypt.html docs/api/xmlsec-notes-sign.html:
+ fixed a mistype
+ * docs/extra/xmlsec_oscon_2003.ppt: minor update
+
+Fri Jul 11 13:33:28 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * Makefile.am: fixed builddir != sourcedir one more time (use abs_top_*
+ instead of top_*)
+ * configure.in: upgraded mozilla search path to 1.4
+
+Mon 07 Jul 2003 08:05:18 AM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/openssl/apps.c src/openssl/x509.c src/openssl/x509vfy.c: fixed
+ sk_push() return value check problem (reported by Roumen)
+
+Mon 07 Jul 2003 07:02:46 AM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * Makefile.am: fixed test suite problem when builddir != sourcedir
+ (reported by Roumen)
+
+Thu Jul 3 07:57:25 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/openssl/x509vfy.c: added a const word to suppress
+ warnings (Roumen)
+
+Wed Jul 2 08:53:50 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/openssl/x509vfy.c: fixed certificates subject
+ comparison function to handle multiple occurence
+ of entries with the same value (bug report from
+ Roumen)
+
+Tue Jun 17 19:22:17 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * docs/download.html: fixing links to tarballs for local
+ files (requested by John)
+
+ * examples/myw32make.bat win32/mycfg-nss.bat: clearing exec bit
+
+Mon Jun 16 10:43:34 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in docs/download.html docs/index.html docs/news.html
+ docs/xmlsec-man.html include/xmlsec/version.h man/xmlsec1-config.1
+ man/xmlsec1.1: new 1.0.3 version preparation
+
+ * docs/Makefile.am docs/api-0.0.x/*: fixed second level links
+ processing
+
+ * docs/api/sgml/* docs/api/tmpl/* docs/api/*: added new API calls
+
+Mon Jun 16 09:20:53 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in: fixed NSS config bug #115297
+
+Sun Jun 8 20:08:42 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in: fix for 'make distclean'
+
+Sat Jun 7 20:35:25 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * Makefile.am apps/* include/xmlsec/keysdata.h src/openssl/app.c tests/*:
+ added PKCS#8 support (based on Tej's patch)
+
+Fri Jun 6 14:53:25 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/openssl/x509.c: skip ASN1 time check for OpenSSL 0.9.6
+
+Thu Jun 5 19:32:12 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * docs/*: fixing online verifier link
+
+Wed Jun 4 19:12:21 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in: added _ALL_SOURCE define for aix
+
+Wed Jun 4 08:25:46 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/openssl/x509.c: fix my_gmtime function
+
+Mon 02 Jun 2003 09:38:13 AM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * removed debian folder
+
+Sun Jun 1 20:30:08 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in docs/download.html docs/index.html docs/news.html
+ docs/xmlsec-man.html include/xmlsec/version.h man/xmlsec1-config.1
+ man/xmlsec1.1: preparing 1.0.2 release.
+ * docs/xmldsig-verifier.html: point online verifier to web site
+
+Thu May 29 17:15:04 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/gnutls/Makefile.am src/nss/Makefile.am
+ src/openssl/Makefile.am src/skeleton/Makefile.am: don't use GCC
+ options in Makefiles
+
+Tue May 27 20:12:41 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in xmlsec-config.in xmlsecConf.sh.in
+ src/gnutls/Makefile.am src/nss/Makefile.am src/openssl/Makefile.am:
+ change xmlsec-config script to let user specify crypto engine
+ (requested by John Belmonte)
+
+Sun May 25 22:01:45 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * apps/xmlsec.c docs/xmlsec-man.html man/xmlsec1-config.1 man/xmlsec1.1:
+ fixed help typo (reported by John Belmonte)
+ * examples/README: removed obsolete autoconf information (reported by John Belmonte)
+ * configure.in: added /usr/include/mozilla to NSS include path search list (reported by John Belmonte)
+
+Thu May 15 03:08:18 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * apps/crypto.c apps/crypto.h apps/xmlsec.c: added command line
+ options to support DER keys and certs format (Tej)
+ * Makefile.am: use DER format for all tests
+ * tests/testDSig.sh tests/testEnc.sh tests/testKeys.sh: added a new
+ command line option "key-format" with possible values "der" or "pem"
+ * tests/*/*.der tests/merlin-xmldsig-twenty-three/certs/*.crt:
+ converted PEM keys and certs to DER format, removed *.crt files that
+ used to have DER certificates (Tej)
+ * tests/merlin-xmlenc-five/*.p8: re-added *.p8 files with '-kb' option
+
+Mon 12 May 2003 01:38:11 PM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in: use '-rpath-link' instead '-rpath' for NSS (Wan-Teh)
+
+Mon May 12 10:01:30 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in: link with NSS using -rpath (Tej)
+
+Mon May 5 08:00:31 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in: new configuration options for NSS (Tej)
+ * src/nss/app.c src/nss/ciphers.c src/nss/crypto.c
+ src/nss/digests.c src/nss/hmac.c: use NSS style includes (Tej)
+
+Fri 02 May 2003 12:00:47 PM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/openssl/app.c: adopt instead of copy the key cert
+ from pkcs12 fil
+
+Thu May 1 08:17:06 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * include/xmlsec/xmltree.h src/xmltree.c src/keysmngr.c:
+ created a new function to quickly create a doc with one root node
+ * src/list.c: fixed bug in xmlPtrListEmpty() function
+ * src/xkms.c: created framework for Locate request/result processing
+
+Wed Apr 30 16:31:10 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * include/xmlsec/strings.h src/strings.c: added strings
+ for XKMS (XKISS) Locate request/result
+
+Wed Apr 30 01:01:06 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * config.h.in configure.in: added check for timegm function
+ * include/xmlsec/keys.h
+ * include/xmlsec/xkms.h src/xkms.c apps/xmlsec.c: framework
+ for xmlSecXkmsLocate/Validate functions
+ * src/keys.c src/openssl/x509.c: added notValidBefore and
+ notValidAfter time frame to xmlSecKey
+ * src/xmldsig.c src/xmlenc.c: added "output" asserts to
+ the *DebugDump() and *DebugXmlDump() functions
+ * tests/aleksey-xkms-01/locate-compound.xml
+ tests/aleksey-xkms-01/locate-key-from-usewith.xml
+ tests/aleksey-xkms-01/locate-keyvalue-from-x509.xml
+ tests/aleksey-xkms-01/readme.txt: XKMS test cases
+
+Tue Apr 29 16:37:18 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in include/xmlsec/Makefile.am include/xmlsec/strings.h
+ include/xmlsec/xkms.h include/xmlsec/xmlsec.h
+ src/Makefile.am src/strings.c src/xkms.c apps/xmlsec.c: first
+ XKMS framework (disabled by default)
+
+Mon Apr 28 21:13:03 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * docs/download.html docs/index.html docs/news.html: preparing
+ 1.0.1 release.
+
+Sun Apr 27 18:05:23 2003 Igor Zlatkovic <igor@zlatkovic.com>
+
+ * win32/Makefile.msvc: defined _REENTRANT to enable compilation
+ with threaded libxml2
+
+Thu Apr 24 08:15:32 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * config.h.in configure.in include/xmlsec/xmlsec.h: use
+ '#define' instead of 'typedef' for the new xmlSecSize and
+ xmlSecByte types in order to keep ABI
+
+Tue Apr 22 13:51:33 2003 Igor Zlatkovic <igor@zlatkovic.com>
+
+ * win32/configure.js: updated the email address in the generated
+ readme.txt file.
+
+Sun 20 Apr 2003 03:12:02 PM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * docs/*: updated docs with new xmlSecByte and xmlSecSize types
+ * configure.in include/xmlsec/version.h: upgraded version to 1.0.1
+
+Sun 20 Apr 2003 02:57:06 PM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/* include/* apps/*: replaced 'unsigned char' with xmlSecByte
+ typedefed to 'unsigned char' to make happy OpenBSD on sparc64
+ * examples/*: replaced configure.in with simple Makefile to
+ prevent problems on different platforms
+
+Sun 20 Apr 2003 02:37:41 PM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/* include/* apps/*: replaced size_t with xmlSecSize
+ typedefed to 'unsigned int' to make happy OpenBSD on sparc64
+
+Sat Apr 19 01:08:30 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/openssl/kw_des.c src/openssl/signatures.c:
+ included openssl/sha.h to help OpenBSD port
+
+Wed 26 Mar 2003 01:43:24 AM PST Aleksey Sanin <aleksey@aleksey.com>
+
+ * docs: 0.1.1 release
+
+Wed Mar 19 22:56:49 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in include/xmlsec/version.h
+ docs/download.html docs/index.html docs/news.html
+ xmlsec.pc xmlsec.spec: 0.0.14 release
+
+Wed Mar 19 10:59:41 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * apps/xmlsec.c: force Signature or EncryptedData node
+ selection when specifing start node from xmlsec tool
+ command line
+
+Mon Mar 10 07:59:55 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/transforms.c: fixed Reference URI evaluation for
+ the "xmlns()xpointer()" construction
+
+Wed Mar 5 19:43:43 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * docs/index.html docs/news.html: new 0.1.0 release
+
+Mon Feb 24 10:04:36 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/xmltree.c src/xslt.c: fixed bug in xmlSecTransformXsltAdd
+
+Fri Feb 21 13:06:44 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in include/xmlsec/version.h
+ docs/download.html docs/index.html docs/news.html
+ xmlsec.pc xmlsec.spec: 0.0.13 release
+
+Fri Feb 21 12:59:48 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/transforms.c: fixed incorrect processing of more than
+ 3 binary transforms in a row
+
+Mon Feb 17 09:34:12 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * docs/api/* include/xmlsec/xmldsig.h
+ src/keysmngr.c src/xmldsig.c: minor documentation bug fixes
+ based on Jesse Pelton's email
+
+Fri Feb 14 12:44:48 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/x509.c: set "verified" cert when loading pkcs12 file.
+
+Wed Feb 5 09:49:30 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * apps/xmlsec.c include/xmlsec/keysmngr.h
+ src/keysmngr.c src/x509.c: provide an ability
+ to specify max cert verification depth
+ (based on patch from Jean-Etienne SCHWARTZ)
+
+Sun Jan 26 22:04:45 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * config.h.in configure.in include/xmlsec/version.h
+ docs/news.html docs/download.html docs/index.html
+ xmlsec.pc xmlsec.spec: preparation for 0.0.12 release
+
+Sun Jan 26 21:39:56 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * include/xmlsec/digests.h src/hmac.c: fixed 91 bits HMAC
+ bug reported by Rich Salz and Jonathan Wenocur
+ * tests/aleksey-xmldsig-01/dtd-hmac-91.dtd
+ tests/aleksey-xmldsig-01/dtd-hmac-91.tmpl
+ tests/aleksey-xmldsig-01/dtd-hmac-91.xml
+ * tests/testDSig.sh: the test case for 91 bits HMAC bug
+ from Rich Salz and Jonathan Wenocur
+ * apps/xmlsec.c: fixing minor compile warnings for
+ the external DTD patch
+
+Sun Jan 26 18:19:49 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/aes.c src/ciphers.c src/des.c: fixed bug with
+ EVP ciphers for OpenSSL 0.9.7 when last block was not
+ processed for padding
+ * tests/aleksey-xmlenc-01/enc-des3cbc-keyname2.data
+ tests/aleksey-xmlenc-01/enc-des3cbc-keyname2.tmpl
+ tests/aleksey-xmlenc-01/enc-des3cbc-keyname2.xml
+ tests/testEnc.sh: new test case for the bug fixed above
+
+Wed Jan 22 11:37:36 2003 Aleksey Sanin <aleksey@aleksey.com>
+
+ * apps/xmlsec.c man/xmlsec.xml: applied patch from Rich Salz
+ to allo external DTD specification for the xmlsec application
+
+Mon 30 Dec 2002 09:52:58 AM PST Aleksey Sanin <aleksey@aleksey.com
+ * configure.in docs/examples/dsig1/Makefile docs/examples/dsig2/Makefile
+ docs/examples/dsig3/Makefile docs/examples/dsig4/Makefile
+ docs/examples/dsig5/Makefile docs/examples/enc1/Makefile
+ docs/examples/enc2/Makefile src/Makefile.am: fixed bug #102196 --
+ Sun CC does ot have -WAll and -ansi options
+ * include/xmlsec/errors.h: fixed bug #102194 -- Sun CC does not have
+ __FUNCTION__ macro
+
+Sat Dec 21 22:47:33 2002 Aleksey Sanin <aleksey@aleksey.com>
+
+ * apps/xmlsec.c: added "--node-xpath" option for specifing
+ the operation "start node" (code based on patch from
+ Ferrell Moultrie (ISSAtlanta)
+ * src/transforms.c: fixed minor compilation warnings
+ * src/x509.c: certs and crls are base64 encoded with 60 characters
+ lines size (bug #101523)
+
+Mon Dec 2 23:38:34 2002 Aleksey Sanin <aleksey@aleksey.com>
+
+ * config.h.in configure.in include/xmlsec/version.h
+ docs/news.html docs/download.html docs/index.html
+ xmlsec.pc xmlsec.spec: new 0.0.11 release updates
+ * scripts/build_release.sh scripts/push_release.sh
+ scripts/test_release.sh: checking in build scripts I am using
+
+Thu Nov 28 11:57:17 2002 Aleksey Sanin <aleksey@aleksey.com>
+
+ * apps/xmlsec.c: print detailed help report only when
+ user requests it; don't fail if key is not generated
+ when algorithm is disabled
+
+
+Thu Nov 28 10:44:06 2002 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/transforms.c: fixed a bug in numeric references evaluation
+ reported by Ingo Fischer
+
+Wed Oct 30 17:14:03 2002 Aleksey Sanin <aleksey@aleksey.com>
+
+ * config.h.in configure.in: do not add -I/usr/include
+ or -L/usr/lib if OpenSSL happens to be there
+ (patch proposed by Scott Cantor)
+
+Mon Oct 21 11:28:01 CEST 2002 Igor Zlatkovic <igor@stud.fh-frankfurt.de>
+
+ * include/xmlsec/errors.h: fixed the __FUNCTION__ macro logic
+
+2002-10-20 Aleksey Sanin <aleksey@aleksey.com>
+
+ * config.h.in configure.in include/xmlsec/version.h
+ xmlsec.pc xmlsec.spec docs/download.html
+ docs/index.html docs/news.html: preparing 0.0.10 release
+
+Sun 13 Oct 2002 09:37:38 AM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in apps/Makefile.am: added dynamic linking option
+ by request from John Belmonte
+
+Fri Oct 11 09:13:27 2002 Aleksey Sanin <aleksey@aleksey.com>
+
+ * tests/testDSig.sh configure.in apps/xmlsec.c: applied patch from
+ Ferrell Moultrie and removed strptime() function usage completelly
+ * include/xmlsec/errors.h src/errors.c src/x509.c: added more
+ error to the cert verification
+
+Thu Oct 10 00:44:36 2002 Aleksey Sanin <aleksey@aleksey.com>
+
+ * apps/xmlsec.c tests/aleksey-xmldsig-01/enveloping-expired-cert.tmpl
+ tests/aleksey-xmldsig-01/enveloping-expired-cert.xml
+ tests/keys/expired.crt tests/keys/expired.csr tests/keys/expired.key
+ tests/testDSig.sh: added test case to verify the new "expired cert" feature
+
+Wed Oct 9 23:09:46 2002 Aleksey Sanin <aleksey@aleksey.com>
+
+ * apps/xmlsec.c include/xmlsec/x509.h src/keysmngr.c
+ src/x509.c: added support for certificate verification parameter
+ when OpenSSL 0.9.6 is used
+
+Wed Oct 9 20:58:58 2002 Aleksey Sanin <aleksey@aleksey.com>
+
+ * include/xmlsec/keyinfo.h include/xmlsec/keys.h
+ include/xmlsec/keysmngr.h include/xmlsec/x509.h
+ include/xmlsec/xmldsig.h include/xmlsec/xmlenc.h
+ src/keyinfo.c src/keys.c src/keysmngr.c
+ src/x509.c src/xmldsig.c src/xmlenc.c: added certificates
+ verification time parameter as it was suggested in the
+ xmlsec mailing list
+ * apps/xmlsec.c: added "--verification-time" parameter
+ * config.h.in configure.in: added necessary check for
+ strptime() function
+
+Mon Oct 7 19:22:11 2002 Aleksey Sanin <aleksey@aleksey.com>
+
+ * apps/xmlsec.c: added "--output" option to spefcify output file
+ * docs/xmlsec-man.html man/create.sh man/xmlsec.1 man/xmlsec.xml:
+ changed the docs to reflect new "--output" option
+ * tests/testDSig.sh tests/testEnc.sh: changed tests to use new
+ "--output" option
+ * configure.in xmlsec.pc xmlsec.spec: minor config changes
+
+Sun Sep 29 20:12:17 CEST 2002 Igor Zlatkovic <igor@stud.fh-frankfurt.de>
+
+ * win32/Makefile.msvc: resolved further static link issues.
+
+Sat Sep 28 19:14:40 CEST 2002 Igor Zlatkovic <igor@stud.fh-frankfurt.de>
+
+ * include/xmlsec/errors.h: added MSVC to the list of compilers with
+ the predefined __FUNCTION__ macro.
+ * include/xmlsec/xmlsec.h: resolved XMLSEC_EXPORT mess.
+ * win32/Makefile.msvc: introduced a double-run compilation, resolved
+ the static link problems.
+ * win32/configure.js: added the iconv=yes|no option, important when
+ linking statically to libxml.
+
+Wed 25 Sep 2002 21:28:21 PM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * include/xmlsec/x509.h src/x509.c: opened xmlSecX509Data
+ structure by request from Moultrie, Ferrell
+
+Wed 04 Sep 2002 06:54:23 PM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/errors.c: aplied a patch from Ferrell Moultrie (additional
+ errors strings for OpenSSL errors functions)
+
+Tue 03 Sep 2002 06:24:57 PM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * xmlsec-config.in: fixed a bug when xslt is not available
+
+Mon 02 Sep 2002 12:20:03 PM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * docs/*: added LibXML2, LibXSLT and OpenSSL logos
+
+Sat Aug 31 17:12:56 2002 Aleksey Sanin <aleksey@aleksey.com>
+
+ * include/xmlsec/keys.h include/xmlsec/x509.h
+ include/xmlsec/xmldsig.h include/xmlsec/xmlenc.h
+ src/keys.c src/x509.c src/xmldsig.c src/xmlenc.c:
+ added new function *DebugXmlDump() to print debug info
+ in XML format
+ * apps/xmlsec.c man/xmlsec.1 man/xmlsec.xml: added new
+ options '--print-xml' and '-print-to-file'
+
+Sat 31 Aug 2002 03:43:20 PM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * docs/examples: added a new dsig example from Devin Heitmueller
+
+Thu 29 Aug 2002 01:48:35 PM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * docs/examples/dsig3 docs/examples/dsig4: fixed minor problems
+
+Thu 29 Aug 2002 08:52:02 AM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * apps/xmlsec.c: fixed minor copy/paste typo (thanks to Devin Heitmueller)
+
+Wed 28 Aug 2002 04:22:10 PM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in docs: new 0.0.9 release to fix release packaging problems
+
+Fri Aug 23 10:54:39 2002 Aleksey Sanin <aleksey@aleksey.com>
+
+ * configure.in docs/download.html docs/index.html docs/news.html:
+ New 0.0.8 release.
+
+Thu Aug 15 21:08:41 2002 Aleksey Sanin <aleksey@aleksey.com>
+
+ * docs/api/* include/xmlsec/Makefile.am include/xmlsec/xpath.h
+ src/xpath.c: removed xpath "here()" function declaration
+ from global view and xpath.h file, rebuilt docs.
+
+Thu 15 Aug 2002 08:45:26 PM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * docs/api/* src/* include/xmlsec/*: finished writing
+ documentation for 370+ internal and external symbols
+
+Thu 15 Aug 2002 08:14:50 AM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * tests/keys/README: applied patch from <xafilac@gmx.de>
+ (bug #90824)
+
+Wed Aug 14 19:38:56 2002 Aleksey Sanin <aleksey@aleksey.com>
+
+ * NEWS README: minor updates
+ * docs/documentation.html docs/xmlsec-man.html man/Makefile.am:
+ published xmlsec utility man page
+
+Wed Aug 14 19:27:09 2002 Aleksey Sanin <aleksey@aleksey.com>
+
+ * docs/api/* include/xmlsec/base64.h include/xmlsec/bn.h
+ include/xmlsec/transforms.h src/aes.c src/base64.c
+ src/bn.c src/buffered.c src/c14n.c src/ciphers.c
+ src/des.c src/digests.c src/dsa.c src/enveloped.c
+ src/xmltree.c: and more and more documentation
+
+Wed Aug 14 17:32:23 2002 Aleksey Sanin <aleksey@aleksey.com>
+
+ * docs/api/* include/xmlsec/transforms.h
+ include/xmlsec/transformsInternal.h include/xmlsec/version.h
+ include/xmlsec/version.h.in src/errors.c src/xpath.c:
+ and more documentation...
+
+Wed Aug 14 16:30:44 2002 Aleksey Sanin <aleksey@aleksey.com>
+
+ * docs/api/* include/xmlsec/keyinfo.h include/xmlsec/keys.h
+ include/xmlsec/keysmngr.h include/xmlsec/xmldsig.h
+ include/xmlsec/xmlenc.h src/debug.c src/keyinfo.c
+ src/keys.c src/keysmngr.c src/xmldsig.c src/xmlenc.c
+ tests/keys.xml: more documentation...
+
+Wed Aug 14 13:08:32 2002 Aleksey Sanin <aleksey@aleksey.com>
+
+ * docs/api/* include/xmlsec/errors.h include/xmlsec/xmldsig.h
+ include/xmlsec/xmlenc.h src/errors.c src/xmldsig.c
+ src/xmlenc.c src/xmlsec.c: added comments and rebuild documentation
+ * docs/faq.html: update FAQ
+
+Wed 14 Aug 2002 09:44:31 AM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * apps/xmlsec.c: fixed random numbers initialization
+
+Tue 13 Aug 2002 09:11:45 PM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * win32/* src/errors.c apps/xmlsec.c: made required changes
+ to support new stuff in win32 port
+
+Tue Aug 13 13:59:32 2002 Aleksey Sanin <aleksey@aleksey.com>
+
+ * apps/xmlsec.c configure.in src/ciphers.c src/des.c src/dsa.c
+ src/hmac.c src/rsa.c: replaced XMLSEC_OPENSSL097 define with
+ XMLSEC_OPENSSL096 define
+ * docs/api/*: updated docs with new errors reporting functions
+
+Tue 13 Aug 2002 01:36:16 PM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * include/xmlsec/errors.h src/*.c configure.in: changed
+ error reporting system and updated all files accordingly
+
+Thu 08 Aug 2002 10:56:56 AM PDT Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/xpath.c: removed XPointer support from XPath 2 filter
+
+Wed Aug 7 14:32:44 2002 Aleksey Sanin <aleksey@aleksey.com>
+
+ * include/xmlsec/transforms.h include/xmlsec/xmlsec.h
+ src/transforms.c src/xmlsec.c src/xpath.c: added XPointer
+ transform (Additional XML Security URIs)
+ * tests/aleksey-xmldsig-01/xpointer-hmac.tmpl
+ tests/aleksey-xmldsig-01/xpointer-hmac.xml
+ tests/merlin-xpath-filter2-three/sign-xfdl.tmpl
+ tests/testDSig.sh: test cases for XPointer transform
+
+
+Wed Aug 7 01:08:13 2002 Aleksey Sanin <aleksey@aleksey.com>
+
+ * src/transforms.c src/xmldsig.c src/xmlenc.c: full
+ xpointers support in Reference URIs is added
+ * include/xmlsec/xmltree.h src/xmltree.c src/xmlsec.c
+ apps/xmlsec.c : removed the IDs hack
+ * docs/xmldsig-interop.html: added full XPointers support
+ * tests/*: added ID attribute declaration when necessary
+
+Tue Aug 6 09:51:54 2002 Aleksey Sanin <aleksey@aleksey.com>
+ * docs/api: updated docs with new stuff
+ * man/xmlsec-config.1: fixed minor problems in help file
+ * include/xmlsec/nodeset.h src/enveloped.c src/nodeset.c
+ src/transforms.c src/xmldsig.c src/xpath.c: changed new
+ functions names
+
+Mon Aug 5 22:55:05 2002 Aleksey Sanin <aleksey@aleksey.com>
+
+ * Makefile.am tests/testDSig.sh tests/testEnc.sh: added
+ 'perfcheck' flag to the Makefile for performance testing
+
+Mon Aug 5 21:11:41 2002 Aleksey Sanin <aleksey@aleksey.com>
+
+ * include/xmlsec/nodeset.h include/xmlsec/transforms.h
+ src/enveloped.c src/nodeset.c src/xpath.c: new node set
+ code improved performaance (8-10 times!!!)
+
+Mon Aug 5 17:58:31 2002 Aleksey Sanin <aleksey@aleksey.com>
+ * Makefile.am configure.in src/xpathalt.c:
+ Removed alt xpath trasnform implementation as outdated
+ * include/xmlsec/nodeset.h src/nodeset.c
+ src/Makefile.am include/xmlsec/Makefile.am
+ include/xmlsec/transforms.h include/xmlsec/transformsInternal.h
+ src/transforms.c include/xmlsec/xmltree.h src/xmltree.c
+ src/c14n.c src/enveloped.c src/xmldsig.c
+ src/xpath.c: create xmlsec specific nodes set object
+ and start using it everythere
+ * src/x509.c: updated the code to use new openssl 0.9.7 builds
+
+Wed Jul 31 23:38:18 2002 Aleksey Sanin <aleksey@aleksey.com>
+
+ * Makefile.am configure.in: added "enable-profiling" config option
+ * docs/download.html docs/index.html src/c14n.c:
+ starting XPath and enveloped transforms performance improvements
+ * tests/Makefile.am tests/merlin-c14n-three/* tests/testDSig.sh:
+ added one more Merlin's test suite for exc-c14n
+
+Wed Jul 31 15:56:17 2002 Aleksey Sanin <aleksey@aleksey.com>
+ * apps/xmlsec.c src/xpath.c tests/testDSig.sh: improved
+ XPath2 performance
+
+Wed Jul 31 11:45:09 2002 Aleksey Sanin <aleksey@aleksey.com>
+ * include/xmlsec/xmlsec.h src/keyinfo.c src/xmlsec.c src/xpath.c
+ tests/Makefile.am tests/testDSig.sh tests/merlin-xpath-filter2-three:
+ updated XPath2 transform implementation according to the
+ latest spec and added Merlin's tests for it
+
+Thu 18 Jul 2002 08:51:16 AM PDT Aleksey Sanin <aleksey@aleksey.com>
+ * src/x509.c: fixed problems with using self-signed certs
+ for signatures
+
+Thu Jul 11 19:30:31 2002 Aleksey Sanin <aleksey@aleksey.com>
+ * Makefile.am configure.in xmlsec.spec.in xmlsec.pc xmlsec.pc.in:
+ Add pkgconfig script
+
+ * tests/Makefile.am tests/testDSig.sh tests/testEnc.sh tests/testKeys.sh:
+ more fixes for dist
+
+Thu Jul 11 17:17:22 2002 Aleksey Sanin <aleksey@aleksey.com>
+ * configure.in src/Makefile.am tests/Makefile.am: fixed
+ minor dist bugs
+
+Thu Jul 11 11:47:14 2002 Aleksey Sanin <aleksey@aleksey.com>
+ * Makefile.am docs/* docs/api/*: added faq and documentation
+ pages
+
+Thu Jul 11 9:19:45 2002 Aleksey Sanin <aleksey@aleksey.com>
+ * Makefile.am configure.in docs/api/*: added API docs
+ generation
+
+Wed Jul 10 21:39:59 2002 Aleksey Sanin <aleksey@aleksey.com>
+ * AUTHORS Makefile.am debian/* : added Debian packaging scripts from
+ John Belmonte <jvb@prairienet.org>
+
+Wed Jul 10 21:24:43 2002 Aleksey Sanin <aleksey@aleksey.com>
+ * include/xmlsec/*.h src/*.c: some comments added
+
+Wed Jul 10 18:06:12 2002 Aleksey Sanin <aleksey@aleksey.com>
+ * Makefile.am config.h.in configure.in man/* xmlsec.spec.in:
+ man pages for xmlsec and xmlsec-config were added
+ * apps/xmlsec.c: "--version" and "--help" options added
+
+Wed Jul 10 21:41:21 2002 Igor Zlatkovic <igor@stud.fh-frankfurt.de>
+ * win32/Makefile.msvc: Fixed minor typos, static link flags
+ and bindist target
+ * apps/xmlsec.c: Added snprintf -> _snprintf mapping for MS
+ C-runtime
+
+Wed Jul 10 8:45:23 2002 Aleksey Sanin <aleksey@aleksey.com>
+ * configure.in docs/* : 0.0.7 release
+
+Fri Jun 21 00:48:52 2002 Aleksey Sanin <aleksey@aleksey.com>
+ * Makefile.am configure.in: added win32 folder to the
+ distribution
+
+2002-06-20 Aleksey Sanin <aleksey@aleksey.com>
+ * apps/xmlsec.c: added password protected pem files
+ support
+
+2002-06-19 Aleksey Sanin <aleksey@aleksey.com>
+ * include/xmlsec/xmltree.h src/xmlsec.c src/xmltree.c:
+ fixed ID attribute bug found by Sascha Breite
+
+Mon Jun 3 21:18:54 2002 Aleksey Sanin <aleksey@aleksey.com>
+ * src/enveloped.c: improved performance
+
+Thu May 30 21:29:21 2002 Aleksey Sanin <aleksey@aleksey.com>
+ * src/xmltree.c: propagating XPath fix from LibXML2
+
+Wed May 29 21:28:13 2002 Aleksey Sanin <aleksey@aleksey.com>
+ * apps/xmlsec.c include/xmlsec/keysmngr.h include/xmlsec/x509.h
+ src/keysmngr.c src/x509.c tests/keys.xml: pkcs12 support added
+
+Wed 29 May 2002 12:07:35 AM PDT Aleksey Sanin <aleksey@aleksey.com>
+ *: merged 0.0.6 release from local CVS
+ *: win32 port
+ *: xpath filter2
+ *: custom network handlers
+
+Mon 29 Apr 2002 12:07:35 AM PDT Aleksey Sanin <aleksey@aleksey.com>
+ *: Significant API re-factoring (make it more simple and consistent)
+ *: added symmetric Key Wrappers support (AES, DES)
+ *: added RIPEMD-160 support
+
+Sat 30 Mar 2002 12:55:30 AM PST Aleksey Sanin <aleksey@aleksey.com>
+ *: Finished x509 supprot
+ *: Added functions to create signature "on-the-fly"
+ *: Updated examples and docs
+ *: Fixed header files installation bug
+
+Wed 27 Mar 2002 11:20:42 PM PST Aleksey Sanin <aleksey@aleksey.com>
+ *: Added x509 verification support and a skeleton for x509
+ x509 based sigantures
+
+Tue 26 Mar 2002 06:30:10 PM PST Aleksey Sanin <aleksey@aleksey.com>
+ *: The result of operation (sign/verify) is returned in the
+ list of xmlDSigSignature objects. Application can examine
+ the key and signature method, content just before digesting or
+ signing, etc. and decide what to do with it.
+ *: The Transform and KeyInfo code was significantly re-written and
+ separated from the XMLDSig code with a goal to reuse in in
+ XML Signature or whatever.
+ *: Added support for RetrievalMethod and Manifests (pretty simple
+ adter the first change because both are based on Transforms)
+ *: Added XSLT support (based on libxslt from Daniel Veillard)
+
diff --git a/Copyright b/Copyright
new file mode 100644
index 00000000..23e43728
--- /dev/null
+++ b/Copyright
@@ -0,0 +1,105 @@
+xmlsec, xmlsec-openssl, xmlsec-gnutls, xmlsec-gcrypt libraries
+------------------------------------------------------------------------------
+
+Copyright (C) 2002-2010 Aleksey Sanin. All Rights Reserved.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is fur-
+nished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FIT-
+NESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ALEKSEY SANIN BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CON-
+NECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of Aleksey Sanin shall not
+be used in advertising or otherwise to promote the sale, use or other deal-
+ings in this Software without prior written authorization from him.
+
+
+xmlsec-nss library
+------------------------------------------------------------------------------
+Copyright (C) 2002-2010 Aleksey Sanin. All Rights Reserved.
+Copyright (c) 2003 America Online, Inc. All rights reserved.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is fur-
+nished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+Portions of the Software were created using source code and/or APIs
+governed by the Mozilla Public License (MPL). The MPL is available
+at http://www.mozilla.org/MPL/MPL-1.1.html. The MPL permits such
+portions to be distributed with code not governed by MPL, as long
+as the requirements of MPL are fulfilled for such portions.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FIT-
+NESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ALEKSEY SANIN BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CON-
+NECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of Aleksey Sanin shall not
+be used in advertising or otherwise to promote the sale, use or other deal-
+ings in this Software without prior written authorization from him.
+
+
+xmlsec-mscrypto library
+------------------------------------------------------------------------------
+
+Copyright (C) 2002-2010 Aleksey Sanin. All Rights Reserved.
+Copyright (C) 2003 Cordys R&D BV, All rights reserved.
+Copyright (C) 2007 Roumen Petrov.
+Copyright (c) 2005-2006 Cryptocom LTD (http://www.cryptocom.ru).
+
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is fur-
+nished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FIT-
+NESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ALEKSEY SANIN BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CON-
+NECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+Except as contained in this notice, the name of Aleksey Sanin shall not
+be used in advertising or otherwise to promote the sale, use or other deal-
+ings in this Software without prior written authorization from him.
+
+
+
+References
+------------------------------------------------------------------------------
+
+* AOL
+http://www.aleksey.com/pipermail/xmlsec/2003/005488.html
+http://www.aleksey.com/pipermail/xmlsec/attachments/20030729/0e25648e/attachment.htm
+
+* Cordys R&D BV
+http://www.aleksey.com/pipermail/xmlsec/2003/005581.html
+
+* Cryptocom LTD
+http://www.aleksey.com/pipermail/xmlsec/2006/007410.html
+
diff --git a/HACKING b/HACKING
new file mode 100644
index 00000000..851d1628
--- /dev/null
+++ b/HACKING
@@ -0,0 +1,199 @@
+ Rules for commits on the xmlsec module
+ =========================================
+
+0) DO NOT COMMIT DIRECTLY !
+If you have a patch send a mail to xmlsec@aleksey.com mailing
+list (you must be subscribed to the list, go to
+http://www.aleksey.com/mailman/listinfo/xmlsec to subscribe).
+
+If there is a problem in xmlsec module that prevents you
+from building other major components then feel free to patch
+first and then send a mail. This is an EXCEPTIONAL case and
+you should be VERY carefull when you are doing this.
+
+Igor Zlatkovic get an exception for the send before commit rule.
+
+1) Coding style.
+ - Formatting. Just for clarification, the formating is:
+
+ tab size=8;indentation=4;insert spaces=yes
+
+ - Use explicit "!= NULL", "!= 0", etc. This makes code
+ easier to read and remove warnings on some platform.
+ Example:
+ BAD:
+ if(a)
+ GOOD:
+ if(a != NULL)
+ or
+ if(a != 0)
+
+ - Put figure brackets '{}' even if you have only one operator
+ in "if", "for", etc. This also makes code easier to read and
+ saves a lot of time when you need to quickly change something.
+ Example:
+ BAD:
+ if(a != NULL)
+ xmlFree(a);
+ GOOD:
+ if(a != NULL) {
+ xmlFree(a);
+ }
+
+ - Use round brackets '()' in conditions to show the precedence order.
+ I don't remember what goes first '<<' or '*', do you?
+ Example:
+ BAD:
+ if(privkey == NULL || pubkey == NULL)
+ GOOD:
+ if((privkey == NULL) || (pubkey == NULL))
+
+ - Use round brackets '()' for "return".
+ Example:
+ BAD:
+ return 0;
+ GOOD:
+ return(0);
+
+ - Check for warnings! Use "--enable-pedantic" option
+ for "configure.in" script to enable as much warnings as possible.
+ Your patch should produce no new warnings and if you'll
+ see something that you can fix, then do it.
+
+ - Check for memory leaks. There is a built in support for
+ valgrind (http://devel-home.kde.org/~sewardj/). In order to use it,
+ use "enable_static_linking" option for "configure.in" script to
+ force static linking of xmlsec command line utility and run
+ "make memcheck" from the top xmlsec source folder. The results are printed
+ at the end. More detailed logs could be found in /tmp/test*.log files.
+
+2) Coding practice
+ - You should trust nobody! Anyone can fool you: user or another application
+ might provide you incorrect data; call to xmlsec or system function might
+ fail with an error code; worse, the same call might fail but the return
+ code is "success" and so on. The patch fixes a lot of places where the
+ original code failed to check input data or function return values.
+ One of my favorite examples is the code that *silently* assumed that
+ base64 decoded value of a RSA public exponent obtained from XML fits
+ in a DWORD. And after that the code did memcpy to copy from xmlSecBuffer
+ to a DWORD variable *without* checking how much data are actualy copied!
+ The trivial DoS attack (at least DoS!!!) is to put very long base64 string
+ in XML file and enjoy the server crash.
+ One of the strongest sides of xmlsec library is that there are very few
+ known ways to crash it (and all of them are related to running the
+ application in an environment with a very limited memory to force a malloc
+ failure). To be a little paranoid is good in this context :)
+
+ - malloc/free vs. xmlMalloc/xmlFree
+ xmlsec library use libxml2 memory management functions. This provides an
+ easy way to replace default memory management functions with custom ones.
+ And this might be very usefull in some cases.
+ Note that crypto library might use a different memory management
+ functions! Be very carefully to do not mix them (i.e. get memory
+ allocated by crypto library function and free it with xmFree).
+
+ - Errors reporting (XMLSEC_ERRORS_R_XMLSEC_FAILED vs. XMLSEC_ERRORS_R_CRYPTO_FAILED)
+ The correct usage rule is:
+ if the failed function starts with "xmlSec" then use
+ XMLSEC_ERRORS_R_XMLSEC_FAILED
+ else if it is xmlMalloc/xmlFree/xmlStrdup/etc then use
+ XMLSEC_ERRORS_R_MALLOC_FAILED
+ else if the function starts with "xml" or "xslt" (i.e. it comes
+ from libxml or libxslt) then use
+ XMLSEC_ERRORS_R_XML_FAILED
+ else if it is related to IO (fopen, fread, fwrite, etc.) then use
+ XMLSEC_ERRORS_R_IO_FAILED
+ else if the function could be used only from xmlsec-crypto (i.e.
+ it is crypto engine related) then use
+ XMLSEC_ERRORS_R_CRYPTO_FAILED
+ else if there is another reason (invalid data, invalid size, etc.)
+ corresponding error reason should be used
+ else
+ it is something new and should be discussed
+ fi
+ Correct error reason is very important. For example, some applications
+ ignore all the XMLSEC_ERRORS_R_XMLSEC_FAILED errors to get to the bottom of
+ the errors stack and report the actual problem.
+
+ - Errors reporting: "size=%d;error=%d" instead of "size %d, error: %d":
+ It would be great if xmlsec-crypto libraries can follow the error message
+ standard adopted in the other files of xmlsec library:
+ "<name1>=<value1>;<name2>=<value2>;..."
+ This greatly helps when one needs to write a logs parser. For example, to
+ find the reason of memory allocation failures.
+
+3) Preparing and submiting a patch.
+If you want to submit a patch please do following:
+ - Get a CVS source copy (see http://www.aleksey.com/xmlsec/download.html).
+ It's much easier to prepare patch from CVS than to diff two set of files.
+ - Test your patch! Make sure that your patch complain with xmlsec coding
+ style (see above) and that you don't introduce new warnings or memory leaks
+ (also see above). If you have a new functionality in the patch,
+ do not forget to add a test case(s) in the xmlsec test suite.
+ - If you have new files in your patch mark them "to be added" with
+ cvs add <filename>
+ command. If you have binary files, do not forget to use '-kb' option
+ cvs add -kb <filename>
+ If you have new folders in your patch and you don't have write access to CVS,
+ send a mail to xmlsec@aleksey.com and I'll create them for you.
+ - Prepare patch by running diff command from the top of the source tree:
+ cvs -z3 diff -uN [<file or folder names>...] > <output filename>
+ The file or folder names are optional and you can use it to save
+ yourself some time. "-u" option produces a human readble diff,
+ "-N" option includes to the diff new files created on prevous step.
+ Finally, "-z3" forces cvs to compress the network traffic and make things
+ faster. Please use ".diff" extension in your output filename. This will
+ add colors to my editor when I would be looking at it :)
+ - Gzip or zip your diff file! Don't send plain diff file because some mailers
+ corrupt it.
+ - Send your patch along with a short description of the problem or feature
+ you are fixing/implementing to the xmlsec@aleksey.com mailing list
+ (you must be subscribed to the list, go to http://www.aleksey.com/mailman/listinfo/xmlsec to subscribe).
+ If you are fixing a bug, it might be a good idea to bugzilla it first
+ (http://www.aleksey.com/xmlsec/bugs.html) for the record. Do not forget
+ to put link or bug number in your message if the bug is in bugzilla.
+
+4) Building a release
+- Cleanup, make sure no other changes are pending
+ - make distclean
+ - git status
+- Update Changelog
+- Write about release changes in the release
+ - docs/index.html and docs/news.html
+- Update release number in
+ - configure.in (2 places at the top)
+ - docs/download.html
+- Create build
+ - ./autogen.sh
+ - make
+- Build docs (watch for errors!)
+ - make docs
+- Commit the "prepare for X.Y.Z" release
+ - git commit -m"prepare for X.Y.Z release" -a
+- Run tests, make sure everything is OK
+ - make check
+- Build release
+ - sudo ./scripts/build_release.sh
+- Extract tar file, make sure it works
+ - cd /tmp
+ - tar xvfz /usr/src/redhat/SOURCE/xmlsec1-X.Y.z.tar.gz
+ - cd xmlsec1-X.Y.z
+ - ./configure
+ - make
+ - make check
+- Copy tar file to FTP/Web Download
+- Copy docs/ folder to Web folder
+- Write an announcement email to xmlsec@aleksey.com
+- Update freshmeat.net
+- Relax
+
+
+
+
+
+
+
+
+
+
+
diff --git a/INSTALL b/INSTALL
new file mode 100644
index 00000000..baa984f4
--- /dev/null
+++ b/INSTALL
@@ -0,0 +1,38 @@
+Compilation
+
+1. How to compile XMLSec?
+As most UNIX libraries XMLSec follows the "standard":
+
+ gunzip -c xmlsec-xxx.tar.gz | tar xvf -
+ cd xmlsec-xxxx
+ ./configure --help
+
+to see the options, then the compilation/installation proper
+
+ ./configure [possible options]
+ make
+ make install
+
+Probably you may have to rerun ldconfig or similar utility to
+update your list of installed shared libs. At this point you can check
+that the library is compiled successfully by running
+
+ make check
+
+2.What other libraries are needed to compile/install XMLSec?
+XMLSec requires following libraries:
+
+ LibXML2 (http://xmlsoft.org): a very powerfull XML parsing and
+ manipulating library
+ LibXSLT (http://xmlsoft.org/XSLT/): a nice XSLT processor based
+ on LibXML2
+ OpenSSL (http://www.openssl.org): well known cryptographic library
+
+If you are running a Linux system then there is a good chance that
+you already have all libraries installed. Also XMLSec requires the
+normal C ANSI API (please report any violation to this rule you may find).
+
+
+Aleksey Sanin <aleksey@aleksey.com>
+
+$Id$
diff --git a/Makefile.am b/Makefile.am
new file mode 100644
index 00000000..669f996b
--- /dev/null
+++ b/Makefile.am
@@ -0,0 +1,186 @@
+NULL =
+
+SAFE_VERSION = @XMLSEC_VERSION_SAFE@
+SUBDIRS = include src apps man docs
+TEST_APP = apps/xmlsec1$(EXEEXT)
+DEFAULT_CRYPTO = @XMLSEC_CRYPTO@
+
+bin_SCRIPTS = xmlsec1-config
+pkgconfig_DATA = xmlsec1.pc @XMLSEC_CRYPTO_PC_FILES_LIST@
+pkgconfigdir = $(libdir)/pkgconfig
+confexecdir = $(libdir)
+confexec_DATA = xmlsec1Conf.sh
+m4datadir = $(datadir)/aclocal
+m4data_DATA = xmlsec1.m4
+
+ACLOCAL_AMFLAGS = -I m4
+
+DISTCLEANFILES = \
+ xmlsec1Conf.sh \
+ xmlsec1.pc \
+ xmlsec1-openssl.pc \
+ xmlsec1-nss.pc \
+ xmlsec1-gnutls.pc \
+ xmlsec1-gcrypt.pc \
+ xmlsec1-config \
+ xmlsec1.spec \
+ stamp-h2 \
+ stamp-h3 \
+ stamp-h4 \
+ stamp-h5 \
+ $NULL
+
+EXTRA_DIST = \
+ m4 \
+ examples \
+ scripts \
+ tests \
+ win32 \
+ NEWS \
+ ChangeLog \
+ Copyright \
+ HACKING \
+ xmlsec-openssl.pc.in \
+ xmlsec-nss.pc.in\
+ xmlsec-gnutls.pc.in \
+ xmlsec-gcrypt.pc.in \
+ xmlsec-config.in \
+ xmlsecConf.sh.in \
+ xmlsec.spec.in \
+ xmlsec1Conf.sh \
+ xmlsec1.pc @XMLSEC_CRYPTO_PC_FILES_LIST@ \
+ xmlsec1-config \
+ xmlsec1.spec \
+ xmlsec1.m4 \
+ $(NULL)
+
+EXTRA_CLEAN = \
+ examples \
+ $(NULL)
+
+ABS_SRCDIR=@abs_srcdir@
+ABS_BUILDDIR=@abs_builddir@
+if XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING
+PRECHECK_COMMANDS = \
+ cd $(ABS_SRCDIR) \
+ $(NULL)
+else
+PRECHECK_COMMANDS= \
+ for i in $(XMLSEC_CRYPTO_LIST) ; do \
+ export LD_LIBRARY_PATH="$(ABS_BUILDDIR)/src/$$i/.libs:$$LD_LIBRARY_PATH" ; \
+ done && \
+ cd $(ABS_SRCDIR) \
+ $(NULL)
+endif
+CHECK_CRYPTO_LIST = \
+ $(XMLSEC_CRYPTO_LIST) \
+ $(NULL)
+
+docs: docs-man
+ @(cd docs && $(MAKE) docs)
+
+docs-clean:
+ @(cd docs && $(MAKE) clean)
+
+docs-man:
+ @(cd man && $(MAKE) docs)
+
+check: check-all check-info
+
+check-all: $(TEST_APP)
+ @($(PRECHECK_COMMANDS) && \
+ for crypto in $(CHECK_CRYPTO_LIST) ; do \
+ echo "=================== Checking xmlsec-$$crypto =================================" && \
+ $(SHELL) ./tests/testrun.sh \
+ $(ABS_SRCDIR)/tests/testKeys.sh \
+ $$crypto \
+ $(ABS_SRCDIR)/tests \
+ $(ABS_BUILDDIR)/$(TEST_APP) der \
+ && \
+ $(SHELL) ./tests/testrun.sh \
+ $(ABS_SRCDIR)/tests/testDSig.sh \
+ $$crypto \
+ $(ABS_SRCDIR)/tests \
+ $(ABS_BUILDDIR)/$(TEST_APP) \
+ der \
+ && \
+ $(SHELL) ./tests/testrun.sh \
+ $(ABS_SRCDIR)/tests/testEnc.sh \
+ $$crypto \
+ $(ABS_SRCDIR)/tests \
+ $(ABS_BUILDDIR)/$(TEST_APP) \
+ der \
+ ; \
+ done; )
+
+check-info:
+ @echo "---------------------------- ATTENTION -----------------------------------"
+ @echo "--- Some of the tests use resources located on external HTTP servers. ---"
+ @echo "--- If you have no Internet connection or the external resource is not ---"
+ @echo "--- responding then the test will fail. ---"
+ @echo "---------------------------- ATTENTION -----------------------------------"
+
+check-keys: $(TEST_APP)
+ @($(PRECHECK_COMMANDS) && \
+ $(SHELL) ./tests/testrun.sh \
+ $(ABS_SRCDIR)/tests/testKeys.sh \
+ $(DEFAULT_CRYPTO) \
+ $(ABS_SRCDIR)/tests \
+ $(ABS_BUILDDIR)/$(TEST_APP) \
+ der \
+ )
+
+check-dsig: $(TEST_APP)
+ @($(PRECHECK_COMMANDS) && \
+ $(SHELL) ./tests/testrun.sh \
+ $(ABS_SRCDIR)/tests/testDSig.sh \
+ $(DEFAULT_CRYPTO) \
+ $(ABS_SRCDIR)/tests \
+ $(ABS_BUILDDIR)/$(TEST_APP) \
+ der \
+ )
+
+check-enc: $(TEST_APP)
+ @($(PRECHECK_COMMANDS) && \
+ $(SHELL) ./tests/testrun.sh \
+ $(ABS_SRCDIR)/tests/testEnc.sh \
+ $(DEFAULT_CRYPTO) \
+ $(ABS_SRCDIR)/tests \
+ $(ABS_BUILDDIR)/$(TEST_APP) \
+ der \
+ )
+
+check-xkms: $(TEST_APP)
+ @($(PRECHECK_COMMANDS) && \
+ $(SHELL) ./tests/testrun.sh \
+ $(ABS_SRCDIR)/tests/testXKMS.sh \
+ $(DEFAULT_CRYPTO) \
+ $(ABS_SRCDIR)/tests \
+ $(ABS_BUILDDIR)/$(TEST_APP) \
+ der \
+ )
+
+memcheck-res:
+ @grep -i 'ERROR SUMMARY' /tmp/*.log | sed 's/.*==.*== *//' | sort -u
+ @grep -i 'in use at exit' /tmp/*.log | sed 's/.*==.*== *//' | sort -u
+ @grep -i 'total heap usage' /tmp/*.log | sed 's/.*==.*== *//' | sort -u
+
+memcheck: $(TEST_APP)
+ @(export DEBUG_MEMORY=1 && $(MAKE) check && $(MAKE) memcheck-res)
+
+perfcheck: $(TEST_APP)
+ @(export PERF_TEST=10 && $(MAKE) check)
+
+dist-hook:
+
+cleantar:
+ @($(RM) -f xmlsec*.tar.gz COPYING.LIB)
+
+tar-release: clean cleantar
+ @(unset CDPATH && $(MAKE) dist)
+
+rpm: cleantar tar-release
+ @(unset CDPATH && rpmbuild -ta $(distdir).tar.gz)
+
+rpm-release: clean cleantar rpm
+
diff --git a/Makefile.in b/Makefile.in
new file mode 100644
index 00000000..759a10bb
--- /dev/null
+++ b/Makefile.in
@@ -0,0 +1,1155 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = .
+DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \
+ $(srcdir)/Makefile.in $(srcdir)/config.h.in \
+ $(srcdir)/xmlsec-config.in $(srcdir)/xmlsec-gcrypt.pc.in \
+ $(srcdir)/xmlsec-gnutls.pc.in $(srcdir)/xmlsec-nss.pc.in \
+ $(srcdir)/xmlsec-openssl.pc.in $(srcdir)/xmlsec.pc.in \
+ $(srcdir)/xmlsec.spec.in $(srcdir)/xmlsecConf.sh.in \
+ $(top_srcdir)/configure AUTHORS COPYING ChangeLog INSTALL NEWS \
+ TODO config.guess config.sub depcomp install-sh ltmain.sh \
+ missing
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
+ configure.lineno config.status.lineno
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = config.h
+CONFIG_CLEAN_FILES = xmlsec1.pc xmlsec1Conf.sh xmlsec1-config \
+ xmlsec1-openssl.pc xmlsec1-gnutls.pc xmlsec1-gcrypt.pc \
+ xmlsec1-nss.pc xmlsec1.spec
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(confexecdir)" \
+ "$(DESTDIR)$(m4datadir)" "$(DESTDIR)$(pkgconfigdir)"
+SCRIPTS = $(bin_SCRIPTS)
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+ html-recursive info-recursive install-data-recursive \
+ install-dvi-recursive install-exec-recursive \
+ install-html-recursive install-info-recursive \
+ install-pdf-recursive install-ps-recursive install-recursive \
+ installcheck-recursive installdirs-recursive pdf-recursive \
+ ps-recursive uninstall-recursive
+DATA = $(confexec_DATA) $(m4data_DATA) $(pkgconfig_DATA)
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
+ distclean-recursive maintainer-clean-recursive
+AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
+ $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \
+ distdir dist dist-all distcheck
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = $(SUBDIRS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+distdir = $(PACKAGE)-$(VERSION)
+top_distdir = $(distdir)
+am__remove_distdir = \
+ { test ! -d "$(distdir)" \
+ || { find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
+ && rm -fr "$(distdir)"; }; }
+am__relativize = \
+ dir0=`pwd`; \
+ sed_first='s,^\([^/]*\)/.*$$,\1,'; \
+ sed_rest='s,^[^/]*/*,,'; \
+ sed_last='s,^.*/\([^/]*\)$$,\1,'; \
+ sed_butlast='s,/*[^/]*$$,,'; \
+ while test -n "$$dir1"; do \
+ first=`echo "$$dir1" | sed -e "$$sed_first"`; \
+ if test "$$first" != "."; then \
+ if test "$$first" = ".."; then \
+ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
+ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
+ else \
+ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
+ if test "$$first2" = "$$first"; then \
+ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
+ else \
+ dir2="../$$dir2"; \
+ fi; \
+ dir0="$$dir0"/"$$first"; \
+ fi; \
+ fi; \
+ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
+ done; \
+ reldir="$$dir2"
+DIST_ARCHIVES = $(distdir).tar.gz
+GZIP_ENV = --best
+distuninstallcheck_listfiles = find . -type f -print
+distcleancheck_listfiles = find . -type f -print
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CP = @CP@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GCRYPT_CFLAGS = @GCRYPT_CFLAGS@
+GCRYPT_CRYPTO_LIB = @GCRYPT_CRYPTO_LIB@
+GCRYPT_LIBS = @GCRYPT_LIBS@
+GCRYPT_MIN_VERSION = @GCRYPT_MIN_VERSION@
+GNUTLS_CFLAGS = @GNUTLS_CFLAGS@
+GNUTLS_CRYPTO_LIB = @GNUTLS_CRYPTO_LIB@
+GNUTLS_LIBS = @GNUTLS_LIBS@
+GNUTLS_MIN_VERSION = @GNUTLS_MIN_VERSION@
+GREP = @GREP@
+HELP2MAN = @HELP2MAN@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIBXML_CFLAGS = @LIBXML_CFLAGS@
+LIBXML_CONFIG = @LIBXML_CONFIG@
+LIBXML_LIBS = @LIBXML_LIBS@
+LIBXML_MIN_VERSION = @LIBXML_MIN_VERSION@
+LIBXSLT_CFLAGS = @LIBXSLT_CFLAGS@
+LIBXSLT_CONFIG = @LIBXSLT_CONFIG@
+LIBXSLT_LIBS = @LIBXSLT_LIBS@
+LIBXSLT_MIN_VERSION = @LIBXSLT_MIN_VERSION@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MAN2HTML = @MAN2HTML@
+MKDIR_P = @MKDIR_P@
+MOZILLA_MIN_VERSION = @MOZILLA_MIN_VERSION@
+MSCRYPTO_CFLAGS = @MSCRYPTO_CFLAGS@
+MSCRYPTO_CRYPTO_LIB = @MSCRYPTO_CRYPTO_LIB@
+MSCRYPTO_LIBS = @MSCRYPTO_LIBS@
+MV = @MV@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NSPR_MIN_VERSION = @NSPR_MIN_VERSION@
+NSPR_PACKAGE = @NSPR_PACKAGE@
+NSS_CFLAGS = @NSS_CFLAGS@
+NSS_CRYPTO_LIB = @NSS_CRYPTO_LIB@
+NSS_LIBS = @NSS_LIBS@
+NSS_MIN_VERSION = @NSS_MIN_VERSION@
+NSS_PACKAGE = @NSS_PACKAGE@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_CFLAGS = @OPENSSL_CFLAGS@
+OPENSSL_CRYPTO_LIB = @OPENSSL_CRYPTO_LIB@
+OPENSSL_LIBS = @OPENSSL_LIBS@
+OPENSSL_MIN_VERSION = @OPENSSL_MIN_VERSION@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKGCONFIG_PRESENT = @PKGCONFIG_PRESENT@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+RANLIB = @RANLIB@
+RM = @RM@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+TAR = @TAR@
+U = @U@
+VERSION = @VERSION@
+XMLSEC_APP_DEFINES = @XMLSEC_APP_DEFINES@
+XMLSEC_CFLAGS = @XMLSEC_CFLAGS@
+XMLSEC_CORE_CFLAGS = @XMLSEC_CORE_CFLAGS@
+XMLSEC_CORE_LIBS = @XMLSEC_CORE_LIBS@
+XMLSEC_CRYPTO = @XMLSEC_CRYPTO@
+XMLSEC_CRYPTO_CFLAGS = @XMLSEC_CRYPTO_CFLAGS@
+XMLSEC_CRYPTO_DISABLED_LIST = @XMLSEC_CRYPTO_DISABLED_LIST@
+XMLSEC_CRYPTO_EXTRA_LDFLAGS = @XMLSEC_CRYPTO_EXTRA_LDFLAGS@
+XMLSEC_CRYPTO_LIB = @XMLSEC_CRYPTO_LIB@
+XMLSEC_CRYPTO_LIBS = @XMLSEC_CRYPTO_LIBS@
+XMLSEC_CRYPTO_LIST = @XMLSEC_CRYPTO_LIST@
+XMLSEC_CRYPTO_PC_FILES_LIST = @XMLSEC_CRYPTO_PC_FILES_LIST@
+XMLSEC_DEFINES = @XMLSEC_DEFINES@
+XMLSEC_DL_INCLUDES = @XMLSEC_DL_INCLUDES@
+XMLSEC_DL_LIBS = @XMLSEC_DL_LIBS@
+XMLSEC_DOCDIR = @XMLSEC_DOCDIR@
+XMLSEC_EXTRA_LDFLAGS = @XMLSEC_EXTRA_LDFLAGS@
+XMLSEC_GCRYPT_CFLAGS = @XMLSEC_GCRYPT_CFLAGS@
+XMLSEC_GCRYPT_LIBS = @XMLSEC_GCRYPT_LIBS@
+XMLSEC_GNUTLS_CFLAGS = @XMLSEC_GNUTLS_CFLAGS@
+XMLSEC_GNUTLS_LIBS = @XMLSEC_GNUTLS_LIBS@
+XMLSEC_LIBDIR = @XMLSEC_LIBDIR@
+XMLSEC_LIBS = @XMLSEC_LIBS@
+XMLSEC_NO_AES = @XMLSEC_NO_AES@
+XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_DES = @XMLSEC_NO_DES@
+XMLSEC_NO_DSA = @XMLSEC_NO_DSA@
+XMLSEC_NO_GCRYPT = @XMLSEC_NO_GCRYPT@
+XMLSEC_NO_GNUTLS = @XMLSEC_NO_GNUTLS@
+XMLSEC_NO_GOST = @XMLSEC_NO_GOST@
+XMLSEC_NO_HMAC = @XMLSEC_NO_HMAC@
+XMLSEC_NO_LIBXSLT = @XMLSEC_NO_LIBXSLT@
+XMLSEC_NO_MD5 = @XMLSEC_NO_MD5@
+XMLSEC_NO_MSCRYPTO = @XMLSEC_NO_MSCRYPTO@
+XMLSEC_NO_NSS = @XMLSEC_NO_NSS@
+XMLSEC_NO_OPENSSL = @XMLSEC_NO_OPENSSL@
+XMLSEC_NO_RIPEMD160 = @XMLSEC_NO_RIPEMD160@
+XMLSEC_NO_RSA = @XMLSEC_NO_RSA@
+XMLSEC_NO_SHA1 = @XMLSEC_NO_SHA1@
+XMLSEC_NO_SHA224 = @XMLSEC_NO_SHA224@
+XMLSEC_NO_SHA256 = @XMLSEC_NO_SHA256@
+XMLSEC_NO_SHA384 = @XMLSEC_NO_SHA384@
+XMLSEC_NO_SHA512 = @XMLSEC_NO_SHA512@
+XMLSEC_NO_X509 = @XMLSEC_NO_X509@
+XMLSEC_NO_XKMS = @XMLSEC_NO_XKMS@
+XMLSEC_NO_XMLDSIG = @XMLSEC_NO_XMLDSIG@
+XMLSEC_NO_XMLENC = @XMLSEC_NO_XMLENC@
+XMLSEC_NSS_CFLAGS = @XMLSEC_NSS_CFLAGS@
+XMLSEC_NSS_LIBS = @XMLSEC_NSS_LIBS@
+XMLSEC_OPENSSL_CFLAGS = @XMLSEC_OPENSSL_CFLAGS@
+XMLSEC_OPENSSL_LIBS = @XMLSEC_OPENSSL_LIBS@
+XMLSEC_PACKAGE = @XMLSEC_PACKAGE@
+XMLSEC_STATIC_BINARIES = @XMLSEC_STATIC_BINARIES@
+XMLSEC_VERSION = @XMLSEC_VERSION@
+XMLSEC_VERSION_INFO = @XMLSEC_VERSION_INFO@
+XMLSEC_VERSION_MAJOR = @XMLSEC_VERSION_MAJOR@
+XMLSEC_VERSION_MINOR = @XMLSEC_VERSION_MINOR@
+XMLSEC_VERSION_SAFE = @XMLSEC_VERSION_SAFE@
+XMLSEC_VERSION_SUBMINOR = @XMLSEC_VERSION_SUBMINOR@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+NULL =
+SAFE_VERSION = @XMLSEC_VERSION_SAFE@
+SUBDIRS = include src apps man docs
+TEST_APP = apps/xmlsec1$(EXEEXT)
+DEFAULT_CRYPTO = @XMLSEC_CRYPTO@
+bin_SCRIPTS = xmlsec1-config
+pkgconfig_DATA = xmlsec1.pc @XMLSEC_CRYPTO_PC_FILES_LIST@
+pkgconfigdir = $(libdir)/pkgconfig
+confexecdir = $(libdir)
+confexec_DATA = xmlsec1Conf.sh
+m4datadir = $(datadir)/aclocal
+m4data_DATA = xmlsec1.m4
+ACLOCAL_AMFLAGS = -I m4
+DISTCLEANFILES = \
+ xmlsec1Conf.sh \
+ xmlsec1.pc \
+ xmlsec1-openssl.pc \
+ xmlsec1-nss.pc \
+ xmlsec1-gnutls.pc \
+ xmlsec1-gcrypt.pc \
+ xmlsec1-config \
+ xmlsec1.spec \
+ stamp-h2 \
+ stamp-h3 \
+ stamp-h4 \
+ stamp-h5 \
+ $NULL
+
+EXTRA_DIST = \
+ m4 \
+ examples \
+ scripts \
+ tests \
+ win32 \
+ NEWS \
+ ChangeLog \
+ Copyright \
+ HACKING \
+ xmlsec-openssl.pc.in \
+ xmlsec-nss.pc.in\
+ xmlsec-gnutls.pc.in \
+ xmlsec-gcrypt.pc.in \
+ xmlsec-config.in \
+ xmlsecConf.sh.in \
+ xmlsec.spec.in \
+ xmlsec1Conf.sh \
+ xmlsec1.pc @XMLSEC_CRYPTO_PC_FILES_LIST@ \
+ xmlsec1-config \
+ xmlsec1.spec \
+ xmlsec1.m4 \
+ $(NULL)
+
+EXTRA_CLEAN = \
+ examples \
+ $(NULL)
+
+ABS_SRCDIR = @abs_srcdir@
+ABS_BUILDDIR = @abs_builddir@
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE@PRECHECK_COMMANDS = \
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE@ for i in $(XMLSEC_CRYPTO_LIST) ; do \
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE@ export LD_LIBRARY_PATH="$(ABS_BUILDDIR)/src/$$i/.libs:$$LD_LIBRARY_PATH" ; \
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE@ done && \
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE@ cd $(ABS_SRCDIR) \
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE@ $(NULL)
+
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE@PRECHECK_COMMANDS = \
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE@ cd $(ABS_SRCDIR) \
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE@ $(NULL)
+
+CHECK_CRYPTO_LIST = \
+ $(XMLSEC_CRYPTO_LIST) \
+ $(NULL)
+
+all: config.h
+ $(MAKE) $(AM_MAKEFLAGS) all-recursive
+
+.SUFFIXES:
+am--refresh:
+ @:
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ echo ' cd $(srcdir) && $(AUTOMAKE) --gnu'; \
+ $(am__cd) $(srcdir) && $(AUTOMAKE) --gnu \
+ && exit 0; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ echo ' $(SHELL) ./config.status'; \
+ $(SHELL) ./config.status;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ $(SHELL) ./config.status --recheck
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ $(am__cd) $(srcdir) && $(AUTOCONF)
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ $(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
+$(am__aclocal_m4_deps):
+
+config.h: stamp-h1
+ @if test ! -f $@; then \
+ rm -f stamp-h1; \
+ $(MAKE) $(AM_MAKEFLAGS) stamp-h1; \
+ else :; fi
+
+stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
+ @rm -f stamp-h1
+ cd $(top_builddir) && $(SHELL) ./config.status config.h
+$(srcdir)/config.h.in: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ ($(am__cd) $(top_srcdir) && $(AUTOHEADER))
+ rm -f stamp-h1
+ touch $@
+
+distclean-hdr:
+ -rm -f config.h stamp-h1
+xmlsec1.pc: $(top_builddir)/config.status $(srcdir)/xmlsec.pc.in
+ cd $(top_builddir) && $(SHELL) ./config.status $@
+xmlsec1Conf.sh: $(top_builddir)/config.status $(srcdir)/xmlsecConf.sh.in
+ cd $(top_builddir) && $(SHELL) ./config.status $@
+xmlsec1-config: $(top_builddir)/config.status $(srcdir)/xmlsec-config.in
+ cd $(top_builddir) && $(SHELL) ./config.status $@
+xmlsec1-openssl.pc: $(top_builddir)/config.status $(srcdir)/xmlsec-openssl.pc.in
+ cd $(top_builddir) && $(SHELL) ./config.status $@
+xmlsec1-gnutls.pc: $(top_builddir)/config.status $(srcdir)/xmlsec-gnutls.pc.in
+ cd $(top_builddir) && $(SHELL) ./config.status $@
+xmlsec1-gcrypt.pc: $(top_builddir)/config.status $(srcdir)/xmlsec-gcrypt.pc.in
+ cd $(top_builddir) && $(SHELL) ./config.status $@
+xmlsec1-nss.pc: $(top_builddir)/config.status $(srcdir)/xmlsec-nss.pc.in
+ cd $(top_builddir) && $(SHELL) ./config.status $@
+xmlsec1.spec: $(top_builddir)/config.status $(srcdir)/xmlsec.spec.in
+ cd $(top_builddir) && $(SHELL) ./config.status $@
+install-binSCRIPTS: $(bin_SCRIPTS)
+ @$(NORMAL_INSTALL)
+ test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
+ @list='$(bin_SCRIPTS)'; test -n "$(bindir)" || list=; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n' \
+ -e 'h;s|.*|.|' \
+ -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) { files[d] = files[d] " " $$1; \
+ if (++n[d] == $(am__install_max)) { \
+ print "f", d, files[d]; n[d] = 0; files[d] = "" } } \
+ else { print "f", d "/" $$4, $$1 } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(bindir)$$dir'"; \
+ $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \
+ } \
+ ; done
+
+uninstall-binSCRIPTS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(bin_SCRIPTS)'; test -n "$(bindir)" || exit 0; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 's,.*/,,;$(transform)'`; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(bindir)" && rm -f $$files
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+distclean-libtool:
+ -rm -f libtool config.lt
+install-confexecDATA: $(confexec_DATA)
+ @$(NORMAL_INSTALL)
+ test -z "$(confexecdir)" || $(MKDIR_P) "$(DESTDIR)$(confexecdir)"
+ @list='$(confexec_DATA)'; test -n "$(confexecdir)" || list=; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(confexecdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(confexecdir)" || exit $$?; \
+ done
+
+uninstall-confexecDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(confexec_DATA)'; test -n "$(confexecdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ test -n "$$files" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(confexecdir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(confexecdir)" && rm -f $$files
+install-m4dataDATA: $(m4data_DATA)
+ @$(NORMAL_INSTALL)
+ test -z "$(m4datadir)" || $(MKDIR_P) "$(DESTDIR)$(m4datadir)"
+ @list='$(m4data_DATA)'; test -n "$(m4datadir)" || list=; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(m4datadir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(m4datadir)" || exit $$?; \
+ done
+
+uninstall-m4dataDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(m4data_DATA)'; test -n "$(m4datadir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ test -n "$$files" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(m4datadir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(m4datadir)" && rm -f $$files
+install-pkgconfigDATA: $(pkgconfig_DATA)
+ @$(NORMAL_INSTALL)
+ test -z "$(pkgconfigdir)" || $(MKDIR_P) "$(DESTDIR)$(pkgconfigdir)"
+ @list='$(pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pkgconfigdir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(pkgconfigdir)" || exit $$?; \
+ done
+
+uninstall-pkgconfigDATA:
+ @$(NORMAL_UNINSTALL)
+ @list='$(pkgconfig_DATA)'; test -n "$(pkgconfigdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ test -n "$$files" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(pkgconfigdir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(pkgconfigdir)" && rm -f $$files
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+# (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+ @fail= failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ target=`echo $@ | sed s/-recursive//`; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ dot_seen=yes; \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done; \
+ if test "$$dot_seen" = "no"; then \
+ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+ fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+ @fail= failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ case "$@" in \
+ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+ *) list='$(SUBDIRS)' ;; \
+ esac; \
+ rev=''; for subdir in $$list; do \
+ if test "$$subdir" = "."; then :; else \
+ rev="$$subdir $$rev"; \
+ fi; \
+ done; \
+ rev="$$rev ."; \
+ target=`echo $@ | sed s/-recursive//`; \
+ for subdir in $$rev; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done && test -z "$$fail"
+tags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+ done
+ctags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+ include_option=--etags-include; \
+ empty_fix=.; \
+ else \
+ include_option=--include; \
+ empty_fix=; \
+ fi; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test ! -f $$subdir/TAGS || \
+ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
+ fi; \
+ done; \
+ list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ $(am__remove_distdir)
+ test -d "$(distdir)" || mkdir "$(distdir)"
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test -d "$(distdir)/$$subdir" \
+ || $(MKDIR_P) "$(distdir)/$$subdir" \
+ || exit 1; \
+ fi; \
+ done
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+ $(am__relativize); \
+ new_distdir=$$reldir; \
+ dir1=$$subdir; dir2="$(top_distdir)"; \
+ $(am__relativize); \
+ new_top_distdir=$$reldir; \
+ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
+ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
+ ($(am__cd) $$subdir && \
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$$new_top_distdir" \
+ distdir="$$new_distdir" \
+ am__remove_distdir=: \
+ am__skip_length_check=: \
+ am__skip_mode_fix=: \
+ distdir) \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+ -test -n "$(am__skip_mode_fix)" \
+ || find "$(distdir)" -type d ! -perm -755 \
+ -exec chmod u+rwx,go+rx {} \; -o \
+ ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
+ ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
+ ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
+ || chmod -R a+r "$(distdir)"
+dist-gzip: distdir
+ tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+ $(am__remove_distdir)
+
+dist-bzip2: distdir
+ tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
+ $(am__remove_distdir)
+
+dist-lzma: distdir
+ tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma
+ $(am__remove_distdir)
+
+dist-xz: distdir
+ tardir=$(distdir) && $(am__tar) | xz -c >$(distdir).tar.xz
+ $(am__remove_distdir)
+
+dist-tarZ: distdir
+ tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
+ $(am__remove_distdir)
+
+dist-shar: distdir
+ shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
+ $(am__remove_distdir)
+
+dist-zip: distdir
+ -rm -f $(distdir).zip
+ zip -rq $(distdir).zip $(distdir)
+ $(am__remove_distdir)
+
+dist dist-all: distdir
+ tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+ $(am__remove_distdir)
+
+# This target untars the dist file and tries a VPATH configuration. Then
+# it guarantees that the distribution is self-contained by making another
+# tarfile.
+distcheck: dist
+ case '$(DIST_ARCHIVES)' in \
+ *.tar.gz*) \
+ GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
+ *.tar.bz2*) \
+ bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
+ *.tar.lzma*) \
+ lzma -dc $(distdir).tar.lzma | $(am__untar) ;;\
+ *.tar.xz*) \
+ xz -dc $(distdir).tar.xz | $(am__untar) ;;\
+ *.tar.Z*) \
+ uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
+ *.shar.gz*) \
+ GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\
+ *.zip*) \
+ unzip $(distdir).zip ;;\
+ esac
+ chmod -R a-w $(distdir); chmod a+w $(distdir)
+ mkdir $(distdir)/_build
+ mkdir $(distdir)/_inst
+ chmod a-w $(distdir)
+ test -d $(distdir)/_build || exit 0; \
+ dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
+ && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
+ && am__cwd=`pwd` \
+ && $(am__cd) $(distdir)/_build \
+ && ../configure --srcdir=.. --prefix="$$dc_install_base" \
+ $(DISTCHECK_CONFIGURE_FLAGS) \
+ && $(MAKE) $(AM_MAKEFLAGS) \
+ && $(MAKE) $(AM_MAKEFLAGS) dvi \
+ && $(MAKE) $(AM_MAKEFLAGS) check \
+ && $(MAKE) $(AM_MAKEFLAGS) install \
+ && $(MAKE) $(AM_MAKEFLAGS) installcheck \
+ && $(MAKE) $(AM_MAKEFLAGS) uninstall \
+ && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \
+ distuninstallcheck \
+ && chmod -R a-w "$$dc_install_base" \
+ && ({ \
+ (cd ../.. && umask 077 && mkdir "$$dc_destdir") \
+ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
+ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
+ && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
+ distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \
+ } || { rm -rf "$$dc_destdir"; exit 1; }) \
+ && rm -rf "$$dc_destdir" \
+ && $(MAKE) $(AM_MAKEFLAGS) dist \
+ && rm -rf $(DIST_ARCHIVES) \
+ && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \
+ && cd "$$am__cwd" \
+ || exit 1
+ $(am__remove_distdir)
+ @(echo "$(distdir) archives ready for distribution: "; \
+ list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
+ sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
+distuninstallcheck:
+ @$(am__cd) '$(distuninstallcheck_dir)' \
+ && test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \
+ || { echo "ERROR: files left after uninstall:" ; \
+ if test -n "$(DESTDIR)"; then \
+ echo " (check DESTDIR support)"; \
+ fi ; \
+ $(distuninstallcheck_listfiles) ; \
+ exit 1; } >&2
+distcleancheck: distclean
+ @if test '$(srcdir)' = . ; then \
+ echo "ERROR: distcleancheck can only run from a VPATH build" ; \
+ exit 1 ; \
+ fi
+ @test `$(distcleancheck_listfiles) | wc -l` -eq 0 \
+ || { echo "ERROR: files left in build directory after distclean:" ; \
+ $(distcleancheck_listfiles) ; \
+ exit 1; } >&2
+check-am: all-am
+check: check-recursive
+all-am: Makefile $(SCRIPTS) $(DATA) config.h
+installdirs: installdirs-recursive
+installdirs-am:
+ for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(confexecdir)" "$(DESTDIR)$(m4datadir)" "$(DESTDIR)$(pkgconfigdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+ -test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-recursive
+ -rm -f $(am__CONFIG_DISTCLEAN_FILES)
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-hdr \
+ distclean-libtool distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+html-am:
+
+info: info-recursive
+
+info-am:
+
+install-data-am: install-m4dataDATA install-pkgconfigDATA
+
+install-dvi: install-dvi-recursive
+
+install-dvi-am:
+
+install-exec-am: install-binSCRIPTS install-confexecDATA
+
+install-html: install-html-recursive
+
+install-html-am:
+
+install-info: install-info-recursive
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-pdf-am:
+
+install-ps: install-ps-recursive
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+ -rm -f $(am__CONFIG_DISTCLEAN_FILES)
+ -rm -rf $(top_srcdir)/autom4te.cache
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am: uninstall-binSCRIPTS uninstall-confexecDATA \
+ uninstall-m4dataDATA uninstall-pkgconfigDATA
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) all \
+ ctags-recursive install-am install-strip tags-recursive
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+ all all-am am--refresh check check-am clean clean-generic \
+ clean-libtool ctags ctags-recursive dist dist-all dist-bzip2 \
+ dist-gzip dist-hook dist-lzma dist-shar dist-tarZ dist-xz \
+ dist-zip distcheck distclean distclean-generic distclean-hdr \
+ distclean-libtool distclean-tags distcleancheck distdir \
+ distuninstallcheck dvi dvi-am html html-am info info-am \
+ install install-am install-binSCRIPTS install-confexecDATA \
+ install-data install-data-am install-dvi install-dvi-am \
+ install-exec install-exec-am install-html install-html-am \
+ install-info install-info-am install-m4dataDATA install-man \
+ install-pdf install-pdf-am install-pkgconfigDATA install-ps \
+ install-ps-am install-strip installcheck installcheck-am \
+ installdirs installdirs-am maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \
+ uninstall uninstall-am uninstall-binSCRIPTS \
+ uninstall-confexecDATA uninstall-m4dataDATA \
+ uninstall-pkgconfigDATA
+
+
+docs: docs-man
+ @(cd docs && $(MAKE) docs)
+
+docs-clean:
+ @(cd docs && $(MAKE) clean)
+
+docs-man:
+ @(cd man && $(MAKE) docs)
+
+check: check-all check-info
+
+check-all: $(TEST_APP)
+ @($(PRECHECK_COMMANDS) && \
+ for crypto in $(CHECK_CRYPTO_LIST) ; do \
+ echo "=================== Checking xmlsec-$$crypto =================================" && \
+ $(SHELL) ./tests/testrun.sh \
+ $(ABS_SRCDIR)/tests/testKeys.sh \
+ $$crypto \
+ $(ABS_SRCDIR)/tests \
+ $(ABS_BUILDDIR)/$(TEST_APP) der \
+ && \
+ $(SHELL) ./tests/testrun.sh \
+ $(ABS_SRCDIR)/tests/testDSig.sh \
+ $$crypto \
+ $(ABS_SRCDIR)/tests \
+ $(ABS_BUILDDIR)/$(TEST_APP) \
+ der \
+ && \
+ $(SHELL) ./tests/testrun.sh \
+ $(ABS_SRCDIR)/tests/testEnc.sh \
+ $$crypto \
+ $(ABS_SRCDIR)/tests \
+ $(ABS_BUILDDIR)/$(TEST_APP) \
+ der \
+ ; \
+ done; )
+
+check-info:
+ @echo "---------------------------- ATTENTION -----------------------------------"
+ @echo "--- Some of the tests use resources located on external HTTP servers. ---"
+ @echo "--- If you have no Internet connection or the external resource is not ---"
+ @echo "--- responding then the test will fail. ---"
+ @echo "---------------------------- ATTENTION -----------------------------------"
+
+check-keys: $(TEST_APP)
+ @($(PRECHECK_COMMANDS) && \
+ $(SHELL) ./tests/testrun.sh \
+ $(ABS_SRCDIR)/tests/testKeys.sh \
+ $(DEFAULT_CRYPTO) \
+ $(ABS_SRCDIR)/tests \
+ $(ABS_BUILDDIR)/$(TEST_APP) \
+ der \
+ )
+
+check-dsig: $(TEST_APP)
+ @($(PRECHECK_COMMANDS) && \
+ $(SHELL) ./tests/testrun.sh \
+ $(ABS_SRCDIR)/tests/testDSig.sh \
+ $(DEFAULT_CRYPTO) \
+ $(ABS_SRCDIR)/tests \
+ $(ABS_BUILDDIR)/$(TEST_APP) \
+ der \
+ )
+
+check-enc: $(TEST_APP)
+ @($(PRECHECK_COMMANDS) && \
+ $(SHELL) ./tests/testrun.sh \
+ $(ABS_SRCDIR)/tests/testEnc.sh \
+ $(DEFAULT_CRYPTO) \
+ $(ABS_SRCDIR)/tests \
+ $(ABS_BUILDDIR)/$(TEST_APP) \
+ der \
+ )
+
+check-xkms: $(TEST_APP)
+ @($(PRECHECK_COMMANDS) && \
+ $(SHELL) ./tests/testrun.sh \
+ $(ABS_SRCDIR)/tests/testXKMS.sh \
+ $(DEFAULT_CRYPTO) \
+ $(ABS_SRCDIR)/tests \
+ $(ABS_BUILDDIR)/$(TEST_APP) \
+ der \
+ )
+
+memcheck-res:
+ @grep -i 'ERROR SUMMARY' /tmp/*.log | sed 's/.*==.*== *//' | sort -u
+ @grep -i 'in use at exit' /tmp/*.log | sed 's/.*==.*== *//' | sort -u
+ @grep -i 'total heap usage' /tmp/*.log | sed 's/.*==.*== *//' | sort -u
+
+memcheck: $(TEST_APP)
+ @(export DEBUG_MEMORY=1 && $(MAKE) check && $(MAKE) memcheck-res)
+
+perfcheck: $(TEST_APP)
+ @(export PERF_TEST=10 && $(MAKE) check)
+
+dist-hook:
+
+cleantar:
+ @($(RM) -f xmlsec*.tar.gz COPYING.LIB)
+
+tar-release: clean cleantar
+ @(unset CDPATH && $(MAKE) dist)
+
+rpm: cleantar tar-release
+ @(unset CDPATH && rpmbuild -ta $(distdir).tar.gz)
+
+rpm-release: clean cleantar rpm
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/NEWS b/NEWS
new file mode 100644
index 00000000..d8e5c361
--- /dev/null
+++ b/NEWS
@@ -0,0 +1 @@
+Check ChangeLog file :) \ No newline at end of file
diff --git a/README b/README
new file mode 100644
index 00000000..ef62ab0a
--- /dev/null
+++ b/README
@@ -0,0 +1,15 @@
+XMLSec Library
+----------------------------------------------
+
+XMLSec library provides C based implementation for major XML Security
+standards:
+ * XML Signature Syntax and Processing
+ http://www.w3.org/TR/xmldsig-core
+ * XML Encryption Syntax and Processing
+ http://www.w3.org/TR/xmlenc-core/
+XMLSec is based on well known LibXML (http://xmlsoft.org), LibXSLT
+(http://xmlsoft.org/XSLT) and OpenSSL (http://www.openssl.org) libraries.
+
+This code is released under the MIT Licence see the Copyright file.
+
+Aleksey Sanin <aleksey@aleksey.com>
diff --git a/TODO b/TODO
new file mode 100644
index 00000000..7adb9694
--- /dev/null
+++ b/TODO
@@ -0,0 +1,156 @@
+*************************************************
+ General
+*************************************************
+
+* Unify password callback (one of parameters: filename)
+* Get key usage from certs
+* Extend keys manager to return more info when key is found or not found
+ (what cheks were performed, etc.)
+
+
+*************************************************
+ Tests status
+*************************************************
+
+-------------------------------------------------
+* xmlsec-openssl (April 26, 2010 using OpenSSL 0.9.8g)
+-------------------------------------------------
+
+** Skipped tests due to missing transforms: GOST
+
+aleksey-xmldsig-01/enveloped-gost
+
+
+-------------------------------------------------
+* xmlsec-nss (April 26, 2010 using NSS 3.12.6)
+-------------------------------------------------
+
+** Skipped tests due to missing transforms: RIPEMD160, SHA224, RSA/OAEP, GOST
+
+aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160
+aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160-64
+aleksey-xmldsig-01/enveloping-sha224-hmac-sha224
+aleksey-xmldsig-01/enveloping-sha224-hmac-sha224-64
+aleksey-xmldsig-01/enveloping-ripemd160-rsa-ripemd160
+aleksey-xmldsig-01/enveloping-sha224-rsa-sha224
+aleksey-xmldsig-01/enveloped-gost
+merlin-xmlenc-five/encsig-ripemd160-hmac-ripemd160-kw-tripledes
+merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p
+01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha1
+01-phaos-xmlenc-3/enc-element-aes128-kt-rsa_oaep_sha1
+01-phaos-xmlenc-3/enc-element-aes192-kt-rsa_oaep_sha1
+01-phaos-xmlenc-3/enc-text-aes256-kt-rsa_oaep_sha1
+
+** Failed tests due to no support for CRLs in XML document
+
+merlin-xmldsig-twenty-three/signature-x509-crt-crl
+
+
+-------------------------------------------------
+* xmlsec-mscrypto (May 09, 2010 using Windows XP SP3)
+-------------------------------------------------
+
+** Skipped tests due to missing transforms: RIPEMD160, SHA224
+
+aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160
+aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160-64
+aleksey-xmldsig-01/enveloping-sha224-hmac-sha224
+aleksey-xmldsig-01/enveloping-sha224-hmac-sha224-64
+aleksey-xmldsig-01/enveloping-ripemd160-rsa-ripemd160
+aleksey-xmldsig-01/enveloping-sha224-rsa-sha224
+merlin-xmlenc-five/encsig-ripemd160-hmac-ripemd160-kw-tripledes
+
+** Failed tests due to no GOST crypto providers on test machine
+
+aleksey-xmldsig-01/enveloped-gost
+
+-------------------------------------------------
+* xmlsec-gnutls (May 24, 2010 using GnuTLS)
+-------------------------------------------------
+
+** Skipped tests due to missing transforms: RSA PKCS/OAEP, GOST
+
+aleksey-xmldsig-01/enveloping-sha224-hmac-sha224
+aleksey-xmldsig-01/enveloping-sha224-hmac-sha224-64
+aleksey-xmldsig-01/enveloping-sha224-rsa-sha224
+merlin-xmlenc-five/encrypt-element-aes128-cbc-rsa-1_5
+merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p
+aleksey-xmldsig-01/enveloped-gost
+phaos-xmldsig-three/signature-rsa-manifest-x509-data-crl
+
+01-phaos-xmlenc-3/enc-element-3des-kt-rsa1_5
+01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha1
+01-phaos-xmlenc-3/enc-element-aes128-kt-rsa1_5
+01-phaos-xmlenc-3/enc-element-aes128-kt-rsa_oaep_sha1
+01-phaos-xmlenc-3/enc-element-aes192-kt-rsa_oaep_sha1
+01-phaos-xmlenc-3/enc-text-aes192-kt-rsa1_5
+01-phaos-xmlenc-3/enc-content-aes256-kt-rsa1_5
+01-phaos-xmlenc-3/enc-text-aes256-kt-rsa_oaep_sha1
+
+-------------------------------------------------
+* xmlsec-gcrypt (May 09, 2010 using GCrypt)
+-------------------------------------------------
+
+** Skipped tests due to missing transforms: DSA, RSA PKCS/OAEP, X509, GOST
+
+aleksey-xmldsig-01/enveloping-dsa-x509chain
+aleksey-xmldsig-01/enveloping-rsa-x509chain
+aleksey-xmldsig-01/enveloping-sha224-hmac-sha224
+aleksey-xmldsig-01/enveloping-sha224-hmac-sha224-64
+aleksey-xmldsig-01/enveloping-md5-rsa-md5
+aleksey-xmldsig-01/enveloping-ripemd160-rsa-ripemd160
+aleksey-xmldsig-01/enveloping-sha1-rsa-sha1
+aleksey-xmldsig-01/enveloping-sha224-rsa-sha224
+aleksey-xmldsig-01/enveloping-sha256-rsa-sha256
+aleksey-xmldsig-01/enveloping-sha384-rsa-sha384
+aleksey-xmldsig-01/enveloping-sha512-rsa-sha512
+aleksey-xmldsig-01/enveloping-expired-cert
+aleksey-xmldsig-01/x509data-test
+aleksey-xmldsig-01/x509data-sn-test
+
+merlin-xmldsig-twenty-three/signature-keyname
+merlin-xmldsig-twenty-three/signature-x509-crt
+merlin-xmldsig-twenty-three/signature-x509-sn
+merlin-xmldsig-twenty-three/signature-x509-is
+merlin-xmldsig-twenty-three/signature-x509-ski
+merlin-xmldsig-twenty-three/signature-retrievalmethod-rawx509crt
+merlin-xmldsig-twenty-three/signature
+merlin-xmlenc-five/encsig-hmac-sha256-rsa-1_5
+merlin-xmlenc-five/encsig-hmac-sha256-rsa-oaep-mgf1p
+phaos-xmldsig-three/signature-big
+phaos-xmldsig-three/signature-dsa-detached
+phaos-xmldsig-three/signature-dsa-enveloped
+phaos-xmldsig-three/signature-dsa-enveloping
+phaos-xmldsig-three/signature-dsa-manifest
+phaos-xmldsig-three/signature-rsa-detached-b64-transform
+phaos-xmldsig-three/signature-rsa-detached
+phaos-xmldsig-three/signature-rsa-detached-xpath-transform
+phaos-xmldsig-three/signature-rsa-detached-xslt-transform-retrieval-method
+phaos-xmldsig-three/signature-rsa-detached-xslt-transform
+phaos-xmldsig-three/signature-rsa-enveloped
+phaos-xmldsig-three/signature-rsa-enveloping
+phaos-xmldsig-three/signature-rsa-manifest-x509-data-cert-chain
+phaos-xmldsig-three/signature-rsa-manifest-x509-data-cert
+phaos-xmldsig-three/signature-rsa-manifest-x509-data-issuer-serial
+phaos-xmldsig-three/signature-rsa-manifest-x509-data-ski
+phaos-xmldsig-three/signature-rsa-manifest-x509-data-subject-name
+phaos-xmldsig-three/signature-rsa-manifest
+phaos-xmldsig-three/signature-rsa-xpath-transform-enveloped
+aleksey-xmldsig-01/enveloped-gost
+merlin-xmldsig-twenty-three/signature-x509-crt-crl
+aleksey-xmldsig-01/enveloping-expired-cert
+phaos-xmldsig-three/signature-rsa-detached-xslt-transform-bad-retrieval-method
+phaos-xmldsig-three/signature-rsa-enveloped-bad-digest-val
+phaos-xmldsig-three/signature-rsa-enveloped-bad-sig
+phaos-xmldsig-three/signature-rsa-manifest-x509-data-crl
+
+merlin-xmlenc-five/encrypt-element-aes128-cbc-rsa-1_5
+merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p
+01-phaos-xmlenc-3/enc-element-3des-kt-rsa1_5
+01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha1
+01-phaos-xmlenc-3/enc-element-aes128-kt-rsa1_5
+01-phaos-xmlenc-3/enc-element-aes128-kt-rsa_oaep_sha1
+01-phaos-xmlenc-3/enc-element-aes192-kt-rsa_oaep_sha1
+01-phaos-xmlenc-3/enc-text-aes192-kt-rsa1_5
+01-phaos-xmlenc-3/enc-content-aes256-kt-rsa1_5
+01-phaos-xmlenc-3/enc-text-aes256-kt-rsa_oaep_sha1
diff --git a/aclocal.m4 b/aclocal.m4
new file mode 100644
index 00000000..ca9f5739
--- /dev/null
+++ b/aclocal.m4
@@ -0,0 +1,1197 @@
+# generated automatically by aclocal 1.11.1 -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+# 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc.
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+m4_ifndef([AC_AUTOCONF_VERSION],
+ [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
+m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.67],,
+[m4_warning([this file was generated for autoconf 2.67.
+You have another version of autoconf. It may work, but is not guaranteed to.
+If you have problems, you may need to regenerate the build system entirely.
+To do so, use the procedure documented by the package, typically `autoreconf'.])])
+
+# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*-
+# serial 1 (pkg-config-0.24)
+#
+# Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# PKG_PROG_PKG_CONFIG([MIN-VERSION])
+# ----------------------------------
+AC_DEFUN([PKG_PROG_PKG_CONFIG],
+[m4_pattern_forbid([^_?PKG_[A-Z_]+$])
+m4_pattern_allow([^PKG_CONFIG(_PATH)?$])
+AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])
+AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path])
+AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path])
+
+if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
+ AC_PATH_TOOL([PKG_CONFIG], [pkg-config])
+fi
+if test -n "$PKG_CONFIG"; then
+ _pkg_min_version=m4_default([$1], [0.9.0])
+ AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version])
+ if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
+ AC_MSG_RESULT([yes])
+ else
+ AC_MSG_RESULT([no])
+ PKG_CONFIG=""
+ fi
+fi[]dnl
+])# PKG_PROG_PKG_CONFIG
+
+# PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
+#
+# Check to see whether a particular set of modules exists. Similar
+# to PKG_CHECK_MODULES(), but does not set variables or print errors.
+#
+# Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG])
+# only at the first occurence in configure.ac, so if the first place
+# it's called might be skipped (such as if it is within an "if", you
+# have to call PKG_CHECK_EXISTS manually
+# --------------------------------------------------------------
+AC_DEFUN([PKG_CHECK_EXISTS],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+if test -n "$PKG_CONFIG" && \
+ AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then
+ m4_default([$2], [:])
+m4_ifvaln([$3], [else
+ $3])dnl
+fi])
+
+# _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES])
+# ---------------------------------------------
+m4_define([_PKG_CONFIG],
+[if test -n "$$1"; then
+ pkg_cv_[]$1="$$1"
+ elif test -n "$PKG_CONFIG"; then
+ PKG_CHECK_EXISTS([$3],
+ [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`],
+ [pkg_failed=yes])
+ else
+ pkg_failed=untried
+fi[]dnl
+])# _PKG_CONFIG
+
+# _PKG_SHORT_ERRORS_SUPPORTED
+# -----------------------------
+AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+ _pkg_short_errors_supported=yes
+else
+ _pkg_short_errors_supported=no
+fi[]dnl
+])# _PKG_SHORT_ERRORS_SUPPORTED
+
+
+# PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
+# [ACTION-IF-NOT-FOUND])
+#
+#
+# Note that if there is a possibility the first call to
+# PKG_CHECK_MODULES might not happen, you should be sure to include an
+# explicit call to PKG_PROG_PKG_CONFIG in your configure.ac
+#
+#
+# --------------------------------------------------------------
+AC_DEFUN([PKG_CHECK_MODULES],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
+AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
+
+pkg_failed=no
+AC_MSG_CHECKING([for $1])
+
+_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
+_PKG_CONFIG([$1][_LIBS], [libs], [$2])
+
+m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS
+and $1[]_LIBS to avoid the need to call pkg-config.
+See the pkg-config man page for more details.])
+
+if test $pkg_failed = yes; then
+ AC_MSG_RESULT([no])
+ _PKG_SHORT_ERRORS_SUPPORTED
+ if test $_pkg_short_errors_supported = yes; then
+ $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "$2" 2>&1`
+ else
+ $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors "$2" 2>&1`
+ fi
+ # Put the nasty error message in config.log where it belongs
+ echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
+
+ m4_default([$4], [AC_MSG_ERROR(
+[Package requirements ($2) were not met:
+
+$$1_PKG_ERRORS
+
+Consider adjusting the PKG_CONFIG_PATH environment variable if you
+installed software in a non-standard prefix.
+
+_PKG_TEXT])dnl
+ ])
+elif test $pkg_failed = untried; then
+ AC_MSG_RESULT([no])
+ m4_default([$4], [AC_MSG_FAILURE(
+[The pkg-config script could not be found or is too old. Make sure it
+is in your PATH or set the PKG_CONFIG environment variable to the full
+path to pkg-config.
+
+_PKG_TEXT
+
+To get pkg-config, see <http://pkg-config.freedesktop.org/>.])dnl
+ ])
+else
+ $1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
+ $1[]_LIBS=$pkg_cv_[]$1[]_LIBS
+ AC_MSG_RESULT([yes])
+ $3
+fi[]dnl
+])# PKG_CHECK_MODULES
+
+# Copyright (C) 2002, 2003, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_AUTOMAKE_VERSION(VERSION)
+# ----------------------------
+# Automake X.Y traces this macro to ensure aclocal.m4 has been
+# generated from the m4 files accompanying Automake X.Y.
+# (This private macro should not be called outside this file.)
+AC_DEFUN([AM_AUTOMAKE_VERSION],
+[am__api_version='1.11'
+dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
+dnl require some minimum version. Point them to the right macro.
+m4_if([$1], [1.11.1], [],
+ [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
+])
+
+# _AM_AUTOCONF_VERSION(VERSION)
+# -----------------------------
+# aclocal traces this macro to find the Autoconf version.
+# This is a private macro too. Using m4_define simplifies
+# the logic in aclocal, which can simply ignore this definition.
+m4_define([_AM_AUTOCONF_VERSION], [])
+
+# AM_SET_CURRENT_AUTOMAKE_VERSION
+# -------------------------------
+# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
+# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
+AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
+[AM_AUTOMAKE_VERSION([1.11.1])dnl
+m4_ifndef([AC_AUTOCONF_VERSION],
+ [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
+_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
+
+# AM_AUX_DIR_EXPAND -*- Autoconf -*-
+
+# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets
+# $ac_aux_dir to `$srcdir/foo'. In other projects, it is set to
+# `$srcdir', `$srcdir/..', or `$srcdir/../..'.
+#
+# Of course, Automake must honor this variable whenever it calls a
+# tool from the auxiliary directory. The problem is that $srcdir (and
+# therefore $ac_aux_dir as well) can be either absolute or relative,
+# depending on how configure is run. This is pretty annoying, since
+# it makes $ac_aux_dir quite unusable in subdirectories: in the top
+# source directory, any form will work fine, but in subdirectories a
+# relative path needs to be adjusted first.
+#
+# $ac_aux_dir/missing
+# fails when called from a subdirectory if $ac_aux_dir is relative
+# $top_srcdir/$ac_aux_dir/missing
+# fails if $ac_aux_dir is absolute,
+# fails when called from a subdirectory in a VPATH build with
+# a relative $ac_aux_dir
+#
+# The reason of the latter failure is that $top_srcdir and $ac_aux_dir
+# are both prefixed by $srcdir. In an in-source build this is usually
+# harmless because $srcdir is `.', but things will broke when you
+# start a VPATH build or use an absolute $srcdir.
+#
+# So we could use something similar to $top_srcdir/$ac_aux_dir/missing,
+# iff we strip the leading $srcdir from $ac_aux_dir. That would be:
+# am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"`
+# and then we would define $MISSING as
+# MISSING="\${SHELL} $am_aux_dir/missing"
+# This will work as long as MISSING is not called from configure, because
+# unfortunately $(top_srcdir) has no meaning in configure.
+# However there are other variables, like CC, which are often used in
+# configure, and could therefore not use this "fixed" $ac_aux_dir.
+#
+# Another solution, used here, is to always expand $ac_aux_dir to an
+# absolute PATH. The drawback is that using absolute paths prevent a
+# configured tree to be moved without reconfiguration.
+
+AC_DEFUN([AM_AUX_DIR_EXPAND],
+[dnl Rely on autoconf to set up CDPATH properly.
+AC_PREREQ([2.50])dnl
+# expand $ac_aux_dir to an absolute path
+am_aux_dir=`cd $ac_aux_dir && pwd`
+])
+
+# AM_CONDITIONAL -*- Autoconf -*-
+
+# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 9
+
+# AM_CONDITIONAL(NAME, SHELL-CONDITION)
+# -------------------------------------
+# Define a conditional.
+AC_DEFUN([AM_CONDITIONAL],
+[AC_PREREQ(2.52)dnl
+ ifelse([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])],
+ [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl
+AC_SUBST([$1_TRUE])dnl
+AC_SUBST([$1_FALSE])dnl
+_AM_SUBST_NOTMAKE([$1_TRUE])dnl
+_AM_SUBST_NOTMAKE([$1_FALSE])dnl
+m4_define([_AM_COND_VALUE_$1], [$2])dnl
+if $2; then
+ $1_TRUE=
+ $1_FALSE='#'
+else
+ $1_TRUE='#'
+ $1_FALSE=
+fi
+AC_CONFIG_COMMANDS_PRE(
+[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then
+ AC_MSG_ERROR([[conditional "$1" was never defined.
+Usually this means the macro was only invoked conditionally.]])
+fi])])
+
+# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2009
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 10
+
+# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be
+# written in clear, in which case automake, when reading aclocal.m4,
+# will think it sees a *use*, and therefore will trigger all it's
+# C support machinery. Also note that it means that autoscan, seeing
+# CC etc. in the Makefile, will ask for an AC_PROG_CC use...
+
+
+# _AM_DEPENDENCIES(NAME)
+# ----------------------
+# See how the compiler implements dependency checking.
+# NAME is "CC", "CXX", "GCJ", or "OBJC".
+# We try a few techniques and use that to set a single cache variable.
+#
+# We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was
+# modified to invoke _AM_DEPENDENCIES(CC); we would have a circular
+# dependency, and given that the user is not expected to run this macro,
+# just rely on AC_PROG_CC.
+AC_DEFUN([_AM_DEPENDENCIES],
+[AC_REQUIRE([AM_SET_DEPDIR])dnl
+AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl
+AC_REQUIRE([AM_MAKE_INCLUDE])dnl
+AC_REQUIRE([AM_DEP_TRACK])dnl
+
+ifelse([$1], CC, [depcc="$CC" am_compiler_list=],
+ [$1], CXX, [depcc="$CXX" am_compiler_list=],
+ [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'],
+ [$1], UPC, [depcc="$UPC" am_compiler_list=],
+ [$1], GCJ, [depcc="$GCJ" am_compiler_list='gcc3 gcc'],
+ [depcc="$$1" am_compiler_list=])
+
+AC_CACHE_CHECK([dependency style of $depcc],
+ [am_cv_$1_dependencies_compiler_type],
+[if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+ # We make a subdir and do the tests there. Otherwise we can end up
+ # making bogus files that we don't know about and never remove. For
+ # instance it was reported that on HP-UX the gcc test will end up
+ # making a dummy file named `D' -- because `-MD' means `put the output
+ # in D'.
+ mkdir conftest.dir
+ # Copy depcomp to subdir because otherwise we won't find it if we're
+ # using a relative directory.
+ cp "$am_depcomp" conftest.dir
+ cd conftest.dir
+ # We will build objects and dependencies in a subdirectory because
+ # it helps to detect inapplicable dependency modes. For instance
+ # both Tru64's cc and ICC support -MD to output dependencies as a
+ # side effect of compilation, but ICC will put the dependencies in
+ # the current directory while Tru64 will put them in the object
+ # directory.
+ mkdir sub
+
+ am_cv_$1_dependencies_compiler_type=none
+ if test "$am_compiler_list" = ""; then
+ am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp`
+ fi
+ am__universal=false
+ m4_case([$1], [CC],
+ [case " $depcc " in #(
+ *\ -arch\ *\ -arch\ *) am__universal=true ;;
+ esac],
+ [CXX],
+ [case " $depcc " in #(
+ *\ -arch\ *\ -arch\ *) am__universal=true ;;
+ esac])
+
+ for depmode in $am_compiler_list; do
+ # Setup a source with many dependencies, because some compilers
+ # like to wrap large dependency lists on column 80 (with \), and
+ # we should not choose a depcomp mode which is confused by this.
+ #
+ # We need to recreate these files for each test, as the compiler may
+ # overwrite some of them when testing with obscure command lines.
+ # This happens at least with the AIX C compiler.
+ : > sub/conftest.c
+ for i in 1 2 3 4 5 6; do
+ echo '#include "conftst'$i'.h"' >> sub/conftest.c
+ # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+ # Solaris 8's {/usr,}/bin/sh.
+ touch sub/conftst$i.h
+ done
+ echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+ # We check with `-c' and `-o' for the sake of the "dashmstdout"
+ # mode. It turns out that the SunPro C++ compiler does not properly
+ # handle `-M -o', and we need to detect this. Also, some Intel
+ # versions had trouble with output in subdirs
+ am__obj=sub/conftest.${OBJEXT-o}
+ am__minus_obj="-o $am__obj"
+ case $depmode in
+ gcc)
+ # This depmode causes a compiler race in universal mode.
+ test "$am__universal" = false || continue
+ ;;
+ nosideeffect)
+ # after this tag, mechanisms are not by side-effect, so they'll
+ # only be used when explicitly requested
+ if test "x$enable_dependency_tracking" = xyes; then
+ continue
+ else
+ break
+ fi
+ ;;
+ msvisualcpp | msvcmsys)
+ # This compiler won't grok `-c -o', but also, the minuso test has
+ # not run yet. These depmodes are late enough in the game, and
+ # so weak that their functioning should not be impacted.
+ am__obj=conftest.${OBJEXT-o}
+ am__minus_obj=
+ ;;
+ none) break ;;
+ esac
+ if depmode=$depmode \
+ source=sub/conftest.c object=$am__obj \
+ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+ $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
+ >/dev/null 2>conftest.err &&
+ grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
+ ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+ # icc doesn't choke on unknown options, it will just issue warnings
+ # or remarks (even with -Werror). So we grep stderr for any message
+ # that says an option was ignored or not supported.
+ # When given -MP, icc 7.0 and 7.1 complain thusly:
+ # icc: Command line warning: ignoring option '-M'; no argument required
+ # The diagnosis changed in icc 8.0:
+ # icc: Command line remark: option '-MP' not supported
+ if (grep 'ignoring option' conftest.err ||
+ grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+ am_cv_$1_dependencies_compiler_type=$depmode
+ break
+ fi
+ fi
+ done
+
+ cd ..
+ rm -rf conftest.dir
+else
+ am_cv_$1_dependencies_compiler_type=none
+fi
+])
+AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type])
+AM_CONDITIONAL([am__fastdep$1], [
+ test "x$enable_dependency_tracking" != xno \
+ && test "$am_cv_$1_dependencies_compiler_type" = gcc3])
+])
+
+
+# AM_SET_DEPDIR
+# -------------
+# Choose a directory name for dependency files.
+# This macro is AC_REQUIREd in _AM_DEPENDENCIES
+AC_DEFUN([AM_SET_DEPDIR],
+[AC_REQUIRE([AM_SET_LEADING_DOT])dnl
+AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl
+])
+
+
+# AM_DEP_TRACK
+# ------------
+AC_DEFUN([AM_DEP_TRACK],
+[AC_ARG_ENABLE(dependency-tracking,
+[ --disable-dependency-tracking speeds up one-time build
+ --enable-dependency-tracking do not reject slow dependency extractors])
+if test "x$enable_dependency_tracking" != xno; then
+ am_depcomp="$ac_aux_dir/depcomp"
+ AMDEPBACKSLASH='\'
+fi
+AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
+AC_SUBST([AMDEPBACKSLASH])dnl
+_AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl
+])
+
+# Generate code to set up dependency tracking. -*- Autoconf -*-
+
+# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+#serial 5
+
+# _AM_OUTPUT_DEPENDENCY_COMMANDS
+# ------------------------------
+AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
+[{
+ # Autoconf 2.62 quotes --file arguments for eval, but not when files
+ # are listed without --file. Let's play safe and only enable the eval
+ # if we detect the quoting.
+ case $CONFIG_FILES in
+ *\'*) eval set x "$CONFIG_FILES" ;;
+ *) set x $CONFIG_FILES ;;
+ esac
+ shift
+ for mf
+ do
+ # Strip MF so we end up with the name of the file.
+ mf=`echo "$mf" | sed -e 's/:.*$//'`
+ # Check whether this is an Automake generated Makefile or not.
+ # We used to match only the files named `Makefile.in', but
+ # some people rename them; so instead we look at the file content.
+ # Grep'ing the first line is not enough: some people post-process
+ # each Makefile.in and add a new line on top of each file to say so.
+ # Grep'ing the whole file is not good either: AIX grep has a line
+ # limit of 2048, but all sed's we know have understand at least 4000.
+ if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
+ dirpart=`AS_DIRNAME("$mf")`
+ else
+ continue
+ fi
+ # Extract the definition of DEPDIR, am__include, and am__quote
+ # from the Makefile without running `make'.
+ DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+ test -z "$DEPDIR" && continue
+ am__include=`sed -n 's/^am__include = //p' < "$mf"`
+ test -z "am__include" && continue
+ am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+ # When using ansi2knr, U may be empty or an underscore; expand it
+ U=`sed -n 's/^U = //p' < "$mf"`
+ # Find all dependency output files, they are included files with
+ # $(DEPDIR) in their names. We invoke sed twice because it is the
+ # simplest approach to changing $(DEPDIR) to its actual value in the
+ # expansion.
+ for file in `sed -n "
+ s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+ sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+ # Make sure the directory exists.
+ test -f "$dirpart/$file" && continue
+ fdir=`AS_DIRNAME(["$file"])`
+ AS_MKDIR_P([$dirpart/$fdir])
+ # echo "creating $dirpart/$file"
+ echo '# dummy' > "$dirpart/$file"
+ done
+ done
+}
+])# _AM_OUTPUT_DEPENDENCY_COMMANDS
+
+
+# AM_OUTPUT_DEPENDENCY_COMMANDS
+# -----------------------------
+# This macro should only be invoked once -- use via AC_REQUIRE.
+#
+# This code is only required when automatic dependency tracking
+# is enabled. FIXME. This creates each `.P' file that we will
+# need in order to bootstrap the dependency handling code.
+AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
+[AC_CONFIG_COMMANDS([depfiles],
+ [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS],
+ [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"])
+])
+
+# Do all the work for Automake. -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+# 2005, 2006, 2008, 2009 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 16
+
+# This macro actually does too much. Some checks are only needed if
+# your package does certain things. But this isn't really a big deal.
+
+# AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE])
+# AM_INIT_AUTOMAKE([OPTIONS])
+# -----------------------------------------------
+# The call with PACKAGE and VERSION arguments is the old style
+# call (pre autoconf-2.50), which is being phased out. PACKAGE
+# and VERSION should now be passed to AC_INIT and removed from
+# the call to AM_INIT_AUTOMAKE.
+# We support both call styles for the transition. After
+# the next Automake release, Autoconf can make the AC_INIT
+# arguments mandatory, and then we can depend on a new Autoconf
+# release and drop the old call support.
+AC_DEFUN([AM_INIT_AUTOMAKE],
+[AC_PREREQ([2.62])dnl
+dnl Autoconf wants to disallow AM_ names. We explicitly allow
+dnl the ones we care about.
+m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl
+AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl
+AC_REQUIRE([AC_PROG_INSTALL])dnl
+if test "`cd $srcdir && pwd`" != "`pwd`"; then
+ # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
+ # is not polluted with repeated "-I."
+ AC_SUBST([am__isrc], [' -I$(srcdir)'])_AM_SUBST_NOTMAKE([am__isrc])dnl
+ # test to see if srcdir already configured
+ if test -f $srcdir/config.status; then
+ AC_MSG_ERROR([source directory already configured; run "make distclean" there first])
+ fi
+fi
+
+# test whether we have cygpath
+if test -z "$CYGPATH_W"; then
+ if (cygpath --version) >/dev/null 2>/dev/null; then
+ CYGPATH_W='cygpath -w'
+ else
+ CYGPATH_W=echo
+ fi
+fi
+AC_SUBST([CYGPATH_W])
+
+# Define the identity of the package.
+dnl Distinguish between old-style and new-style calls.
+m4_ifval([$2],
+[m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl
+ AC_SUBST([PACKAGE], [$1])dnl
+ AC_SUBST([VERSION], [$2])],
+[_AM_SET_OPTIONS([$1])dnl
+dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT.
+m4_if(m4_ifdef([AC_PACKAGE_NAME], 1)m4_ifdef([AC_PACKAGE_VERSION], 1), 11,,
+ [m4_fatal([AC_INIT should be called with package and version arguments])])dnl
+ AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl
+ AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl
+
+_AM_IF_OPTION([no-define],,
+[AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package])
+ AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl
+
+# Some tools Automake needs.
+AC_REQUIRE([AM_SANITY_CHECK])dnl
+AC_REQUIRE([AC_ARG_PROGRAM])dnl
+AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version})
+AM_MISSING_PROG(AUTOCONF, autoconf)
+AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version})
+AM_MISSING_PROG(AUTOHEADER, autoheader)
+AM_MISSING_PROG(MAKEINFO, makeinfo)
+AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
+AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl
+AC_REQUIRE([AM_PROG_MKDIR_P])dnl
+# We need awk for the "check" target. The system "awk" is bad on
+# some platforms.
+AC_REQUIRE([AC_PROG_AWK])dnl
+AC_REQUIRE([AC_PROG_MAKE_SET])dnl
+AC_REQUIRE([AM_SET_LEADING_DOT])dnl
+_AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])],
+ [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])],
+ [_AM_PROG_TAR([v7])])])
+_AM_IF_OPTION([no-dependencies],,
+[AC_PROVIDE_IFELSE([AC_PROG_CC],
+ [_AM_DEPENDENCIES(CC)],
+ [define([AC_PROG_CC],
+ defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl
+AC_PROVIDE_IFELSE([AC_PROG_CXX],
+ [_AM_DEPENDENCIES(CXX)],
+ [define([AC_PROG_CXX],
+ defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl
+AC_PROVIDE_IFELSE([AC_PROG_OBJC],
+ [_AM_DEPENDENCIES(OBJC)],
+ [define([AC_PROG_OBJC],
+ defn([AC_PROG_OBJC])[_AM_DEPENDENCIES(OBJC)])])dnl
+])
+_AM_IF_OPTION([silent-rules], [AC_REQUIRE([AM_SILENT_RULES])])dnl
+dnl The `parallel-tests' driver may need to know about EXEEXT, so add the
+dnl `am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This macro
+dnl is hooked onto _AC_COMPILER_EXEEXT early, see below.
+AC_CONFIG_COMMANDS_PRE(dnl
+[m4_provide_if([_AM_COMPILER_EXEEXT],
+ [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl
+])
+
+dnl Hook into `_AC_COMPILER_EXEEXT' early to learn its expansion. Do not
+dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further
+dnl mangled by Autoconf and run in a shell conditional statement.
+m4_define([_AC_COMPILER_EXEEXT],
+m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])])
+
+
+# When config.status generates a header, we must update the stamp-h file.
+# This file resides in the same directory as the config header
+# that is generated. The stamp files are numbered to have different names.
+
+# Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the
+# loop where config.status creates the headers, so we can generate
+# our stamp files there.
+AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK],
+[# Compute $1's index in $config_headers.
+_am_arg=$1
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+ case $_am_header in
+ $_am_arg | $_am_arg:* )
+ break ;;
+ * )
+ _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+ esac
+done
+echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
+
+# Copyright (C) 2001, 2003, 2005, 2008 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_INSTALL_SH
+# ------------------
+# Define $install_sh.
+AC_DEFUN([AM_PROG_INSTALL_SH],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+if test x"${install_sh}" != xset; then
+ case $am_aux_dir in
+ *\ * | *\ *)
+ install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
+ *)
+ install_sh="\${SHELL} $am_aux_dir/install-sh"
+ esac
+fi
+AC_SUBST(install_sh)])
+
+# Copyright (C) 2003, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# Check whether the underlying file-system supports filenames
+# with a leading dot. For instance MS-DOS doesn't.
+AC_DEFUN([AM_SET_LEADING_DOT],
+[rm -rf .tst 2>/dev/null
+mkdir .tst 2>/dev/null
+if test -d .tst; then
+ am__leading_dot=.
+else
+ am__leading_dot=_
+fi
+rmdir .tst 2>/dev/null
+AC_SUBST([am__leading_dot])])
+
+# Add --enable-maintainer-mode option to configure. -*- Autoconf -*-
+# From Jim Meyering
+
+# Copyright (C) 1996, 1998, 2000, 2001, 2002, 2003, 2004, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 5
+
+# AM_MAINTAINER_MODE([DEFAULT-MODE])
+# ----------------------------------
+# Control maintainer-specific portions of Makefiles.
+# Default is to disable them, unless `enable' is passed literally.
+# For symmetry, `disable' may be passed as well. Anyway, the user
+# can override the default with the --enable/--disable switch.
+AC_DEFUN([AM_MAINTAINER_MODE],
+[m4_case(m4_default([$1], [disable]),
+ [enable], [m4_define([am_maintainer_other], [disable])],
+ [disable], [m4_define([am_maintainer_other], [enable])],
+ [m4_define([am_maintainer_other], [enable])
+ m4_warn([syntax], [unexpected argument to AM@&t@_MAINTAINER_MODE: $1])])
+AC_MSG_CHECKING([whether to am_maintainer_other maintainer-specific portions of Makefiles])
+ dnl maintainer-mode's default is 'disable' unless 'enable' is passed
+ AC_ARG_ENABLE([maintainer-mode],
+[ --][am_maintainer_other][-maintainer-mode am_maintainer_other make rules and dependencies not useful
+ (and sometimes confusing) to the casual installer],
+ [USE_MAINTAINER_MODE=$enableval],
+ [USE_MAINTAINER_MODE=]m4_if(am_maintainer_other, [enable], [no], [yes]))
+ AC_MSG_RESULT([$USE_MAINTAINER_MODE])
+ AM_CONDITIONAL([MAINTAINER_MODE], [test $USE_MAINTAINER_MODE = yes])
+ MAINT=$MAINTAINER_MODE_TRUE
+ AC_SUBST([MAINT])dnl
+]
+)
+
+AU_DEFUN([jm_MAINTAINER_MODE], [AM_MAINTAINER_MODE])
+
+# Check to see how 'make' treats includes. -*- Autoconf -*-
+
+# Copyright (C) 2001, 2002, 2003, 2005, 2009 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 4
+
+# AM_MAKE_INCLUDE()
+# -----------------
+# Check to see how make treats includes.
+AC_DEFUN([AM_MAKE_INCLUDE],
+[am_make=${MAKE-make}
+cat > confinc << 'END'
+am__doit:
+ @echo this is the am__doit target
+.PHONY: am__doit
+END
+# If we don't find an include directive, just comment out the code.
+AC_MSG_CHECKING([for style of include used by $am_make])
+am__include="#"
+am__quote=
+_am_result=none
+# First try GNU make style include.
+echo "include confinc" > confmf
+# Ignore all kinds of additional output from `make'.
+case `$am_make -s -f confmf 2> /dev/null` in #(
+*the\ am__doit\ target*)
+ am__include=include
+ am__quote=
+ _am_result=GNU
+ ;;
+esac
+# Now try BSD make style include.
+if test "$am__include" = "#"; then
+ echo '.include "confinc"' > confmf
+ case `$am_make -s -f confmf 2> /dev/null` in #(
+ *the\ am__doit\ target*)
+ am__include=.include
+ am__quote="\""
+ _am_result=BSD
+ ;;
+ esac
+fi
+AC_SUBST([am__include])
+AC_SUBST([am__quote])
+AC_MSG_RESULT([$_am_result])
+rm -f confinc confmf
+])
+
+# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*-
+
+# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2004, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 6
+
+# AM_MISSING_PROG(NAME, PROGRAM)
+# ------------------------------
+AC_DEFUN([AM_MISSING_PROG],
+[AC_REQUIRE([AM_MISSING_HAS_RUN])
+$1=${$1-"${am_missing_run}$2"}
+AC_SUBST($1)])
+
+
+# AM_MISSING_HAS_RUN
+# ------------------
+# Define MISSING if not defined so far and test if it supports --run.
+# If it does, set am_missing_run to use it, otherwise, to nothing.
+AC_DEFUN([AM_MISSING_HAS_RUN],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+AC_REQUIRE_AUX_FILE([missing])dnl
+if test x"${MISSING+set}" != xset; then
+ case $am_aux_dir in
+ *\ * | *\ *)
+ MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
+ *)
+ MISSING="\${SHELL} $am_aux_dir/missing" ;;
+ esac
+fi
+# Use eval to expand $SHELL
+if eval "$MISSING --run true"; then
+ am_missing_run="$MISSING --run "
+else
+ am_missing_run=
+ AC_MSG_WARN([`missing' script is too old or missing])
+fi
+])
+
+# Copyright (C) 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_MKDIR_P
+# ---------------
+# Check for `mkdir -p'.
+AC_DEFUN([AM_PROG_MKDIR_P],
+[AC_PREREQ([2.60])dnl
+AC_REQUIRE([AC_PROG_MKDIR_P])dnl
+dnl Automake 1.8 to 1.9.6 used to define mkdir_p. We now use MKDIR_P,
+dnl while keeping a definition of mkdir_p for backward compatibility.
+dnl @MKDIR_P@ is magic: AC_OUTPUT adjusts its value for each Makefile.
+dnl However we cannot define mkdir_p as $(MKDIR_P) for the sake of
+dnl Makefile.ins that do not define MKDIR_P, so we do our own
+dnl adjustment using top_builddir (which is defined more often than
+dnl MKDIR_P).
+AC_SUBST([mkdir_p], ["$MKDIR_P"])dnl
+case $mkdir_p in
+ [[\\/$]]* | ?:[[\\/]]*) ;;
+ */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;;
+esac
+])
+
+# Helper functions for option handling. -*- Autoconf -*-
+
+# Copyright (C) 2001, 2002, 2003, 2005, 2008 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 4
+
+# _AM_MANGLE_OPTION(NAME)
+# -----------------------
+AC_DEFUN([_AM_MANGLE_OPTION],
+[[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])])
+
+# _AM_SET_OPTION(NAME)
+# ------------------------------
+# Set option NAME. Presently that only means defining a flag for this option.
+AC_DEFUN([_AM_SET_OPTION],
+[m4_define(_AM_MANGLE_OPTION([$1]), 1)])
+
+# _AM_SET_OPTIONS(OPTIONS)
+# ----------------------------------
+# OPTIONS is a space-separated list of Automake options.
+AC_DEFUN([_AM_SET_OPTIONS],
+[m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])])
+
+# _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET])
+# -------------------------------------------
+# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
+AC_DEFUN([_AM_IF_OPTION],
+[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
+
+# Copyright (C) 1996, 1997, 1998, 2000, 2001, 2002, 2003, 2005, 2006
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 5
+
+AC_DEFUN([AM_C_PROTOTYPES],
+[AC_REQUIRE([AC_C_PROTOTYPES])
+if test "$ac_cv_prog_cc_stdc" != no; then
+ U= ANSI2KNR=
+else
+ U=_ ANSI2KNR=./ansi2knr
+fi
+# Ensure some checks needed by ansi2knr itself.
+AC_REQUIRE([AC_HEADER_STDC])
+AC_CHECK_HEADERS([string.h])
+AC_SUBST([U])dnl
+AC_SUBST([ANSI2KNR])dnl
+_AM_SUBST_NOTMAKE([ANSI2KNR])dnl
+])
+
+AU_DEFUN([fp_C_PROTOTYPES], [AM_C_PROTOTYPES])
+
+# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_RUN_LOG(COMMAND)
+# -------------------
+# Run COMMAND, save the exit status in ac_status, and log it.
+# (This has been adapted from Autoconf's _AC_RUN_LOG macro.)
+AC_DEFUN([AM_RUN_LOG],
+[{ echo "$as_me:$LINENO: $1" >&AS_MESSAGE_LOG_FD
+ ($1) >&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
+ (exit $ac_status); }])
+
+# Check to make sure that the build environment is sane. -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 5
+
+# AM_SANITY_CHECK
+# ---------------
+AC_DEFUN([AM_SANITY_CHECK],
+[AC_MSG_CHECKING([whether build environment is sane])
+# Just in case
+sleep 1
+echo timestamp > conftest.file
+# Reject unsafe characters in $srcdir or the absolute working directory
+# name. Accept space and tab only in the latter.
+am_lf='
+'
+case `pwd` in
+ *[[\\\"\#\$\&\'\`$am_lf]]*)
+ AC_MSG_ERROR([unsafe absolute working directory name]);;
+esac
+case $srcdir in
+ *[[\\\"\#\$\&\'\`$am_lf\ \ ]]*)
+ AC_MSG_ERROR([unsafe srcdir value: `$srcdir']);;
+esac
+
+# Do `set' in a subshell so we don't clobber the current shell's
+# arguments. Must try -L first in case configure is actually a
+# symlink; some systems play weird games with the mod time of symlinks
+# (eg FreeBSD returns the mod time of the symlink's containing
+# directory).
+if (
+ set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
+ if test "$[*]" = "X"; then
+ # -L didn't work.
+ set X `ls -t "$srcdir/configure" conftest.file`
+ fi
+ rm -f conftest.file
+ if test "$[*]" != "X $srcdir/configure conftest.file" \
+ && test "$[*]" != "X conftest.file $srcdir/configure"; then
+
+ # If neither matched, then we have a broken ls. This can happen
+ # if, for instance, CONFIG_SHELL is bash and it inherits a
+ # broken ls alias from the environment. This has actually
+ # happened. Such a system could not be considered "sane".
+ AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken
+alias in your environment])
+ fi
+
+ test "$[2]" = conftest.file
+ )
+then
+ # Ok.
+ :
+else
+ AC_MSG_ERROR([newly created file is older than distributed files!
+Check your system clock])
+fi
+AC_MSG_RESULT(yes)])
+
+# Copyright (C) 2001, 2003, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_INSTALL_STRIP
+# ---------------------
+# One issue with vendor `install' (even GNU) is that you can't
+# specify the program used to strip binaries. This is especially
+# annoying in cross-compiling environments, where the build's strip
+# is unlikely to handle the host's binaries.
+# Fortunately install-sh will honor a STRIPPROG variable, so we
+# always use install-sh in `make install-strip', and initialize
+# STRIPPROG with the value of the STRIP variable (set by the user).
+AC_DEFUN([AM_PROG_INSTALL_STRIP],
+[AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
+# Installed binaries are usually stripped using `strip' when the user
+# run `make install-strip'. However `strip' might not be the right
+# tool to use in cross-compilation environments, therefore Automake
+# will honor the `STRIP' environment variable to overrule this program.
+dnl Don't test for $cross_compiling = yes, because it might be `maybe'.
+if test "$cross_compiling" != no; then
+ AC_CHECK_TOOL([STRIP], [strip], :)
+fi
+INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
+AC_SUBST([INSTALL_STRIP_PROGRAM])])
+
+# Copyright (C) 2006, 2008 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# _AM_SUBST_NOTMAKE(VARIABLE)
+# ---------------------------
+# Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in.
+# This macro is traced by Automake.
+AC_DEFUN([_AM_SUBST_NOTMAKE])
+
+# AM_SUBST_NOTMAKE(VARIABLE)
+# ---------------------------
+# Public sister of _AM_SUBST_NOTMAKE.
+AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
+
+# Check how to create a tarball. -*- Autoconf -*-
+
+# Copyright (C) 2004, 2005 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# _AM_PROG_TAR(FORMAT)
+# --------------------
+# Check how to create a tarball in format FORMAT.
+# FORMAT should be one of `v7', `ustar', or `pax'.
+#
+# Substitute a variable $(am__tar) that is a command
+# writing to stdout a FORMAT-tarball containing the directory
+# $tardir.
+# tardir=directory && $(am__tar) > result.tar
+#
+# Substitute a variable $(am__untar) that extract such
+# a tarball read from stdin.
+# $(am__untar) < result.tar
+AC_DEFUN([_AM_PROG_TAR],
+[# Always define AMTAR for backward compatibility.
+AM_MISSING_PROG([AMTAR], [tar])
+m4_if([$1], [v7],
+ [am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'],
+ [m4_case([$1], [ustar],, [pax],,
+ [m4_fatal([Unknown tar format])])
+AC_MSG_CHECKING([how to create a $1 tar archive])
+# Loop over all known methods to create a tar archive until one works.
+_am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none'
+_am_tools=${am_cv_prog_tar_$1-$_am_tools}
+# Do not fold the above two line into one, because Tru64 sh and
+# Solaris sh will not grok spaces in the rhs of `-'.
+for _am_tool in $_am_tools
+do
+ case $_am_tool in
+ gnutar)
+ for _am_tar in tar gnutar gtar;
+ do
+ AM_RUN_LOG([$_am_tar --version]) && break
+ done
+ am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"'
+ am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"'
+ am__untar="$_am_tar -xf -"
+ ;;
+ plaintar)
+ # Must skip GNU tar: if it does not support --format= it doesn't create
+ # ustar tarball either.
+ (tar --version) >/dev/null 2>&1 && continue
+ am__tar='tar chf - "$$tardir"'
+ am__tar_='tar chf - "$tardir"'
+ am__untar='tar xf -'
+ ;;
+ pax)
+ am__tar='pax -L -x $1 -w "$$tardir"'
+ am__tar_='pax -L -x $1 -w "$tardir"'
+ am__untar='pax -r'
+ ;;
+ cpio)
+ am__tar='find "$$tardir" -print | cpio -o -H $1 -L'
+ am__tar_='find "$tardir" -print | cpio -o -H $1 -L'
+ am__untar='cpio -i -H $1 -d'
+ ;;
+ none)
+ am__tar=false
+ am__tar_=false
+ am__untar=false
+ ;;
+ esac
+
+ # If the value was cached, stop now. We just wanted to have am__tar
+ # and am__untar set.
+ test -n "${am_cv_prog_tar_$1}" && break
+
+ # tar/untar a dummy directory, and stop if the command works
+ rm -rf conftest.dir
+ mkdir conftest.dir
+ echo GrepMe > conftest.dir/file
+ AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar])
+ rm -rf conftest.dir
+ if test -s conftest.tar; then
+ AM_RUN_LOG([$am__untar <conftest.tar])
+ grep GrepMe conftest.dir/file >/dev/null 2>&1 && break
+ fi
+done
+rm -rf conftest.dir
+
+AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool])
+AC_MSG_RESULT([$am_cv_prog_tar_$1])])
+AC_SUBST([am__tar])
+AC_SUBST([am__untar])
+]) # _AM_PROG_TAR
+
+m4_include([m4/libtool.m4])
+m4_include([m4/ltoptions.m4])
+m4_include([m4/ltsugar.m4])
+m4_include([m4/ltversion.m4])
+m4_include([m4/lt~obsolete.m4])
diff --git a/apps/Makefile.am b/apps/Makefile.am
new file mode 100644
index 00000000..278ddf49
--- /dev/null
+++ b/apps/Makefile.am
@@ -0,0 +1,84 @@
+NULL =
+
+bin_PROGRAMS = xmlsec1
+
+XMLSEC_LIBS = $(top_builddir)/src/libxmlsec1.la
+
+
+# check if we use dynamic loading for xmlsec-crypto or not
+if XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING
+
+CRYPTO_DEPS = \
+ $(top_builddir)/src/$(XMLSEC_CRYPTO)/lib$(XMLSEC_CRYPTO_LIB).la \
+ $(NULL)
+
+CRYPTO_INCLUDES = \
+ $(XMLSEC_CRYPTO_CFLAGS) \
+ $(NULL)
+
+CRYPTO_LD_FLAGS = \
+ $(NULL)
+
+CRYPTO_LD_ADD = \
+ $(XMLSEC_CRYPTO_LIBS) \
+ $(CRYPTO_DEPS) \
+ $(NULL)
+
+else
+
+CRYPTO_DEPS = \
+ $(NULL)
+
+CRYPTO_INCLUDES = \
+ -DXMLSEC_CRYPTO_DYNAMIC_LOADING=1
+ $(NULL)
+
+CRYPTO_LD_FLAGS = \
+ $(NULL)
+
+CRYPTO_LD_ADD = \
+ $(CRYPTO_DEPS) \
+ $(NULL)
+
+endif
+
+
+INCLUDES = \
+ -DXMLSEC_CRYPTO=\"@XMLSEC_CRYPTO@\" \
+ -DPACKAGE=\"@PACKAGE@\" \
+ -I../include \
+ -I$(top_srcdir)/include \
+ $(XMLSEC_DEFINES) \
+ $(XMLSEC_APP_DEFINES) \
+ $(CRYPTO_INCLUDES) \
+ $(LIBXSLT_CFLAGS) \
+ $(LIBXML_CFLAGS) \
+ $(XMLSEC_DL_INCLUDES) \
+ $(NULL)
+
+# xmlsec command line utility
+xmlsec1_SOURCES = \
+ xmlsec.c \
+ crypto.c crypto.h \
+ cmdline.c cmdline.h \
+ $(NULL)
+
+
+xmlsec1_LDFLAGS = \
+ $(CRYPTO_LD_FLAGS) \
+ @XMLSEC_STATIC_BINARIES@ \
+ $(NULL)
+
+xmlsec1_LDADD = \
+ $(LIBXSLT_LIBS) \
+ $(LIBXML_LIBS) \
+ $(CRYPTO_LD_ADD) \
+ $(XMLSEC_LIBS) \
+ $(XMLSEC_DL_LIBS) \
+ $(NULL)
+
+xmlsec1_DEPENDENCIES = \
+ $(CRYPTO_DEPS) \
+ $(XMLSEC_LIBS) \
+ $(NULL)
+
diff --git a/apps/Makefile.in b/apps/Makefile.in
new file mode 100644
index 00000000..82af5089
--- /dev/null
+++ b/apps/Makefile.in
@@ -0,0 +1,694 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+bin_PROGRAMS = xmlsec1$(EXEEXT)
+subdir = apps
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__installdirs = "$(DESTDIR)$(bindir)"
+PROGRAMS = $(bin_PROGRAMS)
+am__objects_1 =
+am_xmlsec1_OBJECTS = xmlsec.$(OBJEXT) crypto.$(OBJEXT) \
+ cmdline.$(OBJEXT) $(am__objects_1)
+xmlsec1_OBJECTS = $(am_xmlsec1_OBJECTS)
+am__DEPENDENCIES_1 =
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE@am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1)
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE@am__DEPENDENCIES_2 = $(top_builddir)/src/$(XMLSEC_CRYPTO)/lib$(XMLSEC_CRYPTO_LIB).la \
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE@ $(am__DEPENDENCIES_1)
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE@am__DEPENDENCIES_3 = $(am__DEPENDENCIES_2) \
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE@ $(am__DEPENDENCIES_1)
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE@am__DEPENDENCIES_3 = $(am__DEPENDENCIES_1) \
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE@ $(am__DEPENDENCIES_2) \
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE@ $(am__DEPENDENCIES_1)
+xmlsec1_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(xmlsec1_LDFLAGS) \
+ $(LDFLAGS) -o $@
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(xmlsec1_SOURCES)
+DIST_SOURCES = $(xmlsec1_SOURCES)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CP = @CP@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GCRYPT_CFLAGS = @GCRYPT_CFLAGS@
+GCRYPT_CRYPTO_LIB = @GCRYPT_CRYPTO_LIB@
+GCRYPT_LIBS = @GCRYPT_LIBS@
+GCRYPT_MIN_VERSION = @GCRYPT_MIN_VERSION@
+GNUTLS_CFLAGS = @GNUTLS_CFLAGS@
+GNUTLS_CRYPTO_LIB = @GNUTLS_CRYPTO_LIB@
+GNUTLS_LIBS = @GNUTLS_LIBS@
+GNUTLS_MIN_VERSION = @GNUTLS_MIN_VERSION@
+GREP = @GREP@
+HELP2MAN = @HELP2MAN@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIBXML_CFLAGS = @LIBXML_CFLAGS@
+LIBXML_CONFIG = @LIBXML_CONFIG@
+LIBXML_LIBS = @LIBXML_LIBS@
+LIBXML_MIN_VERSION = @LIBXML_MIN_VERSION@
+LIBXSLT_CFLAGS = @LIBXSLT_CFLAGS@
+LIBXSLT_CONFIG = @LIBXSLT_CONFIG@
+LIBXSLT_LIBS = @LIBXSLT_LIBS@
+LIBXSLT_MIN_VERSION = @LIBXSLT_MIN_VERSION@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MAN2HTML = @MAN2HTML@
+MKDIR_P = @MKDIR_P@
+MOZILLA_MIN_VERSION = @MOZILLA_MIN_VERSION@
+MSCRYPTO_CFLAGS = @MSCRYPTO_CFLAGS@
+MSCRYPTO_CRYPTO_LIB = @MSCRYPTO_CRYPTO_LIB@
+MSCRYPTO_LIBS = @MSCRYPTO_LIBS@
+MV = @MV@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NSPR_MIN_VERSION = @NSPR_MIN_VERSION@
+NSPR_PACKAGE = @NSPR_PACKAGE@
+NSS_CFLAGS = @NSS_CFLAGS@
+NSS_CRYPTO_LIB = @NSS_CRYPTO_LIB@
+NSS_LIBS = @NSS_LIBS@
+NSS_MIN_VERSION = @NSS_MIN_VERSION@
+NSS_PACKAGE = @NSS_PACKAGE@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_CFLAGS = @OPENSSL_CFLAGS@
+OPENSSL_CRYPTO_LIB = @OPENSSL_CRYPTO_LIB@
+OPENSSL_LIBS = @OPENSSL_LIBS@
+OPENSSL_MIN_VERSION = @OPENSSL_MIN_VERSION@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKGCONFIG_PRESENT = @PKGCONFIG_PRESENT@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+RANLIB = @RANLIB@
+RM = @RM@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+TAR = @TAR@
+U = @U@
+VERSION = @VERSION@
+XMLSEC_APP_DEFINES = @XMLSEC_APP_DEFINES@
+XMLSEC_CFLAGS = @XMLSEC_CFLAGS@
+XMLSEC_CORE_CFLAGS = @XMLSEC_CORE_CFLAGS@
+XMLSEC_CORE_LIBS = @XMLSEC_CORE_LIBS@
+XMLSEC_CRYPTO = @XMLSEC_CRYPTO@
+XMLSEC_CRYPTO_CFLAGS = @XMLSEC_CRYPTO_CFLAGS@
+XMLSEC_CRYPTO_DISABLED_LIST = @XMLSEC_CRYPTO_DISABLED_LIST@
+XMLSEC_CRYPTO_EXTRA_LDFLAGS = @XMLSEC_CRYPTO_EXTRA_LDFLAGS@
+XMLSEC_CRYPTO_LIB = @XMLSEC_CRYPTO_LIB@
+XMLSEC_CRYPTO_LIBS = @XMLSEC_CRYPTO_LIBS@
+XMLSEC_CRYPTO_LIST = @XMLSEC_CRYPTO_LIST@
+XMLSEC_CRYPTO_PC_FILES_LIST = @XMLSEC_CRYPTO_PC_FILES_LIST@
+XMLSEC_DEFINES = @XMLSEC_DEFINES@
+XMLSEC_DL_INCLUDES = @XMLSEC_DL_INCLUDES@
+XMLSEC_DL_LIBS = @XMLSEC_DL_LIBS@
+XMLSEC_DOCDIR = @XMLSEC_DOCDIR@
+XMLSEC_EXTRA_LDFLAGS = @XMLSEC_EXTRA_LDFLAGS@
+XMLSEC_GCRYPT_CFLAGS = @XMLSEC_GCRYPT_CFLAGS@
+XMLSEC_GCRYPT_LIBS = @XMLSEC_GCRYPT_LIBS@
+XMLSEC_GNUTLS_CFLAGS = @XMLSEC_GNUTLS_CFLAGS@
+XMLSEC_GNUTLS_LIBS = @XMLSEC_GNUTLS_LIBS@
+XMLSEC_LIBDIR = @XMLSEC_LIBDIR@
+XMLSEC_LIBS = $(top_builddir)/src/libxmlsec1.la
+XMLSEC_NO_AES = @XMLSEC_NO_AES@
+XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_DES = @XMLSEC_NO_DES@
+XMLSEC_NO_DSA = @XMLSEC_NO_DSA@
+XMLSEC_NO_GCRYPT = @XMLSEC_NO_GCRYPT@
+XMLSEC_NO_GNUTLS = @XMLSEC_NO_GNUTLS@
+XMLSEC_NO_GOST = @XMLSEC_NO_GOST@
+XMLSEC_NO_HMAC = @XMLSEC_NO_HMAC@
+XMLSEC_NO_LIBXSLT = @XMLSEC_NO_LIBXSLT@
+XMLSEC_NO_MD5 = @XMLSEC_NO_MD5@
+XMLSEC_NO_MSCRYPTO = @XMLSEC_NO_MSCRYPTO@
+XMLSEC_NO_NSS = @XMLSEC_NO_NSS@
+XMLSEC_NO_OPENSSL = @XMLSEC_NO_OPENSSL@
+XMLSEC_NO_RIPEMD160 = @XMLSEC_NO_RIPEMD160@
+XMLSEC_NO_RSA = @XMLSEC_NO_RSA@
+XMLSEC_NO_SHA1 = @XMLSEC_NO_SHA1@
+XMLSEC_NO_SHA224 = @XMLSEC_NO_SHA224@
+XMLSEC_NO_SHA256 = @XMLSEC_NO_SHA256@
+XMLSEC_NO_SHA384 = @XMLSEC_NO_SHA384@
+XMLSEC_NO_SHA512 = @XMLSEC_NO_SHA512@
+XMLSEC_NO_X509 = @XMLSEC_NO_X509@
+XMLSEC_NO_XKMS = @XMLSEC_NO_XKMS@
+XMLSEC_NO_XMLDSIG = @XMLSEC_NO_XMLDSIG@
+XMLSEC_NO_XMLENC = @XMLSEC_NO_XMLENC@
+XMLSEC_NSS_CFLAGS = @XMLSEC_NSS_CFLAGS@
+XMLSEC_NSS_LIBS = @XMLSEC_NSS_LIBS@
+XMLSEC_OPENSSL_CFLAGS = @XMLSEC_OPENSSL_CFLAGS@
+XMLSEC_OPENSSL_LIBS = @XMLSEC_OPENSSL_LIBS@
+XMLSEC_PACKAGE = @XMLSEC_PACKAGE@
+XMLSEC_STATIC_BINARIES = @XMLSEC_STATIC_BINARIES@
+XMLSEC_VERSION = @XMLSEC_VERSION@
+XMLSEC_VERSION_INFO = @XMLSEC_VERSION_INFO@
+XMLSEC_VERSION_MAJOR = @XMLSEC_VERSION_MAJOR@
+XMLSEC_VERSION_MINOR = @XMLSEC_VERSION_MINOR@
+XMLSEC_VERSION_SAFE = @XMLSEC_VERSION_SAFE@
+XMLSEC_VERSION_SUBMINOR = @XMLSEC_VERSION_SUBMINOR@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+NULL =
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE@CRYPTO_DEPS = \
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE@ $(NULL)
+
+
+# check if we use dynamic loading for xmlsec-crypto or not
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE@CRYPTO_DEPS = \
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE@ $(top_builddir)/src/$(XMLSEC_CRYPTO)/lib$(XMLSEC_CRYPTO_LIB).la \
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE@ $(NULL)
+
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE@CRYPTO_INCLUDES = \
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE@ -DXMLSEC_CRYPTO_DYNAMIC_LOADING=1
+
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE@CRYPTO_INCLUDES = \
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE@ $(XMLSEC_CRYPTO_CFLAGS) \
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE@ $(NULL)
+
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE@CRYPTO_LD_FLAGS = \
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE@ $(NULL)
+
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE@CRYPTO_LD_FLAGS = \
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE@ $(NULL)
+
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE@CRYPTO_LD_ADD = \
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE@ $(CRYPTO_DEPS) \
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE@ $(NULL)
+
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE@CRYPTO_LD_ADD = \
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE@ $(XMLSEC_CRYPTO_LIBS) \
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE@ $(CRYPTO_DEPS) \
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE@ $(NULL)
+
+INCLUDES = \
+ -DXMLSEC_CRYPTO=\"@XMLSEC_CRYPTO@\" \
+ -DPACKAGE=\"@PACKAGE@\" \
+ -I../include \
+ -I$(top_srcdir)/include \
+ $(XMLSEC_DEFINES) \
+ $(XMLSEC_APP_DEFINES) \
+ $(CRYPTO_INCLUDES) \
+ $(LIBXSLT_CFLAGS) \
+ $(LIBXML_CFLAGS) \
+ $(XMLSEC_DL_INCLUDES) \
+ $(NULL)
+
+
+# xmlsec command line utility
+xmlsec1_SOURCES = \
+ xmlsec.c \
+ crypto.c crypto.h \
+ cmdline.c cmdline.h \
+ $(NULL)
+
+xmlsec1_LDFLAGS = \
+ $(CRYPTO_LD_FLAGS) \
+ @XMLSEC_STATIC_BINARIES@ \
+ $(NULL)
+
+xmlsec1_LDADD = \
+ $(LIBXSLT_LIBS) \
+ $(LIBXML_LIBS) \
+ $(CRYPTO_LD_ADD) \
+ $(XMLSEC_LIBS) \
+ $(XMLSEC_DL_LIBS) \
+ $(NULL)
+
+xmlsec1_DEPENDENCIES = \
+ $(CRYPTO_DEPS) \
+ $(XMLSEC_LIBS) \
+ $(NULL)
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu apps/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu apps/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-binPROGRAMS: $(bin_PROGRAMS)
+ @$(NORMAL_INSTALL)
+ test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
+ @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed 's/$(EXEEXT)$$//' | \
+ while read p p1; do if test -f $$p || test -f $$p1; \
+ then echo "$$p"; echo "$$p"; else :; fi; \
+ done | \
+ sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+ -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+ sed 'N;N;N;s,\n, ,g' | \
+ $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+ { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+ if ($$2 == $$4) files[d] = files[d] " " $$1; \
+ else { print "f", $$3 "/" $$4, $$1; } } \
+ END { for (d in files) print "f", d, files[d] }' | \
+ while read type dir files; do \
+ if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+ test -z "$$files" || { \
+ echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \
+ $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \
+ } \
+ ; done
+
+uninstall-binPROGRAMS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \
+ files=`for p in $$list; do echo "$$p"; done | \
+ sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+ -e 's/$$/$(EXEEXT)/' `; \
+ test -n "$$list" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(bindir)" && rm -f $$files
+
+clean-binPROGRAMS:
+ @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \
+ echo " rm -f" $$list; \
+ rm -f $$list || exit $$?; \
+ test -n "$(EXEEXT)" || exit 0; \
+ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f" $$list; \
+ rm -f $$list
+xmlsec1$(EXEEXT): $(xmlsec1_OBJECTS) $(xmlsec1_DEPENDENCIES)
+ @rm -f xmlsec1$(EXEEXT)
+ $(xmlsec1_LINK) $(xmlsec1_OBJECTS) $(xmlsec1_LDADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cmdline.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crypto.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xmlsec.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(PROGRAMS)
+installdirs:
+ for dir in "$(DESTDIR)$(bindir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-binPROGRAMS
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-binPROGRAMS
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-binPROGRAMS \
+ clean-generic clean-libtool ctags distclean distclean-compile \
+ distclean-generic distclean-libtool distclean-tags distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-binPROGRAMS install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags uninstall uninstall-am \
+ uninstall-binPROGRAMS
+
+@XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE@ $(NULL)
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/apps/cmdline.c b/apps/cmdline.c
new file mode 100644
index 00000000..b9ecafb5
--- /dev/null
+++ b/apps/cmdline.c
@@ -0,0 +1,355 @@
+/**
+ *
+ * XMLSec library
+ *
+ *
+ * See Copyright for the status of this software.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#if defined(_MSC_VER)
+#define snprintf _snprintf
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include <assert.h>
+
+#include "cmdline.h"
+
+static int xmlSecAppCmdLineMatchParam (const char* argvParam,
+ const char* paramName,
+ int canHaveNameString);
+static xmlSecAppCmdLineParamPtr xmlSecAppCmdLineParamsListFind (xmlSecAppCmdLineParamPtr* params,
+ xmlSecAppCmdLineParamTopic topics,
+ const char* name);
+static int xmlSecAppCmdLineParamRead (xmlSecAppCmdLineParamPtr param,
+ const char** argv,
+ int argc,
+ int pos);
+static int xmlSecAppCmdLineTimeParamRead (const char* str,
+ time_t* t);
+
+int
+xmlSecAppCmdLineParamIsSet(xmlSecAppCmdLineParamPtr param) {
+ return(((param != NULL) && (param->value != NULL)) ? 1 : 0);
+}
+
+const char*
+xmlSecAppCmdLineParamGetString(xmlSecAppCmdLineParamPtr param) {
+ if(param->type != xmlSecAppCmdLineParamTypeString) {
+ fprintf(stderr, "Error: parameter \"%s\" is not string.\n", param->fullName);
+ return(NULL);
+ }
+ return((param->value != NULL) ? param->value->strValue : NULL);
+}
+
+const char*
+xmlSecAppCmdLineParamGetStringList(xmlSecAppCmdLineParamPtr param) {
+ if(param->type != xmlSecAppCmdLineParamTypeStringList) {
+ fprintf(stderr, "Error: parameter \"%s\" is not string list.\n", param->fullName);
+ return(NULL);
+ }
+ return((param->value != NULL) ? param->value->strListValue : NULL);
+}
+
+int
+xmlSecAppCmdLineParamGetInt(xmlSecAppCmdLineParamPtr param, int def) {
+ if(param->type != xmlSecAppCmdLineParamTypeNumber) {
+ fprintf(stderr, "Error: parameter \"%s\" is not integer.\n", param->fullName);
+ return(def);
+ }
+ return((param->value != NULL) ? param->value->intValue : def);
+}
+
+time_t
+xmlSecAppCmdLineParamGetTime(xmlSecAppCmdLineParamPtr param, time_t def) {
+ if(param->type != xmlSecAppCmdLineParamTypeTime) {
+ fprintf(stderr, "Error: parameter \"%s\" is not time.\n", param->fullName);
+ return(def);
+ }
+ return((param->value != NULL) ? param->value->timeValue : def);
+}
+
+int
+xmlSecAppCmdLineParamsListParse(xmlSecAppCmdLineParamPtr* params,
+ xmlSecAppCmdLineParamTopic topics,
+ const char** argv, int argc, int pos) {
+ xmlSecAppCmdLineParamPtr param;
+ int ii;
+ int ret;
+
+ assert(params != NULL);
+ assert(argv != NULL);
+
+ while((pos < argc) && (argv[pos][0] == '-')) {
+ param = xmlSecAppCmdLineParamsListFind(params, topics, argv[pos]);
+ if(param == NULL) {
+ fprintf(stderr, "Error: parameter \"%s\" is not supported or the requested\nfeature might have been disabled during compilation.\n", argv[pos]);
+ return(-1);
+ }
+
+ ret = xmlSecAppCmdLineParamRead(param, argv, argc, pos);
+ if(ret < pos) {
+ fprintf(stderr, "Error: failed to parse parameter \"%s\".\n", argv[pos]);
+ return(-1);
+ }
+ pos = ret + 1;
+ }
+
+ /* check that all parameters at the end are filenames */
+ for(ii = pos; (ii < argc); ++ii) {
+ if(argv[ii][0] == '-') {
+ fprintf(stderr, "Error: filename is expected instead of parameter \"%s\".\n", argv[ii]);
+ return(-1);
+
+ }
+ }
+
+
+
+ return(pos);
+}
+
+void
+xmlSecAppCmdLineParamsListClean(xmlSecAppCmdLineParamPtr* params) {
+ xmlSecAppCmdLineValuePtr tmp;
+ size_t i;
+
+ assert(params != NULL);
+
+ for(i = 0; params[i] != NULL; ++i) {
+ while(params[i]->value != NULL) {
+ tmp = params[i]->value;
+ params[i]->value = params[i]->value->next;
+ xmlSecAppCmdLineValueDestroy(tmp);
+ }
+ }
+}
+
+void
+xmlSecAppCmdLineParamsListPrint(xmlSecAppCmdLineParamPtr* params,
+ xmlSecAppCmdLineParamTopic topics,
+ FILE* output) {
+ size_t i;
+
+ assert(params != NULL);
+ assert(output != NULL);
+
+ for(i = 0; params[i] != NULL; ++i) {
+ if(((params[i]->topics & topics) != 0) && (params[i]->help != NULL)) {
+ fprintf(output, " %s\n", params[i]->help);
+ }
+ }
+}
+
+xmlSecAppCmdLineValuePtr
+xmlSecAppCmdLineValueCreate(xmlSecAppCmdLineParamPtr param, int pos) {
+ xmlSecAppCmdLineValuePtr value;
+
+ assert(param != NULL);
+ value = (xmlSecAppCmdLineValuePtr) malloc(sizeof(xmlSecAppCmdLineValue));
+ if(value == NULL) {
+ fprintf(stderr, "Error: malloc failed (%d bytes).\n", sizeof(xmlSecAppCmdLineValue));
+ return(NULL);
+ }
+ memset(value, 0, sizeof(xmlSecAppCmdLineValue));
+
+ value->param = param;
+ value->pos = pos;
+ return(value);
+}
+
+void
+xmlSecAppCmdLineValueDestroy(xmlSecAppCmdLineValuePtr value) {
+ assert(value != NULL);
+
+ if(value->strListValue != NULL) {
+ free((void*)value->strListValue);
+ }
+ free(value);
+}
+
+static int
+xmlSecAppCmdLineMatchParam(const char* argvParam, const char* paramName,
+ int canHaveNameString) {
+ assert(argvParam != NULL);
+ assert(paramName != NULL);
+
+ if(canHaveNameString != 0) {
+ int len = strlen(paramName);
+
+ if((strncmp(argvParam, paramName, len) == 0) &&
+ ((argvParam[len] == '\0') || (argvParam[len] == ':'))) {
+
+ return(1);
+ }
+ } else if(strcmp(argvParam, paramName) == 0) {
+ return(1);
+ }
+ return(0);
+}
+
+static xmlSecAppCmdLineParamPtr
+xmlSecAppCmdLineParamsListFind(xmlSecAppCmdLineParamPtr* params, xmlSecAppCmdLineParamTopic topics,
+ const char* name) {
+ size_t i;
+ int canHaveNameString;
+
+ assert(params != NULL);
+ assert(name != NULL);
+
+ for(i = 0; params[i] != NULL; ++i) {
+ if((params[i]->topics & topics) == 0) {
+ continue;
+ }
+
+ canHaveNameString = ((params[i]->flags & xmlSecAppCmdLineParamFlagParamNameValue) != 0) ? 1 : 0;
+ if((params[i]->fullName != NULL) &&
+ (xmlSecAppCmdLineMatchParam(name, params[i]->fullName, canHaveNameString) == 1)) {
+
+ return(params[i]);
+ }
+
+ if((params[i]->shortName != NULL) &&
+ (xmlSecAppCmdLineMatchParam(name, params[i]->shortName, canHaveNameString) == 1)) {
+
+ return(params[i]);
+ }
+ }
+
+ return(NULL);
+}
+
+static int
+xmlSecAppCmdLineParamRead(xmlSecAppCmdLineParamPtr param, const char** argv, int argc, int pos) {
+ xmlSecAppCmdLineValuePtr value;
+ xmlSecAppCmdLineValuePtr prev = NULL;
+ char* buf;
+
+ assert(param != NULL);
+ assert(argv != NULL);
+ assert(pos < argc);
+
+ /* first find the previous value in the list */
+ if((param->flags & xmlSecAppCmdLineParamFlagMultipleValues) != 0) {
+ prev = param->value;
+ while((prev != NULL) && (prev->next != NULL)) {
+ prev = prev->next;
+ }
+ } else if(param->value != NULL) {
+ fprintf(stderr, "Error: only one parameter \"%s\" is allowed.\n", argv[pos]);
+ return(-1);
+ }
+
+ /* create new value and add to the list */
+ value = xmlSecAppCmdLineValueCreate(param, pos);
+ if(value == NULL) {
+ fprintf(stderr, "Error: failed to create value for parameter \"%s\".\n", argv[pos]);
+ return(-1);
+ }
+ if(prev != NULL) {
+ assert(prev->next == NULL);
+ prev->next = value;
+ } else {
+ param->value = value;
+ }
+
+ /* if we can have a string value after the name, parse it */
+ if((param->flags & xmlSecAppCmdLineParamFlagParamNameValue) != 0) {
+ value->paramNameValue = strchr(argv[pos], ':');
+ if(value->paramNameValue != NULL) {
+ ++value->paramNameValue;
+ }
+ }
+
+ switch(param->type) {
+ case xmlSecAppCmdLineParamTypeFlag:
+ /* do nothing */
+ break;
+ case xmlSecAppCmdLineParamTypeString:
+ if(pos + 1 >= argc) {
+ fprintf(stderr, "Error: string argument expected for parameter \"%s\".\n", argv[pos]);
+ return(-1);
+ }
+ value->strValue = argv[++pos];
+ break;
+ case xmlSecAppCmdLineParamTypeStringList:
+ if(pos + 1 >= argc) {
+ fprintf(stderr, "Error: string list argument expected for parameter \"%s\".\n", argv[pos]);
+ return(-1);
+ }
+ value->strValue = argv[++pos];
+ buf = (char*)malloc(strlen(value->strValue) + 2);
+ if(buf == NULL) {
+ fprintf(stderr, "Error: failed to allocate memory (%d bytes).\n", strlen(value->strValue) + 2);
+ return(-1);
+ }
+ memset(buf, 0, strlen(value->strValue) + 2);
+ memcpy(buf, value->strValue, strlen(value->strValue));
+ value->strListValue = buf;
+ while((*buf) != '\0') {
+ if((*buf) == ',') {
+ (*buf) = '\0';
+ }
+ ++buf;
+ }
+ break;
+ case xmlSecAppCmdLineParamTypeNumber:
+ if(pos + 1 >= argc) {
+ fprintf(stderr, "Error: integer argument expected for parameter \"%s\".\n", argv[pos]);
+ return(-1);
+ }
+ value->strValue = argv[++pos];
+ if(sscanf(value->strValue, "%d", &(value->intValue)) != 1) {
+ fprintf(stderr, "Error: integer argument \"%s\" is invalid.\n", value->strValue);
+ return(-1);
+ }
+ break;
+ case xmlSecAppCmdLineParamTypeTime:
+ if(pos + 1 >= argc) {
+ fprintf(stderr, "Error: time argument expected for parameter \"%s\".\n", argv[pos]);
+ return(-1);
+ }
+ value->strValue = argv[++pos];
+ if(xmlSecAppCmdLineTimeParamRead(value->strValue, &(value->timeValue)) < 0) {
+ fprintf(stderr, "Error: time argument \"%s\" is invalid, expected format is \"YYYY-MM-DD HH:MM:SS\").\n", value->strValue);
+ return(-1);
+ }
+ break;
+ }
+ return(pos);
+}
+
+static int
+xmlSecAppCmdLineTimeParamRead(const char* str, time_t* t) {
+ struct tm tm;
+ int n;
+
+ if((str == NULL) || (t == NULL)) {
+ return(-1);
+ }
+ memset(&tm, 0, sizeof(tm));
+ tm.tm_isdst = -1;
+
+ n = sscanf(str, "%4d-%2d-%2d%*c%2d:%2d:%2d",
+ &tm.tm_year, &tm.tm_mon, &tm.tm_mday,
+ &tm.tm_hour, &tm.tm_min, &tm.tm_sec);
+ if((n != 6) || (tm.tm_year < 1900)
+ || (tm.tm_mon < 1) || (tm.tm_mon > 12)
+ || (tm.tm_mday < 1) || (tm.tm_mday > 31)
+ || (tm.tm_hour < 0) || (tm.tm_hour > 23)
+ || (tm.tm_min < 0) || (tm.tm_min > 59)
+ || (tm.tm_sec < 0) || (tm.tm_sec > 61)) {
+ return(-1);
+ }
+
+ tm.tm_year -= 1900; /* tm relative format year */
+ tm.tm_mon -= 1; /* tm relative format month */
+
+ (*t) = mktime(&tm);
+ return(0);
+}
+
diff --git a/apps/cmdline.h b/apps/cmdline.h
new file mode 100644
index 00000000..9466f972
--- /dev/null
+++ b/apps/cmdline.h
@@ -0,0 +1,89 @@
+/**
+ * XMLSec library
+ *
+ * Command line parsing routines
+ *
+ * See Copyright for the status of this software.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_APPS_CMDLINE_H__
+#define __XMLSEC_APPS_CMDLINE_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <time.h>
+
+typedef struct _xmlSecAppCmdLineParam xmlSecAppCmdLineParam,
+ *xmlSecAppCmdLineParamPtr;
+typedef struct _xmlSecAppCmdLineValue xmlSecAppCmdLineValue,
+ *xmlSecAppCmdLineValuePtr;
+typedef unsigned int xmlSecAppCmdLineParamTopic;
+
+#define xmlSecAppCmdLineParamFlagNone 0x0000
+#define xmlSecAppCmdLineParamFlagParamNameValue 0x0001
+#define xmlSecAppCmdLineParamFlagMultipleValues 0x0002
+
+typedef enum {
+ xmlSecAppCmdLineParamTypeFlag,
+ xmlSecAppCmdLineParamTypeString,
+ xmlSecAppCmdLineParamTypeStringList,
+ xmlSecAppCmdLineParamTypeNumber,
+ xmlSecAppCmdLineParamTypeTime
+} xmlSecAppCmdLineParamType;
+
+struct _xmlSecAppCmdLineParam {
+ xmlSecAppCmdLineParamTopic topics;
+ const char* fullName;
+ const char* shortName;
+ const char* help;
+ xmlSecAppCmdLineParamType type;
+ int flags;
+ xmlSecAppCmdLineValuePtr value;
+};
+
+int xmlSecAppCmdLineParamIsSet (xmlSecAppCmdLineParamPtr param);
+const char* xmlSecAppCmdLineParamGetString (xmlSecAppCmdLineParamPtr param);
+const char* xmlSecAppCmdLineParamGetStringList (xmlSecAppCmdLineParamPtr param);
+int xmlSecAppCmdLineParamGetInt (xmlSecAppCmdLineParamPtr param,
+ int def);
+time_t xmlSecAppCmdLineParamGetTime (xmlSecAppCmdLineParamPtr param,
+ time_t def);
+
+int xmlSecAppCmdLineParamsListParse (xmlSecAppCmdLineParamPtr* params,
+ xmlSecAppCmdLineParamTopic topcis,
+ const char** argv,
+ int argc,
+ int pos);
+void xmlSecAppCmdLineParamsListClean (xmlSecAppCmdLineParamPtr* params);
+void xmlSecAppCmdLineParamsListPrint (xmlSecAppCmdLineParamPtr* params,
+ xmlSecAppCmdLineParamTopic topic,
+ FILE* output);
+
+struct _xmlSecAppCmdLineValue {
+ xmlSecAppCmdLineParamPtr param;
+ int pos;
+ const char* paramNameValue;
+ const char* strValue;
+ const char* strListValue;
+ int intValue;
+ time_t timeValue;
+ xmlSecAppCmdLineValuePtr next;
+};
+
+
+xmlSecAppCmdLineValuePtr xmlSecAppCmdLineValueCreate (xmlSecAppCmdLineParamPtr param,
+ int pos);
+void xmlSecAppCmdLineValueDestroy (xmlSecAppCmdLineValuePtr value);
+
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_APPS_CMDLINE_H__ */
+
+
+
diff --git a/apps/crypto.c b/apps/crypto.c
new file mode 100644
index 00000000..49dd127c
--- /dev/null
+++ b/apps/crypto.c
@@ -0,0 +1,396 @@
+/**
+ *
+ * XMLSec library
+ *
+ *
+ * See Copyright for the status of this software.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#if defined(_MSC_VER)
+#define snprintf _snprintf
+#endif
+
+#include <string.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include "crypto.h"
+
+int
+xmlSecAppCryptoInit(const char* config) {
+ if(xmlSecCryptoAppInit(config) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCryptoAppInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ if(xmlSecCryptoInit() < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCryptoInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+int
+xmlSecAppCryptoShutdown(void) {
+ if(xmlSecCryptoShutdown() < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCryptoShutdown",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if(xmlSecCryptoAppShutdown() < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCryptoAppShutdown",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+int
+xmlSecAppCryptoSimpleKeysMngrInit(xmlSecKeysMngrPtr mngr) {
+ xmlSecAssert2(mngr != NULL, -1);
+
+ return(xmlSecCryptoAppDefaultKeysMngrInit(mngr));
+}
+
+int
+xmlSecAppCryptoSimpleKeysMngrLoad(xmlSecKeysMngrPtr mngr, const char *filename) {
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(filename != NULL, -1);
+
+ return(xmlSecCryptoAppDefaultKeysMngrLoad(mngr, filename));
+}
+
+int
+xmlSecAppCryptoSimpleKeysMngrSave(xmlSecKeysMngrPtr mngr, const char *filename, xmlSecKeyDataType type) {
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(filename != NULL, -1);
+
+ return(xmlSecCryptoAppDefaultKeysMngrSave(mngr, filename, type));
+}
+
+int
+xmlSecAppCryptoSimpleKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename,
+ xmlSecKeyDataFormat format, xmlSecKeyDataType type) {
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(filename != NULL, -1);
+
+#ifndef XMLSEC_NO_X509
+ return(xmlSecCryptoAppKeysMngrCertLoad(mngr, filename, format, type));
+#else /* XMLSEC_NO_X509 */
+ return(-1);
+#endif /* XMLSEC_NO_X509 */
+}
+
+int
+xmlSecAppCryptoSimpleKeysMngrKeyAndCertsLoad(xmlSecKeysMngrPtr mngr,
+ const char* files, const char* pwd,
+ const char* name,
+ xmlSecKeyDataFormat format) {
+ xmlSecKeyPtr key;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(files != NULL, -1);
+
+ /* first is the key file */
+ key = xmlSecCryptoAppKeyLoad(files, format, pwd,
+ xmlSecCryptoAppGetDefaultPwdCallback(), (void*)files);
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCryptoAppKeyLoad",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "uri=%s",
+ xmlSecErrorsSafeString(files));
+ return(-1);
+ }
+
+ if(name != NULL) {
+ ret = xmlSecKeySetName(key, BAD_CAST name);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeySetName",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(name));
+ xmlSecKeyDestroy(key);
+ return(-1);
+ }
+ }
+
+#ifndef XMLSEC_NO_X509
+ for(files += strlen(files) + 1; (files[0] != '\0'); files += strlen(files) + 1) {
+ ret = xmlSecCryptoAppKeyCertLoad(key, files, format);
+ if(ret < 0){
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCryptoAppKeyCertLoad",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "uri=%s",
+ xmlSecErrorsSafeString(files));
+ xmlSecKeyDestroy(key);
+ return(-1);
+ }
+ }
+#else /* XMLSEC_NO_X509 */
+ files += strlen(files) + 1;
+ if(files[0] != '\0') {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "x509",
+ XMLSEC_ERRORS_R_DISABLED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+#endif /* XMLSEC_NO_X509 */
+
+ ret = xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCryptoAppDefaultKeysMngrAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(key);
+ return(-1);
+ }
+
+ return(0);
+}
+
+
+int
+xmlSecAppCryptoSimpleKeysMngrPkcs12KeyLoad(xmlSecKeysMngrPtr mngr, const char *filename, const char* pwd, const char *name) {
+ xmlSecKeyPtr key;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(filename != NULL, -1);
+
+#ifndef XMLSEC_NO_X509
+ key = xmlSecCryptoAppKeyLoad(filename, xmlSecKeyDataFormatPkcs12, pwd,
+ xmlSecCryptoAppGetDefaultPwdCallback(), (void*)filename);
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCryptoAppKeyLoad",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ return(-1);
+ }
+
+ if(name != NULL) {
+ ret = xmlSecKeySetName(key, BAD_CAST name);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeySetName",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(name));
+ xmlSecKeyDestroy(key);
+ return(-1);
+ }
+ }
+
+ ret = xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCryptoAppDefaultKeysMngrAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(key);
+ return(-1);
+ }
+
+ return(0);
+#else /* XMLSEC_NO_X509 */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "x509",
+ XMLSEC_ERRORS_R_DISABLED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+#endif /* XMLSEC_NO_X509 */
+}
+
+int
+xmlSecAppCryptoSimpleKeysMngrBinaryKeyLoad(xmlSecKeysMngrPtr mngr, const char* keyKlass, const char *filename, const char *name) {
+ xmlSecKeyPtr key;
+ xmlSecKeyDataId dataId;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(keyKlass != NULL, -1);
+ xmlSecAssert2(filename != NULL, -1);
+
+ /* find requested data */
+ dataId = xmlSecKeyDataIdListFindByName(xmlSecKeyDataIdsGet(), BAD_CAST keyKlass,
+ xmlSecKeyDataUsageAny);
+ if(dataId == xmlSecKeyDataIdUnknown) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataIdListFindByName",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(keyKlass));
+ return(-1);
+ }
+
+ key = xmlSecKeyReadBinaryFile(dataId, filename);
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyReadBinaryFile",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecKeySetName(key, BAD_CAST name);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeySetName",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(name));
+ xmlSecKeyDestroy(key);
+ return(-1);
+ }
+
+ /* finally add it to keys manager */
+ ret = xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCryptoAppDefaultKeysMngrAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(key);
+ return(-1);
+ }
+
+ return(0);
+}
+
+
+int
+xmlSecAppCryptoSimpleKeysMngrKeyGenerate(xmlSecKeysMngrPtr mngr, const char* keyKlassAndSize, const char* name) {
+ xmlSecKeyPtr key;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(keyKlassAndSize != NULL, -1);
+
+ key = xmlSecAppCryptoKeyGenerate(keyKlassAndSize, name, xmlSecKeyDataTypePermanent);
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAppCryptoSimpleKeysMngrKeyGenerate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(name));
+ return(-1);
+ }
+
+ ret = xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCryptoAppDefaultKeysMngrAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(key);
+ return(-1);
+ }
+ return(0);
+}
+
+xmlSecKeyPtr
+xmlSecAppCryptoKeyGenerate(const char* keyKlassAndSize, const char* name, xmlSecKeyDataType type) {
+ xmlSecKeyPtr key;
+ char* buf;
+ char* p;
+ int size;
+ int ret;
+
+ xmlSecAssert2(keyKlassAndSize != NULL, NULL);
+
+ buf = (char*) xmlStrdup(BAD_CAST keyKlassAndSize);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_STRDUP_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(name));
+ return(NULL);
+ }
+
+ /* separate key klass and size */
+ p = strchr(buf, '-');
+ if(p == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "key size is not specified %s",
+ xmlSecErrorsSafeString(buf));
+ xmlFree(buf);
+ return(NULL);
+ }
+ *(p++) = '\0';
+ size = atoi(p);
+
+ key = xmlSecKeyGenerateByName(BAD_CAST buf, size, type);
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyGenerate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "klass=%s;size=%d",
+ xmlSecErrorsSafeString(buf),
+ size);
+ xmlFree(buf);
+ return(NULL);
+ }
+
+ ret = xmlSecKeySetName(key, BAD_CAST name);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeySetName",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=\"%s\"",
+ xmlSecErrorsSafeString(name));
+ xmlSecKeyDestroy(key);
+ xmlFree(buf);
+ return(NULL);
+ }
+
+ xmlFree(buf);
+ return(key);
+}
diff --git a/apps/crypto.h b/apps/crypto.h
new file mode 100644
index 00000000..63a94a40
--- /dev/null
+++ b/apps/crypto.h
@@ -0,0 +1,70 @@
+/**
+ * XMLSec library
+ *
+ *
+ * See Copyright for the status of this software.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_APPS_CRYPTO_H__
+#define __XMLSEC_APPS_CRYPTO_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <libxml/tree.h>
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/crypto.h>
+
+int xmlSecAppCryptoInit (const char* config);
+int xmlSecAppCryptoShutdown (void);
+
+xmlSecKeyPtr xmlSecAppCryptoKeyGenerate (const char* keyKlassAndSize,
+ const char* name,
+ xmlSecKeyDataType type);
+
+/*****************************************************************************
+ *
+ * Simple keys manager
+ *
+ ****************************************************************************/
+int xmlSecAppCryptoSimpleKeysMngrInit (xmlSecKeysMngrPtr mngr);
+int xmlSecAppCryptoSimpleKeysMngrLoad (xmlSecKeysMngrPtr mngr,
+ const char *filename);
+int xmlSecAppCryptoSimpleKeysMngrSave (xmlSecKeysMngrPtr mngr,
+ const char *filename,
+ xmlSecKeyDataType type);
+int xmlSecAppCryptoSimpleKeysMngrCertLoad (xmlSecKeysMngrPtr mngr,
+ const char *filename,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type);
+int xmlSecAppCryptoSimpleKeysMngrKeyAndCertsLoad (xmlSecKeysMngrPtr mngr,
+ const char *files,
+ const char* pwd,
+ const char* name,
+ xmlSecKeyDataFormat format);
+int xmlSecAppCryptoSimpleKeysMngrPkcs12KeyLoad (xmlSecKeysMngrPtr mngr,
+ const char *filename,
+ const char* pwd,
+ const char *name);
+int xmlSecAppCryptoSimpleKeysMngrBinaryKeyLoad (xmlSecKeysMngrPtr mngr,
+ const char* keyKlass,
+ const char* filename,
+ const char *name);
+int xmlSecAppCryptoSimpleKeysMngrKeyGenerate (xmlSecKeysMngrPtr mngr,
+ const char* keyKlassAndSize,
+ const char* name);
+
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_APPS_CRYPTO_H__ */
+
+
+
diff --git a/apps/xmlsec.c b/apps/xmlsec.c
new file mode 100644
index 00000000..d551b5a6
--- /dev/null
+++ b/apps/xmlsec.c
@@ -0,0 +1,3058 @@
+/**
+ * XML Security standards test: XMLDSig
+ *
+ * See Copyright for the status of this software.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+
+#if defined(_MSC_VER)
+#define snprintf _snprintf
+#endif
+
+#include <libxml/tree.h>
+#include <libxml/xmlmemory.h>
+#include <libxml/parser.h>
+#include <libxml/xpath.h>
+#include <libxml/xpathInternals.h>
+
+#ifndef XMLSEC_NO_XSLT
+#include <libxslt/xslt.h>
+#include <libxslt/extensions.h>
+#include <libxslt/xsltInternals.h>
+#include <libxslt/xsltutils.h>
+#include <libxslt/security.h>
+#include <libexslt/exslt.h>
+#endif /* XMLSEC_NO_XSLT */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/xmldsig.h>
+#include <xmlsec/xmlenc.h>
+#include <xmlsec/xkms.h>
+#include <xmlsec/parser.h>
+#include <xmlsec/templates.h>
+#include <xmlsec/errors.h>
+
+#include "crypto.h"
+#include "cmdline.h"
+
+static const char copyright[] =
+ "Written by Aleksey Sanin <aleksey@aleksey.com>.\n\n"
+ "Copyright (C) 2002-2003 Aleksey Sanin.\n"
+ "This is free software: see the source for copying information.\n";
+
+static const char bugs[] =
+ "Report bugs to http://www.aleksey.com/xmlsec/bugs.html\n";
+
+static const char helpCommands1[] =
+ "Usage: xmlsec <command> [<options>] [<files>]\n"
+ "\n"
+ "xmlsec is a command line tool for signing, verifying, encrypting and\n"
+ "decrypting XML documents. The allowed <command> values are:\n"
+ " --help " "\tdisplay this help information and exit\n"
+ " --help-all " "\tdisplay help information for all commands/options and exit\n"
+ " --help-<cmd>" "\tdisplay help information for command <cmd> and exit\n"
+ " --version " "\tprint version information and exit\n"
+ " --keys " "\tkeys XML file manipulation\n";
+
+static const char helpCommands2[] =
+#ifndef XMLSEC_NO_XMLDSIG
+ " --sign " "\tsign data and output XML document\n"
+ " --verify " "\tverify signed document\n"
+#ifndef XMLSEC_NO_TMPL_TEST
+ " --sign-tmpl " "\tcreate and sign dynamicaly generated signature template\n"
+#endif /* XMLSEC_NO_TMPL_TEST */
+#endif /* XMLSEC_NO_XMLDSIG */
+#ifndef XMLSEC_NO_XMLENC
+ " --encrypt " "\tencrypt data and output XML document\n"
+ " --decrypt " "\tdecrypt data from XML document\n"
+#endif /* XMLSEC_NO_XMLENC */
+#ifndef XMLSEC_NO_XKMS
+ " --xkms-server-request ""\tprocess data as XKMS server request\n"
+#endif /* XMLSEC_NO_XKMS */
+ ;
+
+static const char helpVersion[] =
+ "Usage: xmlsec version\n"
+ "Prints version information and exits\n";
+
+static const char helpKeys[] =
+ "Usage: xmlsec keys [<options>] <file>\n"
+ "Creates a new XML keys file <file>\n";
+
+static const char helpSign[] =
+ "Usage: xmlsec sign [<options>] <file>\n"
+ "Calculates XML Digital Signature using template file <file>\n";
+
+static const char helpVerify[] =
+ "Usage: xmlsec verify [<options>] <file>\n"
+ "Verifies XML Digital Signature in the <file>\n";
+
+static const char helpSignTmpl[] =
+ "Usage: xmlsec sign-tmpl [<options>]\n"
+ "Creates a simple dynamic template and calculates XML Digital Signature\n"
+ "(for testing only).\n";
+
+static const char helpEncrypt[] =
+ "Usage: xmlsec encrypt [<options>] <file>\n"
+ "Encrypts data and creates XML Encryption using template file <file>\n";
+
+static const char helpEncryptTmpl[] =
+ "Usage: xmlsec encrypt [<options>]\n"
+ "Creates a simple dynamic template and calculates XML Encryption\n";
+
+static const char helpDecrypt[] =
+ "Usage: xmlsec decrypt [<options>] <file>\n"
+ "Decrypts XML Encryption data in the <file>\n";
+
+static const char helpXkmsServerRequest[] =
+ "Usage: xmlsec xkms-server-request [<options>] <file>\n"
+ "Processes the <file> as XKMS server request and outputs the response\n";
+
+static const char helpListKeyData[] =
+ "Usage: xmlsec list-key-data\n"
+ "Prints the list of known key data klasses\n";
+
+static const char helpCheckKeyData[] =
+ "Usage: xmlsec check-key-data <key-data-name> [<key-data-name> ... ]\n"
+ "Checks the given key-data against the list of known key-data klasses\n";
+
+static const char helpListTransforms[] =
+ "Usage: xmlsec list-transforms\n"
+ "Prints the list of known transform klasses\n";
+
+static const char helpCheckTransforms[] =
+ "Usage: xmlsec check-transforms <transform-name> [<transform-name> ... ]\n"
+ "Checks the given transforms against the list of known transform klasses\n";
+
+#define xmlSecAppCmdLineTopicGeneral 0x0001
+#define xmlSecAppCmdLineTopicDSigCommon 0x0002
+#define xmlSecAppCmdLineTopicDSigSign 0x0004
+#define xmlSecAppCmdLineTopicDSigVerify 0x0008
+#define xmlSecAppCmdLineTopicEncCommon 0x0010
+#define xmlSecAppCmdLineTopicEncEncrypt 0x0020
+#define xmlSecAppCmdLineTopicEncDecrypt 0x0040
+#define xmlSecAppCmdLineTopicXkmsCommon 0x0080
+#define xmlSecAppCmdLineTopicKeysMngr 0x1000
+#define xmlSecAppCmdLineTopicX509Certs 0x2000
+#define xmlSecAppCmdLineTopicVersion 0x4000
+#define xmlSecAppCmdLineTopicCryptoConfig 0x8000
+#define xmlSecAppCmdLineTopicAll 0xFFFF
+
+/****************************************************************
+ *
+ * General configuration params
+ *
+ ***************************************************************/
+static xmlSecAppCmdLineParam helpParam = {
+ xmlSecAppCmdLineTopicGeneral,
+ "--help",
+ "-h",
+ "--help"
+ "\n\tprint help information about the command",
+ xmlSecAppCmdLineParamTypeFlag,
+ xmlSecAppCmdLineParamFlagNone,
+ NULL
+};
+
+static xmlSecAppCmdLineParam cryptoParam = {
+ xmlSecAppCmdLineTopicCryptoConfig,
+ "--crypto",
+ NULL,
+ "--crypto <name>"
+ "\n\tthe name of the crypto engine to use from the following"
+ "\n\tlist: openssl, mscrypto, nss, gnutls, gcrypt (if no crypto engine is"
+ "\n\tspecified then the default one is used)",
+ xmlSecAppCmdLineParamTypeString,
+ xmlSecAppCmdLineParamFlagNone,
+ NULL
+};
+
+static xmlSecAppCmdLineParam cryptoConfigParam = {
+ xmlSecAppCmdLineTopicCryptoConfig,
+ "--crypto-config",
+ NULL,
+ "--crypto-config <path>"
+ "\n\tpath to crypto engine configuration",
+ xmlSecAppCmdLineParamTypeString,
+ xmlSecAppCmdLineParamFlagNone,
+ NULL
+};
+
+
+static xmlSecAppCmdLineParam repeatParam = {
+ xmlSecAppCmdLineTopicCryptoConfig,
+ "--repeat",
+ "-r",
+ "--repeat <number>"
+ "\n\trepeat the operation <number> times",
+ xmlSecAppCmdLineParamTypeNumber,
+ xmlSecAppCmdLineParamFlagNone,
+ NULL
+};
+
+
+static xmlSecAppCmdLineParam disableErrorMsgsParam = {
+ xmlSecAppCmdLineTopicGeneral,
+ "--disable-error-msgs",
+ NULL,
+ "--disable-error-msgs"
+ "\n\tdo not print xmlsec error messages",
+ xmlSecAppCmdLineParamTypeFlag,
+ xmlSecAppCmdLineParamFlagNone,
+ NULL
+};
+
+static xmlSecAppCmdLineParam printCryptoErrorMsgsParam = {
+ xmlSecAppCmdLineTopicGeneral,
+ "--print-crypto-error-msgs",
+ NULL,
+ "--print-crypto-error-msgs"
+ "\n\tprint errors stack at the end",
+ xmlSecAppCmdLineParamTypeFlag,
+ xmlSecAppCmdLineParamFlagNone,
+ NULL
+};
+
+/****************************************************************
+ *
+ * Keys Manager params
+ *
+ ***************************************************************/
+static xmlSecAppCmdLineParam genKeyParam = {
+ xmlSecAppCmdLineTopicKeysMngr,
+ "--gen-key",
+ "-g",
+ "--gen-key[:<name>] <keyKlass>-<keySize>"
+ "\n\tgenerate new <keyKlass> key of <keySize> bits size,"
+ "\n\tset the key name to <name> and add the result to keys"
+ "\n\tmanager (for example, \"--gen:mykey rsa-1024\" generates"
+ "\n\ta new 1024 bits RSA key and sets it's name to \"mykey\")",
+ xmlSecAppCmdLineParamTypeString,
+ xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues,
+ NULL
+};
+
+static xmlSecAppCmdLineParam keysFileParam = {
+ xmlSecAppCmdLineTopicKeysMngr,
+ "--keys-file",
+ "-k",
+ "--keys-file <file>"
+ "\n\tload keys from XML file",
+ xmlSecAppCmdLineParamTypeString,
+ xmlSecAppCmdLineParamFlagMultipleValues,
+ NULL
+};
+
+static xmlSecAppCmdLineParam privkeyParam = {
+ xmlSecAppCmdLineTopicKeysMngr,
+ "--privkey-pem",
+ "--privkey",
+ "--privkey-pem[:<name>] <file>[,<cafile>[,<cafile>[...]]]"
+ "\n\tload private key from PEM file and certificates"
+ "\n\tthat verify this key",
+ xmlSecAppCmdLineParamTypeStringList,
+ xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues,
+ NULL
+};
+
+static xmlSecAppCmdLineParam privkeyDerParam = {
+ xmlSecAppCmdLineTopicKeysMngr,
+ "--privkey-der",
+ NULL,
+ "--privkey-der[:<name>] <file>[,<cafile>[,<cafile>[...]]]"
+ "\n\tload private key from DER file and certificates"
+ "\n\tthat verify this key",
+ xmlSecAppCmdLineParamTypeStringList,
+ xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues,
+ NULL
+};
+
+static xmlSecAppCmdLineParam pkcs8PemParam = {
+ xmlSecAppCmdLineTopicKeysMngr,
+ "--pkcs8-pem",
+ "--privkey-p8-pem",
+ "--pkcs8-pem[:<name>] <file>[,<cafile>[,<cafile>[...]]]"
+ "\n\tload private key from PKCS8 PEM file and PEM certificates"
+ "\n\tthat verify this key",
+ xmlSecAppCmdLineParamTypeStringList,
+ xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues,
+ NULL
+};
+
+static xmlSecAppCmdLineParam pkcs8DerParam = {
+ xmlSecAppCmdLineTopicKeysMngr,
+ "--pkcs8-der",
+ "--privkey-p8-der",
+ "--pkcs8-der[:<name>] <file>[,<cafile>[,<cafile>[...]]]"
+ "\n\tload private key from PKCS8 DER file and DER certificates"
+ "\n\tthat verify this key",
+ xmlSecAppCmdLineParamTypeStringList,
+ xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues,
+ NULL
+};
+
+static xmlSecAppCmdLineParam pubkeyParam = {
+ xmlSecAppCmdLineTopicKeysMngr,
+ "--pubkey-pem",
+ "--pubkey",
+ "--pubkey-pem[:<name>] <file>"
+ "\n\tload public key from PEM file",
+ xmlSecAppCmdLineParamTypeStringList,
+ xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues,
+ NULL
+};
+
+static xmlSecAppCmdLineParam pubkeyDerParam = {
+ xmlSecAppCmdLineTopicKeysMngr,
+ "--pubkey-der",
+ NULL,
+ "--pubkey-der[:<name>] <file>"
+ "\n\tload public key from DER file",
+ xmlSecAppCmdLineParamTypeStringList,
+ xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues,
+ NULL
+};
+
+
+#ifndef XMLSEC_NO_AES
+static xmlSecAppCmdLineParam aeskeyParam = {
+ xmlSecAppCmdLineTopicKeysMngr,
+ "--aeskey",
+ NULL,
+ "--aeskey[:<name>] <file>"
+ "\n\tload AES key from binary file <file>",
+ xmlSecAppCmdLineParamTypeString,
+ xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues,
+ NULL
+};
+#endif /* XMLSEC_NO_AES */
+
+#ifndef XMLSEC_NO_DES
+static xmlSecAppCmdLineParam deskeyParam = {
+ xmlSecAppCmdLineTopicKeysMngr,
+ "--deskey",
+ NULL,
+ "--deskey[:<name>] <file>"
+ "\n\tload DES key from binary file <file>",
+ xmlSecAppCmdLineParamTypeString,
+ xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues,
+ NULL
+};
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_HMAC
+static xmlSecAppCmdLineParam hmackeyParam = {
+ xmlSecAppCmdLineTopicKeysMngr,
+ "--hmackey",
+ NULL,
+ "--hmackey[:<name>] <file>"
+ "\n\tload HMAC key from binary file <file>",
+ xmlSecAppCmdLineParamTypeString,
+ xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues,
+ NULL
+};
+#endif /* XMLSEC_NO_HMAC */
+
+static xmlSecAppCmdLineParam pwdParam = {
+ xmlSecAppCmdLineTopicKeysMngr,
+ "--pwd",
+ NULL,
+ "--pwd <password>"
+ "\n\tthe password to use for reading keys and certs",
+ xmlSecAppCmdLineParamTypeString,
+ xmlSecAppCmdLineParamFlagNone,
+ NULL
+};
+
+static xmlSecAppCmdLineParam enabledKeyDataParam = {
+ xmlSecAppCmdLineTopicKeysMngr,
+ "--enabled-key-data",
+ NULL,
+ "--enabled-key-data <list>"
+ "\n\tcomma separated list of enabled key data (list of "
+ "\n\tregistered key data klasses is available with \"--list-key-data\""
+ "\n\tcommand); by default, all registered key data are enabled",
+ xmlSecAppCmdLineParamTypeStringList,
+ xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues,
+ NULL
+};
+
+static xmlSecAppCmdLineParam enabledRetrievalMethodUrisParam = {
+ xmlSecAppCmdLineTopicKeysMngr,
+ "--enabled-retrieval-method-uris",
+ NULL,
+ "--enabled-retrieval-uris <list>"
+ "\n\tcomma separated list of of the following values:"
+ "\n\t\"empty\", \"same-doc\", \"local\",\"remote\" to restrict possible URI"
+ "\n\tattribute values for the <dsig:RetrievalMethod> element.",
+ xmlSecAppCmdLineParamTypeStringList,
+ xmlSecAppCmdLineParamFlagNone,
+ NULL
+};
+
+/****************************************************************
+ *
+ * Common params
+ *
+ ***************************************************************/
+static xmlSecAppCmdLineParam sessionKeyParam = {
+ xmlSecAppCmdLineTopicDSigSign | xmlSecAppCmdLineTopicEncEncrypt,
+ "--session-key",
+ NULL,
+ "--session-key <keyKlass>-<keySize>"
+ "\n\tgenerate new session <keyKlass> key of <keySize> bits size"
+ "\n\t(for example, \"--session des-192\" generates a new 192 bits"
+ "\n\tDES key for DES3 encryption)",
+ xmlSecAppCmdLineParamTypeString,
+ xmlSecAppCmdLineParamFlagNone,
+ NULL
+};
+
+static xmlSecAppCmdLineParam outputParam = {
+ xmlSecAppCmdLineTopicDSigCommon |
+ xmlSecAppCmdLineTopicEncCommon |
+ xmlSecAppCmdLineTopicXkmsCommon,
+ "--output",
+ "-o",
+ "--output <filename>"
+ "\n\twrite result document to file <filename>",
+ xmlSecAppCmdLineParamTypeString,
+ xmlSecAppCmdLineParamFlagNone,
+ NULL
+};
+
+static xmlSecAppCmdLineParam nodeIdParam = {
+ xmlSecAppCmdLineTopicDSigCommon |
+ xmlSecAppCmdLineTopicEncCommon |
+ xmlSecAppCmdLineTopicXkmsCommon,
+ "--node-id",
+ NULL,
+ "--node-id <id>"
+ "\n\tset the operation start point to the node with given <id>",
+ xmlSecAppCmdLineParamTypeString,
+ xmlSecAppCmdLineParamFlagNone,
+ NULL
+};
+
+static xmlSecAppCmdLineParam nodeNameParam = {
+ xmlSecAppCmdLineTopicDSigCommon |
+ xmlSecAppCmdLineTopicEncCommon |
+ xmlSecAppCmdLineTopicXkmsCommon,
+ "--node-name",
+ NULL,
+ "--node-name [<namespace-uri>:]<name>"
+ "\n\tset the operation start point to the first node"
+ "\n\twith given <name> and <namespace> URI",
+ xmlSecAppCmdLineParamTypeString,
+ xmlSecAppCmdLineParamFlagNone,
+ NULL
+};
+
+static xmlSecAppCmdLineParam nodeXPathParam = {
+ xmlSecAppCmdLineTopicDSigCommon |
+ xmlSecAppCmdLineTopicEncCommon |
+ xmlSecAppCmdLineTopicXkmsCommon,
+ "--node-xpath",
+ NULL,
+ "--node-xpath <expr>"
+ "\n\tset the operation start point to the first node"
+ "\n\tselected by the specified XPath expression",
+ xmlSecAppCmdLineParamTypeString,
+ xmlSecAppCmdLineParamFlagNone,
+ NULL
+};
+
+static xmlSecAppCmdLineParam dtdFileParam = {
+ xmlSecAppCmdLineTopicDSigCommon |
+ xmlSecAppCmdLineTopicEncCommon |
+ xmlSecAppCmdLineTopicXkmsCommon,
+ "--dtd-file",
+ NULL,
+ "--dtd-file <file>"
+ "\n\tload the specified file as the DTD",
+ xmlSecAppCmdLineParamTypeString,
+ xmlSecAppCmdLineParamFlagNone,
+ NULL
+};
+
+static xmlSecAppCmdLineParam printDebugParam = {
+ xmlSecAppCmdLineTopicDSigCommon |
+ xmlSecAppCmdLineTopicEncCommon |
+ xmlSecAppCmdLineTopicXkmsCommon,
+ "--print-debug",
+ NULL,
+ "--print-debug"
+ "\n\tprint debug information to stdout",
+ xmlSecAppCmdLineParamTypeFlag,
+ xmlSecAppCmdLineParamFlagNone,
+ NULL
+};
+
+static xmlSecAppCmdLineParam printXmlDebugParam = {
+ xmlSecAppCmdLineTopicDSigCommon |
+ xmlSecAppCmdLineTopicEncCommon |
+ xmlSecAppCmdLineTopicXkmsCommon,
+ "--print-xml-debug",
+ NULL,
+ "--print-xml-debug"
+ "\n\tprint debug information to stdout in xml format",
+ xmlSecAppCmdLineParamTypeFlag,
+ xmlSecAppCmdLineParamFlagNone,
+ NULL
+};
+
+static xmlSecAppCmdLineParam idAttrParam = {
+ xmlSecAppCmdLineTopicDSigCommon |
+ xmlSecAppCmdLineTopicEncCommon |
+ xmlSecAppCmdLineTopicXkmsCommon,
+ "--id-attr",
+ NULL,
+ "--id-attr[:<attr-name>] [<node-namespace-uri>:]<node-name>"
+ "\n\tadds attributes <attr-name> (default value \"id\") from all nodes"
+ "\n\twith<node-name> and namespace <node-namespace-uri> to the list of"
+ "\n\tknown ID attributes; this is a hack and if you can use DTD or schema"
+ "\n\tto declare ID attributes instead (see \"--dtd-file\" option),"
+ "\n\tI don't know what else might be broken in your application when"
+ "\n\tyou use this hack",
+ xmlSecAppCmdLineParamTypeString,
+ xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues,
+ NULL
+};
+
+
+/****************************************************************
+ *
+ * Common dsig params
+ *
+ ***************************************************************/
+#ifndef XMLSEC_NO_XMLDSIG
+static xmlSecAppCmdLineParam ignoreManifestsParam = {
+ xmlSecAppCmdLineTopicDSigCommon,
+ "--ignore-manifests",
+ NULL,
+ "--ignore-manifests"
+ "\n\tdo not process <dsig:Manifest> elements",
+ xmlSecAppCmdLineParamTypeFlag,
+ xmlSecAppCmdLineParamFlagNone,
+ NULL
+};
+
+static xmlSecAppCmdLineParam storeReferencesParam = {
+ xmlSecAppCmdLineTopicDSigCommon,
+ "--store-references",
+ NULL,
+ "--store-references"
+ "\n\tstore and print the result of <dsig:Reference/> element processing"
+ "\n\tjust before calculating digest",
+ xmlSecAppCmdLineParamTypeFlag,
+ xmlSecAppCmdLineParamFlagNone,
+ NULL
+};
+
+static xmlSecAppCmdLineParam storeSignaturesParam = {
+ xmlSecAppCmdLineTopicDSigCommon,
+ "--store-signatures",
+ NULL,
+ "--store-signatures"
+ "\n\tstore and print the result of <dsig:Signature> processing"
+ "\n\tjust before calculating signature",
+ xmlSecAppCmdLineParamTypeFlag,
+ xmlSecAppCmdLineParamFlagNone,
+ NULL
+};
+
+static xmlSecAppCmdLineParam enabledRefUrisParam = {
+ xmlSecAppCmdLineTopicDSigCommon,
+ "--enabled-reference-uris",
+ NULL,
+ "--enabled-reference-uris <list>"
+ "\n\tcomma separated list of of the following values:"
+ "\n\t\"empty\", \"same-doc\", \"local\",\"remote\" to restrict possible URI"
+ "\n\tattribute values for the <dsig:Reference> element",
+ xmlSecAppCmdLineParamTypeStringList,
+ xmlSecAppCmdLineParamFlagNone,
+ NULL
+};
+
+static xmlSecAppCmdLineParam enableVisa3DHackParam = {
+ xmlSecAppCmdLineTopicDSigCommon,
+ "--enable-visa3d-hack",
+ NULL,
+ "--enable-visa3d-hack"
+ "\n\tenables Visa3D protocol specific hack for URI attributes processing"
+ "\n\twhen we are trying not to use XPath/XPointer engine; this is a hack"
+ "\n\tand I don't know what else might be broken in your application when"
+ "\n\tyou use it (also check \"--id-attr\" option because you might need it)",
+ xmlSecAppCmdLineParamTypeFlag,
+ xmlSecAppCmdLineParamFlagNone,
+ NULL
+};
+
+#endif /* XMLSEC_NO_XMLDSIG */
+
+/****************************************************************
+ *
+ * Enc params
+ *
+ ***************************************************************/
+#ifndef XMLSEC_NO_XMLENC
+static xmlSecAppCmdLineParam enabledCipherRefUrisParam = {
+ xmlSecAppCmdLineTopicEncCommon,
+ "--enabled-cipher-reference-uris",
+ NULL,
+ "--enabled-cipher-reference-uris <list>"
+ "\n\tcomma separated list of of the following values:"
+ "\n\t\"empty\", \"same-doc\", \"local\",\"remote\" to restrict possible URI"
+ "\n\tattribute values for the <enc:CipherReference> element",
+ xmlSecAppCmdLineParamTypeStringList,
+ xmlSecAppCmdLineParamFlagNone,
+ NULL
+};
+
+static xmlSecAppCmdLineParam binaryDataParam = {
+ xmlSecAppCmdLineTopicEncEncrypt,
+ "--binary-data",
+ "--binary",
+ "--binary-data <file>"
+ "\n\tbinary <file> to encrypt",
+ xmlSecAppCmdLineParamTypeString,
+ xmlSecAppCmdLineParamFlagNone,
+ NULL
+};
+
+static xmlSecAppCmdLineParam xmlDataParam = {
+ xmlSecAppCmdLineTopicEncEncrypt,
+ "--xml-data",
+ NULL,
+ "--xml-data <file>"
+ "\n\tXML <file> to encrypt",
+ xmlSecAppCmdLineParamTypeString,
+ xmlSecAppCmdLineParamFlagNone,
+ NULL
+};
+#endif /* XMLSEC_NO_XMLENC */
+
+/****************************************************************
+ *
+ * XKMS params
+ *
+ ***************************************************************/
+#ifndef XMLSEC_NO_XKMS
+static xmlSecAppCmdLineParam xkmsServiceParam = {
+ xmlSecAppCmdLineTopicXkmsCommon,
+ "--xkms-service",
+ NULL,
+ "--xkms-service <uri>"
+ "\n\tsets XKMS \"Service\" <uri>",
+ xmlSecAppCmdLineParamTypeString,
+ xmlSecAppCmdLineParamFlagNone,
+ NULL
+};
+
+static xmlSecAppCmdLineParam xkmsFormatParam = {
+ xmlSecAppCmdLineTopicXkmsCommon,
+ "--xkms-format",
+ NULL,
+ "--xkms-format <format>"
+ "\n\tsets the XKMS request/response format to one of the following values:"
+ "\n\t \"plain\" (default), \"soap-1.1\" or \"soap-1.2\"",
+ xmlSecAppCmdLineParamTypeString,
+ xmlSecAppCmdLineParamFlagNone,
+ NULL
+};
+
+static xmlSecAppCmdLineParam xkmsStopUnknownResponseMechanismParam = {
+ xmlSecAppCmdLineTopicXkmsCommon, /* todo: server */
+ "--xkms-stop-on-unknown-response-mechanism",
+ NULL,
+ "--xkms-stop-on-unknown-response-mechanism"
+ "\n\tstop processing XKMS server request if unknown ResponseMechanism"
+ "\n\tvalue was found",
+ xmlSecAppCmdLineParamTypeFlag,
+ xmlSecAppCmdLineParamFlagNone,
+ NULL
+};
+
+static xmlSecAppCmdLineParam xkmsStopUnknownRespondWithParam = {
+ xmlSecAppCmdLineTopicXkmsCommon, /* todo: server */
+ "--xkms-stop-on-unknown-respond-with",
+ NULL,
+ "--xkms-stop-on-unknown-respond-with"
+ "\n\tstop processing XKMS server request if unknown RespondWith"
+ "\n\tvalue was found",
+ xmlSecAppCmdLineParamTypeFlag,
+ xmlSecAppCmdLineParamFlagNone,
+ NULL
+};
+
+static xmlSecAppCmdLineParam xkmsStopUnknownKeyUsageParam = {
+ xmlSecAppCmdLineTopicXkmsCommon, /* todo: server */
+ "--xkms-stop-on-unknown-key-usage",
+ NULL,
+ "--xkms-stop-on-unknown-key-usage"
+ "\n\tstop processing XKMS server request if unknown KeyUsage"
+ "\n\tvalue was found",
+ xmlSecAppCmdLineParamTypeFlag,
+ xmlSecAppCmdLineParamFlagNone,
+ NULL
+};
+
+#endif /* XMLSEC_NO_XKMS */
+
+/****************************************************************
+ *
+ * X509 params
+ *
+ ***************************************************************/
+#ifndef XMLSEC_NO_X509
+static xmlSecAppCmdLineParam pkcs12Param = {
+ xmlSecAppCmdLineTopicKeysMngr,
+ "--pkcs12",
+ NULL,
+ "--pkcs12[:<name>] <file>"
+ "\n\tload load private key from pkcs12 file <file>",
+ xmlSecAppCmdLineParamTypeString,
+ xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues,
+ NULL
+};
+
+static xmlSecAppCmdLineParam pubkeyCertParam = {
+ xmlSecAppCmdLineTopicKeysMngr,
+ "--pubkey-cert-pem",
+ "--pubkey-cert",
+ "--pubkey-cert-pem[:<name>] <file>"
+ "\n\tload public key from PEM cert file",
+ xmlSecAppCmdLineParamTypeStringList,
+ xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues,
+ NULL
+};
+
+static xmlSecAppCmdLineParam pubkeyCertDerParam = {
+ xmlSecAppCmdLineTopicKeysMngr,
+ "--pubkey-cert-der",
+ NULL,
+ "--pubkey-cert-der[:<name>] <file>"
+ "\n\tload public key from DER cert file",
+ xmlSecAppCmdLineParamTypeStringList,
+ xmlSecAppCmdLineParamFlagParamNameValue | xmlSecAppCmdLineParamFlagMultipleValues,
+ NULL
+};
+
+static xmlSecAppCmdLineParam trustedParam = {
+ xmlSecAppCmdLineTopicX509Certs,
+ "--trusted-pem",
+ "--trusted",
+ "--trusted-pem <file>"
+ "\n\tload trusted (root) certificate from PEM file <file>",
+ xmlSecAppCmdLineParamTypeString,
+ xmlSecAppCmdLineParamFlagMultipleValues,
+ NULL
+};
+
+static xmlSecAppCmdLineParam untrustedParam = {
+ xmlSecAppCmdLineTopicX509Certs,
+ "--untrusted-pem",
+ "--untrusted",
+ "--untrusted-pem <file>"
+ "\n\tload untrusted certificate from PEM file <file>",
+ xmlSecAppCmdLineParamTypeString,
+ xmlSecAppCmdLineParamFlagMultipleValues,
+ NULL
+};
+
+static xmlSecAppCmdLineParam trustedDerParam = {
+ xmlSecAppCmdLineTopicX509Certs,
+ "--trusted-der",
+ NULL,
+ "--trusted-der <file>"
+ "\n\tload trusted (root) certificate from DER file <file>",
+ xmlSecAppCmdLineParamTypeString,
+ xmlSecAppCmdLineParamFlagMultipleValues,
+ NULL
+};
+
+static xmlSecAppCmdLineParam untrustedDerParam = {
+ xmlSecAppCmdLineTopicX509Certs,
+ "--untrusted-der",
+ NULL,
+ "--untrusted-der <file>"
+ "\n\tload untrusted certificate from DER file <file>",
+ xmlSecAppCmdLineParamTypeString,
+ xmlSecAppCmdLineParamFlagMultipleValues,
+ NULL
+};
+
+static xmlSecAppCmdLineParam verificationTimeParam = {
+ xmlSecAppCmdLineTopicX509Certs,
+ "--verification-time",
+ NULL,
+ "--verification-time <time>"
+ "\n\tthe local time in \"YYYY-MM-DD HH:MM:SS\" format"
+ "\n\tused certificates verification",
+ xmlSecAppCmdLineParamTypeTime,
+ xmlSecAppCmdLineParamFlagNone,
+ NULL
+};
+
+static xmlSecAppCmdLineParam depthParam = {
+ xmlSecAppCmdLineTopicX509Certs,
+ "--depth",
+ NULL,
+ "--depth <number>"
+ "\n\tmaximum certificates chain depth",
+ xmlSecAppCmdLineParamTypeNumber,
+ xmlSecAppCmdLineParamFlagNone,
+ NULL
+};
+
+static xmlSecAppCmdLineParam X509SkipStrictChecksParam = {
+ xmlSecAppCmdLineTopicX509Certs,
+ "--X509-skip-strict-checks",
+ NULL,
+ "--X509-skip-strict-checks"
+ "\n\tskip strict checking of X509 data",
+ xmlSecAppCmdLineParamTypeFlag,
+ xmlSecAppCmdLineParamFlagNone,
+ NULL
+};
+#endif /* XMLSEC_NO_X509 */
+
+static xmlSecAppCmdLineParamPtr parameters[] = {
+ /* common dsig params */
+#ifndef XMLSEC_NO_XMLDSIG
+ &ignoreManifestsParam,
+ &storeReferencesParam,
+ &storeSignaturesParam,
+ &enabledRefUrisParam,
+ &enableVisa3DHackParam,
+#endif /* XMLSEC_NO_XMLDSIG */
+
+ /* enc params */
+#ifndef XMLSEC_NO_XMLENC
+ &binaryDataParam,
+ &xmlDataParam,
+ &enabledCipherRefUrisParam,
+#endif /* XMLSEC_NO_XMLENC */
+
+ /* xkms params */
+#ifndef XMLSEC_NO_XKMS
+ &xkmsServiceParam,
+ &xkmsFormatParam,
+ &xkmsStopUnknownResponseMechanismParam,
+ &xkmsStopUnknownRespondWithParam,
+ &xkmsStopUnknownKeyUsageParam,
+#endif /* XMLSEC_NO_XKMS */
+
+ /* common dsig and enc parameters */
+ &sessionKeyParam,
+ &outputParam,
+ &printDebugParam,
+ &printXmlDebugParam,
+ &dtdFileParam,
+ &nodeIdParam,
+ &nodeNameParam,
+ &nodeXPathParam,
+ &idAttrParam,
+
+ /* Keys Manager params */
+ &enabledKeyDataParam,
+ &enabledRetrievalMethodUrisParam,
+ &genKeyParam,
+ &keysFileParam,
+ &privkeyParam,
+ &privkeyDerParam,
+ &pkcs8PemParam,
+ &pkcs8DerParam,
+ &pubkeyParam,
+ &pubkeyDerParam,
+#ifndef XMLSEC_NO_AES
+ &aeskeyParam,
+#endif /* XMLSEC_NO_AES */
+#ifndef XMLSEC_NO_DES
+ &deskeyParam,
+#endif /* XMLSEC_NO_DES */
+#ifndef XMLSEC_NO_HMAC
+ &hmackeyParam,
+#endif /* XMLSEC_NO_HMAC */
+ &pwdParam,
+#ifndef XMLSEC_NO_X509
+ &pkcs12Param,
+ &pubkeyCertParam,
+ &pubkeyCertDerParam,
+ &trustedParam,
+ &untrustedParam,
+ &trustedDerParam,
+ &untrustedDerParam,
+ &verificationTimeParam,
+ &depthParam,
+ &X509SkipStrictChecksParam,
+#endif /* XMLSEC_NO_X509 */
+
+ /* General configuration params */
+ &cryptoParam,
+ &cryptoConfigParam,
+ &repeatParam,
+ &disableErrorMsgsParam,
+ &printCryptoErrorMsgsParam,
+ &helpParam,
+
+ /* MUST be the last one */
+ NULL
+};
+
+typedef enum {
+ xmlSecAppCommandUnknown = 0,
+ xmlSecAppCommandHelp,
+ xmlSecAppCommandListKeyData,
+ xmlSecAppCommandCheckKeyData,
+ xmlSecAppCommandListTransforms,
+ xmlSecAppCommandCheckTransforms,
+ xmlSecAppCommandVersion,
+ xmlSecAppCommandKeys,
+ xmlSecAppCommandSign,
+ xmlSecAppCommandVerify,
+ xmlSecAppCommandSignTmpl,
+ xmlSecAppCommandEncrypt,
+ xmlSecAppCommandDecrypt,
+ xmlSecAppCommandEncryptTmpl,
+ xmlSecAppCommandXkmsServerRequest
+} xmlSecAppCommand;
+
+typedef struct _xmlSecAppXmlData xmlSecAppXmlData,
+ *xmlSecAppXmlDataPtr;
+struct _xmlSecAppXmlData {
+ xmlDocPtr doc;
+ xmlDtdPtr dtd;
+ xmlNodePtr startNode;
+};
+
+static xmlSecAppXmlDataPtr xmlSecAppXmlDataCreate (const char* filename,
+ const xmlChar* defStartNodeName,
+ const xmlChar* defStartNodeNs);
+static void xmlSecAppXmlDataDestroy (xmlSecAppXmlDataPtr data);
+
+
+static xmlSecAppCommand xmlSecAppParseCommand (const char* cmd,
+ xmlSecAppCmdLineParamTopic* topics,
+ xmlSecAppCommand* subCommand);
+static void xmlSecAppPrintHelp (xmlSecAppCommand command,
+ xmlSecAppCmdLineParamTopic topics);
+#define xmlSecAppPrintUsage() xmlSecAppPrintHelp(xmlSecAppCommandUnknown, 0)
+static int xmlSecAppInit (void);
+static void xmlSecAppShutdown (void);
+static int xmlSecAppLoadKeys (void);
+static int xmlSecAppPrepareKeyInfoReadCtx (xmlSecKeyInfoCtxPtr ctx);
+
+#ifndef XMLSEC_NO_XMLDSIG
+static int xmlSecAppSignFile (const char* filename);
+static int xmlSecAppVerifyFile (const char* filename);
+#ifndef XMLSEC_NO_TMPL_TEST
+static int xmlSecAppSignTmpl (void);
+#endif /* XMLSEC_NO_TMPL_TEST */
+static int xmlSecAppPrepareDSigCtx (xmlSecDSigCtxPtr dsigCtx);
+static void xmlSecAppPrintDSigCtx (xmlSecDSigCtxPtr dsigCtx);
+#endif /* XMLSEC_NO_XMLDSIG */
+
+#ifndef XMLSEC_NO_XMLENC
+static int xmlSecAppEncryptFile (const char* filename);
+static int xmlSecAppDecryptFile (const char* filename);
+#ifndef XMLSEC_NO_TMPL_TEST
+static int xmlSecAppEncryptTmpl (void);
+#endif /* XMLSEC_NO_TMPL_TEST */
+static int xmlSecAppPrepareEncCtx (xmlSecEncCtxPtr encCtx);
+static void xmlSecAppPrintEncCtx (xmlSecEncCtxPtr encCtx);
+#endif /* XMLSEC_NO_XMLENC */
+
+#ifndef XMLSEC_NO_XKMS
+static int xmlSecAppXkmsServerProcess (const char* filename);
+static int xmlSecAppPrepareXkmsServerCtx (xmlSecXkmsServerCtxPtr xkmsServerCtx);
+static void xmlSecAppPrintXkmsServerCtx (xmlSecXkmsServerCtxPtr xkmsServerCtx);
+#endif /* XMLSEC_NO_XKMS */
+
+static void xmlSecAppListKeyData (void);
+static int xmlSecAppCheckKeyData (const char * name);
+static void xmlSecAppListTransforms (void);
+static int xmlSecAppCheckTransform (const char * name);
+
+static xmlSecTransformUriType xmlSecAppGetUriType (const char* string);
+static FILE* xmlSecAppOpenFile (const char* filename);
+static void xmlSecAppCloseFile (FILE* file);
+static int xmlSecAppWriteResult (xmlDocPtr doc,
+ xmlSecBufferPtr buffer);
+static int xmlSecAppAddIDAttr (xmlNodePtr cur,
+ const xmlChar* attr,
+ const xmlChar* node,
+ const xmlChar* nsHref);
+
+xmlSecKeysMngrPtr gKeysMngr = NULL;
+int repeats = 1;
+int print_debug = 0;
+clock_t total_time = 0;
+const char* xmlsec_crypto = XMLSEC_CRYPTO;
+const char* tmp = NULL;
+
+int main(int argc, const char **argv) {
+ xmlSecAppCmdLineParamTopic cmdLineTopics;
+ xmlSecAppCommand command, subCommand;
+ int pos, i;
+ int res = 1;
+
+ /* read the command (first argument) */
+ if(argc < 2) {
+ xmlSecAppPrintUsage();
+ goto fail;
+ }
+ command = xmlSecAppParseCommand(argv[1], &cmdLineTopics, &subCommand);
+ if(command == xmlSecAppCommandUnknown) {
+ fprintf(stderr, "Error: unknown command \"%s\"\n", argv[1]);
+ xmlSecAppPrintUsage();
+ goto fail;
+ }
+
+ /* do as much as we can w/o initialization */
+ if(command == xmlSecAppCommandHelp) {
+ xmlSecAppPrintHelp(subCommand, cmdLineTopics);
+ goto success;
+ } else if(command == xmlSecAppCommandVersion) {
+ fprintf(stdout, "%s %s (%s)\n", PACKAGE, XMLSEC_VERSION, xmlsec_crypto);
+ goto success;
+ }
+
+ /* parse command line */
+ pos = xmlSecAppCmdLineParamsListParse(parameters, cmdLineTopics, argv, argc, 2);
+ if(pos < 0) {
+ fprintf(stderr, "Error: invalid parameters\n");
+ xmlSecAppPrintUsage();
+ goto fail;
+ }
+
+ /* is it a help request? */
+ if(xmlSecAppCmdLineParamIsSet(&helpParam)) {
+ xmlSecAppPrintHelp(command, cmdLineTopics);
+ goto success;
+ }
+
+ /* we need to have some files at the end */
+ switch(command) {
+ case xmlSecAppCommandKeys:
+ case xmlSecAppCommandSign:
+ case xmlSecAppCommandVerify:
+ case xmlSecAppCommandEncrypt:
+ case xmlSecAppCommandDecrypt:
+ case xmlSecAppCommandXkmsServerRequest:
+ if(pos >= argc) {
+ fprintf(stderr, "Error: <file> parameter is requried for this command\n");
+ xmlSecAppPrintUsage();
+ goto fail;
+ }
+ break;
+ default:
+ break;
+ }
+
+ /* now init the xmlsec and all other libs */
+ /* ignore "--crypto" if we don't have dynamic loading */
+ tmp = xmlSecAppCmdLineParamGetString(&cryptoParam);
+#if !defined(XMLSEC_NO_CRYPTO_DYNAMIC_LOADING) && defined(XMLSEC_CRYPTO_DYNAMIC_LOADING)
+ if((tmp != NULL) && (strcmp(tmp, "default") != 0)) {
+ xmlsec_crypto = tmp;
+ }
+#else /* !defined(XMLSEC_NO_CRYPTO_DYNAMIC_LOADING) && defined(XMLSEC_CRYPTO_DYNAMIC_LOADING) */
+ if((tmp != NULL) && (strcmp(tmp, xmlsec_crypto) != 0)) {
+ fprintf(stderr, "Error: dynaimc crypto libraries loading is disabled and the only available crypto library is '%s'\n", xmlsec_crypto);
+ xmlSecAppPrintUsage();
+ goto fail;
+ }
+#endif /* !defined(XMLSEC_NO_CRYPTO_DYNAMIC_LOADING) && defined(XMLSEC_CRYPTO_DYNAMIC_LOADING) */
+
+ if(xmlSecAppInit() < 0) {
+ fprintf(stderr, "Error: initialization failed\n");
+ xmlSecAppPrintUsage();
+ goto fail;
+ }
+
+ /* load keys */
+ if(xmlSecAppLoadKeys() < 0) {
+ fprintf(stderr, "Error: keys manager creation failed\n");
+ xmlSecAppPrintUsage();
+ goto fail;
+ }
+
+ /* get the "repeats" number */
+ if(xmlSecAppCmdLineParamIsSet(&repeatParam) &&
+ (xmlSecAppCmdLineParamGetInt(&repeatParam, 1) > 0)) {
+
+ repeats = xmlSecAppCmdLineParamGetInt(&repeatParam, 1);
+ }
+
+ /* execute requested number of times */
+ for(; repeats > 0; --repeats) {
+ switch(command) {
+ case xmlSecAppCommandListKeyData:
+ xmlSecAppListKeyData();
+ break;
+ case xmlSecAppCommandCheckKeyData:
+ for(i = pos; i < argc; ++i) {
+ if(xmlSecAppCheckKeyData(argv[i]) < 0) {
+ fprintf(stderr, "Error: key data \"%s\" not found\n", argv[i]);
+ goto fail;
+ } else {
+ fprintf(stdout, "Key data \"%s\" found\n", argv[i]);
+ }
+ }
+ break;
+ case xmlSecAppCommandListTransforms:
+ xmlSecAppListTransforms();
+ break;
+ case xmlSecAppCommandCheckTransforms:
+ for(i = pos; i < argc; ++i) {
+ if(xmlSecAppCheckTransform(argv[i]) < 0) {
+ fprintf(stderr, "Error: transform \"%s\" not found\n", argv[i]);
+ goto fail;
+ } else {
+ fprintf(stdout, "Transforms \"%s\" found\n", argv[i]);
+ }
+ }
+ break;
+ case xmlSecAppCommandKeys:
+ for(i = pos; i < argc; ++i) {
+ if(xmlSecAppCryptoSimpleKeysMngrSave(gKeysMngr, argv[i], xmlSecKeyDataTypeAny) < 0) {
+ fprintf(stderr, "Error: failed to save keys to file \"%s\"\n", argv[i]);
+ goto fail;
+ }
+ }
+ break;
+#ifndef XMLSEC_NO_XMLDSIG
+ case xmlSecAppCommandSign:
+ for(i = pos; i < argc; ++i) {
+ if(xmlSecAppSignFile(argv[i]) < 0) {
+ fprintf(stderr, "Error: failed to sign file \"%s\"\n", argv[i]);
+ goto fail;
+ }
+ }
+ break;
+ case xmlSecAppCommandVerify:
+ for(i = pos; i < argc; ++i) {
+ if(xmlSecAppVerifyFile(argv[i]) < 0) {
+ fprintf(stderr, "Error: failed to verify file \"%s\"\n", argv[i]);
+ goto fail;
+ }
+ }
+ break;
+#ifndef XMLSEC_NO_TMPL_TEST
+ case xmlSecAppCommandSignTmpl:
+ if(xmlSecAppSignTmpl() < 0) {
+ fprintf(stderr, "Error: failed to create and sign template\n");
+ goto fail;
+ }
+ break;
+#endif /* XMLSEC_NO_TMPL_TEST */
+#endif /* XMLSEC_NO_XMLDSIG */
+
+#ifndef XMLSEC_NO_XMLENC
+ case xmlSecAppCommandEncrypt:
+ for(i = pos; i < argc; ++i) {
+ if(xmlSecAppEncryptFile(argv[i]) < 0) {
+ fprintf(stderr, "Error: failed to encrypt file with template \"%s\"\n", argv[i]);
+ goto fail;
+ }
+ }
+ break;
+ case xmlSecAppCommandDecrypt:
+ for(i = pos; i < argc; ++i) {
+ if(xmlSecAppDecryptFile(argv[i]) < 0) {
+ fprintf(stderr, "Error: failed to decrypt file \"%s\"\n", argv[i]);
+ goto fail;
+ }
+ }
+ break;
+#ifndef XMLSEC_NO_TMPL_TEST
+ case xmlSecAppCommandEncryptTmpl:
+ if(xmlSecAppEncryptTmpl() < 0) {
+ fprintf(stderr, "Error: failed to create and encrypt template\n");
+ goto fail;
+ }
+ break;
+#endif /* XMLSEC_NO_TMPL_TEST */
+#endif /* XMLSEC_NO_XMLENC */
+
+#ifndef XMLSEC_NO_XKMS
+ case xmlSecAppCommandXkmsServerRequest:
+ for(i = pos; i < argc; ++i) {
+ if(xmlSecAppXkmsServerProcess(argv[i]) < 0) {
+ fprintf(stderr, "Error: failed to process XKMS server request from file \"%s\"\n", argv[i]);
+ goto fail;
+ }
+ }
+ break;
+#endif /* XMLSEC_NO_XKMS */
+ default:
+ fprintf(stderr, "Error: invalid command %d\n", command);
+ xmlSecAppPrintUsage();
+ goto fail;
+ }
+ }
+
+ /* print perf stats results */
+ if(xmlSecAppCmdLineParamIsSet(&repeatParam) &&
+ (xmlSecAppCmdLineParamGetInt(&repeatParam, 1) > 0)) {
+
+ repeats = xmlSecAppCmdLineParamGetInt(&repeatParam, 1);
+ fprintf(stderr, "Executed %d tests in %ld msec\n", repeats, (1000 * total_time) / CLOCKS_PER_SEC);
+ }
+
+ goto success;
+success:
+ res = 0;
+fail:
+ if(gKeysMngr != NULL) {
+ xmlSecKeysMngrDestroy(gKeysMngr);
+ gKeysMngr = NULL;
+ }
+ xmlSecAppShutdown();
+ xmlSecAppCmdLineParamsListClean(parameters);
+ return(res);
+}
+
+
+#ifndef XMLSEC_NO_XMLDSIG
+static int
+xmlSecAppSignFile(const char* filename) {
+ xmlSecAppXmlDataPtr data = NULL;
+ xmlSecDSigCtx dsigCtx;
+ clock_t start_time;
+ int res = -1;
+
+ if(filename == NULL) {
+ return(-1);
+ }
+
+ if(xmlSecDSigCtxInitialize(&dsigCtx, gKeysMngr) < 0) {
+ fprintf(stderr, "Error: dsig context initialization failed\n");
+ return(-1);
+ }
+
+ if(xmlSecAppPrepareDSigCtx(&dsigCtx) < 0) {
+ fprintf(stderr, "Error: dsig context preparation failed\n");
+ goto done;
+ }
+
+ /* parse template and select start node */
+ data = xmlSecAppXmlDataCreate(filename, xmlSecNodeSignature, xmlSecDSigNs);
+ if(data == NULL) {
+ fprintf(stderr, "Error: failed to load template \"%s\"\n", filename);
+ goto done;
+ }
+
+
+ /* sign */
+ start_time = clock();
+ if(xmlSecDSigCtxSign(&dsigCtx, data->startNode) < 0) {
+ fprintf(stderr,"Error: signature failed \n");
+ goto done;
+ }
+ total_time += clock() - start_time;
+
+ if(repeats <= 1) {
+ FILE* f;
+
+ f = xmlSecAppOpenFile(xmlSecAppCmdLineParamGetString(&outputParam));
+ if(f == NULL) {
+ fprintf(stderr,"Error: failed to open output file \"%s\"\n",
+ xmlSecAppCmdLineParamGetString(&outputParam));
+ goto done;
+ }
+ xmlDocDump(f, data->doc);
+ xmlSecAppCloseFile(f);
+ }
+
+ res = 0;
+done:
+ /* print debug info if requested */
+ if(repeats <= 1) {
+ xmlSecAppPrintDSigCtx(&dsigCtx);
+ }
+ xmlSecDSigCtxFinalize(&dsigCtx);
+ if(data != NULL) {
+ xmlSecAppXmlDataDestroy(data);
+ }
+ return(res);
+}
+
+static int
+xmlSecAppVerifyFile(const char* filename) {
+ xmlSecAppXmlDataPtr data = NULL;
+ xmlSecDSigCtx dsigCtx;
+ clock_t start_time;
+ int res = -1;
+
+ if(filename == NULL) {
+ return(-1);
+ }
+
+ if(xmlSecDSigCtxInitialize(&dsigCtx, gKeysMngr) < 0) {
+ fprintf(stderr, "Error: dsig context initialization failed\n");
+ return(-1);
+ }
+ if(xmlSecAppPrepareDSigCtx(&dsigCtx) < 0) {
+ fprintf(stderr, "Error: dsig context preparation failed\n");
+ goto done;
+ }
+
+ /* parse template and select start node */
+ data = xmlSecAppXmlDataCreate(filename, xmlSecNodeSignature, xmlSecDSigNs);
+ if(data == NULL) {
+ fprintf(stderr, "Error: failed to load document \"%s\"\n", filename);
+ goto done;
+ }
+
+ /* sign */
+ start_time = clock();
+ if(xmlSecDSigCtxVerify(&dsigCtx, data->startNode) < 0) {
+ fprintf(stderr,"Error: signature failed \n");
+ goto done;
+ }
+ total_time += clock() - start_time;
+
+ if((repeats <= 1) && (dsigCtx.status != xmlSecDSigStatusSucceeded)){
+ /* return an error if signature does not match */
+ goto done;
+ }
+
+ res = 0;
+done:
+ /* print debug info if requested */
+ if(repeats <= 1) {
+ xmlSecDSigReferenceCtxPtr dsigRefCtx;
+ xmlSecSize good, i, size;
+ FILE* f;
+
+ f = xmlSecAppOpenFile(xmlSecAppCmdLineParamGetString(&outputParam));
+ if(f == NULL) {
+ fprintf(stderr,"Error: failed to open output file \"%s\"\n",
+ xmlSecAppCmdLineParamGetString(&outputParam));
+ goto done;
+ }
+ xmlSecAppCloseFile(f);
+
+ switch(dsigCtx.status) {
+ case xmlSecDSigStatusUnknown:
+ fprintf(stderr, "ERROR\n");
+ break;
+ case xmlSecDSigStatusSucceeded:
+ fprintf(stderr, "OK\n");
+ break;
+ case xmlSecDSigStatusInvalid:
+ fprintf(stderr, "FAIL\n");
+ break;
+ }
+
+ /* print stats about # of good/bad references/manifests */
+ size = xmlSecPtrListGetSize(&(dsigCtx.signedInfoReferences));
+ for(i = good = 0; i < size; ++i) {
+ dsigRefCtx = (xmlSecDSigReferenceCtxPtr)xmlSecPtrListGetItem(&(dsigCtx.signedInfoReferences), i);
+ if(dsigRefCtx == NULL) {
+ fprintf(stderr,"Error: reference ctx is null\n");
+ goto done;
+ }
+ if(dsigRefCtx->status == xmlSecDSigStatusSucceeded) {
+ ++good;
+ }
+ }
+ fprintf(stderr, "SignedInfo References (ok/all): %d/%d\n", good, size);
+
+ size = xmlSecPtrListGetSize(&(dsigCtx.manifestReferences));
+ for(i = good = 0; i < size; ++i) {
+ dsigRefCtx = (xmlSecDSigReferenceCtxPtr)xmlSecPtrListGetItem(&(dsigCtx.manifestReferences), i);
+ if(dsigRefCtx == NULL) {
+ fprintf(stderr,"Error: reference ctx is null\n");
+ goto done;
+ }
+ if(dsigRefCtx->status == xmlSecDSigStatusSucceeded) {
+ ++good;
+ }
+ }
+ fprintf(stderr, "Manifests References (ok/all): %d/%d\n", good, size);
+
+ xmlSecAppPrintDSigCtx(&dsigCtx);
+ }
+ xmlSecDSigCtxFinalize(&dsigCtx);
+ if(data != NULL) {
+ xmlSecAppXmlDataDestroy(data);
+ }
+ return(res);
+}
+
+#ifndef XMLSEC_NO_TMPL_TEST
+static int
+xmlSecAppSignTmpl(void) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr cur;
+ xmlSecDSigCtx dsigCtx;
+ clock_t start_time;
+ int res = -1;
+
+ if(xmlSecDSigCtxInitialize(&dsigCtx, gKeysMngr) < 0) {
+ fprintf(stderr, "Error: dsig context initialization failed\n");
+ return(-1);
+ }
+ if(xmlSecAppPrepareDSigCtx(&dsigCtx) < 0) {
+ fprintf(stderr, "Error: dsig context preparation failed\n");
+ goto done;
+ }
+
+ /* prepare template */
+ doc = xmlNewDoc(BAD_CAST "1.0");
+ if(doc == NULL) {
+ fprintf(stderr, "Error: failed to create doc\n");
+ goto done;
+ }
+
+ cur = xmlSecTmplSignatureCreate(doc, xmlSecTransformInclC14NId,
+ xmlSecTransformHmacSha1Id, NULL);
+ if(cur == NULL) {
+ fprintf(stderr, "Error: failed to create Signature node\n");
+ goto done;
+ }
+ xmlDocSetRootElement(doc, cur);
+
+ /* set hmac signature length */
+ cur = xmlSecTmplSignatureGetSignMethodNode(xmlDocGetRootElement(doc));
+ if(cur == NULL) {
+ fprintf(stderr, "Error: failed to find SignatureMethod node\n");
+ goto done;
+ }
+ if(xmlSecTmplTransformAddHmacOutputLength(cur, 93) < 0) {
+ fprintf(stderr, "Error: failed to set hmac length\n");
+ goto done;
+ }
+
+ cur = xmlSecTmplSignatureAddReference(xmlDocGetRootElement(doc),
+ xmlSecTransformSha1Id,
+ BAD_CAST "ref1", NULL, NULL);
+ if(cur == NULL) {
+ fprintf(stderr, "Error: failed to add Reference node\n");
+ goto done;
+ }
+
+ cur = xmlSecTmplReferenceAddTransform(cur, xmlSecTransformXPath2Id);
+ if(cur == NULL) {
+ fprintf(stderr, "Error: failed to add XPath transform\n");
+ goto done;
+ }
+
+ if(xmlSecTmplTransformAddXPath2(cur, BAD_CAST "intersect",
+ BAD_CAST "//*[@Id='object1']", NULL) < 0) {
+ fprintf(stderr, "Error: failed to set XPath expression\n");
+ goto done;
+ }
+
+ cur = xmlSecTmplSignatureAddObject(xmlDocGetRootElement(doc),
+ BAD_CAST "object1", NULL, NULL);
+ if(cur == NULL) {
+ fprintf(stderr, "Error: failed to add Object node\n");
+ goto done;
+ }
+ xmlNodeSetContent(cur, BAD_CAST "This is signed data");
+
+ /* add key information */
+ cur = xmlSecTmplSignatureEnsureKeyInfo(xmlDocGetRootElement(doc), NULL);
+ if(cur == NULL) {
+ fprintf(stderr, "Error: failed to add KeyInfo node\n");
+ goto done;
+ }
+ if(xmlSecTmplKeyInfoAddKeyName(cur, NULL) == NULL) {
+ fprintf(stderr, "Error: failed to add KeyName node\n");
+ goto done;
+ }
+
+ /* sign */
+ start_time = clock();
+ if(xmlSecDSigCtxSign(&dsigCtx, xmlDocGetRootElement(doc)) < 0) {
+ fprintf(stderr,"Error: signature failed \n");
+ goto done;
+ }
+ total_time += clock() - start_time;
+
+ if(repeats <= 1) {
+ FILE* f;
+
+ f = xmlSecAppOpenFile(xmlSecAppCmdLineParamGetString(&outputParam));
+ if(f == NULL) {
+ fprintf(stderr,"Error: failed to open output file \"%s\"\n",
+ xmlSecAppCmdLineParamGetString(&outputParam));
+ goto done;
+ }
+ xmlDocDump(f, doc);
+ xmlSecAppCloseFile(f);
+ }
+
+ res = 0;
+done:
+ /* print debug info if requested */
+ if(repeats <= 1) {
+ xmlSecAppPrintDSigCtx(&dsigCtx);
+ }
+ xmlSecDSigCtxFinalize(&dsigCtx);
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+#endif /* XMLSEC_NO_TMPL_TEST */
+
+static int
+xmlSecAppPrepareDSigCtx(xmlSecDSigCtxPtr dsigCtx) {
+ if(dsigCtx == NULL) {
+ fprintf(stderr, "Error: dsig context is null\n");
+ return(-1);
+ }
+
+ /* set key info params */
+ if(xmlSecAppPrepareKeyInfoReadCtx(&(dsigCtx->keyInfoReadCtx)) < 0) {
+ fprintf(stderr, "Error: failed to prepare key info context\n");
+ return(-1);
+ }
+
+ if(xmlSecAppCmdLineParamGetString(&sessionKeyParam) != NULL) {
+ dsigCtx->signKey = xmlSecAppCryptoKeyGenerate(xmlSecAppCmdLineParamGetString(&sessionKeyParam),
+ NULL, xmlSecKeyDataTypeSession);
+ if(dsigCtx->signKey == NULL) {
+ fprintf(stderr, "Error: failed to generate a session key \"%s\"\n",
+ xmlSecAppCmdLineParamGetString(&sessionKeyParam));
+ return(-1);
+ }
+ }
+
+ /* set dsig params */
+ if(xmlSecAppCmdLineParamIsSet(&ignoreManifestsParam)) {
+ dsigCtx->flags |= XMLSEC_DSIG_FLAGS_IGNORE_MANIFESTS;
+ }
+ if(xmlSecAppCmdLineParamIsSet(&storeReferencesParam)) {
+ dsigCtx->flags |= XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES |
+ XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES;
+ print_debug = 1;
+ }
+ if(xmlSecAppCmdLineParamIsSet(&storeSignaturesParam)) {
+ dsigCtx->flags |= XMLSEC_DSIG_FLAGS_STORE_SIGNATURE;
+ print_debug = 1;
+ }
+ if(xmlSecAppCmdLineParamIsSet(&enableVisa3DHackParam)) {
+ dsigCtx->flags |= XMLSEC_DSIG_FLAGS_USE_VISA3D_HACK;
+ }
+
+ if(xmlSecAppCmdLineParamGetStringList(&enabledRefUrisParam) != NULL) {
+ dsigCtx->enabledReferenceUris = xmlSecAppGetUriType(
+ xmlSecAppCmdLineParamGetStringList(&enabledRefUrisParam));
+ if(dsigCtx->enabledReferenceUris == xmlSecTransformUriTypeNone) {
+ fprintf(stderr, "Error: failed to parse \"%s\"\n",
+ xmlSecAppCmdLineParamGetStringList(&enabledRefUrisParam));
+ return(-1);
+ }
+ }
+
+ return(0);
+}
+
+static void
+xmlSecAppPrintDSigCtx(xmlSecDSigCtxPtr dsigCtx) {
+ if(dsigCtx == NULL) {
+ return;
+ }
+
+ if(xmlSecAppCmdLineParamIsSet(&printDebugParam) || xmlSecAppCmdLineParamIsSet(&printXmlDebugParam)) {
+ print_debug = 0;
+ }
+
+ /* print debug info if requested */
+ if((print_debug != 0) || xmlSecAppCmdLineParamIsSet(&printDebugParam)) {
+ xmlSecDSigCtxDebugDump(dsigCtx, stdout);
+ }
+
+ if(xmlSecAppCmdLineParamIsSet(&printXmlDebugParam)) {
+ xmlSecDSigCtxDebugXmlDump(dsigCtx, stdout);
+ }
+}
+
+#endif /* XMLSEC_NO_XMLDSIG */
+
+#ifndef XMLSEC_NO_XMLENC
+static int
+xmlSecAppEncryptFile(const char* filename) {
+ xmlSecAppXmlDataPtr data = NULL;
+ xmlSecEncCtx encCtx;
+ xmlDocPtr doc = NULL;
+ xmlNodePtr startTmplNode;
+ clock_t start_time;
+ int res = -1;
+
+ if(filename == NULL) {
+ return(-1);
+ }
+
+ if(xmlSecEncCtxInitialize(&encCtx, gKeysMngr) < 0) {
+ fprintf(stderr, "Error: enc context initialization failed\n");
+ return(-1);
+ }
+ if(xmlSecAppPrepareEncCtx(&encCtx) < 0) {
+ fprintf(stderr, "Error: enc context preparation failed\n");
+ goto done;
+ }
+
+ /* parse doc and find template node */
+ doc = xmlSecParseFile(filename);
+ if(doc == NULL) {
+ fprintf(stderr, "Error: failed to parse xml file \"%s\"\n",
+ filename);
+ goto done;
+ }
+ startTmplNode = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeEncryptedData, xmlSecEncNs);
+ if(startTmplNode == NULL) {
+ fprintf(stderr, "Error: failed to find default node with name=\"%s\"\n",
+ xmlSecNodeEncryptedData);
+ goto done;
+ }
+
+ if(xmlSecAppCmdLineParamGetString(&binaryDataParam) != NULL) {
+ /* encrypt */
+ start_time = clock();
+ if(xmlSecEncCtxUriEncrypt(&encCtx, startTmplNode, BAD_CAST xmlSecAppCmdLineParamGetString(&binaryDataParam)) < 0) {
+ fprintf(stderr, "Error: failed to encrypt file \"%s\"\n",
+ xmlSecAppCmdLineParamGetString(&binaryDataParam));
+ goto done;
+ }
+ total_time += clock() - start_time;
+ } else if(xmlSecAppCmdLineParamGetString(&xmlDataParam) != NULL) {
+ /* parse file and select node for encryption */
+ data = xmlSecAppXmlDataCreate(xmlSecAppCmdLineParamGetString(&xmlDataParam), NULL, NULL);
+ if(data == NULL) {
+ fprintf(stderr, "Error: failed to load file \"%s\"\n",
+ xmlSecAppCmdLineParamGetString(&xmlDataParam));
+ goto done;
+ }
+
+ /* encrypt */
+ start_time = clock();
+ if(xmlSecEncCtxXmlEncrypt(&encCtx, startTmplNode, data->startNode) < 0) {
+ fprintf(stderr, "Error: failed to encrypt xml file \"%s\"\n",
+ xmlSecAppCmdLineParamGetString(&xmlDataParam));
+ goto done;
+ }
+ total_time += clock() - start_time;
+ } else {
+ fprintf(stderr, "Error: encryption data not specified (use \"--xml\" or \"--binary\" options)\n");
+ goto done;
+ }
+
+ /* print out result only once per execution */
+ if(repeats <= 1) {
+ if(encCtx.resultReplaced) {
+ if(xmlSecAppWriteResult((data != NULL) ? data->doc : doc, NULL) < 0) {
+ goto done;
+ }
+ } else {
+ if(xmlSecAppWriteResult(NULL, encCtx.result) < 0) {
+ goto done;
+ }
+ }
+ }
+ res = 0;
+
+done:
+ /* print debug info if requested */
+ if(repeats <= 1) {
+ xmlSecAppPrintEncCtx(&encCtx);
+ }
+ xmlSecEncCtxFinalize(&encCtx);
+
+ if(data != NULL) {
+ xmlSecAppXmlDataDestroy(data);
+ }
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+
+static int
+xmlSecAppDecryptFile(const char* filename) {
+ xmlSecAppXmlDataPtr data = NULL;
+ xmlSecEncCtx encCtx;
+ clock_t start_time;
+ int res = -1;
+
+ if(filename == NULL) {
+ return(-1);
+ }
+
+ if(xmlSecEncCtxInitialize(&encCtx, gKeysMngr) < 0) {
+ fprintf(stderr, "Error: enc context initialization failed\n");
+ return(-1);
+ }
+ if(xmlSecAppPrepareEncCtx(&encCtx) < 0) {
+ fprintf(stderr, "Error: enc context preparation failed\n");
+ goto done;
+ }
+
+ /* parse template and select start node */
+ data = xmlSecAppXmlDataCreate(filename, xmlSecNodeEncryptedData, xmlSecEncNs);
+ if(data == NULL) {
+ fprintf(stderr, "Error: failed to load template \"%s\"\n", filename);
+ goto done;
+ }
+
+ start_time = clock();
+ if(xmlSecEncCtxDecrypt(&encCtx, data->startNode) < 0) {
+ fprintf(stderr, "Error: failed to decrypt file\n");
+ goto done;
+ }
+ total_time += clock() - start_time;
+
+ /* print out result only once per execution */
+ if(repeats <= 1) {
+ if(encCtx.resultReplaced) {
+ if(xmlSecAppWriteResult(data->doc, NULL) < 0) {
+ goto done;
+ }
+ } else {
+ if(xmlSecAppWriteResult(NULL, encCtx.result) < 0) {
+ goto done;
+ }
+ }
+ }
+ res = 0;
+
+done:
+ /* print debug info if requested */
+ if(repeats <= 1) {
+ xmlSecAppPrintEncCtx(&encCtx);
+ }
+ xmlSecEncCtxFinalize(&encCtx);
+
+ if(data != NULL) {
+ xmlSecAppXmlDataDestroy(data);
+ }
+ return(res);
+}
+
+#ifndef XMLSEC_NO_TMPL_TEST
+static int
+xmlSecAppEncryptTmpl(void) {
+ const char* data = "Hello, World!";
+ xmlSecEncCtx encCtx;
+ xmlDocPtr doc = NULL;
+ xmlNodePtr cur;
+ clock_t start_time;
+ int res = -1;
+
+ if(xmlSecEncCtxInitialize(&encCtx, gKeysMngr) < 0) {
+ fprintf(stderr, "Error: enc context initialization failed\n");
+ return(-1);
+ }
+ if(xmlSecAppPrepareEncCtx(&encCtx) < 0) {
+ fprintf(stderr, "Error: enc context preparation failed\n");
+ goto done;
+ }
+
+ /* prepare template */
+ doc = xmlNewDoc(BAD_CAST "1.0");
+ if(doc == NULL) {
+ fprintf(stderr, "Error: failed to create doc\n");
+ goto done;
+ }
+
+ cur = xmlSecTmplEncDataCreate(doc, xmlSecTransformDes3CbcId,
+ NULL, NULL, NULL, NULL);
+ if(cur == NULL) {
+ fprintf(stderr, "Error: failed to encryption template\n");
+ goto done;
+ }
+ xmlDocSetRootElement(doc, cur);
+
+ if(xmlSecTmplEncDataEnsureCipherValue(xmlDocGetRootElement(doc)) == NULL) {
+ fprintf(stderr, "Error: failed to add CipherValue node\n");
+ goto done;
+ }
+
+ /* add key information */
+ cur = xmlSecTmplEncDataEnsureKeyInfo(xmlDocGetRootElement(doc), NULL);
+ if(cur == NULL) {
+ fprintf(stderr, "Error: failed to add KeyInfo node\n");
+ goto done;
+ }
+ if(xmlSecTmplKeyInfoAddKeyName(cur, NULL) == NULL) {
+ fprintf(stderr, "Error: failed to add KeyName node\n");
+ goto done;
+ }
+
+ /* encrypt */
+ start_time = clock();
+ if(xmlSecEncCtxBinaryEncrypt(&encCtx, xmlDocGetRootElement(doc),
+ (const xmlSecByte*)data, strlen(data)) < 0) {
+ fprintf(stderr, "Error: failed to encrypt data\n");
+ goto done;
+ }
+ total_time += clock() - start_time;
+
+ /* print out result only once per execution */
+ if(repeats <= 1) {
+ if(encCtx.resultReplaced) {
+ if(xmlSecAppWriteResult(doc, NULL) < 0) {
+ goto done;
+ }
+ } else {
+ if(xmlSecAppWriteResult(NULL, encCtx.result) < 0) {
+ goto done;
+ }
+ }
+ }
+ res = 0;
+
+done:
+ /* print debug info if requested */
+ if(repeats <= 1) {
+ xmlSecAppPrintEncCtx(&encCtx);
+ }
+ xmlSecEncCtxFinalize(&encCtx);
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+#endif /* XMLSEC_NO_TMPL_TEST */
+
+static int
+xmlSecAppPrepareEncCtx(xmlSecEncCtxPtr encCtx) {
+ if(encCtx == NULL) {
+ fprintf(stderr, "Error: enc context is null\n");
+ return(-1);
+ }
+
+ /* set key info params */
+ if(xmlSecAppPrepareKeyInfoReadCtx(&(encCtx->keyInfoReadCtx)) < 0) {
+ fprintf(stderr, "Error: failed to prepare key info context\n");
+ return(-1);
+ }
+
+ if(xmlSecAppCmdLineParamGetString(&sessionKeyParam) != NULL) {
+ encCtx->encKey = xmlSecAppCryptoKeyGenerate(xmlSecAppCmdLineParamGetString(&sessionKeyParam),
+ NULL, xmlSecKeyDataTypeSession);
+ if(encCtx->encKey == NULL) {
+ fprintf(stderr, "Error: failed to generate a session key \"%s\"\n",
+ xmlSecAppCmdLineParamGetString(&sessionKeyParam));
+ return(-1);
+ }
+ }
+
+ if(xmlSecAppCmdLineParamGetStringList(&enabledCipherRefUrisParam) != NULL) {
+ encCtx->transformCtx.enabledUris = xmlSecAppGetUriType(
+ xmlSecAppCmdLineParamGetStringList(&enabledCipherRefUrisParam));
+ if(encCtx->transformCtx.enabledUris == xmlSecTransformUriTypeNone) {
+ fprintf(stderr, "Error: failed to parse \"%s\"\n",
+ xmlSecAppCmdLineParamGetStringList(&enabledCipherRefUrisParam));
+ return(-1);
+ }
+ }
+ return(0);
+}
+
+static void
+xmlSecAppPrintEncCtx(xmlSecEncCtxPtr encCtx) {
+ if(encCtx == NULL) {
+ return;
+ }
+
+ /* print debug info if requested */
+ if((print_debug != 0) || xmlSecAppCmdLineParamIsSet(&printDebugParam)) {
+ xmlSecEncCtxDebugDump(encCtx, stdout);
+ }
+
+ if(xmlSecAppCmdLineParamIsSet(&printXmlDebugParam)) {
+ xmlSecEncCtxDebugXmlDump(encCtx, stdout);
+ }
+}
+
+#endif /* XMLSEC_NO_XMLENC */
+
+#ifndef XMLSEC_NO_XKMS
+static int
+xmlSecAppXkmsServerProcess(const char* filename) {
+ xmlSecAppXmlDataPtr data = NULL;
+ xmlDocPtr doc = NULL;
+ xmlNodePtr result;
+ xmlSecXkmsServerCtx xkmsServerCtx;
+ xmlSecXkmsServerFormat format = xmlSecXkmsServerFormatPlain;
+ clock_t start_time;
+ int res = -1;
+
+ if(filename == NULL) {
+ return(-1);
+ }
+
+ if(xmlSecXkmsServerCtxInitialize(&xkmsServerCtx, gKeysMngr) < 0) {
+ fprintf(stderr, "Error: XKMS server context initialization failed\n");
+ return(-1);
+ }
+ if(xmlSecAppPrepareXkmsServerCtx(&xkmsServerCtx) < 0) {
+ fprintf(stderr, "Error: XKMS server context preparation failed\n");
+ goto done;
+ }
+
+ /* get the input format */
+ if(xmlSecAppCmdLineParamGetString(&xkmsFormatParam) != NULL) {
+ format = xmlSecXkmsServerFormatFromString(BAD_CAST xmlSecAppCmdLineParamGetString(&xkmsFormatParam));
+ if(format == xmlSecXkmsServerFormatUnknown) {
+ fprintf(stderr, "Error: unknown format \"%s\"\n",
+ xmlSecAppCmdLineParamGetString(&xkmsFormatParam));
+ return(-1);
+ }
+ }
+
+ /* parse template and select start node, there are multiple options
+ * for start node thus we don't provide the default start node name */
+ data = xmlSecAppXmlDataCreate(filename, NULL, NULL);
+ if(data == NULL) {
+ fprintf(stderr, "Error: failed to load request from file \"%s\"\n", filename);
+ goto done;
+ }
+
+ /* prepare result document */
+ doc = xmlNewDoc(BAD_CAST "1.0");
+ if(doc == NULL) {
+ fprintf(stderr, "Error: failed to create doc\n");
+ goto done;
+ }
+
+ start_time = clock();
+ result = xmlSecXkmsServerCtxProcess(&xkmsServerCtx, data->startNode, format, doc);
+ if(result == NULL) {
+ fprintf(stderr, "Error: failed to process xkms server request\n");
+ goto done;
+ }
+ total_time += clock() - start_time;
+
+
+ /* print out result only once per execution */
+ xmlDocSetRootElement(doc, result);
+ if(repeats <= 1) {
+ if(xmlSecAppWriteResult(doc, NULL) < 0) {
+ goto done;
+ }
+ }
+
+ res = 0;
+
+done:
+ /* print debug info if requested */
+ if(repeats <= 1) {
+ xmlSecAppPrintXkmsServerCtx(&xkmsServerCtx);
+ }
+ xmlSecXkmsServerCtxFinalize(&xkmsServerCtx);
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ if(data != NULL) {
+ xmlSecAppXmlDataDestroy(data);
+ }
+ return(res);
+}
+
+static int
+xmlSecAppPrepareXkmsServerCtx(xmlSecXkmsServerCtxPtr xkmsServerCtx) {
+ if(xkmsServerCtx == NULL) {
+ fprintf(stderr, "Error: XKMS context is null\n");
+ return(-1);
+ }
+
+ /* set key info params */
+ if(xmlSecAppPrepareKeyInfoReadCtx(&(xkmsServerCtx->keyInfoReadCtx)) < 0) {
+ fprintf(stderr, "Error: failed to prepare key info context\n");
+ return(-1);
+ }
+
+ if(xmlSecAppCmdLineParamGetString(&xkmsServiceParam) != NULL) {
+ xkmsServerCtx->expectedService = xmlStrdup(BAD_CAST xmlSecAppCmdLineParamGetString(&xkmsServiceParam));
+ if(xkmsServerCtx->expectedService == NULL) {
+ fprintf(stderr, "Error: failed to duplicate string \"%s\"\n",
+ xmlSecAppCmdLineParamGetString(&xkmsServiceParam));
+ return(-1);
+ }
+ }
+
+ if(xmlSecAppCmdLineParamIsSet(&xkmsStopUnknownResponseMechanismParam)) {
+ xkmsServerCtx->flags |= XMLSEC_XKMS_SERVER_FLAGS_STOP_ON_UNKNOWN_RESPONSE_MECHANISM;
+ }
+ if(xmlSecAppCmdLineParamIsSet(&xkmsStopUnknownRespondWithParam)) {
+ xkmsServerCtx->flags |= XMLSEC_XKMS_SERVER_FLAGS_STOP_ON_UNKNOWN_RESPOND_WITH;
+ }
+ if(xmlSecAppCmdLineParamIsSet(&xkmsStopUnknownKeyUsageParam)) {
+ xkmsServerCtx->flags |= XMLSEC_XKMS_SERVER_FLAGS_STOP_ON_UNKNOWN_KEY_USAGE;
+ }
+ return(0);
+}
+
+static void
+xmlSecAppPrintXkmsServerCtx(xmlSecXkmsServerCtxPtr xkmsServerCtx) {
+ if(xkmsServerCtx == NULL) {
+ return;
+ }
+
+ /* print debug info if requested */
+ if((print_debug != 0) || xmlSecAppCmdLineParamIsSet(&printDebugParam)) {
+ xmlSecXkmsServerCtxDebugDump(xkmsServerCtx, stdout);
+ }
+
+ if(xmlSecAppCmdLineParamIsSet(&printXmlDebugParam)) {
+ xmlSecXkmsServerCtxDebugXmlDump(xkmsServerCtx, stdout);
+ }
+}
+
+#endif /* XMLSEC_NO_XKMS */
+
+static void
+xmlSecAppListKeyData(void) {
+ fprintf(stdout, "Registered key data klasses:\n");
+ xmlSecKeyDataIdListDebugDump(xmlSecKeyDataIdsGet(), stdout);
+}
+
+static int
+xmlSecAppCheckKeyData(const char * name) {
+ if(xmlSecKeyDataIdListFindByName(xmlSecKeyDataIdsGet(), BAD_CAST name, xmlSecKeyDataUsageAny) == xmlSecKeyDataIdUnknown) {
+ return -1;
+ }
+ return 0;
+}
+
+static void
+xmlSecAppListTransforms(void) {
+ fprintf(stdout, "Registered transform klasses:\n");
+ xmlSecTransformIdListDebugDump(xmlSecTransformIdsGet(), stdout);
+}
+
+static int
+xmlSecAppCheckTransform(const char * name) {
+ if(xmlSecTransformIdListFindByName(xmlSecTransformIdsGet(), BAD_CAST name, xmlSecTransformUsageAny) == xmlSecTransformIdUnknown) {
+ return -1;
+ }
+ return 0;
+}
+
+static int
+xmlSecAppPrepareKeyInfoReadCtx(xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAppCmdLineValuePtr value;
+ int ret;
+
+ if(keyInfoCtx == NULL) {
+ fprintf(stderr, "Error: key info context is null\n");
+ return(-1);
+ }
+
+#ifndef XMLSEC_NO_X509
+ if(xmlSecAppCmdLineParamIsSet(&verificationTimeParam)) {
+ keyInfoCtx->certsVerificationTime = xmlSecAppCmdLineParamGetTime(&verificationTimeParam, 0);
+ }
+ if(xmlSecAppCmdLineParamIsSet(&depthParam)) {
+ keyInfoCtx->certsVerificationDepth = xmlSecAppCmdLineParamGetInt(&depthParam, 0);
+ }
+ if(xmlSecAppCmdLineParamIsSet(&X509SkipStrictChecksParam)) {
+ keyInfoCtx->flags |= XMLSEC_KEYINFO_FLAGS_X509DATA_SKIP_STRICT_CHECKS;
+ }
+#endif /* XMLSEC_NO_X509 */
+
+ /* read enabled key data list */
+ for(value = enabledKeyDataParam.value; value != NULL; value = value->next) {
+ if(value->strListValue == NULL) {
+ fprintf(stderr, "Error: invalid value for option \"%s\".\n",
+ enabledKeyDataParam.fullName);
+ return(-1);
+ } else {
+ xmlSecKeyDataId dataId;
+ const char* p;
+
+ for(p = value->strListValue; (p != NULL) && ((*p) != '\0'); p += strlen(p)) {
+ dataId = xmlSecKeyDataIdListFindByName(xmlSecKeyDataIdsGet(), BAD_CAST p, xmlSecKeyDataUsageAny);
+ if(dataId == xmlSecKeyDataIdUnknown) {
+ fprintf(stderr, "Error: key data \"%s\" is unknown.\n", p);
+ return(-1);
+ }
+ ret = xmlSecPtrListAdd(&(keyInfoCtx->enabledKeyData), (const xmlSecPtr)dataId);
+ if(ret < 0) {
+ fprintf(stderr, "Error: failed to enable key data \"%s\".\n", p);
+ return(-1);
+ }
+ }
+ }
+ }
+
+ /* read enabled RetrievalMethod uris */
+ if(xmlSecAppCmdLineParamGetStringList(&enabledRetrievalMethodUrisParam) != NULL) {
+ keyInfoCtx->retrievalMethodCtx.enabledUris = xmlSecAppGetUriType(
+ xmlSecAppCmdLineParamGetStringList(&enabledRetrievalMethodUrisParam));
+ if(keyInfoCtx->retrievalMethodCtx.enabledUris == xmlSecTransformUriTypeNone) {
+ fprintf(stderr, "Error: failed to parse \"%s\"\n",
+ xmlSecAppCmdLineParamGetStringList(&enabledRetrievalMethodUrisParam));
+ return(-1);
+ }
+ }
+
+ return(0);
+}
+
+static int
+xmlSecAppLoadKeys(void) {
+ xmlSecAppCmdLineValuePtr value;
+
+ if(gKeysMngr != NULL) {
+ fprintf(stderr, "Error: keys manager already initialized.\n");
+ return(-1);
+ }
+
+ /* create and initialize keys manager */
+ gKeysMngr = xmlSecKeysMngrCreate();
+ if(gKeysMngr == NULL) {
+ fprintf(stderr, "Error: failed to create keys manager.\n");
+ return(-1);
+ }
+ if(xmlSecAppCryptoSimpleKeysMngrInit(gKeysMngr) < 0) {
+ fprintf(stderr, "Error: failed to initialize keys manager.\n");
+ return(-1);
+ }
+
+ /* generate new key file */
+ for(value = genKeyParam.value; value != NULL; value = value->next) {
+ if(value->strValue == NULL) {
+ fprintf(stderr, "Error: invalid value for option \"%s\".\n", genKeyParam.fullName);
+ return(-1);
+ } else if(xmlSecAppCryptoSimpleKeysMngrKeyGenerate(gKeysMngr, value->strValue, value->paramNameValue) < 0) {
+ fprintf(stderr, "Error: failed to generate key \"%s\".\n", value->strValue);
+ return(-1);
+ }
+ }
+
+ /* read all xml key files */
+ for(value = keysFileParam.value; value != NULL; value = value->next) {
+ if(value->strValue == NULL) {
+ fprintf(stderr, "Error: invalid value for option \"%s\".\n", keysFileParam.fullName);
+ return(-1);
+ } else if(xmlSecAppCryptoSimpleKeysMngrLoad(gKeysMngr, value->strValue) < 0) {
+ fprintf(stderr, "Error: failed to load xml keys file \"%s\".\n", value->strValue);
+ return(-1);
+ }
+ }
+
+ /* read all private keys */
+ for(value = privkeyParam.value; value != NULL; value = value->next) {
+ if(value->strValue == NULL) {
+ fprintf(stderr, "Error: invalid value for option \"%s\".\n",
+ privkeyParam.fullName);
+ return(-1);
+ } else if(xmlSecAppCryptoSimpleKeysMngrKeyAndCertsLoad(gKeysMngr,
+ value->strListValue,
+ xmlSecAppCmdLineParamGetString(&pwdParam),
+ value->paramNameValue,
+ xmlSecKeyDataFormatPem) < 0) {
+ fprintf(stderr, "Error: failed to load private key from \"%s\".\n",
+ value->strListValue);
+ return(-1);
+ }
+ }
+
+ for(value = privkeyDerParam.value; value != NULL; value = value->next) {
+ if(value->strValue == NULL) {
+ fprintf(stderr, "Error: invalid value for option \"%s\".\n",
+ privkeyDerParam.fullName);
+ return(-1);
+ } else if(xmlSecAppCryptoSimpleKeysMngrKeyAndCertsLoad(gKeysMngr,
+ value->strListValue,
+ xmlSecAppCmdLineParamGetString(&pwdParam),
+ value->paramNameValue,
+ xmlSecKeyDataFormatDer) < 0) {
+ fprintf(stderr, "Error: failed to load private key from \"%s\".\n",
+ value->strListValue);
+ return(-1);
+ }
+ }
+
+ for(value = pkcs8PemParam.value; value != NULL; value = value->next) {
+ if(value->strValue == NULL) {
+ fprintf(stderr, "Error: invalid value for option \"%s\".\n",
+ pkcs8PemParam.fullName);
+ return(-1);
+ } else if(xmlSecAppCryptoSimpleKeysMngrKeyAndCertsLoad(gKeysMngr,
+ value->strListValue,
+ xmlSecAppCmdLineParamGetString(&pwdParam),
+ value->paramNameValue,
+ xmlSecKeyDataFormatPkcs8Pem) < 0) {
+ fprintf(stderr, "Error: failed to load private key from \"%s\".\n",
+ value->strListValue);
+ return(-1);
+ }
+ }
+
+ for(value = pkcs8DerParam.value; value != NULL; value = value->next) {
+ if(value->strValue == NULL) {
+ fprintf(stderr, "Error: invalid value for option \"%s\".\n",
+ pkcs8DerParam.fullName);
+ return(-1);
+ } else if(xmlSecAppCryptoSimpleKeysMngrKeyAndCertsLoad(gKeysMngr,
+ value->strListValue,
+ xmlSecAppCmdLineParamGetString(&pwdParam),
+ value->paramNameValue,
+ xmlSecKeyDataFormatPkcs8Der) < 0) {
+ fprintf(stderr, "Error: failed to load private key from \"%s\".\n",
+ value->strListValue);
+ return(-1);
+ }
+ }
+
+ /* read all public keys */
+ for(value = pubkeyParam.value; value != NULL; value = value->next) {
+ if(value->strValue == NULL) {
+ fprintf(stderr, "Error: invalid value for option \"%s\".\n",
+ pubkeyParam.fullName);
+ return(-1);
+ } else if(xmlSecAppCryptoSimpleKeysMngrKeyAndCertsLoad(gKeysMngr,
+ value->strListValue,
+ xmlSecAppCmdLineParamGetString(&pwdParam),
+ value->paramNameValue,
+ xmlSecKeyDataFormatPem) < 0) {
+ fprintf(stderr, "Error: failed to load public key from \"%s\".\n",
+ value->strListValue);
+ return(-1);
+ }
+ }
+
+ for(value = pubkeyDerParam.value; value != NULL; value = value->next) {
+ if(value->strValue == NULL) {
+ fprintf(stderr, "Error: invalid value for option \"%s\".\n",
+ pubkeyDerParam.fullName);
+ return(-1);
+ } else if(xmlSecAppCryptoSimpleKeysMngrKeyAndCertsLoad(gKeysMngr,
+ value->strListValue,
+ xmlSecAppCmdLineParamGetString(&pwdParam),
+ value->paramNameValue,
+ xmlSecKeyDataFormatDer) < 0) {
+ fprintf(stderr, "Error: failed to load public key from \"%s\".\n",
+ value->strListValue);
+ return(-1);
+ }
+ }
+
+#ifndef XMLSEC_NO_AES
+ /* read all AES keys */
+ for(value = aeskeyParam.value; value != NULL; value = value->next) {
+ if(value->strValue == NULL) {
+ fprintf(stderr, "Error: invalid value for option \"%s\".\n",
+ aeskeyParam.fullName);
+ return(-1);
+ } else if(xmlSecAppCryptoSimpleKeysMngrBinaryKeyLoad(gKeysMngr,
+ "aes", value->strValue, value->paramNameValue) < 0) {
+ fprintf(stderr, "Error: failed to load aes key from \"%s\".\n",
+ value->strValue);
+ return(-1);
+ }
+ }
+#endif /* XMLSEC_NO_AES */
+
+#ifndef XMLSEC_NO_DES
+ /* read all des keys */
+ for(value = deskeyParam.value; value != NULL; value = value->next) {
+ if(value->strValue == NULL) {
+ fprintf(stderr, "Error: invalid value for option \"%s\".\n",
+ deskeyParam.fullName);
+ return(-1);
+ } else if(xmlSecAppCryptoSimpleKeysMngrBinaryKeyLoad(gKeysMngr,
+ "des", value->strValue, value->paramNameValue) < 0) {
+ fprintf(stderr, "Error: failed to load des key from \"%s\".\n",
+ value->strValue);
+ return(-1);
+ }
+ }
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_HMAC
+ /* read all hmac keys */
+ for(value = hmackeyParam.value; value != NULL; value = value->next) {
+ if(value->strValue == NULL) {
+ fprintf(stderr, "Error: invalid value for option \"%s\".\n",
+ hmackeyParam.fullName);
+ return(-1);
+ } else if(xmlSecAppCryptoSimpleKeysMngrBinaryKeyLoad(gKeysMngr,
+ "hmac", value->strValue, value->paramNameValue) < 0) {
+ fprintf(stderr, "Error: failed to load hmac key from \"%s\".\n",
+ value->strValue);
+ return(-1);
+ }
+ }
+#endif /* XMLSEC_NO_HMAC */
+
+#ifndef XMLSEC_NO_X509
+ /* read all pkcs12 files */
+ for(value = pkcs12Param.value; value != NULL; value = value->next) {
+ if(value->strValue == NULL) {
+ fprintf(stderr, "Error: invalid value for option \"%s\".\n", pkcs12Param.fullName);
+ return(-1);
+ } else if(xmlSecAppCryptoSimpleKeysMngrPkcs12KeyLoad(gKeysMngr,
+ value->strValue,
+ xmlSecAppCmdLineParamGetString(&pwdParam),
+ value->paramNameValue) < 0) {
+ fprintf(stderr, "Error: failed to load pkcs12 key from \"%s\".\n",
+ value->strValue);
+ return(-1);
+ }
+ }
+
+ /* read all trusted certs */
+ for(value = trustedParam.value; value != NULL; value = value->next) {
+ if(value->strValue == NULL) {
+ fprintf(stderr, "Error: invalid value for option \"%s\".\n", trustedParam.fullName);
+ return(-1);
+ } else if(xmlSecAppCryptoSimpleKeysMngrCertLoad(gKeysMngr,
+ value->strValue, xmlSecKeyDataFormatPem,
+ xmlSecKeyDataTypeTrusted) < 0) {
+ fprintf(stderr, "Error: failed to load trusted cert from \"%s\".\n",
+ value->strValue);
+ return(-1);
+ }
+ }
+ for(value = trustedDerParam.value; value != NULL; value = value->next) {
+ if(value->strValue == NULL) {
+ fprintf(stderr, "Error: invalid value for option \"%s\".\n", trustedDerParam.fullName);
+ return(-1);
+ } else if(xmlSecAppCryptoSimpleKeysMngrCertLoad(gKeysMngr,
+ value->strValue, xmlSecKeyDataFormatDer,
+ xmlSecKeyDataTypeTrusted) < 0) {
+ fprintf(stderr, "Error: failed to load trusted cert from \"%s\".\n",
+ value->strValue);
+ return(-1);
+ }
+ }
+
+
+ /* read all public keys in certs */
+ for(value = pubkeyCertParam.value; value != NULL; value = value->next) {
+ if(value->strValue == NULL) {
+ fprintf(stderr, "Error: invalid value for option \"%s\".\n",
+ pubkeyCertParam.fullName);
+ return(-1);
+ } else if(xmlSecAppCryptoSimpleKeysMngrKeyAndCertsLoad(gKeysMngr,
+ value->strListValue,
+ xmlSecAppCmdLineParamGetString(&pwdParam),
+ value->paramNameValue,
+ xmlSecKeyDataFormatCertPem) < 0) {
+ fprintf(stderr, "Error: failed to load public key from \"%s\".\n",
+ value->strListValue);
+ return(-1);
+ }
+ }
+
+ for(value = pubkeyCertDerParam.value; value != NULL; value = value->next) {
+ if(value->strValue == NULL) {
+ fprintf(stderr, "Error: invalid value for option \"%s\".\n",
+ pubkeyCertDerParam.fullName);
+ return(-1);
+ } else if(xmlSecAppCryptoSimpleKeysMngrKeyAndCertsLoad(gKeysMngr,
+ value->strListValue,
+ xmlSecAppCmdLineParamGetString(&pwdParam),
+ value->paramNameValue,
+ xmlSecKeyDataFormatCertDer) < 0) {
+ fprintf(stderr, "Error: failed to load public key from \"%s\".\n",
+ value->strListValue);
+ return(-1);
+ }
+ }
+
+
+ /* read all untrusted certs */
+ for(value = untrustedParam.value; value != NULL; value = value->next) {
+ if(value->strValue == NULL) {
+ fprintf(stderr, "Error: invalid value for option \"%s\".\n", untrustedParam.fullName);
+ return(-1);
+ } else if(xmlSecAppCryptoSimpleKeysMngrCertLoad(gKeysMngr,
+ value->strValue, xmlSecKeyDataFormatPem,
+ xmlSecKeyDataTypeNone) < 0) {
+ fprintf(stderr, "Error: failed to load untrusted cert from \"%s\".\n",
+ value->strValue);
+ return(-1);
+ }
+ }
+ for(value = untrustedDerParam.value; value != NULL; value = value->next) {
+ if(value->strValue == NULL) {
+ fprintf(stderr, "Error: invalid value for option \"%s\".\n", untrustedDerParam.fullName);
+ return(-1);
+ } else if(xmlSecAppCryptoSimpleKeysMngrCertLoad(gKeysMngr,
+ value->strValue, xmlSecKeyDataFormatDer,
+ xmlSecKeyDataTypeNone) < 0) {
+ fprintf(stderr, "Error: failed to load untrusted cert from \"%s\".\n",
+ value->strValue);
+ return(-1);
+ }
+ }
+
+#endif /* XMLSEC_NO_X509 */
+
+ return(0);
+}
+
+static int intialized = 0;
+
+#ifndef XMLSEC_NO_XSLT
+static xsltSecurityPrefsPtr xsltSecPrefs = NULL;
+#endif /* XMLSEC_NO_XSLT */
+
+static int
+xmlSecAppInit(void) {
+ if(intialized != 0) {
+ return(0);
+ }
+ intialized = 1;
+
+ /* Init libxml */
+ xmlInitParser();
+ LIBXML_TEST_VERSION
+ xmlTreeIndentString = "\t";
+#ifndef XMLSEC_NO_XSLT
+ xmlIndentTreeOutput = 1;
+#endif /* XMLSEC_NO_XSLT */
+
+
+ /* Init libxslt */
+#ifndef XMLSEC_NO_XSLT
+ /* disable everything */
+ xsltSecPrefs = xsltNewSecurityPrefs();
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid);
+ xsltSetDefaultSecurityPrefs(xsltSecPrefs);
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init xmlsec */
+ if(xmlSecInit() < 0) {
+ fprintf(stderr, "Error: xmlsec intialization failed.\n");
+ return(-1);
+ }
+ if(xmlSecCheckVersion() != 1) {
+ fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n");
+ return(-1);
+ }
+
+#if !defined(XMLSEC_NO_CRYPTO_DYNAMIC_LOADING) && defined(XMLSEC_CRYPTO_DYNAMIC_LOADING)
+ if(xmlSecCryptoDLLoadLibrary(BAD_CAST xmlsec_crypto) < 0) {
+ fprintf(stderr, "Error: unable to load xmlsec-%s library. Make sure that you have\n"
+ "this it installed, check shared libraries path (LD_LIBRARY_PATH)\n"
+ "envornment variable or use \"--crypto\" option to specify different\n"
+ "crypto engine.\n", xmlsec_crypto);
+ return(-1);
+ }
+#endif /* !defined(XMLSEC_NO_CRYPTO_DYNAMIC_LOADING) && defined(XMLSEC_CRYPTO_DYNAMIC_LOADING) */
+
+ /* Init Crypto */
+ if(xmlSecAppCryptoInit(xmlSecAppCmdLineParamGetString(&cryptoConfigParam)) < 0) {
+ fprintf(stderr, "Error: xmlsec crypto intialization failed.\n");
+ return(-1);
+ }
+ return(0);
+}
+
+static void
+xmlSecAppShutdown(void) {
+ if(intialized == 0) {
+ return;
+ }
+
+ /* Shutdown Crypto */
+ if(xmlSecAppCryptoShutdown() < 0) {
+ fprintf(stderr, "Error: xmlsec crypto shutdown failed.\n");
+ }
+
+ /* Shutdown xmlsec */
+ if(xmlSecShutdown() < 0) {
+ fprintf(stderr, "Error: xmlsec shutdown failed.\n");
+ }
+
+ /* Shutdown libxslt/libxml */
+#ifndef XMLSEC_NO_XSLT
+ xsltFreeSecurityPrefs(xsltSecPrefs);
+ xsltCleanupGlobals();
+#endif /* XMLSEC_NO_XSLT */
+ xmlCleanupParser();
+}
+
+static xmlSecAppXmlDataPtr
+xmlSecAppXmlDataCreate(const char* filename, const xmlChar* defStartNodeName, const xmlChar* defStartNodeNs) {
+ xmlSecAppCmdLineValuePtr value;
+ xmlSecAppXmlDataPtr data;
+ xmlNodePtr cur = NULL;
+
+ if(filename == NULL) {
+ fprintf(stderr, "Error: xml filename is null\n");
+ return(NULL);
+ }
+
+ /* create object */
+ data = (xmlSecAppXmlDataPtr) xmlMalloc(sizeof(xmlSecAppXmlData));
+ if(data == NULL) {
+ fprintf(stderr, "Error: failed to create xml data\n");
+ return(NULL);
+ }
+ memset(data, 0, sizeof(xmlSecAppXmlData));
+
+ /* parse doc */
+ data->doc = xmlSecParseFile(filename);
+ if(data->doc == NULL) {
+ fprintf(stderr, "Error: failed to parse xml file \"%s\"\n",
+ filename);
+ xmlSecAppXmlDataDestroy(data);
+ return(NULL);
+ }
+
+ /* load dtd and set default attrs and ids */
+ if(xmlSecAppCmdLineParamGetString(&dtdFileParam) != NULL) {
+ xmlValidCtxt ctx;
+
+ data->dtd = xmlParseDTD(NULL, BAD_CAST xmlSecAppCmdLineParamGetString(&dtdFileParam));
+ if(data->dtd == NULL) {
+ fprintf(stderr, "Error: failed to parse dtd file \"%s\"\n",
+ xmlSecAppCmdLineParamGetString(&dtdFileParam));
+ xmlSecAppXmlDataDestroy(data);
+ return(NULL);
+ }
+
+ memset(&ctx, 0, sizeof(ctx));
+ /* we don't care is doc actually valid or not */
+ xmlValidateDtd(&ctx, data->doc, data->dtd);
+ }
+
+ /* set ID attributes from command line */
+ for(value = idAttrParam.value; value != NULL; value = value->next) {
+ if(value->strValue == NULL) {
+ fprintf(stderr, "Error: invalid value for option \"%s\".\n",
+ idAttrParam.fullName);
+ xmlSecAppXmlDataDestroy(data);
+ return(NULL);
+ } else {
+ xmlChar* attrName = (value->paramNameValue != NULL) ? BAD_CAST value->paramNameValue : BAD_CAST "id";
+ xmlChar* nodeName;
+ xmlChar* nsHref;
+ xmlChar* buf;
+
+ buf = xmlStrdup(BAD_CAST value->strValue);
+ if(buf == NULL) {
+ fprintf(stderr, "Error: failed to duplicate string \"%s\"\n", value->strValue);
+ xmlSecAppXmlDataDestroy(data);
+ return(NULL);
+ }
+ nodeName = (xmlChar*)strrchr((char*)buf, ':');
+ if(nodeName != NULL) {
+ (*(nodeName++)) = '\0';
+ nsHref = buf;
+ } else {
+ nodeName = buf;
+ nsHref = NULL;
+ }
+
+ /* process children first because it does not matter much but does simplify code */
+ cur = xmlSecGetNextElementNode(data->doc->children);
+ while(cur != NULL) {
+ if(xmlSecAppAddIDAttr(cur, attrName, nodeName, nsHref) < 0) {
+ fprintf(stderr, "Error: failed to add ID attribute \"%s\" for node \"%s\"\n", attrName, value->strValue);
+ xmlFree(buf);
+ xmlSecAppXmlDataDestroy(data);
+ return(NULL);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ xmlFree(buf);
+ }
+ }
+
+
+ /* now find the start node */
+ if(xmlSecAppCmdLineParamGetString(&nodeIdParam) != NULL) {
+ xmlAttrPtr attr;
+
+ attr = xmlGetID(data->doc, BAD_CAST xmlSecAppCmdLineParamGetString(&nodeIdParam));
+ if(attr == NULL) {
+ fprintf(stderr, "Error: failed to find node with id=\"%s\"\n",
+ xmlSecAppCmdLineParamGetString(&nodeIdParam));
+ xmlSecAppXmlDataDestroy(data);
+ return(NULL);
+ }
+ cur = attr->parent;
+ } else if(xmlSecAppCmdLineParamGetString(&nodeNameParam) != NULL) {
+ xmlChar* buf;
+ xmlChar* name;
+ xmlChar* ns;
+
+ buf = xmlStrdup(BAD_CAST xmlSecAppCmdLineParamGetString(&nodeNameParam));
+ if(buf == NULL) {
+ fprintf(stderr, "Error: failed to duplicate node \"%s\"\n",
+ xmlSecAppCmdLineParamGetString(&nodeNameParam));
+ xmlSecAppXmlDataDestroy(data);
+ return(NULL);
+ }
+ name = (xmlChar*)strrchr((char*)buf, ':');
+ if(name != NULL) {
+ (*(name++)) = '\0';
+ ns = buf;
+ } else {
+ name = buf;
+ ns = NULL;
+ }
+
+ cur = xmlSecFindNode(xmlDocGetRootElement(data->doc), name, ns);
+ if(cur == NULL) {
+ fprintf(stderr, "Error: failed to find node with name=\"%s\"\n",
+ name);
+ xmlFree(buf);
+ xmlSecAppXmlDataDestroy(data);
+ return(NULL);
+ }
+ xmlFree(buf);
+ } else if(xmlSecAppCmdLineParamGetString(&nodeXPathParam) != NULL) {
+ xmlXPathContextPtr ctx = NULL;
+ xmlXPathObjectPtr obj = NULL;
+ xmlNodePtr rootNode;
+ xmlNsPtr ns;
+ int ret;
+
+ rootNode = xmlDocGetRootElement(data->doc);
+ if(rootNode == NULL) {
+ fprintf(stderr, "Error: failed to find root node\n");
+ xmlSecAppXmlDataDestroy(data);
+ return(NULL);
+ }
+
+ ctx = xmlXPathNewContext(data->doc);
+ if(ctx == NULL) {
+ fprintf(stderr, "Error: failed to create xpath context\n");
+ xmlSecAppXmlDataDestroy(data);
+ return(NULL);
+ }
+
+ /* register namespaces from the root node */
+ for(ns = rootNode->nsDef; ns != NULL; ns = ns->next) {
+ if(ns->prefix != NULL){
+ ret = xmlXPathRegisterNs(ctx, ns->prefix, ns->href);
+ if(ret != 0) {
+ fprintf(stderr, "Error: failed to register namespace \"%s\"\n", ns->prefix);
+ xmlXPathFreeContext(ctx);
+ xmlSecAppXmlDataDestroy(data);
+ return(NULL);
+ }
+ }
+ }
+
+ obj = xmlXPathEval(BAD_CAST xmlSecAppCmdLineParamGetString(&nodeXPathParam), ctx);
+ if(obj == NULL) {
+ fprintf(stderr, "Error: failed to evaluate xpath expression\n");
+ xmlXPathFreeContext(ctx);
+ xmlSecAppXmlDataDestroy(data);
+ return(NULL);
+ }
+
+ if((obj->nodesetval == NULL) || (obj->nodesetval->nodeNr != 1)) {
+ fprintf(stderr, "Error: xpath expression evaluation does not return a single node as expected\n");
+ xmlXPathFreeObject(obj);
+ xmlXPathFreeContext(ctx);
+ xmlSecAppXmlDataDestroy(data);
+ return(NULL);
+ }
+
+ cur = obj->nodesetval->nodeTab[0];
+ xmlXPathFreeContext(ctx);
+ xmlXPathFreeObject(obj);
+
+ } else {
+ cur = xmlDocGetRootElement(data->doc);
+ if(cur == NULL) {
+ fprintf(stderr, "Error: failed to get root element\n");
+ xmlSecAppXmlDataDestroy(data);
+ return(NULL);
+ }
+ }
+
+ if(defStartNodeName != NULL) {
+ data->startNode = xmlSecFindNode(cur, defStartNodeName, defStartNodeNs);
+ if(data->startNode == NULL) {
+ fprintf(stderr, "Error: failed to find default node with name=\"%s\"\n",
+ defStartNodeName);
+ xmlSecAppXmlDataDestroy(data);
+ return(NULL);
+ }
+ } else {
+ data->startNode = cur;
+ }
+
+ return(data);
+}
+
+static void
+xmlSecAppXmlDataDestroy(xmlSecAppXmlDataPtr data) {
+ if(data == NULL) {
+ fprintf(stderr, "Error: xml data is null\n");
+ return;
+ }
+ if(data->dtd != NULL) {
+ xmlFreeDtd(data->dtd);
+ }
+ if(data->doc != NULL) {
+ xmlFreeDoc(data->doc);
+ }
+ memset(data, 0, sizeof(xmlSecAppXmlData));
+ xmlFree(data);
+}
+
+static xmlSecAppCommand
+xmlSecAppParseCommand(const char* cmd, xmlSecAppCmdLineParamTopic* cmdLineTopics, xmlSecAppCommand* subCommand) {
+ if(subCommand != NULL) {
+ (*subCommand) = xmlSecAppCommandUnknown;
+ }
+
+ if((cmd == NULL) || (cmdLineTopics == NULL)) {
+ return(xmlSecAppCommandUnknown);
+ } else
+
+ if((strcmp(cmd, "help") == 0) || (strcmp(cmd, "--help") == 0)) {
+ (*cmdLineTopics) = 0;
+ return(xmlSecAppCommandHelp);
+ } else
+
+ if((strcmp(cmd, "help-all") == 0) || (strcmp(cmd, "--help-all") == 0)) {
+ (*cmdLineTopics) = xmlSecAppCmdLineTopicAll;
+ return(xmlSecAppCommandHelp);
+ } else
+
+ if((strncmp(cmd, "help-", 5) == 0) || (strncmp(cmd, "--help-", 7) == 0)) {
+ cmd = (cmd[0] == '-') ? cmd + 7 : cmd + 5;
+ if(subCommand) {
+ (*subCommand) = xmlSecAppParseCommand(cmd, cmdLineTopics, NULL);
+ } else {
+ (*cmdLineTopics) = 0;
+ }
+ return(xmlSecAppCommandHelp);
+ } else
+
+ if((strcmp(cmd, "version") == 0) || (strcmp(cmd, "--version") == 0)) {
+ (*cmdLineTopics) = xmlSecAppCmdLineTopicVersion;
+ return(xmlSecAppCommandVersion);
+ } else
+
+ if((strcmp(cmd, "list-key-data") == 0) || (strcmp(cmd, "--list-key-data") == 0)) {
+ (*cmdLineTopics) = xmlSecAppCmdLineTopicCryptoConfig;
+ return(xmlSecAppCommandListKeyData);
+ } else
+
+ if((strcmp(cmd, "check-key-data") == 0) || (strcmp(cmd, "--check-key-data") == 0)) {
+ (*cmdLineTopics) = xmlSecAppCmdLineTopicCryptoConfig;
+ return(xmlSecAppCommandCheckKeyData);
+ } else
+
+ if((strcmp(cmd, "list-transforms") == 0) || (strcmp(cmd, "--list-transforms") == 0)) {
+ (*cmdLineTopics) = xmlSecAppCmdLineTopicCryptoConfig;
+ return(xmlSecAppCommandListTransforms);
+ } else
+
+ if((strcmp(cmd, "check-transforms") == 0) || (strcmp(cmd, "--check-transforms") == 0)) {
+ (*cmdLineTopics) = xmlSecAppCmdLineTopicCryptoConfig;
+ return(xmlSecAppCommandCheckTransforms);
+ } else
+
+ if((strcmp(cmd, "keys") == 0) || (strcmp(cmd, "--keys") == 0)) {
+ (*cmdLineTopics) =
+ xmlSecAppCmdLineTopicGeneral |
+ xmlSecAppCmdLineTopicCryptoConfig |
+ xmlSecAppCmdLineTopicKeysMngr |
+ xmlSecAppCmdLineTopicX509Certs;
+ return(xmlSecAppCommandKeys);
+ } else
+
+#ifndef XMLSEC_NO_XMLDSIG
+ if((strcmp(cmd, "sign") == 0) || (strcmp(cmd, "--sign") == 0)) {
+ (*cmdLineTopics) =
+ xmlSecAppCmdLineTopicGeneral |
+ xmlSecAppCmdLineTopicCryptoConfig |
+ xmlSecAppCmdLineTopicDSigCommon |
+ xmlSecAppCmdLineTopicDSigSign |
+ xmlSecAppCmdLineTopicKeysMngr |
+ xmlSecAppCmdLineTopicX509Certs;
+ return(xmlSecAppCommandSign);
+ } else
+
+ if((strcmp(cmd, "verify") == 0) || (strcmp(cmd, "--verify") == 0)) {
+ (*cmdLineTopics) =
+ xmlSecAppCmdLineTopicGeneral |
+ xmlSecAppCmdLineTopicCryptoConfig |
+ xmlSecAppCmdLineTopicDSigCommon |
+ xmlSecAppCmdLineTopicDSigVerify |
+ xmlSecAppCmdLineTopicKeysMngr |
+ xmlSecAppCmdLineTopicX509Certs;
+ return(xmlSecAppCommandVerify);
+ } else
+#ifndef XMLSEC_NO_TMPL_TEST
+ if((strcmp(cmd, "sign-tmpl") == 0) || (strcmp(cmd, "--sign-tmpl") == 0)) {
+ (*cmdLineTopics) =
+ xmlSecAppCmdLineTopicGeneral |
+ xmlSecAppCmdLineTopicCryptoConfig |
+ xmlSecAppCmdLineTopicDSigCommon |
+ xmlSecAppCmdLineTopicDSigSign |
+ xmlSecAppCmdLineTopicKeysMngr |
+ xmlSecAppCmdLineTopicX509Certs;
+ return(xmlSecAppCommandSignTmpl);
+ } else
+#endif /* XMLSEC_NO_TMPL_TEST */
+
+#endif /* XMLSEC_NO_XMLDSIG */
+
+#ifndef XMLSEC_NO_XMLENC
+ if((strcmp(cmd, "encrypt") == 0) || (strcmp(cmd, "--encrypt") == 0)) {
+ (*cmdLineTopics) =
+ xmlSecAppCmdLineTopicGeneral |
+ xmlSecAppCmdLineTopicCryptoConfig |
+ xmlSecAppCmdLineTopicEncCommon |
+ xmlSecAppCmdLineTopicEncEncrypt |
+ xmlSecAppCmdLineTopicKeysMngr |
+ xmlSecAppCmdLineTopicX509Certs;
+ return(xmlSecAppCommandEncrypt);
+ } else
+
+ if((strcmp(cmd, "decrypt") == 0) || (strcmp(cmd, "--decrypt") == 0)) {
+ (*cmdLineTopics) =
+ xmlSecAppCmdLineTopicGeneral |
+ xmlSecAppCmdLineTopicCryptoConfig |
+ xmlSecAppCmdLineTopicEncCommon |
+ xmlSecAppCmdLineTopicEncDecrypt |
+ xmlSecAppCmdLineTopicKeysMngr |
+ xmlSecAppCmdLineTopicX509Certs;
+ return(xmlSecAppCommandDecrypt);
+ } else
+
+#ifndef XMLSEC_NO_TMPL_TEST
+ if((strcmp(cmd, "encrypt-tmpl") == 0) || (strcmp(cmd, "--encrypt-tmpl") == 0)) {
+ (*cmdLineTopics) =
+ xmlSecAppCmdLineTopicGeneral |
+ xmlSecAppCmdLineTopicCryptoConfig |
+ xmlSecAppCmdLineTopicEncCommon |
+ xmlSecAppCmdLineTopicEncEncrypt |
+ xmlSecAppCmdLineTopicKeysMngr |
+ xmlSecAppCmdLineTopicX509Certs;
+ return(xmlSecAppCommandEncryptTmpl);
+ } else
+#endif /* XMLSEC_NO_TMPL_TEST */
+#endif /* XMLSEC_NO_XMLENC */
+
+#ifndef XMLSEC_NO_XKMS
+ if(strcmp(cmd, "--xkms-server-request") == 0) {
+ (*cmdLineTopics) =
+ xmlSecAppCmdLineTopicGeneral |
+ xmlSecAppCmdLineTopicCryptoConfig |
+ xmlSecAppCmdLineTopicXkmsCommon |
+ xmlSecAppCmdLineTopicKeysMngr |
+ xmlSecAppCmdLineTopicX509Certs;
+ return(xmlSecAppCommandXkmsServerRequest);
+ } else
+#endif /* XMLSEC_NO_XKMS */
+
+ if(1) {
+ (*cmdLineTopics) = 0;
+ return(xmlSecAppCommandUnknown);
+ }
+}
+
+static void
+xmlSecAppPrintHelp(xmlSecAppCommand command, xmlSecAppCmdLineParamTopic topics) {
+ switch(command) {
+ case xmlSecAppCommandUnknown:
+ case xmlSecAppCommandHelp:
+ fprintf(stdout, "%s%s\n", helpCommands1, helpCommands2);
+ break;
+ case xmlSecAppCommandVersion:
+ fprintf(stdout, "%s\n", helpVersion);
+ break;
+ case xmlSecAppCommandListKeyData:
+ fprintf(stdout, "%s\n", helpListKeyData);
+ break;
+ case xmlSecAppCommandCheckKeyData:
+ fprintf(stdout, "%s\n", helpCheckKeyData);
+ break;
+ case xmlSecAppCommandListTransforms:
+ fprintf(stdout, "%s\n", helpListTransforms);
+ break;
+ case xmlSecAppCommandCheckTransforms:
+ fprintf(stdout, "%s\n", helpCheckTransforms);
+ break;
+ case xmlSecAppCommandKeys:
+ fprintf(stdout, "%s\n", helpKeys);
+ break;
+ case xmlSecAppCommandSign:
+ fprintf(stdout, "%s\n", helpSign);
+ break;
+ case xmlSecAppCommandVerify:
+ fprintf(stdout, "%s\n", helpVerify);
+ break;
+ case xmlSecAppCommandEncrypt:
+ fprintf(stdout, "%s\n", helpEncrypt);
+ break;
+ case xmlSecAppCommandDecrypt:
+ fprintf(stdout, "%s\n", helpDecrypt);
+ break;
+ case xmlSecAppCommandSignTmpl:
+ fprintf(stdout, "%s\n", helpSignTmpl);
+ break;
+ case xmlSecAppCommandEncryptTmpl:
+ fprintf(stdout, "%s\n", helpEncryptTmpl);
+ break;
+ case xmlSecAppCommandXkmsServerRequest:
+ fprintf(stdout, "%s\n", helpXkmsServerRequest);
+ break;
+ }
+ if(topics != 0) {
+ fprintf(stdout, "Options:\n");
+ xmlSecAppCmdLineParamsListPrint(parameters, topics, stdout);
+ fprintf(stdout, "\n");
+ }
+ fprintf(stdout, "\n%s\n", bugs);
+ fprintf(stdout, "%s\n", copyright);
+}
+
+static xmlSecTransformUriType
+xmlSecAppGetUriType(const char* string) {
+ xmlSecTransformUriType type = xmlSecTransformUriTypeNone;
+
+ while((string != NULL) && (string[0] != '\0')) {
+ if(strcmp(string, "empty") == 0) {
+ type |= xmlSecTransformUriTypeEmpty;
+ } else if(strcmp(string, "same-doc") == 0) {
+ type |= xmlSecTransformUriTypeSameDocument;
+ } else if(strcmp(string, "local") == 0) {
+ type |= xmlSecTransformUriTypeLocal;
+ } else if(strcmp(string, "remote") == 0) {
+ type |= xmlSecTransformUriTypeRemote;
+ } else {
+ fprintf(stderr, "Error: invalid uri type: \"%s\"\n", string);
+ return(xmlSecTransformUriTypeNone);
+ }
+ string += strlen(string) + 1;
+ }
+ return(type);
+}
+
+static FILE*
+xmlSecAppOpenFile(const char* filename) {
+ FILE* file;
+
+ if((filename == NULL) || (strcmp(filename, "-") == 0)) {
+ return(stdout);
+ }
+ file = fopen(filename, "wb");
+ if(file == NULL) {
+ fprintf(stderr, "Error: failed to open file \"%s\"\n", filename);
+ return(NULL);
+ }
+
+ return(file);
+}
+
+static void
+xmlSecAppCloseFile(FILE* file) {
+ if((file == NULL) || (file == stdout) || (file == stderr)) {
+ return;
+ }
+
+ fclose(file);
+}
+
+static int
+xmlSecAppWriteResult(xmlDocPtr doc, xmlSecBufferPtr buffer) {
+ FILE* f;
+
+ f = xmlSecAppOpenFile(xmlSecAppCmdLineParamGetString(&outputParam));
+ if(f == NULL) {
+ return(-1);
+ }
+ if(doc != NULL) {
+ xmlDocDump(f, doc);
+ } else if((buffer != NULL) && (xmlSecBufferGetData(buffer) != NULL)) {
+ fwrite(xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer), 1, f);
+ } else {
+ fprintf(stderr, "Error: both result doc and result buffer are null\n");
+ xmlSecAppCloseFile(f);
+ return(-1);
+ }
+ xmlSecAppCloseFile(f);
+ return(0);
+}
+
+static int
+xmlSecAppAddIDAttr(xmlNodePtr node, const xmlChar* attrName, const xmlChar* nodeName, const xmlChar* nsHref) {
+ xmlAttrPtr attr, tmpAttr;
+ xmlNodePtr cur;
+ xmlChar* id;
+
+ if((node == NULL) || (attrName == NULL) || (nodeName == NULL)) {
+ return(-1);
+ }
+
+ /* process children first because it does not matter much but does simplify code */
+ cur = xmlSecGetNextElementNode(node->children);
+ while(cur != NULL) {
+ if(xmlSecAppAddIDAttr(cur, attrName, nodeName, nsHref) < 0) {
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* node name must match */
+ if(!xmlStrEqual(node->name, nodeName)) {
+ return(0);
+ }
+
+ /* if nsHref is set then it also should match */
+ if((nsHref != NULL) && (node->ns != NULL) && (!xmlStrEqual(nsHref, node->ns->href))) {
+ return(0);
+ }
+
+ /* the attribute with name equal to attrName should exist */
+ for(attr = node->properties; attr != NULL; attr = attr->next) {
+ if(xmlStrEqual(attr->name, attrName)) {
+ break;
+ }
+ }
+ if(attr == NULL) {
+ return(0);
+ }
+
+ /* and this attr should have a value */
+ id = xmlNodeListGetString(node->doc, attr->children, 1);
+ if(id == NULL) {
+ return(0);
+ }
+
+ /* check that we don't have same ID already */
+ tmpAttr = xmlGetID(node->doc, id);
+ if(tmpAttr == NULL) {
+ xmlAddID(NULL, node->doc, id, attr);
+ } else if(tmpAttr != attr) {
+ fprintf(stderr, "Error: duplicate ID attribute \"%s\"\n", id);
+ xmlFree(id);
+ return(-1);
+ }
+ xmlFree(id);
+ return(0);
+}
+
+
+
diff --git a/config.guess b/config.guess
new file mode 100755
index 00000000..c2246a4f
--- /dev/null
+++ b/config.guess
@@ -0,0 +1,1502 @@
+#! /bin/sh
+# Attempt to guess a canonical system name.
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
+# Free Software Foundation, Inc.
+
+timestamp='2009-12-30'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Originally written by Per Bothner. Please send patches (context
+# diff format) to <config-patches@gnu.org> and include a ChangeLog
+# entry.
+#
+# This script attempts to guess a canonical system name similar to
+# config.sub. If it succeeds, it prints the system name on stdout, and
+# exits with 0. Otherwise, it exits with 1.
+#
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of the system \`$me' is run on.
+
+Operation modes:
+ -h, --help print this help, then exit
+ -t, --time-stamp print date of last modification, then exit
+ -v, --version print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
+2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free
+Software Foundation, Inc.
+
+This is free software; see the source for copying conditions. There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+ case $1 in
+ --time-stamp | --time* | -t )
+ echo "$timestamp" ; exit ;;
+ --version | -v )
+ echo "$version" ; exit ;;
+ --help | --h* | -h )
+ echo "$usage"; exit ;;
+ -- ) # Stop option processing
+ shift; break ;;
+ - ) # Use stdin as input.
+ break ;;
+ -* )
+ echo "$me: invalid option $1$help" >&2
+ exit 1 ;;
+ * )
+ break ;;
+ esac
+done
+
+if test $# != 0; then
+ echo "$me: too many arguments$help" >&2
+ exit 1
+fi
+
+trap 'exit 1' 1 2 15
+
+# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
+# compiler to aid in system detection is discouraged as it requires
+# temporary files to be created and, as you can see below, it is a
+# headache to deal with in a portable fashion.
+
+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+# use `HOST_CC' if defined, but it is deprecated.
+
+# Portable tmp directory creation inspired by the Autoconf team.
+
+set_cc_for_build='
+trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
+trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
+: ${TMPDIR=/tmp} ;
+ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
+dummy=$tmp/dummy ;
+tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
+case $CC_FOR_BUILD,$HOST_CC,$CC in
+ ,,) echo "int x;" > $dummy.c ;
+ for c in cc gcc c89 c99 ; do
+ if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
+ CC_FOR_BUILD="$c"; break ;
+ fi ;
+ done ;
+ if test x"$CC_FOR_BUILD" = x ; then
+ CC_FOR_BUILD=no_compiler_found ;
+ fi
+ ;;
+ ,,*) CC_FOR_BUILD=$CC ;;
+ ,*,*) CC_FOR_BUILD=$HOST_CC ;;
+esac ; set_cc_for_build= ;'
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# (ghazi@noc.rutgers.edu 1994-08-24)
+if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+ PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+# Note: order is significant - the case branches are not exclusive.
+
+case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+ *:NetBSD:*:*)
+ # NetBSD (nbsd) targets should (where applicable) match one or
+ # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
+ # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently
+ # switched to ELF, *-*-netbsd* would select the old
+ # object file format. This provides both forward
+ # compatibility and a consistent mechanism for selecting the
+ # object file format.
+ #
+ # Note: NetBSD doesn't particularly care about the vendor
+ # portion of the name. We always set it to "unknown".
+ sysctl="sysctl -n hw.machine_arch"
+ UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
+ /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
+ case "${UNAME_MACHINE_ARCH}" in
+ armeb) machine=armeb-unknown ;;
+ arm*) machine=arm-unknown ;;
+ sh3el) machine=shl-unknown ;;
+ sh3eb) machine=sh-unknown ;;
+ sh5el) machine=sh5le-unknown ;;
+ *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
+ esac
+ # The Operating System including object format, if it has switched
+ # to ELF recently, or will in the future.
+ case "${UNAME_MACHINE_ARCH}" in
+ arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+ eval $set_cc_for_build
+ if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+ | grep -q __ELF__
+ then
+ # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+ # Return netbsd for either. FIX?
+ os=netbsd
+ else
+ os=netbsdelf
+ fi
+ ;;
+ *)
+ os=netbsd
+ ;;
+ esac
+ # The OS release
+ # Debian GNU/NetBSD machines have a different userland, and
+ # thus, need a distinct triplet. However, they do not need
+ # kernel version information, so it can be replaced with a
+ # suitable tag, in the style of linux-gnu.
+ case "${UNAME_VERSION}" in
+ Debian*)
+ release='-gnu'
+ ;;
+ *)
+ release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+ ;;
+ esac
+ # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+ # contains redundant information, the shorter form:
+ # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+ echo "${machine}-${os}${release}"
+ exit ;;
+ *:OpenBSD:*:*)
+ UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
+ echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
+ exit ;;
+ *:ekkoBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
+ exit ;;
+ *:SolidBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE}
+ exit ;;
+ macppc:MirBSD:*:*)
+ echo powerpc-unknown-mirbsd${UNAME_RELEASE}
+ exit ;;
+ *:MirBSD:*:*)
+ echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
+ exit ;;
+ alpha:OSF1:*:*)
+ case $UNAME_RELEASE in
+ *4.0)
+ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+ ;;
+ *5.*)
+ UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+ ;;
+ esac
+ # According to Compaq, /usr/sbin/psrinfo has been available on
+ # OSF/1 and Tru64 systems produced since 1995. I hope that
+ # covers most systems running today. This code pipes the CPU
+ # types through head -n 1, so we only detect the type of CPU 0.
+ ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1`
+ case "$ALPHA_CPU_TYPE" in
+ "EV4 (21064)")
+ UNAME_MACHINE="alpha" ;;
+ "EV4.5 (21064)")
+ UNAME_MACHINE="alpha" ;;
+ "LCA4 (21066/21068)")
+ UNAME_MACHINE="alpha" ;;
+ "EV5 (21164)")
+ UNAME_MACHINE="alphaev5" ;;
+ "EV5.6 (21164A)")
+ UNAME_MACHINE="alphaev56" ;;
+ "EV5.6 (21164PC)")
+ UNAME_MACHINE="alphapca56" ;;
+ "EV5.7 (21164PC)")
+ UNAME_MACHINE="alphapca57" ;;
+ "EV6 (21264)")
+ UNAME_MACHINE="alphaev6" ;;
+ "EV6.7 (21264A)")
+ UNAME_MACHINE="alphaev67" ;;
+ "EV6.8CB (21264C)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.8AL (21264B)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.8CX (21264D)")
+ UNAME_MACHINE="alphaev68" ;;
+ "EV6.9A (21264/EV69A)")
+ UNAME_MACHINE="alphaev69" ;;
+ "EV7 (21364)")
+ UNAME_MACHINE="alphaev7" ;;
+ "EV7.9 (21364A)")
+ UNAME_MACHINE="alphaev79" ;;
+ esac
+ # A Pn.n version is a patched version.
+ # A Vn.n version is a released version.
+ # A Tn.n version is a released field test version.
+ # A Xn.n version is an unreleased experimental baselevel.
+ # 1.2 uses "1.2" for uname -r.
+ echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+ exit ;;
+ Alpha\ *:Windows_NT*:*)
+ # How do we know it's Interix rather than the generic POSIX subsystem?
+ # Should we change UNAME_MACHINE based on the output of uname instead
+ # of the specific Alpha model?
+ echo alpha-pc-interix
+ exit ;;
+ 21064:Windows_NT:50:3)
+ echo alpha-dec-winnt3.5
+ exit ;;
+ Amiga*:UNIX_System_V:4.0:*)
+ echo m68k-unknown-sysv4
+ exit ;;
+ *:[Aa]miga[Oo][Ss]:*:*)
+ echo ${UNAME_MACHINE}-unknown-amigaos
+ exit ;;
+ *:[Mm]orph[Oo][Ss]:*:*)
+ echo ${UNAME_MACHINE}-unknown-morphos
+ exit ;;
+ *:OS/390:*:*)
+ echo i370-ibm-openedition
+ exit ;;
+ *:z/VM:*:*)
+ echo s390-ibm-zvmoe
+ exit ;;
+ *:OS400:*:*)
+ echo powerpc-ibm-os400
+ exit ;;
+ arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+ echo arm-acorn-riscix${UNAME_RELEASE}
+ exit ;;
+ arm:riscos:*:*|arm:RISCOS:*:*)
+ echo arm-unknown-riscos
+ exit ;;
+ SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
+ echo hppa1.1-hitachi-hiuxmpp
+ exit ;;
+ Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
+ # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
+ if test "`(/bin/universe) 2>/dev/null`" = att ; then
+ echo pyramid-pyramid-sysv3
+ else
+ echo pyramid-pyramid-bsd
+ fi
+ exit ;;
+ NILE*:*:*:dcosx)
+ echo pyramid-pyramid-svr4
+ exit ;;
+ DRS?6000:unix:4.0:6*)
+ echo sparc-icl-nx6
+ exit ;;
+ DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
+ case `/usr/bin/uname -p` in
+ sparc) echo sparc-icl-nx7; exit ;;
+ esac ;;
+ s390x:SunOS:*:*)
+ echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ sun4H:SunOS:5.*:*)
+ echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+ echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*)
+ echo i386-pc-auroraux${UNAME_RELEASE}
+ exit ;;
+ i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
+ eval $set_cc_for_build
+ SUN_ARCH="i386"
+ # If there is a compiler, see if it is configured for 64-bit objects.
+ # Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
+ # This test works for both compilers.
+ if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+ if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
+ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+ grep IS_64BIT_ARCH >/dev/null
+ then
+ SUN_ARCH="x86_64"
+ fi
+ fi
+ echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ sun4*:SunOS:6*:*)
+ # According to config.sub, this is the proper way to canonicalize
+ # SunOS6. Hard to guess exactly what SunOS6 will be like, but
+ # it's likely to be more like Solaris than SunOS4.
+ echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ sun4*:SunOS:*:*)
+ case "`/usr/bin/arch -k`" in
+ Series*|S4*)
+ UNAME_RELEASE=`uname -v`
+ ;;
+ esac
+ # Japanese Language versions have a version number like `4.1.3-JL'.
+ echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
+ exit ;;
+ sun3*:SunOS:*:*)
+ echo m68k-sun-sunos${UNAME_RELEASE}
+ exit ;;
+ sun*:*:4.2BSD:*)
+ UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+ test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+ case "`/bin/arch`" in
+ sun3)
+ echo m68k-sun-sunos${UNAME_RELEASE}
+ ;;
+ sun4)
+ echo sparc-sun-sunos${UNAME_RELEASE}
+ ;;
+ esac
+ exit ;;
+ aushp:SunOS:*:*)
+ echo sparc-auspex-sunos${UNAME_RELEASE}
+ exit ;;
+ # The situation for MiNT is a little confusing. The machine name
+ # can be virtually everything (everything which is not
+ # "atarist" or "atariste" at least should have a processor
+ # > m68000). The system name ranges from "MiNT" over "FreeMiNT"
+ # to the lowercase version "mint" (or "freemint"). Finally
+ # the system name "TOS" denotes a system which is actually not
+ # MiNT. But MiNT is downward compatible to TOS, so this should
+ # be no problem.
+ atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+ echo m68k-atari-mint${UNAME_RELEASE}
+ exit ;;
+ atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+ echo m68k-atari-mint${UNAME_RELEASE}
+ exit ;;
+ *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+ echo m68k-atari-mint${UNAME_RELEASE}
+ exit ;;
+ milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+ echo m68k-milan-mint${UNAME_RELEASE}
+ exit ;;
+ hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+ echo m68k-hades-mint${UNAME_RELEASE}
+ exit ;;
+ *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+ echo m68k-unknown-mint${UNAME_RELEASE}
+ exit ;;
+ m68k:machten:*:*)
+ echo m68k-apple-machten${UNAME_RELEASE}
+ exit ;;
+ powerpc:machten:*:*)
+ echo powerpc-apple-machten${UNAME_RELEASE}
+ exit ;;
+ RISC*:Mach:*:*)
+ echo mips-dec-mach_bsd4.3
+ exit ;;
+ RISC*:ULTRIX:*:*)
+ echo mips-dec-ultrix${UNAME_RELEASE}
+ exit ;;
+ VAX*:ULTRIX*:*:*)
+ echo vax-dec-ultrix${UNAME_RELEASE}
+ exit ;;
+ 2020:CLIX:*:* | 2430:CLIX:*:*)
+ echo clipper-intergraph-clix${UNAME_RELEASE}
+ exit ;;
+ mips:*:*:UMIPS | mips:*:*:RISCos)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+#ifdef __cplusplus
+#include <stdio.h> /* for printf() prototype */
+ int main (int argc, char *argv[]) {
+#else
+ int main (argc, argv) int argc; char *argv[]; {
+#endif
+ #if defined (host_mips) && defined (MIPSEB)
+ #if defined (SYSTYPE_SYSV)
+ printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
+ #endif
+ #if defined (SYSTYPE_SVR4)
+ printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
+ #endif
+ #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+ printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
+ #endif
+ #endif
+ exit (-1);
+ }
+EOF
+ $CC_FOR_BUILD -o $dummy $dummy.c &&
+ dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
+ SYSTEM_NAME=`$dummy $dummyarg` &&
+ { echo "$SYSTEM_NAME"; exit; }
+ echo mips-mips-riscos${UNAME_RELEASE}
+ exit ;;
+ Motorola:PowerMAX_OS:*:*)
+ echo powerpc-motorola-powermax
+ exit ;;
+ Motorola:*:4.3:PL8-*)
+ echo powerpc-harris-powermax
+ exit ;;
+ Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
+ echo powerpc-harris-powermax
+ exit ;;
+ Night_Hawk:Power_UNIX:*:*)
+ echo powerpc-harris-powerunix
+ exit ;;
+ m88k:CX/UX:7*:*)
+ echo m88k-harris-cxux7
+ exit ;;
+ m88k:*:4*:R4*)
+ echo m88k-motorola-sysv4
+ exit ;;
+ m88k:*:3*:R3*)
+ echo m88k-motorola-sysv3
+ exit ;;
+ AViiON:dgux:*:*)
+ # DG/UX returns AViiON for all architectures
+ UNAME_PROCESSOR=`/usr/bin/uname -p`
+ if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
+ then
+ if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
+ [ ${TARGET_BINARY_INTERFACE}x = x ]
+ then
+ echo m88k-dg-dgux${UNAME_RELEASE}
+ else
+ echo m88k-dg-dguxbcs${UNAME_RELEASE}
+ fi
+ else
+ echo i586-dg-dgux${UNAME_RELEASE}
+ fi
+ exit ;;
+ M88*:DolphinOS:*:*) # DolphinOS (SVR3)
+ echo m88k-dolphin-sysv3
+ exit ;;
+ M88*:*:R3*:*)
+ # Delta 88k system running SVR3
+ echo m88k-motorola-sysv3
+ exit ;;
+ XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+ echo m88k-tektronix-sysv3
+ exit ;;
+ Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+ echo m68k-tektronix-bsd
+ exit ;;
+ *:IRIX*:*:*)
+ echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
+ exit ;;
+ ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+ echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
+ exit ;; # Note that: echo "'`uname -s`'" gives 'AIX '
+ i*86:AIX:*:*)
+ echo i386-ibm-aix
+ exit ;;
+ ia64:AIX:*:*)
+ if [ -x /usr/bin/oslevel ] ; then
+ IBM_REV=`/usr/bin/oslevel`
+ else
+ IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+ fi
+ echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
+ exit ;;
+ *:AIX:2:3)
+ if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #include <sys/systemcfg.h>
+
+ main()
+ {
+ if (!__power_pc())
+ exit(1);
+ puts("powerpc-ibm-aix3.2.5");
+ exit(0);
+ }
+EOF
+ if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
+ then
+ echo "$SYSTEM_NAME"
+ else
+ echo rs6000-ibm-aix3.2.5
+ fi
+ elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+ echo rs6000-ibm-aix3.2.4
+ else
+ echo rs6000-ibm-aix3.2
+ fi
+ exit ;;
+ *:AIX:*:[456])
+ IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
+ if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
+ IBM_ARCH=rs6000
+ else
+ IBM_ARCH=powerpc
+ fi
+ if [ -x /usr/bin/oslevel ] ; then
+ IBM_REV=`/usr/bin/oslevel`
+ else
+ IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+ fi
+ echo ${IBM_ARCH}-ibm-aix${IBM_REV}
+ exit ;;
+ *:AIX:*:*)
+ echo rs6000-ibm-aix
+ exit ;;
+ ibmrt:4.4BSD:*|romp-ibm:BSD:*)
+ echo romp-ibm-bsd4.4
+ exit ;;
+ ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and
+ echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to
+ exit ;; # report: romp-ibm BSD 4.3
+ *:BOSX:*:*)
+ echo rs6000-bull-bosx
+ exit ;;
+ DPX/2?00:B.O.S.:*:*)
+ echo m68k-bull-sysv3
+ exit ;;
+ 9000/[34]??:4.3bsd:1.*:*)
+ echo m68k-hp-bsd
+ exit ;;
+ hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+ echo m68k-hp-bsd4.4
+ exit ;;
+ 9000/[34678]??:HP-UX:*:*)
+ HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+ case "${UNAME_MACHINE}" in
+ 9000/31? ) HP_ARCH=m68000 ;;
+ 9000/[34]?? ) HP_ARCH=m68k ;;
+ 9000/[678][0-9][0-9])
+ if [ -x /usr/bin/getconf ]; then
+ sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
+ sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+ case "${sc_cpu_version}" in
+ 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+ 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+ 532) # CPU_PA_RISC2_0
+ case "${sc_kernel_bits}" in
+ 32) HP_ARCH="hppa2.0n" ;;
+ 64) HP_ARCH="hppa2.0w" ;;
+ '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20
+ esac ;;
+ esac
+ fi
+ if [ "${HP_ARCH}" = "" ]; then
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+
+ #define _HPUX_SOURCE
+ #include <stdlib.h>
+ #include <unistd.h>
+
+ int main ()
+ {
+ #if defined(_SC_KERNEL_BITS)
+ long bits = sysconf(_SC_KERNEL_BITS);
+ #endif
+ long cpu = sysconf (_SC_CPU_VERSION);
+
+ switch (cpu)
+ {
+ case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+ case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+ case CPU_PA_RISC2_0:
+ #if defined(_SC_KERNEL_BITS)
+ switch (bits)
+ {
+ case 64: puts ("hppa2.0w"); break;
+ case 32: puts ("hppa2.0n"); break;
+ default: puts ("hppa2.0"); break;
+ } break;
+ #else /* !defined(_SC_KERNEL_BITS) */
+ puts ("hppa2.0"); break;
+ #endif
+ default: puts ("hppa1.0"); break;
+ }
+ exit (0);
+ }
+EOF
+ (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+ test -z "$HP_ARCH" && HP_ARCH=hppa
+ fi ;;
+ esac
+ if [ ${HP_ARCH} = "hppa2.0w" ]
+ then
+ eval $set_cc_for_build
+
+ # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
+ # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler
+ # generating 64-bit code. GNU and HP use different nomenclature:
+ #
+ # $ CC_FOR_BUILD=cc ./config.guess
+ # => hppa2.0w-hp-hpux11.23
+ # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
+ # => hppa64-hp-hpux11.23
+
+ if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
+ grep -q __LP64__
+ then
+ HP_ARCH="hppa2.0w"
+ else
+ HP_ARCH="hppa64"
+ fi
+ fi
+ echo ${HP_ARCH}-hp-hpux${HPUX_REV}
+ exit ;;
+ ia64:HP-UX:*:*)
+ HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+ echo ia64-hp-hpux${HPUX_REV}
+ exit ;;
+ 3050*:HI-UX:*:*)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #include <unistd.h>
+ int
+ main ()
+ {
+ long cpu = sysconf (_SC_CPU_VERSION);
+ /* The order matters, because CPU_IS_HP_MC68K erroneously returns
+ true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct
+ results, however. */
+ if (CPU_IS_PA_RISC (cpu))
+ {
+ switch (cpu)
+ {
+ case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
+ case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
+ case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
+ default: puts ("hppa-hitachi-hiuxwe2"); break;
+ }
+ }
+ else if (CPU_IS_HP_MC68K (cpu))
+ puts ("m68k-hitachi-hiuxwe2");
+ else puts ("unknown-hitachi-hiuxwe2");
+ exit (0);
+ }
+EOF
+ $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
+ { echo "$SYSTEM_NAME"; exit; }
+ echo unknown-hitachi-hiuxwe2
+ exit ;;
+ 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
+ echo hppa1.1-hp-bsd
+ exit ;;
+ 9000/8??:4.3bsd:*:*)
+ echo hppa1.0-hp-bsd
+ exit ;;
+ *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
+ echo hppa1.0-hp-mpeix
+ exit ;;
+ hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
+ echo hppa1.1-hp-osf
+ exit ;;
+ hp8??:OSF1:*:*)
+ echo hppa1.0-hp-osf
+ exit ;;
+ i*86:OSF1:*:*)
+ if [ -x /usr/sbin/sysversion ] ; then
+ echo ${UNAME_MACHINE}-unknown-osf1mk
+ else
+ echo ${UNAME_MACHINE}-unknown-osf1
+ fi
+ exit ;;
+ parisc*:Lites*:*:*)
+ echo hppa1.1-hp-lites
+ exit ;;
+ C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+ echo c1-convex-bsd
+ exit ;;
+ C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+ if getsysinfo -f scalar_acc
+ then echo c32-convex-bsd
+ else echo c2-convex-bsd
+ fi
+ exit ;;
+ C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+ echo c34-convex-bsd
+ exit ;;
+ C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+ echo c38-convex-bsd
+ exit ;;
+ C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+ echo c4-convex-bsd
+ exit ;;
+ CRAY*Y-MP:*:*:*)
+ echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*[A-Z]90:*:*:*)
+ echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
+ -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*TS:*:*:*)
+ echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*T3E:*:*:*)
+ echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ CRAY*SV1:*:*:*)
+ echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ *:UNICOS/mp:*:*)
+ echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+ exit ;;
+ F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+ FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+ FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+ echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+ exit ;;
+ 5000:UNIX_System_V:4.*:*)
+ FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+ FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+ echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+ exit ;;
+ i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+ echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+ exit ;;
+ sparc*:BSD/OS:*:*)
+ echo sparc-unknown-bsdi${UNAME_RELEASE}
+ exit ;;
+ *:BSD/OS:*:*)
+ echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
+ exit ;;
+ *:FreeBSD:*:*)
+ case ${UNAME_MACHINE} in
+ pc98)
+ echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+ amd64)
+ echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+ *)
+ echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+ esac
+ exit ;;
+ i*:CYGWIN*:*)
+ echo ${UNAME_MACHINE}-pc-cygwin
+ exit ;;
+ *:MINGW*:*)
+ echo ${UNAME_MACHINE}-pc-mingw32
+ exit ;;
+ i*:windows32*:*)
+ # uname -m includes "-pc" on this system.
+ echo ${UNAME_MACHINE}-mingw32
+ exit ;;
+ i*:PW*:*)
+ echo ${UNAME_MACHINE}-pc-pw32
+ exit ;;
+ *:Interix*:*)
+ case ${UNAME_MACHINE} in
+ x86)
+ echo i586-pc-interix${UNAME_RELEASE}
+ exit ;;
+ authenticamd | genuineintel | EM64T)
+ echo x86_64-unknown-interix${UNAME_RELEASE}
+ exit ;;
+ IA64)
+ echo ia64-unknown-interix${UNAME_RELEASE}
+ exit ;;
+ esac ;;
+ [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
+ echo i${UNAME_MACHINE}-pc-mks
+ exit ;;
+ 8664:Windows_NT:*)
+ echo x86_64-pc-mks
+ exit ;;
+ i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
+ # How do we know it's Interix rather than the generic POSIX subsystem?
+ # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
+ # UNAME_MACHINE based on the output of uname instead of i386?
+ echo i586-pc-interix
+ exit ;;
+ i*:UWIN*:*)
+ echo ${UNAME_MACHINE}-pc-uwin
+ exit ;;
+ amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
+ echo x86_64-unknown-cygwin
+ exit ;;
+ p*:CYGWIN*:*)
+ echo powerpcle-unknown-cygwin
+ exit ;;
+ prep*:SunOS:5.*:*)
+ echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
+ *:GNU:*:*)
+ # the GNU system
+ echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+ exit ;;
+ *:GNU/*:*:*)
+ # other systems with GNU libc and userland
+ echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
+ exit ;;
+ i*86:Minix:*:*)
+ echo ${UNAME_MACHINE}-pc-minix
+ exit ;;
+ alpha:Linux:*:*)
+ case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+ EV5) UNAME_MACHINE=alphaev5 ;;
+ EV56) UNAME_MACHINE=alphaev56 ;;
+ PCA56) UNAME_MACHINE=alphapca56 ;;
+ PCA57) UNAME_MACHINE=alphapca56 ;;
+ EV6) UNAME_MACHINE=alphaev6 ;;
+ EV67) UNAME_MACHINE=alphaev67 ;;
+ EV68*) UNAME_MACHINE=alphaev68 ;;
+ esac
+ objdump --private-headers /bin/sh | grep -q ld.so.1
+ if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
+ echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
+ exit ;;
+ arm*:Linux:*:*)
+ eval $set_cc_for_build
+ if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
+ | grep -q __ARM_EABI__
+ then
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ else
+ echo ${UNAME_MACHINE}-unknown-linux-gnueabi
+ fi
+ exit ;;
+ avr32*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ cris:Linux:*:*)
+ echo cris-axis-linux-gnu
+ exit ;;
+ crisv32:Linux:*:*)
+ echo crisv32-axis-linux-gnu
+ exit ;;
+ frv:Linux:*:*)
+ echo frv-unknown-linux-gnu
+ exit ;;
+ i*86:Linux:*:*)
+ LIBC=gnu
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #ifdef __dietlibc__
+ LIBC=dietlibc
+ #endif
+EOF
+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'`
+ echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
+ exit ;;
+ ia64:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ m32r*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ m68*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ mips:Linux:*:* | mips64:Linux:*:*)
+ eval $set_cc_for_build
+ sed 's/^ //' << EOF >$dummy.c
+ #undef CPU
+ #undef ${UNAME_MACHINE}
+ #undef ${UNAME_MACHINE}el
+ #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+ CPU=${UNAME_MACHINE}el
+ #else
+ #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+ CPU=${UNAME_MACHINE}
+ #else
+ CPU=
+ #endif
+ #endif
+EOF
+ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'`
+ test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
+ ;;
+ or32:Linux:*:*)
+ echo or32-unknown-linux-gnu
+ exit ;;
+ padre:Linux:*:*)
+ echo sparc-unknown-linux-gnu
+ exit ;;
+ parisc64:Linux:*:* | hppa64:Linux:*:*)
+ echo hppa64-unknown-linux-gnu
+ exit ;;
+ parisc:Linux:*:* | hppa:Linux:*:*)
+ # Look for CPU level
+ case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+ PA7*) echo hppa1.1-unknown-linux-gnu ;;
+ PA8*) echo hppa2.0-unknown-linux-gnu ;;
+ *) echo hppa-unknown-linux-gnu ;;
+ esac
+ exit ;;
+ ppc64:Linux:*:*)
+ echo powerpc64-unknown-linux-gnu
+ exit ;;
+ ppc:Linux:*:*)
+ echo powerpc-unknown-linux-gnu
+ exit ;;
+ s390:Linux:*:* | s390x:Linux:*:*)
+ echo ${UNAME_MACHINE}-ibm-linux
+ exit ;;
+ sh64*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ sh*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ sparc:Linux:*:* | sparc64:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ vax:Linux:*:*)
+ echo ${UNAME_MACHINE}-dec-linux-gnu
+ exit ;;
+ x86_64:Linux:*:*)
+ echo x86_64-unknown-linux-gnu
+ exit ;;
+ xtensa*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
+ i*86:DYNIX/ptx:4*:*)
+ # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+ # earlier versions are messed up and put the nodename in both
+ # sysname and nodename.
+ echo i386-sequent-sysv4
+ exit ;;
+ i*86:UNIX_SV:4.2MP:2.*)
+ # Unixware is an offshoot of SVR4, but it has its own version
+ # number series starting with 2...
+ # I am not positive that other SVR4 systems won't match this,
+ # I just have to hope. -- rms.
+ # Use sysv4.2uw... so that sysv4* matches it.
+ echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+ exit ;;
+ i*86:OS/2:*:*)
+ # If we were able to find `uname', then EMX Unix compatibility
+ # is probably installed.
+ echo ${UNAME_MACHINE}-pc-os2-emx
+ exit ;;
+ i*86:XTS-300:*:STOP)
+ echo ${UNAME_MACHINE}-unknown-stop
+ exit ;;
+ i*86:atheos:*:*)
+ echo ${UNAME_MACHINE}-unknown-atheos
+ exit ;;
+ i*86:syllable:*:*)
+ echo ${UNAME_MACHINE}-pc-syllable
+ exit ;;
+ i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*)
+ echo i386-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ i*86:*DOS:*:*)
+ echo ${UNAME_MACHINE}-pc-msdosdjgpp
+ exit ;;
+ i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
+ UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
+ if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+ echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
+ else
+ echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
+ fi
+ exit ;;
+ i*86:*:5:[678]*)
+ # UnixWare 7.x, OpenUNIX and OpenServer 6.
+ case `/bin/uname -X | grep "^Machine"` in
+ *486*) UNAME_MACHINE=i486 ;;
+ *Pentium) UNAME_MACHINE=i586 ;;
+ *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+ esac
+ echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+ exit ;;
+ i*86:*:3.2:*)
+ if test -f /usr/options/cb.name; then
+ UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+ echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
+ elif /bin/uname -X 2>/dev/null >/dev/null ; then
+ UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
+ (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
+ (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
+ && UNAME_MACHINE=i586
+ (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
+ && UNAME_MACHINE=i686
+ (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
+ && UNAME_MACHINE=i686
+ echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
+ else
+ echo ${UNAME_MACHINE}-pc-sysv32
+ fi
+ exit ;;
+ pc:*:*:*)
+ # Left here for compatibility:
+ # uname -m prints for DJGPP always 'pc', but it prints nothing about
+ # the processor, so we play safe by assuming i586.
+ # Note: whatever this is, it MUST be the same as what config.sub
+ # prints for the "djgpp" host, or else GDB configury will decide that
+ # this is a cross-build.
+ echo i586-pc-msdosdjgpp
+ exit ;;
+ Intel:Mach:3*:*)
+ echo i386-pc-mach3
+ exit ;;
+ paragon:*:*:*)
+ echo i860-intel-osf1
+ exit ;;
+ i860:*:4.*:*) # i860-SVR4
+ if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+ echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
+ else # Add other i860-SVR4 vendors below as they are discovered.
+ echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4
+ fi
+ exit ;;
+ mini*:CTIX:SYS*5:*)
+ # "miniframe"
+ echo m68010-convergent-sysv
+ exit ;;
+ mc68k:UNIX:SYSTEM5:3.51m)
+ echo m68k-convergent-sysv
+ exit ;;
+ M680?0:D-NIX:5.3:*)
+ echo m68k-diab-dnix
+ exit ;;
+ M68*:*:R3V[5678]*:*)
+ test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
+ 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
+ OS_REL=''
+ test -r /etc/.relid \
+ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+ /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+ 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && { echo i486-ncr-sysv4; exit; } ;;
+ NCR*:*:4.2:* | MPRAS*:*:4.2:*)
+ OS_REL='.3'
+ test -r /etc/.relid \
+ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+ /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; }
+ /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \
+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+ m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
+ echo m68k-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ mc68030:UNIX_System_V:4.*:*)
+ echo m68k-atari-sysv4
+ exit ;;
+ TSUNAMI:LynxOS:2.*:*)
+ echo sparc-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ rs6000:LynxOS:2.*:*)
+ echo rs6000-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*)
+ echo powerpc-unknown-lynxos${UNAME_RELEASE}
+ exit ;;
+ SM[BE]S:UNIX_SV:*:*)
+ echo mips-dde-sysv${UNAME_RELEASE}
+ exit ;;
+ RM*:ReliantUNIX-*:*:*)
+ echo mips-sni-sysv4
+ exit ;;
+ RM*:SINIX-*:*:*)
+ echo mips-sni-sysv4
+ exit ;;
+ *:SINIX-*:*:*)
+ if uname -p 2>/dev/null >/dev/null ; then
+ UNAME_MACHINE=`(uname -p) 2>/dev/null`
+ echo ${UNAME_MACHINE}-sni-sysv4
+ else
+ echo ns32k-sni-sysv
+ fi
+ exit ;;
+ PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+ # says <Richard.M.Bartel@ccMail.Census.GOV>
+ echo i586-unisys-sysv4
+ exit ;;
+ *:UNIX_System_V:4*:FTX*)
+ # From Gerald Hewes <hewes@openmarket.com>.
+ # How about differentiating between stratus architectures? -djm
+ echo hppa1.1-stratus-sysv4
+ exit ;;
+ *:*:*:FTX*)
+ # From seanf@swdc.stratus.com.
+ echo i860-stratus-sysv4
+ exit ;;
+ i*86:VOS:*:*)
+ # From Paul.Green@stratus.com.
+ echo ${UNAME_MACHINE}-stratus-vos
+ exit ;;
+ *:VOS:*:*)
+ # From Paul.Green@stratus.com.
+ echo hppa1.1-stratus-vos
+ exit ;;
+ mc68*:A/UX:*:*)
+ echo m68k-apple-aux${UNAME_RELEASE}
+ exit ;;
+ news*:NEWS-OS:6*:*)
+ echo mips-sony-newsos6
+ exit ;;
+ R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
+ if [ -d /usr/nec ]; then
+ echo mips-nec-sysv${UNAME_RELEASE}
+ else
+ echo mips-unknown-sysv${UNAME_RELEASE}
+ fi
+ exit ;;
+ BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
+ echo powerpc-be-beos
+ exit ;;
+ BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only.
+ echo powerpc-apple-beos
+ exit ;;
+ BePC:BeOS:*:*) # BeOS running on Intel PC compatible.
+ echo i586-pc-beos
+ exit ;;
+ BePC:Haiku:*:*) # Haiku running on Intel PC compatible.
+ echo i586-pc-haiku
+ exit ;;
+ SX-4:SUPER-UX:*:*)
+ echo sx4-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-5:SUPER-UX:*:*)
+ echo sx5-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-6:SUPER-UX:*:*)
+ echo sx6-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-7:SUPER-UX:*:*)
+ echo sx7-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-8:SUPER-UX:*:*)
+ echo sx8-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-8R:SUPER-UX:*:*)
+ echo sx8r-nec-superux${UNAME_RELEASE}
+ exit ;;
+ Power*:Rhapsody:*:*)
+ echo powerpc-apple-rhapsody${UNAME_RELEASE}
+ exit ;;
+ *:Rhapsody:*:*)
+ echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+ exit ;;
+ *:Darwin:*:*)
+ UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
+ case $UNAME_PROCESSOR in
+ i386)
+ eval $set_cc_for_build
+ if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+ if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
+ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+ grep IS_64BIT_ARCH >/dev/null
+ then
+ UNAME_PROCESSOR="x86_64"
+ fi
+ fi ;;
+ unknown) UNAME_PROCESSOR=powerpc ;;
+ esac
+ echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
+ exit ;;
+ *:procnto*:*:* | *:QNX:[0123456789]*:*)
+ UNAME_PROCESSOR=`uname -p`
+ if test "$UNAME_PROCESSOR" = "x86"; then
+ UNAME_PROCESSOR=i386
+ UNAME_MACHINE=pc
+ fi
+ echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
+ exit ;;
+ *:QNX:*:4*)
+ echo i386-pc-qnx
+ exit ;;
+ NSE-?:NONSTOP_KERNEL:*:*)
+ echo nse-tandem-nsk${UNAME_RELEASE}
+ exit ;;
+ NSR-?:NONSTOP_KERNEL:*:*)
+ echo nsr-tandem-nsk${UNAME_RELEASE}
+ exit ;;
+ *:NonStop-UX:*:*)
+ echo mips-compaq-nonstopux
+ exit ;;
+ BS2000:POSIX*:*:*)
+ echo bs2000-siemens-sysv
+ exit ;;
+ DS/*:UNIX_System_V:*:*)
+ echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
+ exit ;;
+ *:Plan9:*:*)
+ # "uname -m" is not consistent, so use $cputype instead. 386
+ # is converted to i386 for consistency with other x86
+ # operating systems.
+ if test "$cputype" = "386"; then
+ UNAME_MACHINE=i386
+ else
+ UNAME_MACHINE="$cputype"
+ fi
+ echo ${UNAME_MACHINE}-unknown-plan9
+ exit ;;
+ *:TOPS-10:*:*)
+ echo pdp10-unknown-tops10
+ exit ;;
+ *:TENEX:*:*)
+ echo pdp10-unknown-tenex
+ exit ;;
+ KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+ echo pdp10-dec-tops20
+ exit ;;
+ XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+ echo pdp10-xkl-tops20
+ exit ;;
+ *:TOPS-20:*:*)
+ echo pdp10-unknown-tops20
+ exit ;;
+ *:ITS:*:*)
+ echo pdp10-unknown-its
+ exit ;;
+ SEI:*:*:SEIUX)
+ echo mips-sei-seiux${UNAME_RELEASE}
+ exit ;;
+ *:DragonFly:*:*)
+ echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+ exit ;;
+ *:*VMS:*:*)
+ UNAME_MACHINE=`(uname -p) 2>/dev/null`
+ case "${UNAME_MACHINE}" in
+ A*) echo alpha-dec-vms ; exit ;;
+ I*) echo ia64-dec-vms ; exit ;;
+ V*) echo vax-dec-vms ; exit ;;
+ esac ;;
+ *:XENIX:*:SysV)
+ echo i386-pc-xenix
+ exit ;;
+ i*86:skyos:*:*)
+ echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+ exit ;;
+ i*86:rdos:*:*)
+ echo ${UNAME_MACHINE}-pc-rdos
+ exit ;;
+ i*86:AROS:*:*)
+ echo ${UNAME_MACHINE}-pc-aros
+ exit ;;
+esac
+
+#echo '(No uname command or uname output not recognized.)' 1>&2
+#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
+
+eval $set_cc_for_build
+cat >$dummy.c <<EOF
+#ifdef _SEQUENT_
+# include <sys/types.h>
+# include <sys/utsname.h>
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+ /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed,
+ I don't know.... */
+ printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+ printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+ "4"
+#else
+ ""
+#endif
+ ); exit (0);
+#endif
+#endif
+
+#if defined (__arm) && defined (__acorn) && defined (__unix)
+ printf ("arm-acorn-riscix\n"); exit (0);
+#endif
+
+#if defined (hp300) && !defined (hpux)
+ printf ("m68k-hp-bsd\n"); exit (0);
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+ int version;
+ version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+ if (version < 4)
+ printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+ else
+ printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
+ exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+ printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+ printf ("ns32k-encore-mach\n"); exit (0);
+#else
+ printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+ printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+ printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+ printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+ struct utsname un;
+
+ uname(&un);
+
+ if (strncmp(un.version, "V2", 2) == 0) {
+ printf ("i386-sequent-ptx2\n"); exit (0);
+ }
+ if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+ printf ("i386-sequent-ptx1\n"); exit (0);
+ }
+ printf ("i386-sequent-ptx\n"); exit (0);
+
+#endif
+
+#if defined (vax)
+# if !defined (ultrix)
+# include <sys/param.h>
+# if defined (BSD)
+# if BSD == 43
+ printf ("vax-dec-bsd4.3\n"); exit (0);
+# else
+# if BSD == 199006
+ printf ("vax-dec-bsd4.3reno\n"); exit (0);
+# else
+ printf ("vax-dec-bsd\n"); exit (0);
+# endif
+# endif
+# else
+ printf ("vax-dec-bsd\n"); exit (0);
+# endif
+# else
+ printf ("vax-dec-ultrix\n"); exit (0);
+# endif
+#endif
+
+#if defined (alliant) && defined (i860)
+ printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+ exit (1);
+}
+EOF
+
+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
+ { echo "$SYSTEM_NAME"; exit; }
+
+# Apollos put the system type in the environment.
+
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
+
+# Convex versions that predate uname can use getsysinfo(1)
+
+if [ -x /usr/convex/getsysinfo ]
+then
+ case `getsysinfo -f cpu_type` in
+ c1*)
+ echo c1-convex-bsd
+ exit ;;
+ c2*)
+ if getsysinfo -f scalar_acc
+ then echo c32-convex-bsd
+ else echo c2-convex-bsd
+ fi
+ exit ;;
+ c34*)
+ echo c34-convex-bsd
+ exit ;;
+ c38*)
+ echo c38-convex-bsd
+ exit ;;
+ c4*)
+ echo c4-convex-bsd
+ exit ;;
+ esac
+fi
+
+cat >&2 <<EOF
+$0: unable to guess system type
+
+This script, last modified $timestamp, has failed to recognize
+the operating system you are using. It is advised that you
+download the most up to date version of the config scripts from
+
+ http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
+and
+ http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+
+If the version you run ($0) is already up to date, please
+send the following data and any information you think might be
+pertinent to <config-patches@gnu.org> in order to provide the needed
+information to handle your system.
+
+config.guess timestamp = $timestamp
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo = `(hostinfo) 2>/dev/null`
+/bin/universe = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = ${UNAME_MACHINE}
+UNAME_RELEASE = ${UNAME_RELEASE}
+UNAME_SYSTEM = ${UNAME_SYSTEM}
+UNAME_VERSION = ${UNAME_VERSION}
+EOF
+
+exit 1
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/config.h.in b/config.h.in
new file mode 100644
index 00000000..b67643ff
--- /dev/null
+++ b/config.h.in
@@ -0,0 +1,134 @@
+/* config.h.in. Generated from configure.in by autoheader. */
+
+/* Define to 1 if you have the <ansidecl.h> header file. */
+#undef HAVE_ANSIDECL_H
+
+/* Define to 1 if you have the <ctype.h> header file. */
+#undef HAVE_CTYPE_H
+
+/* Define to 1 if you have the <dirent.h> header file, and it defines `DIR'.
+ */
+#undef HAVE_DIRENT_H
+
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#undef HAVE_DLFCN_H
+
+/* Define to 1 if you have the <errno.h> header file. */
+#undef HAVE_ERRNO_H
+
+/* Define to 1 if you have the `fprintf' function. */
+#undef HAVE_FPRINTF
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#undef HAVE_INTTYPES_H
+
+/* Define to 1 if you have the <memory.h> header file. */
+#undef HAVE_MEMORY_H
+
+/* Define to 1 if you have the <ndir.h> header file, and it defines `DIR'. */
+#undef HAVE_NDIR_H
+
+/* Define to 1 if you have the `printf' function. */
+#undef HAVE_PRINTF
+
+/* Define to 1 if you have the `snprintf' function. */
+#undef HAVE_SNPRINTF
+
+/* Define to 1 if you have the `sprintf' function. */
+#undef HAVE_SPRINTF
+
+/* Define to 1 if you have the `sscanf' function. */
+#undef HAVE_SSCANF
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_STDINT_H
+
+/* Define to 1 if you have the <stdio.h> header file. */
+#undef HAVE_STDIO_H
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#undef HAVE_STDLIB_H
+
+/* Define to 1 if you have the `strchr' function. */
+#undef HAVE_STRCHR
+
+/* Define to 1 if you have the <strings.h> header file. */
+#undef HAVE_STRINGS_H
+
+/* Define to 1 if you have the <string.h> header file. */
+#undef HAVE_STRING_H
+
+/* Define to 1 if you have the `strrchr' function. */
+#undef HAVE_STRRCHR
+
+/* Define to 1 if you have the <sys/dir.h> header file, and it defines `DIR'.
+ */
+#undef HAVE_SYS_DIR_H
+
+/* Define to 1 if you have the <sys/ndir.h> header file, and it defines `DIR'.
+ */
+#undef HAVE_SYS_NDIR_H
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#undef HAVE_SYS_STAT_H
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#undef HAVE_SYS_TYPES_H
+
+/* Define to 1 if you have the `timegm' function. */
+#undef HAVE_TIMEGM
+
+/* Define to 1 if you have the <time.h> header file. */
+#undef HAVE_TIME_H
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#undef HAVE_UNISTD_H
+
+/* Define to 1 if you have the `vfprintf' function. */
+#undef HAVE_VFPRINTF
+
+/* Define to 1 if you have the `vsnprintf' function. */
+#undef HAVE_VSNPRINTF
+
+/* Define to 1 if you have the `vsprintf' function. */
+#undef HAVE_VSPRINTF
+
+/* Define to the sub-directory in which libtool stores uninstalled libraries.
+ */
+#undef LT_OBJDIR
+
+/* Name of package */
+#undef PACKAGE
+
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the home page for this package. */
+#undef PACKAGE_URL
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* Define to 1 if the C compiler supports function prototypes. */
+#undef PROTOTYPES
+
+/* The size of `size_t', as computed by sizeof. */
+#undef SIZEOF_SIZE_T
+
+/* Define to 1 if you have the ANSI C header files. */
+#undef STDC_HEADERS
+
+/* Version number of package */
+#undef VERSION
+
+/* Define like PROTOTYPES; this can be used by system headers. */
+#undef __PROTOTYPES
diff --git a/config.sub b/config.sub
new file mode 100755
index 00000000..c2d12572
--- /dev/null
+++ b/config.sub
@@ -0,0 +1,1714 @@
+#! /bin/sh
+# Configuration validation subroutine script.
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010
+# Free Software Foundation, Inc.
+
+timestamp='2010-01-22'
+
+# This file is (in principle) common to ALL GNU software.
+# The presence of a machine in this file suggests that SOME GNU software
+# can handle that machine. It does not imply ALL GNU software can.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Please send patches to <config-patches@gnu.org>. Submit a context
+# diff and a properly formatted GNU ChangeLog entry.
+#
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support. The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS
+ $0 [OPTION] ALIAS
+
+Canonicalize a configuration name.
+
+Operation modes:
+ -h, --help print this help, then exit
+ -t, --time-stamp print date of last modification, then exit
+ -v, --version print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
+2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free
+Software Foundation, Inc.
+
+This is free software; see the source for copying conditions. There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+ case $1 in
+ --time-stamp | --time* | -t )
+ echo "$timestamp" ; exit ;;
+ --version | -v )
+ echo "$version" ; exit ;;
+ --help | --h* | -h )
+ echo "$usage"; exit ;;
+ -- ) # Stop option processing
+ shift; break ;;
+ - ) # Use stdin as input.
+ break ;;
+ -* )
+ echo "$me: invalid option $1$help"
+ exit 1 ;;
+
+ *local*)
+ # First pass through any local machine types.
+ echo $1
+ exit ;;
+
+ * )
+ break ;;
+ esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+ exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+ exit 1;;
+esac
+
+# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
+# Here we must recognize all the valid KERNEL-OS combinations.
+maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+case $maybe_os in
+ nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \
+ uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \
+ kopensolaris*-gnu* | \
+ storm-chaos* | os2-emx* | rtmk-nova*)
+ os=-$maybe_os
+ basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+ ;;
+ *)
+ basic_machine=`echo $1 | sed 's/-[^-]*$//'`
+ if [ $basic_machine != $1 ]
+ then os=`echo $1 | sed 's/.*-/-/'`
+ else os=; fi
+ ;;
+esac
+
+### Let's recognize common machines as not being operating systems so
+### that things like config.sub decstation-3100 work. We also
+### recognize some manufacturers as not being operating systems, so we
+### can provide default operating systems below.
+case $os in
+ -sun*os*)
+ # Prevent following clause from handling this invalid input.
+ ;;
+ -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
+ -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
+ -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
+ -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
+ -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
+ -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+ -apple | -axis | -knuth | -cray | -microblaze)
+ os=
+ basic_machine=$1
+ ;;
+ -bluegene*)
+ os=-cnk
+ ;;
+ -sim | -cisco | -oki | -wec | -winbond)
+ os=
+ basic_machine=$1
+ ;;
+ -scout)
+ ;;
+ -wrs)
+ os=-vxworks
+ basic_machine=$1
+ ;;
+ -chorusos*)
+ os=-chorusos
+ basic_machine=$1
+ ;;
+ -chorusrdb)
+ os=-chorusrdb
+ basic_machine=$1
+ ;;
+ -hiux*)
+ os=-hiuxwe2
+ ;;
+ -sco6)
+ os=-sco5v6
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco5)
+ os=-sco3.2v5
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco4)
+ os=-sco3.2v4
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco3.2.[4-9]*)
+ os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco3.2v[4-9]*)
+ # Don't forget version if it is 3.2v4 or newer.
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco5v6*)
+ # Don't forget version if it is 3.2v4 or newer.
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -sco*)
+ os=-sco3.2v2
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -udk*)
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -isc)
+ os=-isc2.2
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -clix*)
+ basic_machine=clipper-intergraph
+ ;;
+ -isc*)
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+ ;;
+ -lynx*)
+ os=-lynxos
+ ;;
+ -ptx*)
+ basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
+ ;;
+ -windowsnt*)
+ os=`echo $os | sed -e 's/windowsnt/winnt/'`
+ ;;
+ -psos*)
+ os=-psos
+ ;;
+ -mint | -mint[0-9]*)
+ basic_machine=m68k-atari
+ os=-mint
+ ;;
+esac
+
+# Decode aliases for certain CPU-COMPANY combinations.
+case $basic_machine in
+ # Recognize the basic CPU types without company name.
+ # Some are omitted here because they have special meanings below.
+ 1750a | 580 \
+ | a29k \
+ | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+ | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+ | am33_2.0 \
+ | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
+ | bfin \
+ | c4x | clipper \
+ | d10v | d30v | dlx | dsp16xx \
+ | fido | fr30 | frv \
+ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+ | i370 | i860 | i960 | ia64 \
+ | ip2k | iq2000 \
+ | lm32 \
+ | m32c | m32r | m32rle | m68000 | m68k | m88k \
+ | maxq | mb | microblaze | mcore | mep | metag \
+ | mips | mipsbe | mipseb | mipsel | mipsle \
+ | mips16 \
+ | mips64 | mips64el \
+ | mips64octeon | mips64octeonel \
+ | mips64orion | mips64orionel \
+ | mips64r5900 | mips64r5900el \
+ | mips64vr | mips64vrel \
+ | mips64vr4100 | mips64vr4100el \
+ | mips64vr4300 | mips64vr4300el \
+ | mips64vr5000 | mips64vr5000el \
+ | mips64vr5900 | mips64vr5900el \
+ | mipsisa32 | mipsisa32el \
+ | mipsisa32r2 | mipsisa32r2el \
+ | mipsisa64 | mipsisa64el \
+ | mipsisa64r2 | mipsisa64r2el \
+ | mipsisa64sb1 | mipsisa64sb1el \
+ | mipsisa64sr71k | mipsisa64sr71kel \
+ | mipstx39 | mipstx39el \
+ | mn10200 | mn10300 \
+ | moxie \
+ | mt \
+ | msp430 \
+ | nios | nios2 \
+ | ns16k | ns32k \
+ | or32 \
+ | pdp10 | pdp11 | pj | pjl \
+ | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
+ | pyramid \
+ | rx \
+ | score \
+ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
+ | sh64 | sh64le \
+ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
+ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \
+ | spu | strongarm \
+ | tahoe | thumb | tic4x | tic80 | tron \
+ | ubicom32 \
+ | v850 | v850e \
+ | we32k \
+ | x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \
+ | z8k | z80)
+ basic_machine=$basic_machine-unknown
+ ;;
+ m6811 | m68hc11 | m6812 | m68hc12 | picochip)
+ # Motorola 68HC11/12.
+ basic_machine=$basic_machine-unknown
+ os=-none
+ ;;
+ m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
+ ;;
+ ms1)
+ basic_machine=mt-unknown
+ ;;
+
+ # We use `pc' rather than `unknown'
+ # because (1) that's what they normally are, and
+ # (2) the word "unknown" tends to confuse beginning users.
+ i*86 | x86_64)
+ basic_machine=$basic_machine-pc
+ ;;
+ # Object if more than one company name word.
+ *-*-*)
+ echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+ exit 1
+ ;;
+ # Recognize the basic CPU types with company name.
+ 580-* \
+ | a29k-* \
+ | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
+ | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
+ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
+ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \
+ | avr-* | avr32-* \
+ | bfin-* | bs2000-* \
+ | c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
+ | clipper-* | craynv-* | cydra-* \
+ | d10v-* | d30v-* | dlx-* \
+ | elxsi-* \
+ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
+ | h8300-* | h8500-* \
+ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+ | i*86-* | i860-* | i960-* | ia64-* \
+ | ip2k-* | iq2000-* \
+ | lm32-* \
+ | m32c-* | m32r-* | m32rle-* \
+ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
+ | m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \
+ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
+ | mips16-* \
+ | mips64-* | mips64el-* \
+ | mips64octeon-* | mips64octeonel-* \
+ | mips64orion-* | mips64orionel-* \
+ | mips64r5900-* | mips64r5900el-* \
+ | mips64vr-* | mips64vrel-* \
+ | mips64vr4100-* | mips64vr4100el-* \
+ | mips64vr4300-* | mips64vr4300el-* \
+ | mips64vr5000-* | mips64vr5000el-* \
+ | mips64vr5900-* | mips64vr5900el-* \
+ | mipsisa32-* | mipsisa32el-* \
+ | mipsisa32r2-* | mipsisa32r2el-* \
+ | mipsisa64-* | mipsisa64el-* \
+ | mipsisa64r2-* | mipsisa64r2el-* \
+ | mipsisa64sb1-* | mipsisa64sb1el-* \
+ | mipsisa64sr71k-* | mipsisa64sr71kel-* \
+ | mipstx39-* | mipstx39el-* \
+ | mmix-* \
+ | mt-* \
+ | msp430-* \
+ | nios-* | nios2-* \
+ | none-* | np1-* | ns16k-* | ns32k-* \
+ | orion-* \
+ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
+ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
+ | pyramid-* \
+ | romp-* | rs6000-* | rx-* \
+ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
+ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
+ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
+ | sparclite-* \
+ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \
+ | tahoe-* | thumb-* \
+ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
+ | tile-* | tilegx-* \
+ | tron-* \
+ | ubicom32-* \
+ | v850-* | v850e-* | vax-* \
+ | we32k-* \
+ | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \
+ | xstormy16-* | xtensa*-* \
+ | ymp-* \
+ | z8k-* | z80-*)
+ ;;
+ # Recognize the basic CPU types without company name, with glob match.
+ xtensa*)
+ basic_machine=$basic_machine-unknown
+ ;;
+ # Recognize the various machine names and aliases which stand
+ # for a CPU type and a company and sometimes even an OS.
+ 386bsd)
+ basic_machine=i386-unknown
+ os=-bsd
+ ;;
+ 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+ basic_machine=m68000-att
+ ;;
+ 3b*)
+ basic_machine=we32k-att
+ ;;
+ a29khif)
+ basic_machine=a29k-amd
+ os=-udi
+ ;;
+ abacus)
+ basic_machine=abacus-unknown
+ ;;
+ adobe68k)
+ basic_machine=m68010-adobe
+ os=-scout
+ ;;
+ alliant | fx80)
+ basic_machine=fx80-alliant
+ ;;
+ altos | altos3068)
+ basic_machine=m68k-altos
+ ;;
+ am29k)
+ basic_machine=a29k-none
+ os=-bsd
+ ;;
+ amd64)
+ basic_machine=x86_64-pc
+ ;;
+ amd64-*)
+ basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ amdahl)
+ basic_machine=580-amdahl
+ os=-sysv
+ ;;
+ amiga | amiga-*)
+ basic_machine=m68k-unknown
+ ;;
+ amigaos | amigados)
+ basic_machine=m68k-unknown
+ os=-amigaos
+ ;;
+ amigaunix | amix)
+ basic_machine=m68k-unknown
+ os=-sysv4
+ ;;
+ apollo68)
+ basic_machine=m68k-apollo
+ os=-sysv
+ ;;
+ apollo68bsd)
+ basic_machine=m68k-apollo
+ os=-bsd
+ ;;
+ aros)
+ basic_machine=i386-pc
+ os=-aros
+ ;;
+ aux)
+ basic_machine=m68k-apple
+ os=-aux
+ ;;
+ balance)
+ basic_machine=ns32k-sequent
+ os=-dynix
+ ;;
+ blackfin)
+ basic_machine=bfin-unknown
+ os=-linux
+ ;;
+ blackfin-*)
+ basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'`
+ os=-linux
+ ;;
+ bluegene*)
+ basic_machine=powerpc-ibm
+ os=-cnk
+ ;;
+ c90)
+ basic_machine=c90-cray
+ os=-unicos
+ ;;
+ cegcc)
+ basic_machine=arm-unknown
+ os=-cegcc
+ ;;
+ convex-c1)
+ basic_machine=c1-convex
+ os=-bsd
+ ;;
+ convex-c2)
+ basic_machine=c2-convex
+ os=-bsd
+ ;;
+ convex-c32)
+ basic_machine=c32-convex
+ os=-bsd
+ ;;
+ convex-c34)
+ basic_machine=c34-convex
+ os=-bsd
+ ;;
+ convex-c38)
+ basic_machine=c38-convex
+ os=-bsd
+ ;;
+ cray | j90)
+ basic_machine=j90-cray
+ os=-unicos
+ ;;
+ craynv)
+ basic_machine=craynv-cray
+ os=-unicosmp
+ ;;
+ cr16)
+ basic_machine=cr16-unknown
+ os=-elf
+ ;;
+ crds | unos)
+ basic_machine=m68k-crds
+ ;;
+ crisv32 | crisv32-* | etraxfs*)
+ basic_machine=crisv32-axis
+ ;;
+ cris | cris-* | etrax*)
+ basic_machine=cris-axis
+ ;;
+ crx)
+ basic_machine=crx-unknown
+ os=-elf
+ ;;
+ da30 | da30-*)
+ basic_machine=m68k-da30
+ ;;
+ decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
+ basic_machine=mips-dec
+ ;;
+ decsystem10* | dec10*)
+ basic_machine=pdp10-dec
+ os=-tops10
+ ;;
+ decsystem20* | dec20*)
+ basic_machine=pdp10-dec
+ os=-tops20
+ ;;
+ delta | 3300 | motorola-3300 | motorola-delta \
+ | 3300-motorola | delta-motorola)
+ basic_machine=m68k-motorola
+ ;;
+ delta88)
+ basic_machine=m88k-motorola
+ os=-sysv3
+ ;;
+ dicos)
+ basic_machine=i686-pc
+ os=-dicos
+ ;;
+ djgpp)
+ basic_machine=i586-pc
+ os=-msdosdjgpp
+ ;;
+ dpx20 | dpx20-*)
+ basic_machine=rs6000-bull
+ os=-bosx
+ ;;
+ dpx2* | dpx2*-bull)
+ basic_machine=m68k-bull
+ os=-sysv3
+ ;;
+ ebmon29k)
+ basic_machine=a29k-amd
+ os=-ebmon
+ ;;
+ elxsi)
+ basic_machine=elxsi-elxsi
+ os=-bsd
+ ;;
+ encore | umax | mmax)
+ basic_machine=ns32k-encore
+ ;;
+ es1800 | OSE68k | ose68k | ose | OSE)
+ basic_machine=m68k-ericsson
+ os=-ose
+ ;;
+ fx2800)
+ basic_machine=i860-alliant
+ ;;
+ genix)
+ basic_machine=ns32k-ns
+ ;;
+ gmicro)
+ basic_machine=tron-gmicro
+ os=-sysv
+ ;;
+ go32)
+ basic_machine=i386-pc
+ os=-go32
+ ;;
+ h3050r* | hiux*)
+ basic_machine=hppa1.1-hitachi
+ os=-hiuxwe2
+ ;;
+ h8300hms)
+ basic_machine=h8300-hitachi
+ os=-hms
+ ;;
+ h8300xray)
+ basic_machine=h8300-hitachi
+ os=-xray
+ ;;
+ h8500hms)
+ basic_machine=h8500-hitachi
+ os=-hms
+ ;;
+ harris)
+ basic_machine=m88k-harris
+ os=-sysv3
+ ;;
+ hp300-*)
+ basic_machine=m68k-hp
+ ;;
+ hp300bsd)
+ basic_machine=m68k-hp
+ os=-bsd
+ ;;
+ hp300hpux)
+ basic_machine=m68k-hp
+ os=-hpux
+ ;;
+ hp3k9[0-9][0-9] | hp9[0-9][0-9])
+ basic_machine=hppa1.0-hp
+ ;;
+ hp9k2[0-9][0-9] | hp9k31[0-9])
+ basic_machine=m68000-hp
+ ;;
+ hp9k3[2-9][0-9])
+ basic_machine=m68k-hp
+ ;;
+ hp9k6[0-9][0-9] | hp6[0-9][0-9])
+ basic_machine=hppa1.0-hp
+ ;;
+ hp9k7[0-79][0-9] | hp7[0-79][0-9])
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k78[0-9] | hp78[0-9])
+ # FIXME: really hppa2.0-hp
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+ # FIXME: really hppa2.0-hp
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k8[0-9][13679] | hp8[0-9][13679])
+ basic_machine=hppa1.1-hp
+ ;;
+ hp9k8[0-9][0-9] | hp8[0-9][0-9])
+ basic_machine=hppa1.0-hp
+ ;;
+ hppa-next)
+ os=-nextstep3
+ ;;
+ hppaosf)
+ basic_machine=hppa1.1-hp
+ os=-osf
+ ;;
+ hppro)
+ basic_machine=hppa1.1-hp
+ os=-proelf
+ ;;
+ i370-ibm* | ibm*)
+ basic_machine=i370-ibm
+ ;;
+# I'm not sure what "Sysv32" means. Should this be sysv3.2?
+ i*86v32)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv32
+ ;;
+ i*86v4*)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv4
+ ;;
+ i*86v)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-sysv
+ ;;
+ i*86sol2)
+ basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+ os=-solaris2
+ ;;
+ i386mach)
+ basic_machine=i386-mach
+ os=-mach
+ ;;
+ i386-vsta | vsta)
+ basic_machine=i386-unknown
+ os=-vsta
+ ;;
+ iris | iris4d)
+ basic_machine=mips-sgi
+ case $os in
+ -irix*)
+ ;;
+ *)
+ os=-irix4
+ ;;
+ esac
+ ;;
+ isi68 | isi)
+ basic_machine=m68k-isi
+ os=-sysv
+ ;;
+ m68knommu)
+ basic_machine=m68k-unknown
+ os=-linux
+ ;;
+ m68knommu-*)
+ basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'`
+ os=-linux
+ ;;
+ m88k-omron*)
+ basic_machine=m88k-omron
+ ;;
+ magnum | m3230)
+ basic_machine=mips-mips
+ os=-sysv
+ ;;
+ merlin)
+ basic_machine=ns32k-utek
+ os=-sysv
+ ;;
+ microblaze)
+ basic_machine=microblaze-xilinx
+ ;;
+ mingw32)
+ basic_machine=i386-pc
+ os=-mingw32
+ ;;
+ mingw32ce)
+ basic_machine=arm-unknown
+ os=-mingw32ce
+ ;;
+ miniframe)
+ basic_machine=m68000-convergent
+ ;;
+ *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
+ basic_machine=m68k-atari
+ os=-mint
+ ;;
+ mips3*-*)
+ basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
+ ;;
+ mips3*)
+ basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
+ ;;
+ monitor)
+ basic_machine=m68k-rom68k
+ os=-coff
+ ;;
+ morphos)
+ basic_machine=powerpc-unknown
+ os=-morphos
+ ;;
+ msdos)
+ basic_machine=i386-pc
+ os=-msdos
+ ;;
+ ms1-*)
+ basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
+ ;;
+ mvs)
+ basic_machine=i370-ibm
+ os=-mvs
+ ;;
+ ncr3000)
+ basic_machine=i486-ncr
+ os=-sysv4
+ ;;
+ netbsd386)
+ basic_machine=i386-unknown
+ os=-netbsd
+ ;;
+ netwinder)
+ basic_machine=armv4l-rebel
+ os=-linux
+ ;;
+ news | news700 | news800 | news900)
+ basic_machine=m68k-sony
+ os=-newsos
+ ;;
+ news1000)
+ basic_machine=m68030-sony
+ os=-newsos
+ ;;
+ news-3600 | risc-news)
+ basic_machine=mips-sony
+ os=-newsos
+ ;;
+ necv70)
+ basic_machine=v70-nec
+ os=-sysv
+ ;;
+ next | m*-next )
+ basic_machine=m68k-next
+ case $os in
+ -nextstep* )
+ ;;
+ -ns2*)
+ os=-nextstep2
+ ;;
+ *)
+ os=-nextstep3
+ ;;
+ esac
+ ;;
+ nh3000)
+ basic_machine=m68k-harris
+ os=-cxux
+ ;;
+ nh[45]000)
+ basic_machine=m88k-harris
+ os=-cxux
+ ;;
+ nindy960)
+ basic_machine=i960-intel
+ os=-nindy
+ ;;
+ mon960)
+ basic_machine=i960-intel
+ os=-mon960
+ ;;
+ nonstopux)
+ basic_machine=mips-compaq
+ os=-nonstopux
+ ;;
+ np1)
+ basic_machine=np1-gould
+ ;;
+ nsr-tandem)
+ basic_machine=nsr-tandem
+ ;;
+ op50n-* | op60c-*)
+ basic_machine=hppa1.1-oki
+ os=-proelf
+ ;;
+ openrisc | openrisc-*)
+ basic_machine=or32-unknown
+ ;;
+ os400)
+ basic_machine=powerpc-ibm
+ os=-os400
+ ;;
+ OSE68000 | ose68000)
+ basic_machine=m68000-ericsson
+ os=-ose
+ ;;
+ os68k)
+ basic_machine=m68k-none
+ os=-os68k
+ ;;
+ pa-hitachi)
+ basic_machine=hppa1.1-hitachi
+ os=-hiuxwe2
+ ;;
+ paragon)
+ basic_machine=i860-intel
+ os=-osf
+ ;;
+ parisc)
+ basic_machine=hppa-unknown
+ os=-linux
+ ;;
+ parisc-*)
+ basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'`
+ os=-linux
+ ;;
+ pbd)
+ basic_machine=sparc-tti
+ ;;
+ pbb)
+ basic_machine=m68k-tti
+ ;;
+ pc532 | pc532-*)
+ basic_machine=ns32k-pc532
+ ;;
+ pc98)
+ basic_machine=i386-pc
+ ;;
+ pc98-*)
+ basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentium | p5 | k5 | k6 | nexgen | viac3)
+ basic_machine=i586-pc
+ ;;
+ pentiumpro | p6 | 6x86 | athlon | athlon_*)
+ basic_machine=i686-pc
+ ;;
+ pentiumii | pentium2 | pentiumiii | pentium3)
+ basic_machine=i686-pc
+ ;;
+ pentium4)
+ basic_machine=i786-pc
+ ;;
+ pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+ basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentiumpro-* | p6-* | 6x86-* | athlon-*)
+ basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+ basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pentium4-*)
+ basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ pn)
+ basic_machine=pn-gould
+ ;;
+ power) basic_machine=power-ibm
+ ;;
+ ppc) basic_machine=powerpc-unknown
+ ;;
+ ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ppcle | powerpclittle | ppc-le | powerpc-little)
+ basic_machine=powerpcle-unknown
+ ;;
+ ppcle-* | powerpclittle-*)
+ basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ppc64) basic_machine=powerpc64-unknown
+ ;;
+ ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ppc64le | powerpc64little | ppc64-le | powerpc64-little)
+ basic_machine=powerpc64le-unknown
+ ;;
+ ppc64le-* | powerpc64little-*)
+ basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
+ ;;
+ ps2)
+ basic_machine=i386-ibm
+ ;;
+ pw32)
+ basic_machine=i586-unknown
+ os=-pw32
+ ;;
+ rdos)
+ basic_machine=i386-pc
+ os=-rdos
+ ;;
+ rom68k)
+ basic_machine=m68k-rom68k
+ os=-coff
+ ;;
+ rm[46]00)
+ basic_machine=mips-siemens
+ ;;
+ rtpc | rtpc-*)
+ basic_machine=romp-ibm
+ ;;
+ s390 | s390-*)
+ basic_machine=s390-ibm
+ ;;
+ s390x | s390x-*)
+ basic_machine=s390x-ibm
+ ;;
+ sa29200)
+ basic_machine=a29k-amd
+ os=-udi
+ ;;
+ sb1)
+ basic_machine=mipsisa64sb1-unknown
+ ;;
+ sb1el)
+ basic_machine=mipsisa64sb1el-unknown
+ ;;
+ sde)
+ basic_machine=mipsisa32-sde
+ os=-elf
+ ;;
+ sei)
+ basic_machine=mips-sei
+ os=-seiux
+ ;;
+ sequent)
+ basic_machine=i386-sequent
+ ;;
+ sh)
+ basic_machine=sh-hitachi
+ os=-hms
+ ;;
+ sh5el)
+ basic_machine=sh5le-unknown
+ ;;
+ sh64)
+ basic_machine=sh64-unknown
+ ;;
+ sparclite-wrs | simso-wrs)
+ basic_machine=sparclite-wrs
+ os=-vxworks
+ ;;
+ sps7)
+ basic_machine=m68k-bull
+ os=-sysv2
+ ;;
+ spur)
+ basic_machine=spur-unknown
+ ;;
+ st2000)
+ basic_machine=m68k-tandem
+ ;;
+ stratus)
+ basic_machine=i860-stratus
+ os=-sysv4
+ ;;
+ sun2)
+ basic_machine=m68000-sun
+ ;;
+ sun2os3)
+ basic_machine=m68000-sun
+ os=-sunos3
+ ;;
+ sun2os4)
+ basic_machine=m68000-sun
+ os=-sunos4
+ ;;
+ sun3os3)
+ basic_machine=m68k-sun
+ os=-sunos3
+ ;;
+ sun3os4)
+ basic_machine=m68k-sun
+ os=-sunos4
+ ;;
+ sun4os3)
+ basic_machine=sparc-sun
+ os=-sunos3
+ ;;
+ sun4os4)
+ basic_machine=sparc-sun
+ os=-sunos4
+ ;;
+ sun4sol2)
+ basic_machine=sparc-sun
+ os=-solaris2
+ ;;
+ sun3 | sun3-*)
+ basic_machine=m68k-sun
+ ;;
+ sun4)
+ basic_machine=sparc-sun
+ ;;
+ sun386 | sun386i | roadrunner)
+ basic_machine=i386-sun
+ ;;
+ sv1)
+ basic_machine=sv1-cray
+ os=-unicos
+ ;;
+ symmetry)
+ basic_machine=i386-sequent
+ os=-dynix
+ ;;
+ t3e)
+ basic_machine=alphaev5-cray
+ os=-unicos
+ ;;
+ t90)
+ basic_machine=t90-cray
+ os=-unicos
+ ;;
+ tic54x | c54x*)
+ basic_machine=tic54x-unknown
+ os=-coff
+ ;;
+ tic55x | c55x*)
+ basic_machine=tic55x-unknown
+ os=-coff
+ ;;
+ tic6x | c6x*)
+ basic_machine=tic6x-unknown
+ os=-coff
+ ;;
+ # This must be matched before tile*.
+ tilegx*)
+ basic_machine=tilegx-unknown
+ os=-linux-gnu
+ ;;
+ tile*)
+ basic_machine=tile-unknown
+ os=-linux-gnu
+ ;;
+ tx39)
+ basic_machine=mipstx39-unknown
+ ;;
+ tx39el)
+ basic_machine=mipstx39el-unknown
+ ;;
+ toad1)
+ basic_machine=pdp10-xkl
+ os=-tops20
+ ;;
+ tower | tower-32)
+ basic_machine=m68k-ncr
+ ;;
+ tpf)
+ basic_machine=s390x-ibm
+ os=-tpf
+ ;;
+ udi29k)
+ basic_machine=a29k-amd
+ os=-udi
+ ;;
+ ultra3)
+ basic_machine=a29k-nyu
+ os=-sym1
+ ;;
+ v810 | necv810)
+ basic_machine=v810-nec
+ os=-none
+ ;;
+ vaxv)
+ basic_machine=vax-dec
+ os=-sysv
+ ;;
+ vms)
+ basic_machine=vax-dec
+ os=-vms
+ ;;
+ vpp*|vx|vx-*)
+ basic_machine=f301-fujitsu
+ ;;
+ vxworks960)
+ basic_machine=i960-wrs
+ os=-vxworks
+ ;;
+ vxworks68)
+ basic_machine=m68k-wrs
+ os=-vxworks
+ ;;
+ vxworks29k)
+ basic_machine=a29k-wrs
+ os=-vxworks
+ ;;
+ w65*)
+ basic_machine=w65-wdc
+ os=-none
+ ;;
+ w89k-*)
+ basic_machine=hppa1.1-winbond
+ os=-proelf
+ ;;
+ xbox)
+ basic_machine=i686-pc
+ os=-mingw32
+ ;;
+ xps | xps100)
+ basic_machine=xps100-honeywell
+ ;;
+ ymp)
+ basic_machine=ymp-cray
+ os=-unicos
+ ;;
+ z8k-*-coff)
+ basic_machine=z8k-unknown
+ os=-sim
+ ;;
+ z80-*-coff)
+ basic_machine=z80-unknown
+ os=-sim
+ ;;
+ none)
+ basic_machine=none-none
+ os=-none
+ ;;
+
+# Here we handle the default manufacturer of certain CPU types. It is in
+# some cases the only manufacturer, in others, it is the most popular.
+ w89k)
+ basic_machine=hppa1.1-winbond
+ ;;
+ op50n)
+ basic_machine=hppa1.1-oki
+ ;;
+ op60c)
+ basic_machine=hppa1.1-oki
+ ;;
+ romp)
+ basic_machine=romp-ibm
+ ;;
+ mmix)
+ basic_machine=mmix-knuth
+ ;;
+ rs6000)
+ basic_machine=rs6000-ibm
+ ;;
+ vax)
+ basic_machine=vax-dec
+ ;;
+ pdp10)
+ # there are many clones, so DEC is not a safe bet
+ basic_machine=pdp10-unknown
+ ;;
+ pdp11)
+ basic_machine=pdp11-dec
+ ;;
+ we32k)
+ basic_machine=we32k-att
+ ;;
+ sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele)
+ basic_machine=sh-unknown
+ ;;
+ sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
+ basic_machine=sparc-sun
+ ;;
+ cydra)
+ basic_machine=cydra-cydrome
+ ;;
+ orion)
+ basic_machine=orion-highlevel
+ ;;
+ orion105)
+ basic_machine=clipper-highlevel
+ ;;
+ mac | mpw | mac-mpw)
+ basic_machine=m68k-apple
+ ;;
+ pmac | pmac-mpw)
+ basic_machine=powerpc-apple
+ ;;
+ *-unknown)
+ # Make sure to match an already-canonicalized machine name.
+ ;;
+ *)
+ echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+ exit 1
+ ;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $basic_machine in
+ *-digital*)
+ basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
+ ;;
+ *-commodore*)
+ basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
+ ;;
+ *)
+ ;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if [ x"$os" != x"" ]
+then
+case $os in
+ # First match some system type aliases
+ # that might get confused with valid system types.
+ # -solaris* is a basic system type, with this one exception.
+ -auroraux)
+ os=-auroraux
+ ;;
+ -solaris1 | -solaris1.*)
+ os=`echo $os | sed -e 's|solaris1|sunos4|'`
+ ;;
+ -solaris)
+ os=-solaris2
+ ;;
+ -svr4*)
+ os=-sysv4
+ ;;
+ -unixware*)
+ os=-sysv4.2uw
+ ;;
+ -gnu/linux*)
+ os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+ ;;
+ # First accept the basic system types.
+ # The portable systems comes first.
+ # Each alternative MUST END IN A *, to match a version number.
+ # -sysv* is not here because it comes later, after sysvr4.
+ -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
+ | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
+ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \
+ | -sym* | -kopensolaris* \
+ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
+ | -aos* | -aros* \
+ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
+ | -openbsd* | -solidbsd* \
+ | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
+ | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+ | -chorusos* | -chorusrdb* | -cegcc* \
+ | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+ | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \
+ | -uxpv* | -beos* | -mpeix* | -udk* \
+ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
+ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
+ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
+ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
+ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
+ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
+ | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*)
+ # Remember, each alternative MUST END IN *, to match a version number.
+ ;;
+ -qnx*)
+ case $basic_machine in
+ x86-* | i*86-*)
+ ;;
+ *)
+ os=-nto$os
+ ;;
+ esac
+ ;;
+ -nto-qnx*)
+ ;;
+ -nto*)
+ os=`echo $os | sed -e 's|nto|nto-qnx|'`
+ ;;
+ -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+ | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
+ | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+ ;;
+ -mac*)
+ os=`echo $os | sed -e 's|mac|macos|'`
+ ;;
+ -linux-dietlibc)
+ os=-linux-dietlibc
+ ;;
+ -linux*)
+ os=`echo $os | sed -e 's|linux|linux-gnu|'`
+ ;;
+ -sunos5*)
+ os=`echo $os | sed -e 's|sunos5|solaris2|'`
+ ;;
+ -sunos6*)
+ os=`echo $os | sed -e 's|sunos6|solaris3|'`
+ ;;
+ -opened*)
+ os=-openedition
+ ;;
+ -os400*)
+ os=-os400
+ ;;
+ -wince*)
+ os=-wince
+ ;;
+ -osfrose*)
+ os=-osfrose
+ ;;
+ -osf*)
+ os=-osf
+ ;;
+ -utek*)
+ os=-bsd
+ ;;
+ -dynix*)
+ os=-bsd
+ ;;
+ -acis*)
+ os=-aos
+ ;;
+ -atheos*)
+ os=-atheos
+ ;;
+ -syllable*)
+ os=-syllable
+ ;;
+ -386bsd)
+ os=-bsd
+ ;;
+ -ctix* | -uts*)
+ os=-sysv
+ ;;
+ -nova*)
+ os=-rtmk-nova
+ ;;
+ -ns2 )
+ os=-nextstep2
+ ;;
+ -nsk*)
+ os=-nsk
+ ;;
+ # Preserve the version number of sinix5.
+ -sinix5.*)
+ os=`echo $os | sed -e 's|sinix|sysv|'`
+ ;;
+ -sinix*)
+ os=-sysv4
+ ;;
+ -tpf*)
+ os=-tpf
+ ;;
+ -triton*)
+ os=-sysv3
+ ;;
+ -oss*)
+ os=-sysv3
+ ;;
+ -svr4)
+ os=-sysv4
+ ;;
+ -svr3)
+ os=-sysv3
+ ;;
+ -sysvr4)
+ os=-sysv4
+ ;;
+ # This must come after -sysvr4.
+ -sysv*)
+ ;;
+ -ose*)
+ os=-ose
+ ;;
+ -es1800*)
+ os=-ose
+ ;;
+ -xenix)
+ os=-xenix
+ ;;
+ -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+ os=-mint
+ ;;
+ -aros*)
+ os=-aros
+ ;;
+ -kaos*)
+ os=-kaos
+ ;;
+ -zvmoe)
+ os=-zvmoe
+ ;;
+ -dicos*)
+ os=-dicos
+ ;;
+ -nacl*)
+ ;;
+ -none)
+ ;;
+ *)
+ # Get rid of the `-' at the beginning of $os.
+ os=`echo $os | sed 's/[^-]*-//'`
+ echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
+ exit 1
+ ;;
+esac
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system. Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+case $basic_machine in
+ score-*)
+ os=-elf
+ ;;
+ spu-*)
+ os=-elf
+ ;;
+ *-acorn)
+ os=-riscix1.2
+ ;;
+ arm*-rebel)
+ os=-linux
+ ;;
+ arm*-semi)
+ os=-aout
+ ;;
+ c4x-* | tic4x-*)
+ os=-coff
+ ;;
+ # This must come before the *-dec entry.
+ pdp10-*)
+ os=-tops20
+ ;;
+ pdp11-*)
+ os=-none
+ ;;
+ *-dec | vax-*)
+ os=-ultrix4.2
+ ;;
+ m68*-apollo)
+ os=-domain
+ ;;
+ i386-sun)
+ os=-sunos4.0.2
+ ;;
+ m68000-sun)
+ os=-sunos3
+ # This also exists in the configure program, but was not the
+ # default.
+ # os=-sunos4
+ ;;
+ m68*-cisco)
+ os=-aout
+ ;;
+ mep-*)
+ os=-elf
+ ;;
+ mips*-cisco)
+ os=-elf
+ ;;
+ mips*-*)
+ os=-elf
+ ;;
+ or32-*)
+ os=-coff
+ ;;
+ *-tti) # must be before sparc entry or we get the wrong os.
+ os=-sysv3
+ ;;
+ sparc-* | *-sun)
+ os=-sunos4.1.1
+ ;;
+ *-be)
+ os=-beos
+ ;;
+ *-haiku)
+ os=-haiku
+ ;;
+ *-ibm)
+ os=-aix
+ ;;
+ *-knuth)
+ os=-mmixware
+ ;;
+ *-wec)
+ os=-proelf
+ ;;
+ *-winbond)
+ os=-proelf
+ ;;
+ *-oki)
+ os=-proelf
+ ;;
+ *-hp)
+ os=-hpux
+ ;;
+ *-hitachi)
+ os=-hiux
+ ;;
+ i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+ os=-sysv
+ ;;
+ *-cbm)
+ os=-amigaos
+ ;;
+ *-dg)
+ os=-dgux
+ ;;
+ *-dolphin)
+ os=-sysv3
+ ;;
+ m68k-ccur)
+ os=-rtu
+ ;;
+ m88k-omron*)
+ os=-luna
+ ;;
+ *-next )
+ os=-nextstep
+ ;;
+ *-sequent)
+ os=-ptx
+ ;;
+ *-crds)
+ os=-unos
+ ;;
+ *-ns)
+ os=-genix
+ ;;
+ i370-*)
+ os=-mvs
+ ;;
+ *-next)
+ os=-nextstep3
+ ;;
+ *-gould)
+ os=-sysv
+ ;;
+ *-highlevel)
+ os=-bsd
+ ;;
+ *-encore)
+ os=-bsd
+ ;;
+ *-sgi)
+ os=-irix
+ ;;
+ *-siemens)
+ os=-sysv4
+ ;;
+ *-masscomp)
+ os=-rtu
+ ;;
+ f30[01]-fujitsu | f700-fujitsu)
+ os=-uxpv
+ ;;
+ *-rom68k)
+ os=-coff
+ ;;
+ *-*bug)
+ os=-coff
+ ;;
+ *-apple)
+ os=-macos
+ ;;
+ *-atari*)
+ os=-mint
+ ;;
+ *)
+ os=-none
+ ;;
+esac
+fi
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer. We pick the logical manufacturer.
+vendor=unknown
+case $basic_machine in
+ *-unknown)
+ case $os in
+ -riscix*)
+ vendor=acorn
+ ;;
+ -sunos*)
+ vendor=sun
+ ;;
+ -cnk*|-aix*)
+ vendor=ibm
+ ;;
+ -beos*)
+ vendor=be
+ ;;
+ -hpux*)
+ vendor=hp
+ ;;
+ -mpeix*)
+ vendor=hp
+ ;;
+ -hiux*)
+ vendor=hitachi
+ ;;
+ -unos*)
+ vendor=crds
+ ;;
+ -dgux*)
+ vendor=dg
+ ;;
+ -luna*)
+ vendor=omron
+ ;;
+ -genix*)
+ vendor=ns
+ ;;
+ -mvs* | -opened*)
+ vendor=ibm
+ ;;
+ -os400*)
+ vendor=ibm
+ ;;
+ -ptx*)
+ vendor=sequent
+ ;;
+ -tpf*)
+ vendor=ibm
+ ;;
+ -vxsim* | -vxworks* | -windiss*)
+ vendor=wrs
+ ;;
+ -aux*)
+ vendor=apple
+ ;;
+ -hms*)
+ vendor=hitachi
+ ;;
+ -mpw* | -macos*)
+ vendor=apple
+ ;;
+ -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+ vendor=atari
+ ;;
+ -vos*)
+ vendor=stratus
+ ;;
+ esac
+ basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
+ ;;
+esac
+
+echo $basic_machine$os
+exit
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/configure b/configure
new file mode 100755
index 00000000..5f9a6018
--- /dev/null
+++ b/configure
@@ -0,0 +1,17363 @@
+#! /bin/sh
+# Guess values for system-dependent variables and create Makefiles.
+# Generated by GNU Autoconf 2.67 for xmlsec1 1.2.18.
+#
+# Report bugs to <http://www.aleksey.com/xmlsec>.
+#
+#
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
+# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software
+# Foundation, Inc.
+#
+#
+# This configure script is free software; the Free Software Foundation
+# gives unlimited permission to copy, distribute and modify it.
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+ emulate sh
+ NULLCMD=:
+ # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '${1+"$@"}'='"$@"'
+ setopt NO_GLOB_SUBST
+else
+ case `(set -o) 2>/dev/null` in #(
+ *posix*) :
+ set -o posix ;; #(
+ *) :
+ ;;
+esac
+fi
+
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+# Prefer a ksh shell builtin over an external printf program on Solaris,
+# but without wasting forks for bash or zsh.
+if test -z "$BASH_VERSION$ZSH_VERSION" \
+ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='print -r --'
+ as_echo_n='print -rn --'
+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='printf %s\n'
+ as_echo_n='printf %s'
+else
+ if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+ as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+ as_echo_n='/usr/ucb/echo -n'
+ else
+ as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+ as_echo_n_body='eval
+ arg=$1;
+ case $arg in #(
+ *"$as_nl"*)
+ expr "X$arg" : "X\\(.*\\)$as_nl";
+ arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+ esac;
+ expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+ '
+ export as_echo_n_body
+ as_echo_n='sh -c $as_echo_n_body as_echo'
+ fi
+ export as_echo_body
+ as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ PATH_SEPARATOR=:
+ (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+ (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+ PATH_SEPARATOR=';'
+ }
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order. Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" "" $as_nl"
+
+# Find who we are. Look in the path if we contain no directory separator.
+case $0 in #((
+ *[\\/]* ) as_myself=$0 ;;
+ *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+ as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+ $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+ exit 1
+fi
+
+# Unset variables that we do not need and which cause bugs (e.g. in
+# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
+# suppresses any "Segmentation fault" message there. '((' could
+# trigger a bug in pdksh 5.2.14.
+for as_var in BASH_ENV ENV MAIL MAILPATH
+do eval test x\${$as_var+set} = xset \
+ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# CDPATH.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+if test "x$CONFIG_SHELL" = x; then
+ as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then :
+ emulate sh
+ NULLCMD=:
+ # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '\${1+\"\$@\"}'='\"\$@\"'
+ setopt NO_GLOB_SUBST
+else
+ case \`(set -o) 2>/dev/null\` in #(
+ *posix*) :
+ set -o posix ;; #(
+ *) :
+ ;;
+esac
+fi
+"
+ as_required="as_fn_return () { (exit \$1); }
+as_fn_success () { as_fn_return 0; }
+as_fn_failure () { as_fn_return 1; }
+as_fn_ret_success () { return 0; }
+as_fn_ret_failure () { return 1; }
+
+exitcode=0
+as_fn_success || { exitcode=1; echo as_fn_success failed.; }
+as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
+as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
+as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
+if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then :
+
+else
+ exitcode=1; echo positional parameters were not saved.
+fi
+test x\$exitcode = x0 || exit 1"
+ as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
+ as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
+ eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
+ test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1
+test \$(( 1 + 1 )) = 2 || exit 1"
+ if (eval "$as_required") 2>/dev/null; then :
+ as_have_required=yes
+else
+ as_have_required=no
+fi
+ if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then :
+
+else
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_found=false
+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ as_found=:
+ case $as_dir in #(
+ /*)
+ for as_base in sh bash ksh sh5; do
+ # Try only shells that exist, to save several forks.
+ as_shell=$as_dir/$as_base
+ if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
+ { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then :
+ CONFIG_SHELL=$as_shell as_have_required=yes
+ if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then :
+ break 2
+fi
+fi
+ done;;
+ esac
+ as_found=false
+done
+$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
+ { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then :
+ CONFIG_SHELL=$SHELL as_have_required=yes
+fi; }
+IFS=$as_save_IFS
+
+
+ if test "x$CONFIG_SHELL" != x; then :
+ # We cannot yet assume a decent shell, so we have to provide a
+ # neutralization value for shells without unset; and this also
+ # works around shells that cannot unset nonexistent variables.
+ BASH_ENV=/dev/null
+ ENV=/dev/null
+ (unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+ export CONFIG_SHELL
+ exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"}
+fi
+
+ if test x$as_have_required = xno; then :
+ $as_echo "$0: This script requires a shell more modern than all"
+ $as_echo "$0: the shells that I found on your system."
+ if test x${ZSH_VERSION+set} = xset ; then
+ $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should"
+ $as_echo "$0: be upgraded to zsh 4.3.4 or later."
+ else
+ $as_echo "$0: Please tell bug-autoconf@gnu.org and
+$0: http://www.aleksey.com/xmlsec about your system,
+$0: including any error possibly output before this
+$0: message. Then install a modern shell, or manually run
+$0: the script under such a shell if you do have one."
+ fi
+ exit 1
+fi
+fi
+fi
+SHELL=${CONFIG_SHELL-/bin/sh}
+export SHELL
+# Unset more variables known to interfere with behavior of common tools.
+CLICOLOR_FORCE= GREP_OPTIONS=
+unset CLICOLOR_FORCE GREP_OPTIONS
+
+## --------------------- ##
+## M4sh Shell Functions. ##
+## --------------------- ##
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+ { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+ return $1
+} # as_fn_set_status
+
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+ set +e
+ as_fn_set_status $1
+ exit $1
+} # as_fn_exit
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+ case $as_dir in #(
+ -*) as_dir=./$as_dir;;
+ esac
+ test -d "$as_dir" || eval $as_mkdir_p || {
+ as_dirs=
+ while :; do
+ case $as_dir in #(
+ *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+ *) as_qdir=$as_dir;;
+ esac
+ as_dirs="'$as_qdir' $as_dirs"
+ as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_dir" : 'X\(//\)[^/]' \| \
+ X"$as_dir" : 'X\(//\)$' \| \
+ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ test -d "$as_dir" && break
+ done
+ test -z "$as_dirs" || eval "mkdir $as_dirs"
+ } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
+
+
+} # as_fn_mkdir_p
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+ eval 'as_fn_append ()
+ {
+ eval $1+=\$2
+ }'
+else
+ as_fn_append ()
+ {
+ eval $1=\$$1\$2
+ }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+ eval 'as_fn_arith ()
+ {
+ as_val=$(( $* ))
+ }'
+else
+ as_fn_arith ()
+ {
+ as_val=`expr "$@" || test $? -eq 1`
+ }
+fi # as_fn_arith
+
+
+# as_fn_error STATUS ERROR [LINENO LOG_FD]
+# ----------------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with STATUS, using 1 if that was 0.
+as_fn_error ()
+{
+ as_status=$1; test $as_status -eq 0 && as_status=1
+ if test "$4"; then
+ as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+ fi
+ $as_echo "$as_me: error: $2" >&2
+ as_fn_exit $as_status
+} # as_fn_error
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+ test "X`expr 00001 : '.*\(...\)'`" = X001; then
+ as_expr=expr
+else
+ as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+ as_basename=basename
+else
+ as_basename=false
+fi
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+ as_dirname=dirname
+else
+ as_dirname=false
+fi
+
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+ X"$0" : 'X\(//\)$' \| \
+ X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+ sed '/^.*\/\([^/][^/]*\)\/*$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+
+ as_lineno_1=$LINENO as_lineno_1a=$LINENO
+ as_lineno_2=$LINENO as_lineno_2a=$LINENO
+ eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" &&
+ test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || {
+ # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-)
+ sed -n '
+ p
+ /[$]LINENO/=
+ ' <$as_myself |
+ sed '
+ s/[$]LINENO.*/&-/
+ t lineno
+ b
+ :lineno
+ N
+ :loop
+ s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+ t loop
+ s/-\n.*//
+ ' >$as_me.lineno &&
+ chmod +x "$as_me.lineno" ||
+ { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
+
+ # Don't try to exec as it changes $[0], causing all sort of problems
+ # (the dirname of $[0] is not the place where we might find the
+ # original and so on. Autoconf is especially sensitive to this).
+ . "./$as_me.lineno"
+ # Exit status is that of the last command.
+ exit
+}
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in #(((((
+-n*)
+ case `echo 'xy\c'` in
+ *c*) ECHO_T=' ';; # ECHO_T is single tab character.
+ xy) ECHO_C='\c';;
+ *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
+ ECHO_T=' ';;
+ esac;;
+*)
+ ECHO_N='-n';;
+esac
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+ rm -f conf$$.dir/conf$$.file
+else
+ rm -f conf$$.dir
+ mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+ if ln -s conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s='ln -s'
+ # ... but there are two gotchas:
+ # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+ # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+ # In both cases, we have to default to `cp -p'.
+ ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+ as_ln_s='cp -p'
+ elif ln conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s=ln
+ else
+ as_ln_s='cp -p'
+ fi
+else
+ as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+ as_mkdir_p='mkdir -p "$as_dir"'
+else
+ test -d ./-p && rmdir ./-p
+ as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+ as_test_x='test -x'
+else
+ if ls -dL / >/dev/null 2>&1; then
+ as_ls_L_option=L
+ else
+ as_ls_L_option=
+ fi
+ as_test_x='
+ eval sh -c '\''
+ if test -d "$1"; then
+ test -d "$1/.";
+ else
+ case $1 in #(
+ -*)set "./$1";;
+ esac;
+ case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #((
+ ???[sx]*):;;*)false;;esac;fi
+ '\'' sh
+ '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+
+# Check that we are running under the correct shell.
+SHELL=${CONFIG_SHELL-/bin/sh}
+
+case X$lt_ECHO in
+X*--fallback-echo)
+ # Remove one level of quotation (which was required for Make).
+ ECHO=`echo "$lt_ECHO" | sed 's,\\\\\$\\$0,'$0','`
+ ;;
+esac
+
+ECHO=${lt_ECHO-echo}
+if test "X$1" = X--no-reexec; then
+ # Discard the --no-reexec flag, and continue.
+ shift
+elif test "X$1" = X--fallback-echo; then
+ # Avoid inline document here, it may be left over
+ :
+elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' ; then
+ # Yippee, $ECHO works!
+ :
+else
+ # Restart under the correct shell.
+ exec $SHELL "$0" --no-reexec ${1+"$@"}
+fi
+
+if test "X$1" = X--fallback-echo; then
+ # used as fallback echo
+ shift
+ cat <<_LT_EOF
+$*
+_LT_EOF
+ exit 0
+fi
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+if test -z "$lt_ECHO"; then
+ if test "X${echo_test_string+set}" != Xset; then
+ # find a string as large as possible, as long as the shell can cope with it
+ for cmd in 'sed 50q "$0"' 'sed 20q "$0"' 'sed 10q "$0"' 'sed 2q "$0"' 'echo test'; do
+ # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ...
+ if { echo_test_string=`eval $cmd`; } 2>/dev/null &&
+ { test "X$echo_test_string" = "X$echo_test_string"; } 2>/dev/null
+ then
+ break
+ fi
+ done
+ fi
+
+ if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ :
+ else
+ # The Solaris, AIX, and Digital Unix default echo programs unquote
+ # backslashes. This makes it impossible to quote backslashes using
+ # echo "$something" | sed 's/\\/\\\\/g'
+ #
+ # So, first we look for a working echo in the user's PATH.
+
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for dir in $PATH /usr/ucb; do
+ IFS="$lt_save_ifs"
+ if (test -f $dir/echo || test -f $dir/echo$ac_exeext) &&
+ test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ ECHO="$dir/echo"
+ break
+ fi
+ done
+ IFS="$lt_save_ifs"
+
+ if test "X$ECHO" = Xecho; then
+ # We didn't find a better echo, so look for alternatives.
+ if test "X`{ print -r '\t'; } 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`{ print -r "$echo_test_string"; } 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ # This shell has a builtin print -r that does the trick.
+ ECHO='print -r'
+ elif { test -f /bin/ksh || test -f /bin/ksh$ac_exeext; } &&
+ test "X$CONFIG_SHELL" != X/bin/ksh; then
+ # If we have ksh, try running configure again with it.
+ ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh}
+ export ORIGINAL_CONFIG_SHELL
+ CONFIG_SHELL=/bin/ksh
+ export CONFIG_SHELL
+ exec $CONFIG_SHELL "$0" --no-reexec ${1+"$@"}
+ else
+ # Try using printf.
+ ECHO='printf %s\n'
+ if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ # Cool, printf works
+ :
+ elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` &&
+ test "X$echo_testing_string" = 'X\t' &&
+ echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL
+ export CONFIG_SHELL
+ SHELL="$CONFIG_SHELL"
+ export SHELL
+ ECHO="$CONFIG_SHELL $0 --fallback-echo"
+ elif echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` &&
+ test "X$echo_testing_string" = 'X\t' &&
+ echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ ECHO="$CONFIG_SHELL $0 --fallback-echo"
+ else
+ # maybe with a smaller string...
+ prev=:
+
+ for cmd in 'echo test' 'sed 2q "$0"' 'sed 10q "$0"' 'sed 20q "$0"' 'sed 50q "$0"'; do
+ if { test "X$echo_test_string" = "X`eval $cmd`"; } 2>/dev/null
+ then
+ break
+ fi
+ prev="$cmd"
+ done
+
+ if test "$prev" != 'sed 50q "$0"'; then
+ echo_test_string=`eval $prev`
+ export echo_test_string
+ exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "$0" ${1+"$@"}
+ else
+ # Oops. We lost completely, so just stick with echo.
+ ECHO=echo
+ fi
+ fi
+ fi
+ fi
+ fi
+fi
+
+# Copy echo and quote the copy suitably for passing to libtool from
+# the Makefile, instead of quoting the original, which is used later.
+lt_ECHO=$ECHO
+if test "X$lt_ECHO" = "X$CONFIG_SHELL $0 --fallback-echo"; then
+ lt_ECHO="$CONFIG_SHELL \\\$\$0 --fallback-echo"
+fi
+
+
+
+
+test -n "$DJDIR" || exec 7<&0 </dev/null
+exec 6>&1
+
+# Name of the host.
+# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status,
+# so uname gets run too.
+ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
+
+#
+# Initializations.
+#
+ac_default_prefix=/usr/local
+ac_clean_files=
+ac_config_libobj_dir=.
+LIBOBJS=
+cross_compiling=no
+subdirs=
+MFLAGS=
+MAKEFLAGS=
+
+# Identity of this package.
+PACKAGE_NAME='xmlsec1'
+PACKAGE_TARNAME='xmlsec1'
+PACKAGE_VERSION='1.2.18'
+PACKAGE_STRING='xmlsec1 1.2.18'
+PACKAGE_BUGREPORT='http://www.aleksey.com/xmlsec'
+PACKAGE_URL=''
+
+# Factoring default headers for most tests.
+ac_includes_default="\
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+# include <stdlib.h>
+# endif
+#endif
+#ifdef HAVE_STRING_H
+# if !defined STDC_HEADERS && defined HAVE_MEMORY_H
+# include <memory.h>
+# endif
+# include <string.h>
+#endif
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif
+#ifdef HAVE_INTTYPES_H
+# include <inttypes.h>
+#endif
+#ifdef HAVE_STDINT_H
+# include <stdint.h>
+#endif
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif"
+
+ac_subst_vars='am__EXEEXT_FALSE
+am__EXEEXT_TRUE
+LTLIBOBJS
+LIBOBJS
+XMLSEC_CRYPTO_PC_FILES_LIST
+XMLSEC_CRYPTO_LIBS
+XMLSEC_CRYPTO_CFLAGS
+XMLSEC_CRYPTO_LIB
+XMLSEC_CRYPTO_DISABLED_LIST
+XMLSEC_CRYPTO_LIST
+XMLSEC_CRYPTO
+XMLSEC_CRYPTO_EXTRA_LDFLAGS
+XMLSEC_EXTRA_LDFLAGS
+XMLSEC_APP_DEFINES
+XMLSEC_DEFINES
+XMLSEC_LIBS
+XMLSEC_CFLAGS
+XMLSEC_NSS_LIBS
+XMLSEC_NSS_CFLAGS
+XMLSEC_GNUTLS_LIBS
+XMLSEC_GNUTLS_CFLAGS
+XMLSEC_GCRYPT_LIBS
+XMLSEC_GCRYPT_CFLAGS
+XMLSEC_OPENSSL_LIBS
+XMLSEC_OPENSSL_CFLAGS
+XMLSEC_LIBDIR
+XMLSEC_CORE_LIBS
+XMLSEC_CORE_CFLAGS
+XMLSEC_STATIC_BINARIES
+XMLSEC_DOCDIR
+XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING
+XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE
+XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE
+XMLSEC_DL_LIBS
+XMLSEC_DL_INCLUDES
+XMLSEC_NO_CRYPTO_DYNAMIC_LOADING
+XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE
+XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE
+XMLSEC_NO_XKMS
+XMLSEC_NO_XKMS_FALSE
+XMLSEC_NO_XKMS_TRUE
+XMLSEC_NO_XMLENC
+XMLSEC_NO_XMLENC_FALSE
+XMLSEC_NO_XMLENC_TRUE
+XMLSEC_NO_XMLDSIG
+XMLSEC_NO_XMLDSIG_FALSE
+XMLSEC_NO_XMLDSIG_TRUE
+XMLSEC_NO_GOST
+XMLSEC_NO_GOST_FALSE
+XMLSEC_NO_GOST_TRUE
+XMLSEC_NO_AES
+XMLSEC_NO_AES_FALSE
+XMLSEC_NO_AES_TRUE
+XMLSEC_NO_DES
+XMLSEC_NO_DES_FALSE
+XMLSEC_NO_DES_TRUE
+XMLSEC_NO_X509
+XMLSEC_NO_X509_FALSE
+XMLSEC_NO_X509_TRUE
+XMLSEC_NO_RSA
+XMLSEC_NO_RSA_FALSE
+XMLSEC_NO_RSA_TRUE
+XMLSEC_NO_DSA
+XMLSEC_NO_DSA_FALSE
+XMLSEC_NO_DSA_TRUE
+XMLSEC_NO_HMAC
+XMLSEC_NO_HMAC_FALSE
+XMLSEC_NO_HMAC_TRUE
+XMLSEC_NO_SHA512
+XMLSEC_NO_SHA512_FALSE
+XMLSEC_NO_SHA512_TRUE
+XMLSEC_NO_SHA384
+XMLSEC_NO_SHA384_FALSE
+XMLSEC_NO_SHA384_TRUE
+XMLSEC_NO_SHA256
+XMLSEC_NO_SHA256_FALSE
+XMLSEC_NO_SHA256_TRUE
+XMLSEC_NO_SHA224
+XMLSEC_NO_SHA224_FALSE
+XMLSEC_NO_SHA224_TRUE
+XMLSEC_NO_SHA1
+XMLSEC_NO_SHA1_FALSE
+XMLSEC_NO_SHA1_TRUE
+XMLSEC_NO_RIPEMD160
+XMLSEC_NO_RIPEMD160_FALSE
+XMLSEC_NO_RIPEMD160_TRUE
+XMLSEC_NO_MD5
+XMLSEC_NO_MD5_FALSE
+XMLSEC_NO_MD5_TRUE
+MSCRYPTO_CRYPTO_LIB
+MSCRYPTO_LIBS
+MSCRYPTO_CFLAGS
+XMLSEC_NO_MSCRYPTO
+XMLSEC_NO_MSCRYPTO_FALSE
+XMLSEC_NO_MSCRYPTO_TRUE
+GNUTLS_MIN_VERSION
+GNUTLS_CRYPTO_LIB
+XMLSEC_NO_GNUTLS
+XMLSEC_NO_GNUTLS_FALSE
+XMLSEC_NO_GNUTLS_TRUE
+GNUTLS_LIBS
+GNUTLS_CFLAGS
+GCRYPT_MIN_VERSION
+GCRYPT_CRYPTO_LIB
+XMLSEC_NO_GCRYPT
+XMLSEC_NO_GCRYPT_FALSE
+XMLSEC_NO_GCRYPT_TRUE
+GCRYPT_LIBS
+GCRYPT_CFLAGS
+MOZILLA_MIN_VERSION
+NSPR_MIN_VERSION
+NSS_MIN_VERSION
+NSS_CRYPTO_LIB
+NSS_PACKAGE
+NSPR_PACKAGE
+XMLSEC_NO_NSS
+XMLSEC_NO_NSS_FALSE
+XMLSEC_NO_NSS_TRUE
+NSS_LIBS
+NSS_CFLAGS
+OPENSSL_MIN_VERSION
+OPENSSL_CRYPTO_LIB
+XMLSEC_NO_OPENSSL
+XMLSEC_NO_OPENSSL_FALSE
+XMLSEC_NO_OPENSSL_TRUE
+OPENSSL_LIBS
+OPENSSL_CFLAGS
+LIBXSLT_MIN_VERSION
+XMLSEC_NO_LIBXSLT
+LIBXSLT_CONFIG
+LIBXSLT_LIBS
+LIBXSLT_CFLAGS
+LIBXML_MIN_VERSION
+LIBXML_CONFIG
+LIBXML_LIBS
+LIBXML_CFLAGS
+PKG_CONFIG_LIBDIR
+PKG_CONFIG_PATH
+PKG_CONFIG
+PKGCONFIG_PRESENT
+SHAREDLIB_HACK_FALSE
+SHAREDLIB_HACK_TRUE
+ANSI2KNR
+U
+MAN2HTML
+HELP2MAN
+TAR
+MV
+CP
+RM
+OTOOL64
+OTOOL
+LIPO
+NMEDIT
+DSYMUTIL
+lt_ECHO
+RANLIB
+AR
+OBJDUMP
+LN_S
+NM
+ac_ct_DUMPBIN
+DUMPBIN
+LD
+FGREP
+SED
+LIBTOOL
+EGREP
+GREP
+CPP
+am__fastdepCC_FALSE
+am__fastdepCC_TRUE
+CCDEPMODE
+AMDEPBACKSLASH
+AMDEP_FALSE
+AMDEP_TRUE
+am__quote
+am__include
+DEPDIR
+OBJEXT
+EXEEXT
+ac_ct_CC
+CPPFLAGS
+LDFLAGS
+CFLAGS
+CC
+MAINT
+MAINTAINER_MODE_FALSE
+MAINTAINER_MODE_TRUE
+am__untar
+am__tar
+AMTAR
+am__leading_dot
+SET_MAKE
+AWK
+mkdir_p
+MKDIR_P
+INSTALL_STRIP_PROGRAM
+STRIP
+install_sh
+MAKEINFO
+AUTOHEADER
+AUTOMAKE
+AUTOCONF
+ACLOCAL
+VERSION
+PACKAGE
+CYGPATH_W
+am__isrc
+INSTALL_DATA
+INSTALL_SCRIPT
+INSTALL_PROGRAM
+XMLSEC_VERSION_INFO
+XMLSEC_VERSION_SUBMINOR
+XMLSEC_VERSION_MINOR
+XMLSEC_VERSION_MAJOR
+XMLSEC_VERSION_SAFE
+XMLSEC_PACKAGE
+XMLSEC_VERSION
+host_os
+host_vendor
+host_cpu
+host
+build_os
+build_vendor
+build_cpu
+build
+target_alias
+host_alias
+build_alias
+LIBS
+ECHO_T
+ECHO_N
+ECHO_C
+DEFS
+mandir
+localedir
+libdir
+psdir
+pdfdir
+dvidir
+htmldir
+infodir
+docdir
+oldincludedir
+includedir
+localstatedir
+sharedstatedir
+sysconfdir
+datadir
+datarootdir
+libexecdir
+sbindir
+bindir
+program_transform_name
+prefix
+exec_prefix
+PACKAGE_URL
+PACKAGE_BUGREPORT
+PACKAGE_STRING
+PACKAGE_VERSION
+PACKAGE_TARNAME
+PACKAGE_NAME
+PATH_SEPARATOR
+SHELL'
+ac_subst_files=''
+ac_user_opts='
+enable_option_checking
+enable_maintainer_mode
+enable_dependency_tracking
+enable_shared
+enable_static
+with_pic
+enable_fast_install
+with_gnu_ld
+enable_libtool_lock
+enable_development
+enable_pkgconfig
+with_libxml
+with_libxml_src
+with_libxslt
+with_libxslt_src
+with_openssl
+with_nss
+with_nspr
+with_seamonkey_ver
+with_mozilla_ver
+with_gcrypt
+with_gnutls
+enable_mscrypto
+with_default_crypto
+enable_md5
+enable_ripemd160
+enable_sha1
+enable_sha224
+enable_sha256
+enable_sha384
+enable_sha512
+enable_hmac
+enable_dsa
+enable_rsa
+enable_x509
+enable_des
+enable_aes
+enable_gost
+enable_xmldsig
+enable_xmlenc
+enable_xkms
+enable_crypto_dl
+enable_apps_crypto_dl
+with_html_dir
+enable_skm
+enable_tmpl_tests
+enable_debuging
+enable_profiling
+enable_pedantic
+enable_static_linking
+'
+ ac_precious_vars='build_alias
+host_alias
+target_alias
+CC
+CFLAGS
+LDFLAGS
+LIBS
+CPPFLAGS
+CPP
+PKG_CONFIG
+PKG_CONFIG_PATH
+PKG_CONFIG_LIBDIR
+LIBXML_CFLAGS
+LIBXML_LIBS
+LIBXSLT_CFLAGS
+LIBXSLT_LIBS
+OPENSSL_CFLAGS
+OPENSSL_LIBS
+NSS_CFLAGS
+NSS_LIBS
+GCRYPT_CFLAGS
+GCRYPT_LIBS
+GNUTLS_CFLAGS
+GNUTLS_LIBS'
+
+
+# Initialize some variables set by options.
+ac_init_help=
+ac_init_version=false
+ac_unrecognized_opts=
+ac_unrecognized_sep=
+# The variables have the same names as the options, with
+# dashes changed to underlines.
+cache_file=/dev/null
+exec_prefix=NONE
+no_create=
+no_recursion=
+prefix=NONE
+program_prefix=NONE
+program_suffix=NONE
+program_transform_name=s,x,x,
+silent=
+site=
+srcdir=
+verbose=
+x_includes=NONE
+x_libraries=NONE
+
+# Installation directory options.
+# These are left unexpanded so users can "make install exec_prefix=/foo"
+# and all the variables that are supposed to be based on exec_prefix
+# by default will actually change.
+# Use braces instead of parens because sh, perl, etc. also accept them.
+# (The list follows the same order as the GNU Coding Standards.)
+bindir='${exec_prefix}/bin'
+sbindir='${exec_prefix}/sbin'
+libexecdir='${exec_prefix}/libexec'
+datarootdir='${prefix}/share'
+datadir='${datarootdir}'
+sysconfdir='${prefix}/etc'
+sharedstatedir='${prefix}/com'
+localstatedir='${prefix}/var'
+includedir='${prefix}/include'
+oldincludedir='/usr/include'
+docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
+infodir='${datarootdir}/info'
+htmldir='${docdir}'
+dvidir='${docdir}'
+pdfdir='${docdir}'
+psdir='${docdir}'
+libdir='${exec_prefix}/lib'
+localedir='${datarootdir}/locale'
+mandir='${datarootdir}/man'
+
+ac_prev=
+ac_dashdash=
+for ac_option
+do
+ # If the previous option needs an argument, assign it.
+ if test -n "$ac_prev"; then
+ eval $ac_prev=\$ac_option
+ ac_prev=
+ continue
+ fi
+
+ case $ac_option in
+ *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
+ *=) ac_optarg= ;;
+ *) ac_optarg=yes ;;
+ esac
+
+ # Accept the important Cygnus configure options, so we can diagnose typos.
+
+ case $ac_dashdash$ac_option in
+ --)
+ ac_dashdash=yes ;;
+
+ -bindir | --bindir | --bindi | --bind | --bin | --bi)
+ ac_prev=bindir ;;
+ -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
+ bindir=$ac_optarg ;;
+
+ -build | --build | --buil | --bui | --bu)
+ ac_prev=build_alias ;;
+ -build=* | --build=* | --buil=* | --bui=* | --bu=*)
+ build_alias=$ac_optarg ;;
+
+ -cache-file | --cache-file | --cache-fil | --cache-fi \
+ | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
+ ac_prev=cache_file ;;
+ -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
+ | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
+ cache_file=$ac_optarg ;;
+
+ --config-cache | -C)
+ cache_file=config.cache ;;
+
+ -datadir | --datadir | --datadi | --datad)
+ ac_prev=datadir ;;
+ -datadir=* | --datadir=* | --datadi=* | --datad=*)
+ datadir=$ac_optarg ;;
+
+ -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
+ | --dataroo | --dataro | --datar)
+ ac_prev=datarootdir ;;
+ -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
+ | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
+ datarootdir=$ac_optarg ;;
+
+ -disable-* | --disable-*)
+ ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid feature name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"enable_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval enable_$ac_useropt=no ;;
+
+ -docdir | --docdir | --docdi | --doc | --do)
+ ac_prev=docdir ;;
+ -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
+ docdir=$ac_optarg ;;
+
+ -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
+ ac_prev=dvidir ;;
+ -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
+ dvidir=$ac_optarg ;;
+
+ -enable-* | --enable-*)
+ ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid feature name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"enable_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval enable_$ac_useropt=\$ac_optarg ;;
+
+ -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
+ | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
+ | --exec | --exe | --ex)
+ ac_prev=exec_prefix ;;
+ -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
+ | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
+ | --exec=* | --exe=* | --ex=*)
+ exec_prefix=$ac_optarg ;;
+
+ -gas | --gas | --ga | --g)
+ # Obsolete; use --with-gas.
+ with_gas=yes ;;
+
+ -help | --help | --hel | --he | -h)
+ ac_init_help=long ;;
+ -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
+ ac_init_help=recursive ;;
+ -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
+ ac_init_help=short ;;
+
+ -host | --host | --hos | --ho)
+ ac_prev=host_alias ;;
+ -host=* | --host=* | --hos=* | --ho=*)
+ host_alias=$ac_optarg ;;
+
+ -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
+ ac_prev=htmldir ;;
+ -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
+ | --ht=*)
+ htmldir=$ac_optarg ;;
+
+ -includedir | --includedir | --includedi | --included | --include \
+ | --includ | --inclu | --incl | --inc)
+ ac_prev=includedir ;;
+ -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
+ | --includ=* | --inclu=* | --incl=* | --inc=*)
+ includedir=$ac_optarg ;;
+
+ -infodir | --infodir | --infodi | --infod | --info | --inf)
+ ac_prev=infodir ;;
+ -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
+ infodir=$ac_optarg ;;
+
+ -libdir | --libdir | --libdi | --libd)
+ ac_prev=libdir ;;
+ -libdir=* | --libdir=* | --libdi=* | --libd=*)
+ libdir=$ac_optarg ;;
+
+ -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
+ | --libexe | --libex | --libe)
+ ac_prev=libexecdir ;;
+ -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
+ | --libexe=* | --libex=* | --libe=*)
+ libexecdir=$ac_optarg ;;
+
+ -localedir | --localedir | --localedi | --localed | --locale)
+ ac_prev=localedir ;;
+ -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
+ localedir=$ac_optarg ;;
+
+ -localstatedir | --localstatedir | --localstatedi | --localstated \
+ | --localstate | --localstat | --localsta | --localst | --locals)
+ ac_prev=localstatedir ;;
+ -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
+ | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
+ localstatedir=$ac_optarg ;;
+
+ -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
+ ac_prev=mandir ;;
+ -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
+ mandir=$ac_optarg ;;
+
+ -nfp | --nfp | --nf)
+ # Obsolete; use --without-fp.
+ with_fp=no ;;
+
+ -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+ | --no-cr | --no-c | -n)
+ no_create=yes ;;
+
+ -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+ | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
+ no_recursion=yes ;;
+
+ -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
+ | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
+ | --oldin | --oldi | --old | --ol | --o)
+ ac_prev=oldincludedir ;;
+ -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
+ | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
+ | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
+ oldincludedir=$ac_optarg ;;
+
+ -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
+ ac_prev=prefix ;;
+ -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
+ prefix=$ac_optarg ;;
+
+ -program-prefix | --program-prefix | --program-prefi | --program-pref \
+ | --program-pre | --program-pr | --program-p)
+ ac_prev=program_prefix ;;
+ -program-prefix=* | --program-prefix=* | --program-prefi=* \
+ | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
+ program_prefix=$ac_optarg ;;
+
+ -program-suffix | --program-suffix | --program-suffi | --program-suff \
+ | --program-suf | --program-su | --program-s)
+ ac_prev=program_suffix ;;
+ -program-suffix=* | --program-suffix=* | --program-suffi=* \
+ | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
+ program_suffix=$ac_optarg ;;
+
+ -program-transform-name | --program-transform-name \
+ | --program-transform-nam | --program-transform-na \
+ | --program-transform-n | --program-transform- \
+ | --program-transform | --program-transfor \
+ | --program-transfo | --program-transf \
+ | --program-trans | --program-tran \
+ | --progr-tra | --program-tr | --program-t)
+ ac_prev=program_transform_name ;;
+ -program-transform-name=* | --program-transform-name=* \
+ | --program-transform-nam=* | --program-transform-na=* \
+ | --program-transform-n=* | --program-transform-=* \
+ | --program-transform=* | --program-transfor=* \
+ | --program-transfo=* | --program-transf=* \
+ | --program-trans=* | --program-tran=* \
+ | --progr-tra=* | --program-tr=* | --program-t=*)
+ program_transform_name=$ac_optarg ;;
+
+ -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
+ ac_prev=pdfdir ;;
+ -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
+ pdfdir=$ac_optarg ;;
+
+ -psdir | --psdir | --psdi | --psd | --ps)
+ ac_prev=psdir ;;
+ -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
+ psdir=$ac_optarg ;;
+
+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+ | -silent | --silent | --silen | --sile | --sil)
+ silent=yes ;;
+
+ -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
+ ac_prev=sbindir ;;
+ -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
+ | --sbi=* | --sb=*)
+ sbindir=$ac_optarg ;;
+
+ -sharedstatedir | --sharedstatedir | --sharedstatedi \
+ | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
+ | --sharedst | --shareds | --shared | --share | --shar \
+ | --sha | --sh)
+ ac_prev=sharedstatedir ;;
+ -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
+ | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
+ | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
+ | --sha=* | --sh=*)
+ sharedstatedir=$ac_optarg ;;
+
+ -site | --site | --sit)
+ ac_prev=site ;;
+ -site=* | --site=* | --sit=*)
+ site=$ac_optarg ;;
+
+ -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
+ ac_prev=srcdir ;;
+ -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
+ srcdir=$ac_optarg ;;
+
+ -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
+ | --syscon | --sysco | --sysc | --sys | --sy)
+ ac_prev=sysconfdir ;;
+ -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
+ | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
+ sysconfdir=$ac_optarg ;;
+
+ -target | --target | --targe | --targ | --tar | --ta | --t)
+ ac_prev=target_alias ;;
+ -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
+ target_alias=$ac_optarg ;;
+
+ -v | -verbose | --verbose | --verbos | --verbo | --verb)
+ verbose=yes ;;
+
+ -version | --version | --versio | --versi | --vers | -V)
+ ac_init_version=: ;;
+
+ -with-* | --with-*)
+ ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid package name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"with_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval with_$ac_useropt=\$ac_optarg ;;
+
+ -without-* | --without-*)
+ ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
+ # Reject names that are not valid shell variable names.
+ expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+ as_fn_error $? "invalid package name: $ac_useropt"
+ ac_useropt_orig=$ac_useropt
+ ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+ case $ac_user_opts in
+ *"
+"with_$ac_useropt"
+"*) ;;
+ *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
+ ac_unrecognized_sep=', ';;
+ esac
+ eval with_$ac_useropt=no ;;
+
+ --x)
+ # Obsolete; use --with-x.
+ with_x=yes ;;
+
+ -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
+ | --x-incl | --x-inc | --x-in | --x-i)
+ ac_prev=x_includes ;;
+ -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
+ | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
+ x_includes=$ac_optarg ;;
+
+ -x-libraries | --x-libraries | --x-librarie | --x-librari \
+ | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
+ ac_prev=x_libraries ;;
+ -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
+ | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
+ x_libraries=$ac_optarg ;;
+
+ -*) as_fn_error $? "unrecognized option: \`$ac_option'
+Try \`$0 --help' for more information"
+ ;;
+
+ *=*)
+ ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
+ # Reject names that are not valid shell variable names.
+ case $ac_envvar in #(
+ '' | [0-9]* | *[!_$as_cr_alnum]* )
+ as_fn_error $? "invalid variable name: \`$ac_envvar'" ;;
+ esac
+ eval $ac_envvar=\$ac_optarg
+ export $ac_envvar ;;
+
+ *)
+ # FIXME: should be removed in autoconf 3.0.
+ $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
+ expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+ $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
+ : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}
+ ;;
+
+ esac
+done
+
+if test -n "$ac_prev"; then
+ ac_option=--`echo $ac_prev | sed 's/_/-/g'`
+ as_fn_error $? "missing argument to $ac_option"
+fi
+
+if test -n "$ac_unrecognized_opts"; then
+ case $enable_option_checking in
+ no) ;;
+ fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;;
+ *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
+ esac
+fi
+
+# Check all directory arguments for consistency.
+for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
+ datadir sysconfdir sharedstatedir localstatedir includedir \
+ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
+ libdir localedir mandir
+do
+ eval ac_val=\$$ac_var
+ # Remove trailing slashes.
+ case $ac_val in
+ */ )
+ ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
+ eval $ac_var=\$ac_val;;
+ esac
+ # Be sure to have absolute directory names.
+ case $ac_val in
+ [\\/$]* | ?:[\\/]* ) continue;;
+ NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
+ esac
+ as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val"
+done
+
+# There might be people who depend on the old broken behavior: `$host'
+# used to hold the argument of --host etc.
+# FIXME: To remove some day.
+build=$build_alias
+host=$host_alias
+target=$target_alias
+
+# FIXME: To remove some day.
+if test "x$host_alias" != x; then
+ if test "x$build_alias" = x; then
+ cross_compiling=maybe
+ $as_echo "$as_me: WARNING: if you wanted to set the --build type, don't use --host.
+ If a cross compiler is detected then cross compile mode will be used" >&2
+ elif test "x$build_alias" != "x$host_alias"; then
+ cross_compiling=yes
+ fi
+fi
+
+ac_tool_prefix=
+test -n "$host_alias" && ac_tool_prefix=$host_alias-
+
+test "$silent" = yes && exec 6>/dev/null
+
+
+ac_pwd=`pwd` && test -n "$ac_pwd" &&
+ac_ls_di=`ls -di .` &&
+ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
+ as_fn_error $? "working directory cannot be determined"
+test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
+ as_fn_error $? "pwd does not report name of working directory"
+
+
+# Find the source files, if location was not specified.
+if test -z "$srcdir"; then
+ ac_srcdir_defaulted=yes
+ # Try the directory containing this script, then the parent directory.
+ ac_confdir=`$as_dirname -- "$as_myself" ||
+$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_myself" : 'X\(//\)[^/]' \| \
+ X"$as_myself" : 'X\(//\)$' \| \
+ X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_myself" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ srcdir=$ac_confdir
+ if test ! -r "$srcdir/$ac_unique_file"; then
+ srcdir=..
+ fi
+else
+ ac_srcdir_defaulted=no
+fi
+if test ! -r "$srcdir/$ac_unique_file"; then
+ test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
+ as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir"
+fi
+ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
+ac_abs_confdir=`(
+ cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg"
+ pwd)`
+# When building in place, set srcdir=.
+if test "$ac_abs_confdir" = "$ac_pwd"; then
+ srcdir=.
+fi
+# Remove unnecessary trailing slashes from srcdir.
+# Double slashes in file names in object file debugging info
+# mess up M-x gdb in Emacs.
+case $srcdir in
+*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
+esac
+for ac_var in $ac_precious_vars; do
+ eval ac_env_${ac_var}_set=\${${ac_var}+set}
+ eval ac_env_${ac_var}_value=\$${ac_var}
+ eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
+ eval ac_cv_env_${ac_var}_value=\$${ac_var}
+done
+
+#
+# Report the --help message.
+#
+if test "$ac_init_help" = "long"; then
+ # Omit some internal or obsolete options to make the list less imposing.
+ # This message is too long to be a string in the A/UX 3.1 sh.
+ cat <<_ACEOF
+\`configure' configures xmlsec1 1.2.18 to adapt to many kinds of systems.
+
+Usage: $0 [OPTION]... [VAR=VALUE]...
+
+To assign environment variables (e.g., CC, CFLAGS...), specify them as
+VAR=VALUE. See below for descriptions of some of the useful variables.
+
+Defaults for the options are specified in brackets.
+
+Configuration:
+ -h, --help display this help and exit
+ --help=short display options specific to this package
+ --help=recursive display the short help of all the included packages
+ -V, --version display version information and exit
+ -q, --quiet, --silent do not print \`checking ...' messages
+ --cache-file=FILE cache test results in FILE [disabled]
+ -C, --config-cache alias for \`--cache-file=config.cache'
+ -n, --no-create do not create output files
+ --srcdir=DIR find the sources in DIR [configure dir or \`..']
+
+Installation directories:
+ --prefix=PREFIX install architecture-independent files in PREFIX
+ [$ac_default_prefix]
+ --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
+ [PREFIX]
+
+By default, \`make install' will install all the files in
+\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify
+an installation prefix other than \`$ac_default_prefix' using \`--prefix',
+for instance \`--prefix=\$HOME'.
+
+For better control, use the options below.
+
+Fine tuning of the installation directories:
+ --bindir=DIR user executables [EPREFIX/bin]
+ --sbindir=DIR system admin executables [EPREFIX/sbin]
+ --libexecdir=DIR program executables [EPREFIX/libexec]
+ --sysconfdir=DIR read-only single-machine data [PREFIX/etc]
+ --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
+ --localstatedir=DIR modifiable single-machine data [PREFIX/var]
+ --libdir=DIR object code libraries [EPREFIX/lib]
+ --includedir=DIR C header files [PREFIX/include]
+ --oldincludedir=DIR C header files for non-gcc [/usr/include]
+ --datarootdir=DIR read-only arch.-independent data root [PREFIX/share]
+ --datadir=DIR read-only architecture-independent data [DATAROOTDIR]
+ --infodir=DIR info documentation [DATAROOTDIR/info]
+ --localedir=DIR locale-dependent data [DATAROOTDIR/locale]
+ --mandir=DIR man documentation [DATAROOTDIR/man]
+ --docdir=DIR documentation root [DATAROOTDIR/doc/xmlsec1]
+ --htmldir=DIR html documentation [DOCDIR]
+ --dvidir=DIR dvi documentation [DOCDIR]
+ --pdfdir=DIR pdf documentation [DOCDIR]
+ --psdir=DIR ps documentation [DOCDIR]
+_ACEOF
+
+ cat <<\_ACEOF
+
+Program names:
+ --program-prefix=PREFIX prepend PREFIX to installed program names
+ --program-suffix=SUFFIX append SUFFIX to installed program names
+ --program-transform-name=PROGRAM run sed PROGRAM on installed program names
+
+System types:
+ --build=BUILD configure for building on BUILD [guessed]
+ --host=HOST cross-compile to build programs to run on HOST [BUILD]
+_ACEOF
+fi
+
+if test -n "$ac_init_help"; then
+ case $ac_init_help in
+ short | recursive ) echo "Configuration of xmlsec1 1.2.18:";;
+ esac
+ cat <<\_ACEOF
+
+Optional Features:
+ --disable-option-checking ignore unrecognized --enable/--with options
+ --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no)
+ --enable-FEATURE[=ARG] include FEATURE [ARG=yes]
+ --enable-maintainer-mode enable make rules and dependencies not useful
+ (and sometimes confusing) to the casual installer
+ --disable-dependency-tracking speeds up one-time build
+ --enable-dependency-tracking do not reject slow dependency extractors
+ --enable-shared[=PKGS] build shared libraries [default=yes]
+ --enable-static[=PKGS] build static libraries [default=yes]
+ --enable-fast-install[=PKGS]
+ optimize for fast installation [default=yes]
+ --disable-libtool-lock avoid locking (might break parallel builds)
+ --enable-development enable development environment (no)
+ --enable-pkgconfig enable pkgconfig for configuration (yes)
+ --enable-mscrypto enable mscrypto (no)
+ --enable-md5 enable MD5 support (yes)
+ --enable-ripemd160 enable RIPEMD-160 support (yes)
+ --enable-sha1 enable SHA1 support (yes)
+ --enable-sha224 enable SHA224 support (yes)
+ --enable-sha256 enable SHA256 support (yes)
+ --enable-sha384 enable SHA384 support (yes)
+ --enable-sha512 enable SHA512 support (yes)
+ --enable-hmac enable HMAC support (yes)
+ --enable-dsa enable DSA support (yes)
+ --enable-rsa enable RSA support (yes)
+ --enable-x509 enable x509 support (yes)
+ --enable-des enable DES support (yes)
+ --enable-aes enable AES support (OpenSSL >= 0.9.7 is required)
+ --enable-gost enable GOST support (no)
+ --enable-xmldsig enable XMLDSig support (yes)
+ --enable-xmlenc enable XMLEnc support (yes)
+ --enable-xkms enable XKMS support - under development (no)
+ --enable-crypto-dl enable dynamic loading support for xmlsec-crypto libraries (yes)
+ --enable-apps-crypto-dl enable dynamic loading support for xmlsec-crypto libraries in xmlsec command line tool (yes)
+ --enable-skm enable Simple Keys Manager testing (yes)
+ --enable-tmpl-tests enable templates testing in xmlsec utility (yes)
+ --enable-debuging enable debuging compilation flags (no)
+ --enable-profiling enable profiling compilation flags (no)
+ --enable-pedantic enable pedantic compilation flags (no)
+ --enable-static-linking enable static linking (no)
+
+Optional Packages:
+ --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
+ --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
+ --with-pic try to use only PIC/non-PIC objects [default=use
+ both]
+ --with-gnu-ld assume the C compiler uses GNU ld [default=no]
+ --with-libxml=PFX libxml2 location
+
+ --with-libxml-src=PFX not installed yet libxml2 location
+
+ --with-libxslt=PFX libxslt location
+
+ --with-libxslt-src=PFX not installed yet libxslt location
+
+ --with-openssl=PFX openssl location
+ --with-nss=PFX nss location
+ --with-nspr=PFX nspr location (needed for NSS)
+ --with-seamonkey-ver=VER mozilla version (alt to --with-nss, --with-nspr)
+ --with-mozilla-ver=VER mozilla version (alt to --with-nss, --with-nspr)
+ --with-gcrypt=PFX gcrypt location
+ --with-gnutls=PFX gnutls location
+ --with-default-crypto=name default crypto name
+ --with-html-dir=PATH path to installed docs
+
+Some influential environment variables:
+ CC C compiler command
+ CFLAGS C compiler flags
+ LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
+ nonstandard directory <lib dir>
+ LIBS libraries to pass to the linker, e.g. -l<library>
+ CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
+ you have headers in a nonstandard directory <include dir>
+ CPP C preprocessor
+ PKG_CONFIG path to pkg-config utility
+ PKG_CONFIG_PATH
+ directories to add to pkg-config's search path
+ PKG_CONFIG_LIBDIR
+ path overriding pkg-config's built-in search path
+ LIBXML_CFLAGS
+ C compiler flags for LIBXML, overriding pkg-config
+ LIBXML_LIBS linker flags for LIBXML, overriding pkg-config
+ LIBXSLT_CFLAGS
+ C compiler flags for LIBXSLT, overriding pkg-config
+ LIBXSLT_LIBS
+ linker flags for LIBXSLT, overriding pkg-config
+ OPENSSL_CFLAGS
+ C compiler flags for OPENSSL, overriding pkg-config
+ OPENSSL_LIBS
+ linker flags for OPENSSL, overriding pkg-config
+ NSS_CFLAGS C compiler flags for NSS, overriding pkg-config
+ NSS_LIBS linker flags for NSS, overriding pkg-config
+ GCRYPT_CFLAGS
+ C compiler flags for GCRYPT, overriding pkg-config
+ GCRYPT_LIBS linker flags for GCRYPT, overriding pkg-config
+ GNUTLS_CFLAGS
+ C compiler flags for GNUTLS, overriding pkg-config
+ GNUTLS_LIBS linker flags for GNUTLS, overriding pkg-config
+
+Use these variables to override the choices made by `configure' or to help
+it to find libraries and programs with nonstandard names/locations.
+
+Report bugs to <http://www.aleksey.com/xmlsec>.
+_ACEOF
+ac_status=$?
+fi
+
+if test "$ac_init_help" = "recursive"; then
+ # If there are subdirs, report their specific --help.
+ for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
+ test -d "$ac_dir" ||
+ { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
+ continue
+ ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+ ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+ # A ".." for each directory in $ac_dir_suffix.
+ ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+ case $ac_top_builddir_sub in
+ "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+ *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+ esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+ .) # We are building in place.
+ ac_srcdir=.
+ ac_top_srcdir=$ac_top_builddir_sub
+ ac_abs_top_srcdir=$ac_pwd ;;
+ [\\/]* | ?:[\\/]* ) # Absolute name.
+ ac_srcdir=$srcdir$ac_dir_suffix;
+ ac_top_srcdir=$srcdir
+ ac_abs_top_srcdir=$srcdir ;;
+ *) # Relative name.
+ ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+ ac_top_srcdir=$ac_top_build_prefix$srcdir
+ ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+ cd "$ac_dir" || { ac_status=$?; continue; }
+ # Check for guested configure.
+ if test -f "$ac_srcdir/configure.gnu"; then
+ echo &&
+ $SHELL "$ac_srcdir/configure.gnu" --help=recursive
+ elif test -f "$ac_srcdir/configure"; then
+ echo &&
+ $SHELL "$ac_srcdir/configure" --help=recursive
+ else
+ $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+ fi || ac_status=$?
+ cd "$ac_pwd" || { ac_status=$?; break; }
+ done
+fi
+
+test -n "$ac_init_help" && exit $ac_status
+if $ac_init_version; then
+ cat <<\_ACEOF
+xmlsec1 configure 1.2.18
+generated by GNU Autoconf 2.67
+
+Copyright (C) 2010 Free Software Foundation, Inc.
+This configure script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it.
+_ACEOF
+ exit
+fi
+
+## ------------------------ ##
+## Autoconf initialization. ##
+## ------------------------ ##
+
+# ac_fn_c_try_compile LINENO
+# --------------------------
+# Try to compile conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_compile ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ rm -f conftest.$ac_objext
+ if { { ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compile") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest.$ac_objext; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_compile
+
+# ac_fn_c_try_cpp LINENO
+# ----------------------
+# Try to preprocess conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_cpp ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if { { ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } > conftest.i && {
+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_cpp
+
+# ac_fn_c_try_run LINENO
+# ----------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes
+# that executables *can* be run.
+ac_fn_c_try_run ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && { ac_try='./conftest$ac_exeext'
+ { { case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: program exited with status $ac_status" >&5
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=$ac_status
+fi
+ rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_run
+
+# ac_fn_c_try_link LINENO
+# -----------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_link ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ rm -f conftest.$ac_objext conftest$ac_exeext
+ if { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ grep -v '^ *+' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ mv -f conftest.er1 conftest.err
+ fi
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && {
+ test -z "$ac_c_werror_flag" ||
+ test ! -s conftest.err
+ } && test -s conftest$ac_exeext && {
+ test "$cross_compiling" = yes ||
+ $as_test_x conftest$ac_exeext
+ }; then :
+ ac_retval=0
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+ ac_retval=1
+fi
+ # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
+ # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
+ # interfere with the next link command; also delete a directory that is
+ # left behind by Apple's compiler. We do this before executing the actions.
+ rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_link
+
+# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES
+# -------------------------------------------------------
+# Tests whether HEADER exists and can be compiled using the include files in
+# INCLUDES, setting the cache variable VAR accordingly.
+ac_fn_c_check_header_compile ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval "test \"\${$3+set}\"" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+#include <$2>
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ eval "$3=yes"
+else
+ eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+
+} # ac_fn_c_check_header_compile
+
+# ac_fn_c_check_func LINENO FUNC VAR
+# ----------------------------------
+# Tests whether FUNC exists, setting the cache variable VAR accordingly
+ac_fn_c_check_func ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval "test \"\${$3+set}\"" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+/* Define $2 to an innocuous variant, in case <limits.h> declares $2.
+ For example, HP-UX 11i <limits.h> declares gettimeofday. */
+#define $2 innocuous_$2
+
+/* System header to define __stub macros and hopefully few prototypes,
+ which can conflict with char $2 (); below.
+ Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ <limits.h> exists even on freestanding compilers. */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $2
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $2 ();
+/* The GNU C library defines this for functions which it implements
+ to always fail with ENOSYS. Some functions are actually named
+ something starting with __ and the normal name is an alias. */
+#if defined __stub_$2 || defined __stub___$2
+choke me
+#endif
+
+int
+main ()
+{
+return $2 ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ eval "$3=yes"
+else
+ eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+
+} # ac_fn_c_check_func
+
+# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES
+# -------------------------------------------------------
+# Tests whether HEADER exists, giving a warning if it cannot be compiled using
+# the include files in INCLUDES and setting the cache variable VAR
+# accordingly.
+ac_fn_c_check_header_mongrel ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if eval "test \"\${$3+set}\"" = set; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval "test \"\${$3+set}\"" = set; then :
+ $as_echo_n "(cached) " >&6
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+else
+ # Is the header compilable?
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5
+$as_echo_n "checking $2 usability... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+#include <$2>
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_header_compiler=yes
+else
+ ac_header_compiler=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5
+$as_echo "$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5
+$as_echo_n "checking $2 presence... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <$2>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ ac_header_preproc=yes
+else
+ ac_header_preproc=no
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5
+$as_echo "$ac_header_preproc" >&6; }
+
+# So? What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #((
+ yes:no: )
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5
+$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
+$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
+ ;;
+ no:yes:* )
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5
+$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5
+$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5
+$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5
+$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
+$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
+( $as_echo "## -------------------------------------------- ##
+## Report this to http://www.aleksey.com/xmlsec ##
+## -------------------------------------------- ##"
+ ) | sed "s/^/$as_me: WARNING: /" >&2
+ ;;
+esac
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if eval "test \"\${$3+set}\"" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ eval "$3=\$ac_header_compiler"
+fi
+eval ac_res=\$$3
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+fi
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+
+} # ac_fn_c_check_header_mongrel
+
+# ac_fn_c_compute_int LINENO EXPR VAR INCLUDES
+# --------------------------------------------
+# Tries to find the compile-time value of EXPR in a program that includes
+# INCLUDES, setting VAR accordingly. Returns whether the value could be
+# computed
+ac_fn_c_compute_int ()
+{
+ as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ if test "$cross_compiling" = yes; then
+ # Depending upon the size, compute the lo and hi bounds.
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) >= 0)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_lo=0 ac_mid=0
+ while :; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) <= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_hi=$ac_mid; break
+else
+ as_fn_arith $ac_mid + 1 && ac_lo=$as_val
+ if test $ac_lo -le $ac_mid; then
+ ac_lo= ac_hi=
+ break
+ fi
+ as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) < 0)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_hi=-1 ac_mid=-1
+ while :; do
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) >= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_lo=$ac_mid; break
+else
+ as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val
+ if test $ac_mid -le $ac_hi; then
+ ac_lo= ac_hi=
+ break
+ fi
+ as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ done
+else
+ ac_lo= ac_hi=
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+# Binary search between lo and hi bounds.
+while test "x$ac_lo" != "x$ac_hi"; do
+ as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+int
+main ()
+{
+static int test_array [1 - 2 * !(($2) <= $ac_mid)];
+test_array [0] = 0
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_hi=$ac_mid
+else
+ as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+done
+case $ac_lo in #((
+?*) eval "$3=\$ac_lo"; ac_retval=0 ;;
+'') ac_retval=1 ;;
+esac
+ else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+$4
+static long int longval () { return $2; }
+static unsigned long int ulongval () { return $2; }
+#include <stdio.h>
+#include <stdlib.h>
+int
+main ()
+{
+
+ FILE *f = fopen ("conftest.val", "w");
+ if (! f)
+ return 1;
+ if (($2) < 0)
+ {
+ long int i = longval ();
+ if (i != ($2))
+ return 1;
+ fprintf (f, "%ld", i);
+ }
+ else
+ {
+ unsigned long int i = ulongval ();
+ if (i != ($2))
+ return 1;
+ fprintf (f, "%lu", i);
+ }
+ /* Do not output a trailing newline, as this causes \r\n confusion
+ on some platforms. */
+ return ferror (f) || fclose (f) != 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+ echo >>conftest.val; read $3 <conftest.val; ac_retval=0
+else
+ ac_retval=1
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+rm -f conftest.val
+
+ fi
+ eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+ as_fn_set_status $ac_retval
+
+} # ac_fn_c_compute_int
+cat >config.log <<_ACEOF
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+
+It was created by xmlsec1 $as_me 1.2.18, which was
+generated by GNU Autoconf 2.67. Invocation command line was
+
+ $ $0 $@
+
+_ACEOF
+exec 5>>config.log
+{
+cat <<_ASUNAME
+## --------- ##
+## Platform. ##
+## --------- ##
+
+hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
+/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown`
+
+/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown`
+/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
+/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown`
+/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown`
+/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown`
+/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown`
+
+_ASUNAME
+
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ $as_echo "PATH: $as_dir"
+ done
+IFS=$as_save_IFS
+
+} >&5
+
+cat >&5 <<_ACEOF
+
+
+## ----------- ##
+## Core tests. ##
+## ----------- ##
+
+_ACEOF
+
+
+# Keep a trace of the command line.
+# Strip out --no-create and --no-recursion so they do not pile up.
+# Strip out --silent because we don't want to record it for future runs.
+# Also quote any args containing shell meta-characters.
+# Make two passes to allow for proper duplicate-argument suppression.
+ac_configure_args=
+ac_configure_args0=
+ac_configure_args1=
+ac_must_keep_next=false
+for ac_pass in 1 2
+do
+ for ac_arg
+ do
+ case $ac_arg in
+ -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+ | -silent | --silent | --silen | --sile | --sil)
+ continue ;;
+ *\'*)
+ ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ esac
+ case $ac_pass in
+ 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
+ 2)
+ as_fn_append ac_configure_args1 " '$ac_arg'"
+ if test $ac_must_keep_next = true; then
+ ac_must_keep_next=false # Got value, back to normal.
+ else
+ case $ac_arg in
+ *=* | --config-cache | -C | -disable-* | --disable-* \
+ | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
+ | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
+ | -with-* | --with-* | -without-* | --without-* | --x)
+ case "$ac_configure_args0 " in
+ "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
+ esac
+ ;;
+ -* ) ac_must_keep_next=true ;;
+ esac
+ fi
+ as_fn_append ac_configure_args " '$ac_arg'"
+ ;;
+ esac
+ done
+done
+{ ac_configure_args0=; unset ac_configure_args0;}
+{ ac_configure_args1=; unset ac_configure_args1;}
+
+# When interrupted or exit'd, cleanup temporary files, and complete
+# config.log. We remove comments because anyway the quotes in there
+# would cause problems or look ugly.
+# WARNING: Use '\'' to represent an apostrophe within the trap.
+# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
+trap 'exit_status=$?
+ # Save into config.log some information that might help in debugging.
+ {
+ echo
+
+ $as_echo "## ---------------- ##
+## Cache variables. ##
+## ---------------- ##"
+ echo
+ # The following way of writing the cache mishandles newlines in values,
+(
+ for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
+ eval ac_val=\$$ac_var
+ case $ac_val in #(
+ *${as_nl}*)
+ case $ac_var in #(
+ *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+ esac
+ case $ac_var in #(
+ _ | IFS | as_nl) ;; #(
+ BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+ *) { eval $ac_var=; unset $ac_var;} ;;
+ esac ;;
+ esac
+ done
+ (set) 2>&1 |
+ case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
+ *${as_nl}ac_space=\ *)
+ sed -n \
+ "s/'\''/'\''\\\\'\'''\''/g;
+ s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
+ ;; #(
+ *)
+ sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+ ;;
+ esac |
+ sort
+)
+ echo
+
+ $as_echo "## ----------------- ##
+## Output variables. ##
+## ----------------- ##"
+ echo
+ for ac_var in $ac_subst_vars
+ do
+ eval ac_val=\$$ac_var
+ case $ac_val in
+ *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+ esac
+ $as_echo "$ac_var='\''$ac_val'\''"
+ done | sort
+ echo
+
+ if test -n "$ac_subst_files"; then
+ $as_echo "## ------------------- ##
+## File substitutions. ##
+## ------------------- ##"
+ echo
+ for ac_var in $ac_subst_files
+ do
+ eval ac_val=\$$ac_var
+ case $ac_val in
+ *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+ esac
+ $as_echo "$ac_var='\''$ac_val'\''"
+ done | sort
+ echo
+ fi
+
+ if test -s confdefs.h; then
+ $as_echo "## ----------- ##
+## confdefs.h. ##
+## ----------- ##"
+ echo
+ cat confdefs.h
+ echo
+ fi
+ test "$ac_signal" != 0 &&
+ $as_echo "$as_me: caught signal $ac_signal"
+ $as_echo "$as_me: exit $exit_status"
+ } >&5
+ rm -f core *.core core.conftest.* &&
+ rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
+ exit $exit_status
+' 0
+for ac_signal in 1 2 13 15; do
+ trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal
+done
+ac_signal=0
+
+# confdefs.h avoids OS command line length limits that DEFS can exceed.
+rm -f -r conftest* confdefs.h
+
+$as_echo "/* confdefs.h */" > confdefs.h
+
+# Predefined preprocessor variables.
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_NAME "$PACKAGE_NAME"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_VERSION "$PACKAGE_VERSION"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_STRING "$PACKAGE_STRING"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_URL "$PACKAGE_URL"
+_ACEOF
+
+
+# Let the site file select an alternate cache file if it wants to.
+# Prefer an explicitly selected file to automatically selected ones.
+ac_site_file1=NONE
+ac_site_file2=NONE
+if test -n "$CONFIG_SITE"; then
+ # We do not want a PATH search for config.site.
+ case $CONFIG_SITE in #((
+ -*) ac_site_file1=./$CONFIG_SITE;;
+ */*) ac_site_file1=$CONFIG_SITE;;
+ *) ac_site_file1=./$CONFIG_SITE;;
+ esac
+elif test "x$prefix" != xNONE; then
+ ac_site_file1=$prefix/share/config.site
+ ac_site_file2=$prefix/etc/config.site
+else
+ ac_site_file1=$ac_default_prefix/share/config.site
+ ac_site_file2=$ac_default_prefix/etc/config.site
+fi
+for ac_site_file in "$ac_site_file1" "$ac_site_file2"
+do
+ test "x$ac_site_file" = xNONE && continue
+ if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
+$as_echo "$as_me: loading site script $ac_site_file" >&6;}
+ sed 's/^/| /' "$ac_site_file" >&5
+ . "$ac_site_file" \
+ || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "failed to load site script $ac_site_file
+See \`config.log' for more details" "$LINENO" 5 ; }
+ fi
+done
+
+if test -r "$cache_file"; then
+ # Some versions of bash will fail to source /dev/null (special files
+ # actually), so we avoid doing that. DJGPP emulates it as a regular file.
+ if test /dev/null != "$cache_file" && test -f "$cache_file"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
+$as_echo "$as_me: loading cache $cache_file" >&6;}
+ case $cache_file in
+ [\\/]* | ?:[\\/]* ) . "$cache_file";;
+ *) . "./$cache_file";;
+ esac
+ fi
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
+$as_echo "$as_me: creating cache $cache_file" >&6;}
+ >$cache_file
+fi
+
+# Check that the precious variables saved in the cache have kept the same
+# value.
+ac_cache_corrupted=false
+for ac_var in $ac_precious_vars; do
+ eval ac_old_set=\$ac_cv_env_${ac_var}_set
+ eval ac_new_set=\$ac_env_${ac_var}_set
+ eval ac_old_val=\$ac_cv_env_${ac_var}_value
+ eval ac_new_val=\$ac_env_${ac_var}_value
+ case $ac_old_set,$ac_new_set in
+ set,)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+ ac_cache_corrupted=: ;;
+ ,set)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+ ac_cache_corrupted=: ;;
+ ,);;
+ *)
+ if test "x$ac_old_val" != "x$ac_new_val"; then
+ # differences in whitespace do not lead to failure.
+ ac_old_val_w=`echo x $ac_old_val`
+ ac_new_val_w=`echo x $ac_new_val`
+ if test "$ac_old_val_w" != "$ac_new_val_w"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
+$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+ ac_cache_corrupted=:
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
+$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
+ eval $ac_var=\$ac_old_val
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5
+$as_echo "$as_me: former value: \`$ac_old_val'" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5
+$as_echo "$as_me: current value: \`$ac_new_val'" >&2;}
+ fi;;
+ esac
+ # Pass precious variables to config.status.
+ if test "$ac_new_set" = set; then
+ case $ac_new_val in
+ *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+ *) ac_arg=$ac_var=$ac_new_val ;;
+ esac
+ case " $ac_configure_args " in
+ *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy.
+ *) as_fn_append ac_configure_args " '$ac_arg'" ;;
+ esac
+ fi
+done
+if $ac_cache_corrupted; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+ { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
+$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
+ as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5
+fi
+## -------------------- ##
+## Main body of script. ##
+## -------------------- ##
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+
+XMLSEC_PACKAGE=xmlsec1
+XMLSEC_VERSION_MAJOR=1
+XMLSEC_VERSION_MINOR=2
+XMLSEC_VERSION_SUBMINOR=18
+XMLSEC_VERSION="$XMLSEC_VERSION_MAJOR.$XMLSEC_VERSION_MINOR.$XMLSEC_VERSION_SUBMINOR"
+XMLSEC_VERSION_INFO=`echo $XMLSEC_VERSION | awk -F. '{ printf "%d:%d:%d", $1+$2, $3, $2 }'`
+XMLSEC_VERSION_SAFE=`echo $XMLSEC_VERSION | sed 's/\./_/g'`
+
+
+ac_aux_dir=
+for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
+ if test -f "$ac_dir/install-sh"; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/install-sh -c"
+ break
+ elif test -f "$ac_dir/install.sh"; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/install.sh -c"
+ break
+ elif test -f "$ac_dir/shtool"; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/shtool install -c"
+ break
+ fi
+done
+if test -z "$ac_aux_dir"; then
+ as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5
+fi
+
+# These three variables are undocumented and unsupported,
+# and are intended to be withdrawn in a future Autoconf release.
+# They can cause serious problems if a builder's source tree is in a directory
+# whose full name contains unusual characters.
+ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var.
+ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var.
+ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
+
+
+# Make sure we can run config.sub.
+$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
+ as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5
+$as_echo_n "checking build system type... " >&6; }
+if test "${ac_cv_build+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_build_alias=$build_alias
+test "x$ac_build_alias" = x &&
+ ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
+test "x$ac_build_alias" = x &&
+ as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5
+ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
+ as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
+$as_echo "$ac_cv_build" >&6; }
+case $ac_cv_build in
+*-*-*) ;;
+*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5 ;;
+esac
+build=$ac_cv_build
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_build
+shift
+build_cpu=$1
+build_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+build_os=$*
+IFS=$ac_save_IFS
+case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5
+$as_echo_n "checking host system type... " >&6; }
+if test "${ac_cv_host+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test "x$host_alias" = x; then
+ ac_cv_host=$ac_cv_build
+else
+ ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
+ as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
+$as_echo "$ac_cv_host" >&6; }
+case $ac_cv_host in
+*-*-*) ;;
+*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5 ;;
+esac
+host=$ac_cv_host
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_host
+shift
+host_cpu=$1
+host_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+host_os=$*
+IFS=$ac_save_IFS
+case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
+
+
+
+
+
+
+
+
+
+
+
+
+am__api_version='1.11'
+
+# Find a good install program. We prefer a C program (faster),
+# so one script is as good as another. But avoid the broken or
+# incompatible versions:
+# SysV /etc/install, /usr/sbin/install
+# SunOS /usr/etc/install
+# IRIX /sbin/install
+# AIX /bin/install
+# AmigaOS /C/install, which installs bootblocks on floppy discs
+# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
+# AFS /usr/afsws/bin/install, which mishandles nonexistent args
+# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
+# OS/2's system install, which has a completely different semantic
+# ./install, which can be erroneously created by make from ./install.sh.
+# Reject install programs that cannot install multiple files.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5
+$as_echo_n "checking for a BSD-compatible install... " >&6; }
+if test -z "$INSTALL"; then
+if test "${ac_cv_path_install+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ # Account for people who put trailing slashes in PATH elements.
+case $as_dir/ in #((
+ ./ | .// | /[cC]/* | \
+ /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
+ ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \
+ /usr/ucb/* ) ;;
+ *)
+ # OSF1 and SCO ODT 3.0 have their own names for install.
+ # Don't use installbsd from OSF since it installs stuff as root
+ # by default.
+ for ac_prog in ginstall scoinst install; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then
+ if test $ac_prog = install &&
+ grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+ # AIX install. It has an incompatible calling convention.
+ :
+ elif test $ac_prog = install &&
+ grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+ # program-specific install script used by HP pwplus--don't use.
+ :
+ else
+ rm -rf conftest.one conftest.two conftest.dir
+ echo one > conftest.one
+ echo two > conftest.two
+ mkdir conftest.dir
+ if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" &&
+ test -s conftest.one && test -s conftest.two &&
+ test -s conftest.dir/conftest.one &&
+ test -s conftest.dir/conftest.two
+ then
+ ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
+ break 3
+ fi
+ fi
+ fi
+ done
+ done
+ ;;
+esac
+
+ done
+IFS=$as_save_IFS
+
+rm -rf conftest.one conftest.two conftest.dir
+
+fi
+ if test "${ac_cv_path_install+set}" = set; then
+ INSTALL=$ac_cv_path_install
+ else
+ # As a last resort, use the slow shell script. Don't cache a
+ # value for INSTALL within a source directory, because that will
+ # break other packages using the cache if that directory is
+ # removed, or if the value is a relative name.
+ INSTALL=$ac_install_sh
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5
+$as_echo "$INSTALL" >&6; }
+
+# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
+# It thinks the first close brace ends the variable substitution.
+test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
+
+test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
+
+test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5
+$as_echo_n "checking whether build environment is sane... " >&6; }
+# Just in case
+sleep 1
+echo timestamp > conftest.file
+# Reject unsafe characters in $srcdir or the absolute working directory
+# name. Accept space and tab only in the latter.
+am_lf='
+'
+case `pwd` in
+ *[\\\"\#\$\&\'\`$am_lf]*)
+ as_fn_error $? "unsafe absolute working directory name" "$LINENO" 5 ;;
+esac
+case $srcdir in
+ *[\\\"\#\$\&\'\`$am_lf\ \ ]*)
+ as_fn_error $? "unsafe srcdir value: \`$srcdir'" "$LINENO" 5 ;;
+esac
+
+# Do `set' in a subshell so we don't clobber the current shell's
+# arguments. Must try -L first in case configure is actually a
+# symlink; some systems play weird games with the mod time of symlinks
+# (eg FreeBSD returns the mod time of the symlink's containing
+# directory).
+if (
+ set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
+ if test "$*" = "X"; then
+ # -L didn't work.
+ set X `ls -t "$srcdir/configure" conftest.file`
+ fi
+ rm -f conftest.file
+ if test "$*" != "X $srcdir/configure conftest.file" \
+ && test "$*" != "X conftest.file $srcdir/configure"; then
+
+ # If neither matched, then we have a broken ls. This can happen
+ # if, for instance, CONFIG_SHELL is bash and it inherits a
+ # broken ls alias from the environment. This has actually
+ # happened. Such a system could not be considered "sane".
+ as_fn_error $? "ls -t appears to fail. Make sure there is not a broken
+alias in your environment" "$LINENO" 5
+ fi
+
+ test "$2" = conftest.file
+ )
+then
+ # Ok.
+ :
+else
+ as_fn_error $? "newly created file is older than distributed files!
+Check your system clock" "$LINENO" 5
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+test "$program_prefix" != NONE &&
+ program_transform_name="s&^&$program_prefix&;$program_transform_name"
+# Use a double $ so make ignores it.
+test "$program_suffix" != NONE &&
+ program_transform_name="s&\$&$program_suffix&;$program_transform_name"
+# Double any \ or $.
+# By default was `s,x,x', remove it if useless.
+ac_script='s/[\\$]/&&/g;s/;s,x,x,$//'
+program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"`
+
+# expand $ac_aux_dir to an absolute path
+am_aux_dir=`cd $ac_aux_dir && pwd`
+
+if test x"${MISSING+set}" != xset; then
+ case $am_aux_dir in
+ *\ * | *\ *)
+ MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
+ *)
+ MISSING="\${SHELL} $am_aux_dir/missing" ;;
+ esac
+fi
+# Use eval to expand $SHELL
+if eval "$MISSING --run true"; then
+ am_missing_run="$MISSING --run "
+else
+ am_missing_run=
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`missing' script is too old or missing" >&5
+$as_echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;}
+fi
+
+if test x"${install_sh}" != xset; then
+ case $am_aux_dir in
+ *\ * | *\ *)
+ install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
+ *)
+ install_sh="\${SHELL} $am_aux_dir/install-sh"
+ esac
+fi
+
+# Installed binaries are usually stripped using `strip' when the user
+# run `make install-strip'. However `strip' might not be the right
+# tool to use in cross-compilation environments, therefore Automake
+# will honor the `STRIP' environment variable to overrule this program.
+if test "$cross_compiling" != no; then
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
+set dummy ${ac_tool_prefix}strip; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_STRIP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$STRIP"; then
+ ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_STRIP="${ac_tool_prefix}strip"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+STRIP=$ac_cv_prog_STRIP
+if test -n "$STRIP"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
+$as_echo "$STRIP" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_STRIP"; then
+ ac_ct_STRIP=$STRIP
+ # Extract the first word of "strip", so it can be a program name with args.
+set dummy strip; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_STRIP"; then
+ ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_STRIP="strip"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
+if test -n "$ac_ct_STRIP"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
+$as_echo "$ac_ct_STRIP" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_STRIP" = x; then
+ STRIP=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ STRIP=$ac_ct_STRIP
+ fi
+else
+ STRIP="$ac_cv_prog_STRIP"
+fi
+
+fi
+INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5
+$as_echo_n "checking for a thread-safe mkdir -p... " >&6; }
+if test -z "$MKDIR_P"; then
+ if test "${ac_cv_path_mkdir+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in mkdir gmkdir; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; } || continue
+ case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #(
+ 'mkdir (GNU coreutils) '* | \
+ 'mkdir (coreutils) '* | \
+ 'mkdir (fileutils) '4.1*)
+ ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext
+ break 3;;
+ esac
+ done
+ done
+ done
+IFS=$as_save_IFS
+
+fi
+
+ test -d ./--version && rmdir ./--version
+ if test "${ac_cv_path_mkdir+set}" = set; then
+ MKDIR_P="$ac_cv_path_mkdir -p"
+ else
+ # As a last resort, use the slow shell script. Don't cache a
+ # value for MKDIR_P within a source directory, because that will
+ # break other packages using the cache if that directory is
+ # removed, or if the value is a relative name.
+ MKDIR_P="$ac_install_sh -d"
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5
+$as_echo "$MKDIR_P" >&6; }
+
+mkdir_p="$MKDIR_P"
+case $mkdir_p in
+ [\\/$]* | ?:[\\/]*) ;;
+ */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;;
+esac
+
+for ac_prog in gawk mawk nawk awk
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_AWK+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$AWK"; then
+ ac_cv_prog_AWK="$AWK" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_AWK="$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+AWK=$ac_cv_prog_AWK
+if test -n "$AWK"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5
+$as_echo "$AWK" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$AWK" && break
+done
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5
+$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; }
+set x ${MAKE-make}
+ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
+if eval "test \"\${ac_cv_prog_make_${ac_make}_set+set}\"" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat >conftest.make <<\_ACEOF
+SHELL = /bin/sh
+all:
+ @echo '@@@%%%=$(MAKE)=@@@%%%'
+_ACEOF
+# GNU make sometimes prints "make[1]: Entering ...", which would confuse us.
+case `${MAKE-make} -f conftest.make 2>/dev/null` in
+ *@@@%%%=?*=@@@%%%*)
+ eval ac_cv_prog_make_${ac_make}_set=yes;;
+ *)
+ eval ac_cv_prog_make_${ac_make}_set=no;;
+esac
+rm -f conftest.make
+fi
+if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ SET_MAKE=
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ SET_MAKE="MAKE=${MAKE-make}"
+fi
+
+rm -rf .tst 2>/dev/null
+mkdir .tst 2>/dev/null
+if test -d .tst; then
+ am__leading_dot=.
+else
+ am__leading_dot=_
+fi
+rmdir .tst 2>/dev/null
+
+if test "`cd $srcdir && pwd`" != "`pwd`"; then
+ # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
+ # is not polluted with repeated "-I."
+ am__isrc=' -I$(srcdir)'
+ # test to see if srcdir already configured
+ if test -f $srcdir/config.status; then
+ as_fn_error $? "source directory already configured; run \"make distclean\" there first" "$LINENO" 5
+ fi
+fi
+
+# test whether we have cygpath
+if test -z "$CYGPATH_W"; then
+ if (cygpath --version) >/dev/null 2>/dev/null; then
+ CYGPATH_W='cygpath -w'
+ else
+ CYGPATH_W=echo
+ fi
+fi
+
+
+# Define the identity of the package.
+ PACKAGE='xmlsec1'
+ VERSION='1.2.18'
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE "$PACKAGE"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define VERSION "$VERSION"
+_ACEOF
+
+# Some tools Automake needs.
+
+ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"}
+
+
+AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"}
+
+
+AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"}
+
+
+AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"}
+
+
+MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
+
+# We need awk for the "check" target. The system "awk" is bad on
+# some platforms.
+# Always define AMTAR for backward compatibility.
+
+AMTAR=${AMTAR-"${am_missing_run}tar"}
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to create a ustar tar archive" >&5
+$as_echo_n "checking how to create a ustar tar archive... " >&6; }
+# Loop over all known methods to create a tar archive until one works.
+_am_tools='gnutar plaintar pax cpio none'
+_am_tools=${am_cv_prog_tar_ustar-$_am_tools}
+# Do not fold the above two line into one, because Tru64 sh and
+# Solaris sh will not grok spaces in the rhs of `-'.
+for _am_tool in $_am_tools
+do
+ case $_am_tool in
+ gnutar)
+ for _am_tar in tar gnutar gtar;
+ do
+ { echo "$as_me:$LINENO: $_am_tar --version" >&5
+ ($_am_tar --version) >&5 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); } && break
+ done
+ am__tar="$_am_tar --format=ustar -chf - "'"$$tardir"'
+ am__tar_="$_am_tar --format=ustar -chf - "'"$tardir"'
+ am__untar="$_am_tar -xf -"
+ ;;
+ plaintar)
+ # Must skip GNU tar: if it does not support --format= it doesn't create
+ # ustar tarball either.
+ (tar --version) >/dev/null 2>&1 && continue
+ am__tar='tar chf - "$$tardir"'
+ am__tar_='tar chf - "$tardir"'
+ am__untar='tar xf -'
+ ;;
+ pax)
+ am__tar='pax -L -x ustar -w "$$tardir"'
+ am__tar_='pax -L -x ustar -w "$tardir"'
+ am__untar='pax -r'
+ ;;
+ cpio)
+ am__tar='find "$$tardir" -print | cpio -o -H ustar -L'
+ am__tar_='find "$tardir" -print | cpio -o -H ustar -L'
+ am__untar='cpio -i -H ustar -d'
+ ;;
+ none)
+ am__tar=false
+ am__tar_=false
+ am__untar=false
+ ;;
+ esac
+
+ # If the value was cached, stop now. We just wanted to have am__tar
+ # and am__untar set.
+ test -n "${am_cv_prog_tar_ustar}" && break
+
+ # tar/untar a dummy directory, and stop if the command works
+ rm -rf conftest.dir
+ mkdir conftest.dir
+ echo GrepMe > conftest.dir/file
+ { echo "$as_me:$LINENO: tardir=conftest.dir && eval $am__tar_ >conftest.tar" >&5
+ (tardir=conftest.dir && eval $am__tar_ >conftest.tar) >&5 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+ rm -rf conftest.dir
+ if test -s conftest.tar; then
+ { echo "$as_me:$LINENO: $am__untar <conftest.tar" >&5
+ ($am__untar <conftest.tar) >&5 2>&5
+ ac_status=$?
+ echo "$as_me:$LINENO: \$? = $ac_status" >&5
+ (exit $ac_status); }
+ grep GrepMe conftest.dir/file >/dev/null 2>&1 && break
+ fi
+done
+rm -rf conftest.dir
+
+if test "${am_cv_prog_tar_ustar+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ am_cv_prog_tar_ustar=$_am_tool
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_tar_ustar" >&5
+$as_echo "$am_cv_prog_tar_ustar" >&6; }
+
+
+
+
+
+ac_config_headers="$ac_config_headers config.h"
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable maintainer-specific portions of Makefiles" >&5
+$as_echo_n "checking whether to enable maintainer-specific portions of Makefiles... " >&6; }
+ # Check whether --enable-maintainer-mode was given.
+if test "${enable_maintainer_mode+set}" = set; then :
+ enableval=$enable_maintainer_mode; USE_MAINTAINER_MODE=$enableval
+else
+ USE_MAINTAINER_MODE=no
+fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_MAINTAINER_MODE" >&5
+$as_echo "$USE_MAINTAINER_MODE" >&6; }
+ if test $USE_MAINTAINER_MODE = yes; then
+ MAINTAINER_MODE_TRUE=
+ MAINTAINER_MODE_FALSE='#'
+else
+ MAINTAINER_MODE_TRUE='#'
+ MAINTAINER_MODE_FALSE=
+fi
+
+ MAINT=$MAINTAINER_MODE_TRUE
+
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}gcc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_CC="${ac_tool_prefix}gcc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+ ac_ct_CC=$CC
+ # Extract the first word of "gcc", so it can be a program name with args.
+set dummy gcc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_CC="gcc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_CC" = x; then
+ CC=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ CC=$ac_ct_CC
+ fi
+else
+ CC="$ac_cv_prog_CC"
+fi
+
+if test -z "$CC"; then
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}cc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_CC="${ac_tool_prefix}cc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ fi
+fi
+if test -z "$CC"; then
+ # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+ ac_prog_rejected=no
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
+ ac_prog_rejected=yes
+ continue
+ fi
+ ac_cv_prog_CC="cc"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+if test $ac_prog_rejected = yes; then
+ # We found a bogon in the path, so make sure we never use it.
+ set dummy $ac_cv_prog_CC
+ shift
+ if test $# != 0; then
+ # We chose a different compiler from the bogus one.
+ # However, it has the same basename, so the bogon will be chosen
+ # first if we set CC to just the basename; use the full file name.
+ shift
+ ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
+ fi
+fi
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$CC"; then
+ if test -n "$ac_tool_prefix"; then
+ for ac_prog in cl.exe
+ do
+ # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$CC"; then
+ ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$CC" && break
+ done
+fi
+if test -z "$CC"; then
+ ac_ct_CC=$CC
+ for ac_prog in cl.exe
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_CC"; then
+ ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_CC="$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$ac_ct_CC" && break
+done
+
+ if test "x$ac_ct_CC" = x; then
+ CC=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ CC=$ac_ct_CC
+ fi
+fi
+
+fi
+
+
+test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "no acceptable C compiler found in \$PATH
+See \`config.log' for more details" "$LINENO" 5 ; }
+
+# Provide some information about the compiler.
+$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
+set X $ac_compile
+ac_compiler=$2
+for ac_option in --version -v -V -qversion; do
+ { { ac_try="$ac_compiler $ac_option >&5"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compiler $ac_option >&5") 2>conftest.err
+ ac_status=$?
+ if test -s conftest.err; then
+ sed '10a\
+... rest of stderr output deleted ...
+ 10q' conftest.err >conftest.er1
+ cat conftest.er1 >&5
+ fi
+ rm -f conftest.er1 conftest.err
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+done
+
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
+# Try to create an executable without -o first, disregard a.out.
+# It will help us diagnose broken compilers, and finding out an intuition
+# of exeext.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5
+$as_echo_n "checking whether the C compiler works... " >&6; }
+ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
+
+# The possible output files:
+ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
+
+ac_rmfiles=
+for ac_file in $ac_files
+do
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+ * ) ac_rmfiles="$ac_rmfiles $ac_file";;
+ esac
+done
+rm -f $ac_rmfiles
+
+if { { ac_try="$ac_link_default"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link_default") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then :
+ # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
+# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
+# in a Makefile. We should not override ac_cv_exeext if it was cached,
+# so that the user can short-circuit this test for compilers unknown to
+# Autoconf.
+for ac_file in $ac_files ''
+do
+ test -f "$ac_file" || continue
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
+ ;;
+ [ab].out )
+ # We found the default executable, but exeext='' is most
+ # certainly right.
+ break;;
+ *.* )
+ if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
+ then :; else
+ ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+ fi
+ # We set ac_cv_exeext here because the later test for it is not
+ # safe: cross compilers may not add the suffix if given an `-o'
+ # argument, so we may need to know it at that point already.
+ # Even if this section looks crufty: it has the advantage of
+ # actually working.
+ break;;
+ * )
+ break;;
+ esac
+done
+test "$ac_cv_exeext" = no && ac_cv_exeext=
+
+else
+ ac_file=''
+fi
+if test -z "$ac_file"; then :
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+$as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "C compiler cannot create executables
+See \`config.log' for more details" "$LINENO" 5 ; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5
+$as_echo_n "checking for C compiler default output file name... " >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
+$as_echo "$ac_file" >&6; }
+ac_exeext=$ac_cv_exeext
+
+rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
+ac_clean_files=$ac_clean_files_save
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
+$as_echo_n "checking for suffix of executables... " >&6; }
+if { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then :
+ # If both `conftest.exe' and `conftest' are `present' (well, observable)
+# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will
+# work properly (i.e., refer to `conftest.exe'), while it won't with
+# `rm'.
+for ac_file in conftest.exe conftest conftest.*; do
+ test -f "$ac_file" || continue
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+ *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+ break;;
+ * ) break;;
+ esac
+done
+else
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details" "$LINENO" 5 ; }
+fi
+rm -f conftest conftest$ac_cv_exeext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
+$as_echo "$ac_cv_exeext" >&6; }
+
+rm -f conftest.$ac_ext
+EXEEXT=$ac_cv_exeext
+ac_exeext=$EXEEXT
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdio.h>
+int
+main ()
+{
+FILE *f = fopen ("conftest.out", "w");
+ return ferror (f) || fclose (f) != 0;
+
+ ;
+ return 0;
+}
+_ACEOF
+ac_clean_files="$ac_clean_files conftest.out"
+# Check that the compiler produces executables we can run. If not, either
+# the compiler is broken, or we cross compile.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
+$as_echo_n "checking whether we are cross compiling... " >&6; }
+if test "$cross_compiling" != yes; then
+ { { ac_try="$ac_link"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_link") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+ if { ac_try='./conftest$ac_cv_exeext'
+ { { case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_try") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; }; then
+ cross_compiling=no
+ else
+ if test "$cross_compiling" = maybe; then
+ cross_compiling=yes
+ else
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot run C compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details" "$LINENO" 5 ; }
+ fi
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
+$as_echo "$cross_compiling" >&6; }
+
+rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
+ac_clean_files=$ac_clean_files_save
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
+$as_echo_n "checking for suffix of object files... " >&6; }
+if test "${ac_cv_objext+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+rm -f conftest.o conftest.obj
+if { { ac_try="$ac_compile"
+case "(($ac_try" in
+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+ *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+ (eval "$ac_compile") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then :
+ for ac_file in conftest.o conftest.obj conftest.*; do
+ test -f "$ac_file" || continue;
+ case $ac_file in
+ *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
+ *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
+ break;;
+ esac
+done
+else
+ $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "cannot compute suffix of object files: cannot compile
+See \`config.log' for more details" "$LINENO" 5 ; }
+fi
+rm -f conftest.$ac_cv_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
+$as_echo "$ac_cv_objext" >&6; }
+OBJEXT=$ac_cv_objext
+ac_objext=$OBJEXT
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5
+$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
+if test "${ac_cv_c_compiler_gnu+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+#ifndef __GNUC__
+ choke me
+#endif
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_compiler_gnu=yes
+else
+ ac_compiler_gnu=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_c_compiler_gnu=$ac_compiler_gnu
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
+$as_echo "$ac_cv_c_compiler_gnu" >&6; }
+if test $ac_compiler_gnu = yes; then
+ GCC=yes
+else
+ GCC=
+fi
+ac_test_CFLAGS=${CFLAGS+set}
+ac_save_CFLAGS=$CFLAGS
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
+$as_echo_n "checking whether $CC accepts -g... " >&6; }
+if test "${ac_cv_prog_cc_g+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_save_c_werror_flag=$ac_c_werror_flag
+ ac_c_werror_flag=yes
+ ac_cv_prog_cc_g=no
+ CFLAGS="-g"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_prog_cc_g=yes
+else
+ CFLAGS=""
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+else
+ ac_c_werror_flag=$ac_save_c_werror_flag
+ CFLAGS="-g"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_prog_cc_g=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ ac_c_werror_flag=$ac_save_c_werror_flag
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
+$as_echo "$ac_cv_prog_cc_g" >&6; }
+if test "$ac_test_CFLAGS" = set; then
+ CFLAGS=$ac_save_CFLAGS
+elif test $ac_cv_prog_cc_g = yes; then
+ if test "$GCC" = yes; then
+ CFLAGS="-g -O2"
+ else
+ CFLAGS="-g"
+ fi
+else
+ if test "$GCC" = yes; then
+ CFLAGS="-O2"
+ else
+ CFLAGS=
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5
+$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
+if test "${ac_cv_prog_cc_c89+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_cv_prog_cc_c89=no
+ac_save_CC=$CC
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdarg.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */
+struct buf { int x; };
+FILE * (*rcsopen) (struct buf *, struct stat *, int);
+static char *e (p, i)
+ char **p;
+ int i;
+{
+ return p[i];
+}
+static char *f (char * (*g) (char **, int), char **p, ...)
+{
+ char *s;
+ va_list v;
+ va_start (v,p);
+ s = g (p, va_arg (v,int));
+ va_end (v);
+ return s;
+}
+
+/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has
+ function prototypes and stuff, but not '\xHH' hex character constants.
+ These don't provoke an error unfortunately, instead are silently treated
+ as 'x'. The following induces an error, until -std is added to get
+ proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an
+ array size at least. It's necessary to write '\x00'==0 to get something
+ that's true only with -std. */
+int osf4_cc_array ['\x00' == 0 ? 1 : -1];
+
+/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
+ inside strings and character constants. */
+#define FOO(x) 'x'
+int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
+
+int test (int i, double x);
+struct s1 {int (*f) (int a);};
+struct s2 {int (*f) (double a);};
+int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
+int argc;
+char **argv;
+int
+main ()
+{
+return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1];
+ ;
+ return 0;
+}
+_ACEOF
+for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
+ -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+do
+ CC="$ac_save_CC $ac_arg"
+ if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_prog_cc_c89=$ac_arg
+fi
+rm -f core conftest.err conftest.$ac_objext
+ test "x$ac_cv_prog_cc_c89" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+
+fi
+# AC_CACHE_VAL
+case "x$ac_cv_prog_cc_c89" in
+ x)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+$as_echo "none needed" >&6; } ;;
+ xno)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+$as_echo "unsupported" >&6; } ;;
+ *)
+ CC="$CC $ac_cv_prog_cc_c89"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
+$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
+esac
+if test "x$ac_cv_prog_cc_c89" != xno; then :
+
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+DEPDIR="${am__leading_dot}deps"
+
+ac_config_commands="$ac_config_commands depfiles"
+
+
+am_make=${MAKE-make}
+cat > confinc << 'END'
+am__doit:
+ @echo this is the am__doit target
+.PHONY: am__doit
+END
+# If we don't find an include directive, just comment out the code.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for style of include used by $am_make" >&5
+$as_echo_n "checking for style of include used by $am_make... " >&6; }
+am__include="#"
+am__quote=
+_am_result=none
+# First try GNU make style include.
+echo "include confinc" > confmf
+# Ignore all kinds of additional output from `make'.
+case `$am_make -s -f confmf 2> /dev/null` in #(
+*the\ am__doit\ target*)
+ am__include=include
+ am__quote=
+ _am_result=GNU
+ ;;
+esac
+# Now try BSD make style include.
+if test "$am__include" = "#"; then
+ echo '.include "confinc"' > confmf
+ case `$am_make -s -f confmf 2> /dev/null` in #(
+ *the\ am__doit\ target*)
+ am__include=.include
+ am__quote="\""
+ _am_result=BSD
+ ;;
+ esac
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $_am_result" >&5
+$as_echo "$_am_result" >&6; }
+rm -f confinc confmf
+
+# Check whether --enable-dependency-tracking was given.
+if test "${enable_dependency_tracking+set}" = set; then :
+ enableval=$enable_dependency_tracking;
+fi
+
+if test "x$enable_dependency_tracking" != xno; then
+ am_depcomp="$ac_aux_dir/depcomp"
+ AMDEPBACKSLASH='\'
+fi
+ if test "x$enable_dependency_tracking" != xno; then
+ AMDEP_TRUE=
+ AMDEP_FALSE='#'
+else
+ AMDEP_TRUE='#'
+ AMDEP_FALSE=
+fi
+
+
+
+depcc="$CC" am_compiler_list=
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5
+$as_echo_n "checking dependency style of $depcc... " >&6; }
+if test "${am_cv_CC_dependencies_compiler_type+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+ # We make a subdir and do the tests there. Otherwise we can end up
+ # making bogus files that we don't know about and never remove. For
+ # instance it was reported that on HP-UX the gcc test will end up
+ # making a dummy file named `D' -- because `-MD' means `put the output
+ # in D'.
+ mkdir conftest.dir
+ # Copy depcomp to subdir because otherwise we won't find it if we're
+ # using a relative directory.
+ cp "$am_depcomp" conftest.dir
+ cd conftest.dir
+ # We will build objects and dependencies in a subdirectory because
+ # it helps to detect inapplicable dependency modes. For instance
+ # both Tru64's cc and ICC support -MD to output dependencies as a
+ # side effect of compilation, but ICC will put the dependencies in
+ # the current directory while Tru64 will put them in the object
+ # directory.
+ mkdir sub
+
+ am_cv_CC_dependencies_compiler_type=none
+ if test "$am_compiler_list" = ""; then
+ am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
+ fi
+ am__universal=false
+ case " $depcc " in #(
+ *\ -arch\ *\ -arch\ *) am__universal=true ;;
+ esac
+
+ for depmode in $am_compiler_list; do
+ # Setup a source with many dependencies, because some compilers
+ # like to wrap large dependency lists on column 80 (with \), and
+ # we should not choose a depcomp mode which is confused by this.
+ #
+ # We need to recreate these files for each test, as the compiler may
+ # overwrite some of them when testing with obscure command lines.
+ # This happens at least with the AIX C compiler.
+ : > sub/conftest.c
+ for i in 1 2 3 4 5 6; do
+ echo '#include "conftst'$i'.h"' >> sub/conftest.c
+ # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+ # Solaris 8's {/usr,}/bin/sh.
+ touch sub/conftst$i.h
+ done
+ echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+ # We check with `-c' and `-o' for the sake of the "dashmstdout"
+ # mode. It turns out that the SunPro C++ compiler does not properly
+ # handle `-M -o', and we need to detect this. Also, some Intel
+ # versions had trouble with output in subdirs
+ am__obj=sub/conftest.${OBJEXT-o}
+ am__minus_obj="-o $am__obj"
+ case $depmode in
+ gcc)
+ # This depmode causes a compiler race in universal mode.
+ test "$am__universal" = false || continue
+ ;;
+ nosideeffect)
+ # after this tag, mechanisms are not by side-effect, so they'll
+ # only be used when explicitly requested
+ if test "x$enable_dependency_tracking" = xyes; then
+ continue
+ else
+ break
+ fi
+ ;;
+ msvisualcpp | msvcmsys)
+ # This compiler won't grok `-c -o', but also, the minuso test has
+ # not run yet. These depmodes are late enough in the game, and
+ # so weak that their functioning should not be impacted.
+ am__obj=conftest.${OBJEXT-o}
+ am__minus_obj=
+ ;;
+ none) break ;;
+ esac
+ if depmode=$depmode \
+ source=sub/conftest.c object=$am__obj \
+ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+ $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
+ >/dev/null 2>conftest.err &&
+ grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+ grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
+ ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+ # icc doesn't choke on unknown options, it will just issue warnings
+ # or remarks (even with -Werror). So we grep stderr for any message
+ # that says an option was ignored or not supported.
+ # When given -MP, icc 7.0 and 7.1 complain thusly:
+ # icc: Command line warning: ignoring option '-M'; no argument required
+ # The diagnosis changed in icc 8.0:
+ # icc: Command line remark: option '-MP' not supported
+ if (grep 'ignoring option' conftest.err ||
+ grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+ am_cv_CC_dependencies_compiler_type=$depmode
+ break
+ fi
+ fi
+ done
+
+ cd ..
+ rm -rf conftest.dir
+else
+ am_cv_CC_dependencies_compiler_type=none
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5
+$as_echo "$am_cv_CC_dependencies_compiler_type" >&6; }
+CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type
+
+ if
+ test "x$enable_dependency_tracking" != xno \
+ && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then
+ am__fastdepCC_TRUE=
+ am__fastdepCC_FALSE='#'
+else
+ am__fastdepCC_TRUE='#'
+ am__fastdepCC_FALSE=
+fi
+
+
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
+$as_echo_n "checking how to run the C preprocessor... " >&6; }
+# On Suns, sometimes $CPP names a directory.
+if test -n "$CPP" && test -d "$CPP"; then
+ CPP=
+fi
+if test -z "$CPP"; then
+ if test "${ac_cv_prog_CPP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ # Double quotes because CPP needs to be expanded
+ for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
+ do
+ ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+
+else
+ # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether nonexistent headers
+ # can be detected and how.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ # Broken: success on invalid input.
+continue
+else
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+ break
+fi
+
+ done
+ ac_cv_prog_CPP=$CPP
+
+fi
+ CPP=$ac_cv_prog_CPP
+else
+ ac_cv_prog_CPP=$CPP
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
+$as_echo "$CPP" >&6; }
+ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+ # Use a header file that comes with gcc, so configuring glibc
+ # with a fresh cross-compiler works.
+ # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+ # <limits.h> exists even on freestanding compilers.
+ # On the NeXT, cc -E runs the code through the compiler's parser,
+ # not just through cpp. "Syntax error" is here to catch this case.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+ Syntax error
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+
+else
+ # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+ # OK, works on sane cases. Now check whether nonexistent headers
+ # can be detected and how.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+ # Broken: success on invalid input.
+continue
+else
+ # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.i conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.i conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+
+else
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "C preprocessor \"$CPP\" fails sanity check
+See \`config.log' for more details" "$LINENO" 5 ; }
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
+$as_echo_n "checking for grep that handles long lines and -e... " >&6; }
+if test "${ac_cv_path_GREP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -z "$GREP"; then
+ ac_path_GREP_found=false
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in grep ggrep; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
+ { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue
+# Check for GNU ac_path_GREP and select it if it is found.
+ # Check for GNU $ac_path_GREP
+case `"$ac_path_GREP" --version 2>&1` in
+*GNU*)
+ ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
+*)
+ ac_count=0
+ $as_echo_n 0123456789 >"conftest.in"
+ while :
+ do
+ cat "conftest.in" "conftest.in" >"conftest.tmp"
+ mv "conftest.tmp" "conftest.in"
+ cp "conftest.in" "conftest.nl"
+ $as_echo 'GREP' >> "conftest.nl"
+ "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
+ if test $ac_count -gt ${ac_path_GREP_max-0}; then
+ # Best one so far, save it but keep looking for a better one
+ ac_cv_path_GREP="$ac_path_GREP"
+ ac_path_GREP_max=$ac_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test $ac_count -gt 10 && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+ $ac_path_GREP_found && break 3
+ done
+ done
+ done
+IFS=$as_save_IFS
+ if test -z "$ac_cv_path_GREP"; then
+ as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+ fi
+else
+ ac_cv_path_GREP=$GREP
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
+$as_echo "$ac_cv_path_GREP" >&6; }
+ GREP="$ac_cv_path_GREP"
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
+$as_echo_n "checking for egrep... " >&6; }
+if test "${ac_cv_path_EGREP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
+ then ac_cv_path_EGREP="$GREP -E"
+ else
+ if test -z "$EGREP"; then
+ ac_path_EGREP_found=false
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in egrep; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
+ { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue
+# Check for GNU ac_path_EGREP and select it if it is found.
+ # Check for GNU $ac_path_EGREP
+case `"$ac_path_EGREP" --version 2>&1` in
+*GNU*)
+ ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
+*)
+ ac_count=0
+ $as_echo_n 0123456789 >"conftest.in"
+ while :
+ do
+ cat "conftest.in" "conftest.in" >"conftest.tmp"
+ mv "conftest.tmp" "conftest.in"
+ cp "conftest.in" "conftest.nl"
+ $as_echo 'EGREP' >> "conftest.nl"
+ "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
+ if test $ac_count -gt ${ac_path_EGREP_max-0}; then
+ # Best one so far, save it but keep looking for a better one
+ ac_cv_path_EGREP="$ac_path_EGREP"
+ ac_path_EGREP_max=$ac_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test $ac_count -gt 10 && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+ $ac_path_EGREP_found && break 3
+ done
+ done
+ done
+IFS=$as_save_IFS
+ if test -z "$ac_cv_path_EGREP"; then
+ as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+ fi
+else
+ ac_cv_path_EGREP=$EGREP
+fi
+
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
+$as_echo "$ac_cv_path_EGREP" >&6; }
+ EGREP="$ac_cv_path_EGREP"
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
+$as_echo_n "checking for ANSI C header files... " >&6; }
+if test "${ac_cv_header_stdc+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <float.h>
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_header_stdc=yes
+else
+ ac_cv_header_stdc=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+if test $ac_cv_header_stdc = yes; then
+ # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <string.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "memchr" >/dev/null 2>&1; then :
+
+else
+ ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+ # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdlib.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "free" >/dev/null 2>&1; then :
+
+else
+ ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+ # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+ if test "$cross_compiling" = yes; then :
+ :
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ctype.h>
+#include <stdlib.h>
+#if ((' ' & 0x0FF) == 0x020)
+# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#else
+# define ISLOWER(c) \
+ (('a' <= (c) && (c) <= 'i') \
+ || ('j' <= (c) && (c) <= 'r') \
+ || ('s' <= (c) && (c) <= 'z'))
+# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
+#endif
+
+#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
+int
+main ()
+{
+ int i;
+ for (i = 0; i < 256; i++)
+ if (XOR (islower (i), ISLOWER (i))
+ || toupper (i) != TOUPPER (i))
+ return 2;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+else
+ ac_cv_header_stdc=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5
+$as_echo "$ac_cv_header_stdc" >&6; }
+if test $ac_cv_header_stdc = yes; then
+
+$as_echo "#define STDC_HEADERS 1" >>confdefs.h
+
+fi
+
+case `pwd` in
+ *\ * | *\ *)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5
+$as_echo "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;;
+esac
+
+
+
+macro_version='2.2.6b'
+macro_revision='1.3017'
+
+
+
+
+
+
+
+
+
+
+
+
+
+ltmain="$ac_aux_dir/ltmain.sh"
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
+$as_echo_n "checking for a sed that does not truncate output... " >&6; }
+if test "${ac_cv_path_SED+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
+ for ac_i in 1 2 3 4 5 6 7; do
+ ac_script="$ac_script$as_nl$ac_script"
+ done
+ echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed
+ { ac_script=; unset ac_script;}
+ if test -z "$SED"; then
+ ac_path_SED_found=false
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in sed gsed; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_SED="$as_dir/$ac_prog$ac_exec_ext"
+ { test -f "$ac_path_SED" && $as_test_x "$ac_path_SED"; } || continue
+# Check for GNU ac_path_SED and select it if it is found.
+ # Check for GNU $ac_path_SED
+case `"$ac_path_SED" --version 2>&1` in
+*GNU*)
+ ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;;
+*)
+ ac_count=0
+ $as_echo_n 0123456789 >"conftest.in"
+ while :
+ do
+ cat "conftest.in" "conftest.in" >"conftest.tmp"
+ mv "conftest.tmp" "conftest.in"
+ cp "conftest.in" "conftest.nl"
+ $as_echo '' >> "conftest.nl"
+ "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break
+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
+ if test $ac_count -gt ${ac_path_SED_max-0}; then
+ # Best one so far, save it but keep looking for a better one
+ ac_cv_path_SED="$ac_path_SED"
+ ac_path_SED_max=$ac_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test $ac_count -gt 10 && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+ $ac_path_SED_found && break 3
+ done
+ done
+ done
+IFS=$as_save_IFS
+ if test -z "$ac_cv_path_SED"; then
+ as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5
+ fi
+else
+ ac_cv_path_SED=$SED
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
+$as_echo "$ac_cv_path_SED" >&6; }
+ SED="$ac_cv_path_SED"
+ rm -f conftest.sed
+
+test -z "$SED" && SED=sed
+Xsed="$SED -e 1s/^X//"
+
+
+
+
+
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5
+$as_echo_n "checking for fgrep... " >&6; }
+if test "${ac_cv_path_FGREP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1
+ then ac_cv_path_FGREP="$GREP -F"
+ else
+ if test -z "$FGREP"; then
+ ac_path_FGREP_found=false
+ # Loop through the user's path and test for each of PROGNAME-LIST
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_prog in fgrep; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ ac_path_FGREP="$as_dir/$ac_prog$ac_exec_ext"
+ { test -f "$ac_path_FGREP" && $as_test_x "$ac_path_FGREP"; } || continue
+# Check for GNU ac_path_FGREP and select it if it is found.
+ # Check for GNU $ac_path_FGREP
+case `"$ac_path_FGREP" --version 2>&1` in
+*GNU*)
+ ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;;
+*)
+ ac_count=0
+ $as_echo_n 0123456789 >"conftest.in"
+ while :
+ do
+ cat "conftest.in" "conftest.in" >"conftest.tmp"
+ mv "conftest.tmp" "conftest.in"
+ cp "conftest.in" "conftest.nl"
+ $as_echo 'FGREP' >> "conftest.nl"
+ "$ac_path_FGREP" FGREP < "conftest.nl" >"conftest.out" 2>/dev/null || break
+ diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+ as_fn_arith $ac_count + 1 && ac_count=$as_val
+ if test $ac_count -gt ${ac_path_FGREP_max-0}; then
+ # Best one so far, save it but keep looking for a better one
+ ac_cv_path_FGREP="$ac_path_FGREP"
+ ac_path_FGREP_max=$ac_count
+ fi
+ # 10*(2^10) chars as input seems more than enough
+ test $ac_count -gt 10 && break
+ done
+ rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+ $ac_path_FGREP_found && break 3
+ done
+ done
+ done
+IFS=$as_save_IFS
+ if test -z "$ac_cv_path_FGREP"; then
+ as_fn_error $? "no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+ fi
+else
+ ac_cv_path_FGREP=$FGREP
+fi
+
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5
+$as_echo "$ac_cv_path_FGREP" >&6; }
+ FGREP="$ac_cv_path_FGREP"
+
+
+test -z "$GREP" && GREP=grep
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# Check whether --with-gnu-ld was given.
+if test "${with_gnu_ld+set}" = set; then :
+ withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes
+else
+ with_gnu_ld=no
+fi
+
+ac_prog=ld
+if test "$GCC" = yes; then
+ # Check if gcc -print-prog-name=ld gives a path.
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5
+$as_echo_n "checking for ld used by $CC... " >&6; }
+ case $host in
+ *-*-mingw*)
+ # gcc leaves a trailing carriage return which upsets mingw
+ ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
+ *)
+ ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
+ esac
+ case $ac_prog in
+ # Accept absolute paths.
+ [\\/]* | ?:[\\/]*)
+ re_direlt='/[^/][^/]*/\.\./'
+ # Canonicalize the pathname of ld
+ ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'`
+ while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
+ ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
+ done
+ test -z "$LD" && LD="$ac_prog"
+ ;;
+ "")
+ # If it fails, then pretend we aren't using GCC.
+ ac_prog=ld
+ ;;
+ *)
+ # If it is relative, then search for the first ld in PATH.
+ with_gnu_ld=unknown
+ ;;
+ esac
+elif test "$with_gnu_ld" = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5
+$as_echo_n "checking for GNU ld... " >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5
+$as_echo_n "checking for non-GNU ld... " >&6; }
+fi
+if test "${lt_cv_path_LD+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -z "$LD"; then
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+ lt_cv_path_LD="$ac_dir/$ac_prog"
+ # Check to see if the program is GNU ld. I'd rather use --version,
+ # but apparently some variants of GNU ld only accept -v.
+ # Break only if it was the GNU/non-GNU ld that we prefer.
+ case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
+ *GNU* | *'with BFD'*)
+ test "$with_gnu_ld" != no && break
+ ;;
+ *)
+ test "$with_gnu_ld" != yes && break
+ ;;
+ esac
+ fi
+ done
+ IFS="$lt_save_ifs"
+else
+ lt_cv_path_LD="$LD" # Let the user override the test with a path.
+fi
+fi
+
+LD="$lt_cv_path_LD"
+if test -n "$LD"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LD" >&5
+$as_echo "$LD" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5
+$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; }
+if test "${lt_cv_prog_gnu_ld+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ # I'd rather use --version here, but apparently some GNU lds only accept -v.
+case `$LD -v 2>&1 </dev/null` in
+*GNU* | *'with BFD'*)
+ lt_cv_prog_gnu_ld=yes
+ ;;
+*)
+ lt_cv_prog_gnu_ld=no
+ ;;
+esac
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_gnu_ld" >&5
+$as_echo "$lt_cv_prog_gnu_ld" >&6; }
+with_gnu_ld=$lt_cv_prog_gnu_ld
+
+
+
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5
+$as_echo_n "checking for BSD- or MS-compatible name lister (nm)... " >&6; }
+if test "${lt_cv_path_NM+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$NM"; then
+ # Let the user override the test.
+ lt_cv_path_NM="$NM"
+else
+ lt_nm_to_check="${ac_tool_prefix}nm"
+ if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
+ lt_nm_to_check="$lt_nm_to_check nm"
+ fi
+ for lt_tmp_nm in $lt_nm_to_check; do
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ tmp_nm="$ac_dir/$lt_tmp_nm"
+ if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then
+ # Check to see if the nm accepts a BSD-compat flag.
+ # Adding the `sed 1q' prevents false positives on HP-UX, which says:
+ # nm: unknown option "B" ignored
+ # Tru64's nm complains that /dev/null is an invalid object file
+ case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in
+ */dev/null* | *'Invalid file or object type'*)
+ lt_cv_path_NM="$tmp_nm -B"
+ break
+ ;;
+ *)
+ case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
+ */dev/null*)
+ lt_cv_path_NM="$tmp_nm -p"
+ break
+ ;;
+ *)
+ lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
+ continue # so that we can try to find one that supports BSD flags
+ ;;
+ esac
+ ;;
+ esac
+ fi
+ done
+ IFS="$lt_save_ifs"
+ done
+ : ${lt_cv_path_NM=no}
+fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5
+$as_echo "$lt_cv_path_NM" >&6; }
+if test "$lt_cv_path_NM" != "no"; then
+ NM="$lt_cv_path_NM"
+else
+ # Didn't find any BSD compatible name lister, look for dumpbin.
+ if test -n "$ac_tool_prefix"; then
+ for ac_prog in "dumpbin -symbols" "link -dump -symbols"
+ do
+ # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_DUMPBIN+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$DUMPBIN"; then
+ ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+DUMPBIN=$ac_cv_prog_DUMPBIN
+if test -n "$DUMPBIN"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5
+$as_echo "$DUMPBIN" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$DUMPBIN" && break
+ done
+fi
+if test -z "$DUMPBIN"; then
+ ac_ct_DUMPBIN=$DUMPBIN
+ for ac_prog in "dumpbin -symbols" "link -dump -symbols"
+do
+ # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_DUMPBIN+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_DUMPBIN"; then
+ ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_DUMPBIN="$ac_prog"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN
+if test -n "$ac_ct_DUMPBIN"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5
+$as_echo "$ac_ct_DUMPBIN" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ test -n "$ac_ct_DUMPBIN" && break
+done
+
+ if test "x$ac_ct_DUMPBIN" = x; then
+ DUMPBIN=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ DUMPBIN=$ac_ct_DUMPBIN
+ fi
+fi
+
+
+ if test "$DUMPBIN" != ":"; then
+ NM="$DUMPBIN"
+ fi
+fi
+test -z "$NM" && NM=nm
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5
+$as_echo_n "checking the name lister ($NM) interface... " >&6; }
+if test "${lt_cv_nm_interface+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_nm_interface="BSD nm"
+ echo "int some_variable = 0;" > conftest.$ac_ext
+ (eval echo "\"\$as_me:5309: $ac_compile\"" >&5)
+ (eval "$ac_compile" 2>conftest.err)
+ cat conftest.err >&5
+ (eval echo "\"\$as_me:5312: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
+ (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
+ cat conftest.err >&5
+ (eval echo "\"\$as_me:5315: output\"" >&5)
+ cat conftest.out >&5
+ if $GREP 'External.*some_variable' conftest.out > /dev/null; then
+ lt_cv_nm_interface="MS dumpbin"
+ fi
+ rm -f conftest*
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5
+$as_echo "$lt_cv_nm_interface" >&6; }
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5
+$as_echo_n "checking whether ln -s works... " >&6; }
+LN_S=$as_ln_s
+if test "$LN_S" = "ln -s"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5
+$as_echo "no, using $LN_S" >&6; }
+fi
+
+# find the maximum length of command line arguments
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5
+$as_echo_n "checking the maximum length of command line arguments... " >&6; }
+if test "${lt_cv_sys_max_cmd_len+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ i=0
+ teststring="ABCD"
+
+ case $build_os in
+ msdosdjgpp*)
+ # On DJGPP, this test can blow up pretty badly due to problems in libc
+ # (any single argument exceeding 2000 bytes causes a buffer overrun
+ # during glob expansion). Even if it were fixed, the result of this
+ # check would be larger than it should be.
+ lt_cv_sys_max_cmd_len=12288; # 12K is about right
+ ;;
+
+ gnu*)
+ # Under GNU Hurd, this test is not required because there is
+ # no limit to the length of command line arguments.
+ # Libtool will interpret -1 as no limit whatsoever
+ lt_cv_sys_max_cmd_len=-1;
+ ;;
+
+ cygwin* | mingw* | cegcc*)
+ # On Win9x/ME, this test blows up -- it succeeds, but takes
+ # about 5 minutes as the teststring grows exponentially.
+ # Worse, since 9x/ME are not pre-emptively multitasking,
+ # you end up with a "frozen" computer, even though with patience
+ # the test eventually succeeds (with a max line length of 256k).
+ # Instead, let's just punt: use the minimum linelength reported by
+ # all of the supported platforms: 8192 (on NT/2K/XP).
+ lt_cv_sys_max_cmd_len=8192;
+ ;;
+
+ amigaos*)
+ # On AmigaOS with pdksh, this test takes hours, literally.
+ # So we just punt and use a minimum line length of 8192.
+ lt_cv_sys_max_cmd_len=8192;
+ ;;
+
+ netbsd* | freebsd* | openbsd* | darwin* | dragonfly*)
+ # This has been around since 386BSD, at least. Likely further.
+ if test -x /sbin/sysctl; then
+ lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
+ elif test -x /usr/sbin/sysctl; then
+ lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
+ else
+ lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs
+ fi
+ # And add a safety zone
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
+ ;;
+
+ interix*)
+ # We know the value 262144 and hardcode it with a safety zone (like BSD)
+ lt_cv_sys_max_cmd_len=196608
+ ;;
+
+ osf*)
+ # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
+ # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
+ # nice to cause kernel panics so lets avoid the loop below.
+ # First set a reasonable default.
+ lt_cv_sys_max_cmd_len=16384
+ #
+ if test -x /sbin/sysconfig; then
+ case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
+ *1*) lt_cv_sys_max_cmd_len=-1 ;;
+ esac
+ fi
+ ;;
+ sco3.2v5*)
+ lt_cv_sys_max_cmd_len=102400
+ ;;
+ sysv5* | sco5v6* | sysv4.2uw2*)
+ kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
+ if test -n "$kargmax"; then
+ lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[ ]//'`
+ else
+ lt_cv_sys_max_cmd_len=32768
+ fi
+ ;;
+ *)
+ lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null`
+ if test -n "$lt_cv_sys_max_cmd_len"; then
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
+ else
+ # Make teststring a little bigger before we do anything with it.
+ # a 1K string should be a reasonable start.
+ for i in 1 2 3 4 5 6 7 8 ; do
+ teststring=$teststring$teststring
+ done
+ SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
+ # If test is not a shell built-in, we'll probably end up computing a
+ # maximum length that is only half of the actual maximum length, but
+ # we can't tell.
+ while { test "X"`$SHELL $0 --fallback-echo "X$teststring$teststring" 2>/dev/null` \
+ = "XX$teststring$teststring"; } >/dev/null 2>&1 &&
+ test $i != 17 # 1/2 MB should be enough
+ do
+ i=`expr $i + 1`
+ teststring=$teststring$teststring
+ done
+ # Only check the string length outside the loop.
+ lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1`
+ teststring=
+ # Add a significant safety factor because C++ compilers can tack on
+ # massive amounts of additional arguments before passing them to the
+ # linker. It appears as though 1/2 is a usable value.
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
+ fi
+ ;;
+ esac
+
+fi
+
+if test -n $lt_cv_sys_max_cmd_len ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5
+$as_echo "$lt_cv_sys_max_cmd_len" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5
+$as_echo "none" >&6; }
+fi
+max_cmd_len=$lt_cv_sys_max_cmd_len
+
+
+
+
+
+
+: ${CP="cp -f"}
+: ${MV="mv -f"}
+: ${RM="rm -f"}
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands some XSI constructs" >&5
+$as_echo_n "checking whether the shell understands some XSI constructs... " >&6; }
+# Try some XSI features
+xsi_shell=no
+( _lt_dummy="a/b/c"
+ test "${_lt_dummy##*/},${_lt_dummy%/*},"${_lt_dummy%"$_lt_dummy"}, \
+ = c,a/b,, \
+ && eval 'test $(( 1 + 1 )) -eq 2 \
+ && test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \
+ && xsi_shell=yes
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $xsi_shell" >&5
+$as_echo "$xsi_shell" >&6; }
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands \"+=\"" >&5
+$as_echo_n "checking whether the shell understands \"+=\"... " >&6; }
+lt_shell_append=no
+( foo=bar; set foo baz; eval "$1+=\$2" && test "$foo" = barbaz ) \
+ >/dev/null 2>&1 \
+ && lt_shell_append=yes
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_shell_append" >&5
+$as_echo "$lt_shell_append" >&6; }
+
+
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+ lt_unset=unset
+else
+ lt_unset=false
+fi
+
+
+
+
+
+# test EBCDIC or ASCII
+case `echo X|tr X '\101'` in
+ A) # ASCII based system
+ # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr
+ lt_SP2NL='tr \040 \012'
+ lt_NL2SP='tr \015\012 \040\040'
+ ;;
+ *) # EBCDIC based system
+ lt_SP2NL='tr \100 \n'
+ lt_NL2SP='tr \r\n \100\100'
+ ;;
+esac
+
+
+
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5
+$as_echo_n "checking for $LD option to reload object files... " >&6; }
+if test "${lt_cv_ld_reload_flag+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_ld_reload_flag='-r'
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5
+$as_echo "$lt_cv_ld_reload_flag" >&6; }
+reload_flag=$lt_cv_ld_reload_flag
+case $reload_flag in
+"" | " "*) ;;
+*) reload_flag=" $reload_flag" ;;
+esac
+reload_cmds='$LD$reload_flag -o $output$reload_objs'
+case $host_os in
+ darwin*)
+ if test "$GCC" = yes; then
+ reload_cmds='$LTCC $LTCFLAGS -nostdlib ${wl}-r -o $output$reload_objs'
+ else
+ reload_cmds='$LD$reload_flag -o $output$reload_objs'
+ fi
+ ;;
+esac
+
+
+
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args.
+set dummy ${ac_tool_prefix}objdump; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_OBJDUMP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$OBJDUMP"; then
+ ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+OBJDUMP=$ac_cv_prog_OBJDUMP
+if test -n "$OBJDUMP"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5
+$as_echo "$OBJDUMP" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_OBJDUMP"; then
+ ac_ct_OBJDUMP=$OBJDUMP
+ # Extract the first word of "objdump", so it can be a program name with args.
+set dummy objdump; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_OBJDUMP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_OBJDUMP"; then
+ ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_OBJDUMP="objdump"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP
+if test -n "$ac_ct_OBJDUMP"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5
+$as_echo "$ac_ct_OBJDUMP" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_OBJDUMP" = x; then
+ OBJDUMP="false"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ OBJDUMP=$ac_ct_OBJDUMP
+ fi
+else
+ OBJDUMP="$ac_cv_prog_OBJDUMP"
+fi
+
+test -z "$OBJDUMP" && OBJDUMP=objdump
+
+
+
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5
+$as_echo_n "checking how to recognize dependent libraries... " >&6; }
+if test "${lt_cv_deplibs_check_method+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_file_magic_cmd='$MAGIC_CMD'
+lt_cv_file_magic_test_file=
+lt_cv_deplibs_check_method='unknown'
+# Need to set the preceding variable on all platforms that support
+# interlibrary dependencies.
+# 'none' -- dependencies not supported.
+# `unknown' -- same as none, but documents that we really don't know.
+# 'pass_all' -- all dependencies passed with no checks.
+# 'test_compile' -- check by making test program.
+# 'file_magic [[regex]]' -- check by looking for files in library path
+# which responds to the $file_magic_cmd with a given extended regex.
+# If you have `file' or equivalent on your system and you're not sure
+# whether `pass_all' will *always* work, you probably want this one.
+
+case $host_os in
+aix[4-9]*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+beos*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+bsdi[45]*)
+ lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)'
+ lt_cv_file_magic_cmd='/usr/bin/file -L'
+ lt_cv_file_magic_test_file=/shlib/libc.so
+ ;;
+
+cygwin*)
+ # func_win32_libid is a shell function defined in ltmain.sh
+ lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
+ lt_cv_file_magic_cmd='func_win32_libid'
+ ;;
+
+mingw* | pw32*)
+ # Base MSYS/MinGW do not provide the 'file' command needed by
+ # func_win32_libid shell function, so use a weaker test based on 'objdump',
+ # unless we find 'file', for example because we are cross-compiling.
+ if ( file / ) >/dev/null 2>&1; then
+ lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
+ lt_cv_file_magic_cmd='func_win32_libid'
+ else
+ lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?'
+ lt_cv_file_magic_cmd='$OBJDUMP -f'
+ fi
+ ;;
+
+cegcc)
+ # use the weaker test based on 'objdump'. See mingw*.
+ lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?'
+ lt_cv_file_magic_cmd='$OBJDUMP -f'
+ ;;
+
+darwin* | rhapsody*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+freebsd* | dragonfly*)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
+ case $host_cpu in
+ i*86 )
+ # Not sure whether the presence of OpenBSD here was a mistake.
+ # Let's accept both of them until this is cleared up.
+ lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library'
+ lt_cv_file_magic_cmd=/usr/bin/file
+ lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
+ ;;
+ esac
+ else
+ lt_cv_deplibs_check_method=pass_all
+ fi
+ ;;
+
+gnu*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+hpux10.20* | hpux11*)
+ lt_cv_file_magic_cmd=/usr/bin/file
+ case $host_cpu in
+ ia64*)
+ lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64'
+ lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
+ ;;
+ hppa*64*)
+ lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]'
+ lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
+ ;;
+ *)
+ lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9].[0-9]) shared library'
+ lt_cv_file_magic_test_file=/usr/lib/libc.sl
+ ;;
+ esac
+ ;;
+
+interix[3-9]*)
+ # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$'
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $LD in
+ *-32|*"-32 ") libmagic=32-bit;;
+ *-n32|*"-n32 ") libmagic=N32;;
+ *-64|*"-64 ") libmagic=64-bit;;
+ *) libmagic=never-match;;
+ esac
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+# This must be Linux ELF.
+linux* | k*bsd*-gnu | kopensolaris*-gnu)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+netbsd* | netbsdelf*-gnu)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
+ else
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|_pic\.a)$'
+ fi
+ ;;
+
+newos6*)
+ lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)'
+ lt_cv_file_magic_cmd=/usr/bin/file
+ lt_cv_file_magic_test_file=/usr/lib/libnls.so
+ ;;
+
+*nto* | *qnx*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+openbsd*)
+ if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$'
+ else
+ lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
+ fi
+ ;;
+
+osf3* | osf4* | osf5*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+rdos*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+solaris*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+sysv4 | sysv4.3*)
+ case $host_vendor in
+ motorola)
+ lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]'
+ lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
+ ;;
+ ncr)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ sequent)
+ lt_cv_file_magic_cmd='/bin/file'
+ lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )'
+ ;;
+ sni)
+ lt_cv_file_magic_cmd='/bin/file'
+ lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib"
+ lt_cv_file_magic_test_file=/lib/libc.so
+ ;;
+ siemens)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ pc)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ esac
+ ;;
+
+tpf*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+esac
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5
+$as_echo "$lt_cv_deplibs_check_method" >&6; }
+file_magic_cmd=$lt_cv_file_magic_cmd
+deplibs_check_method=$lt_cv_deplibs_check_method
+test -z "$deplibs_check_method" && deplibs_check_method=unknown
+
+
+
+
+
+
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ar; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_AR+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$AR"; then
+ ac_cv_prog_AR="$AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_AR="${ac_tool_prefix}ar"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+AR=$ac_cv_prog_AR
+if test -n "$AR"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5
+$as_echo "$AR" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_AR"; then
+ ac_ct_AR=$AR
+ # Extract the first word of "ar", so it can be a program name with args.
+set dummy ar; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_AR+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_AR"; then
+ ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_AR="ar"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_AR=$ac_cv_prog_ac_ct_AR
+if test -n "$ac_ct_AR"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5
+$as_echo "$ac_ct_AR" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_AR" = x; then
+ AR="false"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ AR=$ac_ct_AR
+ fi
+else
+ AR="$ac_cv_prog_AR"
+fi
+
+test -z "$AR" && AR=ar
+test -z "$AR_FLAGS" && AR_FLAGS=cru
+
+
+
+
+
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
+set dummy ${ac_tool_prefix}strip; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_STRIP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$STRIP"; then
+ ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_STRIP="${ac_tool_prefix}strip"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+STRIP=$ac_cv_prog_STRIP
+if test -n "$STRIP"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
+$as_echo "$STRIP" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_STRIP"; then
+ ac_ct_STRIP=$STRIP
+ # Extract the first word of "strip", so it can be a program name with args.
+set dummy strip; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_STRIP"; then
+ ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_STRIP="strip"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
+if test -n "$ac_ct_STRIP"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
+$as_echo "$ac_ct_STRIP" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_STRIP" = x; then
+ STRIP=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ STRIP=$ac_ct_STRIP
+ fi
+else
+ STRIP="$ac_cv_prog_STRIP"
+fi
+
+test -z "$STRIP" && STRIP=:
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ranlib; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_RANLIB+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$RANLIB"; then
+ ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+RANLIB=$ac_cv_prog_RANLIB
+if test -n "$RANLIB"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
+$as_echo "$RANLIB" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_RANLIB"; then
+ ac_ct_RANLIB=$RANLIB
+ # Extract the first word of "ranlib", so it can be a program name with args.
+set dummy ranlib; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_RANLIB"; then
+ ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_RANLIB="ranlib"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
+if test -n "$ac_ct_RANLIB"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
+$as_echo "$ac_ct_RANLIB" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_RANLIB" = x; then
+ RANLIB=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ RANLIB=$ac_ct_RANLIB
+ fi
+else
+ RANLIB="$ac_cv_prog_RANLIB"
+fi
+
+test -z "$RANLIB" && RANLIB=:
+
+
+
+
+
+
+# Determine commands to create old-style static archives.
+old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs'
+old_postinstall_cmds='chmod 644 $oldlib'
+old_postuninstall_cmds=
+
+if test -n "$RANLIB"; then
+ case $host_os in
+ openbsd*)
+ old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib"
+ ;;
+ *)
+ old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib"
+ ;;
+ esac
+ old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+
+# Check for command to grab the raw symbol name followed by C symbol from nm.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5
+$as_echo_n "checking command to parse $NM output from $compiler object... " >&6; }
+if test "${lt_cv_sys_global_symbol_pipe+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+
+# These are sane defaults that work on at least a few old systems.
+# [They come from Ultrix. What could be older than Ultrix?!! ;)]
+
+# Character class describing NM global symbol codes.
+symcode='[BCDEGRST]'
+
+# Regexp to match symbols that can be accessed directly from C.
+sympat='\([_A-Za-z][_A-Za-z0-9]*\)'
+
+# Define system-specific variables.
+case $host_os in
+aix*)
+ symcode='[BCDT]'
+ ;;
+cygwin* | mingw* | pw32* | cegcc*)
+ symcode='[ABCDGISTW]'
+ ;;
+hpux*)
+ if test "$host_cpu" = ia64; then
+ symcode='[ABCDEGRST]'
+ fi
+ ;;
+irix* | nonstopux*)
+ symcode='[BCDEGRST]'
+ ;;
+osf*)
+ symcode='[BCDEGQRST]'
+ ;;
+solaris*)
+ symcode='[BDRT]'
+ ;;
+sco3.2v5*)
+ symcode='[DT]'
+ ;;
+sysv4.2uw2*)
+ symcode='[DT]'
+ ;;
+sysv5* | sco5v6* | unixware* | OpenUNIX*)
+ symcode='[ABDT]'
+ ;;
+sysv4)
+ symcode='[DFNSTU]'
+ ;;
+esac
+
+# If we're using GNU nm, then use its standard symbol codes.
+case `$NM -V 2>&1` in
+*GNU* | *'with BFD'*)
+ symcode='[ABCDGIRSTW]' ;;
+esac
+
+# Transform an extracted symbol line into a proper C declaration.
+# Some systems (esp. on ia64) link data and code symbols differently,
+# so use this general approach.
+lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
+
+# Transform an extracted symbol line into symbol name and symbol address
+lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"\2\", (void *) \&\2},/p'"
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([^ ]*\) $/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \(lib[^ ]*\)$/ {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/ {\"lib\2\", (void *) \&\2},/p'"
+
+# Handle CRLF in mingw tool chain
+opt_cr=
+case $build_os in
+mingw*)
+ opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp
+ ;;
+esac
+
+# Try without a prefix underscore, then with it.
+for ac_symprfx in "" "_"; do
+
+ # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
+ symxfrm="\\1 $ac_symprfx\\2 \\2"
+
+ # Write the raw and C identifiers.
+ if test "$lt_cv_nm_interface" = "MS dumpbin"; then
+ # Fake it for dumpbin and say T for any non-static function
+ # and D for any global variable.
+ # Also find C++ and __fastcall symbols from MSVC++,
+ # which start with @ or ?.
+ lt_cv_sys_global_symbol_pipe="$AWK '"\
+" {last_section=section; section=\$ 3};"\
+" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
+" \$ 0!~/External *\|/{next};"\
+" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
+" {if(hide[section]) next};"\
+" {f=0}; \$ 0~/\(\).*\|/{f=1}; {printf f ? \"T \" : \"D \"};"\
+" {split(\$ 0, a, /\||\r/); split(a[2], s)};"\
+" s[1]~/^[@?]/{print s[1], s[1]; next};"\
+" s[1]~prfx {split(s[1],t,\"@\"); print t[1], substr(t[1],length(prfx))}"\
+" ' prfx=^$ac_symprfx"
+ else
+ lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
+ fi
+
+ # Check to see that the pipe works correctly.
+ pipe_works=no
+
+ rm -f conftest*
+ cat > conftest.$ac_ext <<_LT_EOF
+#ifdef __cplusplus
+extern "C" {
+#endif
+char nm_test_var;
+void nm_test_func(void);
+void nm_test_func(void){}
+#ifdef __cplusplus
+}
+#endif
+int main(){nm_test_var='a';nm_test_func();return(0);}
+_LT_EOF
+
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ # Now try to grab the symbols.
+ nlist=conftest.nm
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist\""; } >&5
+ (eval $NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && test -s "$nlist"; then
+ # Try sorting and uniquifying the output.
+ if sort "$nlist" | uniq > "$nlist"T; then
+ mv -f "$nlist"T "$nlist"
+ else
+ rm -f "$nlist"T
+ fi
+
+ # Make sure that we snagged all the symbols we need.
+ if $GREP ' nm_test_var$' "$nlist" >/dev/null; then
+ if $GREP ' nm_test_func$' "$nlist" >/dev/null; then
+ cat <<_LT_EOF > conftest.$ac_ext
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+_LT_EOF
+ # Now generate the symbol file.
+ eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext'
+
+ cat <<_LT_EOF >> conftest.$ac_ext
+
+/* The mapping between symbol names and symbols. */
+const struct {
+ const char *name;
+ void *address;
+}
+lt__PROGRAM__LTX_preloaded_symbols[] =
+{
+ { "@PROGRAM@", (void *) 0 },
+_LT_EOF
+ $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (void *) \&\2},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext
+ cat <<\_LT_EOF >> conftest.$ac_ext
+ {0, (void *) 0}
+};
+
+/* This works around a problem in FreeBSD linker */
+#ifdef FREEBSD_WORKAROUND
+static const void *lt_preloaded_setup() {
+ return lt__PROGRAM__LTX_preloaded_symbols;
+}
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+_LT_EOF
+ # Now try linking the two files.
+ mv conftest.$ac_objext conftstm.$ac_objext
+ lt_save_LIBS="$LIBS"
+ lt_save_CFLAGS="$CFLAGS"
+ LIBS="conftstm.$ac_objext"
+ CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag"
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && test -s conftest${ac_exeext}; then
+ pipe_works=yes
+ fi
+ LIBS="$lt_save_LIBS"
+ CFLAGS="$lt_save_CFLAGS"
+ else
+ echo "cannot find nm_test_func in $nlist" >&5
+ fi
+ else
+ echo "cannot find nm_test_var in $nlist" >&5
+ fi
+ else
+ echo "cannot run $lt_cv_sys_global_symbol_pipe" >&5
+ fi
+ else
+ echo "$progname: failed program was:" >&5
+ cat conftest.$ac_ext >&5
+ fi
+ rm -rf conftest* conftst*
+
+ # Do not use the global_symbol_pipe unless it works.
+ if test "$pipe_works" = yes; then
+ break
+ else
+ lt_cv_sys_global_symbol_pipe=
+ fi
+done
+
+fi
+
+if test -z "$lt_cv_sys_global_symbol_pipe"; then
+ lt_cv_sys_global_symbol_to_cdecl=
+fi
+if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5
+$as_echo "failed" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5
+$as_echo "ok" >&6; }
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# Check whether --enable-libtool-lock was given.
+if test "${enable_libtool_lock+set}" = set; then :
+ enableval=$enable_libtool_lock;
+fi
+
+test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
+
+# Some flags need to be propagated to the compiler or linker for good
+# libtool support.
+case $host in
+ia64-*-hpux*)
+ # Find out which ABI we are using.
+ echo 'int i;' > conftest.$ac_ext
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ case `/usr/bin/file conftest.$ac_objext` in
+ *ELF-32*)
+ HPUX_IA64_MODE="32"
+ ;;
+ *ELF-64*)
+ HPUX_IA64_MODE="64"
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+*-*-irix6*)
+ # Find out which ABI we are using.
+ echo '#line 6520 "configure"' > conftest.$ac_ext
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ if test "$lt_cv_prog_gnu_ld" = yes; then
+ case `/usr/bin/file conftest.$ac_objext` in
+ *32-bit*)
+ LD="${LD-ld} -melf32bsmip"
+ ;;
+ *N32*)
+ LD="${LD-ld} -melf32bmipn32"
+ ;;
+ *64-bit*)
+ LD="${LD-ld} -melf64bmip"
+ ;;
+ esac
+ else
+ case `/usr/bin/file conftest.$ac_objext` in
+ *32-bit*)
+ LD="${LD-ld} -32"
+ ;;
+ *N32*)
+ LD="${LD-ld} -n32"
+ ;;
+ *64-bit*)
+ LD="${LD-ld} -64"
+ ;;
+ esac
+ fi
+ fi
+ rm -rf conftest*
+ ;;
+
+x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \
+s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
+ # Find out which ABI we are using.
+ echo 'int i;' > conftest.$ac_ext
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ case `/usr/bin/file conftest.o` in
+ *32-bit*)
+ case $host in
+ x86_64-*kfreebsd*-gnu)
+ LD="${LD-ld} -m elf_i386_fbsd"
+ ;;
+ x86_64-*linux*)
+ LD="${LD-ld} -m elf_i386"
+ ;;
+ ppc64-*linux*|powerpc64-*linux*)
+ LD="${LD-ld} -m elf32ppclinux"
+ ;;
+ s390x-*linux*)
+ LD="${LD-ld} -m elf_s390"
+ ;;
+ sparc64-*linux*)
+ LD="${LD-ld} -m elf32_sparc"
+ ;;
+ esac
+ ;;
+ *64-bit*)
+ case $host in
+ x86_64-*kfreebsd*-gnu)
+ LD="${LD-ld} -m elf_x86_64_fbsd"
+ ;;
+ x86_64-*linux*)
+ LD="${LD-ld} -m elf_x86_64"
+ ;;
+ ppc*-*linux*|powerpc*-*linux*)
+ LD="${LD-ld} -m elf64ppc"
+ ;;
+ s390*-*linux*|s390*-*tpf*)
+ LD="${LD-ld} -m elf64_s390"
+ ;;
+ sparc*-*linux*)
+ LD="${LD-ld} -m elf64_sparc"
+ ;;
+ esac
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+
+*-*-sco3.2v5*)
+ # On SCO OpenServer 5, we need -belf to get full-featured binaries.
+ SAVE_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -belf"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5
+$as_echo_n "checking whether the C compiler needs -belf... " >&6; }
+if test "${lt_cv_cc_needs_belf+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ lt_cv_cc_needs_belf=yes
+else
+ lt_cv_cc_needs_belf=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5
+$as_echo "$lt_cv_cc_needs_belf" >&6; }
+ if test x"$lt_cv_cc_needs_belf" != x"yes"; then
+ # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
+ CFLAGS="$SAVE_CFLAGS"
+ fi
+ ;;
+sparc*-*solaris*)
+ # Find out which ABI we are using.
+ echo 'int i;' > conftest.$ac_ext
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ case `/usr/bin/file conftest.o` in
+ *64-bit*)
+ case $lt_cv_prog_gnu_ld in
+ yes*) LD="${LD-ld} -m elf64_sparc" ;;
+ *)
+ if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
+ LD="${LD-ld} -64"
+ fi
+ ;;
+ esac
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+esac
+
+need_locks="$enable_libtool_lock"
+
+
+ case $host_os in
+ rhapsody* | darwin*)
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args.
+set dummy ${ac_tool_prefix}dsymutil; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_DSYMUTIL+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$DSYMUTIL"; then
+ ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+DSYMUTIL=$ac_cv_prog_DSYMUTIL
+if test -n "$DSYMUTIL"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5
+$as_echo "$DSYMUTIL" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_DSYMUTIL"; then
+ ac_ct_DSYMUTIL=$DSYMUTIL
+ # Extract the first word of "dsymutil", so it can be a program name with args.
+set dummy dsymutil; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_DSYMUTIL+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_DSYMUTIL"; then
+ ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_DSYMUTIL="dsymutil"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL
+if test -n "$ac_ct_DSYMUTIL"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5
+$as_echo "$ac_ct_DSYMUTIL" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_DSYMUTIL" = x; then
+ DSYMUTIL=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ DSYMUTIL=$ac_ct_DSYMUTIL
+ fi
+else
+ DSYMUTIL="$ac_cv_prog_DSYMUTIL"
+fi
+
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args.
+set dummy ${ac_tool_prefix}nmedit; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_NMEDIT+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$NMEDIT"; then
+ ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+NMEDIT=$ac_cv_prog_NMEDIT
+if test -n "$NMEDIT"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5
+$as_echo "$NMEDIT" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_NMEDIT"; then
+ ac_ct_NMEDIT=$NMEDIT
+ # Extract the first word of "nmedit", so it can be a program name with args.
+set dummy nmedit; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_NMEDIT+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_NMEDIT"; then
+ ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_NMEDIT="nmedit"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT
+if test -n "$ac_ct_NMEDIT"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5
+$as_echo "$ac_ct_NMEDIT" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_NMEDIT" = x; then
+ NMEDIT=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ NMEDIT=$ac_ct_NMEDIT
+ fi
+else
+ NMEDIT="$ac_cv_prog_NMEDIT"
+fi
+
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}lipo", so it can be a program name with args.
+set dummy ${ac_tool_prefix}lipo; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_LIPO+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$LIPO"; then
+ ac_cv_prog_LIPO="$LIPO" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_LIPO="${ac_tool_prefix}lipo"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+LIPO=$ac_cv_prog_LIPO
+if test -n "$LIPO"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5
+$as_echo "$LIPO" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_LIPO"; then
+ ac_ct_LIPO=$LIPO
+ # Extract the first word of "lipo", so it can be a program name with args.
+set dummy lipo; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_LIPO+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_LIPO"; then
+ ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_LIPO="lipo"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO
+if test -n "$ac_ct_LIPO"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5
+$as_echo "$ac_ct_LIPO" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_LIPO" = x; then
+ LIPO=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ LIPO=$ac_ct_LIPO
+ fi
+else
+ LIPO="$ac_cv_prog_LIPO"
+fi
+
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}otool", so it can be a program name with args.
+set dummy ${ac_tool_prefix}otool; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_OTOOL+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$OTOOL"; then
+ ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_OTOOL="${ac_tool_prefix}otool"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+OTOOL=$ac_cv_prog_OTOOL
+if test -n "$OTOOL"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5
+$as_echo "$OTOOL" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_OTOOL"; then
+ ac_ct_OTOOL=$OTOOL
+ # Extract the first word of "otool", so it can be a program name with args.
+set dummy otool; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_OTOOL+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_OTOOL"; then
+ ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_OTOOL="otool"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL
+if test -n "$ac_ct_OTOOL"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5
+$as_echo "$ac_ct_OTOOL" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_OTOOL" = x; then
+ OTOOL=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ OTOOL=$ac_ct_OTOOL
+ fi
+else
+ OTOOL="$ac_cv_prog_OTOOL"
+fi
+
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}otool64", so it can be a program name with args.
+set dummy ${ac_tool_prefix}otool64; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_OTOOL64+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$OTOOL64"; then
+ ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+OTOOL64=$ac_cv_prog_OTOOL64
+if test -n "$OTOOL64"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5
+$as_echo "$OTOOL64" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_OTOOL64"; then
+ ac_ct_OTOOL64=$OTOOL64
+ # Extract the first word of "otool64", so it can be a program name with args.
+set dummy otool64; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_OTOOL64+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$ac_ct_OTOOL64"; then
+ ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_ac_ct_OTOOL64="otool64"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64
+if test -n "$ac_ct_OTOOL64"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5
+$as_echo "$ac_ct_OTOOL64" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_ct_OTOOL64" = x; then
+ OTOOL64=":"
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ OTOOL64=$ac_ct_OTOOL64
+ fi
+else
+ OTOOL64="$ac_cv_prog_OTOOL64"
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5
+$as_echo_n "checking for -single_module linker flag... " >&6; }
+if test "${lt_cv_apple_cc_single_mod+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_apple_cc_single_mod=no
+ if test -z "${LT_MULTI_MODULE}"; then
+ # By default we will add the -single_module flag. You can override
+ # by either setting the environment variable LT_MULTI_MODULE
+ # non-empty at configure time, or by adding -multi_module to the
+ # link flags.
+ rm -rf libconftest.dylib*
+ echo "int foo(void){return 1;}" > conftest.c
+ echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
+-dynamiclib -Wl,-single_module conftest.c" >&5
+ $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
+ -dynamiclib -Wl,-single_module conftest.c 2>conftest.err
+ _lt_result=$?
+ if test -f libconftest.dylib && test ! -s conftest.err && test $_lt_result = 0; then
+ lt_cv_apple_cc_single_mod=yes
+ else
+ cat conftest.err >&5
+ fi
+ rm -rf libconftest.dylib*
+ rm -f conftest.*
+ fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5
+$as_echo "$lt_cv_apple_cc_single_mod" >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5
+$as_echo_n "checking for -exported_symbols_list linker flag... " >&6; }
+if test "${lt_cv_ld_exported_symbols_list+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_ld_exported_symbols_list=no
+ save_LDFLAGS=$LDFLAGS
+ echo "_main" > conftest.sym
+ LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ lt_cv_ld_exported_symbols_list=yes
+else
+ lt_cv_ld_exported_symbols_list=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LDFLAGS="$save_LDFLAGS"
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5
+$as_echo "$lt_cv_ld_exported_symbols_list" >&6; }
+ case $host_os in
+ rhapsody* | darwin1.[012])
+ _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;;
+ darwin1.*)
+ _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;;
+ darwin*) # darwin 5.x on
+ # if running on 10.5 or later, the deployment target defaults
+ # to the OS version, if on x86, and 10.4, the deployment
+ # target defaults to 10.4. Don't you love it?
+ case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
+ 10.0,*86*-darwin8*|10.0,*-darwin[91]*)
+ _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;;
+ 10.[012]*)
+ _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;;
+ 10.*)
+ _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;;
+ esac
+ ;;
+ esac
+ if test "$lt_cv_apple_cc_single_mod" = "yes"; then
+ _lt_dar_single_mod='$single_module'
+ fi
+ if test "$lt_cv_ld_exported_symbols_list" = "yes"; then
+ _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym'
+ else
+ _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ fi
+ if test "$DSYMUTIL" != ":"; then
+ _lt_dsymutil='~$DSYMUTIL $lib || :'
+ else
+ _lt_dsymutil=
+ fi
+ ;;
+ esac
+
+# On IRIX 5.3, sys/types and inttypes.h are conflicting.
+for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
+ inttypes.h stdint.h unistd.h
+do :
+ as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
+"
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+for ac_header in dlfcn.h
+do :
+ ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default
+"
+if test "x$ac_cv_header_dlfcn_h" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_DLFCN_H 1
+_ACEOF
+
+fi
+
+done
+
+
+
+# Set options
+
+
+
+ enable_dlopen=no
+
+
+ enable_win32_dll=no
+
+
+ # Check whether --enable-shared was given.
+if test "${enable_shared+set}" = set; then :
+ enableval=$enable_shared; p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_shared=yes ;;
+ no) enable_shared=no ;;
+ *)
+ enable_shared=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_shared=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac
+else
+ enable_shared=yes
+fi
+
+
+
+
+
+
+
+
+
+ # Check whether --enable-static was given.
+if test "${enable_static+set}" = set; then :
+ enableval=$enable_static; p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_static=yes ;;
+ no) enable_static=no ;;
+ *)
+ enable_static=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_static=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac
+else
+ enable_static=yes
+fi
+
+
+
+
+
+
+
+
+
+
+# Check whether --with-pic was given.
+if test "${with_pic+set}" = set; then :
+ withval=$with_pic; pic_mode="$withval"
+else
+ pic_mode=default
+fi
+
+
+test -z "$pic_mode" && pic_mode=default
+
+
+
+
+
+
+
+ # Check whether --enable-fast-install was given.
+if test "${enable_fast_install+set}" = set; then :
+ enableval=$enable_fast_install; p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_fast_install=yes ;;
+ no) enable_fast_install=no ;;
+ *)
+ enable_fast_install=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_fast_install=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac
+else
+ enable_fast_install=yes
+fi
+
+
+
+
+
+
+
+
+
+
+
+# This can be used to rebuild libtool when needed
+LIBTOOL_DEPS="$ltmain"
+
+# Always use our own libtool.
+LIBTOOL='$(SHELL) $(top_builddir)/libtool'
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+test -z "$LN_S" && LN_S="ln -s"
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+if test -n "${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5
+$as_echo_n "checking for objdir... " >&6; }
+if test "${lt_cv_objdir+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ rm -f .libs 2>/dev/null
+mkdir .libs 2>/dev/null
+if test -d .libs; then
+ lt_cv_objdir=.libs
+else
+ # MS-DOS does not allow filenames that begin with a dot.
+ lt_cv_objdir=_libs
+fi
+rmdir .libs 2>/dev/null
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5
+$as_echo "$lt_cv_objdir" >&6; }
+objdir=$lt_cv_objdir
+
+
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define LT_OBJDIR "$lt_cv_objdir/"
+_ACEOF
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+case $host_os in
+aix3*)
+ # AIX sometimes has problems with the GCC collect2 program. For some
+ # reason, if we set the COLLECT_NAMES environment variable, the problems
+ # vanish in a puff of smoke.
+ if test "X${COLLECT_NAMES+set}" != Xset; then
+ COLLECT_NAMES=
+ export COLLECT_NAMES
+ fi
+ ;;
+esac
+
+# Sed substitution that helps us do robust quoting. It backslashifies
+# metacharacters that are still active within double-quoted strings.
+sed_quote_subst='s/\(["`$\\]\)/\\\1/g'
+
+# Same as above, but do not quote variable references.
+double_quote_subst='s/\(["`\\]\)/\\\1/g'
+
+# Sed substitution to delay expansion of an escaped shell variable in a
+# double_quote_subst'ed string.
+delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
+
+# Sed substitution to delay expansion of an escaped single quote.
+delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g'
+
+# Sed substitution to avoid accidental globbing in evaled expressions
+no_glob_subst='s/\*/\\\*/g'
+
+# Global variables:
+ofile=libtool
+can_build_shared=yes
+
+# All known linkers require a `.a' archive for static linking (except MSVC,
+# which needs '.lib').
+libext=a
+
+with_gnu_ld="$lt_cv_prog_gnu_ld"
+
+old_CC="$CC"
+old_CFLAGS="$CFLAGS"
+
+# Set sane defaults for various variables
+test -z "$CC" && CC=cc
+test -z "$LTCC" && LTCC=$CC
+test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS
+test -z "$LD" && LD=ld
+test -z "$ac_objext" && ac_objext=o
+
+for cc_temp in $compiler""; do
+ case $cc_temp in
+ compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+ distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+done
+cc_basename=`$ECHO "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+
+# Only perform the check for file, if the check method requires it
+test -z "$MAGIC_CMD" && MAGIC_CMD=file
+case $deplibs_check_method in
+file_magic*)
+ if test "$file_magic_cmd" = '$MAGIC_CMD'; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5
+$as_echo_n "checking for ${ac_tool_prefix}file... " >&6; }
+if test "${lt_cv_path_MAGIC_CMD+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $MAGIC_CMD in
+[\\/*] | ?:[\\/]*)
+ lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
+ ;;
+*)
+ lt_save_MAGIC_CMD="$MAGIC_CMD"
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
+ for ac_dir in $ac_dummy; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f $ac_dir/${ac_tool_prefix}file; then
+ lt_cv_path_MAGIC_CMD="$ac_dir/${ac_tool_prefix}file"
+ if test -n "$file_magic_test_file"; then
+ case $deplibs_check_method in
+ "file_magic "*)
+ file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
+ MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+ if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
+ $EGREP "$file_magic_regex" > /dev/null; then
+ :
+ else
+ cat <<_LT_EOF 1>&2
+
+*** Warning: the command libtool uses to detect shared libraries,
+*** $file_magic_cmd, produces output that libtool cannot recognize.
+*** The result is that libtool may fail to recognize shared libraries
+*** as such. This will affect the creation of libtool libraries that
+*** depend on shared libraries, but programs linked with such libtool
+*** libraries will work regardless of this problem. Nevertheless, you
+*** may want to report the problem to your system manager and/or to
+*** bug-libtool@gnu.org
+
+_LT_EOF
+ fi ;;
+ esac
+ fi
+ break
+ fi
+ done
+ IFS="$lt_save_ifs"
+ MAGIC_CMD="$lt_save_MAGIC_CMD"
+ ;;
+esac
+fi
+
+MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+if test -n "$MAGIC_CMD"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
+$as_echo "$MAGIC_CMD" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+
+
+
+if test -z "$lt_cv_path_MAGIC_CMD"; then
+ if test -n "$ac_tool_prefix"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for file" >&5
+$as_echo_n "checking for file... " >&6; }
+if test "${lt_cv_path_MAGIC_CMD+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $MAGIC_CMD in
+[\\/*] | ?:[\\/]*)
+ lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
+ ;;
+*)
+ lt_save_MAGIC_CMD="$MAGIC_CMD"
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
+ for ac_dir in $ac_dummy; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f $ac_dir/file; then
+ lt_cv_path_MAGIC_CMD="$ac_dir/file"
+ if test -n "$file_magic_test_file"; then
+ case $deplibs_check_method in
+ "file_magic "*)
+ file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
+ MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+ if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
+ $EGREP "$file_magic_regex" > /dev/null; then
+ :
+ else
+ cat <<_LT_EOF 1>&2
+
+*** Warning: the command libtool uses to detect shared libraries,
+*** $file_magic_cmd, produces output that libtool cannot recognize.
+*** The result is that libtool may fail to recognize shared libraries
+*** as such. This will affect the creation of libtool libraries that
+*** depend on shared libraries, but programs linked with such libtool
+*** libraries will work regardless of this problem. Nevertheless, you
+*** may want to report the problem to your system manager and/or to
+*** bug-libtool@gnu.org
+
+_LT_EOF
+ fi ;;
+ esac
+ fi
+ break
+ fi
+ done
+ IFS="$lt_save_ifs"
+ MAGIC_CMD="$lt_save_MAGIC_CMD"
+ ;;
+esac
+fi
+
+MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+if test -n "$MAGIC_CMD"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
+$as_echo "$MAGIC_CMD" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ else
+ MAGIC_CMD=:
+ fi
+fi
+
+ fi
+ ;;
+esac
+
+# Use C for the default configuration in the libtool script
+
+lt_save_CC="$CC"
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+# Source file extension for C test sources.
+ac_ext=c
+
+# Object file extension for compiled C test sources.
+objext=o
+objext=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="int some_variable = 0;"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='int main(){return(0);}'
+
+
+
+
+
+
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+# Save the default compiler, since it gets overwritten when the other
+# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP.
+compiler_DEFAULT=$CC
+
+# save warnings/boilerplate of simple test code
+ac_outfile=conftest.$ac_objext
+echo "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$RM conftest*
+
+ac_outfile=conftest.$ac_objext
+echo "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$RM -r conftest*
+
+
+## CAVEAT EMPTOR:
+## There is no encapsulation within the following macros, do not change
+## the running order or otherwise move them around unless you know exactly
+## what you are doing...
+if test -n "$compiler"; then
+
+lt_prog_compiler_no_builtin_flag=
+
+if test "$GCC" = yes; then
+ lt_prog_compiler_no_builtin_flag=' -fno-builtin'
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
+$as_echo_n "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; }
+if test "${lt_cv_prog_compiler_rtti_exceptions+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_prog_compiler_rtti_exceptions=no
+ ac_outfile=conftest.$ac_objext
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+ lt_compiler_flag="-fno-rtti -fno-exceptions"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ # The option is referenced via a variable to avoid confusing sed.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:7799: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&5
+ echo "$as_me:7803: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings other than the usual output.
+ $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_rtti_exceptions=yes
+ fi
+ fi
+ $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
+$as_echo "$lt_cv_prog_compiler_rtti_exceptions" >&6; }
+
+if test x"$lt_cv_prog_compiler_rtti_exceptions" = xyes; then
+ lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions"
+else
+ :
+fi
+
+fi
+
+
+
+
+
+
+ lt_prog_compiler_wl=
+lt_prog_compiler_pic=
+lt_prog_compiler_static=
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5
+$as_echo_n "checking for $compiler option to produce PIC... " >&6; }
+
+ if test "$GCC" = yes; then
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_static='-static'
+
+ case $host_os in
+ aix*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ lt_prog_compiler_static='-Bstatic'
+ fi
+ ;;
+
+ amigaos*)
+ case $host_cpu in
+ powerpc)
+ # see comment about AmigaOS4 .so support
+ lt_prog_compiler_pic='-fPIC'
+ ;;
+ m68k)
+ # FIXME: we need at least 68020 code to build shared libraries, but
+ # adding the `-m68020' flag to GCC prevents building anything better,
+ # like `-m68040'.
+ lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4'
+ ;;
+ esac
+ ;;
+
+ beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+ # PIC is the default for these OSes.
+ ;;
+
+ mingw* | cygwin* | pw32* | os2* | cegcc*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ # Although the cygwin gcc ignores -fPIC, still need this for old-style
+ # (--disable-auto-import) libraries
+ lt_prog_compiler_pic='-DDLL_EXPORT'
+ ;;
+
+ darwin* | rhapsody*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ lt_prog_compiler_pic='-fno-common'
+ ;;
+
+ hpux*)
+ # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
+ # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag
+ # sets the default TLS model and affects inlining.
+ case $host_cpu in
+ hppa*64*)
+ # +Z the default
+ ;;
+ *)
+ lt_prog_compiler_pic='-fPIC'
+ ;;
+ esac
+ ;;
+
+ interix[3-9]*)
+ # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+ # Instead, we relocate shared libraries at runtime.
+ ;;
+
+ msdosdjgpp*)
+ # Just because we use GCC doesn't mean we suddenly get shared libraries
+ # on systems that don't support them.
+ lt_prog_compiler_can_build_shared=no
+ enable_shared=no
+ ;;
+
+ *nto* | *qnx*)
+ # QNX uses GNU C++, but need to define -shared option too, otherwise
+ # it will coredump.
+ lt_prog_compiler_pic='-fPIC -shared'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ lt_prog_compiler_pic=-Kconform_pic
+ fi
+ ;;
+
+ *)
+ lt_prog_compiler_pic='-fPIC'
+ ;;
+ esac
+ else
+ # PORTME Check for flag to pass linker flags through the system compiler.
+ case $host_os in
+ aix*)
+ lt_prog_compiler_wl='-Wl,'
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ lt_prog_compiler_static='-Bstatic'
+ else
+ lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp'
+ fi
+ ;;
+
+ mingw* | cygwin* | pw32* | os2* | cegcc*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ lt_prog_compiler_pic='-DDLL_EXPORT'
+ ;;
+
+ hpux9* | hpux10* | hpux11*)
+ lt_prog_compiler_wl='-Wl,'
+ # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+ # not for PA HP-UX.
+ case $host_cpu in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ lt_prog_compiler_pic='+Z'
+ ;;
+ esac
+ # Is there a better lt_prog_compiler_static that works with the bundled CC?
+ lt_prog_compiler_static='${wl}-a ${wl}archive'
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ lt_prog_compiler_wl='-Wl,'
+ # PIC (with -KPIC) is the default.
+ lt_prog_compiler_static='-non_shared'
+ ;;
+
+ linux* | k*bsd*-gnu | kopensolaris*-gnu)
+ case $cc_basename in
+ # old Intel for x86_64 which still supported -KPIC.
+ ecc*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-static'
+ ;;
+ # icc used to be incompatible with GCC.
+ # ICC 10 doesn't accept -KPIC any more.
+ icc* | ifort*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-fPIC'
+ lt_prog_compiler_static='-static'
+ ;;
+ # Lahey Fortran 8.1.
+ lf95*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='--shared'
+ lt_prog_compiler_static='--static'
+ ;;
+ pgcc* | pgf77* | pgf90* | pgf95*)
+ # Portland Group compilers (*not* the Pentium gcc compiler,
+ # which looks to be a dead project)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-fpic'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+ ccc*)
+ lt_prog_compiler_wl='-Wl,'
+ # All Alpha code is PIC.
+ lt_prog_compiler_static='-non_shared'
+ ;;
+ xl*)
+ # IBM XL C 8.0/Fortran 10.1 on PPC
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-qpic'
+ lt_prog_compiler_static='-qstaticlink'
+ ;;
+ *)
+ case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ C*)
+ # Sun C 5.9
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ lt_prog_compiler_wl='-Wl,'
+ ;;
+ *Sun\ F*)
+ # Sun Fortran 8.3 passes all unrecognized flags to the linker
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ lt_prog_compiler_wl=''
+ ;;
+ esac
+ ;;
+ esac
+ ;;
+
+ newsos6)
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ *nto* | *qnx*)
+ # QNX uses GNU C++, but need to define -shared option too, otherwise
+ # it will coredump.
+ lt_prog_compiler_pic='-fPIC -shared'
+ ;;
+
+ osf3* | osf4* | osf5*)
+ lt_prog_compiler_wl='-Wl,'
+ # All OSF/1 code is PIC.
+ lt_prog_compiler_static='-non_shared'
+ ;;
+
+ rdos*)
+ lt_prog_compiler_static='-non_shared'
+ ;;
+
+ solaris*)
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ case $cc_basename in
+ f77* | f90* | f95*)
+ lt_prog_compiler_wl='-Qoption ld ';;
+ *)
+ lt_prog_compiler_wl='-Wl,';;
+ esac
+ ;;
+
+ sunos4*)
+ lt_prog_compiler_wl='-Qoption ld '
+ lt_prog_compiler_pic='-PIC'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ sysv4 | sysv4.2uw2* | sysv4.3*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec ;then
+ lt_prog_compiler_pic='-Kconform_pic'
+ lt_prog_compiler_static='-Bstatic'
+ fi
+ ;;
+
+ sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_pic='-KPIC'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ unicos*)
+ lt_prog_compiler_wl='-Wl,'
+ lt_prog_compiler_can_build_shared=no
+ ;;
+
+ uts4*)
+ lt_prog_compiler_pic='-pic'
+ lt_prog_compiler_static='-Bstatic'
+ ;;
+
+ *)
+ lt_prog_compiler_can_build_shared=no
+ ;;
+ esac
+ fi
+
+case $host_os in
+ # For platforms which do not support PIC, -DPIC is meaningless:
+ *djgpp*)
+ lt_prog_compiler_pic=
+ ;;
+ *)
+ lt_prog_compiler_pic="$lt_prog_compiler_pic -DPIC"
+ ;;
+esac
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_prog_compiler_pic" >&5
+$as_echo "$lt_prog_compiler_pic" >&6; }
+
+
+
+
+
+
+#
+# Check to make sure the PIC flag actually works.
+#
+if test -n "$lt_prog_compiler_pic"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5
+$as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; }
+if test "${lt_cv_prog_compiler_pic_works+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_prog_compiler_pic_works=no
+ ac_outfile=conftest.$ac_objext
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+ lt_compiler_flag="$lt_prog_compiler_pic -DPIC"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ # The option is referenced via a variable to avoid confusing sed.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:8138: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&5
+ echo "$as_me:8142: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings other than the usual output.
+ $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_pic_works=yes
+ fi
+ fi
+ $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5
+$as_echo "$lt_cv_prog_compiler_pic_works" >&6; }
+
+if test x"$lt_cv_prog_compiler_pic_works" = xyes; then
+ case $lt_prog_compiler_pic in
+ "" | " "*) ;;
+ *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;;
+ esac
+else
+ lt_prog_compiler_pic=
+ lt_prog_compiler_can_build_shared=no
+fi
+
+fi
+
+
+
+
+
+
+#
+# Check to make sure the static flag actually works.
+#
+wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5
+$as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; }
+if test "${lt_cv_prog_compiler_static_works+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_prog_compiler_static_works=no
+ save_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
+ echo "$lt_simple_link_test_code" > conftest.$ac_ext
+ if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
+ # The linker can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ if test -s conftest.err; then
+ # Append any errors to the config.log.
+ cat conftest.err 1>&5
+ $ECHO "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if diff conftest.exp conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_static_works=yes
+ fi
+ else
+ lt_cv_prog_compiler_static_works=yes
+ fi
+ fi
+ $RM -r conftest*
+ LDFLAGS="$save_LDFLAGS"
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5
+$as_echo "$lt_cv_prog_compiler_static_works" >&6; }
+
+if test x"$lt_cv_prog_compiler_static_works" = xyes; then
+ :
+else
+ lt_prog_compiler_static=
+fi
+
+
+
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
+$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
+if test "${lt_cv_prog_compiler_c_o+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_prog_compiler_c_o=no
+ $RM -r conftest 2>/dev/null
+ mkdir conftest
+ cd conftest
+ mkdir out
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ lt_compiler_flag="-o out/conftest2.$ac_objext"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:8243: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>out/conftest.err)
+ ac_status=$?
+ cat out/conftest.err >&5
+ echo "$as_me:8247: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s out/conftest2.$ac_objext
+ then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
+ $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+ if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_c_o=yes
+ fi
+ fi
+ chmod u+w . 2>&5
+ $RM conftest*
+ # SGI C++ compiler will create directory out/ii_files/ for
+ # template instantiation
+ test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
+ $RM out/* && rmdir out
+ cd ..
+ $RM -r conftest
+ $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
+$as_echo "$lt_cv_prog_compiler_c_o" >&6; }
+
+
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
+$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
+if test "${lt_cv_prog_compiler_c_o+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ lt_cv_prog_compiler_c_o=no
+ $RM -r conftest 2>/dev/null
+ mkdir conftest
+ cd conftest
+ mkdir out
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ lt_compiler_flag="-o out/conftest2.$ac_objext"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:8298: $lt_compile\"" >&5)
+ (eval "$lt_compile" 2>out/conftest.err)
+ ac_status=$?
+ cat out/conftest.err >&5
+ echo "$as_me:8302: \$? = $ac_status" >&5
+ if (exit $ac_status) && test -s out/conftest2.$ac_objext
+ then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
+ $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+ if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+ lt_cv_prog_compiler_c_o=yes
+ fi
+ fi
+ chmod u+w . 2>&5
+ $RM conftest*
+ # SGI C++ compiler will create directory out/ii_files/ for
+ # template instantiation
+ test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
+ $RM out/* && rmdir out
+ cd ..
+ $RM -r conftest
+ $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
+$as_echo "$lt_cv_prog_compiler_c_o" >&6; }
+
+
+
+
+hard_links="nottested"
+if test "$lt_cv_prog_compiler_c_o" = no && test "$need_locks" != no; then
+ # do not overwrite the value of need_locks provided by the user
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5
+$as_echo_n "checking if we can lock with hard links... " >&6; }
+ hard_links=yes
+ $RM conftest*
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ touch conftest.a
+ ln conftest.a conftest.b 2>&5 || hard_links=no
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5
+$as_echo "$hard_links" >&6; }
+ if test "$hard_links" = no; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5
+$as_echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;}
+ need_locks=warn
+ fi
+else
+ need_locks=no
+fi
+
+
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; }
+
+ runpath_var=
+ allow_undefined_flag=
+ always_export_symbols=no
+ archive_cmds=
+ archive_expsym_cmds=
+ compiler_needs_object=no
+ enable_shared_with_static_runtimes=no
+ export_dynamic_flag_spec=
+ export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ hardcode_automatic=no
+ hardcode_direct=no
+ hardcode_direct_absolute=no
+ hardcode_libdir_flag_spec=
+ hardcode_libdir_flag_spec_ld=
+ hardcode_libdir_separator=
+ hardcode_minus_L=no
+ hardcode_shlibpath_var=unsupported
+ inherit_rpath=no
+ link_all_deplibs=unknown
+ module_cmds=
+ module_expsym_cmds=
+ old_archive_from_new_cmds=
+ old_archive_from_expsyms_cmds=
+ thread_safe_flag_spec=
+ whole_archive_flag_spec=
+ # include_expsyms should be a list of space-separated symbols to be *always*
+ # included in the symbol list
+ include_expsyms=
+ # exclude_expsyms can be an extended regexp of symbols to exclude
+ # it will be wrapped by ` (' and `)$', so one must not match beginning or
+ # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
+ # as well as any symbol that contains `d'.
+ exclude_expsyms='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'
+ # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
+ # platforms (ab)use it in PIC code, but their linkers get confused if
+ # the symbol is explicitly referenced. Since portable code cannot
+ # rely on this symbol name, it's probably fine to never include it in
+ # preloaded symbol tables.
+ # Exclude shared library initialization/finalization symbols.
+ extract_expsyms_cmds=
+
+ case $host_os in
+ cygwin* | mingw* | pw32* | cegcc*)
+ # FIXME: the MSVC++ port hasn't been tested in a loooong time
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ if test "$GCC" != yes; then
+ with_gnu_ld=no
+ fi
+ ;;
+ interix*)
+ # we just hope/assume this is gcc and not c89 (= MSVC++)
+ with_gnu_ld=yes
+ ;;
+ openbsd*)
+ with_gnu_ld=no
+ ;;
+ linux* | k*bsd*-gnu)
+ link_all_deplibs=no
+ ;;
+ esac
+
+ ld_shlibs=yes
+ if test "$with_gnu_ld" = yes; then
+ # If archive_cmds runs LD, not CC, wlarc should be empty
+ wlarc='${wl}'
+
+ # Set some defaults for GNU ld with shared library support. These
+ # are reset later if shared libraries are not supported. Putting them
+ # here allows them to be overridden if necessary.
+ runpath_var=LD_RUN_PATH
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ export_dynamic_flag_spec='${wl}--export-dynamic'
+ # ancient GNU ld didn't support --whole-archive et. al.
+ if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
+ whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ else
+ whole_archive_flag_spec=
+ fi
+ supports_anon_versioning=no
+ case `$LD -v 2>&1` in
+ *GNU\ gold*) supports_anon_versioning=yes ;;
+ *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11
+ *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
+ *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
+ *\ 2.11.*) ;; # other 2.11 versions
+ *) supports_anon_versioning=yes ;;
+ esac
+
+ # See if GNU ld supports shared libraries.
+ case $host_os in
+ aix[3-9]*)
+ # On AIX/PPC, the GNU linker is very broken
+ if test "$host_cpu" != ia64; then
+ ld_shlibs=no
+ cat <<_LT_EOF 1>&2
+
+*** Warning: the GNU linker, at least up to release 2.9.1, is reported
+*** to be unable to reliably create shared libraries on AIX.
+*** Therefore, libtool is disabling shared libraries support. If you
+*** really care for shared libraries, you may want to modify your PATH
+*** so that a non-GNU linker is found, and then restart.
+
+_LT_EOF
+ fi
+ ;;
+
+ amigaos*)
+ case $host_cpu in
+ powerpc)
+ # see comment about AmigaOS4 .so support
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds=''
+ ;;
+ m68k)
+ archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_minus_L=yes
+ ;;
+ esac
+ ;;
+
+ beos*)
+ if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ allow_undefined_flag=unsupported
+ # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
+ # support --undefined. This deserves some investigation. FIXME
+ archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ cygwin* | mingw* | pw32* | cegcc*)
+ # _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless,
+ # as there is no search path for DLLs.
+ hardcode_libdir_flag_spec='-L$libdir'
+ allow_undefined_flag=unsupported
+ always_export_symbols=no
+ enable_shared_with_static_runtimes=yes
+ export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols'
+
+ if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ # If the export-symbols file already is a .def file (1st line
+ # is EXPORTS), use it as is; otherwise, prepend...
+ archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+ cp $export_symbols $output_objdir/$soname.def;
+ else
+ echo EXPORTS > $output_objdir/$soname.def;
+ cat $export_symbols >> $output_objdir/$soname.def;
+ fi~
+ $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ interix[3-9]*)
+ hardcode_direct=no
+ hardcode_shlibpath_var=no
+ hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+ export_dynamic_flag_spec='${wl}-E'
+ # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
+ # Instead, shared libraries are loaded at an image base (0x10000000 by
+ # default) and relocated if they conflict, which is a slow very memory
+ # consuming and fragmenting process. To avoid this, we pick a random,
+ # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
+ # time. Moving up from 0x10000000 also allows more sbrk(2) space.
+ archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ archive_expsym_cmds='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ ;;
+
+ gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
+ tmp_diet=no
+ if test "$host_os" = linux-dietlibc; then
+ case $cc_basename in
+ diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn)
+ esac
+ fi
+ if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \
+ && test "$tmp_diet" = no
+ then
+ tmp_addflag=
+ tmp_sharedflag='-shared'
+ case $cc_basename,$host_cpu in
+ pgcc*) # Portland Group C compiler
+ whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ tmp_addflag=' $pic_flag'
+ ;;
+ pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers
+ whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ tmp_addflag=' $pic_flag -Mnomain' ;;
+ ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64
+ tmp_addflag=' -i_dynamic' ;;
+ efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64
+ tmp_addflag=' -i_dynamic -nofor_main' ;;
+ ifc* | ifort*) # Intel Fortran compiler
+ tmp_addflag=' -nofor_main' ;;
+ lf95*) # Lahey Fortran 8.1
+ whole_archive_flag_spec=
+ tmp_sharedflag='--shared' ;;
+ xl[cC]*) # IBM XL C 8.0 on PPC (deal with xlf below)
+ tmp_sharedflag='-qmkshrobj'
+ tmp_addflag= ;;
+ esac
+ case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ C*) # Sun C 5.9
+ whole_archive_flag_spec='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ compiler_needs_object=yes
+ tmp_sharedflag='-G' ;;
+ *Sun\ F*) # Sun Fortran 8.3
+ tmp_sharedflag='-G' ;;
+ esac
+ archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+
+ if test "x$supports_anon_versioning" = xyes; then
+ archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ echo "local: *; };" >> $output_objdir/$libname.ver~
+ $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
+ fi
+
+ case $cc_basename in
+ xlf*)
+ # IBM XL Fortran 10.1 on PPC cannot create shared libs itself
+ whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive'
+ hardcode_libdir_flag_spec=
+ hardcode_libdir_flag_spec_ld='-rpath $libdir'
+ archive_cmds='$LD -shared $libobjs $deplibs $compiler_flags -soname $soname -o $lib'
+ if test "x$supports_anon_versioning" = xyes; then
+ archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ echo "local: *; };" >> $output_objdir/$libname.ver~
+ $LD -shared $libobjs $deplibs $compiler_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
+ fi
+ ;;
+ esac
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ netbsd* | netbsdelf*-gnu)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+ archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
+ wlarc=
+ else
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ fi
+ ;;
+
+ solaris*)
+ if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then
+ ld_shlibs=no
+ cat <<_LT_EOF 1>&2
+
+*** Warning: The releases 2.8.* of the GNU linker cannot reliably
+*** create shared libraries on Solaris systems. Therefore, libtool
+*** is disabling shared libraries support. We urge you to upgrade GNU
+*** binutils to release 2.9.1 or newer. Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+_LT_EOF
+ elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
+ case `$LD -v 2>&1` in
+ *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*)
+ ld_shlibs=no
+ cat <<_LT_EOF 1>&2
+
+*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not
+*** reliably create shared libraries on SCO systems. Therefore, libtool
+*** is disabling shared libraries support. We urge you to upgrade GNU
+*** binutils to release 2.16.91.0.3 or newer. Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+_LT_EOF
+ ;;
+ *)
+ # For security reasons, it is highly recommended that you always
+ # use absolute paths for naming shared libraries, and exclude the
+ # DT_RUNPATH tag from executables and libraries. But doing so
+ # requires that you compile everything twice, which is a pain.
+ if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ esac
+ ;;
+
+ sunos4*)
+ archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ wlarc=
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ *)
+ if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ ld_shlibs=no
+ fi
+ ;;
+ esac
+
+ if test "$ld_shlibs" = no; then
+ runpath_var=
+ hardcode_libdir_flag_spec=
+ export_dynamic_flag_spec=
+ whole_archive_flag_spec=
+ fi
+ else
+ # PORTME fill in a description of your system's linker (not GNU ld)
+ case $host_os in
+ aix3*)
+ allow_undefined_flag=unsupported
+ always_export_symbols=yes
+ archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
+ # Note: this linker hardcodes the directories in LIBPATH if there
+ # are no directories specified by -L.
+ hardcode_minus_L=yes
+ if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then
+ # Neither direct hardcoding nor static linking is supported with a
+ # broken collect2.
+ hardcode_direct=unsupported
+ fi
+ ;;
+
+ aix[4-9]*)
+ if test "$host_cpu" = ia64; then
+ # On IA64, the linker does run time linking by default, so we don't
+ # have to do anything special.
+ aix_use_runtimelinking=no
+ exp_sym_flag='-Bexport'
+ no_entry_flag=""
+ else
+ # If we're using GNU nm, then we don't want the "-C" option.
+ # -C means demangle to AIX nm, but means don't demangle with GNU nm
+ if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
+ export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+ else
+ export_symbols_cmds='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+ fi
+ aix_use_runtimelinking=no
+
+ # Test if we are trying to use run time linking or normal
+ # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+ # need to do runtime linking.
+ case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*)
+ for ld_flag in $LDFLAGS; do
+ if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
+ aix_use_runtimelinking=yes
+ break
+ fi
+ done
+ ;;
+ esac
+
+ exp_sym_flag='-bexport'
+ no_entry_flag='-bnoentry'
+ fi
+
+ # When large executables or shared objects are built, AIX ld can
+ # have problems creating the table of contents. If linking a library
+ # or program results in "error TOC overflow" add -mminimal-toc to
+ # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
+ # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+ archive_cmds=''
+ hardcode_direct=yes
+ hardcode_direct_absolute=yes
+ hardcode_libdir_separator=':'
+ link_all_deplibs=yes
+ file_list_spec='${wl}-f,'
+
+ if test "$GCC" = yes; then
+ case $host_os in aix4.[012]|aix4.[012].*)
+ # We only want to do this on AIX 4.2 and lower, the check
+ # below for broken collect2 doesn't work under 4.3+
+ collect2name=`${CC} -print-prog-name=collect2`
+ if test -f "$collect2name" &&
+ strings "$collect2name" | $GREP resolve_lib_name >/dev/null
+ then
+ # We have reworked collect2
+ :
+ else
+ # We have old collect2
+ hardcode_direct=unsupported
+ # It fails to find uninstalled libraries when the uninstalled
+ # path is not listed in the libpath. Setting hardcode_minus_L
+ # to unsupported forces relinking
+ hardcode_minus_L=yes
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_libdir_separator=
+ fi
+ ;;
+ esac
+ shared_flag='-shared'
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag="$shared_flag "'${wl}-G'
+ fi
+ link_all_deplibs=no
+ else
+ # not using gcc
+ if test "$host_cpu" = ia64; then
+ # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+ # chokes on -Wl,-G. The following line is correct:
+ shared_flag='-G'
+ else
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag='${wl}-G'
+ else
+ shared_flag='${wl}-bM:SRE'
+ fi
+ fi
+ fi
+
+ export_dynamic_flag_spec='${wl}-bexpall'
+ # It seems that -bexpall does not export symbols beginning with
+ # underscore (_), so it is better to generate a list of symbols to export.
+ always_export_symbols=yes
+ if test "$aix_use_runtimelinking" = yes; then
+ # Warning - without using the other runtime loading flags (-brtl),
+ # -berok will link without error, but may produce a broken library.
+ allow_undefined_flag='-berok'
+ # Determine the default libpath from the value encoded in an
+ # empty executable.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+lt_aix_libpath_sed='
+ /Import File Strings/,/^$/ {
+ /^0/ {
+ s/^0 *\(.*\)$/\1/
+ p
+ }
+ }'
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then
+ aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+ hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
+ archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+ else
+ if test "$host_cpu" = ia64; then
+ hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib'
+ allow_undefined_flag="-z nodefs"
+ archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
+ else
+ # Determine the default libpath from the value encoded in an
+ # empty executable.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+lt_aix_libpath_sed='
+ /Import File Strings/,/^$/ {
+ /^0/ {
+ s/^0 *\(.*\)$/\1/
+ p
+ }
+ }'
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then
+ aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+ hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
+ # Warning - without using the other run time loading flags,
+ # -berok will link without error, but may produce a broken library.
+ no_undefined_flag=' ${wl}-bernotok'
+ allow_undefined_flag=' ${wl}-berok'
+ # Exported symbols can be pulled into shared objects from archives
+ whole_archive_flag_spec='$convenience'
+ archive_cmds_need_lc=yes
+ # This is similar to how AIX traditionally builds its shared libraries.
+ archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+ fi
+ fi
+ ;;
+
+ amigaos*)
+ case $host_cpu in
+ powerpc)
+ # see comment about AmigaOS4 .so support
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ archive_expsym_cmds=''
+ ;;
+ m68k)
+ archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_minus_L=yes
+ ;;
+ esac
+ ;;
+
+ bsdi[45]*)
+ export_dynamic_flag_spec=-rdynamic
+ ;;
+
+ cygwin* | mingw* | pw32* | cegcc*)
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ # hardcode_libdir_flag_spec is actually meaningless, as there is
+ # no search path for DLLs.
+ hardcode_libdir_flag_spec=' '
+ allow_undefined_flag=unsupported
+ # Tell ltmain to make .lib files, not .a files.
+ libext=lib
+ # Tell ltmain to make .dll files, not .so files.
+ shrext_cmds=".dll"
+ # FIXME: Setting linknames here is a bad hack.
+ archive_cmds='$CC -o $lib $libobjs $compiler_flags `$ECHO "X$deplibs" | $Xsed -e '\''s/ -lc$//'\''` -link -dll~linknames='
+ # The linker will automatically build a .lib file if we build a DLL.
+ old_archive_from_new_cmds='true'
+ # FIXME: Should let the user specify the lib program.
+ old_archive_cmds='lib -OUT:$oldlib$oldobjs$old_deplibs'
+ fix_srcfile_path='`cygpath -w "$srcfile"`'
+ enable_shared_with_static_runtimes=yes
+ ;;
+
+ darwin* | rhapsody*)
+
+
+ archive_cmds_need_lc=no
+ hardcode_direct=no
+ hardcode_automatic=yes
+ hardcode_shlibpath_var=unsupported
+ whole_archive_flag_spec=''
+ link_all_deplibs=yes
+ allow_undefined_flag="$_lt_dar_allow_undefined"
+ case $cc_basename in
+ ifort*) _lt_dar_can_shared=yes ;;
+ *) _lt_dar_can_shared=$GCC ;;
+ esac
+ if test "$_lt_dar_can_shared" = "yes"; then
+ output_verbose_link_cmd=echo
+ archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}"
+ module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}"
+ archive_expsym_cmds="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}"
+ module_expsym_cmds="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}"
+
+ else
+ ld_shlibs=no
+ fi
+
+ ;;
+
+ dgux*)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_shlibpath_var=no
+ ;;
+
+ freebsd1*)
+ ld_shlibs=no
+ ;;
+
+ # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
+ # support. Future versions do this automatically, but an explicit c++rt0.o
+ # does not break anything, and helps significantly (at the cost of a little
+ # extra space).
+ freebsd2.2*)
+ archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ # Unfortunately, older versions of FreeBSD 2 do not have this feature.
+ freebsd2*)
+ archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct=yes
+ hardcode_minus_L=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
+ freebsd* | dragonfly*)
+ archive_cmds='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ hpux9*)
+ if test "$GCC" = yes; then
+ archive_cmds='$RM $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ else
+ archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ fi
+ hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator=:
+ hardcode_direct=yes
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L=yes
+ export_dynamic_flag_spec='${wl}-E'
+ ;;
+
+ hpux10*)
+ if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+ archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
+ fi
+ if test "$with_gnu_ld" = no; then
+ hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+ hardcode_libdir_flag_spec_ld='+b $libdir'
+ hardcode_libdir_separator=:
+ hardcode_direct=yes
+ hardcode_direct_absolute=yes
+ export_dynamic_flag_spec='${wl}-E'
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L=yes
+ fi
+ ;;
+
+ hpux11*)
+ if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+ case $host_cpu in
+ hppa*64*)
+ archive_cmds='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ ia64*)
+ archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ else
+ case $host_cpu in
+ hppa*64*)
+ archive_cmds='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ ia64*)
+ archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ fi
+ if test "$with_gnu_ld" = no; then
+ hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+ hardcode_libdir_separator=:
+
+ case $host_cpu in
+ hppa*64*|ia64*)
+ hardcode_direct=no
+ hardcode_shlibpath_var=no
+ ;;
+ *)
+ hardcode_direct=yes
+ hardcode_direct_absolute=yes
+ export_dynamic_flag_spec='${wl}-E'
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ hardcode_minus_L=yes
+ ;;
+ esac
+ fi
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ if test "$GCC" = yes; then
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ # Try to use the -exported_symbol ld option, if it does not
+ # work, assume that -exports_file does not work either and
+ # implicitly export all symbols.
+ save_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+int foo(void) {}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib'
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LDFLAGS="$save_LDFLAGS"
+ else
+ archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib'
+ fi
+ archive_cmds_need_lc='no'
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator=:
+ inherit_rpath=yes
+ link_all_deplibs=yes
+ ;;
+
+ netbsd* | netbsdelf*-gnu)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+ archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
+ else
+ archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF
+ fi
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ newsos6)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct=yes
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator=:
+ hardcode_shlibpath_var=no
+ ;;
+
+ *nto* | *qnx*)
+ ;;
+
+ openbsd*)
+ if test -f /usr/libexec/ld.so; then
+ hardcode_direct=yes
+ hardcode_shlibpath_var=no
+ hardcode_direct_absolute=yes
+ if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols'
+ hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+ export_dynamic_flag_spec='${wl}-E'
+ else
+ case $host_os in
+ openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*)
+ archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_libdir_flag_spec='-R$libdir'
+ ;;
+ *)
+ archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+ ;;
+ esac
+ fi
+ else
+ ld_shlibs=no
+ fi
+ ;;
+
+ os2*)
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_minus_L=yes
+ allow_undefined_flag=unsupported
+ archive_cmds='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$ECHO DATA >> $output_objdir/$libname.def~$ECHO " SINGLE NONSHARED" >> $output_objdir/$libname.def~$ECHO EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
+ old_archive_from_new_cmds='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
+ ;;
+
+ osf3*)
+ if test "$GCC" = yes; then
+ allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
+ archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ allow_undefined_flag=' -expect_unresolved \*'
+ archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ fi
+ archive_cmds_need_lc='no'
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ hardcode_libdir_separator=:
+ ;;
+
+ osf4* | osf5*) # as osf3* with the addition of -msym flag
+ if test "$GCC" = yes; then
+ allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
+ archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+ else
+ allow_undefined_flag=' -expect_unresolved \*'
+ archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~
+ $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp'
+
+ # Both c and cxx compiler support -rpath directly
+ hardcode_libdir_flag_spec='-rpath $libdir'
+ fi
+ archive_cmds_need_lc='no'
+ hardcode_libdir_separator=:
+ ;;
+
+ solaris*)
+ no_undefined_flag=' -z defs'
+ if test "$GCC" = yes; then
+ wlarc='${wl}'
+ archive_cmds='$CC -shared ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $CC -shared ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
+ else
+ case `$CC -V 2>&1` in
+ *"Compilers 5.0"*)
+ wlarc=''
+ archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp'
+ ;;
+ *)
+ wlarc='${wl}'
+ archive_cmds='$CC -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $CC -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
+ ;;
+ esac
+ fi
+ hardcode_libdir_flag_spec='-R$libdir'
+ hardcode_shlibpath_var=no
+ case $host_os in
+ solaris2.[0-5] | solaris2.[0-5].*) ;;
+ *)
+ # The compiler driver will combine and reorder linker options,
+ # but understands `-z linker_flag'. GCC discards it without `$wl',
+ # but is careful enough not to reorder.
+ # Supported since Solaris 2.6 (maybe 2.5.1?)
+ if test "$GCC" = yes; then
+ whole_archive_flag_spec='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract'
+ else
+ whole_archive_flag_spec='-z allextract$convenience -z defaultextract'
+ fi
+ ;;
+ esac
+ link_all_deplibs=yes
+ ;;
+
+ sunos4*)
+ if test "x$host_vendor" = xsequent; then
+ # Use $CC to link under sequent, because it throws in some extra .o
+ # files that make .init and .fini sections work.
+ archive_cmds='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
+ fi
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_direct=yes
+ hardcode_minus_L=yes
+ hardcode_shlibpath_var=no
+ ;;
+
+ sysv4)
+ case $host_vendor in
+ sni)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct=yes # is this really true???
+ ;;
+ siemens)
+ ## LD is ld it makes a PLAMLIB
+ ## CC just makes a GrossModule.
+ archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags'
+ reload_cmds='$CC -r -o $output$reload_objs'
+ hardcode_direct=no
+ ;;
+ motorola)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_direct=no #Motorola manual says yes, but my tests say they lie
+ ;;
+ esac
+ runpath_var='LD_RUN_PATH'
+ hardcode_shlibpath_var=no
+ ;;
+
+ sysv4.3*)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_shlibpath_var=no
+ export_dynamic_flag_spec='-Bexport'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_shlibpath_var=no
+ runpath_var=LD_RUN_PATH
+ hardcode_runpath_var=yes
+ ld_shlibs=yes
+ fi
+ ;;
+
+ sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*)
+ no_undefined_flag='${wl}-z,text'
+ archive_cmds_need_lc=no
+ hardcode_shlibpath_var=no
+ runpath_var='LD_RUN_PATH'
+
+ if test "$GCC" = yes; then
+ archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ fi
+ ;;
+
+ sysv5* | sco3.2v5* | sco5v6*)
+ # Note: We can NOT use -z defs as we might desire, because we do not
+ # link with -lc, and that would cause any symbols used from libc to
+ # always be unresolved, which means just about no library would
+ # ever link correctly. If we're not using GNU ld we use -z text
+ # though, which does catch some bad symbols but isn't as heavy-handed
+ # as -z defs.
+ no_undefined_flag='${wl}-z,text'
+ allow_undefined_flag='${wl}-z,nodefs'
+ archive_cmds_need_lc=no
+ hardcode_shlibpath_var=no
+ hardcode_libdir_flag_spec='${wl}-R,$libdir'
+ hardcode_libdir_separator=':'
+ link_all_deplibs=yes
+ export_dynamic_flag_spec='${wl}-Bexport'
+ runpath_var='LD_RUN_PATH'
+
+ if test "$GCC" = yes; then
+ archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ fi
+ ;;
+
+ uts4*)
+ archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ hardcode_libdir_flag_spec='-L$libdir'
+ hardcode_shlibpath_var=no
+ ;;
+
+ *)
+ ld_shlibs=no
+ ;;
+ esac
+
+ if test x$host_vendor = xsni; then
+ case $host in
+ sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
+ export_dynamic_flag_spec='${wl}-Blargedynsym'
+ ;;
+ esac
+ fi
+ fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5
+$as_echo "$ld_shlibs" >&6; }
+test "$ld_shlibs" = no && can_build_shared=no
+
+with_gnu_ld=$with_gnu_ld
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+#
+# Do we need to explicitly link libc?
+#
+case "x$archive_cmds_need_lc" in
+x|xyes)
+ # Assume -lc should be added
+ archive_cmds_need_lc=yes
+
+ if test "$enable_shared" = yes && test "$GCC" = yes; then
+ case $archive_cmds in
+ *'~'*)
+ # FIXME: we may have to deal with multi-command sequences.
+ ;;
+ '$CC '*)
+ # Test whether the compiler implicitly links with -lc since on some
+ # systems, -lgcc has to come before -lc. If gcc already passes -lc
+ # to ld, don't add -lc before -lgcc.
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5
+$as_echo_n "checking whether -lc should be explicitly linked in... " >&6; }
+ $RM conftest*
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+ (eval $ac_compile) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } 2>conftest.err; then
+ soname=conftest
+ lib=conftest
+ libobjs=conftest.$ac_objext
+ deplibs=
+ wl=$lt_prog_compiler_wl
+ pic_flag=$lt_prog_compiler_pic
+ compiler_flags=-v
+ linker_flags=-v
+ verstring=
+ output_objdir=.
+ libname=conftest
+ lt_save_allow_undefined_flag=$allow_undefined_flag
+ allow_undefined_flag=
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5
+ (eval $archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }
+ then
+ archive_cmds_need_lc=no
+ else
+ archive_cmds_need_lc=yes
+ fi
+ allow_undefined_flag=$lt_save_allow_undefined_flag
+ else
+ cat conftest.err 1>&5
+ fi
+ $RM conftest*
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $archive_cmds_need_lc" >&5
+$as_echo "$archive_cmds_need_lc" >&6; }
+ ;;
+ esac
+ fi
+ ;;
+esac
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5
+$as_echo_n "checking dynamic linker characteristics... " >&6; }
+
+if test "$GCC" = yes; then
+ case $host_os in
+ darwin*) lt_awk_arg="/^libraries:/,/LR/" ;;
+ *) lt_awk_arg="/^libraries:/" ;;
+ esac
+ lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if $ECHO "$lt_search_path_spec" | $GREP ';' >/dev/null ; then
+ # if the path contains ";" then we assume it to be the separator
+ # otherwise default to the standard path separator (i.e. ":") - it is
+ # assumed that no part of a normal pathname contains ";" but that should
+ # okay in the real world where ";" in dirpaths is itself problematic.
+ lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+ # Ok, now we have the path, separated by spaces, we can step through it
+ # and add multilib dir if necessary.
+ lt_tmp_lt_search_path_spec=
+ lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null`
+ for lt_sys_path in $lt_search_path_spec; do
+ if test -d "$lt_sys_path/$lt_multi_os_dir"; then
+ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir"
+ else
+ test -d "$lt_sys_path" && \
+ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path"
+ fi
+ done
+ lt_search_path_spec=`$ECHO $lt_tmp_lt_search_path_spec | awk '
+BEGIN {RS=" "; FS="/|\n";} {
+ lt_foo="";
+ lt_count=0;
+ for (lt_i = NF; lt_i > 0; lt_i--) {
+ if ($lt_i != "" && $lt_i != ".") {
+ if ($lt_i == "..") {
+ lt_count++;
+ } else {
+ if (lt_count == 0) {
+ lt_foo="/" $lt_i lt_foo;
+ } else {
+ lt_count--;
+ }
+ }
+ }
+ }
+ if (lt_foo != "") { lt_freq[lt_foo]++; }
+ if (lt_freq[lt_foo] == 1) { print lt_foo; }
+}'`
+ sys_lib_search_path_spec=`$ECHO $lt_search_path_spec`
+else
+ sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+fi
+library_names_spec=
+libname_spec='lib$name'
+soname_spec=
+shrext_cmds=".so"
+postinstall_cmds=
+postuninstall_cmds=
+finish_cmds=
+finish_eval=
+shlibpath_var=
+shlibpath_overrides_runpath=unknown
+version_type=none
+dynamic_linker="$host_os ld.so"
+sys_lib_dlsearch_path_spec="/lib /usr/lib"
+need_lib_prefix=unknown
+hardcode_into_libs=no
+
+# when you set need_version to no, make sure it does not cause -set_version
+# flags to be left without arguments
+need_version=unknown
+
+case $host_os in
+aix3*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
+ shlibpath_var=LIBPATH
+
+ # AIX 3 has no versioning support, so we append a major version to the name.
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+
+aix[4-9]*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ hardcode_into_libs=yes
+ if test "$host_cpu" = ia64; then
+ # AIX 5 supports IA64
+ library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ else
+ # With GCC up to 2.95.x, collect2 would create an import file
+ # for dependence libraries. The import file would start with
+ # the line `#! .'. This would cause the generated library to
+ # depend on `.', always an invalid library. This was fixed in
+ # development snapshots of GCC prior to 3.0.
+ case $host_os in
+ aix4 | aix4.[01] | aix4.[01].*)
+ if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
+ echo ' yes '
+ echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then
+ :
+ else
+ can_build_shared=no
+ fi
+ ;;
+ esac
+ # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
+ # soname into executable. Probably we can add versioning support to
+ # collect2, so additional links can be useful in future.
+ if test "$aix_use_runtimelinking" = yes; then
+ # If using run time linking (on AIX 4.2 or later) use lib<name>.so
+ # instead of lib<name>.a to let people know that these are not
+ # typical AIX shared libraries.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ else
+ # We preserve .a as extension for shared libraries through AIX4.2
+ # and later when we are not doing run time linking.
+ library_names_spec='${libname}${release}.a $libname.a'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ fi
+ shlibpath_var=LIBPATH
+ fi
+ ;;
+
+amigaos*)
+ case $host_cpu in
+ powerpc)
+ # Since July 2007 AmigaOS4 officially supports .so libraries.
+ # When compiling the executable, add -use-dynld -Lsobjs: to the compileline.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ ;;
+ m68k)
+ library_names_spec='$libname.ixlibrary $libname.a'
+ # Create ${libname}_ixlibrary.a entries in /sys/libs.
+ finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$ECHO "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+ ;;
+ esac
+ ;;
+
+beos*)
+ library_names_spec='${libname}${shared_ext}'
+ dynamic_linker="$host_os ld.so"
+ shlibpath_var=LIBRARY_PATH
+ ;;
+
+bsdi[45]*)
+ version_type=linux
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
+ sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
+ # the default ld.so.conf also contains /usr/contrib/lib and
+ # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
+ # libtool to hard-code these into programs
+ ;;
+
+cygwin* | mingw* | pw32* | cegcc*)
+ version_type=windows
+ shrext_cmds=".dll"
+ need_version=no
+ need_lib_prefix=no
+
+ case $GCC,$host_os in
+ yes,cygwin* | yes,mingw* | yes,pw32* | yes,cegcc*)
+ library_names_spec='$libname.dll.a'
+ # DLL is installed to $(libdir)/../bin by postinstall_cmds
+ postinstall_cmds='base_file=`basename \${file}`~
+ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~
+ dldir=$destdir/`dirname \$dlpath`~
+ test -d \$dldir || mkdir -p \$dldir~
+ $install_prog $dir/$dlname \$dldir/$dlname~
+ chmod a+x \$dldir/$dlname~
+ if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
+ eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
+ fi'
+ postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+ dlpath=$dir/\$dldll~
+ $RM \$dlpath'
+ shlibpath_overrides_runpath=yes
+
+ case $host_os in
+ cygwin*)
+ # Cygwin DLLs use 'cyg' prefix rather than 'lib'
+ soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
+ ;;
+ mingw* | cegcc*)
+ # MinGW DLLs use traditional 'lib' prefix
+ soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec=`$CC -print-search-dirs | $GREP "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then
+ # It is most probably a Windows format PATH printed by
+ # mingw gcc, but we are running on Cygwin. Gcc prints its search
+ # path with ; separators, and with drive letters. We can handle the
+ # drive letters (cygwin fileutils understands them), so leave them,
+ # especially as we might pass files found there to a mingw objdump,
+ # which wouldn't understand a cygwinified path. Ahh.
+ sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+ ;;
+ pw32*)
+ # pw32 DLLs use 'pw' prefix rather than 'lib'
+ library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+ ;;
+ esac
+ ;;
+
+ *)
+ library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib'
+ ;;
+ esac
+ dynamic_linker='Win32 ld.exe'
+ # FIXME: first we should search . and the directory the executable is in
+ shlibpath_var=PATH
+ ;;
+
+darwin* | rhapsody*)
+ dynamic_linker="$host_os dyld"
+ version_type=darwin
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext'
+ soname_spec='${libname}${release}${major}$shared_ext'
+ shlibpath_overrides_runpath=yes
+ shlibpath_var=DYLD_LIBRARY_PATH
+ shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
+
+ sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"
+ sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
+ ;;
+
+dgux*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+freebsd1*)
+ dynamic_linker=no
+ ;;
+
+freebsd* | dragonfly*)
+ # DragonFly does not have aout. When/if they implement a new
+ # versioning mechanism, adjust this.
+ if test -x /usr/bin/objformat; then
+ objformat=`/usr/bin/objformat`
+ else
+ case $host_os in
+ freebsd[123]*) objformat=aout ;;
+ *) objformat=elf ;;
+ esac
+ fi
+ version_type=freebsd-$objformat
+ case $version_type in
+ freebsd-elf*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ need_version=no
+ need_lib_prefix=no
+ ;;
+ freebsd-*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
+ need_version=yes
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_os in
+ freebsd2*)
+ shlibpath_overrides_runpath=yes
+ ;;
+ freebsd3.[01]* | freebsdelf3.[01]*)
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ freebsd3.[2-9]* | freebsdelf3.[2-9]* | \
+ freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1)
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+ *) # from 4.6 on, and DragonFly
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ esac
+ ;;
+
+gnu*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ hardcode_into_libs=yes
+ ;;
+
+hpux9* | hpux10* | hpux11*)
+ # Give a soname corresponding to the major version so that dld.sl refuses to
+ # link against other versions.
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ case $host_cpu in
+ ia64*)
+ shrext_cmds='.so'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.so"
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ if test "X$HPUX_IA64_MODE" = X32; then
+ sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+ else
+ sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+ fi
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ hppa*64*)
+ shrext_cmds='.sl'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ *)
+ shrext_cmds='.sl'
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=SHLIB_PATH
+ shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+ esac
+ # HP-UX runs *really* slowly unless shared libraries are mode 555.
+ postinstall_cmds='chmod 555 $lib'
+ ;;
+
+interix[3-9]*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $host_os in
+ nonstopux*) version_type=nonstopux ;;
+ *)
+ if test "$lt_cv_prog_gnu_ld" = yes; then
+ version_type=linux
+ else
+ version_type=irix
+ fi ;;
+ esac
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
+ case $host_os in
+ irix5* | nonstopux*)
+ libsuff= shlibsuff=
+ ;;
+ *)
+ case $LD in # libtool.m4 will add one of these switches to LD
+ *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
+ libsuff= shlibsuff= libmagic=32-bit;;
+ *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
+ libsuff=32 shlibsuff=N32 libmagic=N32;;
+ *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
+ libsuff=64 shlibsuff=64 libmagic=64-bit;;
+ *) libsuff= shlibsuff= libmagic=never-match;;
+ esac
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
+ sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
+ hardcode_into_libs=yes
+ ;;
+
+# No shared lib support for Linux oldld, aout, or coff.
+linux*oldld* | linux*aout* | linux*coff*)
+ dynamic_linker=no
+ ;;
+
+# This must be Linux ELF.
+linux* | k*bsd*-gnu | kopensolaris*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ # Some binutils ld are patched to set DT_RUNPATH
+ save_LDFLAGS=$LDFLAGS
+ save_libdir=$libdir
+ eval "libdir=/foo; wl=\"$lt_prog_compiler_wl\"; \
+ LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec\""
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then :
+ shlibpath_overrides_runpath=yes
+fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ LDFLAGS=$save_LDFLAGS
+ libdir=$save_libdir
+
+ # This implies no fast_install, which is unacceptable.
+ # Some rework will be needed to allow for fast_install
+ # before this can be enabled.
+ hardcode_into_libs=yes
+
+ # Append ld.so.conf contents to the search path
+ if test -f /etc/ld.so.conf; then
+ lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+ sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
+ fi
+
+ # We used to test for /lib/ld.so.1 and disable shared libraries on
+ # powerpc, because MkLinux only supported shared libraries with the
+ # GNU dynamic linker. Since this was broken with cross compilers,
+ # most powerpc-linux boxes support dynamic linking these days and
+ # people can always --disable-shared, the test was removed, and we
+ # assume the GNU/Linux dynamic linker is in use.
+ dynamic_linker='GNU/Linux ld.so'
+ ;;
+
+netbsdelf*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='NetBSD ld.elf_so'
+ ;;
+
+netbsd*)
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ dynamic_linker='NetBSD (a.out) ld.so'
+ else
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='NetBSD ld.elf_so'
+ fi
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+
+newsos6)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ ;;
+
+*nto* | *qnx*)
+ version_type=qnx
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='ldqnx.so'
+ ;;
+
+openbsd*)
+ version_type=sunos
+ sys_lib_dlsearch_path_spec="/usr/lib"
+ need_lib_prefix=no
+ # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
+ case $host_os in
+ openbsd3.3 | openbsd3.3.*) need_version=yes ;;
+ *) need_version=no ;;
+ esac
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ case $host_os in
+ openbsd2.[89] | openbsd2.[89].*)
+ shlibpath_overrides_runpath=no
+ ;;
+ *)
+ shlibpath_overrides_runpath=yes
+ ;;
+ esac
+ else
+ shlibpath_overrides_runpath=yes
+ fi
+ ;;
+
+os2*)
+ libname_spec='$name'
+ shrext_cmds=".dll"
+ need_lib_prefix=no
+ library_names_spec='$libname${shared_ext} $libname.a'
+ dynamic_linker='OS/2 ld.exe'
+ shlibpath_var=LIBPATH
+ ;;
+
+osf3* | osf4* | osf5*)
+ version_type=osf
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
+ sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
+ ;;
+
+rdos*)
+ dynamic_linker=no
+ ;;
+
+solaris*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ # ldd complains unless libraries are executable
+ postinstall_cmds='chmod +x $lib'
+ ;;
+
+sunos4*)
+ version_type=sunos
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ if test "$with_gnu_ld" = yes; then
+ need_lib_prefix=no
+ fi
+ need_version=yes
+ ;;
+
+sysv4 | sysv4.3*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_vendor in
+ sni)
+ shlibpath_overrides_runpath=no
+ need_lib_prefix=no
+ runpath_var=LD_RUN_PATH
+ ;;
+ siemens)
+ need_lib_prefix=no
+ ;;
+ motorola)
+ need_lib_prefix=no
+ need_version=no
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
+ ;;
+ esac
+ ;;
+
+sysv4*MP*)
+ if test -d /usr/nec ;then
+ version_type=linux
+ library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
+ soname_spec='$libname${shared_ext}.$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ fi
+ ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+ version_type=freebsd-elf
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ if test "$with_gnu_ld" = yes; then
+ sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
+ else
+ sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
+ case $host_os in
+ sco3.2v5*)
+ sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
+ ;;
+ esac
+ fi
+ sys_lib_dlsearch_path_spec='/usr/lib'
+ ;;
+
+tpf*)
+ # TPF is a cross-target only. Preferred cross-host = GNU/Linux.
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+
+uts4*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+*)
+ dynamic_linker=no
+ ;;
+esac
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5
+$as_echo "$dynamic_linker" >&6; }
+test "$dynamic_linker" = no && can_build_shared=no
+
+variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
+if test "$GCC" = yes; then
+ variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
+fi
+
+if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then
+ sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec"
+fi
+if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then
+ sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec"
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5
+$as_echo_n "checking how to hardcode library paths into programs... " >&6; }
+hardcode_action=
+if test -n "$hardcode_libdir_flag_spec" ||
+ test -n "$runpath_var" ||
+ test "X$hardcode_automatic" = "Xyes" ; then
+
+ # We can hardcode non-existent directories.
+ if test "$hardcode_direct" != no &&
+ # If the only mechanism to avoid hardcoding is shlibpath_var, we
+ # have to relink, otherwise we might link with an installed library
+ # when we should be linking with a yet-to-be-installed one
+ ## test "$_LT_TAGVAR(hardcode_shlibpath_var, )" != no &&
+ test "$hardcode_minus_L" != no; then
+ # Linking always hardcodes the temporary library directory.
+ hardcode_action=relink
+ else
+ # We can link without hardcoding, and we can hardcode nonexisting dirs.
+ hardcode_action=immediate
+ fi
+else
+ # We cannot hardcode anything, or else we can only hardcode existing
+ # directories.
+ hardcode_action=unsupported
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5
+$as_echo "$hardcode_action" >&6; }
+
+if test "$hardcode_action" = relink ||
+ test "$inherit_rpath" = yes; then
+ # Fast installation is not supported
+ enable_fast_install=no
+elif test "$shlibpath_overrides_runpath" = yes ||
+ test "$enable_shared" = no; then
+ # Fast installation is not necessary
+ enable_fast_install=needless
+fi
+
+
+
+
+
+
+ if test "x$enable_dlopen" != xyes; then
+ enable_dlopen=unknown
+ enable_dlopen_self=unknown
+ enable_dlopen_self_static=unknown
+else
+ lt_cv_dlopen=no
+ lt_cv_dlopen_libs=
+
+ case $host_os in
+ beos*)
+ lt_cv_dlopen="load_add_on"
+ lt_cv_dlopen_libs=
+ lt_cv_dlopen_self=yes
+ ;;
+
+ mingw* | pw32* | cegcc*)
+ lt_cv_dlopen="LoadLibrary"
+ lt_cv_dlopen_libs=
+ ;;
+
+ cygwin*)
+ lt_cv_dlopen="dlopen"
+ lt_cv_dlopen_libs=
+ ;;
+
+ darwin*)
+ # if libdl is installed we need to link against it
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
+$as_echo_n "checking for dlopen in -ldl... " >&6; }
+if test "${ac_cv_lib_dl_dlopen+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
+int
+main ()
+{
+return dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_dl_dlopen=yes
+else
+ ac_cv_lib_dl_dlopen=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
+$as_echo "$ac_cv_lib_dl_dlopen" >&6; }
+if test "x$ac_cv_lib_dl_dlopen" = x""yes; then :
+ lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
+else
+
+ lt_cv_dlopen="dyld"
+ lt_cv_dlopen_libs=
+ lt_cv_dlopen_self=yes
+
+fi
+
+ ;;
+
+ *)
+ ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load"
+if test "x$ac_cv_func_shl_load" = x""yes; then :
+ lt_cv_dlopen="shl_load"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5
+$as_echo_n "checking for shl_load in -ldld... " >&6; }
+if test "${ac_cv_lib_dld_shl_load+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldld $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char shl_load ();
+int
+main ()
+{
+return shl_load ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_dld_shl_load=yes
+else
+ ac_cv_lib_dld_shl_load=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5
+$as_echo "$ac_cv_lib_dld_shl_load" >&6; }
+if test "x$ac_cv_lib_dld_shl_load" = x""yes; then :
+ lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld"
+else
+ ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen"
+if test "x$ac_cv_func_dlopen" = x""yes; then :
+ lt_cv_dlopen="dlopen"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
+$as_echo_n "checking for dlopen in -ldl... " >&6; }
+if test "${ac_cv_lib_dl_dlopen+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
+int
+main ()
+{
+return dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_dl_dlopen=yes
+else
+ ac_cv_lib_dl_dlopen=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
+$as_echo "$ac_cv_lib_dl_dlopen" >&6; }
+if test "x$ac_cv_lib_dl_dlopen" = x""yes; then :
+ lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5
+$as_echo_n "checking for dlopen in -lsvld... " >&6; }
+if test "${ac_cv_lib_svld_dlopen+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsvld $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
+int
+main ()
+{
+return dlopen ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_svld_dlopen=yes
+else
+ ac_cv_lib_svld_dlopen=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5
+$as_echo "$ac_cv_lib_svld_dlopen" >&6; }
+if test "x$ac_cv_lib_svld_dlopen" = x""yes; then :
+ lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5
+$as_echo_n "checking for dld_link in -ldld... " >&6; }
+if test "${ac_cv_lib_dld_dld_link+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldld $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dld_link ();
+int
+main ()
+{
+return dld_link ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_dld_dld_link=yes
+else
+ ac_cv_lib_dld_dld_link=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5
+$as_echo "$ac_cv_lib_dld_dld_link" >&6; }
+if test "x$ac_cv_lib_dld_dld_link" = x""yes; then :
+ lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld"
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+ ;;
+ esac
+
+ if test "x$lt_cv_dlopen" != xno; then
+ enable_dlopen=yes
+ else
+ enable_dlopen=no
+ fi
+
+ case $lt_cv_dlopen in
+ dlopen)
+ save_CPPFLAGS="$CPPFLAGS"
+ test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
+
+ save_LDFLAGS="$LDFLAGS"
+ wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
+
+ save_LIBS="$LIBS"
+ LIBS="$lt_cv_dlopen_libs $LIBS"
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5
+$as_echo_n "checking whether a program can dlopen itself... " >&6; }
+if test "${lt_cv_dlopen_self+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test "$cross_compiling" = yes; then :
+ lt_cv_dlopen_self=cross
+else
+ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<_LT_EOF
+#line 10682 "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+# define LT_DLGLOBAL RTLD_GLOBAL
+#else
+# ifdef DL_GLOBAL
+# define LT_DLGLOBAL DL_GLOBAL
+# else
+# define LT_DLGLOBAL 0
+# endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+ find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+# ifdef RTLD_LAZY
+# define LT_DLLAZY_OR_NOW RTLD_LAZY
+# else
+# ifdef DL_LAZY
+# define LT_DLLAZY_OR_NOW DL_LAZY
+# else
+# ifdef RTLD_NOW
+# define LT_DLLAZY_OR_NOW RTLD_NOW
+# else
+# ifdef DL_NOW
+# define LT_DLLAZY_OR_NOW DL_NOW
+# else
+# define LT_DLLAZY_OR_NOW 0
+# endif
+# endif
+# endif
+# endif
+#endif
+
+void fnord() { int i=42;}
+int main ()
+{
+ void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+ int status = $lt_dlunknown;
+
+ if (self)
+ {
+ if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
+ else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+ /* dlclose (self); */
+ }
+ else
+ puts (dlerror ());
+
+ return status;
+}
+_LT_EOF
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then
+ (./conftest; exit; ) >&5 2>/dev/null
+ lt_status=$?
+ case x$lt_status in
+ x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;;
+ x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;;
+ x$lt_dlunknown|x*) lt_cv_dlopen_self=no ;;
+ esac
+ else :
+ # compilation failed
+ lt_cv_dlopen_self=no
+ fi
+fi
+rm -fr conftest*
+
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5
+$as_echo "$lt_cv_dlopen_self" >&6; }
+
+ if test "x$lt_cv_dlopen_self" = xyes; then
+ wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5
+$as_echo_n "checking whether a statically linked program can dlopen itself... " >&6; }
+if test "${lt_cv_dlopen_self_static+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test "$cross_compiling" = yes; then :
+ lt_cv_dlopen_self_static=cross
+else
+ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<_LT_EOF
+#line 10778 "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+# define LT_DLGLOBAL RTLD_GLOBAL
+#else
+# ifdef DL_GLOBAL
+# define LT_DLGLOBAL DL_GLOBAL
+# else
+# define LT_DLGLOBAL 0
+# endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+ find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+# ifdef RTLD_LAZY
+# define LT_DLLAZY_OR_NOW RTLD_LAZY
+# else
+# ifdef DL_LAZY
+# define LT_DLLAZY_OR_NOW DL_LAZY
+# else
+# ifdef RTLD_NOW
+# define LT_DLLAZY_OR_NOW RTLD_NOW
+# else
+# ifdef DL_NOW
+# define LT_DLLAZY_OR_NOW DL_NOW
+# else
+# define LT_DLLAZY_OR_NOW 0
+# endif
+# endif
+# endif
+# endif
+#endif
+
+void fnord() { int i=42;}
+int main ()
+{
+ void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+ int status = $lt_dlunknown;
+
+ if (self)
+ {
+ if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
+ else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+ /* dlclose (self); */
+ }
+ else
+ puts (dlerror ());
+
+ return status;
+}
+_LT_EOF
+ if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
+ (eval $ac_link) 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then
+ (./conftest; exit; ) >&5 2>/dev/null
+ lt_status=$?
+ case x$lt_status in
+ x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;;
+ x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;;
+ x$lt_dlunknown|x*) lt_cv_dlopen_self_static=no ;;
+ esac
+ else :
+ # compilation failed
+ lt_cv_dlopen_self_static=no
+ fi
+fi
+rm -fr conftest*
+
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5
+$as_echo "$lt_cv_dlopen_self_static" >&6; }
+ fi
+
+ CPPFLAGS="$save_CPPFLAGS"
+ LDFLAGS="$save_LDFLAGS"
+ LIBS="$save_LIBS"
+ ;;
+ esac
+
+ case $lt_cv_dlopen_self in
+ yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
+ *) enable_dlopen_self=unknown ;;
+ esac
+
+ case $lt_cv_dlopen_self_static in
+ yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
+ *) enable_dlopen_self_static=unknown ;;
+ esac
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+striplib=
+old_striplib=
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5
+$as_echo_n "checking whether stripping libraries is possible... " >&6; }
+if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
+ test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
+ test -z "$striplib" && striplib="$STRIP --strip-unneeded"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+# FIXME - insert some real tests, host_os isn't really good enough
+ case $host_os in
+ darwin*)
+ if test -n "$STRIP" ; then
+ striplib="$STRIP -x"
+ old_striplib="$STRIP -S"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+ ;;
+ *)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ ;;
+ esac
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+ # Report which library types will actually be built
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5
+$as_echo_n "checking if libtool supports shared libraries... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5
+$as_echo "$can_build_shared" >&6; }
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5
+$as_echo_n "checking whether to build shared libraries... " >&6; }
+ test "$can_build_shared" = "no" && enable_shared=no
+
+ # On AIX, shared libraries and static libraries use the same namespace, and
+ # are all built from PIC.
+ case $host_os in
+ aix3*)
+ test "$enable_shared" = yes && enable_static=no
+ if test -n "$RANLIB"; then
+ archive_cmds="$archive_cmds~\$RANLIB \$lib"
+ postinstall_cmds='$RANLIB $lib'
+ fi
+ ;;
+
+ aix[4-9]*)
+ if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
+ test "$enable_shared" = yes && enable_static=no
+ fi
+ ;;
+ esac
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5
+$as_echo "$enable_shared" >&6; }
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5
+$as_echo_n "checking whether to build static libraries... " >&6; }
+ # Make sure either enable_shared or enable_static is yes.
+ test "$enable_shared" = yes || enable_static=yes
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5
+$as_echo "$enable_static" >&6; }
+
+
+
+
+fi
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+CC="$lt_save_CC"
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ac_config_commands="$ac_config_commands libtool"
+
+
+
+
+# Only expand once:
+
+
+
+
+
+if test "z$RM" == "z" ; then
+ # Extract the first word of "rm", so it can be a program name with args.
+set dummy rm; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_path_RM+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $RM in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_RM="$RM" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_RM="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ test -z "$ac_cv_path_RM" && ac_cv_path_RM="/bin/rm"
+ ;;
+esac
+fi
+RM=$ac_cv_path_RM
+if test -n "$RM"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RM" >&5
+$as_echo "$RM" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+# Extract the first word of "cp", so it can be a program name with args.
+set dummy cp; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_path_CP+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $CP in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_CP="$CP" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_CP="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ test -z "$ac_cv_path_CP" && ac_cv_path_CP="/bin/cp"
+ ;;
+esac
+fi
+CP=$ac_cv_path_CP
+if test -n "$CP"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CP" >&5
+$as_echo "$CP" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# Extract the first word of "mv", so it can be a program name with args.
+set dummy mv; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_path_MV+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $MV in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_MV="$MV" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_MV="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ test -z "$ac_cv_path_MV" && ac_cv_path_MV="/bin/mv"
+ ;;
+esac
+fi
+MV=$ac_cv_path_MV
+if test -n "$MV"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MV" >&5
+$as_echo "$MV" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# Extract the first word of "tar", so it can be a program name with args.
+set dummy tar; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_path_TAR+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $TAR in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_TAR="$TAR" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_TAR="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ test -z "$ac_cv_path_TAR" && ac_cv_path_TAR="/bin/tar"
+ ;;
+esac
+fi
+TAR=$ac_cv_path_TAR
+if test -n "$TAR"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $TAR" >&5
+$as_echo "$TAR" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# Extract the first word of "help2man", so it can be a program name with args.
+set dummy help2man; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_path_HELP2MAN+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $HELP2MAN in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_HELP2MAN="$HELP2MAN" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_HELP2MAN="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+HELP2MAN=$ac_cv_path_HELP2MAN
+if test -n "$HELP2MAN"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $HELP2MAN" >&5
+$as_echo "$HELP2MAN" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# Extract the first word of "man2html", so it can be a program name with args.
+set dummy man2html; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_path_MAN2HTML+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $MAN2HTML in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_MAN2HTML="$MAN2HTML" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_MAN2HTML="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+MAN2HTML=$ac_cv_path_MAN2HTML
+if test -n "$MAN2HTML"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAN2HTML" >&5
+$as_echo "$MAN2HTML" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for function prototypes" >&5
+$as_echo_n "checking for function prototypes... " >&6; }
+if test "$ac_cv_prog_cc_c89" != no; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+$as_echo "#define PROTOTYPES 1" >>confdefs.h
+
+
+$as_echo "#define __PROTOTYPES 1" >>confdefs.h
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+if test "$ac_cv_prog_cc_stdc" != no; then
+ U= ANSI2KNR=
+else
+ U=_ ANSI2KNR=./ansi2knr
+fi
+# Ensure some checks needed by ansi2knr itself.
+
+for ac_header in string.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "string.h" "ac_cv_header_string_h" "$ac_includes_default"
+if test "x$ac_cv_header_string_h" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_STRING_H 1
+_ACEOF
+
+fi
+
+done
+
+
+test "z$U" != "z" && as_fn_error $? "Compiler not ANSI compliant" "$LINENO" 5
+
+ac_header_dirent=no
+for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h; do
+ as_ac_Header=`$as_echo "ac_cv_header_dirent_$ac_hdr" | $as_tr_sh`
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_hdr that defines DIR" >&5
+$as_echo_n "checking for $ac_hdr that defines DIR... " >&6; }
+if eval "test \"\${$as_ac_Header+set}\"" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <sys/types.h>
+#include <$ac_hdr>
+
+int
+main ()
+{
+if ((DIR *) 0)
+return 0;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ eval "$as_ac_Header=yes"
+else
+ eval "$as_ac_Header=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$as_ac_Header
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_hdr" | $as_tr_cpp` 1
+_ACEOF
+
+ac_header_dirent=$ac_hdr; break
+fi
+
+done
+# Two versions of opendir et al. are in -ldir and -lx on SCO Xenix.
+if test $ac_header_dirent = dirent.h; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5
+$as_echo_n "checking for library containing opendir... " >&6; }
+if test "${ac_cv_search_opendir+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char opendir ();
+int
+main ()
+{
+return opendir ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' dir; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_opendir=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if test "${ac_cv_search_opendir+set}" = set; then :
+ break
+fi
+done
+if test "${ac_cv_search_opendir+set}" = set; then :
+
+else
+ ac_cv_search_opendir=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5
+$as_echo "$ac_cv_search_opendir" >&6; }
+ac_res=$ac_cv_search_opendir
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5
+$as_echo_n "checking for library containing opendir... " >&6; }
+if test "${ac_cv_search_opendir+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char opendir ();
+int
+main ()
+{
+return opendir ();
+ ;
+ return 0;
+}
+_ACEOF
+for ac_lib in '' x; do
+ if test -z "$ac_lib"; then
+ ac_res="none required"
+ else
+ ac_res=-l$ac_lib
+ LIBS="-l$ac_lib $ac_func_search_save_LIBS"
+ fi
+ if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_search_opendir=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext
+ if test "${ac_cv_search_opendir+set}" = set; then :
+ break
+fi
+done
+if test "${ac_cv_search_opendir+set}" = set; then :
+
+else
+ ac_cv_search_opendir=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5
+$as_echo "$ac_cv_search_opendir" >&6; }
+ac_res=$ac_cv_search_opendir
+if test "$ac_res" != no; then :
+ test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
+$as_echo_n "checking for ANSI C header files... " >&6; }
+if test "${ac_cv_header_stdc+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <float.h>
+
+int
+main ()
+{
+
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_cv_header_stdc=yes
+else
+ ac_cv_header_stdc=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+if test $ac_cv_header_stdc = yes; then
+ # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <string.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "memchr" >/dev/null 2>&1; then :
+
+else
+ ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+ # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <stdlib.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "free" >/dev/null 2>&1; then :
+
+else
+ ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+ # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+ if test "$cross_compiling" = yes; then :
+ :
+else
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+#include <ctype.h>
+#include <stdlib.h>
+#if ((' ' & 0x0FF) == 0x020)
+# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#else
+# define ISLOWER(c) \
+ (('a' <= (c) && (c) <= 'i') \
+ || ('j' <= (c) && (c) <= 'r') \
+ || ('s' <= (c) && (c) <= 'z'))
+# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
+#endif
+
+#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
+int
+main ()
+{
+ int i;
+ for (i = 0; i < 256; i++)
+ if (XOR (islower (i), ISLOWER (i))
+ || toupper (i) != TOUPPER (i))
+ return 2;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+else
+ ac_cv_header_stdc=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+ conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5
+$as_echo "$ac_cv_header_stdc" >&6; }
+if test $ac_cv_header_stdc = yes; then
+
+$as_echo "#define STDC_HEADERS 1" >>confdefs.h
+
+fi
+
+for ac_header in stdio.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "stdio.h" "ac_cv_header_stdio_h" "$ac_includes_default"
+if test "x$ac_cv_header_stdio_h" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_STDIO_H 1
+_ACEOF
+
+fi
+
+done
+
+for ac_header in stdlib.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "stdlib.h" "ac_cv_header_stdlib_h" "$ac_includes_default"
+if test "x$ac_cv_header_stdlib_h" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_STDLIB_H 1
+_ACEOF
+
+fi
+
+done
+
+for ac_header in string.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "string.h" "ac_cv_header_string_h" "$ac_includes_default"
+if test "x$ac_cv_header_string_h" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_STRING_H 1
+_ACEOF
+
+fi
+
+done
+
+for ac_header in ctype.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "ctype.h" "ac_cv_header_ctype_h" "$ac_includes_default"
+if test "x$ac_cv_header_ctype_h" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_CTYPE_H 1
+_ACEOF
+
+fi
+
+done
+
+for ac_header in errno.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "errno.h" "ac_cv_header_errno_h" "$ac_includes_default"
+if test "x$ac_cv_header_errno_h" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_ERRNO_H 1
+_ACEOF
+
+fi
+
+done
+
+for ac_header in ansidecl.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "ansidecl.h" "ac_cv_header_ansidecl_h" "$ac_includes_default"
+if test "x$ac_cv_header_ansidecl_h" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_ANSIDECL_H 1
+_ACEOF
+
+fi
+
+done
+
+for ac_header in time.h
+do :
+ ac_fn_c_check_header_mongrel "$LINENO" "time.h" "ac_cv_header_time_h" "$ac_includes_default"
+if test "x$ac_cv_header_time_h" = x""yes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_TIME_H 1
+_ACEOF
+
+fi
+
+done
+
+for ac_func in strchr strrchr printf sprintf fprintf snprintf vfprintf vsprintf vsnprintf sscanf timegm
+do :
+ as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+if eval test \"x\$"$as_ac_var"\" = x"yes"; then :
+ cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+XMLSEC_DEFINES=""
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for development environment" >&5
+$as_echo_n "checking for development environment... " >&6; }
+# Check whether --enable-development was given.
+if test "${enable_development+set}" = set; then :
+ enableval=$enable_development;
+fi
+
+if test "z$enable_development" = "zyes" ; then
+ enable_debuging="yes"
+ enable_pedantic="yes"
+ enable_static_linking="yes"
+ enable_crypto_dl="no"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+XMLSEC_EXTRA_LDFLAGS=
+XMLSEC_CRYPTO_EXTRA_LDFLAGS=
+
+xmlsec_sharedlib_hack="no"
+if test -n "$shrext"; then
+ XMLSEC_SHLIBSFX="$shrext"
+else
+ XMLSEC_SHLIBSFX="$shrext_cmds"
+fi
+case "${host}" in
+ *aix* )
+ CFLAGS="${CFLAGS} -D_ALL_SOURCE"
+ ;;
+ *-*-mingw*)
+ XMLSEC_EXTRA_LDFLAGS="-no-undefined -avoid-version"
+ XMLSEC_CRYPTO_EXTRA_LDFLAGS="-no-undefined -avoid-version"
+ XMLSEC_SHLIBSFX=".dll.a"
+ xmlsec_sharedlib_hack="yes"
+ ;;
+ *-*-cygwin*)
+ XMLSEC_EXTRA_LDFLAGS="-no-undefined"
+ XMLSEC_CRYPTO_EXTRA_LDFLAGS="-no-undefined"
+ ;;
+esac
+
+# To avoid problem with loading of a shared library (dlopen or equivalent)
+# at run time on some platforms we need to link crypto modules with extra
+# source. It's work without hack on 9x and under emulation.
+# On nt 5.x (w2k,xp) the error is 998("Invalid access to memory location").
+ if test "z$xmlsec_sharedlib_hack" = "zyes"; then
+ SHAREDLIB_HACK_TRUE=
+ SHAREDLIB_HACK_FALSE='#'
+else
+ SHAREDLIB_HACK_TRUE='#'
+ SHAREDLIB_HACK_FALSE=
+fi
+
+
+if test "z$shrext" == "z" ; then
+ shrext=$shrext_cmds
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for __FUNCTION__ or __func__" >&5
+$as_echo_n "checking for __FUNCTION__ or __func__... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+char *foo = __FUNCTION__;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_function_exists=yes
+else
+ ac_function_exists=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+int
+main ()
+{
+char *foo = __func__;
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+ ac_func_exists=yes
+else
+ ac_func_exists=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+if test "z$ac_function_exists" = "zyes" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: __FUNCTION__" >&5
+$as_echo "__FUNCTION__" >&6; }
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -D__XMLSEC_FUNCTION__=__FUNCTION__"
+elif test "z$ac_func_exists" = "zyes" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: __func__" >&5
+$as_echo "__func__" >&6; }
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -D__XMLSEC_FUNCTION__=__func__"
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: \"no\"" >&5
+$as_echo "\"no\"" >&6; }
+fi
+
+# The cast to long int works around a bug in the HP C Compiler
+# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects
+# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'.
+# This bug is HP SR number 8606223364.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of size_t" >&5
+$as_echo_n "checking size of size_t... " >&6; }
+if test "${ac_cv_sizeof_size_t+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (size_t))" "ac_cv_sizeof_size_t" "$ac_includes_default"; then :
+
+else
+ if test "$ac_cv_type_size_t" = yes; then
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error 77 "cannot compute sizeof (size_t)
+See \`config.log' for more details" "$LINENO" 5 ; }
+ else
+ ac_cv_sizeof_size_t=0
+ fi
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_size_t" >&5
+$as_echo "$ac_cv_sizeof_size_t" >&6; }
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define SIZEOF_SIZE_T $ac_cv_sizeof_size_t
+_ACEOF
+
+
+if test "$ac_cv_sizeof_size_t" -ne "4" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_SIZE_T"
+fi
+
+PKG_CONFIG="pkg-config"
+PKGCONFIG_FOUND="no"
+# Check whether --enable-pkgconfig was given.
+if test "${enable_pkgconfig+set}" = set; then :
+ enableval=$enable_pkgconfig;
+fi
+
+if test "z$enable_pkgconfig" != "zno" ; then
+ # Extract the first word of "$PKG_CONFIG", so it can be a program name with args.
+set dummy $PKG_CONFIG; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_PKGCONFIG_PRESENT+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test -n "$PKGCONFIG_PRESENT"; then
+ ac_cv_prog_PKGCONFIG_PRESENT="$PKGCONFIG_PRESENT" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_prog_PKGCONFIG_PRESENT="yes"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ test -z "$ac_cv_prog_PKGCONFIG_PRESENT" && ac_cv_prog_PKGCONFIG_PRESENT="no"
+fi
+fi
+PKGCONFIG_PRESENT=$ac_cv_prog_PKGCONFIG_PRESENT
+if test -n "$PKGCONFIG_PRESENT"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKGCONFIG_PRESENT" >&5
+$as_echo "$PKGCONFIG_PRESENT" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ if test "z$PKGCONFIG_PRESENT" = "zyes" ; then
+ if $PKG_CONFIG --atleast-pkgconfig-version 0.9 ; then
+ PKGCONFIG_FOUND="yes"
+ fi
+ fi
+fi
+
+LIBXML_MIN_VERSION="2.7.4"
+LIBXML_CONFIG="xml2-config"
+LIBXML_CFLAGS=""
+LIBXML_LIBS=""
+LIBXML_FOUND="no"
+
+# Check whether --with-libxml was given.
+if test "${with_libxml+set}" = set; then :
+ withval=$with_libxml;
+fi
+
+
+# Check whether --with-libxml-src was given.
+if test "${with_libxml_src+set}" = set; then :
+ withval=$with_libxml_src;
+fi
+
+
+if test "z$with_libxml" = "zno" -o "z$with_libxml_src" = "zno"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libxml2 libraries >= $LIBXML_MIN_VERSION" >&5
+$as_echo_n "checking for libxml2 libraries >= $LIBXML_MIN_VERSION... " >&6; }
+ as_fn_error $? "libxml2 >= $LIBXML_MIN_VERSION is required for $XMLSEC_PACKAGE" "$LINENO" 5
+elif test "z$with_libxml_src" != "z" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libxml2 libraries >= $LIBXML_MIN_VERSION" >&5
+$as_echo_n "checking for libxml2 libraries >= $LIBXML_MIN_VERSION... " >&6; }
+ CWD=`pwd`
+ if cd "$with_libxml_src" ; then
+ SRC_DIR=`pwd`
+ LIBXML_CONFIG=${SRC_DIR}/xml2-config
+ LIBXML_LIBS="-L${SRC_DIR}/.libs -lxml2"
+ LIBXML_CFLAGS="-I${SRC_DIR}/include"
+ LIBXML_FOUND="yes"
+ cd $CWD
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes (source)" >&5
+$as_echo "yes (source)" >&6; }
+ else
+ as_fn_error $? "libxml source dir not found (${with_libxml_src}), typo?" "$LINENO" 5
+ fi
+elif test "z$with_libxml" = "z" -a "z$PKGCONFIG_FOUND" = "zyes" ; then
+
+
+
+
+
+
+if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
+ if test -n "$ac_tool_prefix"; then
+ # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args.
+set dummy ${ac_tool_prefix}pkg-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_path_PKG_CONFIG+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $PKG_CONFIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+PKG_CONFIG=$ac_cv_path_PKG_CONFIG
+if test -n "$PKG_CONFIG"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5
+$as_echo "$PKG_CONFIG" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_path_PKG_CONFIG"; then
+ ac_pt_PKG_CONFIG=$PKG_CONFIG
+ # Extract the first word of "pkg-config", so it can be a program name with args.
+set dummy pkg-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_path_ac_pt_PKG_CONFIG+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $ac_pt_PKG_CONFIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG
+if test -n "$ac_pt_PKG_CONFIG"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5
+$as_echo "$ac_pt_PKG_CONFIG" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+ if test "x$ac_pt_PKG_CONFIG" = x; then
+ PKG_CONFIG=""
+ else
+ case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+ PKG_CONFIG=$ac_pt_PKG_CONFIG
+ fi
+else
+ PKG_CONFIG="$ac_cv_path_PKG_CONFIG"
+fi
+
+fi
+if test -n "$PKG_CONFIG"; then
+ _pkg_min_version=0.9.0
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5
+$as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; }
+ if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ PKG_CONFIG=""
+ fi
+fi
+
+pkg_failed=no
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LIBXML" >&5
+$as_echo_n "checking for LIBXML... " >&6; }
+
+if test -n "$LIBXML_CFLAGS"; then
+ pkg_cv_LIBXML_CFLAGS="$LIBXML_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libxml-2.0 >= \$LIBXML_MIN_VERSION\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "libxml-2.0 >= $LIBXML_MIN_VERSION") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_LIBXML_CFLAGS=`$PKG_CONFIG --cflags "libxml-2.0 >= $LIBXML_MIN_VERSION" 2>/dev/null`
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+if test -n "$LIBXML_LIBS"; then
+ pkg_cv_LIBXML_LIBS="$LIBXML_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libxml-2.0 >= \$LIBXML_MIN_VERSION\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "libxml-2.0 >= $LIBXML_MIN_VERSION") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_LIBXML_LIBS=`$PKG_CONFIG --libs "libxml-2.0 >= $LIBXML_MIN_VERSION" 2>/dev/null`
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+
+
+
+if test $pkg_failed = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+ _pkg_short_errors_supported=yes
+else
+ _pkg_short_errors_supported=no
+fi
+ if test $_pkg_short_errors_supported = yes; then
+ LIBXML_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "libxml-2.0 >= $LIBXML_MIN_VERSION" 2>&1`
+ else
+ LIBXML_PKG_ERRORS=`$PKG_CONFIG --print-errors "libxml-2.0 >= $LIBXML_MIN_VERSION" 2>&1`
+ fi
+ # Put the nasty error message in config.log where it belongs
+ echo "$LIBXML_PKG_ERRORS" >&5
+
+ LIBXML_FOUND=no
+elif test $pkg_failed = untried; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ LIBXML_FOUND=no
+else
+ LIBXML_CFLAGS=$pkg_cv_LIBXML_CFLAGS
+ LIBXML_LIBS=$pkg_cv_LIBXML_LIBS
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ LIBXML_FOUND=yes
+fi
+fi
+if test "z$LIBXML_FOUND" = "zno" ; then
+ if test "z$with_libxml" != "zyes" ; then
+ if test "z$with_libxml" != "z" ; then
+ # Extract the first word of "$LIBXML_CONFIG", so it can be a program name with args.
+set dummy $LIBXML_CONFIG; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_path_LIBXML_CONFIG+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $LIBXML_CONFIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_LIBXML_CONFIG="$LIBXML_CONFIG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_dummy="$with_libxml/bin:$PATH"
+for as_dir in $as_dummy
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_LIBXML_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+LIBXML_CONFIG=$ac_cv_path_LIBXML_CONFIG
+if test -n "$LIBXML_CONFIG"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBXML_CONFIG" >&5
+$as_echo "$LIBXML_CONFIG" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ else
+ # Extract the first word of "$LIBXML_CONFIG", so it can be a program name with args.
+set dummy $LIBXML_CONFIG; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_path_LIBXML_CONFIG+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $LIBXML_CONFIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_LIBXML_CONFIG="$LIBXML_CONFIG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_LIBXML_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+LIBXML_CONFIG=$ac_cv_path_LIBXML_CONFIG
+if test -n "$LIBXML_CONFIG"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBXML_CONFIG" >&5
+$as_echo "$LIBXML_CONFIG" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ fi
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking libxml2 $LIBXML_CONFIG " >&5
+$as_echo_n "checking libxml2 $LIBXML_CONFIG ... " >&6; }
+ if ! LIBXML_VERSION=`$LIBXML_CONFIG --version 2>/dev/null`; then
+ as_fn_error $? "Could not find libxml2 anywhere." "$LINENO" 5
+ fi
+ vers=`echo $LIBXML_VERSION | awk -F. '{ printf "%d", ($1 * 1000 + $2) * 1000 + $3;}'`
+ minvers=`echo $LIBXML_MIN_VERSION | awk -F. '{ printf "%d", ($1 * 1000 + $2) * 1000 + $3;}'`
+ if test "$vers" -ge "$minvers" ; then
+ LIBXML_LIBS="`$LIBXML_CONFIG --libs`"
+ LIBXML_CFLAGS="`$LIBXML_CONFIG --cflags`"
+ LIBXML_FOUND="yes"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes ('$LIBXML_VERSION')" >&5
+$as_echo "yes ('$LIBXML_VERSION')" >&6; }
+ else
+ as_fn_error $? "You need at least libxml2 $LIBXML_MIN_VERSION for this version of $XMLSEC_PACKAGE" "$LINENO" 5
+ fi
+fi
+
+
+
+
+
+
+XMLSEC_NO_LIBXSLT="1"
+LIBXSLT_MIN_VERSION=1.0.20
+LIBXSLT_CONFIG="xslt-config"
+LIBXSLT_CFLAGS=""
+LIBXSLT_LIBS=""
+LIBXSLT_FOUND="no"
+
+# Check whether --with-libxslt was given.
+if test "${with_libxslt+set}" = set; then :
+ withval=$with_libxslt;
+fi
+
+
+# Check whether --with-libxslt-src was given.
+if test "${with_libxslt_src+set}" = set; then :
+ withval=$with_libxslt_src;
+fi
+
+if test "z$with_libxslt" = "zno" -o "z$with_libxslt_src" = "zno" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libxslt libraries >= $LIBXSLT_MIN_VERSION" >&5
+$as_echo_n "checking for libxslt libraries >= $LIBXSLT_MIN_VERSION... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ LIBXSLT_FOUND="without"
+elif test "z$with_libxslt_src" != "z" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libxslt libraries >= $LIBXSLT_MIN_VERSION" >&5
+$as_echo_n "checking for libxslt libraries >= $LIBXSLT_MIN_VERSION... " >&6; }
+ CWD=`pwd`
+ if cd "$with_libxslt_src" ; then
+ SRC_DIR=`pwd`
+ LIBXSLT_CONFIG=${SRC_DIR}/xslt-config
+ LIBXSLT_LIBS="-L${SRC_DIR}/libxslt/.libs -lxslt"
+ LIBXSLT_CFLAGS="-I${SRC_DIR}"
+ LIBXSLT_FOUND="yes"
+ cd $CWD
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes (source)" >&5
+$as_echo "yes (source)" >&6; }
+ else
+ as_fn_error $? "libxslt source dir not found (${with_libxslt_src}), typo?" "$LINENO" 5
+ fi
+elif test "z$with_libxslt" = "z" -a "z$PKGCONFIG_FOUND" = "zyes" ; then
+
+pkg_failed=no
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LIBXSLT" >&5
+$as_echo_n "checking for LIBXSLT... " >&6; }
+
+if test -n "$LIBXSLT_CFLAGS"; then
+ pkg_cv_LIBXSLT_CFLAGS="$LIBXSLT_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libxslt >= \$LIBXSLT_MIN_VERSION\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "libxslt >= $LIBXSLT_MIN_VERSION") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_LIBXSLT_CFLAGS=`$PKG_CONFIG --cflags "libxslt >= $LIBXSLT_MIN_VERSION" 2>/dev/null`
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+if test -n "$LIBXSLT_LIBS"; then
+ pkg_cv_LIBXSLT_LIBS="$LIBXSLT_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libxslt >= \$LIBXSLT_MIN_VERSION\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "libxslt >= $LIBXSLT_MIN_VERSION") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_LIBXSLT_LIBS=`$PKG_CONFIG --libs "libxslt >= $LIBXSLT_MIN_VERSION" 2>/dev/null`
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+
+
+
+if test $pkg_failed = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+ _pkg_short_errors_supported=yes
+else
+ _pkg_short_errors_supported=no
+fi
+ if test $_pkg_short_errors_supported = yes; then
+ LIBXSLT_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "libxslt >= $LIBXSLT_MIN_VERSION" 2>&1`
+ else
+ LIBXSLT_PKG_ERRORS=`$PKG_CONFIG --print-errors "libxslt >= $LIBXSLT_MIN_VERSION" 2>&1`
+ fi
+ # Put the nasty error message in config.log where it belongs
+ echo "$LIBXSLT_PKG_ERRORS" >&5
+
+ LIBXSLT_FOUND=no
+elif test $pkg_failed = untried; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ LIBXSLT_FOUND=no
+else
+ LIBXSLT_CFLAGS=$pkg_cv_LIBXSLT_CFLAGS
+ LIBXSLT_LIBS=$pkg_cv_LIBXSLT_LIBS
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ LIBXSLT_FOUND=yes
+fi
+fi
+
+if test "z$LIBXSLT_FOUND" = "zno" ; then
+ if test "z$with_libxslt" != "zyes" ; then
+ if test "z$with_libxslt" != "z" ; then
+ # Extract the first word of "$LIBXSLT_CONFIG", so it can be a program name with args.
+set dummy $LIBXSLT_CONFIG; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_path_LIBXSLT_CONFIG+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $LIBXSLT_CONFIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_LIBXSLT_CONFIG="$LIBXSLT_CONFIG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_dummy="$with_libxslt/bin:$PATH"
+for as_dir in $as_dummy
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_LIBXSLT_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+LIBXSLT_CONFIG=$ac_cv_path_LIBXSLT_CONFIG
+if test -n "$LIBXSLT_CONFIG"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBXSLT_CONFIG" >&5
+$as_echo "$LIBXSLT_CONFIG" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ else
+ # Extract the first word of "$LIBXSLT_CONFIG", so it can be a program name with args.
+set dummy $LIBXSLT_CONFIG; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_path_LIBXSLT_CONFIG+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $LIBXSLT_CONFIG in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_LIBXSLT_CONFIG="$LIBXSLT_CONFIG" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+ ac_cv_path_LIBXSLT_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+fi
+LIBXSLT_CONFIG=$ac_cv_path_LIBXSLT_CONFIG
+if test -n "$LIBXSLT_CONFIG"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBXSLT_CONFIG" >&5
+$as_echo "$LIBXSLT_CONFIG" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+ fi
+ fi
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libxslt libraries >= $LIBXSLT_MIN_VERSION" >&5
+$as_echo_n "checking for libxslt libraries >= $LIBXSLT_MIN_VERSION... " >&6; }
+ if ! LIBXSLT_VERSION=`$LIBXSLT_CONFIG --version 2>/dev/null`; then
+ if test "z$with_libxslt" != "zyes" ; then
+ as_fn_error $? "Unable to find libxslt at '$with_libxslt'" "$LINENO" 5
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+ else
+ vers=`echo $LIBXSLT_VERSION | awk -F. '{ printf "%d", ($1 * 1000 + $2) * 1000 + $3;}'`
+ minvers=`echo $LIBXSLT_MIN_VERSION | awk -F. '{ printf "%d", ($1 * 1000 + $2) * 1000 + $3;}'`
+ if test "$vers" -ge "$minvers" ; then
+ LIBXSLT_LIBS="`$LIBXSLT_CONFIG --libs`"
+ LIBXSLT_CFLAGS="`$LIBXSLT_CONFIG --cflags`"
+ LIBXSLT_FOUND="yes"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes ('$LIBXSLT_VERSION')" >&5
+$as_echo "yes ('$LIBXSLT_VERSION')" >&6; }
+ else
+ as_fn_error $? "You need at least libxslt $LIBXSLT_MIN_VERSION for this version of $XMLSEC_PACKAGE" "$LINENO" 5
+ fi
+ fi
+fi
+
+if test "z$LIBXSLT_FOUND" = "zyes" ; then
+ XMLSEC_NO_LIBXSLT="0"
+else
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_XSLT=1"
+fi
+
+
+
+
+
+
+
+XMLSEC_CRYPTO_LIST=""
+XMLSEC_CRYPTO_DISABLED_LIST=""
+
+ac_openssl_lib_dir="/usr/local/lib /usr/lib /usr/lib64 /usr/local /usr/local/ssl /usr/local/ssl/lib /usr/pkg"
+ac_openssl_inc_dir="/usr/local/include /usr/include /usr/local /usr/local/ssl /usr/pkg /usr/local/ssl/include"
+
+XMLSEC_NO_OPENSSL="1"
+OPENSSL_MIN_VERSION="0.9.6"
+OPENSSL_VERSION=""
+OPENSSL_CFLAGS=""
+OPENSSL_LIBS=""
+OPENSSL_CRYPTO_LIB="$XMLSEC_PACKAGE-openssl"
+OPENSSL_FOUND=no
+
+# Check whether --with-openssl was given.
+if test "${with_openssl+set}" = set; then :
+ withval=$with_openssl;
+fi
+
+if test "z$with_openssl" = "zno" ; then
+ OPENSSL_FOUND=without
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for openssl libraries >= $OPENSSL_MIN_VERSION" >&5
+$as_echo_n "checking for openssl libraries >= $OPENSSL_MIN_VERSION... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+elif test "z$with_openssl" != "z" ; then
+ case $host in
+ *-*-mingw*) openssl_exlibs=;;
+ *-*-osf5*) openssl_exlibs=;;
+ *-*-openbsd*) openssl_exlibs=;;
+ *-*-netbsd*) openssl_exlibs=;;
+ #FIXME: check if lib "dl" is required
+ *) openssl_exlibs=-ldl;;
+ esac
+ OPENSSL_CFLAGS="$OPENSSL_CFLAGS -I$with_openssl/include"
+ if test -f "$with_openssl/lib/libcrypto${XMLSEC_SHLIBSFX}" ; then
+ OPENSSL_LIBS="-L$with_openssl/lib -lcrypto $openssl_exlibs"
+ else
+ OPENSSL_LIBS="$with_openssl/lib/libcrypto.a $openssl_exlibs"
+ fi
+ OPENSSL_FOUND="yes"
+elif test "z$PKGCONFIG_FOUND" = "zyes" ; then
+ if test "z$OPENSSL_VERSION" = "z" ; then
+
+pkg_failed=no
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for OPENSSL" >&5
+$as_echo_n "checking for OPENSSL... " >&6; }
+
+if test -n "$OPENSSL_CFLAGS"; then
+ pkg_cv_OPENSSL_CFLAGS="$OPENSSL_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl >= 0.9.8\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "openssl >= 0.9.8") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_OPENSSL_CFLAGS=`$PKG_CONFIG --cflags "openssl >= 0.9.8" 2>/dev/null`
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+if test -n "$OPENSSL_LIBS"; then
+ pkg_cv_OPENSSL_LIBS="$OPENSSL_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl >= 0.9.8\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "openssl >= 0.9.8") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_OPENSSL_LIBS=`$PKG_CONFIG --libs "openssl >= 0.9.8" 2>/dev/null`
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+
+
+
+if test $pkg_failed = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+ _pkg_short_errors_supported=yes
+else
+ _pkg_short_errors_supported=no
+fi
+ if test $_pkg_short_errors_supported = yes; then
+ OPENSSL_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "openssl >= 0.9.8" 2>&1`
+ else
+ OPENSSL_PKG_ERRORS=`$PKG_CONFIG --print-errors "openssl >= 0.9.8" 2>&1`
+ fi
+ # Put the nasty error message in config.log where it belongs
+ echo "$OPENSSL_PKG_ERRORS" >&5
+
+ OPENSSL_VERSION=""
+elif test $pkg_failed = untried; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ OPENSSL_VERSION=""
+else
+ OPENSSL_CFLAGS=$pkg_cv_OPENSSL_CFLAGS
+ OPENSSL_LIBS=$pkg_cv_OPENSSL_LIBS
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ OPENSSL_VERSION="0.9.8"
+fi
+ fi
+
+ if test "z$OPENSSL_VERSION" = "z" ; then
+
+pkg_failed=no
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for OPENSSL" >&5
+$as_echo_n "checking for OPENSSL... " >&6; }
+
+if test -n "$OPENSSL_CFLAGS"; then
+ pkg_cv_OPENSSL_CFLAGS="$OPENSSL_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl >= 0.9.7\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "openssl >= 0.9.7") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_OPENSSL_CFLAGS=`$PKG_CONFIG --cflags "openssl >= 0.9.7" 2>/dev/null`
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+if test -n "$OPENSSL_LIBS"; then
+ pkg_cv_OPENSSL_LIBS="$OPENSSL_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl >= 0.9.7\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "openssl >= 0.9.7") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_OPENSSL_LIBS=`$PKG_CONFIG --libs "openssl >= 0.9.7" 2>/dev/null`
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+
+
+
+if test $pkg_failed = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+ _pkg_short_errors_supported=yes
+else
+ _pkg_short_errors_supported=no
+fi
+ if test $_pkg_short_errors_supported = yes; then
+ OPENSSL_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "openssl >= 0.9.7" 2>&1`
+ else
+ OPENSSL_PKG_ERRORS=`$PKG_CONFIG --print-errors "openssl >= 0.9.7" 2>&1`
+ fi
+ # Put the nasty error message in config.log where it belongs
+ echo "$OPENSSL_PKG_ERRORS" >&5
+
+ OPENSSL_VERSION=""
+elif test $pkg_failed = untried; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ OPENSSL_VERSION=""
+else
+ OPENSSL_CFLAGS=$pkg_cv_OPENSSL_CFLAGS
+ OPENSSL_LIBS=$pkg_cv_OPENSSL_LIBS
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ OPENSSL_VERSION="0.9.7"
+fi
+ fi
+
+ if test "z$OPENSSL_VERSION" = "z" ; then
+
+pkg_failed=no
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for OPENSSL" >&5
+$as_echo_n "checking for OPENSSL... " >&6; }
+
+if test -n "$OPENSSL_CFLAGS"; then
+ pkg_cv_OPENSSL_CFLAGS="$OPENSSL_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl >= \$OPENSSL_MIN_VERSION\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "openssl >= $OPENSSL_MIN_VERSION") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_OPENSSL_CFLAGS=`$PKG_CONFIG --cflags "openssl >= $OPENSSL_MIN_VERSION" 2>/dev/null`
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+if test -n "$OPENSSL_LIBS"; then
+ pkg_cv_OPENSSL_LIBS="$OPENSSL_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"openssl >= \$OPENSSL_MIN_VERSION\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "openssl >= $OPENSSL_MIN_VERSION") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_OPENSSL_LIBS=`$PKG_CONFIG --libs "openssl >= $OPENSSL_MIN_VERSION" 2>/dev/null`
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+
+
+
+if test $pkg_failed = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+ _pkg_short_errors_supported=yes
+else
+ _pkg_short_errors_supported=no
+fi
+ if test $_pkg_short_errors_supported = yes; then
+ OPENSSL_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "openssl >= $OPENSSL_MIN_VERSION" 2>&1`
+ else
+ OPENSSL_PKG_ERRORS=`$PKG_CONFIG --print-errors "openssl >= $OPENSSL_MIN_VERSION" 2>&1`
+ fi
+ # Put the nasty error message in config.log where it belongs
+ echo "$OPENSSL_PKG_ERRORS" >&5
+
+ OPENSSL_VERSION=""
+elif test $pkg_failed = untried; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ OPENSSL_VERSION=""
+else
+ OPENSSL_CFLAGS=$pkg_cv_OPENSSL_CFLAGS
+ OPENSSL_LIBS=$pkg_cv_OPENSSL_LIBS
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ OPENSSL_VERSION="$OPENSSL_MIN_VERSION"
+fi
+ fi
+
+ if test "z$OPENSSL_VERSION" != "z" ; then
+ OPENSSL_FOUND="yes"
+ fi
+fi
+
+if test "z$OPENSSL_FOUND" = "zno" ; then
+ OPENSSL_INCLUDES_FOUND="no"
+ OPENSSL_LIBS_FOUND="no"
+
+ for dir in $ac_openssl_inc_dir ; do
+ if test -f $dir/openssl/ssl.h ; then
+ if test "z$dir" = "z/usr/include" ; then
+ OPENSSL_CFLAGS="$OPENSSL_CFLAGS "
+ else
+ OPENSSL_CFLAGS="$OPENSSL_CFLAGS -I$dir"
+ fi
+ OPENSSL_INCLUDES_FOUND="yes"
+ break
+ fi
+ done
+
+ for dir in $ac_openssl_lib_dir ; do
+ if test -f $dir/libcrypto.a ; then
+ if test "z$dir" = "z/usr/lib" ; then
+ OPENSSL_LIBS="-lcrypto -ldl"
+ else
+ OPENSSL_LIBS="-L$dir -lcrypto -ldl"
+ fi
+ OPENSSL_LIBS_FOUND="yes"
+ ac_found_openssl_lib_dir=$dir
+ break;
+ fi
+ done
+
+ if test "z$OPENSSL_INCLUDES_FOUND" = "zyes" -a "z$OPENSSL_LIBS_FOUND" = "zyes" ; then
+ OPENSSL_FOUND="yes"
+ fi
+fi
+
+if test "z$OPENSSL_FOUND" = "zyes" -a "z$OPENSSL_VERSION" = "z" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for openssl libraries >= $OPENSSL_MIN_VERSION" >&5
+$as_echo_n "checking for openssl libraries >= $OPENSSL_MIN_VERSION... " >&6; }
+
+ OLD_CPPFLAGS=$CPPFLAGS
+ CPPFLAGS="$OPENSSL_CFLAGS"
+
+ if test "z$OPENSSL_VERSION" = "z" ; then
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+ #include <openssl/opensslv.h>
+ #if OPENSSL_VERSION_NUMBER >= 0x10000000L
+ yes
+ #endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "yes" >/dev/null 2>&1; then :
+
+ OPENSSL_VERSION="1.0.0"
+
+else
+
+ OPENSSL_VERSION=""
+
+fi
+rm -f conftest*
+
+ fi
+
+ if test "z$OPENSSL_VERSION" = "z" ; then
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+ #include <openssl/opensslv.h>
+ #if OPENSSL_VERSION_NUMBER >= 0x00908000L
+ yes
+ #endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "yes" >/dev/null 2>&1; then :
+
+ OPENSSL_VERSION="0.9.8"
+
+else
+
+ OPENSSL_VERSION=""
+
+fi
+rm -f conftest*
+
+ fi
+
+ if test "z$OPENSSL_VERSION" = "z" ; then
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+ #include <openssl/opensslv.h>
+ #if OPENSSL_VERSION_NUMBER >= 0x00907000L
+ yes
+ #endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "yes" >/dev/null 2>&1; then :
+
+ OPENSSL_VERSION="0.9.7"
+
+else
+
+ OPENSSL_VERSION=""
+
+fi
+rm -f conftest*
+
+ fi
+
+ if test "z$OPENSSL_VERSION" = "z" ; then
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+ #include <openssl/opensslv.h>
+ #if OPENSSL_VERSION_NUMBER >= 0x00906000L
+ yes
+ #endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "yes" >/dev/null 2>&1; then :
+
+ OPENSSL_VERSION="0.9.6"
+
+else
+
+ OPENSSL_VERSION=""
+
+fi
+rm -f conftest*
+
+ fi
+ if test "z$OPENSSL_VERSION" = "z" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes ('$OPENSSL_VERSION')" >&5
+$as_echo "yes ('$OPENSSL_VERSION')" >&6; }
+ fi
+
+ CPPFLAGS=$OLD_CPPFLAGS
+fi
+
+if test "z$OPENSSL_FOUND" = "zyes" ; then
+ XMLSEC_NO_OPENSSL="0"
+ if test "z$OPENSSL_VERSION" = "z0.9.6" ; then
+ OPENSSL_CFLAGS="$OPENSSL_CFLAGS -DXMLSEC_OPENSSL_096=1"
+ fi
+ if test "z$OPENSSL_VERSION" = "z0.9.7" ; then
+ OPENSSL_CFLAGS="$OPENSSL_CFLAGS -DXMLSEC_OPENSSL_097=1"
+ fi
+ if test "z$OPENSSL_VERSION" = "z0.9.8" ; then
+ OPENSSL_CFLAGS="$OPENSSL_CFLAGS -DXMLSEC_OPENSSL_098=1"
+ fi
+ if test "z$OPENSSL_VERSION" = "z1.0.0" ; then
+ OPENSSL_CFLAGS="$OPENSSL_CFLAGS -DXMLSEC_OPENSSL_100=1"
+ fi
+ OPENSSL_CFLAGS="$OPENSSL_CFLAGS -DXMLSEC_CRYPTO_OPENSSL=1"
+ XMLSEC_CRYPTO_LIST="$XMLSEC_CRYPTO_LIST openssl"
+else
+ XMLSEC_CRYPTO_DISABLED_LIST="$XMLSEC_CRYPTO_DISABLED_LIST openssl"
+fi
+
+ if test "z$XMLSEC_NO_OPENSSL" == "z1"; then
+ XMLSEC_NO_OPENSSL_TRUE=
+ XMLSEC_NO_OPENSSL_FALSE='#'
+else
+ XMLSEC_NO_OPENSSL_TRUE='#'
+ XMLSEC_NO_OPENSSL_FALSE=
+fi
+
+
+
+
+
+
+
+XMLSEC_NO_NSS="1"
+SEAMONKEY_MIN_VERSION="1.0"
+MOZILLA_MIN_VERSION="1.4"
+NSS_MIN_VERSION="3.9"
+NSPR_MIN_VERSION="4.4.1"
+NSS_CFLAGS=""
+NSS_LIBS=""
+NSS_LIBS_LIST="-lnss3 -lsmime3"
+NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4"
+NSS_CRYPTO_LIB="$XMLSEC_PACKAGE-nss"
+NSS_FOUND="no"
+NSPR_PACKAGE=mozilla-nspr
+NSS_PACKAGE=mozilla-nss
+
+
+
+# Check whether --with-nss was given.
+if test "${with_nss+set}" = set; then :
+ withval=$with_nss;
+fi
+
+
+# Check whether --with-nspr was given.
+if test "${with_nspr+set}" = set; then :
+ withval=$with_nspr;
+fi
+
+
+# Check whether --with-seamonkey_ver was given.
+if test "${with_seamonkey_ver+set}" = set; then :
+ withval=$with_seamonkey_ver;
+fi
+
+
+# Check whether --with-mozilla_ver was given.
+if test "${with_mozilla_ver+set}" = set; then :
+ withval=$with_mozilla_ver;
+fi
+
+if test "z$with_nss" = "zno" -o "z$with_nspr" = "zno" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for NSS libraries" >&5
+$as_echo_n "checking for NSS libraries... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ NSS_FOUND="without"
+elif test "z$with_nss" = "z" -a "z$with_nspr" = "z" -a "z$with_mozilla_ver" = "z" -a "z$with_seamonkey_ver" = "z" -a "z$PKGCONFIG_FOUND" = "zyes" ; then
+ if test "z$NSS_FOUND" = "zno" ; then
+
+pkg_failed=no
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for NSS" >&5
+$as_echo_n "checking for NSS... " >&6; }
+
+if test -n "$NSS_CFLAGS"; then
+ pkg_cv_NSS_CFLAGS="$NSS_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"seamonkey-nspr >= \$NSPR_MIN_VERSION seamonkey-nss >= \$SEAMONKEY_MIN_VERSION\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "seamonkey-nspr >= $NSPR_MIN_VERSION seamonkey-nss >= $SEAMONKEY_MIN_VERSION") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_NSS_CFLAGS=`$PKG_CONFIG --cflags "seamonkey-nspr >= $NSPR_MIN_VERSION seamonkey-nss >= $SEAMONKEY_MIN_VERSION" 2>/dev/null`
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+if test -n "$NSS_LIBS"; then
+ pkg_cv_NSS_LIBS="$NSS_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"seamonkey-nspr >= \$NSPR_MIN_VERSION seamonkey-nss >= \$SEAMONKEY_MIN_VERSION\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "seamonkey-nspr >= $NSPR_MIN_VERSION seamonkey-nss >= $SEAMONKEY_MIN_VERSION") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_NSS_LIBS=`$PKG_CONFIG --libs "seamonkey-nspr >= $NSPR_MIN_VERSION seamonkey-nss >= $SEAMONKEY_MIN_VERSION" 2>/dev/null`
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+
+
+
+if test $pkg_failed = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+ _pkg_short_errors_supported=yes
+else
+ _pkg_short_errors_supported=no
+fi
+ if test $_pkg_short_errors_supported = yes; then
+ NSS_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "seamonkey-nspr >= $NSPR_MIN_VERSION seamonkey-nss >= $SEAMONKEY_MIN_VERSION" 2>&1`
+ else
+ NSS_PKG_ERRORS=`$PKG_CONFIG --print-errors "seamonkey-nspr >= $NSPR_MIN_VERSION seamonkey-nss >= $SEAMONKEY_MIN_VERSION" 2>&1`
+ fi
+ # Put the nasty error message in config.log where it belongs
+ echo "$NSS_PKG_ERRORS" >&5
+
+ NSS_FOUND=no
+elif test $pkg_failed = untried; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ NSS_FOUND=no
+else
+ NSS_CFLAGS=$pkg_cv_NSS_CFLAGS
+ NSS_LIBS=$pkg_cv_NSS_LIBS
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ NSS_FOUND=yes NSPR_PACKAGE=seamonkey-nspr NSS_PACKAGE=seamonkey-nss
+fi
+ fi
+ if test "z$NSS_FOUND" = "zno" ; then
+
+pkg_failed=no
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for NSS" >&5
+$as_echo_n "checking for NSS... " >&6; }
+
+if test -n "$NSS_CFLAGS"; then
+ pkg_cv_NSS_CFLAGS="$NSS_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"mozilla-nspr >= \$MOZILLA_MIN_VERSION mozilla-nss >= \$MOZILLA_MIN_VERSION\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_NSS_CFLAGS=`$PKG_CONFIG --cflags "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION" 2>/dev/null`
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+if test -n "$NSS_LIBS"; then
+ pkg_cv_NSS_LIBS="$NSS_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"mozilla-nspr >= \$MOZILLA_MIN_VERSION mozilla-nss >= \$MOZILLA_MIN_VERSION\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_NSS_LIBS=`$PKG_CONFIG --libs "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION" 2>/dev/null`
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+
+
+
+if test $pkg_failed = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+ _pkg_short_errors_supported=yes
+else
+ _pkg_short_errors_supported=no
+fi
+ if test $_pkg_short_errors_supported = yes; then
+ NSS_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION" 2>&1`
+ else
+ NSS_PKG_ERRORS=`$PKG_CONFIG --print-errors "mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION" 2>&1`
+ fi
+ # Put the nasty error message in config.log where it belongs
+ echo "$NSS_PKG_ERRORS" >&5
+
+ NSS_FOUND=no
+elif test $pkg_failed = untried; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ NSS_FOUND=no
+else
+ NSS_CFLAGS=$pkg_cv_NSS_CFLAGS
+ NSS_LIBS=$pkg_cv_NSS_LIBS
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ NSS_FOUND=yes NSPR_PACKAGE=mozilla-nspr NSS_PACKAGE=mozilla-nss
+fi
+ fi
+ if test "z$NSS_FOUND" = "zno" ; then
+
+pkg_failed=no
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for NSS" >&5
+$as_echo_n "checking for NSS... " >&6; }
+
+if test -n "$NSS_CFLAGS"; then
+ pkg_cv_NSS_CFLAGS="$NSS_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"xulrunner-nspr >= \$NSPR_MIN_VERSION xulrunner-nss >= \$NSS_MIN_VERSION\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "xulrunner-nspr >= $NSPR_MIN_VERSION xulrunner-nss >= $NSS_MIN_VERSION") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_NSS_CFLAGS=`$PKG_CONFIG --cflags "xulrunner-nspr >= $NSPR_MIN_VERSION xulrunner-nss >= $NSS_MIN_VERSION" 2>/dev/null`
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+if test -n "$NSS_LIBS"; then
+ pkg_cv_NSS_LIBS="$NSS_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"xulrunner-nspr >= \$NSPR_MIN_VERSION xulrunner-nss >= \$NSS_MIN_VERSION\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "xulrunner-nspr >= $NSPR_MIN_VERSION xulrunner-nss >= $NSS_MIN_VERSION") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_NSS_LIBS=`$PKG_CONFIG --libs "xulrunner-nspr >= $NSPR_MIN_VERSION xulrunner-nss >= $NSS_MIN_VERSION" 2>/dev/null`
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+
+
+
+if test $pkg_failed = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+ _pkg_short_errors_supported=yes
+else
+ _pkg_short_errors_supported=no
+fi
+ if test $_pkg_short_errors_supported = yes; then
+ NSS_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "xulrunner-nspr >= $NSPR_MIN_VERSION xulrunner-nss >= $NSS_MIN_VERSION" 2>&1`
+ else
+ NSS_PKG_ERRORS=`$PKG_CONFIG --print-errors "xulrunner-nspr >= $NSPR_MIN_VERSION xulrunner-nss >= $NSS_MIN_VERSION" 2>&1`
+ fi
+ # Put the nasty error message in config.log where it belongs
+ echo "$NSS_PKG_ERRORS" >&5
+
+ NSS_FOUND=no
+elif test $pkg_failed = untried; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ NSS_FOUND=no
+else
+ NSS_CFLAGS=$pkg_cv_NSS_CFLAGS
+ NSS_LIBS=$pkg_cv_NSS_LIBS
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ NSS_FOUND=yes NSPR_PACKAGE=xulrunner-nspr NSS_PACKAGE=xulrunner-nss
+fi
+ fi
+ if test "z$NSS_FOUND" = "zno" ; then
+
+pkg_failed=no
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for NSS" >&5
+$as_echo_n "checking for NSS... " >&6; }
+
+if test -n "$NSS_CFLAGS"; then
+ pkg_cv_NSS_CFLAGS="$NSS_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"nspr >= \$NSPR_MIN_VERSION nss >= \$NSS_MIN_VERSION\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_NSS_CFLAGS=`$PKG_CONFIG --cflags "nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION" 2>/dev/null`
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+if test -n "$NSS_LIBS"; then
+ pkg_cv_NSS_LIBS="$NSS_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"nspr >= \$NSPR_MIN_VERSION nss >= \$NSS_MIN_VERSION\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_NSS_LIBS=`$PKG_CONFIG --libs "nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION" 2>/dev/null`
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+
+
+
+if test $pkg_failed = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+ _pkg_short_errors_supported=yes
+else
+ _pkg_short_errors_supported=no
+fi
+ if test $_pkg_short_errors_supported = yes; then
+ NSS_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION" 2>&1`
+ else
+ NSS_PKG_ERRORS=`$PKG_CONFIG --print-errors "nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION" 2>&1`
+ fi
+ # Put the nasty error message in config.log where it belongs
+ echo "$NSS_PKG_ERRORS" >&5
+
+ NSS_FOUND=no
+elif test $pkg_failed = untried; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ NSS_FOUND=no
+else
+ NSS_CFLAGS=$pkg_cv_NSS_CFLAGS
+ NSS_LIBS=$pkg_cv_NSS_LIBS
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ NSS_FOUND=yes NSPR_PACKAGE=nspr NSS_PACKAGE=nss
+fi
+ fi
+fi
+
+if test "z$NSS_FOUND" = "zno" ; then
+ if test "z$with_seamonkey_ver" != "z" ; then
+ ac_mozilla_name=seamonkey-$with_seamonkey_ver
+ elif test "z$with_mozilla_ver" != "z" ; then
+ ac_mozilla_name=mozilla-$with_mozilla_ver
+ else
+ ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION
+ fi
+
+ ac_nss_lib_dir="/usr/lib /usr/lib64 /usr/local/lib /usr/lib/$ac_mozilla_name /usr/local/lib/$ac_mozilla_name"
+ ac_nss_inc_dir="/usr/include /usr/include/mozilla /usr/local/include /usr/local/include/mozilla /usr/include/$ac_mozilla_name /usr/local/include/$ac_mozilla_name"
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nspr libraries >= $NSPR_MIN_VERSION" >&5
+$as_echo_n "checking for nspr libraries >= $NSPR_MIN_VERSION... " >&6; }
+ NSPR_INCLUDES_FOUND="no"
+ NSPR_LIBS_FOUND="no"
+ NSPR_FOUND="no"
+ NSPR_PRINIT_H=""
+
+ if test "z$with_nspr" != "z" ; then
+ NSPR_PREFIX="$with_nspr"
+ NSPR_CFLAGS="-I$with_nspr/include -I$with_nspr/include/nspr"
+ if test "z$with_gnu_ld" = "zyes" ; then
+ NSPR_LIBS="-Wl,-rpath-link -Wl,$with_nspr/lib -L$with_nspr/lib $NSPR_LIBS_LIST"
+ else
+ NSPR_LIBS="-L$with_nspr/lib $NSPR_LIBS_LIST"
+ fi
+ NSPR_INCLUDES_FOUND="yes"
+ NSPR_LIBS_FOUND="yes"
+ NSPR_PRINIT_H="$with_nspr/include/prinit.h"
+ else
+ for dir in $ac_nss_inc_dir ; do
+ if test -f $dir/nspr/prinit.h ; then
+ if test "z$dir" = "z/usr/include" ; then
+ NSPR_CFLAGS=""
+ else
+ NSPR_CFLAGS="-I$dir/nspr"
+ fi
+ NSPR_INCLUDES_FOUND="yes"
+ NSPR_PRINIT_H="$dir/nspr/prinit.h"
+ break
+ fi
+ done
+
+ for dir in $ac_nss_lib_dir ; do
+ if test -f $dir/libnspr4$shrext ; then
+ if test "z$dir" = "z/usr/lib" ; then
+ NSPR_LIBS="$NSPR_LIBS_LIST"
+ else
+ if test "z$with_gnu_ld" = "zyes" ; then
+ NSPR_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSPR_LIBS_LIST"
+ else
+ NSPR_LIBS="-L$dir $NSPR_LIBS_LIST"
+ fi
+ fi
+ NSPR_LIBS_FOUND="yes"
+ break
+ fi
+ done
+ fi
+
+ if test "z$NSPR_INCLUDES_FOUND" = "zyes" -a "z$NSPR_LIBS_FOUND" = "zyes" ; then
+ OLD_CPPFLAGS=$CPPFLAGS
+ CPPFLAGS="$NSPR_CFLAGS"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+ #include <prinit.h>
+ #if PR_VMAJOR >= 4
+ yes
+ #endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "yes" >/dev/null 2>&1; then :
+
+ NSPR_FOUND=yes
+
+else
+
+ NSPR_FOUND=no
+
+fi
+rm -f conftest*
+
+ CPPFLAGS="$OLD_CPPFLAGS"
+ fi
+
+ if test "z$NSPR_FOUND" = "zyes" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nss libraries >= $NSS_MIN_VERSION" >&5
+$as_echo_n "checking for nss libraries >= $NSS_MIN_VERSION... " >&6; }
+ NSS_INCLUDES_FOUND="no"
+ NSS_LIBS_FOUND="no"
+ NSS_NSS_H=""
+
+ if test "z$with_nss" != "z" ; then
+ NSS_CFLAGS="$NSS_CFLAGS -I$with_nss/include -I$with_nss/include/nss"
+ if test "z$with_gnu_ld" = "zyes" ; then
+ NSS_LIBS="$NSS_LIBS -Wl,-rpath-link -Wl,$with_nss/lib -L$with_nss/lib $NSS_LIBS_LIST"
+ else
+ NSS_LIBS="$NSS_LIBS -L$with_nss/lib $NSS_LIBS_LIST"
+ fi
+ NSS_INCLUDES_FOUND="yes"
+ NSS_LIBS_FOUND="yes"
+ NSS_NSS_H="$with_nss/include/nss.h"
+ else
+ for dir in $ac_nss_inc_dir ; do
+ if test -f $dir/nss/nss.h ; then
+ if test "z$dir" = "z/usr/include" ; then
+ NSS_CFLAGS="$NSS_CFLAGS"
+ else
+ NSS_CFLAGS="$NSS_CFLAGS -I$dir/nss"
+ fi
+ NSS_INCLUDES_FOUND="yes"
+ NSS_NSS_H="$dir/nss/nss.h"
+ break
+ fi
+ done
+
+ for dir in $ac_nss_lib_dir ; do
+ if test -f $dir/libnss3$shrext ; then
+ if test "z$dir" = "z/usr/lib" ; then
+ NSS_LIBS="$NSS_LIBS_LIST"
+ else
+ if test "z$with_gnu_ld" = "zyes" ; then
+ NSS_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSS_LIBS_LIST"
+ else
+ NSS_LIBS="-L$dir $NSS_LIBS_LIST"
+ fi
+ fi
+ NSS_LIBS_FOUND="yes"
+ break
+ fi
+ done
+ fi
+
+ if test "z$NSS_INCLUDES_FOUND" = "zyes" -a "z$NSS_LIBS_FOUND" = "zyes" ; then
+ OLD_CPPFLAGS=$CPPFLAGS
+ CPPFLAGS="$NSS_CFLAGS"
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+ #include <nss.h>
+ #if NSS_VMAJOR >= 3 && NSS_VMINOR >= 2
+ yes
+ #endif
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+ $EGREP "yes" >/dev/null 2>&1; then :
+
+ NSS_FOUND=yes
+
+else
+
+ NSS_FOUND=no
+
+fi
+rm -f conftest*
+
+ CPPFLAGS="$OLD_CPPFLAGS"
+ fi
+
+ if test "z$NSS_FOUND" = "zyes" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+
+ if test "z$NSPR_FOUND" = "zyes" -a "z$NSS_FOUND" = "zyes" ; then
+ NSS_CFLAGS="$NSS_CFLAGS $NSPR_CFLAGS"
+ NSS_LIBS="$NSS_LIBS $NSPR_LIBS"
+ elif test "z$NSPR_FOUND" != "zyes" -a "z$NSS_FOUND" = "zyes" ; then
+ NSS_FOUND="no"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: NSPR library is required for NSS" >&5
+$as_echo "NSPR library is required for NSS" >&6; }
+ fi
+fi
+
+if test "z$NSS_FOUND" = "zyes" ; then
+ XMLSEC_NO_NSS="0"
+ NSS_CFLAGS="$NSS_CFLAGS -DXMLSEC_CRYPTO_NSS=1"
+ XMLSEC_CRYPTO_LIST="$XMLSEC_CRYPTO_LIST nss"
+else
+ XMLSEC_CRYPTO_DISABLED_LIST="$XMLSEC_CRYPTO_DISABLED_LIST nss"
+fi
+
+ if test "z$XMLSEC_NO_NSS" = "z1"; then
+ XMLSEC_NO_NSS_TRUE=
+ XMLSEC_NO_NSS_FALSE='#'
+else
+ XMLSEC_NO_NSS_TRUE='#'
+ XMLSEC_NO_NSS_FALSE=
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+GCRYPT_CONFIG="libgcrypt-config"
+XMLSEC_NO_GCRYPT="1"
+GCRYPT_MIN_VERSION="1.4.0"
+GCRYPT_VERSION=""
+GCRYPT_CFLAGS=""
+GCRYPT_LIBS=""
+GCRYPT_CRYPTO_LIB="$XMLSEC_PACKAGE-gcrypt"
+GCRYPT_FOUND="no"
+
+# Check whether --with-gcrypt was given.
+if test "${with_gcrypt+set}" = set; then :
+ withval=$with_gcrypt;
+fi
+
+if test "z$with_gcrypt" = "zno" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gcrypt libraries >= $GCRYPT_MIN_VERSION" >&5
+$as_echo_n "checking for gcrypt libraries >= $GCRYPT_MIN_VERSION... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ GCRYPT_FOUND="without"
+elif test "z$with_gcrypt" = "z" -a "z$PKGCONFIG_FOUND" = "zyes" ; then
+
+pkg_failed=no
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GCRYPT" >&5
+$as_echo_n "checking for GCRYPT... " >&6; }
+
+if test -n "$GCRYPT_CFLAGS"; then
+ pkg_cv_GCRYPT_CFLAGS="$GCRYPT_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gcrypt >= \$GCRYPT_MIN_VERSION\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "gcrypt >= $GCRYPT_MIN_VERSION") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_GCRYPT_CFLAGS=`$PKG_CONFIG --cflags "gcrypt >= $GCRYPT_MIN_VERSION" 2>/dev/null`
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+if test -n "$GCRYPT_LIBS"; then
+ pkg_cv_GCRYPT_LIBS="$GCRYPT_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gcrypt >= \$GCRYPT_MIN_VERSION\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "gcrypt >= $GCRYPT_MIN_VERSION") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_GCRYPT_LIBS=`$PKG_CONFIG --libs "gcrypt >= $GCRYPT_MIN_VERSION" 2>/dev/null`
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+
+
+
+if test $pkg_failed = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+ _pkg_short_errors_supported=yes
+else
+ _pkg_short_errors_supported=no
+fi
+ if test $_pkg_short_errors_supported = yes; then
+ GCRYPT_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "gcrypt >= $GCRYPT_MIN_VERSION" 2>&1`
+ else
+ GCRYPT_PKG_ERRORS=`$PKG_CONFIG --print-errors "gcrypt >= $GCRYPT_MIN_VERSION" 2>&1`
+ fi
+ # Put the nasty error message in config.log where it belongs
+ echo "$GCRYPT_PKG_ERRORS" >&5
+
+ GCRYPT_FOUND=no
+elif test $pkg_failed = untried; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ GCRYPT_FOUND=no
+else
+ GCRYPT_CFLAGS=$pkg_cv_GCRYPT_CFLAGS
+ GCRYPT_LIBS=$pkg_cv_GCRYPT_LIBS
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ GCRYPT_FOUND=yes
+fi
+
+ if test "z$GCRYPT_FOUND" = "zno" ; then
+
+pkg_failed=no
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GCRYPT" >&5
+$as_echo_n "checking for GCRYPT... " >&6; }
+
+if test -n "$GCRYPT_CFLAGS"; then
+ pkg_cv_GCRYPT_CFLAGS="$GCRYPT_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libgcrypt >= \$GCRYPT_MIN_VERSION\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "libgcrypt >= $GCRYPT_MIN_VERSION") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_GCRYPT_CFLAGS=`$PKG_CONFIG --cflags "libgcrypt >= $GCRYPT_MIN_VERSION" 2>/dev/null`
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+if test -n "$GCRYPT_LIBS"; then
+ pkg_cv_GCRYPT_LIBS="$GCRYPT_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libgcrypt >= \$GCRYPT_MIN_VERSION\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "libgcrypt >= $GCRYPT_MIN_VERSION") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_GCRYPT_LIBS=`$PKG_CONFIG --libs "libgcrypt >= $GCRYPT_MIN_VERSION" 2>/dev/null`
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+
+
+
+if test $pkg_failed = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+ _pkg_short_errors_supported=yes
+else
+ _pkg_short_errors_supported=no
+fi
+ if test $_pkg_short_errors_supported = yes; then
+ GCRYPT_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "libgcrypt >= $GCRYPT_MIN_VERSION" 2>&1`
+ else
+ GCRYPT_PKG_ERRORS=`$PKG_CONFIG --print-errors "libgcrypt >= $GCRYPT_MIN_VERSION" 2>&1`
+ fi
+ # Put the nasty error message in config.log where it belongs
+ echo "$GCRYPT_PKG_ERRORS" >&5
+
+ GCRYPT_FOUND=no
+elif test $pkg_failed = untried; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ GCRYPT_FOUND=no
+else
+ GCRYPT_CFLAGS=$pkg_cv_GCRYPT_CFLAGS
+ GCRYPT_LIBS=$pkg_cv_GCRYPT_LIBS
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ GCRYPT_FOUND=yes
+fi
+ fi
+
+ if test "z$GCRYPT_FOUND" = "zno" ; then
+
+pkg_failed=no
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GCRYPT" >&5
+$as_echo_n "checking for GCRYPT... " >&6; }
+
+if test -n "$GCRYPT_CFLAGS"; then
+ pkg_cv_GCRYPT_CFLAGS="$GCRYPT_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libgcrypt11 >= \$GCRYPT_MIN_VERSION\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "libgcrypt11 >= $GCRYPT_MIN_VERSION") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_GCRYPT_CFLAGS=`$PKG_CONFIG --cflags "libgcrypt11 >= $GCRYPT_MIN_VERSION" 2>/dev/null`
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+if test -n "$GCRYPT_LIBS"; then
+ pkg_cv_GCRYPT_LIBS="$GCRYPT_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libgcrypt11 >= \$GCRYPT_MIN_VERSION\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "libgcrypt11 >= $GCRYPT_MIN_VERSION") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_GCRYPT_LIBS=`$PKG_CONFIG --libs "libgcrypt11 >= $GCRYPT_MIN_VERSION" 2>/dev/null`
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+
+
+
+if test $pkg_failed = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+ _pkg_short_errors_supported=yes
+else
+ _pkg_short_errors_supported=no
+fi
+ if test $_pkg_short_errors_supported = yes; then
+ GCRYPT_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "libgcrypt11 >= $GCRYPT_MIN_VERSION" 2>&1`
+ else
+ GCRYPT_PKG_ERRORS=`$PKG_CONFIG --print-errors "libgcrypt11 >= $GCRYPT_MIN_VERSION" 2>&1`
+ fi
+ # Put the nasty error message in config.log where it belongs
+ echo "$GCRYPT_PKG_ERRORS" >&5
+
+ GCRYPT_FOUND=no
+elif test $pkg_failed = untried; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ GCRYPT_FOUND=no
+else
+ GCRYPT_CFLAGS=$pkg_cv_GCRYPT_CFLAGS
+ GCRYPT_LIBS=$pkg_cv_GCRYPT_LIBS
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ GCRYPT_FOUND=yes
+fi
+ fi
+fi
+
+if test "z$GCRYPT_FOUND" = "zno" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gcrypt libraries >= $GCRYPT_MIN_VERSION" >&5
+$as_echo_n "checking for gcrypt libraries >= $GCRYPT_MIN_VERSION... " >&6; }
+ if test "z$with_gcrypt" != "z" ; then
+ GCRYPT_CONFIG=$with_gcrypt/bin/$GCRYPT_CONFIG
+ fi
+ if ! $GCRYPT_CONFIG --version > /dev/null 2>&1 ; then
+ if test "z$with_gcrypt" != "z" ; then
+ as_fn_error $? "Unable to find gcrypt at '$with_gcrypt'" "$LINENO" 5
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+ else
+ vers=`$GCRYPT_CONFIG --version | awk -F. '{ printf "%d", ($1 * 1000 + $2) * 1000 + $3;}'`
+ minvers=`echo $GCRYPT_MIN_VERSION | awk -F. '{ printf "%d", ($1 * 1000 + $2) * 1000 + $3;}'`
+ if test "$vers" -ge "$minvers" ; then
+ GCRYPT_CFLAGS="$GCRYPT_CFLAGS `$GCRYPT_CONFIG --cflags`"
+ GCRYPT_LIBS="$GCRYPT_LIBS `$GCRYPT_CONFIG --libs`"
+ GCRYPT_FOUND=yes
+ else
+ as_fn_error $? "You need at least gcrypt $GCRYPT_MIN_VERSION for this version of $XMLSEC_PACKAGE" "$LINENO" 5
+ fi
+ fi
+fi
+
+if test "z$GCRYPT_FOUND" = "zyes" ; then
+ XMLSEC_NO_GCRYPT="0"
+ GCRYPT_CFLAGS="$GCRYPT_CFLAGS -DXMLSEC_CRYPTO_GCRYPT=1"
+ XMLSEC_CRYPTO_LIST="$XMLSEC_CRYPTO_LIST gcrypt"
+else
+ XMLSEC_CRYPTO_DISABLED_LIST="$XMLSEC_CRYPTO_DISABLED_LIST gcrypt"
+fi
+
+ if test "z$XMLSEC_NO_GCRYPT" = "z1"; then
+ XMLSEC_NO_GCRYPT_TRUE=
+ XMLSEC_NO_GCRYPT_FALSE='#'
+else
+ XMLSEC_NO_GCRYPT_TRUE='#'
+ XMLSEC_NO_GCRYPT_FALSE=
+fi
+
+
+
+
+
+
+
+
+GNUTLS_CONFIG="libgnutls-config"
+XMLSEC_NO_GNUTLS="1"
+GNUTLS_MIN_VERSION="2.8.0"
+GNUTLS_VERSION=""
+GNUTLS_CFLAGS=""
+GNUTLS_LIBS=""
+GNUTLS_CRYPTO_LIB="$XMLSEC_PACKAGE-gnutls"
+GNUTLS_FOUND="no"
+
+# Check whether --with-gnutls was given.
+if test "${with_gnutls+set}" = set; then :
+ withval=$with_gnutls;
+fi
+
+if test "z$with_gnutls" = "zno" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gnutls libraries >= $GNUTLS_MIN_VERSION" >&5
+$as_echo_n "checking for gnutls libraries >= $GNUTLS_MIN_VERSION... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ GNUTLS_FOUND="without"
+elif test "z$with_gnutls" = "z" -a "z$PKGCONFIG_FOUND" = "zyes" ; then
+
+pkg_failed=no
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNUTLS" >&5
+$as_echo_n "checking for GNUTLS... " >&6; }
+
+if test -n "$GNUTLS_CFLAGS"; then
+ pkg_cv_GNUTLS_CFLAGS="$GNUTLS_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gnutls >= \$GNUTLS_MIN_VERSION\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "gnutls >= $GNUTLS_MIN_VERSION") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_GNUTLS_CFLAGS=`$PKG_CONFIG --cflags "gnutls >= $GNUTLS_MIN_VERSION" 2>/dev/null`
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+if test -n "$GNUTLS_LIBS"; then
+ pkg_cv_GNUTLS_LIBS="$GNUTLS_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gnutls >= \$GNUTLS_MIN_VERSION\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "gnutls >= $GNUTLS_MIN_VERSION") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_GNUTLS_LIBS=`$PKG_CONFIG --libs "gnutls >= $GNUTLS_MIN_VERSION" 2>/dev/null`
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+
+
+
+if test $pkg_failed = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+ _pkg_short_errors_supported=yes
+else
+ _pkg_short_errors_supported=no
+fi
+ if test $_pkg_short_errors_supported = yes; then
+ GNUTLS_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "gnutls >= $GNUTLS_MIN_VERSION" 2>&1`
+ else
+ GNUTLS_PKG_ERRORS=`$PKG_CONFIG --print-errors "gnutls >= $GNUTLS_MIN_VERSION" 2>&1`
+ fi
+ # Put the nasty error message in config.log where it belongs
+ echo "$GNUTLS_PKG_ERRORS" >&5
+
+ GNUTLS_FOUND=no
+elif test $pkg_failed = untried; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ GNUTLS_FOUND=no
+else
+ GNUTLS_CFLAGS=$pkg_cv_GNUTLS_CFLAGS
+ GNUTLS_LIBS=$pkg_cv_GNUTLS_LIBS
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ GNUTLS_FOUND=yes
+fi
+ if test "z$GNUTLS_FOUND" = "zno" ; then
+
+pkg_failed=no
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNUTLS" >&5
+$as_echo_n "checking for GNUTLS... " >&6; }
+
+if test -n "$GNUTLS_CFLAGS"; then
+ pkg_cv_GNUTLS_CFLAGS="$GNUTLS_CFLAGS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libgnutls >= \$GNUTLS_MIN_VERSION\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "libgnutls >= $GNUTLS_MIN_VERSION") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_GNUTLS_CFLAGS=`$PKG_CONFIG --cflags "libgnutls >= $GNUTLS_MIN_VERSION" 2>/dev/null`
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+if test -n "$GNUTLS_LIBS"; then
+ pkg_cv_GNUTLS_LIBS="$GNUTLS_LIBS"
+ elif test -n "$PKG_CONFIG"; then
+ if test -n "$PKG_CONFIG" && \
+ { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libgnutls >= \$GNUTLS_MIN_VERSION\""; } >&5
+ ($PKG_CONFIG --exists --print-errors "libgnutls >= $GNUTLS_MIN_VERSION") 2>&5
+ ac_status=$?
+ $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+ test $ac_status = 0; }; then
+ pkg_cv_GNUTLS_LIBS=`$PKG_CONFIG --libs "libgnutls >= $GNUTLS_MIN_VERSION" 2>/dev/null`
+else
+ pkg_failed=yes
+fi
+ else
+ pkg_failed=untried
+fi
+
+
+
+if test $pkg_failed = yes; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+ _pkg_short_errors_supported=yes
+else
+ _pkg_short_errors_supported=no
+fi
+ if test $_pkg_short_errors_supported = yes; then
+ GNUTLS_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "libgnutls >= $GNUTLS_MIN_VERSION" 2>&1`
+ else
+ GNUTLS_PKG_ERRORS=`$PKG_CONFIG --print-errors "libgnutls >= $GNUTLS_MIN_VERSION" 2>&1`
+ fi
+ # Put the nasty error message in config.log where it belongs
+ echo "$GNUTLS_PKG_ERRORS" >&5
+
+ GNUTLS_FOUND=no
+elif test $pkg_failed = untried; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ GNUTLS_FOUND=no
+else
+ GNUTLS_CFLAGS=$pkg_cv_GNUTLS_CFLAGS
+ GNUTLS_LIBS=$pkg_cv_GNUTLS_LIBS
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ GNUTLS_FOUND=yes
+fi
+ fi
+fi
+
+if test "z$GNUTLS_FOUND" = "zno" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gnutls libraries >= $GNUTLS_MIN_VERSION" >&5
+$as_echo_n "checking for gnutls libraries >= $GNUTLS_MIN_VERSION... " >&6; }
+ if test "z$with_gnutls" != "z" ; then
+ GNUTLS_CONFIG=$with_gnutls/bin/$GNUTLS_CONFIG
+ fi
+ if ! $GNUTLS_CONFIG --version > /dev/null 2>&1 ; then
+ if test "z$with_gnutls" != "z" ; then
+ as_fn_error $? "Unable to find gnutls at '$with_gnutls'" "$LINENO" 5
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ fi
+ else
+ vers=`$GNUTLS_CONFIG --version | awk -F. '{ printf "%d", ($1 * 1000 + $2) * 1000 + $3;}'`
+ minvers=`echo $GNUTLS_MIN_VERSION | awk -F. '{ printf "%d", ($1 * 1000 + $2) * 1000 + $3;}'`
+ if test "$vers" -ge "$minvers" ; then
+ GNUTLS_CFLAGS="$GNUTLS_CFLAGS `$GNUTLS_CONFIG --cflags`"
+ GNUTLS_LIBS="$GNUTLS_LIBS `$GNUTLS_CONFIG --libs`"
+ GNUTLS_FOUND=yes
+ else
+ as_fn_error $? "You need at least gnutls $GNUTLS_MIN_VERSION for this version of $XMLSEC_PACKAGE" "$LINENO" 5
+ fi
+ fi
+fi
+
+if test "z$GNUTLS_FOUND" = "zyes" ; then
+ XMLSEC_NO_GNUTLS="0"
+ GNUTLS_CFLAGS="$GNUTLS_CFLAGS -DXMLSEC_CRYPTO_GNUTLS=1"
+ XMLSEC_CRYPTO_LIST="$XMLSEC_CRYPTO_LIST gnutls"
+
+ if test "z$GCRYPT_FOUND" != "zyes" ; then
+ as_fn_error $? "xmlsec-gnutls library requires xmlsec-gcrypt library which is disabled or missing" "$LINENO" 5
+ fi
+
+else
+ XMLSEC_CRYPTO_DISABLED_LIST="$XMLSEC_CRYPTO_DISABLED_LIST gnutls"
+fi
+
+ if test "z$XMLSEC_NO_GNUTLS" = "z1"; then
+ XMLSEC_NO_GNUTLS_TRUE=
+ XMLSEC_NO_GNUTLS_FALSE='#'
+else
+ XMLSEC_NO_GNUTLS_TRUE='#'
+ XMLSEC_NO_GNUTLS_FALSE=
+fi
+
+
+
+
+
+
+
+
+XMLSEC_NO_MSCRYPTO="1"
+MSCRYPTO_CFLAGS=""
+MSCRYPTO_LIBS=""
+MSCRYPTO_CRYPTO_LIB="$XMLSEC_PACKAGE-mscrypto"
+MSCRYPTO_ENABLE='none'
+# Check whether --enable-mscrypto was given.
+if test "${enable_mscrypto+set}" = set; then :
+ enableval=$enable_mscrypto; MSCRYPTO_ENABLE=$enableval
+fi
+
+if test "z$MSCRYPTO_ENABLE" != "zyes" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for mscrypto libraries" >&5
+$as_echo_n "checking for mscrypto libraries... " >&6; }
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MSCRYPTO_ENABLE" >&5
+$as_echo "$MSCRYPTO_ENABLE" >&6; }
+else
+ LIBS_SAVE="$LIBS"
+ LIBS="$LIBS -lcrypt32"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for mscrypto libraries" >&5
+$as_echo_n "checking for mscrypto libraries... " >&6; }
+ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+ #include <windows.h>
+ #include <wincrypt.h>
+ int main () { CertOpenStore(0,0,0,0,0);; return(0); }
+
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+else
+ MSCRYPTO_ENABLE="no"
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MSCRYPTO_ENABLE" >&5
+$as_echo "$MSCRYPTO_ENABLE" >&6; }
+ LIBS="$LIBS_SAVE"
+fi
+
+if test "z$MSCRYPTO_ENABLE" = "zyes" ; then
+ XMLSEC_NO_MSCRYPTO="0"
+
+ MSCRYPTO_CFLAGS="$MSCRYPTO_CFLAGS -DXMLSEC_CRYPTO_MSCRYPTO=1"
+ case $host in
+ *-*-mingw*)
+ MSCRYPTO_LIBS='-Wl,$(srcdir)/mingw-crypt32.def';;
+ *)
+ MSCRYPTO_LIBS="-lcrypt32";;
+ esac
+
+ XMLSEC_CRYPTO_LIST="$XMLSEC_CRYPTO_LIST mscrypto"
+else
+ XMLSEC_CRYPTO_DISABLED_LIST="$XMLSEC_CRYPTO_DISABLED_LIST mscrypto"
+fi
+
+ if test "z$XMLSEC_NO_MSCRYPTO" = "z1"; then
+ XMLSEC_NO_MSCRYPTO_TRUE=
+ XMLSEC_NO_MSCRYPTO_FALSE='#'
+else
+ XMLSEC_NO_MSCRYPTO_TRUE='#'
+ XMLSEC_NO_MSCRYPTO_FALSE=
+fi
+
+
+
+
+
+
+
+XMLSEC_CRYPTO=""
+XMLSEC_CRYPTO_LIB=""
+XMLSEC_CRYPTO_CFLAGS=""
+XMLSEC_CRYPTO_LIBS=""
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for default crypto library" >&5
+$as_echo_n "checking for default crypto library... " >&6; }
+
+# Check whether --with-default_crypto was given.
+if test "${with_default_crypto+set}" = set; then :
+ withval=$with_default_crypto;
+fi
+
+
+# check the argument
+case "z$with_default_crypto" in
+ 'zmscrypto')
+ if test "z$XMLSEC_NO_MSCRYPTO" != "z1" ; then
+ XMLSEC_CRYPTO="mscrypto"
+ else
+ as_fn_error $? "'$with_default_crypto' is specified as default crypto library but it is not configured or found" "$LINENO" 5
+ fi
+ ;;
+ 'zopenssl')
+ if test "z$XMLSEC_NO_OPENSSL" != "z1" ; then
+ XMLSEC_CRYPTO="openssl"
+ else
+ as_fn_error $? "'$with_default_crypto' is specified as default crypto library but it is not configured or found" "$LINENO" 5
+ fi
+ ;;
+ 'znss')
+ if test "z$XMLSEC_NO_NSS" != "z1" ; then
+ XMLSEC_CRYPTO="nss"
+ else
+ as_fn_error $? "'$with_default_crypto' is specified as default crypto library but it is not configured or found" "$LINENO" 5
+ fi
+ ;;
+ 'zgnutls')
+ if test "z$XMLSEC_NO_GNUTLS" != "z1" ; then
+ XMLSEC_CRYPTO="gnutls"
+ else
+ as_fn_error $? "'$with_default_crypto' is specified as default crypto library but it is not configured or found" "$LINENO" 5
+ fi
+ ;;
+ 'zgcrypt')
+ if test "z$XMLSEC_NO_GCRYPT" != "z1" ; then
+ XMLSEC_CRYPTO="gcrypt"
+ else
+ as_fn_error $? "'$with_default_crypto' is specified as default crypto library but it is not configured or found" "$LINENO" 5
+ fi
+ ;;
+ 'z')
+ if test "z$XMLSEC_NO_MSCRYPTO" != "z1" ; then
+ XMLSEC_CRYPTO="mscrypto"
+ elif test "z$XMLSEC_NO_OPENSSL" != "z1" ; then
+ XMLSEC_CRYPTO="openssl"
+ elif test "z$XMLSEC_NO_NSS" != "z1" ; then
+ XMLSEC_CRYPTO="nss"
+ elif test "z$XMLSEC_NO_GNUTLS" != "z1" ; then
+ XMLSEC_CRYPTO="gnutls"
+ elif test "z$XMLSEC_NO_GCRYPT" != "z1" ; then
+ XMLSEC_CRYPTO="gcrypt"
+ else
+ as_fn_error $? "At least one crypto library should exist for $XMLSEC_PACKAGE" "$LINENO" 5
+ fi
+ ;;
+ *)
+ as_fn_error $? "The value '$with_default_crypto' is not a recongnized crypto library name" "$LINENO" 5
+ ;;
+esac
+
+case "$XMLSEC_CRYPTO" in
+ 'mscrypto')
+ XMLSEC_CRYPTO_LIB="$MSCRYPTO_CRYPTO_LIB"
+ XMLSEC_CRYPTO_CFLAGS="$MSCRYPTO_CFLAGS"
+ XMLSEC_CRYPTO_LIBS="$MSCRYPTO_LIBS"
+ ;;
+ 'openssl')
+ XMLSEC_CRYPTO_LIB="$OPENSSL_CRYPTO_LIB"
+ XMLSEC_CRYPTO_CFLAGS="$OPENSSL_CFLAGS"
+ XMLSEC_CRYPTO_LIBS="$OPENSSL_LIBS"
+ ;;
+ 'nss')
+ XMLSEC_CRYPTO_LIB="$NSS_CRYPTO_LIB"
+ XMLSEC_CRYPTO_CFLAGS="$NSS_CFLAGS"
+ XMLSEC_CRYPTO_LIBS="$NSS_LIBS"
+ ;;
+ 'gnutls')
+ XMLSEC_CRYPTO_LIB="$GNUTLS_CRYPTO_LIB"
+ XMLSEC_CRYPTO_CFLAGS="$GNUTLS_CFLAGS"
+ XMLSEC_CRYPTO_LIBS="$GNUTLS_LIBS"
+ ;;
+ 'gcrypt')
+ XMLSEC_CRYPTO_LIB="$GCRYPT_CRYPTO_LIB"
+ XMLSEC_CRYPTO_CFLAGS="$GCRYPT_CFLAGS"
+ XMLSEC_CRYPTO_LIBS="$GCRYPT_LIBS"
+ ;;
+ *)
+ as_fn_error $? "The value \"$XMLSEC_CRYPTO\" is not a recongnized crypto library name" "$LINENO" 5
+ ;;
+esac
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes ('$XMLSEC_CRYPTO')" >&5
+$as_echo "yes ('$XMLSEC_CRYPTO')" >&6; }
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for MD5 support" >&5
+$as_echo_n "checking for MD5 support... " >&6; }
+# Check whether --enable-md5 was given.
+if test "${enable_md5+set}" = set; then :
+ enableval=$enable_md5;
+fi
+
+if test "z$enable_md5" = "zno" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_MD5=1"
+ XMLSEC_NO_MD5="1"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+else
+ XMLSEC_NO_MD5="0"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+ if test "z$XMLSEC_NO_MD5" = "z1"; then
+ XMLSEC_NO_MD5_TRUE=
+ XMLSEC_NO_MD5_FALSE='#'
+else
+ XMLSEC_NO_MD5_TRUE='#'
+ XMLSEC_NO_MD5_FALSE=
+fi
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for RIPEMD-160 support" >&5
+$as_echo_n "checking for RIPEMD-160 support... " >&6; }
+# Check whether --enable-ripemd160 was given.
+if test "${enable_ripemd160+set}" = set; then :
+ enableval=$enable_ripemd160;
+fi
+
+if test "z$enable_ripemd160" = "zno" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_RIPEMD160=1"
+ XMLSEC_NO_RIPEMD160="1"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+else
+ XMLSEC_NO_RIPEMD160="0"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+ if test "z$XMLSEC_NO_RIPEMD160" = "z1"; then
+ XMLSEC_NO_RIPEMD160_TRUE=
+ XMLSEC_NO_RIPEMD160_FALSE='#'
+else
+ XMLSEC_NO_RIPEMD160_TRUE='#'
+ XMLSEC_NO_RIPEMD160_FALSE=
+fi
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for SHA1 support" >&5
+$as_echo_n "checking for SHA1 support... " >&6; }
+# Check whether --enable-sha1 was given.
+if test "${enable_sha1+set}" = set; then :
+ enableval=$enable_sha1;
+fi
+
+if test "z$enable_sha1" = "zno" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_SHA1=1"
+ XMLSEC_NO_SHA1="1"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+else
+ XMLSEC_NO_SHA1="0"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+ if test "z$XMLSEC_NO_SHA1" = "z1"; then
+ XMLSEC_NO_SHA1_TRUE=
+ XMLSEC_NO_SHA1_FALSE='#'
+else
+ XMLSEC_NO_SHA1_TRUE='#'
+ XMLSEC_NO_SHA1_FALSE=
+fi
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for SHA224 support" >&5
+$as_echo_n "checking for SHA224 support... " >&6; }
+# Check whether --enable-sha224 was given.
+if test "${enable_sha224+set}" = set; then :
+ enableval=$enable_sha224;
+fi
+
+if test "z$enable_sha224" = "zno" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_SHA224=1"
+ XMLSEC_NO_SHA224="1"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+else
+ XMLSEC_NO_SHA224="0"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+ if test "z$XMLSEC_NO_SHA224" = "z1"; then
+ XMLSEC_NO_SHA224_TRUE=
+ XMLSEC_NO_SHA224_FALSE='#'
+else
+ XMLSEC_NO_SHA224_TRUE='#'
+ XMLSEC_NO_SHA224_FALSE=
+fi
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for SHA256 support" >&5
+$as_echo_n "checking for SHA256 support... " >&6; }
+# Check whether --enable-sha256 was given.
+if test "${enable_sha256+set}" = set; then :
+ enableval=$enable_sha256;
+fi
+
+if test "z$enable_sha256" = "zno" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_SHA256=1"
+ XMLSEC_NO_SHA256="1"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+else
+ XMLSEC_NO_SHA256="0"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+ if test "z$XMLSEC_NO_SHA256" = "z1"; then
+ XMLSEC_NO_SHA256_TRUE=
+ XMLSEC_NO_SHA256_FALSE='#'
+else
+ XMLSEC_NO_SHA256_TRUE='#'
+ XMLSEC_NO_SHA256_FALSE=
+fi
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for SHA384 support" >&5
+$as_echo_n "checking for SHA384 support... " >&6; }
+# Check whether --enable-sha384 was given.
+if test "${enable_sha384+set}" = set; then :
+ enableval=$enable_sha384;
+fi
+
+if test "z$enable_sha384" = "zno" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_SHA384=1"
+ XMLSEC_NO_SHA384="1"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+else
+ XMLSEC_NO_SHA384="0"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+ if test "z$XMLSEC_NO_SHA384" = "z1"; then
+ XMLSEC_NO_SHA384_TRUE=
+ XMLSEC_NO_SHA384_FALSE='#'
+else
+ XMLSEC_NO_SHA384_TRUE='#'
+ XMLSEC_NO_SHA384_FALSE=
+fi
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for SHA512 support" >&5
+$as_echo_n "checking for SHA512 support... " >&6; }
+# Check whether --enable-sha512 was given.
+if test "${enable_sha512+set}" = set; then :
+ enableval=$enable_sha512;
+fi
+
+if test "z$enable_sha512" = "zno" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_SHA512=1"
+ XMLSEC_NO_SHA512="1"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+else
+ XMLSEC_NO_SHA512="0"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+ if test "z$XMLSEC_NO_SHA512" = "z1"; then
+ XMLSEC_NO_SHA512_TRUE=
+ XMLSEC_NO_SHA512_FALSE='#'
+else
+ XMLSEC_NO_SHA512_TRUE='#'
+ XMLSEC_NO_SHA512_FALSE=
+fi
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for HMAC support" >&5
+$as_echo_n "checking for HMAC support... " >&6; }
+# Check whether --enable-hmac was given.
+if test "${enable_hmac+set}" = set; then :
+ enableval=$enable_hmac;
+fi
+
+if test "z$enable_hmac" = "zno" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_HMAC=1"
+ XMLSEC_NO_HMAC="1"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+else
+ XMLSEC_NO_HMAC="0"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+ if test "z$XMLSEC_NO_HMAC" = "z1"; then
+ XMLSEC_NO_HMAC_TRUE=
+ XMLSEC_NO_HMAC_FALSE='#'
+else
+ XMLSEC_NO_HMAC_TRUE='#'
+ XMLSEC_NO_HMAC_FALSE=
+fi
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for DSA support" >&5
+$as_echo_n "checking for DSA support... " >&6; }
+# Check whether --enable-dsa was given.
+if test "${enable_dsa+set}" = set; then :
+ enableval=$enable_dsa;
+fi
+
+if test "z$enable_dsa" = "zno" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_DSA=1"
+ XMLSEC_NO_DSA="1"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+else
+ XMLSEC_NO_DSA="0"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+ if test "z$XMLSEC_NO_DSA" = "z1"; then
+ XMLSEC_NO_DSA_TRUE=
+ XMLSEC_NO_DSA_FALSE='#'
+else
+ XMLSEC_NO_DSA_TRUE='#'
+ XMLSEC_NO_DSA_FALSE=
+fi
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for RSA support" >&5
+$as_echo_n "checking for RSA support... " >&6; }
+# Check whether --enable-rsa was given.
+if test "${enable_rsa+set}" = set; then :
+ enableval=$enable_rsa;
+fi
+
+if test "z$enable_rsa" = "zno" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_RSA=1"
+ XMLSEC_NO_RSA="1"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+else
+ XMLSEC_NO_RSA="0"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+ if test "z$XMLSEC_NO_RSA" = "z1"; then
+ XMLSEC_NO_RSA_TRUE=
+ XMLSEC_NO_RSA_FALSE='#'
+else
+ XMLSEC_NO_RSA_TRUE='#'
+ XMLSEC_NO_RSA_FALSE=
+fi
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for x509 support" >&5
+$as_echo_n "checking for x509 support... " >&6; }
+# Check whether --enable-x509 was given.
+if test "${enable_x509+set}" = set; then :
+ enableval=$enable_x509;
+fi
+
+if test "z$enable_x509" = "zno" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_X509=1"
+ XMLSEC_NO_X509="1"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+else
+ XMLSEC_NO_X509="0"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+ if test "z$XMLSEC_NO_X509" = "z1"; then
+ XMLSEC_NO_X509_TRUE=
+ XMLSEC_NO_X509_FALSE='#'
+else
+ XMLSEC_NO_X509_TRUE='#'
+ XMLSEC_NO_X509_FALSE=
+fi
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for DES support" >&5
+$as_echo_n "checking for DES support... " >&6; }
+# Check whether --enable-des was given.
+if test "${enable_des+set}" = set; then :
+ enableval=$enable_des;
+fi
+
+if test "z$enable_des" = "zno" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_DES=1"
+ XMLSEC_NO_DES="1"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+else
+ XMLSEC_NO_DES="0"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+ if test "z$XMLSEC_NO_DES" = "z1"; then
+ XMLSEC_NO_DES_TRUE=
+ XMLSEC_NO_DES_FALSE='#'
+else
+ XMLSEC_NO_DES_TRUE='#'
+ XMLSEC_NO_DES_FALSE=
+fi
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for AES support" >&5
+$as_echo_n "checking for AES support... " >&6; }
+# Check whether --enable-aes was given.
+if test "${enable_aes+set}" = set; then :
+ enableval=$enable_aes;
+fi
+
+if test "z$enable_aes" = "zno" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_AES=1"
+ XMLSEC_NO_AES="1"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+else
+ XMLSEC_NO_AES="0"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+ if test "z$XMLSEC_NO_AES" = "z1"; then
+ XMLSEC_NO_AES_TRUE=
+ XMLSEC_NO_AES_FALSE='#'
+else
+ XMLSEC_NO_AES_TRUE='#'
+ XMLSEC_NO_AES_FALSE=
+fi
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GOST support" >&5
+$as_echo_n "checking for GOST support... " >&6; }
+# Check whether --enable-gost was given.
+if test "${enable_gost+set}" = set; then :
+ enableval=$enable_gost;
+fi
+
+if test "z$enable_gost" != "zyes" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_GOST=1"
+ XMLSEC_NO_GOST="1"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+else
+ XMLSEC_NO_GOST="0"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+ if test "z$XMLSEC_NO_GOST" = "z1"; then
+ XMLSEC_NO_GOST_TRUE=
+ XMLSEC_NO_GOST_FALSE='#'
+else
+ XMLSEC_NO_GOST_TRUE='#'
+ XMLSEC_NO_GOST_FALSE=
+fi
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for XMLDSig support" >&5
+$as_echo_n "checking for XMLDSig support... " >&6; }
+# Check whether --enable-xmldsig was given.
+if test "${enable_xmldsig+set}" = set; then :
+ enableval=$enable_xmldsig;
+fi
+
+if test "z$enable_xmldsig" = "zno" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_XMLDSIG=1"
+ XMLSEC_NO_XMLDSIG="1"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+else
+ XMLSEC_NO_XMLDSIG="0"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+ if test "z$XMLSEC_NO_XMLDSIG" = "z1"; then
+ XMLSEC_NO_XMLDSIG_TRUE=
+ XMLSEC_NO_XMLDSIG_FALSE='#'
+else
+ XMLSEC_NO_XMLDSIG_TRUE='#'
+ XMLSEC_NO_XMLDSIG_FALSE=
+fi
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for XMLEnc support" >&5
+$as_echo_n "checking for XMLEnc support... " >&6; }
+# Check whether --enable-xmlenc was given.
+if test "${enable_xmlenc+set}" = set; then :
+ enableval=$enable_xmlenc;
+fi
+
+if test "z$enable_xmlenc" = "zno" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_XMLENC=1"
+ XMLSEC_NO_XMLENC="1"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+else
+ XMLSEC_NO_XMLENC="0"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+ if test "z$XMLSEC_NO_XMLENC" = "z1"; then
+ XMLSEC_NO_XMLENC_TRUE=
+ XMLSEC_NO_XMLENC_FALSE='#'
+else
+ XMLSEC_NO_XMLENC_TRUE='#'
+ XMLSEC_NO_XMLENC_FALSE=
+fi
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for XMKMS support - under development" >&5
+$as_echo_n "checking for XMKMS support - under development... " >&6; }
+# Check whether --enable-xkms was given.
+if test "${enable_xkms+set}" = set; then :
+ enableval=$enable_xkms;
+fi
+
+if test "z$enable_xkms" = "zyes" ; then
+ XMLSEC_NO_XKMS="0"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_XKMS=1"
+ XMLSEC_NO_XKMS="1"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+ if test "z$XMLSEC_NO_XKMS" = "z1"; then
+ XMLSEC_NO_XKMS_TRUE=
+ XMLSEC_NO_XKMS_FALSE='#'
+else
+ XMLSEC_NO_XKMS_TRUE='#'
+ XMLSEC_NO_XKMS_FALSE=
+fi
+
+
+
+XMLSEC_DL_INCLUDES=""
+XMLSEC_DL_LIBS=""
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for xmlsec-crypto dynamic loading support" >&5
+$as_echo_n "checking for xmlsec-crypto dynamic loading support... " >&6; }
+# Check whether --enable-crypto_dl was given.
+if test "${enable_crypto_dl+set}" = set; then :
+ enableval=$enable_crypto_dl;
+fi
+
+if test "z$enable_crypto_dl" = "zno" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_CRYPTO_DYNAMIC_LOADING=1"
+ XMLSEC_NO_CRYPTO_DYNAMIC_LOADING="1"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+else
+ ac_fn_c_check_header_mongrel "$LINENO" "ltdl.h" "ac_cv_header_ltdl_h" "$ac_includes_default"
+if test "x$ac_cv_header_ltdl_h" = x""yes; then :
+
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_DL_LIBLTDL=1",
+ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for lt_dlopenext in -lltdl" >&5
+$as_echo_n "checking for lt_dlopenext in -lltdl... " >&6; }
+if test "${ac_cv_lib_ltdl_lt_dlopenext+set}" = set; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_check_lib_save_LIBS=$LIBS
+LIBS="-lltdl $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h. */
+
+/* Override any GCC internal prototype to avoid an error.
+ Use char because int might match the return type of a GCC
+ builtin and then its argument prototype would still apply. */
+#ifdef __cplusplus
+extern "C"
+#endif
+char lt_dlopenext ();
+int
+main ()
+{
+return lt_dlopenext ();
+ ;
+ return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+ ac_cv_lib_ltdl_lt_dlopenext=yes
+else
+ ac_cv_lib_ltdl_lt_dlopenext=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ltdl_lt_dlopenext" >&5
+$as_echo "$ac_cv_lib_ltdl_lt_dlopenext" >&6; }
+if test "x$ac_cv_lib_ltdl_lt_dlopenext" = x""yes; then :
+ LIBLTDL=-lltdl
+else
+ LIBLTDL=
+
+fi
+
+else
+ LIBLTDL=
+
+fi
+
+
+
+ if test "z$LIBLTDL" != "z" ; then
+ XMLSEC_DL_INCLUDES="$INCLTDL"
+ XMLSEC_DL_LIBS="$LIBLTDL"
+ XMLSEC_NO_CRYPTO_DYNAMIC_LOADING="0"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+ else
+ as_fn_error $? "libltdl is required for xmlsec-crypto dynamic loading" "$LINENO" 5
+ fi
+fi
+ if test "z$XMLSEC_NO_CRYPTO_DYNAMIC_LOADING" = "z1"; then
+ XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE=
+ XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE='#'
+else
+ XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE='#'
+ XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE=
+fi
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for xmlsec-crypto dynamic loading support in command line tool" >&5
+$as_echo_n "checking for xmlsec-crypto dynamic loading support in command line tool... " >&6; }
+# Check whether --enable-apps_crypto_dl was given.
+if test "${enable_apps_crypto_dl+set}" = set; then :
+ enableval=$enable_apps_crypto_dl;
+fi
+
+if test "z$enable_apps_crypto_dl" = "z" ; then
+ enable_apps_crypto_dl="$enable_crypto_dl"
+fi
+if test "z$enable_apps_crypto_dl" = "zno" ; then
+ XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING="1"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+elif test "z$enable_crypto_dl" = "zno" ; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+ as_fn_error $? "xmlsec-crypto libraries dynamic loading support in xmlsec command line tool is requested but no dynamic loading in xmlsec itself is disabled" "$LINENO" 5
+else
+ XMLSEC_APP_DEFINES="$XMLSEC_APP_DEFINES -DXMLSEC_CRYPTO_DYNAMIC_LOADING=1"
+ XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING="0"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+ if test "z$XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING" = "z1"; then
+ XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE=
+ XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE='#'
+else
+ XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE='#'
+ XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE=
+fi
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for docs folder" >&5
+$as_echo_n "checking for docs folder... " >&6; }
+
+# Check whether --with-html-dir was given.
+if test "${with_html_dir+set}" = set; then :
+ withval=$with_html_dir;
+fi
+
+if test "z$with_html_dir" != "z" ; then
+ XMLSEC_DOCDIR=$with_html_dir
+else
+ XMLSEC_DOCDIR='$(datadir)/doc/xmlsec1'
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $XMLSEC_DOCDIR" >&5
+$as_echo "$XMLSEC_DOCDIR" >&6; }
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for Simple Keys Manager testing" >&5
+$as_echo_n "checking for Simple Keys Manager testing... " >&6; }
+# Check whether --enable-skm was given.
+if test "${enable_skm+set}" = set; then :
+ enableval=$enable_skm;
+fi
+
+if test "z$enable_skm" = "zno" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_SKM_TEST=1"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for templates testing" >&5
+$as_echo_n "checking for templates testing... " >&6; }
+# Check whether --enable-tmpl_tests was given.
+if test "${enable_tmpl_tests+set}" = set; then :
+ enableval=$enable_tmpl_tests;
+fi
+
+if test "z$enable_tmpl_tests" = "zyes" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_TMPL_TEST=1"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for debuging" >&5
+$as_echo_n "checking for debuging... " >&6; }
+# Check whether --enable-debuging was given.
+if test "${enable_debuging+set}" = set; then :
+ enableval=$enable_debuging;
+fi
+
+if test "z$enable_debuging" = "zyes" ; then
+ CFLAGS="$CFLAGS -g"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for profiling" >&5
+$as_echo_n "checking for profiling... " >&6; }
+# Check whether --enable-profiling was given.
+if test "${enable_profiling+set}" = set; then :
+ enableval=$enable_profiling;
+fi
+
+if test "z$enable_profiling" = "zyes" ; then
+ CFLAGS="$CFLAGS -pg"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for pedantic" >&5
+$as_echo_n "checking for pedantic... " >&6; }
+# Check whether --enable-pedantic was given.
+if test "${enable_pedantic+set}" = set; then :
+ enableval=$enable_pedantic;
+fi
+
+if test "z$enable_pedantic" = "zyes" ; then
+ CFLAGS="$CFLAGS -O -pedantic -Wall -ansi -fno-inline -W -Wunused -Wimplicit -Wreturn-type -Wswitch -Wcomment -Wtrigraphs -Wformat -Wchar-subscripts -Wuninitialized -Wparentheses -Wshadow -Wpointer-arith -Wcast-align -Wwrite-strings -Waggregate-return -Wmissing-prototypes -Wnested-externs -Winline -Wredundant-decls"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+XMLSEC_STATIC_BINARIES=""
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for static linking" >&5
+$as_echo_n "checking for static linking... " >&6; }
+# Check whether --enable-static_linking was given.
+if test "${enable_static_linking+set}" = set; then :
+ enableval=$enable_static_linking;
+fi
+
+if test "z$enable_static_linking" = "zyes" ; then
+ XMLSEC_STATIC_BINARIES="-static"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+XMLSEC_CORE_CFLAGS="$XMLSEC_DEFINES -I${includedir}/xmlsec1 $XMLSEC_DL_INCLUDES"
+XMLSEC_CORE_LIBS="-lxmlsec1 $XMLSEC_DL_LIBS "
+
+
+
+XMLSEC_LIBDIR="${libdir}"
+
+
+XMLSEC_OPENSSL_CFLAGS="$XMLSEC_CORE_CFLAGS $OPENSSL_CFLAGS"
+XMLSEC_OPENSSL_LIBS="-L${libdir} -l$OPENSSL_CRYPTO_LIB $XMLSEC_CORE_LIBS $OPENSSL_LIBS"
+
+
+
+XMLSEC_GCRYPT_CFLAGS="$XMLSEC_CORE_CFLAGS $GCRYPT_CFLAGS"
+XMLSEC_GCRYPT_LIBS="-L${libdir} -l$GCRYPT_CRYPTO_LIB $XMLSEC_CORE_LIBS $GCRYPT_LIBS"
+
+
+
+# xmlsec-gnutls is using xmlsec-gcrypt
+XMLSEC_GNUTLS_CFLAGS="$XMLSEC_CORE_CFLAGS $GNUTLS_CFLAGS"
+XMLSEC_GNUTLS_LIBS="-L${libdir} -l$GNUTLS_CRYPTO_LIB -l$GCRYPT_CRYPTO_LIB $XMLSEC_CORE_LIBS $GNUTLS_LIBS"
+
+
+
+XMLSEC_NSS_CFLAGS="$XMLSEC_CORE_CFLAGS $NSS_CFLAGS"
+XMLSEC_NSS_LIBS="-L${libdir} -l$NSS_CRYPTO_LIB $XMLSEC_CORE_LIBS $NSS_LIBS"
+
+
+
+
+XMLSEC_CFLAGS="$XMLSEC_CORE_CFLAGS $LIBXML_CFLAGS $LIBXSLT_CFLAGS $XMLSEC_CRYPTO_CFLAGS"
+XMLSEC_LIBS="-L${libdir} -l$XMLSEC_CRYPTO_LIB $XMLSEC_CORE_LIBS $LIBXML_LIBS $LIBXSLT_LIBS $XMLSEC_CRYPTO_LIBS"
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+XMLSEC_CRYPTO_PC_FILES_LIST=""
+for i in $XMLSEC_CRYPTO_LIST ; do
+ test x$i = xmscrypto && continue
+ XMLSEC_CRYPTO_PC_FILES_LIST="$XMLSEC_CRYPTO_PC_FILES_LIST $XMLSEC_PACKAGE-$i.pc"
+done
+
+
+if test "z$XMLSEC_NO_OPENSSL" != "z1" ; then
+ac_config_files="$ac_config_files include/xmlsec/openssl/Makefile src/openssl/Makefile"
+
+fi
+
+if test "z$XMLSEC_NO_GNUTLS" != "z1" ; then
+ac_config_files="$ac_config_files include/xmlsec/gnutls/Makefile src/gnutls/Makefile"
+
+fi
+
+if test "z$XMLSEC_NO_GCRYPT" != "z1" ; then
+ac_config_files="$ac_config_files include/xmlsec/gcrypt/Makefile src/gcrypt/Makefile"
+
+fi
+
+if test "z$XMLSEC_NO_NSS" != "z1" ; then
+ac_config_files="$ac_config_files include/xmlsec/nss/Makefile src/nss/Makefile"
+
+fi
+
+if test "z$XMLSEC_NO_MSCRYPTO" != "z1" ; then
+ac_config_files="$ac_config_files include/xmlsec/mscrypto/Makefile src/mscrypto/Makefile"
+
+fi
+
+if test "z$XMLSEC_NO_CRYPTO_DYNAMIC_LOADING" = "z1" ; then
+(rm -f xmlsec1.pc && $LN_S xmlsec1-$XMLSEC_CRYPTO.pc xmlsec1.pc)
+else
+ac_config_files="$ac_config_files xmlsec1.pc:xmlsec.pc.in"
+
+fi
+
+ac_config_files="$ac_config_files include/xmlsec/version.h Makefile include/Makefile include/xmlsec/Makefile include/xmlsec/private/Makefile src/Makefile apps/Makefile docs/Makefile docs/api/Makefile man/Makefile xmlsec1Conf.sh:xmlsecConf.sh.in xmlsec1-config:xmlsec-config.in xmlsec1-openssl.pc:xmlsec-openssl.pc.in xmlsec1-gnutls.pc:xmlsec-gnutls.pc.in xmlsec1-gcrypt.pc:xmlsec-gcrypt.pc.in xmlsec1-nss.pc:xmlsec-nss.pc.in xmlsec1.spec:xmlsec.spec.in"
+
+cat >confcache <<\_ACEOF
+# This file is a shell script that caches the results of configure
+# tests run on this system so they can be shared between configure
+# scripts and configure runs, see configure's option --config-cache.
+# It is not useful on other systems. If it contains results you don't
+# want to keep, you may remove or edit it.
+#
+# config.status only pays attention to the cache file if you give it
+# the --recheck option to rerun configure.
+#
+# `ac_cv_env_foo' variables (set or unset) will be overridden when
+# loading this file, other *unset* `ac_cv_foo' will be assigned the
+# following values.
+
+_ACEOF
+
+# The following way of writing the cache mishandles newlines in values,
+# but we know of no workaround that is simple, portable, and efficient.
+# So, we kill variables containing newlines.
+# Ultrix sh set writes to stderr and can't be redirected directly,
+# and sets the high bit in the cache file unless we assign to the vars.
+(
+ for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
+ eval ac_val=\$$ac_var
+ case $ac_val in #(
+ *${as_nl}*)
+ case $ac_var in #(
+ *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+ esac
+ case $ac_var in #(
+ _ | IFS | as_nl) ;; #(
+ BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+ *) { eval $ac_var=; unset $ac_var;} ;;
+ esac ;;
+ esac
+ done
+
+ (set) 2>&1 |
+ case $as_nl`(ac_space=' '; set) 2>&1` in #(
+ *${as_nl}ac_space=\ *)
+ # `set' does not quote correctly, so add quotes: double-quote
+ # substitution turns \\\\ into \\, and sed turns \\ into \.
+ sed -n \
+ "s/'/'\\\\''/g;
+ s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
+ ;; #(
+ *)
+ # `set' quotes correctly as required by POSIX, so do not add quotes.
+ sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+ ;;
+ esac |
+ sort
+) |
+ sed '
+ /^ac_cv_env_/b end
+ t clear
+ :clear
+ s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
+ t end
+ s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
+ :end' >>confcache
+if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
+ if test -w "$cache_file"; then
+ test "x$cache_file" != "x/dev/null" &&
+ { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
+$as_echo "$as_me: updating cache $cache_file" >&6;}
+ cat confcache >$cache_file
+ else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
+$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
+ fi
+fi
+rm -f confcache
+
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+# Let make expand exec_prefix.
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+DEFS=-DHAVE_CONFIG_H
+
+ac_libobjs=
+ac_ltlibobjs=
+for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
+ # 1. Remove the extension, and $U if already installed.
+ ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
+ ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
+ # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR
+ # will be set to the directory where LIBOBJS objects are built.
+ as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
+ as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo'
+done
+LIBOBJS=$ac_libobjs
+
+LTLIBOBJS=$ac_ltlibobjs
+
+
+ if test -n "$EXEEXT"; then
+ am__EXEEXT_TRUE=
+ am__EXEEXT_FALSE='#'
+else
+ am__EXEEXT_TRUE='#'
+ am__EXEEXT_FALSE=
+fi
+
+if test -z "${MAINTAINER_MODE_TRUE}" && test -z "${MAINTAINER_MODE_FALSE}"; then
+ as_fn_error $? "conditional \"MAINTAINER_MODE\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then
+ as_fn_error $? "conditional \"AMDEP\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then
+ as_fn_error $? "conditional \"am__fastdepCC\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${SHAREDLIB_HACK_TRUE}" && test -z "${SHAREDLIB_HACK_FALSE}"; then
+ as_fn_error $? "conditional \"SHAREDLIB_HACK\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${XMLSEC_NO_OPENSSL_TRUE}" && test -z "${XMLSEC_NO_OPENSSL_FALSE}"; then
+ as_fn_error $? "conditional \"XMLSEC_NO_OPENSSL\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${XMLSEC_NO_NSS_TRUE}" && test -z "${XMLSEC_NO_NSS_FALSE}"; then
+ as_fn_error $? "conditional \"XMLSEC_NO_NSS\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${XMLSEC_NO_GCRYPT_TRUE}" && test -z "${XMLSEC_NO_GCRYPT_FALSE}"; then
+ as_fn_error $? "conditional \"XMLSEC_NO_GCRYPT\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${XMLSEC_NO_GNUTLS_TRUE}" && test -z "${XMLSEC_NO_GNUTLS_FALSE}"; then
+ as_fn_error $? "conditional \"XMLSEC_NO_GNUTLS\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${XMLSEC_NO_MSCRYPTO_TRUE}" && test -z "${XMLSEC_NO_MSCRYPTO_FALSE}"; then
+ as_fn_error $? "conditional \"XMLSEC_NO_MSCRYPTO\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${XMLSEC_NO_MD5_TRUE}" && test -z "${XMLSEC_NO_MD5_FALSE}"; then
+ as_fn_error $? "conditional \"XMLSEC_NO_MD5\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${XMLSEC_NO_RIPEMD160_TRUE}" && test -z "${XMLSEC_NO_RIPEMD160_FALSE}"; then
+ as_fn_error $? "conditional \"XMLSEC_NO_RIPEMD160\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${XMLSEC_NO_SHA1_TRUE}" && test -z "${XMLSEC_NO_SHA1_FALSE}"; then
+ as_fn_error $? "conditional \"XMLSEC_NO_SHA1\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${XMLSEC_NO_SHA224_TRUE}" && test -z "${XMLSEC_NO_SHA224_FALSE}"; then
+ as_fn_error $? "conditional \"XMLSEC_NO_SHA224\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${XMLSEC_NO_SHA256_TRUE}" && test -z "${XMLSEC_NO_SHA256_FALSE}"; then
+ as_fn_error $? "conditional \"XMLSEC_NO_SHA256\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${XMLSEC_NO_SHA384_TRUE}" && test -z "${XMLSEC_NO_SHA384_FALSE}"; then
+ as_fn_error $? "conditional \"XMLSEC_NO_SHA384\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${XMLSEC_NO_SHA512_TRUE}" && test -z "${XMLSEC_NO_SHA512_FALSE}"; then
+ as_fn_error $? "conditional \"XMLSEC_NO_SHA512\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${XMLSEC_NO_HMAC_TRUE}" && test -z "${XMLSEC_NO_HMAC_FALSE}"; then
+ as_fn_error $? "conditional \"XMLSEC_NO_HMAC\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${XMLSEC_NO_DSA_TRUE}" && test -z "${XMLSEC_NO_DSA_FALSE}"; then
+ as_fn_error $? "conditional \"XMLSEC_NO_DSA\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${XMLSEC_NO_RSA_TRUE}" && test -z "${XMLSEC_NO_RSA_FALSE}"; then
+ as_fn_error $? "conditional \"XMLSEC_NO_RSA\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${XMLSEC_NO_X509_TRUE}" && test -z "${XMLSEC_NO_X509_FALSE}"; then
+ as_fn_error $? "conditional \"XMLSEC_NO_X509\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${XMLSEC_NO_DES_TRUE}" && test -z "${XMLSEC_NO_DES_FALSE}"; then
+ as_fn_error $? "conditional \"XMLSEC_NO_DES\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${XMLSEC_NO_AES_TRUE}" && test -z "${XMLSEC_NO_AES_FALSE}"; then
+ as_fn_error $? "conditional \"XMLSEC_NO_AES\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${XMLSEC_NO_GOST_TRUE}" && test -z "${XMLSEC_NO_GOST_FALSE}"; then
+ as_fn_error $? "conditional \"XMLSEC_NO_GOST\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${XMLSEC_NO_XMLDSIG_TRUE}" && test -z "${XMLSEC_NO_XMLDSIG_FALSE}"; then
+ as_fn_error $? "conditional \"XMLSEC_NO_XMLDSIG\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${XMLSEC_NO_XMLENC_TRUE}" && test -z "${XMLSEC_NO_XMLENC_FALSE}"; then
+ as_fn_error $? "conditional \"XMLSEC_NO_XMLENC\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${XMLSEC_NO_XKMS_TRUE}" && test -z "${XMLSEC_NO_XKMS_FALSE}"; then
+ as_fn_error $? "conditional \"XMLSEC_NO_XKMS\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_TRUE}" && test -z "${XMLSEC_NO_CRYPTO_DYNAMIC_LOADING_FALSE}"; then
+ as_fn_error $? "conditional \"XMLSEC_NO_CRYPTO_DYNAMIC_LOADING\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_TRUE}" && test -z "${XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING_FALSE}"; then
+ as_fn_error $? "conditional \"XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+
+: ${CONFIG_STATUS=./config.status}
+ac_write_fail=0
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files $CONFIG_STATUS"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
+$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
+as_write_fail=0
+cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
+#! $SHELL
+# Generated by $as_me.
+# Run this file to recreate the current configuration.
+# Compiler output produced by configure, useful for debugging
+# configure, is in config.log if it exists.
+
+debug=false
+ac_cs_recheck=false
+ac_cs_silent=false
+
+SHELL=\${CONFIG_SHELL-$SHELL}
+export SHELL
+_ASEOF
+cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+ emulate sh
+ NULLCMD=:
+ # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '${1+"$@"}'='"$@"'
+ setopt NO_GLOB_SUBST
+else
+ case `(set -o) 2>/dev/null` in #(
+ *posix*) :
+ set -o posix ;; #(
+ *) :
+ ;;
+esac
+fi
+
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+# Prefer a ksh shell builtin over an external printf program on Solaris,
+# but without wasting forks for bash or zsh.
+if test -z "$BASH_VERSION$ZSH_VERSION" \
+ && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='print -r --'
+ as_echo_n='print -rn --'
+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+ as_echo='printf %s\n'
+ as_echo_n='printf %s'
+else
+ if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+ as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+ as_echo_n='/usr/ucb/echo -n'
+ else
+ as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+ as_echo_n_body='eval
+ arg=$1;
+ case $arg in #(
+ *"$as_nl"*)
+ expr "X$arg" : "X\\(.*\\)$as_nl";
+ arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+ esac;
+ expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+ '
+ export as_echo_n_body
+ as_echo_n='sh -c $as_echo_n_body as_echo'
+ fi
+ export as_echo_body
+ as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+ PATH_SEPARATOR=:
+ (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+ (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+ PATH_SEPARATOR=';'
+ }
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order. Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" "" $as_nl"
+
+# Find who we are. Look in the path if we contain no directory separator.
+case $0 in #((
+ *[\\/]* ) as_myself=$0 ;;
+ *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+ done
+IFS=$as_save_IFS
+
+ ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+ as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+ $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+ exit 1
+fi
+
+# Unset variables that we do not need and which cause bugs (e.g. in
+# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1"
+# suppresses any "Segmentation fault" message there. '((' could
+# trigger a bug in pdksh 5.2.14.
+for as_var in BASH_ENV ENV MAIL MAILPATH
+do eval test x\${$as_var+set} = xset \
+ && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# CDPATH.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+
+# as_fn_error STATUS ERROR [LINENO LOG_FD]
+# ----------------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with STATUS, using 1 if that was 0.
+as_fn_error ()
+{
+ as_status=$1; test $as_status -eq 0 && as_status=1
+ if test "$4"; then
+ as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+ $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+ fi
+ $as_echo "$as_me: error: $2" >&2
+ as_fn_exit $as_status
+} # as_fn_error
+
+
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+ return $1
+} # as_fn_set_status
+
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+ set +e
+ as_fn_set_status $1
+ exit $1
+} # as_fn_exit
+
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+ { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+ eval 'as_fn_append ()
+ {
+ eval $1+=\$2
+ }'
+else
+ as_fn_append ()
+ {
+ eval $1=\$$1\$2
+ }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+ eval 'as_fn_arith ()
+ {
+ as_val=$(( $* ))
+ }'
+else
+ as_fn_arith ()
+ {
+ as_val=`expr "$@" || test $? -eq 1`
+ }
+fi # as_fn_arith
+
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+ test "X`expr 00001 : '.*\(...\)'`" = X001; then
+ as_expr=expr
+else
+ as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+ as_basename=basename
+else
+ as_basename=false
+fi
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+ as_dirname=dirname
+else
+ as_dirname=false
+fi
+
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+ X"$0" : 'X\(//\)$' \| \
+ X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+ sed '/^.*\/\([^/][^/]*\)\/*$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\/\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in #(((((
+-n*)
+ case `echo 'xy\c'` in
+ *c*) ECHO_T=' ';; # ECHO_T is single tab character.
+ xy) ECHO_C='\c';;
+ *) echo `echo ksh88 bug on AIX 6.1` > /dev/null
+ ECHO_T=' ';;
+ esac;;
+*)
+ ECHO_N='-n';;
+esac
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+ rm -f conf$$.dir/conf$$.file
+else
+ rm -f conf$$.dir
+ mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+ if ln -s conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s='ln -s'
+ # ... but there are two gotchas:
+ # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+ # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+ # In both cases, we have to default to `cp -p'.
+ ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+ as_ln_s='cp -p'
+ elif ln conf$$.file conf$$ 2>/dev/null; then
+ as_ln_s=ln
+ else
+ as_ln_s='cp -p'
+ fi
+else
+ as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+ case $as_dir in #(
+ -*) as_dir=./$as_dir;;
+ esac
+ test -d "$as_dir" || eval $as_mkdir_p || {
+ as_dirs=
+ while :; do
+ case $as_dir in #(
+ *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+ *) as_qdir=$as_dir;;
+ esac
+ as_dirs="'$as_qdir' $as_dirs"
+ as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$as_dir" : 'X\(//\)[^/]' \| \
+ X"$as_dir" : 'X\(//\)$' \| \
+ X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ test -d "$as_dir" && break
+ done
+ test -z "$as_dirs" || eval "mkdir $as_dirs"
+ } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
+
+
+} # as_fn_mkdir_p
+if mkdir -p . 2>/dev/null; then
+ as_mkdir_p='mkdir -p "$as_dir"'
+else
+ test -d ./-p && rmdir ./-p
+ as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+ as_test_x='test -x'
+else
+ if ls -dL / >/dev/null 2>&1; then
+ as_ls_L_option=L
+ else
+ as_ls_L_option=
+ fi
+ as_test_x='
+ eval sh -c '\''
+ if test -d "$1"; then
+ test -d "$1/.";
+ else
+ case $1 in #(
+ -*)set "./$1";;
+ esac;
+ case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #((
+ ???[sx]*):;;*)false;;esac;fi
+ '\'' sh
+ '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+exec 6>&1
+## ----------------------------------- ##
+## Main body of $CONFIG_STATUS script. ##
+## ----------------------------------- ##
+_ASEOF
+test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# Save the log message, to keep $0 and so on meaningful, and to
+# report actual input values of CONFIG_FILES etc. instead of their
+# values after options handling.
+ac_log="
+This file was extended by xmlsec1 $as_me 1.2.18, which was
+generated by GNU Autoconf 2.67. Invocation command line was
+
+ CONFIG_FILES = $CONFIG_FILES
+ CONFIG_HEADERS = $CONFIG_HEADERS
+ CONFIG_LINKS = $CONFIG_LINKS
+ CONFIG_COMMANDS = $CONFIG_COMMANDS
+ $ $0 $@
+
+on `(hostname || uname -n) 2>/dev/null | sed 1q`
+"
+
+_ACEOF
+
+case $ac_config_files in *"
+"*) set x $ac_config_files; shift; ac_config_files=$*;;
+esac
+
+case $ac_config_headers in *"
+"*) set x $ac_config_headers; shift; ac_config_headers=$*;;
+esac
+
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+# Files that config.status was made for.
+config_files="$ac_config_files"
+config_headers="$ac_config_headers"
+config_commands="$ac_config_commands"
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ac_cs_usage="\
+\`$as_me' instantiates files and other configuration actions
+from templates according to the current configuration. Unless the files
+and actions are specified as TAGs, all are instantiated by default.
+
+Usage: $0 [OPTION]... [TAG]...
+
+ -h, --help print this help, then exit
+ -V, --version print version number and configuration settings, then exit
+ --config print configuration, then exit
+ -q, --quiet, --silent
+ do not print progress messages
+ -d, --debug don't remove temporary files
+ --recheck update $as_me by reconfiguring in the same conditions
+ --file=FILE[:TEMPLATE]
+ instantiate the configuration file FILE
+ --header=FILE[:TEMPLATE]
+ instantiate the configuration header FILE
+
+Configuration files:
+$config_files
+
+Configuration headers:
+$config_headers
+
+Configuration commands:
+$config_commands
+
+Report bugs to <http://www.aleksey.com/xmlsec>."
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
+ac_cs_version="\\
+xmlsec1 config.status 1.2.18
+configured by $0, generated by GNU Autoconf 2.67,
+ with options \\"\$ac_cs_config\\"
+
+Copyright (C) 2010 Free Software Foundation, Inc.
+This config.status script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it."
+
+ac_pwd='$ac_pwd'
+srcdir='$srcdir'
+INSTALL='$INSTALL'
+MKDIR_P='$MKDIR_P'
+AWK='$AWK'
+test -n "\$AWK" || AWK=awk
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# The default lists apply if the user does not specify any file.
+ac_need_defaults=:
+while test $# != 0
+do
+ case $1 in
+ --*=?*)
+ ac_option=`expr "X$1" : 'X\([^=]*\)='`
+ ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
+ ac_shift=:
+ ;;
+ --*=)
+ ac_option=`expr "X$1" : 'X\([^=]*\)='`
+ ac_optarg=
+ ac_shift=:
+ ;;
+ *)
+ ac_option=$1
+ ac_optarg=$2
+ ac_shift=shift
+ ;;
+ esac
+
+ case $ac_option in
+ # Handling of the options.
+ -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+ ac_cs_recheck=: ;;
+ --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
+ $as_echo "$ac_cs_version"; exit ;;
+ --config | --confi | --conf | --con | --co | --c )
+ $as_echo "$ac_cs_config"; exit ;;
+ --debug | --debu | --deb | --de | --d | -d )
+ debug=: ;;
+ --file | --fil | --fi | --f )
+ $ac_shift
+ case $ac_optarg in
+ *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ '') as_fn_error $? "missing file argument" ;;
+ esac
+ as_fn_append CONFIG_FILES " '$ac_optarg'"
+ ac_need_defaults=false;;
+ --header | --heade | --head | --hea )
+ $ac_shift
+ case $ac_optarg in
+ *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+ esac
+ as_fn_append CONFIG_HEADERS " '$ac_optarg'"
+ ac_need_defaults=false;;
+ --he | --h)
+ # Conflict between --help and --header
+ as_fn_error $? "ambiguous option: \`$1'
+Try \`$0 --help' for more information.";;
+ --help | --hel | -h )
+ $as_echo "$ac_cs_usage"; exit ;;
+ -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+ | -silent | --silent | --silen | --sile | --sil | --si | --s)
+ ac_cs_silent=: ;;
+
+ # This is an error.
+ -*) as_fn_error $? "unrecognized option: \`$1'
+Try \`$0 --help' for more information." ;;
+
+ *) as_fn_append ac_config_targets " $1"
+ ac_need_defaults=false ;;
+
+ esac
+ shift
+done
+
+ac_configure_extra_args=
+
+if $ac_cs_silent; then
+ exec 6>/dev/null
+ ac_configure_extra_args="$ac_configure_extra_args --silent"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+if \$ac_cs_recheck; then
+ set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+ shift
+ \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
+ CONFIG_SHELL='$SHELL'
+ export CONFIG_SHELL
+ exec "\$@"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+exec 5>>config.log
+{
+ echo
+ sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
+## Running $as_me. ##
+_ASBOX
+ $as_echo "$ac_log"
+} >&5
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+#
+# INIT-COMMANDS
+#
+AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"
+
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+sed_quote_subst='$sed_quote_subst'
+double_quote_subst='$double_quote_subst'
+delay_variable_subst='$delay_variable_subst'
+macro_version='`$ECHO "X$macro_version" | $Xsed -e "$delay_single_quote_subst"`'
+macro_revision='`$ECHO "X$macro_revision" | $Xsed -e "$delay_single_quote_subst"`'
+enable_shared='`$ECHO "X$enable_shared" | $Xsed -e "$delay_single_quote_subst"`'
+enable_static='`$ECHO "X$enable_static" | $Xsed -e "$delay_single_quote_subst"`'
+pic_mode='`$ECHO "X$pic_mode" | $Xsed -e "$delay_single_quote_subst"`'
+enable_fast_install='`$ECHO "X$enable_fast_install" | $Xsed -e "$delay_single_quote_subst"`'
+host_alias='`$ECHO "X$host_alias" | $Xsed -e "$delay_single_quote_subst"`'
+host='`$ECHO "X$host" | $Xsed -e "$delay_single_quote_subst"`'
+host_os='`$ECHO "X$host_os" | $Xsed -e "$delay_single_quote_subst"`'
+build_alias='`$ECHO "X$build_alias" | $Xsed -e "$delay_single_quote_subst"`'
+build='`$ECHO "X$build" | $Xsed -e "$delay_single_quote_subst"`'
+build_os='`$ECHO "X$build_os" | $Xsed -e "$delay_single_quote_subst"`'
+SED='`$ECHO "X$SED" | $Xsed -e "$delay_single_quote_subst"`'
+Xsed='`$ECHO "X$Xsed" | $Xsed -e "$delay_single_quote_subst"`'
+GREP='`$ECHO "X$GREP" | $Xsed -e "$delay_single_quote_subst"`'
+EGREP='`$ECHO "X$EGREP" | $Xsed -e "$delay_single_quote_subst"`'
+FGREP='`$ECHO "X$FGREP" | $Xsed -e "$delay_single_quote_subst"`'
+LD='`$ECHO "X$LD" | $Xsed -e "$delay_single_quote_subst"`'
+NM='`$ECHO "X$NM" | $Xsed -e "$delay_single_quote_subst"`'
+LN_S='`$ECHO "X$LN_S" | $Xsed -e "$delay_single_quote_subst"`'
+max_cmd_len='`$ECHO "X$max_cmd_len" | $Xsed -e "$delay_single_quote_subst"`'
+ac_objext='`$ECHO "X$ac_objext" | $Xsed -e "$delay_single_quote_subst"`'
+exeext='`$ECHO "X$exeext" | $Xsed -e "$delay_single_quote_subst"`'
+lt_unset='`$ECHO "X$lt_unset" | $Xsed -e "$delay_single_quote_subst"`'
+lt_SP2NL='`$ECHO "X$lt_SP2NL" | $Xsed -e "$delay_single_quote_subst"`'
+lt_NL2SP='`$ECHO "X$lt_NL2SP" | $Xsed -e "$delay_single_quote_subst"`'
+reload_flag='`$ECHO "X$reload_flag" | $Xsed -e "$delay_single_quote_subst"`'
+reload_cmds='`$ECHO "X$reload_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+OBJDUMP='`$ECHO "X$OBJDUMP" | $Xsed -e "$delay_single_quote_subst"`'
+deplibs_check_method='`$ECHO "X$deplibs_check_method" | $Xsed -e "$delay_single_quote_subst"`'
+file_magic_cmd='`$ECHO "X$file_magic_cmd" | $Xsed -e "$delay_single_quote_subst"`'
+AR='`$ECHO "X$AR" | $Xsed -e "$delay_single_quote_subst"`'
+AR_FLAGS='`$ECHO "X$AR_FLAGS" | $Xsed -e "$delay_single_quote_subst"`'
+STRIP='`$ECHO "X$STRIP" | $Xsed -e "$delay_single_quote_subst"`'
+RANLIB='`$ECHO "X$RANLIB" | $Xsed -e "$delay_single_quote_subst"`'
+old_postinstall_cmds='`$ECHO "X$old_postinstall_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+old_postuninstall_cmds='`$ECHO "X$old_postuninstall_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+old_archive_cmds='`$ECHO "X$old_archive_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+CC='`$ECHO "X$CC" | $Xsed -e "$delay_single_quote_subst"`'
+CFLAGS='`$ECHO "X$CFLAGS" | $Xsed -e "$delay_single_quote_subst"`'
+compiler='`$ECHO "X$compiler" | $Xsed -e "$delay_single_quote_subst"`'
+GCC='`$ECHO "X$GCC" | $Xsed -e "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_pipe='`$ECHO "X$lt_cv_sys_global_symbol_pipe" | $Xsed -e "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_to_cdecl='`$ECHO "X$lt_cv_sys_global_symbol_to_cdecl" | $Xsed -e "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_to_c_name_address='`$ECHO "X$lt_cv_sys_global_symbol_to_c_name_address" | $Xsed -e "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix='`$ECHO "X$lt_cv_sys_global_symbol_to_c_name_address_lib_prefix" | $Xsed -e "$delay_single_quote_subst"`'
+objdir='`$ECHO "X$objdir" | $Xsed -e "$delay_single_quote_subst"`'
+SHELL='`$ECHO "X$SHELL" | $Xsed -e "$delay_single_quote_subst"`'
+ECHO='`$ECHO "X$ECHO" | $Xsed -e "$delay_single_quote_subst"`'
+MAGIC_CMD='`$ECHO "X$MAGIC_CMD" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_no_builtin_flag='`$ECHO "X$lt_prog_compiler_no_builtin_flag" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_wl='`$ECHO "X$lt_prog_compiler_wl" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_pic='`$ECHO "X$lt_prog_compiler_pic" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_static='`$ECHO "X$lt_prog_compiler_static" | $Xsed -e "$delay_single_quote_subst"`'
+lt_cv_prog_compiler_c_o='`$ECHO "X$lt_cv_prog_compiler_c_o" | $Xsed -e "$delay_single_quote_subst"`'
+need_locks='`$ECHO "X$need_locks" | $Xsed -e "$delay_single_quote_subst"`'
+DSYMUTIL='`$ECHO "X$DSYMUTIL" | $Xsed -e "$delay_single_quote_subst"`'
+NMEDIT='`$ECHO "X$NMEDIT" | $Xsed -e "$delay_single_quote_subst"`'
+LIPO='`$ECHO "X$LIPO" | $Xsed -e "$delay_single_quote_subst"`'
+OTOOL='`$ECHO "X$OTOOL" | $Xsed -e "$delay_single_quote_subst"`'
+OTOOL64='`$ECHO "X$OTOOL64" | $Xsed -e "$delay_single_quote_subst"`'
+libext='`$ECHO "X$libext" | $Xsed -e "$delay_single_quote_subst"`'
+shrext_cmds='`$ECHO "X$shrext_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+extract_expsyms_cmds='`$ECHO "X$extract_expsyms_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+archive_cmds_need_lc='`$ECHO "X$archive_cmds_need_lc" | $Xsed -e "$delay_single_quote_subst"`'
+enable_shared_with_static_runtimes='`$ECHO "X$enable_shared_with_static_runtimes" | $Xsed -e "$delay_single_quote_subst"`'
+export_dynamic_flag_spec='`$ECHO "X$export_dynamic_flag_spec" | $Xsed -e "$delay_single_quote_subst"`'
+whole_archive_flag_spec='`$ECHO "X$whole_archive_flag_spec" | $Xsed -e "$delay_single_quote_subst"`'
+compiler_needs_object='`$ECHO "X$compiler_needs_object" | $Xsed -e "$delay_single_quote_subst"`'
+old_archive_from_new_cmds='`$ECHO "X$old_archive_from_new_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+old_archive_from_expsyms_cmds='`$ECHO "X$old_archive_from_expsyms_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+archive_cmds='`$ECHO "X$archive_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+archive_expsym_cmds='`$ECHO "X$archive_expsym_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+module_cmds='`$ECHO "X$module_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+module_expsym_cmds='`$ECHO "X$module_expsym_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+with_gnu_ld='`$ECHO "X$with_gnu_ld" | $Xsed -e "$delay_single_quote_subst"`'
+allow_undefined_flag='`$ECHO "X$allow_undefined_flag" | $Xsed -e "$delay_single_quote_subst"`'
+no_undefined_flag='`$ECHO "X$no_undefined_flag" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_libdir_flag_spec='`$ECHO "X$hardcode_libdir_flag_spec" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_libdir_flag_spec_ld='`$ECHO "X$hardcode_libdir_flag_spec_ld" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_libdir_separator='`$ECHO "X$hardcode_libdir_separator" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_direct='`$ECHO "X$hardcode_direct" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_direct_absolute='`$ECHO "X$hardcode_direct_absolute" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_minus_L='`$ECHO "X$hardcode_minus_L" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_shlibpath_var='`$ECHO "X$hardcode_shlibpath_var" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_automatic='`$ECHO "X$hardcode_automatic" | $Xsed -e "$delay_single_quote_subst"`'
+inherit_rpath='`$ECHO "X$inherit_rpath" | $Xsed -e "$delay_single_quote_subst"`'
+link_all_deplibs='`$ECHO "X$link_all_deplibs" | $Xsed -e "$delay_single_quote_subst"`'
+fix_srcfile_path='`$ECHO "X$fix_srcfile_path" | $Xsed -e "$delay_single_quote_subst"`'
+always_export_symbols='`$ECHO "X$always_export_symbols" | $Xsed -e "$delay_single_quote_subst"`'
+export_symbols_cmds='`$ECHO "X$export_symbols_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+exclude_expsyms='`$ECHO "X$exclude_expsyms" | $Xsed -e "$delay_single_quote_subst"`'
+include_expsyms='`$ECHO "X$include_expsyms" | $Xsed -e "$delay_single_quote_subst"`'
+prelink_cmds='`$ECHO "X$prelink_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+file_list_spec='`$ECHO "X$file_list_spec" | $Xsed -e "$delay_single_quote_subst"`'
+variables_saved_for_relink='`$ECHO "X$variables_saved_for_relink" | $Xsed -e "$delay_single_quote_subst"`'
+need_lib_prefix='`$ECHO "X$need_lib_prefix" | $Xsed -e "$delay_single_quote_subst"`'
+need_version='`$ECHO "X$need_version" | $Xsed -e "$delay_single_quote_subst"`'
+version_type='`$ECHO "X$version_type" | $Xsed -e "$delay_single_quote_subst"`'
+runpath_var='`$ECHO "X$runpath_var" | $Xsed -e "$delay_single_quote_subst"`'
+shlibpath_var='`$ECHO "X$shlibpath_var" | $Xsed -e "$delay_single_quote_subst"`'
+shlibpath_overrides_runpath='`$ECHO "X$shlibpath_overrides_runpath" | $Xsed -e "$delay_single_quote_subst"`'
+libname_spec='`$ECHO "X$libname_spec" | $Xsed -e "$delay_single_quote_subst"`'
+library_names_spec='`$ECHO "X$library_names_spec" | $Xsed -e "$delay_single_quote_subst"`'
+soname_spec='`$ECHO "X$soname_spec" | $Xsed -e "$delay_single_quote_subst"`'
+postinstall_cmds='`$ECHO "X$postinstall_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+postuninstall_cmds='`$ECHO "X$postuninstall_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+finish_cmds='`$ECHO "X$finish_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+finish_eval='`$ECHO "X$finish_eval" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_into_libs='`$ECHO "X$hardcode_into_libs" | $Xsed -e "$delay_single_quote_subst"`'
+sys_lib_search_path_spec='`$ECHO "X$sys_lib_search_path_spec" | $Xsed -e "$delay_single_quote_subst"`'
+sys_lib_dlsearch_path_spec='`$ECHO "X$sys_lib_dlsearch_path_spec" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_action='`$ECHO "X$hardcode_action" | $Xsed -e "$delay_single_quote_subst"`'
+enable_dlopen='`$ECHO "X$enable_dlopen" | $Xsed -e "$delay_single_quote_subst"`'
+enable_dlopen_self='`$ECHO "X$enable_dlopen_self" | $Xsed -e "$delay_single_quote_subst"`'
+enable_dlopen_self_static='`$ECHO "X$enable_dlopen_self_static" | $Xsed -e "$delay_single_quote_subst"`'
+old_striplib='`$ECHO "X$old_striplib" | $Xsed -e "$delay_single_quote_subst"`'
+striplib='`$ECHO "X$striplib" | $Xsed -e "$delay_single_quote_subst"`'
+
+LTCC='$LTCC'
+LTCFLAGS='$LTCFLAGS'
+compiler='$compiler_DEFAULT'
+
+# Quote evaled strings.
+for var in SED \
+GREP \
+EGREP \
+FGREP \
+LD \
+NM \
+LN_S \
+lt_SP2NL \
+lt_NL2SP \
+reload_flag \
+OBJDUMP \
+deplibs_check_method \
+file_magic_cmd \
+AR \
+AR_FLAGS \
+STRIP \
+RANLIB \
+CC \
+CFLAGS \
+compiler \
+lt_cv_sys_global_symbol_pipe \
+lt_cv_sys_global_symbol_to_cdecl \
+lt_cv_sys_global_symbol_to_c_name_address \
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix \
+SHELL \
+ECHO \
+lt_prog_compiler_no_builtin_flag \
+lt_prog_compiler_wl \
+lt_prog_compiler_pic \
+lt_prog_compiler_static \
+lt_cv_prog_compiler_c_o \
+need_locks \
+DSYMUTIL \
+NMEDIT \
+LIPO \
+OTOOL \
+OTOOL64 \
+shrext_cmds \
+export_dynamic_flag_spec \
+whole_archive_flag_spec \
+compiler_needs_object \
+with_gnu_ld \
+allow_undefined_flag \
+no_undefined_flag \
+hardcode_libdir_flag_spec \
+hardcode_libdir_flag_spec_ld \
+hardcode_libdir_separator \
+fix_srcfile_path \
+exclude_expsyms \
+include_expsyms \
+file_list_spec \
+variables_saved_for_relink \
+libname_spec \
+library_names_spec \
+soname_spec \
+finish_eval \
+old_striplib \
+striplib; do
+ case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in
+ *[\\\\\\\`\\"\\\$]*)
+ eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$sed_quote_subst\\"\\\`\\\\\\""
+ ;;
+ *)
+ eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
+ ;;
+ esac
+done
+
+# Double-quote double-evaled strings.
+for var in reload_cmds \
+old_postinstall_cmds \
+old_postuninstall_cmds \
+old_archive_cmds \
+extract_expsyms_cmds \
+old_archive_from_new_cmds \
+old_archive_from_expsyms_cmds \
+archive_cmds \
+archive_expsym_cmds \
+module_cmds \
+module_expsym_cmds \
+export_symbols_cmds \
+prelink_cmds \
+postinstall_cmds \
+postuninstall_cmds \
+finish_cmds \
+sys_lib_search_path_spec \
+sys_lib_dlsearch_path_spec; do
+ case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in
+ *[\\\\\\\`\\"\\\$]*)
+ eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\""
+ ;;
+ *)
+ eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
+ ;;
+ esac
+done
+
+# Fix-up fallback echo if it was mangled by the above quoting rules.
+case \$lt_ECHO in
+*'\\\$0 --fallback-echo"') lt_ECHO=\`\$ECHO "X\$lt_ECHO" | \$Xsed -e 's/\\\\\\\\\\\\\\\$0 --fallback-echo"\$/\$0 --fallback-echo"/'\`
+ ;;
+esac
+
+ac_aux_dir='$ac_aux_dir'
+xsi_shell='$xsi_shell'
+lt_shell_append='$lt_shell_append'
+
+# See if we are running on zsh, and set the options which allow our
+# commands through without removal of \ escapes INIT.
+if test -n "\${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+fi
+
+
+ PACKAGE='$PACKAGE'
+ VERSION='$VERSION'
+ TIMESTAMP='$TIMESTAMP'
+ RM='$RM'
+ ofile='$ofile'
+
+
+
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+
+# Handling of arguments.
+for ac_config_target in $ac_config_targets
+do
+ case $ac_config_target in
+ "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
+ "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
+ "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;;
+ "include/xmlsec/openssl/Makefile") CONFIG_FILES="$CONFIG_FILES include/xmlsec/openssl/Makefile" ;;
+ "src/openssl/Makefile") CONFIG_FILES="$CONFIG_FILES src/openssl/Makefile" ;;
+ "include/xmlsec/gnutls/Makefile") CONFIG_FILES="$CONFIG_FILES include/xmlsec/gnutls/Makefile" ;;
+ "src/gnutls/Makefile") CONFIG_FILES="$CONFIG_FILES src/gnutls/Makefile" ;;
+ "include/xmlsec/gcrypt/Makefile") CONFIG_FILES="$CONFIG_FILES include/xmlsec/gcrypt/Makefile" ;;
+ "src/gcrypt/Makefile") CONFIG_FILES="$CONFIG_FILES src/gcrypt/Makefile" ;;
+ "include/xmlsec/nss/Makefile") CONFIG_FILES="$CONFIG_FILES include/xmlsec/nss/Makefile" ;;
+ "src/nss/Makefile") CONFIG_FILES="$CONFIG_FILES src/nss/Makefile" ;;
+ "include/xmlsec/mscrypto/Makefile") CONFIG_FILES="$CONFIG_FILES include/xmlsec/mscrypto/Makefile" ;;
+ "src/mscrypto/Makefile") CONFIG_FILES="$CONFIG_FILES src/mscrypto/Makefile" ;;
+ "xmlsec1.pc") CONFIG_FILES="$CONFIG_FILES xmlsec1.pc:xmlsec.pc.in" ;;
+ "include/xmlsec/version.h") CONFIG_FILES="$CONFIG_FILES include/xmlsec/version.h" ;;
+ "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
+ "include/Makefile") CONFIG_FILES="$CONFIG_FILES include/Makefile" ;;
+ "include/xmlsec/Makefile") CONFIG_FILES="$CONFIG_FILES include/xmlsec/Makefile" ;;
+ "include/xmlsec/private/Makefile") CONFIG_FILES="$CONFIG_FILES include/xmlsec/private/Makefile" ;;
+ "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;;
+ "apps/Makefile") CONFIG_FILES="$CONFIG_FILES apps/Makefile" ;;
+ "docs/Makefile") CONFIG_FILES="$CONFIG_FILES docs/Makefile" ;;
+ "docs/api/Makefile") CONFIG_FILES="$CONFIG_FILES docs/api/Makefile" ;;
+ "man/Makefile") CONFIG_FILES="$CONFIG_FILES man/Makefile" ;;
+ "xmlsec1Conf.sh") CONFIG_FILES="$CONFIG_FILES xmlsec1Conf.sh:xmlsecConf.sh.in" ;;
+ "xmlsec1-config") CONFIG_FILES="$CONFIG_FILES xmlsec1-config:xmlsec-config.in" ;;
+ "xmlsec1-openssl.pc") CONFIG_FILES="$CONFIG_FILES xmlsec1-openssl.pc:xmlsec-openssl.pc.in" ;;
+ "xmlsec1-gnutls.pc") CONFIG_FILES="$CONFIG_FILES xmlsec1-gnutls.pc:xmlsec-gnutls.pc.in" ;;
+ "xmlsec1-gcrypt.pc") CONFIG_FILES="$CONFIG_FILES xmlsec1-gcrypt.pc:xmlsec-gcrypt.pc.in" ;;
+ "xmlsec1-nss.pc") CONFIG_FILES="$CONFIG_FILES xmlsec1-nss.pc:xmlsec-nss.pc.in" ;;
+ "xmlsec1.spec") CONFIG_FILES="$CONFIG_FILES xmlsec1.spec:xmlsec.spec.in" ;;
+
+ *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5 ;;
+ esac
+done
+
+
+# If the user did not use the arguments to specify the items to instantiate,
+# then the envvar interface is used. Set only those that are not.
+# We use the long form for the default assignment because of an extremely
+# bizarre bug on SunOS 4.1.3.
+if $ac_need_defaults; then
+ test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
+ test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
+ test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands
+fi
+
+# Have a temporary directory for convenience. Make it in the build tree
+# simply because there is no reason against having it here, and in addition,
+# creating and moving files from /tmp can sometimes cause problems.
+# Hook for its removal unless debugging.
+# Note that there is a small window in which the directory will not be cleaned:
+# after its creation but before its name has been assigned to `$tmp'.
+$debug ||
+{
+ tmp=
+ trap 'exit_status=$?
+ { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status
+' 0
+ trap 'as_fn_exit 1' 1 2 13 15
+}
+# Create a (secure) tmp directory for tmp files.
+
+{
+ tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
+ test -n "$tmp" && test -d "$tmp"
+} ||
+{
+ tmp=./conf$$-$RANDOM
+ (umask 077 && mkdir "$tmp")
+} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5
+
+# Set up the scripts for CONFIG_FILES section.
+# No need to generate them if there are no CONFIG_FILES.
+# This happens for instance with `./config.status config.h'.
+if test -n "$CONFIG_FILES"; then
+
+
+ac_cr=`echo X | tr X '\015'`
+# On cygwin, bash can eat \r inside `` if the user requested igncr.
+# But we know of no other shell where ac_cr would be empty at this
+# point, so we can use a bashism as a fallback.
+if test "x$ac_cr" = x; then
+ eval ac_cr=\$\'\\r\'
+fi
+ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
+if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
+ ac_cs_awk_cr='\\r'
+else
+ ac_cs_awk_cr=$ac_cr
+fi
+
+echo 'BEGIN {' >"$tmp/subs1.awk" &&
+_ACEOF
+
+
+{
+ echo "cat >conf$$subs.awk <<_ACEOF" &&
+ echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
+ echo "_ACEOF"
+} >conf$$subs.sh ||
+ as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'`
+ac_delim='%!_!# '
+for ac_last_try in false false false false false :; do
+ . ./conf$$subs.sh ||
+ as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+
+ ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
+ if test $ac_delim_n = $ac_delim_num; then
+ break
+ elif $ac_last_try; then
+ as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+ else
+ ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+ fi
+done
+rm -f conf$$subs.sh
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+cat >>"\$tmp/subs1.awk" <<\\_ACAWK &&
+_ACEOF
+sed -n '
+h
+s/^/S["/; s/!.*/"]=/
+p
+g
+s/^[^!]*!//
+:repl
+t repl
+s/'"$ac_delim"'$//
+t delim
+:nl
+h
+s/\(.\{148\}\)..*/\1/
+t more1
+s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
+p
+n
+b repl
+:more1
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t nl
+:delim
+h
+s/\(.\{148\}\)..*/\1/
+t more2
+s/["\\]/\\&/g; s/^/"/; s/$/"/
+p
+b
+:more2
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t delim
+' <conf$$subs.awk | sed '
+/^[^""]/{
+ N
+ s/\n//
+}
+' >>$CONFIG_STATUS || ac_write_fail=1
+rm -f conf$$subs.awk
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+_ACAWK
+cat >>"\$tmp/subs1.awk" <<_ACAWK &&
+ for (key in S) S_is_set[key] = 1
+ FS = ""
+
+}
+{
+ line = $ 0
+ nfields = split(line, field, "@")
+ substed = 0
+ len = length(field[1])
+ for (i = 2; i < nfields; i++) {
+ key = field[i]
+ keylen = length(key)
+ if (S_is_set[key]) {
+ value = S[key]
+ line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
+ len += length(value) + length(field[++i])
+ substed = 1
+ } else
+ len += 1 + keylen
+ }
+
+ print line
+}
+
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
+ sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
+else
+ cat
+fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \
+ || as_fn_error $? "could not setup config files machinery" "$LINENO" 5
+_ACEOF
+
+# VPATH may cause trouble with some makes, so we remove sole $(srcdir),
+# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and
+# trailing colons and then remove the whole line if VPATH becomes empty
+# (actually we leave an empty line to preserve line numbers).
+if test "x$srcdir" = x.; then
+ ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{
+h
+s///
+s/^/:/
+s/[ ]*$/:/
+s/:\$(srcdir):/:/g
+s/:\${srcdir}:/:/g
+s/:@srcdir@:/:/g
+s/^:*//
+s/:*$//
+x
+s/\(=[ ]*\).*/\1/
+G
+s/\n//
+s/^[^=]*=[ ]*$//
+}'
+fi
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+fi # test -n "$CONFIG_FILES"
+
+# Set up the scripts for CONFIG_HEADERS section.
+# No need to generate them if there are no CONFIG_HEADERS.
+# This happens for instance with `./config.status Makefile'.
+if test -n "$CONFIG_HEADERS"; then
+cat >"$tmp/defines.awk" <<\_ACAWK ||
+BEGIN {
+_ACEOF
+
+# Transform confdefs.h into an awk script `defines.awk', embedded as
+# here-document in config.status, that substitutes the proper values into
+# config.h.in to produce config.h.
+
+# Create a delimiter string that does not exist in confdefs.h, to ease
+# handling of long lines.
+ac_delim='%!_!# '
+for ac_last_try in false false :; do
+ ac_t=`sed -n "/$ac_delim/p" confdefs.h`
+ if test -z "$ac_t"; then
+ break
+ elif $ac_last_try; then
+ as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5
+ else
+ ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+ fi
+done
+
+# For the awk script, D is an array of macro values keyed by name,
+# likewise P contains macro parameters if any. Preserve backslash
+# newline sequences.
+
+ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]*
+sed -n '
+s/.\{148\}/&'"$ac_delim"'/g
+t rset
+:rset
+s/^[ ]*#[ ]*define[ ][ ]*/ /
+t def
+d
+:def
+s/\\$//
+t bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3"/p
+s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p
+d
+:bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3\\\\\\n"\\/p
+t cont
+s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p
+t cont
+d
+:cont
+n
+s/.\{148\}/&'"$ac_delim"'/g
+t clear
+:clear
+s/\\$//
+t bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/"/p
+d
+:bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p
+b cont
+' <confdefs.h | sed '
+s/'"$ac_delim"'/"\\\
+"/g' >>$CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ for (key in D) D_is_set[key] = 1
+ FS = ""
+}
+/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ {
+ line = \$ 0
+ split(line, arg, " ")
+ if (arg[1] == "#") {
+ defundef = arg[2]
+ mac1 = arg[3]
+ } else {
+ defundef = substr(arg[1], 2)
+ mac1 = arg[2]
+ }
+ split(mac1, mac2, "(") #)
+ macro = mac2[1]
+ prefix = substr(line, 1, index(line, defundef) - 1)
+ if (D_is_set[macro]) {
+ # Preserve the white space surrounding the "#".
+ print prefix "define", macro P[macro] D[macro]
+ next
+ } else {
+ # Replace #undef with comments. This is necessary, for example,
+ # in the case of _POSIX_SOURCE, which is predefined and required
+ # on some systems where configure will not decide to define it.
+ if (defundef == "undef") {
+ print "/*", prefix defundef, macro, "*/"
+ next
+ }
+ }
+}
+{ print }
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ as_fn_error $? "could not setup config headers machinery" "$LINENO" 5
+fi # test -n "$CONFIG_HEADERS"
+
+
+eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS :C $CONFIG_COMMANDS"
+shift
+for ac_tag
+do
+ case $ac_tag in
+ :[FHLC]) ac_mode=$ac_tag; continue;;
+ esac
+ case $ac_mode$ac_tag in
+ :[FHL]*:*);;
+ :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5 ;;
+ :[FH]-) ac_tag=-:-;;
+ :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
+ esac
+ ac_save_IFS=$IFS
+ IFS=:
+ set x $ac_tag
+ IFS=$ac_save_IFS
+ shift
+ ac_file=$1
+ shift
+
+ case $ac_mode in
+ :L) ac_source=$1;;
+ :[FH])
+ ac_file_inputs=
+ for ac_f
+ do
+ case $ac_f in
+ -) ac_f="$tmp/stdin";;
+ *) # Look for the file first in the build tree, then in the source tree
+ # (if the path is not absolute). The absolute path cannot be DOS-style,
+ # because $ac_f cannot contain `:'.
+ test -f "$ac_f" ||
+ case $ac_f in
+ [\\/$]*) false;;
+ *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
+ esac ||
+ as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5 ;;
+ esac
+ case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
+ as_fn_append ac_file_inputs " '$ac_f'"
+ done
+
+ # Let's still pretend it is `configure' which instantiates (i.e., don't
+ # use $as_me), people would be surprised to read:
+ # /* config.h. Generated by config.status. */
+ configure_input='Generated from '`
+ $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
+ `' by configure.'
+ if test x"$ac_file" != x-; then
+ configure_input="$ac_file. $configure_input"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
+$as_echo "$as_me: creating $ac_file" >&6;}
+ fi
+ # Neutralize special characters interpreted by sed in replacement strings.
+ case $configure_input in #(
+ *\&* | *\|* | *\\* )
+ ac_sed_conf_input=`$as_echo "$configure_input" |
+ sed 's/[\\\\&|]/\\\\&/g'`;; #(
+ *) ac_sed_conf_input=$configure_input;;
+ esac
+
+ case $ac_tag in
+ *:-:* | *:-) cat >"$tmp/stdin" \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;;
+ esac
+ ;;
+ esac
+
+ ac_dir=`$as_dirname -- "$ac_file" ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$ac_file" : 'X\(//\)[^/]' \| \
+ X"$ac_file" : 'X\(//\)$' \| \
+ X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$ac_file" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ as_dir="$ac_dir"; as_fn_mkdir_p
+ ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+ ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+ # A ".." for each directory in $ac_dir_suffix.
+ ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+ case $ac_top_builddir_sub in
+ "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+ *) ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+ esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+ .) # We are building in place.
+ ac_srcdir=.
+ ac_top_srcdir=$ac_top_builddir_sub
+ ac_abs_top_srcdir=$ac_pwd ;;
+ [\\/]* | ?:[\\/]* ) # Absolute name.
+ ac_srcdir=$srcdir$ac_dir_suffix;
+ ac_top_srcdir=$srcdir
+ ac_abs_top_srcdir=$srcdir ;;
+ *) # Relative name.
+ ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+ ac_top_srcdir=$ac_top_build_prefix$srcdir
+ ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+
+ case $ac_mode in
+ :F)
+ #
+ # CONFIG_FILE
+ #
+
+ case $INSTALL in
+ [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
+ *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
+ esac
+ ac_MKDIR_P=$MKDIR_P
+ case $MKDIR_P in
+ [\\/$]* | ?:[\\/]* ) ;;
+ */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;;
+ esac
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# If the template does not know about datarootdir, expand it.
+# FIXME: This hack should be removed a few years after 2.60.
+ac_datarootdir_hack=; ac_datarootdir_seen=
+ac_sed_dataroot='
+/datarootdir/ {
+ p
+ q
+}
+/@datadir@/p
+/@docdir@/p
+/@infodir@/p
+/@localedir@/p
+/@mandir@/p'
+case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
+*datarootdir*) ac_datarootdir_seen=yes;;
+*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ ac_datarootdir_hack='
+ s&@datadir@&$datadir&g
+ s&@docdir@&$docdir&g
+ s&@infodir@&$infodir&g
+ s&@localedir@&$localedir&g
+ s&@mandir@&$mandir&g
+ s&\\\${datarootdir}&$datarootdir&g' ;;
+esac
+_ACEOF
+
+# Neutralize VPATH when `$srcdir' = `.'.
+# Shell code in configure.ac might set extrasub.
+# FIXME: do we really want to maintain this feature?
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_sed_extra="$ac_vpsub
+$extrasub
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+:t
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+s|@configure_input@|$ac_sed_conf_input|;t t
+s&@top_builddir@&$ac_top_builddir_sub&;t t
+s&@top_build_prefix@&$ac_top_build_prefix&;t t
+s&@srcdir@&$ac_srcdir&;t t
+s&@abs_srcdir@&$ac_abs_srcdir&;t t
+s&@top_srcdir@&$ac_top_srcdir&;t t
+s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
+s&@builddir@&$ac_builddir&;t t
+s&@abs_builddir@&$ac_abs_builddir&;t t
+s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
+s&@INSTALL@&$ac_INSTALL&;t t
+s&@MKDIR_P@&$ac_MKDIR_P&;t t
+$ac_datarootdir_hack
+"
+eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$tmp/subs.awk" >$tmp/out \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+
+test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
+ { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } &&
+ { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } &&
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined. Please make sure it is defined" >&5
+$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined. Please make sure it is defined" >&2;}
+
+ rm -f "$tmp/stdin"
+ case $ac_file in
+ -) cat "$tmp/out" && rm -f "$tmp/out";;
+ *) rm -f "$ac_file" && mv "$tmp/out" "$ac_file";;
+ esac \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+ ;;
+ :H)
+ #
+ # CONFIG_HEADER
+ #
+ if test x"$ac_file" != x-; then
+ {
+ $as_echo "/* $configure_input */" \
+ && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs"
+ } >"$tmp/config.h" \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+ if diff "$ac_file" "$tmp/config.h" >/dev/null 2>&1; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5
+$as_echo "$as_me: $ac_file is unchanged" >&6;}
+ else
+ rm -f "$ac_file"
+ mv "$tmp/config.h" "$ac_file" \
+ || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+ fi
+ else
+ $as_echo "/* $configure_input */" \
+ && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs" \
+ || as_fn_error $? "could not create -" "$LINENO" 5
+ fi
+# Compute "$ac_file"'s index in $config_headers.
+_am_arg="$ac_file"
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+ case $_am_header in
+ $_am_arg | $_am_arg:* )
+ break ;;
+ * )
+ _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+ esac
+done
+echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" ||
+$as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$_am_arg" : 'X\(//\)[^/]' \| \
+ X"$_am_arg" : 'X\(//\)$' \| \
+ X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$_am_arg" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`/stamp-h$_am_stamp_count
+ ;;
+
+ :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5
+$as_echo "$as_me: executing $ac_file commands" >&6;}
+ ;;
+ esac
+
+
+ case $ac_file$ac_mode in
+ "depfiles":C) test x"$AMDEP_TRUE" != x"" || {
+ # Autoconf 2.62 quotes --file arguments for eval, but not when files
+ # are listed without --file. Let's play safe and only enable the eval
+ # if we detect the quoting.
+ case $CONFIG_FILES in
+ *\'*) eval set x "$CONFIG_FILES" ;;
+ *) set x $CONFIG_FILES ;;
+ esac
+ shift
+ for mf
+ do
+ # Strip MF so we end up with the name of the file.
+ mf=`echo "$mf" | sed -e 's/:.*$//'`
+ # Check whether this is an Automake generated Makefile or not.
+ # We used to match only the files named `Makefile.in', but
+ # some people rename them; so instead we look at the file content.
+ # Grep'ing the first line is not enough: some people post-process
+ # each Makefile.in and add a new line on top of each file to say so.
+ # Grep'ing the whole file is not good either: AIX grep has a line
+ # limit of 2048, but all sed's we know have understand at least 4000.
+ if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
+ dirpart=`$as_dirname -- "$mf" ||
+$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$mf" : 'X\(//\)[^/]' \| \
+ X"$mf" : 'X\(//\)$' \| \
+ X"$mf" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$mf" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ else
+ continue
+ fi
+ # Extract the definition of DEPDIR, am__include, and am__quote
+ # from the Makefile without running `make'.
+ DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+ test -z "$DEPDIR" && continue
+ am__include=`sed -n 's/^am__include = //p' < "$mf"`
+ test -z "am__include" && continue
+ am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+ # When using ansi2knr, U may be empty or an underscore; expand it
+ U=`sed -n 's/^U = //p' < "$mf"`
+ # Find all dependency output files, they are included files with
+ # $(DEPDIR) in their names. We invoke sed twice because it is the
+ # simplest approach to changing $(DEPDIR) to its actual value in the
+ # expansion.
+ for file in `sed -n "
+ s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+ sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+ # Make sure the directory exists.
+ test -f "$dirpart/$file" && continue
+ fdir=`$as_dirname -- "$file" ||
+$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$file" : 'X\(//\)[^/]' \| \
+ X"$file" : 'X\(//\)$' \| \
+ X"$file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$file" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'`
+ as_dir=$dirpart/$fdir; as_fn_mkdir_p
+ # echo "creating $dirpart/$file"
+ echo '# dummy' > "$dirpart/$file"
+ done
+ done
+}
+ ;;
+ "libtool":C)
+
+ # See if we are running on zsh, and set the options which allow our
+ # commands through without removal of \ escapes.
+ if test -n "${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+ fi
+
+ cfgfile="${ofile}T"
+ trap "$RM \"$cfgfile\"; exit 1" 1 2 15
+ $RM "$cfgfile"
+
+ cat <<_LT_EOF >> "$cfgfile"
+#! $SHELL
+
+# `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services.
+# Generated automatically by $as_me ($PACKAGE$TIMESTAMP) $VERSION
+# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+# NOTE: Changes made to this file will be lost: look at ltmain.sh.
+#
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
+# 2006, 2007, 2008 Free Software Foundation, Inc.
+# Written by Gordon Matzigkeit, 1996
+#
+# This file is part of GNU Libtool.
+#
+# GNU Libtool is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version.
+#
+# As a special exception to the GNU General Public License,
+# if you distribute this file as part of a program or library that
+# is built using GNU Libtool, you may include this file under the
+# same distribution terms that you use for the rest of that program.
+#
+# GNU Libtool is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GNU Libtool; see the file COPYING. If not, a copy
+# can be downloaded from http://www.gnu.org/licenses/gpl.html, or
+# obtained by writing to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+
+# The names of the tagged configurations supported by this script.
+available_tags=""
+
+# ### BEGIN LIBTOOL CONFIG
+
+# Which release of libtool.m4 was used?
+macro_version=$macro_version
+macro_revision=$macro_revision
+
+# Whether or not to build shared libraries.
+build_libtool_libs=$enable_shared
+
+# Whether or not to build static libraries.
+build_old_libs=$enable_static
+
+# What type of objects to build.
+pic_mode=$pic_mode
+
+# Whether or not to optimize for fast installation.
+fast_install=$enable_fast_install
+
+# The host system.
+host_alias=$host_alias
+host=$host
+host_os=$host_os
+
+# The build system.
+build_alias=$build_alias
+build=$build
+build_os=$build_os
+
+# A sed program that does not truncate output.
+SED=$lt_SED
+
+# Sed that helps us avoid accidentally triggering echo(1) options like -n.
+Xsed="\$SED -e 1s/^X//"
+
+# A grep program that handles long lines.
+GREP=$lt_GREP
+
+# An ERE matcher.
+EGREP=$lt_EGREP
+
+# A literal string matcher.
+FGREP=$lt_FGREP
+
+# A BSD- or MS-compatible name lister.
+NM=$lt_NM
+
+# Whether we need soft or hard links.
+LN_S=$lt_LN_S
+
+# What is the maximum length of a command?
+max_cmd_len=$max_cmd_len
+
+# Object file suffix (normally "o").
+objext=$ac_objext
+
+# Executable file suffix (normally "").
+exeext=$exeext
+
+# whether the shell understands "unset".
+lt_unset=$lt_unset
+
+# turn spaces into newlines.
+SP2NL=$lt_lt_SP2NL
+
+# turn newlines into spaces.
+NL2SP=$lt_lt_NL2SP
+
+# How to create reloadable object files.
+reload_flag=$lt_reload_flag
+reload_cmds=$lt_reload_cmds
+
+# An object symbol dumper.
+OBJDUMP=$lt_OBJDUMP
+
+# Method to check whether dependent libraries are shared objects.
+deplibs_check_method=$lt_deplibs_check_method
+
+# Command to use when deplibs_check_method == "file_magic".
+file_magic_cmd=$lt_file_magic_cmd
+
+# The archiver.
+AR=$lt_AR
+AR_FLAGS=$lt_AR_FLAGS
+
+# A symbol stripping program.
+STRIP=$lt_STRIP
+
+# Commands used to install an old-style archive.
+RANLIB=$lt_RANLIB
+old_postinstall_cmds=$lt_old_postinstall_cmds
+old_postuninstall_cmds=$lt_old_postuninstall_cmds
+
+# A C compiler.
+LTCC=$lt_CC
+
+# LTCC compiler flags.
+LTCFLAGS=$lt_CFLAGS
+
+# Take the output of nm and produce a listing of raw symbols and C names.
+global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
+
+# Transform the output of nm in a proper C declaration.
+global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
+
+# Transform the output of nm in a C name address pair.
+global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
+
+# Transform the output of nm in a C name address pair when lib prefix is needed.
+global_symbol_to_c_name_address_lib_prefix=$lt_lt_cv_sys_global_symbol_to_c_name_address_lib_prefix
+
+# The name of the directory that contains temporary libtool files.
+objdir=$objdir
+
+# Shell to use when invoking shell scripts.
+SHELL=$lt_SHELL
+
+# An echo program that does not interpret backslashes.
+ECHO=$lt_ECHO
+
+# Used to examine libraries when file_magic_cmd begins with "file".
+MAGIC_CMD=$MAGIC_CMD
+
+# Must we lock files when doing compilation?
+need_locks=$lt_need_locks
+
+# Tool to manipulate archived DWARF debug symbol files on Mac OS X.
+DSYMUTIL=$lt_DSYMUTIL
+
+# Tool to change global to local symbols on Mac OS X.
+NMEDIT=$lt_NMEDIT
+
+# Tool to manipulate fat objects and archives on Mac OS X.
+LIPO=$lt_LIPO
+
+# ldd/readelf like tool for Mach-O binaries on Mac OS X.
+OTOOL=$lt_OTOOL
+
+# ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4.
+OTOOL64=$lt_OTOOL64
+
+# Old archive suffix (normally "a").
+libext=$libext
+
+# Shared library suffix (normally ".so").
+shrext_cmds=$lt_shrext_cmds
+
+# The commands to extract the exported symbol list from a shared archive.
+extract_expsyms_cmds=$lt_extract_expsyms_cmds
+
+# Variables whose values should be saved in libtool wrapper scripts and
+# restored at link time.
+variables_saved_for_relink=$lt_variables_saved_for_relink
+
+# Do we need the "lib" prefix for modules?
+need_lib_prefix=$need_lib_prefix
+
+# Do we need a version for libraries?
+need_version=$need_version
+
+# Library versioning type.
+version_type=$version_type
+
+# Shared library runtime path variable.
+runpath_var=$runpath_var
+
+# Shared library path variable.
+shlibpath_var=$shlibpath_var
+
+# Is shlibpath searched before the hard-coded library search path?
+shlibpath_overrides_runpath=$shlibpath_overrides_runpath
+
+# Format of library name prefix.
+libname_spec=$lt_libname_spec
+
+# List of archive names. First name is the real one, the rest are links.
+# The last name is the one that the linker finds with -lNAME
+library_names_spec=$lt_library_names_spec
+
+# The coded name of the library, if different from the real name.
+soname_spec=$lt_soname_spec
+
+# Command to use after installation of a shared archive.
+postinstall_cmds=$lt_postinstall_cmds
+
+# Command to use after uninstallation of a shared archive.
+postuninstall_cmds=$lt_postuninstall_cmds
+
+# Commands used to finish a libtool library installation in a directory.
+finish_cmds=$lt_finish_cmds
+
+# As "finish_cmds", except a single script fragment to be evaled but
+# not shown.
+finish_eval=$lt_finish_eval
+
+# Whether we should hardcode library paths into libraries.
+hardcode_into_libs=$hardcode_into_libs
+
+# Compile-time system search path for libraries.
+sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
+
+# Run-time system search path for libraries.
+sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
+
+# Whether dlopen is supported.
+dlopen_support=$enable_dlopen
+
+# Whether dlopen of programs is supported.
+dlopen_self=$enable_dlopen_self
+
+# Whether dlopen of statically linked programs is supported.
+dlopen_self_static=$enable_dlopen_self_static
+
+# Commands to strip libraries.
+old_striplib=$lt_old_striplib
+striplib=$lt_striplib
+
+
+# The linker used to build libraries.
+LD=$lt_LD
+
+# Commands used to build an old-style archive.
+old_archive_cmds=$lt_old_archive_cmds
+
+# A language specific compiler.
+CC=$lt_compiler
+
+# Is the compiler the GNU compiler?
+with_gcc=$GCC
+
+# Compiler flag to turn off builtin functions.
+no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag
+
+# How to pass a linker flag through the compiler.
+wl=$lt_lt_prog_compiler_wl
+
+# Additional compiler flags for building library objects.
+pic_flag=$lt_lt_prog_compiler_pic
+
+# Compiler flag to prevent dynamic linking.
+link_static_flag=$lt_lt_prog_compiler_static
+
+# Does compiler simultaneously support -c and -o options?
+compiler_c_o=$lt_lt_cv_prog_compiler_c_o
+
+# Whether or not to add -lc for building shared libraries.
+build_libtool_need_lc=$archive_cmds_need_lc
+
+# Whether or not to disallow shared libs when runtime libs are static.
+allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes
+
+# Compiler flag to allow reflexive dlopens.
+export_dynamic_flag_spec=$lt_export_dynamic_flag_spec
+
+# Compiler flag to generate shared objects directly from archives.
+whole_archive_flag_spec=$lt_whole_archive_flag_spec
+
+# Whether the compiler copes with passing no objects directly.
+compiler_needs_object=$lt_compiler_needs_object
+
+# Create an old-style archive from a shared archive.
+old_archive_from_new_cmds=$lt_old_archive_from_new_cmds
+
+# Create a temporary old-style archive to link instead of a shared archive.
+old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds
+
+# Commands used to build a shared archive.
+archive_cmds=$lt_archive_cmds
+archive_expsym_cmds=$lt_archive_expsym_cmds
+
+# Commands used to build a loadable module if different from building
+# a shared archive.
+module_cmds=$lt_module_cmds
+module_expsym_cmds=$lt_module_expsym_cmds
+
+# Whether we are building with GNU ld or not.
+with_gnu_ld=$lt_with_gnu_ld
+
+# Flag that allows shared libraries with undefined symbols to be built.
+allow_undefined_flag=$lt_allow_undefined_flag
+
+# Flag that enforces no undefined symbols.
+no_undefined_flag=$lt_no_undefined_flag
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist
+hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec
+
+# If ld is used when linking, flag to hardcode \$libdir into a binary
+# during linking. This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld
+
+# Whether we need a single "-rpath" flag with a separated argument.
+hardcode_libdir_separator=$lt_hardcode_libdir_separator
+
+# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes
+# DIR into the resulting binary.
+hardcode_direct=$hardcode_direct
+
+# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes
+# DIR into the resulting binary and the resulting library dependency is
+# "absolute",i.e impossible to change by setting \${shlibpath_var} if the
+# library is relocated.
+hardcode_direct_absolute=$hardcode_direct_absolute
+
+# Set to "yes" if using the -LDIR flag during linking hardcodes DIR
+# into the resulting binary.
+hardcode_minus_L=$hardcode_minus_L
+
+# Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR
+# into the resulting binary.
+hardcode_shlibpath_var=$hardcode_shlibpath_var
+
+# Set to "yes" if building a shared library automatically hardcodes DIR
+# into the library and all subsequent libraries and executables linked
+# against it.
+hardcode_automatic=$hardcode_automatic
+
+# Set to yes if linker adds runtime paths of dependent libraries
+# to runtime path list.
+inherit_rpath=$inherit_rpath
+
+# Whether libtool must link a program against all its dependency libraries.
+link_all_deplibs=$link_all_deplibs
+
+# Fix the shell variable \$srcfile for the compiler.
+fix_srcfile_path=$lt_fix_srcfile_path
+
+# Set to "yes" if exported symbols are required.
+always_export_symbols=$always_export_symbols
+
+# The commands to list exported symbols.
+export_symbols_cmds=$lt_export_symbols_cmds
+
+# Symbols that should not be listed in the preloaded symbols.
+exclude_expsyms=$lt_exclude_expsyms
+
+# Symbols that must always be exported.
+include_expsyms=$lt_include_expsyms
+
+# Commands necessary for linking programs (against libraries) with templates.
+prelink_cmds=$lt_prelink_cmds
+
+# Specify filename containing input files.
+file_list_spec=$lt_file_list_spec
+
+# How to hardcode a shared library path into an executable.
+hardcode_action=$hardcode_action
+
+# ### END LIBTOOL CONFIG
+
+_LT_EOF
+
+ case $host_os in
+ aix3*)
+ cat <<\_LT_EOF >> "$cfgfile"
+# AIX sometimes has problems with the GCC collect2 program. For some
+# reason, if we set the COLLECT_NAMES environment variable, the problems
+# vanish in a puff of smoke.
+if test "X${COLLECT_NAMES+set}" != Xset; then
+ COLLECT_NAMES=
+ export COLLECT_NAMES
+fi
+_LT_EOF
+ ;;
+ esac
+
+
+ltmain="$ac_aux_dir/ltmain.sh"
+
+
+ # We use sed instead of cat because bash on DJGPP gets confused if
+ # if finds mixed CR/LF and LF-only lines. Since sed operates in
+ # text mode, it properly converts lines to CR/LF. This bash problem
+ # is reportedly fixed, but why not run on old versions too?
+ sed '/^# Generated shell functions inserted here/q' "$ltmain" >> "$cfgfile" \
+ || (rm -f "$cfgfile"; exit 1)
+
+ case $xsi_shell in
+ yes)
+ cat << \_LT_EOF >> "$cfgfile"
+
+# func_dirname file append nondir_replacement
+# Compute the dirname of FILE. If nonempty, add APPEND to the result,
+# otherwise set result to NONDIR_REPLACEMENT.
+func_dirname ()
+{
+ case ${1} in
+ */*) func_dirname_result="${1%/*}${2}" ;;
+ * ) func_dirname_result="${3}" ;;
+ esac
+}
+
+# func_basename file
+func_basename ()
+{
+ func_basename_result="${1##*/}"
+}
+
+# func_dirname_and_basename file append nondir_replacement
+# perform func_basename and func_dirname in a single function
+# call:
+# dirname: Compute the dirname of FILE. If nonempty,
+# add APPEND to the result, otherwise set result
+# to NONDIR_REPLACEMENT.
+# value returned in "$func_dirname_result"
+# basename: Compute filename of FILE.
+# value retuned in "$func_basename_result"
+# Implementation must be kept synchronized with func_dirname
+# and func_basename. For efficiency, we do not delegate to
+# those functions but instead duplicate the functionality here.
+func_dirname_and_basename ()
+{
+ case ${1} in
+ */*) func_dirname_result="${1%/*}${2}" ;;
+ * ) func_dirname_result="${3}" ;;
+ esac
+ func_basename_result="${1##*/}"
+}
+
+# func_stripname prefix suffix name
+# strip PREFIX and SUFFIX off of NAME.
+# PREFIX and SUFFIX must not contain globbing or regex special
+# characters, hashes, percent signs, but SUFFIX may contain a leading
+# dot (in which case that matches only a dot).
+func_stripname ()
+{
+ # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are
+ # positional parameters, so assign one to ordinary parameter first.
+ func_stripname_result=${3}
+ func_stripname_result=${func_stripname_result#"${1}"}
+ func_stripname_result=${func_stripname_result%"${2}"}
+}
+
+# func_opt_split
+func_opt_split ()
+{
+ func_opt_split_opt=${1%%=*}
+ func_opt_split_arg=${1#*=}
+}
+
+# func_lo2o object
+func_lo2o ()
+{
+ case ${1} in
+ *.lo) func_lo2o_result=${1%.lo}.${objext} ;;
+ *) func_lo2o_result=${1} ;;
+ esac
+}
+
+# func_xform libobj-or-source
+func_xform ()
+{
+ func_xform_result=${1%.*}.lo
+}
+
+# func_arith arithmetic-term...
+func_arith ()
+{
+ func_arith_result=$(( $* ))
+}
+
+# func_len string
+# STRING may not start with a hyphen.
+func_len ()
+{
+ func_len_result=${#1}
+}
+
+_LT_EOF
+ ;;
+ *) # Bourne compatible functions.
+ cat << \_LT_EOF >> "$cfgfile"
+
+# func_dirname file append nondir_replacement
+# Compute the dirname of FILE. If nonempty, add APPEND to the result,
+# otherwise set result to NONDIR_REPLACEMENT.
+func_dirname ()
+{
+ # Extract subdirectory from the argument.
+ func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"`
+ if test "X$func_dirname_result" = "X${1}"; then
+ func_dirname_result="${3}"
+ else
+ func_dirname_result="$func_dirname_result${2}"
+ fi
+}
+
+# func_basename file
+func_basename ()
+{
+ func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"`
+}
+
+
+# func_stripname prefix suffix name
+# strip PREFIX and SUFFIX off of NAME.
+# PREFIX and SUFFIX must not contain globbing or regex special
+# characters, hashes, percent signs, but SUFFIX may contain a leading
+# dot (in which case that matches only a dot).
+# func_strip_suffix prefix name
+func_stripname ()
+{
+ case ${2} in
+ .*) func_stripname_result=`$ECHO "X${3}" \
+ | $Xsed -e "s%^${1}%%" -e "s%\\\\${2}\$%%"`;;
+ *) func_stripname_result=`$ECHO "X${3}" \
+ | $Xsed -e "s%^${1}%%" -e "s%${2}\$%%"`;;
+ esac
+}
+
+# sed scripts:
+my_sed_long_opt='1s/^\(-[^=]*\)=.*/\1/;q'
+my_sed_long_arg='1s/^-[^=]*=//'
+
+# func_opt_split
+func_opt_split ()
+{
+ func_opt_split_opt=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_opt"`
+ func_opt_split_arg=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_arg"`
+}
+
+# func_lo2o object
+func_lo2o ()
+{
+ func_lo2o_result=`$ECHO "X${1}" | $Xsed -e "$lo2o"`
+}
+
+# func_xform libobj-or-source
+func_xform ()
+{
+ func_xform_result=`$ECHO "X${1}" | $Xsed -e 's/\.[^.]*$/.lo/'`
+}
+
+# func_arith arithmetic-term...
+func_arith ()
+{
+ func_arith_result=`expr "$@"`
+}
+
+# func_len string
+# STRING may not start with a hyphen.
+func_len ()
+{
+ func_len_result=`expr "$1" : ".*" 2>/dev/null || echo $max_cmd_len`
+}
+
+_LT_EOF
+esac
+
+case $lt_shell_append in
+ yes)
+ cat << \_LT_EOF >> "$cfgfile"
+
+# func_append var value
+# Append VALUE to the end of shell variable VAR.
+func_append ()
+{
+ eval "$1+=\$2"
+}
+_LT_EOF
+ ;;
+ *)
+ cat << \_LT_EOF >> "$cfgfile"
+
+# func_append var value
+# Append VALUE to the end of shell variable VAR.
+func_append ()
+{
+ eval "$1=\$$1\$2"
+}
+
+_LT_EOF
+ ;;
+ esac
+
+
+ sed -n '/^# Generated shell functions inserted here/,$p' "$ltmain" >> "$cfgfile" \
+ || (rm -f "$cfgfile"; exit 1)
+
+ mv -f "$cfgfile" "$ofile" ||
+ (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
+ chmod +x "$ofile"
+
+ ;;
+
+ esac
+done # for ac_tag
+
+
+as_fn_exit 0
+_ACEOF
+ac_clean_files=$ac_clean_files_save
+
+test $ac_write_fail = 0 ||
+ as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5
+
+
+# configure is writing to config.log, and then calls config.status.
+# config.status does its own redirection, appending to config.log.
+# Unfortunately, on DOS this fails, as config.log is still kept open
+# by configure, so config.status won't be able to write to it; its
+# output is simply discarded. So we exec the FD to /dev/null,
+# effectively closing config.log, so it can be properly (re)opened and
+# appended to by config.status. When coming back to configure, we
+# need to make the FD available again.
+if test "$no_create" != yes; then
+ ac_cs_success=:
+ ac_config_status_args=
+ test "$silent" = yes &&
+ ac_config_status_args="$ac_config_status_args --quiet"
+ exec 5>/dev/null
+ $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
+ exec 5>>config.log
+ # Use ||, not &&, to avoid exiting from the if with $? = 1, which
+ # would make configure fail if this is the last instruction.
+ $ac_cs_success || as_fn_exit 1
+fi
+if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
+$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
+fi
+
+
+
+(cd $srcdir && rm -f COPYING.LIB COPYING && $LN_S Copyright COPYING)
diff --git a/configure.in b/configure.in
new file mode 100644
index 00000000..ee2f3c45
--- /dev/null
+++ b/configure.in
@@ -0,0 +1,1633 @@
+dnl Process this file with autoconf to produce a configure script.
+AC_INIT([xmlsec1],[1.2.18],[http://www.aleksey.com/xmlsec])
+
+XMLSEC_PACKAGE=xmlsec1
+XMLSEC_VERSION_MAJOR=1
+XMLSEC_VERSION_MINOR=2
+XMLSEC_VERSION_SUBMINOR=18
+XMLSEC_VERSION="$XMLSEC_VERSION_MAJOR.$XMLSEC_VERSION_MINOR.$XMLSEC_VERSION_SUBMINOR"
+XMLSEC_VERSION_INFO=`echo $XMLSEC_VERSION | awk -F. '{ printf "%d:%d:%d", $1+$2, $3, $2 }'`
+XMLSEC_VERSION_SAFE=`echo $XMLSEC_VERSION | sed 's/\./_/g'`
+
+AC_PREREQ([2.52g])
+AC_CANONICAL_HOST
+
+AC_SUBST(XMLSEC_VERSION)
+AC_SUBST(XMLSEC_PACKAGE)
+AC_SUBST(XMLSEC_VERSION_SAFE)
+AC_SUBST(XMLSEC_VERSION_MAJOR)
+AC_SUBST(XMLSEC_VERSION_MINOR)
+AC_SUBST(XMLSEC_VERSION_SUBMINOR)
+AC_SUBST(XMLSEC_VERSION_INFO)
+
+AC_CONFIG_MACRO_DIR(m4)
+AM_INIT_AUTOMAKE([1.7 tar-ustar])
+AC_CONFIG_HEADERS([config.h])
+AM_MAINTAINER_MODE
+
+dnl
+dnl Check the environment
+dnl
+AC_PROG_CC
+AC_PROG_INSTALL
+AC_HEADER_STDC
+AC_PROG_LIBTOOL
+
+LT_INIT
+
+dnl
+dnl Find programs
+dnl
+if test "z$RM" == "z" ; then
+ AC_PATH_PROG(RM, rm, /bin/rm)
+fi
+AC_PATH_PROG(CP, cp, /bin/cp)
+AC_PATH_PROG(MV, mv, /bin/mv)
+AC_PATH_PROG(TAR, tar, /bin/tar)
+AC_PATH_PROG(HELP2MAN, help2man)
+AC_PATH_PROG(MAN2HTML, man2html)
+
+dnl Make sure we have an ANSI compiler
+AM_C_PROTOTYPES
+test "z$U" != "z" && AC_MSG_ERROR(Compiler not ANSI compliant)
+
+dnl Checks for header files.
+AC_HEADER_DIRENT
+AC_HEADER_STDC
+AC_CHECK_HEADERS([stdio.h])
+AC_CHECK_HEADERS([stdlib.h])
+AC_CHECK_HEADERS([string.h])
+AC_CHECK_HEADERS([ctype.h])
+AC_CHECK_HEADERS([errno.h])
+AC_CHECK_HEADERS([ansidecl.h])
+AC_CHECK_HEADERS([time.h])
+AC_CHECK_FUNCS(strchr strrchr printf sprintf fprintf snprintf vfprintf vsprintf vsnprintf sscanf timegm)
+
+XMLSEC_DEFINES=""
+
+dnl ==========================================================================
+dnl Specific setup for Aleksey's development environment:
+dnl - with debug
+dnl - with pedantic compiler flags
+dnl - with static binaries
+dnl - without dynamic xmlsec-crypto loading
+dnl ==========================================================================
+AC_MSG_CHECKING(for development environment)
+AC_ARG_ENABLE(development, [ --enable-development enable development environment (no)])
+if test "z$enable_development" = "zyes" ; then
+ enable_debuging="yes"
+ enable_pedantic="yes"
+ enable_static_linking="yes"
+ enable_crypto_dl="no"
+ AC_MSG_RESULT(yes)
+else
+ AC_MSG_RESULT(no)
+fi
+
+
+dnl ==========================================================================
+dnl Perform host specific configuration
+dnl ==========================================================================
+XMLSEC_EXTRA_LDFLAGS=
+XMLSEC_CRYPTO_EXTRA_LDFLAGS=
+dnl should separate extra LDFLAGS for xmlsec and crypto libs ?
+dnl should --enable-runtime-pseudo-reloc for mingw and cygwin ?
+
+xmlsec_sharedlib_hack="no"
+if test -n "$shrext"; then
+ XMLSEC_SHLIBSFX="$shrext"
+else
+ dnl changed in libtool (between 1.5.2 and 1.5.14)
+ XMLSEC_SHLIBSFX="$shrext_cmds"
+fi
+case "${host}" in
+ *aix* )
+ CFLAGS="${CFLAGS} -D_ALL_SOURCE"
+ ;;
+ *-*-mingw*)
+ dnl use libtool flags "-avoid-version" to create shared
+ dnl libraries without version suffix, i.e. libxmlsec1.dll
+ dnl instead libxmlsec1-NN.dll, where NN is a number.
+ XMLSEC_EXTRA_LDFLAGS="-no-undefined -avoid-version"
+ XMLSEC_CRYPTO_EXTRA_LDFLAGS="-no-undefined -avoid-version"
+ XMLSEC_SHLIBSFX=".dll.a"
+ xmlsec_sharedlib_hack="yes"
+ ;;
+ *-*-cygwin*)
+ XMLSEC_EXTRA_LDFLAGS="-no-undefined"
+ XMLSEC_CRYPTO_EXTRA_LDFLAGS="-no-undefined"
+ ;;
+esac
+
+# To avoid problem with loading of a shared library (dlopen or equivalent)
+# at run time on some platforms we need to link crypto modules with extra
+# source. It's work without hack on 9x and under emulation.
+# On nt 5.x (w2k,xp) the error is 998("Invalid access to memory location").
+AM_CONDITIONAL(SHAREDLIB_HACK, [test "z$xmlsec_sharedlib_hack" = "zyes"])
+
+dnl ==========================================================================
+dnl Hack for autoconf version mismatch
+dnl ==========================================================================
+if test "z$shrext" == "z" ; then
+ shrext=$shrext_cmds
+fi
+
+dnl ==========================================================================
+dnl Check for __FUNCTION__ or __FUNCTION__
+dnl ==========================================================================
+AC_MSG_CHECKING(for __FUNCTION__ or __func__)
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],
+ [[char *foo = __FUNCTION__;]])],
+ [ac_function_exists=yes],
+ [ac_function_exists=no])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],
+ [[char *foo = __func__;]])],
+ [ac_func_exists=yes],
+ [ac_func_exists=no])
+if test "z$ac_function_exists" = "zyes" ; then
+ AC_MSG_RESULT(__FUNCTION__)
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -D__XMLSEC_FUNCTION__=__FUNCTION__"
+elif test "z$ac_func_exists" = "zyes" ; then
+ AC_MSG_RESULT(__func__)
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -D__XMLSEC_FUNCTION__=__func__"
+else
+ AC_MSG_RESULT("no")
+fi
+
+dnl ==========================================================================
+dnl check do we have size_t and its size,
+dnl TODO: will need to replace this and the xmlSecSize define with
+dnl typedef on next ABI refresh
+dnl ==========================================================================
+AC_CHECK_SIZEOF(size_t)
+if test "$ac_cv_sizeof_size_t" -ne "4" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_SIZE_T"
+fi
+
+dnl ==========================================================================
+dnl Check if pkg-config enabled and installed
+dnl ==========================================================================
+PKG_CONFIG="pkg-config"
+PKGCONFIG_FOUND="no"
+AC_ARG_ENABLE(pkgconfig, [ --enable-pkgconfig enable pkgconfig for configuration (yes)])
+if test "z$enable_pkgconfig" != "zno" ; then
+ AC_CHECK_PROG(PKGCONFIG_PRESENT, $PKG_CONFIG, yes, no)
+ if test "z$PKGCONFIG_PRESENT" = "zyes" ; then
+ if $PKG_CONFIG --atleast-pkgconfig-version 0.9 ; then
+ PKGCONFIG_FOUND="yes"
+ fi
+ fi
+fi
+
+dnl ==========================================================================
+dnl find libxml
+dnl ==========================================================================
+LIBXML_MIN_VERSION="2.7.4"
+LIBXML_CONFIG="xml2-config"
+LIBXML_CFLAGS=""
+LIBXML_LIBS=""
+LIBXML_FOUND="no"
+AC_ARG_WITH(libxml,
+ [ --with-libxml=[PFX] libxml2 location]
+)
+AC_ARG_WITH(libxml-src,
+ [ --with-libxml-src=[PFX] not installed yet libxml2 location]
+)
+
+if test "z$with_libxml" = "zno" -o "z$with_libxml_src" = "zno"; then
+ AC_MSG_CHECKING(for libxml2 libraries >= $LIBXML_MIN_VERSION)
+ AC_MSG_ERROR(libxml2 >= $LIBXML_MIN_VERSION is required for $XMLSEC_PACKAGE)
+elif test "z$with_libxml_src" != "z" ; then
+ AC_MSG_CHECKING(for libxml2 libraries >= $LIBXML_MIN_VERSION)
+ CWD=`pwd`
+ if cd "$with_libxml_src" ; then
+ SRC_DIR=`pwd`
+ LIBXML_CONFIG=${SRC_DIR}/xml2-config
+ LIBXML_LIBS="-L${SRC_DIR}/.libs -lxml2"
+ LIBXML_CFLAGS="-I${SRC_DIR}/include"
+ LIBXML_FOUND="yes"
+ cd $CWD
+ AC_MSG_RESULT([yes (source)])
+ else
+ AC_MSG_ERROR([libxml source dir not found (${with_libxml_src}), typo?])
+ fi
+elif test "z$with_libxml" = "z" -a "z$PKGCONFIG_FOUND" = "zyes" ; then
+ PKG_CHECK_MODULES(LIBXML, libxml-2.0 >= $LIBXML_MIN_VERSION,
+ [LIBXML_FOUND=yes],
+ [LIBXML_FOUND=no])
+fi
+if test "z$LIBXML_FOUND" = "zno" ; then
+ if test "z$with_libxml" != "zyes" ; then
+ if test "z$with_libxml" != "z" ; then
+ AC_PATH_PROG([LIBXML_CONFIG], [$LIBXML_CONFIG], [],
+ [$with_libxml/bin:$PATH])
+ else
+ AC_PATH_PROG([LIBXML_CONFIG], [$LIBXML_CONFIG], [],
+ [$PATH])
+ fi
+ fi
+ AC_MSG_CHECKING([libxml2 $LIBXML_CONFIG ])
+ if ! LIBXML_VERSION=`$LIBXML_CONFIG --version 2>/dev/null`; then
+ AC_MSG_ERROR(Could not find libxml2 anywhere.)
+ fi
+ vers=`echo $LIBXML_VERSION | awk -F. '{ printf "%d", ($1 * 1000 + $2) * 1000 + $3;}'`
+ minvers=`echo $LIBXML_MIN_VERSION | awk -F. '{ printf "%d", ($1 * 1000 + $2) * 1000 + $3;}'`
+ if test "$vers" -ge "$minvers" ; then
+ LIBXML_LIBS="`$LIBXML_CONFIG --libs`"
+ LIBXML_CFLAGS="`$LIBXML_CONFIG --cflags`"
+ LIBXML_FOUND="yes"
+ AC_MSG_RESULT([yes ('$LIBXML_VERSION')])
+ else
+ AC_MSG_ERROR(You need at least libxml2 $LIBXML_MIN_VERSION for this version of $XMLSEC_PACKAGE)
+ fi
+fi
+
+AC_SUBST(LIBXML_CFLAGS)
+AC_SUBST(LIBXML_LIBS)
+AC_SUBST(LIBXML_CONFIG)
+AC_SUBST(LIBXML_MIN_VERSION)
+
+dnl ==========================================================================
+dnl find libxslt
+dnl ==========================================================================
+XMLSEC_NO_LIBXSLT="1"
+LIBXSLT_MIN_VERSION=1.0.20
+LIBXSLT_CONFIG="xslt-config"
+LIBXSLT_CFLAGS=""
+LIBXSLT_LIBS=""
+LIBXSLT_FOUND="no"
+AC_ARG_WITH(libxslt,
+ [ --with-libxslt=[PFX] libxslt location]
+)
+AC_ARG_WITH(libxslt-src,
+ [ --with-libxslt-src=[PFX] not installed yet libxslt location]
+)
+if test "z$with_libxslt" = "zno" -o "z$with_libxslt_src" = "zno" ; then
+ AC_MSG_CHECKING(for libxslt libraries >= $LIBXSLT_MIN_VERSION)
+ AC_MSG_RESULT(no)
+ LIBXSLT_FOUND="without"
+elif test "z$with_libxslt_src" != "z" ; then
+ AC_MSG_CHECKING(for libxslt libraries >= $LIBXSLT_MIN_VERSION)
+ CWD=`pwd`
+ if cd "$with_libxslt_src" ; then
+ SRC_DIR=`pwd`
+ LIBXSLT_CONFIG=${SRC_DIR}/xslt-config
+ LIBXSLT_LIBS="-L${SRC_DIR}/libxslt/.libs -lxslt"
+ LIBXSLT_CFLAGS="-I${SRC_DIR}"
+ LIBXSLT_FOUND="yes"
+ cd $CWD
+ AC_MSG_RESULT([yes (source)])
+ else
+ AC_MSG_ERROR([libxslt source dir not found (${with_libxslt_src}), typo?])
+ fi
+elif test "z$with_libxslt" = "z" -a "z$PKGCONFIG_FOUND" = "zyes" ; then
+ PKG_CHECK_MODULES(LIBXSLT, libxslt >= $LIBXSLT_MIN_VERSION,
+ [LIBXSLT_FOUND=yes],
+ [LIBXSLT_FOUND=no])
+fi
+
+if test "z$LIBXSLT_FOUND" = "zno" ; then
+ if test "z$with_libxslt" != "zyes" ; then
+ if test "z$with_libxslt" != "z" ; then
+ AC_PATH_PROG([LIBXSLT_CONFIG], [$LIBXSLT_CONFIG], [],
+ [$with_libxslt/bin:$PATH])
+ else
+ AC_PATH_PROG([LIBXSLT_CONFIG], [$LIBXSLT_CONFIG], [],
+ [$PATH])
+ fi
+ fi
+ AC_MSG_CHECKING(for libxslt libraries >= $LIBXSLT_MIN_VERSION)
+ if ! LIBXSLT_VERSION=`$LIBXSLT_CONFIG --version 2>/dev/null`; then
+ if test "z$with_libxslt" != "zyes" ; then
+ AC_MSG_ERROR(Unable to find libxslt at '$with_libxslt')
+ else
+ AC_MSG_RESULT(no)
+ fi
+ else
+ vers=`echo $LIBXSLT_VERSION | awk -F. '{ printf "%d", ($1 * 1000 + $2) * 1000 + $3;}'`
+ minvers=`echo $LIBXSLT_MIN_VERSION | awk -F. '{ printf "%d", ($1 * 1000 + $2) * 1000 + $3;}'`
+ if test "$vers" -ge "$minvers" ; then
+ LIBXSLT_LIBS="`$LIBXSLT_CONFIG --libs`"
+ LIBXSLT_CFLAGS="`$LIBXSLT_CONFIG --cflags`"
+ LIBXSLT_FOUND="yes"
+ AC_MSG_RESULT([yes ('$LIBXSLT_VERSION')])
+ else
+ AC_MSG_ERROR(You need at least libxslt $LIBXSLT_MIN_VERSION for this version of $XMLSEC_PACKAGE)
+ fi
+ fi
+fi
+
+if test "z$LIBXSLT_FOUND" = "zyes" ; then
+ XMLSEC_NO_LIBXSLT="0"
+else
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_XSLT=1"
+fi
+
+AC_SUBST(XMLSEC_NO_LIBXSLT)
+AC_SUBST(LIBXSLT_CFLAGS)
+AC_SUBST(LIBXSLT_LIBS)
+AC_SUBST(LIBXSLT_CONFIG)
+AC_SUBST(LIBXSLT_MIN_VERSION)
+
+dnl ==========================================================================
+dnl See if we can find a crypto library
+dnl ==========================================================================
+XMLSEC_CRYPTO_LIST=""
+XMLSEC_CRYPTO_DISABLED_LIST=""
+
+dnl ==========================================================================
+dnl OpenSSL
+dnl ==========================================================================
+ac_openssl_lib_dir="/usr/local/lib /usr/lib /usr/lib64 /usr/local /usr/local/ssl /usr/local/ssl/lib /usr/pkg"
+ac_openssl_inc_dir="/usr/local/include /usr/include /usr/local /usr/local/ssl /usr/pkg /usr/local/ssl/include"
+
+XMLSEC_NO_OPENSSL="1"
+OPENSSL_MIN_VERSION="0.9.6"
+OPENSSL_VERSION=""
+OPENSSL_CFLAGS=""
+OPENSSL_LIBS=""
+OPENSSL_CRYPTO_LIB="$XMLSEC_PACKAGE-openssl"
+OPENSSL_FOUND=no
+AC_ARG_WITH(openssl, [ --with-openssl=[PFX] openssl location])
+if test "z$with_openssl" = "zno" ; then
+ OPENSSL_FOUND=without
+ AC_MSG_CHECKING(for openssl libraries >= $OPENSSL_MIN_VERSION)
+ AC_MSG_RESULT(no)
+elif test "z$with_openssl" != "z" ; then
+ case $host in
+ *-*-mingw*) openssl_exlibs=;;
+ *-*-osf5*) openssl_exlibs=;;
+ *-*-openbsd*) openssl_exlibs=;;
+ *-*-netbsd*) openssl_exlibs=;;
+ #FIXME: check if lib "dl" is required
+ *) openssl_exlibs=-ldl;;
+ esac
+ OPENSSL_CFLAGS="$OPENSSL_CFLAGS -I$with_openssl/include"
+ if test -f "$with_openssl/lib/libcrypto${XMLSEC_SHLIBSFX}" ; then
+ OPENSSL_LIBS="-L$with_openssl/lib -lcrypto $openssl_exlibs"
+ else
+ OPENSSL_LIBS="$with_openssl/lib/libcrypto.a $openssl_exlibs"
+ fi
+ OPENSSL_FOUND="yes"
+elif test "z$PKGCONFIG_FOUND" = "zyes" ; then
+ if test "z$OPENSSL_VERSION" = "z" ; then
+ PKG_CHECK_MODULES(OPENSSL, openssl >= 0.9.8,
+ [OPENSSL_VERSION="0.9.8"],
+ [OPENSSL_VERSION=""])
+ fi
+
+ if test "z$OPENSSL_VERSION" = "z" ; then
+ PKG_CHECK_MODULES(OPENSSL, openssl >= 0.9.7,
+ [OPENSSL_VERSION="0.9.7"],
+ [OPENSSL_VERSION=""])
+ fi
+
+ if test "z$OPENSSL_VERSION" = "z" ; then
+ PKG_CHECK_MODULES(OPENSSL, openssl >= $OPENSSL_MIN_VERSION,
+ [OPENSSL_VERSION="$OPENSSL_MIN_VERSION"],
+ [OPENSSL_VERSION=""])
+ fi
+
+ if test "z$OPENSSL_VERSION" != "z" ; then
+ OPENSSL_FOUND="yes"
+ fi
+fi
+
+if test "z$OPENSSL_FOUND" = "zno" ; then
+ OPENSSL_INCLUDES_FOUND="no"
+ OPENSSL_LIBS_FOUND="no"
+
+ for dir in $ac_openssl_inc_dir ; do
+ if test -f $dir/openssl/ssl.h ; then
+ dnl do not add -I/usr/include because compiler does it anyway
+ if test "z$dir" = "z/usr/include" ; then
+ OPENSSL_CFLAGS="$OPENSSL_CFLAGS "
+ else
+ OPENSSL_CFLAGS="$OPENSSL_CFLAGS -I$dir"
+ fi
+ OPENSSL_INCLUDES_FOUND="yes"
+ break
+ fi
+ done
+
+ for dir in $ac_openssl_lib_dir ; do
+ if test -f $dir/libcrypto.a ; then
+ dnl do not add -L/usr/lib because compiler does it anyway
+ if test "z$dir" = "z/usr/lib" ; then
+ OPENSSL_LIBS="-lcrypto -ldl"
+ else
+ OPENSSL_LIBS="-L$dir -lcrypto -ldl"
+ fi
+ OPENSSL_LIBS_FOUND="yes"
+ ac_found_openssl_lib_dir=$dir
+ break;
+ fi
+ done
+
+ if test "z$OPENSSL_INCLUDES_FOUND" = "zyes" -a "z$OPENSSL_LIBS_FOUND" = "zyes" ; then
+ OPENSSL_FOUND="yes"
+ fi
+fi
+
+if test "z$OPENSSL_FOUND" = "zyes" -a "z$OPENSSL_VERSION" = "z" ; then
+ AC_MSG_CHECKING(for openssl libraries >= $OPENSSL_MIN_VERSION)
+
+ dnl Check the OpenSSL version
+ OLD_CPPFLAGS=$CPPFLAGS
+ CPPFLAGS="$OPENSSL_CFLAGS"
+
+ if test "z$OPENSSL_VERSION" = "z" ; then
+ AC_EGREP_CPP(yes,[
+ #include <openssl/opensslv.h>
+ #if OPENSSL_VERSION_NUMBER >= 0x10000000L
+ yes
+ #endif
+ ],[
+ OPENSSL_VERSION="1.0.0"
+ ],[
+ OPENSSL_VERSION=""
+ ])
+ fi
+
+ if test "z$OPENSSL_VERSION" = "z" ; then
+ AC_EGREP_CPP(yes,[
+ #include <openssl/opensslv.h>
+ #if OPENSSL_VERSION_NUMBER >= 0x00908000L
+ yes
+ #endif
+ ],[
+ OPENSSL_VERSION="0.9.8"
+ ],[
+ OPENSSL_VERSION=""
+ ])
+ fi
+
+ if test "z$OPENSSL_VERSION" = "z" ; then
+ AC_EGREP_CPP(yes,[
+ #include <openssl/opensslv.h>
+ #if OPENSSL_VERSION_NUMBER >= 0x00907000L
+ yes
+ #endif
+ ],[
+ OPENSSL_VERSION="0.9.7"
+ ],[
+ OPENSSL_VERSION=""
+ ])
+ fi
+
+ if test "z$OPENSSL_VERSION" = "z" ; then
+ AC_EGREP_CPP(yes,[
+ #include <openssl/opensslv.h>
+ #if OPENSSL_VERSION_NUMBER >= 0x00906000L
+ yes
+ #endif
+ ],[
+ OPENSSL_VERSION="0.9.6"
+ ],[
+ OPENSSL_VERSION=""
+ ])
+ fi
+ if test "z$OPENSSL_VERSION" = "z" ; then
+ AC_MSG_RESULT(no)
+ else
+ AC_MSG_RESULT([yes ('$OPENSSL_VERSION')])
+ fi
+
+ CPPFLAGS=$OLD_CPPFLAGS
+fi
+
+if test "z$OPENSSL_FOUND" = "zyes" ; then
+ XMLSEC_NO_OPENSSL="0"
+ if test "z$OPENSSL_VERSION" = "z0.9.6" ; then
+ OPENSSL_CFLAGS="$OPENSSL_CFLAGS -DXMLSEC_OPENSSL_096=1"
+ fi
+ if test "z$OPENSSL_VERSION" = "z0.9.7" ; then
+ OPENSSL_CFLAGS="$OPENSSL_CFLAGS -DXMLSEC_OPENSSL_097=1"
+ fi
+ if test "z$OPENSSL_VERSION" = "z0.9.8" ; then
+ OPENSSL_CFLAGS="$OPENSSL_CFLAGS -DXMLSEC_OPENSSL_098=1"
+ fi
+ if test "z$OPENSSL_VERSION" = "z1.0.0" ; then
+ OPENSSL_CFLAGS="$OPENSSL_CFLAGS -DXMLSEC_OPENSSL_100=1"
+ fi
+ OPENSSL_CFLAGS="$OPENSSL_CFLAGS -DXMLSEC_CRYPTO_OPENSSL=1"
+ XMLSEC_CRYPTO_LIST="$XMLSEC_CRYPTO_LIST openssl"
+else
+ XMLSEC_CRYPTO_DISABLED_LIST="$XMLSEC_CRYPTO_DISABLED_LIST openssl"
+fi
+
+AM_CONDITIONAL(XMLSEC_NO_OPENSSL, test "z$XMLSEC_NO_OPENSSL" == "z1")
+AC_SUBST(XMLSEC_NO_OPENSSL)
+AC_SUBST(OPENSSL_CFLAGS)
+AC_SUBST(OPENSSL_LIBS)
+AC_SUBST(OPENSSL_CRYPTO_LIB)
+AC_SUBST(OPENSSL_MIN_VERSION)
+
+dnl ==========================================================================
+dnl See if we can find NSS and NSPR
+dnl Allow the use of:
+dnl 1. Mozilla style distribution where all mozilla components (NSS, NSPR
+dnl are just 2 of over 100 components) are under one directory.
+dnl options: [--with-mozilla-ver=<VERSION>]
+dnl
+dnl Using the version number, various directories are searched
+dnl for NSS & NSPR
+dnl
+dnl AND / OR
+dnl
+dnl 2. separate NSS & NSPR distributions
+dnl options: [--with-nss=<PFX>] [--with-nspr=<PFX>]
+dnl
+dnl 2 overrides 1
+dnl
+dnl ==========================================================================
+XMLSEC_NO_NSS="1"
+SEAMONKEY_MIN_VERSION="1.0"
+MOZILLA_MIN_VERSION="1.4"
+NSS_MIN_VERSION="3.9"
+NSPR_MIN_VERSION="4.4.1"
+NSS_CFLAGS=""
+NSS_LIBS=""
+NSS_LIBS_LIST="-lnss3 -lsmime3"
+NSPR_LIBS_LIST="-lnspr4 -lplds4 -lplc4"
+NSS_CRYPTO_LIB="$XMLSEC_PACKAGE-nss"
+NSS_FOUND="no"
+NSPR_PACKAGE=mozilla-nspr
+NSS_PACKAGE=mozilla-nss
+
+
+dnl if nss is disabled, bail out early
+AC_ARG_WITH(nss, [ --with-nss=[PFX] nss location])
+AC_ARG_WITH(nspr, [ --with-nspr=[PFX] nspr location (needed for NSS)])
+AC_ARG_WITH(seamonkey_ver, [ --with-seamonkey-ver=[VER] mozilla version (alt to --with-nss, --with-nspr)])
+AC_ARG_WITH(mozilla_ver, [ --with-mozilla-ver=[VER] mozilla version (alt to --with-nss, --with-nspr)])
+if test "z$with_nss" = "zno" -o "z$with_nspr" = "zno" ; then
+ AC_MSG_CHECKING(for NSS libraries)
+ AC_MSG_RESULT(no)
+ NSS_FOUND="without"
+elif test "z$with_nss" = "z" -a "z$with_nspr" = "z" -a "z$with_mozilla_ver" = "z" -a "z$with_seamonkey_ver" = "z" -a "z$PKGCONFIG_FOUND" = "zyes" ; then
+ dnl
+ dnl Mozilla's NSS/NSPR are distributed under different names
+ dnl in different distribution:
+ dnl seamonkey-nspr and seamonkey-nss
+ dnl mozilla-nspr and mozilla-nss
+ dnl xulrunner-nspr and xulrunner-nss
+ dnl nspr and nss
+ dnl We are going to try all options
+ dnl
+ if test "z$NSS_FOUND" = "zno" ; then
+ PKG_CHECK_MODULES(NSS, seamonkey-nspr >= $NSPR_MIN_VERSION seamonkey-nss >= $SEAMONKEY_MIN_VERSION,
+ [NSS_FOUND=yes NSPR_PACKAGE=seamonkey-nspr NSS_PACKAGE=seamonkey-nss],
+ [NSS_FOUND=no])
+ fi
+ if test "z$NSS_FOUND" = "zno" ; then
+ PKG_CHECK_MODULES(NSS, mozilla-nspr >= $MOZILLA_MIN_VERSION mozilla-nss >= $MOZILLA_MIN_VERSION,
+ [NSS_FOUND=yes NSPR_PACKAGE=mozilla-nspr NSS_PACKAGE=mozilla-nss],
+ [NSS_FOUND=no])
+ fi
+ if test "z$NSS_FOUND" = "zno" ; then
+ PKG_CHECK_MODULES(NSS, xulrunner-nspr >= $NSPR_MIN_VERSION xulrunner-nss >= $NSS_MIN_VERSION,
+ [NSS_FOUND=yes NSPR_PACKAGE=xulrunner-nspr NSS_PACKAGE=xulrunner-nss],
+ [NSS_FOUND=no])
+ fi
+ if test "z$NSS_FOUND" = "zno" ; then
+ PKG_CHECK_MODULES(NSS, nspr >= $NSPR_MIN_VERSION nss >= $NSS_MIN_VERSION,
+ [NSS_FOUND=yes NSPR_PACKAGE=nspr NSS_PACKAGE=nss],
+ [NSS_FOUND=no])
+ fi
+fi
+
+if test "z$NSS_FOUND" = "zno" ; then
+ dnl process the mozilla options if any
+ if test "z$with_seamonkey_ver" != "z" ; then
+ ac_mozilla_name=seamonkey-$with_seamonkey_ver
+ elif test "z$with_mozilla_ver" != "z" ; then
+ ac_mozilla_name=mozilla-$with_mozilla_ver
+ else
+ ac_mozilla_name=mozilla-$MOZILLA_MIN_VERSION
+ fi
+
+ ac_nss_lib_dir="/usr/lib /usr/lib64 /usr/local/lib /usr/lib/$ac_mozilla_name /usr/local/lib/$ac_mozilla_name"
+ ac_nss_inc_dir="/usr/include /usr/include/mozilla /usr/local/include /usr/local/include/mozilla /usr/include/$ac_mozilla_name /usr/local/include/$ac_mozilla_name"
+
+ AC_MSG_CHECKING(for nspr libraries >= $NSPR_MIN_VERSION)
+ NSPR_INCLUDES_FOUND="no"
+ NSPR_LIBS_FOUND="no"
+ NSPR_FOUND="no"
+ NSPR_PRINIT_H=""
+
+ if test "z$with_nspr" != "z" ; then
+ NSPR_PREFIX="$with_nspr"
+ NSPR_CFLAGS="-I$with_nspr/include -I$with_nspr/include/nspr"
+ if test "z$with_gnu_ld" = "zyes" ; then
+ NSPR_LIBS="-Wl,-rpath-link -Wl,$with_nspr/lib -L$with_nspr/lib $NSPR_LIBS_LIST"
+ else
+ NSPR_LIBS="-L$with_nspr/lib $NSPR_LIBS_LIST"
+ fi
+ NSPR_INCLUDES_FOUND="yes"
+ NSPR_LIBS_FOUND="yes"
+ NSPR_PRINIT_H="$with_nspr/include/prinit.h"
+ else
+ for dir in $ac_nss_inc_dir ; do
+ if test -f $dir/nspr/prinit.h ; then
+ dnl do not add -I/usr/include because compiler does it anyway
+ if test "z$dir" = "z/usr/include" ; then
+ NSPR_CFLAGS=""
+ else
+ NSPR_CFLAGS="-I$dir/nspr"
+ fi
+ NSPR_INCLUDES_FOUND="yes"
+ NSPR_PRINIT_H="$dir/nspr/prinit.h"
+ break
+ fi
+ done
+
+ for dir in $ac_nss_lib_dir ; do
+ if test -f $dir/libnspr4$shrext ; then
+ dnl do not add -L/usr/lib because compiler does it anyway
+ if test "z$dir" = "z/usr/lib" ; then
+ NSPR_LIBS="$NSPR_LIBS_LIST"
+ else
+ if test "z$with_gnu_ld" = "zyes" ; then
+ NSPR_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSPR_LIBS_LIST"
+ else
+ NSPR_LIBS="-L$dir $NSPR_LIBS_LIST"
+ fi
+ fi
+ NSPR_LIBS_FOUND="yes"
+ break
+ fi
+ done
+ fi
+
+ if test "z$NSPR_INCLUDES_FOUND" = "zyes" -a "z$NSPR_LIBS_FOUND" = "zyes" ; then
+ OLD_CPPFLAGS=$CPPFLAGS
+ CPPFLAGS="$NSPR_CFLAGS"
+ AC_EGREP_CPP(yes,[
+ #include <prinit.h>
+ #if PR_VMAJOR >= 4
+ yes
+ #endif
+ ],[
+ NSPR_FOUND=yes
+ ],[
+ NSPR_FOUND=no
+ ])
+ CPPFLAGS="$OLD_CPPFLAGS"
+ fi
+
+ if test "z$NSPR_FOUND" = "zyes" ; then
+ AC_MSG_RESULT(yes)
+ else
+ AC_MSG_RESULT(no)
+ fi
+
+ dnl look for nss
+ AC_MSG_CHECKING(for nss libraries >= $NSS_MIN_VERSION)
+ NSS_INCLUDES_FOUND="no"
+ NSS_LIBS_FOUND="no"
+ NSS_NSS_H=""
+
+ if test "z$with_nss" != "z" ; then
+ NSS_CFLAGS="$NSS_CFLAGS -I$with_nss/include -I$with_nss/include/nss"
+ if test "z$with_gnu_ld" = "zyes" ; then
+ NSS_LIBS="$NSS_LIBS -Wl,-rpath-link -Wl,$with_nss/lib -L$with_nss/lib $NSS_LIBS_LIST"
+ else
+ NSS_LIBS="$NSS_LIBS -L$with_nss/lib $NSS_LIBS_LIST"
+ fi
+ NSS_INCLUDES_FOUND="yes"
+ NSS_LIBS_FOUND="yes"
+ NSS_NSS_H="$with_nss/include/nss.h"
+ else
+ for dir in $ac_nss_inc_dir ; do
+ if test -f $dir/nss/nss.h ; then
+ dnl do not add -I/usr/include because compiler does it anyway
+ if test "z$dir" = "z/usr/include" ; then
+ NSS_CFLAGS="$NSS_CFLAGS"
+ else
+ NSS_CFLAGS="$NSS_CFLAGS -I$dir/nss"
+ fi
+ NSS_INCLUDES_FOUND="yes"
+ NSS_NSS_H="$dir/nss/nss.h"
+ break
+ fi
+ done
+
+ for dir in $ac_nss_lib_dir ; do
+ if test -f $dir/libnss3$shrext ; then
+ dnl do not add -L/usr/lib because compiler does it anyway
+ if test "z$dir" = "z/usr/lib" ; then
+ NSS_LIBS="$NSS_LIBS_LIST"
+ else
+ if test "z$with_gnu_ld" = "zyes" ; then
+ NSS_LIBS="-Wl,-rpath-link -Wl,$dir -L$dir $NSS_LIBS_LIST"
+ else
+ NSS_LIBS="-L$dir $NSS_LIBS_LIST"
+ fi
+ fi
+ NSS_LIBS_FOUND="yes"
+ break
+ fi
+ done
+ fi
+
+ if test "z$NSS_INCLUDES_FOUND" = "zyes" -a "z$NSS_LIBS_FOUND" = "zyes" ; then
+ OLD_CPPFLAGS=$CPPFLAGS
+ CPPFLAGS="$NSS_CFLAGS"
+ AC_EGREP_CPP(yes,[
+ #include <nss.h>
+ #if NSS_VMAJOR >= 3 && NSS_VMINOR >= 2
+ yes
+ #endif
+ ],[
+ NSS_FOUND=yes
+ ],[
+ NSS_FOUND=no
+ ])
+ CPPFLAGS="$OLD_CPPFLAGS"
+ fi
+
+ if test "z$NSS_FOUND" = "zyes" ; then
+ AC_MSG_RESULT(yes)
+ else
+ AC_MSG_RESULT(no)
+ fi
+
+ dnl check that we have found both NSS and NSPR
+ if test "z$NSPR_FOUND" = "zyes" -a "z$NSS_FOUND" = "zyes" ; then
+ NSS_CFLAGS="$NSS_CFLAGS $NSPR_CFLAGS"
+ NSS_LIBS="$NSS_LIBS $NSPR_LIBS"
+ elif test "z$NSPR_FOUND" != "zyes" -a "z$NSS_FOUND" = "zyes" ; then
+ NSS_FOUND="no"
+ AC_MSG_RESULT(NSPR library is required for NSS, ignoring NSS library we have found)
+ fi
+fi
+
+if test "z$NSS_FOUND" = "zyes" ; then
+ XMLSEC_NO_NSS="0"
+ NSS_CFLAGS="$NSS_CFLAGS -DXMLSEC_CRYPTO_NSS=1"
+ XMLSEC_CRYPTO_LIST="$XMLSEC_CRYPTO_LIST nss"
+else
+ XMLSEC_CRYPTO_DISABLED_LIST="$XMLSEC_CRYPTO_DISABLED_LIST nss"
+fi
+
+AM_CONDITIONAL(XMLSEC_NO_NSS, test "z$XMLSEC_NO_NSS" = "z1")
+AC_SUBST(XMLSEC_NO_NSS)
+AC_SUBST(NSPR_PACKAGE)
+AC_SUBST(NSS_PACKAGE)
+AC_SUBST(NSS_CFLAGS)
+AC_SUBST(NSS_LIBS)
+AC_SUBST(NSS_CRYPTO_LIB)
+AC_SUBST(NSS_MIN_VERSION)
+AC_SUBST(NSPR_MIN_VERSION)
+AC_SUBST(MOZILLA_MIN_VERSION)
+
+
+dnl ==========================================================================
+dnl See if we can find GCrypt
+dnl ==========================================================================
+GCRYPT_CONFIG="libgcrypt-config"
+XMLSEC_NO_GCRYPT="1"
+GCRYPT_MIN_VERSION="1.4.0"
+GCRYPT_VERSION=""
+GCRYPT_CFLAGS=""
+GCRYPT_LIBS=""
+GCRYPT_CRYPTO_LIB="$XMLSEC_PACKAGE-gcrypt"
+GCRYPT_FOUND="no"
+AC_ARG_WITH(gcrypt, [ --with-gcrypt=[PFX] gcrypt location])
+if test "z$with_gcrypt" = "zno" ; then
+ AC_MSG_CHECKING(for gcrypt libraries >= $GCRYPT_MIN_VERSION)
+ AC_MSG_RESULT(no)
+ GCRYPT_FOUND="without"
+elif test "z$with_gcrypt" = "z" -a "z$PKGCONFIG_FOUND" = "zyes" ; then
+ PKG_CHECK_MODULES(GCRYPT, gcrypt >= $GCRYPT_MIN_VERSION,
+ [GCRYPT_FOUND=yes],
+ [GCRYPT_FOUND=no])
+
+ if test "z$GCRYPT_FOUND" = "zno" ; then
+ PKG_CHECK_MODULES(GCRYPT, libgcrypt >= $GCRYPT_MIN_VERSION,
+ [GCRYPT_FOUND=yes],
+ [GCRYPT_FOUND=no])
+ fi
+
+ if test "z$GCRYPT_FOUND" = "zno" ; then
+ PKG_CHECK_MODULES(GCRYPT, libgcrypt11 >= $GCRYPT_MIN_VERSION,
+ [GCRYPT_FOUND=yes],
+ [GCRYPT_FOUND=no])
+ fi
+fi
+
+if test "z$GCRYPT_FOUND" = "zno" ; then
+ AC_MSG_CHECKING(for gcrypt libraries >= $GCRYPT_MIN_VERSION)
+ if test "z$with_gcrypt" != "z" ; then
+ GCRYPT_CONFIG=$with_gcrypt/bin/$GCRYPT_CONFIG
+ fi
+ if ! $GCRYPT_CONFIG --version > /dev/null 2>&1 ; then
+ if test "z$with_gcrypt" != "z" ; then
+ AC_MSG_ERROR(Unable to find gcrypt at '$with_gcrypt')
+ else
+ AC_MSG_RESULT(no)
+ fi
+ else
+ vers=`$GCRYPT_CONFIG --version | awk -F. '{ printf "%d", ($1 * 1000 + $2) * 1000 + $3;}'`
+ minvers=`echo $GCRYPT_MIN_VERSION | awk -F. '{ printf "%d", ($1 * 1000 + $2) * 1000 + $3;}'`
+ if test "$vers" -ge "$minvers" ; then
+ GCRYPT_CFLAGS="$GCRYPT_CFLAGS `$GCRYPT_CONFIG --cflags`"
+ GCRYPT_LIBS="$GCRYPT_LIBS `$GCRYPT_CONFIG --libs`"
+ GCRYPT_FOUND=yes
+ else
+ AC_MSG_ERROR(You need at least gcrypt $GCRYPT_MIN_VERSION for this version of $XMLSEC_PACKAGE)
+ fi
+ fi
+fi
+
+if test "z$GCRYPT_FOUND" = "zyes" ; then
+ XMLSEC_NO_GCRYPT="0"
+ GCRYPT_CFLAGS="$GCRYPT_CFLAGS -DXMLSEC_CRYPTO_GCRYPT=1"
+ XMLSEC_CRYPTO_LIST="$XMLSEC_CRYPTO_LIST gcrypt"
+else
+ XMLSEC_CRYPTO_DISABLED_LIST="$XMLSEC_CRYPTO_DISABLED_LIST gcrypt"
+fi
+
+AM_CONDITIONAL(XMLSEC_NO_GCRYPT, test "z$XMLSEC_NO_GCRYPT" = "z1")
+AC_SUBST(XMLSEC_NO_GCRYPT)
+AC_SUBST(GCRYPT_CFLAGS)
+AC_SUBST(GCRYPT_LIBS)
+AC_SUBST(GCRYPT_CRYPTO_LIB)
+AC_SUBST(GCRYPT_MIN_VERSION)
+
+
+dnl ==========================================================================
+dnl See if we can find GnuTLS
+dnl ==========================================================================
+GNUTLS_CONFIG="libgnutls-config"
+XMLSEC_NO_GNUTLS="1"
+GNUTLS_MIN_VERSION="2.8.0"
+GNUTLS_VERSION=""
+GNUTLS_CFLAGS=""
+GNUTLS_LIBS=""
+GNUTLS_CRYPTO_LIB="$XMLSEC_PACKAGE-gnutls"
+GNUTLS_FOUND="no"
+AC_ARG_WITH(gnutls, [ --with-gnutls=[PFX] gnutls location])
+if test "z$with_gnutls" = "zno" ; then
+ AC_MSG_CHECKING(for gnutls libraries >= $GNUTLS_MIN_VERSION)
+ AC_MSG_RESULT(no)
+ GNUTLS_FOUND="without"
+elif test "z$with_gnutls" = "z" -a "z$PKGCONFIG_FOUND" = "zyes" ; then
+ PKG_CHECK_MODULES(GNUTLS, gnutls >= $GNUTLS_MIN_VERSION,
+ [GNUTLS_FOUND=yes],
+ [GNUTLS_FOUND=no])
+ if test "z$GNUTLS_FOUND" = "zno" ; then
+ PKG_CHECK_MODULES(GNUTLS, libgnutls >= $GNUTLS_MIN_VERSION,
+ [GNUTLS_FOUND=yes],
+ [GNUTLS_FOUND=no])
+ fi
+fi
+
+if test "z$GNUTLS_FOUND" = "zno" ; then
+ AC_MSG_CHECKING(for gnutls libraries >= $GNUTLS_MIN_VERSION)
+ if test "z$with_gnutls" != "z" ; then
+ GNUTLS_CONFIG=$with_gnutls/bin/$GNUTLS_CONFIG
+ fi
+ if ! $GNUTLS_CONFIG --version > /dev/null 2>&1 ; then
+ if test "z$with_gnutls" != "z" ; then
+ AC_MSG_ERROR(Unable to find gnutls at '$with_gnutls')
+ else
+ AC_MSG_RESULT(no)
+ fi
+ else
+ vers=`$GNUTLS_CONFIG --version | awk -F. '{ printf "%d", ($1 * 1000 + $2) * 1000 + $3;}'`
+ minvers=`echo $GNUTLS_MIN_VERSION | awk -F. '{ printf "%d", ($1 * 1000 + $2) * 1000 + $3;}'`
+ if test "$vers" -ge "$minvers" ; then
+ GNUTLS_CFLAGS="$GNUTLS_CFLAGS `$GNUTLS_CONFIG --cflags`"
+ GNUTLS_LIBS="$GNUTLS_LIBS `$GNUTLS_CONFIG --libs`"
+ GNUTLS_FOUND=yes
+ else
+ AC_MSG_ERROR(You need at least gnutls $GNUTLS_MIN_VERSION for this version of $XMLSEC_PACKAGE)
+ fi
+ fi
+fi
+
+if test "z$GNUTLS_FOUND" = "zyes" ; then
+ XMLSEC_NO_GNUTLS="0"
+ GNUTLS_CFLAGS="$GNUTLS_CFLAGS -DXMLSEC_CRYPTO_GNUTLS=1"
+ XMLSEC_CRYPTO_LIST="$XMLSEC_CRYPTO_LIST gnutls"
+
+ dnl xmlsec-gnutls is using xmlsec-gcrypt
+ if test "z$GCRYPT_FOUND" != "zyes" ; then
+ AC_MSG_ERROR(xmlsec-gnutls library requires xmlsec-gcrypt library which is disabled or missing)
+ fi
+
+else
+ XMLSEC_CRYPTO_DISABLED_LIST="$XMLSEC_CRYPTO_DISABLED_LIST gnutls"
+fi
+
+AM_CONDITIONAL(XMLSEC_NO_GNUTLS, test "z$XMLSEC_NO_GNUTLS" = "z1")
+AC_SUBST(XMLSEC_NO_GNUTLS)
+AC_SUBST(GNUTLS_CFLAGS)
+AC_SUBST(GNUTLS_LIBS)
+AC_SUBST(GNUTLS_CRYPTO_LIB)
+AC_SUBST(GNUTLS_MIN_VERSION)
+
+
+dnl ==========================================================================
+dnl See if we can find MSCrypto
+dnl ==========================================================================
+XMLSEC_NO_MSCRYPTO="1"
+MSCRYPTO_CFLAGS=""
+MSCRYPTO_LIBS=""
+MSCRYPTO_CRYPTO_LIB="$XMLSEC_PACKAGE-mscrypto"
+MSCRYPTO_ENABLE='none'
+AC_ARG_ENABLE(mscrypto,
+ [ --enable-mscrypto enable mscrypto (no)],
+ [MSCRYPTO_ENABLE=$enableval])
+if test "z$MSCRYPTO_ENABLE" != "zyes" ; then
+ AC_MSG_CHECKING(for mscrypto libraries)
+ AC_MSG_RESULT([$MSCRYPTO_ENABLE])
+else
+dnl cannot detect __stdcall functions
+dnl AC_CHECK_LIB(crypt32, CertOpenStore, ....
+ LIBS_SAVE="$LIBS"
+ LIBS="$LIBS -lcrypt32"
+ AC_MSG_CHECKING(for mscrypto libraries)
+ AC_LINK_IFELSE([
+ #include <windows.h>
+ #include <wincrypt.h>
+ int main () { CertOpenStore(0,0,0,0,0);; return(0); }
+ ],
+ [],
+ [MSCRYPTO_ENABLE="no"])
+ AC_MSG_RESULT([$MSCRYPTO_ENABLE])
+ LIBS="$LIBS_SAVE"
+fi
+
+if test "z$MSCRYPTO_ENABLE" = "zyes" ; then
+ XMLSEC_NO_MSCRYPTO="0"
+
+ MSCRYPTO_CFLAGS="$MSCRYPTO_CFLAGS -DXMLSEC_CRYPTO_MSCRYPTO=1"
+ case $host in
+ *-*-mingw*)
+ dnl since mingw crypt32 library is limited
+ dnl we use own def-file
+ MSCRYPTO_LIBS='-Wl,$(srcdir)/mingw-crypt32.def';;
+ *)
+ MSCRYPTO_LIBS="-lcrypt32";;
+ esac
+
+ XMLSEC_CRYPTO_LIST="$XMLSEC_CRYPTO_LIST mscrypto"
+else
+ XMLSEC_CRYPTO_DISABLED_LIST="$XMLSEC_CRYPTO_DISABLED_LIST mscrypto"
+fi
+
+AM_CONDITIONAL(XMLSEC_NO_MSCRYPTO, [test "z$XMLSEC_NO_MSCRYPTO" = "z1"])
+AC_SUBST(XMLSEC_NO_MSCRYPTO)
+AC_SUBST(MSCRYPTO_CFLAGS)
+AC_SUBST(MSCRYPTO_LIBS)
+AC_SUBST(MSCRYPTO_CRYPTO_LIB)
+
+
+dnl ==========================================================================
+dnl Figure out the default crypt - the first crypto library wins
+dnl ==========================================================================
+XMLSEC_CRYPTO=""
+XMLSEC_CRYPTO_LIB=""
+XMLSEC_CRYPTO_CFLAGS=""
+XMLSEC_CRYPTO_LIBS=""
+AC_MSG_CHECKING(for default crypto library)
+AC_ARG_WITH(default_crypto, [ --with-default-crypto=name default crypto name])
+
+# check the argument
+case "z$with_default_crypto" in
+ 'zmscrypto')
+ if test "z$XMLSEC_NO_MSCRYPTO" != "z1" ; then
+ XMLSEC_CRYPTO="mscrypto"
+ else
+ AC_MSG_ERROR('$with_default_crypto' is specified as default crypto library but it is not configured or found)
+ fi
+ ;;
+ 'zopenssl')
+ if test "z$XMLSEC_NO_OPENSSL" != "z1" ; then
+ XMLSEC_CRYPTO="openssl"
+ else
+ AC_MSG_ERROR('$with_default_crypto' is specified as default crypto library but it is not configured or found)
+ fi
+ ;;
+ 'znss')
+ if test "z$XMLSEC_NO_NSS" != "z1" ; then
+ XMLSEC_CRYPTO="nss"
+ else
+ AC_MSG_ERROR('$with_default_crypto' is specified as default crypto library but it is not configured or found)
+ fi
+ ;;
+ 'zgnutls')
+ if test "z$XMLSEC_NO_GNUTLS" != "z1" ; then
+ XMLSEC_CRYPTO="gnutls"
+ else
+ AC_MSG_ERROR('$with_default_crypto' is specified as default crypto library but it is not configured or found)
+ fi
+ ;;
+ 'zgcrypt')
+ if test "z$XMLSEC_NO_GCRYPT" != "z1" ; then
+ XMLSEC_CRYPTO="gcrypt"
+ else
+ AC_MSG_ERROR('$with_default_crypto' is specified as default crypto library but it is not configured or found)
+ fi
+ ;;
+ 'z')
+ dnl The first crypto library wins
+ if test "z$XMLSEC_NO_MSCRYPTO" != "z1" ; then
+ XMLSEC_CRYPTO="mscrypto"
+ elif test "z$XMLSEC_NO_OPENSSL" != "z1" ; then
+ XMLSEC_CRYPTO="openssl"
+ elif test "z$XMLSEC_NO_NSS" != "z1" ; then
+ XMLSEC_CRYPTO="nss"
+ elif test "z$XMLSEC_NO_GNUTLS" != "z1" ; then
+ XMLSEC_CRYPTO="gnutls"
+ elif test "z$XMLSEC_NO_GCRYPT" != "z1" ; then
+ XMLSEC_CRYPTO="gcrypt"
+ else
+ AC_MSG_ERROR(At least one crypto library should exist for $XMLSEC_PACKAGE)
+ fi
+ ;;
+ *)
+ AC_MSG_ERROR(The value '$with_default_crypto' is not a recongnized crypto library name)
+ ;;
+esac
+
+dnl Set the flags for default crypto lib
+case "$XMLSEC_CRYPTO" in
+ 'mscrypto')
+ XMLSEC_CRYPTO_LIB="$MSCRYPTO_CRYPTO_LIB"
+ XMLSEC_CRYPTO_CFLAGS="$MSCRYPTO_CFLAGS"
+ XMLSEC_CRYPTO_LIBS="$MSCRYPTO_LIBS"
+ ;;
+ 'openssl')
+ XMLSEC_CRYPTO_LIB="$OPENSSL_CRYPTO_LIB"
+ XMLSEC_CRYPTO_CFLAGS="$OPENSSL_CFLAGS"
+ XMLSEC_CRYPTO_LIBS="$OPENSSL_LIBS"
+ ;;
+ 'nss')
+ XMLSEC_CRYPTO_LIB="$NSS_CRYPTO_LIB"
+ XMLSEC_CRYPTO_CFLAGS="$NSS_CFLAGS"
+ XMLSEC_CRYPTO_LIBS="$NSS_LIBS"
+ ;;
+ 'gnutls')
+ XMLSEC_CRYPTO_LIB="$GNUTLS_CRYPTO_LIB"
+ XMLSEC_CRYPTO_CFLAGS="$GNUTLS_CFLAGS"
+ XMLSEC_CRYPTO_LIBS="$GNUTLS_LIBS"
+ ;;
+ 'gcrypt')
+ XMLSEC_CRYPTO_LIB="$GCRYPT_CRYPTO_LIB"
+ XMLSEC_CRYPTO_CFLAGS="$GCRYPT_CFLAGS"
+ XMLSEC_CRYPTO_LIBS="$GCRYPT_LIBS"
+ ;;
+ *)
+ AC_MSG_ERROR(The value \"$XMLSEC_CRYPTO\" is not a recongnized crypto library name)
+ ;;
+esac
+AC_MSG_RESULT(yes ('$XMLSEC_CRYPTO'))
+
+dnl ==========================================================================
+dnl See do we need MD5 suport
+dnl ==========================================================================
+AC_MSG_CHECKING(for MD5 support)
+AC_ARG_ENABLE(md5, [ --enable-md5 enable MD5 support (yes)])
+if test "z$enable_md5" = "zno" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_MD5=1"
+ XMLSEC_NO_MD5="1"
+ AC_MSG_RESULT(no)
+else
+ XMLSEC_NO_MD5="0"
+ AC_MSG_RESULT(yes)
+fi
+AM_CONDITIONAL(XMLSEC_NO_MD5, test "z$XMLSEC_NO_MD5" = "z1")
+AC_SUBST(XMLSEC_NO_MD5)
+
+dnl ==========================================================================
+dnl See do we need RIPEMD-160 suport
+dnl ==========================================================================
+AC_MSG_CHECKING(for RIPEMD-160 support)
+AC_ARG_ENABLE(ripemd160, [ --enable-ripemd160 enable RIPEMD-160 support (yes)])
+if test "z$enable_ripemd160" = "zno" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_RIPEMD160=1"
+ XMLSEC_NO_RIPEMD160="1"
+ AC_MSG_RESULT(no)
+else
+ XMLSEC_NO_RIPEMD160="0"
+ AC_MSG_RESULT(yes)
+fi
+AM_CONDITIONAL(XMLSEC_NO_RIPEMD160, test "z$XMLSEC_NO_RIPEMD160" = "z1")
+AC_SUBST(XMLSEC_NO_RIPEMD160)
+
+dnl ==========================================================================
+dnl See do we need SHA1 suport
+dnl ==========================================================================
+AC_MSG_CHECKING(for SHA1 support)
+AC_ARG_ENABLE(sha1, [ --enable-sha1 enable SHA1 support (yes)])
+if test "z$enable_sha1" = "zno" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_SHA1=1"
+ XMLSEC_NO_SHA1="1"
+ AC_MSG_RESULT(no)
+else
+ XMLSEC_NO_SHA1="0"
+ AC_MSG_RESULT(yes)
+fi
+AM_CONDITIONAL(XMLSEC_NO_SHA1, test "z$XMLSEC_NO_SHA1" = "z1")
+AC_SUBST(XMLSEC_NO_SHA1)
+
+dnl ==========================================================================
+dnl See do we need SHA224 suport
+dnl ==========================================================================
+AC_MSG_CHECKING(for SHA224 support)
+AC_ARG_ENABLE(sha224, [ --enable-sha224 enable SHA224 support (yes)])
+if test "z$enable_sha224" = "zno" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_SHA224=1"
+ XMLSEC_NO_SHA224="1"
+ AC_MSG_RESULT(no)
+else
+ XMLSEC_NO_SHA224="0"
+ AC_MSG_RESULT(yes)
+fi
+AM_CONDITIONAL(XMLSEC_NO_SHA224, test "z$XMLSEC_NO_SHA224" = "z1")
+AC_SUBST(XMLSEC_NO_SHA224)
+
+dnl ==========================================================================
+dnl See do we need SHA256 suport
+dnl ==========================================================================
+AC_MSG_CHECKING(for SHA256 support)
+AC_ARG_ENABLE(sha256, [ --enable-sha256 enable SHA256 support (yes)])
+if test "z$enable_sha256" = "zno" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_SHA256=1"
+ XMLSEC_NO_SHA256="1"
+ AC_MSG_RESULT(no)
+else
+ XMLSEC_NO_SHA256="0"
+ AC_MSG_RESULT(yes)
+fi
+AM_CONDITIONAL(XMLSEC_NO_SHA256, test "z$XMLSEC_NO_SHA256" = "z1")
+AC_SUBST(XMLSEC_NO_SHA256)
+
+dnl ==========================================================================
+dnl See do we need SHA384 suport
+dnl ==========================================================================
+AC_MSG_CHECKING(for SHA384 support)
+AC_ARG_ENABLE(sha384, [ --enable-sha384 enable SHA384 support (yes)])
+if test "z$enable_sha384" = "zno" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_SHA384=1"
+ XMLSEC_NO_SHA384="1"
+ AC_MSG_RESULT(no)
+else
+ XMLSEC_NO_SHA384="0"
+ AC_MSG_RESULT(yes)
+fi
+AM_CONDITIONAL(XMLSEC_NO_SHA384, test "z$XMLSEC_NO_SHA384" = "z1")
+AC_SUBST(XMLSEC_NO_SHA384)
+
+dnl ==========================================================================
+dnl See do we need SHA512 suport
+dnl ==========================================================================
+AC_MSG_CHECKING(for SHA512 support)
+AC_ARG_ENABLE(sha512, [ --enable-sha512 enable SHA512 support (yes)])
+if test "z$enable_sha512" = "zno" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_SHA512=1"
+ XMLSEC_NO_SHA512="1"
+ AC_MSG_RESULT(no)
+else
+ XMLSEC_NO_SHA512="0"
+ AC_MSG_RESULT(yes)
+fi
+AM_CONDITIONAL(XMLSEC_NO_SHA512, test "z$XMLSEC_NO_SHA512" = "z1")
+AC_SUBST(XMLSEC_NO_SHA512)
+
+
+dnl ==========================================================================
+dnl See do we need HMAC suport
+dnl ==========================================================================
+AC_MSG_CHECKING(for HMAC support)
+AC_ARG_ENABLE(hmac, [ --enable-hmac enable HMAC support (yes)])
+if test "z$enable_hmac" = "zno" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_HMAC=1"
+ XMLSEC_NO_HMAC="1"
+ AC_MSG_RESULT(no)
+else
+ XMLSEC_NO_HMAC="0"
+ AC_MSG_RESULT(yes)
+fi
+AM_CONDITIONAL(XMLSEC_NO_HMAC, test "z$XMLSEC_NO_HMAC" = "z1")
+AC_SUBST(XMLSEC_NO_HMAC)
+
+dnl ==========================================================================
+dnl See do we need DSA suport
+dnl ==========================================================================
+AC_MSG_CHECKING(for DSA support)
+AC_ARG_ENABLE(dsa, [ --enable-dsa enable DSA support (yes)])
+if test "z$enable_dsa" = "zno" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_DSA=1"
+ XMLSEC_NO_DSA="1"
+ AC_MSG_RESULT(no)
+else
+ XMLSEC_NO_DSA="0"
+ AC_MSG_RESULT(yes)
+fi
+AM_CONDITIONAL(XMLSEC_NO_DSA, test "z$XMLSEC_NO_DSA" = "z1")
+AC_SUBST(XMLSEC_NO_DSA)
+
+dnl ==========================================================================
+dnl See do we need RSA suport
+dnl ==========================================================================
+AC_MSG_CHECKING(for RSA support)
+AC_ARG_ENABLE(rsa, [ --enable-rsa enable RSA support (yes)])
+if test "z$enable_rsa" = "zno" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_RSA=1"
+ XMLSEC_NO_RSA="1"
+ AC_MSG_RESULT(no)
+else
+ XMLSEC_NO_RSA="0"
+ AC_MSG_RESULT(yes)
+fi
+AM_CONDITIONAL(XMLSEC_NO_RSA, test "z$XMLSEC_NO_RSA" = "z1")
+AC_SUBST(XMLSEC_NO_RSA)
+
+dnl ==========================================================================
+dnl See do we need x509 suport
+dnl ==========================================================================
+AC_MSG_CHECKING(for x509 support)
+AC_ARG_ENABLE(x509, [ --enable-x509 enable x509 support (yes)])
+if test "z$enable_x509" = "zno" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_X509=1"
+ XMLSEC_NO_X509="1"
+ AC_MSG_RESULT(no)
+else
+ XMLSEC_NO_X509="0"
+ AC_MSG_RESULT(yes)
+fi
+AM_CONDITIONAL(XMLSEC_NO_X509, test "z$XMLSEC_NO_X509" = "z1")
+AC_SUBST(XMLSEC_NO_X509)
+
+dnl ==========================================================================
+dnl See do we need DES suport
+dnl ==========================================================================
+AC_MSG_CHECKING(for DES support)
+AC_ARG_ENABLE(des, [ --enable-des enable DES support (yes)])
+if test "z$enable_des" = "zno" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_DES=1"
+ XMLSEC_NO_DES="1"
+ AC_MSG_RESULT(no)
+else
+ XMLSEC_NO_DES="0"
+ AC_MSG_RESULT(yes)
+fi
+AM_CONDITIONAL(XMLSEC_NO_DES, test "z$XMLSEC_NO_DES" = "z1")
+AC_SUBST(XMLSEC_NO_DES)
+
+dnl ==========================================================================
+dnl See do we need AES suport
+dnl ==========================================================================
+AC_MSG_CHECKING(for AES support)
+AC_ARG_ENABLE(aes, [ --enable-aes enable AES support (OpenSSL >= 0.9.7 is required)])
+if test "z$enable_aes" = "zno" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_AES=1"
+ XMLSEC_NO_AES="1"
+ AC_MSG_RESULT(no)
+else
+ XMLSEC_NO_AES="0"
+ AC_MSG_RESULT(yes)
+fi
+AM_CONDITIONAL(XMLSEC_NO_AES, test "z$XMLSEC_NO_AES" = "z1")
+AC_SUBST(XMLSEC_NO_AES)
+
+dnl ==========================================================================
+dnl See do we need GOST suport
+dnl ==========================================================================
+AC_MSG_CHECKING(for GOST support)
+AC_ARG_ENABLE(gost, [ --enable-gost enable GOST support (no)])
+if test "z$enable_gost" != "zyes" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_GOST=1"
+ XMLSEC_NO_GOST="1"
+ AC_MSG_RESULT(no)
+else
+ XMLSEC_NO_GOST="0"
+ AC_MSG_RESULT(yes)
+fi
+AM_CONDITIONAL(XMLSEC_NO_GOST, test "z$XMLSEC_NO_GOST" = "z1")
+AC_SUBST(XMLSEC_NO_GOST)
+
+dnl ==========================================================================
+dnl See do we need XMLDSig suport
+dnl ==========================================================================
+AC_MSG_CHECKING(for XMLDSig support)
+AC_ARG_ENABLE(xmldsig, [ --enable-xmldsig enable XMLDSig support (yes)])
+if test "z$enable_xmldsig" = "zno" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_XMLDSIG=1"
+ XMLSEC_NO_XMLDSIG="1"
+ AC_MSG_RESULT(no)
+else
+ XMLSEC_NO_XMLDSIG="0"
+ AC_MSG_RESULT(yes)
+fi
+AM_CONDITIONAL(XMLSEC_NO_XMLDSIG, test "z$XMLSEC_NO_XMLDSIG" = "z1")
+AC_SUBST(XMLSEC_NO_XMLDSIG)
+
+dnl ==========================================================================
+dnl See do we need XMLEnc suport
+dnl ==========================================================================
+AC_MSG_CHECKING(for XMLEnc support)
+AC_ARG_ENABLE(xmlenc, [ --enable-xmlenc enable XMLEnc support (yes)])
+if test "z$enable_xmlenc" = "zno" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_XMLENC=1"
+ XMLSEC_NO_XMLENC="1"
+ AC_MSG_RESULT(no)
+else
+ XMLSEC_NO_XMLENC="0"
+ AC_MSG_RESULT(yes)
+fi
+AM_CONDITIONAL(XMLSEC_NO_XMLENC, test "z$XMLSEC_NO_XMLENC" = "z1")
+AC_SUBST(XMLSEC_NO_XMLENC)
+
+dnl ==========================================================================
+dnl See do we need XKMS suport
+dnl ==========================================================================
+AC_MSG_CHECKING(for XMKMS support - under development, not stable yet)
+AC_ARG_ENABLE(xkms, [ --enable-xkms enable XKMS support - under development (no)])
+if test "z$enable_xkms" = "zyes" ; then
+ XMLSEC_NO_XKMS="0"
+ AC_MSG_RESULT(yes)
+else
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_XKMS=1"
+ XMLSEC_NO_XKMS="1"
+ AC_MSG_RESULT(no)
+fi
+AM_CONDITIONAL(XMLSEC_NO_XKMS, test "z$XMLSEC_NO_XKMS" = "z1")
+AC_SUBST(XMLSEC_NO_XKMS)
+
+dnl ==========================================================================
+dnl check if we need dynamic loading support
+dnl ==========================================================================
+XMLSEC_DL_INCLUDES=""
+XMLSEC_DL_LIBS=""
+AC_MSG_CHECKING(for xmlsec-crypto dynamic loading support)
+AC_ARG_ENABLE(crypto_dl, [ --enable-crypto-dl enable dynamic loading support for xmlsec-crypto libraries (yes)])
+if test "z$enable_crypto_dl" = "zno" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_CRYPTO_DYNAMIC_LOADING=1"
+ XMLSEC_NO_CRYPTO_DYNAMIC_LOADING="1"
+ AC_MSG_RESULT(no)
+else
+ AC_CHECK_HEADER([ltdl.h],
+ [
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_DL_LIBLTDL=1",
+ AC_CHECK_LIB(
+ [ltdl],
+ [lt_dlopenext],
+ [LIBLTDL=-lltdl],
+ [LIBLTDL=]
+ )],
+ [LIBLTDL=]
+ )
+
+ if test "z$LIBLTDL" != "z" ; then
+ XMLSEC_DL_INCLUDES="$INCLTDL"
+ XMLSEC_DL_LIBS="$LIBLTDL"
+ XMLSEC_NO_CRYPTO_DYNAMIC_LOADING="0"
+ AC_MSG_RESULT(yes)
+ else
+ AC_MSG_ERROR([libltdl is required for xmlsec-crypto dynamic loading])
+ fi
+fi
+AM_CONDITIONAL(XMLSEC_NO_CRYPTO_DYNAMIC_LOADING, test "z$XMLSEC_NO_CRYPTO_DYNAMIC_LOADING" = "z1")
+AC_SUBST(XMLSEC_NO_CRYPTO_DYNAMIC_LOADING)
+AC_SUBST(XMLSEC_DL_INCLUDES)
+AC_SUBST(XMLSEC_DL_LIBS)
+
+dnl ==========================================================================
+dnl check if we need dynamic loading in the xmlsec apps
+dnl ==========================================================================
+AC_MSG_CHECKING(for xmlsec-crypto dynamic loading support in command line tool)
+AC_ARG_ENABLE(apps_crypto_dl, [ --enable-apps-crypto-dl enable dynamic loading support for xmlsec-crypto libraries in xmlsec command line tool (yes)])
+if test "z$enable_apps_crypto_dl" = "z" ; then
+ enable_apps_crypto_dl="$enable_crypto_dl"
+fi
+if test "z$enable_apps_crypto_dl" = "zno" ; then
+ XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING="1"
+ AC_MSG_RESULT(no)
+elif test "z$enable_crypto_dl" = "zno" ; then
+ AC_MSG_RESULT(no)
+ AC_MSG_ERROR(xmlsec-crypto libraries dynamic loading support in xmlsec command line tool is requested but no dynamic loading in xmlsec itself is disabled)
+else
+ XMLSEC_APP_DEFINES="$XMLSEC_APP_DEFINES -DXMLSEC_CRYPTO_DYNAMIC_LOADING=1"
+ XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING="0"
+ AC_MSG_RESULT(yes)
+fi
+AM_CONDITIONAL(XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING,
+ test "z$XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING" = "z1")
+AC_SUBST(XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING)
+
+dnl ==========================================================================
+dnl Where do we want to install docs
+dnl ==========================================================================
+AC_MSG_CHECKING(for docs folder)
+AC_ARG_WITH(html-dir, [ --with-html-dir=PATH path to installed docs ])
+if test "z$with_html_dir" != "z" ; then
+ XMLSEC_DOCDIR=$with_html_dir
+else
+ XMLSEC_DOCDIR='$(datadir)/doc/xmlsec1'
+fi
+
+AC_MSG_RESULT($XMLSEC_DOCDIR)
+AC_SUBST(XMLSEC_DOCDIR)
+
+dnl ==========================================================================
+dnl See do we need Simple Keys Manager
+dnl ==========================================================================
+AC_MSG_CHECKING(for Simple Keys Manager testing)
+AC_ARG_ENABLE(skm, [ --enable-skm enable Simple Keys Manager testing (yes)])
+if test "z$enable_skm" = "zno" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_SKM_TEST=1"
+ AC_MSG_RESULT(no)
+else
+ AC_MSG_RESULT(yes)
+fi
+
+dnl ==========================================================================
+dnl See do we need templates tests
+dnl ==========================================================================
+AC_MSG_CHECKING(for templates testing)
+AC_ARG_ENABLE(tmpl_tests, [ --enable-tmpl-tests enable templates testing in xmlsec utility (yes)])
+if test "z$enable_tmpl_tests" = "zyes" ; then
+ XMLSEC_DEFINES="$XMLSEC_DEFINES -DXMLSEC_NO_TMPL_TEST=1"
+ AC_MSG_RESULT(no)
+else
+ AC_MSG_RESULT(yes)
+fi
+
+dnl ==========================================================================
+dnl Debug
+dnl ==========================================================================
+AC_MSG_CHECKING(for debuging)
+AC_ARG_ENABLE(debuging, [ --enable-debuging enable debuging compilation flags (no)])
+if test "z$enable_debuging" = "zyes" ; then
+ CFLAGS="$CFLAGS -g"
+ AC_MSG_RESULT(yes)
+else
+ AC_MSG_RESULT(no)
+fi
+
+dnl ==========================================================================
+dnl Profiling
+dnl ==========================================================================
+AC_MSG_CHECKING(for profiling)
+AC_ARG_ENABLE(profiling, [ --enable-profiling enable profiling compilation flags (no)])
+if test "z$enable_profiling" = "zyes" ; then
+ CFLAGS="$CFLAGS -pg"
+ AC_MSG_RESULT(yes)
+else
+ AC_MSG_RESULT(no)
+fi
+
+dnl ==========================================================================
+dnl Pedantic compilation
+dnl ==========================================================================
+AC_MSG_CHECKING(for pedantic)
+AC_ARG_ENABLE(pedantic, [ --enable-pedantic enable pedantic compilation flags (no)])
+if test "z$enable_pedantic" = "zyes" ; then
+ dnl CFLAGS="$CFLAGS -pedantic -Wall -ansi -W -Wunused -Wimplicit -Wreturn-type -Wswitch -Wcomment -Wtrigraphs -Wformat -Wchar-subscripts -Wuninitialized -Wparentheses -Wshadow -Wpointer-arith -Wcast-align -Wwrite-strings -Waggregate-return -Wstrict-prototypes -Wmissing-prototypes -Wnested-externs -Winline -Wredundant-decls"
+ CFLAGS="$CFLAGS -O -pedantic -Wall -ansi -fno-inline -W -Wunused -Wimplicit -Wreturn-type -Wswitch -Wcomment -Wtrigraphs -Wformat -Wchar-subscripts -Wuninitialized -Wparentheses -Wshadow -Wpointer-arith -Wcast-align -Wwrite-strings -Waggregate-return -Wmissing-prototypes -Wnested-externs -Winline -Wredundant-decls"
+ AC_MSG_RESULT(yes)
+else
+ AC_MSG_RESULT(no)
+fi
+
+dnl ==========================================================================
+dnl Static linking
+dnl ==========================================================================
+XMLSEC_STATIC_BINARIES=""
+AC_MSG_CHECKING(for static linking)
+AC_ARG_ENABLE(static_linking, [ --enable-static-linking enable static linking (no)])
+if test "z$enable_static_linking" = "zyes" ; then
+ XMLSEC_STATIC_BINARIES="-static"
+ AC_MSG_RESULT(yes)
+else
+ AC_MSG_RESULT(no)
+fi
+AC_SUBST(XMLSEC_STATIC_BINARIES)
+
+dnl ==========================================================================
+dnl Final steps: xmlsec config
+dnl ==========================================================================
+XMLSEC_CORE_CFLAGS="$XMLSEC_DEFINES -I${includedir}/xmlsec1 $XMLSEC_DL_INCLUDES"
+XMLSEC_CORE_LIBS="-lxmlsec1 $XMLSEC_DL_LIBS "
+AC_SUBST(XMLSEC_CORE_CFLAGS)
+AC_SUBST(XMLSEC_CORE_LIBS)
+
+dnl used in xmlsecConf.sh*
+XMLSEC_LIBDIR="${libdir}"
+AC_SUBST(XMLSEC_LIBDIR)
+
+XMLSEC_OPENSSL_CFLAGS="$XMLSEC_CORE_CFLAGS $OPENSSL_CFLAGS"
+XMLSEC_OPENSSL_LIBS="-L${libdir} -l$OPENSSL_CRYPTO_LIB $XMLSEC_CORE_LIBS $OPENSSL_LIBS"
+AC_SUBST(XMLSEC_OPENSSL_CFLAGS)
+AC_SUBST(XMLSEC_OPENSSL_LIBS)
+
+XMLSEC_GCRYPT_CFLAGS="$XMLSEC_CORE_CFLAGS $GCRYPT_CFLAGS"
+XMLSEC_GCRYPT_LIBS="-L${libdir} -l$GCRYPT_CRYPTO_LIB $XMLSEC_CORE_LIBS $GCRYPT_LIBS"
+AC_SUBST(XMLSEC_GCRYPT_CFLAGS)
+AC_SUBST(XMLSEC_GCRYPT_LIBS)
+
+# xmlsec-gnutls is using xmlsec-gcrypt
+XMLSEC_GNUTLS_CFLAGS="$XMLSEC_CORE_CFLAGS $GNUTLS_CFLAGS"
+XMLSEC_GNUTLS_LIBS="-L${libdir} -l$GNUTLS_CRYPTO_LIB -l$GCRYPT_CRYPTO_LIB $XMLSEC_CORE_LIBS $GNUTLS_LIBS"
+AC_SUBST(XMLSEC_GNUTLS_CFLAGS)
+AC_SUBST(XMLSEC_GNUTLS_LIBS)
+
+XMLSEC_NSS_CFLAGS="$XMLSEC_CORE_CFLAGS $NSS_CFLAGS"
+XMLSEC_NSS_LIBS="-L${libdir} -l$NSS_CRYPTO_LIB $XMLSEC_CORE_LIBS $NSS_LIBS"
+AC_SUBST(XMLSEC_NSS_CFLAGS)
+AC_SUBST(XMLSEC_NSS_LIBS)
+
+dnl No we will not generate pkg-config file for mscrypto !
+dnl XMLSEC_MSCRYPTO_CFLAGS="$XMLSEC_CORE_CFLAGS $MSCRYPTO_CFLAGS"
+dnl XMLSEC_MSCRYPTO_LIBS="-L${libdir} -l$MSCRYPTO_CRYPTO_LIB $XMLSEC_CORE_LIBS $MSCRYPTO_LIBS";;
+dnl AC_SUBST(XMLSEC_MSCRYPTO_CFLAGS)
+dnl AC_SUBST(XMLSEC_MSCRYPTO_LIBS)
+
+XMLSEC_CFLAGS="$XMLSEC_CORE_CFLAGS $LIBXML_CFLAGS $LIBXSLT_CFLAGS $XMLSEC_CRYPTO_CFLAGS"
+XMLSEC_LIBS="-L${libdir} -l$XMLSEC_CRYPTO_LIB $XMLSEC_CORE_LIBS $LIBXML_LIBS $LIBXSLT_LIBS $XMLSEC_CRYPTO_LIBS"
+AC_SUBST(XMLSEC_CFLAGS)
+AC_SUBST(XMLSEC_LIBS)
+
+AC_SUBST(XMLSEC_DEFINES)
+AC_SUBST(XMLSEC_APP_DEFINES)
+AC_SUBST(CFLAGS)
+AC_SUBST(CPPFLAGS)
+AC_SUBST(LDFLAGS)
+AC_SUBST(XMLSEC_EXTRA_LDFLAGS)
+AC_SUBST(XMLSEC_CRYPTO_EXTRA_LDFLAGS)
+
+AC_SUBST(XMLSEC_CRYPTO)
+AC_SUBST(XMLSEC_CRYPTO_LIST)
+AC_SUBST(XMLSEC_CRYPTO_DISABLED_LIST)
+AC_SUBST(XMLSEC_CRYPTO_LIB)
+AC_SUBST(XMLSEC_CRYPTO_CFLAGS)
+AC_SUBST(XMLSEC_CRYPTO_LIBS)
+
+XMLSEC_CRYPTO_PC_FILES_LIST=""
+for i in $XMLSEC_CRYPTO_LIST ; do
+ dnl skip pkg-config file for mscrypto
+ test x$i = xmscrypto && continue
+ XMLSEC_CRYPTO_PC_FILES_LIST="$XMLSEC_CRYPTO_PC_FILES_LIST $XMLSEC_PACKAGE-$i.pc"
+done
+AC_SUBST(XMLSEC_CRYPTO_PC_FILES_LIST)
+
+dnl ==========================================================================
+dnl Writing result files
+dnl ==========================================================================
+if test "z$XMLSEC_NO_OPENSSL" != "z1" ; then
+AC_CONFIG_FILES([include/xmlsec/openssl/Makefile src/openssl/Makefile])
+fi
+
+if test "z$XMLSEC_NO_GNUTLS" != "z1" ; then
+AC_CONFIG_FILES([include/xmlsec/gnutls/Makefile src/gnutls/Makefile])
+fi
+
+if test "z$XMLSEC_NO_GCRYPT" != "z1" ; then
+AC_CONFIG_FILES([include/xmlsec/gcrypt/Makefile src/gcrypt/Makefile])
+fi
+
+if test "z$XMLSEC_NO_NSS" != "z1" ; then
+AC_CONFIG_FILES([include/xmlsec/nss/Makefile src/nss/Makefile])
+fi
+
+if test "z$XMLSEC_NO_MSCRYPTO" != "z1" ; then
+AC_CONFIG_FILES([include/xmlsec/mscrypto/Makefile src/mscrypto/Makefile])
+fi
+
+if test "z$XMLSEC_NO_CRYPTO_DYNAMIC_LOADING" = "z1" ; then
+(rm -f xmlsec1.pc && $LN_S xmlsec1-$XMLSEC_CRYPTO.pc xmlsec1.pc)
+else
+AC_CONFIG_FILES([xmlsec1.pc:xmlsec.pc.in])
+fi
+
+AC_CONFIG_FILES([
+include/xmlsec/version.h
+Makefile
+include/Makefile
+include/xmlsec/Makefile
+include/xmlsec/private/Makefile
+src/Makefile
+apps/Makefile
+docs/Makefile
+docs/api/Makefile
+man/Makefile
+
+xmlsec1Conf.sh:xmlsecConf.sh.in
+xmlsec1-config:xmlsec-config.in
+xmlsec1-openssl.pc:xmlsec-openssl.pc.in
+xmlsec1-gnutls.pc:xmlsec-gnutls.pc.in
+xmlsec1-gcrypt.pc:xmlsec-gcrypt.pc.in
+xmlsec1-nss.pc:xmlsec-nss.pc.in
+xmlsec1.spec:xmlsec.spec.in
+])
+AC_OUTPUT
+
+
+dnl COPYING should be in "srcdir" not in "builddir"
+(cd $srcdir && rm -f COPYING.LIB COPYING && $LN_S Copyright COPYING)
diff --git a/depcomp b/depcomp
new file mode 100755
index 00000000..df8eea7e
--- /dev/null
+++ b/depcomp
@@ -0,0 +1,630 @@
+#! /bin/sh
+# depcomp - compile a program generating dependencies as side-effects
+
+scriptversion=2009-04-28.21; # UTC
+
+# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006, 2007, 2009 Free
+# Software Foundation, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# Originally written by Alexandre Oliva <oliva@dcc.unicamp.br>.
+
+case $1 in
+ '')
+ echo "$0: No command. Try \`$0 --help' for more information." 1>&2
+ exit 1;
+ ;;
+ -h | --h*)
+ cat <<\EOF
+Usage: depcomp [--help] [--version] PROGRAM [ARGS]
+
+Run PROGRAMS ARGS to compile a file, generating dependencies
+as side-effects.
+
+Environment variables:
+ depmode Dependency tracking mode.
+ source Source file read by `PROGRAMS ARGS'.
+ object Object file output by `PROGRAMS ARGS'.
+ DEPDIR directory where to store dependencies.
+ depfile Dependency file to output.
+ tmpdepfile Temporary file to use when outputing dependencies.
+ libtool Whether libtool is used (yes/no).
+
+Report bugs to <bug-automake@gnu.org>.
+EOF
+ exit $?
+ ;;
+ -v | --v*)
+ echo "depcomp $scriptversion"
+ exit $?
+ ;;
+esac
+
+if test -z "$depmode" || test -z "$source" || test -z "$object"; then
+ echo "depcomp: Variables source, object and depmode must be set" 1>&2
+ exit 1
+fi
+
+# Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po.
+depfile=${depfile-`echo "$object" |
+ sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`}
+tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`}
+
+rm -f "$tmpdepfile"
+
+# Some modes work just like other modes, but use different flags. We
+# parameterize here, but still list the modes in the big case below,
+# to make depend.m4 easier to write. Note that we *cannot* use a case
+# here, because this file can only contain one case statement.
+if test "$depmode" = hp; then
+ # HP compiler uses -M and no extra arg.
+ gccflag=-M
+ depmode=gcc
+fi
+
+if test "$depmode" = dashXmstdout; then
+ # This is just like dashmstdout with a different argument.
+ dashmflag=-xM
+ depmode=dashmstdout
+fi
+
+cygpath_u="cygpath -u -f -"
+if test "$depmode" = msvcmsys; then
+ # This is just like msvisualcpp but w/o cygpath translation.
+ # Just convert the backslash-escaped backslashes to single forward
+ # slashes to satisfy depend.m4
+ cygpath_u="sed s,\\\\\\\\,/,g"
+ depmode=msvisualcpp
+fi
+
+case "$depmode" in
+gcc3)
+## gcc 3 implements dependency tracking that does exactly what
+## we want. Yay! Note: for some reason libtool 1.4 doesn't like
+## it if -MD -MP comes after the -MF stuff. Hmm.
+## Unfortunately, FreeBSD c89 acceptance of flags depends upon
+## the command line argument order; so add the flags where they
+## appear in depend2.am. Note that the slowdown incurred here
+## affects only configure: in makefiles, %FASTDEP% shortcuts this.
+ for arg
+ do
+ case $arg in
+ -c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;;
+ *) set fnord "$@" "$arg" ;;
+ esac
+ shift # fnord
+ shift # $arg
+ done
+ "$@"
+ stat=$?
+ if test $stat -eq 0; then :
+ else
+ rm -f "$tmpdepfile"
+ exit $stat
+ fi
+ mv "$tmpdepfile" "$depfile"
+ ;;
+
+gcc)
+## There are various ways to get dependency output from gcc. Here's
+## why we pick this rather obscure method:
+## - Don't want to use -MD because we'd like the dependencies to end
+## up in a subdir. Having to rename by hand is ugly.
+## (We might end up doing this anyway to support other compilers.)
+## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like
+## -MM, not -M (despite what the docs say).
+## - Using -M directly means running the compiler twice (even worse
+## than renaming).
+ if test -z "$gccflag"; then
+ gccflag=-MD,
+ fi
+ "$@" -Wp,"$gccflag$tmpdepfile"
+ stat=$?
+ if test $stat -eq 0; then :
+ else
+ rm -f "$tmpdepfile"
+ exit $stat
+ fi
+ rm -f "$depfile"
+ echo "$object : \\" > "$depfile"
+ alpha=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+## The second -e expression handles DOS-style file names with drive letters.
+ sed -e 's/^[^:]*: / /' \
+ -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile"
+## This next piece of magic avoids the `deleted header file' problem.
+## The problem is that when a header file which appears in a .P file
+## is deleted, the dependency causes make to die (because there is
+## typically no way to rebuild the header). We avoid this by adding
+## dummy dependencies for each header file. Too bad gcc doesn't do
+## this for us directly.
+ tr ' ' '
+' < "$tmpdepfile" |
+## Some versions of gcc put a space before the `:'. On the theory
+## that the space means something, we add a space to the output as
+## well.
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly. Breaking it into two sed invocations is a workaround.
+ sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+ rm -f "$tmpdepfile"
+ ;;
+
+hp)
+ # This case exists only to let depend.m4 do its work. It works by
+ # looking at the text of this script. This case will never be run,
+ # since it is checked for above.
+ exit 1
+ ;;
+
+sgi)
+ if test "$libtool" = yes; then
+ "$@" "-Wp,-MDupdate,$tmpdepfile"
+ else
+ "$@" -MDupdate "$tmpdepfile"
+ fi
+ stat=$?
+ if test $stat -eq 0; then :
+ else
+ rm -f "$tmpdepfile"
+ exit $stat
+ fi
+ rm -f "$depfile"
+
+ if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files
+ echo "$object : \\" > "$depfile"
+
+ # Clip off the initial element (the dependent). Don't try to be
+ # clever and replace this with sed code, as IRIX sed won't handle
+ # lines with more than a fixed number of characters (4096 in
+ # IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines;
+ # the IRIX cc adds comments like `#:fec' to the end of the
+ # dependency line.
+ tr ' ' '
+' < "$tmpdepfile" \
+ | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \
+ tr '
+' ' ' >> "$depfile"
+ echo >> "$depfile"
+
+ # The second pass generates a dummy entry for each header file.
+ tr ' ' '
+' < "$tmpdepfile" \
+ | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \
+ >> "$depfile"
+ else
+ # The sourcefile does not contain any dependencies, so just
+ # store a dummy comment line, to avoid errors with the Makefile
+ # "include basename.Plo" scheme.
+ echo "#dummy" > "$depfile"
+ fi
+ rm -f "$tmpdepfile"
+ ;;
+
+aix)
+ # The C for AIX Compiler uses -M and outputs the dependencies
+ # in a .u file. In older versions, this file always lives in the
+ # current directory. Also, the AIX compiler puts `$object:' at the
+ # start of each line; $object doesn't have directory information.
+ # Version 6 uses the directory in both cases.
+ dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+ test "x$dir" = "x$object" && dir=
+ base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+ if test "$libtool" = yes; then
+ tmpdepfile1=$dir$base.u
+ tmpdepfile2=$base.u
+ tmpdepfile3=$dir.libs/$base.u
+ "$@" -Wc,-M
+ else
+ tmpdepfile1=$dir$base.u
+ tmpdepfile2=$dir$base.u
+ tmpdepfile3=$dir$base.u
+ "$@" -M
+ fi
+ stat=$?
+
+ if test $stat -eq 0; then :
+ else
+ rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
+ exit $stat
+ fi
+
+ for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
+ do
+ test -f "$tmpdepfile" && break
+ done
+ if test -f "$tmpdepfile"; then
+ # Each line is of the form `foo.o: dependent.h'.
+ # Do two passes, one to just change these to
+ # `$object: dependent.h' and one to simply `dependent.h:'.
+ sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
+ # That's a tab and a space in the [].
+ sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
+ else
+ # The sourcefile does not contain any dependencies, so just
+ # store a dummy comment line, to avoid errors with the Makefile
+ # "include basename.Plo" scheme.
+ echo "#dummy" > "$depfile"
+ fi
+ rm -f "$tmpdepfile"
+ ;;
+
+icc)
+ # Intel's C compiler understands `-MD -MF file'. However on
+ # icc -MD -MF foo.d -c -o sub/foo.o sub/foo.c
+ # ICC 7.0 will fill foo.d with something like
+ # foo.o: sub/foo.c
+ # foo.o: sub/foo.h
+ # which is wrong. We want:
+ # sub/foo.o: sub/foo.c
+ # sub/foo.o: sub/foo.h
+ # sub/foo.c:
+ # sub/foo.h:
+ # ICC 7.1 will output
+ # foo.o: sub/foo.c sub/foo.h
+ # and will wrap long lines using \ :
+ # foo.o: sub/foo.c ... \
+ # sub/foo.h ... \
+ # ...
+
+ "$@" -MD -MF "$tmpdepfile"
+ stat=$?
+ if test $stat -eq 0; then :
+ else
+ rm -f "$tmpdepfile"
+ exit $stat
+ fi
+ rm -f "$depfile"
+ # Each line is of the form `foo.o: dependent.h',
+ # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'.
+ # Do two passes, one to just change these to
+ # `$object: dependent.h' and one to simply `dependent.h:'.
+ sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile"
+ # Some versions of the HPUX 10.20 sed can't process this invocation
+ # correctly. Breaking it into two sed invocations is a workaround.
+ sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" |
+ sed -e 's/$/ :/' >> "$depfile"
+ rm -f "$tmpdepfile"
+ ;;
+
+hp2)
+ # The "hp" stanza above does not work with aCC (C++) and HP's ia64
+ # compilers, which have integrated preprocessors. The correct option
+ # to use with these is +Maked; it writes dependencies to a file named
+ # 'foo.d', which lands next to the object file, wherever that
+ # happens to be.
+ # Much of this is similar to the tru64 case; see comments there.
+ dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+ test "x$dir" = "x$object" && dir=
+ base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+ if test "$libtool" = yes; then
+ tmpdepfile1=$dir$base.d
+ tmpdepfile2=$dir.libs/$base.d
+ "$@" -Wc,+Maked
+ else
+ tmpdepfile1=$dir$base.d
+ tmpdepfile2=$dir$base.d
+ "$@" +Maked
+ fi
+ stat=$?
+ if test $stat -eq 0; then :
+ else
+ rm -f "$tmpdepfile1" "$tmpdepfile2"
+ exit $stat
+ fi
+
+ for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2"
+ do
+ test -f "$tmpdepfile" && break
+ done
+ if test -f "$tmpdepfile"; then
+ sed -e "s,^.*\.[a-z]*:,$object:," "$tmpdepfile" > "$depfile"
+ # Add `dependent.h:' lines.
+ sed -ne '2,${
+ s/^ *//
+ s/ \\*$//
+ s/$/:/
+ p
+ }' "$tmpdepfile" >> "$depfile"
+ else
+ echo "#dummy" > "$depfile"
+ fi
+ rm -f "$tmpdepfile" "$tmpdepfile2"
+ ;;
+
+tru64)
+ # The Tru64 compiler uses -MD to generate dependencies as a side
+ # effect. `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'.
+ # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put
+ # dependencies in `foo.d' instead, so we check for that too.
+ # Subdirectories are respected.
+ dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+ test "x$dir" = "x$object" && dir=
+ base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+
+ if test "$libtool" = yes; then
+ # With Tru64 cc, shared objects can also be used to make a
+ # static library. This mechanism is used in libtool 1.4 series to
+ # handle both shared and static libraries in a single compilation.
+ # With libtool 1.4, dependencies were output in $dir.libs/$base.lo.d.
+ #
+ # With libtool 1.5 this exception was removed, and libtool now
+ # generates 2 separate objects for the 2 libraries. These two
+ # compilations output dependencies in $dir.libs/$base.o.d and
+ # in $dir$base.o.d. We have to check for both files, because
+ # one of the two compilations can be disabled. We should prefer
+ # $dir$base.o.d over $dir.libs/$base.o.d because the latter is
+ # automatically cleaned when .libs/ is deleted, while ignoring
+ # the former would cause a distcleancheck panic.
+ tmpdepfile1=$dir.libs/$base.lo.d # libtool 1.4
+ tmpdepfile2=$dir$base.o.d # libtool 1.5
+ tmpdepfile3=$dir.libs/$base.o.d # libtool 1.5
+ tmpdepfile4=$dir.libs/$base.d # Compaq CCC V6.2-504
+ "$@" -Wc,-MD
+ else
+ tmpdepfile1=$dir$base.o.d
+ tmpdepfile2=$dir$base.d
+ tmpdepfile3=$dir$base.d
+ tmpdepfile4=$dir$base.d
+ "$@" -MD
+ fi
+
+ stat=$?
+ if test $stat -eq 0; then :
+ else
+ rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4"
+ exit $stat
+ fi
+
+ for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4"
+ do
+ test -f "$tmpdepfile" && break
+ done
+ if test -f "$tmpdepfile"; then
+ sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
+ # That's a tab and a space in the [].
+ sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
+ else
+ echo "#dummy" > "$depfile"
+ fi
+ rm -f "$tmpdepfile"
+ ;;
+
+#nosideeffect)
+ # This comment above is used by automake to tell side-effect
+ # dependency tracking mechanisms from slower ones.
+
+dashmstdout)
+ # Important note: in order to support this mode, a compiler *must*
+ # always write the preprocessed file to stdout, regardless of -o.
+ "$@" || exit $?
+
+ # Remove the call to Libtool.
+ if test "$libtool" = yes; then
+ while test "X$1" != 'X--mode=compile'; do
+ shift
+ done
+ shift
+ fi
+
+ # Remove `-o $object'.
+ IFS=" "
+ for arg
+ do
+ case $arg in
+ -o)
+ shift
+ ;;
+ $object)
+ shift
+ ;;
+ *)
+ set fnord "$@" "$arg"
+ shift # fnord
+ shift # $arg
+ ;;
+ esac
+ done
+
+ test -z "$dashmflag" && dashmflag=-M
+ # Require at least two characters before searching for `:'
+ # in the target name. This is to cope with DOS-style filenames:
+ # a dependency such as `c:/foo/bar' could be seen as target `c' otherwise.
+ "$@" $dashmflag |
+ sed 's:^[ ]*[^: ][^:][^:]*\:[ ]*:'"$object"'\: :' > "$tmpdepfile"
+ rm -f "$depfile"
+ cat < "$tmpdepfile" > "$depfile"
+ tr ' ' '
+' < "$tmpdepfile" | \
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly. Breaking it into two sed invocations is a workaround.
+ sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+ rm -f "$tmpdepfile"
+ ;;
+
+dashXmstdout)
+ # This case only exists to satisfy depend.m4. It is never actually
+ # run, as this mode is specially recognized in the preamble.
+ exit 1
+ ;;
+
+makedepend)
+ "$@" || exit $?
+ # Remove any Libtool call
+ if test "$libtool" = yes; then
+ while test "X$1" != 'X--mode=compile'; do
+ shift
+ done
+ shift
+ fi
+ # X makedepend
+ shift
+ cleared=no eat=no
+ for arg
+ do
+ case $cleared in
+ no)
+ set ""; shift
+ cleared=yes ;;
+ esac
+ if test $eat = yes; then
+ eat=no
+ continue
+ fi
+ case "$arg" in
+ -D*|-I*)
+ set fnord "$@" "$arg"; shift ;;
+ # Strip any option that makedepend may not understand. Remove
+ # the object too, otherwise makedepend will parse it as a source file.
+ -arch)
+ eat=yes ;;
+ -*|$object)
+ ;;
+ *)
+ set fnord "$@" "$arg"; shift ;;
+ esac
+ done
+ obj_suffix=`echo "$object" | sed 's/^.*\././'`
+ touch "$tmpdepfile"
+ ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@"
+ rm -f "$depfile"
+ cat < "$tmpdepfile" > "$depfile"
+ sed '1,2d' "$tmpdepfile" | tr ' ' '
+' | \
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly. Breaking it into two sed invocations is a workaround.
+ sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+ rm -f "$tmpdepfile" "$tmpdepfile".bak
+ ;;
+
+cpp)
+ # Important note: in order to support this mode, a compiler *must*
+ # always write the preprocessed file to stdout.
+ "$@" || exit $?
+
+ # Remove the call to Libtool.
+ if test "$libtool" = yes; then
+ while test "X$1" != 'X--mode=compile'; do
+ shift
+ done
+ shift
+ fi
+
+ # Remove `-o $object'.
+ IFS=" "
+ for arg
+ do
+ case $arg in
+ -o)
+ shift
+ ;;
+ $object)
+ shift
+ ;;
+ *)
+ set fnord "$@" "$arg"
+ shift # fnord
+ shift # $arg
+ ;;
+ esac
+ done
+
+ "$@" -E |
+ sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
+ -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' |
+ sed '$ s: \\$::' > "$tmpdepfile"
+ rm -f "$depfile"
+ echo "$object : \\" > "$depfile"
+ cat < "$tmpdepfile" >> "$depfile"
+ sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile"
+ rm -f "$tmpdepfile"
+ ;;
+
+msvisualcpp)
+ # Important note: in order to support this mode, a compiler *must*
+ # always write the preprocessed file to stdout.
+ "$@" || exit $?
+
+ # Remove the call to Libtool.
+ if test "$libtool" = yes; then
+ while test "X$1" != 'X--mode=compile'; do
+ shift
+ done
+ shift
+ fi
+
+ IFS=" "
+ for arg
+ do
+ case "$arg" in
+ -o)
+ shift
+ ;;
+ $object)
+ shift
+ ;;
+ "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI")
+ set fnord "$@"
+ shift
+ shift
+ ;;
+ *)
+ set fnord "$@" "$arg"
+ shift
+ shift
+ ;;
+ esac
+ done
+ "$@" -E 2>/dev/null |
+ sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile"
+ rm -f "$depfile"
+ echo "$object : \\" > "$depfile"
+ sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s:: \1 \\:p' >> "$depfile"
+ echo " " >> "$depfile"
+ sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile"
+ rm -f "$tmpdepfile"
+ ;;
+
+msvcmsys)
+ # This case exists only to let depend.m4 do its work. It works by
+ # looking at the text of this script. This case will never be run,
+ # since it is checked for above.
+ exit 1
+ ;;
+
+none)
+ exec "$@"
+ ;;
+
+*)
+ echo "Unknown depmode $depmode" 1>&2
+ exit 1
+ ;;
+esac
+
+exit 0
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
diff --git a/docs/Makefile.am b/docs/Makefile.am
new file mode 100644
index 00000000..e1957bb8
--- /dev/null
+++ b/docs/Makefile.am
@@ -0,0 +1,65 @@
+NULL =
+
+SUBDIRS=api
+
+TARGET_DIR=@XMLSEC_DOCDIR@
+
+EXTRA_DIST=\
+ images \
+ xmlsec.xsl \
+ $(NULL)
+
+# just do nothing
+all:
+
+docs: api-docs-create docs-format
+
+api-docs-create:
+ @(cd api; \
+ $(MAKE) docs; \
+ echo "Cleaning up result files"; \
+ perl ../../scripts/remove-gtkdoclink.pl `find . -name "*.html" -print` \
+ )
+
+api-docs-clean:
+ @(cd api; $(MAKE) clean)
+
+docs-format:
+ @(echo "Formatting html documents"; \
+ for i in `find . -name "*.html" -print`; \
+ do \
+ top_folder=`echo $$i | sed 's#/[^/]*$$#/#' | sed 's#\./##' | \
+ sed 's#[^/]*/#../#g'`; \
+ echo "Processing $$i ($$top_folder)"; \
+ xsltproc --html --stringparam topfolder "$$top_folder" \
+ --output $$i.tmp ./xmlsec.xsl $$i; \
+ if [ $$? != 0 ]; \
+ then \
+ echo "ERROR: processing file $$i"; \
+ exit 1; \
+ fi; \
+ mv $$i.tmp $$i; \
+ done)
+ @(echo "Cleaning html documents"; \
+ for i in `find . -name "*.html" -print`; \
+ do \
+ echo Cleaning $$i ; \
+ sed 's/\xA0/ /g' $$i > $$i.tmp ; \
+ mv $$i.tmp $$i ; \
+ done)
+
+dist-hook:
+ @$(CP) -p $(srcdir)/*.html $(distdir)
+
+install-data-local:
+ $(mkinstalldirs) $(DESTDIR)$(TARGET_DIR)
+ $(mkinstalldirs) $(DESTDIR)$(TARGET_DIR)/images
+ $(mkinstalldirs) $(DESTDIR)$(TARGET_DIR)/api
+ $(mkinstalldirs) $(DESTDIR)$(TARGET_DIR)/api/images
+ -@INSTALL@ -m 0644 $(srcdir)/*.html $(DESTDIR)$(TARGET_DIR)
+ -@INSTALL@ -m 0644 $(srcdir)/images/*.gif $(srcdir)/images/*.png $(DESTDIR)$(TARGET_DIR)/images
+ -@INSTALL@ -m 0644 $(srcdir)/api/*.html $(srcdir)/api/*.png $(srcdir)/api/*.sgml $(DESTDIR)$(TARGET_DIR)/api
+ -@INSTALL@ -m 0644 $(srcdir)/api/images/*.png $(DESTDIR)$(TARGET_DIR)/api/images
+
+uninstall-local:
+ @rm -rf $(DESTDIR)$(TARGET_DIR)
diff --git a/docs/Makefile.in b/docs/Makefile.in
new file mode 100644
index 00000000..1edd1f85
--- /dev/null
+++ b/docs/Makefile.in
@@ -0,0 +1,721 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = docs
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+ html-recursive info-recursive install-data-recursive \
+ install-dvi-recursive install-exec-recursive \
+ install-html-recursive install-info-recursive \
+ install-pdf-recursive install-ps-recursive install-recursive \
+ installcheck-recursive installdirs-recursive pdf-recursive \
+ ps-recursive uninstall-recursive
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
+ distclean-recursive maintainer-clean-recursive
+AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
+ $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \
+ distdir
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = $(SUBDIRS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+am__relativize = \
+ dir0=`pwd`; \
+ sed_first='s,^\([^/]*\)/.*$$,\1,'; \
+ sed_rest='s,^[^/]*/*,,'; \
+ sed_last='s,^.*/\([^/]*\)$$,\1,'; \
+ sed_butlast='s,/*[^/]*$$,,'; \
+ while test -n "$$dir1"; do \
+ first=`echo "$$dir1" | sed -e "$$sed_first"`; \
+ if test "$$first" != "."; then \
+ if test "$$first" = ".."; then \
+ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
+ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
+ else \
+ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
+ if test "$$first2" = "$$first"; then \
+ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
+ else \
+ dir2="../$$dir2"; \
+ fi; \
+ dir0="$$dir0"/"$$first"; \
+ fi; \
+ fi; \
+ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
+ done; \
+ reldir="$$dir2"
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CP = @CP@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GCRYPT_CFLAGS = @GCRYPT_CFLAGS@
+GCRYPT_CRYPTO_LIB = @GCRYPT_CRYPTO_LIB@
+GCRYPT_LIBS = @GCRYPT_LIBS@
+GCRYPT_MIN_VERSION = @GCRYPT_MIN_VERSION@
+GNUTLS_CFLAGS = @GNUTLS_CFLAGS@
+GNUTLS_CRYPTO_LIB = @GNUTLS_CRYPTO_LIB@
+GNUTLS_LIBS = @GNUTLS_LIBS@
+GNUTLS_MIN_VERSION = @GNUTLS_MIN_VERSION@
+GREP = @GREP@
+HELP2MAN = @HELP2MAN@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIBXML_CFLAGS = @LIBXML_CFLAGS@
+LIBXML_CONFIG = @LIBXML_CONFIG@
+LIBXML_LIBS = @LIBXML_LIBS@
+LIBXML_MIN_VERSION = @LIBXML_MIN_VERSION@
+LIBXSLT_CFLAGS = @LIBXSLT_CFLAGS@
+LIBXSLT_CONFIG = @LIBXSLT_CONFIG@
+LIBXSLT_LIBS = @LIBXSLT_LIBS@
+LIBXSLT_MIN_VERSION = @LIBXSLT_MIN_VERSION@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MAN2HTML = @MAN2HTML@
+MKDIR_P = @MKDIR_P@
+MOZILLA_MIN_VERSION = @MOZILLA_MIN_VERSION@
+MSCRYPTO_CFLAGS = @MSCRYPTO_CFLAGS@
+MSCRYPTO_CRYPTO_LIB = @MSCRYPTO_CRYPTO_LIB@
+MSCRYPTO_LIBS = @MSCRYPTO_LIBS@
+MV = @MV@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NSPR_MIN_VERSION = @NSPR_MIN_VERSION@
+NSPR_PACKAGE = @NSPR_PACKAGE@
+NSS_CFLAGS = @NSS_CFLAGS@
+NSS_CRYPTO_LIB = @NSS_CRYPTO_LIB@
+NSS_LIBS = @NSS_LIBS@
+NSS_MIN_VERSION = @NSS_MIN_VERSION@
+NSS_PACKAGE = @NSS_PACKAGE@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_CFLAGS = @OPENSSL_CFLAGS@
+OPENSSL_CRYPTO_LIB = @OPENSSL_CRYPTO_LIB@
+OPENSSL_LIBS = @OPENSSL_LIBS@
+OPENSSL_MIN_VERSION = @OPENSSL_MIN_VERSION@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKGCONFIG_PRESENT = @PKGCONFIG_PRESENT@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+RANLIB = @RANLIB@
+RM = @RM@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+TAR = @TAR@
+U = @U@
+VERSION = @VERSION@
+XMLSEC_APP_DEFINES = @XMLSEC_APP_DEFINES@
+XMLSEC_CFLAGS = @XMLSEC_CFLAGS@
+XMLSEC_CORE_CFLAGS = @XMLSEC_CORE_CFLAGS@
+XMLSEC_CORE_LIBS = @XMLSEC_CORE_LIBS@
+XMLSEC_CRYPTO = @XMLSEC_CRYPTO@
+XMLSEC_CRYPTO_CFLAGS = @XMLSEC_CRYPTO_CFLAGS@
+XMLSEC_CRYPTO_DISABLED_LIST = @XMLSEC_CRYPTO_DISABLED_LIST@
+XMLSEC_CRYPTO_EXTRA_LDFLAGS = @XMLSEC_CRYPTO_EXTRA_LDFLAGS@
+XMLSEC_CRYPTO_LIB = @XMLSEC_CRYPTO_LIB@
+XMLSEC_CRYPTO_LIBS = @XMLSEC_CRYPTO_LIBS@
+XMLSEC_CRYPTO_LIST = @XMLSEC_CRYPTO_LIST@
+XMLSEC_CRYPTO_PC_FILES_LIST = @XMLSEC_CRYPTO_PC_FILES_LIST@
+XMLSEC_DEFINES = @XMLSEC_DEFINES@
+XMLSEC_DL_INCLUDES = @XMLSEC_DL_INCLUDES@
+XMLSEC_DL_LIBS = @XMLSEC_DL_LIBS@
+XMLSEC_DOCDIR = @XMLSEC_DOCDIR@
+XMLSEC_EXTRA_LDFLAGS = @XMLSEC_EXTRA_LDFLAGS@
+XMLSEC_GCRYPT_CFLAGS = @XMLSEC_GCRYPT_CFLAGS@
+XMLSEC_GCRYPT_LIBS = @XMLSEC_GCRYPT_LIBS@
+XMLSEC_GNUTLS_CFLAGS = @XMLSEC_GNUTLS_CFLAGS@
+XMLSEC_GNUTLS_LIBS = @XMLSEC_GNUTLS_LIBS@
+XMLSEC_LIBDIR = @XMLSEC_LIBDIR@
+XMLSEC_LIBS = @XMLSEC_LIBS@
+XMLSEC_NO_AES = @XMLSEC_NO_AES@
+XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_DES = @XMLSEC_NO_DES@
+XMLSEC_NO_DSA = @XMLSEC_NO_DSA@
+XMLSEC_NO_GCRYPT = @XMLSEC_NO_GCRYPT@
+XMLSEC_NO_GNUTLS = @XMLSEC_NO_GNUTLS@
+XMLSEC_NO_GOST = @XMLSEC_NO_GOST@
+XMLSEC_NO_HMAC = @XMLSEC_NO_HMAC@
+XMLSEC_NO_LIBXSLT = @XMLSEC_NO_LIBXSLT@
+XMLSEC_NO_MD5 = @XMLSEC_NO_MD5@
+XMLSEC_NO_MSCRYPTO = @XMLSEC_NO_MSCRYPTO@
+XMLSEC_NO_NSS = @XMLSEC_NO_NSS@
+XMLSEC_NO_OPENSSL = @XMLSEC_NO_OPENSSL@
+XMLSEC_NO_RIPEMD160 = @XMLSEC_NO_RIPEMD160@
+XMLSEC_NO_RSA = @XMLSEC_NO_RSA@
+XMLSEC_NO_SHA1 = @XMLSEC_NO_SHA1@
+XMLSEC_NO_SHA224 = @XMLSEC_NO_SHA224@
+XMLSEC_NO_SHA256 = @XMLSEC_NO_SHA256@
+XMLSEC_NO_SHA384 = @XMLSEC_NO_SHA384@
+XMLSEC_NO_SHA512 = @XMLSEC_NO_SHA512@
+XMLSEC_NO_X509 = @XMLSEC_NO_X509@
+XMLSEC_NO_XKMS = @XMLSEC_NO_XKMS@
+XMLSEC_NO_XMLDSIG = @XMLSEC_NO_XMLDSIG@
+XMLSEC_NO_XMLENC = @XMLSEC_NO_XMLENC@
+XMLSEC_NSS_CFLAGS = @XMLSEC_NSS_CFLAGS@
+XMLSEC_NSS_LIBS = @XMLSEC_NSS_LIBS@
+XMLSEC_OPENSSL_CFLAGS = @XMLSEC_OPENSSL_CFLAGS@
+XMLSEC_OPENSSL_LIBS = @XMLSEC_OPENSSL_LIBS@
+XMLSEC_PACKAGE = @XMLSEC_PACKAGE@
+XMLSEC_STATIC_BINARIES = @XMLSEC_STATIC_BINARIES@
+XMLSEC_VERSION = @XMLSEC_VERSION@
+XMLSEC_VERSION_INFO = @XMLSEC_VERSION_INFO@
+XMLSEC_VERSION_MAJOR = @XMLSEC_VERSION_MAJOR@
+XMLSEC_VERSION_MINOR = @XMLSEC_VERSION_MINOR@
+XMLSEC_VERSION_SAFE = @XMLSEC_VERSION_SAFE@
+XMLSEC_VERSION_SUBMINOR = @XMLSEC_VERSION_SUBMINOR@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+NULL =
+SUBDIRS = api
+TARGET_DIR = @XMLSEC_DOCDIR@
+EXTRA_DIST = \
+ images \
+ xmlsec.xsl \
+ $(NULL)
+
+all: all-recursive
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu docs/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu docs/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+# (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+ @fail= failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ target=`echo $@ | sed s/-recursive//`; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ dot_seen=yes; \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done; \
+ if test "$$dot_seen" = "no"; then \
+ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+ fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+ @fail= failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ case "$@" in \
+ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+ *) list='$(SUBDIRS)' ;; \
+ esac; \
+ rev=''; for subdir in $$list; do \
+ if test "$$subdir" = "."; then :; else \
+ rev="$$subdir $$rev"; \
+ fi; \
+ done; \
+ rev="$$rev ."; \
+ target=`echo $@ | sed s/-recursive//`; \
+ for subdir in $$rev; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done && test -z "$$fail"
+tags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+ done
+ctags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+ include_option=--etags-include; \
+ empty_fix=.; \
+ else \
+ include_option=--include; \
+ empty_fix=; \
+ fi; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test ! -f $$subdir/TAGS || \
+ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
+ fi; \
+ done; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test -d "$(distdir)/$$subdir" \
+ || $(MKDIR_P) "$(distdir)/$$subdir" \
+ || exit 1; \
+ fi; \
+ done
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+ $(am__relativize); \
+ new_distdir=$$reldir; \
+ dir1=$$subdir; dir2="$(top_distdir)"; \
+ $(am__relativize); \
+ new_top_distdir=$$reldir; \
+ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
+ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
+ ($(am__cd) $$subdir && \
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$$new_top_distdir" \
+ distdir="$$new_distdir" \
+ am__remove_distdir=: \
+ am__skip_length_check=: \
+ am__skip_mode_fix=: \
+ distdir) \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+check: check-recursive
+all-am: Makefile
+installdirs: installdirs-recursive
+installdirs-am:
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-recursive
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+html-am:
+
+info: info-recursive
+
+info-am:
+
+install-data-am: install-data-local
+
+install-dvi: install-dvi-recursive
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-recursive
+
+install-html-am:
+
+install-info: install-info-recursive
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-pdf-am:
+
+install-ps: install-ps-recursive
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am: uninstall-local
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \
+ install-am install-strip tags-recursive
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+ all all-am check check-am clean clean-generic clean-libtool \
+ ctags ctags-recursive dist-hook distclean distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-data-local install-dvi install-dvi-am \
+ install-exec install-exec-am install-html install-html-am \
+ install-info install-info-am install-man install-pdf \
+ install-pdf-am install-ps install-ps-am install-strip \
+ installcheck installcheck-am installdirs installdirs-am \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags tags-recursive uninstall uninstall-am uninstall-local
+
+
+# just do nothing
+all:
+
+docs: api-docs-create docs-format
+
+api-docs-create:
+ @(cd api; \
+ $(MAKE) docs; \
+ echo "Cleaning up result files"; \
+ perl ../../scripts/remove-gtkdoclink.pl `find . -name "*.html" -print` \
+ )
+
+api-docs-clean:
+ @(cd api; $(MAKE) clean)
+
+docs-format:
+ @(echo "Formatting html documents"; \
+ for i in `find . -name "*.html" -print`; \
+ do \
+ top_folder=`echo $$i | sed 's#/[^/]*$$#/#' | sed 's#\./##' | \
+ sed 's#[^/]*/#../#g'`; \
+ echo "Processing $$i ($$top_folder)"; \
+ xsltproc --html --stringparam topfolder "$$top_folder" \
+ --output $$i.tmp ./xmlsec.xsl $$i; \
+ if [ $$? != 0 ]; \
+ then \
+ echo "ERROR: processing file $$i"; \
+ exit 1; \
+ fi; \
+ mv $$i.tmp $$i; \
+ done)
+ @(echo "Cleaning html documents"; \
+ for i in `find . -name "*.html" -print`; \
+ do \
+ echo Cleaning $$i ; \
+ sed 's/\xA0/ /g' $$i > $$i.tmp ; \
+ mv $$i.tmp $$i ; \
+ done)
+
+dist-hook:
+ @$(CP) -p $(srcdir)/*.html $(distdir)
+
+install-data-local:
+ $(mkinstalldirs) $(DESTDIR)$(TARGET_DIR)
+ $(mkinstalldirs) $(DESTDIR)$(TARGET_DIR)/images
+ $(mkinstalldirs) $(DESTDIR)$(TARGET_DIR)/api
+ $(mkinstalldirs) $(DESTDIR)$(TARGET_DIR)/api/images
+ -@INSTALL@ -m 0644 $(srcdir)/*.html $(DESTDIR)$(TARGET_DIR)
+ -@INSTALL@ -m 0644 $(srcdir)/images/*.gif $(srcdir)/images/*.png $(DESTDIR)$(TARGET_DIR)/images
+ -@INSTALL@ -m 0644 $(srcdir)/api/*.html $(srcdir)/api/*.png $(srcdir)/api/*.sgml $(DESTDIR)$(TARGET_DIR)/api
+ -@INSTALL@ -m 0644 $(srcdir)/api/images/*.png $(DESTDIR)$(TARGET_DIR)/api/images
+
+uninstall-local:
+ @rm -rf $(DESTDIR)$(TARGET_DIR)
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/docs/api/Makefile.am b/docs/api/Makefile.am
new file mode 100644
index 00000000..63c3e009
--- /dev/null
+++ b/docs/api/Makefile.am
@@ -0,0 +1,209 @@
+#
+#
+#
+NULL=
+TOP=../..
+MODULE=xmlsec
+SOURCE_DIR=$(TOP)/src
+INCLUDE_DIR=$(TOP)/include
+SGML_CATALOG_FILES=/usr/share/sgml/docbook/sgml-dtd-3.0-1.0-8/catalog:/usr/share/sgml/openjade-1.3.1/catalog:/usr/share/sgml/docbook/dsssl-stylesheets/catalog
+
+EXTRA_DIST = \
+ chapters \
+ images \
+ $(NULL)
+
+#
+# We need to pre-process original source files
+# because gtkdoc does not understand some C features
+#
+DOC_SOURCE_DIR=./code
+DOC_SOURCE_FILES=\
+ $(shell find $(SOURCE_DIR) -name '*.c' -a ! -name "xkms*" -print ) \
+ $(shell find $(INCLUDE_DIR) -name '*.h' -a ! -name "symbols.h" -a ! -name "xkms*" -print )
+
+EXAMPLES_SOURCE_DIR=../../examples
+EXAMPLES_SOURCE_FILES=\
+ $(shell find $(EXAMPLES_SOURCE_DIR) -name '*.c' -print) \
+ $(shell find $(EXAMPLES_SOURCE_DIR) -name '*.xml' -print)
+
+# do nothing for all
+all:
+
+docs: sgml html clean-sources
+
+# need to cleanup "bad" chars
+html: sgml xmlsec.sgml xmlsec-index
+ gtkdoc-mkhtml xmlsec xmlsec.sgml
+
+#
+# Prepeare sgml files from sources for each library. We are also
+# doing some "magic" here by automatically adding links to XML DSig and
+# XML Enc specification, we also remove "Ptr" from the end of the link
+# targets to make more references
+#
+sgml: templates
+ -@gtkdoc-mkdb --module=xmlsec \
+ --main-sgml-file=xmlsec.sgml \
+ --source-dir=$(DOC_SOURCE_DIR)/src/base \
+ --source-dir=$(DOC_SOURCE_DIR)/include/xmlsec/base
+ -@gtkdoc-mkdb --module=xmlsec-openssl \
+ --main-sgml-file=xmlsec-openssl.sgml \
+ --tmpl-dir=tmpl/openssl \
+ --output-dir=sgml/openssl \
+ --source-dir=$(DOC_SOURCE_DIR)/src/openssl \
+ --source-dir=$(DOC_SOURCE_DIR)/include/xmlsec/openssl
+ -@gtkdoc-mkdb --module=xmlsec-gnutls \
+ --main-sgml-file=xmlsec-gnutls.sgml \
+ --tmpl-dir=tmpl/gnutls \
+ --output-dir=sgml/gnutls \
+ --source-dir=$(DOC_SOURCE_DIR)/src/gnutls \
+ --source-dir=$(DOC_SOURCE_DIR)/include/xmlsec/gnutls
+ -@gtkdoc-mkdb --module=xmlsec-gcrypt \
+ --main-sgml-file=xmlsec-gcrypt.sgml \
+ --tmpl-dir=tmpl/gcrypt \
+ --output-dir=sgml/gcrypt \
+ --source-dir=$(DOC_SOURCE_DIR)/src/gcrypt \
+ --source-dir=$(DOC_SOURCE_DIR)/include/xmlsec/gcrypt
+ -@gtkdoc-mkdb --module=xmlsec-nss \
+ --main-sgml-file=xmlsec-nss.sgml \
+ --tmpl-dir=tmpl/nss \
+ --output-dir=sgml/nss \
+ --source-dir=$(DOC_SOURCE_DIR)/src/nss \
+ --source-dir=$(DOC_SOURCE_DIR)/include/xmlsec/nss
+ -@gtkdoc-mkdb --module=xmlsec-mscrypto \
+ --main-sgml-file=xmlsec-mscrypto.sgml \
+ --tmpl-dir=tmpl/mscrypto \
+ --output-dir=sgml/mscrypto \
+ --source-dir=$(DOC_SOURCE_DIR)/src/mscrypto \
+ --source-dir=$(DOC_SOURCE_DIR)/include/xmlsec/mscrypto
+ -@(for i in `find sgml -name "*.sgml" -print` ; do \
+ cat $$i | \
+ sed 's!\(&lt;dsig:\)\([^/]*\)\(\/&gt;\)!<ulink URL=\"http://www.w3.org/TR/xmldsig-core/#sec-\2\">\1\2\3</ulink>!g' | \
+ sed 's!\(&lt;enc:\)\([^/]*\)\(\/&gt;\)!<ulink URL=\"http://www.w3.org/TR/xmlenc-core/#sec-\2\">\1\2\3</ulink>!g' | \
+ sed 's!linkend=\"\(.*\)Ptr\"!linkend=\"\1\"!g' > \
+ $$i.tmp; \
+ mv -f $$i.tmp $$i; \
+ done);
+
+templates: scan
+ -@gtkdoc-mktmpl --module=xmlsec
+ -@gtkdoc-mktmpl --module=xmlsec-openssl \
+ --output-dir=tmpl/openssl
+ -@gtkdoc-mktmpl --module=xmlsec-gnutls \
+ --output-dir=tmpl/gnutls
+ -@gtkdoc-mktmpl --module=xmlsec-gcrypt \
+ --output-dir=tmpl/gcrypt
+ -@gtkdoc-mktmpl --module=xmlsec-nss \
+ --output-dir=tmpl/nss
+ -@gtkdoc-mktmpl --module=xmlsec-mscrypto \
+ --output-dir=tmpl/mscrypto
+
+scan: doc_sources example_sources
+ -@gtkdoc-scan --module=xmlsec \
+ --rebuild-sections \
+ --source-dir=$(DOC_SOURCE_DIR)/src/base \
+ --source-dir=$(DOC_SOURCE_DIR)/include/xmlsec/base
+ -@gtkdoc-scan --module=xmlsec-openssl \
+ --rebuild-sections \
+ --source-dir=$(DOC_SOURCE_DIR)/src/openssl \
+ --source-dir=$(DOC_SOURCE_DIR)/include/xmlsec/openssl
+ -@gtkdoc-scan --module=xmlsec-gnutls \
+ --rebuild-sections \
+ --source-dir=$(DOC_SOURCE_DIR)/src/gnutls \
+ --source-dir=$(DOC_SOURCE_DIR)/include/xmlsec/gnutls
+ -@gtkdoc-scan --module=xmlsec-gcrypt \
+ --rebuild-sections \
+ --source-dir=$(DOC_SOURCE_DIR)/src/gcrypt \
+ --source-dir=$(DOC_SOURCE_DIR)/include/xmlsec/gcrypt
+ -@gtkdoc-scan --module=xmlsec-nss \
+ --rebuild-sections \
+ --source-dir=$(DOC_SOURCE_DIR)/src/nss \
+ --source-dir=$(DOC_SOURCE_DIR)/include/xmlsec/nss
+ -@gtkdoc-scan --module=xmlsec-mscrypto \
+ --rebuild-sections \
+ --source-dir=$(DOC_SOURCE_DIR)/src/mscrypto \
+ --source-dir=$(DOC_SOURCE_DIR)/include/xmlsec/mscrypto
+
+#
+# Prepare source files by coping them to "code" folder and
+# removing XMLSEC_EXPORT_* stuff that makes gtkdoc crazy
+#
+doc_sources: $(DOC_SOURCE_FILES)
+ @(for i in $(DOC_SOURCE_FILES) ; do \
+ folder_name=`echo $$i | sed 's#$(TOP)/##' | sed 's#/[^/]*$$##'`; \
+ file_name=`echo $$i | sed 's#.*/##'`; \
+ test -d $(DOC_SOURCE_DIR)/$$folder_name || mkdir -p $(DOC_SOURCE_DIR)/$$folder_name; \
+ cat $$i | \
+ sed 's/#if.*//' | \
+ sed 's/#el.*//' | \
+ sed 's/#end.*//' | \
+ sed 's/XMLSEC_CRYPTO_EXPORT//' | \
+ sed 's/XMLSEC_EXPORT_VAR//' | \
+ sed 's/XMLSEC_EXPORT//' | \
+ sed 's/XMLSEC_ERRORS_PRINTF_ATTRIBUTE//' > \
+ $(DOC_SOURCE_DIR)/$$folder_name/$$file_name; \
+ done);
+ -@mkdir -p $(DOC_SOURCE_DIR)/src/base
+ -@mv -f $(DOC_SOURCE_DIR)/src/*.c $(DOC_SOURCE_DIR)/src/base
+ -@mkdir -p $(DOC_SOURCE_DIR)/include/xmlsec/base
+ -@mv -f $(DOC_SOURCE_DIR)/include/xmlsec/*.h $(DOC_SOURCE_DIR)/include/xmlsec/base
+ -@rm -f $(DOC_SOURCE_DIR)/include/xmlsec/*/symbols.h
+
+#
+# Create index for all functions. For macros and defines need to add -CAPS suffix
+#
+xmlsec-index: scan
+ @grep -h '<NAME>.*</NAME>' xmlsec-*decl.txt | \
+ grep -v '<NAME>extern</NAME>' | \
+ sort -u | \
+ sed 's#_#-#g' | \
+ sed 's#<NAME>\([^-]*\)-\([^<]*\)</NAME>#<listitem><para><link linkend=\"\1-\2-CAPS\">\1-\2</link></para></listitem>#g' | \
+ sed 's#<NAME>\([^<]*\)</NAME>#<listitem><para><link linkend=\"\1\">\1</link></para></listitem>#g' > \
+ xmlsec-index.sgml
+
+#
+# The following code converts C example file to sgml RefEntry files.
+# We get file title from a string "XML Security Library example: ..."
+# which is usually placed at the top of the file. Also all "unsafe" xml
+# characters (<, >, &) are escaped.
+#
+example_sources:
+ @mkdir -p examples
+ @(for i in $(EXAMPLES_SOURCE_FILES) ; do \
+ file_name=`echo $$i | sed 's#.*/##' | sed 's#\..*$$##'`; \
+ file_ext=`echo $$i | sed 's#.*/##' | sed 's#.*\.##'`; \
+ echo Converting $$file_name.$$file_ext to $$file_name.sgml ...; \
+ file_title=`cat $$i | grep 'XML Security Library example: ' | sed 's#^.*: *##'`; \
+ echo "<sect2 id=\"xmlsec-example-$$file_name\" >" > \
+ examples/$$file_name.sgml; \
+ echo "<title>$$file_name.$$file_ext</title><para><informalexample><programlisting>" >> \
+ examples/$$file_name.sgml; \
+ cat $$i | \
+ sed "s#&#\&amp;#g" | \
+ sed "s#<#\&lt;#g" | \
+ sed "s#>#\&gt;#g" >> \
+ examples/$$file_name.sgml; \
+ echo "</programlisting></informalexample></para></sect2>" >> \
+ examples/$$file_name.sgml; \
+ done);
+
+dist-hook:
+ @cp -p $(srcdir)/*.html $(srcdir)/*.png $(srcdir)/*.sgml $(distdir)
+
+clean: clean-sources
+ -@rm -rf $(DOC_SOURCE_DIR)
+ -@rm -rf sgml/*~ sgml/*.bak
+ -@rm -rf tmpl/*~ tmpl/*.bak
+ -@rm -rf *~ *.bak *.hierarchy *.signals *-unused.txt *.stamp
+
+clean-sources:
+ -@rm -rf code examples
+
+clean-local:
+ -@rm -rf *~ *.bak *.hierarchy *.signals *-unused.txt
+
+maintainer-clean-local: clean
+ -@rm *.html *.txt
+ -@rm -rf `find sgml -name "*.sgml" -print`
+
diff --git a/docs/api/Makefile.in b/docs/api/Makefile.in
new file mode 100644
index 00000000..e9e020ad
--- /dev/null
+++ b/docs/api/Makefile.in
@@ -0,0 +1,664 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = docs/api
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CP = @CP@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GCRYPT_CFLAGS = @GCRYPT_CFLAGS@
+GCRYPT_CRYPTO_LIB = @GCRYPT_CRYPTO_LIB@
+GCRYPT_LIBS = @GCRYPT_LIBS@
+GCRYPT_MIN_VERSION = @GCRYPT_MIN_VERSION@
+GNUTLS_CFLAGS = @GNUTLS_CFLAGS@
+GNUTLS_CRYPTO_LIB = @GNUTLS_CRYPTO_LIB@
+GNUTLS_LIBS = @GNUTLS_LIBS@
+GNUTLS_MIN_VERSION = @GNUTLS_MIN_VERSION@
+GREP = @GREP@
+HELP2MAN = @HELP2MAN@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIBXML_CFLAGS = @LIBXML_CFLAGS@
+LIBXML_CONFIG = @LIBXML_CONFIG@
+LIBXML_LIBS = @LIBXML_LIBS@
+LIBXML_MIN_VERSION = @LIBXML_MIN_VERSION@
+LIBXSLT_CFLAGS = @LIBXSLT_CFLAGS@
+LIBXSLT_CONFIG = @LIBXSLT_CONFIG@
+LIBXSLT_LIBS = @LIBXSLT_LIBS@
+LIBXSLT_MIN_VERSION = @LIBXSLT_MIN_VERSION@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MAN2HTML = @MAN2HTML@
+MKDIR_P = @MKDIR_P@
+MOZILLA_MIN_VERSION = @MOZILLA_MIN_VERSION@
+MSCRYPTO_CFLAGS = @MSCRYPTO_CFLAGS@
+MSCRYPTO_CRYPTO_LIB = @MSCRYPTO_CRYPTO_LIB@
+MSCRYPTO_LIBS = @MSCRYPTO_LIBS@
+MV = @MV@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NSPR_MIN_VERSION = @NSPR_MIN_VERSION@
+NSPR_PACKAGE = @NSPR_PACKAGE@
+NSS_CFLAGS = @NSS_CFLAGS@
+NSS_CRYPTO_LIB = @NSS_CRYPTO_LIB@
+NSS_LIBS = @NSS_LIBS@
+NSS_MIN_VERSION = @NSS_MIN_VERSION@
+NSS_PACKAGE = @NSS_PACKAGE@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_CFLAGS = @OPENSSL_CFLAGS@
+OPENSSL_CRYPTO_LIB = @OPENSSL_CRYPTO_LIB@
+OPENSSL_LIBS = @OPENSSL_LIBS@
+OPENSSL_MIN_VERSION = @OPENSSL_MIN_VERSION@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKGCONFIG_PRESENT = @PKGCONFIG_PRESENT@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+RANLIB = @RANLIB@
+RM = @RM@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+TAR = @TAR@
+U = @U@
+VERSION = @VERSION@
+XMLSEC_APP_DEFINES = @XMLSEC_APP_DEFINES@
+XMLSEC_CFLAGS = @XMLSEC_CFLAGS@
+XMLSEC_CORE_CFLAGS = @XMLSEC_CORE_CFLAGS@
+XMLSEC_CORE_LIBS = @XMLSEC_CORE_LIBS@
+XMLSEC_CRYPTO = @XMLSEC_CRYPTO@
+XMLSEC_CRYPTO_CFLAGS = @XMLSEC_CRYPTO_CFLAGS@
+XMLSEC_CRYPTO_DISABLED_LIST = @XMLSEC_CRYPTO_DISABLED_LIST@
+XMLSEC_CRYPTO_EXTRA_LDFLAGS = @XMLSEC_CRYPTO_EXTRA_LDFLAGS@
+XMLSEC_CRYPTO_LIB = @XMLSEC_CRYPTO_LIB@
+XMLSEC_CRYPTO_LIBS = @XMLSEC_CRYPTO_LIBS@
+XMLSEC_CRYPTO_LIST = @XMLSEC_CRYPTO_LIST@
+XMLSEC_CRYPTO_PC_FILES_LIST = @XMLSEC_CRYPTO_PC_FILES_LIST@
+XMLSEC_DEFINES = @XMLSEC_DEFINES@
+XMLSEC_DL_INCLUDES = @XMLSEC_DL_INCLUDES@
+XMLSEC_DL_LIBS = @XMLSEC_DL_LIBS@
+XMLSEC_DOCDIR = @XMLSEC_DOCDIR@
+XMLSEC_EXTRA_LDFLAGS = @XMLSEC_EXTRA_LDFLAGS@
+XMLSEC_GCRYPT_CFLAGS = @XMLSEC_GCRYPT_CFLAGS@
+XMLSEC_GCRYPT_LIBS = @XMLSEC_GCRYPT_LIBS@
+XMLSEC_GNUTLS_CFLAGS = @XMLSEC_GNUTLS_CFLAGS@
+XMLSEC_GNUTLS_LIBS = @XMLSEC_GNUTLS_LIBS@
+XMLSEC_LIBDIR = @XMLSEC_LIBDIR@
+XMLSEC_LIBS = @XMLSEC_LIBS@
+XMLSEC_NO_AES = @XMLSEC_NO_AES@
+XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_DES = @XMLSEC_NO_DES@
+XMLSEC_NO_DSA = @XMLSEC_NO_DSA@
+XMLSEC_NO_GCRYPT = @XMLSEC_NO_GCRYPT@
+XMLSEC_NO_GNUTLS = @XMLSEC_NO_GNUTLS@
+XMLSEC_NO_GOST = @XMLSEC_NO_GOST@
+XMLSEC_NO_HMAC = @XMLSEC_NO_HMAC@
+XMLSEC_NO_LIBXSLT = @XMLSEC_NO_LIBXSLT@
+XMLSEC_NO_MD5 = @XMLSEC_NO_MD5@
+XMLSEC_NO_MSCRYPTO = @XMLSEC_NO_MSCRYPTO@
+XMLSEC_NO_NSS = @XMLSEC_NO_NSS@
+XMLSEC_NO_OPENSSL = @XMLSEC_NO_OPENSSL@
+XMLSEC_NO_RIPEMD160 = @XMLSEC_NO_RIPEMD160@
+XMLSEC_NO_RSA = @XMLSEC_NO_RSA@
+XMLSEC_NO_SHA1 = @XMLSEC_NO_SHA1@
+XMLSEC_NO_SHA224 = @XMLSEC_NO_SHA224@
+XMLSEC_NO_SHA256 = @XMLSEC_NO_SHA256@
+XMLSEC_NO_SHA384 = @XMLSEC_NO_SHA384@
+XMLSEC_NO_SHA512 = @XMLSEC_NO_SHA512@
+XMLSEC_NO_X509 = @XMLSEC_NO_X509@
+XMLSEC_NO_XKMS = @XMLSEC_NO_XKMS@
+XMLSEC_NO_XMLDSIG = @XMLSEC_NO_XMLDSIG@
+XMLSEC_NO_XMLENC = @XMLSEC_NO_XMLENC@
+XMLSEC_NSS_CFLAGS = @XMLSEC_NSS_CFLAGS@
+XMLSEC_NSS_LIBS = @XMLSEC_NSS_LIBS@
+XMLSEC_OPENSSL_CFLAGS = @XMLSEC_OPENSSL_CFLAGS@
+XMLSEC_OPENSSL_LIBS = @XMLSEC_OPENSSL_LIBS@
+XMLSEC_PACKAGE = @XMLSEC_PACKAGE@
+XMLSEC_STATIC_BINARIES = @XMLSEC_STATIC_BINARIES@
+XMLSEC_VERSION = @XMLSEC_VERSION@
+XMLSEC_VERSION_INFO = @XMLSEC_VERSION_INFO@
+XMLSEC_VERSION_MAJOR = @XMLSEC_VERSION_MAJOR@
+XMLSEC_VERSION_MINOR = @XMLSEC_VERSION_MINOR@
+XMLSEC_VERSION_SAFE = @XMLSEC_VERSION_SAFE@
+XMLSEC_VERSION_SUBMINOR = @XMLSEC_VERSION_SUBMINOR@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+
+#
+#
+#
+NULL =
+TOP = ../..
+MODULE = xmlsec
+SOURCE_DIR = $(TOP)/src
+INCLUDE_DIR = $(TOP)/include
+SGML_CATALOG_FILES = /usr/share/sgml/docbook/sgml-dtd-3.0-1.0-8/catalog:/usr/share/sgml/openjade-1.3.1/catalog:/usr/share/sgml/docbook/dsssl-stylesheets/catalog
+EXTRA_DIST = \
+ chapters \
+ images \
+ $(NULL)
+
+
+#
+# We need to pre-process original source files
+# because gtkdoc does not understand some C features
+#
+DOC_SOURCE_DIR = ./code
+DOC_SOURCE_FILES = \
+ $(shell find $(SOURCE_DIR) -name '*.c' -a ! -name "xkms*" -print ) \
+ $(shell find $(INCLUDE_DIR) -name '*.h' -a ! -name "symbols.h" -a ! -name "xkms*" -print )
+
+EXAMPLES_SOURCE_DIR = ../../examples
+EXAMPLES_SOURCE_FILES = \
+ $(shell find $(EXAMPLES_SOURCE_DIR) -name '*.c' -print) \
+ $(shell find $(EXAMPLES_SOURCE_DIR) -name '*.xml' -print)
+
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu docs/api/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu docs/api/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$(top_distdir)" distdir="$(distdir)" \
+ dist-hook
+check-am: all-am
+check: check-am
+all-am: Makefile
+installdirs:
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean-am: clean-generic clean-libtool clean-local mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic \
+ maintainer-clean-local
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: install-am install-strip
+
+.PHONY: all all-am check check-am clean clean-generic clean-libtool \
+ clean-local dist-hook distclean distclean-generic \
+ distclean-libtool distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am install-man \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic \
+ maintainer-clean-local mostlyclean mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am uninstall uninstall-am
+
+
+# do nothing for all
+all:
+
+docs: sgml html clean-sources
+
+# need to cleanup "bad" chars
+html: sgml xmlsec.sgml xmlsec-index
+ gtkdoc-mkhtml xmlsec xmlsec.sgml
+
+#
+# Prepeare sgml files from sources for each library. We are also
+# doing some "magic" here by automatically adding links to XML DSig and
+# XML Enc specification, we also remove "Ptr" from the end of the link
+# targets to make more references
+#
+sgml: templates
+ -@gtkdoc-mkdb --module=xmlsec \
+ --main-sgml-file=xmlsec.sgml \
+ --source-dir=$(DOC_SOURCE_DIR)/src/base \
+ --source-dir=$(DOC_SOURCE_DIR)/include/xmlsec/base
+ -@gtkdoc-mkdb --module=xmlsec-openssl \
+ --main-sgml-file=xmlsec-openssl.sgml \
+ --tmpl-dir=tmpl/openssl \
+ --output-dir=sgml/openssl \
+ --source-dir=$(DOC_SOURCE_DIR)/src/openssl \
+ --source-dir=$(DOC_SOURCE_DIR)/include/xmlsec/openssl
+ -@gtkdoc-mkdb --module=xmlsec-gnutls \
+ --main-sgml-file=xmlsec-gnutls.sgml \
+ --tmpl-dir=tmpl/gnutls \
+ --output-dir=sgml/gnutls \
+ --source-dir=$(DOC_SOURCE_DIR)/src/gnutls \
+ --source-dir=$(DOC_SOURCE_DIR)/include/xmlsec/gnutls
+ -@gtkdoc-mkdb --module=xmlsec-gcrypt \
+ --main-sgml-file=xmlsec-gcrypt.sgml \
+ --tmpl-dir=tmpl/gcrypt \
+ --output-dir=sgml/gcrypt \
+ --source-dir=$(DOC_SOURCE_DIR)/src/gcrypt \
+ --source-dir=$(DOC_SOURCE_DIR)/include/xmlsec/gcrypt
+ -@gtkdoc-mkdb --module=xmlsec-nss \
+ --main-sgml-file=xmlsec-nss.sgml \
+ --tmpl-dir=tmpl/nss \
+ --output-dir=sgml/nss \
+ --source-dir=$(DOC_SOURCE_DIR)/src/nss \
+ --source-dir=$(DOC_SOURCE_DIR)/include/xmlsec/nss
+ -@gtkdoc-mkdb --module=xmlsec-mscrypto \
+ --main-sgml-file=xmlsec-mscrypto.sgml \
+ --tmpl-dir=tmpl/mscrypto \
+ --output-dir=sgml/mscrypto \
+ --source-dir=$(DOC_SOURCE_DIR)/src/mscrypto \
+ --source-dir=$(DOC_SOURCE_DIR)/include/xmlsec/mscrypto
+ -@(for i in `find sgml -name "*.sgml" -print` ; do \
+ cat $$i | \
+ sed 's!\(&lt;dsig:\)\([^/]*\)\(\/&gt;\)!<ulink URL=\"http://www.w3.org/TR/xmldsig-core/#sec-\2\">\1\2\3</ulink>!g' | \
+ sed 's!\(&lt;enc:\)\([^/]*\)\(\/&gt;\)!<ulink URL=\"http://www.w3.org/TR/xmlenc-core/#sec-\2\">\1\2\3</ulink>!g' | \
+ sed 's!linkend=\"\(.*\)Ptr\"!linkend=\"\1\"!g' > \
+ $$i.tmp; \
+ mv -f $$i.tmp $$i; \
+ done);
+
+templates: scan
+ -@gtkdoc-mktmpl --module=xmlsec
+ -@gtkdoc-mktmpl --module=xmlsec-openssl \
+ --output-dir=tmpl/openssl
+ -@gtkdoc-mktmpl --module=xmlsec-gnutls \
+ --output-dir=tmpl/gnutls
+ -@gtkdoc-mktmpl --module=xmlsec-gcrypt \
+ --output-dir=tmpl/gcrypt
+ -@gtkdoc-mktmpl --module=xmlsec-nss \
+ --output-dir=tmpl/nss
+ -@gtkdoc-mktmpl --module=xmlsec-mscrypto \
+ --output-dir=tmpl/mscrypto
+
+scan: doc_sources example_sources
+ -@gtkdoc-scan --module=xmlsec \
+ --rebuild-sections \
+ --source-dir=$(DOC_SOURCE_DIR)/src/base \
+ --source-dir=$(DOC_SOURCE_DIR)/include/xmlsec/base
+ -@gtkdoc-scan --module=xmlsec-openssl \
+ --rebuild-sections \
+ --source-dir=$(DOC_SOURCE_DIR)/src/openssl \
+ --source-dir=$(DOC_SOURCE_DIR)/include/xmlsec/openssl
+ -@gtkdoc-scan --module=xmlsec-gnutls \
+ --rebuild-sections \
+ --source-dir=$(DOC_SOURCE_DIR)/src/gnutls \
+ --source-dir=$(DOC_SOURCE_DIR)/include/xmlsec/gnutls
+ -@gtkdoc-scan --module=xmlsec-gcrypt \
+ --rebuild-sections \
+ --source-dir=$(DOC_SOURCE_DIR)/src/gcrypt \
+ --source-dir=$(DOC_SOURCE_DIR)/include/xmlsec/gcrypt
+ -@gtkdoc-scan --module=xmlsec-nss \
+ --rebuild-sections \
+ --source-dir=$(DOC_SOURCE_DIR)/src/nss \
+ --source-dir=$(DOC_SOURCE_DIR)/include/xmlsec/nss
+ -@gtkdoc-scan --module=xmlsec-mscrypto \
+ --rebuild-sections \
+ --source-dir=$(DOC_SOURCE_DIR)/src/mscrypto \
+ --source-dir=$(DOC_SOURCE_DIR)/include/xmlsec/mscrypto
+
+#
+# Prepare source files by coping them to "code" folder and
+# removing XMLSEC_EXPORT_* stuff that makes gtkdoc crazy
+#
+doc_sources: $(DOC_SOURCE_FILES)
+ @(for i in $(DOC_SOURCE_FILES) ; do \
+ folder_name=`echo $$i | sed 's#$(TOP)/##' | sed 's#/[^/]*$$##'`; \
+ file_name=`echo $$i | sed 's#.*/##'`; \
+ test -d $(DOC_SOURCE_DIR)/$$folder_name || mkdir -p $(DOC_SOURCE_DIR)/$$folder_name; \
+ cat $$i | \
+ sed 's/#if.*//' | \
+ sed 's/#el.*//' | \
+ sed 's/#end.*//' | \
+ sed 's/XMLSEC_CRYPTO_EXPORT//' | \
+ sed 's/XMLSEC_EXPORT_VAR//' | \
+ sed 's/XMLSEC_EXPORT//' | \
+ sed 's/XMLSEC_ERRORS_PRINTF_ATTRIBUTE//' > \
+ $(DOC_SOURCE_DIR)/$$folder_name/$$file_name; \
+ done);
+ -@mkdir -p $(DOC_SOURCE_DIR)/src/base
+ -@mv -f $(DOC_SOURCE_DIR)/src/*.c $(DOC_SOURCE_DIR)/src/base
+ -@mkdir -p $(DOC_SOURCE_DIR)/include/xmlsec/base
+ -@mv -f $(DOC_SOURCE_DIR)/include/xmlsec/*.h $(DOC_SOURCE_DIR)/include/xmlsec/base
+ -@rm -f $(DOC_SOURCE_DIR)/include/xmlsec/*/symbols.h
+
+#
+# Create index for all functions. For macros and defines need to add -CAPS suffix
+#
+xmlsec-index: scan
+ @grep -h '<NAME>.*</NAME>' xmlsec-*decl.txt | \
+ grep -v '<NAME>extern</NAME>' | \
+ sort -u | \
+ sed 's#_#-#g' | \
+ sed 's#<NAME>\([^-]*\)-\([^<]*\)</NAME>#<listitem><para><link linkend=\"\1-\2-CAPS\">\1-\2</link></para></listitem>#g' | \
+ sed 's#<NAME>\([^<]*\)</NAME>#<listitem><para><link linkend=\"\1\">\1</link></para></listitem>#g' > \
+ xmlsec-index.sgml
+
+#
+# The following code converts C example file to sgml RefEntry files.
+# We get file title from a string "XML Security Library example: ..."
+# which is usually placed at the top of the file. Also all "unsafe" xml
+# characters (<, >, &) are escaped.
+#
+example_sources:
+ @mkdir -p examples
+ @(for i in $(EXAMPLES_SOURCE_FILES) ; do \
+ file_name=`echo $$i | sed 's#.*/##' | sed 's#\..*$$##'`; \
+ file_ext=`echo $$i | sed 's#.*/##' | sed 's#.*\.##'`; \
+ echo Converting $$file_name.$$file_ext to $$file_name.sgml ...; \
+ file_title=`cat $$i | grep 'XML Security Library example: ' | sed 's#^.*: *##'`; \
+ echo "<sect2 id=\"xmlsec-example-$$file_name\" >" > \
+ examples/$$file_name.sgml; \
+ echo "<title>$$file_name.$$file_ext</title><para><informalexample><programlisting>" >> \
+ examples/$$file_name.sgml; \
+ cat $$i | \
+ sed "s#&#\&amp;#g" | \
+ sed "s#<#\&lt;#g" | \
+ sed "s#>#\&gt;#g" >> \
+ examples/$$file_name.sgml; \
+ echo "</programlisting></informalexample></para></sect2>" >> \
+ examples/$$file_name.sgml; \
+ done);
+
+dist-hook:
+ @cp -p $(srcdir)/*.html $(srcdir)/*.png $(srcdir)/*.sgml $(distdir)
+
+clean: clean-sources
+ -@rm -rf $(DOC_SOURCE_DIR)
+ -@rm -rf sgml/*~ sgml/*.bak
+ -@rm -rf tmpl/*~ tmpl/*.bak
+ -@rm -rf *~ *.bak *.hierarchy *.signals *-unused.txt *.stamp
+
+clean-sources:
+ -@rm -rf code examples
+
+clean-local:
+ -@rm -rf *~ *.bak *.hierarchy *.signals *-unused.txt
+
+maintainer-clean-local: clean
+ -@rm *.html *.txt
+ -@rm -rf `find sgml -name "*.sgml" -print`
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/docs/api/chapters/compiling-and-linking.sgml b/docs/api/chapters/compiling-and-linking.sgml
new file mode 100644
index 00000000..f184c6a4
--- /dev/null
+++ b/docs/api/chapters/compiling-and-linking.sgml
@@ -0,0 +1,252 @@
+<chapter id="xmlsec-notes-compiling">
+ <title>Building the application with XML Security Library.</title>
+ <sect1 id="xmlsec-notes-compiling-overview">
+ <title>Overview.</title>
+ <para>Compiling and linking application with XML Security
+ Library requires specifying correct compilation flags, library files
+ and paths to include and library files. As we discussed before,
+ XML Security Library consist of the core xmlsec library and several
+ xmlsec-crypto libraries. Application has a choice of selecting crypto
+ library at link time or dynamicaly loading it at run time. Please note,
+ that loading crypto engines dynamicaly may introduce security problems
+ on some platforms.
+ </para>
+ </sect1>
+ <sect1 id="xmlsec-notes-include-files" >
+ <title>Include files.</title>
+ <para>In order to use XML Security Library an application should include
+ one or more of the following files:
+ <itemizedlist>
+ <listitem>
+ <para><link linkend="XMLSEC-XMLSEC">xmlsec/xmlsec.h</link> -
+ XML Security Library initialization and shutdown functions;
+ </para>
+ </listitem>
+ <listitem>
+ <para><link linkend="XMLSEC-XMLDSIG">xmlsec/xmldsig.h</link> -
+ XML Digital Signature functions;</para>
+ </listitem>
+ <listitem>
+ <para><link linkend="XMLSEC-XMLENC">xmlsec/xmlenc.h</link> -
+ XML Encryption functions;</para>
+ </listitem>
+ <listitem>
+ <para><link linkend="XMLSEC-XMLTREE">xmlsec/xmltree.h</link> -
+ helper functions for XML documents manipulation;
+ </para>
+ </listitem>
+ <listitem>
+ <para><link linkend="XMLSEC-TEMPLATES">xmlsec/templates.h</link> -
+ helper functions for dynamic XML Digital Signature and
+ XML Encryption templates creation;
+ </para>
+ </listitem>
+ <listitem>
+ <para><link linkend="XMLSEC-CRYPTO">xmlsec/crypto.h</link> -
+ automatic XML Security Crypto Library selection.
+ </para>
+ </listitem>
+ </itemizedlist>
+ </para>
+ <para>If necessary, the application should also include LibXML,
+ LibXSLT and crypto library header files.
+ </para>
+ <para>
+ <example>
+ <title>Example includes file section.</title>
+ <programlisting><![CDATA[
+#include <libxml/tree.h>
+#include <libxml/xmlmemory.h>
+#include <libxml/parser.h>
+
+#ifndef XMLSEC_NO_XSLT
+#include <libxslt/xslt.h>
+#endif /* XMLSEC_NO_XSLT */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/xmldsig.h>
+#include <xmlsec/xmlenc.h>
+#include <xmlsec/templates.h>
+#include <xmlsec/crypto.h>
+ ]]></programlisting>
+ </example>
+ </para>
+ </sect1>
+ <sect1 id="xmlsec-notes-compiling-unix" >
+ <title>Compiling and linking on Unix.</title>
+ <para>There are several ways to get necessary compilation
+ and linking information on Unix and application can use
+ any of these methods to do crypto engine selection either
+ at linking or run time.
+
+ <itemizedlist>
+ <listitem><para>PKG_CHECK_MODULES() macro
+ <example>
+ <title>Using PKG_CHECK_MODULES() macro in a configure.in file
+ to select crypto engine (openssl) at linking time.</title>
+ <programlisting><![CDATA[
+dnl
+dnl Check for xmlsec and friends
+dnl
+PKG_CHECK_MODULES(XMLSEC, xmlsec1-openssl >= 1.0.0 xml2 libxslt,,exit)
+CFLAGS="$CFLAGS $XMLSEC_CFLAGS"
+CPPFLAGS="$CPPFLAGS $XMLSEC_CFLAGS"
+LDFLAGS="$LDFLAGS $XMLSEC_LIBS"
+ ]]></programlisting>
+ </example>
+
+ <example>
+ <title>Using PKG_CHECK_MODULES() macro in a configure.in file
+ to enable dynamical loading of xmlsec-crypto library.</title>
+ <programlisting><![CDATA[
+dnl
+dnl Check for xmlsec and friends
+dnl
+PKG_CHECK_MODULES(XMLSEC, xmlsec1 >= 1.0.0 xml2 libxslt,,exit)
+CFLAGS="$CFLAGS $XMLSEC_CFLAGS"
+CPPFLAGS="$CPPFLAGS $XMLSEC_CFLAGS"
+LDFLAGS="$LDFLAGS $XMLSEC_LIBS"
+ ]]></programlisting>
+ </example>
+
+ </para></listitem>
+
+
+ <listitem><para>pkg-config script
+ <example>
+ <title>Using pkg-config script in a Makefile
+ to select crypto engine (nss) at linking time.</title>
+ <programlisting><![CDATA[
+PROGRAM = test
+PROGRAM_FILES = test.c
+
+CFLAGS += -g $(shell pkg-config --cflags xmlsec1-nss)
+LDFLAGS += -g
+LIBS += $(shell pkg-config --libs xmlsec1-nss)
+
+all: $(PROGRAM)
+
+%: %.c
+ $(cc) $(PROGRAM_FILES) $(CFLAGS) $(LDFLAGS) -o $(PROGRAM) $(LIBS)
+
+clean:
+ @rm -rf $(PROGRAM)
+ ]]></programlisting>
+ </example>
+
+
+ <example>
+ <title>Using pkg-config script in a Makefile
+ to enable dynamical loading of xmlsec-crypto library.</title>
+ <programlisting><![CDATA[
+PROGRAM = test
+PROGRAM_FILES = test.c
+
+CFLAGS += -g $(shell pkg-config --cflags xmlsec1)
+LDFLAGS += -g
+LIBS += $(shell pkg-config --libs xmlsec1)
+
+all: $(PROGRAM)
+
+%: %.c
+ $(cc) $(PROGRAM_FILES) $(CFLAGS) $(LDFLAGS) -o $(PROGRAM) $(LIBS)
+
+clean:
+ @rm -rf $(PROGRAM)
+ ]]></programlisting>
+ </example>
+
+ </para></listitem>
+ <listitem><para>xmlsec1-config script
+ <example>
+ <title>Using xmlsec1-config script in a Makefile
+ to select crypto engine (e.g. gnutls) at linking time.</title>
+ <programlisting><![CDATA[
+PROGRAM = test
+PROGRAM_FILES = test.c
+
+CFLAGS += -g $(shell xmlsec1-config --crypto gnutls --cflags)
+LDFLAGS += -g
+LIBS += $(shell xmlsec1-config --crypto gnutls --libs)
+
+all: $(PROGRAM)
+
+%: %.c
+ $(cc) $(PROGRAM_FILES) $(CFLAGS) $(LDFLAGS) -o $(PROGRAM) $(LIBS)
+
+clean:
+ @rm -rf $(PROGRAM)
+ ]]></programlisting>
+ </example>
+
+ <example>
+ <title>Using xmlsec1-config script in a Makefile
+ to enable dynamical loading of xmlsec-crypto library.</title>
+ <programlisting><![CDATA[
+PROGRAM = test
+PROGRAM_FILES = test.c
+
+CFLAGS += -g $(shell xmlsec1-config --cflags)
+LDFLAGS += -g
+LIBS += $(shell xmlsec1-config --libs)
+
+all: $(PROGRAM)
+
+%: %.c
+ $(cc) $(PROGRAM_FILES) $(CFLAGS) $(LDFLAGS) -o $(PROGRAM) $(LIBS)
+
+clean:
+ @rm -rf $(PROGRAM)
+ ]]></programlisting>
+ </example>
+ </para></listitem>
+ </itemizedlist>
+ </para>
+ </sect1>
+ <sect1 id="xmlsec-notes-compiling-windows" >
+ <title>Compiling and linking on Windows.</title>
+ <para>On Windows there is no such simple and elegant solution.
+ Please check <filename>README</filename> file in <filename>win32</filename>
+ folder of the library package for latest instructions.
+ However, there are few general things, that you need to remember:
+ <itemizedlist>
+ <listitem><para>
+ <emphasis>All libraries linked to your application must be compiled
+ with the same Microsoft Runtime Libraries.</emphasis>
+ </para></listitem>
+ <listitem><para>
+ <emphasis>Static linking with XML Security Library requires
+ additional global defines:</emphasis>
+ <informalexample><programlisting>
+#define LIBXML_STATIC
+#define LIBXSLT_STATIC
+#define XMLSEC_STATIC
+ </programlisting></informalexample>
+ </para></listitem>
+ <listitem><para>
+ If you do not want to dynamicaly load xmlsec-crypto library
+ and prefer to select crypto engine at linking then you should
+ link your application with xmlsec and at least one of
+ xmlsec-crypto libraries.
+ </para></listitem>
+ <listitem><para>
+ In order to enable dynamic loading for xmlsec-crypto library
+ you should add additional global define:
+ <informalexample><programlisting>
+#define XMLSEC_CRYPTO_DYNAMIC_LOADING
+ </programlisting></informalexample>
+ </para></listitem>
+ </itemizedlist>
+ </para>
+ </sect1>
+ <sect1 id="xmlsec-notes-compiling-others">
+ <title>Compiling and linking on other systems.</title>
+ <para>Well, nothing is impossible, it's only software (you managed to
+ compile the library itself, do you?).
+ I'll be happy to include in this manual your expirience with
+ compiling and linking applications with XML Security Library
+ on other platforms (if you would like to share it).
+ </para>
+ </sect1>
+</chapter>
diff --git a/docs/api/chapters/creating-templates.sgml b/docs/api/chapters/creating-templates.sgml
new file mode 100644
index 00000000..4d6088f3
--- /dev/null
+++ b/docs/api/chapters/creating-templates.sgml
@@ -0,0 +1,325 @@
+<chapter id="xmlsec-notes-templates">
+ <title>Creating dynamic templates.</title>
+ <sect1 id="xmlsec-notes-templates-overview">
+ <title>Overview.</title>
+ <para>The XML Security Library uses templates to describe
+ how and what data should be signed or encrypted. The template
+ is a regular XML file. You can create templates in advance
+ using your favorite XML files editor, load them from a file
+ and use for creating signature or encrypting data. You can
+ also create templates dynamicaly. The XML Security Library
+ provides helper functions to quickly create dynamic templates
+ inside your application.</para>
+ </sect1>
+ <sect1 id="xmlsec-notes-dynamic-signature-templates">
+ <title>Creating dynamic signature templates.</title>
+ <para>The signature template has structure similar
+ to the XML Digital Signature structure as it is described in
+ <ulink URL="http://www.w3.org/TR/xmldsig-core">specification</ulink>.
+ The only difference is that some nodes (for example,
+ &lt;dsig:DigestValue/&gt; or &lt;SignatureValue/&gt;)
+ are empty. The XML Security Library sets the content of these
+ nodes after doing necessary calculations.
+ </para>
+ <figure>
+ <title>XML Digital Signature structure</title>
+ <programlisting>
+&lt;dsig:Signature ID?&gt;
+ &lt;dsig:SignedInfo&gt;
+ &lt;dsig:CanonicalizationMethod Algorithm /&gt;
+ &lt;dsig:SignatureMethod Algorithm /&gt;
+ (&lt;dsig:Reference URI? &gt;
+ (&lt;dsig:Transforms&gt;
+ (&lt;dsig:Transform Algorithm /&gt;)+
+ &lt;/dsig:Transforms&gt;)?
+ &lt;dsig:DigestMethod Algorithm &gt;
+ &lt;dsig:DigestValue&gt;
+ &lt;/dsig:Reference&gt;)+
+ &lt;/dsig:SignedInfo&gt;
+ &lt;dsig:SignatureValue&gt;
+ (&lt;dsig:KeyInfo&gt;
+ &lt;dsig:KeyName&gt;?
+ &lt;dsig:KeyValue&gt;?
+ &lt;dsig:RetrievalMethod&gt;?
+ &lt;dsig:X509Data&gt;?
+ &lt;dsig:PGPData&gt;?
+ &lt;enc:EncryptedKey&gt;?
+ &lt;enc:AgreementMethod&gt;?
+ &lt;dsig:KeyName&gt;?
+ &lt;dsig:RetrievalMethod&gt;?
+ &lt;*&gt;?
+ &lt;/dsig:KeyInfo&gt;)?
+ (&lt;dsig:Object ID?&gt;)*
+&lt;/dsig:Signature&gt;
+ </programlisting>
+ </figure>
+ <para>
+ <example>
+ <title>Creating dynamic signature template.</title>
+ <programlisting><![CDATA[
+/**
+ * sign_file:
+ * @xml_file: the XML file name.
+ * @key_file: the PEM private key file name.
+ *
+ * Signs the #xml_file using private key from #key_file and dynamicaly
+ * created enveloped signature template.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+sign_file(const char* xml_file, const char* key_file) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr signNode = NULL;
+ xmlNodePtr refNode = NULL;
+ xmlNodePtr keyInfoNode = NULL;
+ xmlSecDSigCtxPtr dsigCtx = NULL;
+ int res = -1;
+
+ assert(xml_file);
+ assert(key_file);
+
+ /* load doc file */
+ doc = xmlParseFile(xml_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* create signature template for RSA-SHA1 enveloped signature */
+ signNode = xmlSecTmplSignatureCreate(doc, xmlSecTransformExclC14NId,
+ xmlSecTransformRsaSha1Id, NULL);
+ if(signNode == NULL) {
+ fprintf(stderr, "Error: failed to create signature template\n");
+ goto done;
+ }
+
+ /* add <dsig:Signature/> node to the doc */
+ xmlAddChild(xmlDocGetRootElement(doc), signNode);
+
+ /* add reference */
+ refNode = xmlSecTmplSignatureAddReference(signNode, xmlSecTransformSha1Id,
+ NULL, NULL, NULL);
+ if(refNode == NULL) {
+ fprintf(stderr, "Error: failed to add reference to signature template\n");
+ goto done;
+ }
+
+ /* add enveloped transform */
+ if(xmlSecTmplReferenceAddTransform(refNode, xmlSecTransformEnvelopedId) == NULL) {
+ fprintf(stderr, "Error: failed to add enveloped transform to reference\n");
+ goto done;
+ }
+
+ /* add <dsig:KeyInfo/> and <dsig:KeyName/> nodes to put key name in the signed document */
+ keyInfoNode = xmlSecTmplSignatureEnsureKeyInfo(signNode, NULL);
+ if(keyInfoNode == NULL) {
+ fprintf(stderr, "Error: failed to add key info\n");
+ goto done;
+ }
+
+ if(xmlSecTmplKeyInfoAddKeyName(keyInfoNode, NULL) == NULL) {
+ fprintf(stderr, "Error: failed to add key name\n");
+ goto done;
+ }
+
+ /* create signature context, we don't need keys manager in this example */
+ dsigCtx = xmlSecDSigCtxCreate(NULL);
+ if(dsigCtx == NULL) {
+ fprintf(stderr,"Error: failed to create signature context\n");
+ goto done;
+ }
+
+ /* load private key, assuming that there is not password */
+ dsigCtx->signKey = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
+ if(dsigCtx->signKey == NULL) {
+ fprintf(stderr,"Error: failed to load private pem key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(dsigCtx->signKey, key_file) < 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* sign the template */
+ if(xmlSecDSigCtxSign(dsigCtx, signNode) < 0) {
+ fprintf(stderr,"Error: signature failed\n");
+ goto done;
+ }
+
+ /* print signed document to stdout */
+ xmlDocDump(stdout, doc);
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(dsigCtx != NULL) {
+ xmlSecDSigCtxDestroy(dsigCtx);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+ ]]></programlisting>
+ <simpara><link linkend="xmlsec-example-sign2">Full program listing</link></simpara>
+ </example>
+ </para>
+ </sect1>
+
+ <sect1 id="xmlsec-notes-dynamic-encryption-templates">
+ <title>Creating dynamic encryption templates.</title>
+ <para>The encryption template has structure similar
+ to the XML Encryption structure as it is described in
+ <ulink URL="http://www.w3.org/TR/xmlenc-core">specification</ulink>.
+ The only difference is that some nodes (for example,
+ &lt;enc:CipherValue/&gt;)
+ are empty. The XML Security Library sets the content of these
+ nodes after doing necessary calculations.
+ </para>
+ <figure>
+ <title>XML Encryption structure</title>
+ <programlisting>
+&lt;enc:EncryptedData Id? Type? MimeType? Encoding?&gt;
+ &lt;enc:EncryptionMethod Algorithm /&gt;?
+ (&lt;dsig:KeyInfo&gt;
+ &lt;dsig:KeyName&gt;?
+ &lt;dsig:KeyValue&gt;?
+ &lt;dsig:RetrievalMethod&gt;?
+ &lt;dsig:X509Data&gt;?
+ &lt;dsig:PGPData&gt;?
+ &lt;enc:EncryptedKey&gt;?
+ &lt;enc:AgreementMethod&gt;?
+ &lt;dsig:KeyName&gt;?
+ &lt;dsig:RetrievalMethod&gt;?
+ &lt;*&gt;?
+ &lt;/dsig:KeyInfo&gt;)?
+ &lt;enc:CipherData&gt;
+ &lt;enc:CipherValue&gt;?
+ &lt;enc:CipherReference URI?&gt;?
+ &lt;/enc:CipherData&gt;
+ &lt;enc:EncryptionProperties&gt;?
+&lt;/enc:EncryptedData&gt;
+ </programlisting>
+ </figure>
+ <para>
+ <example>
+ <title>Creating dynamic encrytion template.</title>
+ <programlisting><![CDATA[
+/**
+ * encrypt_file:
+ * @xml_file: the encryption template file name.
+ * @key_file: the Triple DES key file.
+ *
+ * Encrypts #xml_file using a dynamicaly created template and DES key from
+ * #key_file.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+encrypt_file(const char* xml_file, const char* key_file) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr encDataNode = NULL;
+ xmlNodePtr keyInfoNode = NULL;
+ xmlSecEncCtxPtr encCtx = NULL;
+ int res = -1;
+
+ assert(xml_file);
+ assert(key_file);
+
+ /* load template */
+ doc = xmlParseFile(xml_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* create encryption template to encrypt XML file and replace
+ * its content with encryption result */
+ encDataNode = xmlSecTmplEncDataCreate(doc, xmlSecTransformDes3CbcId,
+ NULL, xmlSecTypeEncElement, NULL, NULL);
+ if(encDataNode == NULL) {
+ fprintf(stderr, "Error: failed to create encryption template\n");
+ goto done;
+ }
+
+ /* we want to put encrypted data in the <enc:CipherValue/> node */
+ if(xmlSecTmplEncDataEnsureCipherValue(encDataNode) == NULL) {
+ fprintf(stderr, "Error: failed to add CipherValue node\n");
+ goto done;
+ }
+
+ /* add <dsig:KeyInfo/> and <dsig:KeyName/> nodes to put key name in the signed document */
+ keyInfoNode = xmlSecTmplEncDataEnsureKeyInfo(encDataNode, NULL);
+ if(keyInfoNode == NULL) {
+ fprintf(stderr, "Error: failed to add key info\n");
+ goto done;
+ }
+
+ if(xmlSecTmplKeyInfoAddKeyName(keyInfoNode, NULL) == NULL) {
+ fprintf(stderr, "Error: failed to add key name\n");
+ goto done;
+ }
+
+ /* create encryption context, we don't need keys manager in this example */
+ encCtx = xmlSecEncCtxCreate(NULL);
+ if(encCtx == NULL) {
+ fprintf(stderr,"Error: failed to create encryption context\n");
+ goto done;
+ }
+
+ /* load DES key, assuming that there is not password */
+ encCtx->encKey = xmlSecKeyReadBinaryFile(xmlSecKeyDataDesId, key_file);
+ if(encCtx->encKey == NULL) {
+ fprintf(stderr,"Error: failed to load des key from binary file \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(encCtx->encKey, key_file) < 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* encrypt the data */
+ if(xmlSecEncCtxXmlEncrypt(encCtx, encDataNode, xmlDocGetRootElement(doc)) < 0) {
+ fprintf(stderr,"Error: encryption failed\n");
+ goto done;
+ }
+
+ /* we template is inserted in the doc */
+ encDataNode = NULL;
+
+ /* print encrypted data with document to stdout */
+ xmlDocDump(stdout, doc);
+
+ /* success */
+ res = 0;
+
+done:
+
+ /* cleanup */
+ if(encCtx != NULL) {
+ xmlSecEncCtxDestroy(encCtx);
+ }
+
+ if(encDataNode != NULL) {
+ xmlFreeNode(encDataNode);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+ ]]></programlisting>
+ <simpara><link linkend="xmlsec-example-encrypt2">Full program listing</link></simpara>
+ </example>
+ </para>
+ </sect1>
+</chapter>
diff --git a/docs/api/chapters/examples.sgml b/docs/api/chapters/examples.sgml
new file mode 100644
index 00000000..05d972d4
--- /dev/null
+++ b/docs/api/chapters/examples.sgml
@@ -0,0 +1,102 @@
+<chapter id="xmlsec-examples">
+ <title>Examples.</title>
+ <sect1 id="xmlsec-examples-overview" >
+ <title>XML Security Library Examples.</title>
+ <para>This section contains several examples of using XML Security Library
+ to sign, veiryf, encrypt or decrypt XML documents.</para>
+ </sect1>
+
+ <sect1 id="xmlsec-examples-sign-template-file">
+ <title>Signing a template file.</title>
+
+ &xmlsec-example-sign1;
+ &xmlsec-example-sign1-tmpl;
+ &xmlsec-example-sign1-res;
+ </sect1>
+
+ <sect1 id="xmlsec-examples-sign-dynamimc-template">
+ <title>Signing a dynamicaly created template.</title>
+
+ &xmlsec-example-sign2;
+ &xmlsec-example-sign2-doc;
+ &xmlsec-example-sign2-res;
+ </sect1>
+
+ <sect1 id="xmlsec-examples-sign-x509">
+ <title>Signing with X509 certificate.</title>
+
+ &xmlsec-example-sign3;
+ &xmlsec-example-sign3-doc;
+ &xmlsec-example-sign3-res;
+ </sect1>
+
+ <sect1 id="xmlsec-verify-with-key">
+ <title>Verifying a signature with a single key.</title>
+
+ &xmlsec-example-verify1;
+ </sect1>
+
+ <sect1 id="xmlsec-verify-with-keys-mngr">
+ <title>Verifying a signature with keys manager.</title>
+
+ &xmlsec-example-verify2;
+ </sect1>
+
+ <sect1 id="xmlsec-verify-with-x509">
+ <title>Verifying a signature with X509 certificates.</title>
+
+ &xmlsec-example-verify3;
+ </sect1>
+
+ <sect1 id="xmlsec-verify-with-restrictions">
+ <title>Verifying a signature with additional restrictions.</title>
+
+ &xmlsec-example-verify4;
+ &xmlsec-example-verify4-tmpl;
+ &xmlsec-example-verify4-res;
+ &xmlsec-example-verify4-bad-tmpl;
+ &xmlsec-example-verify4-bad-res;
+ </sect1>
+
+ <sect1 id="xmlsec-encrypt-template-file">
+ <title>Encrypting data with a template file.</title>
+
+ &xmlsec-example-encrypt1;
+ &xmlsec-example-encrypt1-tmpl;
+ &xmlsec-example-encrypt1-res;
+ </sect1>
+
+ <sect1 id="xmlsec-encrypt-dynamic-template">
+ <title>Encrypting data with a dynamicaly created template.</title>
+
+ &xmlsec-example-encrypt2;
+ &xmlsec-example-encrypt2-doc;
+ &xmlsec-example-encrypt2-res;
+ </sect1>
+
+ <sect1 id="xmlsec-encrypt-with-session-key">
+ <title>Encrypting data with a session key.</title>
+
+ &xmlsec-example-encrypt3;
+ &xmlsec-example-encrypt3-doc;
+ &xmlsec-example-encrypt3-res;
+ </sect1>
+
+ <sect1 id="xmlsec-decrypt-with-signle-key">
+ <title>Decrypting data with a single key.</title>
+
+ &xmlsec-example-decrypt1;
+ </sect1>
+
+ <sect1 id="xmlsec-decrypt-with-keys-mngr">
+ <title>Decrypting data with keys manager.</title>
+
+ &xmlsec-example-decrypt2;
+ </sect1>
+
+ <sect1 id="xmlsec-custom-keys-manager">
+ <title>Writing a custom keys manager.</title>
+
+ &xmlsec-example-decrypt3;
+ </sect1>
+</chapter>
diff --git a/docs/api/chapters/init-and-shutdown.sgml b/docs/api/chapters/init-and-shutdown.sgml
new file mode 100644
index 00000000..688a6372
--- /dev/null
+++ b/docs/api/chapters/init-and-shutdown.sgml
@@ -0,0 +1,104 @@
+<chapter id="xmlsec-notes-init-shutdown">
+ <title>Initialization and shutdown.</title>
+ <para>XML Security Library initialization/shutdown
+ process includes initialization and shutdown of the
+ dependent libraries:
+ <itemizedlist>
+ <listitem><para>libxml library;</para></listitem>
+ <listitem><para>libxslt library;</para></listitem>
+ <listitem><para>crypto library (OpenSSL, GnuTLS, GCrypt, NSS, ...);</para></listitem>
+ <listitem><para>xmlsec library
+ (<link linkend="xmlSecInit">xmlSecInit</link>
+ and <link linkend="xmlSecShutdown">xmlSecShutdown</link>
+ functions);
+ </para></listitem>
+ <listitem><para>xmlsec-crypto library
+ (<link linkend="xmlSecCryptoDLLoadLibrary">xmlSecCryptoDLLoadLibrary</link>
+ to load xmlsec-crypto library dynamicaly if needed,
+ <link linkend="xmlSecCryptoInit">xmlSecCryptoInit</link>
+ and <link linkend="xmlSecCryptoShutdown">xmlSecCryptoShutdown</link>
+ functions);
+ </para></listitem>
+ </itemizedlist>
+ xmlsec-crypto library also provides a convinient functions
+ <link linkend="xmlSecAppCryptoInit">xmlSecAppCryptoInit</link>
+ and <link linkend="xmlSecAppCryptoShutdown">xmlSecAppCryptoShutdown</link>
+ to initialize the crypto library itself but application can do it
+ by itself.
+ </para>
+ <para>
+ <example>
+ <title>Initializing application.</title>
+ <programlisting><![CDATA[
+ /* Init libxml and libxslt libraries */
+ xmlInitParser();
+ LIBXML_TEST_VERSION
+ xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ xmlSubstituteEntitiesDefault(1);
+#ifndef XMLSEC_NO_XSLT
+ xmlIndentTreeOutput = 1;
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init xmlsec library */
+ if(xmlSecInit() < 0) {
+ fprintf(stderr, "Error: xmlsec initialization failed.\n");
+ return(-1);
+ }
+
+ /* Check loaded library version */
+ if(xmlSecCheckVersion() != 1) {
+ fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n");
+ return(-1);
+ }
+
+ /* Load default crypto engine if we are supporting dynamic
+ * loading for xmlsec-crypto libraries. Use the crypto library
+ * name ("openssl", "nss", etc.) to load corresponding
+ * xmlsec-crypto library.
+ */
+#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+ if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) {
+ fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n"
+ "that you have it installed and check shared libraries path\n"
+ "(LD_LIBRARY_PATH) envornment variable.\n");
+ return(-1);
+ }
+#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+
+ /* Init crypto library */
+ if(xmlSecCryptoAppInit(NULL) < 0) {
+ fprintf(stderr, "Error: crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* Init xmlsec-crypto library */
+ if(xmlSecCryptoInit() < 0) {
+ fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
+ return(-1);
+ }
+ ]]></programlisting>
+ </example>
+ </para>
+
+ <para>
+ <example>
+ <title>Shutting down application.</title>
+ <programlisting><![CDATA[
+ /* Shutdown xmlsec-crypto library */
+ xmlSecCryptoShutdown();
+
+ /* Shutdown crypto library */
+ xmlSecCryptoAppShutdown();
+
+ /* Shutdown xmlsec library */
+ xmlSecShutdown();
+
+ /* Shutdown libxslt/libxml */
+#ifndef XMLSEC_NO_XSLT
+ xsltCleanupGlobals();
+#endif /* XMLSEC_NO_XSLT */
+ xmlCleanupParser();
+ ]]></programlisting>
+ </example>
+ </para>
+</chapter>
diff --git a/docs/api/chapters/new-crypto.sgml b/docs/api/chapters/new-crypto.sgml
new file mode 100644
index 00000000..52191417
--- /dev/null
+++ b/docs/api/chapters/new-crypto.sgml
@@ -0,0 +1,487 @@
+<chapter id="xmlsec-notes-new-crypto">
+ <title>Adding support for new cryptographic library.</title>
+ <sect1 id="xmlsec-notes-new-crypto-overview">
+ <title>Overview.</title>
+ <para>XML Security Library can support practicaly any cryptographic
+ library. Currently, it has "out-of-the-box" support for OpenSSL,
+ MSCrypto, NSS, GnuTLS and GCrypt. If your favorite library is not supported yet then
+ you can write necessary code yourself. If you and your company
+ (university, ...) are willing to share the results of your work I would
+ be happy to add support for new libraries to the main XML Security
+ Library distribution.</para>
+ <para>
+ The XML Security Library
+ <link linkend="xmlsec-notes-structure">separates</link>
+ the cryptographic library (engine)
+ specific code in an "xmlsec-&lt;crypto&gt;" library (where "&lt;crypto&gt;" is
+ "openssl", "mscrypt", "gnutls", "gcrypt", "nss", etc.) which includes following items:
+ <itemizedlist>
+ <listitem><para>
+ xmlSecCryptoApp* functions.
+ </para></listitem>
+ <listitem><para>
+ Cryptographic transforms and keys data implementation.
+ </para></listitem>
+ <listitem><para>
+ Keys store support (X509, PGP, etc.).
+ </para></listitem>
+ </itemizedlist>
+ In this chapter, we will discuss
+ a task of creating "xmlsec-mycrypto" library that provides support
+ for your favorite "MyCrypto" cryptographic library.
+ </para>
+ </sect1>
+ <sect1 id="xmlsec-notes-new-crypto-skeleton">
+ <title>Creating a framework from the skeleton.</title>
+ <para>
+ The XML Security Library contains a "skeleton" for creating new
+ "xmlsec-&lt;crypto&gt;" libraries. In order to create "xmlsec-mycrypto"
+ library framework, do the following (this example assumes that you
+ are using *nix system, adjust the commands if you are using something else):
+ <itemizedlist>
+ <listitem><para>
+ Copy src/skeleton and include/xmlsec/skeleton folders to src/mycrypto and
+ include/xmlsec/mycrypto folders and remove CVS folders from the result:
+ <example>
+ <title>Coping skeleton folders.</title>
+ <programlisting><![CDATA[
+cd src
+cp -r skeleton mycrypto
+cd mycrypto
+rm -rf CVS
+cd ../..
+cd include/xmlsec
+cp -r skeleton mycrypto
+cd mycrypto
+rm -rf CVS
+cd ../../..
+ ]]></programlisting>
+ </example>
+ </para></listitem>
+ <listitem><para>
+ Replace "skeleton" with "mycrypto" in the copied files (note that there
+ are different possible cases here):
+ <example>
+ <title>Replacing "skeleton" with "mycrypto".</title>
+ <programlisting><![CDATA[
+for i in `ls include/xmlsec/mycrypto/* src/mycrypto/*`; do
+ echo Processing $i ..;
+ sed 's/skeleton/mycrypto/g' $i | \
+ sed 's/SKELETON/MYCRYPTO/g' | \
+ sed 's/Skeleton/MyCrypto/g' > $i.tmp;
+ mv $i.tmp $i;
+done
+ ]]></programlisting>
+ </example>
+ </para></listitem>
+ <listitem><para>
+ Add "xmlsec-mycrypto" library to the "include/xmlsec/crypto.h" file:
+ <example>
+ <title>Modifying include/xmlsec/crypto.h file.</title>
+ <programlisting><![CDATA[
+...
+#ifdef XMLSEC_CRYPTO_MYCRYPTO
+#include <xmlsec/mycrypto/app.h>
+#include <xmlsec/mycrypto/crypto.h>
+#include <xmlsec/mycrypto/symbols.h>
+#else /* XMLSEC_CRYPTO_MYCRYPTO */
+...
+#endif /* XMLSEC_CRYPTO_MYCRYPTO */
+...
+ ]]></programlisting>
+ </example>
+ </para></listitem>
+ <listitem><para>
+ Add "xmlsec-crypto" library to the configure.in file (for *nix systems;
+ for Windows you need to modify win32/confgure.js and win32/Makefile.msvc
+ files, see win32/README.txt for details):
+ <example>
+ <title>Modifying configure.in file.</title>
+ <programlisting><![CDATA[
+dnl ==========================================================================
+dnl See if we can find MyCrypto
+dnl ==========================================================================
+XMLSEC_MYCRYPTO_DEFINES=""
+MYCRYPTO_CONFIG="mycrypto-config" # TODO
+XMLSEC_NO_MYCRYPTO="1"
+MYCRYPTO_MIN_VERSION="0.0.0" # TODO
+MYCRYPTO_VERSION=""
+MYCRYPTO_PREFIX=""
+MYCRYPTO_CFLAGS=""
+MYCRYPTO_LIBS=""
+MYCRYPTO_LDADDS=""
+AC_MSG_CHECKING(for mycrypto libraries >= $MYCRYPTO_MIN_VERSION)
+AC_ARG_WITH(mycrypto, [ --with-mycrypto=[PFX] mycrypto location])
+if test "$with_mycrypto" = "no" ; then
+ XMLSEC_CRYPTO_DISABLED_LIST="$XMLSEC_CRYPTO_DISABLED_LIST mycrypto"
+ AC_MSG_RESULT(no)
+else
+ if test "$with_mycrypto" != "" ; then
+ MYCRYPTO_PREFIX=$with_mycrypto
+ MYCRYPTO_CONFIG=$MYCRYPTO_PREFIX/bin/$MYCRYPTO_CONFIG
+ fi
+ if ! $MYCRYPTO_CONFIG --version > /dev/null 2>&1 ; then
+ if test "$with_mycrypto" != "" ; then
+ AC_MSG_ERROR(Unable to find mycrypto at '$with_mycrypto')
+ fi
+ else
+ vers=`$MYCRYPTO_CONFIG --version | awk -F. '{ printf "%d", ($1 * 1000 + $2) * 1000 + $3;}'`
+ minvers=`echo $MYCRYPTO_MIN_VERSION | awk -F. '{ printf "%d", ($1 * 1000 + $2) * 1000 + $3;}'`
+ if test "$vers" -ge "$minvers" ; then
+ MYCRYPTO_LIBS="`$MYCRYPTO_CONFIG --libs`"
+ MYCRYPTO_CFLAGS="`$MYCRYPTO_CONFIG --cflags`"
+ MYCRYPTO_VERSION="`$MYCRYPTO_CONFIG --version`"
+ XMLSEC_NO_MYCRYPTO="0"
+ else
+ AC_MSG_ERROR(You need at least mycrypto $MYCRYPTO_MIN_VERSION for this version of $PACKAGE)
+ fi
+ fi
+
+ dnl update crypt libraries list
+ if test "z$XMLSEC_NO_MYCRYPTO" = "z0" ; then
+ dnl first crypto library is default one
+ if test "z$XMLSEC_CRYPTO" = "z" ; then
+ XMLSEC_CRYPTO="mycrypto"
+ XMLSEC_CRYPTO_LIB="xmlsec1-mycrypto"
+ XMLSEC_CRYPTO_CFLAGS="$MYCRYPTO_CFLAGS -DXMLSEC_CRYPTO_MYCRYPTO=1"
+ XMLSEC_CRYPTO_LIBS="$MYCRYPTO_LIBS"
+ XMLSEC_CRYPTO_LDADDS="$MYCRYPTO_LDADDS"
+ fi
+ XMLSEC_CRYPTO_LIST="$XMLSEC_CRYPTO_LIST mycrypto"
+ AC_MSG_RESULT(yes ('$MYCRYPTO_VERSION'))
+ else
+ XMLSEC_CRYPTO_DISABLED_LIST="$XMLSEC_CRYPTO_DISABLED_LIST mycrypto"
+ AC_MSG_RESULT(no)
+ fi
+fi
+AC_SUBST(XMLSEC_NO_MYCRYPTO)
+AC_SUBST(MYCRYPTO_MIN_VERSION)
+AC_SUBST(MYCRYPTO_VERSION)
+AC_SUBST(MYCRYPTO_CONFIG)
+AC_SUBST(MYCRYPTO_PREFIX)
+AC_SUBST(MYCRYPTO_CFLAGS)
+AC_SUBST(MYCRYPTO_LIBS)
+AC_SUBST(MYCRYPTO_LDADDS)
+AC_SUBST(XMLSEC_MYCRYPTO_DEFINES)
+
+...
+AC_OUTPUT([
+...
+include/xmlsec/mycrypto/Makefile
+src/mycrypto/Makefile
+...
+])
+ ]]></programlisting>
+ </example>
+ </para></listitem>
+ <listitem><para>Modify "xmlsec.spec.in" file to create "xmlsec-mycrypto"
+ RPM (if necessary).
+ </para></listitem>
+ </itemizedlist>
+
+ By now you should be able to sucessfuly compile XML Security Library
+ with MyCrypto library (we disable all other libraries to make sure
+ that xmlsec command line utility is linked against xmlsec-mycrypto
+ library):
+ <example>
+ <title>Compiling the results.</title>
+ <programlisting><![CDATA[
+./autogen.sh --without-openssl --without-nss --without-gnutls --without-gcrypt \
+ --with-mycrypto=$HOME --disable-tmpl-tests
+make
+ ]]></programlisting>
+ </example>
+ </para>
+ </sect1>
+ <sect1 id="xmlsec-notes-new-crypto-functions">
+ <title>xmlSecCryptoApp* functions.</title>
+ <para>
+ The XML Security Library allows application to load multiple
+ "xmlsec-&lt;crypto&gt; libraries. To prevent symbol conflicts,
+ all "xmlsec-mycrypto" library names MUST start with "xmlSecMyCrypto".
+ However, in some applications (for example, the xmlsec command line
+ utility) that can use any crypto library, would prefer to
+ use a generic function names where possible.
+ The "include/xmlsec/crypto.h" and "include/xmlsec/mycrypto/symbols.h"
+ include files do the magic by mapping "xmlSecMyCrypto*" to
+ "xmlSecCrypto*" names using "XMLSEC_CRYPTO_*" defines.
+ </para>
+ <para>
+ In order to build xmlsec command line utility, the
+ "xmlsec-&lt;crypto&gt;" library must implement several functions.
+ The stubs for all these functions are provided in the "skeleton"
+ we've created. While these functions are not required to be
+ implemented by "xmlsec-&lt;crypto&gt;" library, you should consider
+ doing so (if possible) to simplify testing (thru xmlsec command line
+ utility) and application development.
+ </para>
+ <para>
+ In adition to xmlSecCryptoApp* functions, the xmlsec-&lt;crypto&gt;
+ library MUST implement following xmlSecCrypto* functions:
+ <table>
+ <title>xmlSecCrypto* functions.</title>
+ <tgroup cols="2"><tbody>
+ <row><entry>xmlSecCryptoInit()</entry>
+ <entry>Initializes xmlsec-&lt;crypto&gt; library: registers cryptographic
+ transforms implemented by the library, keys, etc.
+ Please note, that the application might want to intialize
+ the cryprographic library by itself. The default cryprographic
+ library initialization (for example, used by xmlsec utility)
+ is implemented in xmlSecCryptoAppInit() function.
+ </entry></row>
+ <row><entry>xmlSecCryptoShutdown()</entry>
+ <entry>Shuts down xmlsec-&lt;crypto&gt; library.
+ Please note, that the application might want to shutdown
+ the cryprographic library by itself. The default cryprographic
+ library shutdown (for example, used by xmlsec utility)
+ is implemented in xmlSecCryptoAppShutdown() function.
+ </entry></row>
+ <row><entry>xmlSecCryptoKeysMngrInit()</entry>
+ <entry>Adds keys stores implemented by the xmlsec-&lt;crypto&gt; library
+ to the keys manager object.
+ </entry></row>
+ </tbody></tgroup></table>
+ </para>
+ </sect1>
+ <sect1 id="xmlsec-notes-new-crypto-klasses">
+ <title>Klasses and objects.</title>
+ <para>The XML Security Library is written in C but it uses some OOP techniques:
+ the objects in the library have "klasses" and there is "klasses" inheritance.
+ (see <link linkend="xmlsec-signature-klasses">signature</link> and
+ <link linkend="xmlsec-encryption-klasses">encryption</link> klasses
+ diagrams). The "klass" is different from C++ "class" (btw, this is
+ one of the reasons why it is spelled differently). The idea of "klasses"
+ used in XML Security Library are close to one in the GLIB/GTK/GNOME
+ and many other C projects. If you ever seen an OOP code written in C
+ you should find everything familiar.
+ </para>
+ <para>XML Security Library "klass" includes three main parts:
+ <itemizedlist>
+ <listitem><para>"Klass" declaration structure that defines "klass" interfaces
+ and global constant data (for example, the human-readable name of
+ the "klass").
+ <example>
+ <title>Base transform "klass" and its child XPath transform "klass" structure.</title>
+ <programlisting><![CDATA[
+struct _xmlSecTransformKlass {
+ /* data */
+ size_t klassSize;
+ size_t objSize;
+ const xmlChar* name;
+ const xmlChar* href;
+ xmlSecTransformUsage usage;
+
+ /* methods */
+ xmlSecTransformInitializeMethod initialize;
+ xmlSecTransformFinalizeMethod finalize;
+
+ xmlSecTransformNodeReadMethod readNode;
+ xmlSecTransformNodeWriteMethod writeNode;
+
+ ...
+};
+
+...
+
+static xmlSecTransformKlass xmlSecTransformXPathKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* size_t klassSize */
+ xmlSecXPathTransformSize, /* size_t objSize */
+
+ xmlSecNameXPath, /* const xmlChar* name; */
+ xmlSecXPathNs, /* const xmlChar* href; */
+ xmlSecTransformUsageDSigTransform, /* xmlSecTransformUsage usage; */
+
+ xmlSecTransformXPathInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecTransformXPathFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecTransformXPathNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+
+ ...
+};
+ ]]></programlisting>
+ </example>
+ </para></listitem>
+
+ <listitem><para>"Klass" id which is simply a pointer to the "klass"
+ declaration strucutre. "Klass" id is used to bind "klass" objects
+ to the "klass" declaration and to pass "klass" strucutre to functions.
+ <example>
+ <title>Base transform "klass" id declaration and its child XPath transform "klass" id implementation.</title>
+ <programlisting><![CDATA[
+typedef const struct _xmlSecTransformKlass xmlSecTransformKlass, *xmlSecTransformId;
+
+...
+
+#define xmlSecTransformXPathId xmlSecTransformXPathGetKlass()
+
+...
+
+xmlSecTransformId
+xmlSecTransformXPathGetKlass(void) {
+ return(&xmlSecTransformXPathKlass);
+}
+ ]]></programlisting>
+ </example>
+ </para></listitem>
+
+ <listitem><para>"Klass" object structure that contains object specific
+ data. The child object specific data are placed after the parent "klass"
+ object data.
+ <example>
+ <title>Base transform object strucutre and its child XPath transform object.</title>
+ <programlisting><![CDATA[
+struct _xmlSecTransform {
+ xmlSecTransformId id;
+ xmlSecTransformOperation operation;
+ xmlSecTransformStatus status;
+ xmlNodePtr hereNode;
+
+ /* transforms chain */
+ xmlSecTransformPtr next;
+ xmlSecTransformPtr prev;
+
+ ...
+};
+
+...
+
+/******************************************************************************
+ *
+ * XPath/XPointer transforms
+ *
+ * xmlSecPtrList with XPath expressions is located after xmlSecTransform structure
+ *
+ *****************************************************************************/
+#define xmlSecXPathTransformSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecPtrList))
+#define xmlSecXPathTransformGetDataList(transform) \
+ ((xmlSecTransformCheckSize((transform), xmlSecXPathTransformSize)) ? \
+ (xmlSecPtrListPtr)(((unsigned char*)(transform)) + sizeof(xmlSecTransform)) : \
+ (xmlSecPtrListPtr)NULL)
+ ]]></programlisting>
+ </example>
+ </para></listitem>
+ </itemizedlist>
+ </para>
+ </sect1>
+ <sect1 id="xmlsec-notes-new-crypto-transforms">
+ <title>Cryptographic transforms.</title>
+ <para>The cryptographic transforms (digests, signatures and encryption)
+ implementation is the main goal of "xmlsec-&lt;crypto&gt;" library.
+ Most of the cryptographic <link linkend="xmlsec-notes-transforms">transforms</link>
+ use default <structfield>pushBin</structfield> and <structfield>popBin</structfield>
+ methods and provide custom <link linkend="xmlSecTransformExecuteMethod">execute</link> method.
+ The binary transform <link linkend="xmlSecTransformExecuteMethod">execute</link> method
+ processes data from the input buffer
+ <structfield>inBuf</structfield> and pushes results to
+ <structfield>outBuf</structfield>. The transform should try to
+ consume and remove data from <structfield>inBuf</structfield> buffer
+ as soon as the data became available. However, it might happen
+ that current data size in the input buffer is not enough (for example,
+ RSA-PKCS1 algorithm requires that all the data are available in
+ one buffer). In this case, transform might keep the data in the
+ input buffer till the next call to
+ <link linkend="xmlSecTransformExecuteMethod">execute</link>
+ method. The "last" parameter of the
+ <link linkend="xmlSecTransformExecuteMethod">execute</link>
+ indicates that transform MUST process all the data in the input buffer
+ and return as much as possible in the output buffer. The
+ <link linkend="xmlSecTransformExecuteMethod">execute</link> method
+ might be called multiple times with non-zero "last" parameter until
+ the transforms returns nothing
+ in the output buffer. In addition, the transform implementation is
+ responsible for managing the transform <structfield>status</structfield>
+ variable.
+ <table>
+ <title>Typical transform status managing.</title>
+ <tgroup cols="2"><tbody>
+ <row><entry>xmlSecTransformStatusNone</entry>
+ <entry>Transform initializes itself (for example, cipher transform
+ generates or reads IV) and sets <structfield>status</structfield>
+ variable to xmlSecTransformStatusWorking.</entry></row>
+ <row><entry>xmlSecTransformStatusWorking</entry>
+ <entry>Transform process the next (if "last" parameter is zero) or
+ last block of data (if "last" parameter is non-zero).
+ When transform returns all the data, it sets the
+ <structfield>status</structfield> variable to
+ xmlSecTransformStatusFinished.</entry></row>
+ <row><entry>xmlSecTransformStatusFinished</entry>
+ <entry>Transform returns no data to indicate that it finished
+ processing.</entry></row>
+ </tbody></tgroup></table>
+ </para>
+ <para>In adition to <link linkend="xmlSecTransformExecuteMethod">execute</link>
+ methods, signature, hmac or digest transforms
+ MUST implement <link linkend="xmlSecTransformVerifyMethod">verify</link> method.
+ The <link linkend="xmlSecTransformVerifyMethod">verify</link> method is called
+ after transform execution is finished. The
+ <link linkend="xmlSecTransformVerifyMethod">verify</link> method implementation
+ must set the "status" member to <link linkend="xmlSecTransformStatusOk">xmlSecTransformStatusOk</link>
+ if signature, hmac or digest is successfuly verified or to
+ <link linkend="xmlSecTransformStatusFail">xmlSecTransformStatusFail</link>
+ otherwise.
+ </para>
+ <para>The transforms that require a key (signature or encryption
+ transforms, for example) MUST imlpement
+ <link linkend="xmlSecTransformSetKeyRequirementsMethod">setKeyReq</link>
+ (prepares the <link linkend="xmlSecKeyReq">key requirements</link>
+ for key search) and
+ <link linkend="xmlSecTransformSetKeyMethod">setKey</link>
+ (sets the key in the transform) methods.
+ </para>
+ </sect1>
+ <sect1 id="xmlsec-notes-new-crypto-keys">
+ <title>Keys data and keys data stores.</title>
+ <para>
+ There are two key data types: key value data (for example, AES, DES, DSA,
+ HMAC or RSA key data) and others (for example, key name, X509 or PGP data).
+ The key data implementation should implement at least one of
+ <link linkend="xmlSecKeyDataXmlReadMethod">xmlRead</link>
+ or <link linkend="xmlSecKeyDataBinReadMethod">binRead</link> methods.
+ </para>
+ <para>TODO</para>
+ </sect1>
+ <sect1 id="xmlsec-notes-new-crypto-simple-keys-mngr">
+ <title>Default keys manager.</title>
+ <para>Any "xmlsec-&lt;crypto&gt;" library implementation must provide
+ a default keys store. The XML Security Library has a built-in flat
+ list based <link linkend="xmlSecSimpleKeysStoreId">simple keys
+ store</link> which could be used if cryptographic library does not
+ have one itself.
+ </para>
+ </sect1>
+ <sect1 id="xmlsec-notes-new-crypto-sharing-results">
+ <title>Sharing the results.</title>
+ <para>If you implemented support for new cryptographic library
+ (or extended an existing one) and both you and your company/university/...
+ are willing to share the code I would be glad to add your work
+ to XML Security Library. Many people will thank you for this
+ and will use your library. Of course, you'll get all the credits
+ for your work.
+ </para>
+ <para>The best way to submit your enchancements is to provide a diff
+ with the current CVS version. In order to do this,
+ <itemizedlist>
+ <listitem><para>Checkout the sources from <ulink URL="http://developer.gnome.org/tools/cvs.html">GNOME CVS</ulink>
+ (module name is "xmlsec").
+ </para></listitem>
+ <listitem><para>Add all the new files with "cvs add" command (this will not
+ create files in CVS but mark them as "added" localy). You'll not be able
+ to create new folders without a valid GNOME CVS account, let me know
+ what you need and I'll be happy to help.
+ </para></listitem>
+ <listitem><para>Get a diff of all existing and new files using
+ "cvs -z3 diff -u -N" command.
+ </para></listitem>
+ <listitem><para>Send the resulting diff file to the xmlsec mailing list
+ with some information about yourself so I can update the authors
+ and coping information.
+ </para></listitem>
+ </itemizedlist>
+ I will try to review and check in your patch as soon as possible.
+ </para>
+ </sect1>
+</chapter>
+
+
diff --git a/docs/api/chapters/sign-and-encrypt.sgml b/docs/api/chapters/sign-and-encrypt.sgml
new file mode 100644
index 00000000..58ff04ac
--- /dev/null
+++ b/docs/api/chapters/sign-and-encrypt.sgml
@@ -0,0 +1,286 @@
+<chapter id="xmlsec-notes-sign-encrypt">
+ <title>Signing and encrypting documents.</title>
+ <sect1 id="xmlsec-notes-sign-encrypt-overview">
+ <title>Overview.</title>
+ <para>XML Security Library performs signature or encryption by processing
+ input xml or binary data and a template that specifies a signature or
+ encryption skeleton: the transforms, algorithms, the key selection
+ process. A template has the same structure as the desired result but
+ some of the nodes are empty. XML Security Library gets the key for
+ signature/encryption from keys managers using the information from
+ the template, does necessary computations and puts the results in
+ the template. Signature or encryption context controls the whole
+ process and stores the required temporary data.
+ <figure>
+ <title>The signature or encryption processing model.</title>
+ <graphic fileref="images/sign-enc-model.png" align="center"></graphic>
+ </figure>
+ </para>
+ </sect1>
+
+ <sect1 id="xmlsec-notes-sign" >
+ <title>Signing a document.</title>
+ <para>The typical siganture process includes following steps:
+ <itemizedlist>
+ <listitem><para>
+ Prepare data for signature.
+ </para></listitem>
+ <listitem><para>
+ Create or load signature template and select start
+ <ulink URL="http://www.w3.org/TR/xmldsig-core/#sec-Signature">&lt;dsig:Signature/&gt;</ulink>
+ node.
+ </para></listitem>
+ <listitem><para>
+ Create signature context <link linkend="xmlSecDSigCtx">xmlSecDSigCtx</link>
+ using <link linkend="xmlSecDSigCtxCreate">xmlSecDSigCtxCreate</link> or
+ <link linkend="xmlSecDSigCtxInitialize">xmlSecDSigCtxInitialize</link>
+ functions.
+ </para></listitem>
+ <listitem><para>
+ Load signature key in <link linkend="xmlSecKeysMngr">keys manager</link>
+ or generate a session key and set it in the signature context
+ (<structfield>signKey</structfield> member of
+ <link linkend="xmlSecDSigCtx">xmlSecDSigCtx</link> structure).
+ </para></listitem>
+ <listitem><para>
+ Sign data by calling <link linkend="xmlSecDSigCtxSign">xmlSecDSigCtxSign</link>
+ function.
+ </para></listitem>
+ <listitem><para>
+ Check returned value and consume signed data.
+ </para></listitem>
+ <listitem><para>
+ Destroy signature context <link linkend="xmlSecDSigCtx">xmlSecDSigCtx</link>
+ using <link linkend="xmlSecDSigCtxDestroy">xmlSecDSigCtxDestroy</link> or
+ <link linkend="xmlSecDSigCtxFinalize">xmlSecDSigCtxFinalize</link>
+ functions.
+ </para></listitem>
+ </itemizedlist>
+ </para>
+ <para>
+ <example>
+ <title>Signing a template.</title>
+ <programlisting><![CDATA[
+/**
+ * sign_file:
+ * @tmpl_file: the signature template file name.
+ * @key_file: the PEM private key file name.
+ *
+ * Signs the #tmpl_file using private key from #key_file.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+sign_file(const char* tmpl_file, const char* key_file) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr node = NULL;
+ xmlSecDSigCtxPtr dsigCtx = NULL;
+ int res = -1;
+
+ assert(tmpl_file);
+ assert(key_file);
+
+ /* load template */
+ doc = xmlParseFile(tmpl_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", tmpl_file);
+ goto done;
+ }
+
+ /* find start node */
+ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
+ if(node == NULL) {
+ fprintf(stderr, "Error: start node not found in \"%s\"\n", tmpl_file);
+ goto done;
+ }
+
+ /* create signature context, we don't need keys manager in this example */
+ dsigCtx = xmlSecDSigCtxCreate(NULL);
+ if(dsigCtx == NULL) {
+ fprintf(stderr,"Error: failed to create signature context\n");
+ goto done;
+ }
+
+ /* load private key, assuming that there is not password */
+ dsigCtx->signKey = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
+ if(dsigCtx->signKey == NULL) {
+ fprintf(stderr,"Error: failed to load private pem key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(dsigCtx->signKey, key_file) < 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* sign the template */
+ if(xmlSecDSigCtxSign(dsigCtx, node) < 0) {
+ fprintf(stderr,"Error: signature failed\n");
+ goto done;
+ }
+
+ /* print signed document to stdout */
+ xmlDocDump(stdout, doc);
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(dsigCtx != NULL) {
+ xmlSecDSigCtxDestroy(dsigCtx);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+ ]]></programlisting>
+ <simpara><link linkend="xmlsec-example-sign1">Full program listing</link></simpara>
+ <simpara><link linkend="xmlsec-example-sign1-tmpl">Simple signature template file</link></simpara>
+ </example>
+ </para>
+ </sect1>
+
+ <sect1 id="xmlsec-notes-encrypt">
+ <title>Encrypting data.</title>
+ <para>The typical encryption process includes following steps:
+ <itemizedlist>
+ <listitem><para>
+ Prepare data for encryption.
+ </para></listitem>
+ <listitem><para>
+ Create or load encryption template and select start
+ &lt;enc:EncryptedData/&gt; node.
+ </para></listitem>
+ <listitem><para>
+ Create encryption context <link linkend="xmlSecEncCtx">xmlSecEncCtx</link>
+ using <link linkend="xmlSecEncCtxCreate">xmlSecEncCtxCreate</link> or
+ <link linkend="xmlSecEncCtxInitialize">xmlSecEncCtxInitialize</link>
+ functions.
+ </para></listitem>
+ <listitem><para>
+ Load encryption key in <link linkend="xmlSecKeysMngr">keys manager</link>
+ or generate a session key and set it in the encryption context
+ (<structfield>encKey</structfield> member of
+ <link linkend="xmlSecEncCtx">xmlSecEncCtx</link> structure).
+ </para></listitem>
+ <listitem><para>
+ Encrypt data by calling one of the following functions:
+ <itemizedlist>
+ <listitem><para>
+ <link linkend="xmlSecEncCtxBinaryEncrypt">xmlSecEncCtxBinaryEncrypt</link>
+ </para></listitem>
+ <listitem><para>
+ <link linkend="xmlSecEncCtxXmlEncrypt">xmlSecEncCtxXmlEncrypt</link>
+ </para></listitem>
+ <listitem><para>
+ <link linkend="xmlSecEncCtxUriEncrypt">xmlSecEncCtxUriEncrypt</link>
+ </para></listitem>
+ </itemizedlist>
+ </para></listitem>
+ <listitem><para>
+ Check returned value and if necessary consume encrypted data.
+ </para></listitem>
+ <listitem><para>
+ Destroy encryption context <link linkend="xmlSecEncCtx">xmlSecEncCtx</link>
+ using <link linkend="xmlSecEncCtxDestroy">xmlSecEncCtxDestroy</link> or
+ <link linkend="xmlSecEncCtxFinalize">xmlSecEncCtxFinalize</link>
+ functions.
+ </para></listitem>
+ </itemizedlist>
+ </para>
+ <para>
+ <example>
+ <title>Encrypting binary data with a template.</title>
+ <programlisting><![CDATA[
+/**
+ * encrypt_file:
+ * @tmpl_file: the encryption template file name.
+ * @key_file: the Triple DES key file.
+ * @data: the binary data to encrypt.
+ * @dataSize: the binary data size.
+ *
+ * Encrypts binary #data using template from #tmpl_file and DES key from
+ * #key_file.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+encrypt_file(const char* tmpl_file, const char* key_file, const unsigned char* data, size_t dataSize) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr node = NULL;
+ xmlSecEncCtxPtr encCtx = NULL;
+ int res = -1;
+
+ assert(tmpl_file);
+ assert(key_file);
+ assert(data);
+
+ /* load template */
+ doc = xmlParseFile(tmpl_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", tmpl_file);
+ goto done;
+ }
+
+ /* find start node */
+ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeEncryptedData, xmlSecEncNs);
+ if(node == NULL) {
+ fprintf(stderr, "Error: start node not found in \"%s\"\n", tmpl_file);
+ goto done;
+ }
+
+ /* create encryption context, we don't need keys manager in this example */
+ encCtx = xmlSecEncCtxCreate(NULL);
+ if(encCtx == NULL) {
+ fprintf(stderr,"Error: failed to create encryption context\n");
+ goto done;
+ }
+
+ /* load DES key */
+ encCtx->encKey = xmlSecKeyReadBinaryFile(xmlSecKeyDataDesId, key_file);
+ if(encCtx->encKey == NULL) {
+ fprintf(stderr,"Error: failed to load des key from binary file \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(encCtx->encKey, key_file) < 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* encrypt the data */
+ if(xmlSecEncCtxBinaryEncrypt(encCtx, node, data, dataSize) < 0) {
+ fprintf(stderr,"Error: encryption failed\n");
+ goto done;
+ }
+
+ /* print encrypted data with document to stdout */
+ xmlDocDump(stdout, doc);
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(encCtx != NULL) {
+ xmlSecEncCtxDestroy(encCtx);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+ ]]></programlisting>
+ <simpara><link linkend="xmlsec-example-encrypt1">Full program listing</link></simpara>
+ <simpara><link linkend="xmlsec-example-encrypt1-tmpl">Simple encryption template file</link></simpara>
+ </example>
+ </para>
+ </sect1>
+</chapter>
+
diff --git a/docs/api/chapters/using-contexts.sgml b/docs/api/chapters/using-contexts.sgml
new file mode 100644
index 00000000..0dc1c263
--- /dev/null
+++ b/docs/api/chapters/using-contexts.sgml
@@ -0,0 +1,138 @@
+<chapter id="xmlsec-notes-contexts">
+ <title>Using context objects.</title>
+ <para>The great flexibility of XML Digital Signature and XML Encryption
+ specification is one of the most interesting and in the same time,
+ most dangerouse feature for an application developer.
+ For example, XPath and XSLT transform can make it very difficult
+ to find out what exactly was signed by just looking at the
+ transforms and the input data. Many protocols based on
+ XML Digital Signature and XML Encryption restrict allowed
+ key data types, allowed transforms or possible input data.
+ For example, signature in a simple SAML Response should have only
+ one &lt;dsig:Reference/&gt; element with an empty or NULL
+ URI attribute and only one enveloped transform.
+ XML Security Library uses "context" objects to let application
+ enable or disable particular features, return the result
+ data and the information collected during the processing.
+ Also all the context objects defined in XML Security library have
+ a special <structfield>userData</structfield> member which could
+ be used by application to pass application specific data around.
+ XML Security Library never use this field.
+ The application creates a new
+ <link linkend="xmlSecDSigCtx">xmlSecDSigCtx</link>
+ or <link linkend="xmlSecEncCtx">xmlSecEncCtx</link> object for each
+ operation, sets necessary options and consumes result returned
+ in the context after signature, verification, encryption or decryption.
+ </para>
+ <para>
+ <example>
+ <title>SAML signature validation.</title>
+ <programlisting><![CDATA[
+/**
+ * verify_file:
+ * @mngr: the pointer to keys manager.
+ * @xml_file: the signed XML file name.
+ *
+ * Verifies XML signature in #xml_file.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr node = NULL;
+ xmlSecDSigCtxPtr dsigCtx = NULL;
+ int res = -1;
+
+ assert(mngr);
+ assert(xml_file);
+
+ /* load file */
+ doc = xmlParseFile(xml_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* find start node */
+ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
+ if(node == NULL) {
+ fprintf(stderr, "Error: start node not found in \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* create signature context */
+ dsigCtx = xmlSecDSigCtxCreate(mngr);
+ if(dsigCtx == NULL) {
+ fprintf(stderr,"Error: failed to create signature context\n");
+ goto done;
+ }
+
+ /* limit the Reference URI attributes to empty or NULL */
+ dsigCtx->enabledReferenceUris = xmlSecTransformUriTypeEmpty;
+
+ /* limit allowed transforms for siganture and reference processing */
+ if((xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformInclC14NId) < 0) ||
+ (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformExclC14NId) < 0) ||
+ (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformSha1Id) < 0) ||
+ (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformRsaSha1Id) < 0)) {
+
+ fprintf(stderr,"Error: failed to limit allowed siganture transforms\n");
+ goto done;
+ }
+ if((xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformInclC14NId) < 0) ||
+ (xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformExclC14NId) < 0) ||
+ (xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformSha1Id) < 0) ||
+ (xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformEnvelopedId) < 0)) {
+
+ fprintf(stderr,"Error: failed to limit allowed reference transforms\n");
+ goto done;
+ }
+
+ /* in addition, limit possible key data to valid X509 certificates only */
+ if(xmlSecPtrListAdd(&(dsigCtx->keyInfoReadCtx.enabledKeyData), BAD_CAST xmlSecKeyDataX509Id) < 0) {
+ fprintf(stderr,"Error: failed to limit allowed key data\n");
+ goto done;
+ }
+
+ /* Verify signature */
+ if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
+ fprintf(stderr,"Error: signature verify\n");
+ goto done;
+ }
+
+ /* check that we have only one Reference */
+ if((dsigCtx->status == xmlSecDSigStatusSucceeded) &&
+ (xmlSecPtrListGetSize(&(dsigCtx->signedInfoReferences)) != 1)) {
+
+ fprintf(stderr,"Error: only one reference is allowed\n");
+ goto done;
+ }
+
+ /* print verification result to stdout */
+ if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
+ fprintf(stdout, "Signature is OK\n");
+ } else {
+ fprintf(stdout, "Signature is INVALID\n");
+ }
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(dsigCtx != NULL) {
+ xmlSecDSigCtxDestroy(dsigCtx);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+
+ ]]></programlisting>
+ </example>
+ </para>
+</chapter>
+
diff --git a/docs/api/chapters/using-keys.sgml b/docs/api/chapters/using-keys.sgml
new file mode 100644
index 00000000..c2c90f50
--- /dev/null
+++ b/docs/api/chapters/using-keys.sgml
@@ -0,0 +1,26 @@
+<chapter id="xmlsec-notes-keys">
+ <title>Keys.</title>
+ <para>A key in XML Security Library is a representation of the
+ <ulink URL="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo">&lt;dsig:KeyInfo/&gt;</ulink>
+ element and consist of several key data objects.
+ The "value" key data usually contains raw key material (or handlers to
+ key material) required to execute particular crypto transform. Other
+ key data objects may contain any additional information about the key.
+ All the key data objects in the key are associated with the same key
+ material. For example, if a DSA key material has both an X509
+ certificate and a PGP data associated with it then such a key can
+ have a DSA key "value" and two key data objects for X509 certificate
+ and PGP key data.
+ </para>
+ <figure>
+ <title>The key structure.</title>
+ <graphic fileref="images/key.png" align="center"></graphic>
+ </figure>
+ <para>XML Security Library has several "invisible" key data classes.
+ These classes never show up in the keys data list of a key but are used for
+ <ulink URL="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo">&lt;dsig:KeyInfo/&gt;</ulink>
+ children processing (<ulink URL="http://www.w3.org/TR/xmldsig-core/#sec-KeyName">&lt;dsig:KeyName/&gt;</ulink>,
+ &lt;enc:EncryptedKey/&gt;, ...). As with transforms, application might
+ add any new key data objects or replace the default ones.
+ </para>
+</chapter>
diff --git a/docs/api/chapters/using-keysmngr.sgml b/docs/api/chapters/using-keysmngr.sgml
new file mode 100644
index 00000000..1c25b3da
--- /dev/null
+++ b/docs/api/chapters/using-keysmngr.sgml
@@ -0,0 +1,592 @@
+<chapter id="xmlsec-notes-keysmngr">
+ <title>Keys manager.</title>
+ <sect1 id="xmlsec-notes-keysmngr-overview">
+ <title>Overview.</title>
+ <para>Processing some of the key data objects require additional
+ information which is global across the application (or in the
+ particular area of the application). For example, X509 certificates
+ processing require a common list of trusted certificates to be
+ available. XML Security Library keeps all the common information
+ for key data processing in a a collection of key data stores called
+ "keys manager".
+ </para>
+ <figure>
+ <title>The keys manager structure.</title>
+ <graphic fileref="images/keysmngr.png" align="center"></graphic>
+ </figure>
+ <para>Keys manager has a special "keys store" which lists the keys
+ known to the application. This "keys store" is used by XML Security
+ Library to lookup keys by name, type and crypto algorithm (for example,
+ during
+ <ulink URL="http://www.w3.org/TR/xmldsig-core/#sec-KeyName">&lt;dsig:KeyName/&gt;</ulink>
+ processing). The XML Security Library
+ provides default simple "flat list" based implementation of a default keys
+ store. The application can replace it with any other keys store
+ (for example, based on an SQL database).
+ </para>
+ <para>Keys manager is the only object in XML Security Library which
+ is supposed to be shared by many different operations. Usually keys
+ manager is initialized once at the application startup and later is
+ used by XML Security library routines in "read-only" mode. If
+ application or crypto function need to modify any of the key data
+ stores inside keys manager then proper synchronization must be
+ implemented. In the same time, application can create a new keys
+ manager each time it needs to perform XML signature, verification,
+ encryption or decryption.
+ </para>
+ </sect1>
+
+ <sect1 id="xmlsec-notes-simple-keys-store">
+ <title>Simple keys store.</title>
+ <para>
+ XML Security Library has a built-in simple keys store
+ implemented using a keys list. You can use it in your application
+ if you have a small number of keys. However, this might be not a
+ best option from performance point of view if you have a lot of keys.
+ In this case, you probably should implement your own keys store
+ using an SQL database or some other keys storage.
+ </para>
+ <para>
+ <example>
+ <title>Initializing keys manager and loading keys from PEM files.</title>
+ <programlisting><![CDATA[
+/**
+ * load_keys:
+ * @files: the list of filenames.
+ * @files_size: the number of filenames in #files.
+ *
+ * Creates default keys manager and load PEM keys from #files in it.
+ * The caller is responsible for destroing returned keys manager using
+ * @xmlSecKeysMngrDestroy.
+ *
+ * Returns the pointer to newly created keys manager or NULL if an error
+ * occurs.
+ */
+xmlSecKeysMngrPtr
+load_keys(char** files, int files_size) {
+ xmlSecKeysMngrPtr mngr;
+ xmlSecKeyPtr key;
+ int i;
+
+ assert(files);
+ assert(files_size > 0);
+
+ /* create and initialize keys manager, we use a default list based
+ * keys manager, implement your own xmlSecKeysStore klass if you need
+ * something more sophisticated
+ */
+ mngr = xmlSecKeysMngrCreate();
+ if(mngr == NULL) {
+ fprintf(stderr, "Error: failed to create keys manager.\n");
+ return(NULL);
+ }
+ if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) {
+ fprintf(stderr, "Error: failed to initialize keys manager.\n");
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ for(i = 0; i < files_size; ++i) {
+ assert(files[i]);
+
+ /* load key */
+ key = xmlSecCryptoAppKeyLoad(files[i], xmlSecKeyDataFormatPem, NULL, NULL, NULL);
+ if(key == NULL) {
+ fprintf(stderr,"Error: failed to load pem key from \"%s\"\n", files[i]);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(key, BAD_CAST files[i]) < 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", files[i]);
+ xmlSecKeyDestroy(key);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* add key to keys manager, from now on keys manager is responsible
+ * for destroying key
+ */
+ if(xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key) < 0) {
+ fprintf(stderr,"Error: failed to add key from \"%s\" to keys manager\n", files[i]);
+ xmlSecKeyDestroy(key);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+ }
+
+ return(mngr);
+}
+ ]]></programlisting>
+ <simpara><link linkend="xmlsec-example-verify2">Full program listing</link></simpara>
+ </example>
+ </para>
+ </sect1>
+
+ <sect1 id="xmlsec-notes-keys-manager-sign-enc">
+ <title>Using keys manager for signatures/encryption.</title>
+ <para>Instead of specifiying signature or encryption key in the
+ corresponding context object (<structfield>signKey</structfield>
+ member of <link linkend="xmlSecDSigCtx">xmlSecDSigCtx</link>
+ structure or <structfield>encKey</structfield> member of
+ <link linkend="xmlSecEncCtx">xmlSecEncCtx</link> structure),
+ the application can use keys manager to select the
+ signature or encryption key. This is especialy useful
+ when you are encrypting or signing something with a session key
+ which is by itself should be encrypted. The key for the
+ session key encryption in the
+ <ulink URL="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedKey">&lt;EncryptedKey/&gt;</ulink>
+ node could be selected using
+ <ulink URL="http://www.w3.org/TR/xmldsig-core/#sec-KeyName">&lt;dsig:KeyName/&gt;</ulink>
+ node in the template.
+ </para>
+ <para>
+ <example>
+ <title>Encrypting file using a session key and a permanent key from keys manager.</title>
+ <programlisting><![CDATA[
+/**
+ * load_rsa_keys:
+ * @key_file: the key filename.
+ *
+ * Creates default keys manager and load RSA key from #key_file in it.
+ * The caller is responsible for destroing returned keys manager using
+ * @xmlSecKeysMngrDestroy.
+ *
+ * Returns the pointer to newly created keys manager or NULL if an error
+ * occurs.
+ */
+xmlSecKeysMngrPtr
+load_rsa_keys(char* key_file) {
+ xmlSecKeysMngrPtr mngr;
+ xmlSecKeyPtr key;
+
+ assert(key_file);
+
+ /* create and initialize keys manager, we use a default list based
+ * keys manager, implement your own xmlSecKeysStore klass if you need
+ * something more sophisticated
+ */
+ mngr = xmlSecKeysMngrCreate();
+ if(mngr == NULL) {
+ fprintf(stderr, "Error: failed to create keys manager.\n");
+ return(NULL);
+ }
+ if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) {
+ fprintf(stderr, "Error: failed to initialize keys manager.\n");
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* load private RSA key */
+ key = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
+ if(key == NULL) {
+ fprintf(stderr,"Error: failed to load rsa key from file \"%s\"\n", key_file);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(key, BAD_CAST key_file) < 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
+ xmlSecKeyDestroy(key);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* add key to keys manager, from now on keys manager is responsible
+ * for destroying key
+ */
+ if(xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key) < 0) {
+ fprintf(stderr,"Error: failed to add key from \"%s\" to keys manager\n", key_file);
+ xmlSecKeyDestroy(key);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ return(mngr);
+}
+
+/**
+ * encrypt_file:
+ * @mngr: the pointer to keys manager.
+ * @xml_file: the encryption template file name.
+ * @key_name: the RSA key name.
+ *
+ * Encrypts #xml_file using a dynamicaly created template, a session DES key
+ * and an RSA key from keys manager.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+encrypt_file(xmlSecKeysMngrPtr mngr, const char* xml_file, const char* key_name) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr encDataNode = NULL;
+ xmlNodePtr keyInfoNode = NULL;
+ xmlNodePtr encKeyNode = NULL;
+ xmlNodePtr keyInfoNode2 = NULL;
+ xmlSecEncCtxPtr encCtx = NULL;
+ int res = -1;
+
+ assert(mngr);
+ assert(xml_file);
+ assert(key_name);
+
+ /* load template */
+ doc = xmlParseFile(xml_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* create encryption template to encrypt XML file and replace
+ * its content with encryption result */
+ encDataNode = xmlSecTmplEncDataCreate(doc, xmlSecTransformDes3CbcId,
+ NULL, xmlSecTypeEncElement, NULL, NULL);
+ if(encDataNode == NULL) {
+ fprintf(stderr, "Error: failed to create encryption template\n");
+ goto done;
+ }
+
+ /* we want to put encrypted data in the <enc:CipherValue/> node */
+ if(xmlSecTmplEncDataEnsureCipherValue(encDataNode) == NULL) {
+ fprintf(stderr, "Error: failed to add CipherValue node\n");
+ goto done;
+ }
+
+ /* add <dsig:KeyInfo/> */
+ keyInfoNode = xmlSecTmplEncDataEnsureKeyInfo(encDataNode, NULL);
+ if(keyInfoNode == NULL) {
+ fprintf(stderr, "Error: failed to add key info\n");
+ goto done;
+ }
+
+ /* add <enc:EncryptedKey/> to store the encrypted session key */
+ encKeyNode = xmlSecTmplKeyInfoAddEncryptedKey(keyInfoNode,
+ xmlSecTransformRsaOaepId,
+ NULL, NULL, NULL);
+ if(encKeyNode == NULL) {
+ fprintf(stderr, "Error: failed to add key info\n");
+ goto done;
+ }
+
+ /* we want to put encrypted key in the <enc:CipherValue/> node */
+ if(xmlSecTmplEncDataEnsureCipherValue(encKeyNode) == NULL) {
+ fprintf(stderr, "Error: failed to add CipherValue node\n");
+ goto done;
+ }
+
+ /* add <dsig:KeyInfo/> and <dsig:KeyName/> nodes to <enc:EncryptedKey/> */
+ keyInfoNode2 = xmlSecTmplEncDataEnsureKeyInfo(encKeyNode, NULL);
+ if(keyInfoNode2 == NULL) {
+ fprintf(stderr, "Error: failed to add key info\n");
+ goto done;
+ }
+
+ /* set key name so we can lookup key when needed */
+ if(xmlSecTmplKeyInfoAddKeyName(keyInfoNode2, key_name) == NULL) {
+ fprintf(stderr, "Error: failed to add key name\n");
+ goto done;
+ }
+
+ /* create encryption context */
+ encCtx = xmlSecEncCtxCreate(mngr);
+ if(encCtx == NULL) {
+ fprintf(stderr,"Error: failed to create encryption context\n");
+ goto done;
+ }
+
+ /* generate a Triple DES key */
+ encCtx->encKey = xmlSecKeyGenerate(xmlSecKeyDataDesId, 192, xmlSecKeyDataTypeSession);
+ if(encCtx->encKey == NULL) {
+ fprintf(stderr,"Error: failed to generate session des key\n");
+ goto done;
+ }
+
+ /* encrypt the data */
+ if(xmlSecEncCtxXmlEncrypt(encCtx, encDataNode, xmlDocGetRootElement(doc)) < 0) {
+ fprintf(stderr,"Error: encryption failed\n");
+ goto done;
+ }
+
+ /* we template is inserted in the doc */
+ encDataNode = NULL;
+
+ /* print encrypted data with document to stdout */
+ xmlDocDump(stdout, doc);
+
+ /* success */
+ res = 0;
+
+done:
+
+ /* cleanup */
+ if(encCtx != NULL) {
+ xmlSecEncCtxDestroy(encCtx);
+ }
+
+ if(encDataNode != NULL) {
+ xmlFreeNode(encDataNode);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+
+ ]]></programlisting>
+ <simpara><link linkend="xmlsec-example-encrypt3">Full program listing</link></simpara>
+ </example>
+ </para>
+ </sect1>
+
+ <sect1 id="xmlsec-notes-keys-mngr-verify-decrypt">
+ <title>Using keys manager for verification/decryption.</title>
+ <para>If more than one key could be used for signature or encryption,
+ then using <structfield>signKey</structfield> member of
+ <link linkend="xmlSecDSigCtx">xmlSecDSigCtx</link> structure or
+ <structfield>encKey</structfield> member of
+ <link linkend="xmlSecEncCtx">xmlSecEncCtx</link> structure
+ is not possible. Instead, the application should load known keys in
+ the keys manager and use &lt;dsig:KeyName/&gt; element to specify
+ the key name.
+ </para>
+ <para>
+ <example>
+ <title>Initializing keys manager and loading DES keys from binary files.</title>
+ <programlisting><![CDATA[
+/**
+ * load_des_keys:
+ * @files: the list of filenames.
+ * @files_size: the number of filenames in #files.
+ *
+ * Creates default keys manager and load DES keys from #files in it.
+ * The caller is responsible for destroing returned keys manager using
+ * @xmlSecKeysMngrDestroy.
+ *
+ * Returns the pointer to newly created keys manager or NULL if an error
+ * occurs.
+ */
+xmlSecKeysMngrPtr
+load_des_keys(char** files, int files_size) {
+ xmlSecKeysMngrPtr mngr;
+ xmlSecKeyPtr key;
+ int i;
+
+ assert(files);
+ assert(files_size > 0);
+
+ /* create and initialize keys manager, we use a default list based
+ * keys manager, implement your own xmlSecKeysStore klass if you need
+ * something more sophisticated
+ */
+ mngr = xmlSecKeysMngrCreate();
+ if(mngr == NULL) {
+ fprintf(stderr, "Error: failed to create keys manager.\n");
+ return(NULL);
+ }
+ if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) {
+ fprintf(stderr, "Error: failed to initialize keys manager.\n");
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ for(i = 0; i < files_size; ++i) {
+ assert(files[i]);
+
+ /* load DES key */
+ key = xmlSecKeyReadBinaryFile(xmlSecKeyDataDesId, files[i]);
+ if(key == NULL) {
+ fprintf(stderr,"Error: failed to load des key from binary file \"%s\"\n", files[i]);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(key, BAD_CAST files[i]) < 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", files[i]);
+ xmlSecKeyDestroy(key);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* add key to keys manager, from now on keys manager is responsible
+ * for destroying key
+ */
+ if(xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key) < 0) {
+ fprintf(stderr,"Error: failed to add key from \"%s\" to keys manager\n", files[i]);
+ xmlSecKeyDestroy(key);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+ }
+
+ return(mngr);
+}
+ ]]></programlisting>
+ <simpara><link linkend="xmlsec-example-decrypt2">Full program listing</link></simpara>
+ </example>
+ </para>
+ </sect1>
+
+ <sect1 id="xmlsec-notes-custom-keys-store">
+ <title>Implementing a custom keys store.</title>
+ <para>In many cases, a default built-in list based keys store
+ is not good enough. For example, XML Security Library (and
+ the built-in default keys store) have no synchronization and
+ you'll need to implement a custom keys store if you want to
+ add or remove keys while other threads use the store.</para>
+ <para>
+ <example>
+ <title>Creating a custom keys manager.</title>
+ <programlisting><![CDATA[
+/**
+ * create_files_keys_mngr:
+ *
+ * Creates a files based keys manager: we assume that key name is
+ * the key file name,
+ *
+ * Returns pointer to newly created keys manager or NULL if an error occurs.
+ */
+xmlSecKeysMngrPtr
+create_files_keys_mngr(void) {
+ xmlSecKeyStorePtr keysStore;
+ xmlSecKeysMngrPtr mngr;
+
+ /* create files based keys store */
+ keysStore = xmlSecKeyStoreCreate(files_keys_store_get_klass());
+ if(keysStore == NULL) {
+ fprintf(stderr, "Error: failed to create keys store.\n");
+ return(NULL);
+ }
+
+ /* create keys manager */
+ mngr = xmlSecKeysMngrCreate();
+ if(mngr == NULL) {
+ fprintf(stderr, "Error: failed to create keys manager.\n");
+ xmlSecKeyStoreDestroy(keysStore);
+ return(NULL);
+ }
+
+ /* add store to keys manager, from now on keys manager destroys the store if needed */
+ if(xmlSecKeysMngrAdoptKeysStore(mngr, keysStore) < 0) {
+ fprintf(stderr, "Error: failed to add keys store to keys manager.\n");
+ xmlSecKeyStoreDestroy(keysStore);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* initialize crypto library specific data in keys manager */
+ if(xmlSecCryptoKeysMngrInit(mngr) < 0) {
+ fprintf(stderr, "Error: failed to initialize crypto data in keys manager.\n");
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* set the get key callback */
+ mngr->getKey = xmlSecKeysMngrGetKey;
+ return(mngr);
+}
+
+/****************************************************************************
+ *
+ * Files Keys Store: we assume that key's name (content of the
+ * <dsig:KeyName/> element is a name of the file with a key.
+ * Attention: this probably not a good solution for high traffic systems.
+ *
+ ***************************************************************************/
+static xmlSecKeyPtr files_keys_store_find_key (xmlSecKeyStorePtr store,
+ const xmlChar* name,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static xmlSecKeyStoreKlass files_keys_store_klass = {
+ sizeof(xmlSecKeyStoreKlass),
+ sizeof(xmlSecKeyStore),
+ BAD_CAST "files-based-keys-store", /* const xmlChar* name; */
+ NULL, /* xmlSecKeyStoreInitializeMethod initialize; */
+ NULL, /* xmlSecKeyStoreFinalizeMethod finalize; */
+ files_keys_store_find_key, /* xmlSecKeyStoreFindKeyMethod findKey; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * files_keys_store_get_klass:
+ *
+ * The files based keys store klass: we assume that key name is the
+ * key file name,
+ *
+ * Returns files based keys store klass.
+ */
+xmlSecKeyStoreId
+files_keys_store_get_klass(void) {
+ return(&files_keys_store_klass);
+}
+
+/**
+ * files_keys_store_find_key:
+ * @store: the pointer to default keys store.
+ * @name: the desired key name.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> node processing context.
+ *
+ * Lookups key in the @store.
+ *
+ * Returns pointer to key or NULL if key not found or an error occurs.
+ */
+static xmlSecKeyPtr
+files_keys_store_find_key(xmlSecKeyStorePtr store, const xmlChar* name, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyPtr key;
+ const xmlChar* p;
+
+ assert(store);
+ assert(keyInfoCtx);
+
+ /* it's possible to do not have the key name or desired key type
+ * but we could do nothing in this case */
+ if((name == NULL) || (keyInfoCtx->keyReq.keyId == xmlSecKeyDataIdUnknown)){
+ return(NULL);
+ }
+
+ /* we don't want to open files in a folder other than "current";
+ * to prevent it limit the characters in the key name to alpha/digit,
+ * '.', '-' or '_'.
+ */
+ for(p = name; (*p) != '\0'; ++p) {
+ if(!isalnum((*p)) && ((*p) != '.') && ((*p) != '-') && ((*p) != '_')) {
+ return(NULL);
+ }
+ }
+
+ if((keyInfoCtx->keyReq.keyId == xmlSecKeyDataDsaId) || (keyInfoCtx->keyReq.keyId == xmlSecKeyDataRsaId)) {
+ /* load key from a pem file, if key is not found then it's an error (is it?) */
+ key = xmlSecCryptoAppKeyLoad(name, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
+ if(key == NULL) {
+ fprintf(stderr,"Error: failed to load pem key from \"%s\"\n", name);
+ return(NULL);
+ }
+ } else {
+ /* otherwise it's a binary key, if key is not found then it's an error (is it?) */
+ key = xmlSecKeyReadBinaryFile(keyInfoCtx->keyReq.keyId, name);
+ if(key == NULL) {
+ fprintf(stderr,"Error: failed to load key from binary file \"%s\"\n", name);
+ return(NULL);
+ }
+ }
+
+ /* set key name */
+ if(xmlSecKeySetName(key, name) < 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", name);
+ xmlSecKeyDestroy(key);
+ return(NULL);
+ }
+
+ return(key);
+}
+ ]]></programlisting>
+ <simpara><link linkend="xmlsec-example-decrypt3">Full program listing</link></simpara>
+ </example>
+ </para>
+ </sect1>
+</chapter>
diff --git a/docs/api/chapters/using-transforms.sgml b/docs/api/chapters/using-transforms.sgml
new file mode 100644
index 00000000..874f41ca
--- /dev/null
+++ b/docs/api/chapters/using-transforms.sgml
@@ -0,0 +1,67 @@
+<chapter id="xmlsec-notes-transforms">
+ <title>Transforms and transforms chain.</title>
+ <para>XML Digital Signature and XML Encryption standards are
+ very flexible and provide an XML developer many different ways to
+ sign or encrypt any part (or even parts) of an XML document.
+ The key for such great flexibility is the "transforms" model.
+ Transform is defined as a method of pre-processing binary or XML data
+ before calculating digest or signature. XML Security Library extends
+ this definition and names "transform" any operation performed on
+ the data: reading data from an URI, xml parsing, xml transformation,
+ calculation digest, encrypting or decrypting. Each XML Security Library
+ transform provides at least one of the following callbacks:
+ <itemizedlist>
+ <listitem><para>
+ <link linkend="xmlSecTransformPushBinMethod">push binary data</link>;
+ </para></listitem>
+ <listitem><para>
+ <link linkend="xmlSecTransformPushXmlMethod">push xml data</link>;
+ </para></listitem>
+ <listitem><para>
+ <link linkend="xmlSecTransformPopBinMethod">pop binary data</link>;
+ </para></listitem>
+ <listitem><para>
+ <link linkend="xmlSecTransformPopXmlMethod">pop xml data</link>.
+ </para></listitem>
+ </itemizedlist>
+ </para>
+ <para>One additional <link linkend="xmlSecTransformExecuteMethod">execute</link>
+ callback was added to simplify the development and reduce code size.
+ This callback is used by default
+ implementations of the four external callbacks from the list above.
+ For example, most of the crypto transforms could be implemented by
+ just implementing one "execute" callback and using default push/pop
+ binary data callbacks. However, in some cases using push/pop callbacks
+ directly is more efficient.
+ </para>
+ <figure>
+ <title>The XML Security Library transform.</title>
+ <graphic fileref="images/transform.png" align="center"></graphic>
+ </figure>
+ <para>XML Security Library constructs transforms chain according to the
+ signature/encryption template or signed/encrypted document.
+ If necessary, XML Security Library inserts XML parser or defaul
+ canonicalization to ensure that the output data type (binary or XML)
+ of previous transform matches the input of the next transform.
+ </para>
+ <para>The data are processed by pushing through or poping from the chain
+ depending on the transforms in the chain. For example, then binary
+ data chunk is pushed through a binary-to-binary transform, it
+ processes this chunk and pushes the result to the next transform
+ in the chain.
+ </para>
+ <figure>
+ <title>Transforms chain created for &lt;dsig:Reference/&gt; element processing.</title>
+ <graphic fileref="images/transforms-chain.png" align="center"></graphic>
+ </figure>
+
+ <para>
+ <example>
+ <title>Walking through transforms chain.</title>
+ <programlisting><![CDATA[
+TODO
+ ]]></programlisting>
+ </example>
+ </para>
+</chapter>
+
diff --git a/docs/api/chapters/using-x509-certs.sgml b/docs/api/chapters/using-x509-certs.sgml
new file mode 100644
index 00000000..8ff029d9
--- /dev/null
+++ b/docs/api/chapters/using-x509-certs.sgml
@@ -0,0 +1,197 @@
+<chapter id="xmlsec-notes-x509">
+ <title>Using X509 Certificates.</title>
+ <sect1 id="xmlsec-notes-x509-overview">
+ <title>Overview.</title>
+ <para>X509 certificate is one of many possible keys data object that can be
+ associated with a key. Application may read and write X509 data
+ from/to XML file. The X509 certificates management policies significantly
+ vary from one crypto library to another. The examples in this chapter
+ were tested with OpenSSL and they might be broken if anither crypto
+ engine is used. Check API reference documentation for more specific
+ information about your crypto engine.
+ </para>
+ </sect1>
+
+ <sect1 id="xmlsec-notes-sign-x509" >
+ <title>Signing data with X509 certificate.</title>
+ <para>To sign a file using X509 certificate,
+ an application need to associate the certificate (or certificates)
+ with the private key using one of the following functions:
+ <itemizedlist>
+ <listitem><para>
+ <link linkend="xmlSecOpenSSLAppKeyCertLoad">xmlSecOpenSSLAppKeyCertLoad</link> - loads
+ certificate from a file and adds to the key;
+ </para></listitem>
+
+ <listitem><para>
+ <link linkend="xmlSecOpenSSLAppPkcs12Load">xmlSecOpenSSLAppPkcs12Load</link> -
+ loads private key and all the certificates associated with it from a PKCS12 file;
+ </para></listitem>
+
+ <listitem><para>
+ <link linkend="xmlSecKeyAdoptData">xmlSecKeyAdoptData</link> - low level
+ function to add key data (including X509 key data) to the key.
+ </para></listitem>
+ </itemizedlist>
+ <example>
+ <title>Loading private key and X509 certificate.</title>
+ <programlisting><![CDATA[
+ /* load private key, assuming that there is not password */
+ key = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
+ if(key == NULL) {
+ fprintf(stderr,"Error: failed to load private pem key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* load certificate and add to the key */
+ if(xmlSecCryptoAppKeyCertLoad(key, cert_file, xmlSecKeyDataFormatPem) < 0) {
+ fprintf(stderr,"Error: failed to load pem certificate \"%s\"\n", cert_file);
+ goto done;
+ }
+ ]]></programlisting>
+ <simpara><link linkend="xmlsec-example-sign3">Full program listing</link></simpara>
+ </example>
+ </para>
+ <para>Next step is to prepare signature template with &lt;dsig:X509Data/&gt;
+ child of the &lt;dsig:KeyInfo/&gt; element. When XML Security Library finds
+ this node in the template, it automaticaly creates &lt;dsig:X509Certificate/&gt;
+ children of the &lt;dsig:X509Data/&gt; element and writes to result XML document
+ all the certificates associated with the signature key.
+ <example>
+ <title>Dynamicaly creating a signature template for signing document using X509 certificate.</title>
+ <programlisting><![CDATA[
+ /* create signature template for RSA-SHA1 enveloped signature */
+ signNode = xmlSecTmplSignatureCreate(doc, xmlSecTransformExclC14NId,
+ xmlSecTransformRsaSha1Id, NULL);
+ if(signNode == NULL) {
+ fprintf(stderr, "Error: failed to create signature template\n");
+ goto done;
+ }
+
+ /* add <dsig:Signature/> node to the doc */
+ xmlAddChild(xmlDocGetRootElement(doc), signNode);
+
+ /* add reference */
+ refNode = xmlSecTmplSignatureAddReference(signNode, xmlSecTransformSha1Id,
+ NULL, NULL, NULL);
+ if(refNode == NULL) {
+ fprintf(stderr, "Error: failed to add reference to signature template\n");
+ goto done;
+ }
+
+ /* add enveloped transform */
+ if(xmlSecTmplReferenceAddTransform(refNode, xmlSecTransformEnvelopedId) == NULL) {
+ fprintf(stderr, "Error: failed to add enveloped transform to reference\n");
+ goto done;
+ }
+
+ /* add <dsig:KeyInfo/> and <dsig:X509Data/> */
+ keyInfoNode = xmlSecTmplSignatureEnsureKeyInfo(signNode, NULL);
+ if(keyInfoNode == NULL) {
+ fprintf(stderr, "Error: failed to add key info\n");
+ goto done;
+ }
+
+ if(xmlSecTmplKeyInfoAddX509Data(keyInfoNode) == NULL) {
+ fprintf(stderr, "Error: failed to add X509Data node\n");
+ goto done;
+ }
+ ]]></programlisting>
+ <simpara><link linkend="xmlsec-example-sign3">Full program listing</link></simpara>
+ </example>
+ </para>
+ </sect1>
+
+ <sect1 id="xmlsec-notes-verify-x509" >
+ <title>Verifing document signed with X509 certificates.</title>
+ <para>
+ If the document is signed with an X509 certificate then the signature
+ verification consist of two steps:
+ <itemizedlist>
+ <listitem><para>Creating and verifing X509 certificates chain.
+ </para></listitem>
+ <listitem><para>Verifing signature itself using key exrtacted from
+ a certificate verified on previous step.
+ </para></listitem>
+ </itemizedlist>
+ Certificates chain is constructed from certificates in a way that
+ each certificate in the chain is signed with previous one:
+ <figure>
+ <title>Certificates chain.</title>
+ <programlisting>
+Certificate A (signed with B) <- Certificate B (signed with C) <- ... <- Root Certificate (signed by itself)
+ </programlisting>
+ </figure>
+ At the end of the chain there is a &quot;Root Certificate&quot; which
+ is signed by itself. There is no way to verify the validity of the
+ root certificate and application have to &quot;trust&quot; it
+ (another name for root certificates is &quot;trusted&quot; certificates).
+ </para>
+
+ <para>
+ Application can use <link linkend="xmlSecCryptoAppKeysMngrCertLoad">xmlSecCryptoAppKeysMngrCertLoad</link>
+ function to load both &quot;trusted&quot; and &quot;un-trusted&quot;
+ certificates. However, the selection of &quot;trusted&quot;
+ certificates is very sensitive process and this function might be
+ not implemented for some crypto engines. In this case, the
+ &quot;trusted&quot; certificates list is loaded during initialization
+ or specified in crypto engine configuration files.
+ Check XML Security Library API reference for more details.
+ <example>
+ <title>Loading trusted X509 certificate.</title>
+ <programlisting><![CDATA[
+/**
+ * load_trusted_certs:
+ * @files: the list of filenames.
+ * @files_size: the number of filenames in #files.
+ *
+ * Creates simple keys manager and load trusted certificates from PEM #files.
+ * The caller is responsible for destroing returned keys manager using
+ * @xmlSecKeysMngrDestroy.
+ *
+ * Returns the pointer to newly created keys manager or NULL if an error
+ * occurs.
+ */
+xmlSecKeysMngrPtr
+load_trusted_certs(char** files, int files_size) {
+ xmlSecKeysMngrPtr mngr;
+ int i;
+
+ assert(files);
+ assert(files_size > 0);
+
+ /* create and initialize keys manager, we use a simple list based
+ * keys manager, implement your own xmlSecKeysStore klass if you need
+ * something more sophisticated
+ */
+ mngr = xmlSecKeysMngrCreate();
+ if(mngr == NULL) {
+ fprintf(stderr, "Error: failed to create keys manager.\n");
+ return(NULL);
+ }
+ if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) {
+ fprintf(stderr, "Error: failed to initialize keys manager.\n");
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ for(i = 0; i < files_size; ++i) {
+ assert(files[i]);
+
+ /* load trusted cert */
+ if(xmlSecCryptoAppKeysMngrCertLoad(mngr, files[i], xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) {
+ fprintf(stderr,"Error: failed to load pem certificate from \"%s\"\n", files[i]);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+ }
+
+ return(mngr);
+}
+ ]]></programlisting>
+ <simpara><link linkend="xmlsec-example-verify3">Full program listing</link></simpara>
+ </example>
+ </para>
+ </sect1>
+</chapter>
+
diff --git a/docs/api/chapters/verify-and-decrypt.sgml b/docs/api/chapters/verify-and-decrypt.sgml
new file mode 100644
index 00000000..699d19b6
--- /dev/null
+++ b/docs/api/chapters/verify-and-decrypt.sgml
@@ -0,0 +1,265 @@
+<chapter id="xmlsec-notes-verify-decrypt">
+ <title>Verifing and decrypting documents.</title>
+ <sect1 id="xmlsec-notes-verify-decrypt-overview">
+ <title>Overview.</title>
+ <para>Since the template is just an XML file, it might be created in advance
+ and saved in a file. It's also possible for application to create
+ templates without using XML Security Library functions. Also in some
+ cases template should be inserted in the signed or encrypted data
+ (for example, if you want to create an enveloped or enveloping
+ signature).</para>
+ <para>Signature verification and data decryption do not require template
+ because all the necessary information is provided in the signed or
+ encrypted document.
+ <figure>
+ <title>The verification or decryption processing model.</title>
+ <graphic fileref="images/verif-dec-model.png" align="center"></graphic>
+ </figure>
+ </para>
+ </sect1>
+
+ <sect1 id="xmlsec-notes-verify" >
+ <title>Verifying a signed document</title>
+ <para>The typical siganture verification process includes following steps:
+ <itemizedlist>
+ <listitem><para>
+ Load keys, X509 certificates, etc. in the <link linkend="xmlSecKeysMngr">keys manager</link> .
+ </para></listitem>
+ <listitem><para>
+ Create signature context <link linkend="xmlSecDSigCtx">xmlSecDSigCtx</link>
+ using <link linkend="xmlSecDSigCtxCreate">xmlSecDSigCtxCreate</link> or
+ <link linkend="xmlSecDSigCtxInitialize">xmlSecDSigCtxInitialize</link>
+ functions.
+ </para></listitem>
+ <listitem><para>
+ Select start verification
+ <ulink URL="http://www.w3.org/TR/xmldsig-core/#sec-Signature">&lt;dsig:Signature/&gt;</ulink>
+ node in the signed XML document.
+ </para></listitem>
+ <listitem><para>
+ Verify signature by calling <link linkend="xmlSecDSigCtxVerify">xmlSecDSigCtxVerify</link>
+ function.
+ </para></listitem>
+ <listitem><para>
+ Check returned value and verification status (<structfield>status</structfield>
+ member of <link linkend="xmlSecDSigCtx">xmlSecDSigCtx</link> structure).
+ If necessary, consume returned data from the <link linkend="xmlSecDSigCtx">context</link>.
+ </para></listitem>
+ <listitem><para>
+ Destroy signature context <link linkend="xmlSecDSigCtx">xmlSecDSigCtx</link>
+ using <link linkend="xmlSecDSigCtxDestroy">xmlSecDSigCtxDestroy</link> or
+ <link linkend="xmlSecDSigCtxFinalize">xmlSecDSigCtxFinalize</link>
+ functions.
+ </para></listitem>
+ </itemizedlist>
+ </para>
+ <para>
+ <example>
+ <title>Verifying a document.</title>
+ <programlisting><![CDATA[
+/**
+ * verify_file:
+ * @xml_file: the signed XML file name.
+ * @key_file: the PEM public key file name.
+ *
+ * Verifies XML signature in #xml_file using public key from #key_file.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+verify_file(const char* xml_file, const char* key_file) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr node = NULL;
+ xmlSecDSigCtxPtr dsigCtx = NULL;
+ int res = -1;
+
+ assert(xml_file);
+ assert(key_file);
+
+ /* load file */
+ doc = xmlParseFile(xml_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* find start node */
+ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
+ if(node == NULL) {
+ fprintf(stderr, "Error: start node not found in \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* create signature context, we don't need keys manager in this example */
+ dsigCtx = xmlSecDSigCtxCreate(NULL);
+ if(dsigCtx == NULL) {
+ fprintf(stderr,"Error: failed to create signature context\n");
+ goto done;
+ }
+
+ /* load public key */
+ dsigCtx->signKey = xmlSecCryptoAppKeyLoad(key_file,xmlSecKeyDataFormatPem, NULL, NULL, NULL);
+ if(dsigCtx->signKey == NULL) {
+ fprintf(stderr,"Error: failed to load public pem key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(dsigCtx->signKey, key_file) < 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* Verify signature */
+ if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
+ fprintf(stderr,"Error: signature verify\n");
+ goto done;
+ }
+
+ /* print verification result to stdout */
+ if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
+ fprintf(stdout, "Signature is OK\n");
+ } else {
+ fprintf(stdout, "Signature is INVALID\n");
+ }
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(dsigCtx != NULL) {
+ xmlSecDSigCtxDestroy(dsigCtx);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+ ]]></programlisting>
+ <simpara><link linkend="xmlsec-example-verify1">Full Program Listing</link></simpara>
+ </example>
+ </para>
+ </sect1>
+
+ <sect1 id="xmlsec-notes-decrypt" >
+ <title>Decrypting an encrypted document</title>
+ <para>The typical decryption process includes following steps:
+ <itemizedlist>
+ <listitem><para>
+ Load keys, X509 certificates, etc. in the <link linkend="xmlSecKeysMngr">keys manager</link> .
+ </para></listitem>
+ <listitem><para>
+ Create encryption context <link linkend="xmlSecEncCtx">xmlSecEncCtx</link>
+ using <link linkend="xmlSecEncCtxCreate">xmlSecEncCtxCreate</link> or
+ <link linkend="xmlSecEncCtxInitialize">xmlSecEncCtxInitialize</link>
+ functions.
+ </para></listitem>
+ <listitem><para>
+ Select start decryption &lt;enc:EncryptedData&gt; node.
+ </para></listitem>
+ <listitem><para>
+ Decrypt by calling <link linkend="xmlSecEncCtxDecrypt">xmlSecencCtxDecrypt</link>
+ function.
+ </para></listitem>
+ <listitem><para>
+ Check returned value and if necessary consume encrypted data.
+ </para></listitem>
+ <listitem><para>
+ Destroy encryption context <link linkend="xmlSecEncCtx">xmlSecEncCtx</link>
+ using <link linkend="xmlSecEncCtxDestroy">xmlSecEncCtxDestroy</link> or
+ <link linkend="xmlSecEncCtxFinalize">xmlSecEncCtxFinalize</link>
+ functions.
+ </para></listitem>
+ </itemizedlist>
+ </para>
+ <para>
+ <example>
+ <title>Decrypting a document.</title>
+ <programlisting><![CDATA[
+int
+decrypt_file(const char* enc_file, const char* key_file) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr node = NULL;
+ xmlSecEncCtxPtr encCtx = NULL;
+ int res = -1;
+
+ assert(enc_file);
+ assert(key_file);
+
+ /* load template */
+ doc = xmlParseFile(enc_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", enc_file);
+ goto done;
+ }
+
+ /* find start node */
+ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeEncryptedData, xmlSecEncNs);
+ if(node == NULL) {
+ fprintf(stderr, "Error: start node not found in \"%s\"\n", enc_file);
+ goto done;
+ }
+
+ /* create encryption context, we don't need keys manager in this example */
+ encCtx = xmlSecEncCtxCreate(NULL);
+ if(encCtx == NULL) {
+ fprintf(stderr,"Error: failed to create encryption context\n");
+ goto done;
+ }
+
+ /* load DES key */
+ encCtx->encKey = xmlSecKeyReadBinaryFile(xmlSecKeyDataDesId, key_file);
+ if(encCtx->encKey == NULL) {
+ fprintf(stderr,"Error: failed to load des key from binary file \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(encCtx->encKey, key_file) < 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* decrypt the data */
+ if((xmlSecEncCtxDecrypt(encCtx, node) < 0) || (encCtx->result == NULL)) {
+ fprintf(stderr,"Error: decryption failed\n");
+ goto done;
+ }
+
+ /* print decrypted data to stdout */
+ if(encCtx->resultReplaced != 0) {
+ fprintf(stdout, "Decrypted XML data:\n");
+ xmlDocDump(stdout, doc);
+ } else {
+ fprintf(stdout, "Decrypted binary data (%d bytes):\n", xmlSecBufferGetSize(encCtx->result));
+ if(xmlSecBufferGetData(encCtx->result) != NULL) {
+ fwrite(xmlSecBufferGetData(encCtx->result),
+ 1,
+ xmlSecBufferGetSize(encCtx->result),
+ stdout);
+ }
+ }
+ fprintf(stdout, "\n");
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(encCtx != NULL) {
+ xmlSecEncCtxDestroy(encCtx);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+ ]]></programlisting>
+ <simpara><link linkend="xmlsec-example-decrypt1">Full Program Listing</link></simpara>
+ </example>
+ </para>
+ </sect1>
+</chapter>
diff --git a/docs/api/home.png b/docs/api/home.png
new file mode 100644
index 00000000..17003611
--- /dev/null
+++ b/docs/api/home.png
Binary files differ
diff --git a/docs/api/images/diagrams.sxd b/docs/api/images/diagrams.sxd
new file mode 100644
index 00000000..53bbeb5e
--- /dev/null
+++ b/docs/api/images/diagrams.sxd
Binary files differ
diff --git a/docs/api/images/encryption-structure.png b/docs/api/images/encryption-structure.png
new file mode 100644
index 00000000..16c78afa
--- /dev/null
+++ b/docs/api/images/encryption-structure.png
Binary files differ
diff --git a/docs/api/images/key.png b/docs/api/images/key.png
new file mode 100644
index 00000000..7ffd50b3
--- /dev/null
+++ b/docs/api/images/key.png
Binary files differ
diff --git a/docs/api/images/keysmngr.png b/docs/api/images/keysmngr.png
new file mode 100644
index 00000000..cd3c32f5
--- /dev/null
+++ b/docs/api/images/keysmngr.png
Binary files differ
diff --git a/docs/api/images/sign-enc-model.png b/docs/api/images/sign-enc-model.png
new file mode 100644
index 00000000..ac1e3da7
--- /dev/null
+++ b/docs/api/images/sign-enc-model.png
Binary files differ
diff --git a/docs/api/images/signature-structure.png b/docs/api/images/signature-structure.png
new file mode 100644
index 00000000..dd705ba8
--- /dev/null
+++ b/docs/api/images/signature-structure.png
Binary files differ
diff --git a/docs/api/images/structure.png b/docs/api/images/structure.png
new file mode 100644
index 00000000..63ac0203
--- /dev/null
+++ b/docs/api/images/structure.png
Binary files differ
diff --git a/docs/api/images/transform.png b/docs/api/images/transform.png
new file mode 100644
index 00000000..d2e9574d
--- /dev/null
+++ b/docs/api/images/transform.png
Binary files differ
diff --git a/docs/api/images/transforms-chain.png b/docs/api/images/transforms-chain.png
new file mode 100644
index 00000000..e8eb219c
--- /dev/null
+++ b/docs/api/images/transforms-chain.png
Binary files differ
diff --git a/docs/api/images/verif-dec-model.png b/docs/api/images/verif-dec-model.png
new file mode 100644
index 00000000..7acc90eb
--- /dev/null
+++ b/docs/api/images/verif-dec-model.png
Binary files differ
diff --git a/docs/api/index.html b/docs/api/index.html
new file mode 100644
index 00000000..cc534d90
--- /dev/null
+++ b/docs/api/index.html
@@ -0,0 +1,307 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>XML Security Library Reference Manual</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="NEXT" title="XML Security Library Tutorial" href="xmlsec-notes.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<div class="BOOK">
+<div class="TITLEPAGE">
+<table class="navigation" width="100%" cellpadding="2" cellspacing="0"><tr><th align="center" valign="MIDDLE"><p class="TITLE">XML Security Library Reference Manual<a name="AEN2"></a></p></th></tr></table>
+<h3 class="AUTHOR">
+<a name="AEN5"></a>Aleksey Sanin</h3>
+<div class="AFFILIATION"><div class="ADDRESS"><p class="ADDRESS"> <code class="EMAIL">&lt;<a href="mailto:aleksey@aleksey.com">aleksey@aleksey.com</a>&gt;</code><br>
+ </p></div></div>
+<p class="COPYRIGHT">Copyright © 2002-2003 Aleksey Sanin</p>
+<div><div class="ABSTRACT">
+<p></p>
+<a name="AEN18"></a><p>This manual documents the interfaces of the xmlsec
+ library and has some short notes to help get you up to speed
+ with using the library.</p>
+<p></p>
+</div></div>
+<div class="LEGALNOTICE">
+<p></p>
+<a name="AEN14"></a><p>Permission is granted to make and distribute verbatim
+ copies of this manual provided the copyright notice and this
+ permission notice are preserved on all copies.</p>
+<p>Permission is granted to copy and distribute modified
+ versions of this manual under the conditions for verbatim
+ copying, provided also that the entire resulting derived work is
+ distributed under the terms of a permission notice identical to
+ this one.</p>
+<p>Permission is granted to copy and distribute translations
+ of this manual into another language, under the above conditions
+ for modified versions.</p>
+<p></p>
+</div>
+</div>
+<div class="TOC"><dl>
+<dt><b>Table of Contents</b></dt>
+<dt>I. <a href="xmlsec-notes.html">XML Security Library Tutorial</a>
+</dt>
+<dd><dl>
+<dt><a href="xmlsec-notes-overview.html">Overview.</a></dt>
+<dt><a href="xmlsec-notes-structure.html">XML Security Library Structure.</a></dt>
+<dt><a href="xmlsec-notes-compiling.html">Building the application with XML Security Library.</a></dt>
+<dd><dl>
+<dt><a href="xmlsec-notes-compiling.html#XMLSEC-NOTES-COMPILING-OVERVIEW">Overview.</a></dt>
+<dt><a href="xmlsec-notes-include-files.html">Include files.</a></dt>
+<dt><a href="xmlsec-notes-compiling-unix.html">Compiling and linking on Unix.</a></dt>
+<dt><a href="xmlsec-notes-compiling-windows.html">Compiling and linking on Windows.</a></dt>
+<dt><a href="xmlsec-notes-compiling-others.html">Compiling and linking on other systems.</a></dt>
+</dl></dd>
+<dt><a href="xmlsec-notes-init-shutdown.html">Initialization and shutdown.</a></dt>
+<dt><a href="xmlsec-notes-sign-encrypt.html">Signing and encrypting documents.</a></dt>
+<dd><dl>
+<dt><a href="xmlsec-notes-sign-encrypt.html#XMLSEC-NOTES-SIGN-ENCRYPT-OVERVIEW">Overview.</a></dt>
+<dt><a href="xmlsec-notes-sign.html">Signing a document.</a></dt>
+<dt><a href="xmlsec-notes-encrypt.html">Encrypting data.</a></dt>
+</dl></dd>
+<dt><a href="xmlsec-notes-templates.html">Creating dynamic templates.</a></dt>
+<dd><dl>
+<dt><a href="xmlsec-notes-templates.html#XMLSEC-NOTES-TEMPLATES-OVERVIEW">Overview.</a></dt>
+<dt><a href="xmlsec-notes-dynamic-signature-templates.html">Creating dynamic signature templates.</a></dt>
+<dt><a href="xmlsec-notes-dynamic-encryption-templates.html">Creating dynamic encryption templates.</a></dt>
+</dl></dd>
+<dt><a href="xmlsec-notes-verify-decrypt.html">Verifing and decrypting documents.</a></dt>
+<dd><dl>
+<dt><a href="xmlsec-notes-verify-decrypt.html#XMLSEC-NOTES-VERIFY-DECRYPT-OVERVIEW">Overview.</a></dt>
+<dt><a href="xmlsec-notes-verify.html">Verifying a signed document</a></dt>
+<dt><a href="xmlsec-notes-decrypt.html">Decrypting an encrypted document</a></dt>
+</dl></dd>
+<dt><a href="xmlsec-notes-keys.html">Keys.</a></dt>
+<dt><a href="xmlsec-notes-keysmngr.html">Keys manager.</a></dt>
+<dd><dl>
+<dt><a href="xmlsec-notes-keysmngr.html#XMLSEC-NOTES-KEYSMNGR-OVERVIEW">Overview.</a></dt>
+<dt><a href="xmlsec-notes-simple-keys-store.html">Simple keys store.</a></dt>
+<dt><a href="xmlsec-notes-keys-manager-sign-enc.html">Using keys manager for signatures/encryption.</a></dt>
+<dt><a href="xmlsec-notes-keys-mngr-verify-decrypt.html">Using keys manager for verification/decryption.</a></dt>
+<dt><a href="xmlsec-notes-custom-keys-store.html">Implementing a custom keys store.</a></dt>
+</dl></dd>
+<dt><a href="xmlsec-notes-x509.html">Using X509 Certificates.</a></dt>
+<dd><dl>
+<dt><a href="xmlsec-notes-x509.html#XMLSEC-NOTES-X509-OVERVIEW">Overview.</a></dt>
+<dt><a href="xmlsec-notes-sign-x509.html">Signing data with X509 certificate.</a></dt>
+<dt><a href="xmlsec-notes-verify-x509.html">Verifing document signed with X509 certificates.</a></dt>
+</dl></dd>
+<dt><a href="xmlsec-notes-transforms.html">Transforms and transforms chain.</a></dt>
+<dt><a href="xmlsec-notes-contexts.html">Using context objects.</a></dt>
+<dt><a href="xmlsec-notes-new-crypto.html">Adding support for new cryptographic library.</a></dt>
+<dd><dl>
+<dt><a href="xmlsec-notes-new-crypto.html#XMLSEC-NOTES-NEW-CRYPTO-OVERVIEW">Overview.</a></dt>
+<dt><a href="xmlsec-notes-new-crypto-skeleton.html">Creating a framework from the skeleton.</a></dt>
+<dt><a href="xmlsec-notes-new-crypto-functions.html">xmlSecCryptoApp* functions.</a></dt>
+<dt><a href="xmlsec-notes-new-crypto-klasses.html">Klasses and objects.</a></dt>
+<dt><a href="xmlsec-notes-new-crypto-transforms.html">Cryptographic transforms.</a></dt>
+<dt><a href="xmlsec-notes-new-crypto-keys.html">Keys data and keys data stores.</a></dt>
+<dt><a href="xmlsec-notes-new-crypto-simple-keys-mngr.html">Default keys manager.</a></dt>
+<dt><a href="xmlsec-notes-new-crypto-sharing-results.html">Sharing the results.</a></dt>
+</dl></dd>
+<dt><a href="xmlsec-examples.html">Examples.</a></dt>
+<dd><dl>
+<dt><a href="xmlsec-examples.html#XMLSEC-EXAMPLES-OVERVIEW">XML Security Library Examples.</a></dt>
+<dt><a href="xmlsec-examples-sign-template-file.html">Signing a template file.</a></dt>
+<dt><a href="xmlsec-examples-sign-dynamimc-template.html">Signing a dynamicaly created template.</a></dt>
+<dt><a href="xmlsec-examples-sign-x509.html">Signing with X509 certificate.</a></dt>
+<dt><a href="xmlsec-verify-with-key.html">Verifying a signature with a single key.</a></dt>
+<dt><a href="xmlsec-verify-with-keys-mngr.html">Verifying a signature with keys manager.</a></dt>
+<dt><a href="xmlsec-verify-with-x509.html">Verifying a signature with X509 certificates.</a></dt>
+<dt><a href="xmlsec-verify-with-restrictions.html">Verifying a signature with additional restrictions.</a></dt>
+<dt><a href="xmlsec-encrypt-template-file.html">Encrypting data with a template file.</a></dt>
+<dt><a href="xmlsec-encrypt-dynamic-template.html">Encrypting data with a dynamicaly created template.</a></dt>
+<dt><a href="xmlsec-encrypt-with-session-key.html">Encrypting data with a session key.</a></dt>
+<dt><a href="xmlsec-decrypt-with-signle-key.html">Decrypting data with a single key.</a></dt>
+<dt><a href="xmlsec-decrypt-with-keys-mngr.html">Decrypting data with keys manager.</a></dt>
+<dt><a href="xmlsec-custom-keys-manager.html">Writing a custom keys manager.</a></dt>
+</dl></dd>
+<dt><a href="xmlsec-signature-klasses.html">APPENDIX A. XML Security Library Signature Klasses.</a></dt>
+<dt><a href="xmlsec-encryption-klasses.html">APPENDIX B. XML Security Library Encryption Klasses.</a></dt>
+</dl></dd>
+<dt>II. <a href="xmlsec-reference.html">XML Security Library API Reference.</a>
+</dt>
+<dd><dl>
+<dt><a href="xmlsec-ref.html">XML Security Core Library API Reference.</a></dt>
+<dd><dl>
+<dt>
+<a href="xmlsec-app.html">app</a> -- Crypto-engine independent application support function.</dt>
+<dt>
+<a href="xmlsec-base64.html">base64</a> -- Base64 encoding/decoding functions.</dt>
+<dt>
+<a href="xmlsec-bn.html">bn</a> -- Big numbers support functions.</dt>
+<dt>
+<a href="xmlsec-buffer.html">buffer</a> -- Binary buffer implementation.</dt>
+<dt>
+<a href="xmlsec-dl.html">dl</a> -- Dynamic crypto-engine library loading support.</dt>
+<dt>
+<a href="xmlsec-errors.html">errors</a> -- Error/log messages support.</dt>
+<dt>
+<a href="xmlsec-io.html">io</a> -- Input/output support.</dt>
+<dt>
+<a href="xmlsec-keyinfo.html">keyinfo</a> -- <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node parser.</dt>
+<dt>
+<a href="xmlsec-keysdata.html">keysdata</a> -- Crypto key data object definition.</dt>
+<dt>
+<a href="xmlsec-keys.html">keys</a> -- Crypto key object definition.</dt>
+<dt>
+<a href="xmlsec-keysmngr.html">keysmngr</a> -- Keys manager object support.</dt>
+<dt>
+<a href="xmlsec-list.html">list</a> -- Generic list structure implementation.</dt>
+<dt>
+<a href="xmlsec-membuf.html">membuf</a> -- Memory buffer transform implementation.</dt>
+<dt>
+<a href="xmlsec-nodeset.html">nodeset</a> -- Nodeset object implementation.</dt>
+<dt>
+<a href="xmlsec-parser.html">parser</a> -- Parser transform implementation.</dt>
+<dt>
+<a href="xmlsec-templates.html">templates</a> -- Dynamic templates creation functions.</dt>
+<dt>
+<a href="xmlsec-transforms.html">transforms</a> -- Transform object definition.</dt>
+<dt>
+<a href="xmlsec-version.html">version</a> -- Version macros.</dt>
+<dt>
+<a href="xmlsec-xmldsig.html">xmldsig</a> -- XML Digital Signature support.</dt>
+<dt>
+<a href="xmlsec-xmlenc.html">xmlenc</a> -- XML Encryption support.</dt>
+<dt>
+<a href="xmlsec-xmlsec.html">xmlsec</a> -- Utility functions.</dt>
+<dt>
+<a href="xmlsec-xmltree.html">xmltree</a> -- XML tree operations.</dt>
+<dt>
+<a href="xmlsec-x509.html">x509</a> -- <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509Certificate" target="_top">&lt;dsig:X509Certificate/&gt;</a> node parser.</dt>
+</dl></dd>
+<dt><a href="xmlsec-openssl-ref.html">XML Security Library for OpenSLL API Reference.</a></dt>
+<dd><dl>
+<dt>
+<a href="xmlsec-openssl-app.html">app</a> -- Application functions implementation for OpenSSL.</dt>
+<dt>
+<a href="xmlsec-openssl-bn.html">bn</a> -- Big numbers helper functions.</dt>
+<dt>
+<a href="xmlsec-openssl-crypto.html">crypto</a> -- Crypto transforms implementation for OpenSSL.</dt>
+<dt>
+<a href="xmlsec-openssl-evp.html">evp</a> -- EVP keys data implementation.</dt>
+<dt>
+<a href="xmlsec-openssl-x509.html">x509</a> -- X509 certificates support implementation for OpenSSL.</dt>
+</dl></dd>
+<dt><a href="xmlsec-gnutls-ref.html">XML Security Library for GnuTLS API Reference.</a></dt>
+<dd><dl>
+<dt>
+<a href="xmlsec-gnutls-app.html">app</a> -- Application functions implementation for GnuTLS.</dt>
+<dt>
+<a href="xmlsec-gnutls-crypto.html">crypto</a> -- Crypto transforms implementation for GnuTLS.</dt>
+</dl></dd>
+<dt><a href="xmlsec-gcrypt-ref.html">XML Security Library for GCrypt API Reference.</a></dt>
+<dd><dl>
+<dt>
+<a href="xmlsec-gcrypt-app.html">app</a> -- Application functions implementation for GnuTLS.</dt>
+<dt>
+<a href="xmlsec-gcrypt-crypto.html">crypto</a> -- Crypto transforms implementation for GCrypt.</dt>
+</dl></dd>
+<dt><a href="xmlsec-nss-ref.html">XML Security Library for NSS API Reference.</a></dt>
+<dd><dl>
+<dt>
+<a href="xmlsec-nss-app.html">app</a> -- Application functions implementation for NSS.</dt>
+<dt>
+<a href="xmlsec-nss-bignum.html">bignum</a> -- Big numbers helper functions.</dt>
+<dt>
+<a href="xmlsec-nss-crypto.html">crypto</a> -- Crypto transforms implementation for NSS.</dt>
+<dt>
+<a href="xmlsec-nss-keysstore.html">keysstore</a> -- Keys store implementation for NSS.</dt>
+<dt>
+<a href="xmlsec-nss-pkikeys.html">pkikeys</a> -- PKI keys data implementation.</dt>
+<dt>
+<a href="xmlsec-nss-x509.html">x509</a> -- X509 certificates support implementation for NSS.</dt>
+</dl></dd>
+<dt><a href="xmlsec-mscrypto-ref.html">XML Security Library for MSCrypto API Reference.</a></dt>
+<dd><dl>
+<dt>
+<a href="xmlsec-mscrypto-app.html">app</a> -- Application functions implementation for MS Crypto.</dt>
+<dt>
+<a href="xmlsec-mscrypto-certkeys.html">certkeys</a> -- MS Crypto certificates helper functions.</dt>
+<dt>
+<a href="xmlsec-mscrypto-crypto.html">crypto</a> -- Crypto transforms implementation for MS Crypto.</dt>
+<dt>
+<a href="xmlsec-mscrypto-keysstore.html">keysstore</a> -- Keys store implementation for MS Crypto.</dt>
+<dt>
+<a href="xmlsec-mscrypto-x509.html">x509</a> -- X509 certificates support implementation for MS Crypto.</dt>
+</dl></dd>
+<dt><a href="xmlsec-index.html">XML Security Library Reference Index</a></dt>
+</dl></dd>
+</dl></div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes.html"><b>XML Security Library Tutorial &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/index.sgml b/docs/api/index.sgml
new file mode 100644
index 00000000..eb112aa4
--- /dev/null
+++ b/docs/api/index.sgml
@@ -0,0 +1,43 @@
+<ANCHOR id ="XMLSEC-APP" href="xmlsec-app.html">
+<ANCHOR id ="XMLSEC-BASE64" href="xmlsec-base64.html">
+<ANCHOR id ="XMLSEC-BN" href="xmlsec-bn.html">
+<ANCHOR id ="XMLSEC-BUFFER" href="xmlsec-buffer.html">
+<ANCHOR id ="XMLSEC-DL" href="xmlsec-dl.html">
+<ANCHOR id ="XMLSEC-ERRORS" href="xmlsec-errors.html">
+<ANCHOR id ="XMLSEC-IO" href="xmlsec-io.html">
+<ANCHOR id ="XMLSEC-KEYINFO" href="xmlsec-keyinfo.html">
+<ANCHOR id ="XMLSEC-KEYSDATA" href="xmlsec-keysdata.html">
+<ANCHOR id ="XMLSEC-KEYS" href="xmlsec-keys.html">
+<ANCHOR id ="XMLSEC-KEYSMNGR" href="xmlsec-keysmngr.html">
+<ANCHOR id ="XMLSEC-LIST" href="xmlsec-list.html">
+<ANCHOR id ="XMLSEC-MEMBUF" href="xmlsec-membuf.html">
+<ANCHOR id ="XMLSEC-NODESET" href="xmlsec-nodeset.html">
+<ANCHOR id ="XMLSEC-PARSER" href="xmlsec-parser.html">
+<ANCHOR id ="XMLSEC-TEMPLATES" href="xmlsec-templates.html">
+<ANCHOR id ="XMLSEC-TRANSFORMS" href="xmlsec-transforms.html">
+<ANCHOR id ="XMLSEC-VERSION" href="xmlsec-version.html">
+<ANCHOR id ="XMLSEC-XMLDSIG" href="xmlsec-xmldsig.html">
+<ANCHOR id ="XMLSEC-XMLENC" href="xmlsec-xmlenc.html">
+<ANCHOR id ="XMLSEC-XMLSEC" href="xmlsec-xmlsec.html">
+<ANCHOR id ="XMLSEC-XMLTREE" href="xmlsec-xmltree.html">
+<ANCHOR id ="XMLSEC-X509" href="xmlsec-x509.html">
+<ANCHOR id ="XMLSEC-OPENSSL-APP" href="xmlsec-openssl-app.html">
+<ANCHOR id ="XMLSEC-OPENSSL-BN" href="xmlsec-openssl-bn.html">
+<ANCHOR id ="XMLSEC-OPENSSL-CRYPTO" href="xmlsec-openssl-crypto.html">
+<ANCHOR id ="XMLSEC-OPENSSL-EVP" href="xmlsec-openssl-evp.html">
+<ANCHOR id ="XMLSEC-OPENSSL-X509" href="xmlsec-openssl-x509.html">
+<ANCHOR id ="XMLSEC-GNUTLS-APP" href="xmlsec-gnutls-app.html">
+<ANCHOR id ="XMLSEC-GNUTLS-CRYPTO" href="xmlsec-gnutls-crypto.html">
+<ANCHOR id ="XMLSEC-GCRYPT-APP" href="xmlsec-gcrypt-app.html">
+<ANCHOR id ="XMLSEC-GCRYPT-CRYPTO" href="xmlsec-gcrypt-crypto.html">
+<ANCHOR id ="XMLSEC-NSS-APP" href="xmlsec-nss-app.html">
+<ANCHOR id ="XMLSEC-NSS-BIGNUM" href="xmlsec-nss-bignum.html">
+<ANCHOR id ="XMLSEC-NSS-CRYPTO" href="xmlsec-nss-crypto.html">
+<ANCHOR id ="XMLSEC-NSS-KEYSSTORE" href="xmlsec-nss-keysstore.html">
+<ANCHOR id ="XMLSEC-NSS-PKIKEYS" href="xmlsec-nss-pkikeys.html">
+<ANCHOR id ="XMLSEC-NSS-X509" href="xmlsec-nss-x509.html">
+<ANCHOR id ="XMLSEC-MSCRYPTO-APP" href="xmlsec-mscrypto-app.html">
+<ANCHOR id ="XMLSEC-MSCRYPTO-CERTKEYS" href="xmlsec-mscrypto-certkeys.html">
+<ANCHOR id ="XMLSEC-MSCRYPTO-CRYPTO" href="xmlsec-mscrypto-crypto.html">
+<ANCHOR id ="XMLSEC-MSCRYPTO-KEYSSTORE" href="xmlsec-mscrypto-keysstore.html">
+<ANCHOR id ="XMLSEC-MSCRYPTO-X509" href="xmlsec-mscrypto-x509.html">
diff --git a/docs/api/left.png b/docs/api/left.png
new file mode 100644
index 00000000..2d05b3d5
--- /dev/null
+++ b/docs/api/left.png
Binary files differ
diff --git a/docs/api/right.png b/docs/api/right.png
new file mode 100644
index 00000000..92832e3a
--- /dev/null
+++ b/docs/api/right.png
Binary files differ
diff --git a/docs/api/up.png b/docs/api/up.png
new file mode 100644
index 00000000..85b3e2a2
--- /dev/null
+++ b/docs/api/up.png
Binary files differ
diff --git a/docs/api/xmlsec-app.html b/docs/api/xmlsec-app.html
new file mode 100644
index 00000000..b6fa538d
--- /dev/null
+++ b/docs/api/xmlsec-app.html
@@ -0,0 +1,1525 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>app</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Core Library API Reference." href="xmlsec-ref.html">
+<link rel="PREVIOUS" title="XML Security Core Library API Reference." href="xmlsec-ref.html">
+<link rel="NEXT" title="base64" href="xmlsec-base64.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-ref.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-base64.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-APP"></a>app</h1>
+<div class="REFNAMEDIV">
+<a name="AEN836"></a><h2>Name</h2>app -- Crypto-engine independent application support function.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-APP.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-app.html#XMLSECCRYPTOINIT">xmlSecCryptoInit</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-app.html#XMLSECCRYPTOSHUTDOWN">xmlSecCryptoShutdown</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-app.html#XMLSECCRYPTOKEYSMNGRINIT">xmlSecCryptoKeysMngrInit</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>);
+#define <a href="xmlsec-app.html#XMLSECKEYDATAAESID">xmlSecKeyDataAesId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECKEYDATAAESGETKLASS">xmlSecKeyDataAesGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECKEYDATADESID">xmlSecKeyDataDesId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECKEYDATADESGETKLASS">xmlSecKeyDataDesGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECKEYDATADSAID">xmlSecKeyDataDsaId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECKEYDATADSAGETKLASS">xmlSecKeyDataDsaGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECKEYDATAGOST2001ID">xmlSecKeyDataGost2001Id</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECKEYDATAGOST2001GETKLASS">xmlSecKeyDataGost2001GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECKEYDATAHMACID">xmlSecKeyDataHmacId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECKEYDATAHMACGETKLASS">xmlSecKeyDataHmacGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECKEYDATARSAID">xmlSecKeyDataRsaId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECKEYDATARSAGETKLASS">xmlSecKeyDataRsaGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECKEYDATAX509ID">xmlSecKeyDataX509Id</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECKEYDATAX509GETKLASS">xmlSecKeyDataX509GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECKEYDATARAWX509CERTID">xmlSecKeyDataRawX509CertId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECKEYDATARAWX509CERTGETKLASS">xmlSecKeyDataRawX509CertGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECX509STOREID">xmlSecX509StoreId</a>
+<gtkdoclink href="XMLSECKEYDATASTOREID"><span class="RETURNVALUE">xmlSecKeyDataStoreId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECX509STOREGETKLASS">xmlSecX509StoreGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECTRANSFORMAES128CBCID">xmlSecTransformAes128CbcId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECTRANSFORMAES128CBCGETKLASS">xmlSecTransformAes128CbcGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECTRANSFORMAES192CBCID">xmlSecTransformAes192CbcId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECTRANSFORMAES192CBCGETKLASS">xmlSecTransformAes192CbcGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECTRANSFORMAES256CBCID">xmlSecTransformAes256CbcId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECTRANSFORMAES256CBCGETKLASS">xmlSecTransformAes256CbcGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECTRANSFORMKWAES128ID">xmlSecTransformKWAes128Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECTRANSFORMKWAES128GETKLASS">xmlSecTransformKWAes128GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECTRANSFORMKWAES192ID">xmlSecTransformKWAes192Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECTRANSFORMKWAES192GETKLASS">xmlSecTransformKWAes192GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECTRANSFORMKWAES256ID">xmlSecTransformKWAes256Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECTRANSFORMKWAES256GETKLASS">xmlSecTransformKWAes256GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECTRANSFORMDES3CBCID">xmlSecTransformDes3CbcId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECTRANSFORMDES3CBCGETKLASS">xmlSecTransformDes3CbcGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECTRANSFORMKWDES3ID">xmlSecTransformKWDes3Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECTRANSFORMKWDES3GETKLASS">xmlSecTransformKWDes3GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECTRANSFORMDSASHA1ID">xmlSecTransformDsaSha1Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECTRANSFORMDSASHA1GETKLASS">xmlSecTransformDsaSha1GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECTRANSFORMGOST2001GOSTR3411-94ID">xmlSecTransformGost2001GostR3411_94Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECTRANSFORMGOST2001GOSTR3411-94GETKLASS">xmlSecTransformGost2001GostR3411_94GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECTRANSFORMHMACMD5ID">xmlSecTransformHmacMd5Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECTRANSFORMHMACMD5GETKLASS">xmlSecTransformHmacMd5GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECTRANSFORMHMACRIPEMD160ID">xmlSecTransformHmacRipemd160Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECTRANSFORMHMACRIPEMD160GETKLASS">xmlSecTransformHmacRipemd160GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECTRANSFORMHMACSHA1ID">xmlSecTransformHmacSha1Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECTRANSFORMHMACSHA1GETKLASS">xmlSecTransformHmacSha1GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECTRANSFORMHMACSHA224ID">xmlSecTransformHmacSha224Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECTRANSFORMHMACSHA224GETKLASS">xmlSecTransformHmacSha224GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECTRANSFORMHMACSHA256ID">xmlSecTransformHmacSha256Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECTRANSFORMHMACSHA256GETKLASS">xmlSecTransformHmacSha256GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECTRANSFORMHMACSHA384ID">xmlSecTransformHmacSha384Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECTRANSFORMHMACSHA384GETKLASS">xmlSecTransformHmacSha384GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECTRANSFORMHMACSHA512ID">xmlSecTransformHmacSha512Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECTRANSFORMHMACSHA512GETKLASS">xmlSecTransformHmacSha512GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECTRANSFORMMD5ID">xmlSecTransformMd5Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECTRANSFORMMD5GETKLASS">xmlSecTransformMd5GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECTRANSFORMRIPEMD160ID">xmlSecTransformRipemd160Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECTRANSFORMRIPEMD160GETKLASS">xmlSecTransformRipemd160GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECTRANSFORMRSAMD5ID">xmlSecTransformRsaMd5Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECTRANSFORMRSAMD5GETKLASS">xmlSecTransformRsaMd5GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECTRANSFORMRSARIPEMD160ID">xmlSecTransformRsaRipemd160Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECTRANSFORMRSARIPEMD160GETKLASS">xmlSecTransformRsaRipemd160GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECTRANSFORMRSASHA1ID">xmlSecTransformRsaSha1Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECTRANSFORMRSASHA1GETKLASS">xmlSecTransformRsaSha1GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECTRANSFORMRSASHA224ID">xmlSecTransformRsaSha224Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECTRANSFORMRSASHA224GETKLASS">xmlSecTransformRsaSha224GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECTRANSFORMRSASHA256ID">xmlSecTransformRsaSha256Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECTRANSFORMRSASHA256GETKLASS">xmlSecTransformRsaSha256GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECTRANSFORMRSASHA384ID">xmlSecTransformRsaSha384Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECTRANSFORMRSASHA384GETKLASS">xmlSecTransformRsaSha384GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECTRANSFORMRSASHA512ID">xmlSecTransformRsaSha512Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECTRANSFORMRSASHA512GETKLASS">xmlSecTransformRsaSha512GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECTRANSFORMRSAPKCS1ID">xmlSecTransformRsaPkcs1Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECTRANSFORMRSAPKCS1GETKLASS">xmlSecTransformRsaPkcs1GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECTRANSFORMRSAOAEPID">xmlSecTransformRsaOaepId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECTRANSFORMRSAOAEPGETKLASS">xmlSecTransformRsaOaepGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECTRANSFORMGOSTR3411-94ID">xmlSecTransformGostR3411_94Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECTRANSFORMGOSTR3411-94GETKLASS">xmlSecTransformGostR3411_94GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECTRANSFORMSHA1ID">xmlSecTransformSha1Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECTRANSFORMSHA1GETKLASS">xmlSecTransformSha1GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECTRANSFORMSHA224ID">xmlSecTransformSha224Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECTRANSFORMSHA224GETKLASS">xmlSecTransformSha224GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECTRANSFORMSHA256ID">xmlSecTransformSha256Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECTRANSFORMSHA256GETKLASS">xmlSecTransformSha256GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECTRANSFORMSHA384ID">xmlSecTransformSha384Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECTRANSFORMSHA384GETKLASS">xmlSecTransformSha384GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-app.html#XMLSECTRANSFORMSHA512ID">xmlSecTransformSha512Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-app.html#XMLSECTRANSFORMSHA512GETKLASS">xmlSecTransformSha512GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-app.html#XMLSECCRYPTOAPPINIT">xmlSecCryptoAppInit</a> (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *config</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-app.html#XMLSECCRYPTOAPPSHUTDOWN">xmlSecCryptoAppShutdown</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-app.html#XMLSECCRYPTOAPPDEFAULTKEYSMNGRINIT">xmlSecCryptoAppDefaultKeysMngrInit</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-app.html#XMLSECCRYPTOAPPDEFAULTKEYSMNGRADOPTKEY">xmlSecCryptoAppDefaultKeysMngrAdoptKey</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-app.html#XMLSECCRYPTOAPPDEFAULTKEYSMNGRLOAD">xmlSecCryptoAppDefaultKeysMngrLoad</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *uri</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-app.html#XMLSECCRYPTOAPPDEFAULTKEYSMNGRSAVE">xmlSecCryptoAppDefaultKeysMngrSave</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-app.html#XMLSECCRYPTOAPPKEYSMNGRCERTLOAD">xmlSecCryptoAppKeysMngrCertLoad</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-app.html#XMLSECCRYPTOAPPKEYSMNGRCERTLOADMEMORY">xmlSecCryptoAppKeysMngrCertLoadMemory</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-app.html#XMLSECCRYPTOAPPKEYLOAD">xmlSecCryptoAppKeyLoad</a> (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-app.html#XMLSECCRYPTOAPPKEYLOADMEMORY">xmlSecCryptoAppKeyLoadMemory</a> (<code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-app.html#XMLSECCRYPTOAPPPKCS12LOAD">xmlSecCryptoAppPkcs12Load</a> (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-app.html#XMLSECCRYPTOAPPPKCS12LOADMEMORY">xmlSecCryptoAppPkcs12LoadMemory</a> (<code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-app.html#XMLSECCRYPTOAPPKEYCERTLOAD">xmlSecCryptoAppKeyCertLoad</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-app.html#XMLSECCRYPTOAPPKEYCERTLOADMEMORY">xmlSecCryptoAppKeyCertLoadMemory</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink>* <a href="xmlsec-app.html#XMLSECCRYPTOAPPGETDEFAULTPWDCALLBACK">xmlSecCryptoAppGetDefaultPwdCallback</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-APP.DESCRIPTION"></a><h2>Description</h2>
+<p>Crypto-engine application support function used by xmlsec command line utility.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-APP.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECCRYPTOINIT"></a><h3>xmlSecCryptoInit ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecCryptoInit (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>XMLSec library specific crypto engine initialization.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN1316"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECCRYPTOSHUTDOWN"></a><h3>xmlSecCryptoShutdown ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecCryptoShutdown (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>XMLSec library specific crypto engine shutdown.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN1332"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECCRYPTOKEYSMNGRINIT"></a><h3>xmlSecCryptoKeysMngrInit ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecCryptoKeysMngrInit (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>);</pre>
+<p>Adds crypto specific key data stores in keys manager.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN1349"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN1354"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAAESID"></a><h3>xmlSecKeyDataAesId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataAesId xmlSecKeyDataAesGetKlass()</pre>
+<p>The AES key klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAAESGETKLASS"></a><h3>xmlSecKeyDataAesGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecKeyDataAesGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The AES key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN1376"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> AES key data klass or NULL if an error occurs
+(xmlsec-crypto library is not loaded or the AES key data
+klass is not implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATADESID"></a><h3>xmlSecKeyDataDesId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataDesId xmlSecKeyDataDesGetKlass()</pre>
+<p>The DES key klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATADESGETKLASS"></a><h3>xmlSecKeyDataDesGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecKeyDataDesGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The DES key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN1398"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> DES key data klass or NULL if an error occurs
+(xmlsec-crypto library is not loaded or the DES key data
+klass is not implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATADSAID"></a><h3>xmlSecKeyDataDsaId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataDsaId xmlSecKeyDataDsaGetKlass()</pre>
+<p>The DSA key klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATADSAGETKLASS"></a><h3>xmlSecKeyDataDsaGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecKeyDataDsaGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The DSA key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN1420"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> DSA key data klass or NULL if an error occurs
+(xmlsec-crypto library is not loaded or the DSA key data
+klass is not implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAGOST2001ID"></a><h3>xmlSecKeyDataGost2001Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataGost2001Id xmlSecKeyDataGost2001GetKlass()</pre>
+<p>The GOST2001 key klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAGOST2001GETKLASS"></a><h3>xmlSecKeyDataGost2001GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecKeyDataGost2001GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The GOST2001 key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN1442"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> GOST2001 key data klass or NULL if an error occurs
+(xmlsec-crypto library is not loaded or the GOST2001 key data
+klass is not implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAHMACID"></a><h3>xmlSecKeyDataHmacId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataHmacId xmlSecKeyDataHmacGetKlass()</pre>
+<p>The DHMAC key klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAHMACGETKLASS"></a><h3>xmlSecKeyDataHmacGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecKeyDataHmacGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN1464"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> HMAC key data klass or NULL if an error occurs
+(xmlsec-crypto library is not loaded or the HMAC key data
+klass is not implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATARSAID"></a><h3>xmlSecKeyDataRsaId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataRsaId xmlSecKeyDataRsaGetKlass()</pre>
+<p>The RSA key klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATARSAGETKLASS"></a><h3>xmlSecKeyDataRsaGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecKeyDataRsaGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN1486"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA key data klass or NULL if an error occurs
+(xmlsec-crypto library is not loaded or the RSA key data
+klass is not implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAX509ID"></a><h3>xmlSecKeyDataX509Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataX509Id xmlSecKeyDataX509GetKlass()</pre>
+<p>The X509 data klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAX509GETKLASS"></a><h3>xmlSecKeyDataX509GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecKeyDataX509GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The X509 key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN1508"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> X509 key data klass or NULL if an error occurs
+(xmlsec-crypto library is not loaded or the X509 key data
+klass is not implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATARAWX509CERTID"></a><h3>xmlSecKeyDataRawX509CertId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataRawX509CertId xmlSecKeyDataRawX509CertGetKlass()</pre>
+<p>The raw X509 certificate klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATARAWX509CERTGETKLASS"></a><h3>xmlSecKeyDataRawX509CertGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecKeyDataRawX509CertGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The raw X509 cert key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN1530"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> raw x509 cert key data klass or NULL if an error occurs
+(xmlsec-crypto library is not loaded or the raw X509 cert key data
+klass is not implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECX509STOREID"></a><h3>xmlSecX509StoreId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecX509StoreId xmlSecX509StoreGetKlass()</pre>
+<p>The X509 store klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECX509STOREGETKLASS"></a><h3>xmlSecX509StoreGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATASTOREID"><span class="RETURNVALUE">xmlSecKeyDataStoreId</span></gtkdoclink> xmlSecX509StoreGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The X509 certificates key data store klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN1552"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to X509 certificates key data store klass or NULL if
+an error occurs (xmlsec-crypto library is not loaded or the raw X509
+cert key data klass is not implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMAES128CBCID"></a><h3>xmlSecTransformAes128CbcId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformAes128CbcId xmlSecTransformAes128CbcGetKlass()</pre>
+<p>The AES128 CBC cipher transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMAES128CBCGETKLASS"></a><h3>xmlSecTransformAes128CbcGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformAes128CbcGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>AES 128 CBC encryption transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN1574"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to AES 128 CBC encryption transform or NULL if an error
+occurs (the xmlsec-crypto library is not loaded or this transform is not
+implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMAES192CBCID"></a><h3>xmlSecTransformAes192CbcId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformAes192CbcId xmlSecTransformAes192CbcGetKlass()</pre>
+<p>The AES192 CBC cipher transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMAES192CBCGETKLASS"></a><h3>xmlSecTransformAes192CbcGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformAes192CbcGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>AES 192 CBC encryption transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN1596"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to AES 192 CBC encryption transform or NULL if an error
+occurs (the xmlsec-crypto library is not loaded or this transform is not
+implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMAES256CBCID"></a><h3>xmlSecTransformAes256CbcId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformAes256CbcId xmlSecTransformAes256CbcGetKlass()</pre>
+<p>The AES256 CBC cipher transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMAES256CBCGETKLASS"></a><h3>xmlSecTransformAes256CbcGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformAes256CbcGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>AES 256 CBC encryption transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN1618"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to AES 256 CBC encryption transform or NULL if an error
+occurs (the xmlsec-crypto library is not loaded or this transform is not
+implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMKWAES128ID"></a><h3>xmlSecTransformKWAes128Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformKWAes128Id xmlSecTransformKWAes128GetKlass()</pre>
+<p>The AES 128 key wrap transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMKWAES128GETKLASS"></a><h3>xmlSecTransformKWAes128GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformKWAes128GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The AES-128 kew wrapper transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN1640"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> AES-128 kew wrapper transform klass or NULL if an error
+occurs (the xmlsec-crypto library is not loaded or this transform is not
+implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMKWAES192ID"></a><h3>xmlSecTransformKWAes192Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformKWAes192Id xmlSecTransformKWAes192GetKlass()</pre>
+<p>The AES 192 key wrap transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMKWAES192GETKLASS"></a><h3>xmlSecTransformKWAes192GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformKWAes192GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The AES-192 kew wrapper transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN1662"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> AES-192 kew wrapper transform klass or NULL if an error
+occurs (the xmlsec-crypto library is not loaded or this transform is not
+implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMKWAES256ID"></a><h3>xmlSecTransformKWAes256Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformKWAes256Id xmlSecTransformKWAes256GetKlass()</pre>
+<p>The AES 256 key wrap transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMKWAES256GETKLASS"></a><h3>xmlSecTransformKWAes256GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformKWAes256GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The AES-256 kew wrapper transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN1684"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> AES-256 kew wrapper transform klass or NULL if an error
+occurs (the xmlsec-crypto library is not loaded or this transform is not
+implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMDES3CBCID"></a><h3>xmlSecTransformDes3CbcId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformDes3CbcId xmlSecTransformDes3CbcGetKlass()</pre>
+<p>The Triple DES encryption transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMDES3CBCGETKLASS"></a><h3>xmlSecTransformDes3CbcGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformDes3CbcGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Triple DES CBC encryption transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN1706"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to Triple DES encryption transform or NULL if an error
+occurs (the xmlsec-crypto library is not loaded or this transform is not
+implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMKWDES3ID"></a><h3>xmlSecTransformKWDes3Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformKWDes3Id xmlSecTransformKWDes3GetKlass()</pre>
+<p>The DES3 CBC cipher transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMKWDES3GETKLASS"></a><h3>xmlSecTransformKWDes3GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformKWDes3GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The Triple DES key wrapper transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN1728"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> Triple DES key wrapper transform klass or NULL if an error
+occurs (the xmlsec-crypto library is not loaded or this transform is not
+implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMDSASHA1ID"></a><h3>xmlSecTransformDsaSha1Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformDsaSha1Id xmlSecTransformDsaSha1GetKlass()</pre>
+<p>The DSA-SHA1 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMDSASHA1GETKLASS"></a><h3>xmlSecTransformDsaSha1GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformDsaSha1GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The DSA-SHA1 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN1750"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> DSA-SHA1 signature transform klass or NULL if an error
+occurs (the xmlsec-crypto library is not loaded or this transform is not
+implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMGOST2001GOSTR3411-94ID"></a><h3>xmlSecTransformGost2001GostR3411_94Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformGost2001GostR3411_94Id xmlSecTransformGost2001GostR3411_94GetKlass()</pre>
+<p>The GOST2001-GOSTR3411_94 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMGOST2001GOSTR3411-94GETKLASS"></a><h3>xmlSecTransformGost2001GostR3411_94GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformGost2001GostR3411_94GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The GOST2001-GOSTR3411_94 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN1772"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> GOST2001-GOSTR3411_94 signature transform klass or NULL if an error
+occurs (the xmlsec-crypto library is not loaded or this transform is not
+implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMHMACMD5ID"></a><h3>xmlSecTransformHmacMd5Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformHmacMd5Id xmlSecTransformHmacMd5GetKlass()</pre>
+<p>The HMAC with MD5 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMHMACMD5GETKLASS"></a><h3>xmlSecTransformHmacMd5GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformHmacMd5GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-MD5 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN1794"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-MD5 transform klass or NULL if an error
+occurs (the xmlsec-crypto library is not loaded or this transform is not
+implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMHMACRIPEMD160ID"></a><h3>xmlSecTransformHmacRipemd160Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformHmacRipemd160Id xmlSecTransformHmacRipemd160GetKlass()</pre>
+<p>The HMAC with RipeMD160 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMHMACRIPEMD160GETKLASS"></a><h3>xmlSecTransformHmacRipemd160GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformHmacRipemd160GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-RIPEMD160 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN1816"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-RIPEMD160 transform klass or NULL if an error
+occurs (the xmlsec-crypto library is not loaded or this transform is not
+implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMHMACSHA1ID"></a><h3>xmlSecTransformHmacSha1Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformHmacSha1Id xmlSecTransformHmacSha1GetKlass()</pre>
+<p>The HMAC with SHA1 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMHMACSHA1GETKLASS"></a><h3>xmlSecTransformHmacSha1GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformHmacSha1GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-SHA1 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN1838"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-SHA1 transform klass or NULL if an error
+occurs (the xmlsec-crypto library is not loaded or this transform is not
+implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMHMACSHA224ID"></a><h3>xmlSecTransformHmacSha224Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformHmacSha224Id xmlSecTransformHmacSha224GetKlass()</pre>
+<p>The HMAC with SHA224 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMHMACSHA224GETKLASS"></a><h3>xmlSecTransformHmacSha224GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformHmacSha224GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-SHA224 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN1860"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-SHA224 transform klass or NULL if an error
+occurs (the xmlsec-crypto library is not loaded or this transform is not
+implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMHMACSHA256ID"></a><h3>xmlSecTransformHmacSha256Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformHmacSha256Id xmlSecTransformHmacSha256GetKlass()</pre>
+<p>The HMAC with SHA256 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMHMACSHA256GETKLASS"></a><h3>xmlSecTransformHmacSha256GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformHmacSha256GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-SHA256 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN1882"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-SHA256 transform klass or NULL if an error
+occurs (the xmlsec-crypto library is not loaded or this transform is not
+implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMHMACSHA384ID"></a><h3>xmlSecTransformHmacSha384Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformHmacSha384Id xmlSecTransformHmacSha384GetKlass()</pre>
+<p>The HMAC with SHA384 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMHMACSHA384GETKLASS"></a><h3>xmlSecTransformHmacSha384GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformHmacSha384GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-SHA384 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN1904"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-SHA384 transform klass or NULL if an error
+occurs (the xmlsec-crypto library is not loaded or this transform is not
+implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMHMACSHA512ID"></a><h3>xmlSecTransformHmacSha512Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformHmacSha512Id xmlSecTransformHmacSha512GetKlass()</pre>
+<p>The HMAC with SHA512 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMHMACSHA512GETKLASS"></a><h3>xmlSecTransformHmacSha512GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformHmacSha512GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-SHA512 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN1926"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-SHA512 transform klass or NULL if an error
+occurs (the xmlsec-crypto library is not loaded or this transform is not
+implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMMD5ID"></a><h3>xmlSecTransformMd5Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformMd5Id xmlSecTransformMd5GetKlass()</pre>
+<p>The MD5 digest transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMMD5GETKLASS"></a><h3>xmlSecTransformMd5GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformMd5GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>MD5 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN1948"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to MD5 digest transform klass or NULL if an error
+occurs (the xmlsec-crypto library is not loaded or this transform is not
+implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMRIPEMD160ID"></a><h3>xmlSecTransformRipemd160Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformRipemd160Id xmlSecTransformRipemd160GetKlass()</pre>
+<p>The RIPEMD160 digest transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMRIPEMD160GETKLASS"></a><h3>xmlSecTransformRipemd160GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformRipemd160GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>RIPEMD-160 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN1970"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to RIPEMD-160 digest transform klass or NULL if an error
+occurs (the xmlsec-crypto library is not loaded or this transform is not
+implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMRSAMD5ID"></a><h3>xmlSecTransformRsaMd5Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformRsaMd5Id xmlSecTransformRsaMd5GetKlass()</pre>
+<p>The RSA-MD5 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMRSAMD5GETKLASS"></a><h3>xmlSecTransformRsaMd5GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformRsaMd5GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-MD5 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN1992"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-MD5 signature transform klass or NULL if an error
+occurs (the xmlsec-crypto library is not loaded or this transform is not
+implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMRSARIPEMD160ID"></a><h3>xmlSecTransformRsaRipemd160Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformRsaRipemd160Id xmlSecTransformRsaRipemd160GetKlass()</pre>
+<p>The RSA-RIPEMD160 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMRSARIPEMD160GETKLASS"></a><h3>xmlSecTransformRsaRipemd160GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformRsaRipemd160GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-RIPEMD160 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN2014"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-RIPEMD160 signature transform klass or NULL if an error
+occurs (the xmlsec-crypto library is not loaded or this transform is not
+implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMRSASHA1ID"></a><h3>xmlSecTransformRsaSha1Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformRsaSha1Id xmlSecTransformRsaSha1GetKlass()</pre>
+<p>The RSA-SHA1 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMRSASHA1GETKLASS"></a><h3>xmlSecTransformRsaSha1GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformRsaSha1GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-SHA1 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN2036"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-SHA1 signature transform klass or NULL if an error
+occurs (the xmlsec-crypto library is not loaded or this transform is not
+implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMRSASHA224ID"></a><h3>xmlSecTransformRsaSha224Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformRsaSha224Id xmlSecTransformRsaSha224GetKlass()</pre>
+<p>The RSA-SHA224 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMRSASHA224GETKLASS"></a><h3>xmlSecTransformRsaSha224GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformRsaSha224GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-SHA224 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN2058"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-SHA224 signature transform klass or NULL if an error
+occurs (the xmlsec-crypto library is not loaded or this transform is not
+implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMRSASHA256ID"></a><h3>xmlSecTransformRsaSha256Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformRsaSha256Id xmlSecTransformRsaSha256GetKlass()</pre>
+<p>The RSA-SHA256 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMRSASHA256GETKLASS"></a><h3>xmlSecTransformRsaSha256GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformRsaSha256GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-SHA256 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN2080"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-SHA256 signature transform klass or NULL if an error
+occurs (the xmlsec-crypto library is not loaded or this transform is not
+implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMRSASHA384ID"></a><h3>xmlSecTransformRsaSha384Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformRsaSha384Id xmlSecTransformRsaSha384GetKlass()</pre>
+<p>The RSA-SHA384 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMRSASHA384GETKLASS"></a><h3>xmlSecTransformRsaSha384GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformRsaSha384GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-SHA384 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN2102"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-SHA384 signature transform klass or NULL if an error
+occurs (the xmlsec-crypto library is not loaded or this transform is not
+implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMRSASHA512ID"></a><h3>xmlSecTransformRsaSha512Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformRsaSha512Id xmlSecTransformRsaSha512GetKlass()</pre>
+<p>The RSA-SHA512 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMRSASHA512GETKLASS"></a><h3>xmlSecTransformRsaSha512GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformRsaSha512GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-SHA512 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN2124"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-SHA512 signature transform klass or NULL if an error
+occurs (the xmlsec-crypto library is not loaded or this transform is not
+implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMRSAPKCS1ID"></a><h3>xmlSecTransformRsaPkcs1Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformRsaPkcs1Id xmlSecTransformRsaPkcs1GetKlass()</pre>
+<p>The RSA PKCS1 key transport transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMRSAPKCS1GETKLASS"></a><h3>xmlSecTransformRsaPkcs1GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformRsaPkcs1GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-PKCS1 key transport transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN2146"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-PKCS1 key transport transform klass or NULL if an error
+occurs (the xmlsec-crypto library is not loaded or this transform is not
+implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMRSAOAEPID"></a><h3>xmlSecTransformRsaOaepId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformRsaOaepId xmlSecTransformRsaOaepGetKlass()</pre>
+<p>The RSA PKCS1 key transport transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMRSAOAEPGETKLASS"></a><h3>xmlSecTransformRsaOaepGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformRsaOaepGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-OAEP key transport transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN2168"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-OAEP key transport transform klass or NULL if an error
+occurs (the xmlsec-crypto library is not loaded or this transform is not
+implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMGOSTR3411-94ID"></a><h3>xmlSecTransformGostR3411_94Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformGostR3411_94Id xmlSecTransformGostR3411_94GetKlass()</pre>
+<p>The GOSTR3411_94 digest transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMGOSTR3411-94GETKLASS"></a><h3>xmlSecTransformGostR3411_94GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformGostR3411_94GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>GOSTR3411_94 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN2190"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to GOSTR3411_94 digest transform klass or NULL if an error
+occurs (the xmlsec-crypto library is not loaded or this transform is not
+implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMSHA1ID"></a><h3>xmlSecTransformSha1Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformSha1Id xmlSecTransformSha1GetKlass()</pre>
+<p>The SHA1 digest transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMSHA1GETKLASS"></a><h3>xmlSecTransformSha1GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformSha1GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>SHA-1 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN2212"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to SHA-1 digest transform klass or NULL if an error
+occurs (the xmlsec-crypto library is not loaded or this transform is not
+implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMSHA224ID"></a><h3>xmlSecTransformSha224Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformSha224Id xmlSecTransformSha224GetKlass()</pre>
+<p>The SHA224 digest transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMSHA224GETKLASS"></a><h3>xmlSecTransformSha224GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformSha224GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>SHA224 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN2234"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to SHA224 digest transform klass or NULL if an error
+occurs (the xmlsec-crypto library is not loaded or this transform is not
+implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMSHA256ID"></a><h3>xmlSecTransformSha256Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformSha256Id xmlSecTransformSha256GetKlass()</pre>
+<p>The SHA256 digest transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMSHA256GETKLASS"></a><h3>xmlSecTransformSha256GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformSha256GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>SHA256 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN2256"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to SHA256 digest transform klass or NULL if an error
+occurs (the xmlsec-crypto library is not loaded or this transform is not
+implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMSHA384ID"></a><h3>xmlSecTransformSha384Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformSha384Id xmlSecTransformSha384GetKlass()</pre>
+<p>The SHA384 digest transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMSHA384GETKLASS"></a><h3>xmlSecTransformSha384GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformSha384GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>SHA384 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN2278"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to SHA384 digest transform klass or NULL if an error
+occurs (the xmlsec-crypto library is not loaded or this transform is not
+implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMSHA512ID"></a><h3>xmlSecTransformSha512Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformSha512Id xmlSecTransformSha512GetKlass()</pre>
+<p>The SHA512 digest transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMSHA512GETKLASS"></a><h3>xmlSecTransformSha512GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformSha512GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>SHA512 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN2300"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to SHA512 digest transform klass or NULL if an error
+occurs (the xmlsec-crypto library is not loaded or this transform is not
+implemented).</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECCRYPTOAPPINIT"></a><h3>xmlSecCryptoAppInit ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecCryptoAppInit (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *config</code>);</pre>
+<p>General crypto engine initialization. This function is used
+by XMLSec command line utility and called before
+<code class="PARAMETER">xmlSecInit</code> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2318"><span style="white-space: nowrap"><code class="PARAMETER">config</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the path to crypto library configuration.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2323"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECCRYPTOAPPSHUTDOWN"></a><h3>xmlSecCryptoAppShutdown ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecCryptoAppShutdown (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>General crypto engine shutdown. This function is used
+by XMLSec command line utility and called after
+<code class="PARAMETER">xmlSecShutdown</code> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN2340"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECCRYPTOAPPDEFAULTKEYSMNGRINIT"></a><h3>xmlSecCryptoAppDefaultKeysMngrInit ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecCryptoAppDefaultKeysMngrInit (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>);</pre>
+<p>Initializes <code class="PARAMETER">mngr</code> with simple keys store <a href="xmlsec-keysmngr.html#XMLSECSIMPLEKEYSSTOREID"><span class="TYPE">xmlSecSimpleKeysStoreId</span></a>
+and a default crypto key data stores.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2360"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2365"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECCRYPTOAPPDEFAULTKEYSMNGRADOPTKEY"></a><h3>xmlSecCryptoAppDefaultKeysMngrAdoptKey ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecCryptoAppDefaultKeysMngrAdoptKey
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);</pre>
+<p>Adds <code class="PARAMETER">key</code> to the keys manager <code class="PARAMETER">mngr</code> created with <a href="xmlsec-app.html#XMLSECCRYPTOAPPDEFAULTKEYSMNGRINIT"><span class="TYPE">xmlSecCryptoAppDefaultKeysMngrInit</span></a>
+function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2389"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2394"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2399"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECCRYPTOAPPDEFAULTKEYSMNGRLOAD"></a><h3>xmlSecCryptoAppDefaultKeysMngrLoad ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecCryptoAppDefaultKeysMngrLoad (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *uri</code>);</pre>
+<p>Loads XML keys file from <code class="PARAMETER">uri</code> to the keys manager <code class="PARAMETER">mngr</code> created
+with <a href="xmlsec-app.html#XMLSECCRYPTOAPPDEFAULTKEYSMNGRINIT"><span class="TYPE">xmlSecCryptoAppDefaultKeysMngrInit</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2423"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2428"><span style="white-space: nowrap"><code class="PARAMETER">uri</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the uri.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2433"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECCRYPTOAPPDEFAULTKEYSMNGRSAVE"></a><h3>xmlSecCryptoAppDefaultKeysMngrSave ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecCryptoAppDefaultKeysMngrSave (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);</pre>
+<p>Saves keys from <code class="PARAMETER">mngr</code> to XML keys file.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2457"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2462"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the destination filename.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2467"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the type of keys to save (public/private/symmetric).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2472"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECCRYPTOAPPKEYSMNGRCERTLOAD"></a><h3>xmlSecCryptoAppKeysMngrCertLoad ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecCryptoAppKeysMngrCertLoad (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);</pre>
+<p>Reads cert from <code class="PARAMETER">filename</code> and adds to the list of trusted or known
+untrusted certs in <code class="PARAMETER">store</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2500"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2505"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate file.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2510"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate file format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2515"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the flag that indicates is the certificate in <code class="PARAMETER">filename</code>
+ trusted or not.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2521"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECCRYPTOAPPKEYSMNGRCERTLOADMEMORY"></a><h3>xmlSecCryptoAppKeysMngrCertLoadMemory ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecCryptoAppKeysMngrCertLoadMemory
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);</pre>
+<p>Reads cert from binary buffer <code class="PARAMETER">data</code> and adds to the list of trusted or known
+untrusted certs in <code class="PARAMETER">store</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2552"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2557"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate binary data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2562"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate binary data size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2567"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate file format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2572"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the flag that indicates is the certificate trusted or not.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2577"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECCRYPTOAPPKEYLOAD"></a><h3>xmlSecCryptoAppKeyLoad ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecCryptoAppKeyLoad (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);</pre>
+<p>Reads key from the a file.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2606"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key filename.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2611"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key file format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2616"><span style="white-space: nowrap"><code class="PARAMETER">pwd</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key file password.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2621"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallback</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2626"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallbackCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the user context for password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2631"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECCRYPTOAPPKEYLOADMEMORY"></a><h3>xmlSecCryptoAppKeyLoadMemory ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecCryptoAppKeyLoadMemory (<code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);</pre>
+<p>Reads key from the memory buffer.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2663"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the binary key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2668"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the size of binary key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2673"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key file format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2678"><span style="white-space: nowrap"><code class="PARAMETER">pwd</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key file password.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2683"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallback</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2688"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallbackCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the user context for password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2693"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECCRYPTOAPPPKCS12LOAD"></a><h3>xmlSecCryptoAppPkcs12Load ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecCryptoAppPkcs12Load (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);</pre>
+<p>Reads key and all associated certificates from the PKCS12 file.
+For uniformity, call xmlSecCryptoAppKeyLoad instead of this function. Pass
+in format=xmlSecKeyDataFormatPkcs12.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2719"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the PKCS12 key filename.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2724"><span style="white-space: nowrap"><code class="PARAMETER">pwd</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the PKCS12 file password.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2729"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallback</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2734"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallbackCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the user context for password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2739"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECCRYPTOAPPPKCS12LOADMEMORY"></a><h3>xmlSecCryptoAppPkcs12LoadMemory ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecCryptoAppPkcs12LoadMemory (<code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);</pre>
+<p>Reads key and all associated certificates from the PKCS12 data in memory buffer.
+For uniformity, call xmlSecCryptoAppKeyLoadMemory instead of this function. Pass
+in format=xmlSecKeyDataFormatPkcs12.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2768"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the PKCS12 binary data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2773"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the PKCS12 binary data size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2778"><span style="white-space: nowrap"><code class="PARAMETER">pwd</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the PKCS12 file password.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2783"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallback</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2788"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallbackCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the user context for password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2793"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECCRYPTOAPPKEYCERTLOAD"></a><h3>xmlSecCryptoAppKeyCertLoad ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecCryptoAppKeyCertLoad (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>);</pre>
+<p>Reads the certificate from $<code class="PARAMETER">filename</code> and adds it to key.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2817"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2822"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate filename.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2827"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate file format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2832"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECCRYPTOAPPKEYCERTLOADMEMORY"></a><h3>xmlSecCryptoAppKeyCertLoadMemory ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecCryptoAppKeyCertLoadMemory (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>);</pre>
+<p>Reads the certificate from memory buffer and adds it to key.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2858"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2863"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate binary data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2868"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate binary data size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2873"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate file format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN2878"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECCRYPTOAPPGETDEFAULTPWDCALLBACK"></a><h3>xmlSecCryptoAppGetDefaultPwdCallback ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink>* xmlSecCryptoAppGetDefaultPwdCallback
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Gets default password callback.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN2894"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> default password callback.</p></td>
+</tr></tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-ref.html"><b>&lt;&lt;&lt; XML Security Core Library API Reference.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-base64.html"><b>base64 &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-base64.html b/docs/api/xmlsec-base64.html
new file mode 100644
index 00000000..c755f3c3
--- /dev/null
+++ b/docs/api/xmlsec-base64.html
@@ -0,0 +1,357 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>base64</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Core Library API Reference." href="xmlsec-ref.html">
+<link rel="PREVIOUS" title="app" href="xmlsec-app.html">
+<link rel="NEXT" title="bn" href="xmlsec-bn.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-app.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-bn.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-BASE64"></a>base64</h1>
+<div class="REFNAMEDIV">
+<a name="AEN2904"></a><h2>Name</h2>base64 -- Base64 encoding/decoding functions.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-BASE64.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS">#define <a href="xmlsec-base64.html#XMLSEC-BASE64-LINESIZE:CAPS">XMLSEC_BASE64_LINESIZE</a>
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-base64.html#XMLSECBASE64GETDEFAULTLINESIZE">xmlSecBase64GetDefaultLineSize</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-base64.html#XMLSECBASE64SETDEFAULTLINESIZE">xmlSecBase64SetDefaultLineSize</a> (<code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> columns</code>);
+<gtkdoclink href="XMLSECBASE64CTX"><span class="RETURNVALUE">xmlSecBase64CtxPtr</span></gtkdoclink><a href="xmlsec-base64.html#XMLSECBASE64CTXCREATE">xmlSecBase64CtxCreate</a> (<code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> encode</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> columns</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-base64.html#XMLSECBASE64CTXDESTROY">xmlSecBase64CtxDestroy</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECBASE64CTX"><span class="TYPE">xmlSecBase64CtxPtr</span></gtkdoclink> ctx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-base64.html#XMLSECBASE64CTXINITIALIZE">xmlSecBase64CtxInitialize</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECBASE64CTX"><span class="TYPE">xmlSecBase64CtxPtr</span></gtkdoclink> ctx</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> encode</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> columns</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-base64.html#XMLSECBASE64CTXFINALIZE">xmlSecBase64CtxFinalize</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECBASE64CTX"><span class="TYPE">xmlSecBase64CtxPtr</span></gtkdoclink> ctx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-base64.html#XMLSECBASE64CTXUPDATE">xmlSecBase64CtxUpdate</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECBASE64CTX"><span class="TYPE">xmlSecBase64CtxPtr</span></gtkdoclink> ctx</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *in</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> inSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *out</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> outSize</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-base64.html#XMLSECBASE64CTXFINAL">xmlSecBase64CtxFinal</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECBASE64CTX"><span class="TYPE">xmlSecBase64CtxPtr</span></gtkdoclink> ctx</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *out</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> outSize</code>);
+<gtkdoclink href="XMLCHAR"><span class="RETURNVALUE">xmlChar</span></gtkdoclink>* <a href="xmlsec-base64.html#XMLSECBASE64ENCODE">xmlSecBase64Encode</a> (<code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> len</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> columns</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-base64.html#XMLSECBASE64DECODE">xmlSecBase64Decode</a> (<code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *str</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> len</code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-BASE64.DESCRIPTION"></a><h2>Description</h2>
+<p>Base64 encoding/decoding functions.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-BASE64.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSEC-BASE64-LINESIZE:CAPS"></a><h3>XMLSEC_BASE64_LINESIZE</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_BASE64_LINESIZE 64</pre>
+<p>The default maximum base64 encoded line size.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBASE64GETDEFAULTLINESIZE"></a><h3>xmlSecBase64GetDefaultLineSize ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecBase64GetDefaultLineSize (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Gets the current default line size.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN3031"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the current default line size.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBASE64SETDEFAULTLINESIZE"></a><h3>xmlSecBase64SetDefaultLineSize ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecBase64SetDefaultLineSize (<code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> columns</code>);</pre>
+<p>Sets the current default line size.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN3048"><span style="white-space: nowrap"><code class="PARAMETER">columns</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>number of columns</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBASE64CTXCREATE"></a><h3>xmlSecBase64CtxCreate ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECBASE64CTX"><span class="RETURNVALUE">xmlSecBase64CtxPtr</span></gtkdoclink> xmlSecBase64CtxCreate (<code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> encode</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> columns</code>);</pre>
+<p>Allocates and initializes new base64 context.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3068"><span style="white-space: nowrap"><code class="PARAMETER">encode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the encode/decode flag (1 - encode, 0 - decode)</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3073"><span style="white-space: nowrap"><code class="PARAMETER">columns</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the max line length.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3078"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> a pointer to newly created <gtkdoclink href="XMLSECBASE64CTX"><span class="TYPE">xmlSecBase64Ctx</span></gtkdoclink> structure
+or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBASE64CTXDESTROY"></a><h3>xmlSecBase64CtxDestroy ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecBase64CtxDestroy (<code class="PARAMETER"><gtkdoclink href="XMLSECBASE64CTX"><span class="TYPE">xmlSecBase64CtxPtr</span></gtkdoclink> ctx</code>);</pre>
+<p>Destroys base64 context.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN3097"><span style="white-space: nowrap"><code class="PARAMETER">ctx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <gtkdoclink href="XMLSECBASE64CTX"><span class="TYPE">xmlSecBase64Ctx</span></gtkdoclink> structure.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBASE64CTXINITIALIZE"></a><h3>xmlSecBase64CtxInitialize ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecBase64CtxInitialize (<code class="PARAMETER"><gtkdoclink href="XMLSECBASE64CTX"><span class="TYPE">xmlSecBase64CtxPtr</span></gtkdoclink> ctx</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> encode</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> columns</code>);</pre>
+<p>Initializes new base64 context.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3122"><span style="white-space: nowrap"><code class="PARAMETER">ctx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <gtkdoclink href="XMLSECBASE64CTX"><span class="TYPE">xmlSecBase64Ctx</span></gtkdoclink> structure,</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3129"><span style="white-space: nowrap"><code class="PARAMETER">encode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the encode/decode flag (1 - encode, 0 - decode)</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3134"><span style="white-space: nowrap"><code class="PARAMETER">columns</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the max line length.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3139"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success and a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBASE64CTXFINALIZE"></a><h3>xmlSecBase64CtxFinalize ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecBase64CtxFinalize (<code class="PARAMETER"><gtkdoclink href="XMLSECBASE64CTX"><span class="TYPE">xmlSecBase64CtxPtr</span></gtkdoclink> ctx</code>);</pre>
+<p>Frees all the resources allocated by <code class="PARAMETER">ctx</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN3157"><span style="white-space: nowrap"><code class="PARAMETER">ctx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <gtkdoclink href="XMLSECBASE64CTX"><span class="TYPE">xmlSecBase64Ctx</span></gtkdoclink> structure,</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBASE64CTXUPDATE"></a><h3>xmlSecBase64CtxUpdate ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecBase64CtxUpdate (<code class="PARAMETER"><gtkdoclink href="XMLSECBASE64CTX"><span class="TYPE">xmlSecBase64CtxPtr</span></gtkdoclink> ctx</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *in</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> inSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *out</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> outSize</code>);</pre>
+<p>Encodes or decodes the next piece of data from input buffer.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3188"><span style="white-space: nowrap"><code class="PARAMETER">ctx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <gtkdoclink href="XMLSECBASE64CTX"><span class="TYPE">xmlSecBase64Ctx</span></gtkdoclink> structure</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3195"><span style="white-space: nowrap"><code class="PARAMETER">in</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the input buffer</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3200"><span style="white-space: nowrap"><code class="PARAMETER">inSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the input buffer size</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3205"><span style="white-space: nowrap"><code class="PARAMETER">out</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the output buffer</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3210"><span style="white-space: nowrap"><code class="PARAMETER">outSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the output buffer size</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3215"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the number of bytes written to output buffer or
+-1 if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBASE64CTXFINAL"></a><h3>xmlSecBase64CtxFinal ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecBase64CtxFinal (<code class="PARAMETER"><gtkdoclink href="XMLSECBASE64CTX"><span class="TYPE">xmlSecBase64CtxPtr</span></gtkdoclink> ctx</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *out</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> outSize</code>);</pre>
+<p>Encodes or decodes the last piece of data stored in the context
+and finalizes the result.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3238"><span style="white-space: nowrap"><code class="PARAMETER">ctx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <gtkdoclink href="XMLSECBASE64CTX"><span class="TYPE">xmlSecBase64Ctx</span></gtkdoclink> structure</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3245"><span style="white-space: nowrap"><code class="PARAMETER">out</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the output buffer</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3250"><span style="white-space: nowrap"><code class="PARAMETER">outSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the output buffer size</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3255"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the number of bytes written to output buffer or
+-1 if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBASE64ENCODE"></a><h3>xmlSecBase64Encode ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLCHAR"><span class="RETURNVALUE">xmlChar</span></gtkdoclink>* xmlSecBase64Encode (<code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> len</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> columns</code>);</pre>
+<p>Encodes the data from input buffer and allocates the string for the result.
+The caller is responsible for freeing returned buffer using
+<gtkdoclink href="XMLFREE"><code class="FUNCTION">xmlFree()</code></gtkdoclink> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3280"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the input buffer.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3285"><span style="white-space: nowrap"><code class="PARAMETER">len</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the input buffer size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3290"><span style="white-space: nowrap"><code class="PARAMETER">columns</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the output max line length (if 0 then no line breaks
+ would be inserted)</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3295"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> newly allocated string with base64 encoded data
+or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBASE64DECODE"></a><h3>xmlSecBase64Decode ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecBase64Decode (<code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *str</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> len</code>);</pre>
+<p>Decodes input base64 encoded string and puts result into
+the output buffer.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3318"><span style="white-space: nowrap"><code class="PARAMETER">str</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the input buffer with base64 encoded string</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3323"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the output buffer</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3328"><span style="white-space: nowrap"><code class="PARAMETER">len</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the output buffer size</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3333"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the number of bytes written to the output buffer or
+a negative value if an error occurs</p></td>
+</tr>
+</tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-app.html"><b>&lt;&lt;&lt; app</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-bn.html"><b>bn &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-bn.html b/docs/api/xmlsec-bn.html
new file mode 100644
index 00000000..9eabf583
--- /dev/null
+++ b/docs/api/xmlsec-bn.html
@@ -0,0 +1,705 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>bn</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Core Library API Reference." href="xmlsec-ref.html">
+<link rel="PREVIOUS" title="base64" href="xmlsec-base64.html">
+<link rel="NEXT" title="buffer" href="xmlsec-buffer.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-base64.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-buffer.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-BN"></a>bn</h1>
+<div class="REFNAMEDIV">
+<a name="AEN3343"></a><h2>Name</h2>bn -- Big numbers support functions.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-BN.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS">enum <a href="xmlsec-bn.html#XMLSECBNFORMAT">xmlSecBnFormat</a>;
+<gtkdoclink href="XMLSECBN"><span class="RETURNVALUE">xmlSecBnPtr</span></gtkdoclink><a href="xmlsec-bn.html#XMLSECBNCREATE">xmlSecBnCreate</a> (<code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-bn.html#XMLSECBNDESTROY">xmlSecBnDestroy</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-bn.html#XMLSECBNINITIALIZE">xmlSecBnInitialize</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-bn.html#XMLSECBNFINALIZE">xmlSecBnFinalize</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>);
+<a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="RETURNVALUE">xmlSecByte</span></a>* <a href="xmlsec-bn.html#XMLSECBNGETDATA">xmlSecBnGetData</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-bn.html#XMLSECBNSETDATA">xmlSecBnSetData</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);
+<a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="RETURNVALUE">xmlSecSize</span></a> <a href="xmlsec-bn.html#XMLSECBNGETSIZE">xmlSecBnGetSize</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-bn.html#XMLSECBNZERO">xmlSecBnZero</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-bn.html#XMLSECBNFROMSTRING">xmlSecBnFromString</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *str</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> base</code>);
+<gtkdoclink href="XMLCHAR"><span class="RETURNVALUE">xmlChar</span></gtkdoclink>* <a href="xmlsec-bn.html#XMLSECBNTOSTRING">xmlSecBnToString</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> base</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-bn.html#XMLSECBNFROMHEXSTRING">xmlSecBnFromHexString</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *str</code>);
+<gtkdoclink href="XMLCHAR"><span class="RETURNVALUE">xmlChar</span></gtkdoclink>* <a href="xmlsec-bn.html#XMLSECBNTOHEXSTRING">xmlSecBnToHexString</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-bn.html#XMLSECBNFROMDECSTRING">xmlSecBnFromDecString</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *str</code>);
+<gtkdoclink href="XMLCHAR"><span class="RETURNVALUE">xmlChar</span></gtkdoclink>* <a href="xmlsec-bn.html#XMLSECBNTODECSTRING">xmlSecBnToDecString</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-bn.html#XMLSECBNMUL">xmlSecBnMul</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> multiplier</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-bn.html#XMLSECBNDIV">xmlSecBnDiv</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> divider</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> *mod</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-bn.html#XMLSECBNADD">xmlSecBnAdd</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> delta</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-bn.html#XMLSECBNREVERSE">xmlSecBnReverse</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-bn.html#XMLSECBNCOMPARE">xmlSecBnCompare</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-bn.html#XMLSECBNCOMPAREREVERSE">xmlSecBnCompareReverse</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-bn.html#XMLSECBNGETNODEVALUE">xmlSecBnGetNodeValue</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> cur</code>,
+ <code class="PARAMETER"><a href="xmlsec-bn.html#XMLSECBNFORMAT"><span class="TYPE">xmlSecBnFormat</span></a> format</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> reverse</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-bn.html#XMLSECBNSETNODEVALUE">xmlSecBnSetNodeValue</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> cur</code>,
+ <code class="PARAMETER"><a href="xmlsec-bn.html#XMLSECBNFORMAT"><span class="TYPE">xmlSecBnFormat</span></a> format</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> reverse</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> addLineBreaks</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-bn.html#XMLSECBNBLOBSETNODEVALUE">xmlSecBnBlobSetNodeValue</a> (<code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> cur</code>,
+ <code class="PARAMETER"><a href="xmlsec-bn.html#XMLSECBNFORMAT"><span class="TYPE">xmlSecBnFormat</span></a> format</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> reverse</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> addLineBreaks</code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-BN.DESCRIPTION"></a><h2>Description</h2>
+<p>Big numbers support functions.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-BN.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECBNFORMAT"></a><h3>enum xmlSecBnFormat</h3>
+<pre class="PROGRAMLISTING">typedef enum {
+ xmlSecBnBase64,
+ xmlSecBnHex,
+ xmlSecBnDec
+} xmlSecBnFormat;</pre>
+<p>The big numbers formats.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECBNBASE64"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecBnBase64</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>the base64 decoded binary blob.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECBNHEX"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecBnHex</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>the hex number.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECBNDEC"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecBnDec</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>the decimal number.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBNCREATE"></a><h3>xmlSecBnCreate ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECBN"><span class="RETURNVALUE">xmlSecBnPtr</span></gtkdoclink> xmlSecBnCreate (<code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);</pre>
+<p>Creates a new BN object. Caller is responsible for destroying it
+by calling <code class="PARAMETER">xmlSecBnDestroy</code> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3612"><span style="white-space: nowrap"><code class="PARAMETER">size</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the initial allocated BN size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3617"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the newly BN or a NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBNDESTROY"></a><h3>xmlSecBnDestroy ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecBnDestroy (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>);</pre>
+<p>Destroys <code class="PARAMETER">bn</code> object created with <code class="PARAMETER">xmlSecBnCreate</code> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN3636"><span style="white-space: nowrap"><code class="PARAMETER">bn</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to BN.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBNINITIALIZE"></a><h3>xmlSecBnInitialize ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecBnInitialize (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);</pre>
+<p>Initializes a BN object. Caller is responsible for destroying it
+by calling <code class="PARAMETER">xmlSecBnFinalize</code> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3657"><span style="white-space: nowrap"><code class="PARAMETER">bn</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to BN.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3662"><span style="white-space: nowrap"><code class="PARAMETER">size</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the initial allocated BN size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3667"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBNFINALIZE"></a><h3>xmlSecBnFinalize ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecBnFinalize (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>);</pre>
+<p>Destroys <code class="PARAMETER">bn</code> object created with <code class="PARAMETER">xmlSecBnInitialize</code> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN3686"><span style="white-space: nowrap"><code class="PARAMETER">bn</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to BN.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBNGETDATA"></a><h3>xmlSecBnGetData ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="RETURNVALUE">xmlSecByte</span></a>* xmlSecBnGetData (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>);</pre>
+<p>Gets pointer to the binary <code class="PARAMETER">bn</code> representation.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3704"><span style="white-space: nowrap"><code class="PARAMETER">bn</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to BN.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3709"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to binary BN data or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBNSETDATA"></a><h3>xmlSecBnSetData ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecBnSetData (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);</pre>
+<p>Sets the value of <code class="PARAMETER">bn</code> to <code class="PARAMETER">data</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3734"><span style="white-space: nowrap"><code class="PARAMETER">bn</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to BN.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3739"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to new BN binary data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3744"><span style="white-space: nowrap"><code class="PARAMETER">size</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the size of new BN data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3749"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBNGETSIZE"></a><h3>xmlSecBnGetSize ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="RETURNVALUE">xmlSecSize</span></a> xmlSecBnGetSize (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>);</pre>
+<p>Gets the size of binary data in <code class="PARAMETER">bn</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3767"><span style="white-space: nowrap"><code class="PARAMETER">bn</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to BN.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3772"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the size of binary data.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBNZERO"></a><h3>xmlSecBnZero ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecBnZero (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>);</pre>
+<p>Sets the value of <code class="PARAMETER">bn</code> to zero.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN3790"><span style="white-space: nowrap"><code class="PARAMETER">bn</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to BN.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBNFROMSTRING"></a><h3>xmlSecBnFromString ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecBnFromString (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *str</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> base</code>);</pre>
+<p>Reads <code class="PARAMETER">bn</code> from string <code class="PARAMETER">str</code> assuming it has base <code class="PARAMETER">base</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3816"><span style="white-space: nowrap"><code class="PARAMETER">bn</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to BN.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3821"><span style="white-space: nowrap"><code class="PARAMETER">str</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the string with BN.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3826"><span style="white-space: nowrap"><code class="PARAMETER">base</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the base for <code class="PARAMETER">str</code>.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3832"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBNTOSTRING"></a><h3>xmlSecBnToString ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLCHAR"><span class="RETURNVALUE">xmlChar</span></gtkdoclink>* xmlSecBnToString (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> base</code>);</pre>
+<p>Writes <code class="PARAMETER">bn</code> to string with base <code class="PARAMETER">base</code>. Caller is responsible for
+freeing returned string with <code class="PARAMETER">xmlFree</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3855"><span style="white-space: nowrap"><code class="PARAMETER">bn</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to BN.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3860"><span style="white-space: nowrap"><code class="PARAMETER">base</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the base for returned string.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3865"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the string represenataion if BN or a NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBNFROMHEXSTRING"></a><h3>xmlSecBnFromHexString ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecBnFromHexString (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *str</code>);</pre>
+<p>Reads <code class="PARAMETER">bn</code> from hex string <code class="PARAMETER">str</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3887"><span style="white-space: nowrap"><code class="PARAMETER">bn</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to BN.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3892"><span style="white-space: nowrap"><code class="PARAMETER">str</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the string with BN.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3897"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBNTOHEXSTRING"></a><h3>xmlSecBnToHexString ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLCHAR"><span class="RETURNVALUE">xmlChar</span></gtkdoclink>* xmlSecBnToHexString (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>);</pre>
+<p>Writes <code class="PARAMETER">bn</code> to hex string. Caller is responsible for
+freeing returned string with <code class="PARAMETER">xmlFree</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3916"><span style="white-space: nowrap"><code class="PARAMETER">bn</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to BN.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3921"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the string represenataion if BN or a NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBNFROMDECSTRING"></a><h3>xmlSecBnFromDecString ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecBnFromDecString (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *str</code>);</pre>
+<p>Reads <code class="PARAMETER">bn</code> from decimal string <code class="PARAMETER">str</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3943"><span style="white-space: nowrap"><code class="PARAMETER">bn</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to BN.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3948"><span style="white-space: nowrap"><code class="PARAMETER">str</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the string with BN.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3953"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBNTODECSTRING"></a><h3>xmlSecBnToDecString ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLCHAR"><span class="RETURNVALUE">xmlChar</span></gtkdoclink>* xmlSecBnToDecString (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>);</pre>
+<p>Writes <code class="PARAMETER">bn</code> to decimal string. Caller is responsible for
+freeing returned string with <code class="PARAMETER">xmlFree</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3972"><span style="white-space: nowrap"><code class="PARAMETER">bn</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to BN.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3977"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the string represenataion if BN or a NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBNMUL"></a><h3>xmlSecBnMul ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecBnMul (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> multiplier</code>);</pre>
+<p>Multiplies <code class="PARAMETER">bn</code> with <code class="PARAMETER">multiplier</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN3999"><span style="white-space: nowrap"><code class="PARAMETER">bn</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to BN.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4004"><span style="white-space: nowrap"><code class="PARAMETER">multiplier</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the multiplier.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4009"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBNDIV"></a><h3>xmlSecBnDiv ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecBnDiv (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> divider</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> *mod</code>);</pre>
+<p>Divides <code class="PARAMETER">bn</code> by <code class="PARAMETER">divider</code> and places modulus into <code class="PARAMETER">mod</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4035"><span style="white-space: nowrap"><code class="PARAMETER">bn</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to BN.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4040"><span style="white-space: nowrap"><code class="PARAMETER">divider</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the divider</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4045"><span style="white-space: nowrap"><code class="PARAMETER">mod</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer for modulus result.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4050"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBNADD"></a><h3>xmlSecBnAdd ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecBnAdd (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> delta</code>);</pre>
+<p>Adds <code class="PARAMETER">delta</code> to <code class="PARAMETER">bn</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4072"><span style="white-space: nowrap"><code class="PARAMETER">bn</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to BN.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4077"><span style="white-space: nowrap"><code class="PARAMETER">delta</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the delta.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4082"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBNREVERSE"></a><h3>xmlSecBnReverse ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecBnReverse (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>);</pre>
+<p>Reverses bytes order in <code class="PARAMETER">bn</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4100"><span style="white-space: nowrap"><code class="PARAMETER">bn</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to BN.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4105"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBNCOMPARE"></a><h3>xmlSecBnCompare ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecBnCompare (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>);</pre>
+<p>Compares the <code class="PARAMETER">bn</code> with <code class="PARAMETER">data</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4130"><span style="white-space: nowrap"><code class="PARAMETER">bn</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to BN.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4135"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data to compare BN to.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4140"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the <code class="PARAMETER">data</code> size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4146"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 if data is equal, negative value if <code class="PARAMETER">bn</code> is less or positive value if <code class="PARAMETER">bn</code>
+is greater than <code class="PARAMETER">data</code>.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBNCOMPAREREVERSE"></a><h3>xmlSecBnCompareReverse ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecBnCompareReverse (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>);</pre>
+<p>Compares the <code class="PARAMETER">bn</code> with reverse <code class="PARAMETER">data</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4174"><span style="white-space: nowrap"><code class="PARAMETER">bn</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to BN.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4179"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data to compare BN to.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4184"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the <code class="PARAMETER">data</code> size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4190"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 if data is equal, negative value if <code class="PARAMETER">bn</code> is less or positive value if <code class="PARAMETER">bn</code>
+is greater than <code class="PARAMETER">data</code>.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBNGETNODEVALUE"></a><h3>xmlSecBnGetNodeValue ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecBnGetNodeValue (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> cur</code>,
+ <code class="PARAMETER"><a href="xmlsec-bn.html#XMLSECBNFORMAT"><span class="TYPE">xmlSecBnFormat</span></a> format</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> reverse</code>);</pre>
+<p>Converts the node content from <code class="PARAMETER">format</code> to <code class="PARAMETER">bn</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4221"><span style="white-space: nowrap"><code class="PARAMETER">bn</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to BN.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4226"><span style="white-space: nowrap"><code class="PARAMETER">cur</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the poitner to an XML node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4231"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the BN format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4236"><span style="white-space: nowrap"><code class="PARAMETER">reverse</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>if set then reverse read buffer after reading.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4241"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success and a negative values if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBNSETNODEVALUE"></a><h3>xmlSecBnSetNodeValue ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecBnSetNodeValue (<code class="PARAMETER"><gtkdoclink href="XMLSECBN"><span class="TYPE">xmlSecBnPtr</span></gtkdoclink> bn</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> cur</code>,
+ <code class="PARAMETER"><a href="xmlsec-bn.html#XMLSECBNFORMAT"><span class="TYPE">xmlSecBnFormat</span></a> format</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> reverse</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> addLineBreaks</code>);</pre>
+<p>Converts the <code class="PARAMETER">bn</code> and sets it to node content.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4271"><span style="white-space: nowrap"><code class="PARAMETER">bn</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to BN.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4276"><span style="white-space: nowrap"><code class="PARAMETER">cur</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the poitner to an XML node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4281"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the BN format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4286"><span style="white-space: nowrap"><code class="PARAMETER">reverse</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the flag that indicates whether to reverse the buffer before writing.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4291"><span style="white-space: nowrap"><code class="PARAMETER">addLineBreaks</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the flag; it is equal to 1 then linebreaks will be added before and after new buffer content.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4296"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success and a negative values if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBNBLOBSETNODEVALUE"></a><h3>xmlSecBnBlobSetNodeValue ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecBnBlobSetNodeValue (<code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> cur</code>,
+ <code class="PARAMETER"><a href="xmlsec-bn.html#XMLSECBNFORMAT"><span class="TYPE">xmlSecBnFormat</span></a> format</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> reverse</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> addLineBreaks</code>);</pre>
+<p>Converts the <code class="PARAMETER">blob</code> and sets it to node content.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4329"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to BN blob.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4334"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the size of BN blob.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4339"><span style="white-space: nowrap"><code class="PARAMETER">cur</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the poitner to an XML node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4344"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the BN format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4349"><span style="white-space: nowrap"><code class="PARAMETER">reverse</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the flag that indicates whether to reverse the buffer before writing.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4354"><span style="white-space: nowrap"><code class="PARAMETER">addLineBreaks</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>if the flag is equal to 1 then
+ linebreaks will be added before and after
+ new buffer content.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4359"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success and a negative values if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-base64.html"><b>&lt;&lt;&lt; base64</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-buffer.html"><b>buffer &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-buffer.html b/docs/api/xmlsec-buffer.html
new file mode 100644
index 00000000..72d3d6b3
--- /dev/null
+++ b/docs/api/xmlsec-buffer.html
@@ -0,0 +1,603 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>buffer</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Core Library API Reference." href="xmlsec-ref.html">
+<link rel="PREVIOUS" title="bn" href="xmlsec-bn.html">
+<link rel="NEXT" title="dl" href="xmlsec-dl.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-bn.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-dl.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-BUFFER"></a>buffer</h1>
+<div class="REFNAMEDIV">
+<a name="AEN4369"></a><h2>Name</h2>buffer -- Binary buffer implementation.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-BUFFER.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS">enum <a href="xmlsec-buffer.html#XMLSECALLOCMODE">xmlSecAllocMode</a>;
+struct <a href="xmlsec-buffer.html#XMLSECBUFFER">xmlSecBuffer</a>;
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-buffer.html#XMLSECBUFFERSETDEFAULTALLOCMODE">xmlSecBufferSetDefaultAllocMode</a> (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECALLOCMODE"><span class="TYPE">xmlSecAllocMode</span></a> defAllocMode</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> defInitialSize</code>);
+<a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="RETURNVALUE">xmlSecBufferPtr</span></a> <a href="xmlsec-buffer.html#XMLSECBUFFERCREATE">xmlSecBufferCreate</a> (<code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-buffer.html#XMLSECBUFFERDESTROY">xmlSecBufferDestroy</a> (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-buffer.html#XMLSECBUFFERINITIALIZE">xmlSecBufferInitialize</a> (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-buffer.html#XMLSECBUFFERFINALIZE">xmlSecBufferFinalize</a> (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>);
+<a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="RETURNVALUE">xmlSecByte</span></a>* <a href="xmlsec-buffer.html#XMLSECBUFFERGETDATA">xmlSecBufferGetData</a> (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-buffer.html#XMLSECBUFFERSETDATA">xmlSecBufferSetData</a> (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);
+<a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="RETURNVALUE">xmlSecSize</span></a> <a href="xmlsec-buffer.html#XMLSECBUFFERGETSIZE">xmlSecBufferGetSize</a> (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-buffer.html#XMLSECBUFFERSETSIZE">xmlSecBufferSetSize</a> (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);
+<a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="RETURNVALUE">xmlSecSize</span></a> <a href="xmlsec-buffer.html#XMLSECBUFFERGETMAXSIZE">xmlSecBufferGetMaxSize</a> (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-buffer.html#XMLSECBUFFERSETMAXSIZE">xmlSecBufferSetMaxSize</a> (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-buffer.html#XMLSECBUFFEREMPTY">xmlSecBufferEmpty</a> (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-buffer.html#XMLSECBUFFERAPPEND">xmlSecBufferAppend</a> (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-buffer.html#XMLSECBUFFERPREPEND">xmlSecBufferPrepend</a> (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-buffer.html#XMLSECBUFFERREMOVEHEAD">xmlSecBufferRemoveHead</a> (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-buffer.html#XMLSECBUFFERREMOVETAIL">xmlSecBufferRemoveTail</a> (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-buffer.html#XMLSECBUFFERREADFILE">xmlSecBufferReadFile</a> (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-buffer.html#XMLSECBUFFERBASE64NODECONTENTREAD">xmlSecBufferBase64NodeContentRead</a> (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-buffer.html#XMLSECBUFFERBASE64NODECONTENTWRITE">xmlSecBufferBase64NodeContentWrite</a> (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> columns</code>);
+<gtkdoclink href="XMLOUTPUTBUFFERPTR"><span class="RETURNVALUE">xmlOutputBufferPtr</span></gtkdoclink><a href="xmlsec-buffer.html#XMLSECBUFFERCREATEOUTPUTBUFFER">xmlSecBufferCreateOutputBuffer</a> (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-BUFFER.DESCRIPTION"></a><h2>Description</h2>
+<p>Binary buffer implementation.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-BUFFER.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECALLOCMODE"></a><h3>enum xmlSecAllocMode</h3>
+<pre class="PROGRAMLISTING">typedef enum {
+ xmlSecAllocModeExact = 0,
+ xmlSecAllocModeDouble
+} xmlSecAllocMode;</pre>
+<p>The memory allocation mode (used by <code class="PARAMETER">xmlSecBuffer</code> and <code class="PARAMETER">xmlSecList</code>).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECALLOCMODEEXACT"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecAllocModeExact</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>the memory allocation mode that minimizes total
+ allocated memory size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECALLOCMODEDOUBLE"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecAllocModeDouble</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>the memory allocation mode that tries to minimize
+ the number of malloc calls.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBUFFER"></a><h3>struct xmlSecBuffer</h3>
+<pre class="PROGRAMLISTING">struct xmlSecBuffer {
+ xmlSecByte* data;
+ xmlSecSize size;
+ xmlSecSize maxSize;
+ xmlSecAllocMode allocMode;
+};</pre>
+<p>Binary data buffer.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4576"><span style="white-space: nowrap"><a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *<code class="STRUCTFIELD">data</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to buffer data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4583"><span style="white-space: nowrap"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> <code class="STRUCTFIELD">size</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the current data size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4590"><span style="white-space: nowrap"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> <code class="STRUCTFIELD">maxSize</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the max data size (allocated buffer size).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4597"><span style="white-space: nowrap"><a href="xmlsec-buffer.html#XMLSECALLOCMODE"><span class="TYPE">xmlSecAllocMode</span></a> <code class="STRUCTFIELD">allocMode</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the buffer memory allocation mode.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBUFFERSETDEFAULTALLOCMODE"></a><h3>xmlSecBufferSetDefaultAllocMode ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecBufferSetDefaultAllocMode (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECALLOCMODE"><span class="TYPE">xmlSecAllocMode</span></a> defAllocMode</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> defInitialSize</code>);</pre>
+<p>Sets new global default allocation mode and minimal intial size.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4619"><span style="white-space: nowrap"><code class="PARAMETER">defAllocMode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new default buffer allocation mode.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4624"><span style="white-space: nowrap"><code class="PARAMETER">defInitialSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new default buffer minimal intial size.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBUFFERCREATE"></a><h3>xmlSecBufferCreate ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="RETURNVALUE">xmlSecBufferPtr</span></a> xmlSecBufferCreate (<code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);</pre>
+<p>Allocates and initalizes new memory buffer with given size.
+Caller is responsible for calling <a href="xmlsec-buffer.html#XMLSECBUFFERDESTROY"><span class="TYPE">xmlSecBufferDestroy</span></a> function
+to free the buffer.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4643"><span style="white-space: nowrap"><code class="PARAMETER">size</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the intial size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4648"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to newly allocated buffer or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBUFFERDESTROY"></a><h3>xmlSecBufferDestroy ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecBufferDestroy (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>);</pre>
+<p>Desrtoys buffer object created with <a href="xmlsec-buffer.html#XMLSECBUFFERCREATE"><span class="TYPE">xmlSecBufferCreate</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN4667"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to buffer object.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBUFFERINITIALIZE"></a><h3>xmlSecBufferInitialize ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecBufferInitialize (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);</pre>
+<p>Initializes buffer object <code class="PARAMETER">buf</code>. Caller is responsible for calling
+<a href="xmlsec-buffer.html#XMLSECBUFFERFINALIZE"><span class="TYPE">xmlSecBufferFinalize</span></a> function to free allocated resources.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4690"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to buffer object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4695"><span style="white-space: nowrap"><code class="PARAMETER">size</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the initial buffer size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4700"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBUFFERFINALIZE"></a><h3>xmlSecBufferFinalize ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecBufferFinalize (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>);</pre>
+<p>Frees allocated resource for a buffer intialized with <a href="xmlsec-buffer.html#XMLSECBUFFERINITIALIZE"><span class="TYPE">xmlSecBufferInitialize</span></a>
+function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN4719"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to buffer object.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBUFFERGETDATA"></a><h3>xmlSecBufferGetData ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="RETURNVALUE">xmlSecByte</span></a>* xmlSecBufferGetData (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>);</pre>
+<p>Gets pointer to buffer's data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4736"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to buffer object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4741"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to buffer's data.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBUFFERSETDATA"></a><h3>xmlSecBufferSetData ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecBufferSetData (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);</pre>
+<p>Sets the value of the buffer to <code class="PARAMETER">data</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4765"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to buffer object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4770"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4775"><span style="white-space: nowrap"><code class="PARAMETER">size</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4780"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBUFFERGETSIZE"></a><h3>xmlSecBufferGetSize ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="RETURNVALUE">xmlSecSize</span></a> xmlSecBufferGetSize (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>);</pre>
+<p>Gets the current buffer data size.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4797"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to buffer object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4802"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the current data size.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBUFFERSETSIZE"></a><h3>xmlSecBufferSetSize ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecBufferSetSize (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);</pre>
+<p>Sets new buffer data size. If necessary, buffer grows to
+have at least <code class="PARAMETER">size</code> bytes.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4823"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to buffer object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4828"><span style="white-space: nowrap"><code class="PARAMETER">size</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new data size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4833"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBUFFERGETMAXSIZE"></a><h3>xmlSecBufferGetMaxSize ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="RETURNVALUE">xmlSecSize</span></a> xmlSecBufferGetMaxSize (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>);</pre>
+<p>Gets the maximum (allocated) buffer size.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4850"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to buffer object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4855"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the maximum (allocated) buffer size.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBUFFERSETMAXSIZE"></a><h3>xmlSecBufferSetMaxSize ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecBufferSetMaxSize (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);</pre>
+<p>Sets new buffer maximum size. If necessary, buffer grows to
+have at least <code class="PARAMETER">size</code> bytes.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4876"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to buffer object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4881"><span style="white-space: nowrap"><code class="PARAMETER">size</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new maximum size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4886"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBUFFEREMPTY"></a><h3>xmlSecBufferEmpty ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecBufferEmpty (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>);</pre>
+<p>Empties the buffer.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN4903"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to buffer object.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBUFFERAPPEND"></a><h3>xmlSecBufferAppend ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecBufferAppend (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);</pre>
+<p>Appends the <code class="PARAMETER">data</code> after the current data stored in the buffer.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4927"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to buffer object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4932"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4937"><span style="white-space: nowrap"><code class="PARAMETER">size</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4942"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBUFFERPREPEND"></a><h3>xmlSecBufferPrepend ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecBufferPrepend (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);</pre>
+<p>Prepends the <code class="PARAMETER">data</code> before the current data stored in the buffer.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4966"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to buffer object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4971"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4976"><span style="white-space: nowrap"><code class="PARAMETER">size</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN4981"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBUFFERREMOVEHEAD"></a><h3>xmlSecBufferRemoveHead ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecBufferRemoveHead (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);</pre>
+<p>Removes <code class="PARAMETER">size</code> bytes from the beginning of the current buffer.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN5002"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to buffer object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN5007"><span style="white-space: nowrap"><code class="PARAMETER">size</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the number of bytes to be removed.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN5012"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBUFFERREMOVETAIL"></a><h3>xmlSecBufferRemoveTail ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecBufferRemoveTail (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);</pre>
+<p>Removes <code class="PARAMETER">size</code> bytes from the end of current buffer.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN5033"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to buffer object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN5038"><span style="white-space: nowrap"><code class="PARAMETER">size</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the number of bytes to be removed.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN5043"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBUFFERREADFILE"></a><h3>xmlSecBufferReadFile ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecBufferReadFile (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>);</pre>
+<p>Reads the content of the file <code class="PARAMETER">filename</code> in the buffer.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN5064"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to buffer object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN5069"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the filename.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN5074"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBUFFERBASE64NODECONTENTREAD"></a><h3>xmlSecBufferBase64NodeContentRead ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecBufferBase64NodeContentRead (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>);</pre>
+<p>Reads the content of the <code class="PARAMETER">node</code>, base64 decodes it and stores the
+result in the buffer.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN5095"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to buffer object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN5100"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN5105"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBUFFERBASE64NODECONTENTWRITE"></a><h3>xmlSecBufferBase64NodeContentWrite ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecBufferBase64NodeContentWrite (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> columns</code>);</pre>
+<p>Sets the content of the <code class="PARAMETER">node</code> to the base64 encoded buffer data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN5129"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to buffer object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN5134"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to a node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN5139"><span style="white-space: nowrap"><code class="PARAMETER">columns</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the max line size fro base64 encoded data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN5144"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBUFFERCREATEOUTPUTBUFFER"></a><h3>xmlSecBufferCreateOutputBuffer ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLOUTPUTBUFFERPTR"><span class="RETURNVALUE">xmlOutputBufferPtr</span></gtkdoclink> xmlSecBufferCreateOutputBuffer (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buf</code>);</pre>
+<p>Creates new LibXML output buffer to store data in the <code class="PARAMETER">buf</code>. Caller is
+responsible for destroying <code class="PARAMETER">buf</code> when processing is done.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN5163"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to buffer.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN5168"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to newly allocated output buffer or NULL if an error
+occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-bn.html"><b>&lt;&lt;&lt; bn</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-dl.html"><b>dl &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-custom-keys-manager.html b/docs/api/xmlsec-custom-keys-manager.html
new file mode 100644
index 00000000..f58125b9
--- /dev/null
+++ b/docs/api/xmlsec-custom-keys-manager.html
@@ -0,0 +1,475 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Writing a custom keys manager.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Examples." href="xmlsec-examples.html">
+<link rel="PREVIOUS" title="Decrypting data with keys manager." href="xmlsec-decrypt-with-keys-mngr.html">
+<link rel="NEXT" title="APPENDIX A. XML Security Library Signature Klasses." href="xmlsec-signature-klasses.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-decrypt-with-keys-mngr.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-examples.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-signature-klasses.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-CUSTOM-KEYS-MANAGER">Writing a custom keys manager.</a></h1>
+<br clear="all"><div class="SECT2">
+<h2 class="SECT2"><a name="XMLSEC-EXAMPLE-DECRYPT3">decrypt3.c</a></h2>
+<p></p>
+<div class="INFORMALEXAMPLE">
+<p></p>
+<a name="AEN814"></a><pre class="PROGRAMLISTING">/**
+ * XML Security Library example: Decrypting an encrypted file using a custom keys manager.
+ *
+ * Decrypts encrypted XML file using a custom files based keys manager.
+ * We assume that key's name in &lt;dsig:KeyName/&gt; element is just
+ * key's file name in the current folder.
+ *
+ * Usage:
+ * ./decrypt3 &lt;xml-enc&gt;
+ *
+ * Example:
+ * ./decrypt3 encrypt1-res.xml
+ * ./decrypt3 encrypt2-res.xml
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin &lt;aleksey@aleksey.com&gt;
+ */
+#include &lt;stdlib.h&gt;
+#include &lt;string.h&gt;
+#include &lt;ctype.h&gt;
+#include &lt;assert.h&gt;
+
+#include &lt;libxml/tree.h&gt;
+#include &lt;libxml/xmlmemory.h&gt;
+#include &lt;libxml/parser.h&gt;
+
+#ifndef XMLSEC_NO_XSLT
+#include &lt;libxslt/xslt.h&gt;
+#include &lt;libxslt/security.h&gt;
+#endif /* XMLSEC_NO_XSLT */
+
+#include &lt;xmlsec/xmlsec.h&gt;
+#include &lt;xmlsec/xmltree.h&gt;
+#include &lt;xmlsec/xmlenc.h&gt;
+#include &lt;xmlsec/crypto.h&gt;
+
+xmlSecKeyStoreId files_keys_store_get_klass(void);
+xmlSecKeysMngrPtr create_files_keys_mngr(void);
+int decrypt_file(xmlSecKeysMngrPtr mngr, const char* enc_file);
+
+int
+main(int argc, char **argv) {
+ xmlSecKeysMngrPtr mngr;
+#ifndef XMLSEC_NO_XSLT
+ xsltSecurityPrefsPtr xsltSecPrefs = NULL;
+#endif /* XMLSEC_NO_XSLT */
+
+ assert(argv);
+
+ if(argc != 2) {
+ fprintf(stderr, "Error: wrong number of arguments.\n");
+ fprintf(stderr, "Usage: %s &lt;enc-file&gt;\n", argv[0]);
+ return(1);
+ }
+
+ /* Init libxml and libxslt libraries */
+ xmlInitParser();
+ LIBXML_TEST_VERSION
+ xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ xmlSubstituteEntitiesDefault(1);
+#ifndef XMLSEC_NO_XSLT
+ xmlIndentTreeOutput = 1;
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init libxslt */
+#ifndef XMLSEC_NO_XSLT
+ /* disable everything */
+ xsltSecPrefs = xsltNewSecurityPrefs();
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid);
+ xsltSetDefaultSecurityPrefs(xsltSecPrefs);
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init xmlsec library */
+ if(xmlSecInit() &lt; 0) {
+ fprintf(stderr, "Error: xmlsec initialization failed.\n");
+ return(-1);
+ }
+
+ /* Check loaded library version */
+ if(xmlSecCheckVersion() != 1) {
+ fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n");
+ return(-1);
+ }
+
+ /* Load default crypto engine if we are supporting dynamic
+ * loading for xmlsec-crypto libraries. Use the crypto library
+ * name ("openssl", "nss", etc.) to load corresponding
+ * xmlsec-crypto library.
+ */
+#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+ if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) &lt; 0) {
+ fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n"
+ "that you have it installed and check shared libraries path\n"
+ "(LD_LIBRARY_PATH) envornment variable.\n");
+ return(-1);
+ }
+#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+
+ /* Init crypto library */
+ if(xmlSecCryptoAppInit(NULL) &lt; 0) {
+ fprintf(stderr, "Error: crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* Init xmlsec-crypto library */
+ if(xmlSecCryptoInit() &lt; 0) {
+ fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* create keys manager and load keys */
+ mngr = create_files_keys_mngr();
+ if(mngr == NULL) {
+ return(-1);
+ }
+
+ if(decrypt_file(mngr, argv[1]) &lt; 0) {
+ xmlSecKeysMngrDestroy(mngr);
+ return(-1);
+ }
+
+ /* destroy keys manager */
+ xmlSecKeysMngrDestroy(mngr);
+
+ /* Shutdown xmlsec-crypto library */
+ xmlSecCryptoShutdown();
+
+ /* Shutdown crypto library */
+ xmlSecCryptoAppShutdown();
+
+ /* Shutdown xmlsec library */
+ xmlSecShutdown();
+
+ /* Shutdown libxslt/libxml */
+#ifndef XMLSEC_NO_XSLT
+ xsltFreeSecurityPrefs(xsltSecPrefs);
+ xsltCleanupGlobals();
+#endif /* XMLSEC_NO_XSLT */
+ xmlCleanupParser();
+
+ return(0);
+}
+
+/**
+ * decrypt_file:
+ * @mngr: the pointer to keys manager.
+ * @enc_file: the encrypted XML file name.
+ *
+ * Decrypts the XML file #enc_file using DES key from #key_file and
+ * prints results to stdout.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+decrypt_file(xmlSecKeysMngrPtr mngr, const char* enc_file) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr node = NULL;
+ xmlSecEncCtxPtr encCtx = NULL;
+ int res = -1;
+
+ assert(mngr);
+ assert(enc_file);
+
+ /* load template */
+ doc = xmlParseFile(enc_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", enc_file);
+ goto done;
+ }
+
+ /* find start node */
+ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeEncryptedData, xmlSecEncNs);
+ if(node == NULL) {
+ fprintf(stderr, "Error: start node not found in \"%s\"\n", enc_file);
+ goto done;
+ }
+
+ /* create encryption context */
+ encCtx = xmlSecEncCtxCreate(mngr);
+ if(encCtx == NULL) {
+ fprintf(stderr,"Error: failed to create encryption context\n");
+ goto done;
+ }
+
+ /* decrypt the data */
+ if((xmlSecEncCtxDecrypt(encCtx, node) &lt; 0) || (encCtx-&gt;result == NULL)) {
+ fprintf(stderr,"Error: decryption failed\n");
+ goto done;
+ }
+
+ /* print decrypted data to stdout */
+ if(encCtx-&gt;resultReplaced != 0) {
+ fprintf(stdout, "Decrypted XML data:\n");
+ xmlDocDump(stdout, doc);
+ } else {
+ fprintf(stdout, "Decrypted binary data (%d bytes):\n", xmlSecBufferGetSize(encCtx-&gt;result));
+ if(xmlSecBufferGetData(encCtx-&gt;result) != NULL) {
+ fwrite(xmlSecBufferGetData(encCtx-&gt;result),
+ 1,
+ xmlSecBufferGetSize(encCtx-&gt;result),
+ stdout);
+ }
+ }
+ fprintf(stdout, "\n");
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(encCtx != NULL) {
+ xmlSecEncCtxDestroy(encCtx);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+
+/**
+ * create_files_keys_mngr:
+ *
+ * Creates a files based keys manager: we assume that key name is
+ * the key file name,
+ *
+ * Returns pointer to newly created keys manager or NULL if an error occurs.
+ */
+xmlSecKeysMngrPtr
+create_files_keys_mngr(void) {
+ xmlSecKeyStorePtr keysStore;
+ xmlSecKeysMngrPtr mngr;
+
+ /* create files based keys store */
+ keysStore = xmlSecKeyStoreCreate(files_keys_store_get_klass());
+ if(keysStore == NULL) {
+ fprintf(stderr, "Error: failed to create keys store.\n");
+ return(NULL);
+ }
+
+ /* create keys manager */
+ mngr = xmlSecKeysMngrCreate();
+ if(mngr == NULL) {
+ fprintf(stderr, "Error: failed to create keys manager.\n");
+ xmlSecKeyStoreDestroy(keysStore);
+ return(NULL);
+ }
+
+ /* add store to keys manager, from now on keys manager destroys the store if needed */
+ if(xmlSecKeysMngrAdoptKeysStore(mngr, keysStore) &lt; 0) {
+ fprintf(stderr, "Error: failed to add keys store to keys manager.\n");
+ xmlSecKeyStoreDestroy(keysStore);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* initialize crypto library specific data in keys manager */
+ if(xmlSecCryptoKeysMngrInit(mngr) &lt; 0) {
+ fprintf(stderr, "Error: failed to initialize crypto data in keys manager.\n");
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* set the get key callback */
+ mngr-&gt;getKey = xmlSecKeysMngrGetKey;
+ return(mngr);
+}
+
+/****************************************************************************
+ *
+ * Files Keys Store: we assume that key's name (content of the
+ * &lt;dsig:KeyName/&gt; element is a name of the file with a key (in the
+ * current folder).
+ * Attention: this probably not a good solution for high traffic systems.
+ *
+ ***************************************************************************/
+static xmlSecKeyPtr files_keys_store_find_key (xmlSecKeyStorePtr store,
+ const xmlChar* name,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static xmlSecKeyStoreKlass files_keys_store_klass = {
+ sizeof(xmlSecKeyStoreKlass),
+ sizeof(xmlSecKeyStore),
+ BAD_CAST "files-based-keys-store", /* const xmlChar* name; */
+ NULL, /* xmlSecKeyStoreInitializeMethod initialize; */
+ NULL, /* xmlSecKeyStoreFinalizeMethod finalize; */
+ files_keys_store_find_key, /* xmlSecKeyStoreFindKeyMethod findKey; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * files_keys_store_get_klass:
+ *
+ * The files based keys store klass: we assume that key name is the
+ * key file name,
+ *
+ * Returns files based keys store klass.
+ */
+xmlSecKeyStoreId
+files_keys_store_get_klass(void) {
+ return(&amp;files_keys_store_klass);
+}
+
+/**
+ * files_keys_store_find_key:
+ * @store: the pointer to simple keys store.
+ * @name: the desired key name.
+ * @keyInfoCtx: the pointer to &lt;dsig:KeyInfo/&gt; node processing context.
+ *
+ * Lookups key in the @store. The caller is responsible for destroying
+ * returned key with #xmlSecKeyDestroy function.
+ *
+ * Returns pointer to key or NULL if key not found or an error occurs.
+ */
+static xmlSecKeyPtr
+files_keys_store_find_key(xmlSecKeyStorePtr store, const xmlChar* name, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyPtr key;
+ const xmlChar* p;
+
+ assert(store);
+ assert(keyInfoCtx);
+
+ /* it's possible to do not have the key name or desired key type
+ * but we could do nothing in this case */
+ if((name == NULL) || (keyInfoCtx-&gt;keyReq.keyId == xmlSecKeyDataIdUnknown)){
+ return(NULL);
+ }
+
+ /* we don't want to open files in a folder other than "current";
+ * to prevent it limit the characters in the key name to alpha/digit,
+ * '.', '-' or '_'.
+ */
+ for(p = name; (*p) != '\0'; ++p) {
+ if(!isalnum((*p)) &amp;&amp; ((*p) != '.') &amp;&amp; ((*p) != '-') &amp;&amp; ((*p) != '_')) {
+ return(NULL);
+ }
+ }
+
+ if((keyInfoCtx-&gt;keyReq.keyId == xmlSecKeyDataDsaId) || (keyInfoCtx-&gt;keyReq.keyId == xmlSecKeyDataRsaId)) {
+ /* load key from a pem file, if key is not found then it's an error (is it?) */
+ key = xmlSecCryptoAppKeyLoad(name, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
+ if(key == NULL) {
+ fprintf(stderr,"Error: failed to load public pem key from \"%s\"\n", name);
+ return(NULL);
+ }
+ } else {
+ /* otherwise it's a binary key, if key is not found then it's an error (is it?) */
+ key = xmlSecKeyReadBinaryFile(keyInfoCtx-&gt;keyReq.keyId, name);
+ if(key == NULL) {
+ fprintf(stderr,"Error: failed to load key from binary file \"%s\"\n", name);
+ return(NULL);
+ }
+ }
+
+ /* set key name */
+ if(xmlSecKeySetName(key, name) &lt; 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", name);
+ xmlSecKeyDestroy(key);
+ return(NULL);
+ }
+
+ return(key);
+} </pre>
+<p></p>
+</div>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-decrypt-with-keys-mngr.html"><b>&lt;&lt;&lt; Decrypting data with keys manager.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-signature-klasses.html"><b>APPENDIX A. XML Security Library Signature Klasses. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-decrypt-with-keys-mngr.html b/docs/api/xmlsec-decrypt-with-keys-mngr.html
new file mode 100644
index 00000000..d980ff51
--- /dev/null
+++ b/docs/api/xmlsec-decrypt-with-keys-mngr.html
@@ -0,0 +1,396 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Decrypting data with keys manager.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Examples." href="xmlsec-examples.html">
+<link rel="PREVIOUS" title="Decrypting data with a single key." href="xmlsec-decrypt-with-signle-key.html">
+<link rel="NEXT" title="Writing a custom keys manager." href="xmlsec-custom-keys-manager.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-decrypt-with-signle-key.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-examples.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-custom-keys-manager.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-DECRYPT-WITH-KEYS-MNGR">Decrypting data with keys manager.</a></h1>
+<br clear="all"><div class="SECT2">
+<h2 class="SECT2"><a name="XMLSEC-EXAMPLE-DECRYPT2">decrypt2.c</a></h2>
+<p></p>
+<div class="INFORMALEXAMPLE">
+<p></p>
+<a name="AEN807"></a><pre class="PROGRAMLISTING">/**
+ * XML Security Library example: Decrypting an encrypted file using keys manager.
+ *
+ * Decrypts encrypted XML file using keys manager and a list of
+ * DES key from a binary file
+ *
+ * Usage:
+ * ./decrypt2 &lt;xml-enc&gt; &lt;des-key-file1&gt; [&lt;des-key-file2&gt; [...]]
+ *
+ * Example:
+ * ./decrypt2 encrypt1-res.xml deskey.bin
+ * ./decrypt2 encrypt2-res.xml deskey.bin
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin &lt;aleksey@aleksey.com&gt;
+ */
+#include &lt;stdlib.h&gt;
+#include &lt;string.h&gt;
+#include &lt;assert.h&gt;
+
+#include &lt;libxml/tree.h&gt;
+#include &lt;libxml/xmlmemory.h&gt;
+#include &lt;libxml/parser.h&gt;
+
+#ifndef XMLSEC_NO_XSLT
+#include &lt;libxslt/xslt.h&gt;
+#include &lt;libxslt/security.h&gt;
+#endif /* XMLSEC_NO_XSLT */
+
+#include &lt;xmlsec/xmlsec.h&gt;
+#include &lt;xmlsec/xmltree.h&gt;
+#include &lt;xmlsec/xmlenc.h&gt;
+#include &lt;xmlsec/crypto.h&gt;
+
+xmlSecKeysMngrPtr load_des_keys(char** files, int files_size);
+int decrypt_file(xmlSecKeysMngrPtr mngr, const char* enc_file);
+
+int
+main(int argc, char **argv) {
+ xmlSecKeysMngrPtr mngr;
+#ifndef XMLSEC_NO_XSLT
+ xsltSecurityPrefsPtr xsltSecPrefs = NULL;
+#endif /* XMLSEC_NO_XSLT */
+
+ assert(argv);
+
+ if(argc != 3) {
+ fprintf(stderr, "Error: wrong number of arguments.\n");
+ fprintf(stderr, "Usage: %s &lt;enc-file&gt; &lt;key-file1&gt; [&lt;key-file2&gt; [...]]\n", argv[0]);
+ return(1);
+ }
+
+ /* Init libxml and libxslt libraries */
+ xmlInitParser();
+ LIBXML_TEST_VERSION
+ xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ xmlSubstituteEntitiesDefault(1);
+#ifndef XMLSEC_NO_XSLT
+ xmlIndentTreeOutput = 1;
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init libxslt */
+#ifndef XMLSEC_NO_XSLT
+ /* disable everything */
+ xsltSecPrefs = xsltNewSecurityPrefs();
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid);
+ xsltSetDefaultSecurityPrefs(xsltSecPrefs);
+#endif /* XMLSEC_NO_XSLT */
+
+
+ /* Init xmlsec library */
+ if(xmlSecInit() &lt; 0) {
+ fprintf(stderr, "Error: xmlsec initialization failed.\n");
+ return(-1);
+ }
+
+ /* Check loaded library version */
+ if(xmlSecCheckVersion() != 1) {
+ fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n");
+ return(-1);
+ }
+
+ /* Load default crypto engine if we are supporting dynamic
+ * loading for xmlsec-crypto libraries. Use the crypto library
+ * name ("openssl", "nss", etc.) to load corresponding
+ * xmlsec-crypto library.
+ */
+#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+ if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) &lt; 0) {
+ fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n"
+ "that you have it installed and check shared libraries path\n"
+ "(LD_LIBRARY_PATH) envornment variable.\n");
+ return(-1);
+ }
+#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+
+ /* Init crypto library */
+ if(xmlSecCryptoAppInit(NULL) &lt; 0) {
+ fprintf(stderr, "Error: crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* Init xmlsec-crypto library */
+ if(xmlSecCryptoInit() &lt; 0) {
+ fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* create keys manager and load keys */
+ mngr = load_des_keys(&amp;(argv[2]), argc - 2);
+ if(mngr == NULL) {
+ return(-1);
+ }
+
+ if(decrypt_file(mngr, argv[1]) &lt; 0) {
+ xmlSecKeysMngrDestroy(mngr);
+ return(-1);
+ }
+
+ /* destroy keys manager */
+ xmlSecKeysMngrDestroy(mngr);
+
+ /* Shutdown xmlsec-crypto library */
+ xmlSecCryptoShutdown();
+
+ /* Shutdown crypto library */
+ xmlSecCryptoAppShutdown();
+
+ /* Shutdown xmlsec library */
+ xmlSecShutdown();
+
+ /* Shutdown libxslt/libxml */
+#ifndef XMLSEC_NO_XSLT
+ xsltFreeSecurityPrefs(xsltSecPrefs);
+ xsltCleanupGlobals();
+#endif /* XMLSEC_NO_XSLT */
+ xmlCleanupParser();
+
+ return(0);
+}
+
+/**
+ * load_des_keys:
+ * @files: the list of filenames.
+ * @files_size: the number of filenames in #files.
+ *
+ * Creates simple keys manager and load DES keys from #files in it.
+ * The caller is responsible for destroing returned keys manager using
+ * @xmlSecKeysMngrDestroy.
+ *
+ * Returns the pointer to newly created keys manager or NULL if an error
+ * occurs.
+ */
+xmlSecKeysMngrPtr
+load_des_keys(char** files, int files_size) {
+ xmlSecKeysMngrPtr mngr;
+ xmlSecKeyPtr key;
+ int i;
+
+ assert(files);
+ assert(files_size &gt; 0);
+
+ /* create and initialize keys manager, we use a simple list based
+ * keys manager, implement your own xmlSecKeysStore klass if you need
+ * something more sophisticated
+ */
+ mngr = xmlSecKeysMngrCreate();
+ if(mngr == NULL) {
+ fprintf(stderr, "Error: failed to create keys manager.\n");
+ return(NULL);
+ }
+ if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) &lt; 0) {
+ fprintf(stderr, "Error: failed to initialize keys manager.\n");
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ for(i = 0; i &lt; files_size; ++i) {
+ assert(files[i]);
+
+ /* load DES key */
+ key = xmlSecKeyReadBinaryFile(xmlSecKeyDataDesId, files[i]);
+ if(key == NULL) {
+ fprintf(stderr,"Error: failed to load des key from binary file \"%s\"\n", files[i]);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(key, BAD_CAST files[i]) &lt; 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", files[i]);
+ xmlSecKeyDestroy(key);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* add key to keys manager, from now on keys manager is responsible
+ * for destroying key
+ */
+ if(xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key) &lt; 0) {
+ fprintf(stderr,"Error: failed to add key from \"%s\" to keys manager\n", files[i]);
+ xmlSecKeyDestroy(key);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+ }
+
+ return(mngr);
+}
+
+/**
+ * decrypt_file:
+ * @mngr: the pointer to keys manager.
+ * @enc_file: the encrypted XML file name.
+ *
+ * Decrypts the XML file #enc_file using DES key from #key_file and
+ * prints results to stdout.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+decrypt_file(xmlSecKeysMngrPtr mngr, const char* enc_file) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr node = NULL;
+ xmlSecEncCtxPtr encCtx = NULL;
+ int res = -1;
+
+ assert(mngr);
+ assert(enc_file);
+
+ /* load template */
+ doc = xmlParseFile(enc_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", enc_file);
+ goto done;
+ }
+
+ /* find start node */
+ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeEncryptedData, xmlSecEncNs);
+ if(node == NULL) {
+ fprintf(stderr, "Error: start node not found in \"%s\"\n", enc_file);
+ goto done;
+ }
+
+ /* create encryption context */
+ encCtx = xmlSecEncCtxCreate(mngr);
+ if(encCtx == NULL) {
+ fprintf(stderr,"Error: failed to create encryption context\n");
+ goto done;
+ }
+
+ /* decrypt the data */
+ if((xmlSecEncCtxDecrypt(encCtx, node) &lt; 0) || (encCtx-&gt;result == NULL)) {
+ fprintf(stderr,"Error: decryption failed\n");
+ goto done;
+ }
+
+ /* print decrypted data to stdout */
+ if(encCtx-&gt;resultReplaced != 0) {
+ fprintf(stdout, "Decrypted XML data:\n");
+ xmlDocDump(stdout, doc);
+ } else {
+ fprintf(stdout, "Decrypted binary data (%d bytes):\n", xmlSecBufferGetSize(encCtx-&gt;result));
+ if(xmlSecBufferGetData(encCtx-&gt;result) != NULL) {
+ fwrite(xmlSecBufferGetData(encCtx-&gt;result),
+ 1,
+ xmlSecBufferGetSize(encCtx-&gt;result),
+ stdout);
+ }
+ }
+ fprintf(stdout, "\n");
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(encCtx != NULL) {
+ xmlSecEncCtxDestroy(encCtx);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+} </pre>
+<p></p>
+</div>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-decrypt-with-signle-key.html"><b>&lt;&lt;&lt; Decrypting data with a single key.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-custom-keys-manager.html"><b>Writing a custom keys manager. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-decrypt-with-signle-key.html b/docs/api/xmlsec-decrypt-with-signle-key.html
new file mode 100644
index 00000000..1a5e348f
--- /dev/null
+++ b/docs/api/xmlsec-decrypt-with-signle-key.html
@@ -0,0 +1,326 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Decrypting data with a single key.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Examples." href="xmlsec-examples.html">
+<link rel="PREVIOUS" title="Encrypting data with a session key." href="xmlsec-encrypt-with-session-key.html">
+<link rel="NEXT" title="Decrypting data with keys manager." href="xmlsec-decrypt-with-keys-mngr.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-encrypt-with-session-key.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-examples.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-decrypt-with-keys-mngr.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-DECRYPT-WITH-SIGNLE-KEY">Decrypting data with a single key.</a></h1>
+<br clear="all"><div class="SECT2">
+<h2 class="SECT2"><a name="XMLSEC-EXAMPLE-DECRYPT1">decrypt1.c</a></h2>
+<p></p>
+<div class="INFORMALEXAMPLE">
+<p></p>
+<a name="AEN800"></a><pre class="PROGRAMLISTING">/**
+ * XML Security Library example: Decrypting an encrypted file using a single key.
+ *
+ * Decrypts encrypted XML file using a single DES key from a binary file
+ *
+ * Usage:
+ * ./decrypt1 &lt;xml-enc&gt; &lt;des-key-file&gt;
+ *
+ * Example:
+ * ./decrypt1 encrypt1-res.xml deskey.bin
+ * ./decrypt1 encrypt2-res.xml deskey.bin
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin &lt;aleksey@aleksey.com&gt;
+ */
+#include &lt;stdlib.h&gt;
+#include &lt;string.h&gt;
+#include &lt;assert.h&gt;
+
+#include &lt;libxml/tree.h&gt;
+#include &lt;libxml/xmlmemory.h&gt;
+#include &lt;libxml/parser.h&gt;
+
+#ifndef XMLSEC_NO_XSLT
+#include &lt;libxslt/xslt.h&gt;
+#include &lt;libxslt/security.h&gt;
+#endif /* XMLSEC_NO_XSLT */
+
+#include &lt;xmlsec/xmlsec.h&gt;
+#include &lt;xmlsec/xmltree.h&gt;
+#include &lt;xmlsec/xmlenc.h&gt;
+#include &lt;xmlsec/crypto.h&gt;
+
+int decrypt_file(const char* enc_file, const char* key_file);
+
+int
+main(int argc, char **argv) {
+#ifndef XMLSEC_NO_XSLT
+ xsltSecurityPrefsPtr xsltSecPrefs = NULL;
+#endif /* XMLSEC_NO_XSLT */
+
+ assert(argv);
+
+ if(argc != 3) {
+ fprintf(stderr, "Error: wrong number of arguments.\n");
+ fprintf(stderr, "Usage: %s &lt;enc-file&gt; &lt;key-file&gt;\n", argv[0]);
+ return(1);
+ }
+
+ /* Init libxml and libxslt libraries */
+ xmlInitParser();
+ LIBXML_TEST_VERSION
+ xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ xmlSubstituteEntitiesDefault(1);
+#ifndef XMLSEC_NO_XSLT
+ xmlIndentTreeOutput = 1;
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init libxslt */
+#ifndef XMLSEC_NO_XSLT
+ /* disable everything */
+ xsltSecPrefs = xsltNewSecurityPrefs();
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid);
+ xsltSetDefaultSecurityPrefs(xsltSecPrefs);
+#endif /* XMLSEC_NO_XSLT */
+
+
+ /* Init xmlsec library */
+ if(xmlSecInit() &lt; 0) {
+ fprintf(stderr, "Error: xmlsec initialization failed.\n");
+ return(-1);
+ }
+
+ /* Check loaded library version */
+ if(xmlSecCheckVersion() != 1) {
+ fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n");
+ return(-1);
+ }
+
+ /* Load default crypto engine if we are supporting dynamic
+ * loading for xmlsec-crypto libraries. Use the crypto library
+ * name ("openssl", "nss", etc.) to load corresponding
+ * xmlsec-crypto library.
+ */
+#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+ if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) &lt; 0) {
+ fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n"
+ "that you have it installed and check shared libraries path\n"
+ "(LD_LIBRARY_PATH) envornment variable.\n");
+ return(-1);
+ }
+#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+
+ /* Init crypto library */
+ if(xmlSecCryptoAppInit(NULL) &lt; 0) {
+ fprintf(stderr, "Error: crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* Init xmlsec-crypto library */
+ if(xmlSecCryptoInit() &lt; 0) {
+ fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
+ return(-1);
+ }
+
+ if(decrypt_file(argv[1], argv[2]) &lt; 0) {
+ return(-1);
+ }
+
+ /* Shutdown xmlsec-crypto library */
+ xmlSecCryptoShutdown();
+
+ /* Shutdown crypto library */
+ xmlSecCryptoAppShutdown();
+
+ /* Shutdown xmlsec library */
+ xmlSecShutdown();
+
+ /* Shutdown libxslt/libxml */
+#ifndef XMLSEC_NO_XSLT
+ xsltCleanupGlobals();
+#endif /* XMLSEC_NO_XSLT */
+ xmlCleanupParser();
+
+ return(0);
+}
+
+/**
+ * decrypt_file:
+ * @enc_file: the encrypted XML file name.
+ * @key_file: the Triple DES key file.
+ *
+ * Decrypts the XML file #enc_file using DES key from #key_file and
+ * prints results to stdout.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+decrypt_file(const char* enc_file, const char* key_file) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr node = NULL;
+ xmlSecEncCtxPtr encCtx = NULL;
+ int res = -1;
+
+ assert(enc_file);
+ assert(key_file);
+
+ /* load template */
+ doc = xmlParseFile(enc_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", enc_file);
+ goto done;
+ }
+
+ /* find start node */
+ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeEncryptedData, xmlSecEncNs);
+ if(node == NULL) {
+ fprintf(stderr, "Error: start node not found in \"%s\"\n", enc_file);
+ goto done;
+ }
+
+ /* create encryption context, we don't need keys manager in this example */
+ encCtx = xmlSecEncCtxCreate(NULL);
+ if(encCtx == NULL) {
+ fprintf(stderr,"Error: failed to create encryption context\n");
+ goto done;
+ }
+
+ /* load DES key */
+ encCtx-&gt;encKey = xmlSecKeyReadBinaryFile(xmlSecKeyDataDesId, key_file);
+ if(encCtx-&gt;encKey == NULL) {
+ fprintf(stderr,"Error: failed to load des key from binary file \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(encCtx-&gt;encKey, key_file) &lt; 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* decrypt the data */
+ if((xmlSecEncCtxDecrypt(encCtx, node) &lt; 0) || (encCtx-&gt;result == NULL)) {
+ fprintf(stderr,"Error: decryption failed\n");
+ goto done;
+ }
+
+ /* print decrypted data to stdout */
+ if(encCtx-&gt;resultReplaced != 0) {
+ fprintf(stdout, "Decrypted XML data:\n");
+ xmlDocDump(stdout, doc);
+ } else {
+ fprintf(stdout, "Decrypted binary data (%d bytes):\n", xmlSecBufferGetSize(encCtx-&gt;result));
+ if(xmlSecBufferGetData(encCtx-&gt;result) != NULL) {
+ fwrite(xmlSecBufferGetData(encCtx-&gt;result),
+ 1,
+ xmlSecBufferGetSize(encCtx-&gt;result),
+ stdout);
+ }
+ }
+ fprintf(stdout, "\n");
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(encCtx != NULL) {
+ xmlSecEncCtxDestroy(encCtx);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+} </pre>
+<p></p>
+</div>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-encrypt-with-session-key.html"><b>&lt;&lt;&lt; Encrypting data with a session key.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-decrypt-with-keys-mngr.html"><b>Decrypting data with keys manager. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-dl.html b/docs/api/xmlsec-dl.html
new file mode 100644
index 00000000..9c343a19
--- /dev/null
+++ b/docs/api/xmlsec-dl.html
@@ -0,0 +1,245 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>dl</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Core Library API Reference." href="xmlsec-ref.html">
+<link rel="PREVIOUS" title="buffer" href="xmlsec-buffer.html">
+<link rel="NEXT" title="errors" href="xmlsec-errors.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-buffer.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-errors.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-DL"></a>dl</h1>
+<div class="REFNAMEDIV">
+<a name="AEN5178"></a><h2>Name</h2>dl -- Dynamic crypto-engine library loading support.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-DL.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-dl.html#XMLSECCRYPTODLFUNCTIONSREGISTERKEYDATAANDTRANSFORMS">xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms</a>
+ (<code class="PARAMETER"><gtkdoclink href="XMLSECCRYPTODLFUNCTIONS"><span class="TYPE">xmlSecCryptoDLFunctionsPtr</span></gtkdoclink> functions</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-dl.html#XMLSECCRYPTODLINIT">xmlSecCryptoDLInit</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-dl.html#XMLSECCRYPTODLSHUTDOWN">xmlSecCryptoDLShutdown</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-dl.html#XMLSECCRYPTODLLOADLIBRARY">xmlSecCryptoDLLoadLibrary</a> (<code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *crypto</code>);
+<gtkdoclink href="XMLSECCRYPTODLFUNCTIONS"><span class="RETURNVALUE">xmlSecCryptoDLFunctionsPtr</span></gtkdoclink><a href="xmlsec-dl.html#XMLSECCRYPTODLGETLIBRARYFUNCTIONS">xmlSecCryptoDLGetLibraryFunctions</a>
+ (<code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *crypto</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-dl.html#XMLSECCRYPTODLUNLOADLIBRARY">xmlSecCryptoDLUnloadLibrary</a> (<code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *crypto</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-dl.html#XMLSECCRYPTODLSETFUNCTIONS">xmlSecCryptoDLSetFunctions</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECCRYPTODLFUNCTIONS"><span class="TYPE">xmlSecCryptoDLFunctionsPtr</span></gtkdoclink> functions</code>);
+<gtkdoclink href="XMLSECCRYPTODLFUNCTIONS"><span class="RETURNVALUE">xmlSecCryptoDLFunctionsPtr</span></gtkdoclink><a href="xmlsec-dl.html#XMLSECCRYPTODLGETFUNCTIONS">xmlSecCryptoDLGetFunctions</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-DL.DESCRIPTION"></a><h2>Description</h2>
+<p>Dynamic crypto-engine library loading support.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-DL.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECCRYPTODLFUNCTIONSREGISTERKEYDATAANDTRANSFORMS"></a><h3>xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms
+ (<code class="PARAMETER"><gtkdoclink href="XMLSECCRYPTODLFUNCTIONS"><span class="TYPE">xmlSecCryptoDLFunctionsPtr</span></gtkdoclink> functions</code>);</pre>
+<p>Registers the key data and transforms klasses from <code class="PARAMETER">functions</code> table in xmlsec.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN5247"><span style="white-space: nowrap"><code class="PARAMETER">functions</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the functions table.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN5252"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECCRYPTODLINIT"></a><h3>xmlSecCryptoDLInit ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecCryptoDLInit (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Initializes dynamic loading engine. This is an internal function
+and should not be called by application directly.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN5268"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECCRYPTODLSHUTDOWN"></a><h3>xmlSecCryptoDLShutdown ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecCryptoDLShutdown (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Shutdowns dynamic loading engine. This is an internal function
+and should not be called by application directly.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN5284"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECCRYPTODLLOADLIBRARY"></a><h3>xmlSecCryptoDLLoadLibrary ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecCryptoDLLoadLibrary (<code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *crypto</code>);</pre>
+<p>Loads the xmlsec-&lt;crypto&gt; library. This function is NOT thread safe,
+application MUST NOT call <a href="xmlsec-dl.html#XMLSECCRYPTODLLOADLIBRARY"><span class="TYPE">xmlSecCryptoDLLoadLibrary</span></a>, <a href="xmlsec-dl.html#XMLSECCRYPTODLGETLIBRARYFUNCTIONS"><span class="TYPE">xmlSecCryptoDLGetLibraryFunctions</span></a>,
+and <a href="xmlsec-dl.html#XMLSECCRYPTODLUNLOADLIBRARY"><span class="TYPE">xmlSecCryptoDLUnloadLibrary</span></a> functions from multiple threads.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN5307"><span style="white-space: nowrap"><code class="PARAMETER">crypto</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired crypto library name ("openssl", "nss", ...).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN5312"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECCRYPTODLGETLIBRARYFUNCTIONS"></a><h3>xmlSecCryptoDLGetLibraryFunctions ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECCRYPTODLFUNCTIONS"><span class="RETURNVALUE">xmlSecCryptoDLFunctionsPtr</span></gtkdoclink> xmlSecCryptoDLGetLibraryFunctions
+ (<code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *crypto</code>);</pre>
+<p>Loads the xmlsec-&lt;crypto&gt; library and gets global crypto functions/transforms/keys data/keys store
+table. This function is NOT thread safe, application MUST NOT call <a href="xmlsec-dl.html#XMLSECCRYPTODLLOADLIBRARY"><span class="TYPE">xmlSecCryptoDLLoadLibrary</span></a>,
+<a href="xmlsec-dl.html#XMLSECCRYPTODLGETLIBRARYFUNCTIONS"><span class="TYPE">xmlSecCryptoDLGetLibraryFunctions</span></a>, and <a href="xmlsec-dl.html#XMLSECCRYPTODLUNLOADLIBRARY"><span class="TYPE">xmlSecCryptoDLUnloadLibrary</span></a> functions from multiple threads.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN5335"><span style="white-space: nowrap"><code class="PARAMETER">crypto</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired crypto library name ("openssl", "nss", ...).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN5340"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the table or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECCRYPTODLUNLOADLIBRARY"></a><h3>xmlSecCryptoDLUnloadLibrary ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecCryptoDLUnloadLibrary (<code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *crypto</code>);</pre>
+<p>Unloads the xmlsec-&lt;crypto&gt; library. All pointers to this library
+functions tables became invalid. This function is NOT thread safe,
+application MUST NOT call <a href="xmlsec-dl.html#XMLSECCRYPTODLLOADLIBRARY"><span class="TYPE">xmlSecCryptoDLLoadLibrary</span></a>, <a href="xmlsec-dl.html#XMLSECCRYPTODLGETLIBRARYFUNCTIONS"><span class="TYPE">xmlSecCryptoDLGetLibraryFunctions</span></a>,
+and <a href="xmlsec-dl.html#XMLSECCRYPTODLUNLOADLIBRARY"><span class="TYPE">xmlSecCryptoDLUnloadLibrary</span></a> functions from multiple threads.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN5363"><span style="white-space: nowrap"><code class="PARAMETER">crypto</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired crypto library name ("openssl", "nss", ...).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN5368"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECCRYPTODLSETFUNCTIONS"></a><h3>xmlSecCryptoDLSetFunctions ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecCryptoDLSetFunctions (<code class="PARAMETER"><gtkdoclink href="XMLSECCRYPTODLFUNCTIONS"><span class="TYPE">xmlSecCryptoDLFunctionsPtr</span></gtkdoclink> functions</code>);</pre>
+<p>Sets global crypto functions/transforms/keys data/keys store table.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN5385"><span style="white-space: nowrap"><code class="PARAMETER">functions</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new table</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN5390"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECCRYPTODLGETFUNCTIONS"></a><h3>xmlSecCryptoDLGetFunctions ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECCRYPTODLFUNCTIONS"><span class="RETURNVALUE">xmlSecCryptoDLFunctionsPtr</span></gtkdoclink> xmlSecCryptoDLGetFunctions (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Gets global crypto functions/transforms/keys data/keys store table.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN5406"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the table.</p></td>
+</tr></tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-buffer.html"><b>&lt;&lt;&lt; buffer</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-errors.html"><b>errors &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-encrypt-dynamic-template.html b/docs/api/xmlsec-encrypt-dynamic-template.html
new file mode 100644
index 00000000..b9e26797
--- /dev/null
+++ b/docs/api/xmlsec-encrypt-dynamic-template.html
@@ -0,0 +1,386 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Encrypting data with a dynamicaly created template.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Examples." href="xmlsec-examples.html">
+<link rel="PREVIOUS" title="Encrypting data with a template file." href="xmlsec-encrypt-template-file.html">
+<link rel="NEXT" title="Encrypting data with a session key." href="xmlsec-encrypt-with-session-key.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-encrypt-template-file.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-examples.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-encrypt-with-session-key.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-ENCRYPT-DYNAMIC-TEMPLATE">Encrypting data with a dynamicaly created template.</a></h1>
+<br clear="all"><div class="SECT2">
+<h2 class="SECT2"><a name="XMLSEC-EXAMPLE-ENCRYPT2">encrypt2.c</a></h2>
+<p></p>
+<div class="INFORMALEXAMPLE">
+<p></p>
+<a name="AEN766"></a><pre class="PROGRAMLISTING">/**
+ * XML Security Library example: Encrypting XML file with a dynamicaly created template.
+ *
+ * Encrypts XML file using a dynamicaly created template file and a DES key
+ * from a binary file
+ *
+ * Usage:
+ * ./encrypt2 &lt;xml-doc&gt; &lt;des-key-file&gt;
+ *
+ * Example:
+ * ./encrypt2 encrypt2-doc.xml deskey.bin &gt; encrypt2-res.xml
+ *
+ * The result could be decrypted with decrypt1 example:
+ * ./decrypt1 encrypt2-res.xml deskey.bin
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin &lt;aleksey@aleksey.com&gt;
+ */
+#include &lt;stdlib.h&gt;
+#include &lt;string.h&gt;
+#include &lt;assert.h&gt;
+
+#include &lt;libxml/tree.h&gt;
+#include &lt;libxml/xmlmemory.h&gt;
+#include &lt;libxml/parser.h&gt;
+
+#ifndef XMLSEC_NO_XSLT
+#include &lt;libxslt/xslt.h&gt;
+#include &lt;libxslt/security.h&gt;
+#endif /* XMLSEC_NO_XSLT */
+
+#include &lt;xmlsec/xmlsec.h&gt;
+#include &lt;xmlsec/xmltree.h&gt;
+#include &lt;xmlsec/xmlenc.h&gt;
+#include &lt;xmlsec/templates.h&gt;
+#include &lt;xmlsec/crypto.h&gt;
+
+int encrypt_file(const char* xml_file, const char* key_file);
+
+int
+main(int argc, char **argv) {
+#ifndef XMLSEC_NO_XSLT
+ xsltSecurityPrefsPtr xsltSecPrefs = NULL;
+#endif /* XMLSEC_NO_XSLT */
+
+ assert(argv);
+
+ if(argc != 3) {
+ fprintf(stderr, "Error: wrong number of arguments.\n");
+ fprintf(stderr, "Usage: %s &lt;xml-file&gt; &lt;key-file&gt;\n", argv[0]);
+ return(1);
+ }
+
+ /* Init libxml and libxslt libraries */
+ xmlInitParser();
+ LIBXML_TEST_VERSION
+ xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ xmlSubstituteEntitiesDefault(1);
+#ifndef XMLSEC_NO_XSLT
+ xmlIndentTreeOutput = 1;
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init libxslt */
+#ifndef XMLSEC_NO_XSLT
+ /* disable everything */
+ xsltSecPrefs = xsltNewSecurityPrefs();
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid);
+ xsltSetDefaultSecurityPrefs(xsltSecPrefs);
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init xmlsec library */
+ if(xmlSecInit() &lt; 0) {
+ fprintf(stderr, "Error: xmlsec initialization failed.\n");
+ return(-1);
+ }
+
+ /* Check loaded library version */
+ if(xmlSecCheckVersion() != 1) {
+ fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n");
+ return(-1);
+ }
+
+ /* Load default crypto engine if we are supporting dynamic
+ * loading for xmlsec-crypto libraries. Use the crypto library
+ * name ("openssl", "nss", etc.) to load corresponding
+ * xmlsec-crypto library.
+ */
+#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+ if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) &lt; 0) {
+ fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n"
+ "that you have it installed and check shared libraries path\n"
+ "(LD_LIBRARY_PATH) envornment variable.\n");
+ return(-1);
+ }
+#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+
+ /* Init crypto library */
+ if(xmlSecCryptoAppInit(NULL) &lt; 0) {
+ fprintf(stderr, "Error: crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* Init xmlsec-crypto library */
+ if(xmlSecCryptoInit() &lt; 0) {
+ fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
+ return(-1);
+ }
+
+ if(encrypt_file(argv[1], argv[2]) &lt; 0) {
+ return(-1);
+ }
+
+ /* Shutdown xmlsec-crypto library */
+ xmlSecCryptoShutdown();
+
+ /* Shutdown crypto library */
+ xmlSecCryptoAppShutdown();
+
+ /* Shutdown xmlsec library */
+ xmlSecShutdown();
+
+ /* Shutdown libxslt/libxml */
+#ifndef XMLSEC_NO_XSLT
+ xsltFreeSecurityPrefs(xsltSecPrefs);
+ xsltCleanupGlobals();
+#endif /* XMLSEC_NO_XSLT */
+ xmlCleanupParser();
+
+ return(0);
+}
+
+/**
+ * encrypt_file:
+ * @xml_file: the encryption template file name.
+ * @key_file: the Triple DES key file.
+ *
+ * Encrypts #xml_file using a dynamicaly created template and DES key from
+ * #key_file.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+encrypt_file(const char* xml_file, const char* key_file) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr encDataNode = NULL;
+ xmlNodePtr keyInfoNode = NULL;
+ xmlSecEncCtxPtr encCtx = NULL;
+ int res = -1;
+
+ assert(xml_file);
+ assert(key_file);
+
+ /* load template */
+ doc = xmlParseFile(xml_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* create encryption template to encrypt XML file and replace
+ * its content with encryption result */
+ encDataNode = xmlSecTmplEncDataCreate(doc, xmlSecTransformDes3CbcId,
+ NULL, xmlSecTypeEncElement, NULL, NULL);
+ if(encDataNode == NULL) {
+ fprintf(stderr, "Error: failed to create encryption template\n");
+ goto done;
+ }
+
+ /* we want to put encrypted data in the &lt;enc:CipherValue/&gt; node */
+ if(xmlSecTmplEncDataEnsureCipherValue(encDataNode) == NULL) {
+ fprintf(stderr, "Error: failed to add CipherValue node\n");
+ goto done;
+ }
+
+ /* add &lt;dsig:KeyInfo/&gt; and &lt;dsig:KeyName/&gt; nodes to put key name in the signed document */
+ keyInfoNode = xmlSecTmplEncDataEnsureKeyInfo(encDataNode, NULL);
+ if(keyInfoNode == NULL) {
+ fprintf(stderr, "Error: failed to add key info\n");
+ goto done;
+ }
+
+ if(xmlSecTmplKeyInfoAddKeyName(keyInfoNode, NULL) == NULL) {
+ fprintf(stderr, "Error: failed to add key name\n");
+ goto done;
+ }
+
+ /* create encryption context, we don't need keys manager in this example */
+ encCtx = xmlSecEncCtxCreate(NULL);
+ if(encCtx == NULL) {
+ fprintf(stderr,"Error: failed to create encryption context\n");
+ goto done;
+ }
+
+ /* load DES key, assuming that there is not password */
+ encCtx-&gt;encKey = xmlSecKeyReadBinaryFile(xmlSecKeyDataDesId, key_file);
+ if(encCtx-&gt;encKey == NULL) {
+ fprintf(stderr,"Error: failed to load des key from binary file \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(encCtx-&gt;encKey, key_file) &lt; 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* encrypt the data */
+ if(xmlSecEncCtxXmlEncrypt(encCtx, encDataNode, xmlDocGetRootElement(doc)) &lt; 0) {
+ fprintf(stderr,"Error: encryption failed\n");
+ goto done;
+ }
+
+ /* we template is inserted in the doc */
+ encDataNode = NULL;
+
+ /* print encrypted data with document to stdout */
+ xmlDocDump(stdout, doc);
+
+ /* success */
+ res = 0;
+
+done:
+
+ /* cleanup */
+ if(encCtx != NULL) {
+ xmlSecEncCtxDestroy(encCtx);
+ }
+
+ if(encDataNode != NULL) {
+ xmlFreeNode(encDataNode);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+} </pre>
+<p></p>
+</div>
+</div>
+<br clear="all"><div class="SECT2">
+<h2 class="SECT2"><a name="XMLSEC-EXAMPLE-ENCRYPT2-DOC">encrypt2-doc.xml</a></h2>
+<p></p>
+<div class="INFORMALEXAMPLE">
+<p></p>
+<a name="AEN771"></a><pre class="PROGRAMLISTING">&lt;?xml version="1.0" encoding="UTF-8"?&gt;
+&lt;!--
+XML Security Library example: Original XML doc file before encryption (encrypt2 example).
+--&gt;
+&lt;Envelope xmlns="urn:envelope"&gt;
+ &lt;Data&gt;
+ Hello, World!
+ &lt;/Data&gt;
+&lt;/Envelope&gt;</pre>
+<p></p>
+</div>
+</div>
+<br clear="all"><div class="SECT2">
+<h2 class="SECT2"><a name="XMLSEC-EXAMPLE-ENCRYPT2-RES">encrypt2-res.xml</a></h2>
+<p></p>
+<div class="INFORMALEXAMPLE">
+<p></p>
+<a name="AEN776"></a><pre class="PROGRAMLISTING">&lt;?xml version="1.0" encoding="UTF-8"?&gt;
+&lt;!--
+XML Security Library example: Encrypted XML file (encrypt2 example).
+--&gt;
+&lt;EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element"&gt;
+&lt;EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/&gt;
+&lt;KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"&gt;
+&lt;KeyName&gt;deskey.bin&lt;/KeyName&gt;
+&lt;/KeyInfo&gt;
+&lt;CipherData&gt;
+&lt;CipherValue&gt;WXlDyktaADlUe+PywKwS3KdKlahCteEKxi/hRlHcXNQlGwNGrYKy8aQ6dLtX1bKg
+IgL/XoAQN3B27zD91b1ZLGh6QQ9CjnVD98+hYJ9TPp4piPnII4vGUA==&lt;/CipherValue&gt;
+&lt;/CipherData&gt;
+&lt;/EncryptedData&gt;</pre>
+<p></p>
+</div>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-encrypt-template-file.html"><b>&lt;&lt;&lt; Encrypting data with a template file.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-encrypt-with-session-key.html"><b>Encrypting data with a session key. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-encrypt-template-file.html b/docs/api/xmlsec-encrypt-template-file.html
new file mode 100644
index 00000000..1bb8ab40
--- /dev/null
+++ b/docs/api/xmlsec-encrypt-template-file.html
@@ -0,0 +1,364 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Encrypting data with a template file.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Examples." href="xmlsec-examples.html">
+<link rel="PREVIOUS" title="Verifying a signature with additional restrictions." href="xmlsec-verify-with-restrictions.html">
+<link rel="NEXT" title="Encrypting data with a dynamicaly created template." href="xmlsec-encrypt-dynamic-template.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-verify-with-restrictions.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-examples.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-encrypt-dynamic-template.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-ENCRYPT-TEMPLATE-FILE">Encrypting data with a template file.</a></h1>
+<br clear="all"><div class="SECT2">
+<h2 class="SECT2"><a name="XMLSEC-EXAMPLE-ENCRYPT1">encrypt1.c</a></h2>
+<p></p>
+<div class="INFORMALEXAMPLE">
+<p></p>
+<a name="AEN749"></a><pre class="PROGRAMLISTING">/**
+ * XML Security Library example: Encrypting data using a template file.
+ *
+ * Encrypts binary data using a template file and a DES key from a binary file
+ *
+ * Usage:
+ * ./encrypt1 &lt;xml-tmpl&gt; &lt;des-key-file&gt;
+ *
+ * Example:
+ * ./encrypt1 encrypt1-tmpl.xml deskey.bin &gt; encrypt1-res.xml
+ *
+ * The result could be decrypted with decrypt1 example:
+ * ./decrypt1 encrypt1-res.xml deskey.bin
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin &lt;aleksey@aleksey.com&gt;
+ */
+#include &lt;stdlib.h&gt;
+#include &lt;string.h&gt;
+#include &lt;assert.h&gt;
+
+#include &lt;libxml/tree.h&gt;
+#include &lt;libxml/xmlmemory.h&gt;
+#include &lt;libxml/parser.h&gt;
+
+#ifndef XMLSEC_NO_XSLT
+#include &lt;libxslt/xslt.h&gt;
+#include &lt;libxslt/security.h&gt;
+#endif /* XMLSEC_NO_XSLT */
+
+#include &lt;xmlsec/xmlsec.h&gt;
+#include &lt;xmlsec/xmltree.h&gt;
+#include &lt;xmlsec/xmlenc.h&gt;
+#include &lt;xmlsec/crypto.h&gt;
+
+int encrypt_file(const char* tmpl_file, const char* key_file,
+ const unsigned char* data, size_t dataSize);
+int
+main(int argc, char **argv) {
+ static const char secret_data[] = "Big secret";
+#ifndef XMLSEC_NO_XSLT
+ xsltSecurityPrefsPtr xsltSecPrefs = NULL;
+#endif /* XMLSEC_NO_XSLT */
+
+ assert(argv);
+
+ if(argc != 3) {
+ fprintf(stderr, "Error: wrong number of arguments.\n");
+ fprintf(stderr, "Usage: %s &lt;tmpl-file&gt; &lt;key-file&gt;\n", argv[0]);
+ return(1);
+ }
+
+ /* Init libxml and libxslt libraries */
+ xmlInitParser();
+ LIBXML_TEST_VERSION
+ xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ xmlSubstituteEntitiesDefault(1);
+#ifndef XMLSEC_NO_XSLT
+ xmlIndentTreeOutput = 1;
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init libxslt */
+#ifndef XMLSEC_NO_XSLT
+ /* disable everything */
+ xsltSecPrefs = xsltNewSecurityPrefs();
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid);
+ xsltSetDefaultSecurityPrefs(xsltSecPrefs);
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init xmlsec library */
+ if(xmlSecInit() &lt; 0) {
+ fprintf(stderr, "Error: xmlsec initialization failed.\n");
+ return(-1);
+ }
+
+ /* Check loaded library version */
+ if(xmlSecCheckVersion() != 1) {
+ fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n");
+ return(-1);
+ }
+
+ /* Load default crypto engine if we are supporting dynamic
+ * loading for xmlsec-crypto libraries. Use the crypto library
+ * name ("openssl", "nss", etc.) to load corresponding
+ * xmlsec-crypto library.
+ */
+#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+ if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) &lt; 0) {
+ fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n"
+ "that you have it installed and check shared libraries path\n"
+ "(LD_LIBRARY_PATH) envornment variable.\n");
+ return(-1);
+ }
+#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+
+ /* Init crypto library */
+ if(xmlSecCryptoAppInit(NULL) &lt; 0) {
+ fprintf(stderr, "Error: crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* Init xmlsec-crypto library */
+ if(xmlSecCryptoInit() &lt; 0) {
+ fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
+ return(-1);
+ }
+
+ if(encrypt_file(argv[1], argv[2], secret_data, strlen(secret_data)) &lt; 0) {
+ return(-1);
+ }
+
+ /* Shutdown xmlsec-crypto library */
+ xmlSecCryptoShutdown();
+
+ /* Shutdown crypto library */
+ xmlSecCryptoAppShutdown();
+
+ /* Shutdown xmlsec library */
+ xmlSecShutdown();
+
+ /* Shutdown libxslt/libxml */
+#ifndef XMLSEC_NO_XSLT
+ xsltFreeSecurityPrefs(xsltSecPrefs);
+ xsltCleanupGlobals();
+#endif /* XMLSEC_NO_XSLT */
+ xmlCleanupParser();
+
+ return(0);
+}
+
+/**
+ * encrypt_file:
+ * @tmpl_file: the encryption template file name.
+ * @key_file: the Triple DES key file.
+ * @data: the binary data to encrypt.
+ * @dataSize: the binary data size.
+ *
+ * Encrypts binary #data using template from #tmpl_file and DES key from
+ * #key_file.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+encrypt_file(const char* tmpl_file, const char* key_file,
+ const unsigned char* data, size_t dataSize) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr node = NULL;
+ xmlSecEncCtxPtr encCtx = NULL;
+ int res = -1;
+
+ assert(tmpl_file);
+ assert(key_file);
+ assert(data);
+
+ /* load template */
+ doc = xmlParseFile(tmpl_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", tmpl_file);
+ goto done;
+ }
+
+ /* find start node */
+ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeEncryptedData, xmlSecEncNs);
+ if(node == NULL) {
+ fprintf(stderr, "Error: start node not found in \"%s\"\n", tmpl_file);
+ goto done;
+ }
+
+ /* create encryption context, we don't need keys manager in this example */
+ encCtx = xmlSecEncCtxCreate(NULL);
+ if(encCtx == NULL) {
+ fprintf(stderr,"Error: failed to create encryption context\n");
+ goto done;
+ }
+
+ /* load DES key, assuming that there is not password */
+ encCtx-&gt;encKey = xmlSecKeyReadBinaryFile(xmlSecKeyDataDesId, key_file);
+ if(encCtx-&gt;encKey == NULL) {
+ fprintf(stderr,"Error: failed to load des key from binary file \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(encCtx-&gt;encKey, key_file) &lt; 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* encrypt the data */
+ if(xmlSecEncCtxBinaryEncrypt(encCtx, node, data, dataSize) &lt; 0) {
+ fprintf(stderr,"Error: encryption failed\n");
+ goto done;
+ }
+
+ /* print encrypted data with document to stdout */
+ xmlDocDump(stdout, doc);
+
+ /* success */
+ res = 0;
+
+done:
+
+ /* cleanup */
+ if(encCtx != NULL) {
+ xmlSecEncCtxDestroy(encCtx);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+} </pre>
+<p></p>
+</div>
+</div>
+<br clear="all"><div class="SECT2">
+<h2 class="SECT2"><a name="XMLSEC-EXAMPLE-ENCRYPT1-TMPL">encrypt1-tmpl.xml</a></h2>
+<p></p>
+<div class="INFORMALEXAMPLE">
+<p></p>
+<a name="AEN754"></a><pre class="PROGRAMLISTING">&lt;?xml version="1.0"?&gt;
+&lt;!--
+XML Security Library example: Simple encryption template file for encrypt1 example.
+--&gt;
+&lt;EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#"&gt;
+ &lt;EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/&gt;
+ &lt;KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"&gt;
+ &lt;KeyName/&gt;
+ &lt;/KeyInfo&gt;
+ &lt;CipherData&gt;
+ &lt;CipherValue&gt;&lt;/CipherValue&gt;
+ &lt;/CipherData&gt;
+&lt;/EncryptedData&gt;</pre>
+<p></p>
+</div>
+</div>
+<br clear="all"><div class="SECT2">
+<h2 class="SECT2"><a name="XMLSEC-EXAMPLE-ENCRYPT1-RES">encrypt1-res.xml</a></h2>
+<p></p>
+<div class="INFORMALEXAMPLE">
+<p></p>
+<a name="AEN759"></a><pre class="PROGRAMLISTING">&lt;?xml version="1.0"?&gt;
+&lt;!--
+XML Security Library example: Encrypted binary data (encrypt1 example).
+--&gt;
+&lt;EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#"&gt;
+ &lt;EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/&gt;
+ &lt;KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"&gt;
+ &lt;KeyName&gt;deskey.bin&lt;/KeyName&gt;
+ &lt;/KeyInfo&gt;
+ &lt;CipherData&gt;
+ &lt;CipherValue&gt;t6JVBMihIgRyiK8AS8AX5NcXTfkdXPTK&lt;/CipherValue&gt;
+ &lt;/CipherData&gt;
+&lt;/EncryptedData&gt;</pre>
+<p></p>
+</div>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-verify-with-restrictions.html"><b>&lt;&lt;&lt; Verifying a signature with additional restrictions.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-encrypt-dynamic-template.html"><b>Encrypting data with a dynamicaly created template. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-encrypt-with-session-key.html b/docs/api/xmlsec-encrypt-with-session-key.html
new file mode 100644
index 00000000..7b9ed51b
--- /dev/null
+++ b/docs/api/xmlsec-encrypt-with-session-key.html
@@ -0,0 +1,495 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Encrypting data with a session key.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Examples." href="xmlsec-examples.html">
+<link rel="PREVIOUS" title="Encrypting data with a dynamicaly created template." href="xmlsec-encrypt-dynamic-template.html">
+<link rel="NEXT" title="Decrypting data with a single key." href="xmlsec-decrypt-with-signle-key.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-encrypt-dynamic-template.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-examples.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-decrypt-with-signle-key.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-ENCRYPT-WITH-SESSION-KEY">Encrypting data with a session key.</a></h1>
+<br clear="all"><div class="SECT2">
+<h2 class="SECT2"><a name="XMLSEC-EXAMPLE-ENCRYPT3">encrypt3.c</a></h2>
+<p></p>
+<div class="INFORMALEXAMPLE">
+<p></p>
+<a name="AEN783"></a><pre class="PROGRAMLISTING">/**
+ * XML Security Library example: Encrypting XML file with a session key and dynamicaly created template.
+ *
+ * Encrypts XML file using a dynamicaly created template file and a session
+ * DES key (encrypted with an RSA key).
+ *
+ * Usage:
+ * ./encrypt3 &lt;xml-doc&gt; &lt;rsa-pem-key-file&gt;
+ *
+ * Example:
+ * ./encrypt3 encrypt3-doc.xml rsakey.pem &gt; encrypt3-res.xml
+ *
+ * The result could be decrypted with decrypt3 example:
+ * ./decrypt3 encrypt3-res.xml
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin &lt;aleksey@aleksey.com&gt;
+ */
+#include &lt;stdlib.h&gt;
+#include &lt;string.h&gt;
+#include &lt;assert.h&gt;
+
+#include &lt;libxml/tree.h&gt;
+#include &lt;libxml/xmlmemory.h&gt;
+#include &lt;libxml/parser.h&gt;
+
+#ifndef XMLSEC_NO_XSLT
+#include &lt;libxslt/xslt.h&gt;
+#include &lt;libxslt/security.h&gt;
+#endif /* XMLSEC_NO_XSLT */
+
+#include &lt;xmlsec/xmlsec.h&gt;
+#include &lt;xmlsec/xmltree.h&gt;
+#include &lt;xmlsec/xmlenc.h&gt;
+#include &lt;xmlsec/templates.h&gt;
+#include &lt;xmlsec/crypto.h&gt;
+
+xmlSecKeysMngrPtr load_rsa_keys(char* key_file);
+int encrypt_file(xmlSecKeysMngrPtr mngr, const char* xml_file, const char* key_name);
+
+int
+main(int argc, char **argv) {
+ xmlSecKeysMngrPtr mngr;
+#ifndef XMLSEC_NO_XSLT
+ xsltSecurityPrefsPtr xsltSecPrefs = NULL;
+#endif /* XMLSEC_NO_XSLT */
+
+ assert(argv);
+
+ if(argc != 3) {
+ fprintf(stderr, "Error: wrong number of arguments.\n");
+ fprintf(stderr, "Usage: %s &lt;xml-file&gt; &lt;key-file&gt;\n", argv[0]);
+ return(1);
+ }
+
+ /* Init libxml and libxslt libraries */
+ xmlInitParser();
+ LIBXML_TEST_VERSION
+ xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ xmlSubstituteEntitiesDefault(1);
+#ifndef XMLSEC_NO_XSLT
+ xmlIndentTreeOutput = 1;
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init libxslt */
+#ifndef XMLSEC_NO_XSLT
+ /* disable everything */
+ xsltSecPrefs = xsltNewSecurityPrefs();
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid);
+ xsltSetDefaultSecurityPrefs(xsltSecPrefs);
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init xmlsec library */
+ if(xmlSecInit() &lt; 0) {
+ fprintf(stderr, "Error: xmlsec initialization failed.\n");
+ return(-1);
+ }
+
+ /* Check loaded library version */
+ if(xmlSecCheckVersion() != 1) {
+ fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n");
+ return(-1);
+ }
+
+ /* Load default crypto engine if we are supporting dynamic
+ * loading for xmlsec-crypto libraries. Use the crypto library
+ * name ("openssl", "nss", etc.) to load corresponding
+ * xmlsec-crypto library.
+ */
+#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+ if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) &lt; 0) {
+ fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n"
+ "that you have it installed and check shared libraries path\n"
+ "(LD_LIBRARY_PATH) envornment variable.\n");
+ return(-1);
+ }
+#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+
+ /* Init crypto library */
+ if(xmlSecCryptoAppInit(NULL) &lt; 0) {
+ fprintf(stderr, "Error: crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* Init xmlsec-crypto library */
+ if(xmlSecCryptoInit() &lt; 0) {
+ fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* create keys manager and load keys */
+ mngr = load_rsa_keys(argv[2]);
+ if(mngr == NULL) {
+ return(-1);
+ }
+
+ /* we use key filename as key name here */
+ if(encrypt_file(mngr, argv[1], argv[2]) &lt; 0) {
+ xmlSecKeysMngrDestroy(mngr);
+ return(-1);
+ }
+
+ /* destroy keys manager */
+ xmlSecKeysMngrDestroy(mngr);
+
+ /* Shutdown xmlsec-crypto library */
+ xmlSecCryptoShutdown();
+
+ /* Shutdown crypto library */
+ xmlSecCryptoAppShutdown();
+
+ /* Shutdown xmlsec library */
+ xmlSecShutdown();
+
+ /* Shutdown libxslt/libxml */
+#ifndef XMLSEC_NO_XSLT
+ xsltFreeSecurityPrefs(xsltSecPrefs);
+ xsltCleanupGlobals();
+#endif /* XMLSEC_NO_XSLT */
+ xmlCleanupParser();
+
+ return(0);
+}
+
+/**
+ * load_rsa_keys:
+ * @key_file: the key filename.
+ *
+ * Creates simple keys manager and load RSA key from #key_file in it.
+ * The caller is responsible for destroing returned keys manager using
+ * @xmlSecKeysMngrDestroy.
+ *
+ * Returns the pointer to newly created keys manager or NULL if an error
+ * occurs.
+ */
+xmlSecKeysMngrPtr
+load_rsa_keys(char* key_file) {
+ xmlSecKeysMngrPtr mngr;
+ xmlSecKeyPtr key;
+
+ assert(key_file);
+
+ /* create and initialize keys manager, we use a simple list based
+ * keys manager, implement your own xmlSecKeysStore klass if you need
+ * something more sophisticated
+ */
+ mngr = xmlSecKeysMngrCreate();
+ if(mngr == NULL) {
+ fprintf(stderr, "Error: failed to create keys manager.\n");
+ return(NULL);
+ }
+ if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) &lt; 0) {
+ fprintf(stderr, "Error: failed to initialize keys manager.\n");
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* load private RSA key */
+ key = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
+ if(key == NULL) {
+ fprintf(stderr,"Error: failed to load rsa key from file \"%s\"\n", key_file);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(key, BAD_CAST key_file) &lt; 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
+ xmlSecKeyDestroy(key);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* add key to keys manager, from now on keys manager is responsible
+ * for destroying key
+ */
+ if(xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key) &lt; 0) {
+ fprintf(stderr,"Error: failed to add key from \"%s\" to keys manager\n", key_file);
+ xmlSecKeyDestroy(key);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ return(mngr);
+}
+
+/**
+ * encrypt_file:
+ * @mngr: the pointer to keys manager.
+ * @xml_file: the encryption template file name.
+ * @key_name: the RSA key name.
+ *
+ * Encrypts #xml_file using a dynamicaly created template, a session DES key
+ * and an RSA key from keys manager.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+encrypt_file(xmlSecKeysMngrPtr mngr, const char* xml_file, const char* key_name) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr encDataNode = NULL;
+ xmlNodePtr keyInfoNode = NULL;
+ xmlNodePtr encKeyNode = NULL;
+ xmlNodePtr keyInfoNode2 = NULL;
+ xmlSecEncCtxPtr encCtx = NULL;
+ int res = -1;
+
+ assert(mngr);
+ assert(xml_file);
+ assert(key_name);
+
+ /* load template */
+ doc = xmlParseFile(xml_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* create encryption template to encrypt XML file and replace
+ * its content with encryption result */
+ encDataNode = xmlSecTmplEncDataCreate(doc, xmlSecTransformDes3CbcId,
+ NULL, xmlSecTypeEncElement, NULL, NULL);
+ if(encDataNode == NULL) {
+ fprintf(stderr, "Error: failed to create encryption template\n");
+ goto done;
+ }
+
+ /* we want to put encrypted data in the &lt;enc:CipherValue/&gt; node */
+ if(xmlSecTmplEncDataEnsureCipherValue(encDataNode) == NULL) {
+ fprintf(stderr, "Error: failed to add CipherValue node\n");
+ goto done;
+ }
+
+ /* add &lt;dsig:KeyInfo/&gt; */
+ keyInfoNode = xmlSecTmplEncDataEnsureKeyInfo(encDataNode, NULL);
+ if(keyInfoNode == NULL) {
+ fprintf(stderr, "Error: failed to add key info\n");
+ goto done;
+ }
+
+ /* add &lt;enc:EncryptedKey/&gt; to store the encrypted session key */
+ encKeyNode = xmlSecTmplKeyInfoAddEncryptedKey(keyInfoNode,
+ xmlSecTransformRsaPkcs1Id,
+ NULL, NULL, NULL);
+ if(encKeyNode == NULL) {
+ fprintf(stderr, "Error: failed to add key info\n");
+ goto done;
+ }
+
+ /* we want to put encrypted key in the &lt;enc:CipherValue/&gt; node */
+ if(xmlSecTmplEncDataEnsureCipherValue(encKeyNode) == NULL) {
+ fprintf(stderr, "Error: failed to add CipherValue node\n");
+ goto done;
+ }
+
+ /* add &lt;dsig:KeyInfo/&gt; and &lt;dsig:KeyName/&gt; nodes to &lt;enc:EncryptedKey/&gt; */
+ keyInfoNode2 = xmlSecTmplEncDataEnsureKeyInfo(encKeyNode, NULL);
+ if(keyInfoNode2 == NULL) {
+ fprintf(stderr, "Error: failed to add key info\n");
+ goto done;
+ }
+
+ /* set key name so we can lookup key when needed */
+ if(xmlSecTmplKeyInfoAddKeyName(keyInfoNode2, key_name) == NULL) {
+ fprintf(stderr, "Error: failed to add key name\n");
+ goto done;
+ }
+
+ /* create encryption context */
+ encCtx = xmlSecEncCtxCreate(mngr);
+ if(encCtx == NULL) {
+ fprintf(stderr,"Error: failed to create encryption context\n");
+ goto done;
+ }
+
+ /* generate a Triple DES key */
+ encCtx-&gt;encKey = xmlSecKeyGenerate(xmlSecKeyDataDesId, 192, xmlSecKeyDataTypeSession);
+ if(encCtx-&gt;encKey == NULL) {
+ fprintf(stderr,"Error: failed to generate session des key\n");
+ goto done;
+ }
+
+ /* encrypt the data */
+ if(xmlSecEncCtxXmlEncrypt(encCtx, encDataNode, xmlDocGetRootElement(doc)) &lt; 0) {
+ fprintf(stderr,"Error: encryption failed\n");
+ goto done;
+ }
+
+ /* we template is inserted in the doc */
+ encDataNode = NULL;
+
+ /* print encrypted data with document to stdout */
+ xmlDocDump(stdout, doc);
+
+ /* success */
+ res = 0;
+
+done:
+
+ /* cleanup */
+ if(encCtx != NULL) {
+ xmlSecEncCtxDestroy(encCtx);
+ }
+
+ if(encDataNode != NULL) {
+ xmlFreeNode(encDataNode);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+} </pre>
+<p></p>
+</div>
+</div>
+<br clear="all"><div class="SECT2">
+<h2 class="SECT2"><a name="XMLSEC-EXAMPLE-ENCRYPT3-DOC">encrypt3-doc.xml</a></h2>
+<p></p>
+<div class="INFORMALEXAMPLE">
+<p></p>
+<a name="AEN788"></a><pre class="PROGRAMLISTING">&lt;?xml version="1.0" encoding="UTF-8"?&gt;
+&lt;!--
+XML Security Library example: Original XML doc file before encryption (encrypt3 example).
+--&gt;
+&lt;Envelope xmlns="urn:envelope"&gt;
+ &lt;Data&gt;
+ Hello, World!
+ &lt;/Data&gt;
+&lt;/Envelope&gt;</pre>
+<p></p>
+</div>
+</div>
+<br clear="all"><div class="SECT2">
+<h2 class="SECT2"><a name="XMLSEC-EXAMPLE-ENCRYPT3-RES">encrypt3-res.xml</a></h2>
+<p></p>
+<div class="INFORMALEXAMPLE">
+<p></p>
+<a name="AEN793"></a><pre class="PROGRAMLISTING">&lt;?xml version="1.0" encoding="UTF-8"?&gt;
+&lt;!--
+XML Security Library example: XML doc file encrypted with a session DES key (encrypt3 example).
+--&gt;
+&lt;EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element"&gt;
+&lt;EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/&gt;
+&lt;KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"&gt;
+&lt;EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#"&gt;
+&lt;EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/&gt;
+&lt;KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"&gt;
+&lt;KeyName&gt;rsakey.pem&lt;/KeyName&gt;
+&lt;/KeyInfo&gt;
+&lt;CipherData&gt;
+&lt;CipherValue&gt;IPiEu9Nv+EsGyvVeXO9nl5iZhhi+uzQH1I3/DTs3+eamBvioyaawRIlvTql7LYL5
+Mi91Qs8ozfW/fWZ8zB8AE2PosaX37SqiuEta68+65/Ed4v1rkGN0Awux8+gJqJmp
+c2kJhzAoQIAIGAW4nTGP9tl9QUHfwKh2KPA104vezk70ijvF7TrbTmhdfmULAuWK
+Tbsg8sXAPhGmPh5KckM2Xe387iPh4ue2+2TGdWqwXygVdvIUIbcIMq6F+/mWlcmf
+Gs5FVI7CTjaLmeyO4ho+FGmicmqH2hEkZW0a2ktDh4BU/MxYF6L7oayrVWDGp2IH
+dzQAwUT2qJcFjElO8xUz3g==&lt;/CipherValue&gt;
+&lt;/CipherData&gt;
+&lt;/EncryptedKey&gt;
+&lt;/KeyInfo&gt;
+&lt;CipherData&gt;
+&lt;CipherValue&gt;xrfPSA+BEI+8ca23RN34gtee5lOMx8Cn+ZGWyxitiktdZ1+XREH+57li63VutCwp
+s6ifbZgXIBsFdxPpMBUFlyTWAAO+NLooIwGoczXi14z62lHr7Ck6FA==&lt;/CipherValue&gt;
+&lt;/CipherData&gt;
+&lt;/EncryptedData&gt;</pre>
+<p></p>
+</div>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-encrypt-dynamic-template.html"><b>&lt;&lt;&lt; Encrypting data with a dynamicaly created template.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-decrypt-with-signle-key.html"><b>Decrypting data with a single key. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-encryption-klasses.html b/docs/api/xmlsec-encryption-klasses.html
new file mode 100644
index 00000000..561a37fa
--- /dev/null
+++ b/docs/api/xmlsec-encryption-klasses.html
@@ -0,0 +1,101 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>APPENDIX B. XML Security Library Encryption Klasses.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library Tutorial" href="xmlsec-notes.html">
+<link rel="PREVIOUS" title="APPENDIX A. XML Security Library Signature Klasses." href="xmlsec-signature-klasses.html">
+<link rel="NEXT" title="XML Security Library API Reference." href="xmlsec-reference.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-signature-klasses.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-reference.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<div class="CHAPTER">
+<h1>
+<a name="XMLSEC-ENCRYPTION-KLASSES"></a>APPENDIX B. XML Security Library Encryption Klasses.</h1>
+<div class="FIGURE">
+<a name="AEN823"></a><p><b>Figure 1. XML Security Library Encryption Klasses.</b></p>
+<p><img src="images/encryption-structure.png" align="CENTER"></p>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-signature-klasses.html"><b>&lt;&lt;&lt; APPENDIX A. XML Security Library Signature Klasses.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-reference.html"><b>XML Security Library API Reference. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-errors.html b/docs/api/xmlsec-errors.html
new file mode 100644
index 00000000..03c97764
--- /dev/null
+++ b/docs/api/xmlsec-errors.html
@@ -0,0 +1,744 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>errors</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Core Library API Reference." href="xmlsec-ref.html">
+<link rel="PREVIOUS" title="dl" href="xmlsec-dl.html">
+<link rel="NEXT" title="io" href="xmlsec-io.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-dl.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-io.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-ERRORS"></a>errors</h1>
+<div class="REFNAMEDIV">
+<a name="AEN5416"></a><h2>Name</h2>errors -- Error/log messages support.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-ERRORS.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS">#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-XMLSEC-FAILED:CAPS">XMLSEC_ERRORS_R_XMLSEC_FAILED</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-MALLOC-FAILED:CAPS">XMLSEC_ERRORS_R_MALLOC_FAILED</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-STRDUP-FAILED:CAPS">XMLSEC_ERRORS_R_STRDUP_FAILED</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-CRYPTO-FAILED:CAPS">XMLSEC_ERRORS_R_CRYPTO_FAILED</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-XML-FAILED:CAPS">XMLSEC_ERRORS_R_XML_FAILED</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-XSLT-FAILED:CAPS">XMLSEC_ERRORS_R_XSLT_FAILED</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-IO-FAILED:CAPS">XMLSEC_ERRORS_R_IO_FAILED</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-DISABLED:CAPS">XMLSEC_ERRORS_R_DISABLED</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-NOT-IMPLEMENTED:CAPS">XMLSEC_ERRORS_R_NOT_IMPLEMENTED</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-INVALID-SIZE:CAPS">XMLSEC_ERRORS_R_INVALID_SIZE</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-INVALID-DATA:CAPS">XMLSEC_ERRORS_R_INVALID_DATA</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-INVALID-RESULT:CAPS">XMLSEC_ERRORS_R_INVALID_RESULT</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-INVALID-TYPE:CAPS">XMLSEC_ERRORS_R_INVALID_TYPE</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-INVALID-OPERATION:CAPS">XMLSEC_ERRORS_R_INVALID_OPERATION</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-INVALID-STATUS:CAPS">XMLSEC_ERRORS_R_INVALID_STATUS</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-INVALID-FORMAT:CAPS">XMLSEC_ERRORS_R_INVALID_FORMAT</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-DATA-NOT-MATCH:CAPS">XMLSEC_ERRORS_R_DATA_NOT_MATCH</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-INVALID-NODE:CAPS">XMLSEC_ERRORS_R_INVALID_NODE</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-INVALID-NODE-CONTENT:CAPS">XMLSEC_ERRORS_R_INVALID_NODE_CONTENT</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-INVALID-NODE-ATTRIBUTE:CAPS">XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-MISSING-NODE-ATTRIBUTE:CAPS">XMLSEC_ERRORS_R_MISSING_NODE_ATTRIBUTE</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-NODE-ALREADY-PRESENT:CAPS">XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-UNEXPECTED-NODE:CAPS">XMLSEC_ERRORS_R_UNEXPECTED_NODE</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-NODE-NOT-FOUND:CAPS">XMLSEC_ERRORS_R_NODE_NOT_FOUND</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-INVALID-TRANSFORM:CAPS">XMLSEC_ERRORS_R_INVALID_TRANSFORM</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-INVALID-TRANSFORM-KEY:CAPS">XMLSEC_ERRORS_R_INVALID_TRANSFORM_KEY</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-INVALID-URI-TYPE:CAPS">XMLSEC_ERRORS_R_INVALID_URI_TYPE</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-TRANSFORM-SAME-DOCUMENT-REQUIRED:CAPS">XMLSEC_ERRORS_R_TRANSFORM_SAME_DOCUMENT_REQUIRED</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-TRANSFORM-DISABLED:CAPS">XMLSEC_ERRORS_R_TRANSFORM_DISABLED</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-INVALID-KEY-DATA:CAPS">XMLSEC_ERRORS_R_INVALID_KEY_DATA</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-KEY-DATA-NOT-FOUND:CAPS">XMLSEC_ERRORS_R_KEY_DATA_NOT_FOUND</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-KEY-DATA-ALREADY-EXIST:CAPS">XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-INVALID-KEY-DATA-SIZE:CAPS">XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-KEY-NOT-FOUND:CAPS">XMLSEC_ERRORS_R_KEY_NOT_FOUND</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-KEYDATA-DISABLED:CAPS">XMLSEC_ERRORS_R_KEYDATA_DISABLED</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-MAX-RETRIEVALS-LEVEL:CAPS">XMLSEC_ERRORS_R_MAX_RETRIEVALS_LEVEL</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-MAX-RETRIEVAL-TYPE-MISMATCH:CAPS">XMLSEC_ERRORS_R_MAX_RETRIEVAL_TYPE_MISMATCH</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-MAX-ENCKEY-LEVEL:CAPS">XMLSEC_ERRORS_R_MAX_ENCKEY_LEVEL</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-CERT-VERIFY-FAILED:CAPS">XMLSEC_ERRORS_R_CERT_VERIFY_FAILED</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-CERT-NOT-FOUND:CAPS">XMLSEC_ERRORS_R_CERT_NOT_FOUND</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-CERT-REVOKED:CAPS">XMLSEC_ERRORS_R_CERT_REVOKED</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-CERT-ISSUER-FAILED:CAPS">XMLSEC_ERRORS_R_CERT_ISSUER_FAILED</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-CERT-NOT-YET-VALID:CAPS">XMLSEC_ERRORS_R_CERT_NOT_YET_VALID</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-CERT-HAS-EXPIRED:CAPS">XMLSEC_ERRORS_R_CERT_HAS_EXPIRED</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-DSIG-NO-REFERENCES:CAPS">XMLSEC_ERRORS_R_DSIG_NO_REFERENCES</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-DSIG-INVALID-REFERENCE:CAPS">XMLSEC_ERRORS_R_DSIG_INVALID_REFERENCE</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-R-ASSERTION:CAPS">XMLSEC_ERRORS_R_ASSERTION</a>
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-MAX-NUMBER:CAPS">XMLSEC_ERRORS_MAX_NUMBER</a>
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> (<a href="xmlsec-errors.html#XMLSECERRORSCALLBACK">*xmlSecErrorsCallback</a>) (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *file</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> line</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *func</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *errorObject</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *errorSubject</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> reason</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *msg</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-errors.html#XMLSECERRORSINIT">xmlSecErrorsInit</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-errors.html#XMLSECERRORSSHUTDOWN">xmlSecErrorsShutdown</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-errors.html#XMLSECERRORSSETCALLBACK">xmlSecErrorsSetCallback</a> (<code class="PARAMETER"><a href="xmlsec-errors.html#XMLSECERRORSCALLBACK"><span class="TYPE">xmlSecErrorsCallback</span></a> callback</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-errors.html#XMLSECERRORSDEFAULTCALLBACK">xmlSecErrorsDefaultCallback</a> (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *file</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> line</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *func</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *errorObject</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *errorSubject</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> reason</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *msg</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-errors.html#XMLSECERRORSDEFAULTCALLBACKENABLEOUTPUT">xmlSecErrorsDefaultCallbackEnableOutput</a>
+ (<code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> enabled</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-errors.html#XMLSECERRORSGETCODE">xmlSecErrorsGetCode</a> (<code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> pos</code>);
+const <gtkdoclink href="CHAR"><span class="RETURNVALUE">char</span></gtkdoclink>* <a href="xmlsec-errors.html#XMLSECERRORSGETMSG">xmlSecErrorsGetMsg</a> (<code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> pos</code>);
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-HERE:CAPS">XMLSEC_ERRORS_HERE</a>
+#define <a href="xmlsec-errors.html#XMLSECERRORSSAFESTRING">xmlSecErrorsSafeString</a> (str)
+#define <a href="xmlsec-errors.html#XMLSEC-ERRORS-NO-MESSAGE:CAPS">XMLSEC_ERRORS_NO_MESSAGE</a>
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-errors.html#XMLSECERROR">xmlSecError</a> (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *file</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> line</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *func</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *errorObject</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *errorSubject</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> reason</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *msg</code>,
+ <code class="PARAMETER">...</code>);
+#define <a href="xmlsec-errors.html#XMLSECASSERT">xmlSecAssert</a> (p)
+#define <a href="xmlsec-errors.html#XMLSECASSERT2">xmlSecAssert2</a> (p,
+ ret)</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-ERRORS.DESCRIPTION"></a><h2>Description</h2>
+<p>Error/log messages support.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-ERRORS.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-XMLSEC-FAILED:CAPS"></a><h3>XMLSEC_ERRORS_R_XMLSEC_FAILED</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_XMLSEC_FAILED 1</pre>
+<p>An XMLSec function failed (error subject is the failed function).</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-MALLOC-FAILED:CAPS"></a><h3>XMLSEC_ERRORS_R_MALLOC_FAILED</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_MALLOC_FAILED 2</pre>
+<p>Failed to allocate memory error.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-STRDUP-FAILED:CAPS"></a><h3>XMLSEC_ERRORS_R_STRDUP_FAILED</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_STRDUP_FAILED 3</pre>
+<p>Failed to duplicate string error.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-CRYPTO-FAILED:CAPS"></a><h3>XMLSEC_ERRORS_R_CRYPTO_FAILED</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_CRYPTO_FAILED 4</pre>
+<p>Crypto (OpenSSL) function failed (error subject is the failed function).</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-XML-FAILED:CAPS"></a><h3>XMLSEC_ERRORS_R_XML_FAILED</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_XML_FAILED 5</pre>
+<p>LibXML function failed (error subject is the failed function).</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-XSLT-FAILED:CAPS"></a><h3>XMLSEC_ERRORS_R_XSLT_FAILED</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_XSLT_FAILED 6</pre>
+<p>LibXSLT function failed (error subject is the failed function).</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-IO-FAILED:CAPS"></a><h3>XMLSEC_ERRORS_R_IO_FAILED</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_IO_FAILED 7</pre>
+<p>IO operation failed.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-DISABLED:CAPS"></a><h3>XMLSEC_ERRORS_R_DISABLED</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_DISABLED 8</pre>
+<p>The feature is disabled during compilation.
+Check './configure --help' for details on how to
+enable it.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-NOT-IMPLEMENTED:CAPS"></a><h3>XMLSEC_ERRORS_R_NOT_IMPLEMENTED</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_NOT_IMPLEMENTED 9</pre>
+<p>Feature is not implemented.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-INVALID-SIZE:CAPS"></a><h3>XMLSEC_ERRORS_R_INVALID_SIZE</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_INVALID_SIZE 11</pre>
+<p>Invalid size.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-INVALID-DATA:CAPS"></a><h3>XMLSEC_ERRORS_R_INVALID_DATA</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_INVALID_DATA 12</pre>
+<p>Invalid data.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-INVALID-RESULT:CAPS"></a><h3>XMLSEC_ERRORS_R_INVALID_RESULT</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_INVALID_RESULT 13</pre>
+<p>Invalid result.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-INVALID-TYPE:CAPS"></a><h3>XMLSEC_ERRORS_R_INVALID_TYPE</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_INVALID_TYPE 14</pre>
+<p>Invalid type.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-INVALID-OPERATION:CAPS"></a><h3>XMLSEC_ERRORS_R_INVALID_OPERATION</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_INVALID_OPERATION 15</pre>
+<p>Invalid operation.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-INVALID-STATUS:CAPS"></a><h3>XMLSEC_ERRORS_R_INVALID_STATUS</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_INVALID_STATUS 16</pre>
+<p>Invalid status.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-INVALID-FORMAT:CAPS"></a><h3>XMLSEC_ERRORS_R_INVALID_FORMAT</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_INVALID_FORMAT 17</pre>
+<p>Invalid format.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-DATA-NOT-MATCH:CAPS"></a><h3>XMLSEC_ERRORS_R_DATA_NOT_MATCH</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_DATA_NOT_MATCH 18</pre>
+<p>The data do not match our expectation.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-INVALID-NODE:CAPS"></a><h3>XMLSEC_ERRORS_R_INVALID_NODE</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_INVALID_NODE 21</pre>
+<p>Invalid node (error subject is the node name).</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-INVALID-NODE-CONTENT:CAPS"></a><h3>XMLSEC_ERRORS_R_INVALID_NODE_CONTENT</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_INVALID_NODE_CONTENT 22</pre>
+<p>Invalid node content (error subject is the node name).</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-INVALID-NODE-ATTRIBUTE:CAPS"></a><h3>XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE 23</pre>
+<p>Invalid node attribute (error subject is the node name).</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-MISSING-NODE-ATTRIBUTE:CAPS"></a><h3>XMLSEC_ERRORS_R_MISSING_NODE_ATTRIBUTE</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_MISSING_NODE_ATTRIBUTE 25</pre>
+<p>Missing node attribute (error subject is the node name).</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-NODE-ALREADY-PRESENT:CAPS"></a><h3>XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT 26</pre>
+<p>Node already present,</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-UNEXPECTED-NODE:CAPS"></a><h3>XMLSEC_ERRORS_R_UNEXPECTED_NODE</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_UNEXPECTED_NODE 27</pre>
+<p>Unexpected node (error subject is the node name).</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-NODE-NOT-FOUND:CAPS"></a><h3>XMLSEC_ERRORS_R_NODE_NOT_FOUND</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_NODE_NOT_FOUND 28</pre>
+<p>Node not found (error subject is the required node name).</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-INVALID-TRANSFORM:CAPS"></a><h3>XMLSEC_ERRORS_R_INVALID_TRANSFORM</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_INVALID_TRANSFORM 31</pre>
+<p>This transform is invlaid here.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-INVALID-TRANSFORM-KEY:CAPS"></a><h3>XMLSEC_ERRORS_R_INVALID_TRANSFORM_KEY</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_INVALID_TRANSFORM_KEY 32</pre>
+<p>Key is invalid for this transform.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-INVALID-URI-TYPE:CAPS"></a><h3>XMLSEC_ERRORS_R_INVALID_URI_TYPE</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_INVALID_URI_TYPE 33</pre>
+<p>Invalid URI type.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-TRANSFORM-SAME-DOCUMENT-REQUIRED:CAPS"></a><h3>XMLSEC_ERRORS_R_TRANSFORM_SAME_DOCUMENT_REQUIRED</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_TRANSFORM_SAME_DOCUMENT_REQUIRED 34</pre>
+<p>The transform requires the input document to be the same as context.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-TRANSFORM-DISABLED:CAPS"></a><h3>XMLSEC_ERRORS_R_TRANSFORM_DISABLED</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_TRANSFORM_DISABLED 35</pre>
+<p>The transform is disabled.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-INVALID-KEY-DATA:CAPS"></a><h3>XMLSEC_ERRORS_R_INVALID_KEY_DATA</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_INVALID_KEY_DATA 41</pre>
+<p>Key data is invalid.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-KEY-DATA-NOT-FOUND:CAPS"></a><h3>XMLSEC_ERRORS_R_KEY_DATA_NOT_FOUND</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_KEY_DATA_NOT_FOUND 42</pre>
+<p>Data is not found (error subject is the data name).</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-KEY-DATA-ALREADY-EXIST:CAPS"></a><h3>XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST 43</pre>
+<p>The key data is already exist.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-INVALID-KEY-DATA-SIZE:CAPS"></a><h3>XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE 44</pre>
+<p>Invalid key size.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-KEY-NOT-FOUND:CAPS"></a><h3>XMLSEC_ERRORS_R_KEY_NOT_FOUND</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_KEY_NOT_FOUND 45</pre>
+<p>Key not found.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-KEYDATA-DISABLED:CAPS"></a><h3>XMLSEC_ERRORS_R_KEYDATA_DISABLED</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_KEYDATA_DISABLED 46</pre>
+<p>The key data type disabled.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-MAX-RETRIEVALS-LEVEL:CAPS"></a><h3>XMLSEC_ERRORS_R_MAX_RETRIEVALS_LEVEL</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_MAX_RETRIEVALS_LEVEL 51</pre>
+<p>Max allowed retrievals level reached.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-MAX-RETRIEVAL-TYPE-MISMATCH:CAPS"></a><h3>XMLSEC_ERRORS_R_MAX_RETRIEVAL_TYPE_MISMATCH</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_MAX_RETRIEVAL_TYPE_MISMATCH 52</pre>
+<p>The retrieved key data type does not match the one specified
+in the <a href="http://www.w3.org/TR/xmldsig-core/#sec-RetrievalMethod" target="_top">&lt;dsig:RetrievalMethod/&gt;</a> node.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-MAX-ENCKEY-LEVEL:CAPS"></a><h3>XMLSEC_ERRORS_R_MAX_ENCKEY_LEVEL</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_MAX_ENCKEY_LEVEL 61</pre>
+<p>Max EncryptedKey level reached.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-CERT-VERIFY-FAILED:CAPS"></a><h3>XMLSEC_ERRORS_R_CERT_VERIFY_FAILED</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_CERT_VERIFY_FAILED 71</pre>
+<p>Certificate verification failed.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-CERT-NOT-FOUND:CAPS"></a><h3>XMLSEC_ERRORS_R_CERT_NOT_FOUND</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_CERT_NOT_FOUND 72</pre>
+<p>Requested certificate is not found.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-CERT-REVOKED:CAPS"></a><h3>XMLSEC_ERRORS_R_CERT_REVOKED</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_CERT_REVOKED 73</pre>
+<p>The certificate is revoked.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-CERT-ISSUER-FAILED:CAPS"></a><h3>XMLSEC_ERRORS_R_CERT_ISSUER_FAILED</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_CERT_ISSUER_FAILED 74</pre>
+<p>Failed to get certificate issuer.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-CERT-NOT-YET-VALID:CAPS"></a><h3>XMLSEC_ERRORS_R_CERT_NOT_YET_VALID</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_CERT_NOT_YET_VALID 75</pre>
+<p>"Not valid before" verification failed.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-CERT-HAS-EXPIRED:CAPS"></a><h3>XMLSEC_ERRORS_R_CERT_HAS_EXPIRED</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_CERT_HAS_EXPIRED 76</pre>
+<p>"Not valid after" verification failed.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-DSIG-NO-REFERENCES:CAPS"></a><h3>XMLSEC_ERRORS_R_DSIG_NO_REFERENCES</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_DSIG_NO_REFERENCES 81</pre>
+<p>The &lt;dsig:Reference&gt; nodes not found.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-DSIG-INVALID-REFERENCE:CAPS"></a><h3>XMLSEC_ERRORS_R_DSIG_INVALID_REFERENCE</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_DSIG_INVALID_REFERENCE 82</pre>
+<p>The &lt;dsig:Reference&gt; validation failed.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-R-ASSERTION:CAPS"></a><h3>XMLSEC_ERRORS_R_ASSERTION</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_R_ASSERTION 100</pre>
+<p>Invalid assertion.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-MAX-NUMBER:CAPS"></a><h3>XMLSEC_ERRORS_MAX_NUMBER</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_MAX_NUMBER 256</pre>
+<p>The maximum xmlsec errors number.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECERRORSCALLBACK"></a><h3>xmlSecErrorsCallback ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> (*xmlSecErrorsCallback) (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *file</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> line</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *func</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *errorObject</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *errorSubject</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> reason</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *msg</code>);</pre>
+<p>The errors reporting callback function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN5906"><span style="white-space: nowrap"><code class="PARAMETER">file</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error location file name (__FILE__ macro).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN5911"><span style="white-space: nowrap"><code class="PARAMETER">line</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error location line number (__LINE__ macro).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN5916"><span style="white-space: nowrap"><code class="PARAMETER">func</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error location function name (__FUNCTION__ macro).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN5921"><span style="white-space: nowrap"><code class="PARAMETER">errorObject</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error specific error object</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN5926"><span style="white-space: nowrap"><code class="PARAMETER">errorSubject</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error specific error subject.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN5931"><span style="white-space: nowrap"><code class="PARAMETER">reason</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error code.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN5936"><span style="white-space: nowrap"><code class="PARAMETER">msg</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the additional error message.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECERRORSINIT"></a><h3>xmlSecErrorsInit ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecErrorsInit (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Initializes the errors reporting. It is called from <a href="xmlsec-xmlsec.html#XMLSECINIT"><span class="TYPE">xmlSecInit</span></a> function.
+and applications must not call this function directly.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECERRORSSHUTDOWN"></a><h3>xmlSecErrorsShutdown ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecErrorsShutdown (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Cleanups the errors reporting. It is called from <a href="xmlsec-xmlsec.html#XMLSECSHUTDOWN"><span class="TYPE">xmlSecShutdown</span></a> function.
+and applications must not call this function directly.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECERRORSSETCALLBACK"></a><h3>xmlSecErrorsSetCallback ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecErrorsSetCallback (<code class="PARAMETER"><a href="xmlsec-errors.html#XMLSECERRORSCALLBACK"><span class="TYPE">xmlSecErrorsCallback</span></a> callback</code>);</pre>
+<p>Sets the errors callback function to <code class="PARAMETER">callback</code> that will be called
+every time an error occurs.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN5978"><span style="white-space: nowrap"><code class="PARAMETER">callback</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new errors callback function.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECERRORSDEFAULTCALLBACK"></a><h3>xmlSecErrorsDefaultCallback ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecErrorsDefaultCallback (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *file</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> line</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *func</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *errorObject</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *errorSubject</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> reason</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *msg</code>);</pre>
+<p>The default error reporting callback that utilizes LibXML
+error reporting <gtkdoclink href="XMLGENERICERROR"><span class="TYPE">xmlGenericError</span></gtkdoclink> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6015"><span style="white-space: nowrap"><code class="PARAMETER">file</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error location file name (__FILE__ macro).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6020"><span style="white-space: nowrap"><code class="PARAMETER">line</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error location line number (__LINE__ macro).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6025"><span style="white-space: nowrap"><code class="PARAMETER">func</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error location function name (__FUNCTION__ macro).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6030"><span style="white-space: nowrap"><code class="PARAMETER">errorObject</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error specific error object</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6035"><span style="white-space: nowrap"><code class="PARAMETER">errorSubject</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error specific error subject.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6040"><span style="white-space: nowrap"><code class="PARAMETER">reason</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error code.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6045"><span style="white-space: nowrap"><code class="PARAMETER">msg</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the additional error message.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECERRORSDEFAULTCALLBACKENABLEOUTPUT"></a><h3>xmlSecErrorsDefaultCallbackEnableOutput ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecErrorsDefaultCallbackEnableOutput
+ (<code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> enabled</code>);</pre>
+<p>Enables or disables calling LibXML2 callback from the default
+errors callback.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN6062"><span style="white-space: nowrap"><code class="PARAMETER">enabled</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the flag.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECERRORSGETCODE"></a><h3>xmlSecErrorsGetCode ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecErrorsGetCode (<code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> pos</code>);</pre>
+<p>Gets the known error code at position <code class="PARAMETER">pos</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6080"><span style="white-space: nowrap"><code class="PARAMETER">pos</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error position.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6085"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the known error code or 0 if <code class="PARAMETER">pos</code> is greater than
+total number of known error codes.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECERRORSGETMSG"></a><h3>xmlSecErrorsGetMsg ()</h3>
+<pre class="PROGRAMLISTING">const <gtkdoclink href="CHAR"><span class="RETURNVALUE">char</span></gtkdoclink>* xmlSecErrorsGetMsg (<code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> pos</code>);</pre>
+<p>Gets the known error message at position <code class="PARAMETER">pos</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6104"><span style="white-space: nowrap"><code class="PARAMETER">pos</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error position.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6109"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the known error message or NULL if <code class="PARAMETER">pos</code> is greater than
+total number of known error codes.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-HERE:CAPS"></a><h3>XMLSEC_ERRORS_HERE</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_HERE __FILE__,__LINE__,__XMLSEC_FUNCTION__</pre>
+<p>The macro that specifies the location (file, line and function)
+for the <a href="xmlsec-errors.html#XMLSECERROR"><code class="FUNCTION">xmlSecError()</code></a> function.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECERRORSSAFESTRING"></a><h3>xmlSecErrorsSafeString()</h3>
+<pre class="PROGRAMLISTING">#define xmlSecErrorsSafeString(str)</pre>
+<p>Macro. Returns <code class="PARAMETER">str</code> if it is not NULL or pointer to "NULL" otherwise.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN6131"><span style="white-space: nowrap"><code class="PARAMETER">str</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the string.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ERRORS-NO-MESSAGE:CAPS"></a><h3>XMLSEC_ERRORS_NO_MESSAGE</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ERRORS_NO_MESSAGE " "</pre>
+<p>Empty error message " ".</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECERROR"></a><h3>xmlSecError ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecError (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *file</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> line</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *func</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *errorObject</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *errorSubject</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> reason</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *msg</code>,
+ <code class="PARAMETER">...</code>);</pre>
+<p>Reports an error to the default (<a href="xmlsec-errors.html#XMLSECERRORSDEFAULTCALLBACK"><span class="TYPE">xmlSecErrorsDefaultCallback</span></a>) or
+application specific callback installed using <a href="xmlsec-errors.html#XMLSECERRORSSETCALLBACK"><span class="TYPE">xmlSecErrorsSetCallback</span></a>
+function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6177"><span style="white-space: nowrap"><code class="PARAMETER">file</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error location filename (__FILE__).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6182"><span style="white-space: nowrap"><code class="PARAMETER">line</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error location line number (__LINE__).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6187"><span style="white-space: nowrap"><code class="PARAMETER">func</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error location function (__FUNCTIION__).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6192"><span style="white-space: nowrap"><code class="PARAMETER">errorObject</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error specific error object</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6197"><span style="white-space: nowrap"><code class="PARAMETER">errorSubject</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error specific error subject.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6202"><span style="white-space: nowrap"><code class="PARAMETER">reason</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error code.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6207"><span style="white-space: nowrap"><code class="PARAMETER">msg</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error message in printf format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6212"><span style="white-space: nowrap"><code class="PARAMETER">...</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the parameters for the <code class="PARAMETER">msg</code>.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECASSERT"></a><h3>xmlSecAssert()</h3>
+<pre class="PROGRAMLISTING">#define xmlSecAssert( p )</pre>
+<p>Macro. Verifies that <code class="PARAMETER">p</code> is true and calls <gtkdoclink href="RETURN"><code class="FUNCTION">return()</code></gtkdoclink> otherwise.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN6228"><span style="white-space: nowrap"><code class="PARAMETER">p</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the expression.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECASSERT2"></a><h3>xmlSecAssert2()</h3>
+<pre class="PROGRAMLISTING">#define xmlSecAssert2( p, ret )</pre>
+<p>Macro. Verifies that <code class="PARAMETER">p</code> is true and calls return(<code class="PARAMETER">ret</code>) otherwise.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6242"><span style="white-space: nowrap"><code class="PARAMETER">p</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the expression.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6247"><span style="white-space: nowrap"><code class="PARAMETER">ret</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the return value.</p></td>
+</tr>
+</tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-dl.html"><b>&lt;&lt;&lt; dl</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-io.html"><b>io &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-examples-sign-dynamimc-template.html b/docs/api/xmlsec-examples-sign-dynamimc-template.html
new file mode 100644
index 00000000..2d47acdb
--- /dev/null
+++ b/docs/api/xmlsec-examples-sign-dynamimc-template.html
@@ -0,0 +1,406 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Signing a dynamicaly created template.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Examples." href="xmlsec-examples.html">
+<link rel="PREVIOUS" title="Signing a template file." href="xmlsec-examples-sign-template-file.html">
+<link rel="NEXT" title="Signing with X509 certificate." href="xmlsec-examples-sign-x509.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-examples-sign-template-file.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-examples.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-examples-sign-x509.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-EXAMPLES-SIGN-DYNAMIMC-TEMPLATE">Signing a dynamicaly created template.</a></h1>
+<br clear="all"><div class="SECT2">
+<h2 class="SECT2"><a name="XMLSEC-EXAMPLE-SIGN2">sign2.c</a></h2>
+<p></p>
+<div class="INFORMALEXAMPLE">
+<p></p>
+<a name="AEN667"></a><pre class="PROGRAMLISTING">/**
+ * XML Security Library example: Signing a file with a dynamicaly created template.
+ *
+ * Signs a file using a dynamicaly created template and key from PEM file.
+ * The signature has one reference with one enveloped transform to sign
+ * the whole document except the &lt;dsig:Signature/&gt; node itself.
+ *
+ * Usage:
+ * sign2 &lt;xml-doc&gt; &lt;pem-key&gt;
+ *
+ * Example:
+ * ./sign2 sign2-doc.xml rsakey.pem &gt; sign2-res.xml
+ *
+ * The result signature could be validated using verify1 example:
+ * ./verify1 sign2-res.xml rsapub.pem
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin &lt;aleksey@aleksey.com&gt;
+ */
+#include &lt;stdlib.h&gt;
+#include &lt;string.h&gt;
+#include &lt;assert.h&gt;
+
+#include &lt;libxml/tree.h&gt;
+#include &lt;libxml/xmlmemory.h&gt;
+#include &lt;libxml/parser.h&gt;
+
+#ifndef XMLSEC_NO_XSLT
+#include &lt;libxslt/xslt.h&gt;
+#include &lt;libxslt/security.h&gt;
+#endif /* XMLSEC_NO_XSLT */
+
+#include &lt;xmlsec/xmlsec.h&gt;
+#include &lt;xmlsec/xmltree.h&gt;
+#include &lt;xmlsec/xmldsig.h&gt;
+#include &lt;xmlsec/templates.h&gt;
+#include &lt;xmlsec/crypto.h&gt;
+
+int sign_file(const char* xml_file, const char* key_file);
+
+int
+main(int argc, char **argv) {
+#ifndef XMLSEC_NO_XSLT
+ xsltSecurityPrefsPtr xsltSecPrefs = NULL;
+#endif /* XMLSEC_NO_XSLT */
+
+ assert(argv);
+
+ if(argc != 3) {
+ fprintf(stderr, "Error: wrong number of arguments.\n");
+ fprintf(stderr, "Usage: %s &lt;xml-file&gt; &lt;key-file&gt;\n", argv[0]);
+ return(1);
+ }
+
+ /* Init libxml and libxslt libraries */
+ xmlInitParser();
+ LIBXML_TEST_VERSION
+ xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ xmlSubstituteEntitiesDefault(1);
+#ifndef XMLSEC_NO_XSLT
+ xmlIndentTreeOutput = 1;
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init libxslt */
+#ifndef XMLSEC_NO_XSLT
+ /* disable everything */
+ xsltSecPrefs = xsltNewSecurityPrefs();
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid);
+ xsltSetDefaultSecurityPrefs(xsltSecPrefs);
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init xmlsec library */
+ if(xmlSecInit() &lt; 0) {
+ fprintf(stderr, "Error: xmlsec initialization failed.\n");
+ return(-1);
+ }
+
+ /* Check loaded library version */
+ if(xmlSecCheckVersion() != 1) {
+ fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n");
+ return(-1);
+ }
+
+ /* Load default crypto engine if we are supporting dynamic
+ * loading for xmlsec-crypto libraries. Use the crypto library
+ * name ("openssl", "nss", etc.) to load corresponding
+ * xmlsec-crypto library.
+ */
+#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+ if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) &lt; 0) {
+ fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n"
+ "that you have it installed and check shared libraries path\n"
+ "(LD_LIBRARY_PATH) envornment variable.\n");
+ return(-1);
+ }
+#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+
+ /* Init crypto library */
+ if(xmlSecCryptoAppInit(NULL) &lt; 0) {
+ fprintf(stderr, "Error: crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* Init xmlsec-crypto library */
+ if(xmlSecCryptoInit() &lt; 0) {
+ fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
+ return(-1);
+ }
+
+ if(sign_file(argv[1], argv[2]) &lt; 0) {
+ return(-1);
+ }
+
+ /* Shutdown xmlsec-crypto library */
+ xmlSecCryptoShutdown();
+
+ /* Shutdown crypto library */
+ xmlSecCryptoAppShutdown();
+
+ /* Shutdown xmlsec library */
+ xmlSecShutdown();
+
+ /* Shutdown libxslt/libxml */
+#ifndef XMLSEC_NO_XSLT
+ xsltFreeSecurityPrefs(xsltSecPrefs);
+ xsltCleanupGlobals();
+#endif /* XMLSEC_NO_XSLT */
+ xmlCleanupParser();
+
+ return(0);
+}
+
+/**
+ * sign_file:
+ * @xml_file: the XML file name.
+ * @key_file: the PEM private key file name.
+ *
+ * Signs the #xml_file using private key from #key_file and dynamicaly
+ * created enveloped signature template.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+sign_file(const char* xml_file, const char* key_file) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr signNode = NULL;
+ xmlNodePtr refNode = NULL;
+ xmlNodePtr keyInfoNode = NULL;
+ xmlSecDSigCtxPtr dsigCtx = NULL;
+ int res = -1;
+
+ assert(xml_file);
+ assert(key_file);
+
+ /* load doc file */
+ doc = xmlParseFile(xml_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* create signature template for RSA-SHA1 enveloped signature */
+ signNode = xmlSecTmplSignatureCreate(doc, xmlSecTransformExclC14NId,
+ xmlSecTransformRsaSha1Id, NULL);
+ if(signNode == NULL) {
+ fprintf(stderr, "Error: failed to create signature template\n");
+ goto done;
+ }
+
+ /* add &lt;dsig:Signature/&gt; node to the doc */
+ xmlAddChild(xmlDocGetRootElement(doc), signNode);
+
+ /* add reference */
+ refNode = xmlSecTmplSignatureAddReference(signNode, xmlSecTransformSha1Id,
+ NULL, NULL, NULL);
+ if(refNode == NULL) {
+ fprintf(stderr, "Error: failed to add reference to signature template\n");
+ goto done;
+ }
+
+ /* add enveloped transform */
+ if(xmlSecTmplReferenceAddTransform(refNode, xmlSecTransformEnvelopedId) == NULL) {
+ fprintf(stderr, "Error: failed to add enveloped transform to reference\n");
+ goto done;
+ }
+
+ /* add &lt;dsig:KeyInfo/&gt; and &lt;dsig:KeyName/&gt; nodes to put key name in the signed document */
+ keyInfoNode = xmlSecTmplSignatureEnsureKeyInfo(signNode, NULL);
+ if(keyInfoNode == NULL) {
+ fprintf(stderr, "Error: failed to add key info\n");
+ goto done;
+ }
+
+ if(xmlSecTmplKeyInfoAddKeyName(keyInfoNode, NULL) == NULL) {
+ fprintf(stderr, "Error: failed to add key name\n");
+ goto done;
+ }
+
+ /* create signature context, we don't need keys manager in this example */
+ dsigCtx = xmlSecDSigCtxCreate(NULL);
+ if(dsigCtx == NULL) {
+ fprintf(stderr,"Error: failed to create signature context\n");
+ goto done;
+ }
+
+ /* load private key, assuming that there is not password */
+ dsigCtx-&gt;signKey = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
+ if(dsigCtx-&gt;signKey == NULL) {
+ fprintf(stderr,"Error: failed to load private pem key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(dsigCtx-&gt;signKey, key_file) &lt; 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* sign the template */
+ if(xmlSecDSigCtxSign(dsigCtx, signNode) &lt; 0) {
+ fprintf(stderr,"Error: signature failed\n");
+ goto done;
+ }
+
+ /* print signed document to stdout */
+ xmlDocDump(stdout, doc);
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(dsigCtx != NULL) {
+ xmlSecDSigCtxDestroy(dsigCtx);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+} </pre>
+<p></p>
+</div>
+</div>
+<br clear="all"><div class="SECT2">
+<h2 class="SECT2"><a name="XMLSEC-EXAMPLE-SIGN2-DOC">sign2-doc.xml</a></h2>
+<p></p>
+<div class="INFORMALEXAMPLE">
+<p></p>
+<a name="AEN672"></a><pre class="PROGRAMLISTING">&lt;?xml version="1.0" encoding="UTF-8"?&gt;
+&lt;!--
+XML Security Library example: Original XML doc file for sign2 example.
+--&gt;
+&lt;Envelope xmlns="urn:envelope"&gt;
+ &lt;Data&gt;
+ Hello, World!
+ &lt;/Data&gt;
+&lt;/Envelope&gt;</pre>
+<p></p>
+</div>
+</div>
+<br clear="all"><div class="SECT2">
+<h2 class="SECT2"><a name="XMLSEC-EXAMPLE-SIGN2-RES">sign2-res.xml</a></h2>
+<p></p>
+<div class="INFORMALEXAMPLE">
+<p></p>
+<a name="AEN677"></a><pre class="PROGRAMLISTING">&lt;?xml version="1.0" encoding="UTF-8"?&gt;
+&lt;!--
+XML Security Library example: Signed XML doc file (sign2 example).
+--&gt;
+&lt;Envelope xmlns="urn:envelope"&gt;
+ &lt;Data&gt;
+ Hello, World!
+ &lt;/Data&gt;
+&lt;Signature xmlns="http://www.w3.org/2000/09/xmldsig#"&gt;
+&lt;SignedInfo&gt;
+&lt;CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/&gt;
+&lt;SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/&gt;
+&lt;Reference&gt;
+&lt;Transforms&gt;
+&lt;Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/&gt;
+&lt;/Transforms&gt;
+&lt;DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/&gt;
+&lt;DigestValue&gt;HjY8ilZAIEM2tBbPn5mYO1ieIX4=&lt;/DigestValue&gt;
+&lt;/Reference&gt;
+&lt;/SignedInfo&gt;
+&lt;SignatureValue&gt;SIaj/6KY3C1SmDXU2++Gm31U1xTadFp04WhBgfsJFbxrL+q7GKSKN9kfQ+UpN9+i
+D5fWmuavXEHe4Gw6RMaMEkq2URQo7F68+d5J/ajq8/l4n+xE6/reGScVwT6L4dEP
+XXVJcAi2ZnQ3O7GTNvNGCPibL9mUcyCWBFZ92Uemtc/vJFCQ7ZyKMdMfACgxOwyN
+T/9971oog241/2doudhonc0I/3mgPYWkZdX6yvr62mEjnG+oUZkhWYJ4ewZJ4hM4
+JjbFqZO+OEzDRSbw3DkmuBA/mtlx+3t13SESfEub5hqoMdVmtth/eTb64dsPdl9r
+3k1ACVX9f8aHfQQdJOmLFQ==&lt;/SignatureValue&gt;
+&lt;KeyInfo&gt;
+&lt;KeyName&gt;rsakey.pem&lt;/KeyName&gt;
+&lt;/KeyInfo&gt;
+&lt;/Signature&gt;&lt;/Envelope&gt;</pre>
+<p></p>
+</div>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-examples-sign-template-file.html"><b>&lt;&lt;&lt; Signing a template file.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-examples-sign-x509.html"><b>Signing with X509 certificate. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-examples-sign-template-file.html b/docs/api/xmlsec-examples-sign-template-file.html
new file mode 100644
index 00000000..a6cf34e6
--- /dev/null
+++ b/docs/api/xmlsec-examples-sign-template-file.html
@@ -0,0 +1,388 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Signing a template file.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Examples." href="xmlsec-examples.html">
+<link rel="PREVIOUS" title="Examples." href="xmlsec-examples.html">
+<link rel="NEXT" title="Signing a dynamicaly created template." href="xmlsec-examples-sign-dynamimc-template.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-examples.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-examples.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-examples-sign-dynamimc-template.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-EXAMPLES-SIGN-TEMPLATE-FILE">Signing a template file.</a></h1>
+<br clear="all"><div class="SECT2">
+<h2 class="SECT2"><a name="XMLSEC-EXAMPLE-SIGN1">sign1.c</a></h2>
+<p></p>
+<div class="INFORMALEXAMPLE">
+<p></p>
+<a name="AEN650"></a><pre class="PROGRAMLISTING">/**
+ * XML Security Library example: Signing a template file.
+ *
+ * Signs a template file using a key from PEM file
+ *
+ * Usage:
+ * ./sign1 &lt;xml-tmpl&gt; &lt;pem-key&gt;
+ *
+ * Example:
+ * ./sign1 sign1-tmpl.xml rsakey.pem &gt; sign1-res.xml
+ *
+ * The result signature could be validated using verify1 example:
+ * ./verify1 sign1-res.xml rsapub.pem
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin &lt;aleksey@aleksey.com&gt;
+ */
+#include &lt;stdlib.h&gt;
+#include &lt;string.h&gt;
+#include &lt;assert.h&gt;
+
+#include &lt;libxml/tree.h&gt;
+#include &lt;libxml/xmlmemory.h&gt;
+#include &lt;libxml/parser.h&gt;
+
+#ifndef XMLSEC_NO_XSLT
+#include &lt;libxslt/xslt.h&gt;
+#include &lt;libxslt/security.h&gt;
+#endif /* XMLSEC_NO_XSLT */
+
+#include &lt;xmlsec/xmlsec.h&gt;
+#include &lt;xmlsec/xmltree.h&gt;
+#include &lt;xmlsec/xmldsig.h&gt;
+#include &lt;xmlsec/crypto.h&gt;
+
+int sign_file(const char* tmpl_file, const char* key_file);
+
+int
+main(int argc, char **argv) {
+#ifndef XMLSEC_NO_XSLT
+ xsltSecurityPrefsPtr xsltSecPrefs = NULL;
+#endif /* XMLSEC_NO_XSLT */
+
+ assert(argv);
+
+ if(argc != 3) {
+ fprintf(stderr, "Error: wrong number of arguments.\n");
+ fprintf(stderr, "Usage: %s &lt;tmpl-file&gt; &lt;key-file&gt;\n", argv[0]);
+ return(1);
+ }
+
+ /* Init libxml and libxslt libraries */
+ xmlInitParser();
+ LIBXML_TEST_VERSION
+ xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ xmlSubstituteEntitiesDefault(1);
+#ifndef XMLSEC_NO_XSLT
+ xmlIndentTreeOutput = 1;
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init libxslt */
+#ifndef XMLSEC_NO_XSLT
+ /* disable everything */
+ xsltSecPrefs = xsltNewSecurityPrefs();
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid);
+ xsltSetDefaultSecurityPrefs(xsltSecPrefs);
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init xmlsec library */
+ if(xmlSecInit() &lt; 0) {
+ fprintf(stderr, "Error: xmlsec initialization failed.\n");
+ return(-1);
+ }
+
+ /* Check loaded library version */
+ if(xmlSecCheckVersion() != 1) {
+ fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n");
+ return(-1);
+ }
+
+ /* Load default crypto engine if we are supporting dynamic
+ * loading for xmlsec-crypto libraries. Use the crypto library
+ * name ("openssl", "nss", etc.) to load corresponding
+ * xmlsec-crypto library.
+ */
+#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+ if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) &lt; 0) {
+ fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n"
+ "that you have it installed and check shared libraries path\n"
+ "(LD_LIBRARY_PATH) envornment variable.\n");
+ return(-1);
+ }
+#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+
+ /* Init crypto library */
+ if(xmlSecCryptoAppInit(NULL) &lt; 0) {
+ fprintf(stderr, "Error: crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* Init xmlsec-crypto library */
+ if(xmlSecCryptoInit() &lt; 0) {
+ fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
+ return(-1);
+ }
+
+ if(sign_file(argv[1], argv[2]) &lt; 0) {
+ return(-1);
+ }
+
+ /* Shutdown xmlsec-crypto library */
+ xmlSecCryptoShutdown();
+
+ /* Shutdown crypto library */
+ xmlSecCryptoAppShutdown();
+
+ /* Shutdown xmlsec library */
+ xmlSecShutdown();
+
+ /* Shutdown libxslt/libxml */
+#ifndef XMLSEC_NO_XSLT
+ xsltFreeSecurityPrefs(xsltSecPrefs);
+ xsltCleanupGlobals();
+#endif /* XMLSEC_NO_XSLT */
+ xmlCleanupParser();
+
+ return(0);
+}
+
+/**
+ * sign_file:
+ * @tmpl_file: the signature template file name.
+ * @key_file: the PEM private key file name.
+ *
+ * Signs the #tmpl_file using private key from #key_file.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+sign_file(const char* tmpl_file, const char* key_file) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr node = NULL;
+ xmlSecDSigCtxPtr dsigCtx = NULL;
+ int res = -1;
+
+ assert(tmpl_file);
+ assert(key_file);
+
+ /* load template */
+ doc = xmlParseFile(tmpl_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", tmpl_file);
+ goto done;
+ }
+
+ /* find start node */
+ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
+ if(node == NULL) {
+ fprintf(stderr, "Error: start node not found in \"%s\"\n", tmpl_file);
+ goto done;
+ }
+
+ /* create signature context, we don't need keys manager in this example */
+ dsigCtx = xmlSecDSigCtxCreate(NULL);
+ if(dsigCtx == NULL) {
+ fprintf(stderr,"Error: failed to create signature context\n");
+ goto done;
+ }
+
+ /* load private key, assuming that there is not password */
+ dsigCtx-&gt;signKey = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
+ if(dsigCtx-&gt;signKey == NULL) {
+ fprintf(stderr,"Error: failed to load private pem key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(dsigCtx-&gt;signKey, key_file) &lt; 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* sign the template */
+ if(xmlSecDSigCtxSign(dsigCtx, node) &lt; 0) {
+ fprintf(stderr,"Error: signature failed\n");
+ goto done;
+ }
+
+ /* print signed document to stdout */
+ xmlDocDump(stdout, doc);
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(dsigCtx != NULL) {
+ xmlSecDSigCtxDestroy(dsigCtx);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+} </pre>
+<p></p>
+</div>
+</div>
+<br clear="all"><div class="SECT2">
+<h2 class="SECT2"><a name="XMLSEC-EXAMPLE-SIGN1-TMPL">sign1-tmpl.xml</a></h2>
+<p></p>
+<div class="INFORMALEXAMPLE">
+<p></p>
+<a name="AEN655"></a><pre class="PROGRAMLISTING">&lt;?xml version="1.0" encoding="UTF-8"?&gt;
+&lt;!--
+XML Security Library example: Simple signature template file for sign1 example.
+--&gt;
+&lt;Envelope xmlns="urn:envelope"&gt;
+ &lt;Data&gt;
+ Hello, World!
+ &lt;/Data&gt;
+ &lt;Signature xmlns="http://www.w3.org/2000/09/xmldsig#"&gt;
+ &lt;SignedInfo&gt;
+ &lt;CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /&gt;
+ &lt;SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /&gt;
+ &lt;Reference URI=""&gt;
+ &lt;Transforms&gt;
+ &lt;Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /&gt;
+ &lt;/Transforms&gt;
+ &lt;DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /&gt;
+ &lt;DigestValue&gt;&lt;/DigestValue&gt;
+ &lt;/Reference&gt;
+ &lt;/SignedInfo&gt;
+ &lt;SignatureValue/&gt;
+ &lt;KeyInfo&gt;
+ &lt;KeyName/&gt;
+ &lt;/KeyInfo&gt;
+ &lt;/Signature&gt;
+&lt;/Envelope&gt; </pre>
+<p></p>
+</div>
+</div>
+<br clear="all"><div class="SECT2">
+<h2 class="SECT2"><a name="XMLSEC-EXAMPLE-SIGN1-RES">sign1-res.xml</a></h2>
+<p></p>
+<div class="INFORMALEXAMPLE">
+<p></p>
+<a name="AEN660"></a><pre class="PROGRAMLISTING">&lt;?xml version="1.0" encoding="UTF-8"?&gt;
+&lt;!--
+XML Security Library example: Signed file (sign1 example).
+--&gt;
+&lt;Envelope xmlns="urn:envelope"&gt;
+ &lt;Data&gt;
+ Hello, World!
+ &lt;/Data&gt;
+ &lt;Signature xmlns="http://www.w3.org/2000/09/xmldsig#"&gt;
+ &lt;SignedInfo&gt;
+ &lt;CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/&gt;
+ &lt;SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/&gt;
+ &lt;Reference URI=""&gt;
+ &lt;Transforms&gt;
+ &lt;Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/&gt;
+ &lt;/Transforms&gt;
+ &lt;DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/&gt;
+ &lt;DigestValue&gt;9H/rQr2Axe9hYTV2n/tCp+3UIQQ=&lt;/DigestValue&gt;
+ &lt;/Reference&gt;
+ &lt;/SignedInfo&gt;
+ &lt;SignatureValue&gt;Mx4psIy9/UY+u8QBJRDrwQWKRaCGz0WOVftyDzAe6WHAFSjMNr7qb2ojq9kdipT8
+Oub5q2OQ7mzdSLiiejkrO1VeqM/90yEIGI4En6KEB6ArEzw+iq4N1wm6EptcyxXx
+M9StAOOa9ilWYqR9Tfx3SW1urUIuKYgUitxsONiUHBVaW6HeX51bsXoTF++4ZI+D
+jiPBjN4HHmr0cbJ6BXk91S27ffZIfp1Qj5nL9onFLUGbR6EFgu2luiRzQbPuM2tP
+XxyI7GZ8AfHnRJK28ARvBC9oi+O1ej20S79CIV7gdBxbLbFprozBHAwOEC57YgJc
+x+YEjSjcO7SBIR1FiUA7pw==&lt;/SignatureValue&gt;
+ &lt;KeyInfo&gt;
+ &lt;KeyName&gt;rsakey.pem&lt;/KeyName&gt;
+ &lt;/KeyInfo&gt;
+ &lt;/Signature&gt;
+&lt;/Envelope&gt;</pre>
+<p></p>
+</div>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-examples.html"><b>&lt;&lt;&lt; Examples.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-examples-sign-dynamimc-template.html"><b>Signing a dynamicaly created template. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-examples-sign-x509.html b/docs/api/xmlsec-examples-sign-x509.html
new file mode 100644
index 00000000..796c5f67
--- /dev/null
+++ b/docs/api/xmlsec-examples-sign-x509.html
@@ -0,0 +1,447 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Signing with X509 certificate.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Examples." href="xmlsec-examples.html">
+<link rel="PREVIOUS" title="Signing a dynamicaly created template." href="xmlsec-examples-sign-dynamimc-template.html">
+<link rel="NEXT" title="Verifying a signature with a single key." href="xmlsec-verify-with-key.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-examples-sign-dynamimc-template.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-examples.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-verify-with-key.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-EXAMPLES-SIGN-X509">Signing with X509 certificate.</a></h1>
+<br clear="all"><div class="SECT2">
+<h2 class="SECT2"><a name="XMLSEC-EXAMPLE-SIGN3">sign3.c</a></h2>
+<p></p>
+<div class="INFORMALEXAMPLE">
+<p></p>
+<a name="AEN684"></a><pre class="PROGRAMLISTING">/**
+ * XML Security Library example: Signing a file with a dynamicaly created template and an X509 certificate.
+ *
+ * Signs a file using a dynamicaly created template, key from PEM file and
+ * an X509 certificate. The signature has one reference with one enveloped
+ * transform to sign the whole document except the &lt;dsig:Signature/&gt; node
+ * itself. The key certificate is written in the &lt;dsig:X509Data/&gt; node.
+ *
+ * This example was developed and tested with OpenSSL crypto library. The
+ * certificates management policies for another crypto library may break it.
+ *
+ * Usage:
+ * sign3 &lt;xml-doc&gt; &lt;pem-key&gt;
+ *
+ * Example:
+ * ./sign3 sign3-doc.xml rsakey.pem rsacert.pem &gt; sign3-res.xml
+ *
+ * The result signature could be validated using verify3 example:
+ * ./verify3 sign3-res.xml rootcert.pem
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin &lt;aleksey@aleksey.com&gt;
+ */
+#include &lt;stdlib.h&gt;
+#include &lt;string.h&gt;
+#include &lt;assert.h&gt;
+
+#include &lt;libxml/tree.h&gt;
+#include &lt;libxml/xmlmemory.h&gt;
+#include &lt;libxml/parser.h&gt;
+
+#ifndef XMLSEC_NO_XSLT
+#include &lt;libxslt/xslt.h&gt;
+#include &lt;libxslt/security.h&gt;
+#endif /* XMLSEC_NO_XSLT */
+
+#include &lt;xmlsec/xmlsec.h&gt;
+#include &lt;xmlsec/xmltree.h&gt;
+#include &lt;xmlsec/xmldsig.h&gt;
+#include &lt;xmlsec/templates.h&gt;
+#include &lt;xmlsec/crypto.h&gt;
+
+int sign_file(const char* xml_file, const char* key_file, const char* cert_file);
+
+int
+main(int argc, char **argv) {
+#ifndef XMLSEC_NO_XSLT
+ xsltSecurityPrefsPtr xsltSecPrefs = NULL;
+#endif /* XMLSEC_NO_XSLT */
+
+ assert(argv);
+
+ if(argc != 4) {
+ fprintf(stderr, "Error: wrong number of arguments.\n");
+ fprintf(stderr, "Usage: %s &lt;xml-file&gt; &lt;key-file&gt; &lt;cert-file&gt;\n", argv[0]);
+ return(1);
+ }
+
+ /* Init libxml and libxslt libraries */
+ xmlInitParser();
+ LIBXML_TEST_VERSION
+ xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ xmlSubstituteEntitiesDefault(1);
+#ifndef XMLSEC_NO_XSLT
+ xmlIndentTreeOutput = 1;
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init libxslt */
+#ifndef XMLSEC_NO_XSLT
+ /* disable everything */
+ xsltSecPrefs = xsltNewSecurityPrefs();
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid);
+ xsltSetDefaultSecurityPrefs(xsltSecPrefs);
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init xmlsec library */
+ if(xmlSecInit() &lt; 0) {
+ fprintf(stderr, "Error: xmlsec initialization failed.\n");
+ return(-1);
+ }
+
+ /* Check loaded library version */
+ if(xmlSecCheckVersion() != 1) {
+ fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n");
+ return(-1);
+ }
+
+ /* Load default crypto engine if we are supporting dynamic
+ * loading for xmlsec-crypto libraries. Use the crypto library
+ * name ("openssl", "nss", etc.) to load corresponding
+ * xmlsec-crypto library.
+ */
+#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+ if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) &lt; 0) {
+ fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n"
+ "that you have it installed and check shared libraries path\n"
+ "(LD_LIBRARY_PATH) envornment variable.\n");
+ return(-1);
+ }
+#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+
+ /* Init crypto library */
+ if(xmlSecCryptoAppInit(NULL) &lt; 0) {
+ fprintf(stderr, "Error: crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* Init xmlsec-crypto library */
+ if(xmlSecCryptoInit() &lt; 0) {
+ fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
+ return(-1);
+ }
+
+ if(sign_file(argv[1], argv[2], argv[3]) &lt; 0) {
+ return(-1);
+ }
+
+ /* Shutdown xmlsec-crypto library */
+ xmlSecCryptoShutdown();
+
+ /* Shutdown crypto library */
+ xmlSecCryptoAppShutdown();
+
+ /* Shutdown xmlsec library */
+ xmlSecShutdown();
+
+ /* Shutdown libxslt/libxml */
+#ifndef XMLSEC_NO_XSLT
+ xsltFreeSecurityPrefs(xsltSecPrefs);
+ xsltCleanupGlobals();
+#endif /* XMLSEC_NO_XSLT */
+ xmlCleanupParser();
+
+ return(0);
+}
+
+/**
+ * sign_file:
+ * @xml_file: the XML file name.
+ * @key_file: the PEM private key file name.
+ * @cert_file: the x509 certificate PEM file.
+ *
+ * Signs the @xml_file using private key from @key_file and dynamicaly
+ * created enveloped signature template. The certificate from @cert_file
+ * is placed in the &lt;dsig:X509Data/&gt; node.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+sign_file(const char* xml_file, const char* key_file, const char* cert_file) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr signNode = NULL;
+ xmlNodePtr refNode = NULL;
+ xmlNodePtr keyInfoNode = NULL;
+ xmlSecDSigCtxPtr dsigCtx = NULL;
+ int res = -1;
+
+ assert(xml_file);
+ assert(key_file);
+ assert(cert_file);
+
+ /* load doc file */
+ doc = xmlParseFile(xml_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* create signature template for RSA-SHA1 enveloped signature */
+ signNode = xmlSecTmplSignatureCreate(doc, xmlSecTransformExclC14NId,
+ xmlSecTransformRsaSha1Id, NULL);
+ if(signNode == NULL) {
+ fprintf(stderr, "Error: failed to create signature template\n");
+ goto done;
+ }
+
+ /* add &lt;dsig:Signature/&gt; node to the doc */
+ xmlAddChild(xmlDocGetRootElement(doc), signNode);
+
+ /* add reference */
+ refNode = xmlSecTmplSignatureAddReference(signNode, xmlSecTransformSha1Id,
+ NULL, NULL, NULL);
+ if(refNode == NULL) {
+ fprintf(stderr, "Error: failed to add reference to signature template\n");
+ goto done;
+ }
+
+ /* add enveloped transform */
+ if(xmlSecTmplReferenceAddTransform(refNode, xmlSecTransformEnvelopedId) == NULL) {
+ fprintf(stderr, "Error: failed to add enveloped transform to reference\n");
+ goto done;
+ }
+
+ /* add &lt;dsig:KeyInfo/&gt; and &lt;dsig:X509Data/&gt; */
+ keyInfoNode = xmlSecTmplSignatureEnsureKeyInfo(signNode, NULL);
+ if(keyInfoNode == NULL) {
+ fprintf(stderr, "Error: failed to add key info\n");
+ goto done;
+ }
+
+ if(xmlSecTmplKeyInfoAddX509Data(keyInfoNode) == NULL) {
+ fprintf(stderr, "Error: failed to add X509Data node\n");
+ goto done;
+ }
+
+ /* create signature context, we don't need keys manager in this example */
+ dsigCtx = xmlSecDSigCtxCreate(NULL);
+ if(dsigCtx == NULL) {
+ fprintf(stderr,"Error: failed to create signature context\n");
+ goto done;
+ }
+
+ /* load private key, assuming that there is not password */
+ dsigCtx-&gt;signKey = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
+ if(dsigCtx-&gt;signKey == NULL) {
+ fprintf(stderr,"Error: failed to load private pem key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* load certificate and add to the key */
+ if(xmlSecCryptoAppKeyCertLoad(dsigCtx-&gt;signKey, cert_file, xmlSecKeyDataFormatPem) &lt; 0) {
+ fprintf(stderr,"Error: failed to load pem certificate \"%s\"\n", cert_file);
+ goto done;
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(dsigCtx-&gt;signKey, key_file) &lt; 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* sign the template */
+ if(xmlSecDSigCtxSign(dsigCtx, signNode) &lt; 0) {
+ fprintf(stderr,"Error: signature failed\n");
+ goto done;
+ }
+
+ /* print signed document to stdout */
+ xmlDocDump(stdout, doc);
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(dsigCtx != NULL) {
+ xmlSecDSigCtxDestroy(dsigCtx);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+} </pre>
+<p></p>
+</div>
+</div>
+<br clear="all"><div class="SECT2">
+<h2 class="SECT2"><a name="XMLSEC-EXAMPLE-SIGN3-DOC">sign3-doc.xml</a></h2>
+<p></p>
+<div class="INFORMALEXAMPLE">
+<p></p>
+<a name="AEN689"></a><pre class="PROGRAMLISTING">&lt;?xml version="1.0" encoding="UTF-8"?&gt;
+&lt;!--
+XML Security Library example: Original XML doc file for sign3 example.
+--&gt;
+&lt;Envelope xmlns="urn:envelope"&gt;
+ &lt;Data&gt;
+ Hello, World!
+ &lt;/Data&gt;
+&lt;/Envelope&gt;</pre>
+<p></p>
+</div>
+</div>
+<br clear="all"><div class="SECT2">
+<h2 class="SECT2"><a name="XMLSEC-EXAMPLE-SIGN3-RES">sign3-res.xml</a></h2>
+<p></p>
+<div class="INFORMALEXAMPLE">
+<p></p>
+<a name="AEN694"></a><pre class="PROGRAMLISTING">&lt;?xml version="1.0" encoding="UTF-8"?&gt;
+&lt;!--
+XML Security Library example: Signed XML doc file (sign3 example).
+--&gt;
+&lt;Envelope xmlns="urn:envelope"&gt;
+ &lt;Data&gt;
+ Hello, World!
+ &lt;/Data&gt;
+&lt;Signature xmlns="http://www.w3.org/2000/09/xmldsig#"&gt;
+&lt;SignedInfo&gt;
+&lt;CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/&gt;
+&lt;SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/&gt;
+&lt;Reference&gt;
+&lt;Transforms&gt;
+&lt;Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/&gt;
+&lt;/Transforms&gt;
+&lt;DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/&gt;
+&lt;DigestValue&gt;HjY8ilZAIEM2tBbPn5mYO1ieIX4=&lt;/DigestValue&gt;
+&lt;/Reference&gt;
+&lt;/SignedInfo&gt;
+&lt;SignatureValue&gt;SIaj/6KY3C1SmDXU2++Gm31U1xTadFp04WhBgfsJFbxrL+q7GKSKN9kfQ+UpN9+i
+D5fWmuavXEHe4Gw6RMaMEkq2URQo7F68+d5J/ajq8/l4n+xE6/reGScVwT6L4dEP
+XXVJcAi2ZnQ3O7GTNvNGCPibL9mUcyCWBFZ92Uemtc/vJFCQ7ZyKMdMfACgxOwyN
+T/9971oog241/2doudhonc0I/3mgPYWkZdX6yvr62mEjnG+oUZkhWYJ4ewZJ4hM4
+JjbFqZO+OEzDRSbw3DkmuBA/mtlx+3t13SESfEub5hqoMdVmtth/eTb64dsPdl9r
+3k1ACVX9f8aHfQQdJOmLFQ==&lt;/SignatureValue&gt;
+&lt;KeyInfo&gt;
+&lt;X509Data&gt;
+&lt;X509Certificate&gt;MIIE3zCCBEigAwIBAgIBBTANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTE9MDsGA1UE
+ChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20v
+eG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxl
+a3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4X
+DTAzMDMzMTA0MDIyMloXDTEzMDMyODA0MDIyMlowgb8xCzAJBgNVBAYTAlVTMRMw
+EQYDVQQIEwpDYWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGlicmFy
+eSAoaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMpMSEwHwYDVQQLExhFeGFt
+cGxlcyBSU0EgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAf
+BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAJe4/rQ/gzV4FokE7CthjL/EXwCBSkXm2c3p4jyXO0Wt
+quaNC3dxBwFPfPl94hmq3ZFZ9PHPPbp4RpYRnLZbRjlzVSOq954AXOXpSew7nD+E
+mTqQrd9+ZIbGJnLOMQh5fhMVuOW/1lYCjWAhTCcYZPv7VXD2M70vVXDVXn6ZrqTg
+qkVHE6gw1aCKncwg7OSOUclUxX8+Zi10v6N6+PPslFc5tKwAdWJhVLTQ4FKG+F53
+7FBDnNK6p4xiWryy/vPMYn4jYGvHUUk3eH4lFTCr+rSuJY8i/KNIf/IKim7g/o3w
+Ae3GM8xrof2mgO8GjK/2QDqOQhQgYRIf4/wFsQXVZcMCAwEAAaOCAVcwggFTMAkG
+A1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRp
+ZmljYXRlMB0GA1UdDgQWBBQkhCzy1FkgYosuXIaQo6owuicanDCB+AYDVR0jBIHw
+MIHtgBS0ue+a5pcOaGUemM76VQ2JBttMfKGB0aSBzjCByzELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTE9MDsGA1UE
+ChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20v
+eG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxl
+a3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggEA
+MA0GCSqGSIb3DQEBBAUAA4GBALU/mzIxSv8vhDuomxFcplzwdlLZbvSQrfoNkMGY
+1UoS3YJrN+jZLWKSyWE3mIaPpElqXiXQGGkwD5iPQ1iJMbI7BeLvx6ZxX/f+c8Wn
+ss0uc1NxfahMaBoyG15IL4+beqO182fosaKJTrJNG3mc//ANGU9OsQM9mfBEt4oL
+NJ2D&lt;/X509Certificate&gt;
+&lt;/X509Data&gt;
+&lt;/KeyInfo&gt;
+&lt;/Signature&gt;&lt;/Envelope&gt;</pre>
+<p></p>
+</div>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-examples-sign-dynamimc-template.html"><b>&lt;&lt;&lt; Signing a dynamicaly created template.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-verify-with-key.html"><b>Verifying a signature with a single key. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-examples.html b/docs/api/xmlsec-examples.html
new file mode 100644
index 00000000..63798993
--- /dev/null
+++ b/docs/api/xmlsec-examples.html
@@ -0,0 +1,119 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Examples.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library Tutorial" href="xmlsec-notes.html">
+<link rel="PREVIOUS" title="Sharing the results." href="xmlsec-notes-new-crypto-sharing-results.html">
+<link rel="NEXT" title="Signing a template file." href="xmlsec-examples-sign-template-file.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-new-crypto-sharing-results.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-examples-sign-template-file.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<div class="CHAPTER">
+<h1>
+<a name="XMLSEC-EXAMPLES"></a>Examples.</h1>
+<div class="TOC"><dl>
+<dt><b>Table of Contents</b></dt>
+<dt><a href="xmlsec-examples.html#XMLSEC-EXAMPLES-OVERVIEW">XML Security Library Examples.</a></dt>
+<dt><a href="xmlsec-examples-sign-template-file.html">Signing a template file.</a></dt>
+<dt><a href="xmlsec-examples-sign-dynamimc-template.html">Signing a dynamicaly created template.</a></dt>
+<dt><a href="xmlsec-examples-sign-x509.html">Signing with X509 certificate.</a></dt>
+<dt><a href="xmlsec-verify-with-key.html">Verifying a signature with a single key.</a></dt>
+<dt><a href="xmlsec-verify-with-keys-mngr.html">Verifying a signature with keys manager.</a></dt>
+<dt><a href="xmlsec-verify-with-x509.html">Verifying a signature with X509 certificates.</a></dt>
+<dt><a href="xmlsec-verify-with-restrictions.html">Verifying a signature with additional restrictions.</a></dt>
+<dt><a href="xmlsec-encrypt-template-file.html">Encrypting data with a template file.</a></dt>
+<dt><a href="xmlsec-encrypt-dynamic-template.html">Encrypting data with a dynamicaly created template.</a></dt>
+<dt><a href="xmlsec-encrypt-with-session-key.html">Encrypting data with a session key.</a></dt>
+<dt><a href="xmlsec-decrypt-with-signle-key.html">Decrypting data with a single key.</a></dt>
+<dt><a href="xmlsec-decrypt-with-keys-mngr.html">Decrypting data with keys manager.</a></dt>
+<dt><a href="xmlsec-custom-keys-manager.html">Writing a custom keys manager.</a></dt>
+</dl></div>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-EXAMPLES-OVERVIEW">XML Security Library Examples.</a></h1>
+<p>This section contains several examples of using XML Security Library
+ to sign, veiryf, encrypt or decrypt XML documents.</p>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-new-crypto-sharing-results.html"><b>&lt;&lt;&lt; Sharing the results.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-examples-sign-template-file.html"><b>Signing a template file. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-gcrypt-app.html b/docs/api/xmlsec-gcrypt-app.html
new file mode 100644
index 00000000..e2b3a1af
--- /dev/null
+++ b/docs/api/xmlsec-gcrypt-app.html
@@ -0,0 +1,578 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>app</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library for GCrypt API Reference." href="xmlsec-gcrypt-ref.html">
+<link rel="PREVIOUS" title="XML Security Library for GCrypt API Reference." href="xmlsec-gcrypt-ref.html">
+<link rel="NEXT" title="crypto" href="xmlsec-gcrypt-crypto.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-gcrypt-ref.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-gcrypt-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-gcrypt-crypto.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-GCRYPT-APP"></a>app</h1>
+<div class="REFNAMEDIV">
+<a name="AEN32116"></a><h2>Name</h2>app -- Application functions implementation for GnuTLS.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-GCRYPT-APP.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gcrypt-app.html#XMLSECGCRYPTAPPINIT">xmlSecGCryptAppInit</a> (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *config</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gcrypt-app.html#XMLSECGCRYPTAPPSHUTDOWN">xmlSecGCryptAppShutdown</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gcrypt-app.html#XMLSECGCRYPTAPPDEFAULTKEYSMNGRINIT">xmlSecGCryptAppDefaultKeysMngrInit</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gcrypt-app.html#XMLSECGCRYPTAPPDEFAULTKEYSMNGRADOPTKEY">xmlSecGCryptAppDefaultKeysMngrAdoptKey</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gcrypt-app.html#XMLSECGCRYPTAPPDEFAULTKEYSMNGRLOAD">xmlSecGCryptAppDefaultKeysMngrLoad</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *uri</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gcrypt-app.html#XMLSECGCRYPTAPPDEFAULTKEYSMNGRSAVE">xmlSecGCryptAppDefaultKeysMngrSave</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gcrypt-app.html#XMLSECGCRYPTAPPKEYSMNGRCERTLOAD">xmlSecGCryptAppKeysMngrCertLoad</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gcrypt-app.html#XMLSECGCRYPTAPPKEYSMNGRCERTLOADMEMORY">xmlSecGCryptAppKeysMngrCertLoadMemory</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-gcrypt-app.html#XMLSECGCRYPTAPPKEYLOAD">xmlSecGCryptAppKeyLoad</a> (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-gcrypt-app.html#XMLSECGCRYPTAPPKEYLOADMEMORY">xmlSecGCryptAppKeyLoadMemory</a> (<code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-gcrypt-app.html#XMLSECGCRYPTAPPPKCS12LOAD">xmlSecGCryptAppPkcs12Load</a> (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-gcrypt-app.html#XMLSECGCRYPTAPPPKCS12LOADMEMORY">xmlSecGCryptAppPkcs12LoadMemory</a> (<code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gcrypt-app.html#XMLSECGCRYPTAPPKEYCERTLOAD">xmlSecGCryptAppKeyCertLoad</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gcrypt-app.html#XMLSECGCRYPTAPPKEYCERTLOADMEMORY">xmlSecGCryptAppKeyCertLoadMemory</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink>* <a href="xmlsec-gcrypt-app.html#XMLSECGCRYPTAPPGETDEFAULTPWDCALLBACK">xmlSecGCryptAppGetDefaultPwdCallback</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-GCRYPT-APP.DESCRIPTION"></a><h2>Description</h2>
+<p>Application functions implementation for GCrypt.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-GCRYPT-APP.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTAPPINIT"></a><h3>xmlSecGCryptAppInit ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGCryptAppInit (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *config</code>);</pre>
+<p>General crypto engine initialization. This function is used
+by XMLSec command line utility and called before
+<code class="PARAMETER">xmlSecInit</code> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32324"><span style="white-space: nowrap"><code class="PARAMETER">config</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the path to GCrypt configuration (unused).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32329"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTAPPSHUTDOWN"></a><h3>xmlSecGCryptAppShutdown ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGCryptAppShutdown (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>General crypto engine shutdown. This function is used
+by XMLSec command line utility and called after
+<code class="PARAMETER">xmlSecShutdown</code> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN32346"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTAPPDEFAULTKEYSMNGRINIT"></a><h3>xmlSecGCryptAppDefaultKeysMngrInit ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGCryptAppDefaultKeysMngrInit (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>);</pre>
+<p>Initializes <code class="PARAMETER">mngr</code> with simple keys store <a href="xmlsec-keysmngr.html#XMLSECSIMPLEKEYSSTOREID"><span class="TYPE">xmlSecSimpleKeysStoreId</span></a>
+and a default GCrypt crypto key data stores.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32366"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32371"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTAPPDEFAULTKEYSMNGRADOPTKEY"></a><h3>xmlSecGCryptAppDefaultKeysMngrAdoptKey ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGCryptAppDefaultKeysMngrAdoptKey
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);</pre>
+<p>Adds <code class="PARAMETER">key</code> to the keys manager <code class="PARAMETER">mngr</code> created with <a href="xmlsec-gcrypt-app.html#XMLSECGCRYPTAPPDEFAULTKEYSMNGRINIT"><span class="TYPE">xmlSecGCryptAppDefaultKeysMngrInit</span></a>
+function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32395"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32400"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32405"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTAPPDEFAULTKEYSMNGRLOAD"></a><h3>xmlSecGCryptAppDefaultKeysMngrLoad ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGCryptAppDefaultKeysMngrLoad (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *uri</code>);</pre>
+<p>Loads XML keys file from <code class="PARAMETER">uri</code> to the keys manager <code class="PARAMETER">mngr</code> created
+with <a href="xmlsec-gcrypt-app.html#XMLSECGCRYPTAPPDEFAULTKEYSMNGRINIT"><span class="TYPE">xmlSecGCryptAppDefaultKeysMngrInit</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32429"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32434"><span style="white-space: nowrap"><code class="PARAMETER">uri</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the uri.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32439"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTAPPDEFAULTKEYSMNGRSAVE"></a><h3>xmlSecGCryptAppDefaultKeysMngrSave ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGCryptAppDefaultKeysMngrSave (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);</pre>
+<p>Saves keys from <code class="PARAMETER">mngr</code> to XML keys file.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32463"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32468"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the destination filename.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32473"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the type of keys to save (public/private/symmetric).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32478"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTAPPKEYSMNGRCERTLOAD"></a><h3>xmlSecGCryptAppKeysMngrCertLoad ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGCryptAppKeysMngrCertLoad (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);</pre>
+<p>Reads cert from <code class="PARAMETER">filename</code> and adds to the list of trusted or known
+untrusted certs in <code class="PARAMETER">store</code> (not implemented yet).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32506"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32511"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate file.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32516"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate file format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32521"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the flag that indicates is the certificate in <code class="PARAMETER">filename</code>
+ trusted or not.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32527"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTAPPKEYSMNGRCERTLOADMEMORY"></a><h3>xmlSecGCryptAppKeysMngrCertLoadMemory ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGCryptAppKeysMngrCertLoadMemory
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);</pre>
+<p>Reads cert from binary buffer <code class="PARAMETER">data</code> and adds to the list of trusted or known
+untrusted certs in <code class="PARAMETER">store</code> (not implemented yet).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32558"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32563"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate binary data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32568"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate binary data size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32573"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate file format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32578"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the flag that indicates is the certificate trusted or not.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32583"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTAPPKEYLOAD"></a><h3>xmlSecGCryptAppKeyLoad ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecGCryptAppKeyLoad (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);</pre>
+<p>Reads key from the a file.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32612"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key filename.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32617"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key file format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32622"><span style="white-space: nowrap"><code class="PARAMETER">pwd</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key file password.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32627"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallback</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32632"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallbackCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the user context for password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32637"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTAPPKEYLOADMEMORY"></a><h3>xmlSecGCryptAppKeyLoadMemory ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecGCryptAppKeyLoadMemory (<code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);</pre>
+<p>Reads key from the memory buffer.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32669"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the binary key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32674"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the size of binary key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32679"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key file format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32684"><span style="white-space: nowrap"><code class="PARAMETER">pwd</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key file password.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32689"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallback</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32694"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallbackCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the user context for password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32699"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTAPPPKCS12LOAD"></a><h3>xmlSecGCryptAppPkcs12Load ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecGCryptAppPkcs12Load (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);</pre>
+<p>Reads key and all associated certificates from the PKCS12 file
+(not implemented yet).
+For uniformity, call xmlSecGCryptAppKeyLoad instead of this function. Pass
+in format=xmlSecKeyDataFormatPkcs12.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32725"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the PKCS12 key filename.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32730"><span style="white-space: nowrap"><code class="PARAMETER">pwd</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the PKCS12 file password.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32735"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallback</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32740"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallbackCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the user context for password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32745"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTAPPPKCS12LOADMEMORY"></a><h3>xmlSecGCryptAppPkcs12LoadMemory ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecGCryptAppPkcs12LoadMemory (<code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);</pre>
+<p>Reads key and all associated certificates from the PKCS12 data in memory buffer.
+For uniformity, call xmlSecGCryptAppKeyLoadMemory instead of this function. Pass
+in format=xmlSecKeyDataFormatPkcs12 (not implemented yet).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32774"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the PKCS12 binary data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32779"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the PKCS12 binary data size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32784"><span style="white-space: nowrap"><code class="PARAMETER">pwd</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the PKCS12 file password.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32789"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallback</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32794"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallbackCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the user context for password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32799"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTAPPKEYCERTLOAD"></a><h3>xmlSecGCryptAppKeyCertLoad ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGCryptAppKeyCertLoad (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>);</pre>
+<p>Reads the certificate from $<code class="PARAMETER">filename</code> and adds it to key
+(not implemented yet).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32823"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32828"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate filename.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32833"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate file format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32838"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTAPPKEYCERTLOADMEMORY"></a><h3>xmlSecGCryptAppKeyCertLoadMemory ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGCryptAppKeyCertLoadMemory (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>);</pre>
+<p>Reads the certificate from memory buffer and adds it to key (not implemented yet).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32864"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32869"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate binary data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32874"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate binary data size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32879"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate file format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN32884"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTAPPGETDEFAULTPWDCALLBACK"></a><h3>xmlSecGCryptAppGetDefaultPwdCallback ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink>* xmlSecGCryptAppGetDefaultPwdCallback
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Gets default password callback.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN32900"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> default password callback.</p></td>
+</tr></tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-gcrypt-ref.html"><b>&lt;&lt;&lt; XML Security Library for GCrypt API Reference.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-gcrypt-crypto.html"><b>crypto &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-gcrypt-crypto.html b/docs/api/xmlsec-gcrypt-crypto.html
new file mode 100644
index 00000000..2c3aa944
--- /dev/null
+++ b/docs/api/xmlsec-gcrypt-crypto.html
@@ -0,0 +1,1128 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>crypto</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library for GCrypt API Reference." href="xmlsec-gcrypt-ref.html">
+<link rel="PREVIOUS" title="app" href="xmlsec-gcrypt-app.html">
+<link rel="NEXT" title="XML Security Library for NSS API Reference." href="xmlsec-nss-ref.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-gcrypt-app.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-gcrypt-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-nss-ref.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-GCRYPT-CRYPTO"></a>crypto</h1>
+<div class="REFNAMEDIV">
+<a name="AEN32910"></a><h2>Name</h2>crypto -- Crypto transforms implementation for GCrypt.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-GCRYPT-CRYPTO.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS"><gtkdoclink href="XMLSECCRYPTODLFUNCTIONS"><span class="RETURNVALUE">xmlSecCryptoDLFunctionsPtr</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECCRYPTOGETFUNCTIONS-GCRYPT">xmlSecCryptoGetFunctions_gcrypt</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTINIT">xmlSecGCryptInit</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTSHUTDOWN">xmlSecGCryptShutdown</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYSMNGRINIT">xmlSecGCryptKeysMngrInit</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTGENERATERANDOM">xmlSecGCryptGenerateRandom</a> (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buffer</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);
+#define <a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATAAESID">xmlSecGCryptKeyDataAesId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATAAESGETKLASS">xmlSecGCryptKeyDataAesGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATAAESSET">xmlSecGCryptKeyDataAesSet</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>);
+#define <a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMAES128CBCID">xmlSecGCryptTransformAes128CbcId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMAES128CBCGETKLASS">xmlSecGCryptTransformAes128CbcGetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMAES192CBCID">xmlSecGCryptTransformAes192CbcId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMAES192CBCGETKLASS">xmlSecGCryptTransformAes192CbcGetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMAES256CBCID">xmlSecGCryptTransformAes256CbcId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMAES256CBCGETKLASS">xmlSecGCryptTransformAes256CbcGetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMKWAES128ID">xmlSecGCryptTransformKWAes128Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMKWAES128GETKLASS">xmlSecGCryptTransformKWAes128GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMKWAES192ID">xmlSecGCryptTransformKWAes192Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMKWAES192GETKLASS">xmlSecGCryptTransformKWAes192GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMKWAES256ID">xmlSecGCryptTransformKWAes256Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMKWAES256GETKLASS">xmlSecGCryptTransformKWAes256GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATADESID">xmlSecGCryptKeyDataDesId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATADESGETKLASS">xmlSecGCryptKeyDataDesGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATADESSET">xmlSecGCryptKeyDataDesSet</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>);
+#define <a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMDES3CBCID">xmlSecGCryptTransformDes3CbcId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMDES3CBCGETKLASS">xmlSecGCryptTransformDes3CbcGetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMKWDES3ID">xmlSecGCryptTransformKWDes3Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMKWDES3GETKLASS">xmlSecGCryptTransformKWDes3GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATADSAID">xmlSecGCryptKeyDataDsaId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATADSAGETKLASS">xmlSecGCryptKeyDataDsaGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATADSAADOPTKEY">xmlSecGCryptKeyDataDsaAdoptKey</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="GCRY-SEXP-T"><span class="TYPE">gcry_sexp_t</span></gtkdoclink> dsa_key</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATADSAADOPTKEYPAIR">xmlSecGCryptKeyDataDsaAdoptKeyPair</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="GCRY-SEXP-T"><span class="TYPE">gcry_sexp_t</span></gtkdoclink> pub_key</code>,
+ <code class="PARAMETER"><gtkdoclink href="GCRY-SEXP-T"><span class="TYPE">gcry_sexp_t</span></gtkdoclink> priv_key</code>);
+<gtkdoclink href="GCRY-SEXP-T"><span class="RETURNVALUE">gcry_sexp_t</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATADSAGETPUBLICKEY">xmlSecGCryptKeyDataDsaGetPublicKey</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+<gtkdoclink href="GCRY-SEXP-T"><span class="RETURNVALUE">gcry_sexp_t</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATADSAGETPRIVATEKEY">xmlSecGCryptKeyDataDsaGetPrivateKey</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+#define <a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMDSASHA1ID">xmlSecGCryptTransformDsaSha1Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMDSASHA1GETKLASS">xmlSecGCryptTransformDsaSha1GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTHMACGETMINOUTPUTLENGTH">xmlSecGCryptHmacGetMinOutputLength</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTHMACSETMINOUTPUTLENGTH">xmlSecGCryptHmacSetMinOutputLength</a> (<code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> min_length</code>);
+#define <a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATAHMACID">xmlSecGCryptKeyDataHmacId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATAHMACGETKLASS">xmlSecGCryptKeyDataHmacGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATAHMACSET">xmlSecGCryptKeyDataHmacSet</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>);
+#define <a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMHMACMD5ID">xmlSecGCryptTransformHmacMd5Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMHMACMD5GETKLASS">xmlSecGCryptTransformHmacMd5GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMHMACRIPEMD160ID">xmlSecGCryptTransformHmacRipemd160Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMHMACRIPEMD160GETKLASS">xmlSecGCryptTransformHmacRipemd160GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMHMACSHA1ID">xmlSecGCryptTransformHmacSha1Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMHMACSHA1GETKLASS">xmlSecGCryptTransformHmacSha1GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMHMACSHA256ID">xmlSecGCryptTransformHmacSha256Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMHMACSHA256GETKLASS">xmlSecGCryptTransformHmacSha256GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMHMACSHA384ID">xmlSecGCryptTransformHmacSha384Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMHMACSHA384GETKLASS">xmlSecGCryptTransformHmacSha384GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMHMACSHA512ID">xmlSecGCryptTransformHmacSha512Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMHMACSHA512GETKLASS">xmlSecGCryptTransformHmacSha512GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATARSAID">xmlSecGCryptKeyDataRsaId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATARSAGETKLASS">xmlSecGCryptKeyDataRsaGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATARSAADOPTKEY">xmlSecGCryptKeyDataRsaAdoptKey</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="GCRY-SEXP-T"><span class="TYPE">gcry_sexp_t</span></gtkdoclink> rsa_key</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATARSAADOPTKEYPAIR">xmlSecGCryptKeyDataRsaAdoptKeyPair</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="GCRY-SEXP-T"><span class="TYPE">gcry_sexp_t</span></gtkdoclink> pub_key</code>,
+ <code class="PARAMETER"><gtkdoclink href="GCRY-SEXP-T"><span class="TYPE">gcry_sexp_t</span></gtkdoclink> priv_key</code>);
+<gtkdoclink href="GCRY-SEXP-T"><span class="RETURNVALUE">gcry_sexp_t</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATARSAGETPUBLICKEY">xmlSecGCryptKeyDataRsaGetPublicKey</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+<gtkdoclink href="GCRY-SEXP-T"><span class="RETURNVALUE">gcry_sexp_t</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATARSAGETPRIVATEKEY">xmlSecGCryptKeyDataRsaGetPrivateKey</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+#define <a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMRSAMD5ID">xmlSecGCryptTransformRsaMd5Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMRSAMD5GETKLASS">xmlSecGCryptTransformRsaMd5GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMRSARIPEMD160ID">xmlSecGCryptTransformRsaRipemd160Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMRSARIPEMD160GETKLASS">xmlSecGCryptTransformRsaRipemd160GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMRSASHA1ID">xmlSecGCryptTransformRsaSha1Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMRSASHA1GETKLASS">xmlSecGCryptTransformRsaSha1GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMRSASHA256ID">xmlSecGCryptTransformRsaSha256Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMRSASHA256GETKLASS">xmlSecGCryptTransformRsaSha256GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMRSASHA384ID">xmlSecGCryptTransformRsaSha384Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMRSASHA384GETKLASS">xmlSecGCryptTransformRsaSha384GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMRSASHA512ID">xmlSecGCryptTransformRsaSha512Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMRSASHA512GETKLASS">xmlSecGCryptTransformRsaSha512GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMSHA1ID">xmlSecGCryptTransformSha1Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMSHA1GETKLASS">xmlSecGCryptTransformSha1GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMSHA256ID">xmlSecGCryptTransformSha256Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMSHA256GETKLASS">xmlSecGCryptTransformSha256GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMSHA384ID">xmlSecGCryptTransformSha384Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMSHA384GETKLASS">xmlSecGCryptTransformSha384GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMSHA512ID">xmlSecGCryptTransformSha512Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMSHA512GETKLASS">xmlSecGCryptTransformSha512GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMMD5ID">xmlSecGCryptTransformMd5Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMMD5GETKLASS">xmlSecGCryptTransformMd5GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMRIPEMD160ID">xmlSecGCryptTransformRipemd160Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMRIPEMD160GETKLASS">xmlSecGCryptTransformRipemd160GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-GCRYPT-CRYPTO.DESCRIPTION"></a><h2>Description</h2>
+<p>Crypto transforms implementation for GCrypt.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-GCRYPT-CRYPTO.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECCRYPTOGETFUNCTIONS-GCRYPT"></a><h3>xmlSecCryptoGetFunctions_gcrypt ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECCRYPTODLFUNCTIONS"><span class="RETURNVALUE">xmlSecCryptoDLFunctionsPtr</span></gtkdoclink> xmlSecCryptoGetFunctions_gcrypt
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Gets the pointer to xmlsec-gcrypt functions table.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN33267"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the xmlsec-gcrypt functions table or NULL if an error occurs.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTINIT"></a><h3>xmlSecGCryptInit ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGCryptInit (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>XMLSec library specific crypto engine initialization.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN33283"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTSHUTDOWN"></a><h3>xmlSecGCryptShutdown ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGCryptShutdown (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>XMLSec library specific crypto engine shutdown.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN33299"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTKEYSMNGRINIT"></a><h3>xmlSecGCryptKeysMngrInit ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGCryptKeysMngrInit (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>);</pre>
+<p>Adds GCrypt specific key data stores in keys manager.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN33316"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN33321"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTGENERATERANDOM"></a><h3>xmlSecGCryptGenerateRandom ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGCryptGenerateRandom (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buffer</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);</pre>
+<p>Generates <code class="PARAMETER">size</code> random bytes and puts result in <code class="PARAMETER">buffer</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN33343"><span style="white-space: nowrap"><code class="PARAMETER">buffer</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the destination buffer.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN33348"><span style="white-space: nowrap"><code class="PARAMETER">size</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the numer of bytes to generate.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN33353"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTKEYDATAAESID"></a><h3>xmlSecGCryptKeyDataAesId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGCryptKeyDataAesId</pre>
+<p>The AES key data klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTKEYDATAAESGETKLASS"></a><h3>xmlSecGCryptKeyDataAesGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecGCryptKeyDataAesGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The AES key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN33375"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> AES key data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTKEYDATAAESSET"></a><h3>xmlSecGCryptKeyDataAesSet ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGCryptKeyDataAesSet (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>);</pre>
+<p>Sets the value of AES key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN33398"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to AES key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN33403"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN33408"><span style="white-space: nowrap"><code class="PARAMETER">bufSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key value size (in bytes).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN33413"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMAES128CBCID"></a><h3>xmlSecGCryptTransformAes128CbcId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGCryptTransformAes128CbcId</pre>
+<p>The AES128 CBC cipher transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMAES128CBCGETKLASS"></a><h3>xmlSecGCryptTransformAes128CbcGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGCryptTransformAes128CbcGetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>AES 128 CBC encryption transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN33435"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to AES 128 CBC encryption transform.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMAES192CBCID"></a><h3>xmlSecGCryptTransformAes192CbcId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGCryptTransformAes192CbcId</pre>
+<p>The AES192 CBC cipher transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMAES192CBCGETKLASS"></a><h3>xmlSecGCryptTransformAes192CbcGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGCryptTransformAes192CbcGetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>AES 192 CBC encryption transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN33457"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to AES 192 CBC encryption transform.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMAES256CBCID"></a><h3>xmlSecGCryptTransformAes256CbcId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGCryptTransformAes256CbcId</pre>
+<p>The AES256 CBC cipher transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMAES256CBCGETKLASS"></a><h3>xmlSecGCryptTransformAes256CbcGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGCryptTransformAes256CbcGetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>AES 256 CBC encryption transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN33479"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to AES 256 CBC encryption transform.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMKWAES128ID"></a><h3>xmlSecGCryptTransformKWAes128Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGCryptTransformKWAes128Id</pre>
+<p>The AES 128 key wrap transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMKWAES128GETKLASS"></a><h3>xmlSecGCryptTransformKWAes128GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGCryptTransformKWAes128GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The AES-128 kew wrapper transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN33501"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> AES-128 kew wrapper transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMKWAES192ID"></a><h3>xmlSecGCryptTransformKWAes192Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGCryptTransformKWAes192Id</pre>
+<p>The AES 192 key wrap transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMKWAES192GETKLASS"></a><h3>xmlSecGCryptTransformKWAes192GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGCryptTransformKWAes192GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The AES-192 kew wrapper transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN33523"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> AES-192 kew wrapper transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMKWAES256ID"></a><h3>xmlSecGCryptTransformKWAes256Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGCryptTransformKWAes256Id</pre>
+<p>The AES 256 key wrap transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMKWAES256GETKLASS"></a><h3>xmlSecGCryptTransformKWAes256GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGCryptTransformKWAes256GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The AES-256 kew wrapper transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN33545"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> AES-256 kew wrapper transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTKEYDATADESID"></a><h3>xmlSecGCryptKeyDataDesId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGCryptKeyDataDesId</pre>
+<p>The DES key data klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTKEYDATADESGETKLASS"></a><h3>xmlSecGCryptKeyDataDesGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecGCryptKeyDataDesGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The DES key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN33567"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> DES key data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTKEYDATADESSET"></a><h3>xmlSecGCryptKeyDataDesSet ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGCryptKeyDataDesSet (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>);</pre>
+<p>Sets the value of DES key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN33590"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to DES key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN33595"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN33600"><span style="white-space: nowrap"><code class="PARAMETER">bufSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key value size (in bytes).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN33605"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMDES3CBCID"></a><h3>xmlSecGCryptTransformDes3CbcId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGCryptTransformDes3CbcId</pre>
+<p>The DES3 CBC cipher transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMDES3CBCGETKLASS"></a><h3>xmlSecGCryptTransformDes3CbcGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGCryptTransformDes3CbcGetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Triple DES CBC encryption transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN33627"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to Triple DES encryption transform.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMKWDES3ID"></a><h3>xmlSecGCryptTransformKWDes3Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGCryptTransformKWDes3Id</pre>
+<p>The DES3 KW transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMKWDES3GETKLASS"></a><h3>xmlSecGCryptTransformKWDes3GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGCryptTransformKWDes3GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The Triple DES key wrapper transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN33649"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> Triple DES key wrapper transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTKEYDATADSAID"></a><h3>xmlSecGCryptKeyDataDsaId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGCryptKeyDataDsaId</pre>
+<p>The DSA key klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTKEYDATADSAGETKLASS"></a><h3>xmlSecGCryptKeyDataDsaGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecGCryptKeyDataDsaGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The DSA key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN33671"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to DSA key data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTKEYDATADSAADOPTKEY"></a><h3>xmlSecGCryptKeyDataDsaAdoptKey ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGCryptKeyDataDsaAdoptKey (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="GCRY-SEXP-T"><span class="TYPE">gcry_sexp_t</span></gtkdoclink> dsa_key</code>);</pre>
+<p>Sets the value of DSA key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN33691"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to DSA key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN33696"><span style="white-space: nowrap"><code class="PARAMETER">dsa_key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to GCrypt DSA key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN33701"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTKEYDATADSAADOPTKEYPAIR"></a><h3>xmlSecGCryptKeyDataDsaAdoptKeyPair ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGCryptKeyDataDsaAdoptKeyPair (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="GCRY-SEXP-T"><span class="TYPE">gcry_sexp_t</span></gtkdoclink> pub_key</code>,
+ <code class="PARAMETER"><gtkdoclink href="GCRY-SEXP-T"><span class="TYPE">gcry_sexp_t</span></gtkdoclink> priv_key</code>);</pre>
+<p>Sets the value of DSA key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN33724"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to DSA key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN33729"><span style="white-space: nowrap"><code class="PARAMETER">pub_key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to GCrypt DSA pub key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN33734"><span style="white-space: nowrap"><code class="PARAMETER">priv_key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to GCrypt DSA priv key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN33739"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTKEYDATADSAGETPUBLICKEY"></a><h3>xmlSecGCryptKeyDataDsaGetPublicKey ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="GCRY-SEXP-T"><span class="RETURNVALUE">gcry_sexp_t</span></gtkdoclink> xmlSecGCryptKeyDataDsaGetPublicKey (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Gets the GCrypt DSA public key from DSA key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN33756"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to DSA key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN33761"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to GCrypt public DSA key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTKEYDATADSAGETPRIVATEKEY"></a><h3>xmlSecGCryptKeyDataDsaGetPrivateKey ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="GCRY-SEXP-T"><span class="RETURNVALUE">gcry_sexp_t</span></gtkdoclink> xmlSecGCryptKeyDataDsaGetPrivateKey (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Gets the GCrypt DSA private key from DSA key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN33778"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to DSA key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN33783"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to GCrypt private DSA key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMDSASHA1ID"></a><h3>xmlSecGCryptTransformDsaSha1Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGCryptTransformDsaSha1Id</pre>
+<p>The DSA SHA1 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMDSASHA1GETKLASS"></a><h3>xmlSecGCryptTransformDsaSha1GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGCryptTransformDsaSha1GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The DSA-SHA1 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN33805"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> DSA-SHA1 signature transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTHMACGETMINOUTPUTLENGTH"></a><h3>xmlSecGCryptHmacGetMinOutputLength ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGCryptHmacGetMinOutputLength (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Gets the value of min HMAC length.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN33821"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the min HMAC output length</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTHMACSETMINOUTPUTLENGTH"></a><h3>xmlSecGCryptHmacSetMinOutputLength ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecGCryptHmacSetMinOutputLength (<code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> min_length</code>);</pre>
+<p>Sets the min HMAC output length</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN33838"><span style="white-space: nowrap"><code class="PARAMETER">min_length</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new min length</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTKEYDATAHMACID"></a><h3>xmlSecGCryptKeyDataHmacId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGCryptKeyDataHmacId</pre>
+<p>The HMAC key klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTKEYDATAHMACGETKLASS"></a><h3>xmlSecGCryptKeyDataHmacGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecGCryptKeyDataHmacGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN33860"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> HMAC key data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTKEYDATAHMACSET"></a><h3>xmlSecGCryptKeyDataHmacSet ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGCryptKeyDataHmacSet (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>);</pre>
+<p>Sets the value of HMAC key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN33883"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to HMAC key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN33888"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN33893"><span style="white-space: nowrap"><code class="PARAMETER">bufSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key value size (in bytes).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN33898"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMHMACMD5ID"></a><h3>xmlSecGCryptTransformHmacMd5Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGCryptTransformHmacMd5Id</pre>
+<p>The HMAC with MD5 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMHMACMD5GETKLASS"></a><h3>xmlSecGCryptTransformHmacMd5GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGCryptTransformHmacMd5GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-MD5 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN33920"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-MD5 transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMHMACRIPEMD160ID"></a><h3>xmlSecGCryptTransformHmacRipemd160Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGCryptTransformHmacRipemd160Id</pre>
+<p>The HMAC with RipeMD160 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMHMACRIPEMD160GETKLASS"></a><h3>xmlSecGCryptTransformHmacRipemd160GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGCryptTransformHmacRipemd160GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-RIPEMD160 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN33942"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-RIPEMD160 transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMHMACSHA1ID"></a><h3>xmlSecGCryptTransformHmacSha1Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGCryptTransformHmacSha1Id</pre>
+<p>The HMAC with SHA1 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMHMACSHA1GETKLASS"></a><h3>xmlSecGCryptTransformHmacSha1GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGCryptTransformHmacSha1GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-SHA1 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN33964"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-SHA1 transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMHMACSHA256ID"></a><h3>xmlSecGCryptTransformHmacSha256Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGCryptTransformHmacSha256Id</pre>
+<p>The HMAC with SHA256 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMHMACSHA256GETKLASS"></a><h3>xmlSecGCryptTransformHmacSha256GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGCryptTransformHmacSha256GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-SHA256 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN33986"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-SHA256 transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMHMACSHA384ID"></a><h3>xmlSecGCryptTransformHmacSha384Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGCryptTransformHmacSha384Id</pre>
+<p>The HMAC with SHA384 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMHMACSHA384GETKLASS"></a><h3>xmlSecGCryptTransformHmacSha384GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGCryptTransformHmacSha384GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-SHA384 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN34008"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-SHA384 transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMHMACSHA512ID"></a><h3>xmlSecGCryptTransformHmacSha512Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGCryptTransformHmacSha512Id</pre>
+<p>The HMAC with SHA512 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMHMACSHA512GETKLASS"></a><h3>xmlSecGCryptTransformHmacSha512GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGCryptTransformHmacSha512GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-SHA512 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN34030"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-SHA512 transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTKEYDATARSAID"></a><h3>xmlSecGCryptKeyDataRsaId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGCryptKeyDataRsaId</pre>
+<p>The RSA key klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTKEYDATARSAGETKLASS"></a><h3>xmlSecGCryptKeyDataRsaGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecGCryptKeyDataRsaGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The GCrypt RSA key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN34052"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to GCrypt RSA key data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTKEYDATARSAADOPTKEY"></a><h3>xmlSecGCryptKeyDataRsaAdoptKey ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGCryptKeyDataRsaAdoptKey (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="GCRY-SEXP-T"><span class="TYPE">gcry_sexp_t</span></gtkdoclink> rsa_key</code>);</pre>
+<p>Sets the value of RSA key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34072"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to RSA key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34077"><span style="white-space: nowrap"><code class="PARAMETER">rsa_key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to GCrypt RSA key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34082"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTKEYDATARSAADOPTKEYPAIR"></a><h3>xmlSecGCryptKeyDataRsaAdoptKeyPair ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGCryptKeyDataRsaAdoptKeyPair (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="GCRY-SEXP-T"><span class="TYPE">gcry_sexp_t</span></gtkdoclink> pub_key</code>,
+ <code class="PARAMETER"><gtkdoclink href="GCRY-SEXP-T"><span class="TYPE">gcry_sexp_t</span></gtkdoclink> priv_key</code>);</pre>
+<p>Sets the value of RSA key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34105"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to RSA key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34110"><span style="white-space: nowrap"><code class="PARAMETER">pub_key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to GCrypt RSA pub key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34115"><span style="white-space: nowrap"><code class="PARAMETER">priv_key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to GCrypt RSA priv key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34120"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTKEYDATARSAGETPUBLICKEY"></a><h3>xmlSecGCryptKeyDataRsaGetPublicKey ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="GCRY-SEXP-T"><span class="RETURNVALUE">gcry_sexp_t</span></gtkdoclink> xmlSecGCryptKeyDataRsaGetPublicKey (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Gets the GCrypt RSA public key from RSA key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34137"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to RSA key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34142"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to GCrypt public RSA key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTKEYDATARSAGETPRIVATEKEY"></a><h3>xmlSecGCryptKeyDataRsaGetPrivateKey ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="GCRY-SEXP-T"><span class="RETURNVALUE">gcry_sexp_t</span></gtkdoclink> xmlSecGCryptKeyDataRsaGetPrivateKey (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Gets the GCrypt RSA private key from RSA key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34159"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to RSA key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34164"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to GCrypt private RSA key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMRSAMD5ID"></a><h3>xmlSecGCryptTransformRsaMd5Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGCryptTransformRsaMd5Id</pre>
+<p>The RSA-MD5 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMRSAMD5GETKLASS"></a><h3>xmlSecGCryptTransformRsaMd5GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGCryptTransformRsaMd5GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-MD5 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN34186"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-MD5 signature transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMRSARIPEMD160ID"></a><h3>xmlSecGCryptTransformRsaRipemd160Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGCryptTransformRsaRipemd160Id</pre>
+<p>The RSA-RIPEMD160 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMRSARIPEMD160GETKLASS"></a><h3>xmlSecGCryptTransformRsaRipemd160GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGCryptTransformRsaRipemd160GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-RIPEMD160 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN34208"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-RIPEMD160 signature transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMRSASHA1ID"></a><h3>xmlSecGCryptTransformRsaSha1Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGCryptTransformRsaSha1Id</pre>
+<p>The RSA-SHA1 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMRSASHA1GETKLASS"></a><h3>xmlSecGCryptTransformRsaSha1GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGCryptTransformRsaSha1GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-SHA1 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN34230"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-SHA1 signature transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMRSASHA256ID"></a><h3>xmlSecGCryptTransformRsaSha256Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGCryptTransformRsaSha256Id</pre>
+<p>The RSA-SHA256 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMRSASHA256GETKLASS"></a><h3>xmlSecGCryptTransformRsaSha256GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGCryptTransformRsaSha256GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-SHA256 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN34252"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-SHA256 signature transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMRSASHA384ID"></a><h3>xmlSecGCryptTransformRsaSha384Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGCryptTransformRsaSha384Id</pre>
+<p>The RSA-SHA384 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMRSASHA384GETKLASS"></a><h3>xmlSecGCryptTransformRsaSha384GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGCryptTransformRsaSha384GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-SHA384 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN34274"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-SHA384 signature transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMRSASHA512ID"></a><h3>xmlSecGCryptTransformRsaSha512Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGCryptTransformRsaSha512Id</pre>
+<p>The RSA-SHA512 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMRSASHA512GETKLASS"></a><h3>xmlSecGCryptTransformRsaSha512GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGCryptTransformRsaSha512GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-SHA512 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN34296"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-SHA512 signature transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMSHA1ID"></a><h3>xmlSecGCryptTransformSha1Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGCryptTransformSha1Id</pre>
+<p>The HMAC with SHA1 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMSHA1GETKLASS"></a><h3>xmlSecGCryptTransformSha1GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGCryptTransformSha1GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>SHA-1 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN34318"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to SHA-1 digest transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMSHA256ID"></a><h3>xmlSecGCryptTransformSha256Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGCryptTransformSha256Id</pre>
+<p>The HMAC with SHA256 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMSHA256GETKLASS"></a><h3>xmlSecGCryptTransformSha256GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGCryptTransformSha256GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>SHA256 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN34340"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to SHA256 digest transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMSHA384ID"></a><h3>xmlSecGCryptTransformSha384Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGCryptTransformSha384Id</pre>
+<p>The HMAC with SHA384 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMSHA384GETKLASS"></a><h3>xmlSecGCryptTransformSha384GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGCryptTransformSha384GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>SHA384 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN34362"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to SHA384 digest transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMSHA512ID"></a><h3>xmlSecGCryptTransformSha512Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGCryptTransformSha512Id</pre>
+<p>The HMAC with SHA512 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMSHA512GETKLASS"></a><h3>xmlSecGCryptTransformSha512GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGCryptTransformSha512GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>SHA512 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN34384"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to SHA512 digest transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMMD5ID"></a><h3>xmlSecGCryptTransformMd5Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGCryptTransformMd5Id</pre>
+<p>The MD5 digest transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMMD5GETKLASS"></a><h3>xmlSecGCryptTransformMd5GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGCryptTransformMd5GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>MD5 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN34406"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to MD5 digest transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMRIPEMD160ID"></a><h3>xmlSecGCryptTransformRipemd160Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGCryptTransformRipemd160Id</pre>
+<p>The RIPEMD160 digest transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGCRYPTTRANSFORMRIPEMD160GETKLASS"></a><h3>xmlSecGCryptTransformRipemd160GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGCryptTransformRipemd160GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>RIPEMD160 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN34428"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to RIPEMD160 digest transform klass.</p></td>
+</tr></tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-gcrypt-app.html"><b>&lt;&lt;&lt; app</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-nss-ref.html"><b>XML Security Library for NSS API Reference. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-gcrypt-ref.html b/docs/api/xmlsec-gcrypt-ref.html
new file mode 100644
index 00000000..592f12aa
--- /dev/null
+++ b/docs/api/xmlsec-gcrypt-ref.html
@@ -0,0 +1,107 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>XML Security Library for GCrypt API Reference.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library API Reference." href="xmlsec-reference.html">
+<link rel="PREVIOUS" title="crypto" href="xmlsec-gnutls-crypto.html">
+<link rel="NEXT" title="app" href="xmlsec-gcrypt-app.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-gnutls-crypto.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-reference.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-gcrypt-app.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<div class="CHAPTER">
+<h1>
+<a name="XMLSEC-GCRYPT-REF"></a>XML Security Library for GCrypt API Reference.</h1>
+<div class="TOC"><dl>
+<dt><b>Table of Contents</b></dt>
+<dt>
+<a href="xmlsec-gcrypt-app.html">app</a> -- Application functions implementation for GnuTLS.</dt>
+<dt>
+<a href="xmlsec-gcrypt-crypto.html">crypto</a> -- Crypto transforms implementation for GCrypt.</dt>
+</dl></div>
+<p>This section contains the API reference for xmlsec-gcrypt. All
+ the public interfaces are documented here. This reference guide is
+ build by extracting comments from the code sources. </p>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-gnutls-crypto.html"><b>&lt;&lt;&lt; crypto</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-gcrypt-app.html"><b>app &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-gcrypt.sgml b/docs/api/xmlsec-gcrypt.sgml
new file mode 100644
index 00000000..5c33c60d
--- /dev/null
+++ b/docs/api/xmlsec-gcrypt.sgml
@@ -0,0 +1,15 @@
+<!doctype book PUBLIC "-//DavenPort//DTD DocBook V3.0//EN" [
+<!ENTITY xmlsec-gcrypt-app SYSTEM "sgml/app.sgml">
+<!ENTITY xmlsec-gcrypt-crypto SYSTEM "sgml/crypto.sgml">
+]>
+<book id="index">
+ <bookinfo>
+ <title>[Insert name here] Reference Manual</title>
+ </bookinfo>
+
+ <chapter>
+ <title>[Insert title here]</title>
+ &xmlsec-gcrypt-app;
+ &xmlsec-gcrypt-crypto;
+ </chapter>
+</book>
diff --git a/docs/api/xmlsec-gnutls-app.html b/docs/api/xmlsec-gnutls-app.html
new file mode 100644
index 00000000..52255eac
--- /dev/null
+++ b/docs/api/xmlsec-gnutls-app.html
@@ -0,0 +1,576 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>app</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library for GnuTLS API Reference." href="xmlsec-gnutls-ref.html">
+<link rel="PREVIOUS" title="XML Security Library for GnuTLS API Reference." href="xmlsec-gnutls-ref.html">
+<link rel="NEXT" title="crypto" href="xmlsec-gnutls-crypto.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-gnutls-ref.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-gnutls-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-gnutls-crypto.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-GNUTLS-APP"></a>app</h1>
+<div class="REFNAMEDIV">
+<a name="AEN29881"></a><h2>Name</h2>app -- Application functions implementation for GnuTLS.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-GNUTLS-APP.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gnutls-app.html#XMLSECGNUTLSAPPINIT">xmlSecGnuTLSAppInit</a> (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *config</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gnutls-app.html#XMLSECGNUTLSAPPSHUTDOWN">xmlSecGnuTLSAppShutdown</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gnutls-app.html#XMLSECGNUTLSAPPDEFAULTKEYSMNGRINIT">xmlSecGnuTLSAppDefaultKeysMngrInit</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gnutls-app.html#XMLSECGNUTLSAPPDEFAULTKEYSMNGRADOPTKEY">xmlSecGnuTLSAppDefaultKeysMngrAdoptKey</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gnutls-app.html#XMLSECGNUTLSAPPDEFAULTKEYSMNGRLOAD">xmlSecGnuTLSAppDefaultKeysMngrLoad</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *uri</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gnutls-app.html#XMLSECGNUTLSAPPDEFAULTKEYSMNGRSAVE">xmlSecGnuTLSAppDefaultKeysMngrSave</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gnutls-app.html#XMLSECGNUTLSAPPKEYSMNGRCERTLOAD">xmlSecGnuTLSAppKeysMngrCertLoad</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gnutls-app.html#XMLSECGNUTLSAPPKEYSMNGRCERTLOADMEMORY">xmlSecGnuTLSAppKeysMngrCertLoadMemory</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-gnutls-app.html#XMLSECGNUTLSAPPKEYLOAD">xmlSecGnuTLSAppKeyLoad</a> (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-gnutls-app.html#XMLSECGNUTLSAPPKEYLOADMEMORY">xmlSecGnuTLSAppKeyLoadMemory</a> (<code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-gnutls-app.html#XMLSECGNUTLSAPPPKCS12LOAD">xmlSecGnuTLSAppPkcs12Load</a> (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-gnutls-app.html#XMLSECGNUTLSAPPPKCS12LOADMEMORY">xmlSecGnuTLSAppPkcs12LoadMemory</a> (<code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gnutls-app.html#XMLSECGNUTLSAPPKEYCERTLOAD">xmlSecGnuTLSAppKeyCertLoad</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gnutls-app.html#XMLSECGNUTLSAPPKEYCERTLOADMEMORY">xmlSecGnuTLSAppKeyCertLoadMemory</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink>* <a href="xmlsec-gnutls-app.html#XMLSECGNUTLSAPPGETDEFAULTPWDCALLBACK">xmlSecGnuTLSAppGetDefaultPwdCallback</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-GNUTLS-APP.DESCRIPTION"></a><h2>Description</h2>
+<p>Application functions implementation for GnuTLS.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-GNUTLS-APP.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSAPPINIT"></a><h3>xmlSecGnuTLSAppInit ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGnuTLSAppInit (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *config</code>);</pre>
+<p>General crypto engine initialization. This function is used
+by XMLSec command line utility and called before
+<code class="PARAMETER">xmlSecInit</code> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30089"><span style="white-space: nowrap"><code class="PARAMETER">config</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the path to GnuTLS configuration (unused).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30094"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSAPPSHUTDOWN"></a><h3>xmlSecGnuTLSAppShutdown ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGnuTLSAppShutdown (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>General crypto engine shutdown. This function is used
+by XMLSec command line utility and called after
+<code class="PARAMETER">xmlSecShutdown</code> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN30111"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSAPPDEFAULTKEYSMNGRINIT"></a><h3>xmlSecGnuTLSAppDefaultKeysMngrInit ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGnuTLSAppDefaultKeysMngrInit (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>);</pre>
+<p>Initializes <code class="PARAMETER">mngr</code> with simple keys store <a href="xmlsec-keysmngr.html#XMLSECSIMPLEKEYSSTOREID"><span class="TYPE">xmlSecSimpleKeysStoreId</span></a>
+and a default GnuTLS crypto key data stores.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30131"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30136"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSAPPDEFAULTKEYSMNGRADOPTKEY"></a><h3>xmlSecGnuTLSAppDefaultKeysMngrAdoptKey ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGnuTLSAppDefaultKeysMngrAdoptKey
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);</pre>
+<p>Adds <code class="PARAMETER">key</code> to the keys manager <code class="PARAMETER">mngr</code> created with <a href="xmlsec-gnutls-app.html#XMLSECGNUTLSAPPDEFAULTKEYSMNGRINIT"><span class="TYPE">xmlSecGnuTLSAppDefaultKeysMngrInit</span></a>
+function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30160"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30165"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30170"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSAPPDEFAULTKEYSMNGRLOAD"></a><h3>xmlSecGnuTLSAppDefaultKeysMngrLoad ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGnuTLSAppDefaultKeysMngrLoad (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *uri</code>);</pre>
+<p>Loads XML keys file from <code class="PARAMETER">uri</code> to the keys manager <code class="PARAMETER">mngr</code> created
+with <a href="xmlsec-gnutls-app.html#XMLSECGNUTLSAPPDEFAULTKEYSMNGRINIT"><span class="TYPE">xmlSecGnuTLSAppDefaultKeysMngrInit</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30194"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30199"><span style="white-space: nowrap"><code class="PARAMETER">uri</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the uri.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30204"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSAPPDEFAULTKEYSMNGRSAVE"></a><h3>xmlSecGnuTLSAppDefaultKeysMngrSave ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGnuTLSAppDefaultKeysMngrSave (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);</pre>
+<p>Saves keys from <code class="PARAMETER">mngr</code> to XML keys file.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30228"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30233"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the destination filename.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30238"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the type of keys to save (public/private/symmetric).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30243"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSAPPKEYSMNGRCERTLOAD"></a><h3>xmlSecGnuTLSAppKeysMngrCertLoad ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGnuTLSAppKeysMngrCertLoad (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);</pre>
+<p>Reads cert from <code class="PARAMETER">filename</code> and adds to the list of trusted or known
+untrusted certs in <code class="PARAMETER">store</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30271"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30276"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate file.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30281"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate file format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30286"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the flag that indicates is the certificate in <code class="PARAMETER">filename</code>
+ trusted or not.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30292"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSAPPKEYSMNGRCERTLOADMEMORY"></a><h3>xmlSecGnuTLSAppKeysMngrCertLoadMemory ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGnuTLSAppKeysMngrCertLoadMemory
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);</pre>
+<p>Reads cert from binary buffer <code class="PARAMETER">data</code> and adds to the list of trusted or known
+untrusted certs in <code class="PARAMETER">store</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30323"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30328"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate binary data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30333"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate binary data size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30338"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate file format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30343"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the flag that indicates is the certificate trusted or not.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30348"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSAPPKEYLOAD"></a><h3>xmlSecGnuTLSAppKeyLoad ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecGnuTLSAppKeyLoad (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);</pre>
+<p>Reads key from the a file.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30377"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key filename.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30382"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key file format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30387"><span style="white-space: nowrap"><code class="PARAMETER">pwd</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key file password.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30392"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallback</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30397"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallbackCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the user context for password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30402"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSAPPKEYLOADMEMORY"></a><h3>xmlSecGnuTLSAppKeyLoadMemory ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecGnuTLSAppKeyLoadMemory (<code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);</pre>
+<p>Reads key from the memory buffer.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30434"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the binary key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30439"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the size of binary key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30444"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key file format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30449"><span style="white-space: nowrap"><code class="PARAMETER">pwd</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key file password.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30454"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallback</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30459"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallbackCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the user context for password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30464"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSAPPPKCS12LOAD"></a><h3>xmlSecGnuTLSAppPkcs12Load ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecGnuTLSAppPkcs12Load (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);</pre>
+<p>Reads key and all associated certificates from the PKCS12 file.
+For uniformity, call xmlSecGnuTLSAppKeyLoad instead of this function. Pass
+in format=xmlSecKeyDataFormatPkcs12.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30490"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the PKCS12 key filename.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30495"><span style="white-space: nowrap"><code class="PARAMETER">pwd</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the PKCS12 file password.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30500"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallback</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30505"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallbackCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the user context for password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30510"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSAPPPKCS12LOADMEMORY"></a><h3>xmlSecGnuTLSAppPkcs12LoadMemory ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecGnuTLSAppPkcs12LoadMemory (<code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);</pre>
+<p>Reads key and all associated certificates from the PKCS12 data in memory buffer.
+For uniformity, call xmlSecGnuTLSAppKeyLoadMemory instead of this function. Pass
+in format=xmlSecKeyDataFormatPkcs12.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30539"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the PKCS12 binary data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30544"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the PKCS12 binary data size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30549"><span style="white-space: nowrap"><code class="PARAMETER">pwd</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the PKCS12 file password.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30554"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallback</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30559"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallbackCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the user context for password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30564"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSAPPKEYCERTLOAD"></a><h3>xmlSecGnuTLSAppKeyCertLoad ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGnuTLSAppKeyCertLoad (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>);</pre>
+<p>Reads the certificate from $<code class="PARAMETER">filename</code> and adds it to key.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30588"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30593"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate filename.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30598"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate file format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30603"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSAPPKEYCERTLOADMEMORY"></a><h3>xmlSecGnuTLSAppKeyCertLoadMemory ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGnuTLSAppKeyCertLoadMemory (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>);</pre>
+<p>Reads the certificate from memory buffer and adds it to key.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30629"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30634"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate binary data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30639"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate binary data size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30644"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate file format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN30649"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSAPPGETDEFAULTPWDCALLBACK"></a><h3>xmlSecGnuTLSAppGetDefaultPwdCallback ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink>* xmlSecGnuTLSAppGetDefaultPwdCallback
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Gets default password callback.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN30665"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> default password callback.</p></td>
+</tr></tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-gnutls-ref.html"><b>&lt;&lt;&lt; XML Security Library for GnuTLS API Reference.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-gnutls-crypto.html"><b>crypto &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-gnutls-crypto.html b/docs/api/xmlsec-gnutls-crypto.html
new file mode 100644
index 00000000..e490d605
--- /dev/null
+++ b/docs/api/xmlsec-gnutls-crypto.html
@@ -0,0 +1,1076 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>crypto</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library for GnuTLS API Reference." href="xmlsec-gnutls-ref.html">
+<link rel="PREVIOUS" title="app" href="xmlsec-gnutls-app.html">
+<link rel="NEXT" title="XML Security Library for GCrypt API Reference." href="xmlsec-gcrypt-ref.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-gnutls-app.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-gnutls-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-gcrypt-ref.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-GNUTLS-CRYPTO"></a>crypto</h1>
+<div class="REFNAMEDIV">
+<a name="AEN30675"></a><h2>Name</h2>crypto -- Crypto transforms implementation for GnuTLS.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-GNUTLS-CRYPTO.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS"><gtkdoclink href="XMLSECCRYPTODLFUNCTIONS"><span class="RETURNVALUE">xmlSecCryptoDLFunctionsPtr</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECCRYPTOGETFUNCTIONS-GNUTLS">xmlSecCryptoGetFunctions_gnutls</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSINIT">xmlSecGnuTLSInit</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSSHUTDOWN">xmlSecGnuTLSShutdown</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYSMNGRINIT">xmlSecGnuTLSKeysMngrInit</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSGENERATERANDOM">xmlSecGnuTLSGenerateRandom</a> (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buffer</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);
+#define <a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYDATAAESID">xmlSecGnuTLSKeyDataAesId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYDATAAESGETKLASS">xmlSecGnuTLSKeyDataAesGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYDATAAESSET">xmlSecGnuTLSKeyDataAesSet</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>);
+#define <a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMAES128CBCID">xmlSecGnuTLSTransformAes128CbcId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMAES128CBCGETKLASS">xmlSecGnuTLSTransformAes128CbcGetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMAES192CBCID">xmlSecGnuTLSTransformAes192CbcId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMAES192CBCGETKLASS">xmlSecGnuTLSTransformAes192CbcGetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMAES256CBCID">xmlSecGnuTLSTransformAes256CbcId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMAES256CBCGETKLASS">xmlSecGnuTLSTransformAes256CbcGetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMKWAES128ID">xmlSecGnuTLSTransformKWAes128Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMKWAES128GETKLASS">xmlSecGnuTLSTransformKWAes128GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMKWAES192ID">xmlSecGnuTLSTransformKWAes192Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMKWAES192GETKLASS">xmlSecGnuTLSTransformKWAes192GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMKWAES256ID">xmlSecGnuTLSTransformKWAes256Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMKWAES256GETKLASS">xmlSecGnuTLSTransformKWAes256GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYDATADESID">xmlSecGnuTLSKeyDataDesId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYDATADESGETKLASS">xmlSecGnuTLSKeyDataDesGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYDATADESSET">xmlSecGnuTLSKeyDataDesSet</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>);
+#define <a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMDES3CBCID">xmlSecGnuTLSTransformDes3CbcId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMDES3CBCGETKLASS">xmlSecGnuTLSTransformDes3CbcGetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMKWDES3ID">xmlSecGnuTLSTransformKWDes3Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMKWDES3GETKLASS">xmlSecGnuTLSTransformKWDes3GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYDATADSAID">xmlSecGnuTLSKeyDataDsaId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYDATADSAGETKLASS">xmlSecGnuTLSKeyDataDsaGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYDATADSAADOPTPRIVATEKEY">xmlSecGnuTLSKeyDataDsaAdoptPrivateKey</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="GNUTLS-X509-PRIVKEY-T"><span class="TYPE">gnutls_x509_privkey_t</span></gtkdoclink> dsa_key</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYDATADSAADOPTPUBLICKEY">xmlSecGnuTLSKeyDataDsaAdoptPublicKey</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="GNUTLS-DATUM-T"><span class="TYPE">gnutls_datum_t</span></gtkdoclink> *p</code>,
+ <code class="PARAMETER"><gtkdoclink href="GNUTLS-DATUM-T"><span class="TYPE">gnutls_datum_t</span></gtkdoclink> *q</code>,
+ <code class="PARAMETER"><gtkdoclink href="GNUTLS-DATUM-T"><span class="TYPE">gnutls_datum_t</span></gtkdoclink> *g</code>,
+ <code class="PARAMETER"><gtkdoclink href="GNUTLS-DATUM-T"><span class="TYPE">gnutls_datum_t</span></gtkdoclink> *y</code>);
+#define <a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMDSASHA1ID">xmlSecGnuTLSTransformDsaSha1Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMDSASHA1GETKLASS">xmlSecGnuTLSTransformDsaSha1GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSHMACGETMINOUTPUTLENGTH">xmlSecGnuTLSHmacGetMinOutputLength</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSHMACSETMINOUTPUTLENGTH">xmlSecGnuTLSHmacSetMinOutputLength</a> (<code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> min_length</code>);
+#define <a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYDATAHMACID">xmlSecGnuTLSKeyDataHmacId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYDATAHMACGETKLASS">xmlSecGnuTLSKeyDataHmacGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYDATAHMACSET">xmlSecGnuTLSKeyDataHmacSet</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>);
+#define <a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMHMACMD5ID">xmlSecGnuTLSTransformHmacMd5Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMHMACMD5GETKLASS">xmlSecGnuTLSTransformHmacMd5GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMHMACRIPEMD160ID">xmlSecGnuTLSTransformHmacRipemd160Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMHMACRIPEMD160GETKLASS">xmlSecGnuTLSTransformHmacRipemd160GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMHMACSHA1ID">xmlSecGnuTLSTransformHmacSha1Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMHMACSHA1GETKLASS">xmlSecGnuTLSTransformHmacSha1GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMHMACSHA256ID">xmlSecGnuTLSTransformHmacSha256Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMHMACSHA256GETKLASS">xmlSecGnuTLSTransformHmacSha256GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMHMACSHA384ID">xmlSecGnuTLSTransformHmacSha384Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMHMACSHA384GETKLASS">xmlSecGnuTLSTransformHmacSha384GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMHMACSHA512ID">xmlSecGnuTLSTransformHmacSha512Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMHMACSHA512GETKLASS">xmlSecGnuTLSTransformHmacSha512GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYDATARSAID">xmlSecGnuTLSKeyDataRsaId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYDATARSAGETKLASS">xmlSecGnuTLSKeyDataRsaGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYDATARSAADOPTPRIVATEKEY">xmlSecGnuTLSKeyDataRsaAdoptPrivateKey</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="GNUTLS-X509-PRIVKEY-T"><span class="TYPE">gnutls_x509_privkey_t</span></gtkdoclink> rsa_key</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYDATARSAADOPTPUBLICKEY">xmlSecGnuTLSKeyDataRsaAdoptPublicKey</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="GNUTLS-DATUM-T"><span class="TYPE">gnutls_datum_t</span></gtkdoclink> *m</code>,
+ <code class="PARAMETER"><gtkdoclink href="GNUTLS-DATUM-T"><span class="TYPE">gnutls_datum_t</span></gtkdoclink> *e</code>);
+#define <a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMRSAMD5ID">xmlSecGnuTLSTransformRsaMd5Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMRSAMD5GETKLASS">xmlSecGnuTLSTransformRsaMd5GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMRSARIPEMD160ID">xmlSecGnuTLSTransformRsaRipemd160Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMRSARIPEMD160GETKLASS">xmlSecGnuTLSTransformRsaRipemd160GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMRSASHA1ID">xmlSecGnuTLSTransformRsaSha1Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMRSASHA1GETKLASS">xmlSecGnuTLSTransformRsaSha1GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMRSASHA256ID">xmlSecGnuTLSTransformRsaSha256Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMRSASHA256GETKLASS">xmlSecGnuTLSTransformRsaSha256GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMRSASHA384ID">xmlSecGnuTLSTransformRsaSha384Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMRSASHA384GETKLASS">xmlSecGnuTLSTransformRsaSha384GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMRSASHA512ID">xmlSecGnuTLSTransformRsaSha512Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMRSASHA512GETKLASS">xmlSecGnuTLSTransformRsaSha512GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMSHA1ID">xmlSecGnuTLSTransformSha1Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMSHA1GETKLASS">xmlSecGnuTLSTransformSha1GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMSHA256ID">xmlSecGnuTLSTransformSha256Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMSHA256GETKLASS">xmlSecGnuTLSTransformSha256GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMSHA384ID">xmlSecGnuTLSTransformSha384Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMSHA384GETKLASS">xmlSecGnuTLSTransformSha384GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMSHA512ID">xmlSecGnuTLSTransformSha512Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMSHA512GETKLASS">xmlSecGnuTLSTransformSha512GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMMD5ID">xmlSecGnuTLSTransformMd5Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMMD5GETKLASS">xmlSecGnuTLSTransformMd5GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMRIPEMD160ID">xmlSecGnuTLSTransformRipemd160Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMRIPEMD160GETKLASS">xmlSecGnuTLSTransformRipemd160GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-GNUTLS-CRYPTO.DESCRIPTION"></a><h2>Description</h2>
+<p>Crypto transforms implementation for GnuTLS.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-GNUTLS-CRYPTO.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECCRYPTOGETFUNCTIONS-GNUTLS"></a><h3>xmlSecCryptoGetFunctions_gnutls ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECCRYPTODLFUNCTIONS"><span class="RETURNVALUE">xmlSecCryptoDLFunctionsPtr</span></gtkdoclink> xmlSecCryptoGetFunctions_gnutls
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Gets the pointer to xmlsec-gnutls functions table.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN31014"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the xmlsec-gnutls functions table or NULL if an error occurs.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSINIT"></a><h3>xmlSecGnuTLSInit ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGnuTLSInit (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>XMLSec library specific crypto engine initialization.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN31030"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSSHUTDOWN"></a><h3>xmlSecGnuTLSShutdown ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGnuTLSShutdown (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>XMLSec library specific crypto engine shutdown.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN31046"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSKEYSMNGRINIT"></a><h3>xmlSecGnuTLSKeysMngrInit ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGnuTLSKeysMngrInit (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>);</pre>
+<p>Adds GnuTLS specific key data stores in keys manager.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN31063"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN31068"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSGENERATERANDOM"></a><h3>xmlSecGnuTLSGenerateRandom ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGnuTLSGenerateRandom (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buffer</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);</pre>
+<p>Generates <code class="PARAMETER">size</code> random bytes and puts result in <code class="PARAMETER">buffer</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN31090"><span style="white-space: nowrap"><code class="PARAMETER">buffer</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the destination buffer.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN31095"><span style="white-space: nowrap"><code class="PARAMETER">size</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the numer of bytes to generate.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN31100"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSKEYDATAAESID"></a><h3>xmlSecGnuTLSKeyDataAesId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGnuTLSKeyDataAesId</pre>
+<p>The AES key data klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSKEYDATAAESGETKLASS"></a><h3>xmlSecGnuTLSKeyDataAesGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecGnuTLSKeyDataAesGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The AES key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN31122"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> AES key data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSKEYDATAAESSET"></a><h3>xmlSecGnuTLSKeyDataAesSet ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGnuTLSKeyDataAesSet (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>);</pre>
+<p>Sets the value of AES key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN31145"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to AES key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN31150"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN31155"><span style="white-space: nowrap"><code class="PARAMETER">bufSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key value size (in bytes).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN31160"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMAES128CBCID"></a><h3>xmlSecGnuTLSTransformAes128CbcId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGnuTLSTransformAes128CbcId</pre>
+<p>The AES128 CBC cipher transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMAES128CBCGETKLASS"></a><h3>xmlSecGnuTLSTransformAes128CbcGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGnuTLSTransformAes128CbcGetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>AES 128 CBC encryption transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN31182"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to AES 128 CBC encryption transform.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMAES192CBCID"></a><h3>xmlSecGnuTLSTransformAes192CbcId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGnuTLSTransformAes192CbcId</pre>
+<p>The AES192 CBC cipher transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMAES192CBCGETKLASS"></a><h3>xmlSecGnuTLSTransformAes192CbcGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGnuTLSTransformAes192CbcGetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>AES 192 CBC encryption transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN31204"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to AES 192 CBC encryption transform.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMAES256CBCID"></a><h3>xmlSecGnuTLSTransformAes256CbcId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGnuTLSTransformAes256CbcId</pre>
+<p>The AES256 CBC cipher transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMAES256CBCGETKLASS"></a><h3>xmlSecGnuTLSTransformAes256CbcGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGnuTLSTransformAes256CbcGetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>AES 256 CBC encryption transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN31226"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to AES 256 CBC encryption transform.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMKWAES128ID"></a><h3>xmlSecGnuTLSTransformKWAes128Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGnuTLSTransformKWAes128Id</pre>
+<p>The AES 128 key wrap transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMKWAES128GETKLASS"></a><h3>xmlSecGnuTLSTransformKWAes128GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGnuTLSTransformKWAes128GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The AES-128 kew wrapper transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN31248"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> AES-128 kew wrapper transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMKWAES192ID"></a><h3>xmlSecGnuTLSTransformKWAes192Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGnuTLSTransformKWAes192Id</pre>
+<p>The AES 192 key wrap transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMKWAES192GETKLASS"></a><h3>xmlSecGnuTLSTransformKWAes192GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGnuTLSTransformKWAes192GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The AES-192 kew wrapper transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN31270"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> AES-192 kew wrapper transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMKWAES256ID"></a><h3>xmlSecGnuTLSTransformKWAes256Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGnuTLSTransformKWAes256Id</pre>
+<p>The AES 256 key wrap transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMKWAES256GETKLASS"></a><h3>xmlSecGnuTLSTransformKWAes256GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGnuTLSTransformKWAes256GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The AES-256 kew wrapper transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN31292"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> AES-256 kew wrapper transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSKEYDATADESID"></a><h3>xmlSecGnuTLSKeyDataDesId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGnuTLSKeyDataDesId</pre>
+<p>The DES key data klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSKEYDATADESGETKLASS"></a><h3>xmlSecGnuTLSKeyDataDesGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecGnuTLSKeyDataDesGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The DES key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN31314"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> DES key data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSKEYDATADESSET"></a><h3>xmlSecGnuTLSKeyDataDesSet ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGnuTLSKeyDataDesSet (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>);</pre>
+<p>Sets the value of DES key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN31337"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to DES key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN31342"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN31347"><span style="white-space: nowrap"><code class="PARAMETER">bufSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key value size (in bytes).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN31352"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMDES3CBCID"></a><h3>xmlSecGnuTLSTransformDes3CbcId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGnuTLSTransformDes3CbcId</pre>
+<p>The DES3 CBC cipher transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMDES3CBCGETKLASS"></a><h3>xmlSecGnuTLSTransformDes3CbcGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGnuTLSTransformDes3CbcGetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Triple DES CBC encryption transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN31374"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to Triple DES encryption transform.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMKWDES3ID"></a><h3>xmlSecGnuTLSTransformKWDes3Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGnuTLSTransformKWDes3Id</pre>
+<p>The DES3 KW transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMKWDES3GETKLASS"></a><h3>xmlSecGnuTLSTransformKWDes3GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGnuTLSTransformKWDes3GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The Triple DES key wrapper transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN31396"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> Triple DES key wrapper transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSKEYDATADSAID"></a><h3>xmlSecGnuTLSKeyDataDsaId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGnuTLSKeyDataDsaId</pre>
+<p>The DSA key klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSKEYDATADSAGETKLASS"></a><h3>xmlSecGnuTLSKeyDataDsaGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecGnuTLSKeyDataDsaGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The DSA key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN31418"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to DSA key data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSKEYDATADSAADOPTPRIVATEKEY"></a><h3>xmlSecGnuTLSKeyDataDsaAdoptPrivateKey ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGnuTLSKeyDataDsaAdoptPrivateKey
+ (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="GNUTLS-X509-PRIVKEY-T"><span class="TYPE">gnutls_x509_privkey_t</span></gtkdoclink> dsa_key</code>);</pre>
+<p>Sets the value of DSA key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN31438"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to DSA key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN31443"><span style="white-space: nowrap"><code class="PARAMETER">dsa_key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to GnuTLS DSA private key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN31448"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSKEYDATADSAADOPTPUBLICKEY"></a><h3>xmlSecGnuTLSKeyDataDsaAdoptPublicKey ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGnuTLSKeyDataDsaAdoptPublicKey
+ (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="GNUTLS-DATUM-T"><span class="TYPE">gnutls_datum_t</span></gtkdoclink> *p</code>,
+ <code class="PARAMETER"><gtkdoclink href="GNUTLS-DATUM-T"><span class="TYPE">gnutls_datum_t</span></gtkdoclink> *q</code>,
+ <code class="PARAMETER"><gtkdoclink href="GNUTLS-DATUM-T"><span class="TYPE">gnutls_datum_t</span></gtkdoclink> *g</code>,
+ <code class="PARAMETER"><gtkdoclink href="GNUTLS-DATUM-T"><span class="TYPE">gnutls_datum_t</span></gtkdoclink> *y</code>);</pre>
+<p>Sets the value of DSA key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN31477"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to DSA key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN31482"><span style="white-space: nowrap"><code class="PARAMETER">p</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to p component of the DSA public key</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN31487"><span style="white-space: nowrap"><code class="PARAMETER">q</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to q component of the DSA public key</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN31492"><span style="white-space: nowrap"><code class="PARAMETER">g</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to g component of the DSA public key</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN31497"><span style="white-space: nowrap"><code class="PARAMETER">y</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to y component of the DSA public key</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN31502"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMDSASHA1ID"></a><h3>xmlSecGnuTLSTransformDsaSha1Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGnuTLSTransformDsaSha1Id</pre>
+<p>The DSA SHA1 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMDSASHA1GETKLASS"></a><h3>xmlSecGnuTLSTransformDsaSha1GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGnuTLSTransformDsaSha1GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The DSA-SHA1 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN31524"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> DSA-SHA1 signature transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSHMACGETMINOUTPUTLENGTH"></a><h3>xmlSecGnuTLSHmacGetMinOutputLength ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGnuTLSHmacGetMinOutputLength (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Gets the value of min HMAC length.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN31540"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the min HMAC output length</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSHMACSETMINOUTPUTLENGTH"></a><h3>xmlSecGnuTLSHmacSetMinOutputLength ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecGnuTLSHmacSetMinOutputLength (<code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> min_length</code>);</pre>
+<p>Sets the min HMAC output length</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN31557"><span style="white-space: nowrap"><code class="PARAMETER">min_length</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new min length</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSKEYDATAHMACID"></a><h3>xmlSecGnuTLSKeyDataHmacId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGnuTLSKeyDataHmacId</pre>
+<p>The HMAC key klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSKEYDATAHMACGETKLASS"></a><h3>xmlSecGnuTLSKeyDataHmacGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecGnuTLSKeyDataHmacGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN31579"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> HMAC key data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSKEYDATAHMACSET"></a><h3>xmlSecGnuTLSKeyDataHmacSet ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGnuTLSKeyDataHmacSet (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>);</pre>
+<p>Sets the value of HMAC key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN31602"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to HMAC key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN31607"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN31612"><span style="white-space: nowrap"><code class="PARAMETER">bufSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key value size (in bytes).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN31617"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMHMACMD5ID"></a><h3>xmlSecGnuTLSTransformHmacMd5Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGnuTLSTransformHmacMd5Id</pre>
+<p>The HMAC with MD5 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMHMACMD5GETKLASS"></a><h3>xmlSecGnuTLSTransformHmacMd5GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGnuTLSTransformHmacMd5GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-MD5 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN31639"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-MD5 transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMHMACRIPEMD160ID"></a><h3>xmlSecGnuTLSTransformHmacRipemd160Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGnuTLSTransformHmacRipemd160Id</pre>
+<p>The HMAC with RipeMD160 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMHMACRIPEMD160GETKLASS"></a><h3>xmlSecGnuTLSTransformHmacRipemd160GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGnuTLSTransformHmacRipemd160GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-RIPEMD160 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN31661"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-RIPEMD160 transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMHMACSHA1ID"></a><h3>xmlSecGnuTLSTransformHmacSha1Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGnuTLSTransformHmacSha1Id</pre>
+<p>The HMAC with SHA1 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMHMACSHA1GETKLASS"></a><h3>xmlSecGnuTLSTransformHmacSha1GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGnuTLSTransformHmacSha1GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-SHA1 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN31683"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-SHA1 transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMHMACSHA256ID"></a><h3>xmlSecGnuTLSTransformHmacSha256Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGnuTLSTransformHmacSha256Id</pre>
+<p>The HMAC with SHA256 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMHMACSHA256GETKLASS"></a><h3>xmlSecGnuTLSTransformHmacSha256GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGnuTLSTransformHmacSha256GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-SHA256 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN31705"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-SHA256 transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMHMACSHA384ID"></a><h3>xmlSecGnuTLSTransformHmacSha384Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGnuTLSTransformHmacSha384Id</pre>
+<p>The HMAC with SHA384 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMHMACSHA384GETKLASS"></a><h3>xmlSecGnuTLSTransformHmacSha384GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGnuTLSTransformHmacSha384GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-SHA384 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN31727"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-SHA384 transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMHMACSHA512ID"></a><h3>xmlSecGnuTLSTransformHmacSha512Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGnuTLSTransformHmacSha512Id</pre>
+<p>The HMAC with SHA512 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMHMACSHA512GETKLASS"></a><h3>xmlSecGnuTLSTransformHmacSha512GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGnuTLSTransformHmacSha512GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-SHA512 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN31749"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-SHA512 transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSKEYDATARSAID"></a><h3>xmlSecGnuTLSKeyDataRsaId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGnuTLSKeyDataRsaId</pre>
+<p>The RSA key klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSKEYDATARSAGETKLASS"></a><h3>xmlSecGnuTLSKeyDataRsaGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecGnuTLSKeyDataRsaGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The GnuTLS RSA key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN31771"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to GnuTLS RSA key data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSKEYDATARSAADOPTPRIVATEKEY"></a><h3>xmlSecGnuTLSKeyDataRsaAdoptPrivateKey ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGnuTLSKeyDataRsaAdoptPrivateKey
+ (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="GNUTLS-X509-PRIVKEY-T"><span class="TYPE">gnutls_x509_privkey_t</span></gtkdoclink> rsa_key</code>);</pre>
+<p>Sets the value of RSA key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN31791"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to RSA key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN31796"><span style="white-space: nowrap"><code class="PARAMETER">rsa_key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to GnuTLS RSA private key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN31801"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSKEYDATARSAADOPTPUBLICKEY"></a><h3>xmlSecGnuTLSKeyDataRsaAdoptPublicKey ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGnuTLSKeyDataRsaAdoptPublicKey
+ (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="GNUTLS-DATUM-T"><span class="TYPE">gnutls_datum_t</span></gtkdoclink> *m</code>,
+ <code class="PARAMETER"><gtkdoclink href="GNUTLS-DATUM-T"><span class="TYPE">gnutls_datum_t</span></gtkdoclink> *e</code>);</pre>
+<p>Sets the value of RSA key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN31824"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to RSA key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN31829"><span style="white-space: nowrap"><code class="PARAMETER">m</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to m component of the RSA public key</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN31834"><span style="white-space: nowrap"><code class="PARAMETER">e</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to e component of the RSA public key</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN31839"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMRSAMD5ID"></a><h3>xmlSecGnuTLSTransformRsaMd5Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGnuTLSTransformRsaMd5Id</pre>
+<p>The RSA-MD5 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMRSAMD5GETKLASS"></a><h3>xmlSecGnuTLSTransformRsaMd5GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGnuTLSTransformRsaMd5GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-MD5 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN31861"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-MD5 signature transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMRSARIPEMD160ID"></a><h3>xmlSecGnuTLSTransformRsaRipemd160Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGnuTLSTransformRsaRipemd160Id</pre>
+<p>The RSA-RIPEMD160 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMRSARIPEMD160GETKLASS"></a><h3>xmlSecGnuTLSTransformRsaRipemd160GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGnuTLSTransformRsaRipemd160GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-RIPEMD160 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN31883"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-RIPEMD160 signature transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMRSASHA1ID"></a><h3>xmlSecGnuTLSTransformRsaSha1Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGnuTLSTransformRsaSha1Id</pre>
+<p>The RSA-SHA1 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMRSASHA1GETKLASS"></a><h3>xmlSecGnuTLSTransformRsaSha1GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGnuTLSTransformRsaSha1GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-SHA1 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN31905"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-SHA1 signature transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMRSASHA256ID"></a><h3>xmlSecGnuTLSTransformRsaSha256Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGnuTLSTransformRsaSha256Id</pre>
+<p>The RSA-SHA256 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMRSASHA256GETKLASS"></a><h3>xmlSecGnuTLSTransformRsaSha256GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGnuTLSTransformRsaSha256GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-SHA256 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN31927"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-SHA256 signature transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMRSASHA384ID"></a><h3>xmlSecGnuTLSTransformRsaSha384Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGnuTLSTransformRsaSha384Id</pre>
+<p>The RSA-SHA384 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMRSASHA384GETKLASS"></a><h3>xmlSecGnuTLSTransformRsaSha384GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGnuTLSTransformRsaSha384GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-SHA384 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN31949"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-SHA384 signature transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMRSASHA512ID"></a><h3>xmlSecGnuTLSTransformRsaSha512Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGnuTLSTransformRsaSha512Id</pre>
+<p>The RSA-SHA512 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMRSASHA512GETKLASS"></a><h3>xmlSecGnuTLSTransformRsaSha512GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGnuTLSTransformRsaSha512GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-SHA512 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN31971"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-SHA512 signature transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMSHA1ID"></a><h3>xmlSecGnuTLSTransformSha1Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGnuTLSTransformSha1Id</pre>
+<p>The HMAC with SHA1 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMSHA1GETKLASS"></a><h3>xmlSecGnuTLSTransformSha1GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGnuTLSTransformSha1GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>SHA-1 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN31993"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to SHA-1 digest transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMSHA256ID"></a><h3>xmlSecGnuTLSTransformSha256Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGnuTLSTransformSha256Id</pre>
+<p>The HMAC with SHA256 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMSHA256GETKLASS"></a><h3>xmlSecGnuTLSTransformSha256GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGnuTLSTransformSha256GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>SHA256 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN32015"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to SHA256 digest transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMSHA384ID"></a><h3>xmlSecGnuTLSTransformSha384Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGnuTLSTransformSha384Id</pre>
+<p>The HMAC with SHA384 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMSHA384GETKLASS"></a><h3>xmlSecGnuTLSTransformSha384GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGnuTLSTransformSha384GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>SHA384 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN32037"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to SHA384 digest transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMSHA512ID"></a><h3>xmlSecGnuTLSTransformSha512Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGnuTLSTransformSha512Id</pre>
+<p>The HMAC with SHA512 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMSHA512GETKLASS"></a><h3>xmlSecGnuTLSTransformSha512GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGnuTLSTransformSha512GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>SHA512 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN32059"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to SHA512 digest transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMMD5ID"></a><h3>xmlSecGnuTLSTransformMd5Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGnuTLSTransformMd5Id</pre>
+<p>The MD5 digest transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMMD5GETKLASS"></a><h3>xmlSecGnuTLSTransformMd5GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGnuTLSTransformMd5GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>MD5 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN32081"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to MD5 digest transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMRIPEMD160ID"></a><h3>xmlSecGnuTLSTransformRipemd160Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGnuTLSTransformRipemd160Id</pre>
+<p>The RIPEMD160 digest transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGNUTLSTRANSFORMRIPEMD160GETKLASS"></a><h3>xmlSecGnuTLSTransformRipemd160GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecGnuTLSTransformRipemd160GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>RIPEMD160 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN32103"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to RIPEMD160 digest transform klass.</p></td>
+</tr></tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-gnutls-app.html"><b>&lt;&lt;&lt; app</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-gcrypt-ref.html"><b>XML Security Library for GCrypt API Reference. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-gnutls-ref.html b/docs/api/xmlsec-gnutls-ref.html
new file mode 100644
index 00000000..391447bc
--- /dev/null
+++ b/docs/api/xmlsec-gnutls-ref.html
@@ -0,0 +1,107 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>XML Security Library for GnuTLS API Reference.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library API Reference." href="xmlsec-reference.html">
+<link rel="PREVIOUS" title="x509" href="xmlsec-openssl-x509.html">
+<link rel="NEXT" title="app" href="xmlsec-gnutls-app.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-openssl-x509.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-reference.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-gnutls-app.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<div class="CHAPTER">
+<h1>
+<a name="XMLSEC-GNUTLS-REF"></a>XML Security Library for GnuTLS API Reference.</h1>
+<div class="TOC"><dl>
+<dt><b>Table of Contents</b></dt>
+<dt>
+<a href="xmlsec-gnutls-app.html">app</a> -- Application functions implementation for GnuTLS.</dt>
+<dt>
+<a href="xmlsec-gnutls-crypto.html">crypto</a> -- Crypto transforms implementation for GnuTLS.</dt>
+</dl></div>
+<p>This section contains the API reference for xmlsec-gnutls. All
+ the public interfaces are documented here. This reference guide is
+ build by extracting comments from the code sources. </p>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-openssl-x509.html"><b>&lt;&lt;&lt; x509</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-gnutls-app.html"><b>app &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-gnutls.sgml b/docs/api/xmlsec-gnutls.sgml
new file mode 100644
index 00000000..b5c2bf22
--- /dev/null
+++ b/docs/api/xmlsec-gnutls.sgml
@@ -0,0 +1,15 @@
+<!doctype book PUBLIC "-//DavenPort//DTD DocBook V3.0//EN" [
+<!ENTITY xmlsec-gnutls-app SYSTEM "sgml/app.sgml">
+<!ENTITY xmlsec-gnutls-crypto SYSTEM "sgml/crypto.sgml">
+]>
+<book id="index">
+ <bookinfo>
+ <title>[Insert name here] Reference Manual</title>
+ </bookinfo>
+
+ <chapter>
+ <title>[Insert title here]</title>
+ &xmlsec-gnutls-app;
+ &xmlsec-gnutls-crypto;
+ </chapter>
+</book>
diff --git a/docs/api/xmlsec-index.html b/docs/api/xmlsec-index.html
new file mode 100644
index 00000000..a6e703fe
--- /dev/null
+++ b/docs/api/xmlsec-index.html
@@ -0,0 +1,1570 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>XML Security Library Reference Index</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library API Reference." href="xmlsec-reference.html">
+<link rel="PREVIOUS" title="x509" href="xmlsec-mscrypto-x509.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-mscrypto-x509.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-reference.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+</tr></table>
+<div class="CHAPTER">
+<h1>
+<a name="XMLSEC-INDEX"></a>XML Security Library Reference Index</h1>
+<p> </p>
+<p></p>
+<ul>
+<li><p><font>ATTRIBUTE-UNUSED</font></p></li>
+<li><p><a href="xmlsec-xmlenc.html#XMLENCCTXMODE">xmlEncCtxMode</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECADDCHILD">xmlSecAddChild</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECADDCHILDNODE">xmlSecAddChildNode</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECADDIDS">xmlSecAddIDs</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECADDNEXTSIBLING">xmlSecAddNextSibling</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECADDPREVSIBLING">xmlSecAddPrevSibling</a></p></li>
+<li><p><a href="xmlsec-buffer.html#XMLSECALLOCMODE">xmlSecAllocMode</a></p></li>
+<li><p><a href="xmlsec-errors.html#XMLSECASSERT2">xmlSecAssert2</a></p></li>
+<li><p><a href="xmlsec-errors.html#XMLSECASSERT">xmlSecAssert</a></p></li>
+<li><p><a href="xmlsec-base64.html#XMLSECBASE64CTXCREATE">xmlSecBase64CtxCreate</a></p></li>
+<li><p><a href="xmlsec-base64.html#XMLSECBASE64CTXDESTROY">xmlSecBase64CtxDestroy</a></p></li>
+<li><p><a href="xmlsec-base64.html#XMLSECBASE64CTXFINALIZE">xmlSecBase64CtxFinalize</a></p></li>
+<li><p><a href="xmlsec-base64.html#XMLSECBASE64CTXFINAL">xmlSecBase64CtxFinal</a></p></li>
+<li><p><a href="xmlsec-base64.html#XMLSECBASE64CTXINITIALIZE">xmlSecBase64CtxInitialize</a></p></li>
+<li><p><a href="xmlsec-base64.html#XMLSECBASE64CTXUPDATE">xmlSecBase64CtxUpdate</a></p></li>
+<li><p><a href="xmlsec-base64.html#XMLSECBASE64DECODE">xmlSecBase64Decode</a></p></li>
+<li><p><a href="xmlsec-base64.html#XMLSECBASE64ENCODE">xmlSecBase64Encode</a></p></li>
+<li><p><a href="xmlsec-base64.html#XMLSECBASE64GETDEFAULTLINESIZE">xmlSecBase64GetDefaultLineSize</a></p></li>
+<li><p><font>XMLSEC-BASE64-LINESIZE</font></p></li>
+<li><p><a href="xmlsec-base64.html#XMLSECBASE64SETDEFAULTLINESIZE">xmlSecBase64SetDefaultLineSize</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECBITMASK">xmlSecBitMask</a></p></li>
+<li><p><a href="xmlsec-bn.html#XMLSECBNADD">xmlSecBnAdd</a></p></li>
+<li><p><a href="xmlsec-bn.html#XMLSECBNBLOBSETNODEVALUE">xmlSecBnBlobSetNodeValue</a></p></li>
+<li><p><a href="xmlsec-bn.html#XMLSECBNCOMPARE">xmlSecBnCompare</a></p></li>
+<li><p><a href="xmlsec-bn.html#XMLSECBNCOMPAREREVERSE">xmlSecBnCompareReverse</a></p></li>
+<li><p><a href="xmlsec-bn.html#XMLSECBNCREATE">xmlSecBnCreate</a></p></li>
+<li><p><a href="xmlsec-bn.html#XMLSECBNDESTROY">xmlSecBnDestroy</a></p></li>
+<li><p><a href="xmlsec-bn.html#XMLSECBNDIV">xmlSecBnDiv</a></p></li>
+<li><p><a href="xmlsec-bn.html#XMLSECBNFINALIZE">xmlSecBnFinalize</a></p></li>
+<li><p><a href="xmlsec-bn.html#XMLSECBNFORMAT">xmlSecBnFormat</a></p></li>
+<li><p><a href="xmlsec-bn.html#XMLSECBNFROMDECSTRING">xmlSecBnFromDecString</a></p></li>
+<li><p><a href="xmlsec-bn.html#XMLSECBNFROMHEXSTRING">xmlSecBnFromHexString</a></p></li>
+<li><p><a href="xmlsec-bn.html#XMLSECBNFROMSTRING">xmlSecBnFromString</a></p></li>
+<li><p><a href="xmlsec-bn.html#XMLSECBNGETDATA">xmlSecBnGetData</a></p></li>
+<li><p><a href="xmlsec-bn.html#XMLSECBNGETNODEVALUE">xmlSecBnGetNodeValue</a></p></li>
+<li><p><a href="xmlsec-bn.html#XMLSECBNGETSIZE">xmlSecBnGetSize</a></p></li>
+<li><p><a href="xmlsec-bn.html#XMLSECBNINITIALIZE">xmlSecBnInitialize</a></p></li>
+<li><p><a href="xmlsec-bn.html#XMLSECBNMUL">xmlSecBnMul</a></p></li>
+<li><p><a href="xmlsec-bn.html#XMLSECBNREVERSE">xmlSecBnReverse</a></p></li>
+<li><p><a href="xmlsec-bn.html#XMLSECBNSETDATA">xmlSecBnSetData</a></p></li>
+<li><p><a href="xmlsec-bn.html#XMLSECBNSETNODEVALUE">xmlSecBnSetNodeValue</a></p></li>
+<li><p><a href="xmlsec-bn.html#XMLSECBNTODECSTRING">xmlSecBnToDecString</a></p></li>
+<li><p><a href="xmlsec-bn.html#XMLSECBNTOHEXSTRING">xmlSecBnToHexString</a></p></li>
+<li><p><a href="xmlsec-bn.html#XMLSECBNTOSTRING">xmlSecBnToString</a></p></li>
+<li><p><a href="xmlsec-bn.html#XMLSECBNZERO">xmlSecBnZero</a></p></li>
+<li><p><a href="xmlsec-buffer.html#XMLSECBUFFERAPPEND">xmlSecBufferAppend</a></p></li>
+<li><p><a href="xmlsec-buffer.html#XMLSECBUFFERBASE64NODECONTENTREAD">xmlSecBufferBase64NodeContentRead</a></p></li>
+<li><p><a href="xmlsec-buffer.html#XMLSECBUFFERBASE64NODECONTENTWRITE">xmlSecBufferBase64NodeContentWrite</a></p></li>
+<li><p><a href="xmlsec-buffer.html#XMLSECBUFFERCREATE">xmlSecBufferCreate</a></p></li>
+<li><p><a href="xmlsec-buffer.html#XMLSECBUFFERCREATEOUTPUTBUFFER">xmlSecBufferCreateOutputBuffer</a></p></li>
+<li><p><a href="xmlsec-buffer.html#XMLSECBUFFERDESTROY">xmlSecBufferDestroy</a></p></li>
+<li><p><a href="xmlsec-buffer.html#XMLSECBUFFEREMPTY">xmlSecBufferEmpty</a></p></li>
+<li><p><a href="xmlsec-buffer.html#XMLSECBUFFERFINALIZE">xmlSecBufferFinalize</a></p></li>
+<li><p><a href="xmlsec-buffer.html#XMLSECBUFFERGETDATA">xmlSecBufferGetData</a></p></li>
+<li><p><a href="xmlsec-buffer.html#XMLSECBUFFERGETMAXSIZE">xmlSecBufferGetMaxSize</a></p></li>
+<li><p><a href="xmlsec-buffer.html#XMLSECBUFFERGETSIZE">xmlSecBufferGetSize</a></p></li>
+<li><p><a href="xmlsec-buffer.html#XMLSECBUFFERINITIALIZE">xmlSecBufferInitialize</a></p></li>
+<li><p><a href="xmlsec-buffer.html#XMLSECBUFFER">xmlSecBuffer</a></p></li>
+<li><p><a href="xmlsec-buffer.html#XMLSECBUFFERPREPEND">xmlSecBufferPrepend</a></p></li>
+<li><p><a href="xmlsec-buffer.html#XMLSECBUFFERREADFILE">xmlSecBufferReadFile</a></p></li>
+<li><p><a href="xmlsec-buffer.html#XMLSECBUFFERREMOVEHEAD">xmlSecBufferRemoveHead</a></p></li>
+<li><p><a href="xmlsec-buffer.html#XMLSECBUFFERREMOVETAIL">xmlSecBufferRemoveTail</a></p></li>
+<li><p><a href="xmlsec-buffer.html#XMLSECBUFFERSETDATA">xmlSecBufferSetData</a></p></li>
+<li><p><a href="xmlsec-buffer.html#XMLSECBUFFERSETDEFAULTALLOCMODE">xmlSecBufferSetDefaultAllocMode</a></p></li>
+<li><p><a href="xmlsec-buffer.html#XMLSECBUFFERSETMAXSIZE">xmlSecBufferSetMaxSize</a></p></li>
+<li><p><a href="xmlsec-buffer.html#XMLSECBUFFERSETSIZE">xmlSecBufferSetSize</a></p></li>
+<li><p><a href="xmlsec-xmlsec.html#XMLSECBYTE">xmlSecByte</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECCHECKNODENAME">xmlSecCheckNodeName</a></p></li>
+<li><p><a href="xmlsec-xmlsec.html#XMLSECCHECKVERSIONEXACT">xmlSecCheckVersionExact</a></p></li>
+<li><p><a href="xmlsec-xmlsec.html#XMLSECCHECKVERSIONEXT">xmlSecCheckVersionExt</a></p></li>
+<li><p><a href="xmlsec-xmlsec.html#XMLSECCHECKVERSIONMODE">xmlSecCheckVersionMode</a></p></li>
+<li><p><a href="xmlsec-xmlsec.html#XMLSECCHECKVERSION">xmlSecCheckVersion</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECCREATETREE">xmlSecCreateTree</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECCRYPTOAPPDEFAULTKEYSMNGRADOPTKEY">xmlSecCryptoAppDefaultKeysMngrAdoptKey</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECCRYPTOAPPDEFAULTKEYSMNGRINIT">xmlSecCryptoAppDefaultKeysMngrInit</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECCRYPTOAPPDEFAULTKEYSMNGRLOAD">xmlSecCryptoAppDefaultKeysMngrLoad</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECCRYPTOAPPDEFAULTKEYSMNGRSAVE">xmlSecCryptoAppDefaultKeysMngrSave</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECCRYPTOAPPGETDEFAULTPWDCALLBACK">xmlSecCryptoAppGetDefaultPwdCallback</a></p></li>
+<li><p><font>xmlSecCryptoAppInitMethod</font></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECCRYPTOAPPINIT">xmlSecCryptoAppInit</a></p></li>
+<li><p><font>xmlSecCryptoAppKeyCertLoadMemoryMethod</font></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECCRYPTOAPPKEYCERTLOADMEMORY">xmlSecCryptoAppKeyCertLoadMemory</a></p></li>
+<li><p><font>xmlSecCryptoAppKeyCertLoadMethod</font></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECCRYPTOAPPKEYCERTLOAD">xmlSecCryptoAppKeyCertLoad</a></p></li>
+<li><p><font>xmlSecCryptoAppKeyLoadMemoryMethod</font></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECCRYPTOAPPKEYLOADMEMORY">xmlSecCryptoAppKeyLoadMemory</a></p></li>
+<li><p><font>xmlSecCryptoAppKeyLoadMethod</font></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECCRYPTOAPPKEYLOAD">xmlSecCryptoAppKeyLoad</a></p></li>
+<li><p><font>xmlSecCryptoAppKeysMngrCertLoadMemoryMethod</font></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECCRYPTOAPPKEYSMNGRCERTLOADMEMORY">xmlSecCryptoAppKeysMngrCertLoadMemory</a></p></li>
+<li><p><font>xmlSecCryptoAppKeysMngrCertLoadMethod</font></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECCRYPTOAPPKEYSMNGRCERTLOAD">xmlSecCryptoAppKeysMngrCertLoad</a></p></li>
+<li><p><font>xmlSecCryptoAppPkcs12LoadMemoryMethod</font></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECCRYPTOAPPPKCS12LOADMEMORY">xmlSecCryptoAppPkcs12LoadMemory</a></p></li>
+<li><p><font>xmlSecCryptoAppPkcs12LoadMethod</font></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECCRYPTOAPPPKCS12LOAD">xmlSecCryptoAppPkcs12Load</a></p></li>
+<li><p><font>xmlSecCryptoAppShutdownMethod</font></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECCRYPTOAPPSHUTDOWN">xmlSecCryptoAppShutdown</a></p></li>
+<li><p><font>xmlSecCryptoDLFunctions</font></p></li>
+<li><p><a href="xmlsec-dl.html#XMLSECCRYPTODLFUNCTIONSREGISTERKEYDATAANDTRANSFORMS">xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms</a></p></li>
+<li><p><a href="xmlsec-dl.html#XMLSECCRYPTODLGETFUNCTIONS">xmlSecCryptoDLGetFunctions</a></p></li>
+<li><p><a href="xmlsec-dl.html#XMLSECCRYPTODLGETLIBRARYFUNCTIONS">xmlSecCryptoDLGetLibraryFunctions</a></p></li>
+<li><p><a href="xmlsec-dl.html#XMLSECCRYPTODLINIT">xmlSecCryptoDLInit</a></p></li>
+<li><p><a href="xmlsec-dl.html#XMLSECCRYPTODLLOADLIBRARY">xmlSecCryptoDLLoadLibrary</a></p></li>
+<li><p><a href="xmlsec-dl.html#XMLSECCRYPTODLSETFUNCTIONS">xmlSecCryptoDLSetFunctions</a></p></li>
+<li><p><a href="xmlsec-dl.html#XMLSECCRYPTODLSHUTDOWN">xmlSecCryptoDLShutdown</a></p></li>
+<li><p><a href="xmlsec-dl.html#XMLSECCRYPTODLUNLOADLIBRARY">xmlSecCryptoDLUnloadLibrary</a></p></li>
+<li><p><font>xmlSecCryptoGetFunctions-gcrypt</font></p></li>
+<li><p><font>xmlSecCryptoGetFunctions-gnutls</font></p></li>
+<li><p><font>xmlSecCryptoGetFunctions-mscrypto</font></p></li>
+<li><p><font>xmlSecCryptoGetFunctions-nss</font></p></li>
+<li><p><font>xmlSecCryptoGetFunctions-openssl</font></p></li>
+<li><p><font>xmlSecCryptoInitMethod</font></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECCRYPTOINIT">xmlSecCryptoInit</a></p></li>
+<li><p><font>xmlSecCryptoKeyDataGetKlassMethod</font></p></li>
+<li><p><font>xmlSecCryptoKeyDataStoreGetKlassMethod</font></p></li>
+<li><p><font>xmlSecCryptoKeysMngrInitMethod</font></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECCRYPTOKEYSMNGRINIT">xmlSecCryptoKeysMngrInit</a></p></li>
+<li><p><font>xmlSecCryptoShutdownMethod</font></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECCRYPTOSHUTDOWN">xmlSecCryptoShutdown</a></p></li>
+<li><p><font>xmlSecCryptoTransformGetKlassMethod</font></p></li>
+<li><p><a href="xmlsec-xmldsig.html#XMLSECDSIGCTXCREATE">xmlSecDSigCtxCreate</a></p></li>
+<li><p><a href="xmlsec-xmldsig.html#XMLSECDSIGCTXDEBUGDUMP">xmlSecDSigCtxDebugDump</a></p></li>
+<li><p><a href="xmlsec-xmldsig.html#XMLSECDSIGCTXDEBUGXMLDUMP">xmlSecDSigCtxDebugXmlDump</a></p></li>
+<li><p><a href="xmlsec-xmldsig.html#XMLSECDSIGCTXDESTROY">xmlSecDSigCtxDestroy</a></p></li>
+<li><p><a href="xmlsec-xmldsig.html#XMLSECDSIGCTXENABLEREFERENCETRANSFORM">xmlSecDSigCtxEnableReferenceTransform</a></p></li>
+<li><p><a href="xmlsec-xmldsig.html#XMLSECDSIGCTXENABLESIGNATURETRANSFORM">xmlSecDSigCtxEnableSignatureTransform</a></p></li>
+<li><p><a href="xmlsec-xmldsig.html#XMLSECDSIGCTXFINALIZE">xmlSecDSigCtxFinalize</a></p></li>
+<li><p><a href="xmlsec-xmldsig.html#XMLSECDSIGCTXGETPRESIGNBUFFER">xmlSecDSigCtxGetPreSignBuffer</a></p></li>
+<li><p><a href="xmlsec-xmldsig.html#XMLSECDSIGCTXINITIALIZE">xmlSecDSigCtxInitialize</a></p></li>
+<li><p><a href="xmlsec-xmldsig.html#XMLSECDSIGCTX">xmlSecDSigCtx</a></p></li>
+<li><p><a href="xmlsec-xmldsig.html#XMLSECDSIGCTXSIGN">xmlSecDSigCtxSign</a></p></li>
+<li><p><a href="xmlsec-xmldsig.html#XMLSECDSIGCTXVERIFY">xmlSecDSigCtxVerify</a></p></li>
+<li><p><font>XMLSEC-DSIG-FLAGS-IGNORE-MANIFESTS</font></p></li>
+<li><p><font>XMLSEC-DSIG-FLAGS-STORE-MANIFEST-REFERENCES</font></p></li>
+<li><p><font>XMLSEC-DSIG-FLAGS-STORE-SIGNATURE</font></p></li>
+<li><p><font>XMLSEC-DSIG-FLAGS-STORE-SIGNEDINFO-REFERENCES</font></p></li>
+<li><p><font>XMLSEC-DSIG-FLAGS-USE-VISA3D-HACK</font></p></li>
+<li><p><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTXCREATE">xmlSecDSigReferenceCtxCreate</a></p></li>
+<li><p><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTXDEBUGDUMP">xmlSecDSigReferenceCtxDebugDump</a></p></li>
+<li><p><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTXDEBUGXMLDUMP">xmlSecDSigReferenceCtxDebugXmlDump</a></p></li>
+<li><p><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTXDESTROY">xmlSecDSigReferenceCtxDestroy</a></p></li>
+<li><p><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTXFINALIZE">xmlSecDSigReferenceCtxFinalize</a></p></li>
+<li><p><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTXGETPREDIGESTBUFFER">xmlSecDSigReferenceCtxGetPreDigestBuffer</a></p></li>
+<li><p><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTXINITIALIZE">xmlSecDSigReferenceCtxInitialize</a></p></li>
+<li><p><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTXLISTGETKLASS">xmlSecDSigReferenceCtxListGetKlass</a></p></li>
+<li><p><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTXLISTID">xmlSecDSigReferenceCtxListId</a></p></li>
+<li><p><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTX">xmlSecDSigReferenceCtx</a></p></li>
+<li><p><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTXPROCESSNODE">xmlSecDSigReferenceCtxProcessNode</a></p></li>
+<li><p><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCEORIGIN">xmlSecDSigReferenceOrigin</a></p></li>
+<li><p><a href="xmlsec-xmldsig.html#XMLSECDSIGSTATUS">xmlSecDSigStatus</a></p></li>
+<li><p><a href="xmlsec-xmlenc.html#XMLSECENCCTXBINARYENCRYPT">xmlSecEncCtxBinaryEncrypt</a></p></li>
+<li><p><a href="xmlsec-xmlenc.html#XMLSECENCCTXCOPYUSERPREF">xmlSecEncCtxCopyUserPref</a></p></li>
+<li><p><a href="xmlsec-xmlenc.html#XMLSECENCCTXCREATE">xmlSecEncCtxCreate</a></p></li>
+<li><p><a href="xmlsec-xmlenc.html#XMLSECENCCTXDEBUGDUMP">xmlSecEncCtxDebugDump</a></p></li>
+<li><p><a href="xmlsec-xmlenc.html#XMLSECENCCTXDEBUGXMLDUMP">xmlSecEncCtxDebugXmlDump</a></p></li>
+<li><p><a href="xmlsec-xmlenc.html#XMLSECENCCTXDECRYPT">xmlSecEncCtxDecrypt</a></p></li>
+<li><p><a href="xmlsec-xmlenc.html#XMLSECENCCTXDECRYPTTOBUFFER">xmlSecEncCtxDecryptToBuffer</a></p></li>
+<li><p><a href="xmlsec-xmlenc.html#XMLSECENCCTXDESTROY">xmlSecEncCtxDestroy</a></p></li>
+<li><p><a href="xmlsec-xmlenc.html#XMLSECENCCTXFINALIZE">xmlSecEncCtxFinalize</a></p></li>
+<li><p><a href="xmlsec-xmlenc.html#XMLSECENCCTXINITIALIZE">xmlSecEncCtxInitialize</a></p></li>
+<li><p><a href="xmlsec-xmlenc.html#XMLSECENCCTX">xmlSecEncCtx</a></p></li>
+<li><p><a href="xmlsec-xmlenc.html#XMLSECENCCTXRESET">xmlSecEncCtxReset</a></p></li>
+<li><p><a href="xmlsec-xmlenc.html#XMLSECENCCTXURIENCRYPT">xmlSecEncCtxUriEncrypt</a></p></li>
+<li><p><a href="xmlsec-xmlenc.html#XMLSECENCCTXXMLENCRYPT">xmlSecEncCtxXmlEncrypt</a></p></li>
+<li><p><font>XMLSEC-ENC-RETURN-REPLACED-NODE</font></p></li>
+<li><p><a href="xmlsec-errors.html#XMLSECERROR">xmlSecError</a></p></li>
+<li><p><a href="xmlsec-errors.html#XMLSECERRORSCALLBACK">xmlSecErrorsCallback</a></p></li>
+<li><p><a href="xmlsec-errors.html#XMLSECERRORSDEFAULTCALLBACKENABLEOUTPUT">xmlSecErrorsDefaultCallbackEnableOutput</a></p></li>
+<li><p><a href="xmlsec-errors.html#XMLSECERRORSDEFAULTCALLBACK">xmlSecErrorsDefaultCallback</a></p></li>
+<li><p><a href="xmlsec-errors.html#XMLSECERRORSGETCODE">xmlSecErrorsGetCode</a></p></li>
+<li><p><a href="xmlsec-errors.html#XMLSECERRORSGETMSG">xmlSecErrorsGetMsg</a></p></li>
+<li><p><font>XMLSEC-ERRORS-HERE</font></p></li>
+<li><p><a href="xmlsec-errors.html#XMLSECERRORSINIT">xmlSecErrorsInit</a></p></li>
+<li><p><font>XMLSEC-ERRORS-MAX-NUMBER</font></p></li>
+<li><p><font>XMLSEC-ERRORS-NO-MESSAGE</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-ASSERTION</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-CERT-HAS-EXPIRED</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-CERT-ISSUER-FAILED</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-CERT-NOT-FOUND</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-CERT-NOT-YET-VALID</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-CERT-REVOKED</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-CERT-VERIFY-FAILED</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-CRYPTO-FAILED</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-DATA-NOT-MATCH</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-DISABLED</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-DSIG-INVALID-REFERENCE</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-DSIG-NO-REFERENCES</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-INVALID-DATA</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-INVALID-FORMAT</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-INVALID-KEY-DATA</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-INVALID-KEY-DATA-SIZE</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-INVALID-NODE-ATTRIBUTE</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-INVALID-NODE-CONTENT</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-INVALID-NODE</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-INVALID-OPERATION</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-INVALID-RESULT</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-INVALID-SIZE</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-INVALID-STATUS</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-INVALID-TRANSFORM-KEY</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-INVALID-TRANSFORM</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-INVALID-TYPE</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-INVALID-URI-TYPE</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-IO-FAILED</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-KEY-DATA-ALREADY-EXIST</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-KEYDATA-DISABLED</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-KEY-DATA-NOT-FOUND</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-KEY-NOT-FOUND</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-MALLOC-FAILED</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-MAX-ENCKEY-LEVEL</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-MAX-RETRIEVALS-LEVEL</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-MAX-RETRIEVAL-TYPE-MISMATCH</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-MISSING-NODE-ATTRIBUTE</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-NODE-ALREADY-PRESENT</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-NODE-NOT-FOUND</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-NOT-IMPLEMENTED</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-STRDUP-FAILED</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-TRANSFORM-DISABLED</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-TRANSFORM-SAME-DOCUMENT-REQUIRED</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-UNEXPECTED-NODE</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-XML-FAILED</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-XMLSEC-FAILED</font></p></li>
+<li><p><font>XMLSEC-ERRORS-R-XSLT-FAILED</font></p></li>
+<li><p><a href="xmlsec-errors.html#XMLSECERRORSSAFESTRING">xmlSecErrorsSafeString</a></p></li>
+<li><p><a href="xmlsec-errors.html#XMLSECERRORSSETCALLBACK">xmlSecErrorsSetCallback</a></p></li>
+<li><p><a href="xmlsec-errors.html#XMLSECERRORSSHUTDOWN">xmlSecErrorsShutdown</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECFINDCHILD">xmlSecFindChild</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECFINDNODE">xmlSecFindNode</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECFINDPARENT">xmlSecFindParent</a></p></li>
+<li><p><font>XMLSEC-FUNC-TO-PTR</font></p></li>
+<li><p><a href="xmlsec-gcrypt-app.html#XMLSECGCRYPTAPPDEFAULTKEYSMNGRADOPTKEY">xmlSecGCryptAppDefaultKeysMngrAdoptKey</a></p></li>
+<li><p><a href="xmlsec-gcrypt-app.html#XMLSECGCRYPTAPPDEFAULTKEYSMNGRINIT">xmlSecGCryptAppDefaultKeysMngrInit</a></p></li>
+<li><p><a href="xmlsec-gcrypt-app.html#XMLSECGCRYPTAPPDEFAULTKEYSMNGRLOAD">xmlSecGCryptAppDefaultKeysMngrLoad</a></p></li>
+<li><p><a href="xmlsec-gcrypt-app.html#XMLSECGCRYPTAPPDEFAULTKEYSMNGRSAVE">xmlSecGCryptAppDefaultKeysMngrSave</a></p></li>
+<li><p><a href="xmlsec-gcrypt-app.html#XMLSECGCRYPTAPPGETDEFAULTPWDCALLBACK">xmlSecGCryptAppGetDefaultPwdCallback</a></p></li>
+<li><p><a href="xmlsec-gcrypt-app.html#XMLSECGCRYPTAPPINIT">xmlSecGCryptAppInit</a></p></li>
+<li><p><a href="xmlsec-gcrypt-app.html#XMLSECGCRYPTAPPKEYCERTLOADMEMORY">xmlSecGCryptAppKeyCertLoadMemory</a></p></li>
+<li><p><a href="xmlsec-gcrypt-app.html#XMLSECGCRYPTAPPKEYCERTLOAD">xmlSecGCryptAppKeyCertLoad</a></p></li>
+<li><p><a href="xmlsec-gcrypt-app.html#XMLSECGCRYPTAPPKEYLOADMEMORY">xmlSecGCryptAppKeyLoadMemory</a></p></li>
+<li><p><a href="xmlsec-gcrypt-app.html#XMLSECGCRYPTAPPKEYLOAD">xmlSecGCryptAppKeyLoad</a></p></li>
+<li><p><a href="xmlsec-gcrypt-app.html#XMLSECGCRYPTAPPKEYSMNGRCERTLOADMEMORY">xmlSecGCryptAppKeysMngrCertLoadMemory</a></p></li>
+<li><p><a href="xmlsec-gcrypt-app.html#XMLSECGCRYPTAPPKEYSMNGRCERTLOAD">xmlSecGCryptAppKeysMngrCertLoad</a></p></li>
+<li><p><a href="xmlsec-gcrypt-app.html#XMLSECGCRYPTAPPPKCS12LOADMEMORY">xmlSecGCryptAppPkcs12LoadMemory</a></p></li>
+<li><p><a href="xmlsec-gcrypt-app.html#XMLSECGCRYPTAPPPKCS12LOAD">xmlSecGCryptAppPkcs12Load</a></p></li>
+<li><p><a href="xmlsec-gcrypt-app.html#XMLSECGCRYPTAPPSHUTDOWN">xmlSecGCryptAppShutdown</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTGENERATERANDOM">xmlSecGCryptGenerateRandom</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTHMACGETMINOUTPUTLENGTH">xmlSecGCryptHmacGetMinOutputLength</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTHMACSETMINOUTPUTLENGTH">xmlSecGCryptHmacSetMinOutputLength</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTINIT">xmlSecGCryptInit</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATAAESGETKLASS">xmlSecGCryptKeyDataAesGetKlass</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATAAESID">xmlSecGCryptKeyDataAesId</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATAAESSET">xmlSecGCryptKeyDataAesSet</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATADESGETKLASS">xmlSecGCryptKeyDataDesGetKlass</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATADESID">xmlSecGCryptKeyDataDesId</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATADESSET">xmlSecGCryptKeyDataDesSet</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATADSAADOPTKEY">xmlSecGCryptKeyDataDsaAdoptKey</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATADSAADOPTKEYPAIR">xmlSecGCryptKeyDataDsaAdoptKeyPair</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATADSAGETKLASS">xmlSecGCryptKeyDataDsaGetKlass</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATADSAGETPRIVATEKEY">xmlSecGCryptKeyDataDsaGetPrivateKey</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATADSAGETPUBLICKEY">xmlSecGCryptKeyDataDsaGetPublicKey</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATADSAID">xmlSecGCryptKeyDataDsaId</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATAHMACGETKLASS">xmlSecGCryptKeyDataHmacGetKlass</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATAHMACID">xmlSecGCryptKeyDataHmacId</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATAHMACSET">xmlSecGCryptKeyDataHmacSet</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATARSAADOPTKEY">xmlSecGCryptKeyDataRsaAdoptKey</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATARSAADOPTKEYPAIR">xmlSecGCryptKeyDataRsaAdoptKeyPair</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATARSAGETKLASS">xmlSecGCryptKeyDataRsaGetKlass</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATARSAGETPRIVATEKEY">xmlSecGCryptKeyDataRsaGetPrivateKey</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATARSAGETPUBLICKEY">xmlSecGCryptKeyDataRsaGetPublicKey</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYDATARSAID">xmlSecGCryptKeyDataRsaId</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTKEYSMNGRINIT">xmlSecGCryptKeysMngrInit</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTSHUTDOWN">xmlSecGCryptShutdown</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMAES128CBCGETKLASS">xmlSecGCryptTransformAes128CbcGetKlass</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMAES128CBCID">xmlSecGCryptTransformAes128CbcId</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMAES192CBCGETKLASS">xmlSecGCryptTransformAes192CbcGetKlass</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMAES192CBCID">xmlSecGCryptTransformAes192CbcId</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMAES256CBCGETKLASS">xmlSecGCryptTransformAes256CbcGetKlass</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMAES256CBCID">xmlSecGCryptTransformAes256CbcId</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMDES3CBCGETKLASS">xmlSecGCryptTransformDes3CbcGetKlass</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMDES3CBCID">xmlSecGCryptTransformDes3CbcId</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMDSASHA1GETKLASS">xmlSecGCryptTransformDsaSha1GetKlass</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMDSASHA1ID">xmlSecGCryptTransformDsaSha1Id</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMHMACMD5GETKLASS">xmlSecGCryptTransformHmacMd5GetKlass</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMHMACMD5ID">xmlSecGCryptTransformHmacMd5Id</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMHMACRIPEMD160GETKLASS">xmlSecGCryptTransformHmacRipemd160GetKlass</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMHMACRIPEMD160ID">xmlSecGCryptTransformHmacRipemd160Id</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMHMACSHA1GETKLASS">xmlSecGCryptTransformHmacSha1GetKlass</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMHMACSHA1ID">xmlSecGCryptTransformHmacSha1Id</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMHMACSHA256GETKLASS">xmlSecGCryptTransformHmacSha256GetKlass</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMHMACSHA256ID">xmlSecGCryptTransformHmacSha256Id</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMHMACSHA384GETKLASS">xmlSecGCryptTransformHmacSha384GetKlass</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMHMACSHA384ID">xmlSecGCryptTransformHmacSha384Id</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMHMACSHA512GETKLASS">xmlSecGCryptTransformHmacSha512GetKlass</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMHMACSHA512ID">xmlSecGCryptTransformHmacSha512Id</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMKWAES128GETKLASS">xmlSecGCryptTransformKWAes128GetKlass</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMKWAES128ID">xmlSecGCryptTransformKWAes128Id</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMKWAES192GETKLASS">xmlSecGCryptTransformKWAes192GetKlass</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMKWAES192ID">xmlSecGCryptTransformKWAes192Id</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMKWAES256GETKLASS">xmlSecGCryptTransformKWAes256GetKlass</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMKWAES256ID">xmlSecGCryptTransformKWAes256Id</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMKWDES3GETKLASS">xmlSecGCryptTransformKWDes3GetKlass</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMKWDES3ID">xmlSecGCryptTransformKWDes3Id</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMMD5GETKLASS">xmlSecGCryptTransformMd5GetKlass</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMMD5ID">xmlSecGCryptTransformMd5Id</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMRIPEMD160GETKLASS">xmlSecGCryptTransformRipemd160GetKlass</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMRIPEMD160ID">xmlSecGCryptTransformRipemd160Id</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMRSAMD5GETKLASS">xmlSecGCryptTransformRsaMd5GetKlass</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMRSAMD5ID">xmlSecGCryptTransformRsaMd5Id</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMRSARIPEMD160GETKLASS">xmlSecGCryptTransformRsaRipemd160GetKlass</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMRSARIPEMD160ID">xmlSecGCryptTransformRsaRipemd160Id</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMRSASHA1GETKLASS">xmlSecGCryptTransformRsaSha1GetKlass</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMRSASHA1ID">xmlSecGCryptTransformRsaSha1Id</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMRSASHA256GETKLASS">xmlSecGCryptTransformRsaSha256GetKlass</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMRSASHA256ID">xmlSecGCryptTransformRsaSha256Id</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMRSASHA384GETKLASS">xmlSecGCryptTransformRsaSha384GetKlass</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMRSASHA384ID">xmlSecGCryptTransformRsaSha384Id</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMRSASHA512GETKLASS">xmlSecGCryptTransformRsaSha512GetKlass</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMRSASHA512ID">xmlSecGCryptTransformRsaSha512Id</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMSHA1GETKLASS">xmlSecGCryptTransformSha1GetKlass</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMSHA1ID">xmlSecGCryptTransformSha1Id</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMSHA256GETKLASS">xmlSecGCryptTransformSha256GetKlass</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMSHA256ID">xmlSecGCryptTransformSha256Id</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMSHA384GETKLASS">xmlSecGCryptTransformSha384GetKlass</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMSHA384ID">xmlSecGCryptTransformSha384Id</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMSHA512GETKLASS">xmlSecGCryptTransformSha512GetKlass</a></p></li>
+<li><p><a href="xmlsec-gcrypt-crypto.html#XMLSECGCRYPTTRANSFORMSHA512ID">xmlSecGCryptTransformSha512Id</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECGENERATEANDADDID">xmlSecGenerateAndAddID</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECGENERATEID">xmlSecGenerateID</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECGETHEX">xmlSecGetHex</a></p></li>
+<li><p><a href="xmlsec-keysmngr.html#XMLSECGETKEYCALLBACK">xmlSecGetKeyCallback</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECGETNEXTELEMENTNODE">xmlSecGetNextElementNode</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECGETNODENSHREF">xmlSecGetNodeNsHref</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECGETQNAME">xmlSecGetQName</a></p></li>
+<li><p><a href="xmlsec-gnutls-app.html#XMLSECGNUTLSAPPDEFAULTKEYSMNGRADOPTKEY">xmlSecGnuTLSAppDefaultKeysMngrAdoptKey</a></p></li>
+<li><p><a href="xmlsec-gnutls-app.html#XMLSECGNUTLSAPPDEFAULTKEYSMNGRINIT">xmlSecGnuTLSAppDefaultKeysMngrInit</a></p></li>
+<li><p><a href="xmlsec-gnutls-app.html#XMLSECGNUTLSAPPDEFAULTKEYSMNGRLOAD">xmlSecGnuTLSAppDefaultKeysMngrLoad</a></p></li>
+<li><p><a href="xmlsec-gnutls-app.html#XMLSECGNUTLSAPPDEFAULTKEYSMNGRSAVE">xmlSecGnuTLSAppDefaultKeysMngrSave</a></p></li>
+<li><p><a href="xmlsec-gnutls-app.html#XMLSECGNUTLSAPPGETDEFAULTPWDCALLBACK">xmlSecGnuTLSAppGetDefaultPwdCallback</a></p></li>
+<li><p><a href="xmlsec-gnutls-app.html#XMLSECGNUTLSAPPINIT">xmlSecGnuTLSAppInit</a></p></li>
+<li><p><a href="xmlsec-gnutls-app.html#XMLSECGNUTLSAPPKEYCERTLOADMEMORY">xmlSecGnuTLSAppKeyCertLoadMemory</a></p></li>
+<li><p><a href="xmlsec-gnutls-app.html#XMLSECGNUTLSAPPKEYCERTLOAD">xmlSecGnuTLSAppKeyCertLoad</a></p></li>
+<li><p><a href="xmlsec-gnutls-app.html#XMLSECGNUTLSAPPKEYLOADMEMORY">xmlSecGnuTLSAppKeyLoadMemory</a></p></li>
+<li><p><a href="xmlsec-gnutls-app.html#XMLSECGNUTLSAPPKEYLOAD">xmlSecGnuTLSAppKeyLoad</a></p></li>
+<li><p><a href="xmlsec-gnutls-app.html#XMLSECGNUTLSAPPKEYSMNGRCERTLOADMEMORY">xmlSecGnuTLSAppKeysMngrCertLoadMemory</a></p></li>
+<li><p><a href="xmlsec-gnutls-app.html#XMLSECGNUTLSAPPKEYSMNGRCERTLOAD">xmlSecGnuTLSAppKeysMngrCertLoad</a></p></li>
+<li><p><a href="xmlsec-gnutls-app.html#XMLSECGNUTLSAPPPKCS12LOADMEMORY">xmlSecGnuTLSAppPkcs12LoadMemory</a></p></li>
+<li><p><a href="xmlsec-gnutls-app.html#XMLSECGNUTLSAPPPKCS12LOAD">xmlSecGnuTLSAppPkcs12Load</a></p></li>
+<li><p><a href="xmlsec-gnutls-app.html#XMLSECGNUTLSAPPSHUTDOWN">xmlSecGnuTLSAppShutdown</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSGENERATERANDOM">xmlSecGnuTLSGenerateRandom</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSHMACGETMINOUTPUTLENGTH">xmlSecGnuTLSHmacGetMinOutputLength</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSHMACSETMINOUTPUTLENGTH">xmlSecGnuTLSHmacSetMinOutputLength</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSINIT">xmlSecGnuTLSInit</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYDATAAESGETKLASS">xmlSecGnuTLSKeyDataAesGetKlass</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYDATAAESID">xmlSecGnuTLSKeyDataAesId</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYDATAAESSET">xmlSecGnuTLSKeyDataAesSet</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYDATADESGETKLASS">xmlSecGnuTLSKeyDataDesGetKlass</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYDATADESID">xmlSecGnuTLSKeyDataDesId</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYDATADESSET">xmlSecGnuTLSKeyDataDesSet</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYDATADSAADOPTPRIVATEKEY">xmlSecGnuTLSKeyDataDsaAdoptPrivateKey</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYDATADSAADOPTPUBLICKEY">xmlSecGnuTLSKeyDataDsaAdoptPublicKey</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYDATADSAGETKLASS">xmlSecGnuTLSKeyDataDsaGetKlass</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYDATADSAID">xmlSecGnuTLSKeyDataDsaId</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYDATAHMACGETKLASS">xmlSecGnuTLSKeyDataHmacGetKlass</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYDATAHMACID">xmlSecGnuTLSKeyDataHmacId</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYDATAHMACSET">xmlSecGnuTLSKeyDataHmacSet</a></p></li>
+<li><p><font>xmlSecGnuTLSKeyDataRawX509CertGetKlass</font></p></li>
+<li><p><font>xmlSecGnuTLSKeyDataRawX509CertId</font></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYDATARSAADOPTPRIVATEKEY">xmlSecGnuTLSKeyDataRsaAdoptPrivateKey</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYDATARSAADOPTPUBLICKEY">xmlSecGnuTLSKeyDataRsaAdoptPublicKey</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYDATARSAGETKLASS">xmlSecGnuTLSKeyDataRsaGetKlass</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYDATARSAID">xmlSecGnuTLSKeyDataRsaId</a></p></li>
+<li><p><font>xmlSecGnuTLSKeyDataX509AdoptCert</font></p></li>
+<li><p><font>xmlSecGnuTLSKeyDataX509AdoptCrl</font></p></li>
+<li><p><font>xmlSecGnuTLSKeyDataX509AdoptKeyCert</font></p></li>
+<li><p><font>xmlSecGnuTLSKeyDataX509GetCert</font></p></li>
+<li><p><font>xmlSecGnuTLSKeyDataX509GetCertsSize</font></p></li>
+<li><p><font>xmlSecGnuTLSKeyDataX509GetCrl</font></p></li>
+<li><p><font>xmlSecGnuTLSKeyDataX509GetCrlsSize</font></p></li>
+<li><p><font>xmlSecGnuTLSKeyDataX509GetKeyCert</font></p></li>
+<li><p><font>xmlSecGnuTLSKeyDataX509GetKlass</font></p></li>
+<li><p><font>xmlSecGnuTLSKeyDataX509Id</font></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSKEYSMNGRINIT">xmlSecGnuTLSKeysMngrInit</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSSHUTDOWN">xmlSecGnuTLSShutdown</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMAES128CBCGETKLASS">xmlSecGnuTLSTransformAes128CbcGetKlass</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMAES128CBCID">xmlSecGnuTLSTransformAes128CbcId</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMAES192CBCGETKLASS">xmlSecGnuTLSTransformAes192CbcGetKlass</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMAES192CBCID">xmlSecGnuTLSTransformAes192CbcId</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMAES256CBCGETKLASS">xmlSecGnuTLSTransformAes256CbcGetKlass</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMAES256CBCID">xmlSecGnuTLSTransformAes256CbcId</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMDES3CBCGETKLASS">xmlSecGnuTLSTransformDes3CbcGetKlass</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMDES3CBCID">xmlSecGnuTLSTransformDes3CbcId</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMDSASHA1GETKLASS">xmlSecGnuTLSTransformDsaSha1GetKlass</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMDSASHA1ID">xmlSecGnuTLSTransformDsaSha1Id</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMHMACMD5GETKLASS">xmlSecGnuTLSTransformHmacMd5GetKlass</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMHMACMD5ID">xmlSecGnuTLSTransformHmacMd5Id</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMHMACRIPEMD160GETKLASS">xmlSecGnuTLSTransformHmacRipemd160GetKlass</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMHMACRIPEMD160ID">xmlSecGnuTLSTransformHmacRipemd160Id</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMHMACSHA1GETKLASS">xmlSecGnuTLSTransformHmacSha1GetKlass</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMHMACSHA1ID">xmlSecGnuTLSTransformHmacSha1Id</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMHMACSHA256GETKLASS">xmlSecGnuTLSTransformHmacSha256GetKlass</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMHMACSHA256ID">xmlSecGnuTLSTransformHmacSha256Id</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMHMACSHA384GETKLASS">xmlSecGnuTLSTransformHmacSha384GetKlass</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMHMACSHA384ID">xmlSecGnuTLSTransformHmacSha384Id</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMHMACSHA512GETKLASS">xmlSecGnuTLSTransformHmacSha512GetKlass</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMHMACSHA512ID">xmlSecGnuTLSTransformHmacSha512Id</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMKWAES128GETKLASS">xmlSecGnuTLSTransformKWAes128GetKlass</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMKWAES128ID">xmlSecGnuTLSTransformKWAes128Id</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMKWAES192GETKLASS">xmlSecGnuTLSTransformKWAes192GetKlass</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMKWAES192ID">xmlSecGnuTLSTransformKWAes192Id</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMKWAES256GETKLASS">xmlSecGnuTLSTransformKWAes256GetKlass</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMKWAES256ID">xmlSecGnuTLSTransformKWAes256Id</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMKWDES3GETKLASS">xmlSecGnuTLSTransformKWDes3GetKlass</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMKWDES3ID">xmlSecGnuTLSTransformKWDes3Id</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMMD5GETKLASS">xmlSecGnuTLSTransformMd5GetKlass</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMMD5ID">xmlSecGnuTLSTransformMd5Id</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMRIPEMD160GETKLASS">xmlSecGnuTLSTransformRipemd160GetKlass</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMRIPEMD160ID">xmlSecGnuTLSTransformRipemd160Id</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMRSAMD5GETKLASS">xmlSecGnuTLSTransformRsaMd5GetKlass</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMRSAMD5ID">xmlSecGnuTLSTransformRsaMd5Id</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMRSARIPEMD160GETKLASS">xmlSecGnuTLSTransformRsaRipemd160GetKlass</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMRSARIPEMD160ID">xmlSecGnuTLSTransformRsaRipemd160Id</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMRSASHA1GETKLASS">xmlSecGnuTLSTransformRsaSha1GetKlass</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMRSASHA1ID">xmlSecGnuTLSTransformRsaSha1Id</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMRSASHA256GETKLASS">xmlSecGnuTLSTransformRsaSha256GetKlass</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMRSASHA256ID">xmlSecGnuTLSTransformRsaSha256Id</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMRSASHA384GETKLASS">xmlSecGnuTLSTransformRsaSha384GetKlass</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMRSASHA384ID">xmlSecGnuTLSTransformRsaSha384Id</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMRSASHA512GETKLASS">xmlSecGnuTLSTransformRsaSha512GetKlass</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMRSASHA512ID">xmlSecGnuTLSTransformRsaSha512Id</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMSHA1GETKLASS">xmlSecGnuTLSTransformSha1GetKlass</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMSHA1ID">xmlSecGnuTLSTransformSha1Id</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMSHA256GETKLASS">xmlSecGnuTLSTransformSha256GetKlass</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMSHA256ID">xmlSecGnuTLSTransformSha256Id</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMSHA384GETKLASS">xmlSecGnuTLSTransformSha384GetKlass</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMSHA384ID">xmlSecGnuTLSTransformSha384Id</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMSHA512GETKLASS">xmlSecGnuTLSTransformSha512GetKlass</a></p></li>
+<li><p><a href="xmlsec-gnutls-crypto.html#XMLSECGNUTLSTRANSFORMSHA512ID">xmlSecGnuTLSTransformSha512Id</a></p></li>
+<li><p><font>xmlSecGnuTLSX509CertGetKey</font></p></li>
+<li><p><font>xmlSecGnuTLSX509StoreAdoptCert</font></p></li>
+<li><p><font>xmlSecGnuTLSX509StoreFindCert</font></p></li>
+<li><p><font>xmlSecGnuTLSX509StoreGetKlass</font></p></li>
+<li><p><font>xmlSecGnuTLSX509StoreId</font></p></li>
+<li><p><font>xmlSecGnuTLSX509StoreVerify</font></p></li>
+<li><p><a href="xmlsec-xmlsec.html#XMLSECINIT">xmlSecInit</a></p></li>
+<li><p><a href="xmlsec-io.html#XMLSECIOCLEANUPCALLBACKS">xmlSecIOCleanupCallbacks</a></p></li>
+<li><p><a href="xmlsec-io.html#XMLSECIOINIT">xmlSecIOInit</a></p></li>
+<li><p><a href="xmlsec-io.html#XMLSECIOREGISTERCALLBACKS">xmlSecIORegisterCallbacks</a></p></li>
+<li><p><a href="xmlsec-io.html#XMLSECIOREGISTERDEFAULTCALLBACKS">xmlSecIORegisterDefaultCallbacks</a></p></li>
+<li><p><a href="xmlsec-io.html#XMLSECIOSHUTDOWN">xmlSecIOShutdown</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECISEMPTYNODE">xmlSecIsEmptyNode</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECISEMPTYSTRING">xmlSecIsEmptyString</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECISHEX">xmlSecIsHex</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYADOPTDATA">xmlSecKeyAdoptData</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYCHECKID">xmlSecKeyCheckId</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYCOPY">xmlSecKeyCopy</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYCREATE">xmlSecKeyCreate</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECKEYDATAAESGETKLASS">xmlSecKeyDataAesGetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECKEYDATAAESID">xmlSecKeyDataAesId</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATABINARYSIZE">xmlSecKeyDataBinarySize</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATABINARYVALUEBINREAD">xmlSecKeyDataBinaryValueBinRead</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATABINARYVALUEBINWRITE">xmlSecKeyDataBinaryValueBinWrite</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATABINARYVALUEDEBUGDUMP">xmlSecKeyDataBinaryValueDebugDump</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATABINARYVALUEDEBUGXMLDUMP">xmlSecKeyDataBinaryValueDebugXmlDump</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATABINARYVALUEDUPLICATE">xmlSecKeyDataBinaryValueDuplicate</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATABINARYVALUEFINALIZE">xmlSecKeyDataBinaryValueFinalize</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATABINARYVALUEGETBUFFER">xmlSecKeyDataBinaryValueGetBuffer</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATABINARYVALUEGETSIZE">xmlSecKeyDataBinaryValueGetSize</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATABINARYVALUEINITIALIZE">xmlSecKeyDataBinaryValueInitialize</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATABINARYVALUESETBUFFER">xmlSecKeyDataBinaryValueSetBuffer</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATABINARYVALUEXMLREAD">xmlSecKeyDataBinaryValueXmlRead</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATABINARYVALUEXMLWRITE">xmlSecKeyDataBinaryValueXmlWrite</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATABINREADMETHOD">xmlSecKeyDataBinReadMethod</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATABINREAD">xmlSecKeyDataBinRead</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATABINWRITEMETHOD">xmlSecKeyDataBinWriteMethod</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATABINWRITE">xmlSecKeyDataBinWrite</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATACHECKID">xmlSecKeyDataCheckId</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATACHECKSIZE">xmlSecKeyDataCheckSize</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATACHECKUSAGE">xmlSecKeyDataCheckUsage</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATACREATE">xmlSecKeyDataCreate</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATADEBUGDUMPMETHOD">xmlSecKeyDataDebugDumpMethod</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATADEBUGDUMP">xmlSecKeyDataDebugDump</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATADEBUGXMLDUMP">xmlSecKeyDataDebugXmlDump</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECKEYDATADESGETKLASS">xmlSecKeyDataDesGetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECKEYDATADESID">xmlSecKeyDataDesId</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATADESTROY">xmlSecKeyDataDestroy</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECKEYDATADSAGETKLASS">xmlSecKeyDataDsaGetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECKEYDATADSAID">xmlSecKeyDataDsaId</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATADUPLICATEMETHOD">xmlSecKeyDataDuplicateMethod</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATADUPLICATE">xmlSecKeyDataDuplicate</a></p></li>
+<li><p><a href="xmlsec-keyinfo.html#XMLSECKEYDATAENCRYPTEDKEYGETKLASS">xmlSecKeyDataEncryptedKeyGetKlass</a></p></li>
+<li><p><a href="xmlsec-keyinfo.html#XMLSECKEYDATAENCRYPTEDKEYID">xmlSecKeyDataEncryptedKeyId</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAFINALIZEMETHOD">xmlSecKeyDataFinalizeMethod</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT">xmlSecKeyDataFormat</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAGENERATEMETHOD">xmlSecKeyDataGenerateMethod</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAGENERATE">xmlSecKeyDataGenerate</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAGETIDENTIFIERMETHOD">xmlSecKeyDataGetIdentifierMethod</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAGETIDENTIFIER">xmlSecKeyDataGetIdentifier</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAGETNAME">xmlSecKeyDataGetName</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAGETSIZEMETHOD">xmlSecKeyDataGetSizeMethod</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAGETSIZE">xmlSecKeyDataGetSize</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAGETTYPEMETHOD">xmlSecKeyDataGetTypeMethod</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAGETTYPE">xmlSecKeyDataGetType</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECKEYDATAGOST2001GETKLASS">xmlSecKeyDataGost2001GetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECKEYDATAGOST2001ID">xmlSecKeyDataGost2001Id</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECKEYDATAHMACGETKLASS">xmlSecKeyDataHmacGetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECKEYDATAHMACID">xmlSecKeyDataHmacId</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAIDLISTDEBUGDUMP">xmlSecKeyDataIdListDebugDump</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAIDLISTDEBUGXMLDUMP">xmlSecKeyDataIdListDebugXmlDump</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAIDLISTFINDBYHREF">xmlSecKeyDataIdListFindByHref</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAIDLISTFINDBYNAME">xmlSecKeyDataIdListFindByName</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAIDLISTFINDBYNODE">xmlSecKeyDataIdListFindByNode</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAIDLISTFIND">xmlSecKeyDataIdListFind</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAIDLISTGETKLASS">xmlSecKeyDataIdListGetKlass</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAIDLISTID">xmlSecKeyDataIdListId</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAIDSGET">xmlSecKeyDataIdsGet</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAIDSINIT">xmlSecKeyDataIdsInit</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAIDSREGISTERDEFAULT">xmlSecKeyDataIdsRegisterDefault</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAIDSREGISTER">xmlSecKeyDataIdsRegister</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAIDSSHUTDOWN">xmlSecKeyDataIdsShutdown</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAIDUNKNOWN">xmlSecKeyDataIdUnknown</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAINITMETHOD">xmlSecKeyDataInitMethod</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAISVALID">xmlSecKeyDataIsValid</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAKLASSGETNAME">xmlSecKeyDataKlassGetName</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAKLASS">xmlSecKeyDataKlass</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATALISTGETKLASS">xmlSecKeyDataListGetKlass</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATALISTID">xmlSecKeyDataListId</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATA">xmlSecKeyData</a></p></li>
+<li><p><a href="xmlsec-keyinfo.html#XMLSECKEYDATANAMEGETKLASS">xmlSecKeyDataNameGetKlass</a></p></li>
+<li><p><a href="xmlsec-keyinfo.html#XMLSECKEYDATANAMEID">xmlSecKeyDataNameId</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECKEYDATARAWX509CERTGETKLASS">xmlSecKeyDataRawX509CertGetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECKEYDATARAWX509CERTID">xmlSecKeyDataRawX509CertId</a></p></li>
+<li><p><a href="xmlsec-keyinfo.html#XMLSECKEYDATARETRIEVALMETHODGETKLASS">xmlSecKeyDataRetrievalMethodGetKlass</a></p></li>
+<li><p><a href="xmlsec-keyinfo.html#XMLSECKEYDATARETRIEVALMETHODID">xmlSecKeyDataRetrievalMethodId</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECKEYDATARSAGETKLASS">xmlSecKeyDataRsaGetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECKEYDATARSAID">xmlSecKeyDataRsaId</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORECHECKID">xmlSecKeyDataStoreCheckId</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORECHECKSIZE">xmlSecKeyDataStoreCheckSize</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORECREATE">xmlSecKeyDataStoreCreate</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATASTOREDESTROY">xmlSecKeyDataStoreDestroy</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATASTOREFINALIZEMETHOD">xmlSecKeyDataStoreFinalizeMethod</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATASTOREGETNAME">xmlSecKeyDataStoreGetName</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATASTOREIDUNKNOWN">xmlSecKeyDataStoreIdUnknown</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATASTOREINITIALIZEMETHOD">xmlSecKeyDataStoreInitializeMethod</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATASTOREISVALID">xmlSecKeyDataStoreIsValid</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATASTOREKLASSGETNAME">xmlSecKeyDataStoreKlassGetName</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATASTOREKLASS">xmlSecKeyDataStoreKlass</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE">xmlSecKeyDataStore</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATASTOREPTRLISTGETKLASS">xmlSecKeyDataStorePtrListGetKlass</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATASTOREPTRLISTID">xmlSecKeyDataStorePtrListId</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPEANY">xmlSecKeyDataTypeAny</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE">xmlSecKeyDataType</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPENONE">xmlSecKeyDataTypeNone</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPEPERMANENT">xmlSecKeyDataTypePermanent</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPEPRIVATE">xmlSecKeyDataTypePrivate</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPEPUBLIC">xmlSecKeyDataTypePublic</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPESESSION">xmlSecKeyDataTypeSession</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPESYMMETRIC">xmlSecKeyDataTypeSymmetric</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPETRUSTED">xmlSecKeyDataTypeTrusted</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPEUNKNOWN">xmlSecKeyDataTypeUnknown</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAUSAGEANY">xmlSecKeyDataUsageAny</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAUSAGEKEYINFONODE">xmlSecKeyDataUsageKeyInfoNode</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAUSAGEKEYINFONODEREAD">xmlSecKeyDataUsageKeyInfoNodeRead</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAUSAGEKEYINFONODEWRITE">xmlSecKeyDataUsageKeyInfoNodeWrite</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAUSAGEKEYVALUENODE">xmlSecKeyDataUsageKeyValueNode</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAUSAGEKEYVALUENODEREAD">xmlSecKeyDataUsageKeyValueNodeRead</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAUSAGEKEYVALUENODEWRITE">xmlSecKeyDataUsageKeyValueNodeWrite</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAUSAGE">xmlSecKeyDataUsage</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAUSAGERETRIEVALMETHODNODEBIN">xmlSecKeyDataUsageRetrievalMethodNodeBin</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAUSAGERETRIEVALMETHODNODE">xmlSecKeyDataUsageRetrievalMethodNode</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAUSAGERETRIEVALMETHODNODEXML">xmlSecKeyDataUsageRetrievalMethodNodeXml</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAUSAGEUNKNOWN">xmlSecKeyDataUsageUnknown</a></p></li>
+<li><p><a href="xmlsec-keyinfo.html#XMLSECKEYDATAVALUEGETKLASS">xmlSecKeyDataValueGetKlass</a></p></li>
+<li><p><a href="xmlsec-keyinfo.html#XMLSECKEYDATAVALUEID">xmlSecKeyDataValueId</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECKEYDATAX509GETKLASS">xmlSecKeyDataX509GetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECKEYDATAX509ID">xmlSecKeyDataX509Id</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAXMLREADMETHOD">xmlSecKeyDataXmlReadMethod</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAXMLREAD">xmlSecKeyDataXmlRead</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAXMLWRITEMETHOD">xmlSecKeyDataXmlWriteMethod</a></p></li>
+<li><p><a href="xmlsec-keysdata.html#XMLSECKEYDATAXMLWRITE">xmlSecKeyDataXmlWrite</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYDEBUGDUMP">xmlSecKeyDebugDump</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYDEBUGXMLDUMP">xmlSecKeyDebugXmlDump</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYDESTROY">xmlSecKeyDestroy</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYDUPLICATE">xmlSecKeyDuplicate</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYEMPTY">xmlSecKeyEmpty</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYENSUREDATA">xmlSecKeyEnsureData</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYGENERATEBYNAME">xmlSecKeyGenerateByName</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYGENERATE">xmlSecKeyGenerate</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYGETDATA">xmlSecKeyGetData</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYGETNAME">xmlSecKeyGetName</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYGETTYPE">xmlSecKeyGetType</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYGETVALUE">xmlSecKeyGetValue</a></p></li>
+<li><p><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTXCOPYUSERPREF">xmlSecKeyInfoCtxCopyUserPref</a></p></li>
+<li><p><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTXCREATEENCCTX">xmlSecKeyInfoCtxCreateEncCtx</a></p></li>
+<li><p><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTXCREATE">xmlSecKeyInfoCtxCreate</a></p></li>
+<li><p><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTXDEBUGDUMP">xmlSecKeyInfoCtxDebugDump</a></p></li>
+<li><p><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTXDEBUGXMLDUMP">xmlSecKeyInfoCtxDebugXmlDump</a></p></li>
+<li><p><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTXDESTROY">xmlSecKeyInfoCtxDestroy</a></p></li>
+<li><p><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTXFINALIZE">xmlSecKeyInfoCtxFinalize</a></p></li>
+<li><p><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTXINITIALIZE">xmlSecKeyInfoCtxInitialize</a></p></li>
+<li><p><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX">xmlSecKeyInfoCtx</a></p></li>
+<li><p><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTXRESET">xmlSecKeyInfoCtxReset</a></p></li>
+<li><p><font>XMLSEC-KEYINFO-FLAGS-DONT-STOP-ON-KEY-FOUND</font></p></li>
+<li><p><font>XMLSEC-KEYINFO-FLAGS-ENCKEY-DONT-STOP-ON-FAILED-DECRYPTION</font></p></li>
+<li><p><font>XMLSEC-KEYINFO-FLAGS-KEYNAME-STOP-ON-UNKNOWN</font></p></li>
+<li><p><font>XMLSEC-KEYINFO-FLAGS-KEYVALUE-STOP-ON-UNKNOWN-CHILD</font></p></li>
+<li><p><font>XMLSEC-KEYINFO-FLAGS-RETRMETHOD-STOP-ON-MISMATCH-HREF</font></p></li>
+<li><p><font>XMLSEC-KEYINFO-FLAGS-RETRMETHOD-STOP-ON-UNKNOWN-HREF</font></p></li>
+<li><p><font>XMLSEC-KEYINFO-FLAGS-STOP-ON-EMPTY-NODE</font></p></li>
+<li><p><font>XMLSEC-KEYINFO-FLAGS-STOP-ON-UNKNOWN-CHILD</font></p></li>
+<li><p><font>XMLSEC-KEYINFO-FLAGS-X509DATA-DONT-VERIFY-CERTS</font></p></li>
+<li><p><font>XMLSEC-KEYINFO-FLAGS-X509DATA-SKIP-STRICT-CHECKS</font></p></li>
+<li><p><font>XMLSEC-KEYINFO-FLAGS-X509DATA-STOP-ON-INVALID-CERT</font></p></li>
+<li><p><font>XMLSEC-KEYINFO-FLAGS-X509DATA-STOP-ON-UNKNOWN-CERT</font></p></li>
+<li><p><font>XMLSEC-KEYINFO-FLAGS-X509DATA-STOP-ON-UNKNOWN-CHILD</font></p></li>
+<li><p><a href="xmlsec-keyinfo.html#XMLSECKEYINFOMODE">xmlSecKeyInfoMode</a></p></li>
+<li><p><a href="xmlsec-keyinfo.html#XMLSECKEYINFONODEREAD">xmlSecKeyInfoNodeRead</a></p></li>
+<li><p><a href="xmlsec-keyinfo.html#XMLSECKEYINFONODEWRITE">xmlSecKeyInfoNodeWrite</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYISVALID">xmlSecKeyIsValid</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYMATCH">xmlSecKeyMatch</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEY">xmlSecKey</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYPTRLISTGETKLASS">xmlSecKeyPtrListGetKlass</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYPTRLISTID">xmlSecKeyPtrListId</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYREADBINARYFILE">xmlSecKeyReadBinaryFile</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYREADBUFFER">xmlSecKeyReadBuffer</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYREADMEMORY">xmlSecKeyReadMemory</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYREQCOPY">xmlSecKeyReqCopy</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYREQDEBUGDUMP">xmlSecKeyReqDebugDump</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYREQDEBUGXMLDUMP">xmlSecKeyReqDebugXmlDump</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYREQFINALIZE">xmlSecKeyReqFinalize</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYREQINITIALIZE">xmlSecKeyReqInitialize</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYREQMATCHKEY">xmlSecKeyReqMatchKey</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYREQMATCHKEYVALUE">xmlSecKeyReqMatchKeyValue</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYREQ">xmlSecKeyReq</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYREQRESET">xmlSecKeyReqReset</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYSETNAME">xmlSecKeySetName</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYSETVALUE">xmlSecKeySetValue</a></p></li>
+<li><p><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGRADOPTDATASTORE">xmlSecKeysMngrAdoptDataStore</a></p></li>
+<li><p><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGRADOPTKEYSSTORE">xmlSecKeysMngrAdoptKeysStore</a></p></li>
+<li><p><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGRCREATE">xmlSecKeysMngrCreate</a></p></li>
+<li><p><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGRDESTROY">xmlSecKeysMngrDestroy</a></p></li>
+<li><p><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGRFINDKEY">xmlSecKeysMngrFindKey</a></p></li>
+<li><p><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGRGETDATASTORE">xmlSecKeysMngrGetDataStore</a></p></li>
+<li><p><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGRGETKEY">xmlSecKeysMngrGetKey</a></p></li>
+<li><p><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGRGETKEYSSTORE">xmlSecKeysMngrGetKeysStore</a></p></li>
+<li><p><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR">xmlSecKeysMngr</a></p></li>
+<li><p><a href="xmlsec-keysmngr.html#XMLSECKEYSTORECHECKID">xmlSecKeyStoreCheckId</a></p></li>
+<li><p><a href="xmlsec-keysmngr.html#XMLSECKEYSTORECHECKSIZE">xmlSecKeyStoreCheckSize</a></p></li>
+<li><p><a href="xmlsec-keysmngr.html#XMLSECKEYSTORECREATE">xmlSecKeyStoreCreate</a></p></li>
+<li><p><a href="xmlsec-keysmngr.html#XMLSECKEYSTOREDESTROY">xmlSecKeyStoreDestroy</a></p></li>
+<li><p><a href="xmlsec-keysmngr.html#XMLSECKEYSTOREFINALIZEMETHOD">xmlSecKeyStoreFinalizeMethod</a></p></li>
+<li><p><a href="xmlsec-keysmngr.html#XMLSECKEYSTOREFINDKEYMETHOD">xmlSecKeyStoreFindKeyMethod</a></p></li>
+<li><p><a href="xmlsec-keysmngr.html#XMLSECKEYSTOREFINDKEY">xmlSecKeyStoreFindKey</a></p></li>
+<li><p><a href="xmlsec-keysmngr.html#XMLSECKEYSTOREGETNAME">xmlSecKeyStoreGetName</a></p></li>
+<li><p><a href="xmlsec-keysmngr.html#XMLSECKEYSTOREIDUNKNOWN">xmlSecKeyStoreIdUnknown</a></p></li>
+<li><p><a href="xmlsec-keysmngr.html#XMLSECKEYSTOREINITIALIZEMETHOD">xmlSecKeyStoreInitializeMethod</a></p></li>
+<li><p><a href="xmlsec-keysmngr.html#XMLSECKEYSTOREISVALID">xmlSecKeyStoreIsValid</a></p></li>
+<li><p><a href="xmlsec-keysmngr.html#XMLSECKEYSTOREKLASSGETNAME">xmlSecKeyStoreKlassGetName</a></p></li>
+<li><p><a href="xmlsec-keysmngr.html#XMLSECKEYSTOREKLASS">xmlSecKeyStoreKlass</a></p></li>
+<li><p><a href="xmlsec-keysmngr.html#XMLSECKEYSTORE">xmlSecKeyStore</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYUSAGEANY">xmlSecKeyUsageAny</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYUSAGEDECRYPT">xmlSecKeyUsageDecrypt</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYUSAGEENCRYPT">xmlSecKeyUsageEncrypt</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYUSAGEKEYEXCHANGE">xmlSecKeyUsageKeyExchange</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYUSAGE">xmlSecKeyUsage</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYUSAGESIGN">xmlSecKeyUsageSign</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYUSAGEVERIFY">xmlSecKeyUsageVerify</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYUSEWITHCOPY">xmlSecKeyUseWithCopy</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYUSEWITHCREATE">xmlSecKeyUseWithCreate</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYUSEWITHDEBUGDUMP">xmlSecKeyUseWithDebugDump</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYUSEWITHDEBUGXMLDUMP">xmlSecKeyUseWithDebugXmlDump</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYUSEWITHDESTROY">xmlSecKeyUseWithDestroy</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYUSEWITHDUPLICATE">xmlSecKeyUseWithDuplicate</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYUSEWITHFINALIZE">xmlSecKeyUseWithFinalize</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYUSEWITHINITIALIZE">xmlSecKeyUseWithInitialize</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYUSEWITH">xmlSecKeyUseWith</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYUSEWITHPTRLISTGETKLASS">xmlSecKeyUseWithPtrListGetKlass</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYUSEWITHPTRLISTID">xmlSecKeyUseWithPtrListId</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYUSEWITHRESET">xmlSecKeyUseWithReset</a></p></li>
+<li><p><a href="xmlsec-keys.html#XMLSECKEYUSEWITHSET">xmlSecKeyUseWithSet</a></p></li>
+<li><p><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPDEFAULTKEYSMNGRADOPTKEY">xmlSecMSCryptoAppDefaultKeysMngrAdoptKey</a></p></li>
+<li><p><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPDEFAULTKEYSMNGRADOPTKEYSTORE">xmlSecMSCryptoAppDefaultKeysMngrAdoptKeyStore</a></p></li>
+<li><p><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPDEFAULTKEYSMNGRADOPTTRUSTEDSTORE">xmlSecMSCryptoAppDefaultKeysMngrAdoptTrustedStore</a></p></li>
+<li><p><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPDEFAULTKEYSMNGRADOPTUNTRUSTEDSTORE">xmlSecMSCryptoAppDefaultKeysMngrAdoptUntrustedStore</a></p></li>
+<li><p><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPDEFAULTKEYSMNGRINIT">xmlSecMSCryptoAppDefaultKeysMngrInit</a></p></li>
+<li><p><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPDEFAULTKEYSMNGRLOAD">xmlSecMSCryptoAppDefaultKeysMngrLoad</a></p></li>
+<li><p><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPDEFAULTKEYSMNGRPRIVATEKEYLOAD">xmlSecMSCryptoAppDefaultKeysMngrPrivateKeyLoad</a></p></li>
+<li><p><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPDEFAULTKEYSMNGRPUBLICKEYLOAD">xmlSecMSCryptoAppDefaultKeysMngrPublicKeyLoad</a></p></li>
+<li><p><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPDEFAULTKEYSMNGRSAVE">xmlSecMSCryptoAppDefaultKeysMngrSave</a></p></li>
+<li><p><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPDEFAULTKEYSMNGRSYMKEYLOAD">xmlSecMSCryptoAppDefaultKeysMngrSymKeyLoad</a></p></li>
+<li><p><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPGETCERTSTORENAME">xmlSecMSCryptoAppGetCertStoreName</a></p></li>
+<li><p><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPGETDEFAULTPWDCALLBACK">xmlSecMSCryptoAppGetDefaultPwdCallback</a></p></li>
+<li><p><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPINIT">xmlSecMSCryptoAppInit</a></p></li>
+<li><p><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPKEYCERTLOADMEMORY">xmlSecMSCryptoAppKeyCertLoadMemory</a></p></li>
+<li><p><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPKEYCERTLOAD">xmlSecMSCryptoAppKeyCertLoad</a></p></li>
+<li><p><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPKEYLOADMEMORY">xmlSecMSCryptoAppKeyLoadMemory</a></p></li>
+<li><p><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPKEYLOAD">xmlSecMSCryptoAppKeyLoad</a></p></li>
+<li><p><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPKEYSMNGRCERTLOADMEMORY">xmlSecMSCryptoAppKeysMngrCertLoadMemory</a></p></li>
+<li><p><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPKEYSMNGRCERTLOAD">xmlSecMSCryptoAppKeysMngrCertLoad</a></p></li>
+<li><p><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPPKCS12LOADMEMORY">xmlSecMSCryptoAppPkcs12LoadMemory</a></p></li>
+<li><p><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPPKCS12LOAD">xmlSecMSCryptoAppPkcs12Load</a></p></li>
+<li><p><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPSHUTDOWN">xmlSecMSCryptoAppShutdown</a></p></li>
+<li><p><a href="xmlsec-mscrypto-certkeys.html#XMLSECMSCRYPTOCERTADOPT">xmlSecMSCryptoCertAdopt</a></p></li>
+<li><p><a href="xmlsec-mscrypto-certkeys.html#XMLSECMSCRYPTOCERTDUP">xmlSecMSCryptoCertDup</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOCONVERTLOCALETOUNICODE">xmlSecMSCryptoConvertLocaleToUnicode</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOCONVERTLOCALETOUTF8">xmlSecMSCryptoConvertLocaleToUtf8</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOCONVERTTSTRTOUTF8">xmlSecMSCryptoConvertTstrToUtf8</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOCONVERTUNICODETOUTF8">xmlSecMSCryptoConvertUnicodeToUtf8</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOCONVERTUTF8TOLOCALE">xmlSecMSCryptoConvertUtf8ToLocale</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOCONVERTUTF8TOTSTR">xmlSecMSCryptoConvertUtf8ToTstr</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOCONVERTUTF8TOUNICODE">xmlSecMSCryptoConvertUtf8ToUnicode</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOERRORSDEFAULTCALLBACK">xmlSecMSCryptoErrorsDefaultCallback</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOGENERATERANDOM">xmlSecMSCryptoGenerateRandom</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOHMACGETMINOUTPUTLENGTH">xmlSecMSCryptoHmacGetMinOutputLength</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOHMACSETMINOUTPUTLENGTH">xmlSecMSCryptoHmacSetMinOutputLength</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOINIT">xmlSecMSCryptoInit</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOKEYDATAAESGETKLASS">xmlSecMSCryptoKeyDataAesGetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOKEYDATAAESID">xmlSecMSCryptoKeyDataAesId</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOKEYDATAAESSET">xmlSecMSCryptoKeyDataAesSet</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOKEYDATADESGETKLASS">xmlSecMSCryptoKeyDataDesGetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOKEYDATADESID">xmlSecMSCryptoKeyDataDesId</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOKEYDATADSAGETKLASS">xmlSecMSCryptoKeyDataDsaGetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOKEYDATADSAID">xmlSecMSCryptoKeyDataDsaId</a></p></li>
+<li><p><a href="xmlsec-mscrypto-certkeys.html#XMLSECMSCRYPTOKEYDATAGETCERT">xmlSecMSCryptoKeyDataGetCert</a></p></li>
+<li><p><a href="xmlsec-mscrypto-certkeys.html#XMLSECMSCRYPTOKEYDATAGETDECRYPTKEY">xmlSecMSCryptoKeyDataGetDecryptKey</a></p></li>
+<li><p><a href="xmlsec-mscrypto-certkeys.html#XMLSECMSCRYPTOKEYDATAGETKEY">xmlSecMSCryptoKeyDataGetKey</a></p></li>
+<li><p><a href="xmlsec-mscrypto-certkeys.html#XMLSECMSCRYPTOKEYDATAGETMSCRYPTOKEYSPEC">xmlSecMSCryptoKeyDataGetMSCryptoKeySpec</a></p></li>
+<li><p><a href="xmlsec-mscrypto-certkeys.html#XMLSECMSCRYPTOKEYDATAGETMSCRYPTOPROVIDER">xmlSecMSCryptoKeyDataGetMSCryptoProvider</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOKEYDATAGOST2001GETKLASS">xmlSecMSCryptoKeyDataGost2001GetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOKEYDATAGOST2001ID">xmlSecMSCryptoKeyDataGost2001Id</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOKEYDATAHMACGETKLASS">xmlSecMSCryptoKeyDataHmacGetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOKEYDATAHMACID">xmlSecMSCryptoKeyDataHmacId</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOKEYDATAHMACSET">xmlSecMSCryptoKeyDataHmacSet</a></p></li>
+<li><p><a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOKEYDATARAWX509CERTGETKLASS">xmlSecMSCryptoKeyDataRawX509CertGetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOKEYDATARAWX509CERTID">xmlSecMSCryptoKeyDataRawX509CertId</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOKEYDATARSAGETKLASS">xmlSecMSCryptoKeyDataRsaGetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOKEYDATARSAID">xmlSecMSCryptoKeyDataRsaId</a></p></li>
+<li><p><a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOKEYDATAX509ADOPTCERT">xmlSecMSCryptoKeyDataX509AdoptCert</a></p></li>
+<li><p><a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOKEYDATAX509ADOPTCRL">xmlSecMSCryptoKeyDataX509AdoptCrl</a></p></li>
+<li><p><a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOKEYDATAX509ADOPTKEYCERT">xmlSecMSCryptoKeyDataX509AdoptKeyCert</a></p></li>
+<li><p><a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOKEYDATAX509GETCERT">xmlSecMSCryptoKeyDataX509GetCert</a></p></li>
+<li><p><a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOKEYDATAX509GETCERTSSIZE">xmlSecMSCryptoKeyDataX509GetCertsSize</a></p></li>
+<li><p><a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOKEYDATAX509GETCRL">xmlSecMSCryptoKeyDataX509GetCrl</a></p></li>
+<li><p><a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOKEYDATAX509GETCRLSSIZE">xmlSecMSCryptoKeyDataX509GetCrlsSize</a></p></li>
+<li><p><a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOKEYDATAX509GETKEYCERT">xmlSecMSCryptoKeyDataX509GetKeyCert</a></p></li>
+<li><p><a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOKEYDATAX509GETKLASS">xmlSecMSCryptoKeyDataX509GetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOKEYDATAX509ID">xmlSecMSCryptoKeyDataX509Id</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOKEYSMNGRINIT">xmlSecMSCryptoKeysMngrInit</a></p></li>
+<li><p><a href="xmlsec-mscrypto-keysstore.html#XMLSECMSCRYPTOKEYSSTOREADOPTKEY">xmlSecMSCryptoKeysStoreAdoptKey</a></p></li>
+<li><p><a href="xmlsec-mscrypto-keysstore.html#XMLSECMSCRYPTOKEYSSTOREGETKLASS">xmlSecMSCryptoKeysStoreGetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-keysstore.html#XMLSECMSCRYPTOKEYSSTOREID">xmlSecMSCryptoKeysStoreId</a></p></li>
+<li><p><a href="xmlsec-mscrypto-keysstore.html#XMLSECMSCRYPTOKEYSSTORELOAD">xmlSecMSCryptoKeysStoreLoad</a></p></li>
+<li><p><a href="xmlsec-mscrypto-keysstore.html#XMLSECMSCRYPTOKEYSSTORESAVE">xmlSecMSCryptoKeysStoreSave</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOSHUTDOWN">xmlSecMSCryptoShutdown</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMAES128CBCGETKLASS">xmlSecMSCryptoTransformAes128CbcGetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMAES128CBCID">xmlSecMSCryptoTransformAes128CbcId</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMAES192CBCGETKLASS">xmlSecMSCryptoTransformAes192CbcGetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMAES192CBCID">xmlSecMSCryptoTransformAes192CbcId</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMAES256CBCGETKLASS">xmlSecMSCryptoTransformAes256CbcGetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMAES256CBCID">xmlSecMSCryptoTransformAes256CbcId</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMDES3CBCGETKLASS">xmlSecMSCryptoTransformDes3CbcGetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMDES3CBCID">xmlSecMSCryptoTransformDes3CbcId</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMDSASHA1GETKLASS">xmlSecMSCryptoTransformDsaSha1GetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMDSASHA1ID">xmlSecMSCryptoTransformDsaSha1Id</a></p></li>
+<li><p><font>xmlSecMSCryptoTransformGost2001GostR3411-94GetKlass</font></p></li>
+<li><p><font>xmlSecMSCryptoTransformGost2001GostR3411-94Id</font></p></li>
+<li><p><font>xmlSecMSCryptoTransformGostR3411-94GetKlass</font></p></li>
+<li><p><font>xmlSecMSCryptoTransformGostR3411-94Id</font></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMHMACMD5GETKLASS">xmlSecMSCryptoTransformHmacMd5GetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMHMACMD5ID">xmlSecMSCryptoTransformHmacMd5Id</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMHMACSHA1GETKLASS">xmlSecMSCryptoTransformHmacSha1GetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMHMACSHA1ID">xmlSecMSCryptoTransformHmacSha1Id</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMHMACSHA256GETKLASS">xmlSecMSCryptoTransformHmacSha256GetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMHMACSHA256ID">xmlSecMSCryptoTransformHmacSha256Id</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMHMACSHA384GETKLASS">xmlSecMSCryptoTransformHmacSha384GetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMHMACSHA384ID">xmlSecMSCryptoTransformHmacSha384Id</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMHMACSHA512GETKLASS">xmlSecMSCryptoTransformHmacSha512GetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMHMACSHA512ID">xmlSecMSCryptoTransformHmacSha512Id</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMKWAES128GETKLASS">xmlSecMSCryptoTransformKWAes128GetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMKWAES128ID">xmlSecMSCryptoTransformKWAes128Id</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMKWAES192GETKLASS">xmlSecMSCryptoTransformKWAes192GetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMKWAES192ID">xmlSecMSCryptoTransformKWAes192Id</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMKWAES256GETKLASS">xmlSecMSCryptoTransformKWAes256GetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMKWAES256ID">xmlSecMSCryptoTransformKWAes256Id</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMKWDES3GETKLASS">xmlSecMSCryptoTransformKWDes3GetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMKWDES3ID">xmlSecMSCryptoTransformKWDes3Id</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMMD5GETKLASS">xmlSecMSCryptoTransformMd5GetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMMD5ID">xmlSecMSCryptoTransformMd5Id</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMRSAMD5GETKLASS">xmlSecMSCryptoTransformRsaMd5GetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMRSAMD5ID">xmlSecMSCryptoTransformRsaMd5Id</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMRSAOAEPGETKLASS">xmlSecMSCryptoTransformRsaOaepGetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMRSAOAEPID">xmlSecMSCryptoTransformRsaOaepId</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMRSAPKCS1GETKLASS">xmlSecMSCryptoTransformRsaPkcs1GetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMRSAPKCS1ID">xmlSecMSCryptoTransformRsaPkcs1Id</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMRSASHA1GETKLASS">xmlSecMSCryptoTransformRsaSha1GetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMRSASHA1ID">xmlSecMSCryptoTransformRsaSha1Id</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMRSASHA256GETKLASS">xmlSecMSCryptoTransformRsaSha256GetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMRSASHA256ID">xmlSecMSCryptoTransformRsaSha256Id</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMRSASHA384GETKLASS">xmlSecMSCryptoTransformRsaSha384GetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMRSASHA384ID">xmlSecMSCryptoTransformRsaSha384Id</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMRSASHA512GETKLASS">xmlSecMSCryptoTransformRsaSha512GetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMRSASHA512ID">xmlSecMSCryptoTransformRsaSha512Id</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMSHA1GETKLASS">xmlSecMSCryptoTransformSha1GetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMSHA1ID">xmlSecMSCryptoTransformSha1Id</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMSHA256GETKLASS">xmlSecMSCryptoTransformSha256GetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMSHA256ID">xmlSecMSCryptoTransformSha256Id</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMSHA384GETKLASS">xmlSecMSCryptoTransformSha384GetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMSHA384ID">xmlSecMSCryptoTransformSha384Id</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMSHA512GETKLASS">xmlSecMSCryptoTransformSha512GetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMSHA512ID">xmlSecMSCryptoTransformSha512Id</a></p></li>
+<li><p><a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOX509STOREADOPTCERT">xmlSecMSCryptoX509StoreAdoptCert</a></p></li>
+<li><p><a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOX509STOREADOPTKEYSTORE">xmlSecMSCryptoX509StoreAdoptKeyStore</a></p></li>
+<li><p><a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOX509STOREADOPTTRUSTEDSTORE">xmlSecMSCryptoX509StoreAdoptTrustedStore</a></p></li>
+<li><p><a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOX509STOREADOPTUNTRUSTEDSTORE">xmlSecMSCryptoX509StoreAdoptUntrustedStore</a></p></li>
+<li><p><a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOX509STOREENABLESYSTEMTRUSTEDCERTS">xmlSecMSCryptoX509StoreEnableSystemTrustedCerts</a></p></li>
+<li><p><a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOX509STOREGETKLASS">xmlSecMSCryptoX509StoreGetKlass</a></p></li>
+<li><p><a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOX509STOREID">xmlSecMSCryptoX509StoreId</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECNODEENCODEANDSETCONTENT">xmlSecNodeEncodeAndSetContent</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECNODEGETNAME">xmlSecNodeGetName</a></p></li>
+<li><p><a href="xmlsec-nodeset.html#XMLSECNODESETADDLIST">xmlSecNodeSetAddList</a></p></li>
+<li><p><a href="xmlsec-nodeset.html#XMLSECNODESETADD">xmlSecNodeSetAdd</a></p></li>
+<li><p><a href="xmlsec-nodeset.html#XMLSECNODESETCONTAINS">xmlSecNodeSetContains</a></p></li>
+<li><p><a href="xmlsec-nodeset.html#XMLSECNODESETCREATE">xmlSecNodeSetCreate</a></p></li>
+<li><p><a href="xmlsec-nodeset.html#XMLSECNODESETDEBUGDUMP">xmlSecNodeSetDebugDump</a></p></li>
+<li><p><a href="xmlsec-nodeset.html#XMLSECNODESETDESTROY">xmlSecNodeSetDestroy</a></p></li>
+<li><p><a href="xmlsec-nodeset.html#XMLSECNODESETDOCDESTROY">xmlSecNodeSetDocDestroy</a></p></li>
+<li><p><a href="xmlsec-nodeset.html#XMLSECNODESETDUMPTEXTNODES">xmlSecNodeSetDumpTextNodes</a></p></li>
+<li><p><a href="xmlsec-nodeset.html#XMLSECNODESETGETCHILDREN">xmlSecNodeSetGetChildren</a></p></li>
+<li><p><a href="xmlsec-nodeset.html#XMLSECNODESET">xmlSecNodeSet</a></p></li>
+<li><p><a href="xmlsec-nodeset.html#XMLSECNODESETOP">xmlSecNodeSetOp</a></p></li>
+<li><p><a href="xmlsec-nodeset.html#XMLSECNODESETTYPE">xmlSecNodeSetType</a></p></li>
+<li><p><a href="xmlsec-nodeset.html#XMLSECNODESETWALKCALLBACK">xmlSecNodeSetWalkCallback</a></p></li>
+<li><p><a href="xmlsec-nodeset.html#XMLSECNODESETWALK">xmlSecNodeSetWalk</a></p></li>
+<li><p><a href="xmlsec-nss-app.html#XMLSECNSSAPPDEFAULTKEYSMNGRADOPTKEY">xmlSecNssAppDefaultKeysMngrAdoptKey</a></p></li>
+<li><p><a href="xmlsec-nss-app.html#XMLSECNSSAPPDEFAULTKEYSMNGRINIT">xmlSecNssAppDefaultKeysMngrInit</a></p></li>
+<li><p><a href="xmlsec-nss-app.html#XMLSECNSSAPPDEFAULTKEYSMNGRLOAD">xmlSecNssAppDefaultKeysMngrLoad</a></p></li>
+<li><p><a href="xmlsec-nss-app.html#XMLSECNSSAPPDEFAULTKEYSMNGRSAVE">xmlSecNssAppDefaultKeysMngrSave</a></p></li>
+<li><p><a href="xmlsec-nss-app.html#XMLSECNSSAPPGETDEFAULTPWDCALLBACK">xmlSecNssAppGetDefaultPwdCallback</a></p></li>
+<li><p><a href="xmlsec-nss-app.html#XMLSECNSSAPPINIT">xmlSecNssAppInit</a></p></li>
+<li><p><a href="xmlsec-nss-app.html#XMLSECNSSAPPKEYCERTLOADMEMORY">xmlSecNssAppKeyCertLoadMemory</a></p></li>
+<li><p><a href="xmlsec-nss-app.html#XMLSECNSSAPPKEYCERTLOAD">xmlSecNssAppKeyCertLoad</a></p></li>
+<li><p><a href="xmlsec-nss-app.html#XMLSECNSSAPPKEYCERTLOADSECITEM">xmlSecNssAppKeyCertLoadSECItem</a></p></li>
+<li><p><a href="xmlsec-nss-app.html#XMLSECNSSAPPKEYFROMCERTLOADSECITEM">xmlSecNssAppKeyFromCertLoadSECItem</a></p></li>
+<li><p><a href="xmlsec-nss-app.html#XMLSECNSSAPPKEYLOADMEMORY">xmlSecNssAppKeyLoadMemory</a></p></li>
+<li><p><a href="xmlsec-nss-app.html#XMLSECNSSAPPKEYLOAD">xmlSecNssAppKeyLoad</a></p></li>
+<li><p><a href="xmlsec-nss-app.html#XMLSECNSSAPPKEYLOADSECITEM">xmlSecNssAppKeyLoadSECItem</a></p></li>
+<li><p><a href="xmlsec-nss-app.html#XMLSECNSSAPPKEYSMNGRCERTLOADMEMORY">xmlSecNssAppKeysMngrCertLoadMemory</a></p></li>
+<li><p><a href="xmlsec-nss-app.html#XMLSECNSSAPPKEYSMNGRCERTLOAD">xmlSecNssAppKeysMngrCertLoad</a></p></li>
+<li><p><a href="xmlsec-nss-app.html#XMLSECNSSAPPKEYSMNGRCERTLOADSECITEM">xmlSecNssAppKeysMngrCertLoadSECItem</a></p></li>
+<li><p><a href="xmlsec-nss-app.html#XMLSECNSSAPPPKCS12LOADMEMORY">xmlSecNssAppPkcs12LoadMemory</a></p></li>
+<li><p><a href="xmlsec-nss-app.html#XMLSECNSSAPPPKCS12LOAD">xmlSecNssAppPkcs12Load</a></p></li>
+<li><p><a href="xmlsec-nss-app.html#XMLSECNSSAPPPKCS12LOADSECITEM">xmlSecNssAppPkcs12LoadSECItem</a></p></li>
+<li><p><a href="xmlsec-nss-app.html#XMLSECNSSAPPSHUTDOWN">xmlSecNssAppShutdown</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSERRORSDEFAULTCALLBACK">xmlSecNssErrorsDefaultCallback</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSGENERATERANDOM">xmlSecNssGenerateRandom</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSGETINTERNALKEYSLOT">xmlSecNssGetInternalKeySlot</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSHMACGETMINOUTPUTLENGTH">xmlSecNssHmacGetMinOutputLength</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSHMACSETMINOUTPUTLENGTH">xmlSecNssHmacSetMinOutputLength</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSINIT">xmlSecNssInit</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSKEYDATAAESGETKLASS">xmlSecNssKeyDataAesGetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSKEYDATAAESID">xmlSecNssKeyDataAesId</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSKEYDATAAESSET">xmlSecNssKeyDataAesSet</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSKEYDATADESGETKLASS">xmlSecNssKeyDataDesGetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSKEYDATADESID">xmlSecNssKeyDataDesId</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSKEYDATADESSET">xmlSecNssKeyDataDesSet</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSKEYDATADSAGETKLASS">xmlSecNssKeyDataDsaGetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSKEYDATADSAID">xmlSecNssKeyDataDsaId</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSKEYDATAHMACGETKLASS">xmlSecNssKeyDataHmacGetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSKEYDATAHMACID">xmlSecNssKeyDataHmacId</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSKEYDATAHMACSET">xmlSecNssKeyDataHmacSet</a></p></li>
+<li><p><a href="xmlsec-nss-x509.html#XMLSECNSSKEYDATARAWX509CERTGETKLASS">xmlSecNssKeyDataRawX509CertGetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-x509.html#XMLSECNSSKEYDATARAWX509CERTID">xmlSecNssKeyDataRawX509CertId</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSKEYDATARSAGETKLASS">xmlSecNssKeyDataRsaGetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSKEYDATARSAID">xmlSecNssKeyDataRsaId</a></p></li>
+<li><p><a href="xmlsec-nss-x509.html#XMLSECNSSKEYDATAX509ADOPTCERT">xmlSecNssKeyDataX509AdoptCert</a></p></li>
+<li><p><a href="xmlsec-nss-x509.html#XMLSECNSSKEYDATAX509ADOPTCRL">xmlSecNssKeyDataX509AdoptCrl</a></p></li>
+<li><p><a href="xmlsec-nss-x509.html#XMLSECNSSKEYDATAX509ADOPTKEYCERT">xmlSecNssKeyDataX509AdoptKeyCert</a></p></li>
+<li><p><a href="xmlsec-nss-x509.html#XMLSECNSSKEYDATAX509GETCERT">xmlSecNssKeyDataX509GetCert</a></p></li>
+<li><p><a href="xmlsec-nss-x509.html#XMLSECNSSKEYDATAX509GETCERTSSIZE">xmlSecNssKeyDataX509GetCertsSize</a></p></li>
+<li><p><a href="xmlsec-nss-x509.html#XMLSECNSSKEYDATAX509GETCRL">xmlSecNssKeyDataX509GetCrl</a></p></li>
+<li><p><a href="xmlsec-nss-x509.html#XMLSECNSSKEYDATAX509GETCRLSSIZE">xmlSecNssKeyDataX509GetCrlsSize</a></p></li>
+<li><p><a href="xmlsec-nss-x509.html#XMLSECNSSKEYDATAX509GETKEYCERT">xmlSecNssKeyDataX509GetKeyCert</a></p></li>
+<li><p><a href="xmlsec-nss-x509.html#XMLSECNSSKEYDATAX509GETKLASS">xmlSecNssKeyDataX509GetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-x509.html#XMLSECNSSKEYDATAX509ID">xmlSecNssKeyDataX509Id</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSKEYSMNGRINIT">xmlSecNssKeysMngrInit</a></p></li>
+<li><p><a href="xmlsec-nss-keysstore.html#XMLSECNSSKEYSSTOREADOPTKEY">xmlSecNssKeysStoreAdoptKey</a></p></li>
+<li><p><a href="xmlsec-nss-keysstore.html#XMLSECNSSKEYSSTOREGETKLASS">xmlSecNssKeysStoreGetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-keysstore.html#XMLSECNSSKEYSSTOREID">xmlSecNssKeysStoreId</a></p></li>
+<li><p><a href="xmlsec-nss-keysstore.html#XMLSECNSSKEYSSTORELOAD">xmlSecNssKeysStoreLoad</a></p></li>
+<li><p><a href="xmlsec-nss-keysstore.html#XMLSECNSSKEYSSTORESAVE">xmlSecNssKeysStoreSave</a></p></li>
+<li><p><a href="xmlsec-nss-bignum.html#XMLSECNSSNODEGETBIGNUMVALUE">xmlSecNssNodeGetBigNumValue</a></p></li>
+<li><p><a href="xmlsec-nss-bignum.html#XMLSECNSSNODESETBIGNUMVALUE">xmlSecNssNodeSetBigNumValue</a></p></li>
+<li><p><a href="xmlsec-nss-pkikeys.html#XMLSECNSSPKIADOPTKEY">xmlSecNssPKIAdoptKey</a></p></li>
+<li><p><a href="xmlsec-nss-pkikeys.html#XMLSECNSSPKIKEYDATADUPLICATE">xmlSecNssPKIKeyDataDuplicate</a></p></li>
+<li><p><a href="xmlsec-nss-pkikeys.html#XMLSECNSSPKIKEYDATAGETKEYTYPE">xmlSecNssPKIKeyDataGetKeyType</a></p></li>
+<li><p><a href="xmlsec-nss-pkikeys.html#XMLSECNSSPKIKEYDATAGETPRIVKEY">xmlSecNssPKIKeyDataGetPrivKey</a></p></li>
+<li><p><a href="xmlsec-nss-pkikeys.html#XMLSECNSSPKIKEYDATAGETPUBKEY">xmlSecNssPKIKeyDataGetPubKey</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSSHUTDOWN">xmlSecNssShutdown</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMAES128CBCGETKLASS">xmlSecNssTransformAes128CbcGetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMAES128CBCID">xmlSecNssTransformAes128CbcId</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMAES192CBCGETKLASS">xmlSecNssTransformAes192CbcGetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMAES192CBCID">xmlSecNssTransformAes192CbcId</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMAES256CBCGETKLASS">xmlSecNssTransformAes256CbcGetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMAES256CBCID">xmlSecNssTransformAes256CbcId</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMDES3CBCGETKLASS">xmlSecNssTransformDes3CbcGetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMDES3CBCID">xmlSecNssTransformDes3CbcId</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMDSASHA1GETKLASS">xmlSecNssTransformDsaSha1GetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMDSASHA1ID">xmlSecNssTransformDsaSha1Id</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMHMACMD5GETKLASS">xmlSecNssTransformHmacMd5GetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMHMACMD5ID">xmlSecNssTransformHmacMd5Id</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMHMACRIPEMD160GETKLASS">xmlSecNssTransformHmacRipemd160GetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMHMACRIPEMD160ID">xmlSecNssTransformHmacRipemd160Id</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMHMACSHA1GETKLASS">xmlSecNssTransformHmacSha1GetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMHMACSHA1ID">xmlSecNssTransformHmacSha1Id</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMHMACSHA256GETKLASS">xmlSecNssTransformHmacSha256GetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMHMACSHA256ID">xmlSecNssTransformHmacSha256Id</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMHMACSHA384GETKLASS">xmlSecNssTransformHmacSha384GetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMHMACSHA384ID">xmlSecNssTransformHmacSha384Id</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMHMACSHA512GETKLASS">xmlSecNssTransformHmacSha512GetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMHMACSHA512ID">xmlSecNssTransformHmacSha512Id</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMKWAES128GETKLASS">xmlSecNssTransformKWAes128GetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMKWAES128ID">xmlSecNssTransformKWAes128Id</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMKWAES192GETKLASS">xmlSecNssTransformKWAes192GetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMKWAES192ID">xmlSecNssTransformKWAes192Id</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMKWAES256GETKLASS">xmlSecNssTransformKWAes256GetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMKWAES256ID">xmlSecNssTransformKWAes256Id</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMKWDES3GETKLASS">xmlSecNssTransformKWDes3GetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMKWDES3ID">xmlSecNssTransformKWDes3Id</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMMD5GETKLASS">xmlSecNssTransformMd5GetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMMD5ID">xmlSecNssTransformMd5Id</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMRSAMD5GETKLASS">xmlSecNssTransformRsaMd5GetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMRSAMD5ID">xmlSecNssTransformRsaMd5Id</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMRSAOAEPGETKLASS">xmlSecNssTransformRsaOaepGetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMRSAOAEPID">xmlSecNssTransformRsaOaepId</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMRSAPKCS1GETKLASS">xmlSecNssTransformRsaPkcs1GetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMRSAPKCS1ID">xmlSecNssTransformRsaPkcs1Id</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMRSASHA1GETKLASS">xmlSecNssTransformRsaSha1GetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMRSASHA1ID">xmlSecNssTransformRsaSha1Id</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMRSASHA256GETKLASS">xmlSecNssTransformRsaSha256GetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMRSASHA256ID">xmlSecNssTransformRsaSha256Id</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMRSASHA384GETKLASS">xmlSecNssTransformRsaSha384GetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMRSASHA384ID">xmlSecNssTransformRsaSha384Id</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMRSASHA512GETKLASS">xmlSecNssTransformRsaSha512GetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMRSASHA512ID">xmlSecNssTransformRsaSha512Id</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMSHA1GETKLASS">xmlSecNssTransformSha1GetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMSHA1ID">xmlSecNssTransformSha1Id</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMSHA256GETKLASS">xmlSecNssTransformSha256GetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMSHA256ID">xmlSecNssTransformSha256Id</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMSHA384GETKLASS">xmlSecNssTransformSha384GetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMSHA384ID">xmlSecNssTransformSha384Id</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMSHA512GETKLASS">xmlSecNssTransformSha512GetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMSHA512ID">xmlSecNssTransformSha512Id</a></p></li>
+<li><p><a href="xmlsec-nss-x509.html#XMLSECNSSX509CERTGETKEY">xmlSecNssX509CertGetKey</a></p></li>
+<li><p><a href="xmlsec-nss-x509.html#XMLSECNSSX509STOREADOPTCERT">xmlSecNssX509StoreAdoptCert</a></p></li>
+<li><p><a href="xmlsec-nss-x509.html#XMLSECNSSX509STOREFINDCERT">xmlSecNssX509StoreFindCert</a></p></li>
+<li><p><a href="xmlsec-nss-x509.html#XMLSECNSSX509STOREGETKLASS">xmlSecNssX509StoreGetKlass</a></p></li>
+<li><p><a href="xmlsec-nss-x509.html#XMLSECNSSX509STOREID">xmlSecNssX509StoreId</a></p></li>
+<li><p><a href="xmlsec-nss-x509.html#XMLSECNSSX509STOREVERIFY">xmlSecNssX509StoreVerify</a></p></li>
+<li><p><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPDEFAULTKEYSMNGRADOPTKEY">xmlSecOpenSSLAppDefaultKeysMngrAdoptKey</a></p></li>
+<li><p><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPDEFAULTKEYSMNGRINIT">xmlSecOpenSSLAppDefaultKeysMngrInit</a></p></li>
+<li><p><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPDEFAULTKEYSMNGRLOAD">xmlSecOpenSSLAppDefaultKeysMngrLoad</a></p></li>
+<li><p><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPDEFAULTKEYSMNGRSAVE">xmlSecOpenSSLAppDefaultKeysMngrSave</a></p></li>
+<li><p><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPGETDEFAULTPWDCALLBACK">xmlSecOpenSSLAppGetDefaultPwdCallback</a></p></li>
+<li><p><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPINIT">xmlSecOpenSSLAppInit</a></p></li>
+<li><p><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPKEYCERTLOADBIO">xmlSecOpenSSLAppKeyCertLoadBIO</a></p></li>
+<li><p><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPKEYCERTLOADMEMORY">xmlSecOpenSSLAppKeyCertLoadMemory</a></p></li>
+<li><p><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPKEYCERTLOAD">xmlSecOpenSSLAppKeyCertLoad</a></p></li>
+<li><p><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPKEYFROMCERTLOADBIO">xmlSecOpenSSLAppKeyFromCertLoadBIO</a></p></li>
+<li><p><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPKEYLOADBIO">xmlSecOpenSSLAppKeyLoadBIO</a></p></li>
+<li><p><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPKEYLOADMEMORY">xmlSecOpenSSLAppKeyLoadMemory</a></p></li>
+<li><p><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPKEYLOAD">xmlSecOpenSSLAppKeyLoad</a></p></li>
+<li><p><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPKEYSMNGRADDCERTSFILE">xmlSecOpenSSLAppKeysMngrAddCertsFile</a></p></li>
+<li><p><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPKEYSMNGRADDCERTSPATH">xmlSecOpenSSLAppKeysMngrAddCertsPath</a></p></li>
+<li><p><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPKEYSMNGRCERTLOADBIO">xmlSecOpenSSLAppKeysMngrCertLoadBIO</a></p></li>
+<li><p><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPKEYSMNGRCERTLOADMEMORY">xmlSecOpenSSLAppKeysMngrCertLoadMemory</a></p></li>
+<li><p><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPKEYSMNGRCERTLOAD">xmlSecOpenSSLAppKeysMngrCertLoad</a></p></li>
+<li><p><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPPKCS12LOADBIO">xmlSecOpenSSLAppPkcs12LoadBIO</a></p></li>
+<li><p><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPPKCS12LOADMEMORY">xmlSecOpenSSLAppPkcs12LoadMemory</a></p></li>
+<li><p><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPPKCS12LOAD">xmlSecOpenSSLAppPkcs12Load</a></p></li>
+<li><p><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPSHUTDOWN">xmlSecOpenSSLAppShutdown</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLERRORSDEFAULTCALLBACK">xmlSecOpenSSLErrorsDefaultCallback</a></p></li>
+<li><p><font>XMLSEC-OPENSSL-ERRORS-FUNCTION</font></p></li>
+<li><p><font>XMLSEC-OPENSSL-ERRORS-LIB</font></p></li>
+<li><p><a href="xmlsec-openssl-evp.html#XMLSECOPENSSLEVPKEYADOPT">xmlSecOpenSSLEvpKeyAdopt</a></p></li>
+<li><p><a href="xmlsec-openssl-evp.html#XMLSECOPENSSLEVPKEYDATAADOPTEVP">xmlSecOpenSSLEvpKeyDataAdoptEvp</a></p></li>
+<li><p><a href="xmlsec-openssl-evp.html#XMLSECOPENSSLEVPKEYDATAGETEVP">xmlSecOpenSSLEvpKeyDataGetEvp</a></p></li>
+<li><p><a href="xmlsec-openssl-evp.html#XMLSECOPENSSLEVPKEYDUP">xmlSecOpenSSLEvpKeyDup</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLGENERATERANDOM">xmlSecOpenSSLGenerateRandom</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLGETDEFAULTTRUSTEDCERTSFOLDER">xmlSecOpenSSLGetDefaultTrustedCertsFolder</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLHMACGETMINOUTPUTLENGTH">xmlSecOpenSSLHmacGetMinOutputLength</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLHMACSETMINOUTPUTLENGTH">xmlSecOpenSSLHmacSetMinOutputLength</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLINIT">xmlSecOpenSSLInit</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATAAESGETKLASS">xmlSecOpenSSLKeyDataAesGetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATAAESID">xmlSecOpenSSLKeyDataAesId</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATAAESSET">xmlSecOpenSSLKeyDataAesSet</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATADESGETKLASS">xmlSecOpenSSLKeyDataDesGetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATADESID">xmlSecOpenSSLKeyDataDesId</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATADESSET">xmlSecOpenSSLKeyDataDesSet</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATADSAADOPTDSA">xmlSecOpenSSLKeyDataDsaAdoptDsa</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATADSAADOPTEVP">xmlSecOpenSSLKeyDataDsaAdoptEvp</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATADSAGETDSA">xmlSecOpenSSLKeyDataDsaGetDsa</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATADSAGETEVP">xmlSecOpenSSLKeyDataDsaGetEvp</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATADSAGETKLASS">xmlSecOpenSSLKeyDataDsaGetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATADSAID">xmlSecOpenSSLKeyDataDsaId</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATAHMACGETKLASS">xmlSecOpenSSLKeyDataHmacGetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATAHMACID">xmlSecOpenSSLKeyDataHmacId</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATAHMACSET">xmlSecOpenSSLKeyDataHmacSet</a></p></li>
+<li><p><a href="xmlsec-openssl-x509.html#XMLSECOPENSSLKEYDATARAWX509CERTGETKLASS">xmlSecOpenSSLKeyDataRawX509CertGetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-x509.html#XMLSECOPENSSLKEYDATARAWX509CERTID">xmlSecOpenSSLKeyDataRawX509CertId</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATARSAADOPTEVP">xmlSecOpenSSLKeyDataRsaAdoptEvp</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATARSAADOPTRSA">xmlSecOpenSSLKeyDataRsaAdoptRsa</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATARSAGETEVP">xmlSecOpenSSLKeyDataRsaGetEvp</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATARSAGETKLASS">xmlSecOpenSSLKeyDataRsaGetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATARSAGETRSA">xmlSecOpenSSLKeyDataRsaGetRsa</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATARSAID">xmlSecOpenSSLKeyDataRsaId</a></p></li>
+<li><p><a href="xmlsec-openssl-x509.html#XMLSECOPENSSLKEYDATAX509ADOPTCERT">xmlSecOpenSSLKeyDataX509AdoptCert</a></p></li>
+<li><p><a href="xmlsec-openssl-x509.html#XMLSECOPENSSLKEYDATAX509ADOPTCRL">xmlSecOpenSSLKeyDataX509AdoptCrl</a></p></li>
+<li><p><a href="xmlsec-openssl-x509.html#XMLSECOPENSSLKEYDATAX509ADOPTKEYCERT">xmlSecOpenSSLKeyDataX509AdoptKeyCert</a></p></li>
+<li><p><a href="xmlsec-openssl-x509.html#XMLSECOPENSSLKEYDATAX509GETCERT">xmlSecOpenSSLKeyDataX509GetCert</a></p></li>
+<li><p><a href="xmlsec-openssl-x509.html#XMLSECOPENSSLKEYDATAX509GETCERTSSIZE">xmlSecOpenSSLKeyDataX509GetCertsSize</a></p></li>
+<li><p><a href="xmlsec-openssl-x509.html#XMLSECOPENSSLKEYDATAX509GETCRL">xmlSecOpenSSLKeyDataX509GetCrl</a></p></li>
+<li><p><a href="xmlsec-openssl-x509.html#XMLSECOPENSSLKEYDATAX509GETCRLSSIZE">xmlSecOpenSSLKeyDataX509GetCrlsSize</a></p></li>
+<li><p><a href="xmlsec-openssl-x509.html#XMLSECOPENSSLKEYDATAX509GETKEYCERT">xmlSecOpenSSLKeyDataX509GetKeyCert</a></p></li>
+<li><p><a href="xmlsec-openssl-x509.html#XMLSECOPENSSLKEYDATAX509GETKLASS">xmlSecOpenSSLKeyDataX509GetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-x509.html#XMLSECOPENSSLKEYDATAX509ID">xmlSecOpenSSLKeyDataX509Id</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYSMNGRINIT">xmlSecOpenSSLKeysMngrInit</a></p></li>
+<li><p><a href="xmlsec-openssl-bn.html#XMLSECOPENSSLNODEGETBNVALUE">xmlSecOpenSSLNodeGetBNValue</a></p></li>
+<li><p><a href="xmlsec-openssl-bn.html#XMLSECOPENSSLNODESETBNVALUE">xmlSecOpenSSLNodeSetBNValue</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLSETDEFAULTTRUSTEDCERTSFOLDER">xmlSecOpenSSLSetDefaultTrustedCertsFolder</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLSHUTDOWN">xmlSecOpenSSLShutdown</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMAES128CBCGETKLASS">xmlSecOpenSSLTransformAes128CbcGetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMAES128CBCID">xmlSecOpenSSLTransformAes128CbcId</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMAES192CBCGETKLASS">xmlSecOpenSSLTransformAes192CbcGetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMAES192CBCID">xmlSecOpenSSLTransformAes192CbcId</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMAES256CBCGETKLASS">xmlSecOpenSSLTransformAes256CbcGetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMAES256CBCID">xmlSecOpenSSLTransformAes256CbcId</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMDES3CBCGETKLASS">xmlSecOpenSSLTransformDes3CbcGetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMDES3CBCID">xmlSecOpenSSLTransformDes3CbcId</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMDSASHA1GETKLASS">xmlSecOpenSSLTransformDsaSha1GetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMDSASHA1ID">xmlSecOpenSSLTransformDsaSha1Id</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMHMACMD5GETKLASS">xmlSecOpenSSLTransformHmacMd5GetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMHMACMD5ID">xmlSecOpenSSLTransformHmacMd5Id</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMHMACRIPEMD160GETKLASS">xmlSecOpenSSLTransformHmacRipemd160GetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMHMACRIPEMD160ID">xmlSecOpenSSLTransformHmacRipemd160Id</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMHMACSHA1GETKLASS">xmlSecOpenSSLTransformHmacSha1GetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMHMACSHA1ID">xmlSecOpenSSLTransformHmacSha1Id</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMHMACSHA224GETKLASS">xmlSecOpenSSLTransformHmacSha224GetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMHMACSHA224ID">xmlSecOpenSSLTransformHmacSha224Id</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMHMACSHA256GETKLASS">xmlSecOpenSSLTransformHmacSha256GetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMHMACSHA256ID">xmlSecOpenSSLTransformHmacSha256Id</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMHMACSHA384GETKLASS">xmlSecOpenSSLTransformHmacSha384GetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMHMACSHA384ID">xmlSecOpenSSLTransformHmacSha384Id</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMHMACSHA512GETKLASS">xmlSecOpenSSLTransformHmacSha512GetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMHMACSHA512ID">xmlSecOpenSSLTransformHmacSha512Id</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMKWAES128GETKLASS">xmlSecOpenSSLTransformKWAes128GetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMKWAES128ID">xmlSecOpenSSLTransformKWAes128Id</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMKWAES192GETKLASS">xmlSecOpenSSLTransformKWAes192GetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMKWAES192ID">xmlSecOpenSSLTransformKWAes192Id</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMKWAES256GETKLASS">xmlSecOpenSSLTransformKWAes256GetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMKWAES256ID">xmlSecOpenSSLTransformKWAes256Id</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMKWDES3GETKLASS">xmlSecOpenSSLTransformKWDes3GetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMKWDES3ID">xmlSecOpenSSLTransformKWDes3Id</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMMD5GETKLASS">xmlSecOpenSSLTransformMd5GetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMMD5ID">xmlSecOpenSSLTransformMd5Id</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRIPEMD160GETKLASS">xmlSecOpenSSLTransformRipemd160GetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRIPEMD160ID">xmlSecOpenSSLTransformRipemd160Id</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSAMD5GETKLASS">xmlSecOpenSSLTransformRsaMd5GetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSAMD5ID">xmlSecOpenSSLTransformRsaMd5Id</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSAOAEPGETKLASS">xmlSecOpenSSLTransformRsaOaepGetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSAOAEPID">xmlSecOpenSSLTransformRsaOaepId</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSAPKCS1GETKLASS">xmlSecOpenSSLTransformRsaPkcs1GetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSAPKCS1ID">xmlSecOpenSSLTransformRsaPkcs1Id</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSARIPEMD160GETKLASS">xmlSecOpenSSLTransformRsaRipemd160GetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSARIPEMD160ID">xmlSecOpenSSLTransformRsaRipemd160Id</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSASHA1GETKLASS">xmlSecOpenSSLTransformRsaSha1GetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSASHA1ID">xmlSecOpenSSLTransformRsaSha1Id</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSASHA224GETKLASS">xmlSecOpenSSLTransformRsaSha224GetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSASHA224ID">xmlSecOpenSSLTransformRsaSha224Id</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSASHA256GETKLASS">xmlSecOpenSSLTransformRsaSha256GetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSASHA256ID">xmlSecOpenSSLTransformRsaSha256Id</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSASHA384GETKLASS">xmlSecOpenSSLTransformRsaSha384GetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSASHA384ID">xmlSecOpenSSLTransformRsaSha384Id</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSASHA512GETKLASS">xmlSecOpenSSLTransformRsaSha512GetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSASHA512ID">xmlSecOpenSSLTransformRsaSha512Id</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMSHA1GETKLASS">xmlSecOpenSSLTransformSha1GetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMSHA1ID">xmlSecOpenSSLTransformSha1Id</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMSHA224GETKLASS">xmlSecOpenSSLTransformSha224GetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMSHA224ID">xmlSecOpenSSLTransformSha224Id</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMSHA256GETKLASS">xmlSecOpenSSLTransformSha256GetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMSHA256ID">xmlSecOpenSSLTransformSha256Id</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMSHA384GETKLASS">xmlSecOpenSSLTransformSha384GetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMSHA384ID">xmlSecOpenSSLTransformSha384Id</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMSHA512GETKLASS">xmlSecOpenSSLTransformSha512GetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMSHA512ID">xmlSecOpenSSLTransformSha512Id</a></p></li>
+<li><p><a href="xmlsec-openssl-x509.html#XMLSECOPENSSLX509CERTGETKEY">xmlSecOpenSSLX509CertGetKey</a></p></li>
+<li><p><a href="xmlsec-openssl-x509.html#XMLSECOPENSSLX509STOREADDCERTSFILE">xmlSecOpenSSLX509StoreAddCertsFile</a></p></li>
+<li><p><a href="xmlsec-openssl-x509.html#XMLSECOPENSSLX509STOREADDCERTSPATH">xmlSecOpenSSLX509StoreAddCertsPath</a></p></li>
+<li><p><a href="xmlsec-openssl-x509.html#XMLSECOPENSSLX509STOREADOPTCERT">xmlSecOpenSSLX509StoreAdoptCert</a></p></li>
+<li><p><a href="xmlsec-openssl-x509.html#XMLSECOPENSSLX509STOREADOPTCRL">xmlSecOpenSSLX509StoreAdoptCrl</a></p></li>
+<li><p><a href="xmlsec-openssl-x509.html#XMLSECOPENSSLX509STOREFINDCERT">xmlSecOpenSSLX509StoreFindCert</a></p></li>
+<li><p><a href="xmlsec-openssl-x509.html#XMLSECOPENSSLX509STOREGETKLASS">xmlSecOpenSSLX509StoreGetKlass</a></p></li>
+<li><p><a href="xmlsec-openssl-x509.html#XMLSECOPENSSLX509STOREID">xmlSecOpenSSLX509StoreId</a></p></li>
+<li><p><a href="xmlsec-openssl-x509.html#XMLSECOPENSSLX509STOREVERIFY">xmlSecOpenSSLX509StoreVerify</a></p></li>
+<li><p><a href="xmlsec-parser.html#XMLSECPARSEFILE">xmlSecParseFile</a></p></li>
+<li><p><a href="xmlsec-parser.html#XMLSECPARSEMEMORYEXT">xmlSecParseMemoryExt</a></p></li>
+<li><p><a href="xmlsec-parser.html#XMLSECPARSEMEMORY">xmlSecParseMemory</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECPRINTXMLSTRING">xmlSecPrintXmlString</a></p></li>
+<li><p><a href="xmlsec-list.html#XMLSECPTRDEBUGDUMPITEMMETHOD">xmlSecPtrDebugDumpItemMethod</a></p></li>
+<li><p><a href="xmlsec-list.html#XMLSECPTRDESTROYITEMMETHOD">xmlSecPtrDestroyItemMethod</a></p></li>
+<li><p><a href="xmlsec-list.html#XMLSECPTRDUPLICATEITEMMETHOD">xmlSecPtrDuplicateItemMethod</a></p></li>
+<li><p><a href="xmlsec-list.html#XMLSECPTRLISTADD">xmlSecPtrListAdd</a></p></li>
+<li><p><a href="xmlsec-list.html#XMLSECPTRLISTCHECKID">xmlSecPtrListCheckId</a></p></li>
+<li><p><a href="xmlsec-list.html#XMLSECPTRLISTCOPY">xmlSecPtrListCopy</a></p></li>
+<li><p><a href="xmlsec-list.html#XMLSECPTRLISTCREATE">xmlSecPtrListCreate</a></p></li>
+<li><p><a href="xmlsec-list.html#XMLSECPTRLISTDEBUGDUMP">xmlSecPtrListDebugDump</a></p></li>
+<li><p><a href="xmlsec-list.html#XMLSECPTRLISTDEBUGXMLDUMP">xmlSecPtrListDebugXmlDump</a></p></li>
+<li><p><a href="xmlsec-list.html#XMLSECPTRLISTDESTROY">xmlSecPtrListDestroy</a></p></li>
+<li><p><a href="xmlsec-list.html#XMLSECPTRLISTDUPLICATE">xmlSecPtrListDuplicate</a></p></li>
+<li><p><a href="xmlsec-list.html#XMLSECPTRLISTEMPTY">xmlSecPtrListEmpty</a></p></li>
+<li><p><a href="xmlsec-list.html#XMLSECPTRLISTFINALIZE">xmlSecPtrListFinalize</a></p></li>
+<li><p><a href="xmlsec-list.html#XMLSECPTRLISTGETITEM">xmlSecPtrListGetItem</a></p></li>
+<li><p><a href="xmlsec-list.html#XMLSECPTRLISTGETNAME">xmlSecPtrListGetName</a></p></li>
+<li><p><a href="xmlsec-list.html#XMLSECPTRLISTGETSIZE">xmlSecPtrListGetSize</a></p></li>
+<li><p><a href="xmlsec-list.html#XMLSECPTRLISTIDUNKNOWN">xmlSecPtrListIdUnknown</a></p></li>
+<li><p><a href="xmlsec-list.html#XMLSECPTRLISTINITIALIZE">xmlSecPtrListInitialize</a></p></li>
+<li><p><a href="xmlsec-list.html#XMLSECPTRLISTISVALID">xmlSecPtrListIsValid</a></p></li>
+<li><p><a href="xmlsec-list.html#XMLSECPTRLISTKLASSGETNAME">xmlSecPtrListKlassGetName</a></p></li>
+<li><p><a href="xmlsec-list.html#XMLSECPTRLISTKLASS">xmlSecPtrListKlass</a></p></li>
+<li><p><a href="xmlsec-list.html#XMLSECPTRLIST">xmlSecPtrList</a></p></li>
+<li><p><a href="xmlsec-list.html#XMLSECPTRLISTREMOVEANDRETURN">xmlSecPtrListRemoveAndReturn</a></p></li>
+<li><p><a href="xmlsec-list.html#XMLSECPTRLISTREMOVE">xmlSecPtrListRemove</a></p></li>
+<li><p><a href="xmlsec-list.html#XMLSECPTRLISTSETDEFAULTALLOCMODE">xmlSecPtrListSetDefaultAllocMode</a></p></li>
+<li><p><a href="xmlsec-list.html#XMLSECPTRLISTSET">xmlSecPtrListSet</a></p></li>
+<li><p><a href="xmlsec-xmlsec.html#XMLSECPTR">xmlSecPtr</a></p></li>
+<li><p><font>XMLSEC-PTR-TO-FUNC-IMPL</font></p></li>
+<li><p><font>XMLSEC-PTR-TO-FUNC</font></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECQNAME2BITMASKDEBUGDUMP">xmlSecQName2BitMaskDebugDump</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECQNAME2BITMASKDEBUGXMLDUMP">xmlSecQName2BitMaskDebugXmlDump</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECQNAME2BITMASKGETBITMASKFROMSTRING">xmlSecQName2BitMaskGetBitMaskFromString</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECQNAME2BITMASKGETBITMASK">xmlSecQName2BitMaskGetBitMask</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECQNAME2BITMASKGETINFO">xmlSecQName2BitMaskGetInfo</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECQNAME2BITMASKGETSTRINGFROMBITMASK">xmlSecQName2BitMaskGetStringFromBitMask</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECQNAME2BITMASKINFOCONSTPTR">xmlSecQName2BitMaskInfoConstPtr</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECQNAME2BITMASKINFO">xmlSecQName2BitMaskInfo</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECQNAME2BITMASKNODESREAD">xmlSecQName2BitMaskNodesRead</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECQNAME2BITMASKNODESWRITE">xmlSecQName2BitMaskNodesWrite</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECQNAME2INTEGERATTRIBUTEREAD">xmlSecQName2IntegerAttributeRead</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECQNAME2INTEGERATTRIBUTEWRITE">xmlSecQName2IntegerAttributeWrite</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECQNAME2INTEGERDEBUGDUMP">xmlSecQName2IntegerDebugDump</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECQNAME2INTEGERDEBUGXMLDUMP">xmlSecQName2IntegerDebugXmlDump</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECQNAME2INTEGERGETINFO">xmlSecQName2IntegerGetInfo</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECQNAME2INTEGERGETINTEGERFROMSTRING">xmlSecQName2IntegerGetIntegerFromString</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECQNAME2INTEGERGETINTEGER">xmlSecQName2IntegerGetInteger</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECQNAME2INTEGERGETSTRINGFROMINTEGER">xmlSecQName2IntegerGetStringFromInteger</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECQNAME2INTEGERINFOCONSTPTR">xmlSecQName2IntegerInfoConstPtr</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECQNAME2INTEGERINFO">xmlSecQName2IntegerInfo</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECQNAME2INTEGERNODEREAD">xmlSecQName2IntegerNodeRead</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECQNAME2INTEGERNODEWRITE">xmlSecQName2IntegerNodeWrite</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECREPLACECONTENTANDRETURN">xmlSecReplaceContentAndReturn</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECREPLACECONTENT">xmlSecReplaceContent</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECREPLACENODEANDRETURN">xmlSecReplaceNodeAndReturn</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECREPLACENODEBUFFERANDRETURN">xmlSecReplaceNodeBufferAndReturn</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECREPLACENODEBUFFER">xmlSecReplaceNodeBuffer</a></p></li>
+<li><p><a href="xmlsec-xmltree.html#XMLSECREPLACENODE">xmlSecReplaceNode</a></p></li>
+<li><p><a href="xmlsec-xmlsec.html#XMLSECSHUTDOWN">xmlSecShutdown</a></p></li>
+<li><p><a href="xmlsec-keysmngr.html#XMLSECSIMPLEKEYSSTOREADOPTKEY">xmlSecSimpleKeysStoreAdoptKey</a></p></li>
+<li><p><a href="xmlsec-keysmngr.html#XMLSECSIMPLEKEYSSTOREGETKEYS">xmlSecSimpleKeysStoreGetKeys</a></p></li>
+<li><p><a href="xmlsec-keysmngr.html#XMLSECSIMPLEKEYSSTOREGETKLASS">xmlSecSimpleKeysStoreGetKlass</a></p></li>
+<li><p><a href="xmlsec-keysmngr.html#XMLSECSIMPLEKEYSSTOREID">xmlSecSimpleKeysStoreId</a></p></li>
+<li><p><a href="xmlsec-keysmngr.html#XMLSECSIMPLEKEYSSTORELOAD">xmlSecSimpleKeysStoreLoad</a></p></li>
+<li><p><a href="xmlsec-keysmngr.html#XMLSECSIMPLEKEYSSTORESAVE">xmlSecSimpleKeysStoreSave</a></p></li>
+<li><p><font>XMLSEC-SIZE-BAD-CAST</font></p></li>
+<li><p><a href="xmlsec-xmlsec.html#XMLSECSIZE">xmlSecSize</a></p></li>
+<li><p><font>xmlSecSoap11AddBodyEntry</font></p></li>
+<li><p><font>xmlSecSoap11AddFaultEntry</font></p></li>
+<li><p><font>xmlSecSoap11CheckEnvelope</font></p></li>
+<li><p><font>xmlSecSoap11CreateEnvelope</font></p></li>
+<li><p><font>xmlSecSoap11EnsureHeader</font></p></li>
+<li><p><font>xmlSecSoap11GetBodyEntriesNumber</font></p></li>
+<li><p><font>xmlSecSoap11GetBodyEntry</font></p></li>
+<li><p><font>xmlSecSoap11GetBody</font></p></li>
+<li><p><font>xmlSecSoap11GetFaultEntry</font></p></li>
+<li><p><font>xmlSecSoap11GetHeader</font></p></li>
+<li><p><font>xmlSecSoap12AddBodyEntry</font></p></li>
+<li><p><font>xmlSecSoap12AddFaultDetailEntry</font></p></li>
+<li><p><font>xmlSecSoap12AddFaultEntry</font></p></li>
+<li><p><font>xmlSecSoap12AddFaultReasonText</font></p></li>
+<li><p><font>xmlSecSoap12AddFaultSubcode</font></p></li>
+<li><p><font>xmlSecSoap12CheckEnvelope</font></p></li>
+<li><p><font>xmlSecSoap12CreateEnvelope</font></p></li>
+<li><p><font>xmlSecSoap12EnsureHeader</font></p></li>
+<li><p><font>xmlSecSoap12FaultCode</font></p></li>
+<li><p><font>xmlSecSoap12GetBodyEntriesNumber</font></p></li>
+<li><p><font>xmlSecSoap12GetBodyEntry</font></p></li>
+<li><p><font>xmlSecSoap12GetBody</font></p></li>
+<li><p><font>xmlSecSoap12GetFaultEntry</font></p></li>
+<li><p><font>xmlSecSoap12GetHeader</font></p></li>
+<li><p><font>XMLSEC-STACK-OF-X509-CRL</font></p></li>
+<li><p><font>XMLSEC-STACK-OF-X509</font></p></li>
+<li><p><a href="xmlsec-list.html#XMLSECSTRINGLISTGETKLASS">xmlSecStringListGetKlass</a></p></li>
+<li><p><a href="xmlsec-list.html#XMLSECSTRINGLISTID">xmlSecStringListId</a></p></li>
+<li><p><font>xmlSecStrPrintf</font></p></li>
+<li><p><font>xmlSecStrVPrintf</font></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLCIPHERREFERENCEADDTRANSFORM">xmlSecTmplCipherReferenceAddTransform</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLENCDATAADDENCPROPERTY">xmlSecTmplEncDataAddEncProperty</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLENCDATACREATE">xmlSecTmplEncDataCreate</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLENCDATAENSURECIPHERREFERENCE">xmlSecTmplEncDataEnsureCipherReference</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLENCDATAENSURECIPHERVALUE">xmlSecTmplEncDataEnsureCipherValue</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLENCDATAENSUREENCPROPERTIES">xmlSecTmplEncDataEnsureEncProperties</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLENCDATAENSUREKEYINFO">xmlSecTmplEncDataEnsureKeyInfo</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLENCDATAGETENCMETHODNODE">xmlSecTmplEncDataGetEncMethodNode</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLKEYINFOADDENCRYPTEDKEY">xmlSecTmplKeyInfoAddEncryptedKey</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLKEYINFOADDKEYNAME">xmlSecTmplKeyInfoAddKeyName</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLKEYINFOADDKEYVALUE">xmlSecTmplKeyInfoAddKeyValue</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLKEYINFOADDRETRIEVALMETHOD">xmlSecTmplKeyInfoAddRetrievalMethod</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLKEYINFOADDX509DATA">xmlSecTmplKeyInfoAddX509Data</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLMANIFESTADDREFERENCE">xmlSecTmplManifestAddReference</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLOBJECTADDMANIFEST">xmlSecTmplObjectAddManifest</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLOBJECTADDSIGNPROPERTIES">xmlSecTmplObjectAddSignProperties</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLREFERENCEADDTRANSFORM">xmlSecTmplReferenceAddTransform</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLREFERENCELISTADDDATAREFERENCE">xmlSecTmplReferenceListAddDataReference</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLREFERENCELISTADDKEYREFERENCE">xmlSecTmplReferenceListAddKeyReference</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLRETRIEVALMETHODADDTRANSFORM">xmlSecTmplRetrievalMethodAddTransform</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLSIGNATUREADDOBJECT">xmlSecTmplSignatureAddObject</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLSIGNATUREADDREFERENCE">xmlSecTmplSignatureAddReference</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLSIGNATURECREATE">xmlSecTmplSignatureCreate</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLSIGNATURECREATENSPREF">xmlSecTmplSignatureCreateNsPref</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLSIGNATUREENSUREKEYINFO">xmlSecTmplSignatureEnsureKeyInfo</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLSIGNATUREGETC14NMETHODNODE">xmlSecTmplSignatureGetC14NMethodNode</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLSIGNATUREGETSIGNMETHODNODE">xmlSecTmplSignatureGetSignMethodNode</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLTRANSFORMADDC14NINCLNAMESPACES">xmlSecTmplTransformAddC14NInclNamespaces</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLTRANSFORMADDHMACOUTPUTLENGTH">xmlSecTmplTransformAddHmacOutputLength</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLTRANSFORMADDRSAOAEPPARAM">xmlSecTmplTransformAddRsaOaepParam</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLTRANSFORMADDXPATH2">xmlSecTmplTransformAddXPath2</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLTRANSFORMADDXPATH">xmlSecTmplTransformAddXPath</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLTRANSFORMADDXPOINTER">xmlSecTmplTransformAddXPointer</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLTRANSFORMADDXSLTSTYLESHEET">xmlSecTmplTransformAddXsltStylesheet</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLX509DATAADDCERTIFICATE">xmlSecTmplX509DataAddCertificate</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLX509DATAADDCRL">xmlSecTmplX509DataAddCRL</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLX509DATAADDISSUERSERIAL">xmlSecTmplX509DataAddIssuerSerial</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLX509DATAADDSKI">xmlSecTmplX509DataAddSKI</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLX509DATAADDSUBJECTNAME">xmlSecTmplX509DataAddSubjectName</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLX509ISSUERSERIALADDISSUERNAME">xmlSecTmplX509IssuerSerialAddIssuerName</a></p></li>
+<li><p><a href="xmlsec-templates.html#XMLSECTMPLX509ISSUERSERIALADDSERIALNUMBER">xmlSecTmplX509IssuerSerialAddSerialNumber</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMAES128CBCGETKLASS">xmlSecTransformAes128CbcGetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMAES128CBCID">xmlSecTransformAes128CbcId</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMAES192CBCGETKLASS">xmlSecTransformAes192CbcGetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMAES192CBCID">xmlSecTransformAes192CbcId</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMAES256CBCGETKLASS">xmlSecTransformAes256CbcGetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMAES256CBCID">xmlSecTransformAes256CbcId</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMBASE64GETKLASS">xmlSecTransformBase64GetKlass</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMBASE64ID">xmlSecTransformBase64Id</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMBASE64SETLINESIZE">xmlSecTransformBase64SetLineSize</a></p></li>
+<li><p><font>XMLSEC-TRANSFORM-BINARY-CHUNK</font></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMCHECKID">xmlSecTransformCheckId</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMCHECKSIZE">xmlSecTransformCheckSize</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMCONNECT">xmlSecTransformConnect</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMCREATEINPUTBUFFER">xmlSecTransformCreateInputBuffer</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMCREATE">xmlSecTransformCreate</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMCREATEOUTPUTBUFFER">xmlSecTransformCreateOutputBuffer</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXAPPEND">xmlSecTransformCtxAppend</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXBINARYEXECUTE">xmlSecTransformCtxBinaryExecute</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXCOPYUSERPREF">xmlSecTransformCtxCopyUserPref</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXCREATEANDAPPEND">xmlSecTransformCtxCreateAndAppend</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXCREATEANDPREPEND">xmlSecTransformCtxCreateAndPrepend</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXCREATE">xmlSecTransformCtxCreate</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXDEBUGDUMP">xmlSecTransformCtxDebugDump</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXDEBUGXMLDUMP">xmlSecTransformCtxDebugXmlDump</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXDESTROY">xmlSecTransformCtxDestroy</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXEXECUTE">xmlSecTransformCtxExecute</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXFINALIZE">xmlSecTransformCtxFinalize</a></p></li>
+<li><p><font>XMLSEC-TRANSFORMCTX-FLAGS-USE-VISA3D-HACK</font></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXINITIALIZE">xmlSecTransformCtxInitialize</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX">xmlSecTransformCtx</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXNODEREAD">xmlSecTransformCtxNodeRead</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXNODESLISTREAD">xmlSecTransformCtxNodesListRead</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXPREEXECUTECALLBACK">xmlSecTransformCtxPreExecuteCallback</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXPREPARE">xmlSecTransformCtxPrepare</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXPREPEND">xmlSecTransformCtxPrepend</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXRESET">xmlSecTransformCtxReset</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXSETURI">xmlSecTransformCtxSetUri</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXURIEXECUTE">xmlSecTransformCtxUriExecute</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXXMLEXECUTE">xmlSecTransformCtxXmlExecute</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMDATATYPEBIN">xmlSecTransformDataTypeBin</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMDATATYPE">xmlSecTransformDataType</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMDATATYPEUNKNOWN">xmlSecTransformDataTypeUnknown</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMDATATYPEXML">xmlSecTransformDataTypeXml</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMDEBUGDUMP">xmlSecTransformDebugDump</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMDEBUGXMLDUMP">xmlSecTransformDebugXmlDump</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMDEFAULTGETDATATYPE">xmlSecTransformDefaultGetDataType</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMDEFAULTPOPBIN">xmlSecTransformDefaultPopBin</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMDEFAULTPOPXML">xmlSecTransformDefaultPopXml</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMDEFAULTPUSHBIN">xmlSecTransformDefaultPushBin</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMDEFAULTPUSHXML">xmlSecTransformDefaultPushXml</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMDES3CBCGETKLASS">xmlSecTransformDes3CbcGetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMDES3CBCID">xmlSecTransformDes3CbcId</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMDESTROY">xmlSecTransformDestroy</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMDSASHA1GETKLASS">xmlSecTransformDsaSha1GetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMDSASHA1ID">xmlSecTransformDsaSha1Id</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMENVELOPEDGETKLASS">xmlSecTransformEnvelopedGetKlass</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMENVELOPEDID">xmlSecTransformEnvelopedId</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMEXCLC14NGETKLASS">xmlSecTransformExclC14NGetKlass</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMEXCLC14NID">xmlSecTransformExclC14NId</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMEXCLC14NWITHCOMMENTSGETKLASS">xmlSecTransformExclC14NWithCommentsGetKlass</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMEXCLC14NWITHCOMMENTSID">xmlSecTransformExclC14NWithCommentsId</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMEXECUTEMETHOD">xmlSecTransformExecuteMethod</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMEXECUTE">xmlSecTransformExecute</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMFINALIZEMETHOD">xmlSecTransformFinalizeMethod</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMGETDATATYPEMETHOD">xmlSecTransformGetDataTypeMethod</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMGETDATATYPE">xmlSecTransformGetDataType</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMGETNAME">xmlSecTransformGetName</a></p></li>
+<li><p><font>xmlSecTransformGost2001GostR3411-94GetKlass</font></p></li>
+<li><p><font>xmlSecTransformGost2001GostR3411-94Id</font></p></li>
+<li><p><font>xmlSecTransformGostR3411-94GetKlass</font></p></li>
+<li><p><font>xmlSecTransformGostR3411-94Id</font></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMHMACMD5GETKLASS">xmlSecTransformHmacMd5GetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMHMACMD5ID">xmlSecTransformHmacMd5Id</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMHMACRIPEMD160GETKLASS">xmlSecTransformHmacRipemd160GetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMHMACRIPEMD160ID">xmlSecTransformHmacRipemd160Id</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMHMACSHA1GETKLASS">xmlSecTransformHmacSha1GetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMHMACSHA1ID">xmlSecTransformHmacSha1Id</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMHMACSHA224GETKLASS">xmlSecTransformHmacSha224GetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMHMACSHA224ID">xmlSecTransformHmacSha224Id</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMHMACSHA256GETKLASS">xmlSecTransformHmacSha256GetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMHMACSHA256ID">xmlSecTransformHmacSha256Id</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMHMACSHA384GETKLASS">xmlSecTransformHmacSha384GetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMHMACSHA384ID">xmlSecTransformHmacSha384Id</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMHMACSHA512GETKLASS">xmlSecTransformHmacSha512GetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMHMACSHA512ID">xmlSecTransformHmacSha512Id</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMIDLISTDEBUGDUMP">xmlSecTransformIdListDebugDump</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMIDLISTDEBUGXMLDUMP">xmlSecTransformIdListDebugXmlDump</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMIDLISTFINDBYHREF">xmlSecTransformIdListFindByHref</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMIDLISTFINDBYNAME">xmlSecTransformIdListFindByName</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMIDLISTFIND">xmlSecTransformIdListFind</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMIDLISTGETKLASS">xmlSecTransformIdListGetKlass</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMIDLISTID">xmlSecTransformIdListId</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMIDSGET">xmlSecTransformIdsGet</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMIDSINIT">xmlSecTransformIdsInit</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMIDSREGISTERDEFAULT">xmlSecTransformIdsRegisterDefault</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMIDSREGISTER">xmlSecTransformIdsRegister</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMIDSSHUTDOWN">xmlSecTransformIdsShutdown</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMIDUNKNOWN">xmlSecTransformIdUnknown</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMINCLC14N11GETKLASS">xmlSecTransformInclC14N11GetKlass</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMINCLC14N11ID">xmlSecTransformInclC14N11Id</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMINCLC14N11WITHCOMMENTSGETKLASS">xmlSecTransformInclC14N11WithCommentsGetKlass</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMINCLC14N11WITHCOMMENTSID">xmlSecTransformInclC14N11WithCommentsId</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMINCLC14NGETKLASS">xmlSecTransformInclC14NGetKlass</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMINCLC14NID">xmlSecTransformInclC14NId</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMINCLC14NWITHCOMMENTSGETKLASS">xmlSecTransformInclC14NWithCommentsGetKlass</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMINCLC14NWITHCOMMENTSID">xmlSecTransformInclC14NWithCommentsId</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMINITIALIZEMETHOD">xmlSecTransformInitializeMethod</a></p></li>
+<li><p><a href="xmlsec-io.html#XMLSECTRANSFORMINPUTURIGETKLASS">xmlSecTransformInputURIGetKlass</a></p></li>
+<li><p><a href="xmlsec-io.html#XMLSECTRANSFORMINPUTURIID">xmlSecTransformInputURIId</a></p></li>
+<li><p><a href="xmlsec-io.html#XMLSECTRANSFORMINPUTURIOPEN">xmlSecTransformInputURIOpen</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMISVALID">xmlSecTransformIsValid</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMKLASSGETNAME">xmlSecTransformKlassGetName</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMKLASS">xmlSecTransformKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMKWAES128GETKLASS">xmlSecTransformKWAes128GetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMKWAES128ID">xmlSecTransformKWAes128Id</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMKWAES192GETKLASS">xmlSecTransformKWAes192GetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMKWAES192ID">xmlSecTransformKWAes192Id</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMKWAES256GETKLASS">xmlSecTransformKWAes256GetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMKWAES256ID">xmlSecTransformKWAes256Id</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMKWDES3GETKLASS">xmlSecTransformKWDes3GetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMKWDES3ID">xmlSecTransformKWDes3Id</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMMD5GETKLASS">xmlSecTransformMd5GetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMMD5ID">xmlSecTransformMd5Id</a></p></li>
+<li><p><a href="xmlsec-membuf.html#XMLSECTRANSFORMMEMBUFGETBUFFER">xmlSecTransformMemBufGetBuffer</a></p></li>
+<li><p><a href="xmlsec-membuf.html#XMLSECTRANSFORMMEMBUFGETKLASS">xmlSecTransformMemBufGetKlass</a></p></li>
+<li><p><a href="xmlsec-membuf.html#XMLSECTRANSFORMMEMBUFID">xmlSecTransformMemBufId</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMMODE">xmlSecTransformMode</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORM">xmlSecTransform</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMNODEREADMETHOD">xmlSecTransformNodeReadMethod</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMNODEREAD">xmlSecTransformNodeRead</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMNODEWRITEMETHOD">xmlSecTransformNodeWriteMethod</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMOPERATION">xmlSecTransformOperation</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMPOPBINMETHOD">xmlSecTransformPopBinMethod</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMPOPBIN">xmlSecTransformPopBin</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMPOPXMLMETHOD">xmlSecTransformPopXmlMethod</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMPOPXML">xmlSecTransformPopXml</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMPUMP">xmlSecTransformPump</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMPUSHBINMETHOD">xmlSecTransformPushBinMethod</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMPUSHBIN">xmlSecTransformPushBin</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMPUSHXMLMETHOD">xmlSecTransformPushXmlMethod</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMPUSHXML">xmlSecTransformPushXml</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMREMOVE">xmlSecTransformRemove</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMREMOVEXMLTAGSC14NGETKLASS">xmlSecTransformRemoveXmlTagsC14NGetKlass</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMREMOVEXMLTAGSC14NID">xmlSecTransformRemoveXmlTagsC14NId</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMRIPEMD160GETKLASS">xmlSecTransformRipemd160GetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMRIPEMD160ID">xmlSecTransformRipemd160Id</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMRSAMD5GETKLASS">xmlSecTransformRsaMd5GetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMRSAMD5ID">xmlSecTransformRsaMd5Id</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMRSAOAEPGETKLASS">xmlSecTransformRsaOaepGetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMRSAOAEPID">xmlSecTransformRsaOaepId</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMRSAPKCS1GETKLASS">xmlSecTransformRsaPkcs1GetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMRSAPKCS1ID">xmlSecTransformRsaPkcs1Id</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMRSARIPEMD160GETKLASS">xmlSecTransformRsaRipemd160GetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMRSARIPEMD160ID">xmlSecTransformRsaRipemd160Id</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMRSASHA1GETKLASS">xmlSecTransformRsaSha1GetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMRSASHA1ID">xmlSecTransformRsaSha1Id</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMRSASHA224GETKLASS">xmlSecTransformRsaSha224GetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMRSASHA224ID">xmlSecTransformRsaSha224Id</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMRSASHA256GETKLASS">xmlSecTransformRsaSha256GetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMRSASHA256ID">xmlSecTransformRsaSha256Id</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMRSASHA384GETKLASS">xmlSecTransformRsaSha384GetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMRSASHA384ID">xmlSecTransformRsaSha384Id</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMRSASHA512GETKLASS">xmlSecTransformRsaSha512GetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMRSASHA512ID">xmlSecTransformRsaSha512Id</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMSETKEYMETHOD">xmlSecTransformSetKeyMethod</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMSETKEY">xmlSecTransformSetKey</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMSETKEYREQ">xmlSecTransformSetKeyReq</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMSETKEYREQUIREMENTSMETHOD">xmlSecTransformSetKeyRequirementsMethod</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMSHA1GETKLASS">xmlSecTransformSha1GetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMSHA1ID">xmlSecTransformSha1Id</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMSHA224GETKLASS">xmlSecTransformSha224GetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMSHA224ID">xmlSecTransformSha224Id</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMSHA256GETKLASS">xmlSecTransformSha256GetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMSHA256ID">xmlSecTransformSha256Id</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMSHA384GETKLASS">xmlSecTransformSha384GetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMSHA384ID">xmlSecTransformSha384Id</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMSHA512GETKLASS">xmlSecTransformSha512GetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECTRANSFORMSHA512ID">xmlSecTransformSha512Id</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMSTATUS">xmlSecTransformStatus</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMURITYPEANY">xmlSecTransformUriTypeAny</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMURITYPECHECK">xmlSecTransformUriTypeCheck</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMURITYPEEMPTY">xmlSecTransformUriTypeEmpty</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMURITYPELOCAL">xmlSecTransformUriTypeLocal</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMURITYPE">xmlSecTransformUriType</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMURITYPENONE">xmlSecTransformUriTypeNone</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMURITYPEREMOTE">xmlSecTransformUriTypeRemote</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMURITYPESAMEDOCUMENT">xmlSecTransformUriTypeSameDocument</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMUSAGEANY">xmlSecTransformUsageAny</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMUSAGEC14NMETHOD">xmlSecTransformUsageC14NMethod</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMUSAGEDIGESTMETHOD">xmlSecTransformUsageDigestMethod</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMUSAGEDSIGTRANSFORM">xmlSecTransformUsageDSigTransform</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMUSAGEENCRYPTIONMETHOD">xmlSecTransformUsageEncryptionMethod</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMUSAGE">xmlSecTransformUsage</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMUSAGESIGNATUREMETHOD">xmlSecTransformUsageSignatureMethod</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMUSAGEUNKNOWN">xmlSecTransformUsageUnknown</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMVERIFYMETHOD">xmlSecTransformVerifyMethod</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMVERIFY">xmlSecTransformVerify</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMVERIFYNODECONTENT">xmlSecTransformVerifyNodeContent</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMVISA3DHACKGETKLASS">xmlSecTransformVisa3DHackGetKlass</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMVISA3DHACKID">xmlSecTransformVisa3DHackId</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMVISA3DHACKSETID">xmlSecTransformVisa3DHackSetID</a></p></li>
+<li><p><a href="xmlsec-parser.html#XMLSECTRANSFORMXMLPARSERGETKLASS">xmlSecTransformXmlParserGetKlass</a></p></li>
+<li><p><a href="xmlsec-parser.html#XMLSECTRANSFORMXMLPARSERID">xmlSecTransformXmlParserId</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMXPATH2GETKLASS">xmlSecTransformXPath2GetKlass</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMXPATH2ID">xmlSecTransformXPath2Id</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMXPATHGETKLASS">xmlSecTransformXPathGetKlass</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMXPATHID">xmlSecTransformXPathId</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMXPOINTERGETKLASS">xmlSecTransformXPointerGetKlass</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMXPOINTERID">xmlSecTransformXPointerId</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMXPOINTERSETEXPR">xmlSecTransformXPointerSetExpr</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMXSLTGETKLASS">xmlSecTransformXsltGetKlass</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMXSLTID">xmlSecTransformXsltId</a></p></li>
+<li><p><a href="xmlsec-transforms.html#XMLSECTRANSFORMXSLTSETDEFAULTSECURITYPREFS">xmlSecTransformXsltSetDefaultSecurityPrefs</a></p></li>
+<li><p><font>XMLSEC-VERSION-INFO</font></p></li>
+<li><p><font>XMLSEC-VERSION-MAJOR</font></p></li>
+<li><p><font>XMLSEC-VERSION-MINOR</font></p></li>
+<li><p><font>XMLSEC-VERSION</font></p></li>
+<li><p><font>XMLSEC-VERSION-SUBMINOR</font></p></li>
+<li><p><font>XMLSEC-X509DATA-CERTIFICATE-NODE</font></p></li>
+<li><p><font>XMLSEC-X509DATA-CRL-NODE</font></p></li>
+<li><p><font>XMLSEC-X509DATA-DEFAULT</font></p></li>
+<li><p><a href="xmlsec-x509.html#XMLSECX509DATAGETNODECONTENT">xmlSecX509DataGetNodeContent</a></p></li>
+<li><p><font>XMLSEC-X509DATA-ISSUERSERIAL-NODE</font></p></li>
+<li><p><font>XMLSEC-X509DATA-SKI-NODE</font></p></li>
+<li><p><font>XMLSEC-X509DATA-SUBJECTNAME-NODE</font></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECX509STOREGETKLASS">xmlSecX509StoreGetKlass</a></p></li>
+<li><p><a href="xmlsec-app.html#XMLSECX509STOREID">xmlSecX509StoreId</a></p></li>
+</ul>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-mscrypto-x509.html"><b>&lt;&lt;&lt; x509</b></a></td>
+<td align="right"></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-index.sgml b/docs/api/xmlsec-index.sgml
new file mode 100644
index 00000000..71071fa3
--- /dev/null
+++ b/docs/api/xmlsec-index.sgml
@@ -0,0 +1,1471 @@
+<listitem><para><link linkend="ATTRIBUTE-UNUSED-CAPS">ATTRIBUTE-UNUSED</link></para></listitem>
+<listitem><para><link linkend="xmlEncCtxMode">xmlEncCtxMode</link></para></listitem>
+<listitem><para><link linkend="xmlSecAddChild">xmlSecAddChild</link></para></listitem>
+<listitem><para><link linkend="xmlSecAddChildNode">xmlSecAddChildNode</link></para></listitem>
+<listitem><para><link linkend="xmlSecAddIDs">xmlSecAddIDs</link></para></listitem>
+<listitem><para><link linkend="xmlSecAddNextSibling">xmlSecAddNextSibling</link></para></listitem>
+<listitem><para><link linkend="xmlSecAddPrevSibling">xmlSecAddPrevSibling</link></para></listitem>
+<listitem><para><link linkend="xmlSecAllocMode">xmlSecAllocMode</link></para></listitem>
+<listitem><para><link linkend="xmlSecAssert2">xmlSecAssert2</link></para></listitem>
+<listitem><para><link linkend="xmlSecAssert">xmlSecAssert</link></para></listitem>
+<listitem><para><link linkend="xmlSecBase64CtxCreate">xmlSecBase64CtxCreate</link></para></listitem>
+<listitem><para><link linkend="xmlSecBase64CtxDestroy">xmlSecBase64CtxDestroy</link></para></listitem>
+<listitem><para><link linkend="xmlSecBase64CtxFinalize">xmlSecBase64CtxFinalize</link></para></listitem>
+<listitem><para><link linkend="xmlSecBase64CtxFinal">xmlSecBase64CtxFinal</link></para></listitem>
+<listitem><para><link linkend="xmlSecBase64CtxInitialize">xmlSecBase64CtxInitialize</link></para></listitem>
+<listitem><para><link linkend="xmlSecBase64CtxUpdate">xmlSecBase64CtxUpdate</link></para></listitem>
+<listitem><para><link linkend="xmlSecBase64Decode">xmlSecBase64Decode</link></para></listitem>
+<listitem><para><link linkend="xmlSecBase64Encode">xmlSecBase64Encode</link></para></listitem>
+<listitem><para><link linkend="xmlSecBase64GetDefaultLineSize">xmlSecBase64GetDefaultLineSize</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-BASE64-LINESIZE-CAPS">XMLSEC-BASE64-LINESIZE</link></para></listitem>
+<listitem><para><link linkend="xmlSecBase64SetDefaultLineSize">xmlSecBase64SetDefaultLineSize</link></para></listitem>
+<listitem><para><link linkend="xmlSecBitMask">xmlSecBitMask</link></para></listitem>
+<listitem><para><link linkend="xmlSecBnAdd">xmlSecBnAdd</link></para></listitem>
+<listitem><para><link linkend="xmlSecBnBlobSetNodeValue">xmlSecBnBlobSetNodeValue</link></para></listitem>
+<listitem><para><link linkend="xmlSecBnCompare">xmlSecBnCompare</link></para></listitem>
+<listitem><para><link linkend="xmlSecBnCompareReverse">xmlSecBnCompareReverse</link></para></listitem>
+<listitem><para><link linkend="xmlSecBnCreate">xmlSecBnCreate</link></para></listitem>
+<listitem><para><link linkend="xmlSecBnDestroy">xmlSecBnDestroy</link></para></listitem>
+<listitem><para><link linkend="xmlSecBnDiv">xmlSecBnDiv</link></para></listitem>
+<listitem><para><link linkend="xmlSecBnFinalize">xmlSecBnFinalize</link></para></listitem>
+<listitem><para><link linkend="xmlSecBnFormat">xmlSecBnFormat</link></para></listitem>
+<listitem><para><link linkend="xmlSecBnFromDecString">xmlSecBnFromDecString</link></para></listitem>
+<listitem><para><link linkend="xmlSecBnFromHexString">xmlSecBnFromHexString</link></para></listitem>
+<listitem><para><link linkend="xmlSecBnFromString">xmlSecBnFromString</link></para></listitem>
+<listitem><para><link linkend="xmlSecBnGetData">xmlSecBnGetData</link></para></listitem>
+<listitem><para><link linkend="xmlSecBnGetNodeValue">xmlSecBnGetNodeValue</link></para></listitem>
+<listitem><para><link linkend="xmlSecBnGetSize">xmlSecBnGetSize</link></para></listitem>
+<listitem><para><link linkend="xmlSecBnInitialize">xmlSecBnInitialize</link></para></listitem>
+<listitem><para><link linkend="xmlSecBnMul">xmlSecBnMul</link></para></listitem>
+<listitem><para><link linkend="xmlSecBnReverse">xmlSecBnReverse</link></para></listitem>
+<listitem><para><link linkend="xmlSecBnSetData">xmlSecBnSetData</link></para></listitem>
+<listitem><para><link linkend="xmlSecBnSetNodeValue">xmlSecBnSetNodeValue</link></para></listitem>
+<listitem><para><link linkend="xmlSecBnToDecString">xmlSecBnToDecString</link></para></listitem>
+<listitem><para><link linkend="xmlSecBnToHexString">xmlSecBnToHexString</link></para></listitem>
+<listitem><para><link linkend="xmlSecBnToString">xmlSecBnToString</link></para></listitem>
+<listitem><para><link linkend="xmlSecBnZero">xmlSecBnZero</link></para></listitem>
+<listitem><para><link linkend="xmlSecBufferAppend">xmlSecBufferAppend</link></para></listitem>
+<listitem><para><link linkend="xmlSecBufferBase64NodeContentRead">xmlSecBufferBase64NodeContentRead</link></para></listitem>
+<listitem><para><link linkend="xmlSecBufferBase64NodeContentWrite">xmlSecBufferBase64NodeContentWrite</link></para></listitem>
+<listitem><para><link linkend="xmlSecBufferCreate">xmlSecBufferCreate</link></para></listitem>
+<listitem><para><link linkend="xmlSecBufferCreateOutputBuffer">xmlSecBufferCreateOutputBuffer</link></para></listitem>
+<listitem><para><link linkend="xmlSecBufferDestroy">xmlSecBufferDestroy</link></para></listitem>
+<listitem><para><link linkend="xmlSecBufferEmpty">xmlSecBufferEmpty</link></para></listitem>
+<listitem><para><link linkend="xmlSecBufferFinalize">xmlSecBufferFinalize</link></para></listitem>
+<listitem><para><link linkend="xmlSecBufferGetData">xmlSecBufferGetData</link></para></listitem>
+<listitem><para><link linkend="xmlSecBufferGetMaxSize">xmlSecBufferGetMaxSize</link></para></listitem>
+<listitem><para><link linkend="xmlSecBufferGetSize">xmlSecBufferGetSize</link></para></listitem>
+<listitem><para><link linkend="xmlSecBufferInitialize">xmlSecBufferInitialize</link></para></listitem>
+<listitem><para><link linkend="xmlSecBuffer">xmlSecBuffer</link></para></listitem>
+<listitem><para><link linkend="xmlSecBufferPrepend">xmlSecBufferPrepend</link></para></listitem>
+<listitem><para><link linkend="xmlSecBufferReadFile">xmlSecBufferReadFile</link></para></listitem>
+<listitem><para><link linkend="xmlSecBufferRemoveHead">xmlSecBufferRemoveHead</link></para></listitem>
+<listitem><para><link linkend="xmlSecBufferRemoveTail">xmlSecBufferRemoveTail</link></para></listitem>
+<listitem><para><link linkend="xmlSecBufferSetData">xmlSecBufferSetData</link></para></listitem>
+<listitem><para><link linkend="xmlSecBufferSetDefaultAllocMode">xmlSecBufferSetDefaultAllocMode</link></para></listitem>
+<listitem><para><link linkend="xmlSecBufferSetMaxSize">xmlSecBufferSetMaxSize</link></para></listitem>
+<listitem><para><link linkend="xmlSecBufferSetSize">xmlSecBufferSetSize</link></para></listitem>
+<listitem><para><link linkend="xmlSecByte">xmlSecByte</link></para></listitem>
+<listitem><para><link linkend="xmlSecCheckNodeName">xmlSecCheckNodeName</link></para></listitem>
+<listitem><para><link linkend="xmlSecCheckVersionExact">xmlSecCheckVersionExact</link></para></listitem>
+<listitem><para><link linkend="xmlSecCheckVersionExt">xmlSecCheckVersionExt</link></para></listitem>
+<listitem><para><link linkend="xmlSecCheckVersionMode">xmlSecCheckVersionMode</link></para></listitem>
+<listitem><para><link linkend="xmlSecCheckVersion">xmlSecCheckVersion</link></para></listitem>
+<listitem><para><link linkend="xmlSecCreateTree">xmlSecCreateTree</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoAppDefaultKeysMngrAdoptKey">xmlSecCryptoAppDefaultKeysMngrAdoptKey</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoAppDefaultKeysMngrInit">xmlSecCryptoAppDefaultKeysMngrInit</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoAppDefaultKeysMngrLoad">xmlSecCryptoAppDefaultKeysMngrLoad</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoAppDefaultKeysMngrSave">xmlSecCryptoAppDefaultKeysMngrSave</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoAppGetDefaultPwdCallback">xmlSecCryptoAppGetDefaultPwdCallback</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoAppInitMethod">xmlSecCryptoAppInitMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoAppInit">xmlSecCryptoAppInit</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoAppKeyCertLoadMemoryMethod">xmlSecCryptoAppKeyCertLoadMemoryMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoAppKeyCertLoadMemory">xmlSecCryptoAppKeyCertLoadMemory</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoAppKeyCertLoadMethod">xmlSecCryptoAppKeyCertLoadMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoAppKeyCertLoad">xmlSecCryptoAppKeyCertLoad</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoAppKeyLoadMemoryMethod">xmlSecCryptoAppKeyLoadMemoryMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoAppKeyLoadMemory">xmlSecCryptoAppKeyLoadMemory</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoAppKeyLoadMethod">xmlSecCryptoAppKeyLoadMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoAppKeyLoad">xmlSecCryptoAppKeyLoad</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoAppKeysMngrCertLoadMemoryMethod">xmlSecCryptoAppKeysMngrCertLoadMemoryMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoAppKeysMngrCertLoadMemory">xmlSecCryptoAppKeysMngrCertLoadMemory</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoAppKeysMngrCertLoadMethod">xmlSecCryptoAppKeysMngrCertLoadMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoAppKeysMngrCertLoad">xmlSecCryptoAppKeysMngrCertLoad</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoAppPkcs12LoadMemoryMethod">xmlSecCryptoAppPkcs12LoadMemoryMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoAppPkcs12LoadMemory">xmlSecCryptoAppPkcs12LoadMemory</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoAppPkcs12LoadMethod">xmlSecCryptoAppPkcs12LoadMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoAppPkcs12Load">xmlSecCryptoAppPkcs12Load</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoAppShutdownMethod">xmlSecCryptoAppShutdownMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoAppShutdown">xmlSecCryptoAppShutdown</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoDLFunctions">xmlSecCryptoDLFunctions</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms">xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoDLGetFunctions">xmlSecCryptoDLGetFunctions</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoDLGetLibraryFunctions">xmlSecCryptoDLGetLibraryFunctions</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoDLInit">xmlSecCryptoDLInit</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoDLLoadLibrary">xmlSecCryptoDLLoadLibrary</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoDLSetFunctions">xmlSecCryptoDLSetFunctions</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoDLShutdown">xmlSecCryptoDLShutdown</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoDLUnloadLibrary">xmlSecCryptoDLUnloadLibrary</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoGetFunctions-gcrypt-CAPS">xmlSecCryptoGetFunctions-gcrypt</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoGetFunctions-gnutls-CAPS">xmlSecCryptoGetFunctions-gnutls</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoGetFunctions-mscrypto-CAPS">xmlSecCryptoGetFunctions-mscrypto</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoGetFunctions-nss-CAPS">xmlSecCryptoGetFunctions-nss</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoGetFunctions-openssl-CAPS">xmlSecCryptoGetFunctions-openssl</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoInitMethod">xmlSecCryptoInitMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoInit">xmlSecCryptoInit</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoKeyDataGetKlassMethod">xmlSecCryptoKeyDataGetKlassMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoKeyDataStoreGetKlassMethod">xmlSecCryptoKeyDataStoreGetKlassMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoKeysMngrInitMethod">xmlSecCryptoKeysMngrInitMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoKeysMngrInit">xmlSecCryptoKeysMngrInit</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoShutdownMethod">xmlSecCryptoShutdownMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoShutdown">xmlSecCryptoShutdown</link></para></listitem>
+<listitem><para><link linkend="xmlSecCryptoTransformGetKlassMethod">xmlSecCryptoTransformGetKlassMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecDSigCtxCreate">xmlSecDSigCtxCreate</link></para></listitem>
+<listitem><para><link linkend="xmlSecDSigCtxDebugDump">xmlSecDSigCtxDebugDump</link></para></listitem>
+<listitem><para><link linkend="xmlSecDSigCtxDebugXmlDump">xmlSecDSigCtxDebugXmlDump</link></para></listitem>
+<listitem><para><link linkend="xmlSecDSigCtxDestroy">xmlSecDSigCtxDestroy</link></para></listitem>
+<listitem><para><link linkend="xmlSecDSigCtxEnableReferenceTransform">xmlSecDSigCtxEnableReferenceTransform</link></para></listitem>
+<listitem><para><link linkend="xmlSecDSigCtxEnableSignatureTransform">xmlSecDSigCtxEnableSignatureTransform</link></para></listitem>
+<listitem><para><link linkend="xmlSecDSigCtxFinalize">xmlSecDSigCtxFinalize</link></para></listitem>
+<listitem><para><link linkend="xmlSecDSigCtxGetPreSignBuffer">xmlSecDSigCtxGetPreSignBuffer</link></para></listitem>
+<listitem><para><link linkend="xmlSecDSigCtxInitialize">xmlSecDSigCtxInitialize</link></para></listitem>
+<listitem><para><link linkend="xmlSecDSigCtx">xmlSecDSigCtx</link></para></listitem>
+<listitem><para><link linkend="xmlSecDSigCtxSign">xmlSecDSigCtxSign</link></para></listitem>
+<listitem><para><link linkend="xmlSecDSigCtxVerify">xmlSecDSigCtxVerify</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-DSIG-FLAGS-IGNORE-MANIFESTS-CAPS">XMLSEC-DSIG-FLAGS-IGNORE-MANIFESTS</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-DSIG-FLAGS-STORE-MANIFEST-REFERENCES-CAPS">XMLSEC-DSIG-FLAGS-STORE-MANIFEST-REFERENCES</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-DSIG-FLAGS-STORE-SIGNATURE-CAPS">XMLSEC-DSIG-FLAGS-STORE-SIGNATURE</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-DSIG-FLAGS-STORE-SIGNEDINFO-REFERENCES-CAPS">XMLSEC-DSIG-FLAGS-STORE-SIGNEDINFO-REFERENCES</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-DSIG-FLAGS-USE-VISA3D-HACK-CAPS">XMLSEC-DSIG-FLAGS-USE-VISA3D-HACK</link></para></listitem>
+<listitem><para><link linkend="xmlSecDSigReferenceCtxCreate">xmlSecDSigReferenceCtxCreate</link></para></listitem>
+<listitem><para><link linkend="xmlSecDSigReferenceCtxDebugDump">xmlSecDSigReferenceCtxDebugDump</link></para></listitem>
+<listitem><para><link linkend="xmlSecDSigReferenceCtxDebugXmlDump">xmlSecDSigReferenceCtxDebugXmlDump</link></para></listitem>
+<listitem><para><link linkend="xmlSecDSigReferenceCtxDestroy">xmlSecDSigReferenceCtxDestroy</link></para></listitem>
+<listitem><para><link linkend="xmlSecDSigReferenceCtxFinalize">xmlSecDSigReferenceCtxFinalize</link></para></listitem>
+<listitem><para><link linkend="xmlSecDSigReferenceCtxGetPreDigestBuffer">xmlSecDSigReferenceCtxGetPreDigestBuffer</link></para></listitem>
+<listitem><para><link linkend="xmlSecDSigReferenceCtxInitialize">xmlSecDSigReferenceCtxInitialize</link></para></listitem>
+<listitem><para><link linkend="xmlSecDSigReferenceCtxListGetKlass">xmlSecDSigReferenceCtxListGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecDSigReferenceCtxListId">xmlSecDSigReferenceCtxListId</link></para></listitem>
+<listitem><para><link linkend="xmlSecDSigReferenceCtx">xmlSecDSigReferenceCtx</link></para></listitem>
+<listitem><para><link linkend="xmlSecDSigReferenceCtxProcessNode">xmlSecDSigReferenceCtxProcessNode</link></para></listitem>
+<listitem><para><link linkend="xmlSecDSigReferenceOrigin">xmlSecDSigReferenceOrigin</link></para></listitem>
+<listitem><para><link linkend="xmlSecDSigStatus">xmlSecDSigStatus</link></para></listitem>
+<listitem><para><link linkend="xmlSecEncCtxBinaryEncrypt">xmlSecEncCtxBinaryEncrypt</link></para></listitem>
+<listitem><para><link linkend="xmlSecEncCtxCopyUserPref">xmlSecEncCtxCopyUserPref</link></para></listitem>
+<listitem><para><link linkend="xmlSecEncCtxCreate">xmlSecEncCtxCreate</link></para></listitem>
+<listitem><para><link linkend="xmlSecEncCtxDebugDump">xmlSecEncCtxDebugDump</link></para></listitem>
+<listitem><para><link linkend="xmlSecEncCtxDebugXmlDump">xmlSecEncCtxDebugXmlDump</link></para></listitem>
+<listitem><para><link linkend="xmlSecEncCtxDecrypt">xmlSecEncCtxDecrypt</link></para></listitem>
+<listitem><para><link linkend="xmlSecEncCtxDecryptToBuffer">xmlSecEncCtxDecryptToBuffer</link></para></listitem>
+<listitem><para><link linkend="xmlSecEncCtxDestroy">xmlSecEncCtxDestroy</link></para></listitem>
+<listitem><para><link linkend="xmlSecEncCtxFinalize">xmlSecEncCtxFinalize</link></para></listitem>
+<listitem><para><link linkend="xmlSecEncCtxInitialize">xmlSecEncCtxInitialize</link></para></listitem>
+<listitem><para><link linkend="xmlSecEncCtx">xmlSecEncCtx</link></para></listitem>
+<listitem><para><link linkend="xmlSecEncCtxReset">xmlSecEncCtxReset</link></para></listitem>
+<listitem><para><link linkend="xmlSecEncCtxUriEncrypt">xmlSecEncCtxUriEncrypt</link></para></listitem>
+<listitem><para><link linkend="xmlSecEncCtxXmlEncrypt">xmlSecEncCtxXmlEncrypt</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ENC-RETURN-REPLACED-NODE-CAPS">XMLSEC-ENC-RETURN-REPLACED-NODE</link></para></listitem>
+<listitem><para><link linkend="xmlSecError">xmlSecError</link></para></listitem>
+<listitem><para><link linkend="xmlSecErrorsCallback">xmlSecErrorsCallback</link></para></listitem>
+<listitem><para><link linkend="xmlSecErrorsDefaultCallbackEnableOutput">xmlSecErrorsDefaultCallbackEnableOutput</link></para></listitem>
+<listitem><para><link linkend="xmlSecErrorsDefaultCallback">xmlSecErrorsDefaultCallback</link></para></listitem>
+<listitem><para><link linkend="xmlSecErrorsGetCode">xmlSecErrorsGetCode</link></para></listitem>
+<listitem><para><link linkend="xmlSecErrorsGetMsg">xmlSecErrorsGetMsg</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-HERE-CAPS">XMLSEC-ERRORS-HERE</link></para></listitem>
+<listitem><para><link linkend="xmlSecErrorsInit">xmlSecErrorsInit</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-MAX-NUMBER-CAPS">XMLSEC-ERRORS-MAX-NUMBER</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-NO-MESSAGE-CAPS">XMLSEC-ERRORS-NO-MESSAGE</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-ASSERTION-CAPS">XMLSEC-ERRORS-R-ASSERTION</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-CERT-HAS-EXPIRED-CAPS">XMLSEC-ERRORS-R-CERT-HAS-EXPIRED</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-CERT-ISSUER-FAILED-CAPS">XMLSEC-ERRORS-R-CERT-ISSUER-FAILED</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-CERT-NOT-FOUND-CAPS">XMLSEC-ERRORS-R-CERT-NOT-FOUND</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-CERT-NOT-YET-VALID-CAPS">XMLSEC-ERRORS-R-CERT-NOT-YET-VALID</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-CERT-REVOKED-CAPS">XMLSEC-ERRORS-R-CERT-REVOKED</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-CERT-VERIFY-FAILED-CAPS">XMLSEC-ERRORS-R-CERT-VERIFY-FAILED</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-CRYPTO-FAILED-CAPS">XMLSEC-ERRORS-R-CRYPTO-FAILED</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-DATA-NOT-MATCH-CAPS">XMLSEC-ERRORS-R-DATA-NOT-MATCH</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-DISABLED-CAPS">XMLSEC-ERRORS-R-DISABLED</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-DSIG-INVALID-REFERENCE-CAPS">XMLSEC-ERRORS-R-DSIG-INVALID-REFERENCE</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-DSIG-NO-REFERENCES-CAPS">XMLSEC-ERRORS-R-DSIG-NO-REFERENCES</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-INVALID-DATA-CAPS">XMLSEC-ERRORS-R-INVALID-DATA</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-INVALID-FORMAT-CAPS">XMLSEC-ERRORS-R-INVALID-FORMAT</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-INVALID-KEY-DATA-CAPS">XMLSEC-ERRORS-R-INVALID-KEY-DATA</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-INVALID-KEY-DATA-SIZE-CAPS">XMLSEC-ERRORS-R-INVALID-KEY-DATA-SIZE</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-INVALID-NODE-ATTRIBUTE-CAPS">XMLSEC-ERRORS-R-INVALID-NODE-ATTRIBUTE</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-INVALID-NODE-CONTENT-CAPS">XMLSEC-ERRORS-R-INVALID-NODE-CONTENT</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-INVALID-NODE-CAPS">XMLSEC-ERRORS-R-INVALID-NODE</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-INVALID-OPERATION-CAPS">XMLSEC-ERRORS-R-INVALID-OPERATION</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-INVALID-RESULT-CAPS">XMLSEC-ERRORS-R-INVALID-RESULT</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-INVALID-SIZE-CAPS">XMLSEC-ERRORS-R-INVALID-SIZE</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-INVALID-STATUS-CAPS">XMLSEC-ERRORS-R-INVALID-STATUS</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-INVALID-TRANSFORM-KEY-CAPS">XMLSEC-ERRORS-R-INVALID-TRANSFORM-KEY</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-INVALID-TRANSFORM-CAPS">XMLSEC-ERRORS-R-INVALID-TRANSFORM</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-INVALID-TYPE-CAPS">XMLSEC-ERRORS-R-INVALID-TYPE</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-INVALID-URI-TYPE-CAPS">XMLSEC-ERRORS-R-INVALID-URI-TYPE</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-IO-FAILED-CAPS">XMLSEC-ERRORS-R-IO-FAILED</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-KEY-DATA-ALREADY-EXIST-CAPS">XMLSEC-ERRORS-R-KEY-DATA-ALREADY-EXIST</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-KEYDATA-DISABLED-CAPS">XMLSEC-ERRORS-R-KEYDATA-DISABLED</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-KEY-DATA-NOT-FOUND-CAPS">XMLSEC-ERRORS-R-KEY-DATA-NOT-FOUND</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-KEY-NOT-FOUND-CAPS">XMLSEC-ERRORS-R-KEY-NOT-FOUND</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-MALLOC-FAILED-CAPS">XMLSEC-ERRORS-R-MALLOC-FAILED</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-MAX-ENCKEY-LEVEL-CAPS">XMLSEC-ERRORS-R-MAX-ENCKEY-LEVEL</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-MAX-RETRIEVALS-LEVEL-CAPS">XMLSEC-ERRORS-R-MAX-RETRIEVALS-LEVEL</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-MAX-RETRIEVAL-TYPE-MISMATCH-CAPS">XMLSEC-ERRORS-R-MAX-RETRIEVAL-TYPE-MISMATCH</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-MISSING-NODE-ATTRIBUTE-CAPS">XMLSEC-ERRORS-R-MISSING-NODE-ATTRIBUTE</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-NODE-ALREADY-PRESENT-CAPS">XMLSEC-ERRORS-R-NODE-ALREADY-PRESENT</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-NODE-NOT-FOUND-CAPS">XMLSEC-ERRORS-R-NODE-NOT-FOUND</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-NOT-IMPLEMENTED-CAPS">XMLSEC-ERRORS-R-NOT-IMPLEMENTED</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-STRDUP-FAILED-CAPS">XMLSEC-ERRORS-R-STRDUP-FAILED</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-TRANSFORM-DISABLED-CAPS">XMLSEC-ERRORS-R-TRANSFORM-DISABLED</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-TRANSFORM-SAME-DOCUMENT-REQUIRED-CAPS">XMLSEC-ERRORS-R-TRANSFORM-SAME-DOCUMENT-REQUIRED</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-UNEXPECTED-NODE-CAPS">XMLSEC-ERRORS-R-UNEXPECTED-NODE</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-XML-FAILED-CAPS">XMLSEC-ERRORS-R-XML-FAILED</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-XMLSEC-FAILED-CAPS">XMLSEC-ERRORS-R-XMLSEC-FAILED</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-ERRORS-R-XSLT-FAILED-CAPS">XMLSEC-ERRORS-R-XSLT-FAILED</link></para></listitem>
+<listitem><para><link linkend="xmlSecErrorsSafeString">xmlSecErrorsSafeString</link></para></listitem>
+<listitem><para><link linkend="xmlSecErrorsSetCallback">xmlSecErrorsSetCallback</link></para></listitem>
+<listitem><para><link linkend="xmlSecErrorsShutdown">xmlSecErrorsShutdown</link></para></listitem>
+<listitem><para><link linkend="xmlSecFindChild">xmlSecFindChild</link></para></listitem>
+<listitem><para><link linkend="xmlSecFindNode">xmlSecFindNode</link></para></listitem>
+<listitem><para><link linkend="xmlSecFindParent">xmlSecFindParent</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-FUNC-TO-PTR-CAPS">XMLSEC-FUNC-TO-PTR</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptAppDefaultKeysMngrAdoptKey">xmlSecGCryptAppDefaultKeysMngrAdoptKey</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptAppDefaultKeysMngrInit">xmlSecGCryptAppDefaultKeysMngrInit</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptAppDefaultKeysMngrLoad">xmlSecGCryptAppDefaultKeysMngrLoad</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptAppDefaultKeysMngrSave">xmlSecGCryptAppDefaultKeysMngrSave</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptAppGetDefaultPwdCallback">xmlSecGCryptAppGetDefaultPwdCallback</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptAppInit">xmlSecGCryptAppInit</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptAppKeyCertLoadMemory">xmlSecGCryptAppKeyCertLoadMemory</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptAppKeyCertLoad">xmlSecGCryptAppKeyCertLoad</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptAppKeyLoadMemory">xmlSecGCryptAppKeyLoadMemory</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptAppKeyLoad">xmlSecGCryptAppKeyLoad</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptAppKeysMngrCertLoadMemory">xmlSecGCryptAppKeysMngrCertLoadMemory</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptAppKeysMngrCertLoad">xmlSecGCryptAppKeysMngrCertLoad</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptAppPkcs12LoadMemory">xmlSecGCryptAppPkcs12LoadMemory</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptAppPkcs12Load">xmlSecGCryptAppPkcs12Load</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptAppShutdown">xmlSecGCryptAppShutdown</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptGenerateRandom">xmlSecGCryptGenerateRandom</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptHmacGetMinOutputLength">xmlSecGCryptHmacGetMinOutputLength</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptHmacSetMinOutputLength">xmlSecGCryptHmacSetMinOutputLength</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptInit">xmlSecGCryptInit</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptKeyDataAesGetKlass">xmlSecGCryptKeyDataAesGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptKeyDataAesId">xmlSecGCryptKeyDataAesId</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptKeyDataAesSet">xmlSecGCryptKeyDataAesSet</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptKeyDataDesGetKlass">xmlSecGCryptKeyDataDesGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptKeyDataDesId">xmlSecGCryptKeyDataDesId</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptKeyDataDesSet">xmlSecGCryptKeyDataDesSet</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptKeyDataDsaAdoptKey">xmlSecGCryptKeyDataDsaAdoptKey</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptKeyDataDsaAdoptKeyPair">xmlSecGCryptKeyDataDsaAdoptKeyPair</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptKeyDataDsaGetKlass">xmlSecGCryptKeyDataDsaGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptKeyDataDsaGetPrivateKey">xmlSecGCryptKeyDataDsaGetPrivateKey</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptKeyDataDsaGetPublicKey">xmlSecGCryptKeyDataDsaGetPublicKey</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptKeyDataDsaId">xmlSecGCryptKeyDataDsaId</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptKeyDataHmacGetKlass">xmlSecGCryptKeyDataHmacGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptKeyDataHmacId">xmlSecGCryptKeyDataHmacId</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptKeyDataHmacSet">xmlSecGCryptKeyDataHmacSet</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptKeyDataRsaAdoptKey">xmlSecGCryptKeyDataRsaAdoptKey</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptKeyDataRsaAdoptKeyPair">xmlSecGCryptKeyDataRsaAdoptKeyPair</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptKeyDataRsaGetKlass">xmlSecGCryptKeyDataRsaGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptKeyDataRsaGetPrivateKey">xmlSecGCryptKeyDataRsaGetPrivateKey</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptKeyDataRsaGetPublicKey">xmlSecGCryptKeyDataRsaGetPublicKey</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptKeyDataRsaId">xmlSecGCryptKeyDataRsaId</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptKeysMngrInit">xmlSecGCryptKeysMngrInit</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptShutdown">xmlSecGCryptShutdown</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformAes128CbcGetKlass">xmlSecGCryptTransformAes128CbcGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformAes128CbcId">xmlSecGCryptTransformAes128CbcId</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformAes192CbcGetKlass">xmlSecGCryptTransformAes192CbcGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformAes192CbcId">xmlSecGCryptTransformAes192CbcId</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformAes256CbcGetKlass">xmlSecGCryptTransformAes256CbcGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformAes256CbcId">xmlSecGCryptTransformAes256CbcId</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformDes3CbcGetKlass">xmlSecGCryptTransformDes3CbcGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformDes3CbcId">xmlSecGCryptTransformDes3CbcId</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformDsaSha1GetKlass">xmlSecGCryptTransformDsaSha1GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformDsaSha1Id">xmlSecGCryptTransformDsaSha1Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformHmacMd5GetKlass">xmlSecGCryptTransformHmacMd5GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformHmacMd5Id">xmlSecGCryptTransformHmacMd5Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformHmacRipemd160GetKlass">xmlSecGCryptTransformHmacRipemd160GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformHmacRipemd160Id">xmlSecGCryptTransformHmacRipemd160Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformHmacSha1GetKlass">xmlSecGCryptTransformHmacSha1GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformHmacSha1Id">xmlSecGCryptTransformHmacSha1Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformHmacSha256GetKlass">xmlSecGCryptTransformHmacSha256GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformHmacSha256Id">xmlSecGCryptTransformHmacSha256Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformHmacSha384GetKlass">xmlSecGCryptTransformHmacSha384GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformHmacSha384Id">xmlSecGCryptTransformHmacSha384Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformHmacSha512GetKlass">xmlSecGCryptTransformHmacSha512GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformHmacSha512Id">xmlSecGCryptTransformHmacSha512Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformKWAes128GetKlass">xmlSecGCryptTransformKWAes128GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformKWAes128Id">xmlSecGCryptTransformKWAes128Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformKWAes192GetKlass">xmlSecGCryptTransformKWAes192GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformKWAes192Id">xmlSecGCryptTransformKWAes192Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformKWAes256GetKlass">xmlSecGCryptTransformKWAes256GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformKWAes256Id">xmlSecGCryptTransformKWAes256Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformKWDes3GetKlass">xmlSecGCryptTransformKWDes3GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformKWDes3Id">xmlSecGCryptTransformKWDes3Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformMd5GetKlass">xmlSecGCryptTransformMd5GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformMd5Id">xmlSecGCryptTransformMd5Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformRipemd160GetKlass">xmlSecGCryptTransformRipemd160GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformRipemd160Id">xmlSecGCryptTransformRipemd160Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformRsaMd5GetKlass">xmlSecGCryptTransformRsaMd5GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformRsaMd5Id">xmlSecGCryptTransformRsaMd5Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformRsaRipemd160GetKlass">xmlSecGCryptTransformRsaRipemd160GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformRsaRipemd160Id">xmlSecGCryptTransformRsaRipemd160Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformRsaSha1GetKlass">xmlSecGCryptTransformRsaSha1GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformRsaSha1Id">xmlSecGCryptTransformRsaSha1Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformRsaSha256GetKlass">xmlSecGCryptTransformRsaSha256GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformRsaSha256Id">xmlSecGCryptTransformRsaSha256Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformRsaSha384GetKlass">xmlSecGCryptTransformRsaSha384GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformRsaSha384Id">xmlSecGCryptTransformRsaSha384Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformRsaSha512GetKlass">xmlSecGCryptTransformRsaSha512GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformRsaSha512Id">xmlSecGCryptTransformRsaSha512Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformSha1GetKlass">xmlSecGCryptTransformSha1GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformSha1Id">xmlSecGCryptTransformSha1Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformSha256GetKlass">xmlSecGCryptTransformSha256GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformSha256Id">xmlSecGCryptTransformSha256Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformSha384GetKlass">xmlSecGCryptTransformSha384GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformSha384Id">xmlSecGCryptTransformSha384Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformSha512GetKlass">xmlSecGCryptTransformSha512GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGCryptTransformSha512Id">xmlSecGCryptTransformSha512Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGenerateAndAddID">xmlSecGenerateAndAddID</link></para></listitem>
+<listitem><para><link linkend="xmlSecGenerateID">xmlSecGenerateID</link></para></listitem>
+<listitem><para><link linkend="xmlSecGetHex">xmlSecGetHex</link></para></listitem>
+<listitem><para><link linkend="xmlSecGetKeyCallback">xmlSecGetKeyCallback</link></para></listitem>
+<listitem><para><link linkend="xmlSecGetNextElementNode">xmlSecGetNextElementNode</link></para></listitem>
+<listitem><para><link linkend="xmlSecGetNodeNsHref">xmlSecGetNodeNsHref</link></para></listitem>
+<listitem><para><link linkend="xmlSecGetQName">xmlSecGetQName</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSAppDefaultKeysMngrAdoptKey">xmlSecGnuTLSAppDefaultKeysMngrAdoptKey</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSAppDefaultKeysMngrInit">xmlSecGnuTLSAppDefaultKeysMngrInit</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSAppDefaultKeysMngrLoad">xmlSecGnuTLSAppDefaultKeysMngrLoad</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSAppDefaultKeysMngrSave">xmlSecGnuTLSAppDefaultKeysMngrSave</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSAppGetDefaultPwdCallback">xmlSecGnuTLSAppGetDefaultPwdCallback</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSAppInit">xmlSecGnuTLSAppInit</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSAppKeyCertLoadMemory">xmlSecGnuTLSAppKeyCertLoadMemory</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSAppKeyCertLoad">xmlSecGnuTLSAppKeyCertLoad</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSAppKeyLoadMemory">xmlSecGnuTLSAppKeyLoadMemory</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSAppKeyLoad">xmlSecGnuTLSAppKeyLoad</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSAppKeysMngrCertLoadMemory">xmlSecGnuTLSAppKeysMngrCertLoadMemory</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSAppKeysMngrCertLoad">xmlSecGnuTLSAppKeysMngrCertLoad</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSAppPkcs12LoadMemory">xmlSecGnuTLSAppPkcs12LoadMemory</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSAppPkcs12Load">xmlSecGnuTLSAppPkcs12Load</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSAppShutdown">xmlSecGnuTLSAppShutdown</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSGenerateRandom">xmlSecGnuTLSGenerateRandom</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSHmacGetMinOutputLength">xmlSecGnuTLSHmacGetMinOutputLength</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSHmacSetMinOutputLength">xmlSecGnuTLSHmacSetMinOutputLength</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSInit">xmlSecGnuTLSInit</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSKeyDataAesGetKlass">xmlSecGnuTLSKeyDataAesGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSKeyDataAesId">xmlSecGnuTLSKeyDataAesId</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSKeyDataAesSet">xmlSecGnuTLSKeyDataAesSet</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSKeyDataDesGetKlass">xmlSecGnuTLSKeyDataDesGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSKeyDataDesId">xmlSecGnuTLSKeyDataDesId</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSKeyDataDesSet">xmlSecGnuTLSKeyDataDesSet</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSKeyDataDsaAdoptPrivateKey">xmlSecGnuTLSKeyDataDsaAdoptPrivateKey</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSKeyDataDsaAdoptPublicKey">xmlSecGnuTLSKeyDataDsaAdoptPublicKey</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSKeyDataDsaGetKlass">xmlSecGnuTLSKeyDataDsaGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSKeyDataDsaId">xmlSecGnuTLSKeyDataDsaId</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSKeyDataHmacGetKlass">xmlSecGnuTLSKeyDataHmacGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSKeyDataHmacId">xmlSecGnuTLSKeyDataHmacId</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSKeyDataHmacSet">xmlSecGnuTLSKeyDataHmacSet</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSKeyDataRawX509CertGetKlass">xmlSecGnuTLSKeyDataRawX509CertGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSKeyDataRawX509CertId">xmlSecGnuTLSKeyDataRawX509CertId</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSKeyDataRsaAdoptPrivateKey">xmlSecGnuTLSKeyDataRsaAdoptPrivateKey</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSKeyDataRsaAdoptPublicKey">xmlSecGnuTLSKeyDataRsaAdoptPublicKey</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSKeyDataRsaGetKlass">xmlSecGnuTLSKeyDataRsaGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSKeyDataRsaId">xmlSecGnuTLSKeyDataRsaId</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSKeyDataX509AdoptCert">xmlSecGnuTLSKeyDataX509AdoptCert</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSKeyDataX509AdoptCrl">xmlSecGnuTLSKeyDataX509AdoptCrl</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSKeyDataX509AdoptKeyCert">xmlSecGnuTLSKeyDataX509AdoptKeyCert</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSKeyDataX509GetCert">xmlSecGnuTLSKeyDataX509GetCert</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSKeyDataX509GetCertsSize">xmlSecGnuTLSKeyDataX509GetCertsSize</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSKeyDataX509GetCrl">xmlSecGnuTLSKeyDataX509GetCrl</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSKeyDataX509GetCrlsSize">xmlSecGnuTLSKeyDataX509GetCrlsSize</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSKeyDataX509GetKeyCert">xmlSecGnuTLSKeyDataX509GetKeyCert</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSKeyDataX509GetKlass">xmlSecGnuTLSKeyDataX509GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSKeyDataX509Id">xmlSecGnuTLSKeyDataX509Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSKeysMngrInit">xmlSecGnuTLSKeysMngrInit</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSShutdown">xmlSecGnuTLSShutdown</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformAes128CbcGetKlass">xmlSecGnuTLSTransformAes128CbcGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformAes128CbcId">xmlSecGnuTLSTransformAes128CbcId</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformAes192CbcGetKlass">xmlSecGnuTLSTransformAes192CbcGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformAes192CbcId">xmlSecGnuTLSTransformAes192CbcId</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformAes256CbcGetKlass">xmlSecGnuTLSTransformAes256CbcGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformAes256CbcId">xmlSecGnuTLSTransformAes256CbcId</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformDes3CbcGetKlass">xmlSecGnuTLSTransformDes3CbcGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformDes3CbcId">xmlSecGnuTLSTransformDes3CbcId</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformDsaSha1GetKlass">xmlSecGnuTLSTransformDsaSha1GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformDsaSha1Id">xmlSecGnuTLSTransformDsaSha1Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformHmacMd5GetKlass">xmlSecGnuTLSTransformHmacMd5GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformHmacMd5Id">xmlSecGnuTLSTransformHmacMd5Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformHmacRipemd160GetKlass">xmlSecGnuTLSTransformHmacRipemd160GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformHmacRipemd160Id">xmlSecGnuTLSTransformHmacRipemd160Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformHmacSha1GetKlass">xmlSecGnuTLSTransformHmacSha1GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformHmacSha1Id">xmlSecGnuTLSTransformHmacSha1Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformHmacSha256GetKlass">xmlSecGnuTLSTransformHmacSha256GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformHmacSha256Id">xmlSecGnuTLSTransformHmacSha256Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformHmacSha384GetKlass">xmlSecGnuTLSTransformHmacSha384GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformHmacSha384Id">xmlSecGnuTLSTransformHmacSha384Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformHmacSha512GetKlass">xmlSecGnuTLSTransformHmacSha512GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformHmacSha512Id">xmlSecGnuTLSTransformHmacSha512Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformKWAes128GetKlass">xmlSecGnuTLSTransformKWAes128GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformKWAes128Id">xmlSecGnuTLSTransformKWAes128Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformKWAes192GetKlass">xmlSecGnuTLSTransformKWAes192GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformKWAes192Id">xmlSecGnuTLSTransformKWAes192Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformKWAes256GetKlass">xmlSecGnuTLSTransformKWAes256GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformKWAes256Id">xmlSecGnuTLSTransformKWAes256Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformKWDes3GetKlass">xmlSecGnuTLSTransformKWDes3GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformKWDes3Id">xmlSecGnuTLSTransformKWDes3Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformMd5GetKlass">xmlSecGnuTLSTransformMd5GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformMd5Id">xmlSecGnuTLSTransformMd5Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformRipemd160GetKlass">xmlSecGnuTLSTransformRipemd160GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformRipemd160Id">xmlSecGnuTLSTransformRipemd160Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformRsaMd5GetKlass">xmlSecGnuTLSTransformRsaMd5GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformRsaMd5Id">xmlSecGnuTLSTransformRsaMd5Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformRsaRipemd160GetKlass">xmlSecGnuTLSTransformRsaRipemd160GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformRsaRipemd160Id">xmlSecGnuTLSTransformRsaRipemd160Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformRsaSha1GetKlass">xmlSecGnuTLSTransformRsaSha1GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformRsaSha1Id">xmlSecGnuTLSTransformRsaSha1Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformRsaSha256GetKlass">xmlSecGnuTLSTransformRsaSha256GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformRsaSha256Id">xmlSecGnuTLSTransformRsaSha256Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformRsaSha384GetKlass">xmlSecGnuTLSTransformRsaSha384GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformRsaSha384Id">xmlSecGnuTLSTransformRsaSha384Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformRsaSha512GetKlass">xmlSecGnuTLSTransformRsaSha512GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformRsaSha512Id">xmlSecGnuTLSTransformRsaSha512Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformSha1GetKlass">xmlSecGnuTLSTransformSha1GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformSha1Id">xmlSecGnuTLSTransformSha1Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformSha256GetKlass">xmlSecGnuTLSTransformSha256GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformSha256Id">xmlSecGnuTLSTransformSha256Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformSha384GetKlass">xmlSecGnuTLSTransformSha384GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformSha384Id">xmlSecGnuTLSTransformSha384Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformSha512GetKlass">xmlSecGnuTLSTransformSha512GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSTransformSha512Id">xmlSecGnuTLSTransformSha512Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSX509CertGetKey">xmlSecGnuTLSX509CertGetKey</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSX509StoreAdoptCert">xmlSecGnuTLSX509StoreAdoptCert</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSX509StoreFindCert">xmlSecGnuTLSX509StoreFindCert</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSX509StoreGetKlass">xmlSecGnuTLSX509StoreGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSX509StoreId">xmlSecGnuTLSX509StoreId</link></para></listitem>
+<listitem><para><link linkend="xmlSecGnuTLSX509StoreVerify">xmlSecGnuTLSX509StoreVerify</link></para></listitem>
+<listitem><para><link linkend="xmlSecInit">xmlSecInit</link></para></listitem>
+<listitem><para><link linkend="xmlSecIOCleanupCallbacks">xmlSecIOCleanupCallbacks</link></para></listitem>
+<listitem><para><link linkend="xmlSecIOInit">xmlSecIOInit</link></para></listitem>
+<listitem><para><link linkend="xmlSecIORegisterCallbacks">xmlSecIORegisterCallbacks</link></para></listitem>
+<listitem><para><link linkend="xmlSecIORegisterDefaultCallbacks">xmlSecIORegisterDefaultCallbacks</link></para></listitem>
+<listitem><para><link linkend="xmlSecIOShutdown">xmlSecIOShutdown</link></para></listitem>
+<listitem><para><link linkend="xmlSecIsEmptyNode">xmlSecIsEmptyNode</link></para></listitem>
+<listitem><para><link linkend="xmlSecIsEmptyString">xmlSecIsEmptyString</link></para></listitem>
+<listitem><para><link linkend="xmlSecIsHex">xmlSecIsHex</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyAdoptData">xmlSecKeyAdoptData</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyCheckId">xmlSecKeyCheckId</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyCopy">xmlSecKeyCopy</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyCreate">xmlSecKeyCreate</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataAesGetKlass">xmlSecKeyDataAesGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataAesId">xmlSecKeyDataAesId</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataBinarySize">xmlSecKeyDataBinarySize</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataBinaryValueBinRead">xmlSecKeyDataBinaryValueBinRead</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataBinaryValueBinWrite">xmlSecKeyDataBinaryValueBinWrite</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataBinaryValueDebugDump">xmlSecKeyDataBinaryValueDebugDump</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataBinaryValueDebugXmlDump">xmlSecKeyDataBinaryValueDebugXmlDump</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataBinaryValueDuplicate">xmlSecKeyDataBinaryValueDuplicate</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataBinaryValueFinalize">xmlSecKeyDataBinaryValueFinalize</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataBinaryValueGetBuffer">xmlSecKeyDataBinaryValueGetBuffer</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataBinaryValueGetSize">xmlSecKeyDataBinaryValueGetSize</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataBinaryValueInitialize">xmlSecKeyDataBinaryValueInitialize</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataBinaryValueSetBuffer">xmlSecKeyDataBinaryValueSetBuffer</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataBinaryValueXmlRead">xmlSecKeyDataBinaryValueXmlRead</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataBinaryValueXmlWrite">xmlSecKeyDataBinaryValueXmlWrite</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataBinReadMethod">xmlSecKeyDataBinReadMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataBinRead">xmlSecKeyDataBinRead</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataBinWriteMethod">xmlSecKeyDataBinWriteMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataBinWrite">xmlSecKeyDataBinWrite</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataCheckId">xmlSecKeyDataCheckId</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataCheckSize">xmlSecKeyDataCheckSize</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataCheckUsage">xmlSecKeyDataCheckUsage</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataCreate">xmlSecKeyDataCreate</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataDebugDumpMethod">xmlSecKeyDataDebugDumpMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataDebugDump">xmlSecKeyDataDebugDump</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataDebugXmlDump">xmlSecKeyDataDebugXmlDump</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataDesGetKlass">xmlSecKeyDataDesGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataDesId">xmlSecKeyDataDesId</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataDestroy">xmlSecKeyDataDestroy</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataDsaGetKlass">xmlSecKeyDataDsaGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataDsaId">xmlSecKeyDataDsaId</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataDuplicateMethod">xmlSecKeyDataDuplicateMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataDuplicate">xmlSecKeyDataDuplicate</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataEncryptedKeyGetKlass">xmlSecKeyDataEncryptedKeyGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataEncryptedKeyId">xmlSecKeyDataEncryptedKeyId</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataFinalizeMethod">xmlSecKeyDataFinalizeMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataFormat">xmlSecKeyDataFormat</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataGenerateMethod">xmlSecKeyDataGenerateMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataGenerate">xmlSecKeyDataGenerate</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataGetIdentifierMethod">xmlSecKeyDataGetIdentifierMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataGetIdentifier">xmlSecKeyDataGetIdentifier</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataGetName">xmlSecKeyDataGetName</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataGetSizeMethod">xmlSecKeyDataGetSizeMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataGetSize">xmlSecKeyDataGetSize</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataGetTypeMethod">xmlSecKeyDataGetTypeMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataGetType">xmlSecKeyDataGetType</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataGost2001GetKlass">xmlSecKeyDataGost2001GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataGost2001Id">xmlSecKeyDataGost2001Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataHmacGetKlass">xmlSecKeyDataHmacGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataHmacId">xmlSecKeyDataHmacId</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataIdListDebugDump">xmlSecKeyDataIdListDebugDump</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataIdListDebugXmlDump">xmlSecKeyDataIdListDebugXmlDump</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataIdListFindByHref">xmlSecKeyDataIdListFindByHref</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataIdListFindByName">xmlSecKeyDataIdListFindByName</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataIdListFindByNode">xmlSecKeyDataIdListFindByNode</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataIdListFind">xmlSecKeyDataIdListFind</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataIdListGetKlass">xmlSecKeyDataIdListGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataIdListId">xmlSecKeyDataIdListId</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataIdsGet">xmlSecKeyDataIdsGet</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataIdsInit">xmlSecKeyDataIdsInit</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataIdsRegisterDefault">xmlSecKeyDataIdsRegisterDefault</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataIdsRegister">xmlSecKeyDataIdsRegister</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataIdsShutdown">xmlSecKeyDataIdsShutdown</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataIdUnknown">xmlSecKeyDataIdUnknown</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataInitMethod">xmlSecKeyDataInitMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataIsValid">xmlSecKeyDataIsValid</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataKlassGetName">xmlSecKeyDataKlassGetName</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataKlass">xmlSecKeyDataKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataListGetKlass">xmlSecKeyDataListGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataListId">xmlSecKeyDataListId</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyData">xmlSecKeyData</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataNameGetKlass">xmlSecKeyDataNameGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataNameId">xmlSecKeyDataNameId</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataRawX509CertGetKlass">xmlSecKeyDataRawX509CertGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataRawX509CertId">xmlSecKeyDataRawX509CertId</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataRetrievalMethodGetKlass">xmlSecKeyDataRetrievalMethodGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataRetrievalMethodId">xmlSecKeyDataRetrievalMethodId</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataRsaGetKlass">xmlSecKeyDataRsaGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataRsaId">xmlSecKeyDataRsaId</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataStoreCheckId">xmlSecKeyDataStoreCheckId</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataStoreCheckSize">xmlSecKeyDataStoreCheckSize</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataStoreCreate">xmlSecKeyDataStoreCreate</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataStoreDestroy">xmlSecKeyDataStoreDestroy</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataStoreFinalizeMethod">xmlSecKeyDataStoreFinalizeMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataStoreGetName">xmlSecKeyDataStoreGetName</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataStoreIdUnknown">xmlSecKeyDataStoreIdUnknown</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataStoreInitializeMethod">xmlSecKeyDataStoreInitializeMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataStoreIsValid">xmlSecKeyDataStoreIsValid</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataStoreKlassGetName">xmlSecKeyDataStoreKlassGetName</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataStoreKlass">xmlSecKeyDataStoreKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataStore">xmlSecKeyDataStore</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataStorePtrListGetKlass">xmlSecKeyDataStorePtrListGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataStorePtrListId">xmlSecKeyDataStorePtrListId</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataTypeAny">xmlSecKeyDataTypeAny</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataType">xmlSecKeyDataType</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataTypeNone">xmlSecKeyDataTypeNone</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataTypePermanent">xmlSecKeyDataTypePermanent</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataTypePrivate">xmlSecKeyDataTypePrivate</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataTypePublic">xmlSecKeyDataTypePublic</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataTypeSession">xmlSecKeyDataTypeSession</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataTypeSymmetric">xmlSecKeyDataTypeSymmetric</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataTypeTrusted">xmlSecKeyDataTypeTrusted</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataTypeUnknown">xmlSecKeyDataTypeUnknown</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataUsageAny">xmlSecKeyDataUsageAny</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataUsageKeyInfoNode">xmlSecKeyDataUsageKeyInfoNode</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataUsageKeyInfoNodeRead">xmlSecKeyDataUsageKeyInfoNodeRead</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataUsageKeyInfoNodeWrite">xmlSecKeyDataUsageKeyInfoNodeWrite</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataUsageKeyValueNode">xmlSecKeyDataUsageKeyValueNode</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataUsageKeyValueNodeRead">xmlSecKeyDataUsageKeyValueNodeRead</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataUsageKeyValueNodeWrite">xmlSecKeyDataUsageKeyValueNodeWrite</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataUsage">xmlSecKeyDataUsage</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataUsageRetrievalMethodNodeBin">xmlSecKeyDataUsageRetrievalMethodNodeBin</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataUsageRetrievalMethodNode">xmlSecKeyDataUsageRetrievalMethodNode</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataUsageRetrievalMethodNodeXml">xmlSecKeyDataUsageRetrievalMethodNodeXml</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataUsageUnknown">xmlSecKeyDataUsageUnknown</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataValueGetKlass">xmlSecKeyDataValueGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataValueId">xmlSecKeyDataValueId</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataX509GetKlass">xmlSecKeyDataX509GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataX509Id">xmlSecKeyDataX509Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataXmlReadMethod">xmlSecKeyDataXmlReadMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataXmlRead">xmlSecKeyDataXmlRead</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataXmlWriteMethod">xmlSecKeyDataXmlWriteMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDataXmlWrite">xmlSecKeyDataXmlWrite</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDebugDump">xmlSecKeyDebugDump</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDebugXmlDump">xmlSecKeyDebugXmlDump</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDestroy">xmlSecKeyDestroy</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyDuplicate">xmlSecKeyDuplicate</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyEmpty">xmlSecKeyEmpty</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyEnsureData">xmlSecKeyEnsureData</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyGenerateByName">xmlSecKeyGenerateByName</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyGenerate">xmlSecKeyGenerate</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyGetData">xmlSecKeyGetData</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyGetName">xmlSecKeyGetName</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyGetType">xmlSecKeyGetType</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyGetValue">xmlSecKeyGetValue</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyInfoCtxCopyUserPref">xmlSecKeyInfoCtxCopyUserPref</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyInfoCtxCreateEncCtx">xmlSecKeyInfoCtxCreateEncCtx</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyInfoCtxCreate">xmlSecKeyInfoCtxCreate</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyInfoCtxDebugDump">xmlSecKeyInfoCtxDebugDump</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyInfoCtxDebugXmlDump">xmlSecKeyInfoCtxDebugXmlDump</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyInfoCtxDestroy">xmlSecKeyInfoCtxDestroy</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyInfoCtxFinalize">xmlSecKeyInfoCtxFinalize</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyInfoCtxInitialize">xmlSecKeyInfoCtxInitialize</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyInfoCtx">xmlSecKeyInfoCtx</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyInfoCtxReset">xmlSecKeyInfoCtxReset</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-KEYINFO-FLAGS-DONT-STOP-ON-KEY-FOUND-CAPS">XMLSEC-KEYINFO-FLAGS-DONT-STOP-ON-KEY-FOUND</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-KEYINFO-FLAGS-ENCKEY-DONT-STOP-ON-FAILED-DECRYPTION-CAPS">XMLSEC-KEYINFO-FLAGS-ENCKEY-DONT-STOP-ON-FAILED-DECRYPTION</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-KEYINFO-FLAGS-KEYNAME-STOP-ON-UNKNOWN-CAPS">XMLSEC-KEYINFO-FLAGS-KEYNAME-STOP-ON-UNKNOWN</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-KEYINFO-FLAGS-KEYVALUE-STOP-ON-UNKNOWN-CHILD-CAPS">XMLSEC-KEYINFO-FLAGS-KEYVALUE-STOP-ON-UNKNOWN-CHILD</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-KEYINFO-FLAGS-RETRMETHOD-STOP-ON-MISMATCH-HREF-CAPS">XMLSEC-KEYINFO-FLAGS-RETRMETHOD-STOP-ON-MISMATCH-HREF</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-KEYINFO-FLAGS-RETRMETHOD-STOP-ON-UNKNOWN-HREF-CAPS">XMLSEC-KEYINFO-FLAGS-RETRMETHOD-STOP-ON-UNKNOWN-HREF</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-KEYINFO-FLAGS-STOP-ON-EMPTY-NODE-CAPS">XMLSEC-KEYINFO-FLAGS-STOP-ON-EMPTY-NODE</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-KEYINFO-FLAGS-STOP-ON-UNKNOWN-CHILD-CAPS">XMLSEC-KEYINFO-FLAGS-STOP-ON-UNKNOWN-CHILD</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-KEYINFO-FLAGS-X509DATA-DONT-VERIFY-CERTS-CAPS">XMLSEC-KEYINFO-FLAGS-X509DATA-DONT-VERIFY-CERTS</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-KEYINFO-FLAGS-X509DATA-SKIP-STRICT-CHECKS-CAPS">XMLSEC-KEYINFO-FLAGS-X509DATA-SKIP-STRICT-CHECKS</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-KEYINFO-FLAGS-X509DATA-STOP-ON-INVALID-CERT-CAPS">XMLSEC-KEYINFO-FLAGS-X509DATA-STOP-ON-INVALID-CERT</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-KEYINFO-FLAGS-X509DATA-STOP-ON-UNKNOWN-CERT-CAPS">XMLSEC-KEYINFO-FLAGS-X509DATA-STOP-ON-UNKNOWN-CERT</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-KEYINFO-FLAGS-X509DATA-STOP-ON-UNKNOWN-CHILD-CAPS">XMLSEC-KEYINFO-FLAGS-X509DATA-STOP-ON-UNKNOWN-CHILD</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyInfoMode">xmlSecKeyInfoMode</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyInfoNodeRead">xmlSecKeyInfoNodeRead</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyInfoNodeWrite">xmlSecKeyInfoNodeWrite</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyIsValid">xmlSecKeyIsValid</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyMatch">xmlSecKeyMatch</link></para></listitem>
+<listitem><para><link linkend="xmlSecKey">xmlSecKey</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyPtrListGetKlass">xmlSecKeyPtrListGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyPtrListId">xmlSecKeyPtrListId</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyReadBinaryFile">xmlSecKeyReadBinaryFile</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyReadBuffer">xmlSecKeyReadBuffer</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyReadMemory">xmlSecKeyReadMemory</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyReqCopy">xmlSecKeyReqCopy</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyReqDebugDump">xmlSecKeyReqDebugDump</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyReqDebugXmlDump">xmlSecKeyReqDebugXmlDump</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyReqFinalize">xmlSecKeyReqFinalize</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyReqInitialize">xmlSecKeyReqInitialize</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyReqMatchKey">xmlSecKeyReqMatchKey</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyReqMatchKeyValue">xmlSecKeyReqMatchKeyValue</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyReq">xmlSecKeyReq</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyReqReset">xmlSecKeyReqReset</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeySetName">xmlSecKeySetName</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeySetValue">xmlSecKeySetValue</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeysMngrAdoptDataStore">xmlSecKeysMngrAdoptDataStore</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeysMngrAdoptKeysStore">xmlSecKeysMngrAdoptKeysStore</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeysMngrCreate">xmlSecKeysMngrCreate</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeysMngrDestroy">xmlSecKeysMngrDestroy</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeysMngrFindKey">xmlSecKeysMngrFindKey</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeysMngrGetDataStore">xmlSecKeysMngrGetDataStore</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeysMngrGetKey">xmlSecKeysMngrGetKey</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeysMngrGetKeysStore">xmlSecKeysMngrGetKeysStore</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeysMngr">xmlSecKeysMngr</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyStoreCheckId">xmlSecKeyStoreCheckId</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyStoreCheckSize">xmlSecKeyStoreCheckSize</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyStoreCreate">xmlSecKeyStoreCreate</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyStoreDestroy">xmlSecKeyStoreDestroy</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyStoreFinalizeMethod">xmlSecKeyStoreFinalizeMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyStoreFindKeyMethod">xmlSecKeyStoreFindKeyMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyStoreFindKey">xmlSecKeyStoreFindKey</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyStoreGetName">xmlSecKeyStoreGetName</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyStoreIdUnknown">xmlSecKeyStoreIdUnknown</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyStoreInitializeMethod">xmlSecKeyStoreInitializeMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyStoreIsValid">xmlSecKeyStoreIsValid</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyStoreKlassGetName">xmlSecKeyStoreKlassGetName</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyStoreKlass">xmlSecKeyStoreKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyStore">xmlSecKeyStore</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyUsageAny">xmlSecKeyUsageAny</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyUsageDecrypt">xmlSecKeyUsageDecrypt</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyUsageEncrypt">xmlSecKeyUsageEncrypt</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyUsageKeyExchange">xmlSecKeyUsageKeyExchange</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyUsage">xmlSecKeyUsage</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyUsageSign">xmlSecKeyUsageSign</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyUsageVerify">xmlSecKeyUsageVerify</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyUseWithCopy">xmlSecKeyUseWithCopy</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyUseWithCreate">xmlSecKeyUseWithCreate</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyUseWithDebugDump">xmlSecKeyUseWithDebugDump</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyUseWithDebugXmlDump">xmlSecKeyUseWithDebugXmlDump</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyUseWithDestroy">xmlSecKeyUseWithDestroy</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyUseWithDuplicate">xmlSecKeyUseWithDuplicate</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyUseWithFinalize">xmlSecKeyUseWithFinalize</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyUseWithInitialize">xmlSecKeyUseWithInitialize</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyUseWith">xmlSecKeyUseWith</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyUseWithPtrListGetKlass">xmlSecKeyUseWithPtrListGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyUseWithPtrListId">xmlSecKeyUseWithPtrListId</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyUseWithReset">xmlSecKeyUseWithReset</link></para></listitem>
+<listitem><para><link linkend="xmlSecKeyUseWithSet">xmlSecKeyUseWithSet</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoAppDefaultKeysMngrAdoptKey">xmlSecMSCryptoAppDefaultKeysMngrAdoptKey</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoAppDefaultKeysMngrAdoptKeyStore">xmlSecMSCryptoAppDefaultKeysMngrAdoptKeyStore</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoAppDefaultKeysMngrAdoptTrustedStore">xmlSecMSCryptoAppDefaultKeysMngrAdoptTrustedStore</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoAppDefaultKeysMngrAdoptUntrustedStore">xmlSecMSCryptoAppDefaultKeysMngrAdoptUntrustedStore</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoAppDefaultKeysMngrInit">xmlSecMSCryptoAppDefaultKeysMngrInit</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoAppDefaultKeysMngrLoad">xmlSecMSCryptoAppDefaultKeysMngrLoad</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoAppDefaultKeysMngrPrivateKeyLoad">xmlSecMSCryptoAppDefaultKeysMngrPrivateKeyLoad</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoAppDefaultKeysMngrPublicKeyLoad">xmlSecMSCryptoAppDefaultKeysMngrPublicKeyLoad</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoAppDefaultKeysMngrSave">xmlSecMSCryptoAppDefaultKeysMngrSave</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoAppDefaultKeysMngrSymKeyLoad">xmlSecMSCryptoAppDefaultKeysMngrSymKeyLoad</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoAppGetCertStoreName">xmlSecMSCryptoAppGetCertStoreName</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoAppGetDefaultPwdCallback">xmlSecMSCryptoAppGetDefaultPwdCallback</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoAppInit">xmlSecMSCryptoAppInit</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoAppKeyCertLoadMemory">xmlSecMSCryptoAppKeyCertLoadMemory</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoAppKeyCertLoad">xmlSecMSCryptoAppKeyCertLoad</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoAppKeyLoadMemory">xmlSecMSCryptoAppKeyLoadMemory</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoAppKeyLoad">xmlSecMSCryptoAppKeyLoad</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoAppKeysMngrCertLoadMemory">xmlSecMSCryptoAppKeysMngrCertLoadMemory</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoAppKeysMngrCertLoad">xmlSecMSCryptoAppKeysMngrCertLoad</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoAppPkcs12LoadMemory">xmlSecMSCryptoAppPkcs12LoadMemory</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoAppPkcs12Load">xmlSecMSCryptoAppPkcs12Load</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoAppShutdown">xmlSecMSCryptoAppShutdown</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoCertAdopt">xmlSecMSCryptoCertAdopt</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoCertDup">xmlSecMSCryptoCertDup</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoConvertLocaleToUnicode">xmlSecMSCryptoConvertLocaleToUnicode</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoConvertLocaleToUtf8">xmlSecMSCryptoConvertLocaleToUtf8</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoConvertTstrToUtf8">xmlSecMSCryptoConvertTstrToUtf8</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoConvertUnicodeToUtf8">xmlSecMSCryptoConvertUnicodeToUtf8</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoConvertUtf8ToLocale">xmlSecMSCryptoConvertUtf8ToLocale</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoConvertUtf8ToTstr">xmlSecMSCryptoConvertUtf8ToTstr</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoConvertUtf8ToUnicode">xmlSecMSCryptoConvertUtf8ToUnicode</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoErrorsDefaultCallback">xmlSecMSCryptoErrorsDefaultCallback</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoGenerateRandom">xmlSecMSCryptoGenerateRandom</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoHmacGetMinOutputLength">xmlSecMSCryptoHmacGetMinOutputLength</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoHmacSetMinOutputLength">xmlSecMSCryptoHmacSetMinOutputLength</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoInit">xmlSecMSCryptoInit</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeyDataAesGetKlass">xmlSecMSCryptoKeyDataAesGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeyDataAesId">xmlSecMSCryptoKeyDataAesId</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeyDataAesSet">xmlSecMSCryptoKeyDataAesSet</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeyDataDesGetKlass">xmlSecMSCryptoKeyDataDesGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeyDataDesId">xmlSecMSCryptoKeyDataDesId</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeyDataDsaGetKlass">xmlSecMSCryptoKeyDataDsaGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeyDataDsaId">xmlSecMSCryptoKeyDataDsaId</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeyDataGetCert">xmlSecMSCryptoKeyDataGetCert</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeyDataGetDecryptKey">xmlSecMSCryptoKeyDataGetDecryptKey</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeyDataGetKey">xmlSecMSCryptoKeyDataGetKey</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeyDataGetMSCryptoKeySpec">xmlSecMSCryptoKeyDataGetMSCryptoKeySpec</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeyDataGetMSCryptoProvider">xmlSecMSCryptoKeyDataGetMSCryptoProvider</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeyDataGost2001GetKlass">xmlSecMSCryptoKeyDataGost2001GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeyDataGost2001Id">xmlSecMSCryptoKeyDataGost2001Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeyDataHmacGetKlass">xmlSecMSCryptoKeyDataHmacGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeyDataHmacId">xmlSecMSCryptoKeyDataHmacId</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeyDataHmacSet">xmlSecMSCryptoKeyDataHmacSet</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeyDataRawX509CertGetKlass">xmlSecMSCryptoKeyDataRawX509CertGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeyDataRawX509CertId">xmlSecMSCryptoKeyDataRawX509CertId</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeyDataRsaGetKlass">xmlSecMSCryptoKeyDataRsaGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeyDataRsaId">xmlSecMSCryptoKeyDataRsaId</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeyDataX509AdoptCert">xmlSecMSCryptoKeyDataX509AdoptCert</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeyDataX509AdoptCrl">xmlSecMSCryptoKeyDataX509AdoptCrl</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeyDataX509AdoptKeyCert">xmlSecMSCryptoKeyDataX509AdoptKeyCert</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeyDataX509GetCert">xmlSecMSCryptoKeyDataX509GetCert</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeyDataX509GetCertsSize">xmlSecMSCryptoKeyDataX509GetCertsSize</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeyDataX509GetCrl">xmlSecMSCryptoKeyDataX509GetCrl</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeyDataX509GetCrlsSize">xmlSecMSCryptoKeyDataX509GetCrlsSize</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeyDataX509GetKeyCert">xmlSecMSCryptoKeyDataX509GetKeyCert</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeyDataX509GetKlass">xmlSecMSCryptoKeyDataX509GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeyDataX509Id">xmlSecMSCryptoKeyDataX509Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeysMngrInit">xmlSecMSCryptoKeysMngrInit</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeysStoreAdoptKey">xmlSecMSCryptoKeysStoreAdoptKey</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeysStoreGetKlass">xmlSecMSCryptoKeysStoreGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeysStoreId">xmlSecMSCryptoKeysStoreId</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeysStoreLoad">xmlSecMSCryptoKeysStoreLoad</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoKeysStoreSave">xmlSecMSCryptoKeysStoreSave</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoShutdown">xmlSecMSCryptoShutdown</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformAes128CbcGetKlass">xmlSecMSCryptoTransformAes128CbcGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformAes128CbcId">xmlSecMSCryptoTransformAes128CbcId</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformAes192CbcGetKlass">xmlSecMSCryptoTransformAes192CbcGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformAes192CbcId">xmlSecMSCryptoTransformAes192CbcId</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformAes256CbcGetKlass">xmlSecMSCryptoTransformAes256CbcGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformAes256CbcId">xmlSecMSCryptoTransformAes256CbcId</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformDes3CbcGetKlass">xmlSecMSCryptoTransformDes3CbcGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformDes3CbcId">xmlSecMSCryptoTransformDes3CbcId</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformDsaSha1GetKlass">xmlSecMSCryptoTransformDsaSha1GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformDsaSha1Id">xmlSecMSCryptoTransformDsaSha1Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformGost2001GostR3411-94GetKlass-CAPS">xmlSecMSCryptoTransformGost2001GostR3411-94GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformGost2001GostR3411-94Id-CAPS">xmlSecMSCryptoTransformGost2001GostR3411-94Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformGostR3411-94GetKlass-CAPS">xmlSecMSCryptoTransformGostR3411-94GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformGostR3411-94Id-CAPS">xmlSecMSCryptoTransformGostR3411-94Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformHmacMd5GetKlass">xmlSecMSCryptoTransformHmacMd5GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformHmacMd5Id">xmlSecMSCryptoTransformHmacMd5Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformHmacSha1GetKlass">xmlSecMSCryptoTransformHmacSha1GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformHmacSha1Id">xmlSecMSCryptoTransformHmacSha1Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformHmacSha256GetKlass">xmlSecMSCryptoTransformHmacSha256GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformHmacSha256Id">xmlSecMSCryptoTransformHmacSha256Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformHmacSha384GetKlass">xmlSecMSCryptoTransformHmacSha384GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformHmacSha384Id">xmlSecMSCryptoTransformHmacSha384Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformHmacSha512GetKlass">xmlSecMSCryptoTransformHmacSha512GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformHmacSha512Id">xmlSecMSCryptoTransformHmacSha512Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformKWAes128GetKlass">xmlSecMSCryptoTransformKWAes128GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformKWAes128Id">xmlSecMSCryptoTransformKWAes128Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformKWAes192GetKlass">xmlSecMSCryptoTransformKWAes192GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformKWAes192Id">xmlSecMSCryptoTransformKWAes192Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformKWAes256GetKlass">xmlSecMSCryptoTransformKWAes256GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformKWAes256Id">xmlSecMSCryptoTransformKWAes256Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformKWDes3GetKlass">xmlSecMSCryptoTransformKWDes3GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformKWDes3Id">xmlSecMSCryptoTransformKWDes3Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformMd5GetKlass">xmlSecMSCryptoTransformMd5GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformMd5Id">xmlSecMSCryptoTransformMd5Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformRsaMd5GetKlass">xmlSecMSCryptoTransformRsaMd5GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformRsaMd5Id">xmlSecMSCryptoTransformRsaMd5Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformRsaOaepGetKlass">xmlSecMSCryptoTransformRsaOaepGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformRsaOaepId">xmlSecMSCryptoTransformRsaOaepId</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformRsaPkcs1GetKlass">xmlSecMSCryptoTransformRsaPkcs1GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformRsaPkcs1Id">xmlSecMSCryptoTransformRsaPkcs1Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformRsaSha1GetKlass">xmlSecMSCryptoTransformRsaSha1GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformRsaSha1Id">xmlSecMSCryptoTransformRsaSha1Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformRsaSha256GetKlass">xmlSecMSCryptoTransformRsaSha256GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformRsaSha256Id">xmlSecMSCryptoTransformRsaSha256Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformRsaSha384GetKlass">xmlSecMSCryptoTransformRsaSha384GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformRsaSha384Id">xmlSecMSCryptoTransformRsaSha384Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformRsaSha512GetKlass">xmlSecMSCryptoTransformRsaSha512GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformRsaSha512Id">xmlSecMSCryptoTransformRsaSha512Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformSha1GetKlass">xmlSecMSCryptoTransformSha1GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformSha1Id">xmlSecMSCryptoTransformSha1Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformSha256GetKlass">xmlSecMSCryptoTransformSha256GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformSha256Id">xmlSecMSCryptoTransformSha256Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformSha384GetKlass">xmlSecMSCryptoTransformSha384GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformSha384Id">xmlSecMSCryptoTransformSha384Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformSha512GetKlass">xmlSecMSCryptoTransformSha512GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoTransformSha512Id">xmlSecMSCryptoTransformSha512Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoX509StoreAdoptCert">xmlSecMSCryptoX509StoreAdoptCert</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoX509StoreAdoptKeyStore">xmlSecMSCryptoX509StoreAdoptKeyStore</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoX509StoreAdoptTrustedStore">xmlSecMSCryptoX509StoreAdoptTrustedStore</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoX509StoreAdoptUntrustedStore">xmlSecMSCryptoX509StoreAdoptUntrustedStore</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoX509StoreEnableSystemTrustedCerts">xmlSecMSCryptoX509StoreEnableSystemTrustedCerts</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoX509StoreGetKlass">xmlSecMSCryptoX509StoreGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecMSCryptoX509StoreId">xmlSecMSCryptoX509StoreId</link></para></listitem>
+<listitem><para><link linkend="xmlSecNodeEncodeAndSetContent">xmlSecNodeEncodeAndSetContent</link></para></listitem>
+<listitem><para><link linkend="xmlSecNodeGetName">xmlSecNodeGetName</link></para></listitem>
+<listitem><para><link linkend="xmlSecNodeSetAddList">xmlSecNodeSetAddList</link></para></listitem>
+<listitem><para><link linkend="xmlSecNodeSetAdd">xmlSecNodeSetAdd</link></para></listitem>
+<listitem><para><link linkend="xmlSecNodeSetContains">xmlSecNodeSetContains</link></para></listitem>
+<listitem><para><link linkend="xmlSecNodeSetCreate">xmlSecNodeSetCreate</link></para></listitem>
+<listitem><para><link linkend="xmlSecNodeSetDebugDump">xmlSecNodeSetDebugDump</link></para></listitem>
+<listitem><para><link linkend="xmlSecNodeSetDestroy">xmlSecNodeSetDestroy</link></para></listitem>
+<listitem><para><link linkend="xmlSecNodeSetDocDestroy">xmlSecNodeSetDocDestroy</link></para></listitem>
+<listitem><para><link linkend="xmlSecNodeSetDumpTextNodes">xmlSecNodeSetDumpTextNodes</link></para></listitem>
+<listitem><para><link linkend="xmlSecNodeSetGetChildren">xmlSecNodeSetGetChildren</link></para></listitem>
+<listitem><para><link linkend="xmlSecNodeSet">xmlSecNodeSet</link></para></listitem>
+<listitem><para><link linkend="xmlSecNodeSetOp">xmlSecNodeSetOp</link></para></listitem>
+<listitem><para><link linkend="xmlSecNodeSetType">xmlSecNodeSetType</link></para></listitem>
+<listitem><para><link linkend="xmlSecNodeSetWalkCallback">xmlSecNodeSetWalkCallback</link></para></listitem>
+<listitem><para><link linkend="xmlSecNodeSetWalk">xmlSecNodeSetWalk</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssAppDefaultKeysMngrAdoptKey">xmlSecNssAppDefaultKeysMngrAdoptKey</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssAppDefaultKeysMngrInit">xmlSecNssAppDefaultKeysMngrInit</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssAppDefaultKeysMngrLoad">xmlSecNssAppDefaultKeysMngrLoad</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssAppDefaultKeysMngrSave">xmlSecNssAppDefaultKeysMngrSave</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssAppGetDefaultPwdCallback">xmlSecNssAppGetDefaultPwdCallback</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssAppInit">xmlSecNssAppInit</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssAppKeyCertLoadMemory">xmlSecNssAppKeyCertLoadMemory</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssAppKeyCertLoad">xmlSecNssAppKeyCertLoad</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssAppKeyCertLoadSECItem">xmlSecNssAppKeyCertLoadSECItem</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssAppKeyFromCertLoadSECItem">xmlSecNssAppKeyFromCertLoadSECItem</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssAppKeyLoadMemory">xmlSecNssAppKeyLoadMemory</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssAppKeyLoad">xmlSecNssAppKeyLoad</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssAppKeyLoadSECItem">xmlSecNssAppKeyLoadSECItem</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssAppKeysMngrCertLoadMemory">xmlSecNssAppKeysMngrCertLoadMemory</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssAppKeysMngrCertLoad">xmlSecNssAppKeysMngrCertLoad</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssAppKeysMngrCertLoadSECItem">xmlSecNssAppKeysMngrCertLoadSECItem</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssAppPkcs12LoadMemory">xmlSecNssAppPkcs12LoadMemory</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssAppPkcs12Load">xmlSecNssAppPkcs12Load</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssAppPkcs12LoadSECItem">xmlSecNssAppPkcs12LoadSECItem</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssAppShutdown">xmlSecNssAppShutdown</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssErrorsDefaultCallback">xmlSecNssErrorsDefaultCallback</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssGenerateRandom">xmlSecNssGenerateRandom</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssGetInternalKeySlot">xmlSecNssGetInternalKeySlot</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssHmacGetMinOutputLength">xmlSecNssHmacGetMinOutputLength</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssHmacSetMinOutputLength">xmlSecNssHmacSetMinOutputLength</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssInit">xmlSecNssInit</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssKeyDataAesGetKlass">xmlSecNssKeyDataAesGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssKeyDataAesId">xmlSecNssKeyDataAesId</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssKeyDataAesSet">xmlSecNssKeyDataAesSet</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssKeyDataDesGetKlass">xmlSecNssKeyDataDesGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssKeyDataDesId">xmlSecNssKeyDataDesId</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssKeyDataDesSet">xmlSecNssKeyDataDesSet</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssKeyDataDsaGetKlass">xmlSecNssKeyDataDsaGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssKeyDataDsaId">xmlSecNssKeyDataDsaId</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssKeyDataHmacGetKlass">xmlSecNssKeyDataHmacGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssKeyDataHmacId">xmlSecNssKeyDataHmacId</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssKeyDataHmacSet">xmlSecNssKeyDataHmacSet</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssKeyDataRawX509CertGetKlass">xmlSecNssKeyDataRawX509CertGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssKeyDataRawX509CertId">xmlSecNssKeyDataRawX509CertId</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssKeyDataRsaGetKlass">xmlSecNssKeyDataRsaGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssKeyDataRsaId">xmlSecNssKeyDataRsaId</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssKeyDataX509AdoptCert">xmlSecNssKeyDataX509AdoptCert</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssKeyDataX509AdoptCrl">xmlSecNssKeyDataX509AdoptCrl</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssKeyDataX509AdoptKeyCert">xmlSecNssKeyDataX509AdoptKeyCert</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssKeyDataX509GetCert">xmlSecNssKeyDataX509GetCert</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssKeyDataX509GetCertsSize">xmlSecNssKeyDataX509GetCertsSize</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssKeyDataX509GetCrl">xmlSecNssKeyDataX509GetCrl</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssKeyDataX509GetCrlsSize">xmlSecNssKeyDataX509GetCrlsSize</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssKeyDataX509GetKeyCert">xmlSecNssKeyDataX509GetKeyCert</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssKeyDataX509GetKlass">xmlSecNssKeyDataX509GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssKeyDataX509Id">xmlSecNssKeyDataX509Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssKeysMngrInit">xmlSecNssKeysMngrInit</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssKeysStoreAdoptKey">xmlSecNssKeysStoreAdoptKey</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssKeysStoreGetKlass">xmlSecNssKeysStoreGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssKeysStoreId">xmlSecNssKeysStoreId</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssKeysStoreLoad">xmlSecNssKeysStoreLoad</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssKeysStoreSave">xmlSecNssKeysStoreSave</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssNodeGetBigNumValue">xmlSecNssNodeGetBigNumValue</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssNodeSetBigNumValue">xmlSecNssNodeSetBigNumValue</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssPKIAdoptKey">xmlSecNssPKIAdoptKey</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssPKIKeyDataDuplicate">xmlSecNssPKIKeyDataDuplicate</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssPKIKeyDataGetKeyType">xmlSecNssPKIKeyDataGetKeyType</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssPKIKeyDataGetPrivKey">xmlSecNssPKIKeyDataGetPrivKey</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssPKIKeyDataGetPubKey">xmlSecNssPKIKeyDataGetPubKey</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssShutdown">xmlSecNssShutdown</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformAes128CbcGetKlass">xmlSecNssTransformAes128CbcGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformAes128CbcId">xmlSecNssTransformAes128CbcId</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformAes192CbcGetKlass">xmlSecNssTransformAes192CbcGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformAes192CbcId">xmlSecNssTransformAes192CbcId</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformAes256CbcGetKlass">xmlSecNssTransformAes256CbcGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformAes256CbcId">xmlSecNssTransformAes256CbcId</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformDes3CbcGetKlass">xmlSecNssTransformDes3CbcGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformDes3CbcId">xmlSecNssTransformDes3CbcId</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformDsaSha1GetKlass">xmlSecNssTransformDsaSha1GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformDsaSha1Id">xmlSecNssTransformDsaSha1Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformHmacMd5GetKlass">xmlSecNssTransformHmacMd5GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformHmacMd5Id">xmlSecNssTransformHmacMd5Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformHmacRipemd160GetKlass">xmlSecNssTransformHmacRipemd160GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformHmacRipemd160Id">xmlSecNssTransformHmacRipemd160Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformHmacSha1GetKlass">xmlSecNssTransformHmacSha1GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformHmacSha1Id">xmlSecNssTransformHmacSha1Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformHmacSha256GetKlass">xmlSecNssTransformHmacSha256GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformHmacSha256Id">xmlSecNssTransformHmacSha256Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformHmacSha384GetKlass">xmlSecNssTransformHmacSha384GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformHmacSha384Id">xmlSecNssTransformHmacSha384Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformHmacSha512GetKlass">xmlSecNssTransformHmacSha512GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformHmacSha512Id">xmlSecNssTransformHmacSha512Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformKWAes128GetKlass">xmlSecNssTransformKWAes128GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformKWAes128Id">xmlSecNssTransformKWAes128Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformKWAes192GetKlass">xmlSecNssTransformKWAes192GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformKWAes192Id">xmlSecNssTransformKWAes192Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformKWAes256GetKlass">xmlSecNssTransformKWAes256GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformKWAes256Id">xmlSecNssTransformKWAes256Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformKWDes3GetKlass">xmlSecNssTransformKWDes3GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformKWDes3Id">xmlSecNssTransformKWDes3Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformMd5GetKlass">xmlSecNssTransformMd5GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformMd5Id">xmlSecNssTransformMd5Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformRsaMd5GetKlass">xmlSecNssTransformRsaMd5GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformRsaMd5Id">xmlSecNssTransformRsaMd5Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformRsaOaepGetKlass">xmlSecNssTransformRsaOaepGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformRsaOaepId">xmlSecNssTransformRsaOaepId</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformRsaPkcs1GetKlass">xmlSecNssTransformRsaPkcs1GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformRsaPkcs1Id">xmlSecNssTransformRsaPkcs1Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformRsaSha1GetKlass">xmlSecNssTransformRsaSha1GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformRsaSha1Id">xmlSecNssTransformRsaSha1Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformRsaSha256GetKlass">xmlSecNssTransformRsaSha256GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformRsaSha256Id">xmlSecNssTransformRsaSha256Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformRsaSha384GetKlass">xmlSecNssTransformRsaSha384GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformRsaSha384Id">xmlSecNssTransformRsaSha384Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformRsaSha512GetKlass">xmlSecNssTransformRsaSha512GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformRsaSha512Id">xmlSecNssTransformRsaSha512Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformSha1GetKlass">xmlSecNssTransformSha1GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformSha1Id">xmlSecNssTransformSha1Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformSha256GetKlass">xmlSecNssTransformSha256GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformSha256Id">xmlSecNssTransformSha256Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformSha384GetKlass">xmlSecNssTransformSha384GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformSha384Id">xmlSecNssTransformSha384Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformSha512GetKlass">xmlSecNssTransformSha512GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssTransformSha512Id">xmlSecNssTransformSha512Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssX509CertGetKey">xmlSecNssX509CertGetKey</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssX509StoreAdoptCert">xmlSecNssX509StoreAdoptCert</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssX509StoreFindCert">xmlSecNssX509StoreFindCert</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssX509StoreGetKlass">xmlSecNssX509StoreGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssX509StoreId">xmlSecNssX509StoreId</link></para></listitem>
+<listitem><para><link linkend="xmlSecNssX509StoreVerify">xmlSecNssX509StoreVerify</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLAppDefaultKeysMngrAdoptKey">xmlSecOpenSSLAppDefaultKeysMngrAdoptKey</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLAppDefaultKeysMngrInit">xmlSecOpenSSLAppDefaultKeysMngrInit</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLAppDefaultKeysMngrLoad">xmlSecOpenSSLAppDefaultKeysMngrLoad</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLAppDefaultKeysMngrSave">xmlSecOpenSSLAppDefaultKeysMngrSave</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLAppGetDefaultPwdCallback">xmlSecOpenSSLAppGetDefaultPwdCallback</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLAppInit">xmlSecOpenSSLAppInit</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLAppKeyCertLoadBIO">xmlSecOpenSSLAppKeyCertLoadBIO</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLAppKeyCertLoadMemory">xmlSecOpenSSLAppKeyCertLoadMemory</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLAppKeyCertLoad">xmlSecOpenSSLAppKeyCertLoad</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLAppKeyFromCertLoadBIO">xmlSecOpenSSLAppKeyFromCertLoadBIO</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLAppKeyLoadBIO">xmlSecOpenSSLAppKeyLoadBIO</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLAppKeyLoadMemory">xmlSecOpenSSLAppKeyLoadMemory</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLAppKeyLoad">xmlSecOpenSSLAppKeyLoad</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLAppKeysMngrAddCertsFile">xmlSecOpenSSLAppKeysMngrAddCertsFile</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLAppKeysMngrAddCertsPath">xmlSecOpenSSLAppKeysMngrAddCertsPath</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLAppKeysMngrCertLoadBIO">xmlSecOpenSSLAppKeysMngrCertLoadBIO</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLAppKeysMngrCertLoadMemory">xmlSecOpenSSLAppKeysMngrCertLoadMemory</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLAppKeysMngrCertLoad">xmlSecOpenSSLAppKeysMngrCertLoad</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLAppPkcs12LoadBIO">xmlSecOpenSSLAppPkcs12LoadBIO</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLAppPkcs12LoadMemory">xmlSecOpenSSLAppPkcs12LoadMemory</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLAppPkcs12Load">xmlSecOpenSSLAppPkcs12Load</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLAppShutdown">xmlSecOpenSSLAppShutdown</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLErrorsDefaultCallback">xmlSecOpenSSLErrorsDefaultCallback</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-OPENSSL-ERRORS-FUNCTION-CAPS">XMLSEC-OPENSSL-ERRORS-FUNCTION</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-OPENSSL-ERRORS-LIB-CAPS">XMLSEC-OPENSSL-ERRORS-LIB</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLEvpKeyAdopt">xmlSecOpenSSLEvpKeyAdopt</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLEvpKeyDataAdoptEvp">xmlSecOpenSSLEvpKeyDataAdoptEvp</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLEvpKeyDataGetEvp">xmlSecOpenSSLEvpKeyDataGetEvp</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLEvpKeyDup">xmlSecOpenSSLEvpKeyDup</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLGenerateRandom">xmlSecOpenSSLGenerateRandom</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLGetDefaultTrustedCertsFolder">xmlSecOpenSSLGetDefaultTrustedCertsFolder</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLHmacGetMinOutputLength">xmlSecOpenSSLHmacGetMinOutputLength</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLHmacSetMinOutputLength">xmlSecOpenSSLHmacSetMinOutputLength</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLInit">xmlSecOpenSSLInit</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLKeyDataAesGetKlass">xmlSecOpenSSLKeyDataAesGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLKeyDataAesId">xmlSecOpenSSLKeyDataAesId</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLKeyDataAesSet">xmlSecOpenSSLKeyDataAesSet</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLKeyDataDesGetKlass">xmlSecOpenSSLKeyDataDesGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLKeyDataDesId">xmlSecOpenSSLKeyDataDesId</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLKeyDataDesSet">xmlSecOpenSSLKeyDataDesSet</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLKeyDataDsaAdoptDsa">xmlSecOpenSSLKeyDataDsaAdoptDsa</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLKeyDataDsaAdoptEvp">xmlSecOpenSSLKeyDataDsaAdoptEvp</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLKeyDataDsaGetDsa">xmlSecOpenSSLKeyDataDsaGetDsa</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLKeyDataDsaGetEvp">xmlSecOpenSSLKeyDataDsaGetEvp</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLKeyDataDsaGetKlass">xmlSecOpenSSLKeyDataDsaGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLKeyDataDsaId">xmlSecOpenSSLKeyDataDsaId</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLKeyDataHmacGetKlass">xmlSecOpenSSLKeyDataHmacGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLKeyDataHmacId">xmlSecOpenSSLKeyDataHmacId</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLKeyDataHmacSet">xmlSecOpenSSLKeyDataHmacSet</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLKeyDataRawX509CertGetKlass">xmlSecOpenSSLKeyDataRawX509CertGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLKeyDataRawX509CertId">xmlSecOpenSSLKeyDataRawX509CertId</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLKeyDataRsaAdoptEvp">xmlSecOpenSSLKeyDataRsaAdoptEvp</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLKeyDataRsaAdoptRsa">xmlSecOpenSSLKeyDataRsaAdoptRsa</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLKeyDataRsaGetEvp">xmlSecOpenSSLKeyDataRsaGetEvp</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLKeyDataRsaGetKlass">xmlSecOpenSSLKeyDataRsaGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLKeyDataRsaGetRsa">xmlSecOpenSSLKeyDataRsaGetRsa</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLKeyDataRsaId">xmlSecOpenSSLKeyDataRsaId</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLKeyDataX509AdoptCert">xmlSecOpenSSLKeyDataX509AdoptCert</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLKeyDataX509AdoptCrl">xmlSecOpenSSLKeyDataX509AdoptCrl</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLKeyDataX509AdoptKeyCert">xmlSecOpenSSLKeyDataX509AdoptKeyCert</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLKeyDataX509GetCert">xmlSecOpenSSLKeyDataX509GetCert</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLKeyDataX509GetCertsSize">xmlSecOpenSSLKeyDataX509GetCertsSize</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLKeyDataX509GetCrl">xmlSecOpenSSLKeyDataX509GetCrl</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLKeyDataX509GetCrlsSize">xmlSecOpenSSLKeyDataX509GetCrlsSize</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLKeyDataX509GetKeyCert">xmlSecOpenSSLKeyDataX509GetKeyCert</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLKeyDataX509GetKlass">xmlSecOpenSSLKeyDataX509GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLKeyDataX509Id">xmlSecOpenSSLKeyDataX509Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLKeysMngrInit">xmlSecOpenSSLKeysMngrInit</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLNodeGetBNValue">xmlSecOpenSSLNodeGetBNValue</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLNodeSetBNValue">xmlSecOpenSSLNodeSetBNValue</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLSetDefaultTrustedCertsFolder">xmlSecOpenSSLSetDefaultTrustedCertsFolder</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLShutdown">xmlSecOpenSSLShutdown</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformAes128CbcGetKlass">xmlSecOpenSSLTransformAes128CbcGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformAes128CbcId">xmlSecOpenSSLTransformAes128CbcId</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformAes192CbcGetKlass">xmlSecOpenSSLTransformAes192CbcGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformAes192CbcId">xmlSecOpenSSLTransformAes192CbcId</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformAes256CbcGetKlass">xmlSecOpenSSLTransformAes256CbcGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformAes256CbcId">xmlSecOpenSSLTransformAes256CbcId</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformDes3CbcGetKlass">xmlSecOpenSSLTransformDes3CbcGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformDes3CbcId">xmlSecOpenSSLTransformDes3CbcId</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformDsaSha1GetKlass">xmlSecOpenSSLTransformDsaSha1GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformDsaSha1Id">xmlSecOpenSSLTransformDsaSha1Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformHmacMd5GetKlass">xmlSecOpenSSLTransformHmacMd5GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformHmacMd5Id">xmlSecOpenSSLTransformHmacMd5Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformHmacRipemd160GetKlass">xmlSecOpenSSLTransformHmacRipemd160GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformHmacRipemd160Id">xmlSecOpenSSLTransformHmacRipemd160Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformHmacSha1GetKlass">xmlSecOpenSSLTransformHmacSha1GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformHmacSha1Id">xmlSecOpenSSLTransformHmacSha1Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformHmacSha224GetKlass">xmlSecOpenSSLTransformHmacSha224GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformHmacSha224Id">xmlSecOpenSSLTransformHmacSha224Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformHmacSha256GetKlass">xmlSecOpenSSLTransformHmacSha256GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformHmacSha256Id">xmlSecOpenSSLTransformHmacSha256Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformHmacSha384GetKlass">xmlSecOpenSSLTransformHmacSha384GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformHmacSha384Id">xmlSecOpenSSLTransformHmacSha384Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformHmacSha512GetKlass">xmlSecOpenSSLTransformHmacSha512GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformHmacSha512Id">xmlSecOpenSSLTransformHmacSha512Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformKWAes128GetKlass">xmlSecOpenSSLTransformKWAes128GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformKWAes128Id">xmlSecOpenSSLTransformKWAes128Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformKWAes192GetKlass">xmlSecOpenSSLTransformKWAes192GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformKWAes192Id">xmlSecOpenSSLTransformKWAes192Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformKWAes256GetKlass">xmlSecOpenSSLTransformKWAes256GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformKWAes256Id">xmlSecOpenSSLTransformKWAes256Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformKWDes3GetKlass">xmlSecOpenSSLTransformKWDes3GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformKWDes3Id">xmlSecOpenSSLTransformKWDes3Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformMd5GetKlass">xmlSecOpenSSLTransformMd5GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformMd5Id">xmlSecOpenSSLTransformMd5Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformRipemd160GetKlass">xmlSecOpenSSLTransformRipemd160GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformRipemd160Id">xmlSecOpenSSLTransformRipemd160Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformRsaMd5GetKlass">xmlSecOpenSSLTransformRsaMd5GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformRsaMd5Id">xmlSecOpenSSLTransformRsaMd5Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformRsaOaepGetKlass">xmlSecOpenSSLTransformRsaOaepGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformRsaOaepId">xmlSecOpenSSLTransformRsaOaepId</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformRsaPkcs1GetKlass">xmlSecOpenSSLTransformRsaPkcs1GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformRsaPkcs1Id">xmlSecOpenSSLTransformRsaPkcs1Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformRsaRipemd160GetKlass">xmlSecOpenSSLTransformRsaRipemd160GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformRsaRipemd160Id">xmlSecOpenSSLTransformRsaRipemd160Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformRsaSha1GetKlass">xmlSecOpenSSLTransformRsaSha1GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformRsaSha1Id">xmlSecOpenSSLTransformRsaSha1Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformRsaSha224GetKlass">xmlSecOpenSSLTransformRsaSha224GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformRsaSha224Id">xmlSecOpenSSLTransformRsaSha224Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformRsaSha256GetKlass">xmlSecOpenSSLTransformRsaSha256GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformRsaSha256Id">xmlSecOpenSSLTransformRsaSha256Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformRsaSha384GetKlass">xmlSecOpenSSLTransformRsaSha384GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformRsaSha384Id">xmlSecOpenSSLTransformRsaSha384Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformRsaSha512GetKlass">xmlSecOpenSSLTransformRsaSha512GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformRsaSha512Id">xmlSecOpenSSLTransformRsaSha512Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformSha1GetKlass">xmlSecOpenSSLTransformSha1GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformSha1Id">xmlSecOpenSSLTransformSha1Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformSha224GetKlass">xmlSecOpenSSLTransformSha224GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformSha224Id">xmlSecOpenSSLTransformSha224Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformSha256GetKlass">xmlSecOpenSSLTransformSha256GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformSha256Id">xmlSecOpenSSLTransformSha256Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformSha384GetKlass">xmlSecOpenSSLTransformSha384GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformSha384Id">xmlSecOpenSSLTransformSha384Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformSha512GetKlass">xmlSecOpenSSLTransformSha512GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLTransformSha512Id">xmlSecOpenSSLTransformSha512Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLX509CertGetKey">xmlSecOpenSSLX509CertGetKey</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLX509StoreAddCertsFile">xmlSecOpenSSLX509StoreAddCertsFile</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLX509StoreAddCertsPath">xmlSecOpenSSLX509StoreAddCertsPath</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLX509StoreAdoptCert">xmlSecOpenSSLX509StoreAdoptCert</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLX509StoreAdoptCrl">xmlSecOpenSSLX509StoreAdoptCrl</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLX509StoreFindCert">xmlSecOpenSSLX509StoreFindCert</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLX509StoreGetKlass">xmlSecOpenSSLX509StoreGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLX509StoreId">xmlSecOpenSSLX509StoreId</link></para></listitem>
+<listitem><para><link linkend="xmlSecOpenSSLX509StoreVerify">xmlSecOpenSSLX509StoreVerify</link></para></listitem>
+<listitem><para><link linkend="xmlSecParseFile">xmlSecParseFile</link></para></listitem>
+<listitem><para><link linkend="xmlSecParseMemoryExt">xmlSecParseMemoryExt</link></para></listitem>
+<listitem><para><link linkend="xmlSecParseMemory">xmlSecParseMemory</link></para></listitem>
+<listitem><para><link linkend="xmlSecPrintXmlString">xmlSecPrintXmlString</link></para></listitem>
+<listitem><para><link linkend="xmlSecPtrDebugDumpItemMethod">xmlSecPtrDebugDumpItemMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecPtrDestroyItemMethod">xmlSecPtrDestroyItemMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecPtrDuplicateItemMethod">xmlSecPtrDuplicateItemMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecPtrListAdd">xmlSecPtrListAdd</link></para></listitem>
+<listitem><para><link linkend="xmlSecPtrListCheckId">xmlSecPtrListCheckId</link></para></listitem>
+<listitem><para><link linkend="xmlSecPtrListCopy">xmlSecPtrListCopy</link></para></listitem>
+<listitem><para><link linkend="xmlSecPtrListCreate">xmlSecPtrListCreate</link></para></listitem>
+<listitem><para><link linkend="xmlSecPtrListDebugDump">xmlSecPtrListDebugDump</link></para></listitem>
+<listitem><para><link linkend="xmlSecPtrListDebugXmlDump">xmlSecPtrListDebugXmlDump</link></para></listitem>
+<listitem><para><link linkend="xmlSecPtrListDestroy">xmlSecPtrListDestroy</link></para></listitem>
+<listitem><para><link linkend="xmlSecPtrListDuplicate">xmlSecPtrListDuplicate</link></para></listitem>
+<listitem><para><link linkend="xmlSecPtrListEmpty">xmlSecPtrListEmpty</link></para></listitem>
+<listitem><para><link linkend="xmlSecPtrListFinalize">xmlSecPtrListFinalize</link></para></listitem>
+<listitem><para><link linkend="xmlSecPtrListGetItem">xmlSecPtrListGetItem</link></para></listitem>
+<listitem><para><link linkend="xmlSecPtrListGetName">xmlSecPtrListGetName</link></para></listitem>
+<listitem><para><link linkend="xmlSecPtrListGetSize">xmlSecPtrListGetSize</link></para></listitem>
+<listitem><para><link linkend="xmlSecPtrListIdUnknown">xmlSecPtrListIdUnknown</link></para></listitem>
+<listitem><para><link linkend="xmlSecPtrListInitialize">xmlSecPtrListInitialize</link></para></listitem>
+<listitem><para><link linkend="xmlSecPtrListIsValid">xmlSecPtrListIsValid</link></para></listitem>
+<listitem><para><link linkend="xmlSecPtrListKlassGetName">xmlSecPtrListKlassGetName</link></para></listitem>
+<listitem><para><link linkend="xmlSecPtrListKlass">xmlSecPtrListKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecPtrList">xmlSecPtrList</link></para></listitem>
+<listitem><para><link linkend="xmlSecPtrListRemoveAndReturn">xmlSecPtrListRemoveAndReturn</link></para></listitem>
+<listitem><para><link linkend="xmlSecPtrListRemove">xmlSecPtrListRemove</link></para></listitem>
+<listitem><para><link linkend="xmlSecPtrListSetDefaultAllocMode">xmlSecPtrListSetDefaultAllocMode</link></para></listitem>
+<listitem><para><link linkend="xmlSecPtrListSet">xmlSecPtrListSet</link></para></listitem>
+<listitem><para><link linkend="xmlSecPtr">xmlSecPtr</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-PTR-TO-FUNC-IMPL-CAPS">XMLSEC-PTR-TO-FUNC-IMPL</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-PTR-TO-FUNC-CAPS">XMLSEC-PTR-TO-FUNC</link></para></listitem>
+<listitem><para><link linkend="xmlSecQName2BitMaskDebugDump">xmlSecQName2BitMaskDebugDump</link></para></listitem>
+<listitem><para><link linkend="xmlSecQName2BitMaskDebugXmlDump">xmlSecQName2BitMaskDebugXmlDump</link></para></listitem>
+<listitem><para><link linkend="xmlSecQName2BitMaskGetBitMaskFromString">xmlSecQName2BitMaskGetBitMaskFromString</link></para></listitem>
+<listitem><para><link linkend="xmlSecQName2BitMaskGetBitMask">xmlSecQName2BitMaskGetBitMask</link></para></listitem>
+<listitem><para><link linkend="xmlSecQName2BitMaskGetInfo">xmlSecQName2BitMaskGetInfo</link></para></listitem>
+<listitem><para><link linkend="xmlSecQName2BitMaskGetStringFromBitMask">xmlSecQName2BitMaskGetStringFromBitMask</link></para></listitem>
+<listitem><para><link linkend="xmlSecQName2BitMaskInfoConstPtr">xmlSecQName2BitMaskInfoConstPtr</link></para></listitem>
+<listitem><para><link linkend="xmlSecQName2BitMaskInfo">xmlSecQName2BitMaskInfo</link></para></listitem>
+<listitem><para><link linkend="xmlSecQName2BitMaskNodesRead">xmlSecQName2BitMaskNodesRead</link></para></listitem>
+<listitem><para><link linkend="xmlSecQName2BitMaskNodesWrite">xmlSecQName2BitMaskNodesWrite</link></para></listitem>
+<listitem><para><link linkend="xmlSecQName2IntegerAttributeRead">xmlSecQName2IntegerAttributeRead</link></para></listitem>
+<listitem><para><link linkend="xmlSecQName2IntegerAttributeWrite">xmlSecQName2IntegerAttributeWrite</link></para></listitem>
+<listitem><para><link linkend="xmlSecQName2IntegerDebugDump">xmlSecQName2IntegerDebugDump</link></para></listitem>
+<listitem><para><link linkend="xmlSecQName2IntegerDebugXmlDump">xmlSecQName2IntegerDebugXmlDump</link></para></listitem>
+<listitem><para><link linkend="xmlSecQName2IntegerGetInfo">xmlSecQName2IntegerGetInfo</link></para></listitem>
+<listitem><para><link linkend="xmlSecQName2IntegerGetIntegerFromString">xmlSecQName2IntegerGetIntegerFromString</link></para></listitem>
+<listitem><para><link linkend="xmlSecQName2IntegerGetInteger">xmlSecQName2IntegerGetInteger</link></para></listitem>
+<listitem><para><link linkend="xmlSecQName2IntegerGetStringFromInteger">xmlSecQName2IntegerGetStringFromInteger</link></para></listitem>
+<listitem><para><link linkend="xmlSecQName2IntegerInfoConstPtr">xmlSecQName2IntegerInfoConstPtr</link></para></listitem>
+<listitem><para><link linkend="xmlSecQName2IntegerInfo">xmlSecQName2IntegerInfo</link></para></listitem>
+<listitem><para><link linkend="xmlSecQName2IntegerNodeRead">xmlSecQName2IntegerNodeRead</link></para></listitem>
+<listitem><para><link linkend="xmlSecQName2IntegerNodeWrite">xmlSecQName2IntegerNodeWrite</link></para></listitem>
+<listitem><para><link linkend="xmlSecReplaceContentAndReturn">xmlSecReplaceContentAndReturn</link></para></listitem>
+<listitem><para><link linkend="xmlSecReplaceContent">xmlSecReplaceContent</link></para></listitem>
+<listitem><para><link linkend="xmlSecReplaceNodeAndReturn">xmlSecReplaceNodeAndReturn</link></para></listitem>
+<listitem><para><link linkend="xmlSecReplaceNodeBufferAndReturn">xmlSecReplaceNodeBufferAndReturn</link></para></listitem>
+<listitem><para><link linkend="xmlSecReplaceNodeBuffer">xmlSecReplaceNodeBuffer</link></para></listitem>
+<listitem><para><link linkend="xmlSecReplaceNode">xmlSecReplaceNode</link></para></listitem>
+<listitem><para><link linkend="xmlSecShutdown">xmlSecShutdown</link></para></listitem>
+<listitem><para><link linkend="xmlSecSimpleKeysStoreAdoptKey">xmlSecSimpleKeysStoreAdoptKey</link></para></listitem>
+<listitem><para><link linkend="xmlSecSimpleKeysStoreGetKeys">xmlSecSimpleKeysStoreGetKeys</link></para></listitem>
+<listitem><para><link linkend="xmlSecSimpleKeysStoreGetKlass">xmlSecSimpleKeysStoreGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecSimpleKeysStoreId">xmlSecSimpleKeysStoreId</link></para></listitem>
+<listitem><para><link linkend="xmlSecSimpleKeysStoreLoad">xmlSecSimpleKeysStoreLoad</link></para></listitem>
+<listitem><para><link linkend="xmlSecSimpleKeysStoreSave">xmlSecSimpleKeysStoreSave</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-SIZE-BAD-CAST-CAPS">XMLSEC-SIZE-BAD-CAST</link></para></listitem>
+<listitem><para><link linkend="xmlSecSize">xmlSecSize</link></para></listitem>
+<listitem><para><link linkend="xmlSecSoap11AddBodyEntry">xmlSecSoap11AddBodyEntry</link></para></listitem>
+<listitem><para><link linkend="xmlSecSoap11AddFaultEntry">xmlSecSoap11AddFaultEntry</link></para></listitem>
+<listitem><para><link linkend="xmlSecSoap11CheckEnvelope">xmlSecSoap11CheckEnvelope</link></para></listitem>
+<listitem><para><link linkend="xmlSecSoap11CreateEnvelope">xmlSecSoap11CreateEnvelope</link></para></listitem>
+<listitem><para><link linkend="xmlSecSoap11EnsureHeader">xmlSecSoap11EnsureHeader</link></para></listitem>
+<listitem><para><link linkend="xmlSecSoap11GetBodyEntriesNumber">xmlSecSoap11GetBodyEntriesNumber</link></para></listitem>
+<listitem><para><link linkend="xmlSecSoap11GetBodyEntry">xmlSecSoap11GetBodyEntry</link></para></listitem>
+<listitem><para><link linkend="xmlSecSoap11GetBody">xmlSecSoap11GetBody</link></para></listitem>
+<listitem><para><link linkend="xmlSecSoap11GetFaultEntry">xmlSecSoap11GetFaultEntry</link></para></listitem>
+<listitem><para><link linkend="xmlSecSoap11GetHeader">xmlSecSoap11GetHeader</link></para></listitem>
+<listitem><para><link linkend="xmlSecSoap12AddBodyEntry">xmlSecSoap12AddBodyEntry</link></para></listitem>
+<listitem><para><link linkend="xmlSecSoap12AddFaultDetailEntry">xmlSecSoap12AddFaultDetailEntry</link></para></listitem>
+<listitem><para><link linkend="xmlSecSoap12AddFaultEntry">xmlSecSoap12AddFaultEntry</link></para></listitem>
+<listitem><para><link linkend="xmlSecSoap12AddFaultReasonText">xmlSecSoap12AddFaultReasonText</link></para></listitem>
+<listitem><para><link linkend="xmlSecSoap12AddFaultSubcode">xmlSecSoap12AddFaultSubcode</link></para></listitem>
+<listitem><para><link linkend="xmlSecSoap12CheckEnvelope">xmlSecSoap12CheckEnvelope</link></para></listitem>
+<listitem><para><link linkend="xmlSecSoap12CreateEnvelope">xmlSecSoap12CreateEnvelope</link></para></listitem>
+<listitem><para><link linkend="xmlSecSoap12EnsureHeader">xmlSecSoap12EnsureHeader</link></para></listitem>
+<listitem><para><link linkend="xmlSecSoap12FaultCode">xmlSecSoap12FaultCode</link></para></listitem>
+<listitem><para><link linkend="xmlSecSoap12GetBodyEntriesNumber">xmlSecSoap12GetBodyEntriesNumber</link></para></listitem>
+<listitem><para><link linkend="xmlSecSoap12GetBodyEntry">xmlSecSoap12GetBodyEntry</link></para></listitem>
+<listitem><para><link linkend="xmlSecSoap12GetBody">xmlSecSoap12GetBody</link></para></listitem>
+<listitem><para><link linkend="xmlSecSoap12GetFaultEntry">xmlSecSoap12GetFaultEntry</link></para></listitem>
+<listitem><para><link linkend="xmlSecSoap12GetHeader">xmlSecSoap12GetHeader</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-STACK-OF-X509-CRL-CAPS">XMLSEC-STACK-OF-X509-CRL</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-STACK-OF-X509-CAPS">XMLSEC-STACK-OF-X509</link></para></listitem>
+<listitem><para><link linkend="xmlSecStringListGetKlass">xmlSecStringListGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecStringListId">xmlSecStringListId</link></para></listitem>
+<listitem><para><link linkend="xmlSecStrPrintf">xmlSecStrPrintf</link></para></listitem>
+<listitem><para><link linkend="xmlSecStrVPrintf">xmlSecStrVPrintf</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplCipherReferenceAddTransform">xmlSecTmplCipherReferenceAddTransform</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplEncDataAddEncProperty">xmlSecTmplEncDataAddEncProperty</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplEncDataCreate">xmlSecTmplEncDataCreate</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplEncDataEnsureCipherReference">xmlSecTmplEncDataEnsureCipherReference</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplEncDataEnsureCipherValue">xmlSecTmplEncDataEnsureCipherValue</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplEncDataEnsureEncProperties">xmlSecTmplEncDataEnsureEncProperties</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplEncDataEnsureKeyInfo">xmlSecTmplEncDataEnsureKeyInfo</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplEncDataGetEncMethodNode">xmlSecTmplEncDataGetEncMethodNode</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplKeyInfoAddEncryptedKey">xmlSecTmplKeyInfoAddEncryptedKey</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplKeyInfoAddKeyName">xmlSecTmplKeyInfoAddKeyName</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplKeyInfoAddKeyValue">xmlSecTmplKeyInfoAddKeyValue</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplKeyInfoAddRetrievalMethod">xmlSecTmplKeyInfoAddRetrievalMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplKeyInfoAddX509Data">xmlSecTmplKeyInfoAddX509Data</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplManifestAddReference">xmlSecTmplManifestAddReference</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplObjectAddManifest">xmlSecTmplObjectAddManifest</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplObjectAddSignProperties">xmlSecTmplObjectAddSignProperties</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplReferenceAddTransform">xmlSecTmplReferenceAddTransform</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplReferenceListAddDataReference">xmlSecTmplReferenceListAddDataReference</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplReferenceListAddKeyReference">xmlSecTmplReferenceListAddKeyReference</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplRetrievalMethodAddTransform">xmlSecTmplRetrievalMethodAddTransform</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplSignatureAddObject">xmlSecTmplSignatureAddObject</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplSignatureAddReference">xmlSecTmplSignatureAddReference</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplSignatureCreate">xmlSecTmplSignatureCreate</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplSignatureCreateNsPref">xmlSecTmplSignatureCreateNsPref</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplSignatureEnsureKeyInfo">xmlSecTmplSignatureEnsureKeyInfo</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplSignatureGetC14NMethodNode">xmlSecTmplSignatureGetC14NMethodNode</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplSignatureGetSignMethodNode">xmlSecTmplSignatureGetSignMethodNode</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplTransformAddC14NInclNamespaces">xmlSecTmplTransformAddC14NInclNamespaces</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplTransformAddHmacOutputLength">xmlSecTmplTransformAddHmacOutputLength</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplTransformAddRsaOaepParam">xmlSecTmplTransformAddRsaOaepParam</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplTransformAddXPath2">xmlSecTmplTransformAddXPath2</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplTransformAddXPath">xmlSecTmplTransformAddXPath</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplTransformAddXPointer">xmlSecTmplTransformAddXPointer</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplTransformAddXsltStylesheet">xmlSecTmplTransformAddXsltStylesheet</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplX509DataAddCertificate">xmlSecTmplX509DataAddCertificate</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplX509DataAddCRL">xmlSecTmplX509DataAddCRL</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplX509DataAddIssuerSerial">xmlSecTmplX509DataAddIssuerSerial</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplX509DataAddSKI">xmlSecTmplX509DataAddSKI</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplX509DataAddSubjectName">xmlSecTmplX509DataAddSubjectName</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplX509IssuerSerialAddIssuerName">xmlSecTmplX509IssuerSerialAddIssuerName</link></para></listitem>
+<listitem><para><link linkend="xmlSecTmplX509IssuerSerialAddSerialNumber">xmlSecTmplX509IssuerSerialAddSerialNumber</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformAes128CbcGetKlass">xmlSecTransformAes128CbcGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformAes128CbcId">xmlSecTransformAes128CbcId</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformAes192CbcGetKlass">xmlSecTransformAes192CbcGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformAes192CbcId">xmlSecTransformAes192CbcId</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformAes256CbcGetKlass">xmlSecTransformAes256CbcGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformAes256CbcId">xmlSecTransformAes256CbcId</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformBase64GetKlass">xmlSecTransformBase64GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformBase64Id">xmlSecTransformBase64Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformBase64SetLineSize">xmlSecTransformBase64SetLineSize</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-TRANSFORM-BINARY-CHUNK-CAPS">XMLSEC-TRANSFORM-BINARY-CHUNK</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformCheckId">xmlSecTransformCheckId</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformCheckSize">xmlSecTransformCheckSize</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformConnect">xmlSecTransformConnect</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformCreateInputBuffer">xmlSecTransformCreateInputBuffer</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformCreate">xmlSecTransformCreate</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformCreateOutputBuffer">xmlSecTransformCreateOutputBuffer</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformCtxAppend">xmlSecTransformCtxAppend</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformCtxBinaryExecute">xmlSecTransformCtxBinaryExecute</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformCtxCopyUserPref">xmlSecTransformCtxCopyUserPref</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformCtxCreateAndAppend">xmlSecTransformCtxCreateAndAppend</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformCtxCreateAndPrepend">xmlSecTransformCtxCreateAndPrepend</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformCtxCreate">xmlSecTransformCtxCreate</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformCtxDebugDump">xmlSecTransformCtxDebugDump</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformCtxDebugXmlDump">xmlSecTransformCtxDebugXmlDump</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformCtxDestroy">xmlSecTransformCtxDestroy</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformCtxExecute">xmlSecTransformCtxExecute</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformCtxFinalize">xmlSecTransformCtxFinalize</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-TRANSFORMCTX-FLAGS-USE-VISA3D-HACK-CAPS">XMLSEC-TRANSFORMCTX-FLAGS-USE-VISA3D-HACK</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformCtxInitialize">xmlSecTransformCtxInitialize</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformCtx">xmlSecTransformCtx</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformCtxNodeRead">xmlSecTransformCtxNodeRead</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformCtxNodesListRead">xmlSecTransformCtxNodesListRead</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformCtxPreExecuteCallback">xmlSecTransformCtxPreExecuteCallback</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformCtxPrepare">xmlSecTransformCtxPrepare</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformCtxPrepend">xmlSecTransformCtxPrepend</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformCtxReset">xmlSecTransformCtxReset</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformCtxSetUri">xmlSecTransformCtxSetUri</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformCtxUriExecute">xmlSecTransformCtxUriExecute</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformCtxXmlExecute">xmlSecTransformCtxXmlExecute</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformDataTypeBin">xmlSecTransformDataTypeBin</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformDataType">xmlSecTransformDataType</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformDataTypeUnknown">xmlSecTransformDataTypeUnknown</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformDataTypeXml">xmlSecTransformDataTypeXml</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformDebugDump">xmlSecTransformDebugDump</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformDebugXmlDump">xmlSecTransformDebugXmlDump</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformDefaultGetDataType">xmlSecTransformDefaultGetDataType</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformDefaultPopBin">xmlSecTransformDefaultPopBin</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformDefaultPopXml">xmlSecTransformDefaultPopXml</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformDefaultPushBin">xmlSecTransformDefaultPushBin</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformDefaultPushXml">xmlSecTransformDefaultPushXml</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformDes3CbcGetKlass">xmlSecTransformDes3CbcGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformDes3CbcId">xmlSecTransformDes3CbcId</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformDestroy">xmlSecTransformDestroy</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformDsaSha1GetKlass">xmlSecTransformDsaSha1GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformDsaSha1Id">xmlSecTransformDsaSha1Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformEnvelopedGetKlass">xmlSecTransformEnvelopedGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformEnvelopedId">xmlSecTransformEnvelopedId</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformExclC14NGetKlass">xmlSecTransformExclC14NGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformExclC14NId">xmlSecTransformExclC14NId</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformExclC14NWithCommentsGetKlass">xmlSecTransformExclC14NWithCommentsGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformExclC14NWithCommentsId">xmlSecTransformExclC14NWithCommentsId</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformExecuteMethod">xmlSecTransformExecuteMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformExecute">xmlSecTransformExecute</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformFinalizeMethod">xmlSecTransformFinalizeMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformGetDataTypeMethod">xmlSecTransformGetDataTypeMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformGetDataType">xmlSecTransformGetDataType</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformGetName">xmlSecTransformGetName</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformGost2001GostR3411-94GetKlass-CAPS">xmlSecTransformGost2001GostR3411-94GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformGost2001GostR3411-94Id-CAPS">xmlSecTransformGost2001GostR3411-94Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformGostR3411-94GetKlass-CAPS">xmlSecTransformGostR3411-94GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformGostR3411-94Id-CAPS">xmlSecTransformGostR3411-94Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformHmacMd5GetKlass">xmlSecTransformHmacMd5GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformHmacMd5Id">xmlSecTransformHmacMd5Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformHmacRipemd160GetKlass">xmlSecTransformHmacRipemd160GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformHmacRipemd160Id">xmlSecTransformHmacRipemd160Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformHmacSha1GetKlass">xmlSecTransformHmacSha1GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformHmacSha1Id">xmlSecTransformHmacSha1Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformHmacSha224GetKlass">xmlSecTransformHmacSha224GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformHmacSha224Id">xmlSecTransformHmacSha224Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformHmacSha256GetKlass">xmlSecTransformHmacSha256GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformHmacSha256Id">xmlSecTransformHmacSha256Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformHmacSha384GetKlass">xmlSecTransformHmacSha384GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformHmacSha384Id">xmlSecTransformHmacSha384Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformHmacSha512GetKlass">xmlSecTransformHmacSha512GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformHmacSha512Id">xmlSecTransformHmacSha512Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformIdListDebugDump">xmlSecTransformIdListDebugDump</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformIdListDebugXmlDump">xmlSecTransformIdListDebugXmlDump</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformIdListFindByHref">xmlSecTransformIdListFindByHref</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformIdListFindByName">xmlSecTransformIdListFindByName</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformIdListFind">xmlSecTransformIdListFind</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformIdListGetKlass">xmlSecTransformIdListGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformIdListId">xmlSecTransformIdListId</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformIdsGet">xmlSecTransformIdsGet</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformIdsInit">xmlSecTransformIdsInit</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformIdsRegisterDefault">xmlSecTransformIdsRegisterDefault</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformIdsRegister">xmlSecTransformIdsRegister</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformIdsShutdown">xmlSecTransformIdsShutdown</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformIdUnknown">xmlSecTransformIdUnknown</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformInclC14N11GetKlass">xmlSecTransformInclC14N11GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformInclC14N11Id">xmlSecTransformInclC14N11Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformInclC14N11WithCommentsGetKlass">xmlSecTransformInclC14N11WithCommentsGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformInclC14N11WithCommentsId">xmlSecTransformInclC14N11WithCommentsId</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformInclC14NGetKlass">xmlSecTransformInclC14NGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformInclC14NId">xmlSecTransformInclC14NId</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformInclC14NWithCommentsGetKlass">xmlSecTransformInclC14NWithCommentsGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformInclC14NWithCommentsId">xmlSecTransformInclC14NWithCommentsId</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformInitializeMethod">xmlSecTransformInitializeMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformInputURIGetKlass">xmlSecTransformInputURIGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformInputURIId">xmlSecTransformInputURIId</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformInputURIOpen">xmlSecTransformInputURIOpen</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformIsValid">xmlSecTransformIsValid</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformKlassGetName">xmlSecTransformKlassGetName</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformKlass">xmlSecTransformKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformKWAes128GetKlass">xmlSecTransformKWAes128GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformKWAes128Id">xmlSecTransformKWAes128Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformKWAes192GetKlass">xmlSecTransformKWAes192GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformKWAes192Id">xmlSecTransformKWAes192Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformKWAes256GetKlass">xmlSecTransformKWAes256GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformKWAes256Id">xmlSecTransformKWAes256Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformKWDes3GetKlass">xmlSecTransformKWDes3GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformKWDes3Id">xmlSecTransformKWDes3Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformMd5GetKlass">xmlSecTransformMd5GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformMd5Id">xmlSecTransformMd5Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformMemBufGetBuffer">xmlSecTransformMemBufGetBuffer</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformMemBufGetKlass">xmlSecTransformMemBufGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformMemBufId">xmlSecTransformMemBufId</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformMode">xmlSecTransformMode</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransform">xmlSecTransform</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformNodeReadMethod">xmlSecTransformNodeReadMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformNodeRead">xmlSecTransformNodeRead</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformNodeWriteMethod">xmlSecTransformNodeWriteMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformOperation">xmlSecTransformOperation</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformPopBinMethod">xmlSecTransformPopBinMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformPopBin">xmlSecTransformPopBin</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformPopXmlMethod">xmlSecTransformPopXmlMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformPopXml">xmlSecTransformPopXml</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformPump">xmlSecTransformPump</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformPushBinMethod">xmlSecTransformPushBinMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformPushBin">xmlSecTransformPushBin</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformPushXmlMethod">xmlSecTransformPushXmlMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformPushXml">xmlSecTransformPushXml</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformRemove">xmlSecTransformRemove</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformRemoveXmlTagsC14NGetKlass">xmlSecTransformRemoveXmlTagsC14NGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformRemoveXmlTagsC14NId">xmlSecTransformRemoveXmlTagsC14NId</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformRipemd160GetKlass">xmlSecTransformRipemd160GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformRipemd160Id">xmlSecTransformRipemd160Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformRsaMd5GetKlass">xmlSecTransformRsaMd5GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformRsaMd5Id">xmlSecTransformRsaMd5Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformRsaOaepGetKlass">xmlSecTransformRsaOaepGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformRsaOaepId">xmlSecTransformRsaOaepId</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformRsaPkcs1GetKlass">xmlSecTransformRsaPkcs1GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformRsaPkcs1Id">xmlSecTransformRsaPkcs1Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformRsaRipemd160GetKlass">xmlSecTransformRsaRipemd160GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformRsaRipemd160Id">xmlSecTransformRsaRipemd160Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformRsaSha1GetKlass">xmlSecTransformRsaSha1GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformRsaSha1Id">xmlSecTransformRsaSha1Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformRsaSha224GetKlass">xmlSecTransformRsaSha224GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformRsaSha224Id">xmlSecTransformRsaSha224Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformRsaSha256GetKlass">xmlSecTransformRsaSha256GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformRsaSha256Id">xmlSecTransformRsaSha256Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformRsaSha384GetKlass">xmlSecTransformRsaSha384GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformRsaSha384Id">xmlSecTransformRsaSha384Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformRsaSha512GetKlass">xmlSecTransformRsaSha512GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformRsaSha512Id">xmlSecTransformRsaSha512Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformSetKeyMethod">xmlSecTransformSetKeyMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformSetKey">xmlSecTransformSetKey</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformSetKeyReq">xmlSecTransformSetKeyReq</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformSetKeyRequirementsMethod">xmlSecTransformSetKeyRequirementsMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformSha1GetKlass">xmlSecTransformSha1GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformSha1Id">xmlSecTransformSha1Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformSha224GetKlass">xmlSecTransformSha224GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformSha224Id">xmlSecTransformSha224Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformSha256GetKlass">xmlSecTransformSha256GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformSha256Id">xmlSecTransformSha256Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformSha384GetKlass">xmlSecTransformSha384GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformSha384Id">xmlSecTransformSha384Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformSha512GetKlass">xmlSecTransformSha512GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformSha512Id">xmlSecTransformSha512Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformStatus">xmlSecTransformStatus</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformUriTypeAny">xmlSecTransformUriTypeAny</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformUriTypeCheck">xmlSecTransformUriTypeCheck</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformUriTypeEmpty">xmlSecTransformUriTypeEmpty</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformUriTypeLocal">xmlSecTransformUriTypeLocal</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformUriType">xmlSecTransformUriType</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformUriTypeNone">xmlSecTransformUriTypeNone</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformUriTypeRemote">xmlSecTransformUriTypeRemote</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformUriTypeSameDocument">xmlSecTransformUriTypeSameDocument</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformUsageAny">xmlSecTransformUsageAny</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformUsageC14NMethod">xmlSecTransformUsageC14NMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformUsageDigestMethod">xmlSecTransformUsageDigestMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformUsageDSigTransform">xmlSecTransformUsageDSigTransform</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformUsageEncryptionMethod">xmlSecTransformUsageEncryptionMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformUsage">xmlSecTransformUsage</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformUsageSignatureMethod">xmlSecTransformUsageSignatureMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformUsageUnknown">xmlSecTransformUsageUnknown</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformVerifyMethod">xmlSecTransformVerifyMethod</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformVerify">xmlSecTransformVerify</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformVerifyNodeContent">xmlSecTransformVerifyNodeContent</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformVisa3DHackGetKlass">xmlSecTransformVisa3DHackGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformVisa3DHackId">xmlSecTransformVisa3DHackId</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformVisa3DHackSetID">xmlSecTransformVisa3DHackSetID</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformXmlParserGetKlass">xmlSecTransformXmlParserGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformXmlParserId">xmlSecTransformXmlParserId</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformXPath2GetKlass">xmlSecTransformXPath2GetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformXPath2Id">xmlSecTransformXPath2Id</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformXPathGetKlass">xmlSecTransformXPathGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformXPathId">xmlSecTransformXPathId</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformXPointerGetKlass">xmlSecTransformXPointerGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformXPointerId">xmlSecTransformXPointerId</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformXPointerSetExpr">xmlSecTransformXPointerSetExpr</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformXsltGetKlass">xmlSecTransformXsltGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformXsltId">xmlSecTransformXsltId</link></para></listitem>
+<listitem><para><link linkend="xmlSecTransformXsltSetDefaultSecurityPrefs">xmlSecTransformXsltSetDefaultSecurityPrefs</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-VERSION-INFO-CAPS">XMLSEC-VERSION-INFO</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-VERSION-MAJOR-CAPS">XMLSEC-VERSION-MAJOR</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-VERSION-MINOR-CAPS">XMLSEC-VERSION-MINOR</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-VERSION-CAPS">XMLSEC-VERSION</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-VERSION-SUBMINOR-CAPS">XMLSEC-VERSION-SUBMINOR</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-X509DATA-CERTIFICATE-NODE-CAPS">XMLSEC-X509DATA-CERTIFICATE-NODE</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-X509DATA-CRL-NODE-CAPS">XMLSEC-X509DATA-CRL-NODE</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-X509DATA-DEFAULT-CAPS">XMLSEC-X509DATA-DEFAULT</link></para></listitem>
+<listitem><para><link linkend="xmlSecX509DataGetNodeContent">xmlSecX509DataGetNodeContent</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-X509DATA-ISSUERSERIAL-NODE-CAPS">XMLSEC-X509DATA-ISSUERSERIAL-NODE</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-X509DATA-SKI-NODE-CAPS">XMLSEC-X509DATA-SKI-NODE</link></para></listitem>
+<listitem><para><link linkend="XMLSEC-X509DATA-SUBJECTNAME-NODE-CAPS">XMLSEC-X509DATA-SUBJECTNAME-NODE</link></para></listitem>
+<listitem><para><link linkend="xmlSecX509StoreGetKlass">xmlSecX509StoreGetKlass</link></para></listitem>
+<listitem><para><link linkend="xmlSecX509StoreId">xmlSecX509StoreId</link></para></listitem>
diff --git a/docs/api/xmlsec-io.html b/docs/api/xmlsec-io.html
new file mode 100644
index 00000000..497676d3
--- /dev/null
+++ b/docs/api/xmlsec-io.html
@@ -0,0 +1,226 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>io</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Core Library API Reference." href="xmlsec-ref.html">
+<link rel="PREVIOUS" title="errors" href="xmlsec-errors.html">
+<link rel="NEXT" title="keyinfo" href="xmlsec-keyinfo.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-errors.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-keyinfo.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-IO"></a>io</h1>
+<div class="REFNAMEDIV">
+<a name="AEN6257"></a><h2>Name</h2>io -- Input/output support.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-IO.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-io.html#XMLSECIOINIT">xmlSecIOInit</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-io.html#XMLSECIOSHUTDOWN">xmlSecIOShutdown</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-io.html#XMLSECIOCLEANUPCALLBACKS">xmlSecIOCleanupCallbacks</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-io.html#XMLSECIOREGISTERDEFAULTCALLBACKS">xmlSecIORegisterDefaultCallbacks</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-io.html#XMLSECIOREGISTERCALLBACKS">xmlSecIORegisterCallbacks</a> (<code class="PARAMETER"><gtkdoclink href="XMLINPUTMATCHCALLBACK"><span class="TYPE">xmlInputMatchCallback</span></gtkdoclink> matchFunc</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLINPUTOPENCALLBACK"><span class="TYPE">xmlInputOpenCallback</span></gtkdoclink> openFunc</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLINPUTREADCALLBACK"><span class="TYPE">xmlInputReadCallback</span></gtkdoclink> readFunc</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLINPUTCLOSECALLBACK"><span class="TYPE">xmlInputCloseCallback</span></gtkdoclink> closeFunc</code>);
+#define <a href="xmlsec-io.html#XMLSECTRANSFORMINPUTURIID">xmlSecTransformInputURIId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-io.html#XMLSECTRANSFORMINPUTURIGETKLASS">xmlSecTransformInputURIGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-io.html#XMLSECTRANSFORMINPUTURIOPEN">xmlSecTransformInputURIOpen</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *uri</code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-IO.DESCRIPTION"></a><h2>Description</h2>
+<p>Input/output support.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-IO.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECIOINIT"></a><h3>xmlSecIOInit ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecIOInit (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The IO initialization (called from <a href="xmlsec-xmlsec.html#XMLSECINIT"><span class="TYPE">xmlSecInit</span></a> function).
+Applications should not call this function directly.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN6331"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECIOSHUTDOWN"></a><h3>xmlSecIOShutdown ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecIOShutdown (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The IO clenaup (called from <a href="xmlsec-xmlsec.html#XMLSECSHUTDOWN"><span class="TYPE">xmlSecShutdown</span></a> function).
+Applications should not call this function directly.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECIOCLEANUPCALLBACKS"></a><h3>xmlSecIOCleanupCallbacks ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecIOCleanupCallbacks (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Clears the entire input callback table. this includes the
+compiled-in I/O.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECIOREGISTERDEFAULTCALLBACKS"></a><h3>xmlSecIORegisterDefaultCallbacks ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecIORegisterDefaultCallbacks (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Registers the default compiled-in I/O handlers.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN6369"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECIOREGISTERCALLBACKS"></a><h3>xmlSecIORegisterCallbacks ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecIORegisterCallbacks (<code class="PARAMETER"><gtkdoclink href="XMLINPUTMATCHCALLBACK"><span class="TYPE">xmlInputMatchCallback</span></gtkdoclink> matchFunc</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLINPUTOPENCALLBACK"><span class="TYPE">xmlInputOpenCallback</span></gtkdoclink> openFunc</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLINPUTREADCALLBACK"><span class="TYPE">xmlInputReadCallback</span></gtkdoclink> readFunc</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLINPUTCLOSECALLBACK"><span class="TYPE">xmlInputCloseCallback</span></gtkdoclink> closeFunc</code>);</pre>
+<p>Register a new set of I/O callback for handling parser input.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6395"><span style="white-space: nowrap"><code class="PARAMETER">matchFunc</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the protocol match callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6400"><span style="white-space: nowrap"><code class="PARAMETER">openFunc</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the open stream callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6405"><span style="white-space: nowrap"><code class="PARAMETER">readFunc</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the read from stream callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6410"><span style="white-space: nowrap"><code class="PARAMETER">closeFunc</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the close stream callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6415"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMINPUTURIID"></a><h3>xmlSecTransformInputURIId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformInputURIId</pre>
+<p>The Input URI transform id.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMINPUTURIGETKLASS"></a><h3>xmlSecTransformInputURIGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformInputURIGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The input uri transform klass. Reads binary data from an uri.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN6437"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> input URI transform id.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMINPUTURIOPEN"></a><h3>xmlSecTransformInputURIOpen ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTransformInputURIOpen (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *uri</code>);</pre>
+<p>Opens the given <code class="PARAMETER">uri</code> for reading.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6458"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to IO transform.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6463"><span style="white-space: nowrap"><code class="PARAMETER">uri</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the URL to open.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6468"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-errors.html"><b>&lt;&lt;&lt; errors</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-keyinfo.html"><b>keyinfo &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-keyinfo.html b/docs/api/xmlsec-keyinfo.html
new file mode 100644
index 00000000..26fc9231
--- /dev/null
+++ b/docs/api/xmlsec-keyinfo.html
@@ -0,0 +1,700 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>keyinfo</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Core Library API Reference." href="xmlsec-ref.html">
+<link rel="PREVIOUS" title="io" href="xmlsec-io.html">
+<link rel="NEXT" title="keysdata" href="xmlsec-keysdata.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-io.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-keysdata.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-KEYINFO"></a>keyinfo</h1>
+<div class="REFNAMEDIV">
+<a name="AEN6478"></a><h2>Name</h2>keyinfo -- <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node parser.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-KEYINFO.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keyinfo.html#XMLSECKEYINFONODEREAD">xmlSecKeyInfoNodeRead</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> keyInfoNode</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keyinfo.html#XMLSECKEYINFONODEWRITE">xmlSecKeyInfoNodeWrite</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> keyInfoNode</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);
+enum <a href="xmlsec-keyinfo.html#XMLSECKEYINFOMODE">xmlSecKeyInfoMode</a>;
+#define <a href="xmlsec-keyinfo.html#XMLSEC-KEYINFO-FLAGS-DONT-STOP-ON-KEY-FOUND:CAPS">XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND</a>
+#define <a href="xmlsec-keyinfo.html#XMLSEC-KEYINFO-FLAGS-STOP-ON-UNKNOWN-CHILD:CAPS">XMLSEC_KEYINFO_FLAGS_STOP_ON_UNKNOWN_CHILD</a>
+#define <a href="xmlsec-keyinfo.html#XMLSEC-KEYINFO-FLAGS-KEYNAME-STOP-ON-UNKNOWN:CAPS">XMLSEC_KEYINFO_FLAGS_KEYNAME_STOP_ON_UNKNOWN</a>
+#define <a href="xmlsec-keyinfo.html#XMLSEC-KEYINFO-FLAGS-KEYVALUE-STOP-ON-UNKNOWN-CHILD:CAPS">XMLSEC_KEYINFO_FLAGS_KEYVALUE_STOP_ON_UNKNOWN_CHILD</a>
+#define <a href="xmlsec-keyinfo.html#XMLSEC-KEYINFO-FLAGS-RETRMETHOD-STOP-ON-UNKNOWN-HREF:CAPS">XMLSEC_KEYINFO_FLAGS_RETRMETHOD_STOP_ON_UNKNOWN_HREF</a>
+#define <a href="xmlsec-keyinfo.html#XMLSEC-KEYINFO-FLAGS-RETRMETHOD-STOP-ON-MISMATCH-HREF:CAPS">XMLSEC_KEYINFO_FLAGS_RETRMETHOD_STOP_ON_MISMATCH_HREF</a>
+#define <a href="xmlsec-keyinfo.html#XMLSEC-KEYINFO-FLAGS-X509DATA-STOP-ON-UNKNOWN-CHILD:CAPS">XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD</a>
+#define <a href="xmlsec-keyinfo.html#XMLSEC-KEYINFO-FLAGS-X509DATA-DONT-VERIFY-CERTS:CAPS">XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS</a>
+#define <a href="xmlsec-keyinfo.html#XMLSEC-KEYINFO-FLAGS-X509DATA-STOP-ON-UNKNOWN-CERT:CAPS">XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT</a>
+#define <a href="xmlsec-keyinfo.html#XMLSEC-KEYINFO-FLAGS-X509DATA-STOP-ON-INVALID-CERT:CAPS">XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT</a>
+#define <a href="xmlsec-keyinfo.html#XMLSEC-KEYINFO-FLAGS-ENCKEY-DONT-STOP-ON-FAILED-DECRYPTION:CAPS">XMLSEC_KEYINFO_FLAGS_ENCKEY_DONT_STOP_ON_FAILED_DECRYPTION</a>
+#define <a href="xmlsec-keyinfo.html#XMLSEC-KEYINFO-FLAGS-STOP-ON-EMPTY-NODE:CAPS">XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE</a>
+#define <a href="xmlsec-keyinfo.html#XMLSEC-KEYINFO-FLAGS-X509DATA-SKIP-STRICT-CHECKS:CAPS">XMLSEC_KEYINFO_FLAGS_X509DATA_SKIP_STRICT_CHECKS</a>
+struct <a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX">xmlSecKeyInfoCtx</a>;
+<gtkdoclink href="XMLSECKEYINFOCTXPTR"><span class="RETURNVALUE">xmlSecKeyInfoCtxPtr</span></gtkdoclink><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTXCREATE">xmlSecKeyInfoCtxCreate</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> keysMngr</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTXDESTROY">xmlSecKeyInfoCtxDestroy</a> (<code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTXINITIALIZE">xmlSecKeyInfoCtxInitialize</a> (<code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> keysMngr</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTXFINALIZE">xmlSecKeyInfoCtxFinalize</a> (<code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTXRESET">xmlSecKeyInfoCtxReset</a> (<code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTXCOPYUSERPREF">xmlSecKeyInfoCtxCopyUserPref</a> (<code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> dst</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> src</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTXCREATEENCCTX">xmlSecKeyInfoCtxCreateEncCtx</a> (<code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTXDEBUGDUMP">xmlSecKeyInfoCtxDebugDump</a> (<code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTXDEBUGXMLDUMP">xmlSecKeyInfoCtxDebugXmlDump</a> (<code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);
+#define <a href="xmlsec-keyinfo.html#XMLSECKEYDATANAMEID">xmlSecKeyDataNameId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-keyinfo.html#XMLSECKEYDATANAMEGETKLASS">xmlSecKeyDataNameGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-keyinfo.html#XMLSECKEYDATAVALUEID">xmlSecKeyDataValueId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-keyinfo.html#XMLSECKEYDATAVALUEGETKLASS">xmlSecKeyDataValueGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-keyinfo.html#XMLSECKEYDATARETRIEVALMETHODID">xmlSecKeyDataRetrievalMethodId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-keyinfo.html#XMLSECKEYDATARETRIEVALMETHODGETKLASS">xmlSecKeyDataRetrievalMethodGetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-keyinfo.html#XMLSECKEYDATAENCRYPTEDKEYID">xmlSecKeyDataEncryptedKeyId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-keyinfo.html#XMLSECKEYDATAENCRYPTEDKEYGETKLASS">xmlSecKeyDataEncryptedKeyGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-KEYINFO.DESCRIPTION"></a><h2>Description</h2>
+<p><a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node parser.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-KEYINFO.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECKEYINFONODEREAD"></a><h3>xmlSecKeyInfoNodeRead ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecKeyInfoNodeRead (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> keyInfoNode</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);</pre>
+<p>Parses the <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> element <code class="PARAMETER">keyInfoNode</code>, extracts the key data
+and stores into <code class="PARAMETER">key</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6641"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6647"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to result key object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6652"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> element processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6658"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or -1 if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYINFONODEWRITE"></a><h3>xmlSecKeyInfoNodeWrite ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecKeyInfoNodeWrite (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> keyInfoNode</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);</pre>
+<p>Writes the <code class="PARAMETER">key</code> into the <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> element template <code class="PARAMETER">keyInfoNode</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6684"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6690"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6695"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> element processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6701"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or -1 if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYINFOMODE"></a><h3>enum xmlSecKeyInfoMode</h3>
+<pre class="PROGRAMLISTING">typedef enum {
+ xmlSecKeyInfoModeRead = 0,
+ xmlSecKeyInfoModeWrite
+} xmlSecKeyInfoMode;</pre>
+<p>The <code class="PARAMETER">xmlSecKeyInfoCtx</code> operation mode (read or write).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECKEYINFOMODEREAD"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecKeyInfoModeRead</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>read <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo%20" target="_top">&lt;dsig:KeyInfo /&gt;</a> element.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECKEYINFOMODEWRITE"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecKeyInfoModeWrite</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>write <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo%20" target="_top">&lt;dsig:KeyInfo /&gt;</a> element.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-KEYINFO-FLAGS-DONT-STOP-ON-KEY-FOUND:CAPS"></a><h3>XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND 0x00000001</pre>
+<p>If flag is set then we will continue reading <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo%20" target="_top">&lt;dsig:KeyInfo /&gt;</a>
+element even when key is already found.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-KEYINFO-FLAGS-STOP-ON-UNKNOWN-CHILD:CAPS"></a><h3>XMLSEC_KEYINFO_FLAGS_STOP_ON_UNKNOWN_CHILD</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_KEYINFO_FLAGS_STOP_ON_UNKNOWN_CHILD 0x00000002</pre>
+<p>If flag is set then we abort if an unknown <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo%20" target="_top">&lt;dsig:KeyInfo /&gt;</a>
+child is found.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-KEYINFO-FLAGS-KEYNAME-STOP-ON-UNKNOWN:CAPS"></a><h3>XMLSEC_KEYINFO_FLAGS_KEYNAME_STOP_ON_UNKNOWN</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_KEYINFO_FLAGS_KEYNAME_STOP_ON_UNKNOWN 0x00000004</pre>
+<p>If flags is set then we abort if an unknown key name
+(content of <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyName%20" target="_top">&lt;dsig:KeyName /&gt;</a> element) is found.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-KEYINFO-FLAGS-KEYVALUE-STOP-ON-UNKNOWN-CHILD:CAPS"></a><h3>XMLSEC_KEYINFO_FLAGS_KEYVALUE_STOP_ON_UNKNOWN_CHILD</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_KEYINFO_FLAGS_KEYVALUE_STOP_ON_UNKNOWN_CHILD 0x00000008</pre>
+<p>If flags is set then we abort if an unknown <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyValue%20" target="_top">&lt;dsig:KeyValue /&gt;</a>
+child is found.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-KEYINFO-FLAGS-RETRMETHOD-STOP-ON-UNKNOWN-HREF:CAPS"></a><h3>XMLSEC_KEYINFO_FLAGS_RETRMETHOD_STOP_ON_UNKNOWN_HREF</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_KEYINFO_FLAGS_RETRMETHOD_STOP_ON_UNKNOWN_HREF 0x00000010</pre>
+<p>If flag is set then we abort if an unknown href attribute
+of <a href="http://www.w3.org/TR/xmldsig-core/#sec-RetrievalMethod%20" target="_top">&lt;dsig:RetrievalMethod /&gt;</a> element is found.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-KEYINFO-FLAGS-RETRMETHOD-STOP-ON-MISMATCH-HREF:CAPS"></a><h3>XMLSEC_KEYINFO_FLAGS_RETRMETHOD_STOP_ON_MISMATCH_HREF</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_KEYINFO_FLAGS_RETRMETHOD_STOP_ON_MISMATCH_HREF 0x00000020</pre>
+<p>If flag is set then we abort if an href attribute <a href="http://www.w3.org/TR/xmldsig-core/#sec-RetrievalMethod%20" target="_top">&lt;dsig:RetrievalMethod /&gt;</a>
+element does not match the real key data type.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-KEYINFO-FLAGS-X509DATA-STOP-ON-UNKNOWN-CHILD:CAPS"></a><h3>XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD 0x00000100</pre>
+<p>If flags is set then we abort if an unknown <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509Data%20" target="_top">&lt;dsig:X509Data /&gt;</a>
+child is found.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-KEYINFO-FLAGS-X509DATA-DONT-VERIFY-CERTS:CAPS"></a><h3>XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS 0x00000200</pre>
+<p>If flag is set then we'll load certificates from <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509Data%20" target="_top">&lt;dsig:X509Data /&gt;</a>
+element without verification.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-KEYINFO-FLAGS-X509DATA-STOP-ON-UNKNOWN-CERT:CAPS"></a><h3>XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT 0x00000400</pre>
+<p>If flag is set then we'll stop when we could not resolve reference
+to certificate from <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509IssuerSerial%20" target="_top">&lt;dsig:X509IssuerSerial /&gt;</a>, <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509SKI%20" target="_top">&lt;dsig:X509SKI /&gt;</a> or
+<a href="http://www.w3.org/TR/xmldsig-core/#sec-X509SubjectName%20" target="_top">&lt;dsig:X509SubjectName /&gt;</a> elements.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-KEYINFO-FLAGS-X509DATA-STOP-ON-INVALID-CERT:CAPS"></a><h3>XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT 0x00000800</pre>
+<p>If the flag is set then we'll stop when <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509Data%20" target="_top">&lt;dsig:X509Data /&gt;</a> element
+processing does not return a verified certificate.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-KEYINFO-FLAGS-ENCKEY-DONT-STOP-ON-FAILED-DECRYPTION:CAPS"></a><h3>XMLSEC_KEYINFO_FLAGS_ENCKEY_DONT_STOP_ON_FAILED_DECRYPTION</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_KEYINFO_FLAGS_ENCKEY_DONT_STOP_ON_FAILED_DECRYPTION 0x00001000</pre>
+<p>If the flag is set then we'll stop when <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedKey%20" target="_top">&lt;enc:EncryptedKey /&gt;</a> element
+processing fails.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-KEYINFO-FLAGS-STOP-ON-EMPTY-NODE:CAPS"></a><h3>XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE 0x00002000</pre>
+<p>If the flag is set then we'll stop when we found an empty node.
+Otherwise we just ignore it.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-KEYINFO-FLAGS-X509DATA-SKIP-STRICT-CHECKS:CAPS"></a><h3>XMLSEC_KEYINFO_FLAGS_X509DATA_SKIP_STRICT_CHECKS</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_KEYINFO_FLAGS_X509DATA_SKIP_STRICT_CHECKS 0x00004000</pre>
+<p>If the flag is set then we'll skip strict checking of certs and CRLs</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYINFOCTX"></a><h3>struct xmlSecKeyInfoCtx</h3>
+<pre class="PROGRAMLISTING">struct xmlSecKeyInfoCtx {
+ void* userData;
+ unsigned int flags;
+ unsigned int flags2;
+ xmlSecKeysMngrPtr keysMngr;
+ xmlSecKeyInfoMode mode;
+ xmlSecPtrList enabledKeyData;
+ int base64LineSize;
+
+ /* RetrievalMethod */
+ xmlSecTransformCtx retrievalMethodCtx;
+ int maxRetrievalMethodLevel;
+
+
+ /* EncryptedKey */
+ xmlSecEncCtxPtr encCtx;
+ int maxEncryptedKeyLevel;
+
+
+
+ /* x509 certificates */
+ time_t certsVerificationTime;
+ int certsVerificationDepth;
+
+
+ /* PGP */
+ void* pgpReserved; /* TODO */
+
+ /* internal data */
+ int curRetrievalMethodLevel;
+ int curEncryptedKeyLevel;
+ xmlSecKeyReq keyReq;
+
+ /* for the future */
+ void* reserved0;
+ void* reserved1;
+};</pre>
+<p>The <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo%20" target="_top">&lt;dsig:KeyInfo /&gt;</a> reading or writing context.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6825"><span style="white-space: nowrap"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *<code class="STRUCTFIELD">userData</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to user data (xmlsec and xmlsec-crypto
+ never touch this).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6832"><span style="white-space: nowrap">unsigned <gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> <code class="STRUCTFIELD">flags</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the bit mask for flags that control processin.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6839"><span style="white-space: nowrap">unsigned <gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> <code class="STRUCTFIELD">flags2</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>reserved for future.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6846"><span style="white-space: nowrap"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> <code class="STRUCTFIELD">keysMngr</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to current keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6853"><span style="white-space: nowrap"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOMODE"><span class="TYPE">xmlSecKeyInfoMode</span></a> <code class="STRUCTFIELD">mode</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>do we read or write <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo%20" target="_top">&lt;dsig:KeyInfo /&gt;</a> element.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6861"><span style="white-space: nowrap"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrList</span></a> <code class="STRUCTFIELD">enabledKeyData</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the list of enabled <code class="PARAMETER">xmlSecKeyDataId</code> (if list is
+ empty then all data ids are enabled).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6869"><span style="white-space: nowrap"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> <code class="STRUCTFIELD">base64LineSize</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the max columns size for base64 encoding.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6876"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtx</span></a> <code class="STRUCTFIELD">retrievalMethodCtx</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the transforms context for <a href="http://www.w3.org/TR/xmldsig-core/#sec-RetrievalMethod%20" target="_top">&lt;dsig:RetrievalMethod /&gt;</a>
+ element processing.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6884"><span style="white-space: nowrap"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> <code class="STRUCTFIELD">maxRetrievalMethodLevel</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the max recursion level when processing
+ <a href="http://www.w3.org/TR/xmldsig-core/#sec-RetrievalMethod%20" target="_top">&lt;dsig:RetrievalMethod /&gt;</a> element; default level is 1
+ (see also <code class="PARAMETER">curRetrievalMethodLevel</code>).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6893"><span style="white-space: nowrap"><a href="xmlsec-xmlenc.html#XMLSECENCCTX"><span class="TYPE">xmlSecEncCtxPtr</span></a> <code class="STRUCTFIELD">encCtx</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the encryption context for <a href="http://www.w3.org/TR/xmldsig-core/#sec-EncryptedKey%20" target="_top">&lt;dsig:EncryptedKey /&gt;</a> element
+ processing.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6901"><span style="white-space: nowrap"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> <code class="STRUCTFIELD">maxEncryptedKeyLevel</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the max recursion level when processing
+ <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedKey%20" target="_top">&lt;enc:EncryptedKey /&gt;</a> element; default level is 1
+ (see <code class="PARAMETER">curEncryptedKeyLevel</code>).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6910"><span style="white-space: nowrap"><gtkdoclink href="TIME-T"><span class="TYPE">time_t</span></gtkdoclink> <code class="STRUCTFIELD">certsVerificationTime</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the time to use for X509 certificates verification
+ ("not valid before" and "not valid after" checks);
+ if <code class="PARAMETER">certsVerificationTime</code> is equal to 0 (default)
+ then we verify certificates against the system's
+ clock "now".</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6918"><span style="white-space: nowrap"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> <code class="STRUCTFIELD">certsVerificationDepth</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the max certifications chain length (default is 9).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6925"><span style="white-space: nowrap"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *<code class="STRUCTFIELD">pgpReserved</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>reserved for PGP.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6932"><span style="white-space: nowrap"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> <code class="STRUCTFIELD">curRetrievalMethodLevel</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the current <a href="http://www.w3.org/TR/xmldsig-core/#sec-RetrievalMethod%20" target="_top">&lt;dsig:RetrievalMethod /&gt;</a> element
+ processing level (see <code class="PARAMETER">maxRetrievalMethodLevel</code>).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6941"><span style="white-space: nowrap"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> <code class="STRUCTFIELD">curEncryptedKeyLevel</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the current <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedKey%20" target="_top">&lt;enc:EncryptedKey /&gt;</a> element
+ processing level (see <code class="PARAMETER">maxEncryptedKeyLevel</code>).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6950"><span style="white-space: nowrap"><a href="xmlsec-keys.html#XMLSECKEYREQ"><span class="TYPE">xmlSecKeyReq</span></a> <code class="STRUCTFIELD">keyReq</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the current key requirements.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6957"><span style="white-space: nowrap"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *<code class="STRUCTFIELD">reserved0</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>reserved for the future.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6964"><span style="white-space: nowrap"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *<code class="STRUCTFIELD">reserved1</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>reserved for the future.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYINFOCTXCREATE"></a><h3>xmlSecKeyInfoCtxCreate ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYINFOCTXPTR"><span class="RETURNVALUE">xmlSecKeyInfoCtxPtr</span></gtkdoclink> xmlSecKeyInfoCtxCreate (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> keysMngr</code>);</pre>
+<p>Allocates and initializes <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> element processing context.
+Caller is responsible for freeing it by calling <a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTXDESTROY"><span class="TYPE">xmlSecKeyInfoCtxDestroy</span></a>
+function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6986"><span style="white-space: nowrap"><code class="PARAMETER">keysMngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager (may be NULL).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN6991"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to newly allocated object or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYINFOCTXDESTROY"></a><h3>xmlSecKeyInfoCtxDestroy ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecKeyInfoCtxDestroy (<code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);</pre>
+<p>Destroys <code class="PARAMETER">keyInfoCtx</code> object created with <a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTXCREATE"><span class="TYPE">xmlSecKeyInfoCtxCreate</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN7011"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> element processing context.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYINFOCTXINITIALIZE"></a><h3>xmlSecKeyInfoCtxInitialize ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecKeyInfoCtxInitialize (<code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> keysMngr</code>);</pre>
+<p>Initializes <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> element processing context. Caller is
+responsible for cleaning it up by <a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTXFINALIZE"><span class="TYPE">xmlSecKeyInfoCtxFinalize</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN7035"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> element processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN7041"><span style="white-space: nowrap"><code class="PARAMETER">keysMngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager (may be NULL).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN7046"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success and a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYINFOCTXFINALIZE"></a><h3>xmlSecKeyInfoCtxFinalize ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecKeyInfoCtxFinalize (<code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);</pre>
+<p>Cleans up the <code class="PARAMETER">keyInfoCtx</code> initialized with <a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTXINITIALIZE"><span class="TYPE">xmlSecKeyInfoCtxInitialize</span></a>
+function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN7066"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> element processing context.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYINFOCTXRESET"></a><h3>xmlSecKeyInfoCtxReset ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecKeyInfoCtxReset (<code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);</pre>
+<p>Resets the <code class="PARAMETER">keyInfoCtx</code> state. User settings are not changed.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN7085"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> element processing context.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYINFOCTXCOPYUSERPREF"></a><h3>xmlSecKeyInfoCtxCopyUserPref ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecKeyInfoCtxCopyUserPref (<code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> dst</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> src</code>);</pre>
+<p>Copies user preferences from <code class="PARAMETER">src</code> context to <code class="PARAMETER">dst</code> context.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN7108"><span style="white-space: nowrap"><code class="PARAMETER">dst</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to destination context object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN7113"><span style="white-space: nowrap"><code class="PARAMETER">src</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to source context object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN7118"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success and a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYINFOCTXCREATEENCCTX"></a><h3>xmlSecKeyInfoCtxCreateEncCtx ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecKeyInfoCtxCreateEncCtx (<code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);</pre>
+<p>Creates encryption context form processing <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedKey" target="_top">&lt;enc:EncryptedKey/&gt;</a> child
+of <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> element.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN7137"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> element processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN7143"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success and a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYINFOCTXDEBUGDUMP"></a><h3>xmlSecKeyInfoCtxDebugDump ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecKeyInfoCtxDebugDump (<code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+<p>Prints user settings and current context state to <code class="PARAMETER">output</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN7164"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> element processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN7170"><span style="white-space: nowrap"><code class="PARAMETER">output</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the output file pointer.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYINFOCTXDEBUGXMLDUMP"></a><h3>xmlSecKeyInfoCtxDebugXmlDump ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecKeyInfoCtxDebugXmlDump (<code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+<p>Prints user settings and current context state in XML format to <code class="PARAMETER">output</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN7191"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> element processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN7197"><span style="white-space: nowrap"><code class="PARAMETER">output</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the output file pointer.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATANAMEID"></a><h3>xmlSecKeyDataNameId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataNameId xmlSecKeyDataNameGetKlass()</pre>
+<p>The &lt;dsig:KeyName&gt; processing class.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATANAMEGETKLASS"></a><h3>xmlSecKeyDataNameGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecKeyDataNameGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyName" target="_top">&lt;dsig:KeyName/&gt;</a> element key data klass
+(http://www.w3.org/TR/xmldsig-core/<gtkdoclink href="SEC-KEYNAME"><span class="TYPE">sec-KeyName</span></gtkdoclink>):</p>
+<p>The KeyName element contains a string value (in which white space is
+significant) which may be used by the signer to communicate a key
+identifier to the recipient. Typically, KeyName contains an identifier
+related to the key pair used to sign the message, but it may contain
+other protocol-related information that indirectly identifies a key pair.
+(Common uses of KeyName include simple string names for keys, a key index,
+a distinguished name (DN), an email address, etc.)</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN7223"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyName" target="_top">&lt;dsig:KeyName/&gt;</a> element processing key data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAVALUEID"></a><h3>xmlSecKeyDataValueId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataValueId xmlSecKeyDataValueGetKlass()</pre>
+<p>The &lt;dsig:KeyValue&gt; processing class.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAVALUEGETKLASS"></a><h3>xmlSecKeyDataValueGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecKeyDataValueGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyValue" target="_top">&lt;dsig:KeyValue/&gt;</a> element key data klass
+(http://www.w3.org/TR/xmldsig-core/<gtkdoclink href="SEC-KEYVALUE"><span class="TYPE">sec-KeyValue</span></gtkdoclink>):</p>
+<p>The KeyValue element contains a single public key that may be useful in
+validating the signature.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN7250"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyValue" target="_top">&lt;dsig:KeyValue/&gt;</a> element processing key data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATARETRIEVALMETHODID"></a><h3>xmlSecKeyDataRetrievalMethodId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataRetrievalMethodId xmlSecKeyDataRetrievalMethodGetKlass()</pre>
+<p>The &lt;dsig:RetrievalMethod&gt; processing class.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATARETRIEVALMETHODGETKLASS"></a><h3>xmlSecKeyDataRetrievalMethodGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecKeyDataRetrievalMethodGetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The <a href="http://www.w3.org/TR/xmldsig-core/#sec-RetrievalMethod" target="_top">&lt;dsig:RetrievalMethod/&gt;</a> element key data klass
+(http://www.w3.org/TR/xmldsig-core/<gtkdoclink href="SEC-RETRIEVALMETHOD"><span class="TYPE">sec-RetrievalMethod</span></gtkdoclink>):
+A RetrievalMethod element within KeyInfo is used to convey a reference to
+KeyInfo information that is stored at another location. For example,
+several signatures in a document might use a key verified by an X.509v3
+certificate chain appearing once in the document or remotely outside the
+document; each signature's KeyInfo can reference this chain using a single
+RetrievalMethod element instead of including the entire chain with a
+sequence of X509Certificate elements.</p>
+<p>RetrievalMethod uses the same syntax and dereferencing behavior as
+Reference's URI and The Reference Processing Model.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN7277"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the <a href="http://www.w3.org/TR/xmldsig-core/#sec-RetrievalMethod" target="_top">&lt;dsig:RetrievalMethod/&gt;</a> element processing key data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAENCRYPTEDKEYID"></a><h3>xmlSecKeyDataEncryptedKeyId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataEncryptedKeyId xmlSecKeyDataEncryptedKeyGetKlass()</pre>
+<p>The &lt;enc:EncryptedKey&gt; processing class.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAENCRYPTEDKEYGETKLASS"></a><h3>xmlSecKeyDataEncryptedKeyGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecKeyDataEncryptedKeyGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedKey" target="_top">&lt;enc:EncryptedKey/&gt;</a> element key data klass
+(http://www.w3.org/TR/xmlenc-core/<gtkdoclink href="SEC-ENCRYPTEDKEY"><span class="TYPE">sec-EncryptedKey</span></gtkdoclink>):</p>
+<p>The EncryptedKey element is used to transport encryption keys from
+the originator to a known recipient(s). It may be used as a stand-alone
+XML document, be placed within an application document, or appear inside
+an EncryptedData element as a child of a ds:KeyInfo element. The key value
+is always encrypted to the recipient(s). When EncryptedKey is decrypted the
+resulting octets are made available to the EncryptionMethod algorithm
+without any additional processing.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN7304"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedKey" target="_top">&lt;enc:EncryptedKey/&gt;</a> element processing key data klass.</p></td>
+</tr></tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-io.html"><b>&lt;&lt;&lt; io</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-keysdata.html"><b>keysdata &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-keys.html b/docs/api/xmlsec-keys.html
new file mode 100644
index 00000000..34929173
--- /dev/null
+++ b/docs/api/xmlsec-keys.html
@@ -0,0 +1,1161 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>keys</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Core Library API Reference." href="xmlsec-ref.html">
+<link rel="PREVIOUS" title="keysdata" href="xmlsec-keysdata.html">
+<link rel="NEXT" title="keysmngr" href="xmlsec-keysmngr.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-keysdata.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-keysmngr.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-KEYS"></a>keys</h1>
+<div class="REFNAMEDIV">
+<a name="AEN10274"></a><h2>Name</h2>keys -- Crypto key object definition.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-KEYS.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS">typedef <a href="xmlsec-keys.html#XMLSECKEYUSAGE">xmlSecKeyUsage</a>;
+#define <a href="xmlsec-keys.html#XMLSECKEYUSAGESIGN">xmlSecKeyUsageSign</a>
+#define <a href="xmlsec-keys.html#XMLSECKEYUSAGEVERIFY">xmlSecKeyUsageVerify</a>
+#define <a href="xmlsec-keys.html#XMLSECKEYUSAGEENCRYPT">xmlSecKeyUsageEncrypt</a>
+#define <a href="xmlsec-keys.html#XMLSECKEYUSAGEDECRYPT">xmlSecKeyUsageDecrypt</a>
+#define <a href="xmlsec-keys.html#XMLSECKEYUSAGEKEYEXCHANGE">xmlSecKeyUsageKeyExchange</a>
+#define <a href="xmlsec-keys.html#XMLSECKEYUSAGEANY">xmlSecKeyUsageAny</a>
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keys.html#XMLSECKEYUSEWITHINITIALIZE">xmlSecKeyUseWithInitialize</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYUSEWITH"><span class="TYPE">xmlSecKeyUseWithPtr</span></a> keyUseWith</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-keys.html#XMLSECKEYUSEWITHFINALIZE">xmlSecKeyUseWithFinalize</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYUSEWITH"><span class="TYPE">xmlSecKeyUseWithPtr</span></a> keyUseWith</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-keys.html#XMLSECKEYUSEWITHRESET">xmlSecKeyUseWithReset</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYUSEWITH"><span class="TYPE">xmlSecKeyUseWithPtr</span></a> keyUseWith</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keys.html#XMLSECKEYUSEWITHCOPY">xmlSecKeyUseWithCopy</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYUSEWITH"><span class="TYPE">xmlSecKeyUseWithPtr</span></a> dst</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYUSEWITH"><span class="TYPE">xmlSecKeyUseWithPtr</span></a> src</code>);
+<a href="xmlsec-keys.html#XMLSECKEYUSEWITH"><span class="RETURNVALUE">xmlSecKeyUseWithPtr</span></a> <a href="xmlsec-keys.html#XMLSECKEYUSEWITHCREATE">xmlSecKeyUseWithCreate</a> (<code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *application</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *identifier</code>);
+<gtkdoclink href="XMLSECKEYUSEWITHPTR"><span class="RETURNVALUE">xmlSecKeyUseWithPtr</span></gtkdoclink><a href="xmlsec-keys.html#XMLSECKEYUSEWITHDUPLICATE">xmlSecKeyUseWithDuplicate</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYUSEWITH"><span class="TYPE">xmlSecKeyUseWithPtr</span></a> keyUseWith</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-keys.html#XMLSECKEYUSEWITHDESTROY">xmlSecKeyUseWithDestroy</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYUSEWITH"><span class="TYPE">xmlSecKeyUseWithPtr</span></a> keyUseWith</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keys.html#XMLSECKEYUSEWITHSET">xmlSecKeyUseWithSet</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYUSEWITH"><span class="TYPE">xmlSecKeyUseWithPtr</span></a> keyUseWith</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *application</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *identifier</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-keys.html#XMLSECKEYUSEWITHDEBUGDUMP">xmlSecKeyUseWithDebugDump</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYUSEWITH"><span class="TYPE">xmlSecKeyUseWithPtr</span></a> keyUseWith</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-keys.html#XMLSECKEYUSEWITHDEBUGXMLDUMP">xmlSecKeyUseWithDebugXmlDump</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYUSEWITH"><span class="TYPE">xmlSecKeyUseWithPtr</span></a> keyUseWith</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);
+struct <a href="xmlsec-keys.html#XMLSECKEYUSEWITH">xmlSecKeyUseWith</a>;
+#define <a href="xmlsec-keys.html#XMLSECKEYUSEWITHPTRLISTID">xmlSecKeyUseWithPtrListId</a>
+<gtkdoclink href="XMLSECPTRLISTID"><span class="RETURNVALUE">xmlSecPtrListId</span></gtkdoclink><a href="xmlsec-keys.html#XMLSECKEYUSEWITHPTRLISTGETKLASS">xmlSecKeyUseWithPtrListGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+struct <a href="xmlsec-keys.html#XMLSECKEYREQ">xmlSecKeyReq</a>;
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keys.html#XMLSECKEYREQINITIALIZE">xmlSecKeyReqInitialize</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYREQ"><span class="TYPE">xmlSecKeyReqPtr</span></a> keyReq</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-keys.html#XMLSECKEYREQFINALIZE">xmlSecKeyReqFinalize</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYREQ"><span class="TYPE">xmlSecKeyReqPtr</span></a> keyReq</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-keys.html#XMLSECKEYREQRESET">xmlSecKeyReqReset</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYREQ"><span class="TYPE">xmlSecKeyReqPtr</span></a> keyReq</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keys.html#XMLSECKEYREQCOPY">xmlSecKeyReqCopy</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYREQ"><span class="TYPE">xmlSecKeyReqPtr</span></a> dst</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYREQ"><span class="TYPE">xmlSecKeyReqPtr</span></a> src</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keys.html#XMLSECKEYREQMATCHKEY">xmlSecKeyReqMatchKey</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYREQ"><span class="TYPE">xmlSecKeyReqPtr</span></a> keyReq</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keys.html#XMLSECKEYREQMATCHKEYVALUE">xmlSecKeyReqMatchKeyValue</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYREQ"><span class="TYPE">xmlSecKeyReqPtr</span></a> keyReq</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> value</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-keys.html#XMLSECKEYREQDEBUGDUMP">xmlSecKeyReqDebugDump</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYREQ"><span class="TYPE">xmlSecKeyReqPtr</span></a> keyReq</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-keys.html#XMLSECKEYREQDEBUGXMLDUMP">xmlSecKeyReqDebugXmlDump</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYREQ"><span class="TYPE">xmlSecKeyReqPtr</span></a> keyReq</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);
+struct <a href="xmlsec-keys.html#XMLSECKEY">xmlSecKey</a>;
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-keys.html#XMLSECKEYCREATE">xmlSecKeyCreate</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-keys.html#XMLSECKEYDESTROY">xmlSecKeyDestroy</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-keys.html#XMLSECKEYEMPTY">xmlSecKeyEmpty</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);
+<gtkdoclink href="XMLSECKEYPTR"><span class="RETURNVALUE">xmlSecKeyPtr</span></gtkdoclink><a href="xmlsec-keys.html#XMLSECKEYDUPLICATE">xmlSecKeyDuplicate</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keys.html#XMLSECKEYCOPY">xmlSecKeyCopy</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> keyDst</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> keySrc</code>);
+const <gtkdoclink href="XMLCHAR"><span class="RETURNVALUE">xmlChar</span></gtkdoclink>* <a href="xmlsec-keys.html#XMLSECKEYGETNAME">xmlSecKeyGetName</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keys.html#XMLSECKEYSETNAME">xmlSecKeySetName</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>);
+<a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="RETURNVALUE">xmlSecKeyDataType</span></a> <a href="xmlsec-keys.html#XMLSECKEYGETTYPE">xmlSecKeyGetType</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);
+<gtkdoclink href="XMLSECKEYDATAPTR"><span class="RETURNVALUE">xmlSecKeyDataPtr</span></gtkdoclink><a href="xmlsec-keys.html#XMLSECKEYGETVALUE">xmlSecKeyGetValue</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keys.html#XMLSECKEYSETVALUE">xmlSecKeySetValue</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> value</code>);
+<gtkdoclink href="XMLSECKEYDATAPTR"><span class="RETURNVALUE">xmlSecKeyDataPtr</span></gtkdoclink><a href="xmlsec-keys.html#XMLSECKEYGETDATA">xmlSecKeyGetData</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> dataId</code>);
+<gtkdoclink href="XMLSECKEYDATAPTR"><span class="RETURNVALUE">xmlSecKeyDataPtr</span></gtkdoclink><a href="xmlsec-keys.html#XMLSECKEYENSUREDATA">xmlSecKeyEnsureData</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> dataId</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keys.html#XMLSECKEYADOPTDATA">xmlSecKeyAdoptData</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-keys.html#XMLSECKEYDEBUGDUMP">xmlSecKeyDebugDump</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-keys.html#XMLSECKEYDEBUGXMLDUMP">xmlSecKeyDebugXmlDump</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-keys.html#XMLSECKEYGENERATE">xmlSecKeyGenerate</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> dataId</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> sizeBits</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-keys.html#XMLSECKEYGENERATEBYNAME">xmlSecKeyGenerateByName</a> (<code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> sizeBits</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keys.html#XMLSECKEYMATCH">xmlSecKeyMatch</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYREQ"><span class="TYPE">xmlSecKeyReqPtr</span></a> keyReq</code>);
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-keys.html#XMLSECKEYREADBUFFER">xmlSecKeyReadBuffer</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> dataId</code>,
+ <code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBuffer</span></a> *buffer</code>);
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-keys.html#XMLSECKEYREADBINARYFILE">xmlSecKeyReadBinaryFile</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> dataId</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>);
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-keys.html#XMLSECKEYREADMEMORY">xmlSecKeyReadMemory</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> dataId</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>);
+#define <a href="xmlsec-keys.html#XMLSECKEYISVALID">xmlSecKeyIsValid</a> (key)
+#define <a href="xmlsec-keys.html#XMLSECKEYCHECKID">xmlSecKeyCheckId</a> (key,
+ keyId)
+#define <a href="xmlsec-keys.html#XMLSECKEYPTRLISTID">xmlSecKeyPtrListId</a>
+<gtkdoclink href="XMLSECPTRLISTID"><span class="RETURNVALUE">xmlSecPtrListId</span></gtkdoclink><a href="xmlsec-keys.html#XMLSECKEYPTRLISTGETKLASS">xmlSecKeyPtrListGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-KEYS.DESCRIPTION"></a><h2>Description</h2>
+<p>Crypto key object definition.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-KEYS.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECKEYUSAGE"></a><h3>xmlSecKeyUsage</h3>
+<pre class="PROGRAMLISTING">typedef unsigned int xmlSecKeyUsage;</pre>
+<p>The key usage.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYUSAGESIGN"></a><h3>xmlSecKeyUsageSign</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyUsageSign 0x00000001</pre>
+<p>Key can be used in any way.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYUSAGEVERIFY"></a><h3>xmlSecKeyUsageVerify</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyUsageVerify 0x00000002</pre>
+<p>Key for signing.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYUSAGEENCRYPT"></a><h3>xmlSecKeyUsageEncrypt</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyUsageEncrypt 0x00000004</pre>
+<p>Key for signature verification.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYUSAGEDECRYPT"></a><h3>xmlSecKeyUsageDecrypt</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyUsageDecrypt 0x00000008</pre>
+<p>An encryption key.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYUSAGEKEYEXCHANGE"></a><h3>xmlSecKeyUsageKeyExchange</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyUsageKeyExchange 0x00000010</pre>
+<p>The key is used for key exchange.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYUSAGEANY"></a><h3>xmlSecKeyUsageAny</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyUsageAny 0xFFFFFFFF</pre>
+<p>A decryption key.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYUSEWITHINITIALIZE"></a><h3>xmlSecKeyUseWithInitialize ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecKeyUseWithInitialize (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYUSEWITH"><span class="TYPE">xmlSecKeyUseWithPtr</span></a> keyUseWith</code>);</pre>
+<p>Initializes <code class="PARAMETER">keyUseWith</code> object.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10684"><span style="white-space: nowrap"><code class="PARAMETER">keyUseWith</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to information about key application/user.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10689"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYUSEWITHFINALIZE"></a><h3>xmlSecKeyUseWithFinalize ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecKeyUseWithFinalize (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYUSEWITH"><span class="TYPE">xmlSecKeyUseWithPtr</span></a> keyUseWith</code>);</pre>
+<p>Finalizes <code class="PARAMETER">keyUseWith</code> object.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN10707"><span style="white-space: nowrap"><code class="PARAMETER">keyUseWith</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to information about key application/user.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYUSEWITHRESET"></a><h3>xmlSecKeyUseWithReset ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecKeyUseWithReset (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYUSEWITH"><span class="TYPE">xmlSecKeyUseWithPtr</span></a> keyUseWith</code>);</pre>
+<p>Resets the <code class="PARAMETER">keyUseWith</code> to its state after initialization.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN10725"><span style="white-space: nowrap"><code class="PARAMETER">keyUseWith</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to information about key application/user.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYUSEWITHCOPY"></a><h3>xmlSecKeyUseWithCopy ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecKeyUseWithCopy (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYUSEWITH"><span class="TYPE">xmlSecKeyUseWithPtr</span></a> dst</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYUSEWITH"><span class="TYPE">xmlSecKeyUseWithPtr</span></a> src</code>);</pre>
+<p>Copies information from <code class="PARAMETER">dst</code> to <code class="PARAMETER">src</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10747"><span style="white-space: nowrap"><code class="PARAMETER">dst</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to destination object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10752"><span style="white-space: nowrap"><code class="PARAMETER">src</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to source object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10757"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYUSEWITHCREATE"></a><h3>xmlSecKeyUseWithCreate ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEYUSEWITH"><span class="RETURNVALUE">xmlSecKeyUseWithPtr</span></a> xmlSecKeyUseWithCreate (<code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *application</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *identifier</code>);</pre>
+<p>Creates new xmlSecKeyUseWith object. The caller is responsible for destroying
+returned object with <code class="PARAMETER">xmlSecKeyUseWithDestroy</code> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10778"><span style="white-space: nowrap"><code class="PARAMETER">application</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the application value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10783"><span style="white-space: nowrap"><code class="PARAMETER">identifier</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the identifier value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10788"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to newly created object or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYUSEWITHDUPLICATE"></a><h3>xmlSecKeyUseWithDuplicate ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYUSEWITHPTR"><span class="RETURNVALUE">xmlSecKeyUseWithPtr</span></gtkdoclink> xmlSecKeyUseWithDuplicate (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYUSEWITH"><span class="TYPE">xmlSecKeyUseWithPtr</span></a> keyUseWith</code>);</pre>
+<p>Duplicates <code class="PARAMETER">keyUseWith</code> object. The caller is responsible for destroying
+returned object with <code class="PARAMETER">xmlSecKeyUseWithDestroy</code> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10807"><span style="white-space: nowrap"><code class="PARAMETER">keyUseWith</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to information about key application/user.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10812"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to newly created object or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYUSEWITHDESTROY"></a><h3>xmlSecKeyUseWithDestroy ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecKeyUseWithDestroy (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYUSEWITH"><span class="TYPE">xmlSecKeyUseWithPtr</span></a> keyUseWith</code>);</pre>
+<p>Destroys <code class="PARAMETER">keyUseWith</code> created with <code class="PARAMETER">xmlSecKeyUseWithCreate</code> or <code class="PARAMETER">xmlSecKeyUseWithDuplicate</code>
+functions.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN10832"><span style="white-space: nowrap"><code class="PARAMETER">keyUseWith</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to information about key application/user.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYUSEWITHSET"></a><h3>xmlSecKeyUseWithSet ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecKeyUseWithSet (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYUSEWITH"><span class="TYPE">xmlSecKeyUseWithPtr</span></a> keyUseWith</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *application</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *identifier</code>);</pre>
+<p>Sets <code class="PARAMETER">application</code> and <code class="PARAMETER">identifier</code> in the <code class="PARAMETER">keyUseWith</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10858"><span style="white-space: nowrap"><code class="PARAMETER">keyUseWith</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to information about key application/user.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10863"><span style="white-space: nowrap"><code class="PARAMETER">application</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new application value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10868"><span style="white-space: nowrap"><code class="PARAMETER">identifier</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new identifier value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10873"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYUSEWITHDEBUGDUMP"></a><h3>xmlSecKeyUseWithDebugDump ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecKeyUseWithDebugDump (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYUSEWITH"><span class="TYPE">xmlSecKeyUseWithPtr</span></a> keyUseWith</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+<p>Prints xmlSecKeyUseWith debug information to a file <code class="PARAMETER">output</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10894"><span style="white-space: nowrap"><code class="PARAMETER">keyUseWith</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to information about key application/user.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10899"><span style="white-space: nowrap"><code class="PARAMETER">output</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to output FILE.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYUSEWITHDEBUGXMLDUMP"></a><h3>xmlSecKeyUseWithDebugXmlDump ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecKeyUseWithDebugXmlDump (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYUSEWITH"><span class="TYPE">xmlSecKeyUseWithPtr</span></a> keyUseWith</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+<p>Prints xmlSecKeyUseWith debug information to a file <code class="PARAMETER">output</code> in XML format.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10920"><span style="white-space: nowrap"><code class="PARAMETER">keyUseWith</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to information about key application/user.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10925"><span style="white-space: nowrap"><code class="PARAMETER">output</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to output FILE.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYUSEWITH"></a><h3>struct xmlSecKeyUseWith</h3>
+<pre class="PROGRAMLISTING">struct xmlSecKeyUseWith {
+ xmlChar* application;
+ xmlChar* identifier;
+
+ void* reserved1;
+ void* reserved2;
+};</pre>
+<p>Information about application and user of the key.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10937"><span style="white-space: nowrap"><gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *<code class="STRUCTFIELD">application</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the application.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10944"><span style="white-space: nowrap"><gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *<code class="STRUCTFIELD">identifier</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the identifier.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10951"><span style="white-space: nowrap"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *<code class="STRUCTFIELD">reserved1</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>reserved for future use.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10958"><span style="white-space: nowrap"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *<code class="STRUCTFIELD">reserved2</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>reserved for future use.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYUSEWITHPTRLISTID"></a><h3>xmlSecKeyUseWithPtrListId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyUseWithPtrListId xmlSecKeyUseWithPtrListGetKlass()</pre>
+<p>The keys list klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYUSEWITHPTRLISTGETKLASS"></a><h3>xmlSecKeyUseWithPtrListGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECPTRLISTID"><span class="RETURNVALUE">xmlSecPtrListId</span></gtkdoclink> xmlSecKeyUseWithPtrListGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The key data list klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN10982"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the key data list klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYREQ"></a><h3>struct xmlSecKeyReq</h3>
+<pre class="PROGRAMLISTING">struct xmlSecKeyReq {
+ xmlSecKeyDataId keyId;
+ xmlSecKeyDataType keyType;
+ xmlSecKeyUsage keyUsage;
+ xmlSecSize keyBitsSize;
+ xmlSecPtrList keyUseWithList;
+
+ void* reserved1;
+ void* reserved2;
+};</pre>
+<p>The key requirements information.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10994"><span style="white-space: nowrap"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> <code class="STRUCTFIELD">keyId</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired key value klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11001"><span style="white-space: nowrap"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> <code class="STRUCTFIELD">keyType</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired key type.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11008"><span style="white-space: nowrap"><a href="xmlsec-keys.html#XMLSECKEYUSAGE"><span class="TYPE">xmlSecKeyUsage</span></a> <code class="STRUCTFIELD">keyUsage</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired key usage.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11015"><span style="white-space: nowrap"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> <code class="STRUCTFIELD">keyBitsSize</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired key size (in bits!).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11022"><span style="white-space: nowrap"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrList</span></a> <code class="STRUCTFIELD">keyUseWithList</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired key use with application/identifier information.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11029"><span style="white-space: nowrap"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *<code class="STRUCTFIELD">reserved1</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>reserved for future use.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11036"><span style="white-space: nowrap"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *<code class="STRUCTFIELD">reserved2</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>reserved for future use.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYREQINITIALIZE"></a><h3>xmlSecKeyReqInitialize ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecKeyReqInitialize (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYREQ"><span class="TYPE">xmlSecKeyReqPtr</span></a> keyReq</code>);</pre>
+<p>Initialize key requirements object. Caller is responsible for
+cleaning it with <a href="xmlsec-keys.html#XMLSECKEYREQFINALIZE"><span class="TYPE">xmlSecKeyReqFinalize</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11057"><span style="white-space: nowrap"><code class="PARAMETER">keyReq</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key requirements object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11062"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYREQFINALIZE"></a><h3>xmlSecKeyReqFinalize ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecKeyReqFinalize (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYREQ"><span class="TYPE">xmlSecKeyReqPtr</span></a> keyReq</code>);</pre>
+<p>Cleans the key requirements object initialized with <a href="xmlsec-keys.html#XMLSECKEYREQINITIALIZE"><span class="TYPE">xmlSecKeyReqInitialize</span></a>
+function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN11081"><span style="white-space: nowrap"><code class="PARAMETER">keyReq</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key requirements object.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYREQRESET"></a><h3>xmlSecKeyReqReset ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecKeyReqReset (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYREQ"><span class="TYPE">xmlSecKeyReqPtr</span></a> keyReq</code>);</pre>
+<p>Resets key requirements object for new key search.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN11098"><span style="white-space: nowrap"><code class="PARAMETER">keyReq</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key requirements object.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYREQCOPY"></a><h3>xmlSecKeyReqCopy ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecKeyReqCopy (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYREQ"><span class="TYPE">xmlSecKeyReqPtr</span></a> dst</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYREQ"><span class="TYPE">xmlSecKeyReqPtr</span></a> src</code>);</pre>
+<p>Copies key requirements from <code class="PARAMETER">src</code> object to <code class="PARAMETER">dst</code> object.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11120"><span style="white-space: nowrap"><code class="PARAMETER">dst</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to destination object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11125"><span style="white-space: nowrap"><code class="PARAMETER">src</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to source object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11130"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success and a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYREQMATCHKEY"></a><h3>xmlSecKeyReqMatchKey ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecKeyReqMatchKey (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYREQ"><span class="TYPE">xmlSecKeyReqPtr</span></a> keyReq</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);</pre>
+<p>Checks whether <code class="PARAMETER">key</code> matches key requirements <code class="PARAMETER">keyReq</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11152"><span style="white-space: nowrap"><code class="PARAMETER">keyReq</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key requirements object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11157"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11162"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 1 if key matches requirements, 0 if not and a negative value
+if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYREQMATCHKEYVALUE"></a><h3>xmlSecKeyReqMatchKeyValue ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecKeyReqMatchKeyValue (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYREQ"><span class="TYPE">xmlSecKeyReqPtr</span></a> keyReq</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> value</code>);</pre>
+<p>Checks whether <code class="PARAMETER">keyValue</code> matches key requirements <code class="PARAMETER">keyReq</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11184"><span style="white-space: nowrap"><code class="PARAMETER">keyReq</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key requirements.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11189"><span style="white-space: nowrap"><code class="PARAMETER">value</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11194"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 1 if key value matches requirements, 0 if not and a negative value
+if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYREQDEBUGDUMP"></a><h3>xmlSecKeyReqDebugDump ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecKeyReqDebugDump (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYREQ"><span class="TYPE">xmlSecKeyReqPtr</span></a> keyReq</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+<p>Prints debug information about <code class="PARAMETER">keyReq</code> into <code class="PARAMETER">output</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11216"><span style="white-space: nowrap"><code class="PARAMETER">keyReq</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key requirements object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11221"><span style="white-space: nowrap"><code class="PARAMETER">output</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to output FILE.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYREQDEBUGXMLDUMP"></a><h3>xmlSecKeyReqDebugXmlDump ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecKeyReqDebugXmlDump (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYREQ"><span class="TYPE">xmlSecKeyReqPtr</span></a> keyReq</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+<p>Prints debug information about <code class="PARAMETER">keyReq</code> into <code class="PARAMETER">output</code> in XML format.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11243"><span style="white-space: nowrap"><code class="PARAMETER">keyReq</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key requirements object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11248"><span style="white-space: nowrap"><code class="PARAMETER">output</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to output FILE.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEY"></a><h3>struct xmlSecKey</h3>
+<pre class="PROGRAMLISTING">struct xmlSecKey {
+ xmlChar* name;
+ xmlSecKeyDataPtr value;
+ xmlSecPtrListPtr dataList;
+ xmlSecKeyUsage usage;
+ time_t notValidBefore;
+ time_t notValidAfter;
+};</pre>
+<p>The key.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11260"><span style="white-space: nowrap"><gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *<code class="STRUCTFIELD">name</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key name.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11267"><span style="white-space: nowrap"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> <code class="STRUCTFIELD">value</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11274"><span style="white-space: nowrap"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> <code class="STRUCTFIELD">dataList</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key data list.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11281"><span style="white-space: nowrap"><a href="xmlsec-keys.html#XMLSECKEYUSAGE"><span class="TYPE">xmlSecKeyUsage</span></a> <code class="STRUCTFIELD">usage</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key usage.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11288"><span style="white-space: nowrap"><gtkdoclink href="TIME-T"><span class="TYPE">time_t</span></gtkdoclink> <code class="STRUCTFIELD">notValidBefore</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the start key validity interval.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11295"><span style="white-space: nowrap"><gtkdoclink href="TIME-T"><span class="TYPE">time_t</span></gtkdoclink> <code class="STRUCTFIELD">notValidAfter</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the end key validity interval.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYCREATE"></a><h3>xmlSecKeyCreate ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecKeyCreate (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Allocates and initializes new key. Caller is responsible for
+freeing returned object with <a href="xmlsec-keys.html#XMLSECKEYDESTROY"><span class="TYPE">xmlSecKeyDestroy</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN11315"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to newly allocated <code class="PARAMETER">xmlSecKey</code> structure
+or NULL if an error occurs.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDESTROY"></a><h3>xmlSecKeyDestroy ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecKeyDestroy (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);</pre>
+<p>Destroys the key created using <a href="xmlsec-keys.html#XMLSECKEYCREATE"><span class="TYPE">xmlSecKeyCreate</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN11335"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYEMPTY"></a><h3>xmlSecKeyEmpty ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecKeyEmpty (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);</pre>
+<p>Clears the <code class="PARAMETER">key</code> data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN11353"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDUPLICATE"></a><h3>xmlSecKeyDuplicate ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYPTR"><span class="RETURNVALUE">xmlSecKeyPtr</span></gtkdoclink> xmlSecKeyDuplicate (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);</pre>
+<p>Creates a duplicate of the given <code class="PARAMETER">key</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11371"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to the <a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKey</span></a> structure.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11378"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to newly allocated <a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKey</span></a> structure
+or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYCOPY"></a><h3>xmlSecKeyCopy ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecKeyCopy (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> keyDst</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> keySrc</code>);</pre>
+<p>Copies key data from <code class="PARAMETER">keySrc</code> to <code class="PARAMETER">keyDst</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11402"><span style="white-space: nowrap"><code class="PARAMETER">keyDst</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the destination key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11407"><span style="white-space: nowrap"><code class="PARAMETER">keySrc</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the source key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11412"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYGETNAME"></a><h3>xmlSecKeyGetName ()</h3>
+<pre class="PROGRAMLISTING">const <gtkdoclink href="XMLCHAR"><span class="RETURNVALUE">xmlChar</span></gtkdoclink>* xmlSecKeyGetName (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);</pre>
+<p>Gets key name (see also <a href="xmlsec-keys.html#XMLSECKEYSETNAME"><span class="TYPE">xmlSecKeySetName</span></a> function).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11431"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11436"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> key name.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYSETNAME"></a><h3>xmlSecKeySetName ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecKeySetName (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>);</pre>
+<p>Sets key name (see also <a href="xmlsec-keys.html#XMLSECKEYGETNAME"><span class="TYPE">xmlSecKeyGetName</span></a> function).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11458"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11463"><span style="white-space: nowrap"><code class="PARAMETER">name</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new key name.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11468"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYGETTYPE"></a><h3>xmlSecKeyGetType ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="RETURNVALUE">xmlSecKeyDataType</span></a> xmlSecKeyGetType (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);</pre>
+<p>Gets <code class="PARAMETER">key</code> type.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11486"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11491"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> key type.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYGETVALUE"></a><h3>xmlSecKeyGetValue ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAPTR"><span class="RETURNVALUE">xmlSecKeyDataPtr</span></gtkdoclink> xmlSecKeyGetValue (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);</pre>
+<p>Gets key value (see also <a href="xmlsec-keys.html#XMLSECKEYSETVALUE"><span class="TYPE">xmlSecKeySetValue</span></a> function).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11510"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11515"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> key value (crypto material).</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYSETVALUE"></a><h3>xmlSecKeySetValue ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecKeySetValue (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> value</code>);</pre>
+<p>Sets key value (see also <a href="xmlsec-keys.html#XMLSECKEYGETVALUE"><span class="TYPE">xmlSecKeyGetValue</span></a> function).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11537"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11542"><span style="white-space: nowrap"><code class="PARAMETER">value</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11547"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYGETDATA"></a><h3>xmlSecKeyGetData ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAPTR"><span class="RETURNVALUE">xmlSecKeyDataPtr</span></gtkdoclink> xmlSecKeyGetData (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> dataId</code>);</pre>
+<p>Gets key's data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11567"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11572"><span style="white-space: nowrap"><code class="PARAMETER">dataId</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the requested data klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11577"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> additional data associated with the <code class="PARAMETER">key</code> (see also
+<a href="xmlsec-keys.html#XMLSECKEYADOPTDATA"><span class="TYPE">xmlSecKeyAdoptData</span></a> function).</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYENSUREDATA"></a><h3>xmlSecKeyEnsureData ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAPTR"><span class="RETURNVALUE">xmlSecKeyDataPtr</span></gtkdoclink> xmlSecKeyEnsureData (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> dataId</code>);</pre>
+<p>If necessary, creates key data of <code class="PARAMETER">dataId</code> klass and adds to <code class="PARAMETER">key</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11602"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11607"><span style="white-space: nowrap"><code class="PARAMETER">dataId</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the requested data klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11612"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to key data or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYADOPTDATA"></a><h3>xmlSecKeyAdoptData ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecKeyAdoptData (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Adds <code class="PARAMETER">data</code> to the <code class="PARAMETER">key</code>. The <code class="PARAMETER">data</code> object will be destroyed
+by <code class="PARAMETER">key</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11636"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11641"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11646"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDEBUGDUMP"></a><h3>xmlSecKeyDebugDump ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecKeyDebugDump (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+<p>Prints the information about the <code class="PARAMETER">key</code> to the <code class="PARAMETER">output</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11668"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11673"><span style="white-space: nowrap"><code class="PARAMETER">output</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to output FILE.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDEBUGXMLDUMP"></a><h3>xmlSecKeyDebugXmlDump ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecKeyDebugXmlDump (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+<p>Prints the information about the <code class="PARAMETER">key</code> to the <code class="PARAMETER">output</code> in XML format.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11695"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11700"><span style="white-space: nowrap"><code class="PARAMETER">output</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to output FILE.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYGENERATE"></a><h3>xmlSecKeyGenerate ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecKeyGenerate (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> dataId</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> sizeBits</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);</pre>
+<p>Generates new key of requested klass <code class="PARAMETER">dataId</code> and <code class="PARAMETER">type</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11725"><span style="white-space: nowrap"><code class="PARAMETER">dataId</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the requested key klass (rsa, dsa, aes, ...).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11730"><span style="white-space: nowrap"><code class="PARAMETER">sizeBits</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new key size (in bits!).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11735"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new key type (session, permanent, ...).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11740"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to newly created key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYGENERATEBYNAME"></a><h3>xmlSecKeyGenerateByName ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecKeyGenerateByName (<code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> sizeBits</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);</pre>
+<p>Generates new key of requested <code class="PARAMETER">klass</code> and <code class="PARAMETER">type</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11765"><span style="white-space: nowrap"><code class="PARAMETER">name</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the requested key klass name (rsa, dsa, aes, ...).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11770"><span style="white-space: nowrap"><code class="PARAMETER">sizeBits</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new key size (in bits!).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11775"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new key type (session, permanent, ...).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11780"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to newly created key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYMATCH"></a><h3>xmlSecKeyMatch ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecKeyMatch (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYREQ"><span class="TYPE">xmlSecKeyReqPtr</span></a> keyReq</code>);</pre>
+<p>Checks whether the <code class="PARAMETER">key</code> matches the given criteria.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11804"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11809"><span style="white-space: nowrap"><code class="PARAMETER">name</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key name (may be NULL).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11814"><span style="white-space: nowrap"><code class="PARAMETER">keyReq</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key requirements.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11819"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 1 if the key satisfies the given criteria or 0 otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYREADBUFFER"></a><h3>xmlSecKeyReadBuffer ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecKeyReadBuffer (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> dataId</code>,
+ <code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBuffer</span></a> *buffer</code>);</pre>
+<p>Reads the key value of klass <code class="PARAMETER">dataId</code> from a buffer.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11840"><span style="white-space: nowrap"><code class="PARAMETER">dataId</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key value data klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11845"><span style="white-space: nowrap"><code class="PARAMETER">buffer</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the buffer that contains the binary data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11850"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to newly created key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYREADBINARYFILE"></a><h3>xmlSecKeyReadBinaryFile ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecKeyReadBinaryFile (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> dataId</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>);</pre>
+<p>Reads the key value of klass <code class="PARAMETER">dataId</code> from a binary file <code class="PARAMETER">filename</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11872"><span style="white-space: nowrap"><code class="PARAMETER">dataId</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key value data klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11877"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key binary filename.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11882"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to newly created key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYREADMEMORY"></a><h3>xmlSecKeyReadMemory ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecKeyReadMemory (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> dataId</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>);</pre>
+<p>Reads the key value of klass <code class="PARAMETER">dataId</code> from a memory block <code class="PARAMETER">data</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11907"><span style="white-space: nowrap"><code class="PARAMETER">dataId</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key value data klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11912"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the memory containing the key</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11917"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the size of the memory block</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11922"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to newly created key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYISVALID"></a><h3>xmlSecKeyIsValid()</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyIsValid(key)</pre>
+<p>Macro. Returns 1 if <code class="PARAMETER">key</code> is not NULL and <code class="PARAMETER">key</code>-&gt;id is not NULL
+or 0 otherwise.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN11936"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYCHECKID"></a><h3>xmlSecKeyCheckId()</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyCheckId(key, keyId)</pre>
+<p>Macro. Returns 1 if <code class="PARAMETER">key</code> is valid and <code class="PARAMETER">key</code>'s id is equal to <code class="PARAMETER">keyId</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11951"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN11956"><span style="white-space: nowrap"><code class="PARAMETER">keyId</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key Id.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYPTRLISTID"></a><h3>xmlSecKeyPtrListId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyPtrListId xmlSecKeyPtrListGetKlass()</pre>
+<p>The keys list klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYPTRLISTGETKLASS"></a><h3>xmlSecKeyPtrListGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECPTRLISTID"><span class="RETURNVALUE">xmlSecPtrListId</span></gtkdoclink> xmlSecKeyPtrListGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The keys list klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN11978"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> keys list id.</p></td>
+</tr></tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-keysdata.html"><b>&lt;&lt;&lt; keysdata</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-keysmngr.html"><b>keysmngr &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-keysdata.html b/docs/api/xmlsec-keysdata.html
new file mode 100644
index 00000000..3db153ba
--- /dev/null
+++ b/docs/api/xmlsec-keysdata.html
@@ -0,0 +1,2067 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>keysdata</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Core Library API Reference." href="xmlsec-ref.html">
+<link rel="PREVIOUS" title="keyinfo" href="xmlsec-keyinfo.html">
+<link rel="NEXT" title="keys" href="xmlsec-keys.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-keyinfo.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-keys.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-KEYSDATA"></a>keysdata</h1>
+<div class="REFNAMEDIV">
+<a name="AEN7315"></a><h2>Name</h2>keysdata -- Crypto key data object definition.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-KEYSDATA.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS">typedef <a href="xmlsec-keysdata.html#XMLSECKEYDATAUSAGE">xmlSecKeyDataUsage</a>;
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATAUSAGEUNKNOWN">xmlSecKeyDataUsageUnknown</a>
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATAUSAGEKEYINFONODEREAD">xmlSecKeyDataUsageKeyInfoNodeRead</a>
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATAUSAGEKEYINFONODEWRITE">xmlSecKeyDataUsageKeyInfoNodeWrite</a>
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATAUSAGEKEYVALUENODEREAD">xmlSecKeyDataUsageKeyValueNodeRead</a>
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATAUSAGEKEYVALUENODEWRITE">xmlSecKeyDataUsageKeyValueNodeWrite</a>
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATAUSAGERETRIEVALMETHODNODEXML">xmlSecKeyDataUsageRetrievalMethodNodeXml</a>
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATAUSAGERETRIEVALMETHODNODEBIN">xmlSecKeyDataUsageRetrievalMethodNodeBin</a>
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATAUSAGEANY">xmlSecKeyDataUsageAny</a>
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATAUSAGEKEYINFONODE">xmlSecKeyDataUsageKeyInfoNode</a>
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATAUSAGEKEYVALUENODE">xmlSecKeyDataUsageKeyValueNode</a>
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATAUSAGERETRIEVALMETHODNODE">xmlSecKeyDataUsageRetrievalMethodNode</a>
+typedef <a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE">xmlSecKeyDataType</a>;
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATATYPEUNKNOWN">xmlSecKeyDataTypeUnknown</a>
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATATYPENONE">xmlSecKeyDataTypeNone</a>
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATATYPEPUBLIC">xmlSecKeyDataTypePublic</a>
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATATYPEPRIVATE">xmlSecKeyDataTypePrivate</a>
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATATYPESYMMETRIC">xmlSecKeyDataTypeSymmetric</a>
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATATYPESESSION">xmlSecKeyDataTypeSession</a>
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATATYPEPERMANENT">xmlSecKeyDataTypePermanent</a>
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATATYPETRUSTED">xmlSecKeyDataTypeTrusted</a>
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATATYPEANY">xmlSecKeyDataTypeAny</a>
+enum <a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT">xmlSecKeyDataFormat</a>;
+<a href="xmlsec-list.html#XMLSECPTRLIST"><span class="RETURNVALUE">xmlSecPtrListPtr</span></a> <a href="xmlsec-keysdata.html#XMLSECKEYDATAIDSGET">xmlSecKeyDataIdsGet</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keysdata.html#XMLSECKEYDATAIDSINIT">xmlSecKeyDataIdsInit</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-keysdata.html#XMLSECKEYDATAIDSSHUTDOWN">xmlSecKeyDataIdsShutdown</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keysdata.html#XMLSECKEYDATAIDSREGISTERDEFAULT">xmlSecKeyDataIdsRegisterDefault</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keysdata.html#XMLSECKEYDATAIDSREGISTER">xmlSecKeyDataIdsRegister</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> id</code>);
+struct <a href="xmlsec-keysdata.html#XMLSECKEYDATA">xmlSecKeyData</a>;
+<a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="RETURNVALUE">xmlSecKeyDataPtr</span></a> <a href="xmlsec-keysdata.html#XMLSECKEYDATACREATE">xmlSecKeyDataCreate</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> id</code>);
+<gtkdoclink href="XMLSECKEYDATAPTR"><span class="RETURNVALUE">xmlSecKeyDataPtr</span></gtkdoclink><a href="xmlsec-keysdata.html#XMLSECKEYDATADUPLICATE">xmlSecKeyDataDuplicate</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-keysdata.html#XMLSECKEYDATADESTROY">xmlSecKeyDataDestroy</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keysdata.html#XMLSECKEYDATAGENERATE">xmlSecKeyDataGenerate</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> sizeBits</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);
+<a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="RETURNVALUE">xmlSecKeyDataType</span></a> <a href="xmlsec-keysdata.html#XMLSECKEYDATAGETTYPE">xmlSecKeyDataGetType</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+<a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="RETURNVALUE">xmlSecSize</span></a> <a href="xmlsec-keysdata.html#XMLSECKEYDATAGETSIZE">xmlSecKeyDataGetSize</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+const <gtkdoclink href="XMLCHAR"><span class="RETURNVALUE">xmlChar</span></gtkdoclink>* <a href="xmlsec-keysdata.html#XMLSECKEYDATAGETIDENTIFIER">xmlSecKeyDataGetIdentifier</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-keysdata.html#XMLSECKEYDATADEBUGDUMP">xmlSecKeyDataDebugDump</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-keysdata.html#XMLSECKEYDATADEBUGXMLDUMP">xmlSecKeyDataDebugXmlDump</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keysdata.html#XMLSECKEYDATAXMLREAD">xmlSecKeyDataXmlRead</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> id</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keysdata.html#XMLSECKEYDATAXMLWRITE">xmlSecKeyDataXmlWrite</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> id</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keysdata.html#XMLSECKEYDATABINREAD">xmlSecKeyDataBinRead</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> id</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keysdata.html#XMLSECKEYDATABINWRITE">xmlSecKeyDataBinWrite</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> id</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> **buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> *bufSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATAGETNAME">xmlSecKeyDataGetName</a> (data)
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATAISVALID">xmlSecKeyDataIsValid</a> (data)
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATACHECKID">xmlSecKeyDataCheckId</a> (data,
+ dataId)
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATACHECKUSAGE">xmlSecKeyDataCheckUsage</a> (data,
+ usg)
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATACHECKSIZE">xmlSecKeyDataCheckSize</a> (data,
+ size)
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATAIDUNKNOWN">xmlSecKeyDataIdUnknown</a>
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (<a href="xmlsec-keysdata.html#XMLSECKEYDATAINITMETHOD">*xmlSecKeyDataInitMethod</a>) (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (<a href="xmlsec-keysdata.html#XMLSECKEYDATADUPLICATEMETHOD">*xmlSecKeyDataDuplicateMethod</a>) (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> dst</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> src</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> (<a href="xmlsec-keysdata.html#XMLSECKEYDATAFINALIZEMETHOD">*xmlSecKeyDataFinalizeMethod</a>) (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (<a href="xmlsec-keysdata.html#XMLSECKEYDATAXMLREADMETHOD">*xmlSecKeyDataXmlReadMethod</a>) (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> id</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (<a href="xmlsec-keysdata.html#XMLSECKEYDATAXMLWRITEMETHOD">*xmlSecKeyDataXmlWriteMethod</a>) (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> id</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (<a href="xmlsec-keysdata.html#XMLSECKEYDATABINREADMETHOD">*xmlSecKeyDataBinReadMethod</a>) (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> id</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (<a href="xmlsec-keysdata.html#XMLSECKEYDATABINWRITEMETHOD">*xmlSecKeyDataBinWriteMethod</a>) (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> id</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> **buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> *bufSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (<a href="xmlsec-keysdata.html#XMLSECKEYDATAGENERATEMETHOD">*xmlSecKeyDataGenerateMethod</a>) (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> sizeBits</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);
+<a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="RETURNVALUE">xmlSecKeyDataType</span></a> (<a href="xmlsec-keysdata.html#XMLSECKEYDATAGETTYPEMETHOD">*xmlSecKeyDataGetTypeMethod</a>) (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+<a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="RETURNVALUE">xmlSecSize</span></a> (<a href="xmlsec-keysdata.html#XMLSECKEYDATAGETSIZEMETHOD">*xmlSecKeyDataGetSizeMethod</a>) (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+const <gtkdoclink href="XMLCHAR"><span class="RETURNVALUE">xmlChar</span></gtkdoclink> * (<a href="xmlsec-keysdata.html#XMLSECKEYDATAGETIDENTIFIERMETHOD">*xmlSecKeyDataGetIdentifierMethod</a>) (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> (<a href="xmlsec-keysdata.html#XMLSECKEYDATADEBUGDUMPMETHOD">*xmlSecKeyDataDebugDumpMethod</a>) (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);
+struct <a href="xmlsec-keysdata.html#XMLSECKEYDATAKLASS">xmlSecKeyDataKlass</a>;
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATAKLASSGETNAME">xmlSecKeyDataKlassGetName</a> (klass)
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATALISTID">xmlSecKeyDataListId</a>
+<gtkdoclink href="XMLSECPTRLISTID"><span class="RETURNVALUE">xmlSecPtrListId</span></gtkdoclink><a href="xmlsec-keysdata.html#XMLSECKEYDATALISTGETKLASS">xmlSecKeyDataListGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATAIDLISTID">xmlSecKeyDataIdListId</a>
+<gtkdoclink href="XMLSECPTRLISTID"><span class="RETURNVALUE">xmlSecPtrListId</span></gtkdoclink><a href="xmlsec-keysdata.html#XMLSECKEYDATAIDLISTGETKLASS">xmlSecKeyDataIdListGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keysdata.html#XMLSECKEYDATAIDLISTFIND">xmlSecKeyDataIdListFind</a> (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> dataId</code>);
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-keysdata.html#XMLSECKEYDATAIDLISTFINDBYNODE">xmlSecKeyDataIdListFindByNode</a> (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *nodeName</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *nodeNs</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAUSAGE"><span class="TYPE">xmlSecKeyDataUsage</span></a> usage</code>);
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-keysdata.html#XMLSECKEYDATAIDLISTFINDBYHREF">xmlSecKeyDataIdListFindByHref</a> (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *href</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAUSAGE"><span class="TYPE">xmlSecKeyDataUsage</span></a> usage</code>);
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-keysdata.html#XMLSECKEYDATAIDLISTFINDBYNAME">xmlSecKeyDataIdListFindByName</a> (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAUSAGE"><span class="TYPE">xmlSecKeyDataUsage</span></a> usage</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-keysdata.html#XMLSECKEYDATAIDLISTDEBUGDUMP">xmlSecKeyDataIdListDebugDump</a> (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-keysdata.html#XMLSECKEYDATAIDLISTDEBUGXMLDUMP">xmlSecKeyDataIdListDebugXmlDump</a> (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATABINARYSIZE">xmlSecKeyDataBinarySize</a>
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keysdata.html#XMLSECKEYDATABINARYVALUEINITIALIZE">xmlSecKeyDataBinaryValueInitialize</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keysdata.html#XMLSECKEYDATABINARYVALUEDUPLICATE">xmlSecKeyDataBinaryValueDuplicate</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> dst</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> src</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-keysdata.html#XMLSECKEYDATABINARYVALUEFINALIZE">xmlSecKeyDataBinaryValueFinalize</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keysdata.html#XMLSECKEYDATABINARYVALUEXMLREAD">xmlSecKeyDataBinaryValueXmlRead</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> id</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keysdata.html#XMLSECKEYDATABINARYVALUEXMLWRITE">xmlSecKeyDataBinaryValueXmlWrite</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> id</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keysdata.html#XMLSECKEYDATABINARYVALUEBINREAD">xmlSecKeyDataBinaryValueBinRead</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> id</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keysdata.html#XMLSECKEYDATABINARYVALUEBINWRITE">xmlSecKeyDataBinaryValueBinWrite</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> id</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> **buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> *bufSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-keysdata.html#XMLSECKEYDATABINARYVALUEDEBUGDUMP">xmlSecKeyDataBinaryValueDebugDump</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-keysdata.html#XMLSECKEYDATABINARYVALUEDEBUGXMLDUMP">xmlSecKeyDataBinaryValueDebugXmlDump</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);
+<a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="RETURNVALUE">xmlSecSize</span></a> <a href="xmlsec-keysdata.html#XMLSECKEYDATABINARYVALUEGETSIZE">xmlSecKeyDataBinaryValueGetSize</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+<gtkdoclink href="XMLSECBUFFERPTR"><span class="RETURNVALUE">xmlSecBufferPtr</span></gtkdoclink><a href="xmlsec-keysdata.html#XMLSECKEYDATABINARYVALUEGETBUFFER">xmlSecKeyDataBinaryValueGetBuffer</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keysdata.html#XMLSECKEYDATABINARYVALUESETBUFFER">xmlSecKeyDataBinaryValueSetBuffer</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>);
+struct <a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE">xmlSecKeyDataStore</a>;
+<a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="RETURNVALUE">xmlSecKeyDataStorePtr</span></a> <a href="xmlsec-keysdata.html#XMLSECKEYDATASTORECREATE">xmlSecKeyDataStoreCreate</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATASTOREID"><span class="TYPE">xmlSecKeyDataStoreId</span></gtkdoclink> id</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-keysdata.html#XMLSECKEYDATASTOREDESTROY">xmlSecKeyDataStoreDestroy</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>);
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATASTOREGETNAME">xmlSecKeyDataStoreGetName</a> (store)
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATASTOREISVALID">xmlSecKeyDataStoreIsValid</a> (store)
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATASTORECHECKID">xmlSecKeyDataStoreCheckId</a> (store,
+ storeId)
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATASTORECHECKSIZE">xmlSecKeyDataStoreCheckSize</a> (store,
+ size)
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATASTOREIDUNKNOWN">xmlSecKeyDataStoreIdUnknown</a>
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (<a href="xmlsec-keysdata.html#XMLSECKEYDATASTOREINITIALIZEMETHOD">*xmlSecKeyDataStoreInitializeMethod</a>)
+ (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> (<a href="xmlsec-keysdata.html#XMLSECKEYDATASTOREFINALIZEMETHOD">*xmlSecKeyDataStoreFinalizeMethod</a>) (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>);
+struct <a href="xmlsec-keysdata.html#XMLSECKEYDATASTOREKLASS">xmlSecKeyDataStoreKlass</a>;
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATASTOREKLASSGETNAME">xmlSecKeyDataStoreKlassGetName</a> (klass)
+#define <a href="xmlsec-keysdata.html#XMLSECKEYDATASTOREPTRLISTID">xmlSecKeyDataStorePtrListId</a>
+<gtkdoclink href="XMLSECPTRLISTID"><span class="RETURNVALUE">xmlSecPtrListId</span></gtkdoclink><a href="xmlsec-keysdata.html#XMLSECKEYDATASTOREPTRLISTGETKLASS">xmlSecKeyDataStorePtrListGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-KEYSDATA.DESCRIPTION"></a><h2>Description</h2>
+<p>Crypto key data object definition.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-KEYSDATA.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAUSAGE"></a><h3>xmlSecKeyDataUsage</h3>
+<pre class="PROGRAMLISTING">typedef unsigned int xmlSecKeyDataUsage;</pre>
+<p>The bits mask that determines possible keys data usage.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAUSAGEUNKNOWN"></a><h3>xmlSecKeyDataUsageUnknown</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataUsageUnknown 0x00000</pre>
+<p>The key data usage is unknown.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAUSAGEKEYINFONODEREAD"></a><h3>xmlSecKeyDataUsageKeyInfoNodeRead</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataUsageKeyInfoNodeRead 0x00001</pre>
+<p>The key data could be read from a <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> child.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAUSAGEKEYINFONODEWRITE"></a><h3>xmlSecKeyDataUsageKeyInfoNodeWrite</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataUsageKeyInfoNodeWrite 0x00002</pre>
+<p>The key data could be written to a <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo%20" target="_top">&lt;dsig:KeyInfo /&gt;</a> child.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAUSAGEKEYVALUENODEREAD"></a><h3>xmlSecKeyDataUsageKeyValueNodeRead</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataUsageKeyValueNodeRead 0x00004</pre>
+<p>The key data could be read from a <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyValue%20" target="_top">&lt;dsig:KeyValue /&gt;</a> child.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAUSAGEKEYVALUENODEWRITE"></a><h3>xmlSecKeyDataUsageKeyValueNodeWrite</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataUsageKeyValueNodeWrite 0x00008</pre>
+<p>The key data could be written to a <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyValue%20" target="_top">&lt;dsig:KeyValue /&gt;</a> child.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAUSAGERETRIEVALMETHODNODEXML"></a><h3>xmlSecKeyDataUsageRetrievalMethodNodeXml</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataUsageRetrievalMethodNodeXml 0x00010</pre>
+<p>The key data could be retrieved using <a href="http://www.w3.org/TR/xmldsig-core/#sec-RetrievalMethod%20" target="_top">&lt;dsig:RetrievalMethod /&gt;</a> node
+in XML format.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAUSAGERETRIEVALMETHODNODEBIN"></a><h3>xmlSecKeyDataUsageRetrievalMethodNodeBin</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataUsageRetrievalMethodNodeBin 0x00020</pre>
+<p>The key data could be retrieved using <a href="http://www.w3.org/TR/xmldsig-core/#sec-RetrievalMethod%20" target="_top">&lt;dsig:RetrievalMethod /&gt;</a> node
+in binary format.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAUSAGEANY"></a><h3>xmlSecKeyDataUsageAny</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataUsageAny 0xFFFFF</pre>
+<p>Any key data usage.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAUSAGEKEYINFONODE"></a><h3>xmlSecKeyDataUsageKeyInfoNode</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataUsageKeyInfoNode</pre>
+<p>The key data could be read and written from/to a <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo%20" target="_top">&lt;dsig:KeyInfo /&gt;</a> child.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAUSAGEKEYVALUENODE"></a><h3>xmlSecKeyDataUsageKeyValueNode</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataUsageKeyValueNode</pre>
+<p>The key data could be read and written from/to a <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyValue%20" target="_top">&lt;dsig:KeyValue /&gt;</a> child.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAUSAGERETRIEVALMETHODNODE"></a><h3>xmlSecKeyDataUsageRetrievalMethodNode</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataUsageRetrievalMethodNode</pre>
+<p>The key data could be retrieved using <a href="http://www.w3.org/TR/xmldsig-core/#sec-RetrievalMethod%20" target="_top">&lt;dsig:RetrievalMethod /&gt;</a> node
+in any format.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATATYPE"></a><h3>xmlSecKeyDataType</h3>
+<pre class="PROGRAMLISTING">typedef unsigned int xmlSecKeyDataType;</pre>
+<p>The key data type (public/private, session/permanet, etc.).</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATATYPEUNKNOWN"></a><h3>xmlSecKeyDataTypeUnknown</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataTypeUnknown 0x0000</pre>
+<p>The key data type is unknown (same as <a href="xmlsec-keysdata.html#XMLSECKEYDATATYPENONE"><span class="TYPE">xmlSecKeyDataTypeNone</span></a>).</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATATYPENONE"></a><h3>xmlSecKeyDataTypeNone</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataTypeNone xmlSecKeyDataTypeUnknown</pre>
+<p>The key data type is unknown (same as <a href="xmlsec-keysdata.html#XMLSECKEYDATATYPEUNKNOWN"><span class="TYPE">xmlSecKeyDataTypeUnknown</span></a>).</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATATYPEPUBLIC"></a><h3>xmlSecKeyDataTypePublic</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataTypePublic 0x0001</pre>
+<p>The key data contain a public key.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATATYPEPRIVATE"></a><h3>xmlSecKeyDataTypePrivate</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataTypePrivate 0x0002</pre>
+<p>The key data contain a private key.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATATYPESYMMETRIC"></a><h3>xmlSecKeyDataTypeSymmetric</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataTypeSymmetric 0x0004</pre>
+<p>The key data contain a symmetric key.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATATYPESESSION"></a><h3>xmlSecKeyDataTypeSession</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataTypeSession 0x0008</pre>
+<p>The key data contain session key (one time key, not stored in keys manager).</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATATYPEPERMANENT"></a><h3>xmlSecKeyDataTypePermanent</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataTypePermanent 0x0010</pre>
+<p>The key data contain permanent key (stored in keys manager).</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATATYPETRUSTED"></a><h3>xmlSecKeyDataTypeTrusted</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataTypeTrusted 0x0100</pre>
+<p>The key data is trusted.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATATYPEANY"></a><h3>xmlSecKeyDataTypeAny</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataTypeAny 0xFFFF</pre>
+<p>Any key data.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAFORMAT"></a><h3>enum xmlSecKeyDataFormat</h3>
+<pre class="PROGRAMLISTING">typedef enum {
+ xmlSecKeyDataFormatUnknown = 0,
+ xmlSecKeyDataFormatBinary,
+ xmlSecKeyDataFormatPem,
+ xmlSecKeyDataFormatDer,
+ xmlSecKeyDataFormatPkcs8Pem,
+ xmlSecKeyDataFormatPkcs8Der,
+ xmlSecKeyDataFormatPkcs12,
+ xmlSecKeyDataFormatCertPem,
+ xmlSecKeyDataFormatCertDer
+} xmlSecKeyDataFormat;</pre>
+<p>The key data format (binary, der, pem, etc.).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECKEYDATAFORMATUNKNOWN"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecKeyDataFormatUnknown</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>the key data format is unknown.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECKEYDATAFORMATBINARY"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecKeyDataFormatBinary</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>the binary key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECKEYDATAFORMATPEM"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecKeyDataFormatPem</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>the PEM key data (cert or public/private key).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECKEYDATAFORMATDER"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecKeyDataFormatDer</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>the DER key data (cert or public/private key).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECKEYDATAFORMATPKCS8PEM"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecKeyDataFormatPkcs8Pem</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>the PKCS8 PEM private key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECKEYDATAFORMATPKCS8DER"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecKeyDataFormatPkcs8Der</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>the PKCS8 DER private key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECKEYDATAFORMATPKCS12"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecKeyDataFormatPkcs12</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>the PKCS12 format (bag of keys and certs)</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECKEYDATAFORMATCERTPEM"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecKeyDataFormatCertPem</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>the PEM cert.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECKEYDATAFORMATCERTDER"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecKeyDataFormatCertDer</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>the DER cert.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAIDSGET"></a><h3>xmlSecKeyDataIdsGet ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="RETURNVALUE">xmlSecPtrListPtr</span></a> xmlSecKeyDataIdsGet (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Gets global registered key data klasses list.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN8096"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to list of all registered key data klasses.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAIDSINIT"></a><h3>xmlSecKeyDataIdsInit ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecKeyDataIdsInit (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Initializes the key data klasses. This function is called from the
+<a href="xmlsec-xmlsec.html#XMLSECINIT"><span class="TYPE">xmlSecInit</span></a> function and the application should not call it directly.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN8114"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAIDSSHUTDOWN"></a><h3>xmlSecKeyDataIdsShutdown ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecKeyDataIdsShutdown (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Shuts down the keys data klasses. This function is called from the
+<a href="xmlsec-xmlsec.html#XMLSECSHUTDOWN"><span class="TYPE">xmlSecShutdown</span></a> function and the application should not call it directly.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAIDSREGISTERDEFAULT"></a><h3>xmlSecKeyDataIdsRegisterDefault ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecKeyDataIdsRegisterDefault (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Registers default (implemented by XML Security Library)
+key data klasses: <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyName" target="_top">&lt;dsig:KeyName/&gt;</a> element processing klass,
+<a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyValue" target="_top">&lt;dsig:KeyValue/&gt;</a> element processing klass, ...</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN8144"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAIDSREGISTER"></a><h3>xmlSecKeyDataIdsRegister ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecKeyDataIdsRegister (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> id</code>);</pre>
+<p>Registers <code class="PARAMETER">id</code> in the global list of key data klasses.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8162"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key data klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8167"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATA"></a><h3>struct xmlSecKeyData</h3>
+<pre class="PROGRAMLISTING">struct xmlSecKeyData {
+ xmlSecKeyDataId id;
+ void* reserved0;
+ void* reserved1;
+};</pre>
+<p>The key data: key value (crypto material), x509 data, pgp data, etc.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8179"><span style="white-space: nowrap"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> <code class="STRUCTFIELD">id</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data id (<gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink>).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8188"><span style="white-space: nowrap"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *<code class="STRUCTFIELD">reserved0</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>reserved for the future.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8195"><span style="white-space: nowrap"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *<code class="STRUCTFIELD">reserved1</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>reserved for the future.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATACREATE"></a><h3>xmlSecKeyDataCreate ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="RETURNVALUE">xmlSecKeyDataPtr</span></a> xmlSecKeyDataCreate (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> id</code>);</pre>
+<p>Allocates and initializes new key data of the specified type <code class="PARAMETER">id</code>.
+Caller is responsible for destroying returned object with
+<a href="xmlsec-keysdata.html#XMLSECKEYDATADESTROY"><span class="TYPE">xmlSecKeyDataDestroy</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8217"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data id.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8222"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to newly allocated key data structure
+or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATADUPLICATE"></a><h3>xmlSecKeyDataDuplicate ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAPTR"><span class="RETURNVALUE">xmlSecKeyDataPtr</span></gtkdoclink> xmlSecKeyDataDuplicate (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Creates a duplicate of the given <code class="PARAMETER">data</code>. Caller is responsible for
+destroying returned object with <a href="xmlsec-keysdata.html#XMLSECKEYDATADESTROY"><span class="TYPE">xmlSecKeyDataDestroy</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8242"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to the key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8247"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to newly allocated key data structure
+or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATADESTROY"></a><h3>xmlSecKeyDataDestroy ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecKeyDataDestroy (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Destroys the data and frees all allocated memory.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN8264"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to the key data.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAGENERATE"></a><h3>xmlSecKeyDataGenerate ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecKeyDataGenerate (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> sizeBits</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);</pre>
+<p>Generates new key data of given size and type.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8287"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8292"><span style="white-space: nowrap"><code class="PARAMETER">sizeBits</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired key data size (in bits).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8297"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired key data type.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8302"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAGETTYPE"></a><h3>xmlSecKeyDataGetType ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="RETURNVALUE">xmlSecKeyDataType</span></a> xmlSecKeyDataGetType (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Gets key data type.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8319"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8324"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> key data type.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAGETSIZE"></a><h3>xmlSecKeyDataGetSize ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="RETURNVALUE">xmlSecSize</span></a> xmlSecKeyDataGetSize (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Gets key data size.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8341"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8346"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> key data size (in bits).</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAGETIDENTIFIER"></a><h3>xmlSecKeyDataGetIdentifier ()</h3>
+<pre class="PROGRAMLISTING">const <gtkdoclink href="XMLCHAR"><span class="RETURNVALUE">xmlChar</span></gtkdoclink>* xmlSecKeyDataGetIdentifier (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Gets key data identifier string.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8363"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8368"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> key data id string.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATADEBUGDUMP"></a><h3>xmlSecKeyDataDebugDump ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecKeyDataDebugDump (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+<p>Prints key data debug info.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8388"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8393"><span style="white-space: nowrap"><code class="PARAMETER">output</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to output FILE.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATADEBUGXMLDUMP"></a><h3>xmlSecKeyDataDebugXmlDump ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecKeyDataDebugXmlDump (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+<p>Prints key data debug info in XML format.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8413"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8418"><span style="white-space: nowrap"><code class="PARAMETER">output</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to output FILE.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAXMLREAD"></a><h3>xmlSecKeyDataXmlRead ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecKeyDataXmlRead (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> id</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);</pre>
+<p>Reads the key data of klass <code class="PARAMETER">id</code> from XML <code class="PARAMETER">node</code> and adds them to <code class="PARAMETER">key</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8447"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8452"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the destination key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8457"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to an XML node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8462"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> element processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8468"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAXMLWRITE"></a><h3>xmlSecKeyDataXmlWrite ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecKeyDataXmlWrite (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> id</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);</pre>
+<p>Writes the key data of klass <code class="PARAMETER">id</code> from <code class="PARAMETER">key</code> to an XML <code class="PARAMETER">node</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8497"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8502"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the source key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8507"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to an XML node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8512"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> element processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8518"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATABINREAD"></a><h3>xmlSecKeyDataBinRead ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecKeyDataBinRead (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> id</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);</pre>
+<p>Reads the key data of klass <code class="PARAMETER">id</code> from binary buffer <code class="PARAMETER">buf</code> to <code class="PARAMETER">key</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8550"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8555"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the destination key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8560"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the input binary buffer.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8565"><span style="white-space: nowrap"><code class="PARAMETER">bufSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the input buffer size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8570"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8576"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATABINWRITE"></a><h3>xmlSecKeyDataBinWrite ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecKeyDataBinWrite (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> id</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> **buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> *bufSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);</pre>
+<p>Writes the key data of klass <code class="PARAMETER">id</code> from the <code class="PARAMETER">key</code> to a binary buffer <code class="PARAMETER">buf</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8608"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8613"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the source key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8618"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the output binary buffer.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8623"><span style="white-space: nowrap"><code class="PARAMETER">bufSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the output buffer size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8628"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8634"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAGETNAME"></a><h3>xmlSecKeyDataGetName()</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataGetName(data)</pre>
+<p>Macro. Returns the key data name.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN8646"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key data.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAISVALID"></a><h3>xmlSecKeyDataIsValid()</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataIsValid(data)</pre>
+<p>Macro. Returns 1 if <code class="PARAMETER">data</code> is not NULL and <code class="PARAMETER">data</code>-&gt;id is not NULL
+or 0 otherwise.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN8660"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to data.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATACHECKID"></a><h3>xmlSecKeyDataCheckId()</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataCheckId(data, dataId)</pre>
+<p>Macro. Returns 1 if <code class="PARAMETER">data</code> is valid and <code class="PARAMETER">data</code>'s id is equal to <code class="PARAMETER">dataId</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8675"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8680"><span style="white-space: nowrap"><code class="PARAMETER">dataId</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data Id.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATACHECKUSAGE"></a><h3>xmlSecKeyDataCheckUsage()</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataCheckUsage(data, usg)</pre>
+<p>Macro. Returns 1 if <code class="PARAMETER">data</code> is valid and could be used for <code class="PARAMETER">usg</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8694"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8699"><span style="white-space: nowrap"><code class="PARAMETER">usg</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data usage.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATACHECKSIZE"></a><h3>xmlSecKeyDataCheckSize()</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataCheckSize(data, size)</pre>
+<p>Macro. Returns 1 if <code class="PARAMETER">data</code> is valid and <code class="PARAMETER">data</code>'s object has at least <code class="PARAMETER">size</code> bytes.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8714"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8719"><span style="white-space: nowrap"><code class="PARAMETER">size</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the expected size.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAIDUNKNOWN"></a><h3>xmlSecKeyDataIdUnknown</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataIdUnknown ((xmlSecKeyDataId)NULL)</pre>
+<p>The "unknown" id.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAINITMETHOD"></a><h3>xmlSecKeyDataInitMethod ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (*xmlSecKeyDataInitMethod) (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Key data specific initialization method.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8742"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8747"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATADUPLICATEMETHOD"></a><h3>xmlSecKeyDataDuplicateMethod ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (*xmlSecKeyDataDuplicateMethod) (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> dst</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> src</code>);</pre>
+<p>Key data specific duplication (copy) method.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8767"><span style="white-space: nowrap"><code class="PARAMETER">dst</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to destination key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8772"><span style="white-space: nowrap"><code class="PARAMETER">src</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the poiniter to source key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8777"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAFINALIZEMETHOD"></a><h3>xmlSecKeyDataFinalizeMethod ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> (*xmlSecKeyDataFinalizeMethod) (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Key data specific finalization method. All the objects and resources allocated
+by the key data object must be freed inside this method.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN8794"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAXMLREADMETHOD"></a><h3>xmlSecKeyDataXmlReadMethod ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (*xmlSecKeyDataXmlReadMethod) (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> id</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);</pre>
+<p>Key data specific method for reading XML node.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8820"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data id.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8825"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8830"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to data's value XML node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8835"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8841"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAXMLWRITEMETHOD"></a><h3>xmlSecKeyDataXmlWriteMethod ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (*xmlSecKeyDataXmlWriteMethod) (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> id</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);</pre>
+<p>Key data specific method for writing XML node.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8867"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data id.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8872"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8877"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to data's value XML node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8882"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the &lt;dsig:KeyInfo&gt; node processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8887"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATABINREADMETHOD"></a><h3>xmlSecKeyDataBinReadMethod ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (*xmlSecKeyDataBinReadMethod) (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> id</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);</pre>
+<p>Key data specific method for reading binary buffer.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8916"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data id.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8921"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8926"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the input buffer.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8931"><span style="white-space: nowrap"><code class="PARAMETER">bufSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the buffer size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8936"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8942"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATABINWRITEMETHOD"></a><h3>xmlSecKeyDataBinWriteMethod ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (*xmlSecKeyDataBinWriteMethod) (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> id</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> **buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> *bufSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);</pre>
+<p>Key data specific method for reading binary buffer.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8971"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data id.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8976"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8981"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the output buffer.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8986"><span style="white-space: nowrap"><code class="PARAMETER">bufSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the buffer size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8991"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN8997"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAGENERATEMETHOD"></a><h3>xmlSecKeyDataGenerateMethod ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (*xmlSecKeyDataGenerateMethod) (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> sizeBits</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);</pre>
+<p>Key data specific method for generating new key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9020"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9025"><span style="white-space: nowrap"><code class="PARAMETER">sizeBits</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key data specific size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9030"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the required key type (session/permanent, etc.)</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9035"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAGETTYPEMETHOD"></a><h3>xmlSecKeyDataGetTypeMethod ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="RETURNVALUE">xmlSecKeyDataType</span></a> (*xmlSecKeyDataGetTypeMethod) (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Key data specific method to get the key type.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9052"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9057"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the key type.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAGETSIZEMETHOD"></a><h3>xmlSecKeyDataGetSizeMethod ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="RETURNVALUE">xmlSecSize</span></a> (*xmlSecKeyDataGetSizeMethod) (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Key data specific method to get the key size.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9074"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9079"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the key size in bits.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAGETIDENTIFIERMETHOD"></a><h3>xmlSecKeyDataGetIdentifierMethod ()</h3>
+<pre class="PROGRAMLISTING">const <gtkdoclink href="XMLCHAR"><span class="RETURNVALUE">xmlChar</span></gtkdoclink> * (*xmlSecKeyDataGetIdentifierMethod) (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Key data specific method to get the key data identifier string (for example,
+X509 data identifier is the subject of the verified cert).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9096"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9101"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the identifier string or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATADEBUGDUMPMETHOD"></a><h3>xmlSecKeyDataDebugDumpMethod ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> (*xmlSecKeyDataDebugDumpMethod) (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+<p>Key data specific method for printing debug info.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9121"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9126"><span style="white-space: nowrap"><code class="PARAMETER">output</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the FILE to print debug info (should be open for writing).</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAKLASS"></a><h3>struct xmlSecKeyDataKlass</h3>
+<pre class="PROGRAMLISTING">struct xmlSecKeyDataKlass {
+ xmlSecSize klassSize;
+ xmlSecSize objSize;
+
+ /* data */
+ const xmlChar* name;
+ xmlSecKeyDataUsage usage;
+ const xmlChar* href;
+ const xmlChar* dataNodeName;
+ const xmlChar* dataNodeNs;
+
+ /* constructors/destructor */
+ xmlSecKeyDataInitMethod initialize;
+ xmlSecKeyDataDuplicateMethod duplicate;
+ xmlSecKeyDataFinalizeMethod finalize;
+ xmlSecKeyDataGenerateMethod generate;
+
+ /* get info */
+ xmlSecKeyDataGetTypeMethod getType;
+ xmlSecKeyDataGetSizeMethod getSize;
+ xmlSecKeyDataGetIdentifierMethod getIdentifier;
+
+ /* read/write */
+ xmlSecKeyDataXmlReadMethod xmlRead;
+ xmlSecKeyDataXmlWriteMethod xmlWrite;
+ xmlSecKeyDataBinReadMethod binRead;
+ xmlSecKeyDataBinWriteMethod binWrite;
+
+ /* debug */
+ xmlSecKeyDataDebugDumpMethod debugDump;
+ xmlSecKeyDataDebugDumpMethod debugXmlDump;
+
+ /* for the future */
+ void* reserved0;
+ void* reserved1;
+};</pre>
+<p>The data id (klass).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9138"><span style="white-space: nowrap"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> <code class="STRUCTFIELD">klassSize</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the klass size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9145"><span style="white-space: nowrap"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> <code class="STRUCTFIELD">objSize</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the object size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9152"><span style="white-space: nowrap">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *<code class="STRUCTFIELD">name</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the object name.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9159"><span style="white-space: nowrap"><a href="xmlsec-keysdata.html#XMLSECKEYDATAUSAGE"><span class="TYPE">xmlSecKeyDataUsage</span></a> <code class="STRUCTFIELD">usage</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the allowed data usage.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9166"><span style="white-space: nowrap">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *<code class="STRUCTFIELD">href</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the identification string (href).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9173"><span style="white-space: nowrap">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *<code class="STRUCTFIELD">dataNodeName</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data's XML node name.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9180"><span style="white-space: nowrap">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *<code class="STRUCTFIELD">dataNodeNs</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data's XML node namespace.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9187"><span style="white-space: nowrap"><a href="xmlsec-keysdata.html#XMLSECKEYDATAINITMETHOD"><span class="TYPE">xmlSecKeyDataInitMethod</span></a> <code class="STRUCTFIELD">initialize</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the initialization method.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9194"><span style="white-space: nowrap"><a href="xmlsec-keysdata.html#XMLSECKEYDATADUPLICATEMETHOD"><span class="TYPE">xmlSecKeyDataDuplicateMethod</span></a> <code class="STRUCTFIELD">duplicate</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the duplicate (copy) method.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9201"><span style="white-space: nowrap"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFINALIZEMETHOD"><span class="TYPE">xmlSecKeyDataFinalizeMethod</span></a> <code class="STRUCTFIELD">finalize</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the finalization (destroy) method.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9208"><span style="white-space: nowrap"><a href="xmlsec-keysdata.html#XMLSECKEYDATAGENERATEMETHOD"><span class="TYPE">xmlSecKeyDataGenerateMethod</span></a> <code class="STRUCTFIELD">generate</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new data generation method.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9215"><span style="white-space: nowrap"><a href="xmlsec-keysdata.html#XMLSECKEYDATAGETTYPEMETHOD"><span class="TYPE">xmlSecKeyDataGetTypeMethod</span></a> <code class="STRUCTFIELD">getType</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the method to access data's type information.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9222"><span style="white-space: nowrap"><a href="xmlsec-keysdata.html#XMLSECKEYDATAGETSIZEMETHOD"><span class="TYPE">xmlSecKeyDataGetSizeMethod</span></a> <code class="STRUCTFIELD">getSize</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the method to access data's size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9229"><span style="white-space: nowrap"><a href="xmlsec-keysdata.html#XMLSECKEYDATAGETIDENTIFIERMETHOD"><span class="TYPE">xmlSecKeyDataGetIdentifierMethod</span></a> <code class="STRUCTFIELD">getIdentifier</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the method to access data's string identifier.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9236"><span style="white-space: nowrap"><a href="xmlsec-keysdata.html#XMLSECKEYDATAXMLREADMETHOD"><span class="TYPE">xmlSecKeyDataXmlReadMethod</span></a> <code class="STRUCTFIELD">xmlRead</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the method for reading data from XML node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9243"><span style="white-space: nowrap"><a href="xmlsec-keysdata.html#XMLSECKEYDATAXMLWRITEMETHOD"><span class="TYPE">xmlSecKeyDataXmlWriteMethod</span></a> <code class="STRUCTFIELD">xmlWrite</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the method for writing data to XML node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9250"><span style="white-space: nowrap"><a href="xmlsec-keysdata.html#XMLSECKEYDATABINREADMETHOD"><span class="TYPE">xmlSecKeyDataBinReadMethod</span></a> <code class="STRUCTFIELD">binRead</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the method for reading data from a binary buffer.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9257"><span style="white-space: nowrap"><a href="xmlsec-keysdata.html#XMLSECKEYDATABINWRITEMETHOD"><span class="TYPE">xmlSecKeyDataBinWriteMethod</span></a> <code class="STRUCTFIELD">binWrite</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the method for writing data to binary buffer.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9264"><span style="white-space: nowrap"><a href="xmlsec-keysdata.html#XMLSECKEYDATADEBUGDUMPMETHOD"><span class="TYPE">xmlSecKeyDataDebugDumpMethod</span></a> <code class="STRUCTFIELD">debugDump</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the method for printing debug data information.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9271"><span style="white-space: nowrap"><a href="xmlsec-keysdata.html#XMLSECKEYDATADEBUGDUMPMETHOD"><span class="TYPE">xmlSecKeyDataDebugDumpMethod</span></a> <code class="STRUCTFIELD">debugXmlDump</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the method for printing debug data information in XML format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9278"><span style="white-space: nowrap"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *<code class="STRUCTFIELD">reserved0</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>reserved for the future.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9285"><span style="white-space: nowrap"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *<code class="STRUCTFIELD">reserved1</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>reserved for the future.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAKLASSGETNAME"></a><h3>xmlSecKeyDataKlassGetName()</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataKlassGetName(klass)</pre>
+<p>Macro. Returns data klass name.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN9299"><span style="white-space: nowrap"><code class="PARAMETER">klass</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATALISTID"></a><h3>xmlSecKeyDataListId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataListId xmlSecKeyDataListGetKlass()</pre>
+<p>The key data klasses list klass id.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATALISTGETKLASS"></a><h3>xmlSecKeyDataListGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECPTRLISTID"><span class="RETURNVALUE">xmlSecPtrListId</span></gtkdoclink> xmlSecKeyDataListGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The key data list klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN9321"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the key data list klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAIDLISTID"></a><h3>xmlSecKeyDataIdListId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataIdListId xmlSecKeyDataIdListGetKlass()</pre>
+<p>The key data list klass id.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAIDLISTGETKLASS"></a><h3>xmlSecKeyDataIdListGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECPTRLISTID"><span class="RETURNVALUE">xmlSecPtrListId</span></gtkdoclink> xmlSecKeyDataIdListGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The key data id list klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN9343"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the key data id list klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAIDLISTFIND"></a><h3>xmlSecKeyDataIdListFind ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecKeyDataIdListFind (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> dataId</code>);</pre>
+<p>Lookups <code class="PARAMETER">dataId</code> in <code class="PARAMETER">list</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9365"><span style="white-space: nowrap"><code class="PARAMETER">list</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key data ids list.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9370"><span style="white-space: nowrap"><code class="PARAMETER">dataId</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key data klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9375"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 1 if <code class="PARAMETER">dataId</code> is found in the <code class="PARAMETER">list</code>, 0 if not and a negative
+value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAIDLISTFINDBYNODE"></a><h3>xmlSecKeyDataIdListFindByNode ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecKeyDataIdListFindByNode (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *nodeName</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *nodeNs</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAUSAGE"><span class="TYPE">xmlSecKeyDataUsage</span></a> usage</code>);</pre>
+<p>Lookups data klass in the list with given <code class="PARAMETER">nodeName</code>, <code class="PARAMETER">nodeNs</code> and
+<code class="PARAMETER">usage</code> in the <code class="PARAMETER">list</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9407"><span style="white-space: nowrap"><code class="PARAMETER">list</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key data ids list.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9412"><span style="white-space: nowrap"><code class="PARAMETER">nodeName</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired key data klass XML node name.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9417"><span style="white-space: nowrap"><code class="PARAMETER">nodeNs</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired key data klass XML node namespace.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9422"><span style="white-space: nowrap"><code class="PARAMETER">usage</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired key data usage.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9427"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> key data klass is found and NULL otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAIDLISTFINDBYHREF"></a><h3>xmlSecKeyDataIdListFindByHref ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecKeyDataIdListFindByHref (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *href</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAUSAGE"><span class="TYPE">xmlSecKeyDataUsage</span></a> usage</code>);</pre>
+<p>Lookups data klass in the list with given <code class="PARAMETER">href</code> and <code class="PARAMETER">usage</code> in <code class="PARAMETER">list</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9453"><span style="white-space: nowrap"><code class="PARAMETER">list</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key data ids list.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9458"><span style="white-space: nowrap"><code class="PARAMETER">href</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired key data klass href.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9463"><span style="white-space: nowrap"><code class="PARAMETER">usage</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired key data usage.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9468"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> key data klass is found and NULL otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAIDLISTFINDBYNAME"></a><h3>xmlSecKeyDataIdListFindByName ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecKeyDataIdListFindByName (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAUSAGE"><span class="TYPE">xmlSecKeyDataUsage</span></a> usage</code>);</pre>
+<p>Lookups data klass in the list with given <code class="PARAMETER">name</code> and <code class="PARAMETER">usage</code> in <code class="PARAMETER">list</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9494"><span style="white-space: nowrap"><code class="PARAMETER">list</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key data ids list.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9499"><span style="white-space: nowrap"><code class="PARAMETER">name</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired key data klass name.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9504"><span style="white-space: nowrap"><code class="PARAMETER">usage</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired key data usage.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9509"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> key data klass is found and NULL otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAIDLISTDEBUGDUMP"></a><h3>xmlSecKeyDataIdListDebugDump ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecKeyDataIdListDebugDump (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+<p>Prints binary key data debug information to <code class="PARAMETER">output</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9530"><span style="white-space: nowrap"><code class="PARAMETER">list</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key data ids list.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9535"><span style="white-space: nowrap"><code class="PARAMETER">output</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to output FILE.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATAIDLISTDEBUGXMLDUMP"></a><h3>xmlSecKeyDataIdListDebugXmlDump ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecKeyDataIdListDebugXmlDump (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+<p>Prints binary key data debug information to <code class="PARAMETER">output</code> in XML format.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9556"><span style="white-space: nowrap"><code class="PARAMETER">list</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key data ids list.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9561"><span style="white-space: nowrap"><code class="PARAMETER">output</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to output FILE.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATABINARYSIZE"></a><h3>xmlSecKeyDataBinarySize</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataBinarySize</pre>
+<p>The binary key data object size.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATABINARYVALUEINITIALIZE"></a><h3>xmlSecKeyDataBinaryValueInitialize ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecKeyDataBinaryValueInitialize (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Initializes key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9584"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to binary key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9589"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATABINARYVALUEDUPLICATE"></a><h3>xmlSecKeyDataBinaryValueDuplicate ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecKeyDataBinaryValueDuplicate (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> dst</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> src</code>);</pre>
+<p>Copies binary key data from <code class="PARAMETER">src</code> to <code class="PARAMETER">dst</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9611"><span style="white-space: nowrap"><code class="PARAMETER">dst</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to destination binary key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9616"><span style="white-space: nowrap"><code class="PARAMETER">src</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to source binary key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9621"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATABINARYVALUEFINALIZE"></a><h3>xmlSecKeyDataBinaryValueFinalize ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecKeyDataBinaryValueFinalize (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Cleans up binary key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN9638"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to binary key data.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATABINARYVALUEXMLREAD"></a><h3>xmlSecKeyDataBinaryValueXmlRead ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecKeyDataBinaryValueXmlRead (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> id</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);</pre>
+<p>Reads binary key data from <code class="PARAMETER">node</code> to the key by base64 decoding the <code class="PARAMETER">node</code> content.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9666"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9671"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to destination key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9676"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to an XML node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9681"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> element processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9687"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATABINARYVALUEXMLWRITE"></a><h3>xmlSecKeyDataBinaryValueXmlWrite ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecKeyDataBinaryValueXmlWrite (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> id</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);</pre>
+<p>Base64 encodes binary key data of klass <code class="PARAMETER">id</code> from the <code class="PARAMETER">key</code> and
+sets to the <code class="PARAMETER">node</code> content.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9716"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9721"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to source key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9726"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to an XML node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9731"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> element processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9737"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATABINARYVALUEBINREAD"></a><h3>xmlSecKeyDataBinaryValueBinRead ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecKeyDataBinaryValueBinRead (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> id</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);</pre>
+<p>Reads binary key data of the klass <code class="PARAMETER">id</code> from <code class="PARAMETER">buf</code> to the <code class="PARAMETER">key</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9769"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9774"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to destination key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9779"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the source binary buffer.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9784"><span style="white-space: nowrap"><code class="PARAMETER">bufSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the source binary buffer size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9789"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> element processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9795"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATABINARYVALUEBINWRITE"></a><h3>xmlSecKeyDataBinaryValueBinWrite ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecKeyDataBinaryValueBinWrite (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATAID"><span class="TYPE">xmlSecKeyDataId</span></gtkdoclink> id</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> **buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> *bufSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);</pre>
+<p>Writes binary key data of klass <code class="PARAMETER">id</code> from the <code class="PARAMETER">key</code> to <code class="PARAMETER">buf</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9827"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9832"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to source key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9837"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the destination binary buffer.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9842"><span style="white-space: nowrap"><code class="PARAMETER">bufSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the destination binary buffer size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9847"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> element processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9853"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATABINARYVALUEDEBUGDUMP"></a><h3>xmlSecKeyDataBinaryValueDebugDump ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecKeyDataBinaryValueDebugDump (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+<p>Prints binary key data debug information to <code class="PARAMETER">output</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9874"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to binary key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9879"><span style="white-space: nowrap"><code class="PARAMETER">output</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to output FILE.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATABINARYVALUEDEBUGXMLDUMP"></a><h3>xmlSecKeyDataBinaryValueDebugXmlDump ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecKeyDataBinaryValueDebugXmlDump
+ (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+<p>Prints binary key data debug information to <code class="PARAMETER">output</code> in XML format.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9900"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to binary key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9905"><span style="white-space: nowrap"><code class="PARAMETER">output</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to output FILE.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATABINARYVALUEGETSIZE"></a><h3>xmlSecKeyDataBinaryValueGetSize ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="RETURNVALUE">xmlSecSize</span></a> xmlSecKeyDataBinaryValueGetSize (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Gets the binary key data size.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9922"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to binary key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9927"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> binary key data size in bits.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATABINARYVALUEGETBUFFER"></a><h3>xmlSecKeyDataBinaryValueGetBuffer ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECBUFFERPTR"><span class="RETURNVALUE">xmlSecBufferPtr</span></gtkdoclink> xmlSecKeyDataBinaryValueGetBuffer (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Gets the binary key data buffer.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9944"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to binary key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9949"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to binary key data buffer.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATABINARYVALUESETBUFFER"></a><h3>xmlSecKeyDataBinaryValueSetBuffer ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecKeyDataBinaryValueSetBuffer (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>);</pre>
+<p>Sets the value of <code class="PARAMETER">data</code> to <code class="PARAMETER">buf</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9974"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to binary key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9979"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to binary buffer.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9984"><span style="white-space: nowrap"><code class="PARAMETER">bufSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the binary buffer size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN9989"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATASTORE"></a><h3>struct xmlSecKeyDataStore</h3>
+<pre class="PROGRAMLISTING">struct xmlSecKeyDataStore {
+ xmlSecKeyDataStoreId id;
+
+ /* for the future */
+ void* reserved0;
+ void* reserved1;
+};</pre>
+<p>The key data store. Key data store holds common key data specific information
+required for key data processing. For example, X509 data store may hold
+information about trusted (root) certificates.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10001"><span style="white-space: nowrap"><gtkdoclink href="XMLSECKEYDATASTOREID"><span class="TYPE">xmlSecKeyDataStoreId</span></gtkdoclink> <code class="STRUCTFIELD">id</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the store id (<gtkdoclink href="XMLSECKEYDATASTOREID"><span class="TYPE">xmlSecKeyDataStoreId</span></gtkdoclink>).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10010"><span style="white-space: nowrap"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *<code class="STRUCTFIELD">reserved0</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>reserved for the future.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10017"><span style="white-space: nowrap"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *<code class="STRUCTFIELD">reserved1</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>reserved for the future.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATASTORECREATE"></a><h3>xmlSecKeyDataStoreCreate ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="RETURNVALUE">xmlSecKeyDataStorePtr</span></a> xmlSecKeyDataStoreCreate (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATASTOREID"><span class="TYPE">xmlSecKeyDataStoreId</span></gtkdoclink> id</code>);</pre>
+<p>Creates new key data store of the specified klass <code class="PARAMETER">id</code>. Caller is responsible
+for freeing returned object with <a href="xmlsec-keysdata.html#XMLSECKEYDATASTOREDESTROY"><span class="TYPE">xmlSecKeyDataStoreDestroy</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10039"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the store id.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10044"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to newly allocated key data store structure
+or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATASTOREDESTROY"></a><h3>xmlSecKeyDataStoreDestroy ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecKeyDataStoreDestroy (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>);</pre>
+<p>Destroys the key data store created with <a href="xmlsec-keysdata.html#XMLSECKEYDATASTORECREATE"><span class="TYPE">xmlSecKeyDataStoreCreate</span></a>
+function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN10063"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to the key data store..</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATASTOREGETNAME"></a><h3>xmlSecKeyDataStoreGetName()</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataStoreGetName(store)</pre>
+<p>Macro. Returns key data store name.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN10075"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to store.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATASTOREISVALID"></a><h3>xmlSecKeyDataStoreIsValid()</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataStoreIsValid(store)</pre>
+<p>Macro. Returns 1 if <code class="PARAMETER">store</code> is not NULL and <code class="PARAMETER">store</code>-&gt;id is not NULL
+or 0 otherwise.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN10089"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to store.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATASTORECHECKID"></a><h3>xmlSecKeyDataStoreCheckId()</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataStoreCheckId(store, storeId)</pre>
+<p>Macro. Returns 1 if <code class="PARAMETER">store</code> is valid and <code class="PARAMETER">store</code>'s id is equal to <code class="PARAMETER">storeId</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10104"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to store.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10109"><span style="white-space: nowrap"><code class="PARAMETER">storeId</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the store Id.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATASTORECHECKSIZE"></a><h3>xmlSecKeyDataStoreCheckSize()</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataStoreCheckSize(store, size)</pre>
+<p>Macro. Returns 1 if <code class="PARAMETER">data</code> is valid and <code class="PARAMETER">stores</code>'s object has at least <code class="PARAMETER">size</code> bytes.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10124"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to store.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10129"><span style="white-space: nowrap"><code class="PARAMETER">size</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the expected size.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATASTOREIDUNKNOWN"></a><h3>xmlSecKeyDataStoreIdUnknown</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataStoreIdUnknown NULL</pre>
+<p>The "unknown" id.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATASTOREINITIALIZEMETHOD"></a><h3>xmlSecKeyDataStoreInitializeMethod ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (*xmlSecKeyDataStoreInitializeMethod)
+ (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>);</pre>
+<p>Key data store specific initialization method.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10152"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data store.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10157"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATASTOREFINALIZEMETHOD"></a><h3>xmlSecKeyDataStoreFinalizeMethod ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> (*xmlSecKeyDataStoreFinalizeMethod) (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>);</pre>
+<p>Key data store specific finalization (destroy) method.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN10174"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data store.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATASTOREKLASS"></a><h3>struct xmlSecKeyDataStoreKlass</h3>
+<pre class="PROGRAMLISTING">struct xmlSecKeyDataStoreKlass {
+ xmlSecSize klassSize;
+ xmlSecSize objSize;
+
+ /* data */
+ const xmlChar* name;
+
+ /* constructors/destructor */
+ xmlSecKeyDataStoreInitializeMethod initialize;
+ xmlSecKeyDataStoreFinalizeMethod finalize;
+
+ /* for the future */
+ void* reserved0;
+ void* reserved1;
+};</pre>
+<p>The data store id (klass).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10186"><span style="white-space: nowrap"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> <code class="STRUCTFIELD">klassSize</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data store klass size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10193"><span style="white-space: nowrap"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> <code class="STRUCTFIELD">objSize</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data store obj size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10200"><span style="white-space: nowrap">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *<code class="STRUCTFIELD">name</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the store's name.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10207"><span style="white-space: nowrap"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTOREINITIALIZEMETHOD"><span class="TYPE">xmlSecKeyDataStoreInitializeMethod</span></a> <code class="STRUCTFIELD">initialize</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the store's initialization method.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10214"><span style="white-space: nowrap"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTOREFINALIZEMETHOD"><span class="TYPE">xmlSecKeyDataStoreFinalizeMethod</span></a> <code class="STRUCTFIELD">finalize</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the store's finalization (destroy) method.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10221"><span style="white-space: nowrap"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *<code class="STRUCTFIELD">reserved0</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>reserved for the future.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN10228"><span style="white-space: nowrap"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *<code class="STRUCTFIELD">reserved1</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>reserved for the future.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATASTOREKLASSGETNAME"></a><h3>xmlSecKeyDataStoreKlassGetName()</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataStoreKlassGetName(klass)</pre>
+<p>Macro. Returns store klass name.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN10242"><span style="white-space: nowrap"><code class="PARAMETER">klass</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to store klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATASTOREPTRLISTID"></a><h3>xmlSecKeyDataStorePtrListId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyDataStorePtrListId xmlSecKeyDataStorePtrListGetKlass()</pre>
+<p>The data store list id (klass).</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYDATASTOREPTRLISTGETKLASS"></a><h3>xmlSecKeyDataStorePtrListGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECPTRLISTID"><span class="RETURNVALUE">xmlSecPtrListId</span></gtkdoclink> xmlSecKeyDataStorePtrListGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Key data stores list.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN10264"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> key data stores list klass.</p></td>
+</tr></tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-keyinfo.html"><b>&lt;&lt;&lt; keyinfo</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-keys.html"><b>keys &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-keysmngr.html b/docs/api/xmlsec-keysmngr.html
new file mode 100644
index 00000000..7111553b
--- /dev/null
+++ b/docs/api/xmlsec-keysmngr.html
@@ -0,0 +1,743 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>keysmngr</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Core Library API Reference." href="xmlsec-ref.html">
+<link rel="PREVIOUS" title="keys" href="xmlsec-keys.html">
+<link rel="NEXT" title="list" href="xmlsec-list.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-keys.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-list.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-KEYSMNGR"></a>keysmngr</h1>
+<div class="REFNAMEDIV">
+<a name="AEN11988"></a><h2>Name</h2>keysmngr -- Keys manager object support.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-KEYSMNGR.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="RETURNVALUE">xmlSecKeysMngrPtr</span></a> <a href="xmlsec-keysmngr.html#XMLSECKEYSMNGRCREATE">xmlSecKeysMngrCreate</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGRDESTROY">xmlSecKeysMngrDestroy</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>);
+<gtkdoclink href="XMLSECKEYPTR"><span class="RETURNVALUE">xmlSecKeyPtr</span></gtkdoclink><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGRFINDKEY">xmlSecKeysMngrFindKey</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGRADOPTKEYSSTORE">xmlSecKeysMngrAdoptKeysStore</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSTORE"><span class="TYPE">xmlSecKeyStorePtr</span></a> store</code>);
+<gtkdoclink href="XMLSECKEYSTOREPTR"><span class="RETURNVALUE">xmlSecKeyStorePtr</span></gtkdoclink><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGRGETKEYSSTORE">xmlSecKeysMngrGetKeysStore</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGRADOPTDATASTORE">xmlSecKeysMngrAdoptDataStore</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>);
+<gtkdoclink href="XMLSECKEYDATASTOREPTR"><span class="RETURNVALUE">xmlSecKeyDataStorePtr</span></gtkdoclink><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGRGETDATASTORE">xmlSecKeysMngrGetDataStore</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATASTOREID"><span class="TYPE">xmlSecKeyDataStoreId</span></gtkdoclink> id</code>);
+<gtkdoclink href="XMLSECKEYPTR"><span class="RETURNVALUE">xmlSecKeyPtr</span></gtkdoclink> (<a href="xmlsec-keysmngr.html#XMLSECGETKEYCALLBACK">*xmlSecGetKeyCallback</a>) (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> keyInfoNode</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);
+struct <a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR">xmlSecKeysMngr</a>;
+<gtkdoclink href="XMLSECKEYPTR"><span class="RETURNVALUE">xmlSecKeyPtr</span></gtkdoclink><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGRGETKEY">xmlSecKeysMngrGetKey</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> keyInfoNode</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);
+struct <a href="xmlsec-keysmngr.html#XMLSECKEYSTORE">xmlSecKeyStore</a>;
+<a href="xmlsec-keysmngr.html#XMLSECKEYSTORE"><span class="RETURNVALUE">xmlSecKeyStorePtr</span></a> <a href="xmlsec-keysmngr.html#XMLSECKEYSTORECREATE">xmlSecKeyStoreCreate</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYSTOREID"><span class="TYPE">xmlSecKeyStoreId</span></gtkdoclink> id</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-keysmngr.html#XMLSECKEYSTOREDESTROY">xmlSecKeyStoreDestroy</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSTORE"><span class="TYPE">xmlSecKeyStorePtr</span></a> store</code>);
+<gtkdoclink href="XMLSECKEYPTR"><span class="RETURNVALUE">xmlSecKeyPtr</span></gtkdoclink><a href="xmlsec-keysmngr.html#XMLSECKEYSTOREFINDKEY">xmlSecKeyStoreFindKey</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSTORE"><span class="TYPE">xmlSecKeyStorePtr</span></a> store</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);
+#define <a href="xmlsec-keysmngr.html#XMLSECKEYSTOREGETNAME">xmlSecKeyStoreGetName</a> (store)
+#define <a href="xmlsec-keysmngr.html#XMLSECKEYSTOREISVALID">xmlSecKeyStoreIsValid</a> (store)
+#define <a href="xmlsec-keysmngr.html#XMLSECKEYSTORECHECKID">xmlSecKeyStoreCheckId</a> (store,
+ storeId)
+#define <a href="xmlsec-keysmngr.html#XMLSECKEYSTORECHECKSIZE">xmlSecKeyStoreCheckSize</a> (store,
+ size)
+#define <a href="xmlsec-keysmngr.html#XMLSECKEYSTOREIDUNKNOWN">xmlSecKeyStoreIdUnknown</a>
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (<a href="xmlsec-keysmngr.html#XMLSECKEYSTOREINITIALIZEMETHOD">*xmlSecKeyStoreInitializeMethod</a>) (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSTORE"><span class="TYPE">xmlSecKeyStorePtr</span></a> store</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> (<a href="xmlsec-keysmngr.html#XMLSECKEYSTOREFINALIZEMETHOD">*xmlSecKeyStoreFinalizeMethod</a>) (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSTORE"><span class="TYPE">xmlSecKeyStorePtr</span></a> store</code>);
+<gtkdoclink href="XMLSECKEYPTR"><span class="RETURNVALUE">xmlSecKeyPtr</span></gtkdoclink> (<a href="xmlsec-keysmngr.html#XMLSECKEYSTOREFINDKEYMETHOD">*xmlSecKeyStoreFindKeyMethod</a>) (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSTORE"><span class="TYPE">xmlSecKeyStorePtr</span></a> store</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);
+struct <a href="xmlsec-keysmngr.html#XMLSECKEYSTOREKLASS">xmlSecKeyStoreKlass</a>;
+#define <a href="xmlsec-keysmngr.html#XMLSECKEYSTOREKLASSGETNAME">xmlSecKeyStoreKlassGetName</a> (klass)
+#define <a href="xmlsec-keysmngr.html#XMLSECSIMPLEKEYSSTOREID">xmlSecSimpleKeysStoreId</a>
+<gtkdoclink href="XMLSECKEYSTOREID"><span class="RETURNVALUE">xmlSecKeyStoreId</span></gtkdoclink><a href="xmlsec-keysmngr.html#XMLSECSIMPLEKEYSSTOREGETKLASS">xmlSecSimpleKeysStoreGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keysmngr.html#XMLSECSIMPLEKEYSSTOREADOPTKEY">xmlSecSimpleKeysStoreAdoptKey</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSTORE"><span class="TYPE">xmlSecKeyStorePtr</span></a> store</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keysmngr.html#XMLSECSIMPLEKEYSSTORELOAD">xmlSecSimpleKeysStoreLoad</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSTORE"><span class="TYPE">xmlSecKeyStorePtr</span></a> store</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *uri</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> keysMngr</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-keysmngr.html#XMLSECSIMPLEKEYSSTORESAVE">xmlSecSimpleKeysStoreSave</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSTORE"><span class="TYPE">xmlSecKeyStorePtr</span></a> store</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);
+<gtkdoclink href="XMLSECPTRLISTPTR"><span class="RETURNVALUE">xmlSecPtrListPtr</span></gtkdoclink><a href="xmlsec-keysmngr.html#XMLSECSIMPLEKEYSSTOREGETKEYS">xmlSecSimpleKeysStoreGetKeys</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSTORE"><span class="TYPE">xmlSecKeyStorePtr</span></a> store</code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-KEYSMNGR.DESCRIPTION"></a><h2>Description</h2>
+<p>Keys manager object support.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-KEYSMNGR.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECKEYSMNGRCREATE"></a><h3>xmlSecKeysMngrCreate ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="RETURNVALUE">xmlSecKeysMngrPtr</span></a> xmlSecKeysMngrCreate (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Creates new keys manager. Caller is responsible for freeing it with
+<a href="xmlsec-keysmngr.html#XMLSECKEYSMNGRDESTROY"><span class="TYPE">xmlSecKeysMngrDestroy</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN12188"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to newly allocated keys manager or NULL if
+an error occurs.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYSMNGRDESTROY"></a><h3>xmlSecKeysMngrDestroy ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecKeysMngrDestroy (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>);</pre>
+<p>Destroys keys manager created with <a href="xmlsec-keysmngr.html#XMLSECKEYSMNGRCREATE"><span class="TYPE">xmlSecKeysMngrCreate</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN12207"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYSMNGRFINDKEY"></a><h3>xmlSecKeysMngrFindKey ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYPTR"><span class="RETURNVALUE">xmlSecKeyPtr</span></gtkdoclink> xmlSecKeysMngrFindKey (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);</pre>
+<p>Lookups key in the keys manager keys store. The caller is responsible
+for destroying the returned key using <a href="xmlsec-keys.html#XMLSECKEYDESTROY"><span class="TYPE">xmlSecKeyDestroy</span></a> method.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12232"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12237"><span style="white-space: nowrap"><code class="PARAMETER">name</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired key name.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12242"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12248"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to a key or NULL if key is not found or an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYSMNGRADOPTKEYSSTORE"></a><h3>xmlSecKeysMngrAdoptKeysStore ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecKeysMngrAdoptKeysStore (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSTORE"><span class="TYPE">xmlSecKeyStorePtr</span></a> store</code>);</pre>
+<p>Adopts keys store in the keys manager <code class="PARAMETER">mngr</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12269"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12274"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys store.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12279"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYSMNGRGETKEYSSTORE"></a><h3>xmlSecKeysMngrGetKeysStore ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYSTOREPTR"><span class="RETURNVALUE">xmlSecKeyStorePtr</span></gtkdoclink> xmlSecKeysMngrGetKeysStore (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>);</pre>
+<p>Gets the keys store.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12296"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12301"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the keys store in the keys manager <code class="PARAMETER">mngr</code> or NULL if
+there is no store or an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYSMNGRADOPTDATASTORE"></a><h3>xmlSecKeysMngrAdoptDataStore ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecKeysMngrAdoptDataStore (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>);</pre>
+<p>Adopts data store in the keys manager.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12322"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12327"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to data store.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12332"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYSMNGRGETDATASTORE"></a><h3>xmlSecKeysMngrGetDataStore ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATASTOREPTR"><span class="RETURNVALUE">xmlSecKeyDataStorePtr</span></gtkdoclink> xmlSecKeysMngrGetDataStore (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECKEYDATASTOREID"><span class="TYPE">xmlSecKeyDataStoreId</span></gtkdoclink> id</code>);</pre>
+<p>Lookups the data store of given klass <code class="PARAMETER">id</code> in the keys manager.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12353"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12358"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired data store klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12363"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to data store or NULL if it is not found or an error
+occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGETKEYCALLBACK"></a><h3>xmlSecGetKeyCallback ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYPTR"><span class="RETURNVALUE">xmlSecKeyPtr</span></gtkdoclink> (*xmlSecGetKeyCallback) (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> keyInfoNode</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);</pre>
+<p>Reads the <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node <code class="PARAMETER">keyInfoNode</code> and extracts the key.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12385"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12391"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12397"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to key or NULL if the key is not found or
+an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYSMNGR"></a><h3>struct xmlSecKeysMngr</h3>
+<pre class="PROGRAMLISTING">struct xmlSecKeysMngr {
+ xmlSecKeyStorePtr keysStore;
+ xmlSecPtrList storesList;
+ xmlSecGetKeyCallback getKey;
+};</pre>
+<p>The keys manager structure.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12409"><span style="white-space: nowrap"><a href="xmlsec-keysmngr.html#XMLSECKEYSTORE"><span class="TYPE">xmlSecKeyStorePtr</span></a> <code class="STRUCTFIELD">keysStore</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key store (list of keys known to keys manager).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12416"><span style="white-space: nowrap"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrList</span></a> <code class="STRUCTFIELD">storesList</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the list of key data stores known to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12423"><span style="white-space: nowrap"><a href="xmlsec-keysmngr.html#XMLSECGETKEYCALLBACK"><span class="TYPE">xmlSecGetKeyCallback</span></a> <code class="STRUCTFIELD">getKey</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the callback used to read <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYSMNGRGETKEY"></a><h3>xmlSecKeysMngrGetKey ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYPTR"><span class="RETURNVALUE">xmlSecKeyPtr</span></gtkdoclink> xmlSecKeysMngrGetKey (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> keyInfoNode</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);</pre>
+<p>Reads the <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node <code class="PARAMETER">keyInfoNode</code> and extracts the key.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12448"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12454"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12460"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to key or NULL if the key is not found or
+an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYSTORE"></a><h3>struct xmlSecKeyStore</h3>
+<pre class="PROGRAMLISTING">struct xmlSecKeyStore {
+ xmlSecKeyStoreId id;
+
+ /* for the future */
+ void* reserved0;
+ void* reserved1;
+};</pre>
+<p>The keys store.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12472"><span style="white-space: nowrap"><gtkdoclink href="XMLSECKEYSTOREID"><span class="TYPE">xmlSecKeyStoreId</span></gtkdoclink> <code class="STRUCTFIELD">id</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the store id (<gtkdoclink href="XMLSECKEYSTOREID"><span class="TYPE">xmlSecKeyStoreId</span></gtkdoclink>).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12481"><span style="white-space: nowrap"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *<code class="STRUCTFIELD">reserved0</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>reserved for the future.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12488"><span style="white-space: nowrap"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *<code class="STRUCTFIELD">reserved1</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>reserved for the future.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYSTORECREATE"></a><h3>xmlSecKeyStoreCreate ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keysmngr.html#XMLSECKEYSTORE"><span class="RETURNVALUE">xmlSecKeyStorePtr</span></a> xmlSecKeyStoreCreate (<code class="PARAMETER"><gtkdoclink href="XMLSECKEYSTOREID"><span class="TYPE">xmlSecKeyStoreId</span></gtkdoclink> id</code>);</pre>
+<p>Creates new store of the specified klass <code class="PARAMETER">klass</code>. Caller is responsible
+for freeing the returned store by calling <a href="xmlsec-keysmngr.html#XMLSECKEYSTOREDESTROY"><span class="TYPE">xmlSecKeyStoreDestroy</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12510"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key store klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12515"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to newly allocated keys store or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYSTOREDESTROY"></a><h3>xmlSecKeyStoreDestroy ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecKeyStoreDestroy (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSTORE"><span class="TYPE">xmlSecKeyStorePtr</span></a> store</code>);</pre>
+<p>Destroys the store created with <a href="xmlsec-keysmngr.html#XMLSECKEYSTORECREATE"><span class="TYPE">xmlSecKeyStoreCreate</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN12534"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys store.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYSTOREFINDKEY"></a><h3>xmlSecKeyStoreFindKey ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYPTR"><span class="RETURNVALUE">xmlSecKeyPtr</span></gtkdoclink> xmlSecKeyStoreFindKey (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSTORE"><span class="TYPE">xmlSecKeyStorePtr</span></a> store</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);</pre>
+<p>Lookups key in the store. The caller is responsible for destroying
+the returned key using <a href="xmlsec-keys.html#XMLSECKEYDESTROY"><span class="TYPE">xmlSecKeyDestroy</span></a> method.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12559"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys store.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12564"><span style="white-space: nowrap"><code class="PARAMETER">name</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired key name.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12569"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12575"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to a key or NULL if key is not found or an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYSTOREGETNAME"></a><h3>xmlSecKeyStoreGetName()</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyStoreGetName(store)</pre>
+<p>Macro. Returns key store name.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN12587"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to store.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYSTOREISVALID"></a><h3>xmlSecKeyStoreIsValid()</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyStoreIsValid(store)</pre>
+<p>Macro. Returns 1 if <code class="PARAMETER">store</code> is not NULL and <code class="PARAMETER">store</code>-&gt;id is not NULL
+or 0 otherwise.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN12601"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to store.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYSTORECHECKID"></a><h3>xmlSecKeyStoreCheckId()</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyStoreCheckId(store, storeId)</pre>
+<p>Macro. Returns 1 if <code class="PARAMETER">store</code> is valid and <code class="PARAMETER">store</code>'s id is equal to <code class="PARAMETER">storeId</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12616"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to store.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12621"><span style="white-space: nowrap"><code class="PARAMETER">storeId</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the store Id.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYSTORECHECKSIZE"></a><h3>xmlSecKeyStoreCheckSize()</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyStoreCheckSize(store, size)</pre>
+<p>Macro. Returns 1 if <code class="PARAMETER">store</code> is valid and <code class="PARAMETER">stores</code>'s object has at least <code class="PARAMETER">size</code> bytes.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12636"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to store.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12641"><span style="white-space: nowrap"><code class="PARAMETER">size</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the expected size.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYSTOREIDUNKNOWN"></a><h3>xmlSecKeyStoreIdUnknown</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyStoreIdUnknown ((xmlSecKeyDataStoreId)NULL)</pre>
+<p>The "unknown" id.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYSTOREINITIALIZEMETHOD"></a><h3>xmlSecKeyStoreInitializeMethod ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (*xmlSecKeyStoreInitializeMethod) (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSTORE"><span class="TYPE">xmlSecKeyStorePtr</span></a> store</code>);</pre>
+<p>Keys store specific initialization method.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12664"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the store.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12669"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYSTOREFINALIZEMETHOD"></a><h3>xmlSecKeyStoreFinalizeMethod ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> (*xmlSecKeyStoreFinalizeMethod) (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSTORE"><span class="TYPE">xmlSecKeyStorePtr</span></a> store</code>);</pre>
+<p>Keys store specific finalization (destroy) method.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN12686"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the store.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYSTOREFINDKEYMETHOD"></a><h3>xmlSecKeyStoreFindKeyMethod ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYPTR"><span class="RETURNVALUE">xmlSecKeyPtr</span></gtkdoclink> (*xmlSecKeyStoreFindKeyMethod) (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSTORE"><span class="TYPE">xmlSecKeyStorePtr</span></a> store</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);</pre>
+<p>Keys store specific find method. The caller is responsible for destroying
+the returned key using <a href="xmlsec-keys.html#XMLSECKEYDESTROY"><span class="TYPE">xmlSecKeyDestroy</span></a> method.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12711"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the store.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12716"><span style="white-space: nowrap"><code class="PARAMETER">name</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired key name.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12721"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key info context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12726"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to a key or NULL if key is not found or an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYSTOREKLASS"></a><h3>struct xmlSecKeyStoreKlass</h3>
+<pre class="PROGRAMLISTING">struct xmlSecKeyStoreKlass {
+ xmlSecSize klassSize;
+ xmlSecSize objSize;
+
+ /* data */
+ const xmlChar* name;
+
+ /* constructors/destructor */
+ xmlSecKeyStoreInitializeMethod initialize;
+ xmlSecKeyStoreFinalizeMethod finalize;
+ xmlSecKeyStoreFindKeyMethod findKey;
+
+ /* for the future */
+ void* reserved0;
+ void* reserved1;
+};</pre>
+<p>The keys store id (klass).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12738"><span style="white-space: nowrap"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> <code class="STRUCTFIELD">klassSize</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the store klass size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12745"><span style="white-space: nowrap"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> <code class="STRUCTFIELD">objSize</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the store obj size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12752"><span style="white-space: nowrap">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *<code class="STRUCTFIELD">name</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the store's name.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12759"><span style="white-space: nowrap"><a href="xmlsec-keysmngr.html#XMLSECKEYSTOREINITIALIZEMETHOD"><span class="TYPE">xmlSecKeyStoreInitializeMethod</span></a> <code class="STRUCTFIELD">initialize</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the store's initialization method.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12766"><span style="white-space: nowrap"><a href="xmlsec-keysmngr.html#XMLSECKEYSTOREFINALIZEMETHOD"><span class="TYPE">xmlSecKeyStoreFinalizeMethod</span></a> <code class="STRUCTFIELD">finalize</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the store's finalization (destroy) method.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12773"><span style="white-space: nowrap"><a href="xmlsec-keysmngr.html#XMLSECKEYSTOREFINDKEYMETHOD"><span class="TYPE">xmlSecKeyStoreFindKeyMethod</span></a> <code class="STRUCTFIELD">findKey</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the store's find method.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12780"><span style="white-space: nowrap"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *<code class="STRUCTFIELD">reserved0</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>reserved for the future.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12787"><span style="white-space: nowrap"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *<code class="STRUCTFIELD">reserved1</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>reserved for the future.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECKEYSTOREKLASSGETNAME"></a><h3>xmlSecKeyStoreKlassGetName()</h3>
+<pre class="PROGRAMLISTING">#define xmlSecKeyStoreKlassGetName(klass)</pre>
+<p>Macro. Returns store klass name.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN12801"><span style="white-space: nowrap"><code class="PARAMETER">klass</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to store klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECSIMPLEKEYSSTOREID"></a><h3>xmlSecSimpleKeysStoreId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecSimpleKeysStoreId xmlSecSimpleKeysStoreGetKlass()</pre>
+<p>A simple keys store klass id.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECSIMPLEKEYSSTOREGETKLASS"></a><h3>xmlSecSimpleKeysStoreGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYSTOREID"><span class="RETURNVALUE">xmlSecKeyStoreId</span></gtkdoclink> xmlSecSimpleKeysStoreGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The simple list based keys store klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN12823"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> simple list based keys store klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECSIMPLEKEYSSTOREADOPTKEY"></a><h3>xmlSecSimpleKeysStoreAdoptKey ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecSimpleKeysStoreAdoptKey (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSTORE"><span class="TYPE">xmlSecKeyStorePtr</span></a> store</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);</pre>
+<p>Adds <code class="PARAMETER">key</code> to the <code class="PARAMETER">store</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12845"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to simple keys store.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12850"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12855"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECSIMPLEKEYSSTORELOAD"></a><h3>xmlSecSimpleKeysStoreLoad ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecSimpleKeysStoreLoad (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSTORE"><span class="TYPE">xmlSecKeyStorePtr</span></a> store</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *uri</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> keysMngr</code>);</pre>
+<p>Reads keys from an XML file.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12878"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to simple keys store.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12883"><span style="white-space: nowrap"><code class="PARAMETER">uri</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the filename.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12888"><span style="white-space: nowrap"><code class="PARAMETER">keysMngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to associated keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12893"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECSIMPLEKEYSSTORESAVE"></a><h3>xmlSecSimpleKeysStoreSave ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecSimpleKeysStoreSave (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSTORE"><span class="TYPE">xmlSecKeyStorePtr</span></a> store</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);</pre>
+<p>Writes keys from <code class="PARAMETER">store</code> to an XML file.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12917"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to simple keys store.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12922"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the filename.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12927"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the saved keys type (public, private, ...).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12932"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECSIMPLEKEYSSTOREGETKEYS"></a><h3>xmlSecSimpleKeysStoreGetKeys ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECPTRLISTPTR"><span class="RETURNVALUE">xmlSecPtrListPtr</span></gtkdoclink> xmlSecSimpleKeysStoreGetKeys (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSTORE"><span class="TYPE">xmlSecKeyStorePtr</span></a> store</code>);</pre>
+<p>Gets list of keys from simple keys store.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12949"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to simple keys store.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN12954"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the list of keys stored in the keys store or NULL
+if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-keys.html"><b>&lt;&lt;&lt; keys</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-list.html"><b>list &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-list.html b/docs/api/xmlsec-list.html
new file mode 100644
index 00000000..7f307fe5
--- /dev/null
+++ b/docs/api/xmlsec-list.html
@@ -0,0 +1,643 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>list</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Core Library API Reference." href="xmlsec-ref.html">
+<link rel="PREVIOUS" title="keysmngr" href="xmlsec-keysmngr.html">
+<link rel="NEXT" title="membuf" href="xmlsec-membuf.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-keysmngr.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-membuf.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-LIST"></a>list</h1>
+<div class="REFNAMEDIV">
+<a name="AEN12964"></a><h2>Name</h2>list -- Generic list structure implementation.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-LIST.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS">struct <a href="xmlsec-list.html#XMLSECPTRLIST">xmlSecPtrList</a>;
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-list.html#XMLSECPTRLISTSETDEFAULTALLOCMODE">xmlSecPtrListSetDefaultAllocMode</a> (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECALLOCMODE"><span class="TYPE">xmlSecAllocMode</span></a> defAllocMode</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> defInitialSize</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-list.html#XMLSECPTRLISTINITIALIZE">xmlSecPtrListInitialize</a> (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECPTRLISTID"><span class="TYPE">xmlSecPtrListId</span></gtkdoclink> id</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-list.html#XMLSECPTRLISTFINALIZE">xmlSecPtrListFinalize</a> (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>);
+<a href="xmlsec-list.html#XMLSECPTRLIST"><span class="RETURNVALUE">xmlSecPtrListPtr</span></a> <a href="xmlsec-list.html#XMLSECPTRLISTCREATE">xmlSecPtrListCreate</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECPTRLISTID"><span class="TYPE">xmlSecPtrListId</span></gtkdoclink> id</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-list.html#XMLSECPTRLISTDESTROY">xmlSecPtrListDestroy</a> (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-list.html#XMLSECPTRLISTEMPTY">xmlSecPtrListEmpty</a> (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-list.html#XMLSECPTRLISTCOPY">xmlSecPtrListCopy</a> (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> dst</code>,
+ <code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> src</code>);
+<gtkdoclink href="XMLSECPTRLISTPTR"><span class="RETURNVALUE">xmlSecPtrListPtr</span></gtkdoclink><a href="xmlsec-list.html#XMLSECPTRLISTDUPLICATE">xmlSecPtrListDuplicate</a> (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>);
+<a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="RETURNVALUE">xmlSecSize</span></a> <a href="xmlsec-list.html#XMLSECPTRLISTGETSIZE">xmlSecPtrListGetSize</a> (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>);
+<a href="xmlsec-xmlsec.html#XMLSECPTR"><span class="RETURNVALUE">xmlSecPtr</span></a> <a href="xmlsec-list.html#XMLSECPTRLISTGETITEM">xmlSecPtrListGetItem</a> (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> pos</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-list.html#XMLSECPTRLISTADD">xmlSecPtrListAdd</a> (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSEC"><span class="TYPE">xmlSecPtr</span></gtkdoclink> item</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-list.html#XMLSECPTRLISTSET">xmlSecPtrListSet</a> (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSEC"><span class="TYPE">xmlSecPtr</span></gtkdoclink> item</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> pos</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-list.html#XMLSECPTRLISTREMOVE">xmlSecPtrListRemove</a> (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> pos</code>);
+<a href="xmlsec-xmlsec.html#XMLSECPTR"><span class="RETURNVALUE">xmlSecPtr</span></a> <a href="xmlsec-list.html#XMLSECPTRLISTREMOVEANDRETURN">xmlSecPtrListRemoveAndReturn</a> (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> pos</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-list.html#XMLSECPTRLISTDEBUGDUMP">xmlSecPtrListDebugDump</a> (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-list.html#XMLSECPTRLISTDEBUGXMLDUMP">xmlSecPtrListDebugXmlDump</a> (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);
+#define <a href="xmlsec-list.html#XMLSECPTRLISTGETNAME">xmlSecPtrListGetName</a> (list)
+#define <a href="xmlsec-list.html#XMLSECPTRLISTISVALID">xmlSecPtrListIsValid</a> (list)
+#define <a href="xmlsec-list.html#XMLSECPTRLISTCHECKID">xmlSecPtrListCheckId</a> (list,
+ dataId)
+#define <a href="xmlsec-list.html#XMLSECPTRLISTIDUNKNOWN">xmlSecPtrListIdUnknown</a>
+<a href="xmlsec-xmlsec.html#XMLSECPTR"><span class="RETURNVALUE">xmlSecPtr</span></a> (<a href="xmlsec-list.html#XMLSECPTRDUPLICATEITEMMETHOD">*xmlSecPtrDuplicateItemMethod</a>) (<code class="PARAMETER"><gtkdoclink href="XMLSEC"><span class="TYPE">xmlSecPtr</span></gtkdoclink> ptr</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> (<a href="xmlsec-list.html#XMLSECPTRDESTROYITEMMETHOD">*xmlSecPtrDestroyItemMethod</a>) (<code class="PARAMETER"><gtkdoclink href="XMLSEC"><span class="TYPE">xmlSecPtr</span></gtkdoclink> ptr</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> (<a href="xmlsec-list.html#XMLSECPTRDEBUGDUMPITEMMETHOD">*xmlSecPtrDebugDumpItemMethod</a>) (<code class="PARAMETER"><gtkdoclink href="XMLSEC"><span class="TYPE">xmlSecPtr</span></gtkdoclink> ptr</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);
+struct <a href="xmlsec-list.html#XMLSECPTRLISTKLASS">xmlSecPtrListKlass</a>;
+#define <a href="xmlsec-list.html#XMLSECPTRLISTKLASSGETNAME">xmlSecPtrListKlassGetName</a> (klass)
+#define <a href="xmlsec-list.html#XMLSECSTRINGLISTID">xmlSecStringListId</a>
+<gtkdoclink href="XMLSECPTRLISTID"><span class="RETURNVALUE">xmlSecPtrListId</span></gtkdoclink><a href="xmlsec-list.html#XMLSECSTRINGLISTGETKLASS">xmlSecStringListGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-LIST.DESCRIPTION"></a><h2>Description</h2>
+<p>Generic list structure implementation.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-LIST.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECPTRLIST"></a><h3>struct xmlSecPtrList</h3>
+<pre class="PROGRAMLISTING">struct xmlSecPtrList {
+ xmlSecPtrListId id;
+
+ xmlSecPtr* data;
+ xmlSecSize use;
+ xmlSecSize max;
+ xmlSecAllocMode allocMode;
+};</pre>
+<p>The pointers list.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13145"><span style="white-space: nowrap"><gtkdoclink href="XMLSECPTRLISTID"><span class="TYPE">xmlSecPtrListId</span></gtkdoclink> <code class="STRUCTFIELD">id</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the list items description.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13152"><span style="white-space: nowrap"><gtkdoclink href="XMLSEC"><span class="TYPE">xmlSecPtr</span></gtkdoclink> *<code class="STRUCTFIELD">data</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the list data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13159"><span style="white-space: nowrap"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> <code class="STRUCTFIELD">use</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the current list size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13166"><span style="white-space: nowrap"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> <code class="STRUCTFIELD">max</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the max (allocated) list size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13173"><span style="white-space: nowrap"><a href="xmlsec-buffer.html#XMLSECALLOCMODE"><span class="TYPE">xmlSecAllocMode</span></a> <code class="STRUCTFIELD">allocMode</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the memory allocation mode.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECPTRLISTSETDEFAULTALLOCMODE"></a><h3>xmlSecPtrListSetDefaultAllocMode ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecPtrListSetDefaultAllocMode (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECALLOCMODE"><span class="TYPE">xmlSecAllocMode</span></a> defAllocMode</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> defInitialSize</code>);</pre>
+<p>Sets new default allocation mode and minimal initial list size.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13195"><span style="white-space: nowrap"><code class="PARAMETER">defAllocMode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new default memory allocation mode.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13200"><span style="white-space: nowrap"><code class="PARAMETER">defInitialSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new default minimal initial size.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECPTRLISTINITIALIZE"></a><h3>xmlSecPtrListInitialize ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecPtrListInitialize (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECPTRLISTID"><span class="TYPE">xmlSecPtrListId</span></gtkdoclink> id</code>);</pre>
+<p>Initializes the list of given klass. Caller is responsible
+for cleaning up by calling <a href="xmlsec-list.html#XMLSECPTRLISTFINALIZE"><span class="TYPE">xmlSecPtrListFinalize</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13222"><span style="white-space: nowrap"><code class="PARAMETER">list</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to list.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13227"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the list klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13232"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECPTRLISTFINALIZE"></a><h3>xmlSecPtrListFinalize ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecPtrListFinalize (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>);</pre>
+<p>Cleans up the list initialized with <a href="xmlsec-list.html#XMLSECPTRLISTINITIALIZE"><span class="TYPE">xmlSecPtrListInitialize</span></a>
+function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN13251"><span style="white-space: nowrap"><code class="PARAMETER">list</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to list.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECPTRLISTCREATE"></a><h3>xmlSecPtrListCreate ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="RETURNVALUE">xmlSecPtrListPtr</span></a> xmlSecPtrListCreate (<code class="PARAMETER"><gtkdoclink href="XMLSECPTRLISTID"><span class="TYPE">xmlSecPtrListId</span></gtkdoclink> id</code>);</pre>
+<p>Creates new list object. Caller is responsible for freeing returned list
+by calling <a href="xmlsec-list.html#XMLSECPTRLISTDESTROY"><span class="TYPE">xmlSecPtrListDestroy</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13270"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the list klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13275"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to newly allocated list or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECPTRLISTDESTROY"></a><h3>xmlSecPtrListDestroy ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecPtrListDestroy (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>);</pre>
+<p>Destroys <code class="PARAMETER">list</code> created with <a href="xmlsec-list.html#XMLSECPTRLISTCREATE"><span class="TYPE">xmlSecPtrListCreate</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN13295"><span style="white-space: nowrap"><code class="PARAMETER">list</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to list.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECPTRLISTEMPTY"></a><h3>xmlSecPtrListEmpty ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecPtrListEmpty (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>);</pre>
+<p>Remove all items from <code class="PARAMETER">list</code> (if any).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN13313"><span style="white-space: nowrap"><code class="PARAMETER">list</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to list.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECPTRLISTCOPY"></a><h3>xmlSecPtrListCopy ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecPtrListCopy (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> dst</code>,
+ <code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> src</code>);</pre>
+<p>Copies <code class="PARAMETER">src</code> list items to <code class="PARAMETER">dst</code> list using <gtkdoclink href="DUPLICATEITEM"><span class="TYPE">duplicateItem</span></gtkdoclink> method
+of the list klass. If <gtkdoclink href="DUPLICATEITEM"><span class="TYPE">duplicateItem</span></gtkdoclink> method is NULL then
+we jsut copy pointers to items.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13339"><span style="white-space: nowrap"><code class="PARAMETER">dst</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to destination list.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13344"><span style="white-space: nowrap"><code class="PARAMETER">src</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to source list.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13349"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECPTRLISTDUPLICATE"></a><h3>xmlSecPtrListDuplicate ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECPTRLISTPTR"><span class="RETURNVALUE">xmlSecPtrListPtr</span></gtkdoclink> xmlSecPtrListDuplicate (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>);</pre>
+<p>Creates a new copy of <code class="PARAMETER">list</code> and all its items.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13367"><span style="white-space: nowrap"><code class="PARAMETER">list</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to list.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13372"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to newly allocated list or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECPTRLISTGETSIZE"></a><h3>xmlSecPtrListGetSize ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="RETURNVALUE">xmlSecSize</span></a> xmlSecPtrListGetSize (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>);</pre>
+<p>Gets list size.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13389"><span style="white-space: nowrap"><code class="PARAMETER">list</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to list.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13394"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the number of itmes in <code class="PARAMETER">list</code>.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECPTRLISTGETITEM"></a><h3>xmlSecPtrListGetItem ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-xmlsec.html#XMLSECPTR"><span class="RETURNVALUE">xmlSecPtr</span></a> xmlSecPtrListGetItem (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> pos</code>);</pre>
+<p>Gets item from the list.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13415"><span style="white-space: nowrap"><code class="PARAMETER">list</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to list.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13420"><span style="white-space: nowrap"><code class="PARAMETER">pos</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the item position.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13425"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the list item at position <code class="PARAMETER">pos</code> or NULL if <code class="PARAMETER">pos</code> is greater
+than the number of items in the list or an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECPTRLISTADD"></a><h3>xmlSecPtrListAdd ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecPtrListAdd (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSEC"><span class="TYPE">xmlSecPtr</span></gtkdoclink> item</code>);</pre>
+<p>Adds <code class="PARAMETER">item</code> to the end of the <code class="PARAMETER">list</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13449"><span style="white-space: nowrap"><code class="PARAMETER">list</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to list.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13454"><span style="white-space: nowrap"><code class="PARAMETER">item</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the item.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13459"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECPTRLISTSET"></a><h3>xmlSecPtrListSet ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecPtrListSet (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSEC"><span class="TYPE">xmlSecPtr</span></gtkdoclink> item</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> pos</code>);</pre>
+<p>Sets the value of list item at position <code class="PARAMETER">pos</code>. The old value
+is destroyed.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13483"><span style="white-space: nowrap"><code class="PARAMETER">list</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to list.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13488"><span style="white-space: nowrap"><code class="PARAMETER">item</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the item.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13493"><span style="white-space: nowrap"><code class="PARAMETER">pos</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pos.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13498"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECPTRLISTREMOVE"></a><h3>xmlSecPtrListRemove ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecPtrListRemove (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> pos</code>);</pre>
+<p>Destroys list item at the position <code class="PARAMETER">pos</code> and sets it value to NULL.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13519"><span style="white-space: nowrap"><code class="PARAMETER">list</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to list.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13524"><span style="white-space: nowrap"><code class="PARAMETER">pos</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the position.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13529"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECPTRLISTREMOVEANDRETURN"></a><h3>xmlSecPtrListRemoveAndReturn ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-xmlsec.html#XMLSECPTR"><span class="RETURNVALUE">xmlSecPtr</span></a> xmlSecPtrListRemoveAndReturn (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> pos</code>);</pre>
+<p>Remove the list item at the position <code class="PARAMETER">pos</code> and return it back.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13550"><span style="white-space: nowrap"><code class="PARAMETER">list</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to list.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13555"><span style="white-space: nowrap"><code class="PARAMETER">pos</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the position.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13560"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to the list item.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECPTRLISTDEBUGDUMP"></a><h3>xmlSecPtrListDebugDump ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecPtrListDebugDump (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+<p>Prints debug information about <code class="PARAMETER">list</code> to the <code class="PARAMETER">output</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13582"><span style="white-space: nowrap"><code class="PARAMETER">list</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to list.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13587"><span style="white-space: nowrap"><code class="PARAMETER">output</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to output FILE.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECPTRLISTDEBUGXMLDUMP"></a><h3>xmlSecPtrListDebugXmlDump ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecPtrListDebugXmlDump (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+<p>Prints debug information about <code class="PARAMETER">list</code> to the <code class="PARAMETER">output</code> in XML format.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13609"><span style="white-space: nowrap"><code class="PARAMETER">list</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to list.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13614"><span style="white-space: nowrap"><code class="PARAMETER">output</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to output FILE.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECPTRLISTGETNAME"></a><h3>xmlSecPtrListGetName()</h3>
+<pre class="PROGRAMLISTING">#define xmlSecPtrListGetName(list)</pre>
+<p>Macro. Returns lists's name.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN13626"><span style="white-space: nowrap"><code class="PARAMETER">list</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the ponter to list.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECPTRLISTISVALID"></a><h3>xmlSecPtrListIsValid()</h3>
+<pre class="PROGRAMLISTING">#define xmlSecPtrListIsValid(list)</pre>
+<p>Macro. Returns 1 if <code class="PARAMETER">list</code> is not NULL and <code class="PARAMETER">list</code>-&gt;id is not NULL
+or 0 otherwise.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN13640"><span style="white-space: nowrap"><code class="PARAMETER">list</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to list.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECPTRLISTCHECKID"></a><h3>xmlSecPtrListCheckId()</h3>
+<pre class="PROGRAMLISTING">#define xmlSecPtrListCheckId(list, dataId)</pre>
+<p>Macro. Returns 1 if <code class="PARAMETER">list</code> is valid and <code class="PARAMETER">list</code>'s id is equal to <code class="PARAMETER">dataId</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13655"><span style="white-space: nowrap"><code class="PARAMETER">list</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to list.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13660"><span style="white-space: nowrap"><code class="PARAMETER">dataId</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the list Id.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECPTRLISTIDUNKNOWN"></a><h3>xmlSecPtrListIdUnknown</h3>
+<pre class="PROGRAMLISTING">#define xmlSecPtrListIdUnknown NULL</pre>
+<p>The "unknown" id.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECPTRDUPLICATEITEMMETHOD"></a><h3>xmlSecPtrDuplicateItemMethod ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-xmlsec.html#XMLSECPTR"><span class="RETURNVALUE">xmlSecPtr</span></a> (*xmlSecPtrDuplicateItemMethod) (<code class="PARAMETER"><gtkdoclink href="XMLSEC"><span class="TYPE">xmlSecPtr</span></gtkdoclink> ptr</code>);</pre>
+<p>Duplicates item <code class="PARAMETER">ptr</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13684"><span style="white-space: nowrap"><code class="PARAMETER">ptr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the poinetr to list item.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13689"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to new item copy or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECPTRDESTROYITEMMETHOD"></a><h3>xmlSecPtrDestroyItemMethod ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> (*xmlSecPtrDestroyItemMethod) (<code class="PARAMETER"><gtkdoclink href="XMLSEC"><span class="TYPE">xmlSecPtr</span></gtkdoclink> ptr</code>);</pre>
+<p>Destroys list item <code class="PARAMETER">ptr</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN13707"><span style="white-space: nowrap"><code class="PARAMETER">ptr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the poinetr to list item.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECPTRDEBUGDUMPITEMMETHOD"></a><h3>xmlSecPtrDebugDumpItemMethod ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> (*xmlSecPtrDebugDumpItemMethod) (<code class="PARAMETER"><gtkdoclink href="XMLSEC"><span class="TYPE">xmlSecPtr</span></gtkdoclink> ptr</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+<p>Prints debug information about <code class="PARAMETER">item</code> to <code class="PARAMETER">output</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13729"><span style="white-space: nowrap"><code class="PARAMETER">ptr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the poinetr to list item.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13734"><span style="white-space: nowrap"><code class="PARAMETER">output</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the output FILE.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECPTRLISTKLASS"></a><h3>struct xmlSecPtrListKlass</h3>
+<pre class="PROGRAMLISTING">struct xmlSecPtrListKlass {
+ const xmlChar* name;
+ xmlSecPtrDuplicateItemMethod duplicateItem;
+ xmlSecPtrDestroyItemMethod destroyItem;
+ xmlSecPtrDebugDumpItemMethod debugDumpItem;
+ xmlSecPtrDebugDumpItemMethod debugXmlDumpItem;
+};</pre>
+<p>List klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13746"><span style="white-space: nowrap">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *<code class="STRUCTFIELD">name</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the list klass name.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13753"><span style="white-space: nowrap"><a href="xmlsec-list.html#XMLSECPTRDUPLICATEITEMMETHOD"><span class="TYPE">xmlSecPtrDuplicateItemMethod</span></a> <code class="STRUCTFIELD">duplicateItem</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the duplciate item method.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13760"><span style="white-space: nowrap"><a href="xmlsec-list.html#XMLSECPTRDESTROYITEMMETHOD"><span class="TYPE">xmlSecPtrDestroyItemMethod</span></a> <code class="STRUCTFIELD">destroyItem</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the destroy item method.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13767"><span style="white-space: nowrap"><a href="xmlsec-list.html#XMLSECPTRDEBUGDUMPITEMMETHOD"><span class="TYPE">xmlSecPtrDebugDumpItemMethod</span></a> <code class="STRUCTFIELD">debugDumpItem</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the debug dump item method.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13774"><span style="white-space: nowrap"><a href="xmlsec-list.html#XMLSECPTRDEBUGDUMPITEMMETHOD"><span class="TYPE">xmlSecPtrDebugDumpItemMethod</span></a> <code class="STRUCTFIELD">debugXmlDumpItem</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the debug dump item in xml format method.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECPTRLISTKLASSGETNAME"></a><h3>xmlSecPtrListKlassGetName()</h3>
+<pre class="PROGRAMLISTING">#define xmlSecPtrListKlassGetName(klass)</pre>
+<p>Macro. Returns the list klass name.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN13788"><span style="white-space: nowrap"><code class="PARAMETER">klass</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the list klass.
+2</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECSTRINGLISTID"></a><h3>xmlSecStringListId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecStringListId</pre>
+<p>Strings list klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECSTRINGLISTGETKLASS"></a><h3>xmlSecStringListGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECPTRLISTID"><span class="RETURNVALUE">xmlSecPtrListId</span></gtkdoclink> xmlSecStringListGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The strins list class.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN13810"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> strings list klass.</p></td>
+</tr></tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-keysmngr.html"><b>&lt;&lt;&lt; keysmngr</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-membuf.html"><b>membuf &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-membuf.html b/docs/api/xmlsec-membuf.html
new file mode 100644
index 00000000..493b7172
--- /dev/null
+++ b/docs/api/xmlsec-membuf.html
@@ -0,0 +1,143 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>membuf</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Core Library API Reference." href="xmlsec-ref.html">
+<link rel="PREVIOUS" title="list" href="xmlsec-list.html">
+<link rel="NEXT" title="nodeset" href="xmlsec-nodeset.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-list.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-nodeset.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-MEMBUF"></a>membuf</h1>
+<div class="REFNAMEDIV">
+<a name="AEN13820"></a><h2>Name</h2>membuf -- Memory buffer transform implementation.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-MEMBUF.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS">#define <a href="xmlsec-membuf.html#XMLSECTRANSFORMMEMBUFID">xmlSecTransformMemBufId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-membuf.html#XMLSECTRANSFORMMEMBUFGETKLASS">xmlSecTransformMemBufGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="XMLSECBUFFERPTR"><span class="RETURNVALUE">xmlSecBufferPtr</span></gtkdoclink><a href="xmlsec-membuf.html#XMLSECTRANSFORMMEMBUFGETBUFFER">xmlSecTransformMemBufGetBuffer</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-MEMBUF.DESCRIPTION"></a><h2>Description</h2>
+<p>Memory buffer transform implementation.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-MEMBUF.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMMEMBUFID"></a><h3>xmlSecTransformMemBufId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformMemBufId</pre>
+<p>The Memory Buffer transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMMEMBUFGETKLASS"></a><h3>xmlSecTransformMemBufGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformMemBufGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The memory buffer transorm (used to store the data that go through it).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN13860"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> memory buffer transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMMEMBUFGETBUFFER"></a><h3>xmlSecTransformMemBufGetBuffer ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECBUFFERPTR"><span class="RETURNVALUE">xmlSecBufferPtr</span></gtkdoclink> xmlSecTransformMemBufGetBuffer (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>);</pre>
+<p>Gets the pointer to memory buffer transform buffer.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13877"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to memory buffer transform.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN13882"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the transform's <a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBuffer</span></a>.</p></td>
+</tr>
+</tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-list.html"><b>&lt;&lt;&lt; list</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-nodeset.html"><b>nodeset &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-mscrypto-app.html b/docs/api/xmlsec-mscrypto-app.html
new file mode 100644
index 00000000..0e5c9cb6
--- /dev/null
+++ b/docs/api/xmlsec-mscrypto-app.html
@@ -0,0 +1,747 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>app</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library for MSCrypto API Reference." href="xmlsec-mscrypto-ref.html">
+<link rel="PREVIOUS" title="XML Security Library for MSCrypto API Reference." href="xmlsec-mscrypto-ref.html">
+<link rel="NEXT" title="certkeys" href="xmlsec-mscrypto-certkeys.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-mscrypto-ref.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-mscrypto-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-mscrypto-certkeys.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-MSCRYPTO-APP"></a>app</h1>
+<div class="REFNAMEDIV">
+<a name="AEN37966"></a><h2>Name</h2>app -- Application functions implementation for MS Crypto.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-MSCRYPTO-APP.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPINIT">xmlSecMSCryptoAppInit</a> (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *config</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPSHUTDOWN">xmlSecMSCryptoAppShutdown</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="LPCTSTR:CAPS"><span class="RETURNVALUE">LPCTSTR</span></gtkdoclink><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPGETCERTSTORENAME">xmlSecMSCryptoAppGetCertStoreName</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPDEFAULTKEYSMNGRINIT">xmlSecMSCryptoAppDefaultKeysMngrInit</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPDEFAULTKEYSMNGRADOPTKEY">xmlSecMSCryptoAppDefaultKeysMngrAdoptKey</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPDEFAULTKEYSMNGRLOAD">xmlSecMSCryptoAppDefaultKeysMngrLoad</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *uri</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPDEFAULTKEYSMNGRSAVE">xmlSecMSCryptoAppDefaultKeysMngrSave</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPDEFAULTKEYSMNGRPRIVATEKEYLOAD">xmlSecMSCryptoAppDefaultKeysMngrPrivateKeyLoad</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER"><gtkdoclink href="HCRYPTKEY:CAPS"><span class="TYPE">HCRYPTKEY</span></gtkdoclink> hKey</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPDEFAULTKEYSMNGRPUBLICKEYLOAD">xmlSecMSCryptoAppDefaultKeysMngrPublicKeyLoad</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER"><gtkdoclink href="HCRYPTKEY:CAPS"><span class="TYPE">HCRYPTKEY</span></gtkdoclink> hKey</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPDEFAULTKEYSMNGRSYMKEYLOAD">xmlSecMSCryptoAppDefaultKeysMngrSymKeyLoad</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER"><gtkdoclink href="HCRYPTKEY:CAPS"><span class="TYPE">HCRYPTKEY</span></gtkdoclink> hKey</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPDEFAULTKEYSMNGRADOPTKEYSTORE">xmlSecMSCryptoAppDefaultKeysMngrAdoptKeyStore</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER"><gtkdoclink href="HCERTSTORE:CAPS"><span class="TYPE">HCERTSTORE</span></gtkdoclink> keyStore</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPDEFAULTKEYSMNGRADOPTTRUSTEDSTORE">xmlSecMSCryptoAppDefaultKeysMngrAdoptTrustedStore</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER"><gtkdoclink href="HCERTSTORE:CAPS"><span class="TYPE">HCERTSTORE</span></gtkdoclink> trustedStore</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPDEFAULTKEYSMNGRADOPTUNTRUSTEDSTORE">xmlSecMSCryptoAppDefaultKeysMngrAdoptUntrustedStore</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER"><gtkdoclink href="HCERTSTORE:CAPS"><span class="TYPE">HCERTSTORE</span></gtkdoclink> untrustedStore</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPKEYSMNGRCERTLOAD">xmlSecMSCryptoAppKeysMngrCertLoad</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPKEYSMNGRCERTLOADMEMORY">xmlSecMSCryptoAppKeysMngrCertLoadMemory</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPKEYLOAD">xmlSecMSCryptoAppKeyLoad</a> (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPKEYLOADMEMORY">xmlSecMSCryptoAppKeyLoadMemory</a> (<code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPPKCS12LOAD">xmlSecMSCryptoAppPkcs12Load</a> (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPPKCS12LOADMEMORY">xmlSecMSCryptoAppPkcs12LoadMemory</a> (<code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPKEYCERTLOAD">xmlSecMSCryptoAppKeyCertLoad</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPKEYCERTLOADMEMORY">xmlSecMSCryptoAppKeyCertLoadMemory</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink>* <a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPGETDEFAULTPWDCALLBACK">xmlSecMSCryptoAppGetDefaultPwdCallback</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-MSCRYPTO-APP.DESCRIPTION"></a><h2>Description</h2>
+<p>Application functions implementation for MS Crypto.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-MSCRYPTO-APP.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOAPPINIT"></a><h3>xmlSecMSCryptoAppInit ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecMSCryptoAppInit (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *config</code>);</pre>
+<p>General crypto engine initialization. This function is used
+by XMLSec command line utility and called before
+<code class="PARAMETER">xmlSecInit</code> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38233"><span style="white-space: nowrap"><code class="PARAMETER">config</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the name of another then the default ms certificate store.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38238"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOAPPSHUTDOWN"></a><h3>xmlSecMSCryptoAppShutdown ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecMSCryptoAppShutdown (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>General crypto engine shutdown. This function is used
+by XMLSec command line utility and called after
+<code class="PARAMETER">xmlSecShutdown</code> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN38255"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOAPPGETCERTSTORENAME"></a><h3>xmlSecMSCryptoAppGetCertStoreName ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="LPCTSTR:CAPS"><span class="RETURNVALUE">LPCTSTR</span></gtkdoclink> xmlSecMSCryptoAppGetCertStoreName (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Gets the MS Crypto certs store name set by <code class="PARAMETER">xmlSecMSCryptoAppInit</code> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN38272"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the MS Crypto certs name used by xmlsec-mscrypto.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOAPPDEFAULTKEYSMNGRINIT"></a><h3>xmlSecMSCryptoAppDefaultKeysMngrInit ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecMSCryptoAppDefaultKeysMngrInit
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>);</pre>
+<p>Initializes <code class="PARAMETER">mngr</code> with simple keys store <a href="xmlsec-keysmngr.html#XMLSECSIMPLEKEYSSTOREID"><span class="TYPE">xmlSecSimpleKeysStoreId</span></a>
+and a default MSCrypto crypto key data stores.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38292"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38297"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOAPPDEFAULTKEYSMNGRADOPTKEY"></a><h3>xmlSecMSCryptoAppDefaultKeysMngrAdoptKey ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecMSCryptoAppDefaultKeysMngrAdoptKey
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);</pre>
+<p>Adds <code class="PARAMETER">key</code> to the keys manager <code class="PARAMETER">mngr</code> created with <a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPDEFAULTKEYSMNGRINIT"><span class="TYPE">xmlSecMSCryptoAppDefaultKeysMngrInit</span></a>
+function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38321"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38326"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38331"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOAPPDEFAULTKEYSMNGRLOAD"></a><h3>xmlSecMSCryptoAppDefaultKeysMngrLoad ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecMSCryptoAppDefaultKeysMngrLoad
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *uri</code>);</pre>
+<p>Loads XML keys file from <code class="PARAMETER">uri</code> to the keys manager <code class="PARAMETER">mngr</code> created
+with <a href="xmlsec-mscrypto-app.html#XMLSECMSCRYPTOAPPDEFAULTKEYSMNGRINIT"><span class="TYPE">xmlSecMSCryptoAppDefaultKeysMngrInit</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38355"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38360"><span style="white-space: nowrap"><code class="PARAMETER">uri</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the uri.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38365"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOAPPDEFAULTKEYSMNGRSAVE"></a><h3>xmlSecMSCryptoAppDefaultKeysMngrSave ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecMSCryptoAppDefaultKeysMngrSave
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);</pre>
+<p>Saves keys from <code class="PARAMETER">mngr</code> to XML keys file.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38389"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38394"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the destination filename.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38399"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the type of keys to save (public/private/symmetric).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38404"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOAPPDEFAULTKEYSMNGRPRIVATEKEYLOAD"></a><h3>xmlSecMSCryptoAppDefaultKeysMngrPrivateKeyLoad ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecMSCryptoAppDefaultKeysMngrPrivateKeyLoad
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER"><gtkdoclink href="HCRYPTKEY:CAPS"><span class="TYPE">HCRYPTKEY</span></gtkdoclink> hKey</code>);</pre>
+<p>Adds private key <code class="PARAMETER">hKey</code> to the keys manager <code class="PARAMETER">mngr</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38426"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38431"><span style="white-space: nowrap"><code class="PARAMETER">hKey</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key handle.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38436"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOAPPDEFAULTKEYSMNGRPUBLICKEYLOAD"></a><h3>xmlSecMSCryptoAppDefaultKeysMngrPublicKeyLoad ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecMSCryptoAppDefaultKeysMngrPublicKeyLoad
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER"><gtkdoclink href="HCRYPTKEY:CAPS"><span class="TYPE">HCRYPTKEY</span></gtkdoclink> hKey</code>);</pre>
+<p>Adds public key <code class="PARAMETER">hKey</code> to the keys manager <code class="PARAMETER">mngr</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38458"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38463"><span style="white-space: nowrap"><code class="PARAMETER">hKey</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key handle.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38468"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOAPPDEFAULTKEYSMNGRSYMKEYLOAD"></a><h3>xmlSecMSCryptoAppDefaultKeysMngrSymKeyLoad ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecMSCryptoAppDefaultKeysMngrSymKeyLoad
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER"><gtkdoclink href="HCRYPTKEY:CAPS"><span class="TYPE">HCRYPTKEY</span></gtkdoclink> hKey</code>);</pre>
+<p>Adds symmetric key <code class="PARAMETER">hKey</code> to the keys manager <code class="PARAMETER">mngr</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38490"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38495"><span style="white-space: nowrap"><code class="PARAMETER">hKey</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key handle.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38500"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOAPPDEFAULTKEYSMNGRADOPTKEYSTORE"></a><h3>xmlSecMSCryptoAppDefaultKeysMngrAdoptKeyStore ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecMSCryptoAppDefaultKeysMngrAdoptKeyStore
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER"><gtkdoclink href="HCERTSTORE:CAPS"><span class="TYPE">HCERTSTORE</span></gtkdoclink> keyStore</code>);</pre>
+<p>Adds <code class="PARAMETER">keyStore</code> to the list of key stores in the keys manager <code class="PARAMETER">mngr</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38522"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38527"><span style="white-space: nowrap"><code class="PARAMETER">keyStore</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys store.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38532"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOAPPDEFAULTKEYSMNGRADOPTTRUSTEDSTORE"></a><h3>xmlSecMSCryptoAppDefaultKeysMngrAdoptTrustedStore ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecMSCryptoAppDefaultKeysMngrAdoptTrustedStore
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER"><gtkdoclink href="HCERTSTORE:CAPS"><span class="TYPE">HCERTSTORE</span></gtkdoclink> trustedStore</code>);</pre>
+<p>Adds <code class="PARAMETER">trustedStore</code> to the list of trusted cert stores in the keys manager <code class="PARAMETER">mngr</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38554"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38559"><span style="white-space: nowrap"><code class="PARAMETER">trustedStore</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to certs store.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38564"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOAPPDEFAULTKEYSMNGRADOPTUNTRUSTEDSTORE"></a><h3>xmlSecMSCryptoAppDefaultKeysMngrAdoptUntrustedStore ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecMSCryptoAppDefaultKeysMngrAdoptUntrustedStore
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER"><gtkdoclink href="HCERTSTORE:CAPS"><span class="TYPE">HCERTSTORE</span></gtkdoclink> untrustedStore</code>);</pre>
+<p>Adds <code class="PARAMETER">trustedStore</code> to the list of un-trusted cert stores in the keys manager <code class="PARAMETER">mngr</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38586"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38591"><span style="white-space: nowrap"><code class="PARAMETER">untrustedStore</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to certs store.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38596"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOAPPKEYSMNGRCERTLOAD"></a><h3>xmlSecMSCryptoAppKeysMngrCertLoad ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecMSCryptoAppKeysMngrCertLoad (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);</pre>
+<p>Reads cert from <code class="PARAMETER">filename</code> and adds to the list of trusted or known
+untrusted certs in <code class="PARAMETER">store</code> (not implemented yet).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38624"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38629"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate file.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38634"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate file format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38639"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the flag that indicates is the certificate in <code class="PARAMETER">filename</code>
+ trusted or not.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38645"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOAPPKEYSMNGRCERTLOADMEMORY"></a><h3>xmlSecMSCryptoAppKeysMngrCertLoadMemory ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecMSCryptoAppKeysMngrCertLoadMemory
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);</pre>
+<p>Reads cert from <code class="PARAMETER">data</code> and adds to the list of trusted or known
+untrusted certs in <code class="PARAMETER">store</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38676"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38681"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the binary certificate.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38686"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>size of binary certificate (data)</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38691"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate file format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38696"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the flag that indicates is the certificate in <code class="PARAMETER">filename</code>
+ trusted or not.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38702"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOAPPKEYLOAD"></a><h3>xmlSecMSCryptoAppKeyLoad ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecMSCryptoAppKeyLoad (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);</pre>
+<p>Reads key from the a file.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38731"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key filename.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38736"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key file format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38741"><span style="white-space: nowrap"><code class="PARAMETER">pwd</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key file password.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38746"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallback</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38751"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallbackCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the user context for password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38756"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOAPPKEYLOADMEMORY"></a><h3>xmlSecMSCryptoAppKeyLoadMemory ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecMSCryptoAppKeyLoadMemory (<code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);</pre>
+<p>Reads key from the a file.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38788"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key binary data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38793"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key data size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38798"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38803"><span style="white-space: nowrap"><code class="PARAMETER">pwd</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key password.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38808"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallback</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38813"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallbackCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the user context for password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38818"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOAPPPKCS12LOAD"></a><h3>xmlSecMSCryptoAppPkcs12Load ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecMSCryptoAppPkcs12Load (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);</pre>
+<p>Reads key and all associated certificates from the PKCS12 file</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38844"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the PKCS12 key filename.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38849"><span style="white-space: nowrap"><code class="PARAMETER">pwd</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the PKCS12 file password.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38854"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallback</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38859"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallbackCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the user context for password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38864"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOAPPPKCS12LOADMEMORY"></a><h3>xmlSecMSCryptoAppPkcs12LoadMemory ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecMSCryptoAppPkcs12LoadMemory (<code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);</pre>
+<p>Reads key and all associated certificates from the PKCS12 binary</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38893"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the binary PKCS12 key in data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38898"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>size of binary pkcs12 data</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38903"><span style="white-space: nowrap"><code class="PARAMETER">pwd</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the PKCS12 file password.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38908"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallback</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38913"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallbackCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the user context for password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38918"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOAPPKEYCERTLOAD"></a><h3>xmlSecMSCryptoAppKeyCertLoad ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecMSCryptoAppKeyCertLoad (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>);</pre>
+<p>Reads the certificate from $<code class="PARAMETER">filename</code> and adds it to key.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38942"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38947"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate filename.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38952"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate file format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38957"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOAPPKEYCERTLOADMEMORY"></a><h3>xmlSecMSCryptoAppKeyCertLoadMemory ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecMSCryptoAppKeyCertLoadMemory (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>);</pre>
+<p>Reads the certificate from $<code class="PARAMETER">data</code> and adds it to key.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38984"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38989"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the binary certificate.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38994"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>size of certificate binary (data)</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN38999"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate file format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39004"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOAPPGETDEFAULTPWDCALLBACK"></a><h3>xmlSecMSCryptoAppGetDefaultPwdCallback ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink>* xmlSecMSCryptoAppGetDefaultPwdCallback
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Gets default password callback.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN39020"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> default password callback.</p></td>
+</tr></tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-mscrypto-ref.html"><b>&lt;&lt;&lt; XML Security Library for MSCrypto API Reference.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-mscrypto-certkeys.html"><b>certkeys &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-mscrypto-certkeys.html b/docs/api/xmlsec-mscrypto-certkeys.html
new file mode 100644
index 00000000..82fb4ec5
--- /dev/null
+++ b/docs/api/xmlsec-mscrypto-certkeys.html
@@ -0,0 +1,252 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>certkeys</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library for MSCrypto API Reference." href="xmlsec-mscrypto-ref.html">
+<link rel="PREVIOUS" title="app" href="xmlsec-mscrypto-app.html">
+<link rel="NEXT" title="crypto" href="xmlsec-mscrypto-crypto.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-mscrypto-app.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-mscrypto-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-mscrypto-crypto.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-MSCRYPTO-CERTKEYS"></a>certkeys</h1>
+<div class="REFNAMEDIV">
+<a name="AEN39030"></a><h2>Name</h2>certkeys -- MS Crypto certificates helper functions.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-MSCRYPTO-CERTKEYS.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS"><gtkdoclink href="PCCERT-CONTEXT:CAPS"><span class="RETURNVALUE">PCCERT_CONTEXT</span></gtkdoclink><a href="xmlsec-mscrypto-certkeys.html#XMLSECMSCRYPTOKEYDATAGETCERT">xmlSecMSCryptoKeyDataGetCert</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+<gtkdoclink href="HCRYPTKEY:CAPS"><span class="RETURNVALUE">HCRYPTKEY</span></gtkdoclink><a href="xmlsec-mscrypto-certkeys.html#XMLSECMSCRYPTOKEYDATAGETKEY">xmlSecMSCryptoKeyDataGetKey</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);
+<gtkdoclink href="HCRYPTKEY:CAPS"><span class="RETURNVALUE">HCRYPTKEY</span></gtkdoclink><a href="xmlsec-mscrypto-certkeys.html#XMLSECMSCRYPTOKEYDATAGETDECRYPTKEY">xmlSecMSCryptoKeyDataGetDecryptKey</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+<gtkdoclink href="PCCERT-CONTEXT:CAPS"><span class="RETURNVALUE">PCCERT_CONTEXT</span></gtkdoclink><a href="xmlsec-mscrypto-certkeys.html#XMLSECMSCRYPTOCERTDUP">xmlSecMSCryptoCertDup</a> (<code class="PARAMETER"><gtkdoclink href="PCCERT-CONTEXT:CAPS"><span class="TYPE">PCCERT_CONTEXT</span></gtkdoclink> pCert</code>);
+<a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="RETURNVALUE">xmlSecKeyDataPtr</span></a> <a href="xmlsec-mscrypto-certkeys.html#XMLSECMSCRYPTOCERTADOPT">xmlSecMSCryptoCertAdopt</a> (<code class="PARAMETER"><gtkdoclink href="PCCERT-CONTEXT:CAPS"><span class="TYPE">PCCERT_CONTEXT</span></gtkdoclink> pCert</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);
+<gtkdoclink href="HCRYPTPROV:CAPS"><span class="RETURNVALUE">HCRYPTPROV</span></gtkdoclink><a href="xmlsec-mscrypto-certkeys.html#XMLSECMSCRYPTOKEYDATAGETMSCRYPTOPROVIDER">xmlSecMSCryptoKeyDataGetMSCryptoProvider</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+<gtkdoclink href="DWORD:CAPS"><span class="RETURNVALUE">DWORD</span></gtkdoclink><a href="xmlsec-mscrypto-certkeys.html#XMLSECMSCRYPTOKEYDATAGETMSCRYPTOKEYSPEC">xmlSecMSCryptoKeyDataGetMSCryptoKeySpec</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-MSCRYPTO-CERTKEYS.DESCRIPTION"></a><h2>Description</h2>
+<p>MS Crypto certificates helper functions.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-MSCRYPTO-CERTKEYS.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYDATAGETCERT"></a><h3>xmlSecMSCryptoKeyDataGetCert ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="PCCERT-CONTEXT:CAPS"><span class="RETURNVALUE">PCCERT_CONTEXT</span></gtkdoclink> xmlSecMSCryptoKeyDataGetCert (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Native MSCrypto certificate retrieval from xmlsec keydata. The
+returned PCCERT_CONTEXT must not be released by the caller.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39101"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key data to retrieve certificate from.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39106"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> PCCERT_CONTEXT on success or NULL otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYDATAGETKEY"></a><h3>xmlSecMSCryptoKeyDataGetKey ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="HCRYPTKEY:CAPS"><span class="RETURNVALUE">HCRYPTKEY</span></gtkdoclink> xmlSecMSCryptoKeyDataGetKey (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);</pre>
+<p>Native MSCrypto key retrieval from xmlsec keydata. The
+returned HKEY must not be destroyed by the caller.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39126"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key data to retrieve certificate from.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39131"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>type of key requested (public/private)</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39136"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> HKEY on success or NULL otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYDATAGETDECRYPTKEY"></a><h3>xmlSecMSCryptoKeyDataGetDecryptKey ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="HCRYPTKEY:CAPS"><span class="RETURNVALUE">HCRYPTKEY</span></gtkdoclink> xmlSecMSCryptoKeyDataGetDecryptKey (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Native MSCrypto decrypt key retrieval from xmlsec keydata. The
+returned HKEY must not be destroyed by the caller.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39153"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key data pointer</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39158"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> HKEY on success or NULL otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOCERTDUP"></a><h3>xmlSecMSCryptoCertDup ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="PCCERT-CONTEXT:CAPS"><span class="RETURNVALUE">PCCERT_CONTEXT</span></gtkdoclink> xmlSecMSCryptoCertDup (<code class="PARAMETER"><gtkdoclink href="PCCERT-CONTEXT:CAPS"><span class="TYPE">PCCERT_CONTEXT</span></gtkdoclink> pCert</code>);</pre>
+<p>Duplicates the <code class="PARAMETER">pCert</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39176"><span style="white-space: nowrap"><code class="PARAMETER">pCert</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to cert.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39181"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to newly created PCCERT_CONTEXT object or
+NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOCERTADOPT"></a><h3>xmlSecMSCryptoCertAdopt ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="RETURNVALUE">xmlSecKeyDataPtr</span></a> xmlSecMSCryptoCertAdopt (<code class="PARAMETER"><gtkdoclink href="PCCERT-CONTEXT:CAPS"><span class="TYPE">PCCERT_CONTEXT</span></gtkdoclink> pCert</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);</pre>
+<p>Creates key data value from the cert.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39201"><span style="white-space: nowrap"><code class="PARAMETER">pCert</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to cert.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39206"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the expected key type.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39211"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to newly created xmlsec key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYDATAGETMSCRYPTOPROVIDER"></a><h3>xmlSecMSCryptoKeyDataGetMSCryptoProvider ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="HCRYPTPROV:CAPS"><span class="RETURNVALUE">HCRYPTPROV</span></gtkdoclink> xmlSecMSCryptoKeyDataGetMSCryptoProvider
+ (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Gets crypto provider handle</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39228"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key data</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39233"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the crypto provider handler or 0 if there is an error.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYDATAGETMSCRYPTOKEYSPEC"></a><h3>xmlSecMSCryptoKeyDataGetMSCryptoKeySpec ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="DWORD:CAPS"><span class="RETURNVALUE">DWORD</span></gtkdoclink> xmlSecMSCryptoKeyDataGetMSCryptoKeySpec
+ (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Gets key spec info.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39250"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key data</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39255"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the key spec info from key data</p></td>
+</tr>
+</tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-mscrypto-app.html"><b>&lt;&lt;&lt; app</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-mscrypto-crypto.html"><b>crypto &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-mscrypto-crypto.html b/docs/api/xmlsec-mscrypto-crypto.html
new file mode 100644
index 00000000..970d2a1d
--- /dev/null
+++ b/docs/api/xmlsec-mscrypto-crypto.html
@@ -0,0 +1,1153 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>crypto</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library for MSCrypto API Reference." href="xmlsec-mscrypto-ref.html">
+<link rel="PREVIOUS" title="certkeys" href="xmlsec-mscrypto-certkeys.html">
+<link rel="NEXT" title="keysstore" href="xmlsec-mscrypto-keysstore.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-mscrypto-certkeys.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-mscrypto-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-mscrypto-keysstore.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-MSCRYPTO-CRYPTO"></a>crypto</h1>
+<div class="REFNAMEDIV">
+<a name="AEN39265"></a><h2>Name</h2>crypto -- Crypto transforms implementation for MS Crypto.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-MSCRYPTO-CRYPTO.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS"><gtkdoclink href="XMLSECCRYPTODLFUNCTIONS"><span class="RETURNVALUE">xmlSecCryptoDLFunctionsPtr</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECCRYPTOGETFUNCTIONS-MSCRYPTO">xmlSecCryptoGetFunctions_mscrypto</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOINIT">xmlSecMSCryptoInit</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOSHUTDOWN">xmlSecMSCryptoShutdown</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOKEYSMNGRINIT">xmlSecMSCryptoKeysMngrInit</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOGENERATERANDOM">xmlSecMSCryptoGenerateRandom</a> (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buffer</code>,
+ <code class="PARAMETER"><gtkdoclink href="SIZE-T"><span class="TYPE">size_t</span></gtkdoclink> size</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOERRORSDEFAULTCALLBACK">xmlSecMSCryptoErrorsDefaultCallback</a> (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *file</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> line</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *func</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *errorObject</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *errorSubject</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> reason</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *msg</code>);
+<gtkdoclink href="LPWSTR:CAPS"><span class="RETURNVALUE">LPWSTR</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOCONVERTLOCALETOUNICODE">xmlSecMSCryptoConvertLocaleToUnicode</a>
+ (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *str</code>);
+<gtkdoclink href="LPWSTR:CAPS"><span class="RETURNVALUE">LPWSTR</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOCONVERTUTF8TOUNICODE">xmlSecMSCryptoConvertUtf8ToUnicode</a> (<code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *str</code>);
+<gtkdoclink href="XMLCHAR"><span class="RETURNVALUE">xmlChar</span></gtkdoclink>* <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOCONVERTUNICODETOUTF8">xmlSecMSCryptoConvertUnicodeToUtf8</a> (<code class="PARAMETER"><gtkdoclink href="LPCWSTR:CAPS"><span class="TYPE">LPCWSTR</span></gtkdoclink> str</code>);
+<gtkdoclink href="XMLCHAR"><span class="RETURNVALUE">xmlChar</span></gtkdoclink>* <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOCONVERTLOCALETOUTF8">xmlSecMSCryptoConvertLocaleToUtf8</a> (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *str</code>);
+<gtkdoclink href="CHAR"><span class="RETURNVALUE">char</span></gtkdoclink>* <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOCONVERTUTF8TOLOCALE">xmlSecMSCryptoConvertUtf8ToLocale</a> (<code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *str</code>);
+<gtkdoclink href="XMLCHAR"><span class="RETURNVALUE">xmlChar</span></gtkdoclink>* <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOCONVERTTSTRTOUTF8">xmlSecMSCryptoConvertTstrToUtf8</a> (<code class="PARAMETER"><gtkdoclink href="LPCTSTR:CAPS"><span class="TYPE">LPCTSTR</span></gtkdoclink> str</code>);
+<gtkdoclink href="LPTSTR:CAPS"><span class="RETURNVALUE">LPTSTR</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOCONVERTUTF8TOTSTR">xmlSecMSCryptoConvertUtf8ToTstr</a> (<code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *str</code>);
+#define <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOKEYDATADSAID">xmlSecMSCryptoKeyDataDsaId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOKEYDATADSAGETKLASS">xmlSecMSCryptoKeyDataDsaGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMDSASHA1ID">xmlSecMSCryptoTransformDsaSha1Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMDSASHA1GETKLASS">xmlSecMSCryptoTransformDsaSha1GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOKEYDATAGOST2001ID">xmlSecMSCryptoKeyDataGost2001Id</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOKEYDATAGOST2001GETKLASS">xmlSecMSCryptoKeyDataGost2001GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMGOST2001GOSTR3411-94ID">xmlSecMSCryptoTransformGost2001GostR3411_94Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMGOST2001GOSTR3411-94GETKLASS">xmlSecMSCryptoTransformGost2001GostR3411_94GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOKEYDATARSAID">xmlSecMSCryptoKeyDataRsaId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOKEYDATARSAGETKLASS">xmlSecMSCryptoKeyDataRsaGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMRSAMD5ID">xmlSecMSCryptoTransformRsaMd5Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMRSAMD5GETKLASS">xmlSecMSCryptoTransformRsaMd5GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMRSASHA1ID">xmlSecMSCryptoTransformRsaSha1Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMRSASHA1GETKLASS">xmlSecMSCryptoTransformRsaSha1GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMRSASHA256ID">xmlSecMSCryptoTransformRsaSha256Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMRSASHA256GETKLASS">xmlSecMSCryptoTransformRsaSha256GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMRSASHA384ID">xmlSecMSCryptoTransformRsaSha384Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMRSASHA384GETKLASS">xmlSecMSCryptoTransformRsaSha384GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMRSASHA512ID">xmlSecMSCryptoTransformRsaSha512Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMRSASHA512GETKLASS">xmlSecMSCryptoTransformRsaSha512GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMRSAPKCS1ID">xmlSecMSCryptoTransformRsaPkcs1Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMRSAPKCS1GETKLASS">xmlSecMSCryptoTransformRsaPkcs1GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMRSAOAEPID">xmlSecMSCryptoTransformRsaOaepId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMRSAOAEPGETKLASS">xmlSecMSCryptoTransformRsaOaepGetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMMD5ID">xmlSecMSCryptoTransformMd5Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMMD5GETKLASS">xmlSecMSCryptoTransformMd5GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMSHA1ID">xmlSecMSCryptoTransformSha1Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMSHA1GETKLASS">xmlSecMSCryptoTransformSha1GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMSHA256ID">xmlSecMSCryptoTransformSha256Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMSHA256GETKLASS">xmlSecMSCryptoTransformSha256GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMSHA384ID">xmlSecMSCryptoTransformSha384Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMSHA384GETKLASS">xmlSecMSCryptoTransformSha384GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMSHA512ID">xmlSecMSCryptoTransformSha512Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMSHA512GETKLASS">xmlSecMSCryptoTransformSha512GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMGOSTR3411-94ID">xmlSecMSCryptoTransformGostR3411_94Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMGOSTR3411-94GETKLASS">xmlSecMSCryptoTransformGostR3411_94GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOKEYDATAAESID">xmlSecMSCryptoKeyDataAesId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOKEYDATAAESGETKLASS">xmlSecMSCryptoKeyDataAesGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOKEYDATAAESSET">xmlSecMSCryptoKeyDataAesSet</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>);
+#define <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMAES128CBCID">xmlSecMSCryptoTransformAes128CbcId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMAES128CBCGETKLASS">xmlSecMSCryptoTransformAes128CbcGetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMAES192CBCID">xmlSecMSCryptoTransformAes192CbcId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMAES192CBCGETKLASS">xmlSecMSCryptoTransformAes192CbcGetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMAES256CBCID">xmlSecMSCryptoTransformAes256CbcId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMAES256CBCGETKLASS">xmlSecMSCryptoTransformAes256CbcGetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMKWAES128ID">xmlSecMSCryptoTransformKWAes128Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMKWAES128GETKLASS">xmlSecMSCryptoTransformKWAes128GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMKWAES192ID">xmlSecMSCryptoTransformKWAes192Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMKWAES192GETKLASS">xmlSecMSCryptoTransformKWAes192GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMKWAES256ID">xmlSecMSCryptoTransformKWAes256Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMKWAES256GETKLASS">xmlSecMSCryptoTransformKWAes256GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOKEYDATADESID">xmlSecMSCryptoKeyDataDesId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOKEYDATADESGETKLASS">xmlSecMSCryptoKeyDataDesGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMDES3CBCID">xmlSecMSCryptoTransformDes3CbcId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMDES3CBCGETKLASS">xmlSecMSCryptoTransformDes3CbcGetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMKWDES3ID">xmlSecMSCryptoTransformKWDes3Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMKWDES3GETKLASS">xmlSecMSCryptoTransformKWDes3GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOHMACGETMINOUTPUTLENGTH">xmlSecMSCryptoHmacGetMinOutputLength</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOHMACSETMINOUTPUTLENGTH">xmlSecMSCryptoHmacSetMinOutputLength</a>
+ (<code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> min_length</code>);
+#define <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOKEYDATAHMACID">xmlSecMSCryptoKeyDataHmacId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOKEYDATAHMACGETKLASS">xmlSecMSCryptoKeyDataHmacGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOKEYDATAHMACSET">xmlSecMSCryptoKeyDataHmacSet</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>);
+#define <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMHMACMD5ID">xmlSecMSCryptoTransformHmacMd5Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMHMACMD5GETKLASS">xmlSecMSCryptoTransformHmacMd5GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMHMACSHA1ID">xmlSecMSCryptoTransformHmacSha1Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMHMACSHA1GETKLASS">xmlSecMSCryptoTransformHmacSha1GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMHMACSHA256ID">xmlSecMSCryptoTransformHmacSha256Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMHMACSHA256GETKLASS">xmlSecMSCryptoTransformHmacSha256GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMHMACSHA384ID">xmlSecMSCryptoTransformHmacSha384Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMHMACSHA384GETKLASS">xmlSecMSCryptoTransformHmacSha384GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMHMACSHA512ID">xmlSecMSCryptoTransformHmacSha512Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-mscrypto-crypto.html#XMLSECMSCRYPTOTRANSFORMHMACSHA512GETKLASS">xmlSecMSCryptoTransformHmacSha512GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-MSCRYPTO-CRYPTO.DESCRIPTION"></a><h2>Description</h2>
+<p>Crypto transforms implementation for MS Crypto.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-MSCRYPTO-CRYPTO.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECCRYPTOGETFUNCTIONS-MSCRYPTO"></a><h3>xmlSecCryptoGetFunctions_mscrypto ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECCRYPTODLFUNCTIONS"><span class="RETURNVALUE">xmlSecCryptoDLFunctionsPtr</span></gtkdoclink> xmlSecCryptoGetFunctions_mscrypto
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Gets MSCrypto specific functions table.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN39622"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> xmlsec-mscrypto functions table.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOINIT"></a><h3>xmlSecMSCryptoInit ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecMSCryptoInit (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>XMLSec library specific crypto engine initialization.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN39638"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOSHUTDOWN"></a><h3>xmlSecMSCryptoShutdown ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecMSCryptoShutdown (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>XMLSec library specific crypto engine shutdown.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN39654"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYSMNGRINIT"></a><h3>xmlSecMSCryptoKeysMngrInit ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecMSCryptoKeysMngrInit (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>);</pre>
+<p>Adds MSCrypto specific key data stores in keys manager.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39671"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39676"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOGENERATERANDOM"></a><h3>xmlSecMSCryptoGenerateRandom ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecMSCryptoGenerateRandom (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buffer</code>,
+ <code class="PARAMETER"><gtkdoclink href="SIZE-T"><span class="TYPE">size_t</span></gtkdoclink> size</code>);</pre>
+<p>Generates <code class="PARAMETER">size</code> random bytes and puts result in <code class="PARAMETER">buffer</code>
+(not implemented yet).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39698"><span style="white-space: nowrap"><code class="PARAMETER">buffer</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the destination buffer.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39703"><span style="white-space: nowrap"><code class="PARAMETER">size</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the numer of bytes to generate.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39708"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOERRORSDEFAULTCALLBACK"></a><h3>xmlSecMSCryptoErrorsDefaultCallback ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecMSCryptoErrorsDefaultCallback (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *file</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> line</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *func</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *errorObject</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *errorSubject</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> reason</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *msg</code>);</pre>
+<p>The default errors reporting callback function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39743"><span style="white-space: nowrap"><code class="PARAMETER">file</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error location file name (__FILE__ macro).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39748"><span style="white-space: nowrap"><code class="PARAMETER">line</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error location line number (__LINE__ macro).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39753"><span style="white-space: nowrap"><code class="PARAMETER">func</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error location function name (__FUNCTION__ macro).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39758"><span style="white-space: nowrap"><code class="PARAMETER">errorObject</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error specific error object</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39763"><span style="white-space: nowrap"><code class="PARAMETER">errorSubject</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error specific error subject.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39768"><span style="white-space: nowrap"><code class="PARAMETER">reason</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error code.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39773"><span style="white-space: nowrap"><code class="PARAMETER">msg</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the additional error message.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOCONVERTLOCALETOUNICODE"></a><h3>xmlSecMSCryptoConvertLocaleToUnicode ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="LPWSTR:CAPS"><span class="RETURNVALUE">LPWSTR</span></gtkdoclink> xmlSecMSCryptoConvertLocaleToUnicode
+ (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *str</code>);</pre>
+<p>Converts input string from current system locale to Unicode.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39790"><span style="white-space: nowrap"><code class="PARAMETER">str</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the string to convert.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39795"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> a pointer to newly allocated string (must be freed with xmlFree) or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOCONVERTUTF8TOUNICODE"></a><h3>xmlSecMSCryptoConvertUtf8ToUnicode ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="LPWSTR:CAPS"><span class="RETURNVALUE">LPWSTR</span></gtkdoclink> xmlSecMSCryptoConvertUtf8ToUnicode (<code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *str</code>);</pre>
+<p>Converts input string from UTF8 to Unicode.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39812"><span style="white-space: nowrap"><code class="PARAMETER">str</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the string to convert.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39817"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> a pointer to newly allocated string (must be freed with xmlFree) or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOCONVERTUNICODETOUTF8"></a><h3>xmlSecMSCryptoConvertUnicodeToUtf8 ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLCHAR"><span class="RETURNVALUE">xmlChar</span></gtkdoclink>* xmlSecMSCryptoConvertUnicodeToUtf8 (<code class="PARAMETER"><gtkdoclink href="LPCWSTR:CAPS"><span class="TYPE">LPCWSTR</span></gtkdoclink> str</code>);</pre>
+<p>Converts input string from Unicode to UTF8.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39834"><span style="white-space: nowrap"><code class="PARAMETER">str</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the string to convert.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39839"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> a pointer to newly allocated string (must be freed with xmlFree) or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOCONVERTLOCALETOUTF8"></a><h3>xmlSecMSCryptoConvertLocaleToUtf8 ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLCHAR"><span class="RETURNVALUE">xmlChar</span></gtkdoclink>* xmlSecMSCryptoConvertLocaleToUtf8 (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *str</code>);</pre>
+<p>Converts input string from locale to UTF8.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39856"><span style="white-space: nowrap"><code class="PARAMETER">str</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the string to convert.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39861"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> a pointer to newly allocated string (must be freed with xmlFree) or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOCONVERTUTF8TOLOCALE"></a><h3>xmlSecMSCryptoConvertUtf8ToLocale ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="CHAR"><span class="RETURNVALUE">char</span></gtkdoclink>* xmlSecMSCryptoConvertUtf8ToLocale (<code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *str</code>);</pre>
+<p>Converts input string from UTF8 to locale.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39878"><span style="white-space: nowrap"><code class="PARAMETER">str</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the string to convert.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39883"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> a pointer to newly allocated string (must be freed with xmlFree) or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOCONVERTTSTRTOUTF8"></a><h3>xmlSecMSCryptoConvertTstrToUtf8 ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLCHAR"><span class="RETURNVALUE">xmlChar</span></gtkdoclink>* xmlSecMSCryptoConvertTstrToUtf8 (<code class="PARAMETER"><gtkdoclink href="LPCTSTR:CAPS"><span class="TYPE">LPCTSTR</span></gtkdoclink> str</code>);</pre>
+<p>Converts input string from TSTR (locale or Unicode) to UTF8.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39900"><span style="white-space: nowrap"><code class="PARAMETER">str</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the string to convert.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39905"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> a pointer to newly allocated string (must be freed with xmlFree) or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOCONVERTUTF8TOTSTR"></a><h3>xmlSecMSCryptoConvertUtf8ToTstr ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="LPTSTR:CAPS"><span class="RETURNVALUE">LPTSTR</span></gtkdoclink> xmlSecMSCryptoConvertUtf8ToTstr (<code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *str</code>);</pre>
+<p>Converts input string from UTF8 to TSTR (locale or Unicode).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39922"><span style="white-space: nowrap"><code class="PARAMETER">str</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the string to convert.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN39927"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> a pointer to newly allocated string (must be freed with xmlFree) or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYDATADSAID"></a><h3>xmlSecMSCryptoKeyDataDsaId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoKeyDataDsaId</pre>
+<p>The DSA key klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYDATADSAGETKLASS"></a><h3>xmlSecMSCryptoKeyDataDsaGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecMSCryptoKeyDataDsaGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The DSA key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN39949"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to DSA key data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMDSASHA1ID"></a><h3>xmlSecMSCryptoTransformDsaSha1Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoTransformDsaSha1Id</pre>
+<p>The DSA SHA1 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMDSASHA1GETKLASS"></a><h3>xmlSecMSCryptoTransformDsaSha1GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecMSCryptoTransformDsaSha1GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The DSA-SHA1 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN39971"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> DSA-SHA1 signature transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYDATAGOST2001ID"></a><h3>xmlSecMSCryptoKeyDataGost2001Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoKeyDataGost2001Id</pre>
+<p>The GOST2001 key klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYDATAGOST2001GETKLASS"></a><h3>xmlSecMSCryptoKeyDataGost2001GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecMSCryptoKeyDataGost2001GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The GOST2001 key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN39993"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to GOST2001 key data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMGOST2001GOSTR3411-94ID"></a><h3>xmlSecMSCryptoTransformGost2001GostR3411_94Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoTransformGost2001GostR3411_94Id</pre>
+<p>The GOST2001 GOSTR3411_94 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMGOST2001GOSTR3411-94GETKLASS"></a><h3>xmlSecMSCryptoTransformGost2001GostR3411_94GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecMSCryptoTransformGost2001GostR3411_94GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The GOST2001-GOSTR3411_94 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN40015"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> GOST2001-GOSTR3411_94 signature transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYDATARSAID"></a><h3>xmlSecMSCryptoKeyDataRsaId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoKeyDataRsaId</pre>
+<p>The RSA key klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYDATARSAGETKLASS"></a><h3>xmlSecMSCryptoKeyDataRsaGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecMSCryptoKeyDataRsaGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The MSCrypto RSA CertKey data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN40037"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to MSCrypto RSA key data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMRSAMD5ID"></a><h3>xmlSecMSCryptoTransformRsaMd5Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoTransformRsaMd5Id</pre>
+<p>The RSA-MD5 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMRSAMD5GETKLASS"></a><h3>xmlSecMSCryptoTransformRsaMd5GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecMSCryptoTransformRsaMd5GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-MD5 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN40059"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-MD5 signature transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMRSASHA1ID"></a><h3>xmlSecMSCryptoTransformRsaSha1Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoTransformRsaSha1Id</pre>
+<p>The RSA-SHA1 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMRSASHA1GETKLASS"></a><h3>xmlSecMSCryptoTransformRsaSha1GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecMSCryptoTransformRsaSha1GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-SHA1 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN40081"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-SHA1 signature transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMRSASHA256ID"></a><h3>xmlSecMSCryptoTransformRsaSha256Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoTransformRsaSha256Id</pre>
+<p>The RSA-SHA256 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMRSASHA256GETKLASS"></a><h3>xmlSecMSCryptoTransformRsaSha256GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecMSCryptoTransformRsaSha256GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-SHA256 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN40103"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-SHA256 signature transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMRSASHA384ID"></a><h3>xmlSecMSCryptoTransformRsaSha384Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoTransformRsaSha384Id</pre>
+<p>The RSA-SHA384 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMRSASHA384GETKLASS"></a><h3>xmlSecMSCryptoTransformRsaSha384GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecMSCryptoTransformRsaSha384GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-SHA384 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN40125"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-SHA384 signature transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMRSASHA512ID"></a><h3>xmlSecMSCryptoTransformRsaSha512Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoTransformRsaSha512Id</pre>
+<p>The RSA-SHA512 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMRSASHA512GETKLASS"></a><h3>xmlSecMSCryptoTransformRsaSha512GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecMSCryptoTransformRsaSha512GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-SHA512 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN40147"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-SHA512 signature transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMRSAPKCS1ID"></a><h3>xmlSecMSCryptoTransformRsaPkcs1Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoTransformRsaPkcs1Id</pre>
+<p>The RSA PKCS1 key transport transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMRSAPKCS1GETKLASS"></a><h3>xmlSecMSCryptoTransformRsaPkcs1GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecMSCryptoTransformRsaPkcs1GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-PKCS1 key transport transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN40169"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-PKCS1 key transport transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMRSAOAEPID"></a><h3>xmlSecMSCryptoTransformRsaOaepId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoTransformRsaOaepId</pre>
+<p>The RSA PKCS1 key transport transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMRSAOAEPGETKLASS"></a><h3>xmlSecMSCryptoTransformRsaOaepGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecMSCryptoTransformRsaOaepGetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-OAEP key transport transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN40191"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-OAEP key transport transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMMD5ID"></a><h3>xmlSecMSCryptoTransformMd5Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoTransformMd5Id</pre>
+<p>The MD5 digest transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMMD5GETKLASS"></a><h3>xmlSecMSCryptoTransformMd5GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecMSCryptoTransformMd5GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>SHA-1 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN40213"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to SHA-1 digest transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMSHA1ID"></a><h3>xmlSecMSCryptoTransformSha1Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoTransformSha1Id</pre>
+<p>The SHA1 digest transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMSHA1GETKLASS"></a><h3>xmlSecMSCryptoTransformSha1GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecMSCryptoTransformSha1GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>SHA-1 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN40235"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to SHA-1 digest transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMSHA256ID"></a><h3>xmlSecMSCryptoTransformSha256Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoTransformSha256Id</pre>
+<p>The SHA256 digest transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMSHA256GETKLASS"></a><h3>xmlSecMSCryptoTransformSha256GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecMSCryptoTransformSha256GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>SHA-256 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN40257"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to SHA-256 digest transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMSHA384ID"></a><h3>xmlSecMSCryptoTransformSha384Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoTransformSha384Id</pre>
+<p>The SHA384 digest transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMSHA384GETKLASS"></a><h3>xmlSecMSCryptoTransformSha384GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecMSCryptoTransformSha384GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>SHA-384 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN40279"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to SHA-384 digest transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMSHA512ID"></a><h3>xmlSecMSCryptoTransformSha512Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoTransformSha512Id</pre>
+<p>The SHA512 digest transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMSHA512GETKLASS"></a><h3>xmlSecMSCryptoTransformSha512GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecMSCryptoTransformSha512GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>SHA-512 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN40301"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to SHA-512 digest transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMGOSTR3411-94ID"></a><h3>xmlSecMSCryptoTransformGostR3411_94Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoTransformGostR3411_94Id</pre>
+<p>The GOSTR3411_94 digest transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMGOSTR3411-94GETKLASS"></a><h3>xmlSecMSCryptoTransformGostR3411_94GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecMSCryptoTransformGostR3411_94GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>GOSTR3411_94 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN40323"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to GOSTR3411_94 digest transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYDATAAESID"></a><h3>xmlSecMSCryptoKeyDataAesId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoKeyDataAesId</pre>
+<p>The AES key data klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYDATAAESGETKLASS"></a><h3>xmlSecMSCryptoKeyDataAesGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecMSCryptoKeyDataAesGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The AES key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN40345"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> AES key data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYDATAAESSET"></a><h3>xmlSecMSCryptoKeyDataAesSet ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecMSCryptoKeyDataAesSet (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>);</pre>
+<p>Sets the value of AES key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN40368"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to AES key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN40373"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN40378"><span style="white-space: nowrap"><code class="PARAMETER">bufSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key value size (in bytes).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN40383"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMAES128CBCID"></a><h3>xmlSecMSCryptoTransformAes128CbcId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoTransformAes128CbcId</pre>
+<p>The AES128 CBC cipher transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMAES128CBCGETKLASS"></a><h3>xmlSecMSCryptoTransformAes128CbcGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecMSCryptoTransformAes128CbcGetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>AES 128 CBC encryption transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN40405"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to AES 128 CBC encryption transform.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMAES192CBCID"></a><h3>xmlSecMSCryptoTransformAes192CbcId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoTransformAes192CbcId</pre>
+<p>The AES192 CBC cipher transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMAES192CBCGETKLASS"></a><h3>xmlSecMSCryptoTransformAes192CbcGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecMSCryptoTransformAes192CbcGetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>AES 192 CBC encryption transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN40427"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to AES 192 CBC encryption transform.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMAES256CBCID"></a><h3>xmlSecMSCryptoTransformAes256CbcId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoTransformAes256CbcId</pre>
+<p>The AES256 CBC cipher transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMAES256CBCGETKLASS"></a><h3>xmlSecMSCryptoTransformAes256CbcGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecMSCryptoTransformAes256CbcGetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>AES 256 CBC encryption transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN40449"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to AES 256 CBC encryption transform.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMKWAES128ID"></a><h3>xmlSecMSCryptoTransformKWAes128Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoTransformKWAes128Id</pre>
+<p>The AES 128 key wrap transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMKWAES128GETKLASS"></a><h3>xmlSecMSCryptoTransformKWAes128GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecMSCryptoTransformKWAes128GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The AES-128 kew wrapper transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN40471"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> AES-128 kew wrapper transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMKWAES192ID"></a><h3>xmlSecMSCryptoTransformKWAes192Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoTransformKWAes192Id</pre>
+<p>The AES 192 key wrap transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMKWAES192GETKLASS"></a><h3>xmlSecMSCryptoTransformKWAes192GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecMSCryptoTransformKWAes192GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The AES-192 kew wrapper transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN40493"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> AES-192 kew wrapper transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMKWAES256ID"></a><h3>xmlSecMSCryptoTransformKWAes256Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoTransformKWAes256Id</pre>
+<p>The AES 256 key wrap transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMKWAES256GETKLASS"></a><h3>xmlSecMSCryptoTransformKWAes256GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecMSCryptoTransformKWAes256GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The AES-256 kew wrapper transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN40515"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> AES-256 kew wrapper transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYDATADESID"></a><h3>xmlSecMSCryptoKeyDataDesId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoKeyDataDesId</pre>
+<p>The DES key data klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYDATADESGETKLASS"></a><h3>xmlSecMSCryptoKeyDataDesGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecMSCryptoKeyDataDesGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The DES key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN40537"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> DES key data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMDES3CBCID"></a><h3>xmlSecMSCryptoTransformDes3CbcId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoTransformDes3CbcId</pre>
+<p>The DES3 CBC cipher transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMDES3CBCGETKLASS"></a><h3>xmlSecMSCryptoTransformDes3CbcGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecMSCryptoTransformDes3CbcGetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Triple DES CBC encryption transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN40559"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to Triple DES encryption transform.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMKWDES3ID"></a><h3>xmlSecMSCryptoTransformKWDes3Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoTransformKWDes3Id</pre>
+<p>The DES3 KW transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMKWDES3GETKLASS"></a><h3>xmlSecMSCryptoTransformKWDes3GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecMSCryptoTransformKWDes3GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The Triple DES key wrapper transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN40581"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> Triple DES key wrapper transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOHMACGETMINOUTPUTLENGTH"></a><h3>xmlSecMSCryptoHmacGetMinOutputLength ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecMSCryptoHmacGetMinOutputLength
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Gets the value of min HMAC length.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN40597"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the min HMAC output length</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOHMACSETMINOUTPUTLENGTH"></a><h3>xmlSecMSCryptoHmacSetMinOutputLength ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecMSCryptoHmacSetMinOutputLength
+ (<code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> min_length</code>);</pre>
+<p>Sets the min HMAC output length</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN40614"><span style="white-space: nowrap"><code class="PARAMETER">min_length</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new min length</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYDATAHMACID"></a><h3>xmlSecMSCryptoKeyDataHmacId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoKeyDataHmacId</pre>
+<p>The DHMAC key klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYDATAHMACGETKLASS"></a><h3>xmlSecMSCryptoKeyDataHmacGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecMSCryptoKeyDataHmacGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN40636"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> HMAC key data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYDATAHMACSET"></a><h3>xmlSecMSCryptoKeyDataHmacSet ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecMSCryptoKeyDataHmacSet (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>);</pre>
+<p>Sets the value of HMAC key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN40659"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to HMAC key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN40664"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN40669"><span style="white-space: nowrap"><code class="PARAMETER">bufSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key value size (in bytes).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN40674"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMHMACMD5ID"></a><h3>xmlSecMSCryptoTransformHmacMd5Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoTransformHmacMd5Id</pre>
+<p>The HMAC with MD5 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMHMACMD5GETKLASS"></a><h3>xmlSecMSCryptoTransformHmacMd5GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecMSCryptoTransformHmacMd5GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-MD5 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN40696"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-MD5 transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMHMACSHA1ID"></a><h3>xmlSecMSCryptoTransformHmacSha1Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoTransformHmacSha1Id</pre>
+<p>The HMAC with SHA1 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMHMACSHA1GETKLASS"></a><h3>xmlSecMSCryptoTransformHmacSha1GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecMSCryptoTransformHmacSha1GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-SHA1 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN40718"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-SHA1 transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMHMACSHA256ID"></a><h3>xmlSecMSCryptoTransformHmacSha256Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoTransformHmacSha256Id</pre>
+<p>The HMAC with SHA256 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMHMACSHA256GETKLASS"></a><h3>xmlSecMSCryptoTransformHmacSha256GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecMSCryptoTransformHmacSha256GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-SHA256 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN40740"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-SHA256 transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMHMACSHA384ID"></a><h3>xmlSecMSCryptoTransformHmacSha384Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoTransformHmacSha384Id</pre>
+<p>The HMAC with SHA384 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMHMACSHA384GETKLASS"></a><h3>xmlSecMSCryptoTransformHmacSha384GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecMSCryptoTransformHmacSha384GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-SHA384 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN40762"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-SHA384 transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMHMACSHA512ID"></a><h3>xmlSecMSCryptoTransformHmacSha512Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoTransformHmacSha512Id</pre>
+<p>The HMAC with SHA512 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOTRANSFORMHMACSHA512GETKLASS"></a><h3>xmlSecMSCryptoTransformHmacSha512GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecMSCryptoTransformHmacSha512GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-SHA512 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN40784"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-SHA512 transform klass.</p></td>
+</tr></tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-mscrypto-certkeys.html"><b>&lt;&lt;&lt; certkeys</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-mscrypto-keysstore.html"><b>keysstore &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-mscrypto-keysstore.html b/docs/api/xmlsec-mscrypto-keysstore.html
new file mode 100644
index 00000000..160a9f3d
--- /dev/null
+++ b/docs/api/xmlsec-mscrypto-keysstore.html
@@ -0,0 +1,209 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>keysstore</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library for MSCrypto API Reference." href="xmlsec-mscrypto-ref.html">
+<link rel="PREVIOUS" title="crypto" href="xmlsec-mscrypto-crypto.html">
+<link rel="NEXT" title="x509" href="xmlsec-mscrypto-x509.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-mscrypto-crypto.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-mscrypto-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-mscrypto-x509.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-MSCRYPTO-KEYSSTORE"></a>keysstore</h1>
+<div class="REFNAMEDIV">
+<a name="AEN40794"></a><h2>Name</h2>keysstore -- Keys store implementation for MS Crypto.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-MSCRYPTO-KEYSSTORE.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS">#define <a href="xmlsec-mscrypto-keysstore.html#XMLSECMSCRYPTOKEYSSTOREID">xmlSecMSCryptoKeysStoreId</a>
+<gtkdoclink href="XMLSECKEYSTOREID"><span class="RETURNVALUE">xmlSecKeyStoreId</span></gtkdoclink><a href="xmlsec-mscrypto-keysstore.html#XMLSECMSCRYPTOKEYSSTOREGETKLASS">xmlSecMSCryptoKeysStoreGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-mscrypto-keysstore.html#XMLSECMSCRYPTOKEYSSTOREADOPTKEY">xmlSecMSCryptoKeysStoreAdoptKey</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSTORE"><span class="TYPE">xmlSecKeyStorePtr</span></a> store</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-mscrypto-keysstore.html#XMLSECMSCRYPTOKEYSSTORELOAD">xmlSecMSCryptoKeysStoreLoad</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSTORE"><span class="TYPE">xmlSecKeyStorePtr</span></a> store</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *uri</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> keysMngr</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-mscrypto-keysstore.html#XMLSECMSCRYPTOKEYSSTORESAVE">xmlSecMSCryptoKeysStoreSave</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSTORE"><span class="TYPE">xmlSecKeyStorePtr</span></a> store</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-MSCRYPTO-KEYSSTORE.DESCRIPTION"></a><h2>Description</h2>
+<p>Keys store implementation for MS Crypto.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-MSCRYPTO-KEYSSTORE.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYSSTOREID"></a><h3>xmlSecMSCryptoKeysStoreId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoKeysStoreId xmlSecMSCryptoKeysStoreGetKlass()</pre>
+<p>A MSCrypto keys store klass id.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYSSTOREGETKLASS"></a><h3>xmlSecMSCryptoKeysStoreGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYSTOREID"><span class="RETURNVALUE">xmlSecKeyStoreId</span></gtkdoclink> xmlSecMSCryptoKeysStoreGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The MSCrypto list based keys store klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN40861"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> MSCrypto list based keys store klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYSSTOREADOPTKEY"></a><h3>xmlSecMSCryptoKeysStoreAdoptKey ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecMSCryptoKeysStoreAdoptKey (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSTORE"><span class="TYPE">xmlSecKeyStorePtr</span></a> store</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);</pre>
+<p>Adds <code class="PARAMETER">key</code> to the <code class="PARAMETER">store</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN40883"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to MSCrypto keys store.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN40888"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN40893"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYSSTORELOAD"></a><h3>xmlSecMSCryptoKeysStoreLoad ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecMSCryptoKeysStoreLoad (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSTORE"><span class="TYPE">xmlSecKeyStorePtr</span></a> store</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *uri</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> keysMngr</code>);</pre>
+<p>Reads keys from an XML file.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN40916"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to MSCrypto keys store.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN40921"><span style="white-space: nowrap"><code class="PARAMETER">uri</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the filename.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN40926"><span style="white-space: nowrap"><code class="PARAMETER">keysMngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to associated keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN40931"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYSSTORESAVE"></a><h3>xmlSecMSCryptoKeysStoreSave ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecMSCryptoKeysStoreSave (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSTORE"><span class="TYPE">xmlSecKeyStorePtr</span></a> store</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);</pre>
+<p>Writes keys from <code class="PARAMETER">store</code> to an XML file.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN40955"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to MSCrypto keys store.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN40960"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the filename.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN40965"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the saved keys type (public, private, ...).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN40970"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-mscrypto-crypto.html"><b>&lt;&lt;&lt; crypto</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-mscrypto-x509.html"><b>x509 &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-mscrypto-ref.html b/docs/api/xmlsec-mscrypto-ref.html
new file mode 100644
index 00000000..3400a666
--- /dev/null
+++ b/docs/api/xmlsec-mscrypto-ref.html
@@ -0,0 +1,113 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>XML Security Library for MSCrypto API Reference.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library API Reference." href="xmlsec-reference.html">
+<link rel="PREVIOUS" title="x509" href="xmlsec-nss-x509.html">
+<link rel="NEXT" title="app" href="xmlsec-mscrypto-app.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-nss-x509.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-reference.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-mscrypto-app.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<div class="CHAPTER">
+<h1>
+<a name="XMLSEC-MSCRYPTO-REF"></a>XML Security Library for MSCrypto API Reference.</h1>
+<div class="TOC"><dl>
+<dt><b>Table of Contents</b></dt>
+<dt>
+<a href="xmlsec-mscrypto-app.html">app</a> -- Application functions implementation for MS Crypto.</dt>
+<dt>
+<a href="xmlsec-mscrypto-certkeys.html">certkeys</a> -- MS Crypto certificates helper functions.</dt>
+<dt>
+<a href="xmlsec-mscrypto-crypto.html">crypto</a> -- Crypto transforms implementation for MS Crypto.</dt>
+<dt>
+<a href="xmlsec-mscrypto-keysstore.html">keysstore</a> -- Keys store implementation for MS Crypto.</dt>
+<dt>
+<a href="xmlsec-mscrypto-x509.html">x509</a> -- X509 certificates support implementation for MS Crypto.</dt>
+</dl></div>
+<p>This section contains the API reference for xmlsec-mscrypto. All
+ the public interfaces are documented here. This reference guide is
+ build by extracting comments from the code sources. </p>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-nss-x509.html"><b>&lt;&lt;&lt; x509</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-mscrypto-app.html"><b>app &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-mscrypto-x509.html b/docs/api/xmlsec-mscrypto-x509.html
new file mode 100644
index 00000000..1dffe6da
--- /dev/null
+++ b/docs/api/xmlsec-mscrypto-x509.html
@@ -0,0 +1,478 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>x509</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library for MSCrypto API Reference." href="xmlsec-mscrypto-ref.html">
+<link rel="PREVIOUS" title="keysstore" href="xmlsec-mscrypto-keysstore.html">
+<link rel="NEXT" title="XML Security Library Reference Index" href="xmlsec-index.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-mscrypto-keysstore.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-mscrypto-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-index.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-MSCRYPTO-X509"></a>x509</h1>
+<div class="REFNAMEDIV">
+<a name="AEN40980"></a><h2>Name</h2>x509 -- X509 certificates support implementation for MS Crypto.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-MSCRYPTO-X509.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS">#define <a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOKEYDATAX509ID">xmlSecMSCryptoKeyDataX509Id</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOKEYDATAX509GETKLASS">xmlSecMSCryptoKeyDataX509GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="PCCERT-CONTEXT:CAPS"><span class="RETURNVALUE">PCCERT_CONTEXT</span></gtkdoclink><a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOKEYDATAX509GETKEYCERT">xmlSecMSCryptoKeyDataX509GetKeyCert</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOKEYDATAX509ADOPTKEYCERT">xmlSecMSCryptoKeyDataX509AdoptKeyCert</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="PCCERT-CONTEXT:CAPS"><span class="TYPE">PCCERT_CONTEXT</span></gtkdoclink> cert</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOKEYDATAX509ADOPTCERT">xmlSecMSCryptoKeyDataX509AdoptCert</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="PCCERT-CONTEXT:CAPS"><span class="TYPE">PCCERT_CONTEXT</span></gtkdoclink> cert</code>);
+<gtkdoclink href="PCCERT-CONTEXT:CAPS"><span class="RETURNVALUE">PCCERT_CONTEXT</span></gtkdoclink><a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOKEYDATAX509GETCERT">xmlSecMSCryptoKeyDataX509GetCert</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> pos</code>);
+<a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="RETURNVALUE">xmlSecSize</span></a> <a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOKEYDATAX509GETCERTSSIZE">xmlSecMSCryptoKeyDataX509GetCertsSize</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOKEYDATAX509ADOPTCRL">xmlSecMSCryptoKeyDataX509AdoptCrl</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="PCCRL-CONTEXT:CAPS"><span class="TYPE">PCCRL_CONTEXT</span></gtkdoclink> crl</code>);
+<gtkdoclink href="PCCRL-CONTEXT:CAPS"><span class="RETURNVALUE">PCCRL_CONTEXT</span></gtkdoclink><a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOKEYDATAX509GETCRL">xmlSecMSCryptoKeyDataX509GetCrl</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> pos</code>);
+<a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="RETURNVALUE">xmlSecSize</span></a> <a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOKEYDATAX509GETCRLSSIZE">xmlSecMSCryptoKeyDataX509GetCrlsSize</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+#define <a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOKEYDATARAWX509CERTID">xmlSecMSCryptoKeyDataRawX509CertId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOKEYDATARAWX509CERTGETKLASS">xmlSecMSCryptoKeyDataRawX509CertGetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOX509STOREID">xmlSecMSCryptoX509StoreId</a>
+<gtkdoclink href="XMLSECKEYDATASTOREID"><span class="RETURNVALUE">xmlSecKeyDataStoreId</span></gtkdoclink><a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOX509STOREGETKLASS">xmlSecMSCryptoX509StoreGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOX509STOREADOPTCERT">xmlSecMSCryptoX509StoreAdoptCert</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>,
+ <code class="PARAMETER"><gtkdoclink href="PCCERT-CONTEXT:CAPS"><span class="TYPE">PCCERT_CONTEXT</span></gtkdoclink> cert</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOX509STOREADOPTKEYSTORE">xmlSecMSCryptoX509StoreAdoptKeyStore</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>,
+ <code class="PARAMETER"><gtkdoclink href="HCERTSTORE:CAPS"><span class="TYPE">HCERTSTORE</span></gtkdoclink> keyStore</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOX509STOREADOPTTRUSTEDSTORE">xmlSecMSCryptoX509StoreAdoptTrustedStore</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>,
+ <code class="PARAMETER"><gtkdoclink href="HCERTSTORE:CAPS"><span class="TYPE">HCERTSTORE</span></gtkdoclink> trustedStore</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOX509STOREADOPTUNTRUSTEDSTORE">xmlSecMSCryptoX509StoreAdoptUntrustedStore</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>,
+ <code class="PARAMETER"><gtkdoclink href="HCERTSTORE:CAPS"><span class="TYPE">HCERTSTORE</span></gtkdoclink> untrustedStore</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-mscrypto-x509.html#XMLSECMSCRYPTOX509STOREENABLESYSTEMTRUSTEDCERTS">xmlSecMSCryptoX509StoreEnableSystemTrustedCerts</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> val</code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-MSCRYPTO-X509.DESCRIPTION"></a><h2>Description</h2>
+<p>X509 certificates support implementation for MS Crypto.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-MSCRYPTO-X509.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYDATAX509ID"></a><h3>xmlSecMSCryptoKeyDataX509Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoKeyDataX509Id</pre>
+<p>The MSCrypto X509 data klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYDATAX509GETKLASS"></a><h3>xmlSecMSCryptoKeyDataX509GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecMSCryptoKeyDataX509GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The MSCrypto X509 key data klass (http://www.w3.org/TR/xmldsig-core/<gtkdoclink href="SEC-X509DATA"><span class="TYPE">sec-X509Data</span></gtkdoclink>).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN41139"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the X509 data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYDATAX509GETKEYCERT"></a><h3>xmlSecMSCryptoKeyDataX509GetKeyCert ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="PCCERT-CONTEXT:CAPS"><span class="RETURNVALUE">PCCERT_CONTEXT</span></gtkdoclink> xmlSecMSCryptoKeyDataX509GetKeyCert (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Gets the certificate from which the key was extracted.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41156"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41161"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the key's certificate or NULL if key data was not used for key
+extraction or an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYDATAX509ADOPTKEYCERT"></a><h3>xmlSecMSCryptoKeyDataX509AdoptKeyCert ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecMSCryptoKeyDataX509AdoptKeyCert
+ (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="PCCERT-CONTEXT:CAPS"><span class="TYPE">PCCERT_CONTEXT</span></gtkdoclink> cert</code>);</pre>
+<p>Sets the key's certificate in <code class="PARAMETER">data</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41182"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41187"><span style="white-space: nowrap"><code class="PARAMETER">cert</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to MSCRYPTO X509 certificate.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41192"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYDATAX509ADOPTCERT"></a><h3>xmlSecMSCryptoKeyDataX509AdoptCert ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecMSCryptoKeyDataX509AdoptCert (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="PCCERT-CONTEXT:CAPS"><span class="TYPE">PCCERT_CONTEXT</span></gtkdoclink> cert</code>);</pre>
+<p>Adds certificate to the X509 key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41212"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41217"><span style="white-space: nowrap"><code class="PARAMETER">cert</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to MSCRYPTO X509 certificate.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41222"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYDATAX509GETCERT"></a><h3>xmlSecMSCryptoKeyDataX509GetCert ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="PCCERT-CONTEXT:CAPS"><span class="RETURNVALUE">PCCERT_CONTEXT</span></gtkdoclink> xmlSecMSCryptoKeyDataX509GetCert (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> pos</code>);</pre>
+<p>Gets a certificate from X509 key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41242"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41247"><span style="white-space: nowrap"><code class="PARAMETER">pos</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired certificate position.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41252"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to certificate or NULL if <code class="PARAMETER">pos</code> is larger than the
+number of certificates in <code class="PARAMETER">data</code> or an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYDATAX509GETCERTSSIZE"></a><h3>xmlSecMSCryptoKeyDataX509GetCertsSize ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="RETURNVALUE">xmlSecSize</span></a> xmlSecMSCryptoKeyDataX509GetCertsSize
+ (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Gets the number of certificates in <code class="PARAMETER">data</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41272"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41277"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> te number of certificates in <code class="PARAMETER">data</code>.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYDATAX509ADOPTCRL"></a><h3>xmlSecMSCryptoKeyDataX509AdoptCrl ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecMSCryptoKeyDataX509AdoptCrl (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="PCCRL-CONTEXT:CAPS"><span class="TYPE">PCCRL_CONTEXT</span></gtkdoclink> crl</code>);</pre>
+<p>Adds CRL to the X509 key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41298"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41303"><span style="white-space: nowrap"><code class="PARAMETER">crl</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to MSCrypto X509 CRL.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41308"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYDATAX509GETCRL"></a><h3>xmlSecMSCryptoKeyDataX509GetCrl ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="PCCRL-CONTEXT:CAPS"><span class="RETURNVALUE">PCCRL_CONTEXT</span></gtkdoclink> xmlSecMSCryptoKeyDataX509GetCrl (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> pos</code>);</pre>
+<p>Gets a CRL from X509 key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41328"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41333"><span style="white-space: nowrap"><code class="PARAMETER">pos</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired CRL position.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41338"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to CRL or NULL if <code class="PARAMETER">pos</code> is larger than the
+number of CRLs in <code class="PARAMETER">data</code> or an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYDATAX509GETCRLSSIZE"></a><h3>xmlSecMSCryptoKeyDataX509GetCrlsSize ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="RETURNVALUE">xmlSecSize</span></a> xmlSecMSCryptoKeyDataX509GetCrlsSize
+ (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Gets the number of CRLs in <code class="PARAMETER">data</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41358"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41363"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> te number of CRLs in <code class="PARAMETER">data</code>.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYDATARAWX509CERTID"></a><h3>xmlSecMSCryptoKeyDataRawX509CertId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoKeyDataRawX509CertId</pre>
+<p>The MSCrypto raw X509 certificate klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOKEYDATARAWX509CERTGETKLASS"></a><h3>xmlSecMSCryptoKeyDataRawX509CertGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecMSCryptoKeyDataRawX509CertGetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The raw X509 certificates key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN41386"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> raw X509 certificates key data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOX509STOREID"></a><h3>xmlSecMSCryptoX509StoreId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecMSCryptoX509StoreId</pre>
+<p>The MSCrypto X509 store klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOX509STOREGETKLASS"></a><h3>xmlSecMSCryptoX509StoreGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATASTOREID"><span class="RETURNVALUE">xmlSecKeyDataStoreId</span></gtkdoclink> xmlSecMSCryptoX509StoreGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The MSCrypto X509 certificates key data store klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN41408"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to MSCrypto X509 certificates key data store klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOX509STOREADOPTCERT"></a><h3>xmlSecMSCryptoX509StoreAdoptCert ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecMSCryptoX509StoreAdoptCert (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>,
+ <code class="PARAMETER"><gtkdoclink href="PCCERT-CONTEXT:CAPS"><span class="TYPE">PCCERT_CONTEXT</span></gtkdoclink> cert</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);</pre>
+<p>Adds trusted (root) or untrusted certificate to the store.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41431"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data store klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41436"><span style="white-space: nowrap"><code class="PARAMETER">cert</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to PCCERT_CONTEXT X509 certificate.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41441"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate type (trusted/untrusted).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41446"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOX509STOREADOPTKEYSTORE"></a><h3>xmlSecMSCryptoX509StoreAdoptKeyStore ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecMSCryptoX509StoreAdoptKeyStore
+ (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>,
+ <code class="PARAMETER"><gtkdoclink href="HCERTSTORE:CAPS"><span class="TYPE">HCERTSTORE</span></gtkdoclink> keyStore</code>);</pre>
+<p>Adds <code class="PARAMETER">keyStore</code> to the list of key stores.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41467"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data store klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41472"><span style="white-space: nowrap"><code class="PARAMETER">keyStore</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys store.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41477"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOX509STOREADOPTTRUSTEDSTORE"></a><h3>xmlSecMSCryptoX509StoreAdoptTrustedStore ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecMSCryptoX509StoreAdoptTrustedStore
+ (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>,
+ <code class="PARAMETER"><gtkdoclink href="HCERTSTORE:CAPS"><span class="TYPE">HCERTSTORE</span></gtkdoclink> trustedStore</code>);</pre>
+<p>Adds <code class="PARAMETER">trustedStore</code> to the list of trusted certs stores.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41498"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data store klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41503"><span style="white-space: nowrap"><code class="PARAMETER">trustedStore</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to certs store.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41508"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOX509STOREADOPTUNTRUSTEDSTORE"></a><h3>xmlSecMSCryptoX509StoreAdoptUntrustedStore ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecMSCryptoX509StoreAdoptUntrustedStore
+ (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>,
+ <code class="PARAMETER"><gtkdoclink href="HCERTSTORE:CAPS"><span class="TYPE">HCERTSTORE</span></gtkdoclink> untrustedStore</code>);</pre>
+<p>Adds <code class="PARAMETER">trustedStore</code> to the list of un-trusted certs stores.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41529"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data store klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41534"><span style="white-space: nowrap"><code class="PARAMETER">untrustedStore</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to certs store.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41539"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECMSCRYPTOX509STOREENABLESYSTEMTRUSTEDCERTS"></a><h3>xmlSecMSCryptoX509StoreEnableSystemTrustedCerts ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecMSCryptoX509StoreEnableSystemTrustedCerts
+ (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> val</code>);</pre>
+<p>Enables/disables the system trusted certs.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41559"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data store klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN41564"><span style="white-space: nowrap"><code class="PARAMETER">val</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the enable/disable flag</p></td>
+</tr>
+</tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-mscrypto-keysstore.html"><b>&lt;&lt;&lt; keysstore</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-index.html"><b>XML Security Library Reference Index &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-mscrypto.sgml b/docs/api/xmlsec-mscrypto.sgml
new file mode 100644
index 00000000..dc58235d
--- /dev/null
+++ b/docs/api/xmlsec-mscrypto.sgml
@@ -0,0 +1,21 @@
+<!doctype book PUBLIC "-//DavenPort//DTD DocBook V3.0//EN" [
+<!ENTITY xmlsec-mscrypto-certkeys SYSTEM "sgml/certkeys.sgml">
+<!ENTITY xmlsec-mscrypto-app SYSTEM "sgml/app.sgml">
+<!ENTITY xmlsec-mscrypto-crypto SYSTEM "sgml/crypto.sgml">
+<!ENTITY xmlsec-mscrypto-keysstore SYSTEM "sgml/keysstore.sgml">
+<!ENTITY xmlsec-mscrypto-x509 SYSTEM "sgml/x509.sgml">
+]>
+<book id="index">
+ <bookinfo>
+ <title>[Insert name here] Reference Manual</title>
+ </bookinfo>
+
+ <chapter>
+ <title>[Insert title here]</title>
+ &xmlsec-mscrypto-certkeys;
+ &xmlsec-mscrypto-app;
+ &xmlsec-mscrypto-crypto;
+ &xmlsec-mscrypto-keysstore;
+ &xmlsec-mscrypto-x509;
+ </chapter>
+</book>
diff --git a/docs/api/xmlsec-nodeset.html b/docs/api/xmlsec-nodeset.html
new file mode 100644
index 00000000..32175e7d
--- /dev/null
+++ b/docs/api/xmlsec-nodeset.html
@@ -0,0 +1,542 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>nodeset</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Core Library API Reference." href="xmlsec-ref.html">
+<link rel="PREVIOUS" title="membuf" href="xmlsec-membuf.html">
+<link rel="NEXT" title="parser" href="xmlsec-parser.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-membuf.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-parser.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-NODESET"></a>nodeset</h1>
+<div class="REFNAMEDIV">
+<a name="AEN13894"></a><h2>Name</h2>nodeset -- Nodeset object implementation.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-NODESET.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS">enum <a href="xmlsec-nodeset.html#XMLSECNODESETTYPE">xmlSecNodeSetType</a>;
+enum <a href="xmlsec-nodeset.html#XMLSECNODESETOP">xmlSecNodeSetOp</a>;
+struct <a href="xmlsec-nodeset.html#XMLSECNODESET">xmlSecNodeSet</a>;
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (<a href="xmlsec-nodeset.html#XMLSECNODESETWALKCALLBACK">*xmlSecNodeSetWalkCallback</a>) (<code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> nset</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> cur</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> parent</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *data</code>);
+<gtkdoclink href="XMLSECNODESETPTR"><span class="RETURNVALUE">xmlSecNodeSetPtr</span></gtkdoclink><a href="xmlsec-nodeset.html#XMLSECNODESETCREATE">xmlSecNodeSetCreate</a> (<code class="PARAMETER"><gtkdoclink href="XMLDOC"><span class="TYPE">xmlDocPtr</span></gtkdoclink> doc</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODESET"><span class="TYPE">xmlNodeSetPtr</span></gtkdoclink> nodes</code>,
+ <code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESETTYPE"><span class="TYPE">xmlSecNodeSetType</span></a> type</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-nodeset.html#XMLSECNODESETDESTROY">xmlSecNodeSetDestroy</a> (<code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> nset</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-nodeset.html#XMLSECNODESETDOCDESTROY">xmlSecNodeSetDocDestroy</a> (<code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> nset</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-nodeset.html#XMLSECNODESETCONTAINS">xmlSecNodeSetContains</a> (<code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> nset</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> parent</code>);
+<gtkdoclink href="XMLSECNODESETPTR"><span class="RETURNVALUE">xmlSecNodeSetPtr</span></gtkdoclink><a href="xmlsec-nodeset.html#XMLSECNODESETADD">xmlSecNodeSetAdd</a> (<code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> nset</code>,
+ <code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> newNSet</code>,
+ <code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESETOP"><span class="TYPE">xmlSecNodeSetOp</span></a> op</code>);
+<gtkdoclink href="XMLSECNODESETPTR"><span class="RETURNVALUE">xmlSecNodeSetPtr</span></gtkdoclink><a href="xmlsec-nodeset.html#XMLSECNODESETADDLIST">xmlSecNodeSetAddList</a> (<code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> nset</code>,
+ <code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> newNSet</code>,
+ <code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESETOP"><span class="TYPE">xmlSecNodeSetOp</span></a> op</code>);
+<gtkdoclink href="XMLSECNODESETPTR"><span class="RETURNVALUE">xmlSecNodeSetPtr</span></gtkdoclink><a href="xmlsec-nodeset.html#XMLSECNODESETGETCHILDREN">xmlSecNodeSetGetChildren</a> (<code class="PARAMETER"><gtkdoclink href="XMLDOC"><span class="TYPE">xmlDocPtr</span></gtkdoclink> doc</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> parent</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> withComments</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> invert</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-nodeset.html#XMLSECNODESETWALK">xmlSecNodeSetWalk</a> (<code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> nset</code>,
+ <code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESETWALKCALLBACK"><span class="TYPE">xmlSecNodeSetWalkCallback</span></a> walkFunc</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *data</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-nodeset.html#XMLSECNODESETDUMPTEXTNODES">xmlSecNodeSetDumpTextNodes</a> (<code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> nset</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLOUTPUTBUFFER"><span class="TYPE">xmlOutputBufferPtr</span></gtkdoclink> out</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-nodeset.html#XMLSECNODESETDEBUGDUMP">xmlSecNodeSetDebugDump</a> (<code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> nset</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-NODESET.DESCRIPTION"></a><h2>Description</h2>
+<p>Nodeset object implementation.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-NODESET.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECNODESETTYPE"></a><h3>enum xmlSecNodeSetType</h3>
+<pre class="PROGRAMLISTING">typedef enum {
+ xmlSecNodeSetNormal = 0,
+ xmlSecNodeSetInvert,
+ xmlSecNodeSetTree,
+ xmlSecNodeSetTreeWithoutComments,
+ xmlSecNodeSetTreeInvert,
+ xmlSecNodeSetTreeWithoutCommentsInvert,
+ xmlSecNodeSetList
+} xmlSecNodeSetType;</pre>
+<p>The basic nodes sets types.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECNODESETNORMAL"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecNodeSetNormal</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>nodes set = nodes in the list.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECNODESETINVERT"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecNodeSetInvert</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>nodes set = all document nodes minus nodes in the list.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECNODESETTREE"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecNodeSetTree</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>nodes set = nodes in the list and all their subtress.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECNODESETTREEWITHOUTCOMMENTS"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecNodeSetTreeWithoutComments</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>nodes set = nodes in the list and
+ all their subtress but no comment nodes.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECNODESETTREEINVERT"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecNodeSetTreeInvert</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>nodes set = all document nodes minus nodes in the
+ list and all their subtress.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECNODESETTREEWITHOUTCOMMENTSINVERT"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecNodeSetTreeWithoutCommentsInvert</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>nodes set = all document nodes
+ minus (nodes in the list and all their subtress
+ plus all comment nodes).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECNODESETLIST"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecNodeSetList</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>nodes set = all nodes in the chidren list of nodes sets.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNODESETOP"></a><h3>enum xmlSecNodeSetOp</h3>
+<pre class="PROGRAMLISTING">typedef enum {
+ xmlSecNodeSetIntersection = 0,
+ xmlSecNodeSetSubtraction,
+ xmlSecNodeSetUnion
+} xmlSecNodeSetOp;</pre>
+<p>The simple nodes sets operations.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECNODESETINTERSECTION"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecNodeSetIntersection</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>intersection.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECNODESETSUBTRACTION"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecNodeSetSubtraction</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>subtraction.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECNODESETUNION"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecNodeSetUnion</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>union.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNODESET"></a><h3>struct xmlSecNodeSet</h3>
+<pre class="PROGRAMLISTING">struct xmlSecNodeSet {
+ xmlNodeSetPtr nodes;
+ xmlDocPtr doc;
+ int destroyDoc;
+ xmlSecNodeSetType type;
+ xmlSecNodeSetOp op;
+ xmlSecNodeSetPtr next;
+ xmlSecNodeSetPtr prev;
+ xmlSecNodeSetPtr children;
+};</pre>
+<p>The enchanced nodes set.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14099"><span style="white-space: nowrap"><gtkdoclink href="XMLNODESET"><span class="TYPE">xmlNodeSetPtr</span></gtkdoclink> <code class="STRUCTFIELD">nodes</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the nodes list.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14106"><span style="white-space: nowrap"><gtkdoclink href="XMLDOC"><span class="TYPE">xmlDocPtr</span></gtkdoclink> <code class="STRUCTFIELD">doc</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the parent XML document.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14113"><span style="white-space: nowrap"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> <code class="STRUCTFIELD">destroyDoc</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the flag: if set to 1 then <code class="PARAMETER">doc</code> will
+ be destroyed when node set is destroyed.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14121"><span style="white-space: nowrap"><a href="xmlsec-nodeset.html#XMLSECNODESETTYPE"><span class="TYPE">xmlSecNodeSetType</span></a> <code class="STRUCTFIELD">type</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the nodes set type.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14128"><span style="white-space: nowrap"><a href="xmlsec-nodeset.html#XMLSECNODESETOP"><span class="TYPE">xmlSecNodeSetOp</span></a> <code class="STRUCTFIELD">op</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the operation type.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14135"><span style="white-space: nowrap"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> <code class="STRUCTFIELD">next</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the next nodes set.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14142"><span style="white-space: nowrap"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> <code class="STRUCTFIELD">prev</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the previous nodes set.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14149"><span style="white-space: nowrap"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> <code class="STRUCTFIELD">children</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the children list (valid only if type
+ equal to <a href="xmlsec-nodeset.html#XMLSECNODESETLIST"><span class="TYPE">xmlSecNodeSetList</span></a>).</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNODESETWALKCALLBACK"></a><h3>xmlSecNodeSetWalkCallback ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (*xmlSecNodeSetWalkCallback) (<code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> nset</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> cur</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> parent</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *data</code>);</pre>
+<p>The callback function called once per each node in the nodes set.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14179"><span style="white-space: nowrap"><code class="PARAMETER">nset</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSet</span></a> structure.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14186"><span style="white-space: nowrap"><code class="PARAMETER">cur</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer current XML node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14191"><span style="white-space: nowrap"><code class="PARAMETER">parent</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to the <code class="PARAMETER">cur</code> parent node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14197"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to application specific data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14202"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs
+an walk procedure should be interrupted.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNODESETCREATE"></a><h3>xmlSecNodeSetCreate ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECNODESETPTR"><span class="RETURNVALUE">xmlSecNodeSetPtr</span></gtkdoclink> xmlSecNodeSetCreate (<code class="PARAMETER"><gtkdoclink href="XMLDOC"><span class="TYPE">xmlDocPtr</span></gtkdoclink> doc</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODESET"><span class="TYPE">xmlNodeSetPtr</span></gtkdoclink> nodes</code>,
+ <code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESETTYPE"><span class="TYPE">xmlSecNodeSetType</span></a> type</code>);</pre>
+<p>Creates new nodes set. Caller is responsible for freeing returned object
+by calling <a href="xmlsec-nodeset.html#XMLSECNODESETDESTROY"><span class="TYPE">xmlSecNodeSetDestroy</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14227"><span style="white-space: nowrap"><code class="PARAMETER">doc</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to parent XML document.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14232"><span style="white-space: nowrap"><code class="PARAMETER">nodes</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the list of nodes.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14237"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the nodes set type.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14242"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to newly allocated node set or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNODESETDESTROY"></a><h3>xmlSecNodeSetDestroy ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecNodeSetDestroy (<code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> nset</code>);</pre>
+<p>Destroys the nodes set created with <a href="xmlsec-nodeset.html#XMLSECNODESETCREATE"><span class="TYPE">xmlSecNodeSetCreate</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN14261"><span style="white-space: nowrap"><code class="PARAMETER">nset</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to node set.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNODESETDOCDESTROY"></a><h3>xmlSecNodeSetDocDestroy ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecNodeSetDocDestroy (<code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> nset</code>);</pre>
+<p>Instructs node set to destroy nodes parent doc when node set is destroyed.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN14278"><span style="white-space: nowrap"><code class="PARAMETER">nset</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to node set.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNODESETCONTAINS"></a><h3>xmlSecNodeSetContains ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecNodeSetContains (<code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> nset</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> parent</code>);</pre>
+<p>Checks whether the <code class="PARAMETER">node</code> is in the nodes set or not.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14302"><span style="white-space: nowrap"><code class="PARAMETER">nset</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to node set.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14307"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to XML node to check.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14312"><span style="white-space: nowrap"><code class="PARAMETER">parent</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <code class="PARAMETER">node</code> parent node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14318"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 1 if the <code class="PARAMETER">node</code> is in the nodes set <code class="PARAMETER">nset</code>, 0 if it is not
+and a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNODESETADD"></a><h3>xmlSecNodeSetAdd ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECNODESETPTR"><span class="RETURNVALUE">xmlSecNodeSetPtr</span></gtkdoclink> xmlSecNodeSetAdd (<code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> nset</code>,
+ <code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> newNSet</code>,
+ <code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESETOP"><span class="TYPE">xmlSecNodeSetOp</span></a> op</code>);</pre>
+<p>Adds <code class="PARAMETER">newNSet</code> to the <code class="PARAMETER">nset</code> using operation <code class="PARAMETER">op</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14346"><span style="white-space: nowrap"><code class="PARAMETER">nset</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to currrent nodes set (or NULL).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14351"><span style="white-space: nowrap"><code class="PARAMETER">newNSet</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to new nodes set.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14356"><span style="white-space: nowrap"><code class="PARAMETER">op</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the operation type.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14361"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to combined nodes set or NULL if an error
+occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNODESETADDLIST"></a><h3>xmlSecNodeSetAddList ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECNODESETPTR"><span class="RETURNVALUE">xmlSecNodeSetPtr</span></gtkdoclink> xmlSecNodeSetAddList (<code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> nset</code>,
+ <code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> newNSet</code>,
+ <code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESETOP"><span class="TYPE">xmlSecNodeSetOp</span></a> op</code>);</pre>
+<p>Adds <code class="PARAMETER">newNSet</code> to the <code class="PARAMETER">nset</code> as child using operation <code class="PARAMETER">op</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14387"><span style="white-space: nowrap"><code class="PARAMETER">nset</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to currrent nodes set (or NULL).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14392"><span style="white-space: nowrap"><code class="PARAMETER">newNSet</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to new nodes set.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14397"><span style="white-space: nowrap"><code class="PARAMETER">op</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the operation type.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14402"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to combined nodes set or NULL if an error
+occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNODESETGETCHILDREN"></a><h3>xmlSecNodeSetGetChildren ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECNODESETPTR"><span class="RETURNVALUE">xmlSecNodeSetPtr</span></gtkdoclink> xmlSecNodeSetGetChildren (<code class="PARAMETER"><gtkdoclink href="XMLDOC"><span class="TYPE">xmlDocPtr</span></gtkdoclink> doc</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> parent</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> withComments</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> invert</code>);</pre>
+<p>Creates a new nodes set that contains:
+ - if <code class="PARAMETER">withComments</code> is not 0 and <code class="PARAMETER">invert</code> is 0:
+ all nodes in the <code class="PARAMETER">parent</code> subtree;
+ - if <code class="PARAMETER">withComments</code> is 0 and <code class="PARAMETER">invert</code> is 0:
+ all nodes in the <code class="PARAMETER">parent</code> subtree except comment nodes;
+ - if <code class="PARAMETER">withComments</code> is not 0 and <code class="PARAMETER">invert</code> not is 0:
+ all nodes in the <code class="PARAMETER">doc</code> except nodes in the <code class="PARAMETER">parent</code> subtree;
+ - if <code class="PARAMETER">withComments</code> is 0 and <code class="PARAMETER">invert</code> is 0:
+ all nodes in the <code class="PARAMETER">doc</code> except nodes in the <code class="PARAMETER">parent</code> subtree
+ and comment nodes.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14442"><span style="white-space: nowrap"><code class="PARAMETER">doc</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to an XML document.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14447"><span style="white-space: nowrap"><code class="PARAMETER">parent</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to parent XML node or NULL if we want to include all document nodes.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14452"><span style="white-space: nowrap"><code class="PARAMETER">withComments</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the flag include comments or not.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14457"><span style="white-space: nowrap"><code class="PARAMETER">invert</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the "invert" flag.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14462"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the newly created <a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSet</span></a> structure
+or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNODESETWALK"></a><h3>xmlSecNodeSetWalk ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecNodeSetWalk (<code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> nset</code>,
+ <code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESETWALKCALLBACK"><span class="TYPE">xmlSecNodeSetWalkCallback</span></a> walkFunc</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *data</code>);</pre>
+<p>Calls the function <code class="PARAMETER">walkFunc</code> once per each node in the nodes set <code class="PARAMETER">nset</code>.
+If the <code class="PARAMETER">walkFunc</code> returns a negative value, then the walk procedure
+is interrupted.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14490"><span style="white-space: nowrap"><code class="PARAMETER">nset</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to node set.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14495"><span style="white-space: nowrap"><code class="PARAMETER">walkFunc</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the callback functions.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14500"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the application specific data passed to the <code class="PARAMETER">walkFunc</code>.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14506"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNODESETDUMPTEXTNODES"></a><h3>xmlSecNodeSetDumpTextNodes ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecNodeSetDumpTextNodes (<code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> nset</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLOUTPUTBUFFER"><span class="TYPE">xmlOutputBufferPtr</span></gtkdoclink> out</code>);</pre>
+<p>Dumps content of all the text nodes from <code class="PARAMETER">nset</code> to <code class="PARAMETER">out</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14528"><span style="white-space: nowrap"><code class="PARAMETER">nset</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to node set.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14533"><span style="white-space: nowrap"><code class="PARAMETER">out</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the output buffer.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14538"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNODESETDEBUGDUMP"></a><h3>xmlSecNodeSetDebugDump ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecNodeSetDebugDump (<code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> nset</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+<p>Prints information about <code class="PARAMETER">nset</code> to the <code class="PARAMETER">output</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14560"><span style="white-space: nowrap"><code class="PARAMETER">nset</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to node set.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14565"><span style="white-space: nowrap"><code class="PARAMETER">output</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to output FILE.</p></td>
+</tr>
+</tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-membuf.html"><b>&lt;&lt;&lt; membuf</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-parser.html"><b>parser &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-compiling-others.html b/docs/api/xmlsec-notes-compiling-others.html
new file mode 100644
index 00000000..5741c750
--- /dev/null
+++ b/docs/api/xmlsec-notes-compiling-others.html
@@ -0,0 +1,102 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Compiling and linking on other systems.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Building the application with XML Security Library." href="xmlsec-notes-compiling.html">
+<link rel="PREVIOUS" title="Compiling and linking on Windows." href="xmlsec-notes-compiling-windows.html">
+<link rel="NEXT" title="Initialization and shutdown." href="xmlsec-notes-init-shutdown.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-compiling-windows.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes-compiling.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-init-shutdown.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-NOTES-COMPILING-OTHERS">Compiling and linking on other systems.</a></h1>
+<p>Well, nothing is impossible, it's only software (you managed to
+ compile the library itself, do you?).
+ I'll be happy to include in this manual your expirience with
+ compiling and linking applications with XML Security Library
+ on other platforms (if you would like to share it).
+ </p>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-compiling-windows.html"><b>&lt;&lt;&lt; Compiling and linking on Windows.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-init-shutdown.html"><b>Initialization and shutdown. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-compiling-unix.html b/docs/api/xmlsec-notes-compiling-unix.html
new file mode 100644
index 00000000..476552ea
--- /dev/null
+++ b/docs/api/xmlsec-notes-compiling-unix.html
@@ -0,0 +1,223 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Compiling and linking on Unix.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Building the application with XML Security Library." href="xmlsec-notes-compiling.html">
+<link rel="PREVIOUS" title="Include files." href="xmlsec-notes-include-files.html">
+<link rel="NEXT" title="Compiling and linking on Windows." href="xmlsec-notes-compiling-windows.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-include-files.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes-compiling.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-compiling-windows.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-NOTES-COMPILING-UNIX">Compiling and linking on Unix.</a></h1>
+<p>There are several ways to get necessary compilation
+ and linking information on Unix and application can use
+ any of these methods to do crypto engine selection either
+ at linking or run time.
+
+ </p>
+<p></p>
+<ul>
+<li>
+<p>PKG_CHECK_MODULES() macro
+ </p>
+<div class="EXAMPLE">
+<a name="AEN70"></a><p><b>Example 2. Using PKG_CHECK_MODULES() macro in a configure.in file
+ to select crypto engine (openssl) at linking time.</b></p>
+<pre class="PROGRAMLISTING">dnl
+dnl Check for xmlsec and friends
+dnl
+PKG_CHECK_MODULES(XMLSEC, xmlsec1-openssl &gt;= 1.0.0 xml2 libxslt,,exit)
+CFLAGS="$CFLAGS $XMLSEC_CFLAGS"
+CPPFLAGS="$CPPFLAGS $XMLSEC_CFLAGS"
+LDFLAGS="$LDFLAGS $XMLSEC_LIBS"
+ </pre>
+</div>
+
+ <div class="EXAMPLE">
+<a name="AEN73"></a><p><b>Example 3. Using PKG_CHECK_MODULES() macro in a configure.in file
+ to enable dynamical loading of xmlsec-crypto library.</b></p>
+<pre class="PROGRAMLISTING">dnl
+dnl Check for xmlsec and friends
+dnl
+PKG_CHECK_MODULES(XMLSEC, xmlsec1 &gt;= 1.0.0 xml2 libxslt,,exit)
+CFLAGS="$CFLAGS $XMLSEC_CFLAGS"
+CPPFLAGS="$CPPFLAGS $XMLSEC_CFLAGS"
+LDFLAGS="$LDFLAGS $XMLSEC_LIBS"
+ </pre>
+</div>
+
+ </li>
+<li>
+<p>pkg-config script
+ </p>
+<div class="EXAMPLE">
+<a name="AEN78"></a><p><b>Example 4. Using pkg-config script in a Makefile
+ to select crypto engine (nss) at linking time.</b></p>
+<pre class="PROGRAMLISTING">PROGRAM = test
+PROGRAM_FILES = test.c
+
+CFLAGS += -g $(shell pkg-config --cflags xmlsec1-nss)
+LDFLAGS += -g
+LIBS += $(shell pkg-config --libs xmlsec1-nss)
+
+all: $(PROGRAM)
+
+%: %.c
+ $(cc) $(PROGRAM_FILES) $(CFLAGS) $(LDFLAGS) -o $(PROGRAM) $(LIBS)
+
+clean:
+ @rm -rf $(PROGRAM)
+ </pre>
+</div>
+
+
+ <div class="EXAMPLE">
+<a name="AEN81"></a><p><b>Example 5. Using pkg-config script in a Makefile
+ to enable dynamical loading of xmlsec-crypto library.</b></p>
+<pre class="PROGRAMLISTING">PROGRAM = test
+PROGRAM_FILES = test.c
+
+CFLAGS += -g $(shell pkg-config --cflags xmlsec1)
+LDFLAGS += -g
+LIBS += $(shell pkg-config --libs xmlsec1)
+
+all: $(PROGRAM)
+
+%: %.c
+ $(cc) $(PROGRAM_FILES) $(CFLAGS) $(LDFLAGS) -o $(PROGRAM) $(LIBS)
+
+clean:
+ @rm -rf $(PROGRAM)
+ </pre>
+</div>
+
+ </li>
+<li>
+<p>xmlsec1-config script
+ </p>
+<div class="EXAMPLE">
+<a name="AEN86"></a><p><b>Example 6. Using xmlsec1-config script in a Makefile
+ to select crypto engine (e.g. gnutls) at linking time.</b></p>
+<pre class="PROGRAMLISTING">PROGRAM = test
+PROGRAM_FILES = test.c
+
+CFLAGS += -g $(shell xmlsec1-config --crypto gnutls --cflags)
+LDFLAGS += -g
+LIBS += $(shell xmlsec1-config --crypto gnutls --libs)
+
+all: $(PROGRAM)
+
+%: %.c
+ $(cc) $(PROGRAM_FILES) $(CFLAGS) $(LDFLAGS) -o $(PROGRAM) $(LIBS)
+
+clean:
+ @rm -rf $(PROGRAM)
+ </pre>
+</div>
+
+ <div class="EXAMPLE">
+<a name="AEN89"></a><p><b>Example 7. Using xmlsec1-config script in a Makefile
+ to enable dynamical loading of xmlsec-crypto library.</b></p>
+<pre class="PROGRAMLISTING">PROGRAM = test
+PROGRAM_FILES = test.c
+
+CFLAGS += -g $(shell xmlsec1-config --cflags)
+LDFLAGS += -g
+LIBS += $(shell xmlsec1-config --libs)
+
+all: $(PROGRAM)
+
+%: %.c
+ $(cc) $(PROGRAM_FILES) $(CFLAGS) $(LDFLAGS) -o $(PROGRAM) $(LIBS)
+
+clean:
+ @rm -rf $(PROGRAM)
+ </pre>
+</div>
+ </li>
+</ul>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-include-files.html"><b>&lt;&lt;&lt; Include files.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-compiling-windows.html"><b>Compiling and linking on Windows. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-compiling-windows.html b/docs/api/xmlsec-notes-compiling-windows.html
new file mode 100644
index 00000000..7ba8fc63
--- /dev/null
+++ b/docs/api/xmlsec-notes-compiling-windows.html
@@ -0,0 +1,138 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Compiling and linking on Windows.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Building the application with XML Security Library." href="xmlsec-notes-compiling.html">
+<link rel="PREVIOUS" title="Compiling and linking on Unix." href="xmlsec-notes-compiling-unix.html">
+<link rel="NEXT" title="Compiling and linking on other systems." href="xmlsec-notes-compiling-others.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-compiling-unix.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes-compiling.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-compiling-others.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-NOTES-COMPILING-WINDOWS">Compiling and linking on Windows.</a></h1>
+<p>On Windows there is no such simple and elegant solution.
+ Please check <tt class="FILENAME">README</tt> file in <tt class="FILENAME">win32</tt>
+ folder of the library package for latest instructions.
+ However, there are few general things, that you need to remember:
+ </p>
+<p></p>
+<ul>
+<li><p>
+ <span class="emphasis"><i class="EMPHASIS">All libraries linked to your application must be compiled
+ with the same Microsoft Runtime Libraries.</i></span>
+ </p></li>
+<li>
+<p>
+ <span class="emphasis"><i class="EMPHASIS">Static linking with XML Security Library requires
+ additional global defines:</i></span>
+ </p>
+<div class="INFORMALEXAMPLE">
+<p></p>
+<a name="AEN104"></a><pre class="PROGRAMLISTING">#define LIBXML_STATIC
+#define LIBXSLT_STATIC
+#define XMLSEC_STATIC
+ </pre>
+<p></p>
+</div>
+ </li>
+<li><p> If you do not want to dynamicaly load xmlsec-crypto library
+ and prefer to select crypto engine at linking then you should
+ link your application with xmlsec and at least one of
+ xmlsec-crypto libraries.
+ </p></li>
+<li>
+<p> In order to enable dynamic loading for xmlsec-crypto library
+ you should add additional global define:
+ </p>
+<div class="INFORMALEXAMPLE">
+<p></p>
+<a name="AEN110"></a><pre class="PROGRAMLISTING">#define XMLSEC_CRYPTO_DYNAMIC_LOADING
+ </pre>
+<p></p>
+</div>
+ </li>
+</ul>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-compiling-unix.html"><b>&lt;&lt;&lt; Compiling and linking on Unix.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-compiling-others.html"><b>Compiling and linking on other systems. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-compiling.html b/docs/api/xmlsec-notes-compiling.html
new file mode 100644
index 00000000..3e7d1f60
--- /dev/null
+++ b/docs/api/xmlsec-notes-compiling.html
@@ -0,0 +1,117 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Building the application with XML Security Library.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library Tutorial" href="xmlsec-notes.html">
+<link rel="PREVIOUS" title="XML Security Library Structure." href="xmlsec-notes-structure.html">
+<link rel="NEXT" title="Include files." href="xmlsec-notes-include-files.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-structure.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-include-files.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<div class="CHAPTER">
+<h1>
+<a name="XMLSEC-NOTES-COMPILING"></a>Building the application with XML Security Library.</h1>
+<div class="TOC"><dl>
+<dt><b>Table of Contents</b></dt>
+<dt><a href="xmlsec-notes-compiling.html#XMLSEC-NOTES-COMPILING-OVERVIEW">Overview.</a></dt>
+<dt><a href="xmlsec-notes-include-files.html">Include files.</a></dt>
+<dt><a href="xmlsec-notes-compiling-unix.html">Compiling and linking on Unix.</a></dt>
+<dt><a href="xmlsec-notes-compiling-windows.html">Compiling and linking on Windows.</a></dt>
+<dt><a href="xmlsec-notes-compiling-others.html">Compiling and linking on other systems.</a></dt>
+</dl></div>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-NOTES-COMPILING-OVERVIEW">Overview.</a></h1>
+<p>Compiling and linking application with XML Security
+ Library requires specifying correct compilation flags, library files
+ and paths to include and library files. As we discussed before,
+ XML Security Library consist of the core xmlsec library and several
+ xmlsec-crypto libraries. Application has a choice of selecting crypto
+ library at link time or dynamicaly loading it at run time. Please note,
+ that loading crypto engines dynamicaly may introduce security problems
+ on some platforms.
+ </p>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-structure.html"><b>&lt;&lt;&lt; XML Security Library Structure.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-include-files.html"><b>Include files. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-contexts.html b/docs/api/xmlsec-notes-contexts.html
new file mode 100644
index 00000000..247f83f6
--- /dev/null
+++ b/docs/api/xmlsec-notes-contexts.html
@@ -0,0 +1,229 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Using context objects.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library Tutorial" href="xmlsec-notes.html">
+<link rel="PREVIOUS" title="Transforms and transforms chain." href="xmlsec-notes-transforms.html">
+<link rel="NEXT" title="Adding support for new cryptographic library." href="xmlsec-notes-new-crypto.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-transforms.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-new-crypto.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<div class="CHAPTER">
+<h1>
+<a name="XMLSEC-NOTES-CONTEXTS"></a>Using context objects.</h1>
+<p>The great flexibility of XML Digital Signature and XML Encryption
+ specification is one of the most interesting and in the same time,
+ most dangerouse feature for an application developer.
+ For example, XPath and XSLT transform can make it very difficult
+ to find out what exactly was signed by just looking at the
+ transforms and the input data. Many protocols based on
+ XML Digital Signature and XML Encryption restrict allowed
+ key data types, allowed transforms or possible input data.
+ For example, signature in a simple SAML Response should have only
+ one &lt;dsig:Reference/&gt; element with an empty or NULL
+ URI attribute and only one enveloped transform.
+ XML Security Library uses "context" objects to let application
+ enable or disable particular features, return the result
+ data and the information collected during the processing.
+ Also all the context objects defined in XML Security library have
+ a special <code class="STRUCTFIELD">userData</code> member which could
+ be used by application to pass application specific data around.
+ XML Security Library never use this field.
+ The application creates a new
+ <a href="xmlsec-xmldsig.html#XMLSECDSIGCTX">xmlSecDSigCtx</a>
+ or <a href="xmlsec-xmlenc.html#XMLSECENCCTX">xmlSecEncCtx</a> object for each
+ operation, sets necessary options and consumes result returned
+ in the context after signature, verification, encryption or decryption.
+ </p>
+<p> </p>
+<div class="EXAMPLE">
+<a name="AEN489"></a><p><b>Example 1. SAML signature validation.</b></p>
+<pre class="PROGRAMLISTING">/**
+ * verify_file:
+ * @mngr: the pointer to keys manager.
+ * @xml_file: the signed XML file name.
+ *
+ * Verifies XML signature in #xml_file.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr node = NULL;
+ xmlSecDSigCtxPtr dsigCtx = NULL;
+ int res = -1;
+
+ assert(mngr);
+ assert(xml_file);
+
+ /* load file */
+ doc = xmlParseFile(xml_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* find start node */
+ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
+ if(node == NULL) {
+ fprintf(stderr, "Error: start node not found in \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* create signature context */
+ dsigCtx = xmlSecDSigCtxCreate(mngr);
+ if(dsigCtx == NULL) {
+ fprintf(stderr,"Error: failed to create signature context\n");
+ goto done;
+ }
+
+ /* limit the Reference URI attributes to empty or NULL */
+ dsigCtx-&gt;enabledReferenceUris = xmlSecTransformUriTypeEmpty;
+
+ /* limit allowed transforms for siganture and reference processing */
+ if((xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformInclC14NId) &lt; 0) ||
+ (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformExclC14NId) &lt; 0) ||
+ (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformSha1Id) &lt; 0) ||
+ (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformRsaSha1Id) &lt; 0)) {
+
+ fprintf(stderr,"Error: failed to limit allowed siganture transforms\n");
+ goto done;
+ }
+ if((xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformInclC14NId) &lt; 0) ||
+ (xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformExclC14NId) &lt; 0) ||
+ (xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformSha1Id) &lt; 0) ||
+ (xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformEnvelopedId) &lt; 0)) {
+
+ fprintf(stderr,"Error: failed to limit allowed reference transforms\n");
+ goto done;
+ }
+
+ /* in addition, limit possible key data to valid X509 certificates only */
+ if(xmlSecPtrListAdd(&amp;(dsigCtx-&gt;keyInfoReadCtx.enabledKeyData), BAD_CAST xmlSecKeyDataX509Id) &lt; 0) {
+ fprintf(stderr,"Error: failed to limit allowed key data\n");
+ goto done;
+ }
+
+ /* Verify signature */
+ if(xmlSecDSigCtxVerify(dsigCtx, node) &lt; 0) {
+ fprintf(stderr,"Error: signature verify\n");
+ goto done;
+ }
+
+ /* check that we have only one Reference */
+ if((dsigCtx-&gt;status == xmlSecDSigStatusSucceeded) &amp;&amp;
+ (xmlSecPtrListGetSize(&amp;(dsigCtx-&gt;signedInfoReferences)) != 1)) {
+
+ fprintf(stderr,"Error: only one reference is allowed\n");
+ goto done;
+ }
+
+ /* print verification result to stdout */
+ if(dsigCtx-&gt;status == xmlSecDSigStatusSucceeded) {
+ fprintf(stdout, "Signature is OK\n");
+ } else {
+ fprintf(stdout, "Signature is INVALID\n");
+ }
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(dsigCtx != NULL) {
+ xmlSecDSigCtxDestroy(dsigCtx);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+
+ </pre>
+</div>
+ </div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-transforms.html"><b>&lt;&lt;&lt; Transforms and transforms chain.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-new-crypto.html"><b>Adding support for new cryptographic library. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-custom-keys-store.html b/docs/api/xmlsec-notes-custom-keys-store.html
new file mode 100644
index 00000000..7c81c23b
--- /dev/null
+++ b/docs/api/xmlsec-notes-custom-keys-store.html
@@ -0,0 +1,250 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Implementing a custom keys store.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Keys manager." href="xmlsec-notes-keysmngr.html">
+<link rel="PREVIOUS" title="Using keys manager for verification/decryption." href="xmlsec-notes-keys-mngr-verify-decrypt.html">
+<link rel="NEXT" title="Using X509 Certificates." href="xmlsec-notes-x509.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-keys-mngr-verify-decrypt.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes-keysmngr.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-x509.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-NOTES-CUSTOM-KEYS-STORE">Implementing a custom keys store.</a></h1>
+<p>In many cases, a default built-in list based keys store
+ is not good enough. For example, XML Security Library (and
+ the built-in default keys store) have no synchronization and
+ you'll need to implement a custom keys store if you want to
+ add or remove keys while other threads use the store.</p>
+<p> </p>
+<div class="EXAMPLE">
+<a name="AEN400"></a><p><b>Example 4. Creating a custom keys manager.</b></p>
+<pre class="PROGRAMLISTING">/**
+ * create_files_keys_mngr:
+ *
+ * Creates a files based keys manager: we assume that key name is
+ * the key file name,
+ *
+ * Returns pointer to newly created keys manager or NULL if an error occurs.
+ */
+xmlSecKeysMngrPtr
+create_files_keys_mngr(void) {
+ xmlSecKeyStorePtr keysStore;
+ xmlSecKeysMngrPtr mngr;
+
+ /* create files based keys store */
+ keysStore = xmlSecKeyStoreCreate(files_keys_store_get_klass());
+ if(keysStore == NULL) {
+ fprintf(stderr, "Error: failed to create keys store.\n");
+ return(NULL);
+ }
+
+ /* create keys manager */
+ mngr = xmlSecKeysMngrCreate();
+ if(mngr == NULL) {
+ fprintf(stderr, "Error: failed to create keys manager.\n");
+ xmlSecKeyStoreDestroy(keysStore);
+ return(NULL);
+ }
+
+ /* add store to keys manager, from now on keys manager destroys the store if needed */
+ if(xmlSecKeysMngrAdoptKeysStore(mngr, keysStore) &lt; 0) {
+ fprintf(stderr, "Error: failed to add keys store to keys manager.\n");
+ xmlSecKeyStoreDestroy(keysStore);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* initialize crypto library specific data in keys manager */
+ if(xmlSecCryptoKeysMngrInit(mngr) &lt; 0) {
+ fprintf(stderr, "Error: failed to initialize crypto data in keys manager.\n");
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* set the get key callback */
+ mngr-&gt;getKey = xmlSecKeysMngrGetKey;
+ return(mngr);
+}
+
+/****************************************************************************
+ *
+ * Files Keys Store: we assume that key's name (content of the
+ * &lt;dsig:KeyName/&gt; element is a name of the file with a key.
+ * Attention: this probably not a good solution for high traffic systems.
+ *
+ ***************************************************************************/
+static xmlSecKeyPtr files_keys_store_find_key (xmlSecKeyStorePtr store,
+ const xmlChar* name,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static xmlSecKeyStoreKlass files_keys_store_klass = {
+ sizeof(xmlSecKeyStoreKlass),
+ sizeof(xmlSecKeyStore),
+ BAD_CAST "files-based-keys-store", /* const xmlChar* name; */
+ NULL, /* xmlSecKeyStoreInitializeMethod initialize; */
+ NULL, /* xmlSecKeyStoreFinalizeMethod finalize; */
+ files_keys_store_find_key, /* xmlSecKeyStoreFindKeyMethod findKey; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * files_keys_store_get_klass:
+ *
+ * The files based keys store klass: we assume that key name is the
+ * key file name,
+ *
+ * Returns files based keys store klass.
+ */
+xmlSecKeyStoreId
+files_keys_store_get_klass(void) {
+ return(&amp;files_keys_store_klass);
+}
+
+/**
+ * files_keys_store_find_key:
+ * @store: the pointer to default keys store.
+ * @name: the desired key name.
+ * @keyInfoCtx: the pointer to &lt;dsig:KeyInfo/&gt; node processing context.
+ *
+ * Lookups key in the @store.
+ *
+ * Returns pointer to key or NULL if key not found or an error occurs.
+ */
+static xmlSecKeyPtr
+files_keys_store_find_key(xmlSecKeyStorePtr store, const xmlChar* name, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyPtr key;
+ const xmlChar* p;
+
+ assert(store);
+ assert(keyInfoCtx);
+
+ /* it's possible to do not have the key name or desired key type
+ * but we could do nothing in this case */
+ if((name == NULL) || (keyInfoCtx-&gt;keyReq.keyId == xmlSecKeyDataIdUnknown)){
+ return(NULL);
+ }
+
+ /* we don't want to open files in a folder other than "current";
+ * to prevent it limit the characters in the key name to alpha/digit,
+ * '.', '-' or '_'.
+ */
+ for(p = name; (*p) != '\0'; ++p) {
+ if(!isalnum((*p)) &amp;&amp; ((*p) != '.') &amp;&amp; ((*p) != '-') &amp;&amp; ((*p) != '_')) {
+ return(NULL);
+ }
+ }
+
+ if((keyInfoCtx-&gt;keyReq.keyId == xmlSecKeyDataDsaId) || (keyInfoCtx-&gt;keyReq.keyId == xmlSecKeyDataRsaId)) {
+ /* load key from a pem file, if key is not found then it's an error (is it?) */
+ key = xmlSecCryptoAppKeyLoad(name, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
+ if(key == NULL) {
+ fprintf(stderr,"Error: failed to load pem key from \"%s\"\n", name);
+ return(NULL);
+ }
+ } else {
+ /* otherwise it's a binary key, if key is not found then it's an error (is it?) */
+ key = xmlSecKeyReadBinaryFile(keyInfoCtx-&gt;keyReq.keyId, name);
+ if(key == NULL) {
+ fprintf(stderr,"Error: failed to load key from binary file \"%s\"\n", name);
+ return(NULL);
+ }
+ }
+
+ /* set key name */
+ if(xmlSecKeySetName(key, name) &lt; 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", name);
+ xmlSecKeyDestroy(key);
+ return(NULL);
+ }
+
+ return(key);
+}
+ </pre>
+<p><a href="xmlsec-custom-keys-manager.html#XMLSEC-EXAMPLE-DECRYPT3">Full program listing</a></p>
+</div>
+ </div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-keys-mngr-verify-decrypt.html"><b>&lt;&lt;&lt; Using keys manager for verification/decryption.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-x509.html"><b>Using X509 Certificates. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-decrypt.html b/docs/api/xmlsec-notes-decrypt.html
new file mode 100644
index 00000000..829f800f
--- /dev/null
+++ b/docs/api/xmlsec-notes-decrypt.html
@@ -0,0 +1,205 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Decrypting an encrypted document</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Verifing and decrypting documents." href="xmlsec-notes-verify-decrypt.html">
+<link rel="PREVIOUS" title="Verifying a signed document" href="xmlsec-notes-verify.html">
+<link rel="NEXT" title="Keys." href="xmlsec-notes-keys.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-verify.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes-verify-decrypt.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-keys.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-NOTES-DECRYPT">Decrypting an encrypted document</a></h1>
+<p>The typical decryption process includes following steps:
+ </p>
+<p></p>
+<ul>
+<li><p> Load keys, X509 certificates, etc. in the <a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR">keys manager</a> .
+ </p></li>
+<li><p> Create encryption context <a href="xmlsec-xmlenc.html#XMLSECENCCTX">xmlSecEncCtx</a>
+ using <a href="xmlsec-xmlenc.html#XMLSECENCCTXCREATE">xmlSecEncCtxCreate</a> or
+ <a href="xmlsec-xmlenc.html#XMLSECENCCTXINITIALIZE">xmlSecEncCtxInitialize</a>
+ functions.
+ </p></li>
+<li><p> Select start decryption &lt;enc:EncryptedData&gt; node.
+ </p></li>
+<li><p> Decrypt by calling <a href="xmlsec-xmlenc.html#XMLSECENCCTXDECRYPT">xmlSecencCtxDecrypt</a>
+ function.
+ </p></li>
+<li><p> Check returned value and if necessary consume encrypted data.
+ </p></li>
+<li><p> Destroy encryption context <a href="xmlsec-xmlenc.html#XMLSECENCCTX">xmlSecEncCtx</a>
+ using <a href="xmlsec-xmlenc.html#XMLSECENCCTXDESTROY">xmlSecEncCtxDestroy</a> or
+ <a href="xmlsec-xmlenc.html#XMLSECENCCTXFINALIZE">xmlSecEncCtxFinalize</a>
+ functions.
+ </p></li>
+</ul>
+<p> </p>
+<div class="EXAMPLE">
+<a name="AEN333"></a><p><b>Example 2. Decrypting a document.</b></p>
+<pre class="PROGRAMLISTING">int
+decrypt_file(const char* enc_file, const char* key_file) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr node = NULL;
+ xmlSecEncCtxPtr encCtx = NULL;
+ int res = -1;
+
+ assert(enc_file);
+ assert(key_file);
+
+ /* load template */
+ doc = xmlParseFile(enc_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", enc_file);
+ goto done;
+ }
+
+ /* find start node */
+ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeEncryptedData, xmlSecEncNs);
+ if(node == NULL) {
+ fprintf(stderr, "Error: start node not found in \"%s\"\n", enc_file);
+ goto done;
+ }
+
+ /* create encryption context, we don't need keys manager in this example */
+ encCtx = xmlSecEncCtxCreate(NULL);
+ if(encCtx == NULL) {
+ fprintf(stderr,"Error: failed to create encryption context\n");
+ goto done;
+ }
+
+ /* load DES key */
+ encCtx-&gt;encKey = xmlSecKeyReadBinaryFile(xmlSecKeyDataDesId, key_file);
+ if(encCtx-&gt;encKey == NULL) {
+ fprintf(stderr,"Error: failed to load des key from binary file \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(encCtx-&gt;encKey, key_file) &lt; 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* decrypt the data */
+ if((xmlSecEncCtxDecrypt(encCtx, node) &lt; 0) || (encCtx-&gt;result == NULL)) {
+ fprintf(stderr,"Error: decryption failed\n");
+ goto done;
+ }
+
+ /* print decrypted data to stdout */
+ if(encCtx-&gt;resultReplaced != 0) {
+ fprintf(stdout, "Decrypted XML data:\n");
+ xmlDocDump(stdout, doc);
+ } else {
+ fprintf(stdout, "Decrypted binary data (%d bytes):\n", xmlSecBufferGetSize(encCtx-&gt;result));
+ if(xmlSecBufferGetData(encCtx-&gt;result) != NULL) {
+ fwrite(xmlSecBufferGetData(encCtx-&gt;result),
+ 1,
+ xmlSecBufferGetSize(encCtx-&gt;result),
+ stdout);
+ }
+ }
+ fprintf(stdout, "\n");
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(encCtx != NULL) {
+ xmlSecEncCtxDestroy(encCtx);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+ </pre>
+<p><a href="xmlsec-decrypt-with-signle-key.html#XMLSEC-EXAMPLE-DECRYPT1">Full Program Listing</a></p>
+</div>
+ </div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-verify.html"><b>&lt;&lt;&lt; Verifying a signed document</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-keys.html"><b>Keys. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-dynamic-encryption-templates.html b/docs/api/xmlsec-notes-dynamic-encryption-templates.html
new file mode 100644
index 00000000..afe4147a
--- /dev/null
+++ b/docs/api/xmlsec-notes-dynamic-encryption-templates.html
@@ -0,0 +1,240 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Creating dynamic encryption templates.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Creating dynamic templates." href="xmlsec-notes-templates.html">
+<link rel="PREVIOUS" title="Creating dynamic signature templates." href="xmlsec-notes-dynamic-signature-templates.html">
+<link rel="NEXT" title="Verifing and decrypting documents." href="xmlsec-notes-verify-decrypt.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-dynamic-signature-templates.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes-templates.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-verify-decrypt.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-NOTES-DYNAMIC-ENCRYPTION-TEMPLATES">Creating dynamic encryption templates.</a></h1>
+<p>The encryption template has structure similar
+ to the XML Encryption structure as it is described in
+ <a href="http://www.w3.org/TR/xmlenc-core" target="_top">specification</a>.
+ The only difference is that some nodes (for example,
+ &lt;enc:CipherValue/&gt;)
+ are empty. The XML Security Library sets the content of these
+ nodes after doing necessary calculations.
+ </p>
+<div class="FIGURE">
+<a name="AEN256"></a><p><b>Figure 2. XML Encryption structure</b></p>
+<pre class="PROGRAMLISTING">&lt;enc:EncryptedData Id? Type? MimeType? Encoding?&gt;
+ &lt;enc:EncryptionMethod Algorithm /&gt;?
+ (&lt;dsig:KeyInfo&gt;
+ &lt;dsig:KeyName&gt;?
+ &lt;dsig:KeyValue&gt;?
+ &lt;dsig:RetrievalMethod&gt;?
+ &lt;dsig:X509Data&gt;?
+ &lt;dsig:PGPData&gt;?
+ &lt;enc:EncryptedKey&gt;?
+ &lt;enc:AgreementMethod&gt;?
+ &lt;dsig:KeyName&gt;?
+ &lt;dsig:RetrievalMethod&gt;?
+ &lt;*&gt;?
+ &lt;/dsig:KeyInfo&gt;)?
+ &lt;enc:CipherData&gt;
+ &lt;enc:CipherValue&gt;?
+ &lt;enc:CipherReference URI?&gt;?
+ &lt;/enc:CipherData&gt;
+ &lt;enc:EncryptionProperties&gt;?
+&lt;/enc:EncryptedData&gt;
+ </pre>
+</div>
+<p> </p>
+<div class="EXAMPLE">
+<a name="AEN260"></a><p><b>Example 2. Creating dynamic encrytion template.</b></p>
+<pre class="PROGRAMLISTING">/**
+ * encrypt_file:
+ * @xml_file: the encryption template file name.
+ * @key_file: the Triple DES key file.
+ *
+ * Encrypts #xml_file using a dynamicaly created template and DES key from
+ * #key_file.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+encrypt_file(const char* xml_file, const char* key_file) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr encDataNode = NULL;
+ xmlNodePtr keyInfoNode = NULL;
+ xmlSecEncCtxPtr encCtx = NULL;
+ int res = -1;
+
+ assert(xml_file);
+ assert(key_file);
+
+ /* load template */
+ doc = xmlParseFile(xml_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* create encryption template to encrypt XML file and replace
+ * its content with encryption result */
+ encDataNode = xmlSecTmplEncDataCreate(doc, xmlSecTransformDes3CbcId,
+ NULL, xmlSecTypeEncElement, NULL, NULL);
+ if(encDataNode == NULL) {
+ fprintf(stderr, "Error: failed to create encryption template\n");
+ goto done;
+ }
+
+ /* we want to put encrypted data in the &lt;enc:CipherValue/&gt; node */
+ if(xmlSecTmplEncDataEnsureCipherValue(encDataNode) == NULL) {
+ fprintf(stderr, "Error: failed to add CipherValue node\n");
+ goto done;
+ }
+
+ /* add &lt;dsig:KeyInfo/&gt; and &lt;dsig:KeyName/&gt; nodes to put key name in the signed document */
+ keyInfoNode = xmlSecTmplEncDataEnsureKeyInfo(encDataNode, NULL);
+ if(keyInfoNode == NULL) {
+ fprintf(stderr, "Error: failed to add key info\n");
+ goto done;
+ }
+
+ if(xmlSecTmplKeyInfoAddKeyName(keyInfoNode, NULL) == NULL) {
+ fprintf(stderr, "Error: failed to add key name\n");
+ goto done;
+ }
+
+ /* create encryption context, we don't need keys manager in this example */
+ encCtx = xmlSecEncCtxCreate(NULL);
+ if(encCtx == NULL) {
+ fprintf(stderr,"Error: failed to create encryption context\n");
+ goto done;
+ }
+
+ /* load DES key, assuming that there is not password */
+ encCtx-&gt;encKey = xmlSecKeyReadBinaryFile(xmlSecKeyDataDesId, key_file);
+ if(encCtx-&gt;encKey == NULL) {
+ fprintf(stderr,"Error: failed to load des key from binary file \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(encCtx-&gt;encKey, key_file) &lt; 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* encrypt the data */
+ if(xmlSecEncCtxXmlEncrypt(encCtx, encDataNode, xmlDocGetRootElement(doc)) &lt; 0) {
+ fprintf(stderr,"Error: encryption failed\n");
+ goto done;
+ }
+
+ /* we template is inserted in the doc */
+ encDataNode = NULL;
+
+ /* print encrypted data with document to stdout */
+ xmlDocDump(stdout, doc);
+
+ /* success */
+ res = 0;
+
+done:
+
+ /* cleanup */
+ if(encCtx != NULL) {
+ xmlSecEncCtxDestroy(encCtx);
+ }
+
+ if(encDataNode != NULL) {
+ xmlFreeNode(encDataNode);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+ </pre>
+<p><a href="xmlsec-encrypt-dynamic-template.html#XMLSEC-EXAMPLE-ENCRYPT2">Full program listing</a></p>
+</div>
+ </div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-dynamic-signature-templates.html"><b>&lt;&lt;&lt; Creating dynamic signature templates.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-verify-decrypt.html"><b>Verifing and decrypting documents. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-dynamic-signature-templates.html b/docs/api/xmlsec-notes-dynamic-signature-templates.html
new file mode 100644
index 00000000..7e912a9b
--- /dev/null
+++ b/docs/api/xmlsec-notes-dynamic-signature-templates.html
@@ -0,0 +1,250 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Creating dynamic signature templates.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Creating dynamic templates." href="xmlsec-notes-templates.html">
+<link rel="PREVIOUS" title="Creating dynamic templates." href="xmlsec-notes-templates.html">
+<link rel="NEXT" title="Creating dynamic encryption templates." href="xmlsec-notes-dynamic-encryption-templates.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-templates.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes-templates.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-dynamic-encryption-templates.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-NOTES-DYNAMIC-SIGNATURE-TEMPLATES">Creating dynamic signature templates.</a></h1>
+<p>The signature template has structure similar
+ to the XML Digital Signature structure as it is described in
+ <a href="http://www.w3.org/TR/xmldsig-core" target="_top">specification</a>.
+ The only difference is that some nodes (for example,
+ &lt;dsig:DigestValue/&gt; or &lt;SignatureValue/&gt;)
+ are empty. The XML Security Library sets the content of these
+ nodes after doing necessary calculations.
+ </p>
+<div class="FIGURE">
+<a name="AEN243"></a><p><b>Figure 1. XML Digital Signature structure</b></p>
+<pre class="PROGRAMLISTING">&lt;dsig:Signature ID?&gt;
+ &lt;dsig:SignedInfo&gt;
+ &lt;dsig:CanonicalizationMethod Algorithm /&gt;
+ &lt;dsig:SignatureMethod Algorithm /&gt;
+ (&lt;dsig:Reference URI? &gt;
+ (&lt;dsig:Transforms&gt;
+ (&lt;dsig:Transform Algorithm /&gt;)+
+ &lt;/dsig:Transforms&gt;)?
+ &lt;dsig:DigestMethod Algorithm &gt;
+ &lt;dsig:DigestValue&gt;
+ &lt;/dsig:Reference&gt;)+
+ &lt;/dsig:SignedInfo&gt;
+ &lt;dsig:SignatureValue&gt;
+ (&lt;dsig:KeyInfo&gt;
+ &lt;dsig:KeyName&gt;?
+ &lt;dsig:KeyValue&gt;?
+ &lt;dsig:RetrievalMethod&gt;?
+ &lt;dsig:X509Data&gt;?
+ &lt;dsig:PGPData&gt;?
+ &lt;enc:EncryptedKey&gt;?
+ &lt;enc:AgreementMethod&gt;?
+ &lt;dsig:KeyName&gt;?
+ &lt;dsig:RetrievalMethod&gt;?
+ &lt;*&gt;?
+ &lt;/dsig:KeyInfo&gt;)?
+ (&lt;dsig:Object ID?&gt;)*
+&lt;/dsig:Signature&gt;
+ </pre>
+</div>
+<p> </p>
+<div class="EXAMPLE">
+<a name="AEN247"></a><p><b>Example 1. Creating dynamic signature template.</b></p>
+<pre class="PROGRAMLISTING">/**
+ * sign_file:
+ * @xml_file: the XML file name.
+ * @key_file: the PEM private key file name.
+ *
+ * Signs the #xml_file using private key from #key_file and dynamicaly
+ * created enveloped signature template.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+sign_file(const char* xml_file, const char* key_file) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr signNode = NULL;
+ xmlNodePtr refNode = NULL;
+ xmlNodePtr keyInfoNode = NULL;
+ xmlSecDSigCtxPtr dsigCtx = NULL;
+ int res = -1;
+
+ assert(xml_file);
+ assert(key_file);
+
+ /* load doc file */
+ doc = xmlParseFile(xml_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* create signature template for RSA-SHA1 enveloped signature */
+ signNode = xmlSecTmplSignatureCreate(doc, xmlSecTransformExclC14NId,
+ xmlSecTransformRsaSha1Id, NULL);
+ if(signNode == NULL) {
+ fprintf(stderr, "Error: failed to create signature template\n");
+ goto done;
+ }
+
+ /* add &lt;dsig:Signature/&gt; node to the doc */
+ xmlAddChild(xmlDocGetRootElement(doc), signNode);
+
+ /* add reference */
+ refNode = xmlSecTmplSignatureAddReference(signNode, xmlSecTransformSha1Id,
+ NULL, NULL, NULL);
+ if(refNode == NULL) {
+ fprintf(stderr, "Error: failed to add reference to signature template\n");
+ goto done;
+ }
+
+ /* add enveloped transform */
+ if(xmlSecTmplReferenceAddTransform(refNode, xmlSecTransformEnvelopedId) == NULL) {
+ fprintf(stderr, "Error: failed to add enveloped transform to reference\n");
+ goto done;
+ }
+
+ /* add &lt;dsig:KeyInfo/&gt; and &lt;dsig:KeyName/&gt; nodes to put key name in the signed document */
+ keyInfoNode = xmlSecTmplSignatureEnsureKeyInfo(signNode, NULL);
+ if(keyInfoNode == NULL) {
+ fprintf(stderr, "Error: failed to add key info\n");
+ goto done;
+ }
+
+ if(xmlSecTmplKeyInfoAddKeyName(keyInfoNode, NULL) == NULL) {
+ fprintf(stderr, "Error: failed to add key name\n");
+ goto done;
+ }
+
+ /* create signature context, we don't need keys manager in this example */
+ dsigCtx = xmlSecDSigCtxCreate(NULL);
+ if(dsigCtx == NULL) {
+ fprintf(stderr,"Error: failed to create signature context\n");
+ goto done;
+ }
+
+ /* load private key, assuming that there is not password */
+ dsigCtx-&gt;signKey = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
+ if(dsigCtx-&gt;signKey == NULL) {
+ fprintf(stderr,"Error: failed to load private pem key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(dsigCtx-&gt;signKey, key_file) &lt; 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* sign the template */
+ if(xmlSecDSigCtxSign(dsigCtx, signNode) &lt; 0) {
+ fprintf(stderr,"Error: signature failed\n");
+ goto done;
+ }
+
+ /* print signed document to stdout */
+ xmlDocDump(stdout, doc);
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(dsigCtx != NULL) {
+ xmlSecDSigCtxDestroy(dsigCtx);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+ </pre>
+<p><a href="xmlsec-examples-sign-dynamimc-template.html#XMLSEC-EXAMPLE-SIGN2">Full program listing</a></p>
+</div>
+ </div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-templates.html"><b>&lt;&lt;&lt; Creating dynamic templates.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-dynamic-encryption-templates.html"><b>Creating dynamic encryption templates. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-encrypt.html b/docs/api/xmlsec-notes-encrypt.html
new file mode 100644
index 00000000..656d2df7
--- /dev/null
+++ b/docs/api/xmlsec-notes-encrypt.html
@@ -0,0 +1,223 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Encrypting data.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Signing and encrypting documents." href="xmlsec-notes-sign-encrypt.html">
+<link rel="PREVIOUS" title="Signing a document." href="xmlsec-notes-sign.html">
+<link rel="NEXT" title="Creating dynamic templates." href="xmlsec-notes-templates.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-sign.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes-sign-encrypt.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-templates.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-NOTES-ENCRYPT">Encrypting data.</a></h1>
+<p>The typical encryption process includes following steps:
+ </p>
+<p></p>
+<ul>
+<li><p> Prepare data for encryption.
+ </p></li>
+<li><p> Create or load encryption template and select start
+ &lt;enc:EncryptedData/&gt; node.
+ </p></li>
+<li><p> Create encryption context <a href="xmlsec-xmlenc.html#XMLSECENCCTX">xmlSecEncCtx</a>
+ using <a href="xmlsec-xmlenc.html#XMLSECENCCTXCREATE">xmlSecEncCtxCreate</a> or
+ <a href="xmlsec-xmlenc.html#XMLSECENCCTXINITIALIZE">xmlSecEncCtxInitialize</a>
+ functions.
+ </p></li>
+<li><p> Load encryption key in <a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR">keys manager</a>
+ or generate a session key and set it in the encryption context
+ (<code class="STRUCTFIELD">encKey</code> member of
+ <a href="xmlsec-xmlenc.html#XMLSECENCCTX">xmlSecEncCtx</a> structure).
+ </p></li>
+<li>
+<p> Encrypt data by calling one of the following functions:
+ </p>
+<p></p>
+<ul>
+<li><p> <a href="xmlsec-xmlenc.html#XMLSECENCCTXBINARYENCRYPT">xmlSecEncCtxBinaryEncrypt</a>
+ </p></li>
+<li><p> <a href="xmlsec-xmlenc.html#XMLSECENCCTXXMLENCRYPT">xmlSecEncCtxXmlEncrypt</a>
+ </p></li>
+<li><p> <a href="xmlsec-xmlenc.html#XMLSECENCCTXURIENCRYPT">xmlSecEncCtxUriEncrypt</a>
+ </p></li>
+</ul>
+</li>
+<li><p> Check returned value and if necessary consume encrypted data.
+ </p></li>
+<li><p> Destroy encryption context <a href="xmlsec-xmlenc.html#XMLSECENCCTX">xmlSecEncCtx</a>
+ using <a href="xmlsec-xmlenc.html#XMLSECENCCTXDESTROY">xmlSecEncCtxDestroy</a> or
+ <a href="xmlsec-xmlenc.html#XMLSECENCCTXFINALIZE">xmlSecEncCtxFinalize</a>
+ functions.
+ </p></li>
+</ul>
+<p> </p>
+<div class="EXAMPLE">
+<a name="AEN227"></a><p><b>Example 2. Encrypting binary data with a template.</b></p>
+<pre class="PROGRAMLISTING">/**
+ * encrypt_file:
+ * @tmpl_file: the encryption template file name.
+ * @key_file: the Triple DES key file.
+ * @data: the binary data to encrypt.
+ * @dataSize: the binary data size.
+ *
+ * Encrypts binary #data using template from #tmpl_file and DES key from
+ * #key_file.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+encrypt_file(const char* tmpl_file, const char* key_file, const unsigned char* data, size_t dataSize) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr node = NULL;
+ xmlSecEncCtxPtr encCtx = NULL;
+ int res = -1;
+
+ assert(tmpl_file);
+ assert(key_file);
+ assert(data);
+
+ /* load template */
+ doc = xmlParseFile(tmpl_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", tmpl_file);
+ goto done;
+ }
+
+ /* find start node */
+ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeEncryptedData, xmlSecEncNs);
+ if(node == NULL) {
+ fprintf(stderr, "Error: start node not found in \"%s\"\n", tmpl_file);
+ goto done;
+ }
+
+ /* create encryption context, we don't need keys manager in this example */
+ encCtx = xmlSecEncCtxCreate(NULL);
+ if(encCtx == NULL) {
+ fprintf(stderr,"Error: failed to create encryption context\n");
+ goto done;
+ }
+
+ /* load DES key */
+ encCtx-&gt;encKey = xmlSecKeyReadBinaryFile(xmlSecKeyDataDesId, key_file);
+ if(encCtx-&gt;encKey == NULL) {
+ fprintf(stderr,"Error: failed to load des key from binary file \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(encCtx-&gt;encKey, key_file) &lt; 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* encrypt the data */
+ if(xmlSecEncCtxBinaryEncrypt(encCtx, node, data, dataSize) &lt; 0) {
+ fprintf(stderr,"Error: encryption failed\n");
+ goto done;
+ }
+
+ /* print encrypted data with document to stdout */
+ xmlDocDump(stdout, doc);
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(encCtx != NULL) {
+ xmlSecEncCtxDestroy(encCtx);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+ </pre>
+<p><a href="xmlsec-encrypt-template-file.html#XMLSEC-EXAMPLE-ENCRYPT1">Full program listing</a></p>
+<p><a href="xmlsec-encrypt-template-file.html#XMLSEC-EXAMPLE-ENCRYPT1-TMPL">Simple encryption template file</a></p>
+</div>
+ </div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-sign.html"><b>&lt;&lt;&lt; Signing a document.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-templates.html"><b>Creating dynamic templates. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-include-files.html b/docs/api/xmlsec-notes-include-files.html
new file mode 100644
index 00000000..749e66cd
--- /dev/null
+++ b/docs/api/xmlsec-notes-include-files.html
@@ -0,0 +1,141 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Include files.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Building the application with XML Security Library." href="xmlsec-notes-compiling.html">
+<link rel="PREVIOUS" title="Building the application with XML Security Library." href="xmlsec-notes-compiling.html">
+<link rel="NEXT" title="Compiling and linking on Unix." href="xmlsec-notes-compiling-unix.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-compiling.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes-compiling.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-compiling-unix.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-NOTES-INCLUDE-FILES">Include files.</a></h1>
+<p>In order to use XML Security Library an application should include
+ one or more of the following files:
+ </p>
+<p></p>
+<ul>
+<li><p><a href="xmlsec-xmlsec.html">xmlsec/xmlsec.h</a> -
+ XML Security Library initialization and shutdown functions;
+ </p></li>
+<li><p><a href="xmlsec-xmldsig.html">xmlsec/xmldsig.h</a> -
+ XML Digital Signature functions;</p></li>
+<li><p><a href="xmlsec-xmlenc.html">xmlsec/xmlenc.h</a> -
+ XML Encryption functions;</p></li>
+<li><p><a href="xmlsec-xmltree.html">xmlsec/xmltree.h</a> -
+ helper functions for XML documents manipulation;
+ </p></li>
+<li><p><a href="xmlsec-templates.html">xmlsec/templates.h</a> -
+ helper functions for dynamic XML Digital Signature and
+ XML Encryption templates creation;
+ </p></li>
+<li><p><font>xmlsec/crypto.h</font> -
+ automatic XML Security Crypto Library selection.
+ </p></li>
+</ul>
+<p>If necessary, the application should also include LibXML,
+ LibXSLT and crypto library header files.
+ </p>
+<p> </p>
+<div class="EXAMPLE">
+<a name="AEN61"></a><p><b>Example 1. Example includes file section.</b></p>
+<pre class="PROGRAMLISTING">#include &lt;libxml/tree.h&gt;
+#include &lt;libxml/xmlmemory.h&gt;
+#include &lt;libxml/parser.h&gt;
+
+#ifndef XMLSEC_NO_XSLT
+#include &lt;libxslt/xslt.h&gt;
+#endif /* XMLSEC_NO_XSLT */
+
+#include &lt;xmlsec/xmlsec.h&gt;
+#include &lt;xmlsec/xmltree.h&gt;
+#include &lt;xmlsec/xmldsig.h&gt;
+#include &lt;xmlsec/xmlenc.h&gt;
+#include &lt;xmlsec/templates.h&gt;
+#include &lt;xmlsec/crypto.h&gt;
+ </pre>
+</div>
+ </div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-compiling.html"><b>&lt;&lt;&lt; Building the application with XML Security Library.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-compiling-unix.html"><b>Compiling and linking on Unix. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-init-shutdown.html b/docs/api/xmlsec-notes-init-shutdown.html
new file mode 100644
index 00000000..a86c318d
--- /dev/null
+++ b/docs/api/xmlsec-notes-init-shutdown.html
@@ -0,0 +1,194 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Initialization and shutdown.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library Tutorial" href="xmlsec-notes.html">
+<link rel="PREVIOUS" title="Compiling and linking on other systems." href="xmlsec-notes-compiling-others.html">
+<link rel="NEXT" title="Signing and encrypting documents." href="xmlsec-notes-sign-encrypt.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-compiling-others.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-sign-encrypt.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<div class="CHAPTER">
+<h1>
+<a name="XMLSEC-NOTES-INIT-SHUTDOWN"></a>Initialization and shutdown.</h1>
+<p>XML Security Library initialization/shutdown
+ process includes initialization and shutdown of the
+ dependent libraries:
+ </p>
+<p></p>
+<ul>
+<li><p>libxml library;</p></li>
+<li><p>libxslt library;</p></li>
+<li><p>crypto library (OpenSSL, GnuTLS, GCrypt, NSS, ...);</p></li>
+<li><p>xmlsec library
+ (<a href="xmlsec-xmlsec.html#XMLSECINIT">xmlSecInit</a>
+ and <a href="xmlsec-xmlsec.html#XMLSECSHUTDOWN">xmlSecShutdown</a>
+ functions);
+ </p></li>
+<li><p>xmlsec-crypto library
+ (<a href="xmlsec-dl.html#XMLSECCRYPTODLLOADLIBRARY">xmlSecCryptoDLLoadLibrary</a>
+ to load xmlsec-crypto library dynamicaly if needed,
+ <a href="xmlsec-app.html#XMLSECCRYPTOINIT">xmlSecCryptoInit</a>
+ and <a href="xmlsec-app.html#XMLSECCRYPTOSHUTDOWN">xmlSecCryptoShutdown</a>
+ functions);
+ </p></li>
+</ul>
+ xmlsec-crypto library also provides a convinient functions
+ <font>xmlSecAppCryptoInit</font>
+ and <font>xmlSecAppCryptoShutdown</font>
+ to initialize the crypto library itself but application can do it
+ by itself.
+ <p> </p>
+<div class="EXAMPLE">
+<a name="AEN137"></a><p><b>Example 1. Initializing application.</b></p>
+<pre class="PROGRAMLISTING"> /* Init libxml and libxslt libraries */
+ xmlInitParser();
+ LIBXML_TEST_VERSION
+ xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ xmlSubstituteEntitiesDefault(1);
+#ifndef XMLSEC_NO_XSLT
+ xmlIndentTreeOutput = 1;
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init xmlsec library */
+ if(xmlSecInit() &lt; 0) {
+ fprintf(stderr, "Error: xmlsec initialization failed.\n");
+ return(-1);
+ }
+
+ /* Check loaded library version */
+ if(xmlSecCheckVersion() != 1) {
+ fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n");
+ return(-1);
+ }
+
+ /* Load default crypto engine if we are supporting dynamic
+ * loading for xmlsec-crypto libraries. Use the crypto library
+ * name ("openssl", "nss", etc.) to load corresponding
+ * xmlsec-crypto library.
+ */
+#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+ if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) &lt; 0) {
+ fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n"
+ "that you have it installed and check shared libraries path\n"
+ "(LD_LIBRARY_PATH) envornment variable.\n");
+ return(-1);
+ }
+#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+
+ /* Init crypto library */
+ if(xmlSecCryptoAppInit(NULL) &lt; 0) {
+ fprintf(stderr, "Error: crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* Init xmlsec-crypto library */
+ if(xmlSecCryptoInit() &lt; 0) {
+ fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
+ return(-1);
+ }
+ </pre>
+</div>
+ <p> </p>
+<div class="EXAMPLE">
+<a name="AEN141"></a><p><b>Example 2. Shutting down application.</b></p>
+<pre class="PROGRAMLISTING"> /* Shutdown xmlsec-crypto library */
+ xmlSecCryptoShutdown();
+
+ /* Shutdown crypto library */
+ xmlSecCryptoAppShutdown();
+
+ /* Shutdown xmlsec library */
+ xmlSecShutdown();
+
+ /* Shutdown libxslt/libxml */
+#ifndef XMLSEC_NO_XSLT
+ xsltCleanupGlobals();
+#endif /* XMLSEC_NO_XSLT */
+ xmlCleanupParser();
+ </pre>
+</div>
+ </div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-compiling-others.html"><b>&lt;&lt;&lt; Compiling and linking on other systems.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-sign-encrypt.html"><b>Signing and encrypting documents. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-keys-manager-sign-enc.html b/docs/api/xmlsec-notes-keys-manager-sign-enc.html
new file mode 100644
index 00000000..a94af2ec
--- /dev/null
+++ b/docs/api/xmlsec-notes-keys-manager-sign-enc.html
@@ -0,0 +1,307 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Using keys manager for signatures/encryption.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Keys manager." href="xmlsec-notes-keysmngr.html">
+<link rel="PREVIOUS" title="Simple keys store." href="xmlsec-notes-simple-keys-store.html">
+<link rel="NEXT" title="Using keys manager for verification/decryption." href="xmlsec-notes-keys-mngr-verify-decrypt.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-simple-keys-store.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes-keysmngr.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-keys-mngr-verify-decrypt.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-NOTES-KEYS-MANAGER-SIGN-ENC">Using keys manager for signatures/encryption.</a></h1>
+<p>Instead of specifiying signature or encryption key in the
+ corresponding context object (<code class="STRUCTFIELD">signKey</code>
+ member of <a href="xmlsec-xmldsig.html#XMLSECDSIGCTX">xmlSecDSigCtx</a>
+ structure or <code class="STRUCTFIELD">encKey</code> member of
+ <a href="xmlsec-xmlenc.html#XMLSECENCCTX">xmlSecEncCtx</a> structure),
+ the application can use keys manager to select the
+ signature or encryption key. This is especialy useful
+ when you are encrypting or signing something with a session key
+ which is by itself should be encrypted. The key for the
+ session key encryption in the
+ <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedKey" target="_top">&lt;EncryptedKey/&gt;</a>
+ node could be selected using
+ <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyName" target="_top">&lt;dsig:KeyName/&gt;</a>
+ node in the template.
+ </p>
+<p> </p>
+<div class="EXAMPLE">
+<a name="AEN378"></a><p><b>Example 2. Encrypting file using a session key and a permanent key from keys manager.</b></p>
+<pre class="PROGRAMLISTING">/**
+ * load_rsa_keys:
+ * @key_file: the key filename.
+ *
+ * Creates default keys manager and load RSA key from #key_file in it.
+ * The caller is responsible for destroing returned keys manager using
+ * @xmlSecKeysMngrDestroy.
+ *
+ * Returns the pointer to newly created keys manager or NULL if an error
+ * occurs.
+ */
+xmlSecKeysMngrPtr
+load_rsa_keys(char* key_file) {
+ xmlSecKeysMngrPtr mngr;
+ xmlSecKeyPtr key;
+
+ assert(key_file);
+
+ /* create and initialize keys manager, we use a default list based
+ * keys manager, implement your own xmlSecKeysStore klass if you need
+ * something more sophisticated
+ */
+ mngr = xmlSecKeysMngrCreate();
+ if(mngr == NULL) {
+ fprintf(stderr, "Error: failed to create keys manager.\n");
+ return(NULL);
+ }
+ if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) &lt; 0) {
+ fprintf(stderr, "Error: failed to initialize keys manager.\n");
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* load private RSA key */
+ key = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
+ if(key == NULL) {
+ fprintf(stderr,"Error: failed to load rsa key from file \"%s\"\n", key_file);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(key, BAD_CAST key_file) &lt; 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
+ xmlSecKeyDestroy(key);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* add key to keys manager, from now on keys manager is responsible
+ * for destroying key
+ */
+ if(xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key) &lt; 0) {
+ fprintf(stderr,"Error: failed to add key from \"%s\" to keys manager\n", key_file);
+ xmlSecKeyDestroy(key);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ return(mngr);
+}
+
+/**
+ * encrypt_file:
+ * @mngr: the pointer to keys manager.
+ * @xml_file: the encryption template file name.
+ * @key_name: the RSA key name.
+ *
+ * Encrypts #xml_file using a dynamicaly created template, a session DES key
+ * and an RSA key from keys manager.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+encrypt_file(xmlSecKeysMngrPtr mngr, const char* xml_file, const char* key_name) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr encDataNode = NULL;
+ xmlNodePtr keyInfoNode = NULL;
+ xmlNodePtr encKeyNode = NULL;
+ xmlNodePtr keyInfoNode2 = NULL;
+ xmlSecEncCtxPtr encCtx = NULL;
+ int res = -1;
+
+ assert(mngr);
+ assert(xml_file);
+ assert(key_name);
+
+ /* load template */
+ doc = xmlParseFile(xml_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* create encryption template to encrypt XML file and replace
+ * its content with encryption result */
+ encDataNode = xmlSecTmplEncDataCreate(doc, xmlSecTransformDes3CbcId,
+ NULL, xmlSecTypeEncElement, NULL, NULL);
+ if(encDataNode == NULL) {
+ fprintf(stderr, "Error: failed to create encryption template\n");
+ goto done;
+ }
+
+ /* we want to put encrypted data in the &lt;enc:CipherValue/&gt; node */
+ if(xmlSecTmplEncDataEnsureCipherValue(encDataNode) == NULL) {
+ fprintf(stderr, "Error: failed to add CipherValue node\n");
+ goto done;
+ }
+
+ /* add &lt;dsig:KeyInfo/&gt; */
+ keyInfoNode = xmlSecTmplEncDataEnsureKeyInfo(encDataNode, NULL);
+ if(keyInfoNode == NULL) {
+ fprintf(stderr, "Error: failed to add key info\n");
+ goto done;
+ }
+
+ /* add &lt;enc:EncryptedKey/&gt; to store the encrypted session key */
+ encKeyNode = xmlSecTmplKeyInfoAddEncryptedKey(keyInfoNode,
+ xmlSecTransformRsaOaepId,
+ NULL, NULL, NULL);
+ if(encKeyNode == NULL) {
+ fprintf(stderr, "Error: failed to add key info\n");
+ goto done;
+ }
+
+ /* we want to put encrypted key in the &lt;enc:CipherValue/&gt; node */
+ if(xmlSecTmplEncDataEnsureCipherValue(encKeyNode) == NULL) {
+ fprintf(stderr, "Error: failed to add CipherValue node\n");
+ goto done;
+ }
+
+ /* add &lt;dsig:KeyInfo/&gt; and &lt;dsig:KeyName/&gt; nodes to &lt;enc:EncryptedKey/&gt; */
+ keyInfoNode2 = xmlSecTmplEncDataEnsureKeyInfo(encKeyNode, NULL);
+ if(keyInfoNode2 == NULL) {
+ fprintf(stderr, "Error: failed to add key info\n");
+ goto done;
+ }
+
+ /* set key name so we can lookup key when needed */
+ if(xmlSecTmplKeyInfoAddKeyName(keyInfoNode2, key_name) == NULL) {
+ fprintf(stderr, "Error: failed to add key name\n");
+ goto done;
+ }
+
+ /* create encryption context */
+ encCtx = xmlSecEncCtxCreate(mngr);
+ if(encCtx == NULL) {
+ fprintf(stderr,"Error: failed to create encryption context\n");
+ goto done;
+ }
+
+ /* generate a Triple DES key */
+ encCtx-&gt;encKey = xmlSecKeyGenerate(xmlSecKeyDataDesId, 192, xmlSecKeyDataTypeSession);
+ if(encCtx-&gt;encKey == NULL) {
+ fprintf(stderr,"Error: failed to generate session des key\n");
+ goto done;
+ }
+
+ /* encrypt the data */
+ if(xmlSecEncCtxXmlEncrypt(encCtx, encDataNode, xmlDocGetRootElement(doc)) &lt; 0) {
+ fprintf(stderr,"Error: encryption failed\n");
+ goto done;
+ }
+
+ /* we template is inserted in the doc */
+ encDataNode = NULL;
+
+ /* print encrypted data with document to stdout */
+ xmlDocDump(stdout, doc);
+
+ /* success */
+ res = 0;
+
+done:
+
+ /* cleanup */
+ if(encCtx != NULL) {
+ xmlSecEncCtxDestroy(encCtx);
+ }
+
+ if(encDataNode != NULL) {
+ xmlFreeNode(encDataNode);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+
+ </pre>
+<p><a href="xmlsec-encrypt-with-session-key.html#XMLSEC-EXAMPLE-ENCRYPT3">Full program listing</a></p>
+</div>
+ </div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-simple-keys-store.html"><b>&lt;&lt;&lt; Simple keys store.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-keys-mngr-verify-decrypt.html"><b>Using keys manager for verification/decryption. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-keys-mngr-verify-decrypt.html b/docs/api/xmlsec-notes-keys-mngr-verify-decrypt.html
new file mode 100644
index 00000000..bb10b75c
--- /dev/null
+++ b/docs/api/xmlsec-notes-keys-mngr-verify-decrypt.html
@@ -0,0 +1,179 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Using keys manager for verification/decryption.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Keys manager." href="xmlsec-notes-keysmngr.html">
+<link rel="PREVIOUS" title="Using keys manager for signatures/encryption." href="xmlsec-notes-keys-manager-sign-enc.html">
+<link rel="NEXT" title="Implementing a custom keys store." href="xmlsec-notes-custom-keys-store.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-keys-manager-sign-enc.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes-keysmngr.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-custom-keys-store.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-NOTES-KEYS-MNGR-VERIFY-DECRYPT">Using keys manager for verification/decryption.</a></h1>
+<p>If more than one key could be used for signature or encryption,
+ then using <code class="STRUCTFIELD">signKey</code> member of
+ <a href="xmlsec-xmldsig.html#XMLSECDSIGCTX">xmlSecDSigCtx</a> structure or
+ <code class="STRUCTFIELD">encKey</code> member of
+ <a href="xmlsec-xmlenc.html#XMLSECENCCTX">xmlSecEncCtx</a> structure
+ is not possible. Instead, the application should load known keys in
+ the keys manager and use &lt;dsig:KeyName/&gt; element to specify
+ the key name.
+ </p>
+<p> </p>
+<div class="EXAMPLE">
+<a name="AEN391"></a><p><b>Example 3. Initializing keys manager and loading DES keys from binary files.</b></p>
+<pre class="PROGRAMLISTING">/**
+ * load_des_keys:
+ * @files: the list of filenames.
+ * @files_size: the number of filenames in #files.
+ *
+ * Creates default keys manager and load DES keys from #files in it.
+ * The caller is responsible for destroing returned keys manager using
+ * @xmlSecKeysMngrDestroy.
+ *
+ * Returns the pointer to newly created keys manager or NULL if an error
+ * occurs.
+ */
+xmlSecKeysMngrPtr
+load_des_keys(char** files, int files_size) {
+ xmlSecKeysMngrPtr mngr;
+ xmlSecKeyPtr key;
+ int i;
+
+ assert(files);
+ assert(files_size &gt; 0);
+
+ /* create and initialize keys manager, we use a default list based
+ * keys manager, implement your own xmlSecKeysStore klass if you need
+ * something more sophisticated
+ */
+ mngr = xmlSecKeysMngrCreate();
+ if(mngr == NULL) {
+ fprintf(stderr, "Error: failed to create keys manager.\n");
+ return(NULL);
+ }
+ if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) &lt; 0) {
+ fprintf(stderr, "Error: failed to initialize keys manager.\n");
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ for(i = 0; i &lt; files_size; ++i) {
+ assert(files[i]);
+
+ /* load DES key */
+ key = xmlSecKeyReadBinaryFile(xmlSecKeyDataDesId, files[i]);
+ if(key == NULL) {
+ fprintf(stderr,"Error: failed to load des key from binary file \"%s\"\n", files[i]);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(key, BAD_CAST files[i]) &lt; 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", files[i]);
+ xmlSecKeyDestroy(key);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* add key to keys manager, from now on keys manager is responsible
+ * for destroying key
+ */
+ if(xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key) &lt; 0) {
+ fprintf(stderr,"Error: failed to add key from \"%s\" to keys manager\n", files[i]);
+ xmlSecKeyDestroy(key);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+ }
+
+ return(mngr);
+}
+ </pre>
+<p><a href="xmlsec-decrypt-with-keys-mngr.html#XMLSEC-EXAMPLE-DECRYPT2">Full program listing</a></p>
+</div>
+ </div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-keys-manager-sign-enc.html"><b>&lt;&lt;&lt; Using keys manager for signatures/encryption.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-custom-keys-store.html"><b>Implementing a custom keys store. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-keys.html b/docs/api/xmlsec-notes-keys.html
new file mode 100644
index 00000000..7913bee5
--- /dev/null
+++ b/docs/api/xmlsec-notes-keys.html
@@ -0,0 +1,120 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Keys.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library Tutorial" href="xmlsec-notes.html">
+<link rel="PREVIOUS" title="Decrypting an encrypted document" href="xmlsec-notes-decrypt.html">
+<link rel="NEXT" title="Keys manager." href="xmlsec-notes-keysmngr.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-decrypt.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-keysmngr.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<div class="CHAPTER">
+<h1>
+<a name="XMLSEC-NOTES-KEYS"></a>Keys.</h1>
+<p>A key in XML Security Library is a representation of the
+ <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a>
+ element and consist of several key data objects.
+ The "value" key data usually contains raw key material (or handlers to
+ key material) required to execute particular crypto transform. Other
+ key data objects may contain any additional information about the key.
+ All the key data objects in the key are associated with the same key
+ material. For example, if a DSA key material has both an X509
+ certificate and a PGP data associated with it then such a key can
+ have a DSA key "value" and two key data objects for X509 certificate
+ and PGP key data.
+ </p>
+<div class="FIGURE">
+<a name="AEN342"></a><p><b>Figure 1. The key structure.</b></p>
+<p><img src="images/key.png" align="CENTER"></p>
+</div>
+<p>XML Security Library has several "invisible" key data classes.
+ These classes never show up in the keys data list of a key but are used for
+ <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a>
+ children processing (<a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyName" target="_top">&lt;dsig:KeyName/&gt;</a>,
+ &lt;enc:EncryptedKey/&gt;, ...). As with transforms, application might
+ add any new key data objects or replace the default ones.
+ </p>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-decrypt.html"><b>&lt;&lt;&lt; Decrypting an encrypted document</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-keysmngr.html"><b>Keys manager. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-keysmngr.html b/docs/api/xmlsec-notes-keysmngr.html
new file mode 100644
index 00000000..1bf5861f
--- /dev/null
+++ b/docs/api/xmlsec-notes-keysmngr.html
@@ -0,0 +1,140 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Keys manager.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library Tutorial" href="xmlsec-notes.html">
+<link rel="PREVIOUS" title="Keys." href="xmlsec-notes-keys.html">
+<link rel="NEXT" title="Simple keys store." href="xmlsec-notes-simple-keys-store.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-keys.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-simple-keys-store.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<div class="CHAPTER">
+<h1>
+<a name="XMLSEC-NOTES-KEYSMNGR"></a>Keys manager.</h1>
+<div class="TOC"><dl>
+<dt><b>Table of Contents</b></dt>
+<dt><a href="xmlsec-notes-keysmngr.html#XMLSEC-NOTES-KEYSMNGR-OVERVIEW">Overview.</a></dt>
+<dt><a href="xmlsec-notes-simple-keys-store.html">Simple keys store.</a></dt>
+<dt><a href="xmlsec-notes-keys-manager-sign-enc.html">Using keys manager for signatures/encryption.</a></dt>
+<dt><a href="xmlsec-notes-keys-mngr-verify-decrypt.html">Using keys manager for verification/decryption.</a></dt>
+<dt><a href="xmlsec-notes-custom-keys-store.html">Implementing a custom keys store.</a></dt>
+</dl></div>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-NOTES-KEYSMNGR-OVERVIEW">Overview.</a></h1>
+<p>Processing some of the key data objects require additional
+ information which is global across the application (or in the
+ particular area of the application). For example, X509 certificates
+ processing require a common list of trusted certificates to be
+ available. XML Security Library keeps all the common information
+ for key data processing in a a collection of key data stores called
+ "keys manager".
+ </p>
+<div class="FIGURE">
+<a name="AEN353"></a><p><b>Figure 1. The keys manager structure.</b></p>
+<p><img src="images/keysmngr.png" align="CENTER"></p>
+</div>
+<p>Keys manager has a special "keys store" which lists the keys
+ known to the application. This "keys store" is used by XML Security
+ Library to lookup keys by name, type and crypto algorithm (for example,
+ during
+ <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyName" target="_top">&lt;dsig:KeyName/&gt;</a>
+ processing). The XML Security Library
+ provides default simple "flat list" based implementation of a default keys
+ store. The application can replace it with any other keys store
+ (for example, based on an SQL database).
+ </p>
+<p>Keys manager is the only object in XML Security Library which
+ is supposed to be shared by many different operations. Usually keys
+ manager is initialized once at the application startup and later is
+ used by XML Security library routines in "read-only" mode. If
+ application or crypto function need to modify any of the key data
+ stores inside keys manager then proper synchronization must be
+ implemented. In the same time, application can create a new keys
+ manager each time it needs to perform XML signature, verification,
+ encryption or decryption.
+ </p>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-keys.html"><b>&lt;&lt;&lt; Keys.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-simple-keys-store.html"><b>Simple keys store. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-new-crypto-functions.html b/docs/api/xmlsec-notes-new-crypto-functions.html
new file mode 100644
index 00000000..baeda08d
--- /dev/null
+++ b/docs/api/xmlsec-notes-new-crypto-functions.html
@@ -0,0 +1,151 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>xmlSecCryptoApp* functions.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Adding support for new cryptographic library." href="xmlsec-notes-new-crypto.html">
+<link rel="PREVIOUS" title="Creating a framework from the skeleton." href="xmlsec-notes-new-crypto-skeleton.html">
+<link rel="NEXT" title="Klasses and objects." href="xmlsec-notes-new-crypto-klasses.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-new-crypto-skeleton.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes-new-crypto.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-new-crypto-klasses.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-NOTES-NEW-CRYPTO-FUNCTIONS">xmlSecCryptoApp* functions.</a></h1>
+<p> The XML Security Library allows application to load multiple
+ "xmlsec-&lt;crypto&gt; libraries. To prevent symbol conflicts,
+ all "xmlsec-mycrypto" library names MUST start with "xmlSecMyCrypto".
+ However, in some applications (for example, the xmlsec command line
+ utility) that can use any crypto library, would prefer to
+ use a generic function names where possible.
+ The "include/xmlsec/crypto.h" and "include/xmlsec/mycrypto/symbols.h"
+ include files do the magic by mapping "xmlSecMyCrypto*" to
+ "xmlSecCrypto*" names using "XMLSEC_CRYPTO_*" defines.
+ </p>
+<p> In order to build xmlsec command line utility, the
+ "xmlsec-&lt;crypto&gt;" library must implement several functions.
+ The stubs for all these functions are provided in the "skeleton"
+ we've created. While these functions are not required to be
+ implemented by "xmlsec-&lt;crypto&gt;" library, you should consider
+ doing so (if possible) to simplify testing (thru xmlsec command line
+ utility) and application development.
+ </p>
+<p> In adition to xmlSecCryptoApp* functions, the xmlsec-&lt;crypto&gt;
+ library MUST implement following xmlSecCrypto* functions:
+ </p>
+<div class="TABLE">
+<a name="AEN540"></a><p><b>Table 1. xmlSecCrypto* functions.</b></p>
+<table border="1" class="CALSTABLE">
+<col>
+<col>
+<tbody>
+<tr>
+<td>xmlSecCryptoInit()</td>
+<td>Initializes xmlsec-&lt;crypto&gt; library: registers cryptographic
+ transforms implemented by the library, keys, etc.
+ Please note, that the application might want to intialize
+ the cryprographic library by itself. The default cryprographic
+ library initialization (for example, used by xmlsec utility)
+ is implemented in xmlSecCryptoAppInit() function.
+ </td>
+</tr>
+<tr>
+<td>xmlSecCryptoShutdown()</td>
+<td>Shuts down xmlsec-&lt;crypto&gt; library.
+ Please note, that the application might want to shutdown
+ the cryprographic library by itself. The default cryprographic
+ library shutdown (for example, used by xmlsec utility)
+ is implemented in xmlSecCryptoAppShutdown() function.
+ </td>
+</tr>
+<tr>
+<td>xmlSecCryptoKeysMngrInit()</td>
+<td>Adds keys stores implemented by the xmlsec-&lt;crypto&gt; library
+ to the keys manager object.
+ </td>
+</tr>
+</tbody>
+</table>
+</div>
+ </div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-new-crypto-skeleton.html"><b>&lt;&lt;&lt; Creating a framework from the skeleton.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-new-crypto-klasses.html"><b>Klasses and objects. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-new-crypto-key-stores.html b/docs/api/xmlsec-notes-new-crypto-key-stores.html
new file mode 100644
index 00000000..d9bd24d7
--- /dev/null
+++ b/docs/api/xmlsec-notes-new-crypto-key-stores.html
@@ -0,0 +1,83 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Key stores.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.76b+
+">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Adding support for new cryptographic library." href="xmlsec-notes-new-crypto.html">
+<link rel="PREVIOUS" title="Keys." href="xmlsec-notes-new-crypto-keys.html">
+<link rel="NEXT" title="Simple keys manager." href="xmlsec-notes-new-crypto-simple-keys-mngr.html">
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<div class="NAVHEADER"><table width="100%" border="0" bgcolor="#000000" cellpadding="1" cellspacing="0">
+<tr><th colspan="4" align="center"><font color="#FFFFFF" size="5">XML Security Library Reference Manual</font></th></tr>
+<tr>
+<td width="25%" bgcolor="#C00000" align="left"><a href="xmlsec-notes-new-crypto-keys.html"><font color="#FFFFFF" size="3"><b>&lt;&lt;&lt; Previous Page</b></font></a></td>
+<td width="25%" bgcolor="#0000C0" align="center"><font color="#FFFFFF" size="3"><b><a href="index.html"><font color="#FFFFFF" size="3"><b>Home</b></font></a></b></font></td>
+<td width="25%" bgcolor="#00C000" align="center"><font color="#FFFFFF" size="3"><b><a href="xmlsec-notes-new-crypto.html"><font color="#FFFFFF" size="3"><b>Up</b></font></a></b></font></td>
+<td width="25%" bgcolor="#C00000" align="right"><a href="xmlsec-notes-new-crypto-simple-keys-mngr.html"><font color="#FFFFFF" size="3"><b>Next Page &gt;&gt;&gt;</b></font></a></td>
+</tr>
+</table></div>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1">
+<a name="XMLSEC-NOTES-NEW-CRYPTO-KEY-STORES"></a>Key stores.</h1>
+<p> TODO
+ </p>
+</div>
+<div class="NAVFOOTER">
+<br clear="all"><br><table width="100%" border="0" bgcolor="#000000" cellpadding="1" cellspacing="0">
+<tr>
+<td width="25%" bgcolor="#C00000" align="left"><a href="xmlsec-notes-new-crypto-keys.html"><font color="#FFFFFF" size="3"><b>&lt;&lt;&lt; Previous Page</b></font></a></td>
+<td width="25%" bgcolor="#0000C0" align="center"><font color="#FFFFFF" size="3"><b><a href="index.html"><font color="#FFFFFF" size="3"><b>Home</b></font></a></b></font></td>
+<td width="25%" bgcolor="#00C000" align="center"><font color="#FFFFFF" size="3"><b><a href="xmlsec-notes-new-crypto.html"><font color="#FFFFFF" size="3"><b>Up</b></font></a></b></font></td>
+<td width="25%" bgcolor="#C00000" align="right"><a href="xmlsec-notes-new-crypto-simple-keys-mngr.html"><font color="#FFFFFF" size="3"><b>Next Page &gt;&gt;&gt;</b></font></a></td>
+</tr>
+<tr>
+<td colspan="2" align="left"><font color="#FFFFFF" size="3"><b>Keys.</b></font></td>
+<td colspan="2" align="right"><font color="#FFFFFF" size="3"><b>Simple keys manager.</b></font></td>
+</tr>
+</table>
+</div>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-new-crypto-keys.html b/docs/api/xmlsec-notes-new-crypto-keys.html
new file mode 100644
index 00000000..c253ee76
--- /dev/null
+++ b/docs/api/xmlsec-notes-new-crypto-keys.html
@@ -0,0 +1,103 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Keys data and keys data stores.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Adding support for new cryptographic library." href="xmlsec-notes-new-crypto.html">
+<link rel="PREVIOUS" title="Cryptographic transforms." href="xmlsec-notes-new-crypto-transforms.html">
+<link rel="NEXT" title="Default keys manager." href="xmlsec-notes-new-crypto-simple-keys-mngr.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-new-crypto-transforms.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes-new-crypto.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-new-crypto-simple-keys-mngr.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-NOTES-NEW-CRYPTO-KEYS">Keys data and keys data stores.</a></h1>
+<p> There are two key data types: key value data (for example, AES, DES, DSA,
+ HMAC or RSA key data) and others (for example, key name, X509 or PGP data).
+ The key data implementation should implement at least one of
+ <a href="xmlsec-keysdata.html#XMLSECKEYDATAXMLREADMETHOD">xmlRead</a>
+ or <a href="xmlsec-keysdata.html#XMLSECKEYDATABINREADMETHOD">binRead</a> methods.
+ </p>
+<p>TODO</p>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-new-crypto-transforms.html"><b>&lt;&lt;&lt; Cryptographic transforms.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-new-crypto-simple-keys-mngr.html"><b>Default keys manager. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-new-crypto-klasses.html b/docs/api/xmlsec-notes-new-crypto-klasses.html
new file mode 100644
index 00000000..530832d5
--- /dev/null
+++ b/docs/api/xmlsec-notes-new-crypto-klasses.html
@@ -0,0 +1,217 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Klasses and objects.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Adding support for new cryptographic library." href="xmlsec-notes-new-crypto.html">
+<link rel="PREVIOUS" title="xmlSecCryptoApp* functions." href="xmlsec-notes-new-crypto-functions.html">
+<link rel="NEXT" title="Cryptographic transforms." href="xmlsec-notes-new-crypto-transforms.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-new-crypto-functions.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes-new-crypto.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-new-crypto-transforms.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-NOTES-NEW-CRYPTO-KLASSES">Klasses and objects.</a></h1>
+<p>The XML Security Library is written in C but it uses some OOP techniques:
+ the objects in the library have "klasses" and there is "klasses" inheritance.
+ (see <a href="xmlsec-signature-klasses.html">signature</a> and
+ <a href="xmlsec-encryption-klasses.html">encryption</a> klasses
+ diagrams). The "klass" is different from C++ "class" (btw, this is
+ one of the reasons why it is spelled differently). The idea of "klasses"
+ used in XML Security Library are close to one in the GLIB/GTK/GNOME
+ and many other C projects. If you ever seen an OOP code written in C
+ you should find everything familiar.
+ </p>
+<p>XML Security Library "klass" includes three main parts:
+ </p>
+<p></p>
+<ul>
+<li>
+<p>"Klass" declaration structure that defines "klass" interfaces
+ and global constant data (for example, the human-readable name of
+ the "klass").
+ </p>
+<div class="EXAMPLE">
+<a name="AEN562"></a><p><b>Example 6. Base transform "klass" and its child XPath transform "klass" structure.</b></p>
+<pre class="PROGRAMLISTING">struct _xmlSecTransformKlass {
+ /* data */
+ size_t klassSize;
+ size_t objSize;
+ const xmlChar* name;
+ const xmlChar* href;
+ xmlSecTransformUsage usage;
+
+ /* methods */
+ xmlSecTransformInitializeMethod initialize;
+ xmlSecTransformFinalizeMethod finalize;
+
+ xmlSecTransformNodeReadMethod readNode;
+ xmlSecTransformNodeWriteMethod writeNode;
+
+ ...
+};
+
+...
+
+static xmlSecTransformKlass xmlSecTransformXPathKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* size_t klassSize */
+ xmlSecXPathTransformSize, /* size_t objSize */
+
+ xmlSecNameXPath, /* const xmlChar* name; */
+ xmlSecXPathNs, /* const xmlChar* href; */
+ xmlSecTransformUsageDSigTransform, /* xmlSecTransformUsage usage; */
+
+ xmlSecTransformXPathInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecTransformXPathFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecTransformXPathNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+
+ ...
+};
+ </pre>
+</div>
+ </li>
+<li>
+<p>"Klass" id which is simply a pointer to the "klass"
+ declaration strucutre. "Klass" id is used to bind "klass" objects
+ to the "klass" declaration and to pass "klass" strucutre to functions.
+ </p>
+<div class="EXAMPLE">
+<a name="AEN567"></a><p><b>Example 7. Base transform "klass" id declaration and its child XPath transform "klass" id implementation.</b></p>
+<pre class="PROGRAMLISTING">typedef const struct _xmlSecTransformKlass xmlSecTransformKlass, *xmlSecTransformId;
+
+...
+
+#define xmlSecTransformXPathId xmlSecTransformXPathGetKlass()
+
+...
+
+xmlSecTransformId
+xmlSecTransformXPathGetKlass(void) {
+ return(&amp;xmlSecTransformXPathKlass);
+}
+ </pre>
+</div>
+ </li>
+<li>
+<p>"Klass" object structure that contains object specific
+ data. The child object specific data are placed after the parent "klass"
+ object data.
+ </p>
+<div class="EXAMPLE">
+<a name="AEN572"></a><p><b>Example 8. Base transform object strucutre and its child XPath transform object.</b></p>
+<pre class="PROGRAMLISTING">struct _xmlSecTransform {
+ xmlSecTransformId id;
+ xmlSecTransformOperation operation;
+ xmlSecTransformStatus status;
+ xmlNodePtr hereNode;
+
+ /* transforms chain */
+ xmlSecTransformPtr next;
+ xmlSecTransformPtr prev;
+
+ ...
+};
+
+...
+
+/******************************************************************************
+ *
+ * XPath/XPointer transforms
+ *
+ * xmlSecPtrList with XPath expressions is located after xmlSecTransform structure
+ *
+ *****************************************************************************/
+#define xmlSecXPathTransformSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecPtrList))
+#define xmlSecXPathTransformGetDataList(transform) \
+ ((xmlSecTransformCheckSize((transform), xmlSecXPathTransformSize)) ? \
+ (xmlSecPtrListPtr)(((unsigned char*)(transform)) + sizeof(xmlSecTransform)) : \
+ (xmlSecPtrListPtr)NULL)
+ </pre>
+</div>
+ </li>
+</ul>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-new-crypto-functions.html"><b>&lt;&lt;&lt; xmlSecCryptoApp* functions.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-new-crypto-transforms.html"><b>Cryptographic transforms. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-new-crypto-sharing-results.html b/docs/api/xmlsec-notes-new-crypto-sharing-results.html
new file mode 100644
index 00000000..872ef5ac
--- /dev/null
+++ b/docs/api/xmlsec-notes-new-crypto-sharing-results.html
@@ -0,0 +1,125 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Sharing the results.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Adding support for new cryptographic library." href="xmlsec-notes-new-crypto.html">
+<link rel="PREVIOUS" title="Default keys manager." href="xmlsec-notes-new-crypto-simple-keys-mngr.html">
+<link rel="NEXT" title="Examples." href="xmlsec-examples.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-new-crypto-simple-keys-mngr.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes-new-crypto.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-examples.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-NOTES-NEW-CRYPTO-SHARING-RESULTS">Sharing the results.</a></h1>
+<p>If you implemented support for new cryptographic library
+ (or extended an existing one) and both you and your company/university/...
+ are willing to share the code I would be glad to add your work
+ to XML Security Library. Many people will thank you for this
+ and will use your library. Of course, you'll get all the credits
+ for your work.
+ </p>
+<p>The best way to submit your enchancements is to provide a diff
+ with the current CVS version. In order to do this,
+ </p>
+<p></p>
+<ul>
+<li><p>Checkout the sources from <a href="http://developer.gnome.org/tools/cvs.html" target="_top">GNOME CVS</a>
+ (module name is "xmlsec").
+ </p></li>
+<li><p>Add all the new files with "cvs add" command (this will not
+ create files in CVS but mark them as "added" localy). You'll not be able
+ to create new folders without a valid GNOME CVS account, let me know
+ what you need and I'll be happy to help.
+ </p></li>
+<li><p>Get a diff of all existing and new files using
+ "cvs -z3 diff -u -N" command.
+ </p></li>
+<li><p>Send the resulting diff file to the xmlsec mailing list
+ with some information about yourself so I can update the authors
+ and coping information.
+ </p></li>
+</ul>
+ I will try to review and check in your patch as soon as possible.
+ </div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-new-crypto-simple-keys-mngr.html"><b>&lt;&lt;&lt; Default keys manager.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-examples.html"><b>Examples. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-new-crypto-simple-keys-mngr.html b/docs/api/xmlsec-notes-new-crypto-simple-keys-mngr.html
new file mode 100644
index 00000000..ac1d4693
--- /dev/null
+++ b/docs/api/xmlsec-notes-new-crypto-simple-keys-mngr.html
@@ -0,0 +1,102 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Default keys manager.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Adding support for new cryptographic library." href="xmlsec-notes-new-crypto.html">
+<link rel="PREVIOUS" title="Keys data and keys data stores." href="xmlsec-notes-new-crypto-keys.html">
+<link rel="NEXT" title="Sharing the results." href="xmlsec-notes-new-crypto-sharing-results.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-new-crypto-keys.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes-new-crypto.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-new-crypto-sharing-results.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-NOTES-NEW-CRYPTO-SIMPLE-KEYS-MNGR">Default keys manager.</a></h1>
+<p>Any "xmlsec-&lt;crypto&gt;" library implementation must provide
+ a default keys store. The XML Security Library has a built-in flat
+ list based <a href="xmlsec-keysmngr.html#XMLSECSIMPLEKEYSSTOREID">simple keys
+ store</a> which could be used if cryptographic library does not
+ have one itself.
+ </p>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-new-crypto-keys.html"><b>&lt;&lt;&lt; Keys data and keys data stores.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-new-crypto-sharing-results.html"><b>Sharing the results. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-new-crypto-skeleton.html b/docs/api/xmlsec-notes-new-crypto-skeleton.html
new file mode 100644
index 00000000..979bbe34
--- /dev/null
+++ b/docs/api/xmlsec-notes-new-crypto-skeleton.html
@@ -0,0 +1,254 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Creating a framework from the skeleton.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Adding support for new cryptographic library." href="xmlsec-notes-new-crypto.html">
+<link rel="PREVIOUS" title="Adding support for new cryptographic library." href="xmlsec-notes-new-crypto.html">
+<link rel="NEXT" title="xmlSecCryptoApp* functions." href="xmlsec-notes-new-crypto-functions.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-new-crypto.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes-new-crypto.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-new-crypto-functions.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-NOTES-NEW-CRYPTO-SKELETON">Creating a framework from the skeleton.</a></h1>
+<p> The XML Security Library contains a "skeleton" for creating new
+ "xmlsec-&lt;crypto&gt;" libraries. In order to create "xmlsec-mycrypto"
+ library framework, do the following (this example assumes that you
+ are using *nix system, adjust the commands if you are using something else):
+ </p>
+<p></p>
+<ul>
+<li>
+<p> Copy src/skeleton and include/xmlsec/skeleton folders to src/mycrypto and
+ include/xmlsec/mycrypto folders and remove CVS folders from the result:
+ </p>
+<div class="EXAMPLE">
+<a name="AEN512"></a><p><b>Example 1. Coping skeleton folders.</b></p>
+<pre class="PROGRAMLISTING">cd src
+cp -r skeleton mycrypto
+cd mycrypto
+rm -rf CVS
+cd ../..
+cd include/xmlsec
+cp -r skeleton mycrypto
+cd mycrypto
+rm -rf CVS
+cd ../../..
+ </pre>
+</div>
+ </li>
+<li>
+<p> Replace "skeleton" with "mycrypto" in the copied files (note that there
+ are different possible cases here):
+ </p>
+<div class="EXAMPLE">
+<a name="AEN517"></a><p><b>Example 2. Replacing "skeleton" with "mycrypto".</b></p>
+<pre class="PROGRAMLISTING">for i in `ls include/xmlsec/mycrypto/* src/mycrypto/*`; do
+ echo Processing $i ..;
+ sed 's/skeleton/mycrypto/g' $i | \
+ sed 's/SKELETON/MYCRYPTO/g' | \
+ sed 's/Skeleton/MyCrypto/g' &gt; $i.tmp;
+ mv $i.tmp $i;
+done
+ </pre>
+</div>
+ </li>
+<li>
+<p> Add "xmlsec-mycrypto" library to the "include/xmlsec/crypto.h" file:
+ </p>
+<div class="EXAMPLE">
+<a name="AEN522"></a><p><b>Example 3. Modifying include/xmlsec/crypto.h file.</b></p>
+<pre class="PROGRAMLISTING">...
+#ifdef XMLSEC_CRYPTO_MYCRYPTO
+#include &lt;xmlsec/mycrypto/app.h&gt;
+#include &lt;xmlsec/mycrypto/crypto.h&gt;
+#include &lt;xmlsec/mycrypto/symbols.h&gt;
+#else /* XMLSEC_CRYPTO_MYCRYPTO */
+...
+#endif /* XMLSEC_CRYPTO_MYCRYPTO */
+...
+ </pre>
+</div>
+ </li>
+<li>
+<p> Add "xmlsec-crypto" library to the configure.in file (for *nix systems;
+ for Windows you need to modify win32/confgure.js and win32/Makefile.msvc
+ files, see win32/README.txt for details):
+ </p>
+<div class="EXAMPLE">
+<a name="AEN527"></a><p><b>Example 4. Modifying configure.in file.</b></p>
+<pre class="PROGRAMLISTING">dnl ==========================================================================
+dnl See if we can find MyCrypto
+dnl ==========================================================================
+XMLSEC_MYCRYPTO_DEFINES=""
+MYCRYPTO_CONFIG="mycrypto-config" # TODO
+XMLSEC_NO_MYCRYPTO="1"
+MYCRYPTO_MIN_VERSION="0.0.0" # TODO
+MYCRYPTO_VERSION=""
+MYCRYPTO_PREFIX=""
+MYCRYPTO_CFLAGS=""
+MYCRYPTO_LIBS=""
+MYCRYPTO_LDADDS=""
+AC_MSG_CHECKING(for mycrypto libraries &gt;= $MYCRYPTO_MIN_VERSION)
+AC_ARG_WITH(mycrypto, [ --with-mycrypto=[PFX] mycrypto location])
+if test "$with_mycrypto" = "no" ; then
+ XMLSEC_CRYPTO_DISABLED_LIST="$XMLSEC_CRYPTO_DISABLED_LIST mycrypto"
+ AC_MSG_RESULT(no)
+else
+ if test "$with_mycrypto" != "" ; then
+ MYCRYPTO_PREFIX=$with_mycrypto
+ MYCRYPTO_CONFIG=$MYCRYPTO_PREFIX/bin/$MYCRYPTO_CONFIG
+ fi
+ if ! $MYCRYPTO_CONFIG --version &gt; /dev/null 2&gt;&amp;1 ; then
+ if test "$with_mycrypto" != "" ; then
+ AC_MSG_ERROR(Unable to find mycrypto at '$with_mycrypto')
+ fi
+ else
+ vers=`$MYCRYPTO_CONFIG --version | awk -F. '{ printf "%d", ($1 * 1000 + $2) * 1000 + $3;}'`
+ minvers=`echo $MYCRYPTO_MIN_VERSION | awk -F. '{ printf "%d", ($1 * 1000 + $2) * 1000 + $3;}'`
+ if test "$vers" -ge "$minvers" ; then
+ MYCRYPTO_LIBS="`$MYCRYPTO_CONFIG --libs`"
+ MYCRYPTO_CFLAGS="`$MYCRYPTO_CONFIG --cflags`"
+ MYCRYPTO_VERSION="`$MYCRYPTO_CONFIG --version`"
+ XMLSEC_NO_MYCRYPTO="0"
+ else
+ AC_MSG_ERROR(You need at least mycrypto $MYCRYPTO_MIN_VERSION for this version of $PACKAGE)
+ fi
+ fi
+
+ dnl update crypt libraries list
+ if test "z$XMLSEC_NO_MYCRYPTO" = "z0" ; then
+ dnl first crypto library is default one
+ if test "z$XMLSEC_CRYPTO" = "z" ; then
+ XMLSEC_CRYPTO="mycrypto"
+ XMLSEC_CRYPTO_LIB="xmlsec1-mycrypto"
+ XMLSEC_CRYPTO_CFLAGS="$MYCRYPTO_CFLAGS -DXMLSEC_CRYPTO_MYCRYPTO=1"
+ XMLSEC_CRYPTO_LIBS="$MYCRYPTO_LIBS"
+ XMLSEC_CRYPTO_LDADDS="$MYCRYPTO_LDADDS"
+ fi
+ XMLSEC_CRYPTO_LIST="$XMLSEC_CRYPTO_LIST mycrypto"
+ AC_MSG_RESULT(yes ('$MYCRYPTO_VERSION'))
+ else
+ XMLSEC_CRYPTO_DISABLED_LIST="$XMLSEC_CRYPTO_DISABLED_LIST mycrypto"
+ AC_MSG_RESULT(no)
+ fi
+fi
+AC_SUBST(XMLSEC_NO_MYCRYPTO)
+AC_SUBST(MYCRYPTO_MIN_VERSION)
+AC_SUBST(MYCRYPTO_VERSION)
+AC_SUBST(MYCRYPTO_CONFIG)
+AC_SUBST(MYCRYPTO_PREFIX)
+AC_SUBST(MYCRYPTO_CFLAGS)
+AC_SUBST(MYCRYPTO_LIBS)
+AC_SUBST(MYCRYPTO_LDADDS)
+AC_SUBST(XMLSEC_MYCRYPTO_DEFINES)
+
+...
+AC_OUTPUT([
+...
+include/xmlsec/mycrypto/Makefile
+src/mycrypto/Makefile
+...
+])
+ </pre>
+</div>
+ </li>
+<li><p>Modify "xmlsec.spec.in" file to create "xmlsec-mycrypto"
+ RPM (if necessary).
+ </p></li>
+</ul>
+
+ By now you should be able to sucessfuly compile XML Security Library
+ with MyCrypto library (we disable all other libraries to make sure
+ that xmlsec command line utility is linked against xmlsec-mycrypto
+ library):
+ <div class="EXAMPLE">
+<a name="AEN532"></a><p><b>Example 5. Compiling the results.</b></p>
+<pre class="PROGRAMLISTING">./autogen.sh --without-openssl --without-nss --without-gnutls --without-gcrypt \
+ --with-mycrypto=$HOME --disable-tmpl-tests
+make
+ </pre>
+</div>
+ </div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-new-crypto.html"><b>&lt;&lt;&lt; Adding support for new cryptographic library.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-new-crypto-functions.html"><b>xmlSecCryptoApp* functions. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-new-crypto-transforms.html b/docs/api/xmlsec-notes-new-crypto-transforms.html
new file mode 100644
index 00000000..71e935cc
--- /dev/null
+++ b/docs/api/xmlsec-notes-new-crypto-transforms.html
@@ -0,0 +1,170 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Cryptographic transforms.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Adding support for new cryptographic library." href="xmlsec-notes-new-crypto.html">
+<link rel="PREVIOUS" title="Klasses and objects." href="xmlsec-notes-new-crypto-klasses.html">
+<link rel="NEXT" title="Keys data and keys data stores." href="xmlsec-notes-new-crypto-keys.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-new-crypto-klasses.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes-new-crypto.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-new-crypto-keys.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-NOTES-NEW-CRYPTO-TRANSFORMS">Cryptographic transforms.</a></h1>
+<p>The cryptographic transforms (digests, signatures and encryption)
+ implementation is the main goal of "xmlsec-&lt;crypto&gt;" library.
+ Most of the cryptographic <a href="xmlsec-notes-transforms.html">transforms</a>
+ use default <code class="STRUCTFIELD">pushBin</code> and <code class="STRUCTFIELD">popBin</code>
+ methods and provide custom <a href="xmlsec-transforms.html#XMLSECTRANSFORMEXECUTEMETHOD">execute</a> method.
+ The binary transform <a href="xmlsec-transforms.html#XMLSECTRANSFORMEXECUTEMETHOD">execute</a> method
+ processes data from the input buffer
+ <code class="STRUCTFIELD">inBuf</code> and pushes results to
+ <code class="STRUCTFIELD">outBuf</code>. The transform should try to
+ consume and remove data from <code class="STRUCTFIELD">inBuf</code> buffer
+ as soon as the data became available. However, it might happen
+ that current data size in the input buffer is not enough (for example,
+ RSA-PKCS1 algorithm requires that all the data are available in
+ one buffer). In this case, transform might keep the data in the
+ input buffer till the next call to
+ <a href="xmlsec-transforms.html#XMLSECTRANSFORMEXECUTEMETHOD">execute</a>
+ method. The "last" parameter of the
+ <a href="xmlsec-transforms.html#XMLSECTRANSFORMEXECUTEMETHOD">execute</a>
+ indicates that transform MUST process all the data in the input buffer
+ and return as much as possible in the output buffer. The
+ <a href="xmlsec-transforms.html#XMLSECTRANSFORMEXECUTEMETHOD">execute</a> method
+ might be called multiple times with non-zero "last" parameter until
+ the transforms returns nothing
+ in the output buffer. In addition, the transform implementation is
+ responsible for managing the transform <code class="STRUCTFIELD">status</code>
+ variable.
+ </p>
+<div class="TABLE">
+<a name="AEN590"></a><p><b>Table 2. Typical transform status managing.</b></p>
+<table border="1" class="CALSTABLE">
+<col>
+<col>
+<tbody>
+<tr>
+<td>xmlSecTransformStatusNone</td>
+<td>Transform initializes itself (for example, cipher transform
+ generates or reads IV) and sets <code class="STRUCTFIELD">status</code>
+ variable to xmlSecTransformStatusWorking.</td>
+</tr>
+<tr>
+<td>xmlSecTransformStatusWorking</td>
+<td>Transform process the next (if "last" parameter is zero) or
+ last block of data (if "last" parameter is non-zero).
+ When transform returns all the data, it sets the
+ <code class="STRUCTFIELD">status</code> variable to
+ xmlSecTransformStatusFinished.</td>
+</tr>
+<tr>
+<td>xmlSecTransformStatusFinished</td>
+<td>Transform returns no data to indicate that it finished
+ processing.</td>
+</tr>
+</tbody>
+</table>
+</div>
+ <p>In adition to <a href="xmlsec-transforms.html#XMLSECTRANSFORMEXECUTEMETHOD">execute</a>
+ methods, signature, hmac or digest transforms
+ MUST implement <a href="xmlsec-transforms.html#XMLSECTRANSFORMVERIFYMETHOD">verify</a> method.
+ The <a href="xmlsec-transforms.html#XMLSECTRANSFORMVERIFYMETHOD">verify</a> method is called
+ after transform execution is finished. The
+ <a href="xmlsec-transforms.html#XMLSECTRANSFORMVERIFYMETHOD">verify</a> method implementation
+ must set the "status" member to <a href="xmlsec-transforms.html#XMLSECTRANSFORMSTATUSOK">xmlSecTransformStatusOk</a>
+ if signature, hmac or digest is successfuly verified or to
+ <a href="xmlsec-transforms.html#XMLSECTRANSFORMSTATUSFAIL">xmlSecTransformStatusFail</a>
+ otherwise.
+ </p>
+<p>The transforms that require a key (signature or encryption
+ transforms, for example) MUST imlpement
+ <a href="xmlsec-transforms.html#XMLSECTRANSFORMSETKEYREQUIREMENTSMETHOD">setKeyReq</a>
+ (prepares the <a href="xmlsec-keys.html#XMLSECKEYREQ">key requirements</a>
+ for key search) and
+ <a href="xmlsec-transforms.html#XMLSECTRANSFORMSETKEYMETHOD">setKey</a>
+ (sets the key in the transform) methods.
+ </p>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-new-crypto-klasses.html"><b>&lt;&lt;&lt; Klasses and objects.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-new-crypto-keys.html"><b>Keys data and keys data stores. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-new-crypto.html b/docs/api/xmlsec-notes-new-crypto.html
new file mode 100644
index 00000000..ef8b4d00
--- /dev/null
+++ b/docs/api/xmlsec-notes-new-crypto.html
@@ -0,0 +1,136 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Adding support for new cryptographic library.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library Tutorial" href="xmlsec-notes.html">
+<link rel="PREVIOUS" title="Using context objects." href="xmlsec-notes-contexts.html">
+<link rel="NEXT" title="Creating a framework from the skeleton." href="xmlsec-notes-new-crypto-skeleton.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-contexts.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-new-crypto-skeleton.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<div class="CHAPTER">
+<h1>
+<a name="XMLSEC-NOTES-NEW-CRYPTO"></a>Adding support for new cryptographic library.</h1>
+<div class="TOC"><dl>
+<dt><b>Table of Contents</b></dt>
+<dt><a href="xmlsec-notes-new-crypto.html#XMLSEC-NOTES-NEW-CRYPTO-OVERVIEW">Overview.</a></dt>
+<dt><a href="xmlsec-notes-new-crypto-skeleton.html">Creating a framework from the skeleton.</a></dt>
+<dt><a href="xmlsec-notes-new-crypto-functions.html">xmlSecCryptoApp* functions.</a></dt>
+<dt><a href="xmlsec-notes-new-crypto-klasses.html">Klasses and objects.</a></dt>
+<dt><a href="xmlsec-notes-new-crypto-transforms.html">Cryptographic transforms.</a></dt>
+<dt><a href="xmlsec-notes-new-crypto-keys.html">Keys data and keys data stores.</a></dt>
+<dt><a href="xmlsec-notes-new-crypto-simple-keys-mngr.html">Default keys manager.</a></dt>
+<dt><a href="xmlsec-notes-new-crypto-sharing-results.html">Sharing the results.</a></dt>
+</dl></div>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-NOTES-NEW-CRYPTO-OVERVIEW">Overview.</a></h1>
+<p>XML Security Library can support practicaly any cryptographic
+ library. Currently, it has "out-of-the-box" support for OpenSSL,
+ MSCrypto, NSS, GnuTLS and GCrypt. If your favorite library is not supported yet then
+ you can write necessary code yourself. If you and your company
+ (university, ...) are willing to share the results of your work I would
+ be happy to add support for new libraries to the main XML Security
+ Library distribution.</p>
+<p> The XML Security Library
+ <a href="xmlsec-notes-structure.html">separates</a>
+ the cryptographic library (engine)
+ specific code in an "xmlsec-&lt;crypto&gt;" library (where "&lt;crypto&gt;" is
+ "openssl", "mscrypt", "gnutls", "gcrypt", "nss", etc.) which includes following items:
+ </p>
+<p></p>
+<ul>
+<li><p> xmlSecCryptoApp* functions.
+ </p></li>
+<li><p> Cryptographic transforms and keys data implementation.
+ </p></li>
+<li><p> Keys store support (X509, PGP, etc.).
+ </p></li>
+</ul>
+ In this chapter, we will discuss
+ a task of creating "xmlsec-mycrypto" library that provides support
+ for your favorite "MyCrypto" cryptographic library.
+ </div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-contexts.html"><b>&lt;&lt;&lt; Using context objects.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-new-crypto-skeleton.html"><b>Creating a framework from the skeleton. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-overview.html b/docs/api/xmlsec-notes-overview.html
new file mode 100644
index 00000000..c27b9be9
--- /dev/null
+++ b/docs/api/xmlsec-notes-overview.html
@@ -0,0 +1,102 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Overview.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library Tutorial" href="xmlsec-notes.html">
+<link rel="PREVIOUS" title="XML Security Library Tutorial" href="xmlsec-notes.html">
+<link rel="NEXT" title="XML Security Library Structure." href="xmlsec-notes-structure.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-structure.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<div class="CHAPTER">
+<h1>
+<a name="XMLSEC-NOTES-OVERVIEW"></a>Overview.</h1>
+<p>XML Security Library provides support for XML Digital Signature
+ and XML Encryption. It is based on LibXML/LibXSLT and can use
+ practicaly any crypto library (currently there is "out of the box"
+ support for OpenSSL, MSCrypto, GnuTLS, GCrypt and NSS).
+ </p>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes.html"><b>&lt;&lt;&lt; XML Security Library Tutorial</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-structure.html"><b>XML Security Library Structure. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-sign-encrypt.html b/docs/api/xmlsec-notes-sign-encrypt.html
new file mode 100644
index 00000000..7599ea49
--- /dev/null
+++ b/docs/api/xmlsec-notes-sign-encrypt.html
@@ -0,0 +1,120 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Signing and encrypting documents.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library Tutorial" href="xmlsec-notes.html">
+<link rel="PREVIOUS" title="Initialization and shutdown." href="xmlsec-notes-init-shutdown.html">
+<link rel="NEXT" title="Signing a document." href="xmlsec-notes-sign.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-init-shutdown.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-sign.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<div class="CHAPTER">
+<h1>
+<a name="XMLSEC-NOTES-SIGN-ENCRYPT"></a>Signing and encrypting documents.</h1>
+<div class="TOC"><dl>
+<dt><b>Table of Contents</b></dt>
+<dt><a href="xmlsec-notes-sign-encrypt.html#XMLSEC-NOTES-SIGN-ENCRYPT-OVERVIEW">Overview.</a></dt>
+<dt><a href="xmlsec-notes-sign.html">Signing a document.</a></dt>
+<dt><a href="xmlsec-notes-encrypt.html">Encrypting data.</a></dt>
+</dl></div>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-NOTES-SIGN-ENCRYPT-OVERVIEW">Overview.</a></h1>
+<p>XML Security Library performs signature or encryption by processing
+ input xml or binary data and a template that specifies a signature or
+ encryption skeleton: the transforms, algorithms, the key selection
+ process. A template has the same structure as the desired result but
+ some of the nodes are empty. XML Security Library gets the key for
+ signature/encryption from keys managers using the information from
+ the template, does necessary computations and puts the results in
+ the template. Signature or encryption context controls the whole
+ process and stores the required temporary data.
+ </p>
+<div class="FIGURE">
+<a name="AEN149"></a><p><b>Figure 1. The signature or encryption processing model.</b></p>
+<p><img src="images/sign-enc-model.png" align="CENTER"></p>
+</div>
+ </div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-init-shutdown.html"><b>&lt;&lt;&lt; Initialization and shutdown.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-sign.html"><b>Signing a document. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-sign-x509.html b/docs/api/xmlsec-notes-sign-x509.html
new file mode 100644
index 00000000..52fd1a66
--- /dev/null
+++ b/docs/api/xmlsec-notes-sign-x509.html
@@ -0,0 +1,176 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Signing data with X509 certificate.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Using X509 Certificates." href="xmlsec-notes-x509.html">
+<link rel="PREVIOUS" title="Using X509 Certificates." href="xmlsec-notes-x509.html">
+<link rel="NEXT" title="Verifing document signed with X509 certificates." href="xmlsec-notes-verify-x509.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-x509.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes-x509.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-verify-x509.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-NOTES-SIGN-X509">Signing data with X509 certificate.</a></h1>
+<p>To sign a file using X509 certificate,
+ an application need to associate the certificate (or certificates)
+ with the private key using one of the following functions:
+ </p>
+<p></p>
+<ul>
+<li><p> <a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPKEYCERTLOAD">xmlSecOpenSSLAppKeyCertLoad</a> - loads
+ certificate from a file and adds to the key;
+ </p></li>
+<li><p> <a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPPKCS12LOAD">xmlSecOpenSSLAppPkcs12Load</a> -
+ loads private key and all the certificates associated with it from a PKCS12 file;
+ </p></li>
+<li><p> <a href="xmlsec-keys.html#XMLSECKEYADOPTDATA">xmlSecKeyAdoptData</a> - low level
+ function to add key data (including X509 key data) to the key.
+ </p></li>
+</ul>
+<div class="EXAMPLE">
+<a name="AEN423"></a><p><b>Example 1. Loading private key and X509 certificate.</b></p>
+<pre class="PROGRAMLISTING"> /* load private key, assuming that there is not password */
+ key = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
+ if(key == NULL) {
+ fprintf(stderr,"Error: failed to load private pem key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* load certificate and add to the key */
+ if(xmlSecCryptoAppKeyCertLoad(key, cert_file, xmlSecKeyDataFormatPem) &lt; 0) {
+ fprintf(stderr,"Error: failed to load pem certificate \"%s\"\n", cert_file);
+ goto done;
+ }
+ </pre>
+<p><a href="xmlsec-examples-sign-x509.html#XMLSEC-EXAMPLE-SIGN3">Full program listing</a></p>
+</div>
+ <p>Next step is to prepare signature template with &lt;dsig:X509Data/&gt;
+ child of the &lt;dsig:KeyInfo/&gt; element. When XML Security Library finds
+ this node in the template, it automaticaly creates &lt;dsig:X509Certificate/&gt;
+ children of the &lt;dsig:X509Data/&gt; element and writes to result XML document
+ all the certificates associated with the signature key.
+ </p>
+<div class="EXAMPLE">
+<a name="AEN429"></a><p><b>Example 2. Dynamicaly creating a signature template for signing document using X509 certificate.</b></p>
+<pre class="PROGRAMLISTING"> /* create signature template for RSA-SHA1 enveloped signature */
+ signNode = xmlSecTmplSignatureCreate(doc, xmlSecTransformExclC14NId,
+ xmlSecTransformRsaSha1Id, NULL);
+ if(signNode == NULL) {
+ fprintf(stderr, "Error: failed to create signature template\n");
+ goto done;
+ }
+
+ /* add &lt;dsig:Signature/&gt; node to the doc */
+ xmlAddChild(xmlDocGetRootElement(doc), signNode);
+
+ /* add reference */
+ refNode = xmlSecTmplSignatureAddReference(signNode, xmlSecTransformSha1Id,
+ NULL, NULL, NULL);
+ if(refNode == NULL) {
+ fprintf(stderr, "Error: failed to add reference to signature template\n");
+ goto done;
+ }
+
+ /* add enveloped transform */
+ if(xmlSecTmplReferenceAddTransform(refNode, xmlSecTransformEnvelopedId) == NULL) {
+ fprintf(stderr, "Error: failed to add enveloped transform to reference\n");
+ goto done;
+ }
+
+ /* add &lt;dsig:KeyInfo/&gt; and &lt;dsig:X509Data/&gt; */
+ keyInfoNode = xmlSecTmplSignatureEnsureKeyInfo(signNode, NULL);
+ if(keyInfoNode == NULL) {
+ fprintf(stderr, "Error: failed to add key info\n");
+ goto done;
+ }
+
+ if(xmlSecTmplKeyInfoAddX509Data(keyInfoNode) == NULL) {
+ fprintf(stderr, "Error: failed to add X509Data node\n");
+ goto done;
+ }
+ </pre>
+<p><a href="xmlsec-examples-sign-x509.html#XMLSEC-EXAMPLE-SIGN3">Full program listing</a></p>
+</div>
+ </div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-x509.html"><b>&lt;&lt;&lt; Using X509 Certificates.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-verify-x509.html"><b>Verifing document signed with X509 certificates. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-sign.html b/docs/api/xmlsec-notes-sign.html
new file mode 100644
index 00000000..4e746c66
--- /dev/null
+++ b/docs/api/xmlsec-notes-sign.html
@@ -0,0 +1,210 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Signing a document.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Signing and encrypting documents." href="xmlsec-notes-sign-encrypt.html">
+<link rel="PREVIOUS" title="Signing and encrypting documents." href="xmlsec-notes-sign-encrypt.html">
+<link rel="NEXT" title="Encrypting data." href="xmlsec-notes-encrypt.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-sign-encrypt.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes-sign-encrypt.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-encrypt.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-NOTES-SIGN">Signing a document.</a></h1>
+<p>The typical siganture process includes following steps:
+ </p>
+<p></p>
+<ul>
+<li><p> Prepare data for signature.
+ </p></li>
+<li><p> Create or load signature template and select start
+ <a href="http://www.w3.org/TR/xmldsig-core/#sec-Signature" target="_top">&lt;dsig:Signature/&gt;</a>
+ node.
+ </p></li>
+<li><p> Create signature context <a href="xmlsec-xmldsig.html#XMLSECDSIGCTX">xmlSecDSigCtx</a>
+ using <a href="xmlsec-xmldsig.html#XMLSECDSIGCTXCREATE">xmlSecDSigCtxCreate</a> or
+ <a href="xmlsec-xmldsig.html#XMLSECDSIGCTXINITIALIZE">xmlSecDSigCtxInitialize</a>
+ functions.
+ </p></li>
+<li><p> Load signature key in <a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR">keys manager</a>
+ or generate a session key and set it in the signature context
+ (<code class="STRUCTFIELD">signKey</code> member of
+ <a href="xmlsec-xmldsig.html#XMLSECDSIGCTX">xmlSecDSigCtx</a> structure).
+ </p></li>
+<li><p> Sign data by calling <a href="xmlsec-xmldsig.html#XMLSECDSIGCTXSIGN">xmlSecDSigCtxSign</a>
+ function.
+ </p></li>
+<li><p> Check returned value and consume signed data.
+ </p></li>
+<li><p> Destroy signature context <a href="xmlsec-xmldsig.html#XMLSECDSIGCTX">xmlSecDSigCtx</a>
+ using <a href="xmlsec-xmldsig.html#XMLSECDSIGCTXDESTROY">xmlSecDSigCtxDestroy</a> or
+ <a href="xmlsec-xmldsig.html#XMLSECDSIGCTXFINALIZE">xmlSecDSigCtxFinalize</a>
+ functions.
+ </p></li>
+</ul>
+<p> </p>
+<div class="EXAMPLE">
+<a name="AEN182"></a><p><b>Example 1. Signing a template.</b></p>
+<pre class="PROGRAMLISTING">/**
+ * sign_file:
+ * @tmpl_file: the signature template file name.
+ * @key_file: the PEM private key file name.
+ *
+ * Signs the #tmpl_file using private key from #key_file.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+sign_file(const char* tmpl_file, const char* key_file) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr node = NULL;
+ xmlSecDSigCtxPtr dsigCtx = NULL;
+ int res = -1;
+
+ assert(tmpl_file);
+ assert(key_file);
+
+ /* load template */
+ doc = xmlParseFile(tmpl_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", tmpl_file);
+ goto done;
+ }
+
+ /* find start node */
+ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
+ if(node == NULL) {
+ fprintf(stderr, "Error: start node not found in \"%s\"\n", tmpl_file);
+ goto done;
+ }
+
+ /* create signature context, we don't need keys manager in this example */
+ dsigCtx = xmlSecDSigCtxCreate(NULL);
+ if(dsigCtx == NULL) {
+ fprintf(stderr,"Error: failed to create signature context\n");
+ goto done;
+ }
+
+ /* load private key, assuming that there is not password */
+ dsigCtx-&gt;signKey = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
+ if(dsigCtx-&gt;signKey == NULL) {
+ fprintf(stderr,"Error: failed to load private pem key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(dsigCtx-&gt;signKey, key_file) &lt; 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* sign the template */
+ if(xmlSecDSigCtxSign(dsigCtx, node) &lt; 0) {
+ fprintf(stderr,"Error: signature failed\n");
+ goto done;
+ }
+
+ /* print signed document to stdout */
+ xmlDocDump(stdout, doc);
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(dsigCtx != NULL) {
+ xmlSecDSigCtxDestroy(dsigCtx);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+ </pre>
+<p><a href="xmlsec-examples-sign-template-file.html#XMLSEC-EXAMPLE-SIGN1">Full program listing</a></p>
+<p><a href="xmlsec-examples-sign-template-file.html#XMLSEC-EXAMPLE-SIGN1-TMPL">Simple signature template file</a></p>
+</div>
+ </div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-sign-encrypt.html"><b>&lt;&lt;&lt; Signing and encrypting documents.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-encrypt.html"><b>Encrypting data. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-simple-keys-store.html b/docs/api/xmlsec-notes-simple-keys-store.html
new file mode 100644
index 00000000..55cf4dbe
--- /dev/null
+++ b/docs/api/xmlsec-notes-simple-keys-store.html
@@ -0,0 +1,177 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Simple keys store.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Keys manager." href="xmlsec-notes-keysmngr.html">
+<link rel="PREVIOUS" title="Keys manager." href="xmlsec-notes-keysmngr.html">
+<link rel="NEXT" title="Using keys manager for signatures/encryption." href="xmlsec-notes-keys-manager-sign-enc.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-keysmngr.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes-keysmngr.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-keys-manager-sign-enc.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-NOTES-SIMPLE-KEYS-STORE">Simple keys store.</a></h1>
+<p> XML Security Library has a built-in simple keys store
+ implemented using a keys list. You can use it in your application
+ if you have a small number of keys. However, this might be not a
+ best option from performance point of view if you have a lot of keys.
+ In this case, you probably should implement your own keys store
+ using an SQL database or some other keys storage.
+ </p>
+<p> </p>
+<div class="EXAMPLE">
+<a name="AEN363"></a><p><b>Example 1. Initializing keys manager and loading keys from PEM files.</b></p>
+<pre class="PROGRAMLISTING">/**
+ * load_keys:
+ * @files: the list of filenames.
+ * @files_size: the number of filenames in #files.
+ *
+ * Creates default keys manager and load PEM keys from #files in it.
+ * The caller is responsible for destroing returned keys manager using
+ * @xmlSecKeysMngrDestroy.
+ *
+ * Returns the pointer to newly created keys manager or NULL if an error
+ * occurs.
+ */
+xmlSecKeysMngrPtr
+load_keys(char** files, int files_size) {
+ xmlSecKeysMngrPtr mngr;
+ xmlSecKeyPtr key;
+ int i;
+
+ assert(files);
+ assert(files_size &gt; 0);
+
+ /* create and initialize keys manager, we use a default list based
+ * keys manager, implement your own xmlSecKeysStore klass if you need
+ * something more sophisticated
+ */
+ mngr = xmlSecKeysMngrCreate();
+ if(mngr == NULL) {
+ fprintf(stderr, "Error: failed to create keys manager.\n");
+ return(NULL);
+ }
+ if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) &lt; 0) {
+ fprintf(stderr, "Error: failed to initialize keys manager.\n");
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ for(i = 0; i &lt; files_size; ++i) {
+ assert(files[i]);
+
+ /* load key */
+ key = xmlSecCryptoAppKeyLoad(files[i], xmlSecKeyDataFormatPem, NULL, NULL, NULL);
+ if(key == NULL) {
+ fprintf(stderr,"Error: failed to load pem key from \"%s\"\n", files[i]);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(key, BAD_CAST files[i]) &lt; 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", files[i]);
+ xmlSecKeyDestroy(key);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* add key to keys manager, from now on keys manager is responsible
+ * for destroying key
+ */
+ if(xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key) &lt; 0) {
+ fprintf(stderr,"Error: failed to add key from \"%s\" to keys manager\n", files[i]);
+ xmlSecKeyDestroy(key);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+ }
+
+ return(mngr);
+}
+ </pre>
+<p><a href="xmlsec-verify-with-keys-mngr.html#XMLSEC-EXAMPLE-VERIFY2">Full program listing</a></p>
+</div>
+ </div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-keysmngr.html"><b>&lt;&lt;&lt; Keys manager.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-keys-manager-sign-enc.html"><b>Using keys manager for signatures/encryption. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-structure.html b/docs/api/xmlsec-notes-structure.html
new file mode 100644
index 00000000..ba89d19f
--- /dev/null
+++ b/docs/api/xmlsec-notes-structure.html
@@ -0,0 +1,115 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>XML Security Library Structure.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library Tutorial" href="xmlsec-notes.html">
+<link rel="PREVIOUS" title="Overview." href="xmlsec-notes-overview.html">
+<link rel="NEXT" title="Building the application with XML Security Library." href="xmlsec-notes-compiling.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-overview.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-compiling.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<div class="CHAPTER">
+<h1>
+<a name="XMLSEC-NOTES-STRUCTURE"></a>XML Security Library Structure.</h1>
+<p>In order to provide the an ability to use different crypto engines,
+ the XML Security Library is splitted in two parts: core library (xmlsec)
+ and crypto library (xmlsec-openssl, xmlsec-mscrypt, xmlsec-gnutls,
+ xmlsec-gcrypt, xmlsec-nss, ...).
+ </p>
+<div class="FIGURE">
+<a name="AEN28"></a><p><b>Figure 1. The library structure and dependencies.</b></p>
+<p><img src="images/structure.png" align="CENTER"></p>
+</div>
+ <p>The core library has no dependency on any crypto library and provides
+ implementation of all the engines as well as support for all the non
+ crypto transforms (xml parser, c14n transforms, xpath and xslt
+ transforms,...). The XML Security Crypto library provides
+ implementations for crypto transforms, crypto keys data and key
+ data stores. Application is linked with particular XML Security
+ Crypto library (or even libraries), but the actual application
+ code might be general enough so switching crypto engine would be
+ a matter of changing several #include directives.</p>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-overview.html"><b>&lt;&lt;&lt; Overview.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-compiling.html"><b>Building the application with XML Security Library. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-templates.html b/docs/api/xmlsec-notes-templates.html
new file mode 100644
index 00000000..63171afb
--- /dev/null
+++ b/docs/api/xmlsec-notes-templates.html
@@ -0,0 +1,114 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Creating dynamic templates.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library Tutorial" href="xmlsec-notes.html">
+<link rel="PREVIOUS" title="Encrypting data." href="xmlsec-notes-encrypt.html">
+<link rel="NEXT" title="Creating dynamic signature templates." href="xmlsec-notes-dynamic-signature-templates.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-encrypt.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-dynamic-signature-templates.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<div class="CHAPTER">
+<h1>
+<a name="XMLSEC-NOTES-TEMPLATES"></a>Creating dynamic templates.</h1>
+<div class="TOC"><dl>
+<dt><b>Table of Contents</b></dt>
+<dt><a href="xmlsec-notes-templates.html#XMLSEC-NOTES-TEMPLATES-OVERVIEW">Overview.</a></dt>
+<dt><a href="xmlsec-notes-dynamic-signature-templates.html">Creating dynamic signature templates.</a></dt>
+<dt><a href="xmlsec-notes-dynamic-encryption-templates.html">Creating dynamic encryption templates.</a></dt>
+</dl></div>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-NOTES-TEMPLATES-OVERVIEW">Overview.</a></h1>
+<p>The XML Security Library uses templates to describe
+ how and what data should be signed or encrypted. The template
+ is a regular XML file. You can create templates in advance
+ using your favorite XML files editor, load them from a file
+ and use for creating signature or encrypting data. You can
+ also create templates dynamicaly. The XML Security Library
+ provides helper functions to quickly create dynamic templates
+ inside your application.</p>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-encrypt.html"><b>&lt;&lt;&lt; Encrypting data.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-dynamic-signature-templates.html"><b>Creating dynamic signature templates. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-transforms.html b/docs/api/xmlsec-notes-transforms.html
new file mode 100644
index 00000000..3bda65e1
--- /dev/null
+++ b/docs/api/xmlsec-notes-transforms.html
@@ -0,0 +1,154 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Transforms and transforms chain.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library Tutorial" href="xmlsec-notes.html">
+<link rel="PREVIOUS" title="Verifing document signed with X509 certificates." href="xmlsec-notes-verify-x509.html">
+<link rel="NEXT" title="Using context objects." href="xmlsec-notes-contexts.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-verify-x509.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-contexts.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<div class="CHAPTER">
+<h1>
+<a name="XMLSEC-NOTES-TRANSFORMS"></a>Transforms and transforms chain.</h1>
+<p>XML Digital Signature and XML Encryption standards are
+ very flexible and provide an XML developer many different ways to
+ sign or encrypt any part (or even parts) of an XML document.
+ The key for such great flexibility is the "transforms" model.
+ Transform is defined as a method of pre-processing binary or XML data
+ before calculating digest or signature. XML Security Library extends
+ this definition and names "transform" any operation performed on
+ the data: reading data from an URI, xml parsing, xml transformation,
+ calculation digest, encrypting or decrypting. Each XML Security Library
+ transform provides at least one of the following callbacks:
+ </p>
+<p></p>
+<ul>
+<li><p> <a href="xmlsec-transforms.html#XMLSECTRANSFORMPUSHBINMETHOD">push binary data</a>;
+ </p></li>
+<li><p> <a href="xmlsec-transforms.html#XMLSECTRANSFORMPUSHXMLMETHOD">push xml data</a>;
+ </p></li>
+<li><p> <a href="xmlsec-transforms.html#XMLSECTRANSFORMPOPBINMETHOD">pop binary data</a>;
+ </p></li>
+<li><p> <a href="xmlsec-transforms.html#XMLSECTRANSFORMPOPXMLMETHOD">pop xml data</a>.
+ </p></li>
+</ul>
+<p>One additional <a href="xmlsec-transforms.html#XMLSECTRANSFORMEXECUTEMETHOD">execute</a>
+ callback was added to simplify the development and reduce code size.
+ This callback is used by default
+ implementations of the four external callbacks from the list above.
+ For example, most of the crypto transforms could be implemented by
+ just implementing one "execute" callback and using default push/pop
+ binary data callbacks. However, in some cases using push/pop callbacks
+ directly is more efficient.
+ </p>
+<div class="FIGURE">
+<a name="AEN470"></a><p><b>Figure 1. The XML Security Library transform.</b></p>
+<p><img src="images/transform.png" align="CENTER"></p>
+</div>
+<p>XML Security Library constructs transforms chain according to the
+ signature/encryption template or signed/encrypted document.
+ If necessary, XML Security Library inserts XML parser or defaul
+ canonicalization to ensure that the output data type (binary or XML)
+ of previous transform matches the input of the next transform.
+ </p>
+<p>The data are processed by pushing through or poping from the chain
+ depending on the transforms in the chain. For example, then binary
+ data chunk is pushed through a binary-to-binary transform, it
+ processes this chunk and pushes the result to the next transform
+ in the chain.
+ </p>
+<div class="FIGURE">
+<a name="AEN475"></a><p><b>Figure 2. Transforms chain created for &lt;dsig:Reference/&gt; element processing.</b></p>
+<p><img src="images/transforms-chain.png" align="CENTER"></p>
+</div>
+<p> </p>
+<div class="EXAMPLE">
+<a name="AEN479"></a><p><b>Example 1. Walking through transforms chain.</b></p>
+<pre class="PROGRAMLISTING">TODO
+ </pre>
+</div>
+ </div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-verify-x509.html"><b>&lt;&lt;&lt; Verifing document signed with X509 certificates.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-contexts.html"><b>Using context objects. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-verify-decrypt.html b/docs/api/xmlsec-notes-verify-decrypt.html
new file mode 100644
index 00000000..d00a137b
--- /dev/null
+++ b/docs/api/xmlsec-notes-verify-decrypt.html
@@ -0,0 +1,120 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Verifing and decrypting documents.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library Tutorial" href="xmlsec-notes.html">
+<link rel="PREVIOUS" title="Creating dynamic encryption templates." href="xmlsec-notes-dynamic-encryption-templates.html">
+<link rel="NEXT" title="Verifying a signed document" href="xmlsec-notes-verify.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-dynamic-encryption-templates.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-verify.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<div class="CHAPTER">
+<h1>
+<a name="XMLSEC-NOTES-VERIFY-DECRYPT"></a>Verifing and decrypting documents.</h1>
+<div class="TOC"><dl>
+<dt><b>Table of Contents</b></dt>
+<dt><a href="xmlsec-notes-verify-decrypt.html#XMLSEC-NOTES-VERIFY-DECRYPT-OVERVIEW">Overview.</a></dt>
+<dt><a href="xmlsec-notes-verify.html">Verifying a signed document</a></dt>
+<dt><a href="xmlsec-notes-decrypt.html">Decrypting an encrypted document</a></dt>
+</dl></div>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-NOTES-VERIFY-DECRYPT-OVERVIEW">Overview.</a></h1>
+<p>Since the template is just an XML file, it might be created in advance
+ and saved in a file. It's also possible for application to create
+ templates without using XML Security Library functions. Also in some
+ cases template should be inserted in the signed or encrypted data
+ (for example, if you want to create an enveloped or enveloping
+ signature).</p>
+<p>Signature verification and data decryption do not require template
+ because all the necessary information is provided in the signed or
+ encrypted document.
+ </p>
+<div class="FIGURE">
+<a name="AEN271"></a><p><b>Figure 1. The verification or decryption processing model.</b></p>
+<p><img src="images/verif-dec-model.png" align="CENTER"></p>
+</div>
+ </div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-dynamic-encryption-templates.html"><b>&lt;&lt;&lt; Creating dynamic encryption templates.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-verify.html"><b>Verifying a signed document &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-verify-x509.html b/docs/api/xmlsec-notes-verify-x509.html
new file mode 100644
index 00000000..9e8c87d9
--- /dev/null
+++ b/docs/api/xmlsec-notes-verify-x509.html
@@ -0,0 +1,180 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Verifing document signed with X509 certificates.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Using X509 Certificates." href="xmlsec-notes-x509.html">
+<link rel="PREVIOUS" title="Signing data with X509 certificate." href="xmlsec-notes-sign-x509.html">
+<link rel="NEXT" title="Transforms and transforms chain." href="xmlsec-notes-transforms.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-sign-x509.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes-x509.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-transforms.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-NOTES-VERIFY-X509">Verifing document signed with X509 certificates.</a></h1>
+<p> If the document is signed with an X509 certificate then the signature
+ verification consist of two steps:
+ </p>
+<p></p>
+<ul>
+<li><p>Creating and verifing X509 certificates chain.
+ </p></li>
+<li><p>Verifing signature itself using key exrtacted from
+ a certificate verified on previous step.
+ </p></li>
+</ul>
+ Certificates chain is constructed from certificates in a way that
+ each certificate in the chain is signed with previous one:
+ <div class="FIGURE">
+<a name="AEN442"></a><p><b>Figure 1. Certificates chain.</b></p>
+<pre class="PROGRAMLISTING">Certificate A (signed with B) &lt;- Certificate B (signed with C) &lt;- ... &lt;- Root Certificate (signed by itself)
+ </pre>
+</div>
+ At the end of the chain there is a "Root Certificate" which
+ is signed by itself. There is no way to verify the validity of the
+ root certificate and application have to "trust" it
+ (another name for root certificates is "trusted" certificates).
+ <p> Application can use <a href="xmlsec-app.html#XMLSECCRYPTOAPPKEYSMNGRCERTLOAD">xmlSecCryptoAppKeysMngrCertLoad</a>
+ function to load both "trusted" and "un-trusted"
+ certificates. However, the selection of "trusted"
+ certificates is very sensitive process and this function might be
+ not implemented for some crypto engines. In this case, the
+ "trusted" certificates list is loaded during initialization
+ or specified in crypto engine configuration files.
+ Check XML Security Library API reference for more details.
+ </p>
+<div class="EXAMPLE">
+<a name="AEN447"></a><p><b>Example 3. Loading trusted X509 certificate.</b></p>
+<pre class="PROGRAMLISTING">/**
+ * load_trusted_certs:
+ * @files: the list of filenames.
+ * @files_size: the number of filenames in #files.
+ *
+ * Creates simple keys manager and load trusted certificates from PEM #files.
+ * The caller is responsible for destroing returned keys manager using
+ * @xmlSecKeysMngrDestroy.
+ *
+ * Returns the pointer to newly created keys manager or NULL if an error
+ * occurs.
+ */
+xmlSecKeysMngrPtr
+load_trusted_certs(char** files, int files_size) {
+ xmlSecKeysMngrPtr mngr;
+ int i;
+
+ assert(files);
+ assert(files_size &gt; 0);
+
+ /* create and initialize keys manager, we use a simple list based
+ * keys manager, implement your own xmlSecKeysStore klass if you need
+ * something more sophisticated
+ */
+ mngr = xmlSecKeysMngrCreate();
+ if(mngr == NULL) {
+ fprintf(stderr, "Error: failed to create keys manager.\n");
+ return(NULL);
+ }
+ if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) &lt; 0) {
+ fprintf(stderr, "Error: failed to initialize keys manager.\n");
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ for(i = 0; i &lt; files_size; ++i) {
+ assert(files[i]);
+
+ /* load trusted cert */
+ if(xmlSecCryptoAppKeysMngrCertLoad(mngr, files[i], xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) &lt; 0) {
+ fprintf(stderr,"Error: failed to load pem certificate from \"%s\"\n", files[i]);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+ }
+
+ return(mngr);
+}
+ </pre>
+<p><a href="xmlsec-verify-with-x509.html#XMLSEC-EXAMPLE-VERIFY3">Full program listing</a></p>
+</div>
+ </div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-sign-x509.html"><b>&lt;&lt;&lt; Signing data with X509 certificate.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-transforms.html"><b>Transforms and transforms chain. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-verify.html b/docs/api/xmlsec-notes-verify.html
new file mode 100644
index 00000000..05a95fb9
--- /dev/null
+++ b/docs/api/xmlsec-notes-verify.html
@@ -0,0 +1,210 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Verifying a signed document</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Verifing and decrypting documents." href="xmlsec-notes-verify-decrypt.html">
+<link rel="PREVIOUS" title="Verifing and decrypting documents." href="xmlsec-notes-verify-decrypt.html">
+<link rel="NEXT" title="Decrypting an encrypted document" href="xmlsec-notes-decrypt.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-verify-decrypt.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes-verify-decrypt.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-decrypt.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-NOTES-VERIFY">Verifying a signed document</a></h1>
+<p>The typical siganture verification process includes following steps:
+ </p>
+<p></p>
+<ul>
+<li><p> Load keys, X509 certificates, etc. in the <a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR">keys manager</a> .
+ </p></li>
+<li><p> Create signature context <a href="xmlsec-xmldsig.html#XMLSECDSIGCTX">xmlSecDSigCtx</a>
+ using <a href="xmlsec-xmldsig.html#XMLSECDSIGCTXCREATE">xmlSecDSigCtxCreate</a> or
+ <a href="xmlsec-xmldsig.html#XMLSECDSIGCTXINITIALIZE">xmlSecDSigCtxInitialize</a>
+ functions.
+ </p></li>
+<li><p> Select start verification
+ <a href="http://www.w3.org/TR/xmldsig-core/#sec-Signature" target="_top">&lt;dsig:Signature/&gt;</a>
+ node in the signed XML document.
+ </p></li>
+<li><p> Verify signature by calling <a href="xmlsec-xmldsig.html#XMLSECDSIGCTXVERIFY">xmlSecDSigCtxVerify</a>
+ function.
+ </p></li>
+<li><p> Check returned value and verification status (<code class="STRUCTFIELD">status</code>
+ member of <a href="xmlsec-xmldsig.html#XMLSECDSIGCTX">xmlSecDSigCtx</a> structure).
+ If necessary, consume returned data from the <a href="xmlsec-xmldsig.html#XMLSECDSIGCTX">context</a>.
+ </p></li>
+<li><p> Destroy signature context <a href="xmlsec-xmldsig.html#XMLSECDSIGCTX">xmlSecDSigCtx</a>
+ using <a href="xmlsec-xmldsig.html#XMLSECDSIGCTXDESTROY">xmlSecDSigCtxDestroy</a> or
+ <a href="xmlsec-xmldsig.html#XMLSECDSIGCTXFINALIZE">xmlSecDSigCtxFinalize</a>
+ functions.
+ </p></li>
+</ul>
+<p> </p>
+<div class="EXAMPLE">
+<a name="AEN303"></a><p><b>Example 1. Verifying a document.</b></p>
+<pre class="PROGRAMLISTING">/**
+ * verify_file:
+ * @xml_file: the signed XML file name.
+ * @key_file: the PEM public key file name.
+ *
+ * Verifies XML signature in #xml_file using public key from #key_file.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+verify_file(const char* xml_file, const char* key_file) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr node = NULL;
+ xmlSecDSigCtxPtr dsigCtx = NULL;
+ int res = -1;
+
+ assert(xml_file);
+ assert(key_file);
+
+ /* load file */
+ doc = xmlParseFile(xml_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* find start node */
+ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
+ if(node == NULL) {
+ fprintf(stderr, "Error: start node not found in \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* create signature context, we don't need keys manager in this example */
+ dsigCtx = xmlSecDSigCtxCreate(NULL);
+ if(dsigCtx == NULL) {
+ fprintf(stderr,"Error: failed to create signature context\n");
+ goto done;
+ }
+
+ /* load public key */
+ dsigCtx-&gt;signKey = xmlSecCryptoAppKeyLoad(key_file,xmlSecKeyDataFormatPem, NULL, NULL, NULL);
+ if(dsigCtx-&gt;signKey == NULL) {
+ fprintf(stderr,"Error: failed to load public pem key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(dsigCtx-&gt;signKey, key_file) &lt; 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* Verify signature */
+ if(xmlSecDSigCtxVerify(dsigCtx, node) &lt; 0) {
+ fprintf(stderr,"Error: signature verify\n");
+ goto done;
+ }
+
+ /* print verification result to stdout */
+ if(dsigCtx-&gt;status == xmlSecDSigStatusSucceeded) {
+ fprintf(stdout, "Signature is OK\n");
+ } else {
+ fprintf(stdout, "Signature is INVALID\n");
+ }
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(dsigCtx != NULL) {
+ xmlSecDSigCtxDestroy(dsigCtx);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+ </pre>
+<p><a href="xmlsec-verify-with-key.html#XMLSEC-EXAMPLE-VERIFY1">Full Program Listing</a></p>
+</div>
+ </div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-verify-decrypt.html"><b>&lt;&lt;&lt; Verifing and decrypting documents.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-decrypt.html"><b>Decrypting an encrypted document &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes-x509.html b/docs/api/xmlsec-notes-x509.html
new file mode 100644
index 00000000..8ad0e3e8
--- /dev/null
+++ b/docs/api/xmlsec-notes-x509.html
@@ -0,0 +1,114 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Using X509 Certificates.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library Tutorial" href="xmlsec-notes.html">
+<link rel="PREVIOUS" title="Implementing a custom keys store." href="xmlsec-notes-custom-keys-store.html">
+<link rel="NEXT" title="Signing data with X509 certificate." href="xmlsec-notes-sign-x509.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-notes-custom-keys-store.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-sign-x509.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<div class="CHAPTER">
+<h1>
+<a name="XMLSEC-NOTES-X509"></a>Using X509 Certificates.</h1>
+<div class="TOC"><dl>
+<dt><b>Table of Contents</b></dt>
+<dt><a href="xmlsec-notes-x509.html#XMLSEC-NOTES-X509-OVERVIEW">Overview.</a></dt>
+<dt><a href="xmlsec-notes-sign-x509.html">Signing data with X509 certificate.</a></dt>
+<dt><a href="xmlsec-notes-verify-x509.html">Verifing document signed with X509 certificates.</a></dt>
+</dl></div>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-NOTES-X509-OVERVIEW">Overview.</a></h1>
+<p>X509 certificate is one of many possible keys data object that can be
+ associated with a key. Application may read and write X509 data
+ from/to XML file. The X509 certificates management policies significantly
+ vary from one crypto library to another. The examples in this chapter
+ were tested with OpenSSL and they might be broken if anither crypto
+ engine is used. Check API reference documentation for more specific
+ information about your crypto engine.
+ </p>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-notes-custom-keys-store.html"><b>&lt;&lt;&lt; Implementing a custom keys store.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-sign-x509.html"><b>Signing data with X509 certificate. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-notes.html b/docs/api/xmlsec-notes.html
new file mode 100644
index 00000000..8301f51b
--- /dev/null
+++ b/docs/api/xmlsec-notes.html
@@ -0,0 +1,115 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>XML Security Library Tutorial</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="PREVIOUS" title="XML Security Library Reference Manual" href="index.html">
+<link rel="NEXT" title="Overview." href="xmlsec-notes-overview.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="index.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-notes-overview.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<div class="PART">
+<a name="XMLSEC-NOTES"></a><div class="TITLEPAGE">
+<h1 class="TITLE">I. XML Security Library Tutorial</h1>
+<div class="TOC"><dl>
+<dt><b>Table of Contents</b></dt>
+<dt><a href="xmlsec-notes-overview.html">Overview.</a></dt>
+<dt><a href="xmlsec-notes-structure.html">XML Security Library Structure.</a></dt>
+<dt><a href="xmlsec-notes-compiling.html">Building the application with XML Security Library.</a></dt>
+<dt><a href="xmlsec-notes-init-shutdown.html">Initialization and shutdown.</a></dt>
+<dt><a href="xmlsec-notes-sign-encrypt.html">Signing and encrypting documents.</a></dt>
+<dt><a href="xmlsec-notes-templates.html">Creating dynamic templates.</a></dt>
+<dt><a href="xmlsec-notes-verify-decrypt.html">Verifing and decrypting documents.</a></dt>
+<dt><a href="xmlsec-notes-keys.html">Keys.</a></dt>
+<dt><a href="xmlsec-notes-keysmngr.html">Keys manager.</a></dt>
+<dt><a href="xmlsec-notes-x509.html">Using X509 Certificates.</a></dt>
+<dt><a href="xmlsec-notes-transforms.html">Transforms and transforms chain.</a></dt>
+<dt><a href="xmlsec-notes-contexts.html">Using context objects.</a></dt>
+<dt><a href="xmlsec-notes-new-crypto.html">Adding support for new cryptographic library.</a></dt>
+<dt><a href="xmlsec-examples.html">Examples.</a></dt>
+<dt><a href="xmlsec-signature-klasses.html">APPENDIX A. XML Security Library Signature Klasses.</a></dt>
+<dt><a href="xmlsec-encryption-klasses.html">APPENDIX B. XML Security Library Encryption Klasses.</a></dt>
+</dl></div>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="index.html"><b>&lt;&lt;&lt; XML Security Library Reference Manual</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-notes-overview.html"><b>Overview. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-nss-app.html b/docs/api/xmlsec-nss-app.html
new file mode 100644
index 00000000..769bfa7e
--- /dev/null
+++ b/docs/api/xmlsec-nss-app.html
@@ -0,0 +1,740 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>app</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library for NSS API Reference." href="xmlsec-nss-ref.html">
+<link rel="PREVIOUS" title="XML Security Library for NSS API Reference." href="xmlsec-nss-ref.html">
+<link rel="NEXT" title="bignum" href="xmlsec-nss-bignum.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-nss-ref.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-nss-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-nss-bignum.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-NSS-APP"></a>app</h1>
+<div class="REFNAMEDIV">
+<a name="AEN34441"></a><h2>Name</h2>app -- Application functions implementation for NSS.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-NSS-APP.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-nss-app.html#XMLSECNSSAPPINIT">xmlSecNssAppInit</a> (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *config</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-nss-app.html#XMLSECNSSAPPSHUTDOWN">xmlSecNssAppShutdown</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-nss-app.html#XMLSECNSSAPPDEFAULTKEYSMNGRINIT">xmlSecNssAppDefaultKeysMngrInit</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-nss-app.html#XMLSECNSSAPPDEFAULTKEYSMNGRADOPTKEY">xmlSecNssAppDefaultKeysMngrAdoptKey</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-nss-app.html#XMLSECNSSAPPDEFAULTKEYSMNGRLOAD">xmlSecNssAppDefaultKeysMngrLoad</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *uri</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-nss-app.html#XMLSECNSSAPPDEFAULTKEYSMNGRSAVE">xmlSecNssAppDefaultKeysMngrSave</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-nss-app.html#XMLSECNSSAPPKEYSMNGRCERTLOAD">xmlSecNssAppKeysMngrCertLoad</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-nss-app.html#XMLSECNSSAPPKEYSMNGRCERTLOADMEMORY">xmlSecNssAppKeysMngrCertLoadMemory</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-nss-app.html#XMLSECNSSAPPKEYSMNGRCERTLOADSECITEM">xmlSecNssAppKeysMngrCertLoadSECItem</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER"><gtkdoclink href="SECITEM"><span class="TYPE">SECItem</span></gtkdoclink> *secItem</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-nss-app.html#XMLSECNSSAPPKEYLOAD">xmlSecNssAppKeyLoad</a> (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-nss-app.html#XMLSECNSSAPPKEYLOADMEMORY">xmlSecNssAppKeyLoadMemory</a> (<code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-nss-app.html#XMLSECNSSAPPKEYLOADSECITEM">xmlSecNssAppKeyLoadSECItem</a> (<code class="PARAMETER"><gtkdoclink href="SECITEM"><span class="TYPE">SECItem</span></gtkdoclink> *secItem</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-nss-app.html#XMLSECNSSAPPPKCS12LOAD">xmlSecNssAppPkcs12Load</a> (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-nss-app.html#XMLSECNSSAPPPKCS12LOADMEMORY">xmlSecNssAppPkcs12LoadMemory</a> (<code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-nss-app.html#XMLSECNSSAPPPKCS12LOADSECITEM">xmlSecNssAppPkcs12LoadSECItem</a> (<code class="PARAMETER"><gtkdoclink href="SECITEM"><span class="TYPE">SECItem</span></gtkdoclink> *secItem</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-nss-app.html#XMLSECNSSAPPKEYCERTLOAD">xmlSecNssAppKeyCertLoad</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-nss-app.html#XMLSECNSSAPPKEYCERTLOADMEMORY">xmlSecNssAppKeyCertLoadMemory</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-nss-app.html#XMLSECNSSAPPKEYCERTLOADSECITEM">xmlSecNssAppKeyCertLoadSECItem</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><gtkdoclink href="SECITEM"><span class="TYPE">SECItem</span></gtkdoclink> *secItem</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>);
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-nss-app.html#XMLSECNSSAPPKEYFROMCERTLOADSECITEM">xmlSecNssAppKeyFromCertLoadSECItem</a> (<code class="PARAMETER"><gtkdoclink href="SECITEM"><span class="TYPE">SECItem</span></gtkdoclink> *secItem</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink>* <a href="xmlsec-nss-app.html#XMLSECNSSAPPGETDEFAULTPWDCALLBACK">xmlSecNssAppGetDefaultPwdCallback</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-NSS-APP.DESCRIPTION"></a><h2>Description</h2>
+<p>Application functions implementation for NSS.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-NSS-APP.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECNSSAPPINIT"></a><h3>xmlSecNssAppInit ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecNssAppInit (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *config</code>);</pre>
+<p>General crypto engine initialization. This function is used
+by XMLSec command line utility and called before
+<code class="PARAMETER">xmlSecInit</code> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34718"><span style="white-space: nowrap"><code class="PARAMETER">config</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the path to NSS database files.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34723"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSAPPSHUTDOWN"></a><h3>xmlSecNssAppShutdown ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecNssAppShutdown (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>General crypto engine shutdown. This function is used
+by XMLSec command line utility and called after
+<code class="PARAMETER">xmlSecShutdown</code> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN34740"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSAPPDEFAULTKEYSMNGRINIT"></a><h3>xmlSecNssAppDefaultKeysMngrInit ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecNssAppDefaultKeysMngrInit (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>);</pre>
+<p>Initializes <code class="PARAMETER">mngr</code> with NSS keys store <a href="xmlsec-nss-keysstore.html#XMLSECNSSKEYSSTOREID"><span class="TYPE">xmlSecNssKeysStoreId</span></a>
+and a default NSS crypto key data stores.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34760"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34765"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSAPPDEFAULTKEYSMNGRADOPTKEY"></a><h3>xmlSecNssAppDefaultKeysMngrAdoptKey ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecNssAppDefaultKeysMngrAdoptKey (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);</pre>
+<p>Adds <code class="PARAMETER">key</code> to the keys manager <code class="PARAMETER">mngr</code> created with <a href="xmlsec-nss-app.html#XMLSECNSSAPPDEFAULTKEYSMNGRINIT"><span class="TYPE">xmlSecNssAppDefaultKeysMngrInit</span></a>
+function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34789"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34794"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34799"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSAPPDEFAULTKEYSMNGRLOAD"></a><h3>xmlSecNssAppDefaultKeysMngrLoad ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecNssAppDefaultKeysMngrLoad (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *uri</code>);</pre>
+<p>Loads XML keys file from <code class="PARAMETER">uri</code> to the keys manager <code class="PARAMETER">mngr</code> created
+with <a href="xmlsec-nss-app.html#XMLSECNSSAPPDEFAULTKEYSMNGRINIT"><span class="TYPE">xmlSecNssAppDefaultKeysMngrInit</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34823"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34828"><span style="white-space: nowrap"><code class="PARAMETER">uri</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the uri.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34833"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSAPPDEFAULTKEYSMNGRSAVE"></a><h3>xmlSecNssAppDefaultKeysMngrSave ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecNssAppDefaultKeysMngrSave (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);</pre>
+<p>Saves keys from <code class="PARAMETER">mngr</code> to XML keys file.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34857"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34862"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the destination filename.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34867"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the type of keys to save (public/private/symmetric).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34872"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSAPPKEYSMNGRCERTLOAD"></a><h3>xmlSecNssAppKeysMngrCertLoad ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecNssAppKeysMngrCertLoad (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);</pre>
+<p>Reads cert from <code class="PARAMETER">filename</code> and adds to the list of trusted or known
+untrusted certs in <code class="PARAMETER">store</code></p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34900"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34905"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate file.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34910"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate file format (PEM or DER).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34915"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate type (trusted/untrusted).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34920"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSAPPKEYSMNGRCERTLOADMEMORY"></a><h3>xmlSecNssAppKeysMngrCertLoadMemory ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecNssAppKeysMngrCertLoadMemory (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);</pre>
+<p>Reads cert from <code class="PARAMETER">data</code> and adds to the list of trusted or known
+untrusted certs in <code class="PARAMETER">store</code></p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34951"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34956"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key binary data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34961"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key binary data size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34966"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate format (PEM or DER).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34971"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate type (trusted/untrusted).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN34976"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSAPPKEYSMNGRCERTLOADSECITEM"></a><h3>xmlSecNssAppKeysMngrCertLoadSECItem ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecNssAppKeysMngrCertLoadSECItem (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER"><gtkdoclink href="SECITEM"><span class="TYPE">SECItem</span></gtkdoclink> *secItem</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);</pre>
+<p>Reads cert from <code class="PARAMETER">secItem</code> and adds to the list of trusted or known
+untrusted certs in <code class="PARAMETER">store</code></p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35004"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35009"><span style="white-space: nowrap"><code class="PARAMETER">secItem</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to SECItem.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35014"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate format (PEM or DER).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35019"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate type (trusted/untrusted).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35024"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSAPPKEYLOAD"></a><h3>xmlSecNssAppKeyLoad ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecNssAppKeyLoad (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);</pre>
+<p>Reads key from a file</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35053"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key filename.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35058"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key file format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35063"><span style="white-space: nowrap"><code class="PARAMETER">pwd</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key file password.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35068"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallback</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35073"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallbackCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the user context for password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35078"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSAPPKEYLOADMEMORY"></a><h3>xmlSecNssAppKeyLoadMemory ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecNssAppKeyLoadMemory (<code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);</pre>
+<p>Reads key from a binary <code class="PARAMETER">data</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35111"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key binary data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35116"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key binary data size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35121"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key data format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35126"><span style="white-space: nowrap"><code class="PARAMETER">pwd</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key data2 password.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35131"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallback</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35136"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallbackCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the user context for password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35141"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSAPPKEYLOADSECITEM"></a><h3>xmlSecNssAppKeyLoadSECItem ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecNssAppKeyLoadSECItem (<code class="PARAMETER"><gtkdoclink href="SECITEM"><span class="TYPE">SECItem</span></gtkdoclink> *secItem</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);</pre>
+<p>Reads key from a file</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35170"><span style="white-space: nowrap"><code class="PARAMETER">secItem</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to sec item.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35175"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35180"><span style="white-space: nowrap"><code class="PARAMETER">pwd</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key password.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35185"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallback</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35190"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallbackCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the user context for password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35195"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSAPPPKCS12LOAD"></a><h3>xmlSecNssAppPkcs12Load ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecNssAppPkcs12Load (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);</pre>
+<p>Reads key and all associated certificates from the PKCS12 file.
+For uniformity, call xmlSecNssAppKeyLoad instead of this function. Pass
+in format=xmlSecKeyDataFormatPkcs12.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35221"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the PKCS12 key filename.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35226"><span style="white-space: nowrap"><code class="PARAMETER">pwd</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the PKCS12 file password.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35231"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallback</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35236"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallbackCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the user context for password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35241"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSAPPPKCS12LOADMEMORY"></a><h3>xmlSecNssAppPkcs12LoadMemory ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecNssAppPkcs12LoadMemory (<code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);</pre>
+<p>Reads key and all associated certificates from the PKCS12 binary data.
+For uniformity, call xmlSecNssAppKeyLoad instead of this function. Pass
+in format=xmlSecKeyDataFormatPkcs12.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35270"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key binary data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35275"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key binary data size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35280"><span style="white-space: nowrap"><code class="PARAMETER">pwd</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the PKCS12 password.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35285"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallback</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35290"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallbackCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the user context for password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35295"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSAPPPKCS12LOADSECITEM"></a><h3>xmlSecNssAppPkcs12LoadSECItem ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecNssAppPkcs12LoadSECItem (<code class="PARAMETER"><gtkdoclink href="SECITEM"><span class="TYPE">SECItem</span></gtkdoclink> *secItem</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);</pre>
+<p>Reads key and all associated certificates from the PKCS12 SECItem.
+For uniformity, call xmlSecNssAppKeyLoad instead of this function. Pass
+in format=xmlSecKeyDataFormatPkcs12.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35321"><span style="white-space: nowrap"><code class="PARAMETER">secItem</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the <code class="PARAMETER">SECItem</code> object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35327"><span style="white-space: nowrap"><code class="PARAMETER">pwd</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the PKCS12 file password.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35332"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallback</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35337"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallbackCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the user context for password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35342"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSAPPKEYCERTLOAD"></a><h3>xmlSecNssAppKeyCertLoad ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecNssAppKeyCertLoad (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>);</pre>
+<p>Reads the certificate from $<code class="PARAMETER">filename</code> and adds it to key</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35366"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35371"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate filename.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35376"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate file format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35381"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSAPPKEYCERTLOADMEMORY"></a><h3>xmlSecNssAppKeyCertLoadMemory ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecNssAppKeyCertLoadMemory (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>);</pre>
+<p>Reads the certificate from <code class="PARAMETER">data</code> and adds it to key</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35408"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35413"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key binary data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35418"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key binary data size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35423"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35428"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSAPPKEYCERTLOADSECITEM"></a><h3>xmlSecNssAppKeyCertLoadSECItem ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecNssAppKeyCertLoadSECItem (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><gtkdoclink href="SECITEM"><span class="TYPE">SECItem</span></gtkdoclink> *secItem</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>);</pre>
+<p>Reads the certificate from <code class="PARAMETER">secItem</code> and adds it to key</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35452"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35457"><span style="white-space: nowrap"><code class="PARAMETER">secItem</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to SECItem.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35462"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35467"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSAPPKEYFROMCERTLOADSECITEM"></a><h3>xmlSecNssAppKeyFromCertLoadSECItem ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecNssAppKeyFromCertLoadSECItem (<code class="PARAMETER"><gtkdoclink href="SECITEM"><span class="TYPE">SECItem</span></gtkdoclink> *secItem</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>);</pre>
+<p>Loads public key from cert.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35487"><span style="white-space: nowrap"><code class="PARAMETER">secItem</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the <code class="PARAMETER">SECItem</code> object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35493"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the cert format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35498"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSAPPGETDEFAULTPWDCALLBACK"></a><h3>xmlSecNssAppGetDefaultPwdCallback ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink>* xmlSecNssAppGetDefaultPwdCallback (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Gets default password callback.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN35514"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> default password callback.</p></td>
+</tr></tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-nss-ref.html"><b>&lt;&lt;&lt; XML Security Library for NSS API Reference.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-nss-bignum.html"><b>bignum &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-nss-bignum.html b/docs/api/xmlsec-nss-bignum.html
new file mode 100644
index 00000000..a092a03c
--- /dev/null
+++ b/docs/api/xmlsec-nss-bignum.html
@@ -0,0 +1,176 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>bignum</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library for NSS API Reference." href="xmlsec-nss-ref.html">
+<link rel="PREVIOUS" title="app" href="xmlsec-nss-app.html">
+<link rel="NEXT" title="crypto" href="xmlsec-nss-crypto.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-nss-app.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-nss-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-nss-crypto.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-NSS-BIGNUM"></a>bignum</h1>
+<div class="REFNAMEDIV">
+<a name="AEN35524"></a><h2>Name</h2>bignum -- Big numbers helper functions.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-NSS-BIGNUM.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS"><gtkdoclink href="SECITEM"><span class="RETURNVALUE">SECItem</span></gtkdoclink>* <a href="xmlsec-nss-bignum.html#XMLSECNSSNODEGETBIGNUMVALUE">xmlSecNssNodeGetBigNumValue</a> (<code class="PARAMETER"><gtkdoclink href="PRARENAPOOL"><span class="TYPE">PRArenaPool</span></gtkdoclink> *arena</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> cur</code>,
+ <code class="PARAMETER"><gtkdoclink href="SECITEM"><span class="TYPE">SECItem</span></gtkdoclink> *a</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-nss-bignum.html#XMLSECNSSNODESETBIGNUMVALUE">xmlSecNssNodeSetBigNumValue</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> cur</code>,
+ <code class="PARAMETER">const <gtkdoclink href="SECITEM"><span class="TYPE">SECItem</span></gtkdoclink> *a</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> addLineBreaks</code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-NSS-BIGNUM.DESCRIPTION"></a><h2>Description</h2>
+<p>Big numbers helper functions.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-NSS-BIGNUM.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECNSSNODEGETBIGNUMVALUE"></a><h3>xmlSecNssNodeGetBigNumValue ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="SECITEM"><span class="RETURNVALUE">SECItem</span></gtkdoclink>* xmlSecNssNodeGetBigNumValue (<code class="PARAMETER"><gtkdoclink href="PRARENAPOOL"><span class="TYPE">PRArenaPool</span></gtkdoclink> *arena</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> cur</code>,
+ <code class="PARAMETER"><gtkdoclink href="SECITEM"><span class="TYPE">SECItem</span></gtkdoclink> *a</code>);</pre>
+<p>Converts the node content from CryptoBinary format
+(http://www.w3.org/TR/xmldsig-core/<gtkdoclink href="SEC-CRYPTOBINARY"><span class="TYPE">sec-CryptoBinary</span></gtkdoclink>)
+to a SECItem. If no SECItem object provided then a new
+one is created (caller is responsible for freeing it).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35579"><span style="white-space: nowrap"><code class="PARAMETER">arena</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the arena from which to allocate memory</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35584"><span style="white-space: nowrap"><code class="PARAMETER">cur</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the poitner to an XML node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35589"><span style="white-space: nowrap"><code class="PARAMETER">a</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>a SECItem object to hold the BigNum value</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35594"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> a pointer to SECItem produced from CryptoBinary string
+or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSNODESETBIGNUMVALUE"></a><h3>xmlSecNssNodeSetBigNumValue ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecNssNodeSetBigNumValue (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> cur</code>,
+ <code class="PARAMETER">const <gtkdoclink href="SECITEM"><span class="TYPE">SECItem</span></gtkdoclink> *a</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> addLineBreaks</code>);</pre>
+<p>Converts SECItem to CryptoBinary string
+(http://www.w3.org/TR/xmldsig-core/<gtkdoclink href="SEC-CRYPTOBINARY"><span class="TYPE">sec-CryptoBinary</span></gtkdoclink>)
+and sets it as the content of the given node. If the
+addLineBreaks is set then line breaks are added
+before and after the CryptoBinary string.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35619"><span style="white-space: nowrap"><code class="PARAMETER">cur</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to an XML node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35624"><span style="white-space: nowrap"><code class="PARAMETER">a</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>a SECItem containing the BigNum value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35629"><span style="white-space: nowrap"><code class="PARAMETER">addLineBreaks</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>if the flag is equal to 1 then
+ linebreaks will be added before and after
+ new buffer content.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN35634"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or -1 otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-nss-app.html"><b>&lt;&lt;&lt; app</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-nss-crypto.html"><b>crypto &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-nss-crypto.html b/docs/api/xmlsec-nss-crypto.html
new file mode 100644
index 00000000..02522a00
--- /dev/null
+++ b/docs/api/xmlsec-nss-crypto.html
@@ -0,0 +1,978 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>crypto</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library for NSS API Reference." href="xmlsec-nss-ref.html">
+<link rel="PREVIOUS" title="bignum" href="xmlsec-nss-bignum.html">
+<link rel="NEXT" title="keysstore" href="xmlsec-nss-keysstore.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-nss-bignum.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-nss-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-nss-keysstore.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-NSS-CRYPTO"></a>crypto</h1>
+<div class="REFNAMEDIV">
+<a name="AEN35644"></a><h2>Name</h2>crypto -- Crypto transforms implementation for NSS.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-NSS-CRYPTO.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS"><gtkdoclink href="XMLSECCRYPTODLFUNCTIONS"><span class="RETURNVALUE">xmlSecCryptoDLFunctionsPtr</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECCRYPTOGETFUNCTIONS-NSS">xmlSecCryptoGetFunctions_nss</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSINIT">xmlSecNssInit</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSSHUTDOWN">xmlSecNssShutdown</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSKEYSMNGRINIT">xmlSecNssKeysMngrInit</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSGENERATERANDOM">xmlSecNssGenerateRandom</a> (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buffer</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSERRORSDEFAULTCALLBACK">xmlSecNssErrorsDefaultCallback</a> (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *file</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> line</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *func</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *errorObject</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *errorSubject</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> reason</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *msg</code>);
+<gtkdoclink href="PK11SLOTINFO"><span class="RETURNVALUE">PK11SlotInfo</span></gtkdoclink> * <a href="xmlsec-nss-crypto.html#XMLSECNSSGETINTERNALKEYSLOT">xmlSecNssGetInternalKeySlot</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-nss-crypto.html#XMLSECNSSKEYDATAAESID">xmlSecNssKeyDataAesId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSKEYDATAAESGETKLASS">xmlSecNssKeyDataAesGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSKEYDATAAESSET">xmlSecNssKeyDataAesSet</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>);
+#define <a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMAES128CBCID">xmlSecNssTransformAes128CbcId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMAES128CBCGETKLASS">xmlSecNssTransformAes128CbcGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMAES192CBCID">xmlSecNssTransformAes192CbcId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMAES192CBCGETKLASS">xmlSecNssTransformAes192CbcGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMAES256CBCID">xmlSecNssTransformAes256CbcId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMAES256CBCGETKLASS">xmlSecNssTransformAes256CbcGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMKWAES128ID">xmlSecNssTransformKWAes128Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMKWAES128GETKLASS">xmlSecNssTransformKWAes128GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMKWAES192ID">xmlSecNssTransformKWAes192Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMKWAES192GETKLASS">xmlSecNssTransformKWAes192GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMKWAES256ID">xmlSecNssTransformKWAes256Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMKWAES256GETKLASS">xmlSecNssTransformKWAes256GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-nss-crypto.html#XMLSECNSSKEYDATADESID">xmlSecNssKeyDataDesId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSKEYDATADESGETKLASS">xmlSecNssKeyDataDesGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSKEYDATADESSET">xmlSecNssKeyDataDesSet</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>);
+#define <a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMDES3CBCID">xmlSecNssTransformDes3CbcId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMDES3CBCGETKLASS">xmlSecNssTransformDes3CbcGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMKWDES3ID">xmlSecNssTransformKWDes3Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMKWDES3GETKLASS">xmlSecNssTransformKWDes3GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-nss-crypto.html#XMLSECNSSKEYDATADSAID">xmlSecNssKeyDataDsaId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSKEYDATADSAGETKLASS">xmlSecNssKeyDataDsaGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMDSASHA1ID">xmlSecNssTransformDsaSha1Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMDSASHA1GETKLASS">xmlSecNssTransformDsaSha1GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSHMACGETMINOUTPUTLENGTH">xmlSecNssHmacGetMinOutputLength</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSHMACSETMINOUTPUTLENGTH">xmlSecNssHmacSetMinOutputLength</a> (<code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> min_length</code>);
+#define <a href="xmlsec-nss-crypto.html#XMLSECNSSKEYDATAHMACID">xmlSecNssKeyDataHmacId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSKEYDATAHMACGETKLASS">xmlSecNssKeyDataHmacGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSKEYDATAHMACSET">xmlSecNssKeyDataHmacSet</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>);
+#define <a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMHMACMD5ID">xmlSecNssTransformHmacMd5Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMHMACMD5GETKLASS">xmlSecNssTransformHmacMd5GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMHMACRIPEMD160ID">xmlSecNssTransformHmacRipemd160Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMHMACRIPEMD160GETKLASS">xmlSecNssTransformHmacRipemd160GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMHMACSHA1ID">xmlSecNssTransformHmacSha1Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMHMACSHA1GETKLASS">xmlSecNssTransformHmacSha1GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMHMACSHA256ID">xmlSecNssTransformHmacSha256Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMHMACSHA256GETKLASS">xmlSecNssTransformHmacSha256GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMHMACSHA384ID">xmlSecNssTransformHmacSha384Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMHMACSHA384GETKLASS">xmlSecNssTransformHmacSha384GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMHMACSHA512ID">xmlSecNssTransformHmacSha512Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMHMACSHA512GETKLASS">xmlSecNssTransformHmacSha512GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-nss-crypto.html#XMLSECNSSKEYDATARSAID">xmlSecNssKeyDataRsaId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSKEYDATARSAGETKLASS">xmlSecNssKeyDataRsaGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMRSAMD5ID">xmlSecNssTransformRsaMd5Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMRSAMD5GETKLASS">xmlSecNssTransformRsaMd5GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMRSASHA1ID">xmlSecNssTransformRsaSha1Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMRSASHA1GETKLASS">xmlSecNssTransformRsaSha1GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMRSASHA256ID">xmlSecNssTransformRsaSha256Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMRSASHA256GETKLASS">xmlSecNssTransformRsaSha256GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMRSASHA384ID">xmlSecNssTransformRsaSha384Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMRSASHA384GETKLASS">xmlSecNssTransformRsaSha384GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMRSASHA512ID">xmlSecNssTransformRsaSha512Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMRSASHA512GETKLASS">xmlSecNssTransformRsaSha512GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMRSAPKCS1ID">xmlSecNssTransformRsaPkcs1Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMRSAPKCS1GETKLASS">xmlSecNssTransformRsaPkcs1GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMRSAOAEPID">xmlSecNssTransformRsaOaepId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMRSAOAEPGETKLASS">xmlSecNssTransformRsaOaepGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMSHA1ID">xmlSecNssTransformSha1Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMSHA1GETKLASS">xmlSecNssTransformSha1GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMSHA256ID">xmlSecNssTransformSha256Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMSHA256GETKLASS">xmlSecNssTransformSha256GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMSHA384ID">xmlSecNssTransformSha384Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMSHA384GETKLASS">xmlSecNssTransformSha384GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMSHA512ID">xmlSecNssTransformSha512Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMSHA512GETKLASS">xmlSecNssTransformSha512GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMMD5ID">xmlSecNssTransformMd5Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-nss-crypto.html#XMLSECNSSTRANSFORMMD5GETKLASS">xmlSecNssTransformMd5GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-NSS-CRYPTO.DESCRIPTION"></a><h2>Description</h2>
+<p>Crypto transforms implementation for NSS.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-NSS-CRYPTO.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECCRYPTOGETFUNCTIONS-NSS"></a><h3>xmlSecCryptoGetFunctions_nss ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECCRYPTODLFUNCTIONS"><span class="RETURNVALUE">xmlSecCryptoDLFunctionsPtr</span></gtkdoclink> xmlSecCryptoGetFunctions_nss
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Gets the pointer to xmlsec-nss functions table.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN35964"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the xmlsec-nss functions table or NULL if an error occurs.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSINIT"></a><h3>xmlSecNssInit ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecNssInit (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>XMLSec library specific crypto engine initialization.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN35980"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSSHUTDOWN"></a><h3>xmlSecNssShutdown ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecNssShutdown (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>XMLSec library specific crypto engine shutdown.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN35996"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSKEYSMNGRINIT"></a><h3>xmlSecNssKeysMngrInit ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecNssKeysMngrInit (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>);</pre>
+<p>Adds NSS specific key data stores in keys manager.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN36013"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN36018"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSGENERATERANDOM"></a><h3>xmlSecNssGenerateRandom ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecNssGenerateRandom (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buffer</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);</pre>
+<p>Generates <code class="PARAMETER">size</code> random bytes and puts result in <code class="PARAMETER">buffer</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN36040"><span style="white-space: nowrap"><code class="PARAMETER">buffer</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the destination buffer.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN36045"><span style="white-space: nowrap"><code class="PARAMETER">size</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the numer of bytes to generate.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN36050"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSERRORSDEFAULTCALLBACK"></a><h3>xmlSecNssErrorsDefaultCallback ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecNssErrorsDefaultCallback (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *file</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> line</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *func</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *errorObject</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *errorSubject</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> reason</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *msg</code>);</pre>
+<p>The default errors reporting callback function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN36085"><span style="white-space: nowrap"><code class="PARAMETER">file</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error location file name (__FILE__ macro).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN36090"><span style="white-space: nowrap"><code class="PARAMETER">line</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error location line number (__LINE__ macro).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN36095"><span style="white-space: nowrap"><code class="PARAMETER">func</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error location function name (__FUNCTION__ macro).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN36100"><span style="white-space: nowrap"><code class="PARAMETER">errorObject</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error specific error object</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN36105"><span style="white-space: nowrap"><code class="PARAMETER">errorSubject</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error specific error subject.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN36110"><span style="white-space: nowrap"><code class="PARAMETER">reason</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error code.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN36115"><span style="white-space: nowrap"><code class="PARAMETER">msg</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the additional error message.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSGETINTERNALKEYSLOT"></a><h3>xmlSecNssGetInternalKeySlot ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="PK11SLOTINFO"><span class="RETURNVALUE">PK11SlotInfo</span></gtkdoclink> * xmlSecNssGetInternalKeySlot (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Gets internal NSS key slot.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN36131"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> internal key slot and initializes it if needed.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSKEYDATAAESID"></a><h3>xmlSecNssKeyDataAesId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssKeyDataAesId</pre>
+<p>The AES key data klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSKEYDATAAESGETKLASS"></a><h3>xmlSecNssKeyDataAesGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecNssKeyDataAesGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The AES key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN36153"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> AES key data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSKEYDATAAESSET"></a><h3>xmlSecNssKeyDataAesSet ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecNssKeyDataAesSet (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>);</pre>
+<p>Sets the value of AES key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN36176"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to AES key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN36181"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN36186"><span style="white-space: nowrap"><code class="PARAMETER">bufSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key value size (in bytes).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN36191"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMAES128CBCID"></a><h3>xmlSecNssTransformAes128CbcId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssTransformAes128CbcId</pre>
+<p>The AES128 CBC cipher transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMAES128CBCGETKLASS"></a><h3>xmlSecNssTransformAes128CbcGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecNssTransformAes128CbcGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>AES 128 CBC encryption transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN36213"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to AES 128 CBC encryption transform.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMAES192CBCID"></a><h3>xmlSecNssTransformAes192CbcId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssTransformAes192CbcId</pre>
+<p>The AES192 CBC cipher transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMAES192CBCGETKLASS"></a><h3>xmlSecNssTransformAes192CbcGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecNssTransformAes192CbcGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>AES 192 CBC encryption transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN36235"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to AES 192 CBC encryption transform.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMAES256CBCID"></a><h3>xmlSecNssTransformAes256CbcId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssTransformAes256CbcId</pre>
+<p>The AES256 CBC cipher transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMAES256CBCGETKLASS"></a><h3>xmlSecNssTransformAes256CbcGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecNssTransformAes256CbcGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>AES 256 CBC encryption transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN36257"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to AES 256 CBC encryption transform.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMKWAES128ID"></a><h3>xmlSecNssTransformKWAes128Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssTransformKWAes128Id</pre>
+<p>The AES 128 key wrap transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMKWAES128GETKLASS"></a><h3>xmlSecNssTransformKWAes128GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecNssTransformKWAes128GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The AES-128 key wrapper transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN36279"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> AES-128 key wrapper transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMKWAES192ID"></a><h3>xmlSecNssTransformKWAes192Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssTransformKWAes192Id</pre>
+<p>The AES 192 key wrap transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMKWAES192GETKLASS"></a><h3>xmlSecNssTransformKWAes192GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecNssTransformKWAes192GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The AES-192 key wrapper transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN36301"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> AES-192 key wrapper transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMKWAES256ID"></a><h3>xmlSecNssTransformKWAes256Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssTransformKWAes256Id</pre>
+<p>The AES 256 key wrap transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMKWAES256GETKLASS"></a><h3>xmlSecNssTransformKWAes256GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecNssTransformKWAes256GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The AES-256 key wrapper transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN36323"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> AES-256 key wrapper transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSKEYDATADESID"></a><h3>xmlSecNssKeyDataDesId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssKeyDataDesId</pre>
+<p>The DES key data klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSKEYDATADESGETKLASS"></a><h3>xmlSecNssKeyDataDesGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecNssKeyDataDesGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The DES key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN36345"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> DES key data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSKEYDATADESSET"></a><h3>xmlSecNssKeyDataDesSet ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecNssKeyDataDesSet (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>);</pre>
+<p>Sets the value of DES key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN36368"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to DES key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN36373"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN36378"><span style="white-space: nowrap"><code class="PARAMETER">bufSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key value size (in bytes).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN36383"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMDES3CBCID"></a><h3>xmlSecNssTransformDes3CbcId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssTransformDes3CbcId</pre>
+<p>The Triple DES CBC cipher transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMDES3CBCGETKLASS"></a><h3>xmlSecNssTransformDes3CbcGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecNssTransformDes3CbcGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Triple DES CBC encryption transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN36405"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to Triple DES encryption transform.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMKWDES3ID"></a><h3>xmlSecNssTransformKWDes3Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssTransformKWDes3Id</pre>
+<p>The DES3 KW transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMKWDES3GETKLASS"></a><h3>xmlSecNssTransformKWDes3GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecNssTransformKWDes3GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The Triple DES key wrapper transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN36427"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> Triple DES key wrapper transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSKEYDATADSAID"></a><h3>xmlSecNssKeyDataDsaId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssKeyDataDsaId</pre>
+<p>The DSA key klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSKEYDATADSAGETKLASS"></a><h3>xmlSecNssKeyDataDsaGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecNssKeyDataDsaGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The DSA key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN36449"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to DSA key data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMDSASHA1ID"></a><h3>xmlSecNssTransformDsaSha1Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssTransformDsaSha1Id</pre>
+<p>The DSA SHA1 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMDSASHA1GETKLASS"></a><h3>xmlSecNssTransformDsaSha1GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecNssTransformDsaSha1GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The DSA-SHA1 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN36471"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> DSA-SHA1 signature transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSHMACGETMINOUTPUTLENGTH"></a><h3>xmlSecNssHmacGetMinOutputLength ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecNssHmacGetMinOutputLength (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Gets the value of min HMAC length.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN36487"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the min HMAC output length</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSHMACSETMINOUTPUTLENGTH"></a><h3>xmlSecNssHmacSetMinOutputLength ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecNssHmacSetMinOutputLength (<code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> min_length</code>);</pre>
+<p>Sets the min HMAC output length</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN36504"><span style="white-space: nowrap"><code class="PARAMETER">min_length</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new min length</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSKEYDATAHMACID"></a><h3>xmlSecNssKeyDataHmacId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssKeyDataHmacId</pre>
+<p>The DHMAC key data klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSKEYDATAHMACGETKLASS"></a><h3>xmlSecNssKeyDataHmacGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecNssKeyDataHmacGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN36526"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> HMAC key data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSKEYDATAHMACSET"></a><h3>xmlSecNssKeyDataHmacSet ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecNssKeyDataHmacSet (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>);</pre>
+<p>Sets the value of HMAC key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN36549"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to HMAC key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN36554"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN36559"><span style="white-space: nowrap"><code class="PARAMETER">bufSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key value size (in bytes).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN36564"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMHMACMD5ID"></a><h3>xmlSecNssTransformHmacMd5Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssTransformHmacMd5Id</pre>
+<p>The HMAC with MD5 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMHMACMD5GETKLASS"></a><h3>xmlSecNssTransformHmacMd5GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecNssTransformHmacMd5GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-MD5 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN36586"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-MD5 transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMHMACRIPEMD160ID"></a><h3>xmlSecNssTransformHmacRipemd160Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssTransformHmacRipemd160Id</pre>
+<p>The HMAC with RipeMD160 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMHMACRIPEMD160GETKLASS"></a><h3>xmlSecNssTransformHmacRipemd160GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecNssTransformHmacRipemd160GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-RIPEMD160 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN36608"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-RIPEMD160 transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMHMACSHA1ID"></a><h3>xmlSecNssTransformHmacSha1Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssTransformHmacSha1Id</pre>
+<p>The HMAC with SHA1 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMHMACSHA1GETKLASS"></a><h3>xmlSecNssTransformHmacSha1GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecNssTransformHmacSha1GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-SHA1 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN36630"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-SHA1 transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMHMACSHA256ID"></a><h3>xmlSecNssTransformHmacSha256Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssTransformHmacSha256Id</pre>
+<p>The HMAC with SHA256 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMHMACSHA256GETKLASS"></a><h3>xmlSecNssTransformHmacSha256GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecNssTransformHmacSha256GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-SHA256 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN36652"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-SHA256 transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMHMACSHA384ID"></a><h3>xmlSecNssTransformHmacSha384Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssTransformHmacSha384Id</pre>
+<p>The HMAC with SHA384 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMHMACSHA384GETKLASS"></a><h3>xmlSecNssTransformHmacSha384GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecNssTransformHmacSha384GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-SHA384 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN36674"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-SHA384 transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMHMACSHA512ID"></a><h3>xmlSecNssTransformHmacSha512Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssTransformHmacSha512Id</pre>
+<p>The HMAC with SHA512 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMHMACSHA512GETKLASS"></a><h3>xmlSecNssTransformHmacSha512GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecNssTransformHmacSha512GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-SHA512 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN36696"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-SHA512 transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSKEYDATARSAID"></a><h3>xmlSecNssKeyDataRsaId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssKeyDataRsaId</pre>
+<p>The RSA key klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSKEYDATARSAGETKLASS"></a><h3>xmlSecNssKeyDataRsaGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecNssKeyDataRsaGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN36718"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to RSA key data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMRSAMD5ID"></a><h3>xmlSecNssTransformRsaMd5Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssTransformRsaMd5Id</pre>
+<p>The RSA-MD5 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMRSAMD5GETKLASS"></a><h3>xmlSecNssTransformRsaMd5GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecNssTransformRsaMd5GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-MD5 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN36740"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-MD5 signature transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMRSASHA1ID"></a><h3>xmlSecNssTransformRsaSha1Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssTransformRsaSha1Id</pre>
+<p>The RSA-SHA1 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMRSASHA1GETKLASS"></a><h3>xmlSecNssTransformRsaSha1GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecNssTransformRsaSha1GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-SHA1 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN36762"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-SHA1 signature transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMRSASHA256ID"></a><h3>xmlSecNssTransformRsaSha256Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssTransformRsaSha256Id</pre>
+<p>The RSA-SHA256 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMRSASHA256GETKLASS"></a><h3>xmlSecNssTransformRsaSha256GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecNssTransformRsaSha256GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-SHA256 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN36784"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-SHA256 signature transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMRSASHA384ID"></a><h3>xmlSecNssTransformRsaSha384Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssTransformRsaSha384Id</pre>
+<p>The RSA-SHA384 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMRSASHA384GETKLASS"></a><h3>xmlSecNssTransformRsaSha384GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecNssTransformRsaSha384GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-SHA384 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN36806"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-SHA384 signature transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMRSASHA512ID"></a><h3>xmlSecNssTransformRsaSha512Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssTransformRsaSha512Id</pre>
+<p>The RSA-SHA512 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMRSASHA512GETKLASS"></a><h3>xmlSecNssTransformRsaSha512GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecNssTransformRsaSha512GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-SHA512 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN36828"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-SHA512 signature transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMRSAPKCS1ID"></a><h3>xmlSecNssTransformRsaPkcs1Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssTransformRsaPkcs1Id</pre>
+<p>The RSA PKCS1 key transport transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMRSAPKCS1GETKLASS"></a><h3>xmlSecNssTransformRsaPkcs1GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecNssTransformRsaPkcs1GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-PKCS1 key transport transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN36850"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-PKCS1 key transport transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMRSAOAEPID"></a><h3>xmlSecNssTransformRsaOaepId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssTransformRsaOaepId</pre>
+<p>The RSA OAEP key transport transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMRSAOAEPGETKLASS"></a><h3>xmlSecNssTransformRsaOaepGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecNssTransformRsaOaepGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-PKCS1 key transport transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN36872"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-PKCS1 key transport transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMSHA1ID"></a><h3>xmlSecNssTransformSha1Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssTransformSha1Id</pre>
+<p>The SHA1 digest transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMSHA1GETKLASS"></a><h3>xmlSecNssTransformSha1GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecNssTransformSha1GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>SHA-1 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN36894"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to SHA-1 digest transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMSHA256ID"></a><h3>xmlSecNssTransformSha256Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssTransformSha256Id</pre>
+<p>The SHA256 digest transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMSHA256GETKLASS"></a><h3>xmlSecNssTransformSha256GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecNssTransformSha256GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>SHA256 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN36916"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to SHA256 digest transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMSHA384ID"></a><h3>xmlSecNssTransformSha384Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssTransformSha384Id</pre>
+<p>The SHA384 digest transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMSHA384GETKLASS"></a><h3>xmlSecNssTransformSha384GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecNssTransformSha384GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>SHA384 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN36938"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to SHA384 digest transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMSHA512ID"></a><h3>xmlSecNssTransformSha512Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssTransformSha512Id</pre>
+<p>The SHA512 digest transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMSHA512GETKLASS"></a><h3>xmlSecNssTransformSha512GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecNssTransformSha512GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>SHA512 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN36960"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to SHA512 digest transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMMD5ID"></a><h3>xmlSecNssTransformMd5Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssTransformMd5Id</pre>
+<p>The MD5 digest transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSTRANSFORMMD5GETKLASS"></a><h3>xmlSecNssTransformMd5GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecNssTransformMd5GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>MD5 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN36982"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to MD5 digest transform klass.</p></td>
+</tr></tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-nss-bignum.html"><b>&lt;&lt;&lt; bignum</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-nss-keysstore.html"><b>keysstore &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-nss-keysstore.html b/docs/api/xmlsec-nss-keysstore.html
new file mode 100644
index 00000000..810d5cfe
--- /dev/null
+++ b/docs/api/xmlsec-nss-keysstore.html
@@ -0,0 +1,209 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>keysstore</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library for NSS API Reference." href="xmlsec-nss-ref.html">
+<link rel="PREVIOUS" title="crypto" href="xmlsec-nss-crypto.html">
+<link rel="NEXT" title="pkikeys" href="xmlsec-nss-pkikeys.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-nss-crypto.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-nss-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-nss-pkikeys.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-NSS-KEYSSTORE"></a>keysstore</h1>
+<div class="REFNAMEDIV">
+<a name="AEN36992"></a><h2>Name</h2>keysstore -- Keys store implementation for NSS.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-NSS-KEYSSTORE.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS">#define <a href="xmlsec-nss-keysstore.html#XMLSECNSSKEYSSTOREID">xmlSecNssKeysStoreId</a>
+<gtkdoclink href="XMLSECKEYSTOREID"><span class="RETURNVALUE">xmlSecKeyStoreId</span></gtkdoclink><a href="xmlsec-nss-keysstore.html#XMLSECNSSKEYSSTOREGETKLASS">xmlSecNssKeysStoreGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-nss-keysstore.html#XMLSECNSSKEYSSTOREADOPTKEY">xmlSecNssKeysStoreAdoptKey</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSTORE"><span class="TYPE">xmlSecKeyStorePtr</span></a> store</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-nss-keysstore.html#XMLSECNSSKEYSSTORELOAD">xmlSecNssKeysStoreLoad</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSTORE"><span class="TYPE">xmlSecKeyStorePtr</span></a> store</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *uri</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> keysMngr</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-nss-keysstore.html#XMLSECNSSKEYSSTORESAVE">xmlSecNssKeysStoreSave</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSTORE"><span class="TYPE">xmlSecKeyStorePtr</span></a> store</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-NSS-KEYSSTORE.DESCRIPTION"></a><h2>Description</h2>
+<p>Keys store implementation for NSS.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-NSS-KEYSSTORE.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECNSSKEYSSTOREID"></a><h3>xmlSecNssKeysStoreId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssKeysStoreId xmlSecNssKeysStoreGetKlass()</pre>
+<p>A Nss keys store klass id.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSKEYSSTOREGETKLASS"></a><h3>xmlSecNssKeysStoreGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYSTOREID"><span class="RETURNVALUE">xmlSecKeyStoreId</span></gtkdoclink> xmlSecNssKeysStoreGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The Nss list based keys store klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN37059"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> Nss list based keys store klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSKEYSSTOREADOPTKEY"></a><h3>xmlSecNssKeysStoreAdoptKey ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecNssKeysStoreAdoptKey (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSTORE"><span class="TYPE">xmlSecKeyStorePtr</span></a> store</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);</pre>
+<p>Adds <code class="PARAMETER">key</code> to the <code class="PARAMETER">store</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37081"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to Nss keys store.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37086"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37091"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSKEYSSTORELOAD"></a><h3>xmlSecNssKeysStoreLoad ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecNssKeysStoreLoad (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSTORE"><span class="TYPE">xmlSecKeyStorePtr</span></a> store</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *uri</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> keysMngr</code>);</pre>
+<p>Reads keys from an XML file.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37114"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to Nss keys store.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37119"><span style="white-space: nowrap"><code class="PARAMETER">uri</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the filename.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37124"><span style="white-space: nowrap"><code class="PARAMETER">keysMngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to associated keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37129"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSKEYSSTORESAVE"></a><h3>xmlSecNssKeysStoreSave ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecNssKeysStoreSave (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSTORE"><span class="TYPE">xmlSecKeyStorePtr</span></a> store</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);</pre>
+<p>Writes keys from <code class="PARAMETER">store</code> to an XML file.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37153"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to Nss keys store.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37158"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the filename.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37163"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the saved keys type (public, private, ...).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37168"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-nss-crypto.html"><b>&lt;&lt;&lt; crypto</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-nss-pkikeys.html"><b>pkikeys &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-nss-pkikeys.html b/docs/api/xmlsec-nss-pkikeys.html
new file mode 100644
index 00000000..765ed71e
--- /dev/null
+++ b/docs/api/xmlsec-nss-pkikeys.html
@@ -0,0 +1,211 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>pkikeys</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library for NSS API Reference." href="xmlsec-nss-ref.html">
+<link rel="PREVIOUS" title="keysstore" href="xmlsec-nss-keysstore.html">
+<link rel="NEXT" title="x509" href="xmlsec-nss-x509.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-nss-keysstore.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-nss-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-nss-x509.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-NSS-PKIKEYS"></a>pkikeys</h1>
+<div class="REFNAMEDIV">
+<a name="AEN37178"></a><h2>Name</h2>pkikeys -- PKI keys data implementation.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-NSS-PKIKEYS.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="RETURNVALUE">xmlSecKeyDataPtr</span></a> <a href="xmlsec-nss-pkikeys.html#XMLSECNSSPKIADOPTKEY">xmlSecNssPKIAdoptKey</a> (<code class="PARAMETER"><gtkdoclink href="SECKEYPRIVATEKEY"><span class="TYPE">SECKEYPrivateKey</span></gtkdoclink> *privkey</code>,
+ <code class="PARAMETER"><gtkdoclink href="SECKEYPUBLICKEY"><span class="TYPE">SECKEYPublicKey</span></gtkdoclink> *pubkey</code>);
+<gtkdoclink href="SECKEYPUBLICKEY"><span class="RETURNVALUE">SECKEYPublicKey</span></gtkdoclink>* <a href="xmlsec-nss-pkikeys.html#XMLSECNSSPKIKEYDATAGETPUBKEY">xmlSecNssPKIKeyDataGetPubKey</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+<gtkdoclink href="SECKEYPRIVATEKEY"><span class="RETURNVALUE">SECKEYPrivateKey</span></gtkdoclink>* <a href="xmlsec-nss-pkikeys.html#XMLSECNSSPKIKEYDATAGETPRIVKEY">xmlSecNssPKIKeyDataGetPrivKey</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+<gtkdoclink href="KEYTYPE"><span class="RETURNVALUE">KeyType</span></gtkdoclink><a href="xmlsec-nss-pkikeys.html#XMLSECNSSPKIKEYDATAGETKEYTYPE">xmlSecNssPKIKeyDataGetKeyType</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-nss-pkikeys.html#XMLSECNSSPKIKEYDATADUPLICATE">xmlSecNssPKIKeyDataDuplicate</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> dst</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> src</code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-NSS-PKIKEYS.DESCRIPTION"></a><h2>Description</h2>
+<p>PKI keys data implementation.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-NSS-PKIKEYS.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECNSSPKIADOPTKEY"></a><h3>xmlSecNssPKIAdoptKey ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="RETURNVALUE">xmlSecKeyDataPtr</span></a> xmlSecNssPKIAdoptKey (<code class="PARAMETER"><gtkdoclink href="SECKEYPRIVATEKEY"><span class="TYPE">SECKEYPrivateKey</span></gtkdoclink> *privkey</code>,
+ <code class="PARAMETER"><gtkdoclink href="SECKEYPUBLICKEY"><span class="TYPE">SECKEYPublicKey</span></gtkdoclink> *pubkey</code>);</pre>
+<p>Build a KeyData object from the given Private Key and Public
+Key handles.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37240"><span style="white-space: nowrap"><code class="PARAMETER">privkey</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the NSS Private Key handle</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37245"><span style="white-space: nowrap"><code class="PARAMETER">pubkey</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the NSS Public Key handle</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37250"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to KeyData object or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSPKIKEYDATAGETPUBKEY"></a><h3>xmlSecNssPKIKeyDataGetPubKey ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="SECKEYPUBLICKEY"><span class="RETURNVALUE">SECKEYPublicKey</span></gtkdoclink>* xmlSecNssPKIKeyDataGetPubKey (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Gets the Public Key from the key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37267"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to NSS Key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37272"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to SECKEYPublicKey or NULL if an error occurs.
+Caller is responsible for freeing the key when done</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSPKIKEYDATAGETPRIVKEY"></a><h3>xmlSecNssPKIKeyDataGetPrivKey ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="SECKEYPRIVATEKEY"><span class="RETURNVALUE">SECKEYPrivateKey</span></gtkdoclink>* xmlSecNssPKIKeyDataGetPrivKey (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Gets the Private Key from the key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37289"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to NSS Key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37294"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to SECKEYPrivateKey or NULL if an error occurs.
+Caller is responsible for freeing the key when done</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSPKIKEYDATAGETKEYTYPE"></a><h3>xmlSecNssPKIKeyDataGetKeyType ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="KEYTYPE"><span class="RETURNVALUE">KeyType</span></gtkdoclink> xmlSecNssPKIKeyDataGetKeyType (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Gets the Key Type from the key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37311"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to NSS Key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37316"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> Key Type</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSPKIKEYDATADUPLICATE"></a><h3>xmlSecNssPKIKeyDataDuplicate ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecNssPKIKeyDataDuplicate (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> dst</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> src</code>);</pre>
+<p>Duplicates the keydata from src to dst</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37336"><span style="white-space: nowrap"><code class="PARAMETER">dst</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to NSS Key data to copy to.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37341"><span style="white-space: nowrap"><code class="PARAMETER">src</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to NSS Key data to copy from.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37346"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> -1 on error, 0 on success</p></td>
+</tr>
+</tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-nss-keysstore.html"><b>&lt;&lt;&lt; keysstore</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-nss-x509.html"><b>x509 &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-nss-ref.html b/docs/api/xmlsec-nss-ref.html
new file mode 100644
index 00000000..81b0c6d7
--- /dev/null
+++ b/docs/api/xmlsec-nss-ref.html
@@ -0,0 +1,115 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>XML Security Library for NSS API Reference.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library API Reference." href="xmlsec-reference.html">
+<link rel="PREVIOUS" title="crypto" href="xmlsec-gcrypt-crypto.html">
+<link rel="NEXT" title="app" href="xmlsec-nss-app.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-gcrypt-crypto.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-reference.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-nss-app.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<div class="CHAPTER">
+<h1>
+<a name="XMLSEC-NSS-REF"></a>XML Security Library for NSS API Reference.</h1>
+<div class="TOC"><dl>
+<dt><b>Table of Contents</b></dt>
+<dt>
+<a href="xmlsec-nss-app.html">app</a> -- Application functions implementation for NSS.</dt>
+<dt>
+<a href="xmlsec-nss-bignum.html">bignum</a> -- Big numbers helper functions.</dt>
+<dt>
+<a href="xmlsec-nss-crypto.html">crypto</a> -- Crypto transforms implementation for NSS.</dt>
+<dt>
+<a href="xmlsec-nss-keysstore.html">keysstore</a> -- Keys store implementation for NSS.</dt>
+<dt>
+<a href="xmlsec-nss-pkikeys.html">pkikeys</a> -- PKI keys data implementation.</dt>
+<dt>
+<a href="xmlsec-nss-x509.html">x509</a> -- X509 certificates support implementation for NSS.</dt>
+</dl></div>
+<p>This section contains the API reference for xmlsec-nss. All
+ the public interfaces are documented here. This reference guide is
+ build by extracting comments from the code sources. </p>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-gcrypt-crypto.html"><b>&lt;&lt;&lt; crypto</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-nss-app.html"><b>app &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-nss-x509.html b/docs/api/xmlsec-nss-x509.html
new file mode 100644
index 00000000..410e110d
--- /dev/null
+++ b/docs/api/xmlsec-nss-x509.html
@@ -0,0 +1,467 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>x509</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library for NSS API Reference." href="xmlsec-nss-ref.html">
+<link rel="PREVIOUS" title="pkikeys" href="xmlsec-nss-pkikeys.html">
+<link rel="NEXT" title="XML Security Library for MSCrypto API Reference." href="xmlsec-mscrypto-ref.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-nss-pkikeys.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-nss-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-mscrypto-ref.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-NSS-X509"></a>x509</h1>
+<div class="REFNAMEDIV">
+<a name="AEN37356"></a><h2>Name</h2>x509 -- X509 certificates support implementation for NSS.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-NSS-X509.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS">#define <a href="xmlsec-nss-x509.html#XMLSECNSSKEYDATAX509ID">xmlSecNssKeyDataX509Id</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-nss-x509.html#XMLSECNSSKEYDATAX509GETKLASS">xmlSecNssKeyDataX509GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="CERTCERTIFICATE"><span class="RETURNVALUE">CERTCertificate</span></gtkdoclink>* <a href="xmlsec-nss-x509.html#XMLSECNSSKEYDATAX509GETKEYCERT">xmlSecNssKeyDataX509GetKeyCert</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-nss-x509.html#XMLSECNSSKEYDATAX509ADOPTKEYCERT">xmlSecNssKeyDataX509AdoptKeyCert</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="CERTCERTIFICATE"><span class="TYPE">CERTCertificate</span></gtkdoclink> *cert</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-nss-x509.html#XMLSECNSSKEYDATAX509ADOPTCERT">xmlSecNssKeyDataX509AdoptCert</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="CERTCERTIFICATE"><span class="TYPE">CERTCertificate</span></gtkdoclink> *cert</code>);
+<gtkdoclink href="CERTCERTIFICATE"><span class="RETURNVALUE">CERTCertificate</span></gtkdoclink>* <a href="xmlsec-nss-x509.html#XMLSECNSSKEYDATAX509GETCERT">xmlSecNssKeyDataX509GetCert</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> pos</code>);
+<a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="RETURNVALUE">xmlSecSize</span></a> <a href="xmlsec-nss-x509.html#XMLSECNSSKEYDATAX509GETCERTSSIZE">xmlSecNssKeyDataX509GetCertsSize</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-nss-x509.html#XMLSECNSSKEYDATAX509ADOPTCRL">xmlSecNssKeyDataX509AdoptCrl</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="CERTSIGNEDCRL"><span class="TYPE">CERTSignedCrl</span></gtkdoclink> *crl</code>);
+<gtkdoclink href="CERTSIGNEDCRL"><span class="RETURNVALUE">CERTSignedCrl</span></gtkdoclink>* <a href="xmlsec-nss-x509.html#XMLSECNSSKEYDATAX509GETCRL">xmlSecNssKeyDataX509GetCrl</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> pos</code>);
+<a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="RETURNVALUE">xmlSecSize</span></a> <a href="xmlsec-nss-x509.html#XMLSECNSSKEYDATAX509GETCRLSSIZE">xmlSecNssKeyDataX509GetCrlsSize</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+<a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="RETURNVALUE">xmlSecKeyDataPtr</span></a> <a href="xmlsec-nss-x509.html#XMLSECNSSX509CERTGETKEY">xmlSecNssX509CertGetKey</a> (<code class="PARAMETER"><gtkdoclink href="CERTCERTIFICATE"><span class="TYPE">CERTCertificate</span></gtkdoclink> *cert</code>);
+#define <a href="xmlsec-nss-x509.html#XMLSECNSSKEYDATARAWX509CERTID">xmlSecNssKeyDataRawX509CertId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-nss-x509.html#XMLSECNSSKEYDATARAWX509CERTGETKLASS">xmlSecNssKeyDataRawX509CertGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-nss-x509.html#XMLSECNSSX509STOREID">xmlSecNssX509StoreId</a>
+<gtkdoclink href="XMLSECKEYDATASTOREID"><span class="RETURNVALUE">xmlSecKeyDataStoreId</span></gtkdoclink><a href="xmlsec-nss-x509.html#XMLSECNSSX509STOREGETKLASS">xmlSecNssX509StoreGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="CERTCERTIFICATE"><span class="RETURNVALUE">CERTCertificate</span></gtkdoclink>* <a href="xmlsec-nss-x509.html#XMLSECNSSX509STOREFINDCERT">xmlSecNssX509StoreFindCert</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *subjectName</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *issuerName</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *issuerSerial</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *ski</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtx</span></a> *keyInfoCtx</code>);
+<gtkdoclink href="CERTCERTIFICATE"><span class="RETURNVALUE">CERTCertificate</span></gtkdoclink>* <a href="xmlsec-nss-x509.html#XMLSECNSSX509STOREVERIFY">xmlSecNssX509StoreVerify</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>,
+ <code class="PARAMETER"><gtkdoclink href="CERTCERTLIST"><span class="TYPE">CERTCertList</span></gtkdoclink> *certs</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtx</span></a> *keyInfoCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-nss-x509.html#XMLSECNSSX509STOREADOPTCERT">xmlSecNssX509StoreAdoptCert</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>,
+ <code class="PARAMETER"><gtkdoclink href="CERTCERTIFICATE"><span class="TYPE">CERTCertificate</span></gtkdoclink> *cert</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-NSS-X509.DESCRIPTION"></a><h2>Description</h2>
+<p>X509 certificates support implementation for NSS.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-NSS-X509.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECNSSKEYDATAX509ID"></a><h3>xmlSecNssKeyDataX509Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssKeyDataX509Id</pre>
+<p>The NSS X509 data klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSKEYDATAX509GETKLASS"></a><h3>xmlSecNssKeyDataX509GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecNssKeyDataX509GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The NSS X509 key data klass (http://www.w3.org/TR/xmldsig-core/<gtkdoclink href="SEC-X509DATA"><span class="TYPE">sec-X509Data</span></gtkdoclink>).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN37518"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the X509 data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSKEYDATAX509GETKEYCERT"></a><h3>xmlSecNssKeyDataX509GetKeyCert ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="CERTCERTIFICATE"><span class="RETURNVALUE">CERTCertificate</span></gtkdoclink>* xmlSecNssKeyDataX509GetKeyCert (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Gets the certificate from which the key was extracted.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37535"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37540"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the key's certificate or NULL if key data was not used for key
+extraction or an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSKEYDATAX509ADOPTKEYCERT"></a><h3>xmlSecNssKeyDataX509AdoptKeyCert ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecNssKeyDataX509AdoptKeyCert (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="CERTCERTIFICATE"><span class="TYPE">CERTCertificate</span></gtkdoclink> *cert</code>);</pre>
+<p>Sets the key's certificate in <code class="PARAMETER">data</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37561"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37566"><span style="white-space: nowrap"><code class="PARAMETER">cert</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to NSS X509 certificate.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37571"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSKEYDATAX509ADOPTCERT"></a><h3>xmlSecNssKeyDataX509AdoptCert ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecNssKeyDataX509AdoptCert (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="CERTCERTIFICATE"><span class="TYPE">CERTCertificate</span></gtkdoclink> *cert</code>);</pre>
+<p>Adds certificate to the X509 key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37591"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37596"><span style="white-space: nowrap"><code class="PARAMETER">cert</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to NSS X509 certificate.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37601"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSKEYDATAX509GETCERT"></a><h3>xmlSecNssKeyDataX509GetCert ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="CERTCERTIFICATE"><span class="RETURNVALUE">CERTCertificate</span></gtkdoclink>* xmlSecNssKeyDataX509GetCert (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> pos</code>);</pre>
+<p>Gets a certificate from X509 key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37621"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37626"><span style="white-space: nowrap"><code class="PARAMETER">pos</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired certificate position.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37631"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to certificate or NULL if <code class="PARAMETER">pos</code> is larger than the
+number of certificates in <code class="PARAMETER">data</code> or an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSKEYDATAX509GETCERTSSIZE"></a><h3>xmlSecNssKeyDataX509GetCertsSize ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="RETURNVALUE">xmlSecSize</span></a> xmlSecNssKeyDataX509GetCertsSize (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Gets the number of certificates in <code class="PARAMETER">data</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37651"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37656"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> te number of certificates in <code class="PARAMETER">data</code>.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSKEYDATAX509ADOPTCRL"></a><h3>xmlSecNssKeyDataX509AdoptCrl ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecNssKeyDataX509AdoptCrl (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="CERTSIGNEDCRL"><span class="TYPE">CERTSignedCrl</span></gtkdoclink> *crl</code>);</pre>
+<p>Adds CRL to the X509 key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37677"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37682"><span style="white-space: nowrap"><code class="PARAMETER">crl</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to NSS X509 CRL.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37687"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSKEYDATAX509GETCRL"></a><h3>xmlSecNssKeyDataX509GetCrl ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="CERTSIGNEDCRL"><span class="RETURNVALUE">CERTSignedCrl</span></gtkdoclink>* xmlSecNssKeyDataX509GetCrl (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> pos</code>);</pre>
+<p>Gets a CRL from X509 key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37707"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37712"><span style="white-space: nowrap"><code class="PARAMETER">pos</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired CRL position.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37717"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to CRL or NULL if <code class="PARAMETER">pos</code> is larger than the
+number of CRLs in <code class="PARAMETER">data</code> or an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSKEYDATAX509GETCRLSSIZE"></a><h3>xmlSecNssKeyDataX509GetCrlsSize ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="RETURNVALUE">xmlSecSize</span></a> xmlSecNssKeyDataX509GetCrlsSize (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Gets the number of CRLs in <code class="PARAMETER">data</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37737"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37742"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> te number of CRLs in <code class="PARAMETER">data</code>.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSX509CERTGETKEY"></a><h3>xmlSecNssX509CertGetKey ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="RETURNVALUE">xmlSecKeyDataPtr</span></a> xmlSecNssX509CertGetKey (<code class="PARAMETER"><gtkdoclink href="CERTCERTIFICATE"><span class="TYPE">CERTCertificate</span></gtkdoclink> *cert</code>);</pre>
+<p>Extracts public key from the <code class="PARAMETER">cert</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37761"><span style="white-space: nowrap"><code class="PARAMETER">cert</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37766"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> public key value or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSKEYDATARAWX509CERTID"></a><h3>xmlSecNssKeyDataRawX509CertId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssKeyDataRawX509CertId</pre>
+<p>The NSS raw X509 certificate klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSKEYDATARAWX509CERTGETKLASS"></a><h3>xmlSecNssKeyDataRawX509CertGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecNssKeyDataRawX509CertGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The raw X509 certificates key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN37788"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> raw X509 certificates key data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSX509STOREID"></a><h3>xmlSecNssX509StoreId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNssX509StoreId</pre>
+<p>The NSS X509 store klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSX509STOREGETKLASS"></a><h3>xmlSecNssX509StoreGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATASTOREID"><span class="RETURNVALUE">xmlSecKeyDataStoreId</span></gtkdoclink> xmlSecNssX509StoreGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The NSS X509 certificates key data store klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN37810"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to NSS X509 certificates key data store klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSX509STOREFINDCERT"></a><h3>xmlSecNssX509StoreFindCert ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="CERTCERTIFICATE"><span class="RETURNVALUE">CERTCertificate</span></gtkdoclink>* xmlSecNssX509StoreFindCert (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *subjectName</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *issuerName</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *issuerSerial</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *ski</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtx</span></a> *keyInfoCtx</code>);</pre>
+<p>Searches <code class="PARAMETER">store</code> for a certificate that matches given criteria.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37843"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data store klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37848"><span style="white-space: nowrap"><code class="PARAMETER">subjectName</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired certificate name.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37853"><span style="white-space: nowrap"><code class="PARAMETER">issuerName</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired certificate issuer name.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37858"><span style="white-space: nowrap"><code class="PARAMETER">issuerSerial</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired certificate issuer serial number.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37863"><span style="white-space: nowrap"><code class="PARAMETER">ski</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired certificate SKI.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37868"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> element processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37874"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to found certificate or NULL if certificate is not found
+or an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSX509STOREVERIFY"></a><h3>xmlSecNssX509StoreVerify ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="CERTCERTIFICATE"><span class="RETURNVALUE">CERTCertificate</span></gtkdoclink>* xmlSecNssX509StoreVerify (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>,
+ <code class="PARAMETER"><gtkdoclink href="CERTCERTLIST"><span class="TYPE">CERTCertList</span></gtkdoclink> *certs</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtx</span></a> *keyInfoCtx</code>);</pre>
+<p>Verifies <code class="PARAMETER">certs</code> list.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37898"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data store klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37903"><span style="white-space: nowrap"><code class="PARAMETER">certs</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the untrusted certificates stack.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37908"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> element processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37914"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the first verified certificate from <code class="PARAMETER">certs</code>.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNSSX509STOREADOPTCERT"></a><h3>xmlSecNssX509StoreAdoptCert ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecNssX509StoreAdoptCert (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>,
+ <code class="PARAMETER"><gtkdoclink href="CERTCERTIFICATE"><span class="TYPE">CERTCertificate</span></gtkdoclink> *cert</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);</pre>
+<p>Adds trusted (root) or untrusted certificate to the store.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37938"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data store klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37943"><span style="white-space: nowrap"><code class="PARAMETER">cert</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to NSS X509 certificate.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37948"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate type (trusted/untrusted).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN37953"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-nss-pkikeys.html"><b>&lt;&lt;&lt; pkikeys</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-mscrypto-ref.html"><b>XML Security Library for MSCrypto API Reference. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-nss.sgml b/docs/api/xmlsec-nss.sgml
new file mode 100644
index 00000000..9aa211bd
--- /dev/null
+++ b/docs/api/xmlsec-nss.sgml
@@ -0,0 +1,23 @@
+<!doctype book PUBLIC "-//DavenPort//DTD DocBook V3.0//EN" [
+<!ENTITY xmlsec-nss-app SYSTEM "sgml/app.sgml">
+<!ENTITY xmlsec-nss-bignum SYSTEM "sgml/bignum.sgml">
+<!ENTITY xmlsec-nss-crypto SYSTEM "sgml/crypto.sgml">
+<!ENTITY xmlsec-nss-keysstore SYSTEM "sgml/keysstore.sgml">
+<!ENTITY xmlsec-nss-pkikeys SYSTEM "sgml/pkikeys.sgml">
+<!ENTITY xmlsec-nss-x509 SYSTEM "sgml/x509.sgml">
+]>
+<book id="index">
+ <bookinfo>
+ <title>[Insert name here] Reference Manual</title>
+ </bookinfo>
+
+ <chapter>
+ <title>[Insert title here]</title>
+ &xmlsec-nss-app;
+ &xmlsec-nss-bignum;
+ &xmlsec-nss-crypto;
+ &xmlsec-nss-keysstore;
+ &xmlsec-nss-pkikeys;
+ &xmlsec-nss-x509;
+ </chapter>
+</book>
diff --git a/docs/api/xmlsec-openssl-app.html b/docs/api/xmlsec-openssl-app.html
new file mode 100644
index 00000000..8f71383e
--- /dev/null
+++ b/docs/api/xmlsec-openssl-app.html
@@ -0,0 +1,800 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>app</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library for OpenSLL API Reference." href="xmlsec-openssl-ref.html">
+<link rel="PREVIOUS" title="XML Security Library for OpenSLL API Reference." href="xmlsec-openssl-ref.html">
+<link rel="NEXT" title="bn" href="xmlsec-openssl-bn.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-openssl-ref.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-openssl-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-openssl-bn.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-OPENSSL-APP"></a>app</h1>
+<div class="REFNAMEDIV">
+<a name="AEN25918"></a><h2>Name</h2>app -- Application functions implementation for OpenSSL.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-OPENSSL-APP.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPINIT">xmlSecOpenSSLAppInit</a> (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *config</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPSHUTDOWN">xmlSecOpenSSLAppShutdown</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPDEFAULTKEYSMNGRINIT">xmlSecOpenSSLAppDefaultKeysMngrInit</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPDEFAULTKEYSMNGRADOPTKEY">xmlSecOpenSSLAppDefaultKeysMngrAdoptKey</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPDEFAULTKEYSMNGRLOAD">xmlSecOpenSSLAppDefaultKeysMngrLoad</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *uri</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPDEFAULTKEYSMNGRSAVE">xmlSecOpenSSLAppDefaultKeysMngrSave</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPKEYSMNGRCERTLOAD">xmlSecOpenSSLAppKeysMngrCertLoad</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPKEYSMNGRCERTLOADMEMORY">xmlSecOpenSSLAppKeysMngrCertLoadMemory</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPKEYSMNGRCERTLOADBIO">xmlSecOpenSSLAppKeysMngrCertLoadBIO</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER"><gtkdoclink href="BIO:CAPS"><span class="TYPE">BIO</span></gtkdoclink> *bio</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPKEYSMNGRADDCERTSPATH">xmlSecOpenSSLAppKeysMngrAddCertsPath</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *path</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPKEYSMNGRADDCERTSFILE">xmlSecOpenSSLAppKeysMngrAddCertsFile</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *file</code>);
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPKEYLOAD">xmlSecOpenSSLAppKeyLoad</a> (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPKEYLOADMEMORY">xmlSecOpenSSLAppKeyLoadMemory</a> (<code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPKEYLOADBIO">xmlSecOpenSSLAppKeyLoadBIO</a> (<code class="PARAMETER"><gtkdoclink href="BIO:CAPS"><span class="TYPE">BIO</span></gtkdoclink> *bio</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPPKCS12LOAD">xmlSecOpenSSLAppPkcs12Load</a> (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPPKCS12LOADMEMORY">xmlSecOpenSSLAppPkcs12LoadMemory</a> (<code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPPKCS12LOADBIO">xmlSecOpenSSLAppPkcs12LoadBIO</a> (<code class="PARAMETER"><gtkdoclink href="BIO:CAPS"><span class="TYPE">BIO</span></gtkdoclink> *bio</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPKEYCERTLOAD">xmlSecOpenSSLAppKeyCertLoad</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPKEYCERTLOADMEMORY">xmlSecOpenSSLAppKeyCertLoadMemory</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPKEYCERTLOADBIO">xmlSecOpenSSLAppKeyCertLoadBIO</a> (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><gtkdoclink href="BIO:CAPS"><span class="TYPE">BIO</span></gtkdoclink> *bio</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>);
+<a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> <a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPKEYFROMCERTLOADBIO">xmlSecOpenSSLAppKeyFromCertLoadBIO</a> (<code class="PARAMETER"><gtkdoclink href="BIO:CAPS"><span class="TYPE">BIO</span></gtkdoclink> *bio</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink>* <a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPGETDEFAULTPWDCALLBACK">xmlSecOpenSSLAppGetDefaultPwdCallback</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-OPENSSL-APP.DESCRIPTION"></a><h2>Description</h2>
+<p>Application functions implementation for OpenSSL.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-OPENSSL-APP.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLAPPINIT"></a><h3>xmlSecOpenSSLAppInit ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLAppInit (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *config</code>);</pre>
+<p>General crypto engine initialization. This function is used
+by XMLSec command line utility and called before
+<code class="PARAMETER">xmlSecInit</code> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26213"><span style="white-space: nowrap"><code class="PARAMETER">config</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the path to certs.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26218"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLAPPSHUTDOWN"></a><h3>xmlSecOpenSSLAppShutdown ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLAppShutdown (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>General crypto engine shutdown. This function is used
+by XMLSec command line utility and called after
+<code class="PARAMETER">xmlSecShutdown</code> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN26235"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLAPPDEFAULTKEYSMNGRINIT"></a><h3>xmlSecOpenSSLAppDefaultKeysMngrInit ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLAppDefaultKeysMngrInit (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>);</pre>
+<p>Initializes <code class="PARAMETER">mngr</code> with simple keys store <a href="xmlsec-keysmngr.html#XMLSECSIMPLEKEYSSTOREID"><span class="TYPE">xmlSecSimpleKeysStoreId</span></a>
+and a default OpenSSL crypto key data stores.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26255"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26260"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLAPPDEFAULTKEYSMNGRADOPTKEY"></a><h3>xmlSecOpenSSLAppDefaultKeysMngrAdoptKey ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLAppDefaultKeysMngrAdoptKey
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);</pre>
+<p>Adds <code class="PARAMETER">key</code> to the keys manager <code class="PARAMETER">mngr</code> created with <a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPDEFAULTKEYSMNGRINIT"><span class="TYPE">xmlSecOpenSSLAppDefaultKeysMngrInit</span></a>
+function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26284"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26289"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26294"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLAPPDEFAULTKEYSMNGRLOAD"></a><h3>xmlSecOpenSSLAppDefaultKeysMngrLoad ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLAppDefaultKeysMngrLoad (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *uri</code>);</pre>
+<p>Loads XML keys file from <code class="PARAMETER">uri</code> to the keys manager <code class="PARAMETER">mngr</code> created
+with <a href="xmlsec-openssl-app.html#XMLSECOPENSSLAPPDEFAULTKEYSMNGRINIT"><span class="TYPE">xmlSecOpenSSLAppDefaultKeysMngrInit</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26318"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26323"><span style="white-space: nowrap"><code class="PARAMETER">uri</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the uri.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26328"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLAPPDEFAULTKEYSMNGRSAVE"></a><h3>xmlSecOpenSSLAppDefaultKeysMngrSave ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLAppDefaultKeysMngrSave (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);</pre>
+<p>Saves keys from <code class="PARAMETER">mngr</code> to XML keys file.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26352"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26357"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the destination filename.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26362"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the type of keys to save (public/private/symmetric).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26367"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLAPPKEYSMNGRCERTLOAD"></a><h3>xmlSecOpenSSLAppKeysMngrCertLoad ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLAppKeysMngrCertLoad (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);</pre>
+<p>Reads cert from <code class="PARAMETER">filename</code> and adds to the list of trusted or known
+untrusted certs in <code class="PARAMETER">store</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26395"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26400"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate file.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26405"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate file format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26410"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the flag that indicates is the certificate in <code class="PARAMETER">filename</code>
+ trusted or not.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26416"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLAPPKEYSMNGRCERTLOADMEMORY"></a><h3>xmlSecOpenSSLAppKeysMngrCertLoadMemory ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLAppKeysMngrCertLoadMemory
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);</pre>
+<p>Reads cert from binary buffer <code class="PARAMETER">data</code> and adds to the list of trusted or known
+untrusted certs in <code class="PARAMETER">store</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26447"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26452"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate binary data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26457"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate binary data size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26462"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate file format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26467"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the flag that indicates is the certificate trusted or not.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26472"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLAPPKEYSMNGRCERTLOADBIO"></a><h3>xmlSecOpenSSLAppKeysMngrCertLoadBIO ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLAppKeysMngrCertLoadBIO (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER"><gtkdoclink href="BIO:CAPS"><span class="TYPE">BIO</span></gtkdoclink> *bio</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);</pre>
+<p>Reads cert from an OpenSSL BIO object and adds to the list of trusted or known
+untrusted certs in <code class="PARAMETER">store</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26499"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26504"><span style="white-space: nowrap"><code class="PARAMETER">bio</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate BIO.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26509"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate file format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26514"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the flag that indicates is the certificate trusted or not.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26519"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLAPPKEYSMNGRADDCERTSPATH"></a><h3>xmlSecOpenSSLAppKeysMngrAddCertsPath ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLAppKeysMngrAddCertsPath
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *path</code>);</pre>
+<p>Reads cert from <code class="PARAMETER">path</code> and adds to the list of trusted certificates.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26540"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26545"><span style="white-space: nowrap"><code class="PARAMETER">path</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the path to trusted certificates.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26550"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLAPPKEYSMNGRADDCERTSFILE"></a><h3>xmlSecOpenSSLAppKeysMngrAddCertsFile ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLAppKeysMngrAddCertsFile
+ (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *file</code>);</pre>
+<p>Reads certs from <code class="PARAMETER">file</code> and adds to the list of trusted certificates.
+It is possible for <code class="PARAMETER">file</code> to contain multiple certs.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26572"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26577"><span style="white-space: nowrap"><code class="PARAMETER">file</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the file containing trusted certificates.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26582"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLAPPKEYLOAD"></a><h3>xmlSecOpenSSLAppKeyLoad ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecOpenSSLAppKeyLoad (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);</pre>
+<p>Reads key from the a file.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26611"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key filename.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26616"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key file format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26621"><span style="white-space: nowrap"><code class="PARAMETER">pwd</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key file password.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26626"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallback</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26631"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallbackCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the user context for password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26636"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLAPPKEYLOADMEMORY"></a><h3>xmlSecOpenSSLAppKeyLoadMemory ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecOpenSSLAppKeyLoadMemory (<code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);</pre>
+<p>Reads key from the memory buffer.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26668"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the binary key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26673"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the size of binary key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26678"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key file format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26683"><span style="white-space: nowrap"><code class="PARAMETER">pwd</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key file password.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26688"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallback</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26693"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallbackCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the user context for password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26698"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLAPPKEYLOADBIO"></a><h3>xmlSecOpenSSLAppKeyLoadBIO ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecOpenSSLAppKeyLoadBIO (<code class="PARAMETER"><gtkdoclink href="BIO:CAPS"><span class="TYPE">BIO</span></gtkdoclink> *bio</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);</pre>
+<p>Reads key from the an OpenSSL BIO object.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26727"><span style="white-space: nowrap"><code class="PARAMETER">bio</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key BIO.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26732"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key file format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26737"><span style="white-space: nowrap"><code class="PARAMETER">pwd</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key file password.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26742"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallback</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26747"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallbackCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the user context for password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26752"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLAPPPKCS12LOAD"></a><h3>xmlSecOpenSSLAppPkcs12Load ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecOpenSSLAppPkcs12Load (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);</pre>
+<p>Reads key and all associated certificates from the PKCS12 file.
+For uniformity, call xmlSecOpenSSLAppKeyLoad instead of this function. Pass
+in format=xmlSecKeyDataFormatPkcs12.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26778"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the PKCS12 key filename.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26783"><span style="white-space: nowrap"><code class="PARAMETER">pwd</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the PKCS12 file password.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26788"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallback</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26793"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallbackCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the user context for password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26798"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLAPPPKCS12LOADMEMORY"></a><h3>xmlSecOpenSSLAppPkcs12LoadMemory ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecOpenSSLAppPkcs12LoadMemory (<code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);</pre>
+<p>Reads key and all associated certificates from the PKCS12 data in memory buffer.
+For uniformity, call xmlSecOpenSSLAppKeyLoad instead of this function. Pass
+in format=xmlSecKeyDataFormatPkcs12.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26827"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the PKCS12 binary data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26832"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the PKCS12 binary data size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26837"><span style="white-space: nowrap"><code class="PARAMETER">pwd</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the PKCS12 file password.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26842"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallback</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26847"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallbackCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the user context for password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26852"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLAPPPKCS12LOADBIO"></a><h3>xmlSecOpenSSLAppPkcs12LoadBIO ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecOpenSSLAppPkcs12LoadBIO (<code class="PARAMETER"><gtkdoclink href="BIO:CAPS"><span class="TYPE">BIO</span></gtkdoclink> *bio</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *pwd</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallback</code>,
+ <code class="PARAMETER"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *pwdCallbackCtx</code>);</pre>
+<p>Reads key and all associated certificates from the PKCS12 data in an OpenSSL BIO object.
+For uniformity, call xmlSecOpenSSLAppKeyLoad instead of this function. Pass
+in format=xmlSecKeyDataFormatPkcs12.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26878"><span style="white-space: nowrap"><code class="PARAMETER">bio</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the PKCS12 key bio.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26883"><span style="white-space: nowrap"><code class="PARAMETER">pwd</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the PKCS12 file password.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26888"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallback</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26893"><span style="white-space: nowrap"><code class="PARAMETER">pwdCallbackCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the user context for password callback.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26898"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLAPPKEYCERTLOAD"></a><h3>xmlSecOpenSSLAppKeyCertLoad ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLAppKeyCertLoad (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>);</pre>
+<p>Reads the certificate from $<code class="PARAMETER">filename</code> and adds it to key.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26922"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26927"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate filename.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26932"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate file format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26937"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLAPPKEYCERTLOADMEMORY"></a><h3>xmlSecOpenSSLAppKeyCertLoadMemory ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLAppKeyCertLoadMemory (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>);</pre>
+<p>Reads the certificate from memory buffer and adds it to key.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26963"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26968"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate binary data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26973"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate binary data size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26978"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate file format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN26983"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLAPPKEYCERTLOADBIO"></a><h3>xmlSecOpenSSLAppKeyCertLoadBIO ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLAppKeyCertLoadBIO (<code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>,
+ <code class="PARAMETER"><gtkdoclink href="BIO:CAPS"><span class="TYPE">BIO</span></gtkdoclink> *bio</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>);</pre>
+<p>Reads the certificate from memory buffer and adds it to key.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN27006"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN27011"><span style="white-space: nowrap"><code class="PARAMETER">bio</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate bio.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN27016"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate file format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN27021"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLAPPKEYFROMCERTLOADBIO"></a><h3>xmlSecOpenSSLAppKeyFromCertLoadBIO ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keys.html#XMLSECKEY"><span class="RETURNVALUE">xmlSecKeyPtr</span></a> xmlSecOpenSSLAppKeyFromCertLoadBIO (<code class="PARAMETER"><gtkdoclink href="BIO:CAPS"><span class="TYPE">BIO</span></gtkdoclink> *bio</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATAFORMAT"><span class="TYPE">xmlSecKeyDataFormat</span></a> format</code>);</pre>
+<p>Loads public key from cert.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN27041"><span style="white-space: nowrap"><code class="PARAMETER">bio</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the BIO.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN27046"><span style="white-space: nowrap"><code class="PARAMETER">format</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the cert format.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN27051"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLAPPGETDEFAULTPWDCALLBACK"></a><h3>xmlSecOpenSSLAppGetDefaultPwdCallback ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink>* xmlSecOpenSSLAppGetDefaultPwdCallback
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Gets default password callback.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN27067"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> default password callback.</p></td>
+</tr></tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-openssl-ref.html"><b>&lt;&lt;&lt; XML Security Library for OpenSLL API Reference.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-openssl-bn.html"><b>bn &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-openssl-bn.html b/docs/api/xmlsec-openssl-bn.html
new file mode 100644
index 00000000..9f99727a
--- /dev/null
+++ b/docs/api/xmlsec-openssl-bn.html
@@ -0,0 +1,170 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>bn</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library for OpenSLL API Reference." href="xmlsec-openssl-ref.html">
+<link rel="PREVIOUS" title="app" href="xmlsec-openssl-app.html">
+<link rel="NEXT" title="crypto" href="xmlsec-openssl-crypto.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-openssl-app.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-openssl-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-openssl-crypto.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-OPENSSL-BN"></a>bn</h1>
+<div class="REFNAMEDIV">
+<a name="AEN27077"></a><h2>Name</h2>bn -- Big numbers helper functions.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-OPENSSL-BN.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS"><gtkdoclink href="BIGNUM:CAPS"><span class="RETURNVALUE">BIGNUM</span></gtkdoclink>* <a href="xmlsec-openssl-bn.html#XMLSECOPENSSLNODEGETBNVALUE">xmlSecOpenSSLNodeGetBNValue</a> (<code class="PARAMETER">const <gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> cur</code>,
+ <code class="PARAMETER"><gtkdoclink href="BIGNUM:CAPS"><span class="TYPE">BIGNUM</span></gtkdoclink> **a</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-bn.html#XMLSECOPENSSLNODESETBNVALUE">xmlSecOpenSSLNodeSetBNValue</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> cur</code>,
+ <code class="PARAMETER">const <gtkdoclink href="BIGNUM:CAPS"><span class="TYPE">BIGNUM</span></gtkdoclink> *a</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> addLineBreaks</code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-OPENSSL-BN.DESCRIPTION"></a><h2>Description</h2>
+<p>Big numbers helper functions.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-OPENSSL-BN.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLNODEGETBNVALUE"></a><h3>xmlSecOpenSSLNodeGetBNValue ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="BIGNUM:CAPS"><span class="RETURNVALUE">BIGNUM</span></gtkdoclink>* xmlSecOpenSSLNodeGetBNValue (<code class="PARAMETER">const <gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> cur</code>,
+ <code class="PARAMETER"><gtkdoclink href="BIGNUM:CAPS"><span class="TYPE">BIGNUM</span></gtkdoclink> **a</code>);</pre>
+<p>Converts the node content from CryptoBinary format
+(http://www.w3.org/TR/xmldsig-core/<gtkdoclink href="SEC-CRYPTOBINARY"><span class="TYPE">sec-CryptoBinary</span></gtkdoclink>)
+to a BIGNUM. If no BIGNUM buffer provided then a new
+BIGNUM is created (caller is responsible for freeing it).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN27126"><span style="white-space: nowrap"><code class="PARAMETER">cur</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the poitner to an XML node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN27131"><span style="white-space: nowrap"><code class="PARAMETER">a</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the BIGNUM buffer.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN27136"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> a pointer to BIGNUM produced from CryptoBinary string
+or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLNODESETBNVALUE"></a><h3>xmlSecOpenSSLNodeSetBNValue ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLNodeSetBNValue (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> cur</code>,
+ <code class="PARAMETER">const <gtkdoclink href="BIGNUM:CAPS"><span class="TYPE">BIGNUM</span></gtkdoclink> *a</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> addLineBreaks</code>);</pre>
+<p>Converts BIGNUM to CryptoBinary string
+(http://www.w3.org/TR/xmldsig-core/<gtkdoclink href="SEC-CRYPTOBINARY"><span class="TYPE">sec-CryptoBinary</span></gtkdoclink>)
+and sets it as the content of the given node. If the
+addLineBreaks is set then line breaks are added
+before and after the CryptoBinary string.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN27161"><span style="white-space: nowrap"><code class="PARAMETER">cur</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to an XML node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN27166"><span style="white-space: nowrap"><code class="PARAMETER">a</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the BIGNUM.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN27171"><span style="white-space: nowrap"><code class="PARAMETER">addLineBreaks</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>if the flag is equal to 1 then
+ linebreaks will be added before and after
+ new buffer content.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN27176"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or -1 otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-openssl-app.html"><b>&lt;&lt;&lt; app</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-openssl-crypto.html"><b>crypto &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-openssl-crypto.html b/docs/api/xmlsec-openssl-crypto.html
new file mode 100644
index 00000000..1d4f42cd
--- /dev/null
+++ b/docs/api/xmlsec-openssl-crypto.html
@@ -0,0 +1,1329 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>crypto</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library for OpenSLL API Reference." href="xmlsec-openssl-ref.html">
+<link rel="PREVIOUS" title="bn" href="xmlsec-openssl-bn.html">
+<link rel="NEXT" title="evp" href="xmlsec-openssl-evp.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-openssl-bn.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-openssl-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-openssl-evp.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-OPENSSL-CRYPTO"></a>crypto</h1>
+<div class="REFNAMEDIV">
+<a name="AEN27186"></a><h2>Name</h2>crypto -- Crypto transforms implementation for OpenSSL.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-OPENSSL-CRYPTO.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS"><gtkdoclink href="XMLSECCRYPTODLFUNCTIONS"><span class="RETURNVALUE">xmlSecCryptoDLFunctionsPtr</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECCRYPTOGETFUNCTIONS-OPENSSL">xmlSecCryptoGetFunctions_openssl</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLINIT">xmlSecOpenSSLInit</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLSHUTDOWN">xmlSecOpenSSLShutdown</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYSMNGRINIT">xmlSecOpenSSLKeysMngrInit</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLGENERATERANDOM">xmlSecOpenSSLGenerateRandom</a> (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buffer</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLSETDEFAULTTRUSTEDCERTSFOLDER">xmlSecOpenSSLSetDefaultTrustedCertsFolder</a>
+ (<code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *path</code>);
+const <gtkdoclink href="XMLCHAR"><span class="RETURNVALUE">xmlChar</span></gtkdoclink>* <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLGETDEFAULTTRUSTEDCERTSFOLDER">xmlSecOpenSSLGetDefaultTrustedCertsFolder</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATAAESID">xmlSecOpenSSLKeyDataAesId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATAAESGETKLASS">xmlSecOpenSSLKeyDataAesGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATAAESSET">xmlSecOpenSSLKeyDataAesSet</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMAES128CBCID">xmlSecOpenSSLTransformAes128CbcId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMAES128CBCGETKLASS">xmlSecOpenSSLTransformAes128CbcGetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMAES192CBCID">xmlSecOpenSSLTransformAes192CbcId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMAES192CBCGETKLASS">xmlSecOpenSSLTransformAes192CbcGetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMAES256CBCID">xmlSecOpenSSLTransformAes256CbcId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMAES256CBCGETKLASS">xmlSecOpenSSLTransformAes256CbcGetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMKWAES128ID">xmlSecOpenSSLTransformKWAes128Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMKWAES128GETKLASS">xmlSecOpenSSLTransformKWAes128GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMKWAES192ID">xmlSecOpenSSLTransformKWAes192Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMKWAES192GETKLASS">xmlSecOpenSSLTransformKWAes192GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMKWAES256ID">xmlSecOpenSSLTransformKWAes256Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMKWAES256GETKLASS">xmlSecOpenSSLTransformKWAes256GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATADESID">xmlSecOpenSSLKeyDataDesId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATADESGETKLASS">xmlSecOpenSSLKeyDataDesGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATADESSET">xmlSecOpenSSLKeyDataDesSet</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMDES3CBCID">xmlSecOpenSSLTransformDes3CbcId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMDES3CBCGETKLASS">xmlSecOpenSSLTransformDes3CbcGetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMKWDES3ID">xmlSecOpenSSLTransformKWDes3Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMKWDES3GETKLASS">xmlSecOpenSSLTransformKWDes3GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATADSAID">xmlSecOpenSSLKeyDataDsaId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATADSAGETKLASS">xmlSecOpenSSLKeyDataDsaGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATADSAADOPTDSA">xmlSecOpenSSLKeyDataDsaAdoptDsa</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="DSA:CAPS"><span class="TYPE">DSA</span></gtkdoclink> *dsa</code>);
+<gtkdoclink href="DSA:CAPS"><span class="RETURNVALUE">DSA</span></gtkdoclink>* <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATADSAGETDSA">xmlSecOpenSSLKeyDataDsaGetDsa</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATADSAADOPTEVP">xmlSecOpenSSLKeyDataDsaAdoptEvp</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="EVP-PKEY:CAPS"><span class="TYPE">EVP_PKEY</span></gtkdoclink> *pKey</code>);
+<gtkdoclink href="EVP-PKEY:CAPS"><span class="RETURNVALUE">EVP_PKEY</span></gtkdoclink>* <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATADSAGETEVP">xmlSecOpenSSLKeyDataDsaGetEvp</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMDSASHA1ID">xmlSecOpenSSLTransformDsaSha1Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMDSASHA1GETKLASS">xmlSecOpenSSLTransformDsaSha1GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLHMACGETMINOUTPUTLENGTH">xmlSecOpenSSLHmacGetMinOutputLength</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLHMACSETMINOUTPUTLENGTH">xmlSecOpenSSLHmacSetMinOutputLength</a> (<code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> min_length</code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATAHMACID">xmlSecOpenSSLKeyDataHmacId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATAHMACGETKLASS">xmlSecOpenSSLKeyDataHmacGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATAHMACSET">xmlSecOpenSSLKeyDataHmacSet</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMHMACMD5ID">xmlSecOpenSSLTransformHmacMd5Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMHMACMD5GETKLASS">xmlSecOpenSSLTransformHmacMd5GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMHMACRIPEMD160ID">xmlSecOpenSSLTransformHmacRipemd160Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMHMACRIPEMD160GETKLASS">xmlSecOpenSSLTransformHmacRipemd160GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMHMACSHA1ID">xmlSecOpenSSLTransformHmacSha1Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMHMACSHA1GETKLASS">xmlSecOpenSSLTransformHmacSha1GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMHMACSHA224ID">xmlSecOpenSSLTransformHmacSha224Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMHMACSHA224GETKLASS">xmlSecOpenSSLTransformHmacSha224GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMHMACSHA256ID">xmlSecOpenSSLTransformHmacSha256Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMHMACSHA256GETKLASS">xmlSecOpenSSLTransformHmacSha256GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMHMACSHA384ID">xmlSecOpenSSLTransformHmacSha384Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMHMACSHA384GETKLASS">xmlSecOpenSSLTransformHmacSha384GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMHMACSHA512ID">xmlSecOpenSSLTransformHmacSha512Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMHMACSHA512GETKLASS">xmlSecOpenSSLTransformHmacSha512GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMMD5ID">xmlSecOpenSSLTransformMd5Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMMD5GETKLASS">xmlSecOpenSSLTransformMd5GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRIPEMD160ID">xmlSecOpenSSLTransformRipemd160Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRIPEMD160GETKLASS">xmlSecOpenSSLTransformRipemd160GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATARSAID">xmlSecOpenSSLKeyDataRsaId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATARSAGETKLASS">xmlSecOpenSSLKeyDataRsaGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATARSAADOPTRSA">xmlSecOpenSSLKeyDataRsaAdoptRsa</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="RSA:CAPS"><span class="TYPE">RSA</span></gtkdoclink> *rsa</code>);
+<gtkdoclink href="RSA:CAPS"><span class="RETURNVALUE">RSA</span></gtkdoclink>* <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATARSAGETRSA">xmlSecOpenSSLKeyDataRsaGetRsa</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATARSAADOPTEVP">xmlSecOpenSSLKeyDataRsaAdoptEvp</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="EVP-PKEY:CAPS"><span class="TYPE">EVP_PKEY</span></gtkdoclink> *pKey</code>);
+<gtkdoclink href="EVP-PKEY:CAPS"><span class="RETURNVALUE">EVP_PKEY</span></gtkdoclink>* <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLKEYDATARSAGETEVP">xmlSecOpenSSLKeyDataRsaGetEvp</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSAMD5ID">xmlSecOpenSSLTransformRsaMd5Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSAMD5GETKLASS">xmlSecOpenSSLTransformRsaMd5GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSARIPEMD160ID">xmlSecOpenSSLTransformRsaRipemd160Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSARIPEMD160GETKLASS">xmlSecOpenSSLTransformRsaRipemd160GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSASHA1ID">xmlSecOpenSSLTransformRsaSha1Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSASHA1GETKLASS">xmlSecOpenSSLTransformRsaSha1GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSASHA224ID">xmlSecOpenSSLTransformRsaSha224Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSASHA224GETKLASS">xmlSecOpenSSLTransformRsaSha224GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSASHA256ID">xmlSecOpenSSLTransformRsaSha256Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSASHA256GETKLASS">xmlSecOpenSSLTransformRsaSha256GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSASHA384ID">xmlSecOpenSSLTransformRsaSha384Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSASHA384GETKLASS">xmlSecOpenSSLTransformRsaSha384GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSASHA512ID">xmlSecOpenSSLTransformRsaSha512Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSASHA512GETKLASS">xmlSecOpenSSLTransformRsaSha512GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSAPKCS1ID">xmlSecOpenSSLTransformRsaPkcs1Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSAPKCS1GETKLASS">xmlSecOpenSSLTransformRsaPkcs1GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSAOAEPID">xmlSecOpenSSLTransformRsaOaepId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMRSAOAEPGETKLASS">xmlSecOpenSSLTransformRsaOaepGetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMSHA1ID">xmlSecOpenSSLTransformSha1Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMSHA1GETKLASS">xmlSecOpenSSLTransformSha1GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMSHA224ID">xmlSecOpenSSLTransformSha224Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMSHA224GETKLASS">xmlSecOpenSSLTransformSha224GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMSHA256ID">xmlSecOpenSSLTransformSha256Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMSHA256GETKLASS">xmlSecOpenSSLTransformSha256GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMSHA384ID">xmlSecOpenSSLTransformSha384Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMSHA384GETKLASS">xmlSecOpenSSLTransformSha384GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMSHA512ID">xmlSecOpenSSLTransformSha512Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLTRANSFORMSHA512GETKLASS">xmlSecOpenSSLTransformSha512GetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-openssl-crypto.html#XMLSEC-OPENSSL-ERRORS-LIB:CAPS">XMLSEC_OPENSSL_ERRORS_LIB</a>
+#define <a href="xmlsec-openssl-crypto.html#XMLSEC-OPENSSL-ERRORS-FUNCTION:CAPS">XMLSEC_OPENSSL_ERRORS_FUNCTION</a>
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-openssl-crypto.html#XMLSECOPENSSLERRORSDEFAULTCALLBACK">xmlSecOpenSSLErrorsDefaultCallback</a> (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *file</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> line</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *func</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *errorObject</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *errorSubject</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> reason</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *msg</code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-OPENSSL-CRYPTO.DESCRIPTION"></a><h2>Description</h2>
+<p>Crypto transforms implementation for OpenSSL.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-OPENSSL-CRYPTO.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECCRYPTOGETFUNCTIONS-OPENSSL"></a><h3>xmlSecCryptoGetFunctions_openssl ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECCRYPTODLFUNCTIONS"><span class="RETURNVALUE">xmlSecCryptoDLFunctionsPtr</span></gtkdoclink> xmlSecCryptoGetFunctions_openssl
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Gets the pointer to xmlsec-openssl functions table.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN27604"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the xmlsec-openssl functions table or NULL if an error occurs.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLINIT"></a><h3>xmlSecOpenSSLInit ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLInit (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>XMLSec library specific crypto engine initialization.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN27620"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLSHUTDOWN"></a><h3>xmlSecOpenSSLShutdown ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLShutdown (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>XMLSec library specific crypto engine shutdown.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN27636"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLKEYSMNGRINIT"></a><h3>xmlSecOpenSSLKeysMngrInit ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLKeysMngrInit (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> mngr</code>);</pre>
+<p>Adds OpenSSL specific key data stores in keys manager.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN27653"><span style="white-space: nowrap"><code class="PARAMETER">mngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN27658"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLGENERATERANDOM"></a><h3>xmlSecOpenSSLGenerateRandom ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLGenerateRandom (<code class="PARAMETER"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> buffer</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);</pre>
+<p>Generates <code class="PARAMETER">size</code> random bytes and puts result in <code class="PARAMETER">buffer</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN27680"><span style="white-space: nowrap"><code class="PARAMETER">buffer</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the destination buffer.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN27685"><span style="white-space: nowrap"><code class="PARAMETER">size</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the numer of bytes to generate.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN27690"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLSETDEFAULTTRUSTEDCERTSFOLDER"></a><h3>xmlSecOpenSSLSetDefaultTrustedCertsFolder ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLSetDefaultTrustedCertsFolder
+ (<code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *path</code>);</pre>
+<p>Sets the default trusted certs folder.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN27707"><span style="white-space: nowrap"><code class="PARAMETER">path</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the default trusted certs path.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN27712"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLGETDEFAULTTRUSTEDCERTSFOLDER"></a><h3>xmlSecOpenSSLGetDefaultTrustedCertsFolder ()</h3>
+<pre class="PROGRAMLISTING">const <gtkdoclink href="XMLCHAR"><span class="RETURNVALUE">xmlChar</span></gtkdoclink>* xmlSecOpenSSLGetDefaultTrustedCertsFolder
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Gets the default trusted certs folder.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN27728"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the default trusted cert folder.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLKEYDATAAESID"></a><h3>xmlSecOpenSSLKeyDataAesId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLKeyDataAesId</pre>
+<p>The AES key klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLKEYDATAAESGETKLASS"></a><h3>xmlSecOpenSSLKeyDataAesGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecOpenSSLKeyDataAesGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The AES key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN27750"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> AES key data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLKEYDATAAESSET"></a><h3>xmlSecOpenSSLKeyDataAesSet ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLKeyDataAesSet (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>);</pre>
+<p>Sets the value of AES key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN27773"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to AES key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN27778"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN27783"><span style="white-space: nowrap"><code class="PARAMETER">bufSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key value size (in bytes).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN27788"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMAES128CBCID"></a><h3>xmlSecOpenSSLTransformAes128CbcId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLTransformAes128CbcId</pre>
+<p>The AES128 CBC cipher transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMAES128CBCGETKLASS"></a><h3>xmlSecOpenSSLTransformAes128CbcGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecOpenSSLTransformAes128CbcGetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>AES 128 CBC encryption transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN27810"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to AES 128 CBC encryption transform.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMAES192CBCID"></a><h3>xmlSecOpenSSLTransformAes192CbcId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLTransformAes192CbcId</pre>
+<p>The AES192 CBC cipher transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMAES192CBCGETKLASS"></a><h3>xmlSecOpenSSLTransformAes192CbcGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecOpenSSLTransformAes192CbcGetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>AES 192 CBC encryption transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN27832"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to AES 192 CBC encryption transform.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMAES256CBCID"></a><h3>xmlSecOpenSSLTransformAes256CbcId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLTransformAes256CbcId</pre>
+<p>The AES256 CBC cipher transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMAES256CBCGETKLASS"></a><h3>xmlSecOpenSSLTransformAes256CbcGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecOpenSSLTransformAes256CbcGetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>AES 256 CBC encryption transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN27854"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to AES 256 CBC encryption transform.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMKWAES128ID"></a><h3>xmlSecOpenSSLTransformKWAes128Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLTransformKWAes128Id</pre>
+<p>The AES 128 key wrap transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMKWAES128GETKLASS"></a><h3>xmlSecOpenSSLTransformKWAes128GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecOpenSSLTransformKWAes128GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The AES-128 kew wrapper transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN27876"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> AES-128 kew wrapper transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMKWAES192ID"></a><h3>xmlSecOpenSSLTransformKWAes192Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLTransformKWAes192Id</pre>
+<p>The AES 192 key wrap transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMKWAES192GETKLASS"></a><h3>xmlSecOpenSSLTransformKWAes192GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecOpenSSLTransformKWAes192GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The AES-192 kew wrapper transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN27898"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> AES-192 kew wrapper transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMKWAES256ID"></a><h3>xmlSecOpenSSLTransformKWAes256Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLTransformKWAes256Id</pre>
+<p>The AES 256 key wrap transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMKWAES256GETKLASS"></a><h3>xmlSecOpenSSLTransformKWAes256GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecOpenSSLTransformKWAes256GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The AES-256 kew wrapper transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN27920"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> AES-256 kew wrapper transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLKEYDATADESID"></a><h3>xmlSecOpenSSLKeyDataDesId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLKeyDataDesId</pre>
+<p>The DES key klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLKEYDATADESGETKLASS"></a><h3>xmlSecOpenSSLKeyDataDesGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecOpenSSLKeyDataDesGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The DES key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN27942"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> DES key data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLKEYDATADESSET"></a><h3>xmlSecOpenSSLKeyDataDesSet ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLKeyDataDesSet (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>);</pre>
+<p>Sets the value of DES key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN27965"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to DES key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN27970"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN27975"><span style="white-space: nowrap"><code class="PARAMETER">bufSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key value size (in bytes).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN27980"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMDES3CBCID"></a><h3>xmlSecOpenSSLTransformDes3CbcId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLTransformDes3CbcId</pre>
+<p>The DES3 CBC cipher transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMDES3CBCGETKLASS"></a><h3>xmlSecOpenSSLTransformDes3CbcGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecOpenSSLTransformDes3CbcGetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Triple DES CBC encryption transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN28002"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to Triple DES encryption transform.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMKWDES3ID"></a><h3>xmlSecOpenSSLTransformKWDes3Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLTransformKWDes3Id</pre>
+<p>The DES3 KW transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMKWDES3GETKLASS"></a><h3>xmlSecOpenSSLTransformKWDes3GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecOpenSSLTransformKWDes3GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The Triple DES key wrapper transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN28024"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> Triple DES key wrapper transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLKEYDATADSAID"></a><h3>xmlSecOpenSSLKeyDataDsaId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLKeyDataDsaId</pre>
+<p>The DSA key klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLKEYDATADSAGETKLASS"></a><h3>xmlSecOpenSSLKeyDataDsaGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecOpenSSLKeyDataDsaGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The DSA key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN28046"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to DSA key data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLKEYDATADSAADOPTDSA"></a><h3>xmlSecOpenSSLKeyDataDsaAdoptDsa ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLKeyDataDsaAdoptDsa (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="DSA:CAPS"><span class="TYPE">DSA</span></gtkdoclink> *dsa</code>);</pre>
+<p>Sets the value of DSA key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN28066"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to DSA key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN28071"><span style="white-space: nowrap"><code class="PARAMETER">dsa</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to OpenSSL DSA key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN28076"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLKEYDATADSAGETDSA"></a><h3>xmlSecOpenSSLKeyDataDsaGetDsa ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="DSA:CAPS"><span class="RETURNVALUE">DSA</span></gtkdoclink>* xmlSecOpenSSLKeyDataDsaGetDsa (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Gets the OpenSSL DSA key from DSA key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN28093"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to DSA key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN28098"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to OpenSSL DSA key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLKEYDATADSAADOPTEVP"></a><h3>xmlSecOpenSSLKeyDataDsaAdoptEvp ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLKeyDataDsaAdoptEvp (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="EVP-PKEY:CAPS"><span class="TYPE">EVP_PKEY</span></gtkdoclink> *pKey</code>);</pre>
+<p>Sets the DSA key data value to OpenSSL EVP key.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN28118"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to DSA key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN28123"><span style="white-space: nowrap"><code class="PARAMETER">pKey</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to OpenSSL EVP key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN28128"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLKEYDATADSAGETEVP"></a><h3>xmlSecOpenSSLKeyDataDsaGetEvp ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="EVP-PKEY:CAPS"><span class="RETURNVALUE">EVP_PKEY</span></gtkdoclink>* xmlSecOpenSSLKeyDataDsaGetEvp (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Gets the OpenSSL EVP key from DSA key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN28145"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to DSA key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN28150"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to OpenSSL EVP key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMDSASHA1ID"></a><h3>xmlSecOpenSSLTransformDsaSha1Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLTransformDsaSha1Id</pre>
+<p>The DSA SHA1 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMDSASHA1GETKLASS"></a><h3>xmlSecOpenSSLTransformDsaSha1GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecOpenSSLTransformDsaSha1GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The DSA-SHA1 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN28172"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> DSA-SHA1 signature transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLHMACGETMINOUTPUTLENGTH"></a><h3>xmlSecOpenSSLHmacGetMinOutputLength ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLHmacGetMinOutputLength (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Gets the value of min HMAC length.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN28188"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the min HMAC output length</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLHMACSETMINOUTPUTLENGTH"></a><h3>xmlSecOpenSSLHmacSetMinOutputLength ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecOpenSSLHmacSetMinOutputLength (<code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> min_length</code>);</pre>
+<p>Sets the min HMAC output length</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN28205"><span style="white-space: nowrap"><code class="PARAMETER">min_length</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new min length</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLKEYDATAHMACID"></a><h3>xmlSecOpenSSLKeyDataHmacId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLKeyDataHmacId</pre>
+<p>The DHMAC key klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLKEYDATAHMACGETKLASS"></a><h3>xmlSecOpenSSLKeyDataHmacGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecOpenSSLKeyDataHmacGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN28227"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> HMAC key data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLKEYDATAHMACSET"></a><h3>xmlSecOpenSSLKeyDataHmacSet ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLKeyDataHmacSet (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufSize</code>);</pre>
+<p>Sets the value of HMAC key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN28250"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to HMAC key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN28255"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN28260"><span style="white-space: nowrap"><code class="PARAMETER">bufSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key value size (in bytes).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN28265"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMHMACMD5ID"></a><h3>xmlSecOpenSSLTransformHmacMd5Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLTransformHmacMd5Id</pre>
+<p>The HMAC with MD5 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMHMACMD5GETKLASS"></a><h3>xmlSecOpenSSLTransformHmacMd5GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecOpenSSLTransformHmacMd5GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-MD5 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN28287"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-MD5 transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMHMACRIPEMD160ID"></a><h3>xmlSecOpenSSLTransformHmacRipemd160Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLTransformHmacRipemd160Id</pre>
+<p>The HMAC with RipeMD160 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMHMACRIPEMD160GETKLASS"></a><h3>xmlSecOpenSSLTransformHmacRipemd160GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecOpenSSLTransformHmacRipemd160GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-RIPEMD160 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN28309"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-RIPEMD160 transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMHMACSHA1ID"></a><h3>xmlSecOpenSSLTransformHmacSha1Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLTransformHmacSha1Id</pre>
+<p>The HMAC with SHA1 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMHMACSHA1GETKLASS"></a><h3>xmlSecOpenSSLTransformHmacSha1GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecOpenSSLTransformHmacSha1GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-SHA1 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN28331"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-SHA1 transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMHMACSHA224ID"></a><h3>xmlSecOpenSSLTransformHmacSha224Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLTransformHmacSha224Id</pre>
+<p>The HMAC with SHA224 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMHMACSHA224GETKLASS"></a><h3>xmlSecOpenSSLTransformHmacSha224GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecOpenSSLTransformHmacSha224GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-SHA224 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN28353"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-SHA224 transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMHMACSHA256ID"></a><h3>xmlSecOpenSSLTransformHmacSha256Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLTransformHmacSha256Id</pre>
+<p>The HMAC with SHA256 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMHMACSHA256GETKLASS"></a><h3>xmlSecOpenSSLTransformHmacSha256GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecOpenSSLTransformHmacSha256GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-SHA256 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN28375"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-SHA256 transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMHMACSHA384ID"></a><h3>xmlSecOpenSSLTransformHmacSha384Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLTransformHmacSha384Id</pre>
+<p>The HMAC with SHA384 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMHMACSHA384GETKLASS"></a><h3>xmlSecOpenSSLTransformHmacSha384GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecOpenSSLTransformHmacSha384GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-SHA384 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN28397"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-SHA384 transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMHMACSHA512ID"></a><h3>xmlSecOpenSSLTransformHmacSha512Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLTransformHmacSha512Id</pre>
+<p>The HMAC with SHA512 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMHMACSHA512GETKLASS"></a><h3>xmlSecOpenSSLTransformHmacSha512GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecOpenSSLTransformHmacSha512GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The HMAC-SHA512 transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN28419"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the HMAC-SHA512 transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMMD5ID"></a><h3>xmlSecOpenSSLTransformMd5Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLTransformMd5Id</pre>
+<p>The MD5 digest transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMMD5GETKLASS"></a><h3>xmlSecOpenSSLTransformMd5GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecOpenSSLTransformMd5GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>MD5 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN28441"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to MD5 digest transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMRIPEMD160ID"></a><h3>xmlSecOpenSSLTransformRipemd160Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLTransformRipemd160Id</pre>
+<p>The RIPEMD160 digest transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMRIPEMD160GETKLASS"></a><h3>xmlSecOpenSSLTransformRipemd160GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecOpenSSLTransformRipemd160GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>RIPEMD-160 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN28463"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to RIPEMD-160 digest transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLKEYDATARSAID"></a><h3>xmlSecOpenSSLKeyDataRsaId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLKeyDataRsaId</pre>
+<p>The RSA key klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLKEYDATARSAGETKLASS"></a><h3>xmlSecOpenSSLKeyDataRsaGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecOpenSSLKeyDataRsaGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The OpenSSL RSA key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN28485"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to OpenSSL RSA key data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLKEYDATARSAADOPTRSA"></a><h3>xmlSecOpenSSLKeyDataRsaAdoptRsa ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLKeyDataRsaAdoptRsa (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="RSA:CAPS"><span class="TYPE">RSA</span></gtkdoclink> *rsa</code>);</pre>
+<p>Sets the value of RSA key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN28505"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to RSA key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN28510"><span style="white-space: nowrap"><code class="PARAMETER">rsa</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to OpenSSL RSA key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN28515"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLKEYDATARSAGETRSA"></a><h3>xmlSecOpenSSLKeyDataRsaGetRsa ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="RSA:CAPS"><span class="RETURNVALUE">RSA</span></gtkdoclink>* xmlSecOpenSSLKeyDataRsaGetRsa (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Gets the OpenSSL RSA key from RSA key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN28532"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to RSA key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN28537"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to OpenSSL RSA key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLKEYDATARSAADOPTEVP"></a><h3>xmlSecOpenSSLKeyDataRsaAdoptEvp ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLKeyDataRsaAdoptEvp (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="EVP-PKEY:CAPS"><span class="TYPE">EVP_PKEY</span></gtkdoclink> *pKey</code>);</pre>
+<p>Sets the RSA key data value to OpenSSL EVP key.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN28557"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to RSA key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN28562"><span style="white-space: nowrap"><code class="PARAMETER">pKey</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to OpenSSL EVP key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN28567"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLKEYDATARSAGETEVP"></a><h3>xmlSecOpenSSLKeyDataRsaGetEvp ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="EVP-PKEY:CAPS"><span class="RETURNVALUE">EVP_PKEY</span></gtkdoclink>* xmlSecOpenSSLKeyDataRsaGetEvp (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Gets the OpenSSL EVP key from RSA key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN28584"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to RSA key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN28589"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to OpenSSL EVP key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMRSAMD5ID"></a><h3>xmlSecOpenSSLTransformRsaMd5Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLTransformRsaMd5Id</pre>
+<p>The RSA-MD5 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMRSAMD5GETKLASS"></a><h3>xmlSecOpenSSLTransformRsaMd5GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecOpenSSLTransformRsaMd5GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-MD5 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN28611"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-MD5 signature transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMRSARIPEMD160ID"></a><h3>xmlSecOpenSSLTransformRsaRipemd160Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLTransformRsaRipemd160Id</pre>
+<p>The RSA-RIPEMD160 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMRSARIPEMD160GETKLASS"></a><h3>xmlSecOpenSSLTransformRsaRipemd160GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecOpenSSLTransformRsaRipemd160GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-RIPEMD160 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN28633"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-RIPEMD160 signature transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMRSASHA1ID"></a><h3>xmlSecOpenSSLTransformRsaSha1Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLTransformRsaSha1Id</pre>
+<p>The RSA-SHA1 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMRSASHA1GETKLASS"></a><h3>xmlSecOpenSSLTransformRsaSha1GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecOpenSSLTransformRsaSha1GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-SHA1 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN28655"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-SHA1 signature transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMRSASHA224ID"></a><h3>xmlSecOpenSSLTransformRsaSha224Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLTransformRsaSha224Id</pre>
+<p>The RSA-SHA224 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMRSASHA224GETKLASS"></a><h3>xmlSecOpenSSLTransformRsaSha224GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecOpenSSLTransformRsaSha224GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-SHA224 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN28677"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-SHA224 signature transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMRSASHA256ID"></a><h3>xmlSecOpenSSLTransformRsaSha256Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLTransformRsaSha256Id</pre>
+<p>The RSA-SHA256 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMRSASHA256GETKLASS"></a><h3>xmlSecOpenSSLTransformRsaSha256GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecOpenSSLTransformRsaSha256GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-SHA256 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN28699"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-SHA256 signature transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMRSASHA384ID"></a><h3>xmlSecOpenSSLTransformRsaSha384Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLTransformRsaSha384Id</pre>
+<p>The RSA-SHA384 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMRSASHA384GETKLASS"></a><h3>xmlSecOpenSSLTransformRsaSha384GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecOpenSSLTransformRsaSha384GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-SHA384 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN28721"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-SHA384 signature transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMRSASHA512ID"></a><h3>xmlSecOpenSSLTransformRsaSha512Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLTransformRsaSha512Id</pre>
+<p>The RSA-SHA512 signature transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMRSASHA512GETKLASS"></a><h3>xmlSecOpenSSLTransformRsaSha512GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecOpenSSLTransformRsaSha512GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-SHA512 signature transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN28743"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-SHA512 signature transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMRSAPKCS1ID"></a><h3>xmlSecOpenSSLTransformRsaPkcs1Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLTransformRsaPkcs1Id</pre>
+<p>The RSA PKCS1 key transport transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMRSAPKCS1GETKLASS"></a><h3>xmlSecOpenSSLTransformRsaPkcs1GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecOpenSSLTransformRsaPkcs1GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-PKCS1 key transport transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN28765"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-PKCS1 key transport transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMRSAOAEPID"></a><h3>xmlSecOpenSSLTransformRsaOaepId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLTransformRsaOaepId</pre>
+<p>The RSA PKCS1 key transport transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMRSAOAEPGETKLASS"></a><h3>xmlSecOpenSSLTransformRsaOaepGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecOpenSSLTransformRsaOaepGetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The RSA-OAEP key transport transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN28787"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> RSA-OAEP key transport transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMSHA1ID"></a><h3>xmlSecOpenSSLTransformSha1Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLTransformSha1Id</pre>
+<p>The SHA1 digest transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMSHA1GETKLASS"></a><h3>xmlSecOpenSSLTransformSha1GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecOpenSSLTransformSha1GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>SHA-1 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN28809"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to SHA-1 digest transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMSHA224ID"></a><h3>xmlSecOpenSSLTransformSha224Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLTransformSha224Id</pre>
+<p>The SHA224 digest transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMSHA224GETKLASS"></a><h3>xmlSecOpenSSLTransformSha224GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecOpenSSLTransformSha224GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>SHA-224 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN28831"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to SHA-224 digest transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMSHA256ID"></a><h3>xmlSecOpenSSLTransformSha256Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLTransformSha256Id</pre>
+<p>The SHA256 digest transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMSHA256GETKLASS"></a><h3>xmlSecOpenSSLTransformSha256GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecOpenSSLTransformSha256GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>SHA-256 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN28853"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to SHA-256 digest transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMSHA384ID"></a><h3>xmlSecOpenSSLTransformSha384Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLTransformSha384Id</pre>
+<p>The SHA384 digest transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMSHA384GETKLASS"></a><h3>xmlSecOpenSSLTransformSha384GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecOpenSSLTransformSha384GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>SHA-384 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN28875"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to SHA-384 digest transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMSHA512ID"></a><h3>xmlSecOpenSSLTransformSha512Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLTransformSha512Id</pre>
+<p>The SHA512 digest transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLTRANSFORMSHA512GETKLASS"></a><h3>xmlSecOpenSSLTransformSha512GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecOpenSSLTransformSha512GetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>SHA-512 digest transform klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN28897"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to SHA-512 digest transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-OPENSSL-ERRORS-LIB:CAPS"></a><h3>XMLSEC_OPENSSL_ERRORS_LIB</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_OPENSSL_ERRORS_LIB (ERR_LIB_USER + 57)</pre>
+<p>Macro. The XMLSec library klass for OpenSSL errors reporting functions.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-OPENSSL-ERRORS-FUNCTION:CAPS"></a><h3>XMLSEC_OPENSSL_ERRORS_FUNCTION</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_OPENSSL_ERRORS_FUNCTION 0</pre>
+<p>Macro. The XMLSec library functions OpenSSL errors reporting functions.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLERRORSDEFAULTCALLBACK"></a><h3>xmlSecOpenSSLErrorsDefaultCallback ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecOpenSSLErrorsDefaultCallback (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *file</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> line</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *func</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *errorObject</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *errorSubject</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> reason</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *msg</code>);</pre>
+<p>The default OpenSSL errors reporting callback function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN28944"><span style="white-space: nowrap"><code class="PARAMETER">file</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error location file name (__FILE__ macro).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN28949"><span style="white-space: nowrap"><code class="PARAMETER">line</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error location line number (__LINE__ macro).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN28954"><span style="white-space: nowrap"><code class="PARAMETER">func</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error location function name (__FUNCTION__ macro).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN28959"><span style="white-space: nowrap"><code class="PARAMETER">errorObject</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error specific error object</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN28964"><span style="white-space: nowrap"><code class="PARAMETER">errorSubject</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error specific error subject.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN28969"><span style="white-space: nowrap"><code class="PARAMETER">reason</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the error code.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN28974"><span style="white-space: nowrap"><code class="PARAMETER">msg</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the additional error message.</p></td>
+</tr>
+</tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-openssl-bn.html"><b>&lt;&lt;&lt; bn</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-openssl-evp.html"><b>evp &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-openssl-evp.html b/docs/api/xmlsec-openssl-evp.html
new file mode 100644
index 00000000..bb59357b
--- /dev/null
+++ b/docs/api/xmlsec-openssl-evp.html
@@ -0,0 +1,184 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>evp</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library for OpenSLL API Reference." href="xmlsec-openssl-ref.html">
+<link rel="PREVIOUS" title="crypto" href="xmlsec-openssl-crypto.html">
+<link rel="NEXT" title="x509" href="xmlsec-openssl-x509.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-openssl-crypto.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-openssl-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-openssl-x509.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-OPENSSL-EVP"></a>evp</h1>
+<div class="REFNAMEDIV">
+<a name="AEN28984"></a><h2>Name</h2>evp -- EVP keys data implementation.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-OPENSSL-EVP.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-evp.html#XMLSECOPENSSLEVPKEYDATAADOPTEVP">xmlSecOpenSSLEvpKeyDataAdoptEvp</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="EVP-PKEY:CAPS"><span class="TYPE">EVP_PKEY</span></gtkdoclink> *pKey</code>);
+<gtkdoclink href="EVP-PKEY:CAPS"><span class="RETURNVALUE">EVP_PKEY</span></gtkdoclink>* <a href="xmlsec-openssl-evp.html#XMLSECOPENSSLEVPKEYDATAGETEVP">xmlSecOpenSSLEvpKeyDataGetEvp</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+<gtkdoclink href="EVP-PKEY:CAPS"><span class="RETURNVALUE">EVP_PKEY</span></gtkdoclink>* <a href="xmlsec-openssl-evp.html#XMLSECOPENSSLEVPKEYDUP">xmlSecOpenSSLEvpKeyDup</a> (<code class="PARAMETER"><gtkdoclink href="EVP-PKEY:CAPS"><span class="TYPE">EVP_PKEY</span></gtkdoclink> *pKey</code>);
+<a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="RETURNVALUE">xmlSecKeyDataPtr</span></a> <a href="xmlsec-openssl-evp.html#XMLSECOPENSSLEVPKEYADOPT">xmlSecOpenSSLEvpKeyAdopt</a> (<code class="PARAMETER"><gtkdoclink href="EVP-PKEY:CAPS"><span class="TYPE">EVP_PKEY</span></gtkdoclink> *pKey</code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-OPENSSL-EVP.DESCRIPTION"></a><h2>Description</h2>
+<p>EVP keys data implementation.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-OPENSSL-EVP.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLEVPKEYDATAADOPTEVP"></a><h3>xmlSecOpenSSLEvpKeyDataAdoptEvp ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLEvpKeyDataAdoptEvp (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="EVP-PKEY:CAPS"><span class="TYPE">EVP_PKEY</span></gtkdoclink> *pKey</code>);</pre>
+<p>Sets the value of key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29037"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to OpenSSL EVP key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29042"><span style="white-space: nowrap"><code class="PARAMETER">pKey</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to EVP key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29047"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLEVPKEYDATAGETEVP"></a><h3>xmlSecOpenSSLEvpKeyDataGetEvp ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="EVP-PKEY:CAPS"><span class="RETURNVALUE">EVP_PKEY</span></gtkdoclink>* xmlSecOpenSSLEvpKeyDataGetEvp (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Gets the EVP_PKEY from the key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29064"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to OpenSSL EVP data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29069"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to EVP_PKEY or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLEVPKEYDUP"></a><h3>xmlSecOpenSSLEvpKeyDup ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="EVP-PKEY:CAPS"><span class="RETURNVALUE">EVP_PKEY</span></gtkdoclink>* xmlSecOpenSSLEvpKeyDup (<code class="PARAMETER"><gtkdoclink href="EVP-PKEY:CAPS"><span class="TYPE">EVP_PKEY</span></gtkdoclink> *pKey</code>);</pre>
+<p>Duplicates <code class="PARAMETER">pKey</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29087"><span style="white-space: nowrap"><code class="PARAMETER">pKey</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to EVP_PKEY.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29092"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to newly created EVP_PKEY object or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLEVPKEYADOPT"></a><h3>xmlSecOpenSSLEvpKeyAdopt ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="RETURNVALUE">xmlSecKeyDataPtr</span></a> xmlSecOpenSSLEvpKeyAdopt (<code class="PARAMETER"><gtkdoclink href="EVP-PKEY:CAPS"><span class="TYPE">EVP_PKEY</span></gtkdoclink> *pKey</code>);</pre>
+<p>Creates xmlsec key object from OpenSSL key object.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29109"><span style="white-space: nowrap"><code class="PARAMETER">pKey</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to EVP_PKEY.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29114"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to newly created xmlsec key or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-openssl-crypto.html"><b>&lt;&lt;&lt; crypto</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-openssl-x509.html"><b>x509 &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-openssl-ref.html b/docs/api/xmlsec-openssl-ref.html
new file mode 100644
index 00000000..9a844c97
--- /dev/null
+++ b/docs/api/xmlsec-openssl-ref.html
@@ -0,0 +1,113 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>XML Security Library for OpenSLL API Reference.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library API Reference." href="xmlsec-reference.html">
+<link rel="PREVIOUS" title="x509" href="xmlsec-x509.html">
+<link rel="NEXT" title="app" href="xmlsec-openssl-app.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-x509.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-reference.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-openssl-app.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<div class="CHAPTER">
+<h1>
+<a name="XMLSEC-OPENSSL-REF"></a>XML Security Library for OpenSLL API Reference.</h1>
+<div class="TOC"><dl>
+<dt><b>Table of Contents</b></dt>
+<dt>
+<a href="xmlsec-openssl-app.html">app</a> -- Application functions implementation for OpenSSL.</dt>
+<dt>
+<a href="xmlsec-openssl-bn.html">bn</a> -- Big numbers helper functions.</dt>
+<dt>
+<a href="xmlsec-openssl-crypto.html">crypto</a> -- Crypto transforms implementation for OpenSSL.</dt>
+<dt>
+<a href="xmlsec-openssl-evp.html">evp</a> -- EVP keys data implementation.</dt>
+<dt>
+<a href="xmlsec-openssl-x509.html">x509</a> -- X509 certificates support implementation for OpenSSL.</dt>
+</dl></div>
+<p>This section contains the API reference for xmlsec-openssl. All
+ the public interfaces are documented here. This reference guide is
+ build by extracting comments from the code sources. </p>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-x509.html"><b>&lt;&lt;&lt; x509</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-openssl-app.html"><b>app &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-openssl-x509.html b/docs/api/xmlsec-openssl-x509.html
new file mode 100644
index 00000000..336f5a43
--- /dev/null
+++ b/docs/api/xmlsec-openssl-x509.html
@@ -0,0 +1,567 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>x509</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library for OpenSLL API Reference." href="xmlsec-openssl-ref.html">
+<link rel="PREVIOUS" title="evp" href="xmlsec-openssl-evp.html">
+<link rel="NEXT" title="XML Security Library for GnuTLS API Reference." href="xmlsec-gnutls-ref.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-openssl-evp.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-openssl-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-gnutls-ref.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-OPENSSL-X509"></a>x509</h1>
+<div class="REFNAMEDIV">
+<a name="AEN29124"></a><h2>Name</h2>x509 -- X509 certificates support implementation for OpenSSL.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-OPENSSL-X509.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS">#define <a href="xmlsec-openssl-x509.html#XMLSEC-STACK-OF-X509:CAPS">XMLSEC_STACK_OF_X509</a>
+#define <a href="xmlsec-openssl-x509.html#XMLSEC-STACK-OF-X509-CRL:CAPS">XMLSEC_STACK_OF_X509_CRL</a>
+#define <a href="xmlsec-openssl-x509.html#XMLSECOPENSSLKEYDATAX509ID">xmlSecOpenSSLKeyDataX509Id</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-openssl-x509.html#XMLSECOPENSSLKEYDATAX509GETKLASS">xmlSecOpenSSLKeyDataX509GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="X509:CAPS"><span class="RETURNVALUE">X509</span></gtkdoclink>* <a href="xmlsec-openssl-x509.html#XMLSECOPENSSLKEYDATAX509GETKEYCERT">xmlSecOpenSSLKeyDataX509GetKeyCert</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-x509.html#XMLSECOPENSSLKEYDATAX509ADOPTKEYCERT">xmlSecOpenSSLKeyDataX509AdoptKeyCert</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="X509:CAPS"><span class="TYPE">X509</span></gtkdoclink> *cert</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-x509.html#XMLSECOPENSSLKEYDATAX509ADOPTCERT">xmlSecOpenSSLKeyDataX509AdoptCert</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="X509:CAPS"><span class="TYPE">X509</span></gtkdoclink> *cert</code>);
+<gtkdoclink href="X509:CAPS"><span class="RETURNVALUE">X509</span></gtkdoclink>* <a href="xmlsec-openssl-x509.html#XMLSECOPENSSLKEYDATAX509GETCERT">xmlSecOpenSSLKeyDataX509GetCert</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> pos</code>);
+<a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="RETURNVALUE">xmlSecSize</span></a> <a href="xmlsec-openssl-x509.html#XMLSECOPENSSLKEYDATAX509GETCERTSSIZE">xmlSecOpenSSLKeyDataX509GetCertsSize</a>
+ (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-x509.html#XMLSECOPENSSLKEYDATAX509ADOPTCRL">xmlSecOpenSSLKeyDataX509AdoptCrl</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="X509-CRL:CAPS"><span class="TYPE">X509_CRL</span></gtkdoclink> *crl</code>);
+<gtkdoclink href="X509-CRL:CAPS"><span class="RETURNVALUE">X509_CRL</span></gtkdoclink>* <a href="xmlsec-openssl-x509.html#XMLSECOPENSSLKEYDATAX509GETCRL">xmlSecOpenSSLKeyDataX509GetCrl</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> pos</code>);
+<a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="RETURNVALUE">xmlSecSize</span></a> <a href="xmlsec-openssl-x509.html#XMLSECOPENSSLKEYDATAX509GETCRLSSIZE">xmlSecOpenSSLKeyDataX509GetCrlsSize</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);
+<a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="RETURNVALUE">xmlSecKeyDataPtr</span></a> <a href="xmlsec-openssl-x509.html#XMLSECOPENSSLX509CERTGETKEY">xmlSecOpenSSLX509CertGetKey</a> (<code class="PARAMETER"><gtkdoclink href="X509:CAPS"><span class="TYPE">X509</span></gtkdoclink> *cert</code>);
+#define <a href="xmlsec-openssl-x509.html#XMLSECOPENSSLKEYDATARAWX509CERTID">xmlSecOpenSSLKeyDataRawX509CertId</a>
+<gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink><a href="xmlsec-openssl-x509.html#XMLSECOPENSSLKEYDATARAWX509CERTGETKLASS">xmlSecOpenSSLKeyDataRawX509CertGetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-openssl-x509.html#XMLSECOPENSSLX509STOREID">xmlSecOpenSSLX509StoreId</a>
+<gtkdoclink href="XMLSECKEYDATASTOREID"><span class="RETURNVALUE">xmlSecKeyDataStoreId</span></gtkdoclink><a href="xmlsec-openssl-x509.html#XMLSECOPENSSLX509STOREGETKLASS">xmlSecOpenSSLX509StoreGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="X509:CAPS"><span class="RETURNVALUE">X509</span></gtkdoclink>* <a href="xmlsec-openssl-x509.html#XMLSECOPENSSLX509STOREFINDCERT">xmlSecOpenSSLX509StoreFindCert</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *subjectName</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *issuerName</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *issuerSerial</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *ski</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtx</span></a> *keyInfoCtx</code>);
+<gtkdoclink href="X509:CAPS"><span class="RETURNVALUE">X509</span></gtkdoclink>* <a href="xmlsec-openssl-x509.html#XMLSECOPENSSLX509STOREVERIFY">xmlSecOpenSSLX509StoreVerify</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>,
+ <code class="PARAMETER"><a href="xmlsec-openssl-x509.html#XMLSEC-STACK-OF-X509:CAPS"><span class="TYPE">XMLSEC_STACK_OF_X509</span></a> *certs</code>,
+ <code class="PARAMETER"><a href="xmlsec-openssl-x509.html#XMLSEC-STACK-OF-X509-CRL:CAPS"><span class="TYPE">XMLSEC_STACK_OF_X509_CRL</span></a> *crls</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtx</span></a> *keyInfoCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-x509.html#XMLSECOPENSSLX509STOREADOPTCERT">xmlSecOpenSSLX509StoreAdoptCert</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>,
+ <code class="PARAMETER"><gtkdoclink href="X509:CAPS"><span class="TYPE">X509</span></gtkdoclink> *cert</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-x509.html#XMLSECOPENSSLX509STOREADOPTCRL">xmlSecOpenSSLX509StoreAdoptCrl</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>,
+ <code class="PARAMETER"><gtkdoclink href="X509-CRL:CAPS"><span class="TYPE">X509_CRL</span></gtkdoclink> *crl</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-x509.html#XMLSECOPENSSLX509STOREADDCERTSPATH">xmlSecOpenSSLX509StoreAddCertsPath</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *path</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-openssl-x509.html#XMLSECOPENSSLX509STOREADDCERTSFILE">xmlSecOpenSSLX509StoreAddCertsFile</a> (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *file</code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-OPENSSL-X509.DESCRIPTION"></a><h2>Description</h2>
+<p>X509 certificates support implementation for OpenSSL.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-OPENSSL-X509.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSEC-STACK-OF-X509:CAPS"></a><h3>XMLSEC_STACK_OF_X509</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_STACK_OF_X509 STACK_OF(X509)</pre>
+<p>Macro. To make docbook happy.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-STACK-OF-X509-CRL:CAPS"></a><h3>XMLSEC_STACK_OF_X509_CRL</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_STACK_OF_X509_CRL STACK_OF(X509_CRL)</pre>
+<p>Macro. To make docbook happy.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLKEYDATAX509ID"></a><h3>xmlSecOpenSSLKeyDataX509Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLKeyDataX509Id</pre>
+<p>The OpenSSL X509 data klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLKEYDATAX509GETKLASS"></a><h3>xmlSecOpenSSLKeyDataX509GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecOpenSSLKeyDataX509GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The OpenSSL X509 key data klass (http://www.w3.org/TR/xmldsig-core/<gtkdoclink href="SEC-X509DATA"><span class="TYPE">sec-X509Data</span></gtkdoclink>).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN29330"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the X509 data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLKEYDATAX509GETKEYCERT"></a><h3>xmlSecOpenSSLKeyDataX509GetKeyCert ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="X509:CAPS"><span class="RETURNVALUE">X509</span></gtkdoclink>* xmlSecOpenSSLKeyDataX509GetKeyCert (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Gets the certificate from which the key was extracted.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29347"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29352"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the key's certificate or NULL if key data was not used for key
+extraction or an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLKEYDATAX509ADOPTKEYCERT"></a><h3>xmlSecOpenSSLKeyDataX509AdoptKeyCert ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLKeyDataX509AdoptKeyCert
+ (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="X509:CAPS"><span class="TYPE">X509</span></gtkdoclink> *cert</code>);</pre>
+<p>Sets the key's certificate in <code class="PARAMETER">data</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29373"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29378"><span style="white-space: nowrap"><code class="PARAMETER">cert</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to OpenSSL X509 certificate.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29383"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLKEYDATAX509ADOPTCERT"></a><h3>xmlSecOpenSSLKeyDataX509AdoptCert ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLKeyDataX509AdoptCert (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="X509:CAPS"><span class="TYPE">X509</span></gtkdoclink> *cert</code>);</pre>
+<p>Adds certificate to the X509 key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29403"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29408"><span style="white-space: nowrap"><code class="PARAMETER">cert</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to OpenSSL X509 certificate.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29413"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLKEYDATAX509GETCERT"></a><h3>xmlSecOpenSSLKeyDataX509GetCert ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="X509:CAPS"><span class="RETURNVALUE">X509</span></gtkdoclink>* xmlSecOpenSSLKeyDataX509GetCert (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> pos</code>);</pre>
+<p>Gets a certificate from X509 key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29433"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29438"><span style="white-space: nowrap"><code class="PARAMETER">pos</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired certificate position.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29443"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to certificate or NULL if <code class="PARAMETER">pos</code> is larger than the
+number of certificates in <code class="PARAMETER">data</code> or an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLKEYDATAX509GETCERTSSIZE"></a><h3>xmlSecOpenSSLKeyDataX509GetCertsSize ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="RETURNVALUE">xmlSecSize</span></a> xmlSecOpenSSLKeyDataX509GetCertsSize
+ (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Gets the number of certificates in <code class="PARAMETER">data</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29463"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29468"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> te number of certificates in <code class="PARAMETER">data</code>.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLKEYDATAX509ADOPTCRL"></a><h3>xmlSecOpenSSLKeyDataX509AdoptCrl ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLKeyDataX509AdoptCrl (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><gtkdoclink href="X509-CRL:CAPS"><span class="TYPE">X509_CRL</span></gtkdoclink> *crl</code>);</pre>
+<p>Adds CRL to the X509 key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29489"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29494"><span style="white-space: nowrap"><code class="PARAMETER">crl</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to OpenSSL X509 CRL.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29499"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLKEYDATAX509GETCRL"></a><h3>xmlSecOpenSSLKeyDataX509GetCrl ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="X509-CRL:CAPS"><span class="RETURNVALUE">X509_CRL</span></gtkdoclink>* xmlSecOpenSSLKeyDataX509GetCrl (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> pos</code>);</pre>
+<p>Gets a CRL from X509 key data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29519"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29524"><span style="white-space: nowrap"><code class="PARAMETER">pos</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired CRL position.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29529"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to CRL or NULL if <code class="PARAMETER">pos</code> is larger than the
+number of CRLs in <code class="PARAMETER">data</code> or an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLKEYDATAX509GETCRLSSIZE"></a><h3>xmlSecOpenSSLKeyDataX509GetCrlsSize ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="RETURNVALUE">xmlSecSize</span></a> xmlSecOpenSSLKeyDataX509GetCrlsSize (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="TYPE">xmlSecKeyDataPtr</span></a> data</code>);</pre>
+<p>Gets the number of CRLs in <code class="PARAMETER">data</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29549"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29554"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> te number of CRLs in <code class="PARAMETER">data</code>.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLX509CERTGETKEY"></a><h3>xmlSecOpenSSLX509CertGetKey ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-keysdata.html#XMLSECKEYDATA"><span class="RETURNVALUE">xmlSecKeyDataPtr</span></a> xmlSecOpenSSLX509CertGetKey (<code class="PARAMETER"><gtkdoclink href="X509:CAPS"><span class="TYPE">X509</span></gtkdoclink> *cert</code>);</pre>
+<p>Extracts public key from the <code class="PARAMETER">cert</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29573"><span style="white-space: nowrap"><code class="PARAMETER">cert</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29578"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> public key value or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLKEYDATARAWX509CERTID"></a><h3>xmlSecOpenSSLKeyDataRawX509CertId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLKeyDataRawX509CertId</pre>
+<p>The OpenSSL raw X509 certificate klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLKEYDATARAWX509CERTGETKLASS"></a><h3>xmlSecOpenSSLKeyDataRawX509CertGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATAID"><span class="RETURNVALUE">xmlSecKeyDataId</span></gtkdoclink> xmlSecOpenSSLKeyDataRawX509CertGetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The raw X509 certificates key data klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN29600"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> raw X509 certificates key data klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLX509STOREID"></a><h3>xmlSecOpenSSLX509StoreId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecOpenSSLX509StoreId</pre>
+<p>The OpenSSL X509 store klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLX509STOREGETKLASS"></a><h3>xmlSecOpenSSLX509StoreGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECKEYDATASTOREID"><span class="RETURNVALUE">xmlSecKeyDataStoreId</span></gtkdoclink> xmlSecOpenSSLX509StoreGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The OpenSSL X509 certificates key data store klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN29622"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to OpenSSL X509 certificates key data store klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLX509STOREFINDCERT"></a><h3>xmlSecOpenSSLX509StoreFindCert ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="X509:CAPS"><span class="RETURNVALUE">X509</span></gtkdoclink>* xmlSecOpenSSLX509StoreFindCert (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *subjectName</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *issuerName</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *issuerSerial</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *ski</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtx</span></a> *keyInfoCtx</code>);</pre>
+<p>Searches <code class="PARAMETER">store</code> for a certificate that matches given criteria.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29655"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data store klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29660"><span style="white-space: nowrap"><code class="PARAMETER">subjectName</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired certificate name.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29665"><span style="white-space: nowrap"><code class="PARAMETER">issuerName</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired certificate issuer name.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29670"><span style="white-space: nowrap"><code class="PARAMETER">issuerSerial</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired certificate issuer serial number.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29675"><span style="white-space: nowrap"><code class="PARAMETER">ski</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired certificate SKI.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29680"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> element processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29686"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to found certificate or NULL if certificate is not found
+or an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLX509STOREVERIFY"></a><h3>xmlSecOpenSSLX509StoreVerify ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="X509:CAPS"><span class="RETURNVALUE">X509</span></gtkdoclink>* xmlSecOpenSSLX509StoreVerify (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>,
+ <code class="PARAMETER"><a href="xmlsec-openssl-x509.html#XMLSEC-STACK-OF-X509:CAPS"><span class="TYPE">XMLSEC_STACK_OF_X509</span></a> *certs</code>,
+ <code class="PARAMETER"><a href="xmlsec-openssl-x509.html#XMLSEC-STACK-OF-X509-CRL:CAPS"><span class="TYPE">XMLSEC_STACK_OF_X509_CRL</span></a> *crls</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtx</span></a> *keyInfoCtx</code>);</pre>
+<p>Verifies <code class="PARAMETER">certs</code> list.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29713"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data store klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29718"><span style="white-space: nowrap"><code class="PARAMETER">certs</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the untrusted certificates stack.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29723"><span style="white-space: nowrap"><code class="PARAMETER">crls</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the crls stack.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29728"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> element processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29734"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the first verified certificate from <code class="PARAMETER">certs</code>.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLX509STOREADOPTCERT"></a><h3>xmlSecOpenSSLX509StoreAdoptCert ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLX509StoreAdoptCert (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>,
+ <code class="PARAMETER"><gtkdoclink href="X509:CAPS"><span class="TYPE">X509</span></gtkdoclink> *cert</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATATYPE"><span class="TYPE">xmlSecKeyDataType</span></a> type</code>);</pre>
+<p>Adds trusted (root) or untrusted certificate to the store.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29758"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data store klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29763"><span style="white-space: nowrap"><code class="PARAMETER">cert</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to OpenSSL X509 certificate.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29768"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certificate type (trusted/untrusted).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29773"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLX509STOREADOPTCRL"></a><h3>xmlSecOpenSSLX509StoreAdoptCrl ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLX509StoreAdoptCrl (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>,
+ <code class="PARAMETER"><gtkdoclink href="X509-CRL:CAPS"><span class="TYPE">X509_CRL</span></gtkdoclink> *crl</code>);</pre>
+<p>Adds X509 CRL to the store.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29793"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to X509 key data store klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29798"><span style="white-space: nowrap"><code class="PARAMETER">crl</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to OpenSSL X509_CRL.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29803"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLX509STOREADDCERTSPATH"></a><h3>xmlSecOpenSSLX509StoreAddCertsPath ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLX509StoreAddCertsPath (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *path</code>);</pre>
+<p>Adds all certs in the <code class="PARAMETER">path</code> to the list of trusted certs
+in <code class="PARAMETER">store</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29825"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to OpenSSL x509 store.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29830"><span style="white-space: nowrap"><code class="PARAMETER">path</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the path to the certs dir.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29835"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECOPENSSLX509STOREADDCERTSFILE"></a><h3>xmlSecOpenSSLX509StoreAddCertsFile ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecOpenSSLX509StoreAddCertsFile (<code class="PARAMETER"><a href="xmlsec-keysdata.html#XMLSECKEYDATASTORE"><span class="TYPE">xmlSecKeyDataStorePtr</span></a> store</code>,
+ <code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *file</code>);</pre>
+<p>Adds all certs in <code class="PARAMETER">file</code> to the list of trusted certs
+in <code class="PARAMETER">store</code>. It is possible for <code class="PARAMETER">file</code> to contain multiple certs.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29858"><span style="white-space: nowrap"><code class="PARAMETER">store</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to OpenSSL x509 store.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29863"><span style="white-space: nowrap"><code class="PARAMETER">file</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the certs file.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN29868"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-openssl-evp.html"><b>&lt;&lt;&lt; evp</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-gnutls-ref.html"><b>XML Security Library for GnuTLS API Reference. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-openssl.sgml b/docs/api/xmlsec-openssl.sgml
new file mode 100644
index 00000000..0a6f5048
--- /dev/null
+++ b/docs/api/xmlsec-openssl.sgml
@@ -0,0 +1,21 @@
+<!doctype book PUBLIC "-//DavenPort//DTD DocBook V3.0//EN" [
+<!ENTITY xmlsec-openssl-app SYSTEM "sgml/app.sgml">
+<!ENTITY xmlsec-openssl-bn SYSTEM "sgml/bn.sgml">
+<!ENTITY xmlsec-openssl-crypto SYSTEM "sgml/crypto.sgml">
+<!ENTITY xmlsec-openssl-evp SYSTEM "sgml/evp.sgml">
+<!ENTITY xmlsec-openssl-x509 SYSTEM "sgml/x509.sgml">
+]>
+<book id="index">
+ <bookinfo>
+ <title>[Insert name here] Reference Manual</title>
+ </bookinfo>
+
+ <chapter>
+ <title>[Insert title here]</title>
+ &xmlsec-openssl-app;
+ &xmlsec-openssl-bn;
+ &xmlsec-openssl-crypto;
+ &xmlsec-openssl-evp;
+ &xmlsec-openssl-x509;
+ </chapter>
+</book>
diff --git a/docs/api/xmlsec-parser.html b/docs/api/xmlsec-parser.html
new file mode 100644
index 00000000..cb9fa070
--- /dev/null
+++ b/docs/api/xmlsec-parser.html
@@ -0,0 +1,223 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>parser</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Core Library API Reference." href="xmlsec-ref.html">
+<link rel="PREVIOUS" title="nodeset" href="xmlsec-nodeset.html">
+<link rel="NEXT" title="templates" href="xmlsec-templates.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-nodeset.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-templates.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-PARSER"></a>parser</h1>
+<div class="REFNAMEDIV">
+<a name="AEN14575"></a><h2>Name</h2>parser -- Parser transform implementation.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-PARSER.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS"><gtkdoclink href="XMLDOC"><span class="RETURNVALUE">xmlDocPtr</span></gtkdoclink><a href="xmlsec-parser.html#XMLSECPARSEFILE">xmlSecParseFile</a> (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>);
+<gtkdoclink href="XMLDOC"><span class="RETURNVALUE">xmlDocPtr</span></gtkdoclink><a href="xmlsec-parser.html#XMLSECPARSEMEMORY">xmlSecParseMemory</a> (<code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buffer</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> recovery</code>);
+<gtkdoclink href="XMLDOC"><span class="RETURNVALUE">xmlDocPtr</span></gtkdoclink><a href="xmlsec-parser.html#XMLSECPARSEMEMORYEXT">xmlSecParseMemoryExt</a> (<code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *prefix</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> prefixSize</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buffer</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufferSize</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *postfix</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> postfixSize</code>);
+#define <a href="xmlsec-parser.html#XMLSECTRANSFORMXMLPARSERID">xmlSecTransformXmlParserId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-parser.html#XMLSECTRANSFORMXMLPARSERGETKLASS">xmlSecTransformXmlParserGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-PARSER.DESCRIPTION"></a><h2>Description</h2>
+<p>Parser transform implementation.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-PARSER.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECPARSEFILE"></a><h3>xmlSecParseFile ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLDOC"><span class="RETURNVALUE">xmlDocPtr</span></gtkdoclink> xmlSecParseFile (<code class="PARAMETER">const <gtkdoclink href="CHAR"><span class="TYPE">char</span></gtkdoclink> *filename</code>);</pre>
+<p>Loads XML Doc from file <code class="PARAMETER">filename</code>. We need a special version because of
+c14n issue. The code is copied from <gtkdoclink href="XMLSAXPARSEFILEWITHDATA"><code class="FUNCTION">xmlSAXParseFileWithData()</code></gtkdoclink> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14646"><span style="white-space: nowrap"><code class="PARAMETER">filename</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the filename.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14651"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the loaded XML document or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECPARSEMEMORY"></a><h3>xmlSecParseMemory ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLDOC"><span class="RETURNVALUE">xmlDocPtr</span></gtkdoclink> xmlSecParseMemory (<code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buffer</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> recovery</code>);</pre>
+<p>Loads XML Doc from memory. We need a special version because of
+c14n issue. The code is copied from <gtkdoclink href="XMLSAXPARSEMEMORY"><code class="FUNCTION">xmlSAXParseMemory()</code></gtkdoclink> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14676"><span style="white-space: nowrap"><code class="PARAMETER">buffer</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the input buffer.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14681"><span style="white-space: nowrap"><code class="PARAMETER">size</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the input buffer size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14686"><span style="white-space: nowrap"><code class="PARAMETER">recovery</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the flag.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14691"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the loaded XML document or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECPARSEMEMORYEXT"></a><h3>xmlSecParseMemoryExt ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLDOC"><span class="RETURNVALUE">xmlDocPtr</span></gtkdoclink> xmlSecParseMemoryExt (<code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *prefix</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> prefixSize</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buffer</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bufferSize</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *postfix</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> postfixSize</code>);</pre>
+<p>Loads XML Doc from 3 chunks of memory: <code class="PARAMETER">prefix</code>, <code class="PARAMETER">buffer</code> and <code class="PARAMETER">postfix</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14726"><span style="white-space: nowrap"><code class="PARAMETER">prefix</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the first part of the input.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14731"><span style="white-space: nowrap"><code class="PARAMETER">prefixSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the size of the first part of the input.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14736"><span style="white-space: nowrap"><code class="PARAMETER">buffer</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the second part of the input.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14741"><span style="white-space: nowrap"><code class="PARAMETER">bufferSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the size of the second part of the input.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14746"><span style="white-space: nowrap"><code class="PARAMETER">postfix</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the third part of the input.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14751"><span style="white-space: nowrap"><code class="PARAMETER">postfixSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the size of the third part of the input.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN14756"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the loaded XML document or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMXMLPARSERID"></a><h3>xmlSecTransformXmlParserId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformXmlParserId</pre>
+<p>The XML Parser transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMXMLPARSERGETKLASS"></a><h3>xmlSecTransformXmlParserGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformXmlParserGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The XML parser transform.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN14778"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> XML parser transform klass.</p></td>
+</tr></tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-nodeset.html"><b>&lt;&lt;&lt; nodeset</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-templates.html"><b>templates &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-ref.html b/docs/api/xmlsec-ref.html
new file mode 100644
index 00000000..0401ee3a
--- /dev/null
+++ b/docs/api/xmlsec-ref.html
@@ -0,0 +1,149 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>XML Security Core Library API Reference.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library API Reference." href="xmlsec-reference.html">
+<link rel="PREVIOUS" title="XML Security Library API Reference." href="xmlsec-reference.html">
+<link rel="NEXT" title="app" href="xmlsec-app.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-reference.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-reference.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-app.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<div class="CHAPTER">
+<h1>
+<a name="XMLSEC-REF"></a>XML Security Core Library API Reference.</h1>
+<div class="TOC"><dl>
+<dt><b>Table of Contents</b></dt>
+<dt>
+<a href="xmlsec-app.html">app</a> -- Crypto-engine independent application support function.</dt>
+<dt>
+<a href="xmlsec-base64.html">base64</a> -- Base64 encoding/decoding functions.</dt>
+<dt>
+<a href="xmlsec-bn.html">bn</a> -- Big numbers support functions.</dt>
+<dt>
+<a href="xmlsec-buffer.html">buffer</a> -- Binary buffer implementation.</dt>
+<dt>
+<a href="xmlsec-dl.html">dl</a> -- Dynamic crypto-engine library loading support.</dt>
+<dt>
+<a href="xmlsec-errors.html">errors</a> -- Error/log messages support.</dt>
+<dt>
+<a href="xmlsec-io.html">io</a> -- Input/output support.</dt>
+<dt>
+<a href="xmlsec-keyinfo.html">keyinfo</a> -- <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node parser.</dt>
+<dt>
+<a href="xmlsec-keysdata.html">keysdata</a> -- Crypto key data object definition.</dt>
+<dt>
+<a href="xmlsec-keys.html">keys</a> -- Crypto key object definition.</dt>
+<dt>
+<a href="xmlsec-keysmngr.html">keysmngr</a> -- Keys manager object support.</dt>
+<dt>
+<a href="xmlsec-list.html">list</a> -- Generic list structure implementation.</dt>
+<dt>
+<a href="xmlsec-membuf.html">membuf</a> -- Memory buffer transform implementation.</dt>
+<dt>
+<a href="xmlsec-nodeset.html">nodeset</a> -- Nodeset object implementation.</dt>
+<dt>
+<a href="xmlsec-parser.html">parser</a> -- Parser transform implementation.</dt>
+<dt>
+<a href="xmlsec-templates.html">templates</a> -- Dynamic templates creation functions.</dt>
+<dt>
+<a href="xmlsec-transforms.html">transforms</a> -- Transform object definition.</dt>
+<dt>
+<a href="xmlsec-version.html">version</a> -- Version macros.</dt>
+<dt>
+<a href="xmlsec-xmldsig.html">xmldsig</a> -- XML Digital Signature support.</dt>
+<dt>
+<a href="xmlsec-xmlenc.html">xmlenc</a> -- XML Encryption support.</dt>
+<dt>
+<a href="xmlsec-xmlsec.html">xmlsec</a> -- Utility functions.</dt>
+<dt>
+<a href="xmlsec-xmltree.html">xmltree</a> -- XML tree operations.</dt>
+<dt>
+<a href="xmlsec-x509.html">x509</a> -- <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509Certificate" target="_top">&lt;dsig:X509Certificate/&gt;</a> node parser.</dt>
+</dl></div>
+<p>This section contains the API reference for xmlsec. All
+ the public interfaces are documented here. This reference guide is
+ build by extracting comments from the code sources. </p>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-reference.html"><b>&lt;&lt;&lt; XML Security Library API Reference.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-app.html"><b>app &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-reference.html b/docs/api/xmlsec-reference.html
new file mode 100644
index 00000000..0efbc524
--- /dev/null
+++ b/docs/api/xmlsec-reference.html
@@ -0,0 +1,106 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>XML Security Library API Reference.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="PREVIOUS" title="APPENDIX B. XML Security Library Encryption Klasses." href="xmlsec-encryption-klasses.html">
+<link rel="NEXT" title="XML Security Core Library API Reference." href="xmlsec-ref.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-encryption-klasses.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-ref.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<div class="PART">
+<a name="XMLSEC-REFERENCE"></a><div class="TITLEPAGE">
+<h1 class="TITLE">II. XML Security Library API Reference.</h1>
+<div class="TOC"><dl>
+<dt><b>Table of Contents</b></dt>
+<dt><a href="xmlsec-ref.html">XML Security Core Library API Reference.</a></dt>
+<dt><a href="xmlsec-openssl-ref.html">XML Security Library for OpenSLL API Reference.</a></dt>
+<dt><a href="xmlsec-gnutls-ref.html">XML Security Library for GnuTLS API Reference.</a></dt>
+<dt><a href="xmlsec-gcrypt-ref.html">XML Security Library for GCrypt API Reference.</a></dt>
+<dt><a href="xmlsec-nss-ref.html">XML Security Library for NSS API Reference.</a></dt>
+<dt><a href="xmlsec-mscrypto-ref.html">XML Security Library for MSCrypto API Reference.</a></dt>
+<dt><a href="xmlsec-index.html">XML Security Library Reference Index</a></dt>
+</dl></div>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-encryption-klasses.html"><b>&lt;&lt;&lt; APPENDIX B. XML Security Library Encryption Klasses.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-ref.html"><b>XML Security Core Library API Reference. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-signature-klasses.html b/docs/api/xmlsec-signature-klasses.html
new file mode 100644
index 00000000..e066a700
--- /dev/null
+++ b/docs/api/xmlsec-signature-klasses.html
@@ -0,0 +1,101 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>APPENDIX A. XML Security Library Signature Klasses.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Library Tutorial" href="xmlsec-notes.html">
+<link rel="PREVIOUS" title="Writing a custom keys manager." href="xmlsec-custom-keys-manager.html">
+<link rel="NEXT" title="APPENDIX B. XML Security Library Encryption Klasses." href="xmlsec-encryption-klasses.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-custom-keys-manager.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-notes.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-encryption-klasses.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<div class="CHAPTER">
+<h1>
+<a name="XMLSEC-SIGNATURE-KLASSES"></a>APPENDIX A. XML Security Library Signature Klasses.</h1>
+<div class="FIGURE">
+<a name="AEN818"></a><p><b>Figure 1. XML Security Library Signature Klasses.</b></p>
+<p><img src="images/signature-structure.png" align="CENTER"></p>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-custom-keys-manager.html"><b>&lt;&lt;&lt; Writing a custom keys manager.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-encryption-klasses.html"><b>APPENDIX B. XML Security Library Encryption Klasses. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-templates.html b/docs/api/xmlsec-templates.html
new file mode 100644
index 00000000..b689ab35
--- /dev/null
+++ b/docs/api/xmlsec-templates.html
@@ -0,0 +1,1290 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>templates</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Core Library API Reference." href="xmlsec-ref.html">
+<link rel="PREVIOUS" title="parser" href="xmlsec-parser.html">
+<link rel="NEXT" title="transforms" href="xmlsec-transforms.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-parser.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-transforms.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-TEMPLATES"></a>templates</h1>
+<div class="REFNAMEDIV">
+<a name="AEN14788"></a><h2>Name</h2>templates -- Dynamic templates creation functions.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-TEMPLATES.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS"><gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLSIGNATURECREATE">xmlSecTmplSignatureCreate</a> (<code class="PARAMETER"><gtkdoclink href="XMLDOC"><span class="TYPE">xmlDocPtr</span></gtkdoclink> doc</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> c14nMethodId</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> signMethodId</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *id</code>);
+<gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLSIGNATURECREATENSPREF">xmlSecTmplSignatureCreateNsPref</a> (<code class="PARAMETER"><gtkdoclink href="XMLDOC"><span class="TYPE">xmlDocPtr</span></gtkdoclink> doc</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> c14nMethodId</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> signMethodId</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *id</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *nsPrefix</code>);
+<gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLSIGNATUREENSUREKEYINFO">xmlSecTmplSignatureEnsureKeyInfo</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> signNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *id</code>);
+<gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLSIGNATUREADDREFERENCE">xmlSecTmplSignatureAddReference</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> signNode</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> digestMethodId</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *id</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *uri</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *type</code>);
+<gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLSIGNATUREADDOBJECT">xmlSecTmplSignatureAddObject</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> signNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *id</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *mimeType</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *encoding</code>);
+<gtkdoclink href="XMLNODE"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLSIGNATUREGETSIGNMETHODNODE">xmlSecTmplSignatureGetSignMethodNode</a>
+ (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> signNode</code>);
+<gtkdoclink href="XMLNODE"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLSIGNATUREGETC14NMETHODNODE">xmlSecTmplSignatureGetC14NMethodNode</a>
+ (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> signNode</code>);
+<gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLREFERENCEADDTRANSFORM">xmlSecTmplReferenceAddTransform</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> referenceNode</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> transformId</code>);
+<gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLOBJECTADDSIGNPROPERTIES">xmlSecTmplObjectAddSignProperties</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> objectNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *id</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *target</code>);
+<gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLOBJECTADDMANIFEST">xmlSecTmplObjectAddManifest</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> objectNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *id</code>);
+<gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLMANIFESTADDREFERENCE">xmlSecTmplManifestAddReference</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> manifestNode</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> digestMethodId</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *id</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *uri</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *type</code>);
+<gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLENCDATACREATE">xmlSecTmplEncDataCreate</a> (<code class="PARAMETER"><gtkdoclink href="XMLDOC"><span class="TYPE">xmlDocPtr</span></gtkdoclink> doc</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> encMethodId</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *id</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *type</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *mimeType</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *encoding</code>);
+<gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLENCDATAENSUREKEYINFO">xmlSecTmplEncDataEnsureKeyInfo</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> encNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *id</code>);
+<gtkdoclink href="XMLNODE"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLENCDATAENSUREENCPROPERTIES">xmlSecTmplEncDataEnsureEncProperties</a>
+ (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> encNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *id</code>);
+<gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLENCDATAADDENCPROPERTY">xmlSecTmplEncDataAddEncProperty</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> encNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *id</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *target</code>);
+<gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLENCDATAENSURECIPHERVALUE">xmlSecTmplEncDataEnsureCipherValue</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> encNode</code>);
+<gtkdoclink href="XMLNODE"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLENCDATAENSURECIPHERREFERENCE">xmlSecTmplEncDataEnsureCipherReference</a>
+ (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> encNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *uri</code>);
+<gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLENCDATAGETENCMETHODNODE">xmlSecTmplEncDataGetEncMethodNode</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> encNode</code>);
+<gtkdoclink href="XMLNODE"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLCIPHERREFERENCEADDTRANSFORM">xmlSecTmplCipherReferenceAddTransform</a>
+ (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> cipherReferenceNode</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> transformId</code>);
+<gtkdoclink href="XMLNODE"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLREFERENCELISTADDDATAREFERENCE">xmlSecTmplReferenceListAddDataReference</a>
+ (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> encNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *uri</code>);
+<gtkdoclink href="XMLNODE"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLREFERENCELISTADDKEYREFERENCE">xmlSecTmplReferenceListAddKeyReference</a>
+ (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> encNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *uri</code>);
+<gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLKEYINFOADDKEYNAME">xmlSecTmplKeyInfoAddKeyName</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> keyInfoNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>);
+<gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLKEYINFOADDKEYVALUE">xmlSecTmplKeyInfoAddKeyValue</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> keyInfoNode</code>);
+<gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLKEYINFOADDX509DATA">xmlSecTmplKeyInfoAddX509Data</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> keyInfoNode</code>);
+<gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLKEYINFOADDRETRIEVALMETHOD">xmlSecTmplKeyInfoAddRetrievalMethod</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> keyInfoNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *uri</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *type</code>);
+<gtkdoclink href="XMLNODE"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLRETRIEVALMETHODADDTRANSFORM">xmlSecTmplRetrievalMethodAddTransform</a>
+ (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> retrMethodNode</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> transformId</code>);
+<gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLKEYINFOADDENCRYPTEDKEY">xmlSecTmplKeyInfoAddEncryptedKey</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> keyInfoNode</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> encMethodId</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *id</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *type</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *recipient</code>);
+<gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLX509DATAADDISSUERSERIAL">xmlSecTmplX509DataAddIssuerSerial</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> x509DataNode</code>);
+<gtkdoclink href="XMLNODE"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLX509ISSUERSERIALADDISSUERNAME">xmlSecTmplX509IssuerSerialAddIssuerName</a>
+ (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> x509IssuerSerialNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *issuerName</code>);
+<gtkdoclink href="XMLNODE"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLX509ISSUERSERIALADDSERIALNUMBER">xmlSecTmplX509IssuerSerialAddSerialNumber</a>
+ (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> x509IssuerSerialNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *serial</code>);
+<gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLX509DATAADDSUBJECTNAME">xmlSecTmplX509DataAddSubjectName</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> x509DataNode</code>);
+<gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLX509DATAADDSKI">xmlSecTmplX509DataAddSKI</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> x509DataNode</code>);
+<gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLX509DATAADDCERTIFICATE">xmlSecTmplX509DataAddCertificate</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> x509DataNode</code>);
+<gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLX509DATAADDCRL">xmlSecTmplX509DataAddCRL</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> x509DataNode</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLTRANSFORMADDHMACOUTPUTLENGTH">xmlSecTmplTransformAddHmacOutputLength</a>
+ (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> transformNode</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bitsLen</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLTRANSFORMADDRSAOAEPPARAM">xmlSecTmplTransformAddRsaOaepParam</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> transformNode</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLTRANSFORMADDXSLTSTYLESHEET">xmlSecTmplTransformAddXsltStylesheet</a>
+ (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> transformNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *xslt</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLTRANSFORMADDC14NINCLNAMESPACES">xmlSecTmplTransformAddC14NInclNamespaces</a>
+ (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> transformNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *prefixList</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLTRANSFORMADDXPATH">xmlSecTmplTransformAddXPath</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> transformNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *expression</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> **nsList</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLTRANSFORMADDXPATH2">xmlSecTmplTransformAddXPath2</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> transformNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *type</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *expression</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> **nsList</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-templates.html#XMLSECTMPLTRANSFORMADDXPOINTER">xmlSecTmplTransformAddXPointer</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> transformNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *expression</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> **nsList</code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-TEMPLATES.DESCRIPTION"></a><h2>Description</h2>
+<p>Dynamic templates creation functions.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-TEMPLATES.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECTMPLSIGNATURECREATE"></a><h3>xmlSecTmplSignatureCreate ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecTmplSignatureCreate (<code class="PARAMETER"><gtkdoclink href="XMLDOC"><span class="TYPE">xmlDocPtr</span></gtkdoclink> doc</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> c14nMethodId</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> signMethodId</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *id</code>);</pre>
+<p>Creates new <a href="http://www.w3.org/TR/xmldsig-core/#sec-Signature" target="_top">&lt;dsig:Signature/&gt;</a> node with the mandatory <a href="http://www.w3.org/TR/xmldsig-core/#sec-SignedInfo" target="_top">&lt;dsig:SignedInfo/&gt;</a>,
+<a href="http://www.w3.org/TR/xmldsig-core/#sec-CanonicalizationMethod" target="_top">&lt;dsig:CanonicalizationMethod/&gt;</a>, <a href="http://www.w3.org/TR/xmldsig-core/#sec-SignatureMethod" target="_top">&lt;dsig:SignatureMethod/&gt;</a> and
+<a href="http://www.w3.org/TR/xmldsig-core/#sec-SignatureValue" target="_top">&lt;dsig:SignatureValue/&gt;</a> children and sub-children.
+The application is responsible for inserting the returned node
+in the XML document.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15245"><span style="white-space: nowrap"><code class="PARAMETER">doc</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to signature document or NULL; in the
+ second case, application must later call <code class="PARAMETER">xmlSetTreeDoc</code>
+ to ensure that all the children nodes have correct
+ pointer to XML document.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15251"><span style="white-space: nowrap"><code class="PARAMETER">c14nMethodId</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the signature canonicalization method.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15256"><span style="white-space: nowrap"><code class="PARAMETER">signMethodId</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the signature method.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15261"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the node id (may be NULL).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15266"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to newly created <a href="http://www.w3.org/TR/xmldsig-core/#sec-Signature" target="_top">&lt;dsig:Signature/&gt;</a> node or NULL if an
+error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLSIGNATURECREATENSPREF"></a><h3>xmlSecTmplSignatureCreateNsPref ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecTmplSignatureCreateNsPref (<code class="PARAMETER"><gtkdoclink href="XMLDOC"><span class="TYPE">xmlDocPtr</span></gtkdoclink> doc</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> c14nMethodId</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> signMethodId</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *id</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *nsPrefix</code>);</pre>
+<p>Creates new <a href="http://www.w3.org/TR/xmldsig-core/#sec-Signature" target="_top">&lt;dsig:Signature/&gt;</a> node with the mandatory
+<a href="http://www.w3.org/TR/xmldsig-core/#sec-SignedInfo" target="_top">&lt;dsig:SignedInfo/&gt;</a>, <a href="http://www.w3.org/TR/xmldsig-core/#sec-CanonicalizationMethod" target="_top">&lt;dsig:CanonicalizationMethod/&gt;</a>,
+<a href="http://www.w3.org/TR/xmldsig-core/#sec-SignatureMethod" target="_top">&lt;dsig:SignatureMethod/&gt;</a> and <a href="http://www.w3.org/TR/xmldsig-core/#sec-SignatureValue" target="_top">&lt;dsig:SignatureValue/&gt;</a> children and
+sub-children. This method differs from xmlSecTmplSignatureCreate in
+that it will define the http://www.w3.org/2000/09/xmldsig#
+namespace with the given prefix that will be used for all of the
+appropriate child nodes. The application is responsible for
+inserting the returned node in the XML document.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15301"><span style="white-space: nowrap"><code class="PARAMETER">doc</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to signature document or NULL; in the
+ second case, application must later call <code class="PARAMETER">xmlSetTreeDoc</code>
+ to ensure that all the children nodes have correct
+ pointer to XML document.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15307"><span style="white-space: nowrap"><code class="PARAMETER">c14nMethodId</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the signature canonicalization method.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15312"><span style="white-space: nowrap"><code class="PARAMETER">signMethodId</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the signature method.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15317"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the node id (may be NULL).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15322"><span style="white-space: nowrap"><code class="PARAMETER">nsPrefix</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the namespace prefix for the signature element (e.g. "dsig"), or NULL</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15327"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to newly created <a href="http://www.w3.org/TR/xmldsig-core/#sec-Signature" target="_top">&lt;dsig:Signature/&gt;</a> node or NULL if an
+error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLSIGNATUREENSUREKEYINFO"></a><h3>xmlSecTmplSignatureEnsureKeyInfo ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecTmplSignatureEnsureKeyInfo (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> signNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *id</code>);</pre>
+<p>Adds (if necessary) <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node to the <a href="http://www.w3.org/TR/xmldsig-core/#sec-Signature" target="_top">&lt;dsig:Signature/&gt;</a>
+node <code class="PARAMETER">signNode</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15351"><span style="white-space: nowrap"><code class="PARAMETER">signNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-Signature" target="_top">&lt;dsig:Signature/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15357"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the node id (may be NULL).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15362"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to newly created <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node or NULL if an
+error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLSIGNATUREADDREFERENCE"></a><h3>xmlSecTmplSignatureAddReference ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecTmplSignatureAddReference (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> signNode</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> digestMethodId</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *id</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *uri</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *type</code>);</pre>
+<p>Adds <a href="http://www.w3.org/TR/xmldsig-core/#sec-Reference" target="_top">&lt;dsig:Reference/&gt;</a> node with given URI (<code class="PARAMETER">uri</code>), Id (<code class="PARAMETER">id</code>) and
+Type (<code class="PARAMETER">type</code>) attributes and the required children <a href="http://www.w3.org/TR/xmldsig-core/#sec-DigestMethod" target="_top">&lt;dsig:DigestMethod/&gt;</a> and
+<a href="http://www.w3.org/TR/xmldsig-core/#sec-DigestValue" target="_top">&lt;dsig:DigestValue/&gt;</a> to the <a href="http://www.w3.org/TR/xmldsig-core/#sec-SignedInfo" target="_top">&lt;dsig:SignedInfo/&gt;</a> child of <code class="PARAMETER">signNode</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15400"><span style="white-space: nowrap"><code class="PARAMETER">signNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-Signature" target="_top">&lt;dsig:Signature/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15406"><span style="white-space: nowrap"><code class="PARAMETER">digestMethodId</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the reference digest method.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15411"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the node id (may be NULL).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15416"><span style="white-space: nowrap"><code class="PARAMETER">uri</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the reference node uri (may be NULL).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15421"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the reference node type (may be NULL).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15426"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to newly created <a href="http://www.w3.org/TR/xmldsig-core/#sec-Reference" target="_top">&lt;dsig:Reference/&gt;</a> node or NULL
+if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLSIGNATUREADDOBJECT"></a><h3>xmlSecTmplSignatureAddObject ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecTmplSignatureAddObject (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> signNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *id</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *mimeType</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *encoding</code>);</pre>
+<p>Adds <a href="http://www.w3.org/TR/xmldsig-core/#sec-Object" target="_top">&lt;dsig:Object/&gt;</a> node to the <a href="http://www.w3.org/TR/xmldsig-core/#sec-Signature" target="_top">&lt;dsig:Signature/&gt;</a> node <code class="PARAMETER">signNode</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15456"><span style="white-space: nowrap"><code class="PARAMETER">signNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-Signature" target="_top">&lt;dsig:Signature/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15462"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the node id (may be NULL).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15467"><span style="white-space: nowrap"><code class="PARAMETER">mimeType</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the object mime type (may be NULL).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15472"><span style="white-space: nowrap"><code class="PARAMETER">encoding</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the object encoding (may be NULL).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15477"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to newly created <a href="http://www.w3.org/TR/xmldsig-core/#sec-Object" target="_top">&lt;dsig:Object/&gt;</a> node or NULL
+if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLSIGNATUREGETSIGNMETHODNODE"></a><h3>xmlSecTmplSignatureGetSignMethodNode ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODE"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecTmplSignatureGetSignMethodNode
+ (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> signNode</code>);</pre>
+<p>Gets pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-SignatureMethod" target="_top">&lt;dsig:SignatureMethod/&gt;</a> child of <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15497"><span style="white-space: nowrap"><code class="PARAMETER">signNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-Signature%20" target="_top">&lt;dsig:Signature /&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15503"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-SignatureMethod%20" target="_top">&lt;dsig:SignatureMethod /&gt;</a> node or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLSIGNATUREGETC14NMETHODNODE"></a><h3>xmlSecTmplSignatureGetC14NMethodNode ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODE"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecTmplSignatureGetC14NMethodNode
+ (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> signNode</code>);</pre>
+<p>Gets pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-CanonicalizationMethod" target="_top">&lt;dsig:CanonicalizationMethod/&gt;</a> child of <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15523"><span style="white-space: nowrap"><code class="PARAMETER">signNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-Signature%20" target="_top">&lt;dsig:Signature /&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15529"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-CanonicalizationMethod%20" target="_top">&lt;dsig:CanonicalizationMethod /&gt;</a> node or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLREFERENCEADDTRANSFORM"></a><h3>xmlSecTmplReferenceAddTransform ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecTmplReferenceAddTransform (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> referenceNode</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> transformId</code>);</pre>
+<p>Adds <a href="http://www.w3.org/TR/xmldsig-core/#sec-Transform" target="_top">&lt;dsig:Transform/&gt;</a> node to the <a href="http://www.w3.org/TR/xmldsig-core/#sec-Reference" target="_top">&lt;dsig:Reference/&gt;</a> node <code class="PARAMETER">referenceNode</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15553"><span style="white-space: nowrap"><code class="PARAMETER">referenceNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-Reference" target="_top">&lt;dsig:Reference/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15559"><span style="white-space: nowrap"><code class="PARAMETER">transformId</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the transform method id.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15564"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to newly created <a href="http://www.w3.org/TR/xmldsig-core/#sec-Transform" target="_top">&lt;dsig:Transform/&gt;</a> node or NULL if an
+error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLOBJECTADDSIGNPROPERTIES"></a><h3>xmlSecTmplObjectAddSignProperties ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecTmplObjectAddSignProperties (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> objectNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *id</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *target</code>);</pre>
+<p>Adds <a href="http://www.w3.org/TR/xmldsig-core/#sec-SignatureProperties" target="_top">&lt;dsig:SignatureProperties/&gt;</a> node to the <a href="http://www.w3.org/TR/xmldsig-core/#sec-Object" target="_top">&lt;dsig:Object/&gt;</a> node <code class="PARAMETER">objectNode</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15591"><span style="white-space: nowrap"><code class="PARAMETER">objectNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-Object" target="_top">&lt;dsig:Object/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15597"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the node id (may be NULL).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15602"><span style="white-space: nowrap"><code class="PARAMETER">target</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the Target (may be NULL).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15607"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to newly created <a href="http://www.w3.org/TR/xmldsig-core/#sec-SignatureProperties" target="_top">&lt;dsig:SignatureProperties/&gt;</a> node or NULL
+if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLOBJECTADDMANIFEST"></a><h3>xmlSecTmplObjectAddManifest ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecTmplObjectAddManifest (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> objectNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *id</code>);</pre>
+<p>Adds <a href="http://www.w3.org/TR/xmldsig-core/#sec-Manifest" target="_top">&lt;dsig:Manifest/&gt;</a> node to the <a href="http://www.w3.org/TR/xmldsig-core/#sec-Object" target="_top">&lt;dsig:Object/&gt;</a> node <code class="PARAMETER">objectNode</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15631"><span style="white-space: nowrap"><code class="PARAMETER">objectNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-Object" target="_top">&lt;dsig:Object/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15637"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the node id (may be NULL).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15642"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to newly created <a href="http://www.w3.org/TR/xmldsig-core/#sec-Manifest" target="_top">&lt;dsig:Manifest/&gt;</a> node or NULL
+if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLMANIFESTADDREFERENCE"></a><h3>xmlSecTmplManifestAddReference ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecTmplManifestAddReference (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> manifestNode</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> digestMethodId</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *id</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *uri</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *type</code>);</pre>
+<p>Adds <a href="http://www.w3.org/TR/xmldsig-core/#sec-Reference" target="_top">&lt;dsig:Reference/&gt;</a> node with specified URI (<code class="PARAMETER">uri</code>), Id (<code class="PARAMETER">id</code>) and
+Type (<code class="PARAMETER">type</code>) attributes and the required children <a href="http://www.w3.org/TR/xmldsig-core/#sec-DigestMethod" target="_top">&lt;dsig:DigestMethod/&gt;</a> and
+<a href="http://www.w3.org/TR/xmldsig-core/#sec-DigestValue" target="_top">&lt;dsig:DigestValue/&gt;</a> to the <a href="http://www.w3.org/TR/xmldsig-core/#sec-Manifest" target="_top">&lt;dsig:Manifest/&gt;</a> node <code class="PARAMETER">manifestNode</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15680"><span style="white-space: nowrap"><code class="PARAMETER">manifestNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-Manifest" target="_top">&lt;dsig:Manifest/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15686"><span style="white-space: nowrap"><code class="PARAMETER">digestMethodId</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the reference digest method.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15691"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the node id (may be NULL).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15696"><span style="white-space: nowrap"><code class="PARAMETER">uri</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the reference node uri (may be NULL).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15701"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the reference node type (may be NULL).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15706"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to newly created <a href="http://www.w3.org/TR/xmldsig-core/#sec-Reference" target="_top">&lt;dsig:Reference/&gt;</a> node or NULL
+if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLENCDATACREATE"></a><h3>xmlSecTmplEncDataCreate ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecTmplEncDataCreate (<code class="PARAMETER"><gtkdoclink href="XMLDOC"><span class="TYPE">xmlDocPtr</span></gtkdoclink> doc</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> encMethodId</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *id</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *type</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *mimeType</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *encoding</code>);</pre>
+<p>Creates new <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData%20" target="_top">&lt;enc:EncryptedData /&gt;</a> node for encryption template.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15740"><span style="white-space: nowrap"><code class="PARAMETER">doc</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to signature document or NULL; in the later
+ case, application must later call <code class="PARAMETER">xmlSetTreeDoc</code> to ensure
+ that all the children nodes have correct pointer to XML document.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15746"><span style="white-space: nowrap"><code class="PARAMETER">encMethodId</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the encryption method (may be NULL).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15751"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the Id attribute (optional).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15756"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the Type attribute (optional)</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15761"><span style="white-space: nowrap"><code class="PARAMETER">mimeType</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the MimeType attribute (optional)</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15766"><span style="white-space: nowrap"><code class="PARAMETER">encoding</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the Encoding attribute (optional)</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15771"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer newly created <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a> node or NULL
+if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLENCDATAENSUREKEYINFO"></a><h3>xmlSecTmplEncDataEnsureKeyInfo ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecTmplEncDataEnsureKeyInfo (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> encNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *id</code>);</pre>
+<p>Adds <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> to the <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a> node <code class="PARAMETER">encNode</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15795"><span style="white-space: nowrap"><code class="PARAMETER">encNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15801"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the Id attrbibute (optional).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15806"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to newly created <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node or
+NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLENCDATAENSUREENCPROPERTIES"></a><h3>xmlSecTmplEncDataEnsureEncProperties ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODE"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecTmplEncDataEnsureEncProperties
+ (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> encNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *id</code>);</pre>
+<p>Adds <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptionProperties" target="_top">&lt;enc:EncryptionProperties/&gt;</a> node to the <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a>
+node <code class="PARAMETER">encNode</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15830"><span style="white-space: nowrap"><code class="PARAMETER">encNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15836"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the Id attribute (optional).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15841"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to newly created <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptionProperties" target="_top">&lt;enc:EncryptionProperties/&gt;</a> node or
+NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLENCDATAADDENCPROPERTY"></a><h3>xmlSecTmplEncDataAddEncProperty ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecTmplEncDataAddEncProperty (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> encNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *id</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *target</code>);</pre>
+<p>Adds <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptionProperty" target="_top">&lt;enc:EncryptionProperty/&gt;</a> node (and the parent
+<a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptionProperties" target="_top">&lt;enc:EncryptionProperties/&gt;</a> node if required) to the
+<a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a> node <code class="PARAMETER">encNode</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15869"><span style="white-space: nowrap"><code class="PARAMETER">encNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15875"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the Id attribute (optional).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15880"><span style="white-space: nowrap"><code class="PARAMETER">target</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the Target attribute (optional).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15885"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to newly created <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptionProperty" target="_top">&lt;enc:EncryptionProperty/&gt;</a> node or
+NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLENCDATAENSURECIPHERVALUE"></a><h3>xmlSecTmplEncDataEnsureCipherValue ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecTmplEncDataEnsureCipherValue (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> encNode</code>);</pre>
+<p>Adds <a href="http://www.w3.org/TR/xmlenc-core/#sec-CipherValue" target="_top">&lt;enc:CipherValue/&gt;</a> to the <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a> node <code class="PARAMETER">encNode</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15906"><span style="white-space: nowrap"><code class="PARAMETER">encNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15912"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to newly created <a href="http://www.w3.org/TR/xmlenc-core/#sec-CipherValue" target="_top">&lt;enc:CipherValue/&gt;</a> node or
+NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLENCDATAENSURECIPHERREFERENCE"></a><h3>xmlSecTmplEncDataEnsureCipherReference ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODE"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecTmplEncDataEnsureCipherReference
+ (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> encNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *uri</code>);</pre>
+<p>Adds <a href="http://www.w3.org/TR/xmlenc-core/#sec-CipherReference" target="_top">&lt;enc:CipherReference/&gt;</a> node with specified URI attribute <code class="PARAMETER">uri</code>
+to the <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a> node <code class="PARAMETER">encNode</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15937"><span style="white-space: nowrap"><code class="PARAMETER">encNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15943"><span style="white-space: nowrap"><code class="PARAMETER">uri</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the URI attribute (may be NULL).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15948"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to newly created <a href="http://www.w3.org/TR/xmlenc-core/#sec-CipherReference" target="_top">&lt;enc:CipherReference/&gt;</a> node or
+NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLENCDATAGETENCMETHODNODE"></a><h3>xmlSecTmplEncDataGetEncMethodNode ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecTmplEncDataGetEncMethodNode (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> encNode</code>);</pre>
+<p>Gets pointer to <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncrytpionMethod" target="_top">&lt;enc:EncrytpionMethod/&gt;</a> node.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15967"><span style="white-space: nowrap"><code class="PARAMETER">encNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmlenc-core/#sec-EcnryptedData%20" target="_top">&lt;enc:EcnryptedData /&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN15973"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptionMethod%20" target="_top">&lt;enc:EncryptionMethod /&gt;</a> node or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLCIPHERREFERENCEADDTRANSFORM"></a><h3>xmlSecTmplCipherReferenceAddTransform ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODE"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecTmplCipherReferenceAddTransform
+ (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> cipherReferenceNode</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> transformId</code>);</pre>
+<p>Adds <a href="http://www.w3.org/TR/xmldsig-core/#sec-Transform" target="_top">&lt;dsig:Transform/&gt;</a> node (and the parent <a href="http://www.w3.org/TR/xmldsig-core/#sec-Transforms" target="_top">&lt;dsig:Transforms/&gt;</a> node)
+with specified transform methods <code class="PARAMETER">transform</code> to the <a href="http://www.w3.org/TR/xmlenc-core/#sec-CipherReference" target="_top">&lt;enc:CipherReference/&gt;</a>
+child node of the <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a> node <code class="PARAMETER">encNode</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16000"><span style="white-space: nowrap"><code class="PARAMETER">cipherReferenceNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmlenc-core/#sec-CipherReference" target="_top">&lt;enc:CipherReference/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16006"><span style="white-space: nowrap"><code class="PARAMETER">transformId</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the transform id.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16011"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to newly created <a href="http://www.w3.org/TR/xmldsig-core/#sec-Transform" target="_top">&lt;dsig:Transform/&gt;</a> node or
+NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLREFERENCELISTADDDATAREFERENCE"></a><h3>xmlSecTmplReferenceListAddDataReference ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODE"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecTmplReferenceListAddDataReference
+ (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> encNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *uri</code>);</pre>
+<p>Adds <a href="http://www.w3.org/TR/xmlenc-core/#sec-DataReference" target="_top">&lt;enc:DataReference/&gt;</a> and the parent <a href="http://www.w3.org/TR/xmlenc-core/#sec-ReferenceList" target="_top">&lt;enc:ReferenceList/&gt;</a> node (if needed).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16034"><span style="white-space: nowrap"><code class="PARAMETER">encNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedKey" target="_top">&lt;enc:EncryptedKey/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16040"><span style="white-space: nowrap"><code class="PARAMETER">uri</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>uri to reference (optional)</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16045"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to newly created <a href="http://www.w3.org/TR/xmlenc-core/#sec-DataReference" target="_top">&lt;enc:DataReference/&gt;</a> node or
+NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLREFERENCELISTADDKEYREFERENCE"></a><h3>xmlSecTmplReferenceListAddKeyReference ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODE"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecTmplReferenceListAddKeyReference
+ (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> encNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *uri</code>);</pre>
+<p>Adds <a href="http://www.w3.org/TR/xmlenc-core/#sec-KeyReference" target="_top">&lt;enc:KeyReference/&gt;</a> and the parent <a href="http://www.w3.org/TR/xmlenc-core/#sec-ReferenceList" target="_top">&lt;enc:ReferenceList/&gt;</a> node (if needed).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16068"><span style="white-space: nowrap"><code class="PARAMETER">encNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedKey" target="_top">&lt;enc:EncryptedKey/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16074"><span style="white-space: nowrap"><code class="PARAMETER">uri</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>uri to reference (optional)</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16079"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to newly created <a href="http://www.w3.org/TR/xmlenc-core/#sec-KeyReference" target="_top">&lt;enc:KeyReference/&gt;</a> node or
+NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLKEYINFOADDKEYNAME"></a><h3>xmlSecTmplKeyInfoAddKeyName ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecTmplKeyInfoAddKeyName (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> keyInfoNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>);</pre>
+<p>Adds <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyName" target="_top">&lt;dsig:KeyName/&gt;</a> node to the <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node <code class="PARAMETER">keyInfoNode</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16103"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16109"><span style="white-space: nowrap"><code class="PARAMETER">name</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the key name (optional).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16114"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to the newly created <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyName" target="_top">&lt;dsig:KeyName/&gt;</a> node or
+NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLKEYINFOADDKEYVALUE"></a><h3>xmlSecTmplKeyInfoAddKeyValue ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecTmplKeyInfoAddKeyValue (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> keyInfoNode</code>);</pre>
+<p>Adds <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyValue" target="_top">&lt;dsig:KeyValue/&gt;</a> node to the <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node <code class="PARAMETER">keyInfoNode</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16135"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16141"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to the newly created <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyValue" target="_top">&lt;dsig:KeyValue/&gt;</a> node or
+NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLKEYINFOADDX509DATA"></a><h3>xmlSecTmplKeyInfoAddX509Data ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecTmplKeyInfoAddX509Data (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> keyInfoNode</code>);</pre>
+<p>Adds <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509Data" target="_top">&lt;dsig:X509Data/&gt;</a> node to the <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node <code class="PARAMETER">keyInfoNode</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16162"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16168"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to the newly created <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509Data" target="_top">&lt;dsig:X509Data/&gt;</a> node or
+NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLKEYINFOADDRETRIEVALMETHOD"></a><h3>xmlSecTmplKeyInfoAddRetrievalMethod ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecTmplKeyInfoAddRetrievalMethod (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> keyInfoNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *uri</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *type</code>);</pre>
+<p>Adds <a href="http://www.w3.org/TR/xmldsig-core/#sec-RetrievalMethod" target="_top">&lt;dsig:RetrievalMethod/&gt;</a> node to the <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node <code class="PARAMETER">keyInfoNode</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16195"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16201"><span style="white-space: nowrap"><code class="PARAMETER">uri</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the URI attribute (optional).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16206"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the Type attribute(optional).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16211"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to the newly created <a href="http://www.w3.org/TR/xmldsig-core/#sec-RetrievalMethod" target="_top">&lt;dsig:RetrievalMethod/&gt;</a> node or
+NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLRETRIEVALMETHODADDTRANSFORM"></a><h3>xmlSecTmplRetrievalMethodAddTransform ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODE"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecTmplRetrievalMethodAddTransform
+ (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> retrMethodNode</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> transformId</code>);</pre>
+<p>Adds <a href="http://www.w3.org/TR/xmldsig-core/#sec-Transform" target="_top">&lt;dsig:Transform/&gt;</a> node (and the parent <a href="http://www.w3.org/TR/xmldsig-core/#sec-Transforms" target="_top">&lt;dsig:Transforms/&gt;</a> node
+if required) to the <a href="http://www.w3.org/TR/xmldsig-core/#sec-RetrievalMethod" target="_top">&lt;dsig:RetrievalMethod/&gt;</a> node <code class="PARAMETER">retrMethod</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16236"><span style="white-space: nowrap"><code class="PARAMETER">retrMethodNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-RetrievalMethod" target="_top">&lt;dsig:RetrievalMethod/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16242"><span style="white-space: nowrap"><code class="PARAMETER">transformId</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the transform id.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16247"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to the newly created <a href="http://www.w3.org/TR/xmldsig-core/#sec-Transforms" target="_top">&lt;dsig:Transforms/&gt;</a> node or
+NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLKEYINFOADDENCRYPTEDKEY"></a><h3>xmlSecTmplKeyInfoAddEncryptedKey ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecTmplKeyInfoAddEncryptedKey (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> keyInfoNode</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> encMethodId</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *id</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *type</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *recipient</code>);</pre>
+<p>Adds <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedKey" target="_top">&lt;enc:EncryptedKey/&gt;</a> node with given attributes to
+the <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node <code class="PARAMETER">keyInfoNode</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16280"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16286"><span style="white-space: nowrap"><code class="PARAMETER">encMethodId</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the encryption method (optional).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16291"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the Id attribute (optional).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16296"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the Type attribute (optional).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16301"><span style="white-space: nowrap"><code class="PARAMETER">recipient</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the Recipient attribute (optional).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16306"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to the newly created <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedKey" target="_top">&lt;enc:EncryptedKey/&gt;</a> node or
+NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLX509DATAADDISSUERSERIAL"></a><h3>xmlSecTmplX509DataAddIssuerSerial ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecTmplX509DataAddIssuerSerial (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> x509DataNode</code>);</pre>
+<p>Adds <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509IssuerSerial" target="_top">&lt;dsig:X509IssuerSerial/&gt;</a> node to the given <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509Data" target="_top">&lt;dsig:X509Data/&gt;</a> node.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16326"><span style="white-space: nowrap"><code class="PARAMETER">x509DataNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509Data" target="_top">&lt;dsig:X509Data/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16332"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to the newly created <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509IssuerSerial" target="_top">&lt;dsig:X509IssuerSerial/&gt;</a> node or
+NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLX509ISSUERSERIALADDISSUERNAME"></a><h3>xmlSecTmplX509IssuerSerialAddIssuerName ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODE"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecTmplX509IssuerSerialAddIssuerName
+ (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> x509IssuerSerialNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *issuerName</code>);</pre>
+<p>Adds <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509IssuerName" target="_top">&lt;dsig:X509IssuerName/&gt;</a> node to the <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509IssuerSerial" target="_top">&lt;dsig:X509IssuerSerial/&gt;</a> node <code class="PARAMETER">x509IssuerSerialNode</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16356"><span style="white-space: nowrap"><code class="PARAMETER">x509IssuerSerialNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509IssuerSerial" target="_top">&lt;dsig:X509IssuerSerial/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16362"><span style="white-space: nowrap"><code class="PARAMETER">issuerName</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the issuer name (optional).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16367"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to the newly created <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509IssuerName" target="_top">&lt;dsig:X509IssuerName/&gt;</a> node or
+NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLX509ISSUERSERIALADDSERIALNUMBER"></a><h3>xmlSecTmplX509IssuerSerialAddSerialNumber ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODE"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecTmplX509IssuerSerialAddSerialNumber
+ (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> x509IssuerSerialNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *serial</code>);</pre>
+<p>Adds <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509SerialNumber" target="_top">&lt;dsig:X509SerialNumber/&gt;</a> node to the <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509IssuerSerial" target="_top">&lt;dsig:X509IssuerSerial/&gt;</a> node <code class="PARAMETER">x509IssuerSerialNode</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16391"><span style="white-space: nowrap"><code class="PARAMETER">x509IssuerSerialNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509IssuerSerial" target="_top">&lt;dsig:X509IssuerSerial/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16397"><span style="white-space: nowrap"><code class="PARAMETER">serial</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the serial number (optional).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16402"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to the newly created <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509SerialNumber" target="_top">&lt;dsig:X509SerialNumber/&gt;</a> node or
+NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLX509DATAADDSUBJECTNAME"></a><h3>xmlSecTmplX509DataAddSubjectName ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecTmplX509DataAddSubjectName (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> x509DataNode</code>);</pre>
+<p>Adds <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509SubjectName" target="_top">&lt;dsig:X509SubjectName/&gt;</a> node to the given <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509Data" target="_top">&lt;dsig:X509Data/&gt;</a> node.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16422"><span style="white-space: nowrap"><code class="PARAMETER">x509DataNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509Data" target="_top">&lt;dsig:X509Data/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16428"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to the newly created <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509SubjectName" target="_top">&lt;dsig:X509SubjectName/&gt;</a> node or
+NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLX509DATAADDSKI"></a><h3>xmlSecTmplX509DataAddSKI ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecTmplX509DataAddSKI (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> x509DataNode</code>);</pre>
+<p>Adds <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509SKI" target="_top">&lt;dsig:X509SKI/&gt;</a> node to the given <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509Data" target="_top">&lt;dsig:X509Data/&gt;</a> node.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16448"><span style="white-space: nowrap"><code class="PARAMETER">x509DataNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509Data" target="_top">&lt;dsig:X509Data/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16454"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to the newly created <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509SKI" target="_top">&lt;dsig:X509SKI/&gt;</a> node or
+NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLX509DATAADDCERTIFICATE"></a><h3>xmlSecTmplX509DataAddCertificate ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecTmplX509DataAddCertificate (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> x509DataNode</code>);</pre>
+<p>Adds <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509Certificate" target="_top">&lt;dsig:X509Certificate/&gt;</a> node to the given <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509Data" target="_top">&lt;dsig:X509Data/&gt;</a> node.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16474"><span style="white-space: nowrap"><code class="PARAMETER">x509DataNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509Data" target="_top">&lt;dsig:X509Data/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16480"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to the newly created <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509Certificate" target="_top">&lt;dsig:X509Certificate/&gt;</a> node or
+NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLX509DATAADDCRL"></a><h3>xmlSecTmplX509DataAddCRL ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecTmplX509DataAddCRL (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> x509DataNode</code>);</pre>
+<p>Adds <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509CRL" target="_top">&lt;dsig:X509CRL/&gt;</a> node to the given <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509Data" target="_top">&lt;dsig:X509Data/&gt;</a> node.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16500"><span style="white-space: nowrap"><code class="PARAMETER">x509DataNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509Data" target="_top">&lt;dsig:X509Data/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16506"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to the newly created <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509CRL" target="_top">&lt;dsig:X509CRL/&gt;</a> node or
+NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLTRANSFORMADDHMACOUTPUTLENGTH"></a><h3>xmlSecTmplTransformAddHmacOutputLength ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTmplTransformAddHmacOutputLength
+ (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> transformNode</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> bitsLen</code>);</pre>
+<p>Creates <a href="http://www.w3.org/TR/xmldsig-core/#sec-HMACOutputLength" target="_top">&lt;dsig:HMACOutputLength/&gt;</a> child for the HMAC transform
+node <code class="PARAMETER">node</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16529"><span style="white-space: nowrap"><code class="PARAMETER">transformNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-Transform" target="_top">&lt;dsig:Transform/&gt;</a> node</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16535"><span style="white-space: nowrap"><code class="PARAMETER">bitsLen</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the required length in bits</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16540"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success and a negatie value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLTRANSFORMADDRSAOAEPPARAM"></a><h3>xmlSecTmplTransformAddRsaOaepParam ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTmplTransformAddRsaOaepParam (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> transformNode</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buf</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);</pre>
+<p>Creates <a href="http://www.w3.org/TR/xmlenc-core/#sec-OAEPParam" target="_top">&lt;enc:OAEPParam/&gt;</a> child node in the <code class="PARAMETER">node</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16565"><span style="white-space: nowrap"><code class="PARAMETER">transformNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-Transform" target="_top">&lt;dsig:Transform/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16571"><span style="white-space: nowrap"><code class="PARAMETER">buf</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the OAEP param buffer.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16576"><span style="white-space: nowrap"><code class="PARAMETER">size</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the OAEP param buffer size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16581"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLTRANSFORMADDXSLTSTYLESHEET"></a><h3>xmlSecTmplTransformAddXsltStylesheet ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTmplTransformAddXsltStylesheet
+ (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> transformNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *xslt</code>);</pre>
+<p>Writes the XSLT transform expression to the <code class="PARAMETER">node</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16602"><span style="white-space: nowrap"><code class="PARAMETER">transformNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-Transform" target="_top">&lt;dsig:Transform/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16608"><span style="white-space: nowrap"><code class="PARAMETER">xslt</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the XSLT transform exspression.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16613"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLTRANSFORMADDC14NINCLNAMESPACES"></a><h3>xmlSecTmplTransformAddC14NInclNamespaces ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTmplTransformAddC14NInclNamespaces
+ (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> transformNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *prefixList</code>);</pre>
+<p>Adds "inclusive" namespaces to the ExcC14N transform node <code class="PARAMETER">node</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16634"><span style="white-space: nowrap"><code class="PARAMETER">transformNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-Transform" target="_top">&lt;dsig:Transform/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16640"><span style="white-space: nowrap"><code class="PARAMETER">prefixList</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the white space delimited list of namespace prefixes,
+ where "<gtkdoclink href="DEFAULT"><span class="TYPE">default</span></gtkdoclink>" indicates the default namespace
+ (optional).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16647"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 if success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLTRANSFORMADDXPATH"></a><h3>xmlSecTmplTransformAddXPath ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTmplTransformAddXPath (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> transformNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *expression</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> **nsList</code>);</pre>
+<p>Writes XPath transform infromation to the <a href="http://www.w3.org/TR/xmldsig-core/#sec-Transform" target="_top">&lt;dsig:Transform/&gt;</a> node
+<code class="PARAMETER">node</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16672"><span style="white-space: nowrap"><code class="PARAMETER">transformNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to the <a href="http://www.w3.org/TR/xmldsig-core/#sec-Transform" target="_top">&lt;dsig:Transform/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16678"><span style="white-space: nowrap"><code class="PARAMETER">expression</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the XPath expression.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16683"><span style="white-space: nowrap"><code class="PARAMETER">nsList</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the NULL terminated list of namespace prefix/href pairs
+ (optional).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16688"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 for success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLTRANSFORMADDXPATH2"></a><h3>xmlSecTmplTransformAddXPath2 ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTmplTransformAddXPath2 (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> transformNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *type</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *expression</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> **nsList</code>);</pre>
+<p>Writes XPath2 transform infromation to the <a href="http://www.w3.org/TR/xmldsig-core/#sec-Transform" target="_top">&lt;dsig:Transform/&gt;</a> node
+<code class="PARAMETER">node</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16716"><span style="white-space: nowrap"><code class="PARAMETER">transformNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to the <a href="http://www.w3.org/TR/xmldsig-core/#sec-Transform" target="_top">&lt;dsig:Transform/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16722"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the XPath2 transform type ("union", "intersect" or "subtract").</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16727"><span style="white-space: nowrap"><code class="PARAMETER">expression</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the XPath expression.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16732"><span style="white-space: nowrap"><code class="PARAMETER">nsList</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the NULL terminated list of namespace prefix/href pairs.
+ (optional).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16737"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 for success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTMPLTRANSFORMADDXPOINTER"></a><h3>xmlSecTmplTransformAddXPointer ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTmplTransformAddXPointer (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> transformNode</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *expression</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> **nsList</code>);</pre>
+<p>Writes XPoniter transform infromation to the <a href="http://www.w3.org/TR/xmldsig-core/#sec-Transform" target="_top">&lt;dsig:Transform/&gt;</a> node
+<code class="PARAMETER">node</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16762"><span style="white-space: nowrap"><code class="PARAMETER">transformNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to the <a href="http://www.w3.org/TR/xmldsig-core/#sec-Transform" target="_top">&lt;dsig:Transform/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16768"><span style="white-space: nowrap"><code class="PARAMETER">expression</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the XPath expression.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16773"><span style="white-space: nowrap"><code class="PARAMETER">nsList</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the NULL terminated list of namespace prefix/href pairs.
+ (optional).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN16778"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 for success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-parser.html"><b>&lt;&lt;&lt; parser</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-transforms.html"><b>transforms &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-transforms.html b/docs/api/xmlsec-transforms.html
new file mode 100644
index 00000000..5e68dc02
--- /dev/null
+++ b/docs/api/xmlsec-transforms.html
@@ -0,0 +1,3059 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>transforms</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Core Library API Reference." href="xmlsec-ref.html">
+<link rel="PREVIOUS" title="templates" href="xmlsec-templates.html">
+<link rel="NEXT" title="version" href="xmlsec-version.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-templates.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-version.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-TRANSFORMS"></a>transforms</h1>
+<div class="REFNAMEDIV">
+<a name="AEN16788"></a><h2>Name</h2>transforms -- Transform object definition.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-TRANSFORMS.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS">#define <a href="xmlsec-transforms.html#XMLSEC-TRANSFORM-BINARY-CHUNK:CAPS">XMLSEC_TRANSFORM_BINARY_CHUNK</a>
+<a href="xmlsec-list.html#XMLSECPTRLIST"><span class="RETURNVALUE">xmlSecPtrListPtr</span></a> <a href="xmlsec-transforms.html#XMLSECTRANSFORMIDSGET">xmlSecTransformIdsGet</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMIDSINIT">xmlSecTransformIdsInit</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMIDSSHUTDOWN">xmlSecTransformIdsShutdown</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMIDSREGISTERDEFAULT">xmlSecTransformIdsRegisterDefault</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMIDSREGISTER">xmlSecTransformIdsRegister</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> id</code>);
+enum <a href="xmlsec-transforms.html#XMLSECTRANSFORMSTATUS">xmlSecTransformStatus</a>;
+enum <a href="xmlsec-transforms.html#XMLSECTRANSFORMMODE">xmlSecTransformMode</a>;
+enum <a href="xmlsec-transforms.html#XMLSECTRANSFORMOPERATION">xmlSecTransformOperation</a>;
+typedef <a href="xmlsec-transforms.html#XMLSECTRANSFORMURITYPE">xmlSecTransformUriType</a>;
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMURITYPENONE">xmlSecTransformUriTypeNone</a>
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMURITYPEEMPTY">xmlSecTransformUriTypeEmpty</a>
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMURITYPESAMEDOCUMENT">xmlSecTransformUriTypeSameDocument</a>
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMURITYPELOCAL">xmlSecTransformUriTypeLocal</a>
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMURITYPEREMOTE">xmlSecTransformUriTypeRemote</a>
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMURITYPEANY">xmlSecTransformUriTypeAny</a>
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMURITYPECHECK">xmlSecTransformUriTypeCheck</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMURITYPE"><span class="TYPE">xmlSecTransformUriType</span></a> type</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *uri</code>);
+typedef <a href="xmlsec-transforms.html#XMLSECTRANSFORMDATATYPE">xmlSecTransformDataType</a>;
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMDATATYPEUNKNOWN">xmlSecTransformDataTypeUnknown</a>
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMDATATYPEBIN">xmlSecTransformDataTypeBin</a>
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMDATATYPEXML">xmlSecTransformDataTypeXml</a>
+typedef <a href="xmlsec-transforms.html#XMLSECTRANSFORMUSAGE">xmlSecTransformUsage</a>;
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMUSAGEUNKNOWN">xmlSecTransformUsageUnknown</a>
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMUSAGEDSIGTRANSFORM">xmlSecTransformUsageDSigTransform</a>
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMUSAGEC14NMETHOD">xmlSecTransformUsageC14NMethod</a>
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMUSAGEDIGESTMETHOD">xmlSecTransformUsageDigestMethod</a>
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMUSAGESIGNATUREMETHOD">xmlSecTransformUsageSignatureMethod</a>
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMUSAGEENCRYPTIONMETHOD">xmlSecTransformUsageEncryptionMethod</a>
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMUSAGEANY">xmlSecTransformUsageAny</a>
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (<a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXPREEXECUTECALLBACK">*xmlSecTransformCtxPreExecuteCallback</a>)
+ (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);
+#define <a href="xmlsec-transforms.html#XMLSEC-TRANSFORMCTX-FLAGS-USE-VISA3D-HACK:CAPS">XMLSEC_TRANSFORMCTX_FLAGS_USE_VISA3D_HACK</a>
+struct <a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX">xmlSecTransformCtx</a>;
+<a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="RETURNVALUE">xmlSecTransformCtxPtr</span></a> <a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXCREATE">xmlSecTransformCtxCreate</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXDESTROY">xmlSecTransformCtxDestroy</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXINITIALIZE">xmlSecTransformCtxInitialize</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXFINALIZE">xmlSecTransformCtxFinalize</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXRESET">xmlSecTransformCtxReset</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXCOPYUSERPREF">xmlSecTransformCtxCopyUserPref</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> dst</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> src</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXSETURI">xmlSecTransformCtxSetUri</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *uri</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> hereNode</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXAPPEND">xmlSecTransformCtxAppend</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXPREPEND">xmlSecTransformCtxPrepend</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>);
+<gtkdoclink href="XMLSECTRANSFORMPTR"><span class="RETURNVALUE">xmlSecTransformPtr</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXCREATEANDAPPEND">xmlSecTransformCtxCreateAndAppend</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> id</code>);
+<gtkdoclink href="XMLSECTRANSFORMPTR"><span class="RETURNVALUE">xmlSecTransformPtr</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXCREATEANDPREPEND">xmlSecTransformCtxCreateAndPrepend</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> id</code>);
+<gtkdoclink href="XMLSECTRANSFORMPTR"><span class="RETURNVALUE">xmlSecTransformPtr</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXNODEREAD">xmlSecTransformCtxNodeRead</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMUSAGE"><span class="TYPE">xmlSecTransformUsage</span></a> usage</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXNODESLISTREAD">xmlSecTransformCtxNodesListRead</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMUSAGE"><span class="TYPE">xmlSecTransformUsage</span></a> usage</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXPREPARE">xmlSecTransformCtxPrepare</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMDATATYPE"><span class="TYPE">xmlSecTransformDataType</span></a> inputDataType</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXBINARYEXECUTE">xmlSecTransformCtxBinaryExecute</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXURIEXECUTE">xmlSecTransformCtxUriExecute</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *uri</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXXMLEXECUTE">xmlSecTransformCtxXmlExecute</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>,
+ <code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> nodes</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXEXECUTE">xmlSecTransformCtxExecute</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLDOC"><span class="TYPE">xmlDocPtr</span></gtkdoclink> doc</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXDEBUGDUMP">xmlSecTransformCtxDebugDump</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXDEBUGXMLDUMP">xmlSecTransformCtxDebugXmlDump</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);
+struct <a href="xmlsec-transforms.html#XMLSECTRANSFORM">xmlSecTransform</a>;
+<a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="RETURNVALUE">xmlSecTransformPtr</span></a> <a href="xmlsec-transforms.html#XMLSECTRANSFORMCREATE">xmlSecTransformCreate</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> id</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMDESTROY">xmlSecTransformDestroy</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>);
+<gtkdoclink href="XMLSECTRANSFORMPTR"><span class="RETURNVALUE">xmlSecTransformPtr</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMNODEREAD">xmlSecTransformNodeRead</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMUSAGE"><span class="TYPE">xmlSecTransformUsage</span></a> usage</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMPUMP">xmlSecTransformPump</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> left</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> right</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMSETKEY">xmlSecTransformSetKey</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMSETKEYREQ">xmlSecTransformSetKeyReq</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYREQ"><span class="TYPE">xmlSecKeyReqPtr</span></a> keyReq</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMVERIFY">xmlSecTransformVerify</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMVERIFYNODECONTENT">xmlSecTransformVerifyNodeContent</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);
+<a href="xmlsec-transforms.html#XMLSECTRANSFORMDATATYPE"><span class="RETURNVALUE">xmlSecTransformDataType</span></a> <a href="xmlsec-transforms.html#XMLSECTRANSFORMGETDATATYPE">xmlSecTransformGetDataType</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMMODE"><span class="TYPE">xmlSecTransformMode</span></a> mode</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMPUSHBIN">xmlSecTransformPushBin</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> final</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMPOPBIN">xmlSecTransformPopBin</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> maxDataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> *dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMPUSHXML">xmlSecTransformPushXml</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> nodes</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMPOPXML">xmlSecTransformPopXml</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> *nodes</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMEXECUTE">xmlSecTransformExecute</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> last</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMDEBUGDUMP">xmlSecTransformDebugDump</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMDEBUGXMLDUMP">xmlSecTransformDebugXmlDump</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMGETNAME">xmlSecTransformGetName</a> (transform)
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMISVALID">xmlSecTransformIsValid</a> (transform)
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMCHECKID">xmlSecTransformCheckId</a> (transform,
+ i)
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMCHECKSIZE">xmlSecTransformCheckSize</a> (transform,
+ size)
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMCONNECT">xmlSecTransformConnect</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> left</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> right</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMREMOVE">xmlSecTransformRemove</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>);
+<a href="xmlsec-transforms.html#XMLSECTRANSFORMDATATYPE"><span class="RETURNVALUE">xmlSecTransformDataType</span></a> <a href="xmlsec-transforms.html#XMLSECTRANSFORMDEFAULTGETDATATYPE">xmlSecTransformDefaultGetDataType</a>
+ (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMMODE"><span class="TYPE">xmlSecTransformMode</span></a> mode</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMDEFAULTPUSHBIN">xmlSecTransformDefaultPushBin</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> final</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMDEFAULTPOPBIN">xmlSecTransformDefaultPopBin</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> maxDataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> *dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMDEFAULTPUSHXML">xmlSecTransformDefaultPushXml</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> nodes</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMDEFAULTPOPXML">xmlSecTransformDefaultPopXml</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> *nodes</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);
+<gtkdoclink href="XMLOUTPUTBUFFERPTR"><span class="RETURNVALUE">xmlOutputBufferPtr</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMCREATEOUTPUTBUFFER">xmlSecTransformCreateOutputBuffer</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);
+<gtkdoclink href="XMLPARSERINPUTBUFFER"><span class="RETURNVALUE">xmlParserInputBufferPtr</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMCREATEINPUTBUFFER">xmlSecTransformCreateInputBuffer</a>
+ (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (<a href="xmlsec-transforms.html#XMLSECTRANSFORMINITIALIZEMETHOD">*xmlSecTransformInitializeMethod</a>) (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> (<a href="xmlsec-transforms.html#XMLSECTRANSFORMFINALIZEMETHOD">*xmlSecTransformFinalizeMethod</a>) (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>);
+<a href="xmlsec-transforms.html#XMLSECTRANSFORMDATATYPE"><span class="RETURNVALUE">xmlSecTransformDataType</span></a> (<a href="xmlsec-transforms.html#XMLSECTRANSFORMGETDATATYPEMETHOD">*xmlSecTransformGetDataTypeMethod</a>)
+ (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMMODE"><span class="TYPE">xmlSecTransformMode</span></a> mode</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (<a href="xmlsec-transforms.html#XMLSECTRANSFORMNODEREADMETHOD">*xmlSecTransformNodeReadMethod</a>) (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (<a href="xmlsec-transforms.html#XMLSECTRANSFORMNODEWRITEMETHOD">*xmlSecTransformNodeWriteMethod</a>) (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (<a href="xmlsec-transforms.html#XMLSECTRANSFORMSETKEYREQUIREMENTSMETHOD">*xmlSecTransformSetKeyRequirementsMethod</a>)
+ (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYREQ"><span class="TYPE">xmlSecKeyReqPtr</span></a> keyReq</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (<a href="xmlsec-transforms.html#XMLSECTRANSFORMSETKEYMETHOD">*xmlSecTransformSetKeyMethod</a>) (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (<a href="xmlsec-transforms.html#XMLSECTRANSFORMVERIFYMETHOD">*xmlSecTransformVerifyMethod</a>) (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (<a href="xmlsec-transforms.html#XMLSECTRANSFORMPUSHBINMETHOD">*xmlSecTransformPushBinMethod</a>) (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> final</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (<a href="xmlsec-transforms.html#XMLSECTRANSFORMPOPBINMETHOD">*xmlSecTransformPopBinMethod</a>) (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> maxDataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> *dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (<a href="xmlsec-transforms.html#XMLSECTRANSFORMPUSHXMLMETHOD">*xmlSecTransformPushXmlMethod</a>) (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> nodes</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (<a href="xmlsec-transforms.html#XMLSECTRANSFORMPOPXMLMETHOD">*xmlSecTransformPopXmlMethod</a>) (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> *nodes</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (<a href="xmlsec-transforms.html#XMLSECTRANSFORMEXECUTEMETHOD">*xmlSecTransformExecuteMethod</a>) (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> last</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);
+struct <a href="xmlsec-transforms.html#XMLSECTRANSFORMKLASS">xmlSecTransformKlass</a>;
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMKLASSGETNAME">xmlSecTransformKlassGetName</a> (klass)
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMIDLISTID">xmlSecTransformIdListId</a>
+<gtkdoclink href="XMLSECPTRLISTID"><span class="RETURNVALUE">xmlSecPtrListId</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMIDLISTGETKLASS">xmlSecTransformIdListGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMIDLISTFIND">xmlSecTransformIdListFind</a> (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> transformId</code>);
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMIDLISTFINDBYHREF">xmlSecTransformIdListFindByHref</a> (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *href</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMUSAGE"><span class="TYPE">xmlSecTransformUsage</span></a> usage</code>);
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMIDLISTFINDBYNAME">xmlSecTransformIdListFindByName</a> (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMUSAGE"><span class="TYPE">xmlSecTransformUsage</span></a> usage</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMIDLISTDEBUGDUMP">xmlSecTransformIdListDebugDump</a> (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMIDLISTDEBUGXMLDUMP">xmlSecTransformIdListDebugXmlDump</a> (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMIDUNKNOWN">xmlSecTransformIdUnknown</a>
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMBASE64ID">xmlSecTransformBase64Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMBASE64GETKLASS">xmlSecTransformBase64GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMBASE64SETLINESIZE">xmlSecTransformBase64SetLineSize</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> lineSize</code>);
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMINCLC14NID">xmlSecTransformInclC14NId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMINCLC14NGETKLASS">xmlSecTransformInclC14NGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMINCLC14NWITHCOMMENTSID">xmlSecTransformInclC14NWithCommentsId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMINCLC14NWITHCOMMENTSGETKLASS">xmlSecTransformInclC14NWithCommentsGetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMINCLC14N11ID">xmlSecTransformInclC14N11Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMINCLC14N11GETKLASS">xmlSecTransformInclC14N11GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMINCLC14N11WITHCOMMENTSID">xmlSecTransformInclC14N11WithCommentsId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMINCLC14N11WITHCOMMENTSGETKLASS">xmlSecTransformInclC14N11WithCommentsGetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMEXCLC14NID">xmlSecTransformExclC14NId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMEXCLC14NGETKLASS">xmlSecTransformExclC14NGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMEXCLC14NWITHCOMMENTSID">xmlSecTransformExclC14NWithCommentsId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMEXCLC14NWITHCOMMENTSGETKLASS">xmlSecTransformExclC14NWithCommentsGetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMENVELOPEDID">xmlSecTransformEnvelopedId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMENVELOPEDGETKLASS">xmlSecTransformEnvelopedGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMXPATHID">xmlSecTransformXPathId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMXPATHGETKLASS">xmlSecTransformXPathGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMXPATH2ID">xmlSecTransformXPath2Id</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMXPATH2GETKLASS">xmlSecTransformXPath2GetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMXPOINTERID">xmlSecTransformXPointerId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMXPOINTERGETKLASS">xmlSecTransformXPointerGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMXPOINTERSETEXPR">xmlSecTransformXPointerSetExpr</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *expr</code>,
+ <code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESETTYPE"><span class="TYPE">xmlSecNodeSetType</span></a> nodeSetType</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> hereNode</code>);
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMXSLTID">xmlSecTransformXsltId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMXSLTGETKLASS">xmlSecTransformXsltGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMXSLTSETDEFAULTSECURITYPREFS">xmlSecTransformXsltSetDefaultSecurityPrefs</a>
+ (<code class="PARAMETER"><gtkdoclink href="XSLTSECURITYPREFS"><span class="TYPE">xsltSecurityPrefsPtr</span></gtkdoclink> sec</code>);
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMREMOVEXMLTAGSC14NID">xmlSecTransformRemoveXmlTagsC14NId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMREMOVEXMLTAGSC14NGETKLASS">xmlSecTransformRemoveXmlTagsC14NGetKlass</a>
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-transforms.html#XMLSECTRANSFORMVISA3DHACKID">xmlSecTransformVisa3DHackId</a>
+<gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMVISA3DHACKGETKLASS">xmlSecTransformVisa3DHackGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-transforms.html#XMLSECTRANSFORMVISA3DHACKSETID">xmlSecTransformVisa3DHackSetID</a> (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *id</code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-TRANSFORMS.DESCRIPTION"></a><h2>Description</h2>
+<p>Transform object definition.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-TRANSFORMS.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSEC-TRANSFORM-BINARY-CHUNK:CAPS"></a><h3>XMLSEC_TRANSFORM_BINARY_CHUNK</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_TRANSFORM_BINARY_CHUNK 64</pre>
+<p>The binary data chunks size. XMLSec processes binary data one chunk
+at a time. Changing this impacts xmlsec memory usage and performance.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMIDSGET"></a><h3>xmlSecTransformIdsGet ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="RETURNVALUE">xmlSecPtrListPtr</span></a> xmlSecTransformIdsGet (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Gets global registered transform klasses list.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN17690"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to list of all registered transform klasses.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMIDSINIT"></a><h3>xmlSecTransformIdsInit ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTransformIdsInit (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Initializes the transform klasses. This function is called from the
+<a href="xmlsec-xmlsec.html#XMLSECINIT"><span class="TYPE">xmlSecInit</span></a> function and the application should not call it directly.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN17708"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMIDSSHUTDOWN"></a><h3>xmlSecTransformIdsShutdown ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecTransformIdsShutdown (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Shuts down the keys data klasses. This function is called from the
+<a href="xmlsec-xmlsec.html#XMLSECSHUTDOWN"><span class="TYPE">xmlSecShutdown</span></a> function and the application should not call it directly.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMIDSREGISTERDEFAULT"></a><h3>xmlSecTransformIdsRegisterDefault ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTransformIdsRegisterDefault (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Registers default (implemented by XML Security Library)
+transform klasses: XPath transform, Base64 transform, ...</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN17736"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMIDSREGISTER"></a><h3>xmlSecTransformIdsRegister ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTransformIdsRegister (<code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> id</code>);</pre>
+<p>Registers <code class="PARAMETER">id</code> in the global list of transform klasses.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN17754"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the transform klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN17759"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMSTATUS"></a><h3>enum xmlSecTransformStatus</h3>
+<pre class="PROGRAMLISTING">typedef enum {
+ xmlSecTransformStatusNone = 0,
+ xmlSecTransformStatusWorking,
+ xmlSecTransformStatusFinished,
+ xmlSecTransformStatusOk,
+ xmlSecTransformStatusFail
+} xmlSecTransformStatus;</pre>
+<p>The transform execution status.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECTRANSFORMSTATUSNONE"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecTransformStatusNone</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>the status unknown.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECTRANSFORMSTATUSWORKING"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecTransformStatusWorking</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>the transform is executed.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECTRANSFORMSTATUSFINISHED"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecTransformStatusFinished</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>the transform finished</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECTRANSFORMSTATUSOK"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecTransformStatusOk</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>the transform succeeded.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECTRANSFORMSTATUSFAIL"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecTransformStatusFail</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>the transform failed (an error occur).</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMMODE"></a><h3>enum xmlSecTransformMode</h3>
+<pre class="PROGRAMLISTING">typedef enum {
+ xmlSecTransformModeNone = 0,
+ xmlSecTransformModePush,
+ xmlSecTransformModePop
+} xmlSecTransformMode;</pre>
+<p>The transform operation mode</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECTRANSFORMMODENONE"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecTransformModeNone</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>the mode is unknown.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECTRANSFORMMODEPUSH"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecTransformModePush</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>pushing data thru transform.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECTRANSFORMMODEPOP"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecTransformModePop</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>popping data from transform.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMOPERATION"></a><h3>enum xmlSecTransformOperation</h3>
+<pre class="PROGRAMLISTING">typedef enum {
+ xmlSecTransformOperationNone = 0,
+ xmlSecTransformOperationEncode,
+ xmlSecTransformOperationDecode,
+ xmlSecTransformOperationSign,
+ xmlSecTransformOperationVerify,
+ xmlSecTransformOperationEncrypt,
+ xmlSecTransformOperationDecrypt
+} xmlSecTransformOperation;</pre>
+<p>The transform operation.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECTRANSFORMOPERATIONNONE"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecTransformOperationNone</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>the operation is unknown.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECTRANSFORMOPERATIONENCODE"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecTransformOperationEncode</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>the encode operation (for base64 transform).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECTRANSFORMOPERATIONDECODE"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecTransformOperationDecode</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>the decode operation (for base64 transform).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECTRANSFORMOPERATIONSIGN"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecTransformOperationSign</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>the sign or digest operation.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECTRANSFORMOPERATIONVERIFY"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecTransformOperationVerify</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>the verification of signature or digest operation.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECTRANSFORMOPERATIONENCRYPT"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecTransformOperationEncrypt</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>the encryption operation.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECTRANSFORMOPERATIONDECRYPT"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecTransformOperationDecrypt</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>the decryption operation.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMURITYPE"></a><h3>xmlSecTransformUriType</h3>
+<pre class="PROGRAMLISTING">typedef unsigned int xmlSecTransformUriType;</pre>
+<p>URI transform type bit mask.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMURITYPENONE"></a><h3>xmlSecTransformUriTypeNone</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformUriTypeNone 0x0000</pre>
+<p>The URI type is unknown or not set.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMURITYPEEMPTY"></a><h3>xmlSecTransformUriTypeEmpty</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformUriTypeEmpty 0x0001</pre>
+<p>The empty URI ("") type.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMURITYPESAMEDOCUMENT"></a><h3>xmlSecTransformUriTypeSameDocument</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformUriTypeSameDocument 0x0002</pre>
+<p>The smae document ("#...") but not empty ("") URI type.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMURITYPELOCAL"></a><h3>xmlSecTransformUriTypeLocal</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformUriTypeLocal 0x0004</pre>
+<p>The local URI ("file:///....") type.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMURITYPEREMOTE"></a><h3>xmlSecTransformUriTypeRemote</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformUriTypeRemote 0x0008</pre>
+<p>The remote URI type.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMURITYPEANY"></a><h3>xmlSecTransformUriTypeAny</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformUriTypeAny 0xFFFF</pre>
+<p>Any URI type.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMURITYPECHECK"></a><h3>xmlSecTransformUriTypeCheck ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTransformUriTypeCheck (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMURITYPE"><span class="TYPE">xmlSecTransformUriType</span></a> type</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *uri</code>);</pre>
+<p>Checks if <code class="PARAMETER">uri</code> matches expected type <code class="PARAMETER">type</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN17919"><span style="white-space: nowrap"><code class="PARAMETER">type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the expected URI type.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN17924"><span style="white-space: nowrap"><code class="PARAMETER">uri</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the uri for checking.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN17929"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 1 if <code class="PARAMETER">uri</code> matches <code class="PARAMETER">type</code>, 0 if not or a negative value
+if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMDATATYPE"></a><h3>xmlSecTransformDataType</h3>
+<pre class="PROGRAMLISTING">typedef xmlSecByte xmlSecTransformDataType;</pre>
+<p>Transform data type bit mask.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMDATATYPEUNKNOWN"></a><h3>xmlSecTransformDataTypeUnknown</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformDataTypeUnknown 0x0000</pre>
+<p>The transform data type is unknown or nor data expected.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMDATATYPEBIN"></a><h3>xmlSecTransformDataTypeBin</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformDataTypeBin 0x0001</pre>
+<p>The binary transform data.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMDATATYPEXML"></a><h3>xmlSecTransformDataTypeXml</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformDataTypeXml 0x0002</pre>
+<p>The xml transform data.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMUSAGE"></a><h3>xmlSecTransformUsage</h3>
+<pre class="PROGRAMLISTING">typedef unsigned int xmlSecTransformUsage;</pre>
+<p>The transform usage bit mask.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMUSAGEUNKNOWN"></a><h3>xmlSecTransformUsageUnknown</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformUsageUnknown 0x0000</pre>
+<p>Transforms usage is unknown or undefined.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMUSAGEDSIGTRANSFORM"></a><h3>xmlSecTransformUsageDSigTransform</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformUsageDSigTransform 0x0001</pre>
+<p>Transform could be used in &lt;dsig:Transform&gt;.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMUSAGEC14NMETHOD"></a><h3>xmlSecTransformUsageC14NMethod</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformUsageC14NMethod 0x0002</pre>
+<p>Transform could be used in &lt;dsig:CanonicalizationMethod&gt;.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMUSAGEDIGESTMETHOD"></a><h3>xmlSecTransformUsageDigestMethod</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformUsageDigestMethod 0x0004</pre>
+<p>Transform could be used in &lt;dsig:DigestMethod&gt;.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMUSAGESIGNATUREMETHOD"></a><h3>xmlSecTransformUsageSignatureMethod</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformUsageSignatureMethod 0x0008</pre>
+<p>Transform could be used in &lt;dsig:SignatureMethod&gt;.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMUSAGEENCRYPTIONMETHOD"></a><h3>xmlSecTransformUsageEncryptionMethod</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformUsageEncryptionMethod 0x0010</pre>
+<p>Transform could be used in &lt;enc:EncryptionMethod&gt;.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMUSAGEANY"></a><h3>xmlSecTransformUsageAny</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformUsageAny 0xFFFF</pre>
+<p>Transform could be used for operation.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMCTXPREEXECUTECALLBACK"></a><h3>xmlSecTransformCtxPreExecuteCallback ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (*xmlSecTransformCtxPreExecuteCallback)
+ (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);</pre>
+<p>The callback called after creating transforms chain but before
+starting data processing. Application can use this callback to
+do additional transforms chain verification or modification and
+aborting transforms execution (if necessary).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18020"><span style="white-space: nowrap"><code class="PARAMETER">transformCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform's context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18025"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success and a negative value otherwise (in this case,
+transforms chain will not be executed and xmlsec processing stops).</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-TRANSFORMCTX-FLAGS-USE-VISA3D-HACK:CAPS"></a><h3>XMLSEC_TRANSFORMCTX_FLAGS_USE_VISA3D_HACK</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_TRANSFORMCTX_FLAGS_USE_VISA3D_HACK 0x00000001</pre>
+<p>If this flag is set then URI ID references are resolved directly
+without using XPointers. This allows one to sign/verify Visa3D
+documents that don't follow XML, XPointer and XML DSig specifications.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMCTX"></a><h3>struct xmlSecTransformCtx</h3>
+<pre class="PROGRAMLISTING">struct xmlSecTransformCtx {
+ /* user settings */
+ void* userData;
+ unsigned int flags;
+ unsigned int flags2;
+ xmlSecTransformUriType enabledUris;
+ xmlSecPtrList enabledTransforms;
+ xmlSecTransformCtxPreExecuteCallback preExecCallback;
+
+ /* results */
+ xmlSecBufferPtr result;
+ xmlSecTransformStatus status;
+ xmlChar* uri;
+ xmlChar* xptrExpr;
+ xmlSecTransformPtr first;
+ xmlSecTransformPtr last;
+
+ /* for the future */
+ void* reserved0;
+ void* reserved1;
+};</pre>
+<p>The transform execution context.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18043"><span style="white-space: nowrap"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *<code class="STRUCTFIELD">userData</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to user data (xmlsec and xmlsec-crypto never
+ touch this).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18050"><span style="white-space: nowrap">unsigned <gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> <code class="STRUCTFIELD">flags</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the bit mask flags to control transforms execution
+ (reserved for the future).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18057"><span style="white-space: nowrap">unsigned <gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> <code class="STRUCTFIELD">flags2</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the bit mask flags to control transforms execution
+ (reserved for the future).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18064"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORMURITYPE"><span class="TYPE">xmlSecTransformUriType</span></a> <code class="STRUCTFIELD">enabledUris</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the allowed transform data source uri types.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18071"><span style="white-space: nowrap"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrList</span></a> <code class="STRUCTFIELD">enabledTransforms</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the list of enabled transforms; if list is empty (default)
+ then all registered transforms are enabled.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18078"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXPREEXECUTECALLBACK"><span class="TYPE">xmlSecTransformCtxPreExecuteCallback</span></a> <code class="STRUCTFIELD">preExecCallback</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the callback called after preparing transform chain
+ and right before actual data processing; application
+ can use this callback to change transforms parameters,
+ insert additional transforms in the chain or do
+ additional validation (and abort transform execution
+ if needed).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18085"><span style="white-space: nowrap"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> <code class="STRUCTFIELD">result</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transforms result buffer.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18092"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORMSTATUS"><span class="TYPE">xmlSecTransformStatus</span></a> <code class="STRUCTFIELD">status</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the transforms chain processng status.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18099"><span style="white-space: nowrap"><gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *<code class="STRUCTFIELD">uri</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data source URI without xpointer expression.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18106"><span style="white-space: nowrap"><gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *<code class="STRUCTFIELD">xptrExpr</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the xpointer expression from data source URI (if any).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18113"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> <code class="STRUCTFIELD">first</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the first transform in the chain.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18120"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> <code class="STRUCTFIELD">last</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the last transform in the chain.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18127"><span style="white-space: nowrap"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *<code class="STRUCTFIELD">reserved0</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>reserved for the future.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18134"><span style="white-space: nowrap"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *<code class="STRUCTFIELD">reserved1</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>reserved for the future.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMCTXCREATE"></a><h3>xmlSecTransformCtxCreate ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="RETURNVALUE">xmlSecTransformCtxPtr</span></a> xmlSecTransformCtxCreate (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Creates transforms chain processing context.
+The caller is responsible for destroying returned object by calling
+<a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXDESTROY"><span class="TYPE">xmlSecTransformCtxDestroy</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN18154"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to newly allocated context object or NULL if an error
+occurs.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMCTXDESTROY"></a><h3>xmlSecTransformCtxDestroy ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecTransformCtxDestroy (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>);</pre>
+<p>Destroy context object created with <a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXCREATE"><span class="TYPE">xmlSecTransformCtxCreate</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN18173"><span style="white-space: nowrap"><code class="PARAMETER">ctx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transforms chain processing context.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMCTXINITIALIZE"></a><h3>xmlSecTransformCtxInitialize ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTransformCtxInitialize (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>);</pre>
+<p>Initializes transforms chain processing context.
+The caller is responsible for cleaning up returned object by calling
+<a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXFINALIZE"><span class="TYPE">xmlSecTransformCtxFinalize</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18192"><span style="white-space: nowrap"><code class="PARAMETER">ctx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transforms chain processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18197"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMCTXFINALIZE"></a><h3>xmlSecTransformCtxFinalize ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecTransformCtxFinalize (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>);</pre>
+<p>Cleans up <code class="PARAMETER">ctx</code> object initialized with <a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXINITIALIZE"><span class="TYPE">xmlSecTransformCtxInitialize</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN18217"><span style="white-space: nowrap"><code class="PARAMETER">ctx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transforms chain processing context.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMCTXRESET"></a><h3>xmlSecTransformCtxReset ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecTransformCtxReset (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>);</pre>
+<p>Resets transfroms context for new processing.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN18234"><span style="white-space: nowrap"><code class="PARAMETER">ctx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transforms chain processing context.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMCTXCOPYUSERPREF"></a><h3>xmlSecTransformCtxCopyUserPref ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTransformCtxCopyUserPref (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> dst</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> src</code>);</pre>
+<p>Copies user settings from <code class="PARAMETER">src</code> context to <code class="PARAMETER">dst</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18256"><span style="white-space: nowrap"><code class="PARAMETER">dst</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to destination transforms chain processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18261"><span style="white-space: nowrap"><code class="PARAMETER">src</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to source transforms chain processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18266"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMCTXSETURI"></a><h3>xmlSecTransformCtxSetUri ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTransformCtxSetUri (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *uri</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> hereNode</code>);</pre>
+<p>Parses uri and adds xpointer transforms if required.</p>
+<p>The following examples demonstrate what the URI attribute identifies and
+how it is dereferenced
+(http://www.w3.org/TR/xmldsig-core/<gtkdoclink href="SEC-REFERENCEPROCESSINGMODEL"><span class="TYPE">sec-ReferenceProcessingModel</span></gtkdoclink>):</p>
+<p>- URI="http://example.com/bar.xml"
+identifies the octets that represent the external resource
+'http://example.com/bar.xml', that is probably an XML document given
+its file extension.</p>
+<p>- URI="http://example.com/bar.xml<gtkdoclink href="CHAPTER1"><span class="TYPE">chapter1</span></gtkdoclink>"
+identifies the element with ID attribute value 'chapter1' of the
+external XML resource 'http://example.com/bar.xml', provided as an
+octet stream. Again, for the sake of interoperability, the element
+identified as 'chapter1' should be obtained using an XPath transform
+rather than a URI fragment (barename XPointer resolution in external
+resources is not REQUIRED in this specification).</p>
+<p>- URI=""
+identifies the node-set (minus any comment nodes) of the XML resource
+containing the signature</p>
+<p>- URI="<gtkdoclink href="CHAPTER1"><span class="TYPE">chapter1</span></gtkdoclink>"
+identifies a node-set containing the element with ID attribute value
+'chapter1' of the XML resource containing the signature. XML Signature
+(and its applications) modify this node-set to include the element plus
+all descendents including namespaces and attributes -- but not comments.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18300"><span style="white-space: nowrap"><code class="PARAMETER">ctx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transforms chain processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18305"><span style="white-space: nowrap"><code class="PARAMETER">uri</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the URI.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18310"><span style="white-space: nowrap"><code class="PARAMETER">hereNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to "here" node required by some
+ XML transforms (may be NULL).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18315"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMCTXAPPEND"></a><h3>xmlSecTransformCtxAppend ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTransformCtxAppend (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>);</pre>
+<p>Connects the <code class="PARAMETER">transform</code> to the end of the chain of transforms in the <code class="PARAMETER">ctx</code>
+(see <a href="xmlsec-transforms.html#XMLSECTRANSFORMCONNECT"><span class="TYPE">xmlSecTransformConnect</span></a> function for details).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18339"><span style="white-space: nowrap"><code class="PARAMETER">ctx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transforms chain processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18344"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to new transform.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18349"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMCTXPREPEND"></a><h3>xmlSecTransformCtxPrepend ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTransformCtxPrepend (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>);</pre>
+<p>Connects the <code class="PARAMETER">transform</code> to the beggining of the chain of transforms in the <code class="PARAMETER">ctx</code>
+(see <a href="xmlsec-transforms.html#XMLSECTRANSFORMCONNECT"><span class="TYPE">xmlSecTransformConnect</span></a> function for details).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18373"><span style="white-space: nowrap"><code class="PARAMETER">ctx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transforms chain processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18378"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to new transform.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18383"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMCTXCREATEANDAPPEND"></a><h3>xmlSecTransformCtxCreateAndAppend ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMPTR"><span class="RETURNVALUE">xmlSecTransformPtr</span></gtkdoclink> xmlSecTransformCtxCreateAndAppend (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> id</code>);</pre>
+<p>Creaeates new transform and connects it to the end of the chain of
+transforms in the <code class="PARAMETER">ctx</code> (see <a href="xmlsec-transforms.html#XMLSECTRANSFORMCONNECT"><span class="TYPE">xmlSecTransformConnect</span></a> function for details).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18406"><span style="white-space: nowrap"><code class="PARAMETER">ctx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transforms chain processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18411"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new transform klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18416"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to newly created transform or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMCTXCREATEANDPREPEND"></a><h3>xmlSecTransformCtxCreateAndPrepend ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMPTR"><span class="RETURNVALUE">xmlSecTransformPtr</span></gtkdoclink> xmlSecTransformCtxCreateAndPrepend (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> id</code>);</pre>
+<p>Creaeates new transform and connects it to the end of the chain of
+transforms in the <code class="PARAMETER">ctx</code> (see <a href="xmlsec-transforms.html#XMLSECTRANSFORMCONNECT"><span class="TYPE">xmlSecTransformConnect</span></a> function for details).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18439"><span style="white-space: nowrap"><code class="PARAMETER">ctx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transforms chain processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18444"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new transform klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18449"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to newly created transform or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMCTXNODEREAD"></a><h3>xmlSecTransformCtxNodeRead ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMPTR"><span class="RETURNVALUE">xmlSecTransformPtr</span></gtkdoclink> xmlSecTransformCtxNodeRead (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMUSAGE"><span class="TYPE">xmlSecTransformUsage</span></a> usage</code>);</pre>
+<p>Reads the transform from the <code class="PARAMETER">node</code> and appends it to the current chain
+of transforms in <code class="PARAMETER">ctx</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18474"><span style="white-space: nowrap"><code class="PARAMETER">ctx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transforms chain processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18479"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform's node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18484"><span style="white-space: nowrap"><code class="PARAMETER">usage</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the transform's usage (signature, encryption, etc.).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18489"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to newly created transform or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMCTXNODESLISTREAD"></a><h3>xmlSecTransformCtxNodesListRead ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTransformCtxNodesListRead (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMUSAGE"><span class="TYPE">xmlSecTransformUsage</span></a> usage</code>);</pre>
+<p>Reads transforms from the <a href="http://www.w3.org/TR/xmldsig-core/#sec-Transform" target="_top">&lt;dsig:Transform/&gt;</a> children of the <code class="PARAMETER">node</code> and
+appends them to the current transforms chain in <code class="PARAMETER">ctx</code> object.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18515"><span style="white-space: nowrap"><code class="PARAMETER">ctx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transforms chain processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18520"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-Transform" target="_top">&lt;dsig:Transform/&gt;</a> nodes parent node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18526"><span style="white-space: nowrap"><code class="PARAMETER">usage</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the transform's usage (signature, encryption, etc.).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18531"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMCTXPREPARE"></a><h3>xmlSecTransformCtxPrepare ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTransformCtxPrepare (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMDATATYPE"><span class="TYPE">xmlSecTransformDataType</span></a> inputDataType</code>);</pre>
+<p>Prepares the transform context for processing data of <code class="PARAMETER">inputDataType</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18552"><span style="white-space: nowrap"><code class="PARAMETER">ctx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transforms chain processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18557"><span style="white-space: nowrap"><code class="PARAMETER">inputDataType</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the expected input type.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18562"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMCTXBINARYEXECUTE"></a><h3>xmlSecTransformCtxBinaryExecute ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTransformCtxBinaryExecute (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>);</pre>
+<p>Processes binary data using transforms chain in the <code class="PARAMETER">ctx</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18586"><span style="white-space: nowrap"><code class="PARAMETER">ctx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transforms chain processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18591"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the input binary data buffer.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18596"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the input data size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18601"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMCTXURIEXECUTE"></a><h3>xmlSecTransformCtxUriExecute ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTransformCtxUriExecute (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *uri</code>);</pre>
+<p>Process binary data from the URI using transforms chain in <code class="PARAMETER">ctx</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18622"><span style="white-space: nowrap"><code class="PARAMETER">ctx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transforms chain processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18627"><span style="white-space: nowrap"><code class="PARAMETER">uri</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the URI.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18632"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMCTXXMLEXECUTE"></a><h3>xmlSecTransformCtxXmlExecute ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTransformCtxXmlExecute (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>,
+ <code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> nodes</code>);</pre>
+<p>Process <code class="PARAMETER">nodes</code> using transforms in the transforms chain in <code class="PARAMETER">ctx</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18654"><span style="white-space: nowrap"><code class="PARAMETER">ctx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transforms chain processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18659"><span style="white-space: nowrap"><code class="PARAMETER">nodes</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the input node set.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18664"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMCTXEXECUTE"></a><h3>xmlSecTransformCtxExecute ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTransformCtxExecute (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLDOC"><span class="TYPE">xmlDocPtr</span></gtkdoclink> doc</code>);</pre>
+<p>Executes transforms chain in <code class="PARAMETER">ctx</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18685"><span style="white-space: nowrap"><code class="PARAMETER">ctx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transforms chain processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18690"><span style="white-space: nowrap"><code class="PARAMETER">doc</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to input document.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18695"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMCTXDEBUGDUMP"></a><h3>xmlSecTransformCtxDebugDump ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecTransformCtxDebugDump (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+<p>Prints transforms context debug information to <code class="PARAMETER">output</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18716"><span style="white-space: nowrap"><code class="PARAMETER">ctx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transforms chain processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18721"><span style="white-space: nowrap"><code class="PARAMETER">output</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to output FILE.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMCTXDEBUGXMLDUMP"></a><h3>xmlSecTransformCtxDebugXmlDump ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecTransformCtxDebugXmlDump (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> ctx</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+<p>Prints transforms context debug information to <code class="PARAMETER">output</code> in XML format.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18742"><span style="white-space: nowrap"><code class="PARAMETER">ctx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transforms chain processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18747"><span style="white-space: nowrap"><code class="PARAMETER">output</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to output FILE.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORM"></a><h3>struct xmlSecTransform</h3>
+<pre class="PROGRAMLISTING">struct xmlSecTransform {
+ xmlSecTransformId id;
+ xmlSecTransformOperation operation;
+ xmlSecTransformStatus status;
+ xmlNodePtr hereNode;
+
+ /* transforms chain */
+ xmlSecTransformPtr next;
+ xmlSecTransformPtr prev;
+
+ /* binary data */
+ xmlSecBuffer inBuf;
+ xmlSecBuffer outBuf;
+
+ /* xml data */
+ xmlSecNodeSetPtr inNodes;
+ xmlSecNodeSetPtr outNodes;
+
+ /* reserved for the future */
+ void* reserved0;
+ void* reserved1;
+};</pre>
+<p>The transform structure.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18759"><span style="white-space: nowrap"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> <code class="STRUCTFIELD">id</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the transform id (pointer to <gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink>).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18768"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORMOPERATION"><span class="TYPE">xmlSecTransformOperation</span></a> <code class="STRUCTFIELD">operation</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the transform's opertaion.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18775"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORMSTATUS"><span class="TYPE">xmlSecTransformStatus</span></a> <code class="STRUCTFIELD">status</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the current status.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18782"><span style="white-space: nowrap"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> <code class="STRUCTFIELD">hereNode</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform's <a href="http://www.w3.org/TR/xmldsig-core/#sec-Transform%20" target="_top">&lt;dsig:Transform /&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18790"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> <code class="STRUCTFIELD">next</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to next transform in the chain.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18797"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> <code class="STRUCTFIELD">prev</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to previous transform in the chain.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18804"><span style="white-space: nowrap"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBuffer</span></a> <code class="STRUCTFIELD">inBuf</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the input binary data buffer.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18811"><span style="white-space: nowrap"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBuffer</span></a> <code class="STRUCTFIELD">outBuf</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the output binary data buffer.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18818"><span style="white-space: nowrap"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> <code class="STRUCTFIELD">inNodes</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the input XML nodes.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18825"><span style="white-space: nowrap"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> <code class="STRUCTFIELD">outNodes</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the output XML nodes.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18832"><span style="white-space: nowrap"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *<code class="STRUCTFIELD">reserved0</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>reserved for the future.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18839"><span style="white-space: nowrap"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *<code class="STRUCTFIELD">reserved1</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>reserved for the future.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMCREATE"></a><h3>xmlSecTransformCreate ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="RETURNVALUE">xmlSecTransformPtr</span></a> xmlSecTransformCreate (<code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> id</code>);</pre>
+<p>Creates new transform of the <code class="PARAMETER">id</code> klass. The caller is responsible for
+destroying returned tansform using <a href="xmlsec-transforms.html#XMLSECTRANSFORMDESTROY"><span class="TYPE">xmlSecTransformDestroy</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18861"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the transform id to create.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18866"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to newly created transform or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMDESTROY"></a><h3>xmlSecTransformDestroy ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecTransformDestroy (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>);</pre>
+<p>Destroys transform created with <a href="xmlsec-transforms.html#XMLSECTRANSFORMCREATE"><span class="TYPE">xmlSecTransformCreate</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN18885"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMNODEREAD"></a><h3>xmlSecTransformNodeRead ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMPTR"><span class="RETURNVALUE">xmlSecTransformPtr</span></gtkdoclink> xmlSecTransformNodeRead (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMUSAGE"><span class="TYPE">xmlSecTransformUsage</span></a> usage</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);</pre>
+<p>Reads transform from the <code class="PARAMETER">node</code> as follows:</p>
+<p> 1) reads "Algorithm" attribute;</p>
+<p> 2) checks the lists of known and allowed transforms;</p>
+<p> 3) calls transform's create method;</p>
+<p> 4) calls transform's read transform node method.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18913"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to the transform's node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18918"><span style="white-space: nowrap"><code class="PARAMETER">usage</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the transform usage (signature, encryption, ...).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18923"><span style="white-space: nowrap"><code class="PARAMETER">transformCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the transform's chaing processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18928"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to newly created transform or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMPUMP"></a><h3>xmlSecTransformPump ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTransformPump (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> left</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> right</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);</pre>
+<p>Pops data from <code class="PARAMETER">left</code> transform and pushes to <code class="PARAMETER">right</code> transform until
+no more data is available.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18953"><span style="white-space: nowrap"><code class="PARAMETER">left</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the source pumping transform.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18958"><span style="white-space: nowrap"><code class="PARAMETER">right</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the destination pumping transform.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18963"><span style="white-space: nowrap"><code class="PARAMETER">transformCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the transform's chaing processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18968"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMSETKEY"></a><h3>xmlSecTransformSetKey ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTransformSetKey (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);</pre>
+<p>Sets the transform's key.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18988"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18993"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN18998"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMSETKEYREQ"></a><h3>xmlSecTransformSetKeyReq ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTransformSetKeyReq (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYREQ"><span class="TYPE">xmlSecKeyReqPtr</span></a> keyReq</code>);</pre>
+<p>Sets the key requirements for <code class="PARAMETER">transform</code> in the <code class="PARAMETER">keyReq</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19020"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19025"><span style="white-space: nowrap"><code class="PARAMETER">keyReq</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys requirements object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19030"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMVERIFY"></a><h3>xmlSecTransformVerify ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTransformVerify (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);</pre>
+<p>Verifies the data with transform's processing results
+(for digest, HMAC and signature transforms). The verification
+result is stored in the <gtkdoclink href="STATUS"><span class="TYPE">status</span></gtkdoclink> member of <a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransform</span></a> object.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19060"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19065"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the binary data for verification.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19070"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19075"><span style="white-space: nowrap"><code class="PARAMETER">transformCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the transform's chaing processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19080"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMVERIFYNODECONTENT"></a><h3>xmlSecTransformVerifyNodeContent ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTransformVerifyNodeContent (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);</pre>
+<p>Gets the <code class="PARAMETER">node</code> content, base64 decodes it and calls <a href="xmlsec-transforms.html#XMLSECTRANSFORMVERIFY"><span class="TYPE">xmlSecTransformVerify</span></a>
+function to verify binary results.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19106"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19111"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19116"><span style="white-space: nowrap"><code class="PARAMETER">transformCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the transform's chaing processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19121"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMGETDATATYPE"></a><h3>xmlSecTransformGetDataType ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-transforms.html#XMLSECTRANSFORMDATATYPE"><span class="RETURNVALUE">xmlSecTransformDataType</span></a> xmlSecTransformGetDataType (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMMODE"><span class="TYPE">xmlSecTransformMode</span></a> mode</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);</pre>
+<p>Gets transform input (<code class="PARAMETER">mode</code> is "push") or output (<code class="PARAMETER">mode</code> is "pop") data
+type (binary or XML).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19146"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19151"><span style="white-space: nowrap"><code class="PARAMETER">mode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data mode (push or pop).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19156"><span style="white-space: nowrap"><code class="PARAMETER">transformCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the transform's chaing processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19161"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the transform's data type for the <code class="PARAMETER">mode</code> operation.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMPUSHBIN"></a><h3>xmlSecTransformPushBin ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTransformPushBin (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> final</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);</pre>
+<p>Process binary <code class="PARAMETER">data</code> and pushes results to next transform.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19192"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19197"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the input binary data,</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19202"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the input data size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19207"><span style="white-space: nowrap"><code class="PARAMETER">final</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the flag: if set to 1 then it's the last
+ data chunk.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19212"><span style="white-space: nowrap"><code class="PARAMETER">transformCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform context object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19217"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMPOPBIN"></a><h3>xmlSecTransformPopBin ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTransformPopBin (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> maxDataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> *dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);</pre>
+<p>Pops data from previous transform in the chain, processes data and
+returns result in the <code class="PARAMETER">data</code> buffer. The size of returned data is
+placed in the <code class="PARAMETER">dataSize</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19248"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19253"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the buffer to store result data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19258"><span style="white-space: nowrap"><code class="PARAMETER">maxDataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the size of the buffer <gtkdoclink href="DATA"><span class="TYPE">data</span></gtkdoclink>.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19265"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to returned data size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19270"><span style="white-space: nowrap"><code class="PARAMETER">transformCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform context object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19275"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMPUSHXML"></a><h3>xmlSecTransformPushXml ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTransformPushXml (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> nodes</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);</pre>
+<p>Processes <code class="PARAMETER">nodes</code> and pushes result to the next transform in the chain.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19299"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19304"><span style="white-space: nowrap"><code class="PARAMETER">nodes</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the input nodes.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19309"><span style="white-space: nowrap"><code class="PARAMETER">transformCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform context object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19314"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMPOPXML"></a><h3>xmlSecTransformPopXml ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTransformPopXml (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> *nodes</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);</pre>
+<p>Pops data from previous transform in the chain, processes the data and
+returns result in <code class="PARAMETER">nodes</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19338"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19343"><span style="white-space: nowrap"><code class="PARAMETER">nodes</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to store popinter to result nodes.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19348"><span style="white-space: nowrap"><code class="PARAMETER">transformCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform context object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19353"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMEXECUTE"></a><h3>xmlSecTransformExecute ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTransformExecute (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> last</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);</pre>
+<p>Executes transform (used by default popBin/pushBin/popXml/pushXml methods).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19376"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19381"><span style="white-space: nowrap"><code class="PARAMETER">last</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the flag: if set to 1 then it's the last data chunk.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19386"><span style="white-space: nowrap"><code class="PARAMETER">transformCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the transform's chaing processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19391"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMDEBUGDUMP"></a><h3>xmlSecTransformDebugDump ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecTransformDebugDump (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+<p>Prints transform's debug information to <code class="PARAMETER">output</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19412"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19417"><span style="white-space: nowrap"><code class="PARAMETER">output</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to output FILE.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMDEBUGXMLDUMP"></a><h3>xmlSecTransformDebugXmlDump ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecTransformDebugXmlDump (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+<p>Prints transform's debug information to <code class="PARAMETER">output</code> in XML format.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19438"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19443"><span style="white-space: nowrap"><code class="PARAMETER">output</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to output FILE.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMGETNAME"></a><h3>xmlSecTransformGetName()</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformGetName(transform)</pre>
+<p>Macro. Returns transform name.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN19455"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMISVALID"></a><h3>xmlSecTransformIsValid()</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformIsValid(transform)</pre>
+<p>Macro. Returns 1 if the <code class="PARAMETER">transform</code> is valid or 0 otherwise.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN19468"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMCHECKID"></a><h3>xmlSecTransformCheckId()</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformCheckId(transform, i)</pre>
+<p>Macro. Returns 1 if the <code class="PARAMETER">transform</code> is valid and has specified id <code class="PARAMETER">i</code>
+or 0 otherwise.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19482"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19487"><span style="white-space: nowrap"><code class="PARAMETER">i</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the transform id.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMCHECKSIZE"></a><h3>xmlSecTransformCheckSize()</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformCheckSize(transform, size)</pre>
+<p>Macro. Returns 1 if the <code class="PARAMETER">transform</code> is valid and has at least <code class="PARAMETER">size</code>
+bytes or 0 otherwise.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19501"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19506"><span style="white-space: nowrap"><code class="PARAMETER">size</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the transform object size.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMCONNECT"></a><h3>xmlSecTransformConnect ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTransformConnect (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> left</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> right</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);</pre>
+<p>If the data object is a node-set and the next transform requires octets,
+the signature application MUST attempt to convert the node-set to an octet
+stream using Canonical XML [XML-C14N].</p>
+<p>The story is different if the right transform is base64 decode
+(http://www.w3.org/TR/xmldsig-core/<gtkdoclink href="SEC-BASE-64"><span class="TYPE">sec-Base-64</span></gtkdoclink>):</p>
+<p>This transform requires an octet stream for input. If an XPath node-set
+(or sufficiently functional alternative) is given as input, then it is
+converted to an octet stream by performing operations logically equivalent
+to 1) applying an XPath transform with expression self::<gtkdoclink href="TEXT"><code class="FUNCTION">text()</code></gtkdoclink>, then 2)
+taking the string-value of the node-set. Thus, if an XML element is
+identified by a barename XPointer in the Reference URI, and its content
+consists solely of base64 encoded character data, then this transform
+automatically strips away the start and end tags of the identified element
+and any of its descendant elements as well as any descendant comments and
+processing instructions. The output of this transform is an octet stream.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19535"><span style="white-space: nowrap"><code class="PARAMETER">left</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to left (prev) transform.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19540"><span style="white-space: nowrap"><code class="PARAMETER">right</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to right (next) transform.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19545"><span style="white-space: nowrap"><code class="PARAMETER">transformCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the transform's chaing processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19550"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMREMOVE"></a><h3>xmlSecTransformRemove ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecTransformRemove (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>);</pre>
+<p>Removes <code class="PARAMETER">transform</code> from the chain.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN19568"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransform</span></a> structure.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMDEFAULTGETDATATYPE"></a><h3>xmlSecTransformDefaultGetDataType ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-transforms.html#XMLSECTRANSFORMDATATYPE"><span class="RETURNVALUE">xmlSecTransformDataType</span></a> xmlSecTransformDefaultGetDataType
+ (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMMODE"><span class="TYPE">xmlSecTransformMode</span></a> mode</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);</pre>
+<p>Gets transform input (<code class="PARAMETER">mode</code> is "push") or output (<code class="PARAMETER">mode</code> is "pop") data
+type (binary or XML) by analyzing available pushBin/popBin/pushXml/popXml
+methods.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19595"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19600"><span style="white-space: nowrap"><code class="PARAMETER">mode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the data mode (push or pop).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19605"><span style="white-space: nowrap"><code class="PARAMETER">transformCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the transform's chaing processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19610"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the transform's data type for the <code class="PARAMETER">mode</code> operation.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMDEFAULTPUSHBIN"></a><h3>xmlSecTransformDefaultPushBin ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTransformDefaultPushBin (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> final</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);</pre>
+<p>Process binary <code class="PARAMETER">data</code> by calling transform's execute method and pushes
+results to next transform.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19641"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19646"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the input binary data,</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19651"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the input data size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19656"><span style="white-space: nowrap"><code class="PARAMETER">final</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the flag: if set to 1 then it's the last
+ data chunk.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19661"><span style="white-space: nowrap"><code class="PARAMETER">transformCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform context object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19666"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMDEFAULTPOPBIN"></a><h3>xmlSecTransformDefaultPopBin ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTransformDefaultPopBin (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> maxDataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> *dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);</pre>
+<p>Pops data from previous transform in the chain, processes data by calling
+transform's execute method and returns result in the <code class="PARAMETER">data</code> buffer. The
+size of returned data is placed in the <code class="PARAMETER">dataSize</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19697"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19702"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the buffer to store result data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19707"><span style="white-space: nowrap"><code class="PARAMETER">maxDataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the size of the buffer <gtkdoclink href="DATA"><span class="TYPE">data</span></gtkdoclink>.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19714"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to returned data size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19719"><span style="white-space: nowrap"><code class="PARAMETER">transformCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform context object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19724"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMDEFAULTPUSHXML"></a><h3>xmlSecTransformDefaultPushXml ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTransformDefaultPushXml (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> nodes</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);</pre>
+<p>Processes <code class="PARAMETER">nodes</code> by calling transform's execute method and pushes
+result to the next transform in the chain.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19748"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19753"><span style="white-space: nowrap"><code class="PARAMETER">nodes</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the input nodes.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19758"><span style="white-space: nowrap"><code class="PARAMETER">transformCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform context object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19763"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMDEFAULTPOPXML"></a><h3>xmlSecTransformDefaultPopXml ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTransformDefaultPopXml (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> *nodes</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);</pre>
+<p>Pops data from previous transform in the chain, processes the data
+by calling transform's execute method and returns result in <code class="PARAMETER">nodes</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19787"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19792"><span style="white-space: nowrap"><code class="PARAMETER">nodes</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to store popinter to result nodes.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19797"><span style="white-space: nowrap"><code class="PARAMETER">transformCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform context object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19802"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMCREATEOUTPUTBUFFER"></a><h3>xmlSecTransformCreateOutputBuffer ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLOUTPUTBUFFERPTR"><span class="RETURNVALUE">xmlOutputBufferPtr</span></gtkdoclink> xmlSecTransformCreateOutputBuffer (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);</pre>
+<p>Creates output buffer to write data to <code class="PARAMETER">transform</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19823"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19828"><span style="white-space: nowrap"><code class="PARAMETER">transformCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform context object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19833"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to new output buffer or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMCREATEINPUTBUFFER"></a><h3>xmlSecTransformCreateInputBuffer ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLPARSERINPUTBUFFER"><span class="RETURNVALUE">xmlParserInputBufferPtr</span></gtkdoclink> xmlSecTransformCreateInputBuffer
+ (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);</pre>
+<p>Creates input buffer to read data from <code class="PARAMETER">transform</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19854"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19859"><span style="white-space: nowrap"><code class="PARAMETER">transformCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform context object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19864"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to new input buffer or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMINITIALIZEMETHOD"></a><h3>xmlSecTransformInitializeMethod ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (*xmlSecTransformInitializeMethod) (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>);</pre>
+<p>The transform specific initialization method.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19881"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19886"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMFINALIZEMETHOD"></a><h3>xmlSecTransformFinalizeMethod ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> (*xmlSecTransformFinalizeMethod) (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>);</pre>
+<p>The transform specific destroy method.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN19903"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform object.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMGETDATATYPEMETHOD"></a><h3>xmlSecTransformGetDataTypeMethod ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-transforms.html#XMLSECTRANSFORMDATATYPE"><span class="RETURNVALUE">xmlSecTransformDataType</span></a> (*xmlSecTransformGetDataTypeMethod)
+ (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMMODE"><span class="TYPE">xmlSecTransformMode</span></a> mode</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);</pre>
+<p>The transform specific method to query information about transform
+data type in specified mode <code class="PARAMETER">mode</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19927"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19932"><span style="white-space: nowrap"><code class="PARAMETER">mode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the mode.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19937"><span style="white-space: nowrap"><code class="PARAMETER">transformCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform context object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19942"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> transform data type.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMNODEREADMETHOD"></a><h3>xmlSecTransformNodeReadMethod ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (*xmlSecTransformNodeReadMethod) (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);</pre>
+<p>The transform specific method to read the transform data from
+the <code class="PARAMETER">node</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19966"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19971"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-Transform" target="_top">&lt;dsig:Transform/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19977"><span style="white-space: nowrap"><code class="PARAMETER">transformCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform context object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN19982"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMNODEWRITEMETHOD"></a><h3>xmlSecTransformNodeWriteMethod ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (*xmlSecTransformNodeWriteMethod) (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);</pre>
+<p>The transform specific method to write transform information to an XML node <code class="PARAMETER">node</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20006"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20011"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-Transform" target="_top">&lt;dsig:Transform/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20017"><span style="white-space: nowrap"><code class="PARAMETER">transformCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform context object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20022"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMSETKEYREQUIREMENTSMETHOD"></a><h3>xmlSecTransformSetKeyRequirementsMethod ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (*xmlSecTransformSetKeyRequirementsMethod)
+ (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEYREQ"><span class="TYPE">xmlSecKeyReqPtr</span></a> keyReq</code>);</pre>
+<p>Transform specific method to set transform's key requirements.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20042"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20047"><span style="white-space: nowrap"><code class="PARAMETER">keyReq</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key requirements structure.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20052"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMSETKEYMETHOD"></a><h3>xmlSecTransformSetKeyMethod ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (*xmlSecTransformSetKeyMethod) (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> key</code>);</pre>
+<p>The transform specific method to set the key for use.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20072"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20077"><span style="white-space: nowrap"><code class="PARAMETER">key</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to key.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20082"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMVERIFYMETHOD"></a><h3>xmlSecTransformVerifyMethod ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (*xmlSecTransformVerifyMethod) (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);</pre>
+<p>The transform specific method to verify transform processing results
+(used by digest and signature transforms). This method sets <code class="PARAMETER">status</code>
+member of the <a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransform</span></a> structure to either <a href="xmlsec-transforms.html#XMLSECTRANSFORMSTATUSOK"><span class="TYPE">xmlSecTransformStatusOk</span></a>
+if verification succeeded or <a href="xmlsec-transforms.html#XMLSECTRANSFORMSTATUSFAIL"><span class="TYPE">xmlSecTransformStatusFail</span></a> otherwise.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20115"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20120"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the input buffer.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20125"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the size of input buffer <code class="PARAMETER">data</code>.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20131"><span style="white-space: nowrap"><code class="PARAMETER">transformCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform context object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20136"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMPUSHBINMETHOD"></a><h3>xmlSecTransformPushBinMethod ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (*xmlSecTransformPushBinMethod) (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> final</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);</pre>
+<p>The transform specific method to process data from <code class="PARAMETER">data</code> and push
+result to the next transform in the chain.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20166"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20171"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the input binary data,</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20176"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the input data size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20181"><span style="white-space: nowrap"><code class="PARAMETER">final</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the flag: if set to 1 then it's the last
+ data chunk.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20186"><span style="white-space: nowrap"><code class="PARAMETER">transformCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform context object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20191"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMPOPBINMETHOD"></a><h3>xmlSecTransformPopBinMethod ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (*xmlSecTransformPopBinMethod) (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> maxDataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> *dataSize</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);</pre>
+<p>The transform specific method to pop data from previous transform
+in the chain and return result in the <code class="PARAMETER">data</code> buffer. The size of returned
+data is placed in the <code class="PARAMETER">dataSize</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20222"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20227"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the buffer to store result data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20232"><span style="white-space: nowrap"><code class="PARAMETER">maxDataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the size of the buffer <code class="PARAMETER">data</code>.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20238"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to returned data size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20243"><span style="white-space: nowrap"><code class="PARAMETER">transformCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform context object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20248"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMPUSHXMLMETHOD"></a><h3>xmlSecTransformPushXmlMethod ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (*xmlSecTransformPushXmlMethod) (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> nodes</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);</pre>
+<p>The transform specific method to process <code class="PARAMETER">nodes</code> and push result to the next
+transform in the chain.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20272"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20277"><span style="white-space: nowrap"><code class="PARAMETER">nodes</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the input nodes.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20282"><span style="white-space: nowrap"><code class="PARAMETER">transformCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform context object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20287"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMPOPXMLMETHOD"></a><h3>xmlSecTransformPopXmlMethod ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (*xmlSecTransformPopXmlMethod) (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESET"><span class="TYPE">xmlSecNodeSetPtr</span></a> *nodes</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);</pre>
+<p>The transform specific method to pop data from previous transform in the chain,
+process the data and return result in <code class="PARAMETER">nodes</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20311"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20316"><span style="white-space: nowrap"><code class="PARAMETER">nodes</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to store popinter to result nodes.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20321"><span style="white-space: nowrap"><code class="PARAMETER">transformCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform context object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20326"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMEXECUTEMETHOD"></a><h3>xmlSecTransformExecuteMethod ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> (*xmlSecTransformExecuteMethod) (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> last</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtxPtr</span></a> transformCtx</code>);</pre>
+<p>Transform specific method to process a chunk of data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20349"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20354"><span style="white-space: nowrap"><code class="PARAMETER">last</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the flag: if set to 1 then it's the last data chunk.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20359"><span style="white-space: nowrap"><code class="PARAMETER">transformCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform context object.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20364"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMKLASS"></a><h3>struct xmlSecTransformKlass</h3>
+<pre class="PROGRAMLISTING">struct xmlSecTransformKlass {
+ /* data */
+ xmlSecSize klassSize;
+ xmlSecSize objSize;
+ const xmlChar* name;
+ const xmlChar* href;
+ xmlSecTransformUsage usage;
+
+ /* methods */
+ xmlSecTransformInitializeMethod initialize;
+ xmlSecTransformFinalizeMethod finalize;
+
+ xmlSecTransformNodeReadMethod readNode;
+ xmlSecTransformNodeWriteMethod writeNode;
+
+ xmlSecTransformSetKeyRequirementsMethod setKeyReq;
+ xmlSecTransformSetKeyMethod setKey;
+ xmlSecTransformVerifyMethod verify;
+ xmlSecTransformGetDataTypeMethod getDataType;
+
+ xmlSecTransformPushBinMethod pushBin;
+ xmlSecTransformPopBinMethod popBin;
+ xmlSecTransformPushXmlMethod pushXml;
+ xmlSecTransformPopXmlMethod popXml;
+
+ /* low level method */
+ xmlSecTransformExecuteMethod execute;
+
+ /* reserved for future */
+ void* reserved0;
+ void* reserved1;
+};</pre>
+<p>The transform klass desccription structure.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20376"><span style="white-space: nowrap"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> <code class="STRUCTFIELD">klassSize</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the transform klass structure size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20383"><span style="white-space: nowrap"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> <code class="STRUCTFIELD">objSize</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the transform object size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20390"><span style="white-space: nowrap">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *<code class="STRUCTFIELD">name</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the transform's name.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20397"><span style="white-space: nowrap">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *<code class="STRUCTFIELD">href</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the transform's identification string (href).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20404"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORMUSAGE"><span class="TYPE">xmlSecTransformUsage</span></a> <code class="STRUCTFIELD">usage</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the allowed transforms usages.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20411"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORMINITIALIZEMETHOD"><span class="TYPE">xmlSecTransformInitializeMethod</span></a> <code class="STRUCTFIELD">initialize</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the initialization method.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20418"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORMFINALIZEMETHOD"><span class="TYPE">xmlSecTransformFinalizeMethod</span></a> <code class="STRUCTFIELD">finalize</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the finmalization (destroy) function.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20425"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORMNODEREADMETHOD"><span class="TYPE">xmlSecTransformNodeReadMethod</span></a> <code class="STRUCTFIELD">readNode</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the XML node read method.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20432"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORMNODEWRITEMETHOD"><span class="TYPE">xmlSecTransformNodeWriteMethod</span></a> <code class="STRUCTFIELD">writeNode</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the XML node write method.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20439"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORMSETKEYREQUIREMENTSMETHOD"><span class="TYPE">xmlSecTransformSetKeyRequirementsMethod</span></a> <code class="STRUCTFIELD">setKeyReq</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the set key requirements method.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20446"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORMSETKEYMETHOD"><span class="TYPE">xmlSecTransformSetKeyMethod</span></a> <code class="STRUCTFIELD">setKey</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the set key method.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20453"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORMVERIFYMETHOD"><span class="TYPE">xmlSecTransformVerifyMethod</span></a> <code class="STRUCTFIELD">verify</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the verify method (for digest and signature transforms).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20460"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORMGETDATATYPEMETHOD"><span class="TYPE">xmlSecTransformGetDataTypeMethod</span></a> <code class="STRUCTFIELD">getDataType</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the input/output data type query method.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20467"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORMPUSHBINMETHOD"><span class="TYPE">xmlSecTransformPushBinMethod</span></a> <code class="STRUCTFIELD">pushBin</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the binary data "push thru chain" processing method.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20474"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORMPOPBINMETHOD"><span class="TYPE">xmlSecTransformPopBinMethod</span></a> <code class="STRUCTFIELD">popBin</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the binary data "pop from chain" procesing method.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20481"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORMPUSHXMLMETHOD"><span class="TYPE">xmlSecTransformPushXmlMethod</span></a> <code class="STRUCTFIELD">pushXml</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the XML data "push thru chain" processing method.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20488"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORMPOPXMLMETHOD"><span class="TYPE">xmlSecTransformPopXmlMethod</span></a> <code class="STRUCTFIELD">popXml</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the XML data "pop from chain" procesing method.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20495"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORMEXECUTEMETHOD"><span class="TYPE">xmlSecTransformExecuteMethod</span></a> <code class="STRUCTFIELD">execute</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the low level data processing method used by default
+ implementations of <code class="PARAMETER">pushBin</code>, <code class="PARAMETER">popBin</code>, <code class="PARAMETER">pushXml</code> and <code class="PARAMETER">popXml</code>.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20506"><span style="white-space: nowrap"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *<code class="STRUCTFIELD">reserved0</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>reserved for the future.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20513"><span style="white-space: nowrap"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *<code class="STRUCTFIELD">reserved1</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>reserved for the future.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMKLASSGETNAME"></a><h3>xmlSecTransformKlassGetName()</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformKlassGetName(klass)</pre>
+<p>Macro. Returns transform klass name.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN20527"><span style="white-space: nowrap"><code class="PARAMETER">klass</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the transofrm's klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMIDLISTID"></a><h3>xmlSecTransformIdListId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformIdListId xmlSecTransformIdListGetKlass()</pre>
+<p>Transform klasses list klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMIDLISTGETKLASS"></a><h3>xmlSecTransformIdListGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECPTRLISTID"><span class="RETURNVALUE">xmlSecPtrListId</span></gtkdoclink> xmlSecTransformIdListGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The transform id list klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN20549"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the transform id list klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMIDLISTFIND"></a><h3>xmlSecTransformIdListFind ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTransformIdListFind (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> transformId</code>);</pre>
+<p>Lookups <code class="PARAMETER">dataId</code> in <code class="PARAMETER">list</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20571"><span style="white-space: nowrap"><code class="PARAMETER">list</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform ids list.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20576"><span style="white-space: nowrap"><code class="PARAMETER">transformId</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the transform klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20581"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 1 if <code class="PARAMETER">dataId</code> is found in the <code class="PARAMETER">list</code>, 0 if not and a negative
+value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMIDLISTFINDBYHREF"></a><h3>xmlSecTransformIdListFindByHref ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformIdListFindByHref (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *href</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMUSAGE"><span class="TYPE">xmlSecTransformUsage</span></a> usage</code>);</pre>
+<p>Lookups data klass in the list with given <code class="PARAMETER">href</code> and <code class="PARAMETER">usage</code> in <code class="PARAMETER">list</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20609"><span style="white-space: nowrap"><code class="PARAMETER">list</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform ids list.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20614"><span style="white-space: nowrap"><code class="PARAMETER">href</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired transform klass href.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20619"><span style="white-space: nowrap"><code class="PARAMETER">usage</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired transform usage.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20624"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> transform klass is found and NULL otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMIDLISTFINDBYNAME"></a><h3>xmlSecTransformIdListFindByName ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformIdListFindByName (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORMUSAGE"><span class="TYPE">xmlSecTransformUsage</span></a> usage</code>);</pre>
+<p>Lookups data klass in the list with given <code class="PARAMETER">name</code> and <code class="PARAMETER">usage</code> in <code class="PARAMETER">list</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20650"><span style="white-space: nowrap"><code class="PARAMETER">list</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform ids list.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20655"><span style="white-space: nowrap"><code class="PARAMETER">name</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired transform klass name.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20660"><span style="white-space: nowrap"><code class="PARAMETER">usage</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the desired transform usage.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20665"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> transform klass is found and NULL otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMIDLISTDEBUGDUMP"></a><h3>xmlSecTransformIdListDebugDump ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecTransformIdListDebugDump (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+<p>Prints binary transform debug information to <code class="PARAMETER">output</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20686"><span style="white-space: nowrap"><code class="PARAMETER">list</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform ids list.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20691"><span style="white-space: nowrap"><code class="PARAMETER">output</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to output FILE.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMIDLISTDEBUGXMLDUMP"></a><h3>xmlSecTransformIdListDebugXmlDump ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecTransformIdListDebugXmlDump (<code class="PARAMETER"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> list</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+<p>Prints binary transform debug information to <code class="PARAMETER">output</code> in XML format.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20712"><span style="white-space: nowrap"><code class="PARAMETER">list</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to transform ids list.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20717"><span style="white-space: nowrap"><code class="PARAMETER">output</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to output FILE.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMIDUNKNOWN"></a><h3>xmlSecTransformIdUnknown</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformIdUnknown ((xmlSecTransformId)NULL)</pre>
+<p>The "unknown" transform id (NULL).</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMBASE64ID"></a><h3>xmlSecTransformBase64Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformBase64Id</pre>
+<p>The base64 encode transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMBASE64GETKLASS"></a><h3>xmlSecTransformBase64GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformBase64GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The Base64 transform klass (http://www.w3.org/TR/xmldsig-core/<gtkdoclink href="SEC-BASE-64"><span class="TYPE">sec-Base-64</span></gtkdoclink>).
+The normative specification for base64 decoding transforms is RFC 2045
+(http://www.ietf.org/rfc/rfc2045.txt). The base64 Transform element has
+no content. The input is decoded by the algorithms. This transform is
+useful if an application needs to sign the raw data associated with
+the encoded content of an element.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN20747"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> base64 transform id.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMBASE64SETLINESIZE"></a><h3>xmlSecTransformBase64SetLineSize ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecTransformBase64SetLineSize (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> lineSize</code>);</pre>
+<p>Sets the max line size to <code class="PARAMETER">lineSize</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20768"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to BASE64 encode transform.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN20773"><span style="white-space: nowrap"><code class="PARAMETER">lineSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new max line size.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMINCLC14NID"></a><h3>xmlSecTransformInclC14NId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformInclC14NId</pre>
+<p>The regular (inclusive) C14N without comments transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMINCLC14NGETKLASS"></a><h3>xmlSecTransformInclC14NGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformInclC14NGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Inclusive (regular) canonicalization that omits comments transform klass
+(http://www.w3.org/TR/xmldsig-core/<gtkdoclink href="SEC-C14NALG"><span class="TYPE">sec-c14nAlg</span></gtkdoclink> and
+http://www.w3.org/TR/2001/REC-xml-c14n-20010315).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN20797"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> c14n transform id.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMINCLC14NWITHCOMMENTSID"></a><h3>xmlSecTransformInclC14NWithCommentsId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformInclC14NWithCommentsId</pre>
+<p>The regular (inclusive) C14N with comments transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMINCLC14NWITHCOMMENTSGETKLASS"></a><h3>xmlSecTransformInclC14NWithCommentsGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformInclC14NWithCommentsGetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Inclusive (regular) canonicalization that includes comments transform klass
+(http://www.w3.org/TR/xmldsig-core/<gtkdoclink href="SEC-C14NALG"><span class="TYPE">sec-c14nAlg</span></gtkdoclink> and
+http://www.w3.org/TR/2001/REC-xml-c14n-20010315).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN20821"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> c14n with comments transform id.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMINCLC14N11ID"></a><h3>xmlSecTransformInclC14N11Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformInclC14N11Id</pre>
+<p>The regular (inclusive) C14N 1.1 without comments transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMINCLC14N11GETKLASS"></a><h3>xmlSecTransformInclC14N11GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformInclC14N11GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>C14N version 1.1 (http://www.w3.org/TR/xml-c14n11)</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN20843"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> c14n v1.1 transform id.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMINCLC14N11WITHCOMMENTSID"></a><h3>xmlSecTransformInclC14N11WithCommentsId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformInclC14N11WithCommentsId</pre>
+<p>The regular (inclusive) C14N 1.1 with comments transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMINCLC14N11WITHCOMMENTSGETKLASS"></a><h3>xmlSecTransformInclC14N11WithCommentsGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformInclC14N11WithCommentsGetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>C14N version 1.1 (http://www.w3.org/TR/xml-c14n11) with comments</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN20865"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> c14n v1.1 with comments transform id.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMEXCLC14NID"></a><h3>xmlSecTransformExclC14NId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformExclC14NId</pre>
+<p>The exclusive C14N without comments transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMEXCLC14NGETKLASS"></a><h3>xmlSecTransformExclC14NGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformExclC14NGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Exclusive canoncicalization that ommits comments transform klass
+(http://www.w3.org/TR/xml-exc-c14n/).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN20887"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> exclusive c14n transform id.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMEXCLC14NWITHCOMMENTSID"></a><h3>xmlSecTransformExclC14NWithCommentsId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformExclC14NWithCommentsId</pre>
+<p>The exclusive C14N with comments transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMEXCLC14NWITHCOMMENTSGETKLASS"></a><h3>xmlSecTransformExclC14NWithCommentsGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformExclC14NWithCommentsGetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Exclusive canoncicalization that includes comments transform klass
+(http://www.w3.org/TR/xml-exc-c14n/).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN20909"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> exclusive c14n with comments transform id.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMENVELOPEDID"></a><h3>xmlSecTransformEnvelopedId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformEnvelopedId</pre>
+<p>The "enveloped" transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMENVELOPEDGETKLASS"></a><h3>xmlSecTransformEnvelopedGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformEnvelopedGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The enveloped transform klass (http://www.w3.org/TR/xmldsig-core/<gtkdoclink href="SEC-ENVELOPEDSIGNATURE"><span class="TYPE">sec-EnvelopedSignature</span></gtkdoclink>):</p>
+<p>An enveloped signature transform T removes the whole Signature element
+containing T from the digest calculation of the Reference element
+containing T. The entire string of characters used by an XML processor
+to match the Signature with the XML production element is removed.
+The output of the transform is equivalent to the output that would
+result from replacing T with an XPath transform containing the following
+XPath parameter element:</p>
+<p>&lt;XPath xmlns:dsig="&amp;dsig;"&gt;
+ count(ancestor-or-self::dsig:Signature |
+ <gtkdoclink href="HERE"><code class="FUNCTION">here()</code></gtkdoclink>/ancestor::dsig:Signature[1]) &gt;
+ count(ancestor-or-self::dsig:Signature)&lt;/XPath&gt;</p>
+<p>The input and output requirements of this transform are identical to
+those of the XPath transform, but may only be applied to a node-set from
+its parent XML document. Note that it is not necessary to use an XPath
+expression evaluator to create this transform. However, this transform
+MUST produce output in exactly the same manner as the XPath transform
+parameterized by the XPath expression above.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN20938"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> enveloped transform id.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMXPATHID"></a><h3>xmlSecTransformXPathId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformXPathId</pre>
+<p>The XPath transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMXPATHGETKLASS"></a><h3>xmlSecTransformXPathGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformXPathGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The XPath transform evaluates given XPath expression and
+intersects the result with the previous nodes set. See
+http://www.w3.org/TR/xmldsig-core/<gtkdoclink href="SEC-XPATH"><span class="TYPE">sec-XPath</span></gtkdoclink> for more details.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN20962"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> XPath transform id.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMXPATH2ID"></a><h3>xmlSecTransformXPath2Id</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformXPath2Id</pre>
+<p>The XPath2 transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMXPATH2GETKLASS"></a><h3>xmlSecTransformXPath2GetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformXPath2GetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The XPath2 transform (http://www.w3.org/TR/xmldsig-filter2/).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN20984"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> XPath2 transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMXPOINTERID"></a><h3>xmlSecTransformXPointerId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformXPointerId</pre>
+<p>The XPointer transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMXPOINTERGETKLASS"></a><h3>xmlSecTransformXPointerGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformXPointerGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The XPointer transform klass
+(http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN21006"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> XPointer transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMXPOINTERSETEXPR"></a><h3>xmlSecTransformXPointerSetExpr ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTransformXPointerSetExpr (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *expr</code>,
+ <code class="PARAMETER"><a href="xmlsec-nodeset.html#XMLSECNODESETTYPE"><span class="TYPE">xmlSecNodeSetType</span></a> nodeSetType</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> hereNode</code>);</pre>
+<p>Sets the XPointer expression for an XPointer <code class="PARAMETER">transform</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21033"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to XPointer transform.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21038"><span style="white-space: nowrap"><code class="PARAMETER">expr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the XPointer expression.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21043"><span style="white-space: nowrap"><code class="PARAMETER">nodeSetType</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the type of evaluated XPointer expression.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21048"><span style="white-space: nowrap"><code class="PARAMETER">hereNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to "here" node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21053"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMXSLTID"></a><h3>xmlSecTransformXsltId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformXsltId</pre>
+<p>The XSLT transform klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMXSLTGETKLASS"></a><h3>xmlSecTransformXsltGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformXsltGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>XSLT transform klass (http://www.w3.org/TR/xmldsig-core/<gtkdoclink href="SEC-XSLT"><span class="TYPE">sec-XSLT</span></gtkdoclink>):</p>
+<p>The normative specification for XSL Transformations is [XSLT].
+Specification of a namespace-qualified stylesheet element, which MUST be
+the sole child of the Transform element, indicates that the specified style
+sheet should be used. Whether this instantiates in-line processing of local
+XSLT declarations within the resource is determined by the XSLT processing
+model; the ordered application of multiple stylesheet may require multiple
+Transforms. No special provision is made for the identification of a remote
+stylesheet at a given URI because it can be communicated via an xsl:include
+or xsl:import within the stylesheet child of the Transform.</p>
+<p>This transform requires an octet stream as input. If the actual input is an
+XPath node-set, then the signature application should attempt to convert it
+to octets (apply Canonical XML]) as described in the Reference Processing
+Model (section 4.3.3.2).]</p>
+<p>The output of this transform is an octet stream. The processing rules for
+the XSL style sheet or transform element are stated in the XSLT specification
+[XSLT]. We RECOMMEND that XSLT transform authors use an output method of xml
+for XML and HTML. As XSLT implementations do not produce consistent
+serializations of their output, we further RECOMMEND inserting a transform
+after the XSLT transform to canonicalize the output. These steps will help
+to ensure interoperability of the resulting signatures among applications
+that support the XSLT transform. Note that if the output is actually HTML,
+then the result of these steps is logically equivalent [XHTML].</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN21080"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to XSLT transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMXSLTSETDEFAULTSECURITYPREFS"></a><h3>xmlSecTransformXsltSetDefaultSecurityPrefs ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecTransformXsltSetDefaultSecurityPrefs
+ (<code class="PARAMETER"><gtkdoclink href="XSLTSECURITYPREFS"><span class="TYPE">xsltSecurityPrefsPtr</span></gtkdoclink> sec</code>);</pre>
+<p>Sets the new default security preferences. The xmlsec default security policy is
+to disable everything.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN21097"><span style="white-space: nowrap"><code class="PARAMETER">sec</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new security preferences</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMREMOVEXMLTAGSC14NID"></a><h3>xmlSecTransformRemoveXmlTagsC14NId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformRemoveXmlTagsC14NId</pre>
+<p>The "remove all xml tags" transform klass (used before base64 transforms).</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMREMOVEXMLTAGSC14NGETKLASS"></a><h3>xmlSecTransformRemoveXmlTagsC14NGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformRemoveXmlTagsC14NGetKlass
+ (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The "remove xml tags" transform klass (http://www.w3.org/TR/xmldsig-core/<gtkdoclink href="SEC-BASE-64"><span class="TYPE">sec-Base-64</span></gtkdoclink>):
+Base64 transform requires an octet stream for input. If an XPath node-set
+(or sufficiently functional alternative) is given as input, then it is
+converted to an octet stream by performing operations logically equivalent
+to 1) applying an XPath transform with expression self::<gtkdoclink href="TEXT"><code class="FUNCTION">text()</code></gtkdoclink>, then 2)
+taking the string-value of the node-set. Thus, if an XML element is
+identified by a barename XPointer in the Reference URI, and its content
+consists solely of base64 encoded character data, then this transform
+automatically strips away the start and end tags of the identified element
+and any of its descendant elements as well as any descendant comments and
+processing instructions. The output of this transform is an octet stream.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN21123"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> "remove xml tags" transform id.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMVISA3DHACKID"></a><h3>xmlSecTransformVisa3DHackId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecTransformVisa3DHackId</pre>
+<p>Selects node subtree by given node id string. The only reason why we need this
+is Visa3D protocol. It doesn't follow XML/XPointer/XMLDSig specs and allows
+invalid XPointer expressions in the URI attribute. Since we couldn't evaluate
+such expressions thru XPath/XPointer engine, we need to have this hack here.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMVISA3DHACKGETKLASS"></a><h3>xmlSecTransformVisa3DHackGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECTRANSFORMID"><span class="RETURNVALUE">xmlSecTransformId</span></gtkdoclink> xmlSecTransformVisa3DHackGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The Visa3DHack transform klass. The only reason why we need this
+is Visa3D protocol. It doesn't follow XML/XPointer/XMLDSig specs and allows
+invalid XPointer expressions in the URI attribute. Since we couldn't evaluate
+such expressions thru XPath/XPointer engine, we need to have this hack here.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN21145"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> Visa3DHack transform klass.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECTRANSFORMVISA3DHACKSETID"></a><h3>xmlSecTransformVisa3DHackSetID ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecTransformVisa3DHackSetID (<code class="PARAMETER"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> transform</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *id</code>);</pre>
+<p>Sets the ID value for an Visa3DHack <code class="PARAMETER">transform</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21166"><span style="white-space: nowrap"><code class="PARAMETER">transform</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to Visa3DHack transform.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21171"><span style="white-space: nowrap"><code class="PARAMETER">id</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the ID value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21176"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-templates.html"><b>&lt;&lt;&lt; templates</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-version.html"><b>version &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-verify-with-key.html b/docs/api/xmlsec-verify-with-key.html
new file mode 100644
index 00000000..da0b4eed
--- /dev/null
+++ b/docs/api/xmlsec-verify-with-key.html
@@ -0,0 +1,318 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Verifying a signature with a single key.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Examples." href="xmlsec-examples.html">
+<link rel="PREVIOUS" title="Signing with X509 certificate." href="xmlsec-examples-sign-x509.html">
+<link rel="NEXT" title="Verifying a signature with keys manager." href="xmlsec-verify-with-keys-mngr.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-examples-sign-x509.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-examples.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-verify-with-keys-mngr.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-VERIFY-WITH-KEY">Verifying a signature with a single key.</a></h1>
+<br clear="all"><div class="SECT2">
+<h2 class="SECT2"><a name="XMLSEC-EXAMPLE-VERIFY1">verify1.c</a></h2>
+<p></p>
+<div class="INFORMALEXAMPLE">
+<p></p>
+<a name="AEN701"></a><pre class="PROGRAMLISTING">/**
+ * XML Security Library example: Verifying a file using a single key.
+ *
+ * Verifies a file using a key from PEM file.
+ *
+ * Usage:
+ * verify1 &lt;signed-file&gt; &lt;pem-key&gt;
+ *
+ * Example:
+ * ./verify1 sign1-res.xml rsapub.pem
+ * ./verify1 sign2-res.xml rsapub.pem
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin &lt;aleksey@aleksey.com&gt;
+ */
+#include &lt;stdlib.h&gt;
+#include &lt;string.h&gt;
+#include &lt;assert.h&gt;
+
+#include &lt;libxml/tree.h&gt;
+#include &lt;libxml/xmlmemory.h&gt;
+#include &lt;libxml/parser.h&gt;
+
+#ifndef XMLSEC_NO_XSLT
+#include &lt;libxslt/xslt.h&gt;
+#include &lt;libxslt/security.h&gt;
+#endif /* XMLSEC_NO_XSLT */
+
+#include &lt;xmlsec/xmlsec.h&gt;
+#include &lt;xmlsec/xmltree.h&gt;
+#include &lt;xmlsec/xmldsig.h&gt;
+#include &lt;xmlsec/crypto.h&gt;
+
+int verify_file(const char* xml_file, const char* key_file);
+
+int
+main(int argc, char **argv) {
+#ifndef XMLSEC_NO_XSLT
+ xsltSecurityPrefsPtr xsltSecPrefs = NULL;
+#endif /* XMLSEC_NO_XSLT */
+
+ assert(argv);
+
+ if(argc != 3) {
+ fprintf(stderr, "Error: wrong number of arguments.\n");
+ fprintf(stderr, "Usage: %s &lt;xml-file&gt; &lt;key-file&gt;\n", argv[0]);
+ return(1);
+ }
+
+ /* Init libxml and libxslt libraries */
+ xmlInitParser();
+ LIBXML_TEST_VERSION
+ xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ xmlSubstituteEntitiesDefault(1);
+#ifndef XMLSEC_NO_XSLT
+ xmlIndentTreeOutput = 1;
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init libxslt */
+#ifndef XMLSEC_NO_XSLT
+ /* disable everything */
+ xsltSecPrefs = xsltNewSecurityPrefs();
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid);
+ xsltSetDefaultSecurityPrefs(xsltSecPrefs);
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init xmlsec library */
+ if(xmlSecInit() &lt; 0) {
+ fprintf(stderr, "Error: xmlsec initialization failed.\n");
+ return(-1);
+ }
+
+ /* Check loaded library version */
+ if(xmlSecCheckVersion() != 1) {
+ fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n");
+ return(-1);
+ }
+
+ /* Load default crypto engine if we are supporting dynamic
+ * loading for xmlsec-crypto libraries. Use the crypto library
+ * name ("openssl", "nss", etc.) to load corresponding
+ * xmlsec-crypto library.
+ */
+#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+ if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) &lt; 0) {
+ fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n"
+ "that you have it installed and check shared libraries path\n"
+ "(LD_LIBRARY_PATH) envornment variable.\n");
+ return(-1);
+ }
+#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+
+ /* Init crypto library */
+ if(xmlSecCryptoAppInit(NULL) &lt; 0) {
+ fprintf(stderr, "Error: crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* Init xmlsec-crypto library */
+ if(xmlSecCryptoInit() &lt; 0) {
+ fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
+ return(-1);
+ }
+
+ if(verify_file(argv[1], argv[2]) &lt; 0) {
+ return(-1);
+ }
+
+ /* Shutdown xmlsec-crypto library */
+ xmlSecCryptoShutdown();
+
+ /* Shutdown crypto library */
+ xmlSecCryptoAppShutdown();
+
+ /* Shutdown xmlsec library */
+ xmlSecShutdown();
+
+ /* Shutdown libxslt/libxml */
+#ifndef XMLSEC_NO_XSLT
+ xsltFreeSecurityPrefs(xsltSecPrefs);
+ xsltCleanupGlobals();
+#endif /* XMLSEC_NO_XSLT */
+ xmlCleanupParser();
+
+ return(0);
+}
+
+/**
+ * verify_file:
+ * @xml_file: the signed XML file name.
+ * @key_file: the PEM public key file name.
+ *
+ * Verifies XML signature in #xml_file using public key from #key_file.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+verify_file(const char* xml_file, const char* key_file) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr node = NULL;
+ xmlSecDSigCtxPtr dsigCtx = NULL;
+ int res = -1;
+
+ assert(xml_file);
+ assert(key_file);
+
+ /* load file */
+ doc = xmlParseFile(xml_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* find start node */
+ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
+ if(node == NULL) {
+ fprintf(stderr, "Error: start node not found in \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* create signature context, we don't need keys manager in this example */
+ dsigCtx = xmlSecDSigCtxCreate(NULL);
+ if(dsigCtx == NULL) {
+ fprintf(stderr,"Error: failed to create signature context\n");
+ goto done;
+ }
+
+ /* load public key */
+ dsigCtx-&gt;signKey = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
+ if(dsigCtx-&gt;signKey == NULL) {
+ fprintf(stderr,"Error: failed to load public pem key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(dsigCtx-&gt;signKey, key_file) &lt; 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* Verify signature */
+ if(xmlSecDSigCtxVerify(dsigCtx, node) &lt; 0) {
+ fprintf(stderr,"Error: signature verify\n");
+ goto done;
+ }
+
+ /* print verification result to stdout */
+ if(dsigCtx-&gt;status == xmlSecDSigStatusSucceeded) {
+ fprintf(stdout, "Signature is OK\n");
+ } else {
+ fprintf(stdout, "Signature is INVALID\n");
+ }
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(dsigCtx != NULL) {
+ xmlSecDSigCtxDestroy(dsigCtx);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+ </pre>
+<p></p>
+</div>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-examples-sign-x509.html"><b>&lt;&lt;&lt; Signing with X509 certificate.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-verify-with-keys-mngr.html"><b>Verifying a signature with keys manager. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-verify-with-keys-mngr.html b/docs/api/xmlsec-verify-with-keys-mngr.html
new file mode 100644
index 00000000..3ee19da3
--- /dev/null
+++ b/docs/api/xmlsec-verify-with-keys-mngr.html
@@ -0,0 +1,388 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Verifying a signature with keys manager.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Examples." href="xmlsec-examples.html">
+<link rel="PREVIOUS" title="Verifying a signature with a single key." href="xmlsec-verify-with-key.html">
+<link rel="NEXT" title="Verifying a signature with X509 certificates." href="xmlsec-verify-with-x509.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-verify-with-key.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-examples.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-verify-with-x509.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-VERIFY-WITH-KEYS-MNGR">Verifying a signature with keys manager.</a></h1>
+<br clear="all"><div class="SECT2">
+<h2 class="SECT2"><a name="XMLSEC-EXAMPLE-VERIFY2">verify2.c</a></h2>
+<p></p>
+<div class="INFORMALEXAMPLE">
+<p></p>
+<a name="AEN708"></a><pre class="PROGRAMLISTING">/**
+ * XML Security Library example: Verifying a file using keys manager.
+ *
+ * Verifies a file using keys manager
+ *
+ * Usage:
+ * verify2 &lt;signed-file&gt; &lt;public-pem-key1&gt; [&lt;public-pem-key2&gt; [...]]
+ *
+ * Example:
+ * ./verify2 sign1-res.xml rsapub.pem
+ * ./verify2 sign2-res.xml rsapub.pem
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin &lt;aleksey@aleksey.com&gt;
+ */
+#include &lt;stdlib.h&gt;
+#include &lt;string.h&gt;
+#include &lt;assert.h&gt;
+
+#include &lt;libxml/tree.h&gt;
+#include &lt;libxml/xmlmemory.h&gt;
+#include &lt;libxml/parser.h&gt;
+
+#ifndef XMLSEC_NO_XSLT
+#include &lt;libxslt/xslt.h&gt;
+#include &lt;libxslt/security.h&gt;
+#endif /* XMLSEC_NO_XSLT */
+
+#include &lt;xmlsec/xmlsec.h&gt;
+#include &lt;xmlsec/xmltree.h&gt;
+#include &lt;xmlsec/xmldsig.h&gt;
+#include &lt;xmlsec/crypto.h&gt;
+
+xmlSecKeysMngrPtr load_keys(char** files, int files_size);
+int verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file);
+
+int
+main(int argc, char **argv) {
+#ifndef XMLSEC_NO_XSLT
+ xsltSecurityPrefsPtr xsltSecPrefs = NULL;
+#endif /* XMLSEC_NO_XSLT */
+
+ xmlSecKeysMngrPtr mngr;
+
+ assert(argv);
+
+ if(argc &lt; 3) {
+ fprintf(stderr, "Error: wrong number of arguments.\n");
+ fprintf(stderr, "Usage: %s &lt;xml-file&gt; &lt;key-file1&gt; [&lt;key-file2&gt; [...]]\n", argv[0]);
+ return(1);
+ }
+
+ /* Init libxml and libxslt libraries */
+ xmlInitParser();
+ LIBXML_TEST_VERSION
+ xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ xmlSubstituteEntitiesDefault(1);
+#ifndef XMLSEC_NO_XSLT
+ xmlIndentTreeOutput = 1;
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init libxslt */
+#ifndef XMLSEC_NO_XSLT
+ /* disable everything */
+ xsltSecPrefs = xsltNewSecurityPrefs();
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid);
+ xsltSetDefaultSecurityPrefs(xsltSecPrefs);
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init xmlsec library */
+ if(xmlSecInit() &lt; 0) {
+ fprintf(stderr, "Error: xmlsec initialization failed.\n");
+ return(-1);
+ }
+
+ /* Check loaded library version */
+ if(xmlSecCheckVersion() != 1) {
+ fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n");
+ return(-1);
+ }
+
+ /* Load default crypto engine if we are supporting dynamic
+ * loading for xmlsec-crypto libraries. Use the crypto library
+ * name ("openssl", "nss", etc.) to load corresponding
+ * xmlsec-crypto library.
+ */
+#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+ if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) &lt; 0) {
+ fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n"
+ "that you have it installed and check shared libraries path\n"
+ "(LD_LIBRARY_PATH) envornment variable.\n");
+ return(-1);
+ }
+#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+
+ /* Init crypto library */
+ if(xmlSecCryptoAppInit(NULL) &lt; 0) {
+ fprintf(stderr, "Error: crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* Init xmlsec-crypto library */
+ if(xmlSecCryptoInit() &lt; 0) {
+ fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* create keys manager and load keys */
+ mngr = load_keys(&amp;(argv[2]), argc - 2);
+ if(mngr == NULL) {
+ return(-1);
+ }
+
+ /* verify file */
+ if(verify_file(mngr, argv[1]) &lt; 0) {
+ xmlSecKeysMngrDestroy(mngr);
+ return(-1);
+ }
+
+ /* destroy keys manager */
+ xmlSecKeysMngrDestroy(mngr);
+
+ /* Shutdown xmlsec-crypto library */
+ xmlSecCryptoShutdown();
+
+ /* Shutdown crypto library */
+ xmlSecCryptoAppShutdown();
+
+ /* Shutdown xmlsec library */
+ xmlSecShutdown();
+
+ /* Shutdown libxslt/libxml */
+#ifndef XMLSEC_NO_XSLT
+ xsltFreeSecurityPrefs(xsltSecPrefs);
+ xsltCleanupGlobals();
+#endif /* XMLSEC_NO_XSLT */
+ xmlCleanupParser();
+
+ return(0);
+}
+
+/**
+ * load_keys:
+ * @files: the list of filenames.
+ * @files_size: the number of filenames in #files.
+ *
+ * Creates simple keys manager and load PEM keys from #files in it.
+ * The caller is responsible for destroing returned keys manager using
+ * @xmlSecKeysMngrDestroy.
+ *
+ * Returns the pointer to newly created keys manager or NULL if an error
+ * occurs.
+ */
+xmlSecKeysMngrPtr
+load_keys(char** files, int files_size) {
+ xmlSecKeysMngrPtr mngr;
+ xmlSecKeyPtr key;
+ int i;
+
+ assert(files);
+ assert(files_size &gt; 0);
+
+ /* create and initialize keys manager, we use a simple list based
+ * keys manager, implement your own xmlSecKeysStore klass if you need
+ * something more sophisticated
+ */
+ mngr = xmlSecKeysMngrCreate();
+ if(mngr == NULL) {
+ fprintf(stderr, "Error: failed to create keys manager.\n");
+ return(NULL);
+ }
+ if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) &lt; 0) {
+ fprintf(stderr, "Error: failed to initialize keys manager.\n");
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ for(i = 0; i &lt; files_size; ++i) {
+ assert(files[i]);
+
+ /* load key */
+ key = xmlSecCryptoAppKeyLoad(files[i], xmlSecKeyDataFormatPem, NULL, NULL, NULL);
+ if(key == NULL) {
+ fprintf(stderr,"Error: failed to load pem key from \"%s\"\n", files[i]);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(key, BAD_CAST files[i]) &lt; 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", files[i]);
+ xmlSecKeyDestroy(key);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* add key to keys manager, from now on keys manager is responsible
+ * for destroying key
+ */
+ if(xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key) &lt; 0) {
+ fprintf(stderr,"Error: failed to add key from \"%s\" to keys manager\n", files[i]);
+ xmlSecKeyDestroy(key);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+ }
+
+ return(mngr);
+}
+
+/**
+ * verify_file:
+ * @mngr: the pointer to keys manager.
+ * @xml_file: the signed XML file name.
+ *
+ * Verifies XML signature in #xml_file.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr node = NULL;
+ xmlSecDSigCtxPtr dsigCtx = NULL;
+ int res = -1;
+
+ assert(mngr);
+ assert(xml_file);
+
+ /* load file */
+ doc = xmlParseFile(xml_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* find start node */
+ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
+ if(node == NULL) {
+ fprintf(stderr, "Error: start node not found in \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* create signature context */
+ dsigCtx = xmlSecDSigCtxCreate(mngr);
+ if(dsigCtx == NULL) {
+ fprintf(stderr,"Error: failed to create signature context\n");
+ goto done;
+ }
+
+ /* Verify signature */
+ if(xmlSecDSigCtxVerify(dsigCtx, node) &lt; 0) {
+ fprintf(stderr,"Error: signature verify\n");
+ goto done;
+ }
+
+ /* print verification result to stdout */
+ if(dsigCtx-&gt;status == xmlSecDSigStatusSucceeded) {
+ fprintf(stdout, "Signature is OK\n");
+ } else {
+ fprintf(stdout, "Signature is INVALID\n");
+ }
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(dsigCtx != NULL) {
+ xmlSecDSigCtxDestroy(dsigCtx);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+ </pre>
+<p></p>
+</div>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-verify-with-key.html"><b>&lt;&lt;&lt; Verifying a signature with a single key.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-verify-with-x509.html"><b>Verifying a signature with X509 certificates. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-verify-with-restrictions.html b/docs/api/xmlsec-verify-with-restrictions.html
new file mode 100644
index 00000000..b910c137
--- /dev/null
+++ b/docs/api/xmlsec-verify-with-restrictions.html
@@ -0,0 +1,715 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Verifying a signature with additional restrictions.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Examples." href="xmlsec-examples.html">
+<link rel="PREVIOUS" title="Verifying a signature with X509 certificates." href="xmlsec-verify-with-x509.html">
+<link rel="NEXT" title="Encrypting data with a template file." href="xmlsec-encrypt-template-file.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-verify-with-x509.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-examples.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-encrypt-template-file.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-VERIFY-WITH-RESTRICTIONS">Verifying a signature with additional restrictions.</a></h1>
+<br clear="all"><div class="SECT2">
+<h2 class="SECT2"><a name="XMLSEC-EXAMPLE-VERIFY4">verify4.c</a></h2>
+<p></p>
+<div class="INFORMALEXAMPLE">
+<p></p>
+<a name="AEN722"></a><pre class="PROGRAMLISTING">/**
+ * XML Security Library example: Verifying a simple SAML response with X509 certificate
+ *
+ * Verifies a simple SAML response. In addition to refular verification
+ * we ensure that the signature has only one &lt;dsig:Reference/&gt; element
+ * with an empty or NULL URI attribute and one enveloped signature transform
+ * as it is required by SAML specification.
+ *
+ * This example was developed and tested with OpenSSL crypto library. The
+ * certificates management policies for another crypto library may break it.
+ *
+ * Usage:
+ * verify4 &lt;signed-file&gt; &lt;trusted-cert-pem-file1&gt; [&lt;trusted-cert-pem-file2&gt; [...]]
+ *
+ * Example (sucecess):
+ * ./verify4 verify4-res.xml rootcert.pem
+ *
+ * Example (failure):
+ * ./verify4 verify4-bad-res.xml rootcert.pem
+ * In the same time, verify3 example successfuly verifies this signature:
+ * ./verify3 verify4-bad-res.xml rootcert.pem
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin &lt;aleksey@aleksey.com&gt;
+ */
+#include &lt;stdlib.h&gt;
+#include &lt;string.h&gt;
+#include &lt;assert.h&gt;
+
+#include &lt;libxml/tree.h&gt;
+#include &lt;libxml/xmlmemory.h&gt;
+#include &lt;libxml/parser.h&gt;
+
+#ifndef XMLSEC_NO_XSLT
+#include &lt;libxslt/xslt.h&gt;
+#include &lt;libxslt/security.h&gt;
+#endif /* XMLSEC_NO_XSLT */
+
+#include &lt;xmlsec/xmlsec.h&gt;
+#include &lt;xmlsec/xmltree.h&gt;
+#include &lt;xmlsec/xmldsig.h&gt;
+#include &lt;xmlsec/crypto.h&gt;
+
+xmlSecKeysMngrPtr load_trusted_certs(char** files, int files_size);
+int verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file);
+
+int
+main(int argc, char **argv) {
+#ifndef XMLSEC_NO_XSLT
+ xsltSecurityPrefsPtr xsltSecPrefs = NULL;
+#endif /* XMLSEC_NO_XSLT */
+ xmlSecKeysMngrPtr mngr;
+
+ assert(argv);
+
+ if(argc &lt; 3) {
+ fprintf(stderr, "Error: wrong number of arguments.\n");
+ fprintf(stderr, "Usage: %s &lt;xml-file&gt; &lt;cert-file1&gt; [&lt;cert-file2&gt; [...]]\n", argv[0]);
+ return(1);
+ }
+
+ /* Init libxml and libxslt libraries */
+ xmlInitParser();
+ LIBXML_TEST_VERSION
+ xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ xmlSubstituteEntitiesDefault(1);
+#ifndef XMLSEC_NO_XSLT
+ xmlIndentTreeOutput = 1;
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init libxslt */
+#ifndef XMLSEC_NO_XSLT
+ /* disable everything */
+ xsltSecPrefs = xsltNewSecurityPrefs();
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid);
+ xsltSetDefaultSecurityPrefs(xsltSecPrefs);
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init xmlsec library */
+ if(xmlSecInit() &lt; 0) {
+ fprintf(stderr, "Error: xmlsec initialization failed.\n");
+ return(-1);
+ }
+
+ /* Check loaded library version */
+ if(xmlSecCheckVersion() != 1) {
+ fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n");
+ return(-1);
+ }
+
+ /* Load default crypto engine if we are supporting dynamic
+ * loading for xmlsec-crypto libraries. Use the crypto library
+ * name ("openssl", "nss", etc.) to load corresponding
+ * xmlsec-crypto library.
+ */
+#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+ if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) &lt; 0) {
+ fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n"
+ "that you have it installed and check shared libraries path\n"
+ "(LD_LIBRARY_PATH) envornment variable.\n");
+ return(-1);
+ }
+#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+
+ /* Init crypto library */
+ if(xmlSecCryptoAppInit(NULL) &lt; 0) {
+ fprintf(stderr, "Error: crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* Init xmlsec-crypto library */
+ if(xmlSecCryptoInit() &lt; 0) {
+ fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* create keys manager and load trusted certificates */
+ mngr = load_trusted_certs(&amp;(argv[2]), argc - 2);
+ if(mngr == NULL) {
+ return(-1);
+ }
+
+ /* verify file */
+ if(verify_file(mngr, argv[1]) &lt; 0) {
+ xmlSecKeysMngrDestroy(mngr);
+ return(-1);
+ }
+
+ /* destroy keys manager */
+ xmlSecKeysMngrDestroy(mngr);
+
+ /* Shutdown xmlsec-crypto library */
+ xmlSecCryptoShutdown();
+
+ /* Shutdown crypto library */
+ xmlSecCryptoAppShutdown();
+
+ /* Shutdown xmlsec library */
+ xmlSecShutdown();
+
+ /* Shutdown libxslt/libxml */
+#ifndef XMLSEC_NO_XSLT
+ xsltFreeSecurityPrefs(xsltSecPrefs);
+ xsltCleanupGlobals();
+#endif /* XMLSEC_NO_XSLT */
+ xmlCleanupParser();
+
+ return(0);
+}
+
+/**
+ * load_trusted_certs:
+ * @files: the list of filenames.
+ * @files_size: the number of filenames in #files.
+ *
+ * Creates simple keys manager and load trusted certificates from PEM #files.
+ * The caller is responsible for destroing returned keys manager using
+ * @xmlSecKeysMngrDestroy.
+ *
+ * Returns the pointer to newly created keys manager or NULL if an error
+ * occurs.
+ */
+xmlSecKeysMngrPtr
+load_trusted_certs(char** files, int files_size) {
+ xmlSecKeysMngrPtr mngr;
+ int i;
+
+ assert(files);
+ assert(files_size &gt; 0);
+
+ /* create and initialize keys manager, we use a simple list based
+ * keys manager, implement your own xmlSecKeysStore klass if you need
+ * something more sophisticated
+ */
+ mngr = xmlSecKeysMngrCreate();
+ if(mngr == NULL) {
+ fprintf(stderr, "Error: failed to create keys manager.\n");
+ return(NULL);
+ }
+ if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) &lt; 0) {
+ fprintf(stderr, "Error: failed to initialize keys manager.\n");
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ for(i = 0; i &lt; files_size; ++i) {
+ assert(files[i]);
+
+ /* load trusted cert */
+ if(xmlSecCryptoAppKeysMngrCertLoad(mngr, files[i], xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) &lt; 0) {
+ fprintf(stderr,"Error: failed to load pem certificate from \"%s\"\n", files[i]);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+ }
+
+ return(mngr);
+}
+
+/**
+ * verify_file:
+ * @mngr: the pointer to keys manager.
+ * @xml_file: the signed XML file name.
+ *
+ * Verifies XML signature in #xml_file.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr node = NULL;
+ xmlSecDSigCtxPtr dsigCtx = NULL;
+ int res = -1;
+
+ assert(mngr);
+ assert(xml_file);
+
+ /* load file */
+ doc = xmlParseFile(xml_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* find start node */
+ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
+ if(node == NULL) {
+ fprintf(stderr, "Error: start node not found in \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* create signature context */
+ dsigCtx = xmlSecDSigCtxCreate(mngr);
+ if(dsigCtx == NULL) {
+ fprintf(stderr,"Error: failed to create signature context\n");
+ goto done;
+ }
+
+ /* limit the Reference URI attributes to empty or NULL */
+ dsigCtx-&gt;enabledReferenceUris = xmlSecTransformUriTypeEmpty;
+
+ /* limit allowed transforms for siganture and reference processing */
+ if((xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformInclC14NId) &lt; 0) ||
+ (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformExclC14NId) &lt; 0) ||
+ (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformSha1Id) &lt; 0) ||
+ (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformRsaSha1Id) &lt; 0)) {
+
+ fprintf(stderr,"Error: failed to limit allowed siganture transforms\n");
+ goto done;
+ }
+ if((xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformInclC14NId) &lt; 0) ||
+ (xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformExclC14NId) &lt; 0) ||
+ (xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformSha1Id) &lt; 0) ||
+ (xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformEnvelopedId) &lt; 0)) {
+
+ fprintf(stderr,"Error: failed to limit allowed reference transforms\n");
+ goto done;
+ }
+
+ /* in addition, limit possible key data to valid X509 certificates only */
+ if(xmlSecPtrListAdd(&amp;(dsigCtx-&gt;keyInfoReadCtx.enabledKeyData), BAD_CAST xmlSecKeyDataX509Id) &lt; 0) {
+ fprintf(stderr,"Error: failed to limit allowed key data\n");
+ goto done;
+ }
+
+ /* Verify signature */
+ if(xmlSecDSigCtxVerify(dsigCtx, node) &lt; 0) {
+ fprintf(stderr,"Error: signature verify\n");
+ goto done;
+ }
+
+ /* check that we have only one Reference */
+ if((dsigCtx-&gt;status == xmlSecDSigStatusSucceeded) &amp;&amp;
+ (xmlSecPtrListGetSize(&amp;(dsigCtx-&gt;signedInfoReferences)) != 1)) {
+
+ fprintf(stderr,"Error: only one reference is allowed\n");
+ goto done;
+ }
+
+ /* print verification result to stdout */
+ if(dsigCtx-&gt;status == xmlSecDSigStatusSucceeded) {
+ fprintf(stdout, "Signature is OK\n");
+ } else {
+ fprintf(stdout, "Signature is INVALID\n");
+ }
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(dsigCtx != NULL) {
+ xmlSecDSigCtxDestroy(dsigCtx);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+ </pre>
+<p></p>
+</div>
+</div>
+<br clear="all"><div class="SECT2">
+<h2 class="SECT2"><a name="XMLSEC-EXAMPLE-VERIFY4-TMPL">verify4-tmpl.xml</a></h2>
+<p></p>
+<div class="INFORMALEXAMPLE">
+<p></p>
+<a name="AEN727"></a><pre class="PROGRAMLISTING">&lt;?xml version="1.0" encoding="UTF-8"?&gt;
+&lt;!--
+XML Security Library example: A simple SAML response template (verify4 example).
+
+Sign it using the following command (replace __ with double dashes):
+
+ ../apps/xmlsec sign __privkey rsakey.pem,rsacert.pem __output verify4-res.xml verify4-tmpl.xml
+--&gt;
+&lt;Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="2002-04-18T16:56:54Z" MajorVersion="1" MinorVersion="0" Recipient="https://shire.target.com" ResponseID="7ddc31-ed4a03d703-FB24AD27D96135B68C99FB9AACFE2FFC"&gt;
+ &lt;dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"&gt;
+ &lt;dsig:SignedInfo&gt;
+ &lt;dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/&gt;
+ &lt;dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/&gt;
+ &lt;dsig:Reference URI=""&gt;
+ &lt;dsig:Transforms&gt;
+ &lt;dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/&gt;
+ &lt;/dsig:Transforms&gt;
+ &lt;dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/&gt;
+ &lt;dsig:DigestValue/&gt;
+ &lt;/dsig:Reference&gt;
+ &lt;/dsig:SignedInfo&gt;
+ &lt;dsig:SignatureValue/&gt;
+ &lt;dsig:KeyInfo&gt;
+ &lt;dsig:X509Data/&gt;
+ &lt;/dsig:KeyInfo&gt;
+ &lt;/dsig:Signature&gt;
+ &lt;Status&gt;
+ &lt;StatusCode Value="samlp:Success"/&gt;
+ &lt;/Status&gt;
+ &lt;Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="7ddc31-ed4a03d735-FB24AD27D96135B68C99FB9AACFE2FFC" IssueInstant="2002-04-18T16:56:54Z" Issuer="hs.osu.edu" MajorVersion="1" MinorVersion="0"&gt;
+ &lt;Conditions NotBefore="2002-04-18T16:56:54Z" NotOnOrAfter="2002-04-18T17:01:54Z"&gt;
+ &lt;AudienceRestrictionCondition&gt;
+ &lt;Audience&gt;http://middleware.internet2.edu/shibboleth/clubs/clubshib/1.0/&lt;/Audience&gt;
+ &lt;/AudienceRestrictionCondition&gt;
+ &lt;/Conditions&gt;
+ &lt;AuthenticationStatement AuthenticationInstant="2002-04-18T16:56:53Z" AuthenticationMethod="urn:mace:shibboleth:authmethod"&gt;
+ &lt;Subject&gt;
+ &lt;NameIdentifier Format="urn:mace:shibboleth:1.0:handle" NameQualifier="osu.edu"&gt;foo&lt;/NameIdentifier&gt;
+ &lt;SubjectConfirmation&gt;
+ &lt;ConfirmationMethod&gt;urn:oasis:names:tc:SAML:1.0:cm:Bearer&lt;/ConfirmationMethod&gt;
+ &lt;/SubjectConfirmation&gt;
+ &lt;/Subject&gt;
+ &lt;SubjectLocality IPAddress="127.0.0.1"/&gt;
+ &lt;AuthorityBinding AuthorityKind="samlp:AttributeQuery" Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://aa.osu.edu/"/&gt;
+ &lt;/AuthenticationStatement&gt;
+ &lt;/Assertion&gt;
+&lt;/Response&gt;</pre>
+<p></p>
+</div>
+</div>
+<br clear="all"><div class="SECT2">
+<h2 class="SECT2"><a name="XMLSEC-EXAMPLE-VERIFY4-RES">verify4-res.xml</a></h2>
+<p></p>
+<div class="INFORMALEXAMPLE">
+<p></p>
+<a name="AEN732"></a><pre class="PROGRAMLISTING">&lt;?xml version="1.0" encoding="UTF-8"?&gt;
+&lt;!--
+XML Security Library example: A simple SAML response template (verify4 example).
+
+This file was signed using the following command (replace __ with double dashes):
+
+ ../apps/xmlsec sign __privkey rsakey.pem,rsacert.pem __output verify4-res.xml verify4-tmpl.xml
+--&gt;
+&lt;Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="2002-04-18T16:56:54Z" MajorVersion="1" MinorVersion="0" Recipient="https://shire.target.com" ResponseID="7ddc31-ed4a03d703-FB24AD27D96135B68C99FB9AACFE2FFC"&gt;
+ &lt;dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"&gt;
+ &lt;dsig:SignedInfo&gt;
+ &lt;dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/&gt;
+ &lt;dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/&gt;
+ &lt;dsig:Reference URI=""&gt;
+ &lt;dsig:Transforms&gt;
+ &lt;dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/&gt;
+ &lt;/dsig:Transforms&gt;
+ &lt;dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/&gt;
+ &lt;dsig:DigestValue&gt;t1nvDq1bZXEhBIXc/DHcqIrjRyI=&lt;/dsig:DigestValue&gt;
+ &lt;/dsig:Reference&gt;
+ &lt;/dsig:SignedInfo&gt;
+ &lt;dsig:SignatureValue&gt;EsNm7mOj9XY6pq1bfeuzFd1F/LQwbc1K/YgOYgrElk4tr8BhSd5OcrzXBgsivPvm
+HpjvSOBkjctGOFVE7x+6+G8TMudTja1IchEmGMh+pjMBlGNpvxSTedwtnoZBGWAz
+RlfRhRFThskup0T7Or+VBHYygPGM3gmwX0ZWVYpNzM/rfYSk7+obgIp9DxLDIXlW
+oLrJGVivubE+T63CPfBPaUIv1CbfBAzdo+11+8CiVsdWn2qwtGe5Fsmc3eCg06Oj
+sl1nyCIu3AONq1w8jIPOgmITF8PpwDm0+XoQUH0P4kHJqNLphnJZY+GlPAC6VlAW
+2bcAFr4Ul5yzHUBpxCDZfg==&lt;/dsig:SignatureValue&gt;
+ &lt;dsig:KeyInfo&gt;
+ &lt;dsig:X509Data&gt;
+&lt;X509Certificate xmlns="http://www.w3.org/2000/09/xmldsig#"&gt;MIIE3zCCBEigAwIBAgIBBTANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTE9MDsGA1UE
+ChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20v
+eG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxl
+a3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4X
+DTAzMDMzMTA0MDIyMloXDTEzMDMyODA0MDIyMlowgb8xCzAJBgNVBAYTAlVTMRMw
+EQYDVQQIEwpDYWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGlicmFy
+eSAoaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMpMSEwHwYDVQQLExhFeGFt
+cGxlcyBSU0EgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAf
+BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAJe4/rQ/gzV4FokE7CthjL/EXwCBSkXm2c3p4jyXO0Wt
+quaNC3dxBwFPfPl94hmq3ZFZ9PHPPbp4RpYRnLZbRjlzVSOq954AXOXpSew7nD+E
+mTqQrd9+ZIbGJnLOMQh5fhMVuOW/1lYCjWAhTCcYZPv7VXD2M70vVXDVXn6ZrqTg
+qkVHE6gw1aCKncwg7OSOUclUxX8+Zi10v6N6+PPslFc5tKwAdWJhVLTQ4FKG+F53
+7FBDnNK6p4xiWryy/vPMYn4jYGvHUUk3eH4lFTCr+rSuJY8i/KNIf/IKim7g/o3w
+Ae3GM8xrof2mgO8GjK/2QDqOQhQgYRIf4/wFsQXVZcMCAwEAAaOCAVcwggFTMAkG
+A1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRp
+ZmljYXRlMB0GA1UdDgQWBBQkhCzy1FkgYosuXIaQo6owuicanDCB+AYDVR0jBIHw
+MIHtgBS0ue+a5pcOaGUemM76VQ2JBttMfKGB0aSBzjCByzELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTE9MDsGA1UE
+ChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20v
+eG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxl
+a3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggEA
+MA0GCSqGSIb3DQEBBAUAA4GBALU/mzIxSv8vhDuomxFcplzwdlLZbvSQrfoNkMGY
+1UoS3YJrN+jZLWKSyWE3mIaPpElqXiXQGGkwD5iPQ1iJMbI7BeLvx6ZxX/f+c8Wn
+ss0uc1NxfahMaBoyG15IL4+beqO182fosaKJTrJNG3mc//ANGU9OsQM9mfBEt4oL
+NJ2D&lt;/X509Certificate&gt;
+&lt;/dsig:X509Data&gt;
+ &lt;/dsig:KeyInfo&gt;
+ &lt;/dsig:Signature&gt;
+ &lt;Status&gt;
+ &lt;StatusCode Value="samlp:Success"/&gt;
+ &lt;/Status&gt;
+ &lt;Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="7ddc31-ed4a03d735-FB24AD27D96135B68C99FB9AACFE2FFC" IssueInstant="2002-04-18T16:56:54Z" Issuer="hs.osu.edu" MajorVersion="1" MinorVersion="0"&gt;
+ &lt;Conditions NotBefore="2002-04-18T16:56:54Z" NotOnOrAfter="2002-04-18T17:01:54Z"&gt;
+ &lt;AudienceRestrictionCondition&gt;
+ &lt;Audience&gt;http://middleware.internet2.edu/shibboleth/clubs/clubshib/1.0/&lt;/Audience&gt;
+ &lt;/AudienceRestrictionCondition&gt;
+ &lt;/Conditions&gt;
+ &lt;AuthenticationStatement AuthenticationInstant="2002-04-18T16:56:53Z" AuthenticationMethod="urn:mace:shibboleth:authmethod"&gt;
+ &lt;Subject&gt;
+ &lt;NameIdentifier Format="urn:mace:shibboleth:1.0:handle" NameQualifier="osu.edu"&gt;foo&lt;/NameIdentifier&gt;
+ &lt;SubjectConfirmation&gt;
+ &lt;ConfirmationMethod&gt;urn:oasis:names:tc:SAML:1.0:cm:Bearer&lt;/ConfirmationMethod&gt;
+ &lt;/SubjectConfirmation&gt;
+ &lt;/Subject&gt;
+ &lt;SubjectLocality IPAddress="127.0.0.1"/&gt;
+ &lt;AuthorityBinding AuthorityKind="samlp:AttributeQuery" Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://aa.osu.edu/"/&gt;
+ &lt;/AuthenticationStatement&gt;
+ &lt;/Assertion&gt;
+&lt;/Response&gt;</pre>
+<p></p>
+</div>
+</div>
+<br clear="all"><div class="SECT2">
+<h2 class="SECT2"><a name="XMLSEC-EXAMPLE-VERIFY4-BAD-TMPL">verify4-bad-tmpl.xml</a></h2>
+<p></p>
+<div class="INFORMALEXAMPLE">
+<p></p>
+<a name="AEN737"></a><pre class="PROGRAMLISTING">&lt;?xml version="1.0" encoding="UTF-8"?&gt;
+&lt;!--
+XML Security Library example: A simple bad SAML response template (verify4 example).
+
+Sign it using the following command (replace __ with double dashes):
+
+ ../apps/xmlsec sign __privkey rsakey.pem,rsacert.pem __output verify4--bad-res.xml verify4-bad-tmpl.xml
+--&gt;
+&lt;Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="2002-04-18T16:56:54Z" MajorVersion="1" MinorVersion="0" Recipient="https://shire.target.com" ResponseID="7ddc31-ed4a03d703-FB24AD27D96135B68C99FB9AACFE2FFC"&gt;
+ &lt;dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"&gt;
+ &lt;dsig:SignedInfo&gt;
+ &lt;dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/&gt;
+ &lt;dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/&gt;
+ &lt;dsig:Reference URI=""&gt;
+ &lt;dsig:Transforms&gt;
+ &lt;dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/&gt;
+ &lt;dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"&gt;
+ &lt;dsig:XPath xmlns:samlp_xpath="urn:oasis:names:tc:SAML:1.0:protocol" &gt;
+ count(ancestor-or-self::samlp_xpath:Response |
+ here()/ancestor::samlp_xpath:Response[1]) =
+ count(ancestor-or-self::samlp_xpath:Response)
+ &lt;/dsig:XPath&gt;
+ &lt;/dsig:Transform&gt;
+ &lt;/dsig:Transforms&gt;
+ &lt;dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/&gt;
+ &lt;dsig:DigestValue/&gt;
+ &lt;/dsig:Reference&gt;
+ &lt;/dsig:SignedInfo&gt;
+ &lt;dsig:SignatureValue/&gt;
+ &lt;dsig:KeyInfo&gt;
+ &lt;dsig:X509Data/&gt;
+ &lt;/dsig:KeyInfo&gt;
+ &lt;/dsig:Signature&gt;
+ &lt;Status&gt;
+ &lt;StatusCode Value="samlp:Success"/&gt;
+ &lt;/Status&gt;
+ &lt;Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="7ddc31-ed4a03d735-FB24AD27D96135B68C99FB9AACFE2FFC" IssueInstant="2002-04-18T16:56:54Z" Issuer="hs.osu.edu" MajorVersion="1" MinorVersion="0"&gt;
+ &lt;Conditions NotBefore="2002-04-18T16:56:54Z" NotOnOrAfter="2002-04-18T17:01:54Z"&gt;
+ &lt;AudienceRestrictionCondition&gt;
+ &lt;Audience&gt;http://middleware.internet2.edu/shibboleth/clubs/clubshib/1.0/&lt;/Audience&gt;
+ &lt;/AudienceRestrictionCondition&gt;
+ &lt;/Conditions&gt;
+ &lt;AuthenticationStatement AuthenticationInstant="2002-04-18T16:56:53Z" AuthenticationMethod="urn:mace:shibboleth:authmethod"&gt;
+ &lt;Subject&gt;
+ &lt;NameIdentifier Format="urn:mace:shibboleth:1.0:handle" NameQualifier="osu.edu"&gt;foo&lt;/NameIdentifier&gt;
+ &lt;SubjectConfirmation&gt;
+ &lt;ConfirmationMethod&gt;urn:oasis:names:tc:SAML:1.0:cm:Bearer&lt;/ConfirmationMethod&gt;
+ &lt;/SubjectConfirmation&gt;
+ &lt;/Subject&gt;
+ &lt;SubjectLocality IPAddress="127.0.0.1"/&gt;
+ &lt;AuthorityBinding AuthorityKind="samlp:AttributeQuery" Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://aa.osu.edu/"/&gt;
+ &lt;/AuthenticationStatement&gt;
+ &lt;/Assertion&gt;
+&lt;/Response&gt;</pre>
+<p></p>
+</div>
+</div>
+<br clear="all"><div class="SECT2">
+<h2 class="SECT2"><a name="XMLSEC-EXAMPLE-VERIFY4-BAD-RES">verify4-bad-res.xml</a></h2>
+<p></p>
+<div class="INFORMALEXAMPLE">
+<p></p>
+<a name="AEN742"></a><pre class="PROGRAMLISTING">&lt;?xml version="1.0" encoding="UTF-8"?&gt;
+&lt;!--
+XML Security Library example: A simple bad SAML response (verify4 example).
+
+This file could be verified with verify3 example (signature is valid)
+but verify4 example fails because of XPath transform which is not allowed
+in a simple SAML response.
+
+This file was created from a template with the following command (replace __ with double dashes):
+ ../apps/xmlsec sign __privkey rsakey.pem,rsacert.pem __output verify4-bad-res.xml verify4-bad-tmpl.xml
+--&gt;
+&lt;Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="2002-04-18T16:56:54Z" MajorVersion="1" MinorVersion="0" Recipient="https://shire.target.com" ResponseID="7ddc31-ed4a03d703-FB24AD27D96135B68C99FB9AACFE2FFC"&gt;
+ &lt;dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"&gt;
+ &lt;dsig:SignedInfo&gt;
+ &lt;dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/&gt;
+ &lt;dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/&gt;
+ &lt;dsig:Reference URI=""&gt;
+ &lt;dsig:Transforms&gt;
+ &lt;dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/&gt;
+ &lt;dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"&gt;
+ &lt;dsig:XPath xmlns:samlp_xpath="urn:oasis:names:tc:SAML:1.0:protocol"&gt;
+ count(ancestor-or-self::samlp_xpath:Response |
+ here()/ancestor::samlp_xpath:Response[1]) =
+ count(ancestor-or-self::samlp_xpath:Response)
+ &lt;/dsig:XPath&gt;
+ &lt;/dsig:Transform&gt;
+ &lt;/dsig:Transforms&gt;
+ &lt;dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/&gt;
+ &lt;dsig:DigestValue&gt;t1nvDq1bZXEhBIXc/DHcqIrjRyI=&lt;/dsig:DigestValue&gt;
+ &lt;/dsig:Reference&gt;
+ &lt;/dsig:SignedInfo&gt;
+ &lt;dsig:SignatureValue&gt;PipZFFmmYcSnSU9p5AcOmFbRYoeatERYPy4IRk+jU26xk9sAM6yfhXtbK8csl/0w
+rjODj1jGcydBGP9I8kFAfHyZ+Ls+A+53oMNl+tGWfe8iICMowIU1HCxJtPrgbTKk
+1gc+VnYJ3IXhoVneeQKqzilXwA5X7FW7hgIecb5KwLShYV3iO8+z8pzt3NEGKAGQ
+p/lQmO3EQR4Zu0bCSOk6zXdlOhe5dPVFXJQLlE8Zz3WjGQNo0l4op0ZXKf1B+syH
+blHx0tnPQDtSBzQdKohJV39UgkGnL3rd5ggBzyXemjMTX8eFxNZ7bh4UgZ+Wo74W
+Zb4ompTc2ImxJfbpszWp8w==&lt;/dsig:SignatureValue&gt;
+ &lt;dsig:KeyInfo&gt;
+ &lt;dsig:X509Data&gt;
+&lt;X509Certificate xmlns="http://www.w3.org/2000/09/xmldsig#"&gt;MIIE3zCCBEigAwIBAgIBBTANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTE9MDsGA1UE
+ChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20v
+eG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxl
+a3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4X
+DTAzMDMzMTA0MDIyMloXDTEzMDMyODA0MDIyMlowgb8xCzAJBgNVBAYTAlVTMRMw
+EQYDVQQIEwpDYWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGlicmFy
+eSAoaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMpMSEwHwYDVQQLExhFeGFt
+cGxlcyBSU0EgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAf
+BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAJe4/rQ/gzV4FokE7CthjL/EXwCBSkXm2c3p4jyXO0Wt
+quaNC3dxBwFPfPl94hmq3ZFZ9PHPPbp4RpYRnLZbRjlzVSOq954AXOXpSew7nD+E
+mTqQrd9+ZIbGJnLOMQh5fhMVuOW/1lYCjWAhTCcYZPv7VXD2M70vVXDVXn6ZrqTg
+qkVHE6gw1aCKncwg7OSOUclUxX8+Zi10v6N6+PPslFc5tKwAdWJhVLTQ4FKG+F53
+7FBDnNK6p4xiWryy/vPMYn4jYGvHUUk3eH4lFTCr+rSuJY8i/KNIf/IKim7g/o3w
+Ae3GM8xrof2mgO8GjK/2QDqOQhQgYRIf4/wFsQXVZcMCAwEAAaOCAVcwggFTMAkG
+A1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRp
+ZmljYXRlMB0GA1UdDgQWBBQkhCzy1FkgYosuXIaQo6owuicanDCB+AYDVR0jBIHw
+MIHtgBS0ue+a5pcOaGUemM76VQ2JBttMfKGB0aSBzjCByzELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTE9MDsGA1UE
+ChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20v
+eG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxl
+a3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggEA
+MA0GCSqGSIb3DQEBBAUAA4GBALU/mzIxSv8vhDuomxFcplzwdlLZbvSQrfoNkMGY
+1UoS3YJrN+jZLWKSyWE3mIaPpElqXiXQGGkwD5iPQ1iJMbI7BeLvx6ZxX/f+c8Wn
+ss0uc1NxfahMaBoyG15IL4+beqO182fosaKJTrJNG3mc//ANGU9OsQM9mfBEt4oL
+NJ2D&lt;/X509Certificate&gt;
+&lt;/dsig:X509Data&gt;
+ &lt;/dsig:KeyInfo&gt;
+ &lt;/dsig:Signature&gt;
+ &lt;Status&gt;
+ &lt;StatusCode Value="samlp:Success"/&gt;
+ &lt;/Status&gt;
+ &lt;Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="7ddc31-ed4a03d735-FB24AD27D96135B68C99FB9AACFE2FFC" IssueInstant="2002-04-18T16:56:54Z" Issuer="hs.osu.edu" MajorVersion="1" MinorVersion="0"&gt;
+ &lt;Conditions NotBefore="2002-04-18T16:56:54Z" NotOnOrAfter="2002-04-18T17:01:54Z"&gt;
+ &lt;AudienceRestrictionCondition&gt;
+ &lt;Audience&gt;http://middleware.internet2.edu/shibboleth/clubs/clubshib/1.0/&lt;/Audience&gt;
+ &lt;/AudienceRestrictionCondition&gt;
+ &lt;/Conditions&gt;
+ &lt;AuthenticationStatement AuthenticationInstant="2002-04-18T16:56:53Z" AuthenticationMethod="urn:mace:shibboleth:authmethod"&gt;
+ &lt;Subject&gt;
+ &lt;NameIdentifier Format="urn:mace:shibboleth:1.0:handle" NameQualifier="osu.edu"&gt;foo&lt;/NameIdentifier&gt;
+ &lt;SubjectConfirmation&gt;
+ &lt;ConfirmationMethod&gt;urn:oasis:names:tc:SAML:1.0:cm:Bearer&lt;/ConfirmationMethod&gt;
+ &lt;/SubjectConfirmation&gt;
+ &lt;/Subject&gt;
+ &lt;SubjectLocality IPAddress="127.0.0.1"/&gt;
+ &lt;AuthorityBinding AuthorityKind="samlp:AttributeQuery" Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://aa.osu.edu/"/&gt;
+ &lt;/AuthenticationStatement&gt;
+ &lt;/Assertion&gt;
+&lt;/Response&gt;</pre>
+<p></p>
+</div>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-verify-with-x509.html"><b>&lt;&lt;&lt; Verifying a signature with X509 certificates.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-encrypt-template-file.html"><b>Encrypting data with a template file. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-verify-with-x509.html b/docs/api/xmlsec-verify-with-x509.html
new file mode 100644
index 00000000..8ee5478e
--- /dev/null
+++ b/docs/api/xmlsec-verify-with-x509.html
@@ -0,0 +1,369 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Verifying a signature with X509 certificates.</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="Examples." href="xmlsec-examples.html">
+<link rel="PREVIOUS" title="Verifying a signature with keys manager." href="xmlsec-verify-with-keys-mngr.html">
+<link rel="NEXT" title="Verifying a signature with additional restrictions." href="xmlsec-verify-with-restrictions.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-verify-with-keys-mngr.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-examples.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-verify-with-restrictions.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<br clear="all"><div class="SECT1">
+<h1 class="SECT1"><a name="XMLSEC-VERIFY-WITH-X509">Verifying a signature with X509 certificates.</a></h1>
+<br clear="all"><div class="SECT2">
+<h2 class="SECT2"><a name="XMLSEC-EXAMPLE-VERIFY3">verify3.c</a></h2>
+<p></p>
+<div class="INFORMALEXAMPLE">
+<p></p>
+<a name="AEN715"></a><pre class="PROGRAMLISTING">/**
+ * XML Security Library example: Verifying a file signed with X509 certificate
+ *
+ * Verifies a file signed with X509 certificate.
+ *
+ * This example was developed and tested with OpenSSL crypto library. The
+ * certificates management policies for another crypto library may break it.
+ *
+ * Usage:
+ * verify3 &lt;signed-file&gt; &lt;trusted-cert-pem-file1&gt; [&lt;trusted-cert-pem-file2&gt; [...]]
+ *
+ * Example:
+ * ./verify3 sign3-res.xml rootcert.pem
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin &lt;aleksey@aleksey.com&gt;
+ */
+#include &lt;stdlib.h&gt;
+#include &lt;string.h&gt;
+#include &lt;assert.h&gt;
+
+#include &lt;libxml/tree.h&gt;
+#include &lt;libxml/xmlmemory.h&gt;
+#include &lt;libxml/parser.h&gt;
+
+#ifndef XMLSEC_NO_XSLT
+#include &lt;libxslt/xslt.h&gt;
+#include &lt;libxslt/security.h&gt;
+#endif /* XMLSEC_NO_XSLT */
+
+#include &lt;xmlsec/xmlsec.h&gt;
+#include &lt;xmlsec/xmltree.h&gt;
+#include &lt;xmlsec/xmldsig.h&gt;
+#include &lt;xmlsec/crypto.h&gt;
+
+xmlSecKeysMngrPtr load_trusted_certs(char** files, int files_size);
+int verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file);
+
+int
+main(int argc, char **argv) {
+#ifndef XMLSEC_NO_XSLT
+ xsltSecurityPrefsPtr xsltSecPrefs = NULL;
+#endif /* XMLSEC_NO_XSLT */
+ xmlSecKeysMngrPtr mngr;
+
+ assert(argv);
+
+ if(argc &lt; 3) {
+ fprintf(stderr, "Error: wrong number of arguments.\n");
+ fprintf(stderr, "Usage: %s &lt;xml-file&gt; &lt;cert-file1&gt; [&lt;cert-file2&gt; [...]]\n", argv[0]);
+ return(1);
+ }
+
+ /* Init libxml and libxslt libraries */
+ xmlInitParser();
+ LIBXML_TEST_VERSION
+ xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ xmlSubstituteEntitiesDefault(1);
+#ifndef XMLSEC_NO_XSLT
+ xmlIndentTreeOutput = 1;
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init libxslt */
+#ifndef XMLSEC_NO_XSLT
+ /* disable everything */
+ xsltSecPrefs = xsltNewSecurityPrefs();
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid);
+ xsltSetDefaultSecurityPrefs(xsltSecPrefs);
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init xmlsec library */
+ if(xmlSecInit() &lt; 0) {
+ fprintf(stderr, "Error: xmlsec initialization failed.\n");
+ return(-1);
+ }
+
+ /* Check loaded library version */
+ if(xmlSecCheckVersion() != 1) {
+ fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n");
+ return(-1);
+ }
+
+ /* Load default crypto engine if we are supporting dynamic
+ * loading for xmlsec-crypto libraries. Use the crypto library
+ * name ("openssl", "nss", etc.) to load corresponding
+ * xmlsec-crypto library.
+ */
+#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+ if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) &lt; 0) {
+ fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n"
+ "that you have it installed and check shared libraries path\n"
+ "(LD_LIBRARY_PATH) envornment variable.\n");
+ return(-1);
+ }
+#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+
+ /* Init crypto library */
+ if(xmlSecCryptoAppInit(NULL) &lt; 0) {
+ fprintf(stderr, "Error: crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* Init xmlsec-crypto library */
+ if(xmlSecCryptoInit() &lt; 0) {
+ fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* create keys manager and load trusted certificates */
+ mngr = load_trusted_certs(&amp;(argv[2]), argc - 2);
+ if(mngr == NULL) {
+ return(-1);
+ }
+
+ /* verify file */
+ if(verify_file(mngr, argv[1]) &lt; 0) {
+ xmlSecKeysMngrDestroy(mngr);
+ return(-1);
+ }
+
+ /* destroy keys manager */
+ xmlSecKeysMngrDestroy(mngr);
+
+ /* Shutdown xmlsec-crypto library */
+ xmlSecCryptoShutdown();
+
+ /* Shutdown crypto library */
+ xmlSecCryptoAppShutdown();
+
+ /* Shutdown xmlsec library */
+ xmlSecShutdown();
+
+ /* Shutdown libxslt/libxml */
+#ifndef XMLSEC_NO_XSLT
+ xsltFreeSecurityPrefs(xsltSecPrefs);
+ xsltCleanupGlobals();
+#endif /* XMLSEC_NO_XSLT */
+ xmlCleanupParser();
+
+ return(0);
+}
+
+/**
+ * load_trusted_certs:
+ * @files: the list of filenames.
+ * @files_size: the number of filenames in #files.
+ *
+ * Creates simple keys manager and load trusted certificates from PEM #files.
+ * The caller is responsible for destroing returned keys manager using
+ * @xmlSecKeysMngrDestroy.
+ *
+ * Returns the pointer to newly created keys manager or NULL if an error
+ * occurs.
+ */
+xmlSecKeysMngrPtr
+load_trusted_certs(char** files, int files_size) {
+ xmlSecKeysMngrPtr mngr;
+ int i;
+
+ assert(files);
+ assert(files_size &gt; 0);
+
+ /* create and initialize keys manager, we use a simple list based
+ * keys manager, implement your own xmlSecKeysStore klass if you need
+ * something more sophisticated
+ */
+ mngr = xmlSecKeysMngrCreate();
+ if(mngr == NULL) {
+ fprintf(stderr, "Error: failed to create keys manager.\n");
+ return(NULL);
+ }
+ if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) &lt; 0) {
+ fprintf(stderr, "Error: failed to initialize keys manager.\n");
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ for(i = 0; i &lt; files_size; ++i) {
+ assert(files[i]);
+
+ /* load trusted cert */
+ if(xmlSecCryptoAppKeysMngrCertLoad(mngr, files[i], xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) &lt; 0) {
+ fprintf(stderr,"Error: failed to load pem certificate from \"%s\"\n", files[i]);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+ }
+
+ return(mngr);
+}
+
+/**
+ * verify_file:
+ * @mngr: the pointer to keys manager.
+ * @xml_file: the signed XML file name.
+ *
+ * Verifies XML signature in #xml_file.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr node = NULL;
+ xmlSecDSigCtxPtr dsigCtx = NULL;
+ int res = -1;
+
+ assert(mngr);
+ assert(xml_file);
+
+ /* load file */
+ doc = xmlParseFile(xml_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* find start node */
+ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
+ if(node == NULL) {
+ fprintf(stderr, "Error: start node not found in \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* create signature context */
+ dsigCtx = xmlSecDSigCtxCreate(mngr);
+ if(dsigCtx == NULL) {
+ fprintf(stderr,"Error: failed to create signature context\n");
+ goto done;
+ }
+
+ /* Verify signature */
+ if(xmlSecDSigCtxVerify(dsigCtx, node) &lt; 0) {
+ fprintf(stderr,"Error: signature verify\n");
+ goto done;
+ }
+
+ /* print verification result to stdout */
+ if(dsigCtx-&gt;status == xmlSecDSigStatusSucceeded) {
+ fprintf(stdout, "Signature is OK\n");
+ } else {
+ fprintf(stdout, "Signature is INVALID\n");
+ }
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(dsigCtx != NULL) {
+ xmlSecDSigCtxDestroy(dsigCtx);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+ </pre>
+<p></p>
+</div>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-verify-with-keys-mngr.html"><b>&lt;&lt;&lt; Verifying a signature with keys manager.</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-verify-with-restrictions.html"><b>Verifying a signature with additional restrictions. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-version.html b/docs/api/xmlsec-version.html
new file mode 100644
index 00000000..db8c0406
--- /dev/null
+++ b/docs/api/xmlsec-version.html
@@ -0,0 +1,143 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>version</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Core Library API Reference." href="xmlsec-ref.html">
+<link rel="PREVIOUS" title="transforms" href="xmlsec-transforms.html">
+<link rel="NEXT" title="xmldsig" href="xmlsec-xmldsig.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-transforms.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-xmldsig.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-VERSION"></a>version</h1>
+<div class="REFNAMEDIV">
+<a name="AEN21186"></a><h2>Name</h2>version -- Version macros.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-VERSION.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS">#define <a href="xmlsec-version.html#XMLSEC-VERSION:CAPS">XMLSEC_VERSION</a>
+#define <a href="xmlsec-version.html#XMLSEC-VERSION-MAJOR:CAPS">XMLSEC_VERSION_MAJOR</a>
+#define <a href="xmlsec-version.html#XMLSEC-VERSION-MINOR:CAPS">XMLSEC_VERSION_MINOR</a>
+#define <a href="xmlsec-version.html#XMLSEC-VERSION-SUBMINOR:CAPS">XMLSEC_VERSION_SUBMINOR</a>
+#define <a href="xmlsec-version.html#XMLSEC-VERSION-INFO:CAPS">XMLSEC_VERSION_INFO</a></pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-VERSION.DESCRIPTION"></a><h2>Description</h2>
+<p>Version macros.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-VERSION.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSEC-VERSION:CAPS"></a><h3>XMLSEC_VERSION</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_VERSION "1.2.18"</pre>
+<p>The library version string in the format
+"&lt;major-number&gt;.&lt;minor-number&gt;.&lt;sub-minor-number&gt;".</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-VERSION-MAJOR:CAPS"></a><h3>XMLSEC_VERSION_MAJOR</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_VERSION_MAJOR 1</pre>
+<p>The library major version number.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-VERSION-MINOR:CAPS"></a><h3>XMLSEC_VERSION_MINOR</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_VERSION_MINOR 2</pre>
+<p>The library minor version number.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-VERSION-SUBMINOR:CAPS"></a><h3>XMLSEC_VERSION_SUBMINOR</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_VERSION_SUBMINOR 18</pre>
+<p>The library sub-minor version number.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-VERSION-INFO:CAPS"></a><h3>XMLSEC_VERSION_INFO</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_VERSION_INFO "3:18:2"</pre>
+<p>The library version info string in the format
+"&lt;major-number&gt;+&lt;minor-number&gt;:&lt;sub-minor-number&gt;:&lt;minor-number&gt;".</p>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-transforms.html"><b>&lt;&lt;&lt; transforms</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-xmldsig.html"><b>xmldsig &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-x509.html b/docs/api/xmlsec-x509.html
new file mode 100644
index 00000000..7169a71c
--- /dev/null
+++ b/docs/api/xmlsec-x509.html
@@ -0,0 +1,181 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>x509</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Core Library API Reference." href="xmlsec-ref.html">
+<link rel="PREVIOUS" title="xmltree" href="xmlsec-xmltree.html">
+<link rel="NEXT" title="XML Security Library for OpenSLL API Reference." href="xmlsec-openssl-ref.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-xmltree.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-openssl-ref.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-X509"></a>x509</h1>
+<div class="REFNAMEDIV">
+<a name="AEN25796"></a><h2>Name</h2>x509 -- <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509Certificate" target="_top">&lt;dsig:X509Certificate/&gt;</a> node parser.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-X509.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS">#define <a href="xmlsec-x509.html#XMLSEC-X509DATA-CERTIFICATE-NODE:CAPS">XMLSEC_X509DATA_CERTIFICATE_NODE</a>
+#define <a href="xmlsec-x509.html#XMLSEC-X509DATA-SUBJECTNAME-NODE:CAPS">XMLSEC_X509DATA_SUBJECTNAME_NODE</a>
+#define <a href="xmlsec-x509.html#XMLSEC-X509DATA-ISSUERSERIAL-NODE:CAPS">XMLSEC_X509DATA_ISSUERSERIAL_NODE</a>
+#define <a href="xmlsec-x509.html#XMLSEC-X509DATA-SKI-NODE:CAPS">XMLSEC_X509DATA_SKI_NODE</a>
+#define <a href="xmlsec-x509.html#XMLSEC-X509DATA-CRL-NODE:CAPS">XMLSEC_X509DATA_CRL_NODE</a>
+#define <a href="xmlsec-x509.html#XMLSEC-X509DATA-DEFAULT:CAPS">XMLSEC_X509DATA_DEFAULT</a>
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-x509.html#XMLSECX509DATAGETNODECONTENT">xmlSecX509DataGetNodeContent</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> deleteChildren</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-X509.DESCRIPTION"></a><h2>Description</h2>
+<p><a href="http://www.w3.org/TR/xmldsig-core/#sec-X509Certificate" target="_top">&lt;dsig:X509Certificate/&gt;</a> node parser.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-X509.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSEC-X509DATA-CERTIFICATE-NODE:CAPS"></a><h3>XMLSEC_X509DATA_CERTIFICATE_NODE</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_X509DATA_CERTIFICATE_NODE 0x00000001</pre>
+<p><a href="http://www.w3.org/TR/xmldsig-core/#sec-X509Certificate" target="_top">&lt;dsig:X509Certificate/&gt;</a> node found or would be written back.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-X509DATA-SUBJECTNAME-NODE:CAPS"></a><h3>XMLSEC_X509DATA_SUBJECTNAME_NODE</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_X509DATA_SUBJECTNAME_NODE 0x00000002</pre>
+<p><a href="http://www.w3.org/TR/xmldsig-core/#sec-X509SubjectName" target="_top">&lt;dsig:X509SubjectName/&gt;</a> node found or would be written back.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-X509DATA-ISSUERSERIAL-NODE:CAPS"></a><h3>XMLSEC_X509DATA_ISSUERSERIAL_NODE</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_X509DATA_ISSUERSERIAL_NODE 0x00000004</pre>
+<p><a href="http://www.w3.org/TR/xmldsig-core/#sec-X509IssuerSerial" target="_top">&lt;dsig:X509IssuerSerial/&gt;</a> node found or would be written back.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-X509DATA-SKI-NODE:CAPS"></a><h3>XMLSEC_X509DATA_SKI_NODE</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_X509DATA_SKI_NODE 0x00000008</pre>
+<p>&lt;dsig:/X509SKI&gt; node found or would be written back.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-X509DATA-CRL-NODE:CAPS"></a><h3>XMLSEC_X509DATA_CRL_NODE</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_X509DATA_CRL_NODE 0x00000010</pre>
+<p><a href="http://www.w3.org/TR/xmldsig-core/#sec-X509CRL" target="_top">&lt;dsig:X509CRL/&gt;</a> node found or would be written back.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-X509DATA-DEFAULT:CAPS"></a><h3>XMLSEC_X509DATA_DEFAULT</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_X509DATA_DEFAULT</pre>
+<p>Default set of nodes to write in case of empty
+<a href="http://www.w3.org/TR/xmldsig-core/#sec-X509Data" target="_top">&lt;dsig:X509Data/&gt;</a> node template.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECX509DATAGETNODECONTENT"></a><h3>xmlSecX509DataGetNodeContent ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecX509DataGetNodeContent (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> deleteChildren</code>,
+ <code class="PARAMETER"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtxPtr</span></a> keyInfoCtx</code>);</pre>
+<p>Reads the contents of <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509Data" target="_top">&lt;dsig:X509Data/&gt;</a> node and returns it as
+a bits mask.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25887"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509Data" target="_top">&lt;dsig:X509Data/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25893"><span style="white-space: nowrap"><code class="PARAMETER">deleteChildren</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the flag that indicates whether to remove node children after reading.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25898"><span style="white-space: nowrap"><code class="PARAMETER">keyInfoCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> node processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25904"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the bit mask representing the <a href="http://www.w3.org/TR/xmldsig-core/#sec-X509Data" target="_top">&lt;dsig:X509Data/&gt;</a> node content
+or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-xmltree.html"><b>&lt;&lt;&lt; xmltree</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-openssl-ref.html"><b>XML Security Library for OpenSLL API Reference. &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-xmldsig.html b/docs/api/xmlsec-xmldsig.html
new file mode 100644
index 00000000..af6c63fb
--- /dev/null
+++ b/docs/api/xmlsec-xmldsig.html
@@ -0,0 +1,853 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>xmldsig</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Core Library API Reference." href="xmlsec-ref.html">
+<link rel="PREVIOUS" title="version" href="xmlsec-version.html">
+<link rel="NEXT" title="xmlenc" href="xmlsec-xmlenc.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-version.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-xmlenc.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-XMLDSIG"></a>xmldsig</h1>
+<div class="REFNAMEDIV">
+<a name="AEN21237"></a><h2>Name</h2>xmldsig -- XML Digital Signature support.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-XMLDSIG.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS">enum <a href="xmlsec-xmldsig.html#XMLSECDSIGSTATUS">xmlSecDSigStatus</a>;
+#define <a href="xmlsec-xmldsig.html#XMLSEC-DSIG-FLAGS-IGNORE-MANIFESTS:CAPS">XMLSEC_DSIG_FLAGS_IGNORE_MANIFESTS</a>
+#define <a href="xmlsec-xmldsig.html#XMLSEC-DSIG-FLAGS-STORE-SIGNEDINFO-REFERENCES:CAPS">XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES</a>
+#define <a href="xmlsec-xmldsig.html#XMLSEC-DSIG-FLAGS-STORE-MANIFEST-REFERENCES:CAPS">XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES</a>
+#define <a href="xmlsec-xmldsig.html#XMLSEC-DSIG-FLAGS-STORE-SIGNATURE:CAPS">XMLSEC_DSIG_FLAGS_STORE_SIGNATURE</a>
+#define <a href="xmlsec-xmldsig.html#XMLSEC-DSIG-FLAGS-USE-VISA3D-HACK:CAPS">XMLSEC_DSIG_FLAGS_USE_VISA3D_HACK</a>
+struct <a href="xmlsec-xmldsig.html#XMLSECDSIGCTX">xmlSecDSigCtx</a>;
+<gtkdoclink href="XMLSECDSIGCTXPTR"><span class="RETURNVALUE">xmlSecDSigCtxPtr</span></gtkdoclink><a href="xmlsec-xmldsig.html#XMLSECDSIGCTXCREATE">xmlSecDSigCtxCreate</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> keysMngr</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-xmldsig.html#XMLSECDSIGCTXDESTROY">xmlSecDSigCtxDestroy</a> (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGCTX"><span class="TYPE">xmlSecDSigCtxPtr</span></a> dsigCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmldsig.html#XMLSECDSIGCTXINITIALIZE">xmlSecDSigCtxInitialize</a> (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGCTX"><span class="TYPE">xmlSecDSigCtxPtr</span></a> dsigCtx</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> keysMngr</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-xmldsig.html#XMLSECDSIGCTXFINALIZE">xmlSecDSigCtxFinalize</a> (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGCTX"><span class="TYPE">xmlSecDSigCtxPtr</span></a> dsigCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmldsig.html#XMLSECDSIGCTXSIGN">xmlSecDSigCtxSign</a> (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGCTX"><span class="TYPE">xmlSecDSigCtxPtr</span></a> dsigCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> tmpl</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmldsig.html#XMLSECDSIGCTXVERIFY">xmlSecDSigCtxVerify</a> (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGCTX"><span class="TYPE">xmlSecDSigCtxPtr</span></a> dsigCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmldsig.html#XMLSECDSIGCTXENABLEREFERENCETRANSFORM">xmlSecDSigCtxEnableReferenceTransform</a>
+ (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGCTX"><span class="TYPE">xmlSecDSigCtxPtr</span></a> dsigCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> transformId</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmldsig.html#XMLSECDSIGCTXENABLESIGNATURETRANSFORM">xmlSecDSigCtxEnableSignatureTransform</a>
+ (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGCTX"><span class="TYPE">xmlSecDSigCtxPtr</span></a> dsigCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> transformId</code>);
+<gtkdoclink href="XMLSECBUFFERPTR"><span class="RETURNVALUE">xmlSecBufferPtr</span></gtkdoclink><a href="xmlsec-xmldsig.html#XMLSECDSIGCTXGETPRESIGNBUFFER">xmlSecDSigCtxGetPreSignBuffer</a> (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGCTX"><span class="TYPE">xmlSecDSigCtxPtr</span></a> dsigCtx</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-xmldsig.html#XMLSECDSIGCTXDEBUGDUMP">xmlSecDSigCtxDebugDump</a> (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGCTX"><span class="TYPE">xmlSecDSigCtxPtr</span></a> dsigCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-xmldsig.html#XMLSECDSIGCTXDEBUGXMLDUMP">xmlSecDSigCtxDebugXmlDump</a> (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGCTX"><span class="TYPE">xmlSecDSigCtxPtr</span></a> dsigCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);
+enum <a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCEORIGIN">xmlSecDSigReferenceOrigin</a>;
+struct <a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTX">xmlSecDSigReferenceCtx</a>;
+<gtkdoclink href="XMLSECDSIGREFERENCECTXPTR"><span class="RETURNVALUE">xmlSecDSigReferenceCtxPtr</span></gtkdoclink><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTXCREATE">xmlSecDSigReferenceCtxCreate</a> (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGCTX"><span class="TYPE">xmlSecDSigCtxPtr</span></a> dsigCtx</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCEORIGIN"><span class="TYPE">xmlSecDSigReferenceOrigin</span></a> origin</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTXDESTROY">xmlSecDSigReferenceCtxDestroy</a> (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTX"><span class="TYPE">xmlSecDSigReferenceCtxPtr</span></a> dsigRefCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTXINITIALIZE">xmlSecDSigReferenceCtxInitialize</a> (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTX"><span class="TYPE">xmlSecDSigReferenceCtxPtr</span></a> dsigRefCtx</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGCTX"><span class="TYPE">xmlSecDSigCtxPtr</span></a> dsigCtx</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCEORIGIN"><span class="TYPE">xmlSecDSigReferenceOrigin</span></a> origin</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTXFINALIZE">xmlSecDSigReferenceCtxFinalize</a> (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTX"><span class="TYPE">xmlSecDSigReferenceCtxPtr</span></a> dsigRefCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTXPROCESSNODE">xmlSecDSigReferenceCtxProcessNode</a> (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTX"><span class="TYPE">xmlSecDSigReferenceCtxPtr</span></a> dsigRefCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>);
+<a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="RETURNVALUE">xmlSecBufferPtr</span></a> <a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTXGETPREDIGESTBUFFER">xmlSecDSigReferenceCtxGetPreDigestBuffer</a>
+ (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTX"><span class="TYPE">xmlSecDSigReferenceCtxPtr</span></a> dsigRefCtx</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTXDEBUGDUMP">xmlSecDSigReferenceCtxDebugDump</a> (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTX"><span class="TYPE">xmlSecDSigReferenceCtxPtr</span></a> dsigRefCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTXDEBUGXMLDUMP">xmlSecDSigReferenceCtxDebugXmlDump</a> (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTX"><span class="TYPE">xmlSecDSigReferenceCtxPtr</span></a> dsigRefCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);
+#define <a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTXLISTID">xmlSecDSigReferenceCtxListId</a>
+<gtkdoclink href="XMLSECPTRLISTID"><span class="RETURNVALUE">xmlSecPtrListId</span></gtkdoclink><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTXLISTGETKLASS">xmlSecDSigReferenceCtxListGetKlass</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-XMLDSIG.DESCRIPTION"></a><h2>Description</h2>
+<p>XML Digital Signature support.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-XMLDSIG.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECDSIGSTATUS"></a><h3>enum xmlSecDSigStatus</h3>
+<pre class="PROGRAMLISTING">typedef enum {
+ xmlSecDSigStatusUnknown = 0,
+ xmlSecDSigStatusSucceeded,
+ xmlSecDSigStatusInvalid
+} xmlSecDSigStatus;</pre>
+<p>XML Digital signature processing status.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECDSIGSTATUSUNKNOWN"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecDSigStatusUnknown</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>the status is unknow.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECDSIGSTATUSSUCCEEDED"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecDSigStatusSucceeded</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>the processing succeeded.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECDSIGSTATUSINVALID"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecDSigStatusInvalid</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>the processing failed.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-DSIG-FLAGS-IGNORE-MANIFESTS:CAPS"></a><h3>XMLSEC_DSIG_FLAGS_IGNORE_MANIFESTS</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_DSIG_FLAGS_IGNORE_MANIFESTS 0x00000001</pre>
+<p>If this flag is set then <a href="http://www.w3.org/TR/xmldsig-core/#sec-Manifests" target="_top">&lt;dsig:Manifests/&gt;</a> nodes will not be processed.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-DSIG-FLAGS-STORE-SIGNEDINFO-REFERENCES:CAPS"></a><h3>XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES 0x00000002</pre>
+<p>If this flag is set then pre-digest buffer for <a href="http://www.w3.org/TR/xmldsig-core/#sec-Reference" target="_top">&lt;dsig:Reference/&gt;</a> child
+of <a href="http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo" target="_top">&lt;dsig:KeyInfo/&gt;</a> element will be stored in <a href="xmlsec-xmldsig.html#XMLSECDSIGCTX"><span class="TYPE">xmlSecDSigCtx</span></a>.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-DSIG-FLAGS-STORE-MANIFEST-REFERENCES:CAPS"></a><h3>XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES 0x00000004</pre>
+<p>If this flag is set then pre-digest buffer for <a href="http://www.w3.org/TR/xmldsig-core/#sec-Reference" target="_top">&lt;dsig:Reference/&gt;</a> child
+of <a href="http://www.w3.org/TR/xmldsig-core/#sec-Manifest" target="_top">&lt;dsig:Manifest/&gt;</a> element will be stored in <a href="xmlsec-xmldsig.html#XMLSECDSIGCTX"><span class="TYPE">xmlSecDSigCtx</span></a>.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-DSIG-FLAGS-STORE-SIGNATURE:CAPS"></a><h3>XMLSEC_DSIG_FLAGS_STORE_SIGNATURE</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_DSIG_FLAGS_STORE_SIGNATURE 0x00000008</pre>
+<p>If this flag is set then pre-signature buffer for <a href="http://www.w3.org/TR/xmldsig-core/#sec-SignedInfo" target="_top">&lt;dsig:SignedInfo/&gt;</a>
+element processing will be stored in <a href="xmlsec-xmldsig.html#XMLSECDSIGCTX"><span class="TYPE">xmlSecDSigCtx</span></a>.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-DSIG-FLAGS-USE-VISA3D-HACK:CAPS"></a><h3>XMLSEC_DSIG_FLAGS_USE_VISA3D_HACK</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_DSIG_FLAGS_USE_VISA3D_HACK 0x00000010</pre>
+<p>If this flag is set then URI ID references are resolved directly
+without using XPointers. This allows one to sign/verify Visa3D
+documents that don't follow XML, XPointer and XML DSig specifications.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECDSIGCTX"></a><h3>struct xmlSecDSigCtx</h3>
+<pre class="PROGRAMLISTING">struct xmlSecDSigCtx {
+ /* these data user can set before performing the operation */
+ void* userData;
+ unsigned int flags;
+ unsigned int flags2;
+ xmlSecKeyInfoCtx keyInfoReadCtx;
+ xmlSecKeyInfoCtx keyInfoWriteCtx;
+ xmlSecTransformCtx transformCtx;
+ xmlSecTransformUriType enabledReferenceUris;
+ xmlSecPtrListPtr enabledReferenceTransforms;
+ xmlSecTransformCtxPreExecuteCallback referencePreExecuteCallback;
+ xmlSecTransformId defSignMethodId;
+ xmlSecTransformId defC14NMethodId;
+ xmlSecTransformId defDigestMethodId;
+
+ /* these data are returned */
+ xmlSecKeyPtr signKey;
+ xmlSecTransformOperation operation;
+ xmlSecBufferPtr result;
+ xmlSecDSigStatus status;
+ xmlSecTransformPtr signMethod;
+ xmlSecTransformPtr c14nMethod;
+ xmlSecTransformPtr preSignMemBufMethod;
+ xmlNodePtr signValueNode;
+ xmlChar* id;
+ xmlSecPtrList signedInfoReferences;
+ xmlSecPtrList manifestReferences;
+
+ /* reserved for future */
+ void* reserved0;
+ void* reserved1;
+};</pre>
+<p>XML DSig processing context.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21487"><span style="white-space: nowrap"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *<code class="STRUCTFIELD">userData</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to user data (xmlsec and xmlsec-crypto libraries
+ never touches this).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21494"><span style="white-space: nowrap">unsigned <gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> <code class="STRUCTFIELD">flags</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the XML Digital Signature processing flags.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21501"><span style="white-space: nowrap">unsigned <gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> <code class="STRUCTFIELD">flags2</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the XML Digital Signature processing flags.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21508"><span style="white-space: nowrap"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtx</span></a> <code class="STRUCTFIELD">keyInfoReadCtx</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the reading key context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21515"><span style="white-space: nowrap"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtx</span></a> <code class="STRUCTFIELD">keyInfoWriteCtx</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the writing key context (not used for signature verification).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21522"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtx</span></a> <code class="STRUCTFIELD">transformCtx</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the <a href="http://www.w3.org/TR/xmldsig-core/#sec-SignedInfo" target="_top">&lt;dsig:SignedInfo/&gt;</a> node processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21530"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORMURITYPE"><span class="TYPE">xmlSecTransformUriType</span></a> <code class="STRUCTFIELD">enabledReferenceUris</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the URI types allowed for <a href="http://www.w3.org/TR/xmldsig-core/#sec-Reference" target="_top">&lt;dsig:Reference/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21538"><span style="white-space: nowrap"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrListPtr</span></a> <code class="STRUCTFIELD">enabledReferenceTransforms</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the list of transforms allowed in <a href="http://www.w3.org/TR/xmldsig-core/#sec-Reference" target="_top">&lt;dsig:Reference/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21546"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTXPREEXECUTECALLBACK"><span class="TYPE">xmlSecTransformCtxPreExecuteCallback</span></a> <code class="STRUCTFIELD">referencePreExecuteCallback</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the callback for <a href="http://www.w3.org/TR/xmldsig-core/#sec-Reference" target="_top">&lt;dsig:Reference/&gt;</a> node processing.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21554"><span style="white-space: nowrap"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> <code class="STRUCTFIELD">defSignMethodId</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the default signing method klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21561"><span style="white-space: nowrap"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> <code class="STRUCTFIELD">defC14NMethodId</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the default c14n method klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21568"><span style="white-space: nowrap"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> <code class="STRUCTFIELD">defDigestMethodId</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the default digest method klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21575"><span style="white-space: nowrap"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> <code class="STRUCTFIELD">signKey</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the signature key; application may set <gtkdoclink href="SIGNKEY"><span class="TYPE">signKey</span></gtkdoclink>
+ before calling <a href="xmlsec-xmldsig.html#XMLSECDSIGCTXSIGN"><span class="TYPE">xmlSecDSigCtxSign</span></a> or <a href="xmlsec-xmldsig.html#XMLSECDSIGCTXVERIFY"><span class="TYPE">xmlSecDSigCtxVerify</span></a>
+ functions.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21588"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORMOPERATION"><span class="TYPE">xmlSecTransformOperation</span></a> <code class="STRUCTFIELD">operation</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the operation: sign or verify.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21595"><span style="white-space: nowrap"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> <code class="STRUCTFIELD">result</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to signature (not valid for signature verificaction).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21602"><span style="white-space: nowrap"><a href="xmlsec-xmldsig.html#XMLSECDSIGSTATUS"><span class="TYPE">xmlSecDSigStatus</span></a> <code class="STRUCTFIELD">status</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the <a href="http://www.w3.org/TR/xmldsig-core/#sec-Signatuire" target="_top">&lt;dsig:Signatuire/&gt;</a> procesisng status.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21610"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> <code class="STRUCTFIELD">signMethod</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to signature transform.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21617"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> <code class="STRUCTFIELD">c14nMethod</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to c14n transform.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21624"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> <code class="STRUCTFIELD">preSignMemBufMethod</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to binary buffer right before signature
+ (valid only if <a href="xmlsec-xmldsig.html#XMLSEC-DSIG-FLAGS-STORE-SIGNATURE:CAPS"><span class="TYPE">XMLSEC_DSIG_FLAGS_STORE_SIGNATURE</span></a> flag is set).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21633"><span style="white-space: nowrap"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> <code class="STRUCTFIELD">signValueNode</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-SignatureValue" target="_top">&lt;dsig:SignatureValue/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21641"><span style="white-space: nowrap"><gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *<code class="STRUCTFIELD">id</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to Id attribute of <a href="http://www.w3.org/TR/xmldsig-core/#sec-Signature" target="_top">&lt;dsig:Signature/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21649"><span style="white-space: nowrap"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrList</span></a> <code class="STRUCTFIELD">signedInfoReferences</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the list of references in <a href="http://www.w3.org/TR/xmldsig-core/#sec-SignedInfo" target="_top">&lt;dsig:SignedInfo/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21657"><span style="white-space: nowrap"><a href="xmlsec-list.html#XMLSECPTRLIST"><span class="TYPE">xmlSecPtrList</span></a> <code class="STRUCTFIELD">manifestReferences</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the list of references in <a href="http://www.w3.org/TR/xmldsig-core/#sec-Manifest" target="_top">&lt;dsig:Manifest/&gt;</a> nodes.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21665"><span style="white-space: nowrap"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *<code class="STRUCTFIELD">reserved0</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>reserved for the future.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21672"><span style="white-space: nowrap"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *<code class="STRUCTFIELD">reserved1</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>reserved for the future.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECDSIGCTXCREATE"></a><h3>xmlSecDSigCtxCreate ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECDSIGCTXPTR"><span class="RETURNVALUE">xmlSecDSigCtxPtr</span></gtkdoclink> xmlSecDSigCtxCreate (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> keysMngr</code>);</pre>
+<p>Creates <a href="http://www.w3.org/TR/xmldsig-core/#sec-Signature" target="_top">&lt;dsig:Signature/&gt;</a> element processing context.
+The caller is responsible for destroying returned object by calling
+<a href="xmlsec-xmldsig.html#XMLSECDSIGCTXDESTROY"><span class="TYPE">xmlSecDSigCtxDestroy</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21694"><span style="white-space: nowrap"><code class="PARAMETER">keysMngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21699"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to newly allocated context object or NULL if an error
+occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECDSIGCTXDESTROY"></a><h3>xmlSecDSigCtxDestroy ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecDSigCtxDestroy (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGCTX"><span class="TYPE">xmlSecDSigCtxPtr</span></a> dsigCtx</code>);</pre>
+<p>Destroy context object created with <a href="xmlsec-xmldsig.html#XMLSECDSIGCTXCREATE"><span class="TYPE">xmlSecDSigCtxCreate</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN21718"><span style="white-space: nowrap"><code class="PARAMETER">dsigCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-Signature" target="_top">&lt;dsig:Signature/&gt;</a> processing context.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECDSIGCTXINITIALIZE"></a><h3>xmlSecDSigCtxInitialize ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecDSigCtxInitialize (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGCTX"><span class="TYPE">xmlSecDSigCtxPtr</span></a> dsigCtx</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> keysMngr</code>);</pre>
+<p>Initializes <a href="http://www.w3.org/TR/xmldsig-core/#sec-Signature" target="_top">&lt;dsig:Signature/&gt;</a> element processing context.
+The caller is responsible for cleaning up returned object by calling
+<a href="xmlsec-xmldsig.html#XMLSECDSIGCTXFINALIZE"><span class="TYPE">xmlSecDSigCtxFinalize</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21742"><span style="white-space: nowrap"><code class="PARAMETER">dsigCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-Signature" target="_top">&lt;dsig:Signature/&gt;</a> processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21748"><span style="white-space: nowrap"><code class="PARAMETER">keysMngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21753"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECDSIGCTXFINALIZE"></a><h3>xmlSecDSigCtxFinalize ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecDSigCtxFinalize (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGCTX"><span class="TYPE">xmlSecDSigCtxPtr</span></a> dsigCtx</code>);</pre>
+<p>Cleans up <code class="PARAMETER">dsigCtx</code> object initialized with <a href="xmlsec-xmldsig.html#XMLSECDSIGCTXINITIALIZE"><span class="TYPE">xmlSecDSigCtxInitialize</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN21773"><span style="white-space: nowrap"><code class="PARAMETER">dsigCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-Signature" target="_top">&lt;dsig:Signature/&gt;</a> processing context.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECDSIGCTXSIGN"></a><h3>xmlSecDSigCtxSign ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecDSigCtxSign (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGCTX"><span class="TYPE">xmlSecDSigCtxPtr</span></a> dsigCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> tmpl</code>);</pre>
+<p>Signs the data as described in <code class="PARAMETER">tmpl</code> node.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21795"><span style="white-space: nowrap"><code class="PARAMETER">dsigCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-Signature" target="_top">&lt;dsig:Signature/&gt;</a> processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21801"><span style="white-space: nowrap"><code class="PARAMETER">tmpl</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-Signature" target="_top">&lt;dsig:Signature/&gt;</a> node with signature template.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21807"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECDSIGCTXVERIFY"></a><h3>xmlSecDSigCtxVerify ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecDSigCtxVerify (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGCTX"><span class="TYPE">xmlSecDSigCtxPtr</span></a> dsigCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>);</pre>
+<p>Vaidates signature in the <code class="PARAMETER">node</code>. The verification result is returned
+in <gtkdoclink href="STATUS"><span class="TYPE">status</span></gtkdoclink> member of the <code class="PARAMETER">dsigCtx</code> object.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21831"><span style="white-space: nowrap"><code class="PARAMETER">dsigCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-Signature" target="_top">&lt;dsig:Signature/&gt;</a> processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21837"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer with <a href="http://www.w3.org/TR/xmldsig-core/#sec-Signature" target="_top">&lt;dsig:Signature/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21843"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success (check <gtkdoclink href="STATUS"><span class="TYPE">status</span></gtkdoclink> member of <code class="PARAMETER">dsigCtx</code> to get
+signature verification result) or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECDSIGCTXENABLEREFERENCETRANSFORM"></a><h3>xmlSecDSigCtxEnableReferenceTransform ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecDSigCtxEnableReferenceTransform
+ (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGCTX"><span class="TYPE">xmlSecDSigCtxPtr</span></a> dsigCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> transformId</code>);</pre>
+<p>Enables <code class="PARAMETER">transformId</code> for <a href="http://www.w3.org/TR/xmldsig-core/#sec-Reference" target="_top">&lt;dsig:Reference/&gt;</a> elements processing.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21868"><span style="white-space: nowrap"><code class="PARAMETER">dsigCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-Signature" target="_top">&lt;dsig:Signature/&gt;</a> processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21874"><span style="white-space: nowrap"><code class="PARAMETER">transformId</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the transform klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21879"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECDSIGCTXENABLESIGNATURETRANSFORM"></a><h3>xmlSecDSigCtxEnableSignatureTransform ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecDSigCtxEnableSignatureTransform
+ (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGCTX"><span class="TYPE">xmlSecDSigCtxPtr</span></a> dsigCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> transformId</code>);</pre>
+<p>Enables <code class="PARAMETER">transformId</code> for <a href="http://www.w3.org/TR/xmldsig-core/#sec-SignedInfo" target="_top">&lt;dsig:SignedInfo/&gt;</a> element processing.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21901"><span style="white-space: nowrap"><code class="PARAMETER">dsigCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-Signature" target="_top">&lt;dsig:Signature/&gt;</a> processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21907"><span style="white-space: nowrap"><code class="PARAMETER">transformId</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the transform klass.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21912"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECDSIGCTXGETPRESIGNBUFFER"></a><h3>xmlSecDSigCtxGetPreSignBuffer ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECBUFFERPTR"><span class="RETURNVALUE">xmlSecBufferPtr</span></gtkdoclink> xmlSecDSigCtxGetPreSignBuffer (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGCTX"><span class="TYPE">xmlSecDSigCtxPtr</span></a> dsigCtx</code>);</pre>
+<p>Gets pointer to the buffer with serialized <a href="http://www.w3.org/TR/xmldsig-core/#sec-SignedInfo" target="_top">&lt;dsig:SignedInfo/&gt;</a> element
+just before signature claculation (valid if and only if
+<a href="xmlsec-xmldsig.html#XMLSEC-DSIG-FLAGS-STORE-SIGNATURE:CAPS"><span class="TYPE">XMLSEC_DSIG_FLAGS_STORE_SIGNATURE</span></a> context flag is set.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21932"><span style="white-space: nowrap"><code class="PARAMETER">dsigCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-Signature" target="_top">&lt;dsig:Signature/&gt;</a> processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21938"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECDSIGCTXDEBUGDUMP"></a><h3>xmlSecDSigCtxDebugDump ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecDSigCtxDebugDump (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGCTX"><span class="TYPE">xmlSecDSigCtxPtr</span></a> dsigCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+<p>Prints the debug information about <code class="PARAMETER">dsigCtx</code> to <code class="PARAMETER">output</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21960"><span style="white-space: nowrap"><code class="PARAMETER">dsigCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-Signature" target="_top">&lt;dsig:Signature/&gt;</a> processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21966"><span style="white-space: nowrap"><code class="PARAMETER">output</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to output FILE.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECDSIGCTXDEBUGXMLDUMP"></a><h3>xmlSecDSigCtxDebugXmlDump ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecDSigCtxDebugXmlDump (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGCTX"><span class="TYPE">xmlSecDSigCtxPtr</span></a> dsigCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+<p>Prints the debug information about <code class="PARAMETER">dsigCtx</code> to <code class="PARAMETER">output</code> in XML format.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21988"><span style="white-space: nowrap"><code class="PARAMETER">dsigCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-Signature" target="_top">&lt;dsig:Signature/&gt;</a> processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN21994"><span style="white-space: nowrap"><code class="PARAMETER">output</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to output FILE.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECDSIGREFERENCEORIGIN"></a><h3>enum xmlSecDSigReferenceOrigin</h3>
+<pre class="PROGRAMLISTING">typedef enum {
+ xmlSecDSigReferenceOriginSignedInfo,
+ xmlSecDSigReferenceOriginManifest
+} xmlSecDSigReferenceOrigin;</pre>
+<p>The possible <a href="http://www.w3.org/TR/xmldsig-core/#sec-Reference" target="_top">&lt;dsig:Reference/&gt;</a> node locations: in the <a href="http://www.w3.org/TR/xmldsig-core/#sec-SignedInfo" target="_top">&lt;dsig:SignedInfo/&gt;</a>
+node or in the <a href="http://www.w3.org/TR/xmldsig-core/#sec-Manifest" target="_top">&lt;dsig:Manifest/&gt;</a> node.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECDSIGREFERENCEORIGINSIGNEDINFO"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecDSigReferenceOriginSignedInfo</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>reference in &lt;dsig:SignedInfo&gt; node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECDSIGREFERENCEORIGINMANIFEST"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecDSigReferenceOriginManifest</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>reference &lt;dsig:Manifest&gt; node.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECDSIGREFERENCECTX"></a><h3>struct xmlSecDSigReferenceCtx</h3>
+<pre class="PROGRAMLISTING">struct xmlSecDSigReferenceCtx {
+ void* userData;
+ xmlSecDSigCtxPtr dsigCtx;
+ xmlSecDSigReferenceOrigin origin;
+ xmlSecTransformCtx transformCtx;
+ xmlSecTransformPtr digestMethod;
+
+ xmlSecBufferPtr result;
+ xmlSecDSigStatus status;
+ xmlSecTransformPtr preDigestMemBufMethod;
+ xmlChar* id;
+ xmlChar* uri;
+ xmlChar* type;
+
+ /* reserved for future */
+ void* reserved0;
+ void* reserved1;
+};</pre>
+<p>The <a href="http://www.w3.org/TR/xmldsig-core/#sec-Reference" target="_top">&lt;dsig:Reference/&gt;</a> processing context.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22027"><span style="white-space: nowrap"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *<code class="STRUCTFIELD">userData</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to user data (xmlsec and xmlsec-crypto libraries
+ never touches this).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22034"><span style="white-space: nowrap"><a href="xmlsec-xmldsig.html#XMLSECDSIGCTX"><span class="TYPE">xmlSecDSigCtxPtr</span></a> <code class="STRUCTFIELD">dsigCtx</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to "parent" <a href="http://www.w3.org/TR/xmldsig-core/#sec-Signature" target="_top">&lt;dsig:Signature/&gt;</a> processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22042"><span style="white-space: nowrap"><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCEORIGIN"><span class="TYPE">xmlSecDSigReferenceOrigin</span></a> <code class="STRUCTFIELD">origin</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the signature origin (<a href="http://www.w3.org/TR/xmldsig-core/#sec-SignedInfo" target="_top">&lt;dsig:SignedInfo/&gt;</a> or <a href="http://www.w3.org/TR/xmldsig-core/#sec-Manifest" target="_top">&lt;dsig:Manifest/&gt;</a>).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22051"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtx</span></a> <code class="STRUCTFIELD">transformCtx</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the reference processing transforms context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22058"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> <code class="STRUCTFIELD">digestMethod</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to digest transform.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22065"><span style="white-space: nowrap"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> <code class="STRUCTFIELD">result</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to digest result.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22072"><span style="white-space: nowrap"><a href="xmlsec-xmldsig.html#XMLSECDSIGSTATUS"><span class="TYPE">xmlSecDSigStatus</span></a> <code class="STRUCTFIELD">status</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the reference processing status.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22079"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> <code class="STRUCTFIELD">preDigestMemBufMethod</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to binary buffer right before digest
+ (valid only if either
+ <a href="xmlsec-xmldsig.html#XMLSEC-DSIG-FLAGS-STORE-SIGNEDINFO-REFERENCES:CAPS"><span class="TYPE">XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES</span></a> or
+ <a href="xmlsec-xmldsig.html#XMLSEC-DSIG-FLAGS-STORE-MANIFEST-REFERENCES:CAPS"><span class="TYPE">XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES</span></a> flags are set).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22090"><span style="white-space: nowrap"><gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *<code class="STRUCTFIELD">id</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the <a href="http://www.w3.org/TR/xmldsig-core/#sec-Reference" target="_top">&lt;dsig:Reference/&gt;</a> node ID attribute.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22098"><span style="white-space: nowrap"><gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *<code class="STRUCTFIELD">uri</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the <a href="http://www.w3.org/TR/xmldsig-core/#sec-Reference" target="_top">&lt;dsig:Reference/&gt;</a> node URI attribute.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22106"><span style="white-space: nowrap"><gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *<code class="STRUCTFIELD">type</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the <a href="http://www.w3.org/TR/xmldsig-core/#sec-Reference" target="_top">&lt;dsig:Reference/&gt;</a> node Type attribute.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22114"><span style="white-space: nowrap"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *<code class="STRUCTFIELD">reserved0</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>reserved for the future.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22121"><span style="white-space: nowrap"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *<code class="STRUCTFIELD">reserved1</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>reserved for the future.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECDSIGREFERENCECTXCREATE"></a><h3>xmlSecDSigReferenceCtxCreate ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECDSIGREFERENCECTXPTR"><span class="RETURNVALUE">xmlSecDSigReferenceCtxPtr</span></gtkdoclink> xmlSecDSigReferenceCtxCreate (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGCTX"><span class="TYPE">xmlSecDSigCtxPtr</span></a> dsigCtx</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCEORIGIN"><span class="TYPE">xmlSecDSigReferenceOrigin</span></a> origin</code>);</pre>
+<p>Creates new <a href="http://www.w3.org/TR/xmldsig-core/#sec-Reference" target="_top">&lt;dsig:Reference/&gt;</a> element processing context. Caller is responsible
+for destroying the returned context by calling <a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTXDESTROY"><span class="TYPE">xmlSecDSigReferenceCtxDestroy</span></a>
+function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22146"><span style="white-space: nowrap"><code class="PARAMETER">dsigCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to parent <a href="http://www.w3.org/TR/xmldsig-core/#sec-Signature" target="_top">&lt;dsig:Signature/&gt;</a> node processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22152"><span style="white-space: nowrap"><code class="PARAMETER">origin</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the reference origin (<a href="http://www.w3.org/TR/xmldsig-core/#sec-SignedInfo" target="_top">&lt;dsig:SignedInfo/&gt;</a> or <a href="http://www.w3.org/TR/xmldsig-core/#sec-Manifest" target="_top">&lt;dsig:Manifest/&gt;</a> node).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22159"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to newly created context or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECDSIGREFERENCECTXDESTROY"></a><h3>xmlSecDSigReferenceCtxDestroy ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecDSigReferenceCtxDestroy (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTX"><span class="TYPE">xmlSecDSigReferenceCtxPtr</span></a> dsigRefCtx</code>);</pre>
+<p>Destroy context object created with <a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTXCREATE"><span class="TYPE">xmlSecDSigReferenceCtxCreate</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN22178"><span style="white-space: nowrap"><code class="PARAMETER">dsigRefCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-Reference" target="_top">&lt;dsig:Reference/&gt;</a> element processing context.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECDSIGREFERENCECTXINITIALIZE"></a><h3>xmlSecDSigReferenceCtxInitialize ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecDSigReferenceCtxInitialize (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTX"><span class="TYPE">xmlSecDSigReferenceCtxPtr</span></a> dsigRefCtx</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGCTX"><span class="TYPE">xmlSecDSigCtxPtr</span></a> dsigCtx</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCEORIGIN"><span class="TYPE">xmlSecDSigReferenceOrigin</span></a> origin</code>);</pre>
+<p>Initializes new <a href="http://www.w3.org/TR/xmldsig-core/#sec-Reference" target="_top">&lt;dsig:Reference/&gt;</a> element processing context. Caller is responsible
+for cleaning up the returned context by calling <a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTXFINALIZE"><span class="TYPE">xmlSecDSigReferenceCtxFinalize</span></a>
+function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22205"><span style="white-space: nowrap"><code class="PARAMETER">dsigRefCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-Reference" target="_top">&lt;dsig:Reference/&gt;</a> element processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22211"><span style="white-space: nowrap"><code class="PARAMETER">dsigCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to parent <a href="http://www.w3.org/TR/xmldsig-core/#sec-Signature" target="_top">&lt;dsig:Signature/&gt;</a> node processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22217"><span style="white-space: nowrap"><code class="PARAMETER">origin</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the reference origin (<a href="http://www.w3.org/TR/xmldsig-core/#sec-SignedInfo" target="_top">&lt;dsig:SignedInfo/&gt;</a> or <a href="http://www.w3.org/TR/xmldsig-core/#sec-Manifest" target="_top">&lt;dsig:Manifest/&gt;</a> node).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22224"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on succes or aa negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECDSIGREFERENCECTXFINALIZE"></a><h3>xmlSecDSigReferenceCtxFinalize ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecDSigReferenceCtxFinalize (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTX"><span class="TYPE">xmlSecDSigReferenceCtxPtr</span></a> dsigRefCtx</code>);</pre>
+<p>Cleans up context object created with <a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTXINITIALIZE"><span class="TYPE">xmlSecDSigReferenceCtxInitialize</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN22243"><span style="white-space: nowrap"><code class="PARAMETER">dsigRefCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-Reference" target="_top">&lt;dsig:Reference/&gt;</a> element processing context.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECDSIGREFERENCECTXPROCESSNODE"></a><h3>xmlSecDSigReferenceCtxProcessNode ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecDSigReferenceCtxProcessNode (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTX"><span class="TYPE">xmlSecDSigReferenceCtxPtr</span></a> dsigRefCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>);</pre>
+<p>The Reference Element (http://www.w3.org/TR/xmldsig-core/<gtkdoclink href="SEC-REFERENCE"><span class="TYPE">sec-Reference</span></gtkdoclink>)</p>
+<p>Reference is an element that may occur one or more times. It specifies
+a digest algorithm and digest value, and optionally an identifier of the
+object being signed, the type of the object, and/or a list of transforms
+to be applied prior to digesting. The identification (URI) and transforms
+describe how the digested content (i.e., the input to the digest method)
+was created. The Type attribute facilitates the processing of referenced
+data. For example, while this specification makes no requirements over
+external data, an application may wish to signal that the referent is a
+Manifest. An optional ID attribute permits a Reference to be referenced
+from elsewhere.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22267"><span style="white-space: nowrap"><code class="PARAMETER">dsigRefCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-Reference" target="_top">&lt;dsig:Reference/&gt;</a> element processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22273"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-Reference" target="_top">&lt;dsig:Reference/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22279"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on succes or aa negative value otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECDSIGREFERENCECTXGETPREDIGESTBUFFER"></a><h3>xmlSecDSigReferenceCtxGetPreDigestBuffer ()</h3>
+<pre class="PROGRAMLISTING"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="RETURNVALUE">xmlSecBufferPtr</span></a> xmlSecDSigReferenceCtxGetPreDigestBuffer
+ (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTX"><span class="TYPE">xmlSecDSigReferenceCtxPtr</span></a> dsigRefCtx</code>);</pre>
+<p>Gets the results of <a href="http://www.w3.org/TR/xmldsig-core/#sec-Reference" target="_top">&lt;dsig:Reference/&gt;</a> node processing just before digesting
+(valid only if <a href="xmlsec-xmldsig.html#XMLSEC-DSIG-FLAGS-STORE-SIGNEDINFO-REFERENCES:CAPS"><span class="TYPE">XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES</span></a> or
+<a href="xmlsec-xmldsig.html#XMLSEC-DSIG-FLAGS-STORE-MANIFEST-REFERENCES:CAPS"><span class="TYPE">XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES</span></a> flas of signature context
+is set).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22301"><span style="white-space: nowrap"><code class="PARAMETER">dsigRefCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-Reference" target="_top">&lt;dsig:Reference/&gt;</a> element processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22307"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the buffer or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECDSIGREFERENCECTXDEBUGDUMP"></a><h3>xmlSecDSigReferenceCtxDebugDump ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecDSigReferenceCtxDebugDump (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTX"><span class="TYPE">xmlSecDSigReferenceCtxPtr</span></a> dsigRefCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+<p>Prints debug information about <code class="PARAMETER">dsigRefCtx</code> to <code class="PARAMETER">output</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22329"><span style="white-space: nowrap"><code class="PARAMETER">dsigRefCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-Reference" target="_top">&lt;dsig:Reference/&gt;</a> element processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22335"><span style="white-space: nowrap"><code class="PARAMETER">output</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to output FILE.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECDSIGREFERENCECTXDEBUGXMLDUMP"></a><h3>xmlSecDSigReferenceCtxDebugXmlDump ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecDSigReferenceCtxDebugXmlDump (<code class="PARAMETER"><a href="xmlsec-xmldsig.html#XMLSECDSIGREFERENCECTX"><span class="TYPE">xmlSecDSigReferenceCtxPtr</span></a> dsigRefCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+<p>Prints debug information about <code class="PARAMETER">dsigRefCtx</code> to <code class="PARAMETER">output</code> in output format.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22357"><span style="white-space: nowrap"><code class="PARAMETER">dsigRefCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmldsig-core/#sec-Reference" target="_top">&lt;dsig:Reference/&gt;</a> element processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22363"><span style="white-space: nowrap"><code class="PARAMETER">output</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to output FILE.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECDSIGREFERENCECTXLISTID"></a><h3>xmlSecDSigReferenceCtxListId</h3>
+<pre class="PROGRAMLISTING">#define xmlSecDSigReferenceCtxListId</pre>
+<p>The references list klass.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECDSIGREFERENCECTXLISTGETKLASS"></a><h3>xmlSecDSigReferenceCtxListGetKlass ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECPTRLISTID"><span class="RETURNVALUE">xmlSecPtrListId</span></gtkdoclink> xmlSecDSigReferenceCtxListGetKlass (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>The <a href="http://www.w3.org/TR/xmldsig-core/#sec-Reference" target="_top">&lt;dsig:Reference/&gt;</a> element processing contexts list klass.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN22386"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> <a href="http://www.w3.org/TR/xmldsig-core/#sec-Reference" target="_top">&lt;dsig:Reference/&gt;</a> element processing context list klass.</p></td>
+</tr></tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-version.html"><b>&lt;&lt;&lt; version</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-xmlenc.html"><b>xmlenc &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-xmlenc.html b/docs/api/xmlsec-xmlenc.html
new file mode 100644
index 00000000..9d6dcb6f
--- /dev/null
+++ b/docs/api/xmlsec-xmlenc.html
@@ -0,0 +1,584 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>xmlenc</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Core Library API Reference." href="xmlsec-ref.html">
+<link rel="PREVIOUS" title="xmldsig" href="xmlsec-xmldsig.html">
+<link rel="NEXT" title="xmlsec" href="xmlsec-xmlsec.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-xmldsig.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-xmlsec.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-XMLENC"></a>xmlenc</h1>
+<div class="REFNAMEDIV">
+<a name="AEN22397"></a><h2>Name</h2>xmlenc -- XML Encryption support.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-XMLENC.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS">enum <a href="xmlsec-xmlenc.html#XMLENCCTXMODE">xmlEncCtxMode</a>;
+#define <a href="xmlsec-xmlenc.html#XMLSEC-ENC-RETURN-REPLACED-NODE:CAPS">XMLSEC_ENC_RETURN_REPLACED_NODE</a>
+struct <a href="xmlsec-xmlenc.html#XMLSECENCCTX">xmlSecEncCtx</a>;
+<gtkdoclink href="XMLSECENCCTXPTR"><span class="RETURNVALUE">xmlSecEncCtxPtr</span></gtkdoclink><a href="xmlsec-xmlenc.html#XMLSECENCCTXCREATE">xmlSecEncCtxCreate</a> (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> keysMngr</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-xmlenc.html#XMLSECENCCTXDESTROY">xmlSecEncCtxDestroy</a> (<code class="PARAMETER"><a href="xmlsec-xmlenc.html#XMLSECENCCTX"><span class="TYPE">xmlSecEncCtxPtr</span></a> encCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmlenc.html#XMLSECENCCTXINITIALIZE">xmlSecEncCtxInitialize</a> (<code class="PARAMETER"><a href="xmlsec-xmlenc.html#XMLSECENCCTX"><span class="TYPE">xmlSecEncCtxPtr</span></a> encCtx</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> keysMngr</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-xmlenc.html#XMLSECENCCTXFINALIZE">xmlSecEncCtxFinalize</a> (<code class="PARAMETER"><a href="xmlsec-xmlenc.html#XMLSECENCCTX"><span class="TYPE">xmlSecEncCtxPtr</span></a> encCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmlenc.html#XMLSECENCCTXCOPYUSERPREF">xmlSecEncCtxCopyUserPref</a> (<code class="PARAMETER"><a href="xmlsec-xmlenc.html#XMLSECENCCTX"><span class="TYPE">xmlSecEncCtxPtr</span></a> dst</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlenc.html#XMLSECENCCTX"><span class="TYPE">xmlSecEncCtxPtr</span></a> src</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-xmlenc.html#XMLSECENCCTXRESET">xmlSecEncCtxReset</a> (<code class="PARAMETER"><a href="xmlsec-xmlenc.html#XMLSECENCCTX"><span class="TYPE">xmlSecEncCtxPtr</span></a> encCtx</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmlenc.html#XMLSECENCCTXBINARYENCRYPT">xmlSecEncCtxBinaryEncrypt</a> (<code class="PARAMETER"><a href="xmlsec-xmlenc.html#XMLSECENCCTX"><span class="TYPE">xmlSecEncCtxPtr</span></a> encCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> tmpl</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmlenc.html#XMLSECENCCTXXMLENCRYPT">xmlSecEncCtxXmlEncrypt</a> (<code class="PARAMETER"><a href="xmlsec-xmlenc.html#XMLSECENCCTX"><span class="TYPE">xmlSecEncCtxPtr</span></a> encCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> tmpl</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmlenc.html#XMLSECENCCTXURIENCRYPT">xmlSecEncCtxUriEncrypt</a> (<code class="PARAMETER"><a href="xmlsec-xmlenc.html#XMLSECENCCTX"><span class="TYPE">xmlSecEncCtxPtr</span></a> encCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> tmpl</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *uri</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmlenc.html#XMLSECENCCTXDECRYPT">xmlSecEncCtxDecrypt</a> (<code class="PARAMETER"><a href="xmlsec-xmlenc.html#XMLSECENCCTX"><span class="TYPE">xmlSecEncCtxPtr</span></a> encCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>);
+<gtkdoclink href="XMLSECBUFFERPTR"><span class="RETURNVALUE">xmlSecBufferPtr</span></gtkdoclink><a href="xmlsec-xmlenc.html#XMLSECENCCTXDECRYPTTOBUFFER">xmlSecEncCtxDecryptToBuffer</a> (<code class="PARAMETER"><a href="xmlsec-xmlenc.html#XMLSECENCCTX"><span class="TYPE">xmlSecEncCtxPtr</span></a> encCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-xmlenc.html#XMLSECENCCTXDEBUGDUMP">xmlSecEncCtxDebugDump</a> (<code class="PARAMETER"><a href="xmlsec-xmlenc.html#XMLSECENCCTX"><span class="TYPE">xmlSecEncCtxPtr</span></a> encCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-xmlenc.html#XMLSECENCCTXDEBUGXMLDUMP">xmlSecEncCtxDebugXmlDump</a> (<code class="PARAMETER"><a href="xmlsec-xmlenc.html#XMLSECENCCTX"><span class="TYPE">xmlSecEncCtxPtr</span></a> encCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-XMLENC.DESCRIPTION"></a><h2>Description</h2>
+<p>XML Encryption support.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-XMLENC.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLENCCTXMODE"></a><h3>enum xmlEncCtxMode</h3>
+<pre class="PROGRAMLISTING">typedef enum {
+ xmlEncCtxModeEncryptedData = 0,
+ xmlEncCtxModeEncryptedKey
+} xmlEncCtxMode;</pre>
+<p>The <a href="xmlsec-xmlenc.html#XMLSECENCCTX"><span class="TYPE">xmlSecEncCtx</span></a> mode.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLENCCTXMODEENCRYPTEDDATA"><span style="white-space: nowrap"><tt class="LITERAL">xmlEncCtxModeEncryptedData</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>the <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a> element procesing.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLENCCTXMODEENCRYPTEDKEY"><span style="white-space: nowrap"><tt class="LITERAL">xmlEncCtxModeEncryptedKey</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>the <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedKey" target="_top">&lt;enc:EncryptedKey/&gt;</a> element processing.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-ENC-RETURN-REPLACED-NODE:CAPS"></a><h3>XMLSEC_ENC_RETURN_REPLACED_NODE</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_ENC_RETURN_REPLACED_NODE 0x00000001</pre>
+<p>If this flag is set, then the replaced node will be returned in the replacedNodeList</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECENCCTX"></a><h3>struct xmlSecEncCtx</h3>
+<pre class="PROGRAMLISTING">struct xmlSecEncCtx {
+ /* these data user can set before performing the operation */
+ void* userData;
+ unsigned int flags;
+ unsigned int flags2;
+ xmlEncCtxMode mode;
+ xmlSecKeyInfoCtx keyInfoReadCtx;
+ xmlSecKeyInfoCtx keyInfoWriteCtx;
+ xmlSecTransformCtx transformCtx;
+ xmlSecTransformId defEncMethodId;
+
+ /* these data are returned */
+ xmlSecKeyPtr encKey;
+ xmlSecTransformOperation operation;
+ xmlSecBufferPtr result;
+ int resultBase64Encoded;
+ int resultReplaced;
+ xmlSecTransformPtr encMethod;
+
+ /* attributes from EncryptedData or EncryptedKey */
+ xmlChar* id;
+ xmlChar* type;
+ xmlChar* mimeType;
+ xmlChar* encoding;
+ xmlChar* recipient;
+ xmlChar* carriedKeyName;
+
+ /* these are internal data, nobody should change that except us */
+ xmlNodePtr encDataNode;
+ xmlNodePtr encMethodNode;
+ xmlNodePtr keyInfoNode;
+ xmlNodePtr cipherValueNode;
+
+ xmlNodePtr replacedNodeList; /* the pointer to the replaced node */
+ void* reserved1; /* reserved for future */
+};</pre>
+<p>XML Encrypiton context.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22562"><span style="white-space: nowrap"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *<code class="STRUCTFIELD">userData</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to user data (xmlsec and xmlsec-crypto libraries
+ never touches this).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22569"><span style="white-space: nowrap">unsigned <gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> <code class="STRUCTFIELD">flags</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the XML Encryption processing flags.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22576"><span style="white-space: nowrap">unsigned <gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> <code class="STRUCTFIELD">flags2</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the XML Encryption processing flags.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22583"><span style="white-space: nowrap"><a href="xmlsec-xmlenc.html#XMLENCCTXMODE"><span class="TYPE">xmlEncCtxMode</span></a> <code class="STRUCTFIELD">mode</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the mode.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22590"><span style="white-space: nowrap"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtx</span></a> <code class="STRUCTFIELD">keyInfoReadCtx</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the reading key context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22597"><span style="white-space: nowrap"><a href="xmlsec-keyinfo.html#XMLSECKEYINFOCTX"><span class="TYPE">xmlSecKeyInfoCtx</span></a> <code class="STRUCTFIELD">keyInfoWriteCtx</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the writing key context (not used for signature verification).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22604"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORMCTX"><span class="TYPE">xmlSecTransformCtx</span></a> <code class="STRUCTFIELD">transformCtx</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the transforms processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22611"><span style="white-space: nowrap"><gtkdoclink href="XMLSECTRANSFORMID"><span class="TYPE">xmlSecTransformId</span></gtkdoclink> <code class="STRUCTFIELD">defEncMethodId</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the default encryption method (used if
+ <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptionMethod" target="_top">&lt;enc:EncryptionMethod/&gt;</a> node is not present).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22619"><span style="white-space: nowrap"><a href="xmlsec-keys.html#XMLSECKEY"><span class="TYPE">xmlSecKeyPtr</span></a> <code class="STRUCTFIELD">encKey</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the signature key; application may set <gtkdoclink href="ENCKEY"><span class="TYPE">encKey</span></gtkdoclink>
+ before calling encryption/decryption functions.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22628"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORMOPERATION"><span class="TYPE">xmlSecTransformOperation</span></a> <code class="STRUCTFIELD">operation</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the operation: encrypt or decrypt.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22635"><span style="white-space: nowrap"><a href="xmlsec-buffer.html#XMLSECBUFFER"><span class="TYPE">xmlSecBufferPtr</span></a> <code class="STRUCTFIELD">result</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to signature (not valid for signature verificaction).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22642"><span style="white-space: nowrap"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> <code class="STRUCTFIELD">resultBase64Encoded</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the flag: if set then result in <gtkdoclink href="RESULT"><span class="TYPE">result</span></gtkdoclink> is base64 encoded.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22651"><span style="white-space: nowrap"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> <code class="STRUCTFIELD">resultReplaced</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the flag: if set then resulted <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a>
+ or <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedKey" target="_top">&lt;enc:EncryptedKey/&gt;</a> node is added to the document.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22660"><span style="white-space: nowrap"><a href="xmlsec-transforms.html#XMLSECTRANSFORM"><span class="TYPE">xmlSecTransformPtr</span></a> <code class="STRUCTFIELD">encMethod</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to encryption transform.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22667"><span style="white-space: nowrap"><gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *<code class="STRUCTFIELD">id</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the ID attribute of <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a>
+ or <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedKey" target="_top">&lt;enc:EncryptedKey/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22676"><span style="white-space: nowrap"><gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *<code class="STRUCTFIELD">type</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the Type attribute of <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a>
+ or <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedKey" target="_top">&lt;enc:EncryptedKey/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22685"><span style="white-space: nowrap"><gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *<code class="STRUCTFIELD">mimeType</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the MimeType attribute of <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a>
+ or <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedKey" target="_top">&lt;enc:EncryptedKey/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22694"><span style="white-space: nowrap"><gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *<code class="STRUCTFIELD">encoding</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the Encoding attributeof <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a>
+ or <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedKey" target="_top">&lt;enc:EncryptedKey/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22703"><span style="white-space: nowrap"><gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *<code class="STRUCTFIELD">recipient</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the Recipient attribute of <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedKey" target="_top">&lt;enc:EncryptedKey/&gt;</a> node..</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22711"><span style="white-space: nowrap"><gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *<code class="STRUCTFIELD">carriedKeyName</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the CarriedKeyName attribute of <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedKey" target="_top">&lt;enc:EncryptedKey/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22719"><span style="white-space: nowrap"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> <code class="STRUCTFIELD">encDataNode</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a>
+ or <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedKey" target="_top">&lt;enc:EncryptedKey/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22728"><span style="white-space: nowrap"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> <code class="STRUCTFIELD">encMethodNode</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptionMethod" target="_top">&lt;enc:EncryptionMethod/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22736"><span style="white-space: nowrap"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> <code class="STRUCTFIELD">keyInfoNode</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmlenc-core/#sec-KeyInfo" target="_top">&lt;enc:KeyInfo/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22744"><span style="white-space: nowrap"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> <code class="STRUCTFIELD">cipherValueNode</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmlenc-core/#sec-CipherValue" target="_top">&lt;enc:CipherValue/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22752"><span style="white-space: nowrap"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> <code class="STRUCTFIELD">replacedNodeList</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the first node of the list of replaced nodes depending on the nodeReplacementMode</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22759"><span style="white-space: nowrap"><gtkdoclink href="VOID"><span class="TYPE">void</span></gtkdoclink> *<code class="STRUCTFIELD">reserved1</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>reserved for the future.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECENCCTXCREATE"></a><h3>xmlSecEncCtxCreate ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECENCCTXPTR"><span class="RETURNVALUE">xmlSecEncCtxPtr</span></gtkdoclink> xmlSecEncCtxCreate (<code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> keysMngr</code>);</pre>
+<p>Creates <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a> element processing context.
+The caller is responsible for destroying returned object by calling
+<a href="xmlsec-xmlenc.html#XMLSECENCCTXDESTROY"><span class="TYPE">xmlSecEncCtxDestroy</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22781"><span style="white-space: nowrap"><code class="PARAMETER">keysMngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22786"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to newly allocated context object or NULL if an error
+occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECENCCTXDESTROY"></a><h3>xmlSecEncCtxDestroy ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecEncCtxDestroy (<code class="PARAMETER"><a href="xmlsec-xmlenc.html#XMLSECENCCTX"><span class="TYPE">xmlSecEncCtxPtr</span></a> encCtx</code>);</pre>
+<p>Destroy context object created with <a href="xmlsec-xmlenc.html#XMLSECENCCTXCREATE"><span class="TYPE">xmlSecEncCtxCreate</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN22805"><span style="white-space: nowrap"><code class="PARAMETER">encCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a> processing context.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECENCCTXINITIALIZE"></a><h3>xmlSecEncCtxInitialize ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecEncCtxInitialize (<code class="PARAMETER"><a href="xmlsec-xmlenc.html#XMLSECENCCTX"><span class="TYPE">xmlSecEncCtxPtr</span></a> encCtx</code>,
+ <code class="PARAMETER"><a href="xmlsec-keysmngr.html#XMLSECKEYSMNGR"><span class="TYPE">xmlSecKeysMngrPtr</span></a> keysMngr</code>);</pre>
+<p>Initializes <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a> element processing context.
+The caller is responsible for cleaning up returned object by calling
+<a href="xmlsec-xmlenc.html#XMLSECENCCTXFINALIZE"><span class="TYPE">xmlSecEncCtxFinalize</span></a> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22829"><span style="white-space: nowrap"><code class="PARAMETER">encCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a> processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22835"><span style="white-space: nowrap"><code class="PARAMETER">keysMngr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to keys manager.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22840"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECENCCTXFINALIZE"></a><h3>xmlSecEncCtxFinalize ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecEncCtxFinalize (<code class="PARAMETER"><a href="xmlsec-xmlenc.html#XMLSECENCCTX"><span class="TYPE">xmlSecEncCtxPtr</span></a> encCtx</code>);</pre>
+<p>Cleans up <code class="PARAMETER">encCtx</code> object.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN22858"><span style="white-space: nowrap"><code class="PARAMETER">encCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a> processing context.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECENCCTXCOPYUSERPREF"></a><h3>xmlSecEncCtxCopyUserPref ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecEncCtxCopyUserPref (<code class="PARAMETER"><a href="xmlsec-xmlenc.html#XMLSECENCCTX"><span class="TYPE">xmlSecEncCtxPtr</span></a> dst</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlenc.html#XMLSECENCCTX"><span class="TYPE">xmlSecEncCtxPtr</span></a> src</code>);</pre>
+<p>Copies user preference from <code class="PARAMETER">src</code> context to <code class="PARAMETER">dst</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22881"><span style="white-space: nowrap"><code class="PARAMETER">dst</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to destination context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22886"><span style="white-space: nowrap"><code class="PARAMETER">src</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to source context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22891"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECENCCTXRESET"></a><h3>xmlSecEncCtxReset ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecEncCtxReset (<code class="PARAMETER"><a href="xmlsec-xmlenc.html#XMLSECENCCTX"><span class="TYPE">xmlSecEncCtxPtr</span></a> encCtx</code>);</pre>
+<p>Resets <code class="PARAMETER">encCtx</code> object, user settings are not touched.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN22909"><span style="white-space: nowrap"><code class="PARAMETER">encCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a> processing context.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECENCCTXBINARYENCRYPT"></a><h3>xmlSecEncCtxBinaryEncrypt ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecEncCtxBinaryEncrypt (<code class="PARAMETER"><a href="xmlsec-xmlenc.html#XMLSECENCCTX"><span class="TYPE">xmlSecEncCtxPtr</span></a> encCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> tmpl</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *data</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> dataSize</code>);</pre>
+<p>Encrypts <code class="PARAMETER">data</code> according to template <code class="PARAMETER">tmpl</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22938"><span style="white-space: nowrap"><code class="PARAMETER">encCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a> processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22944"><span style="white-space: nowrap"><code class="PARAMETER">tmpl</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a> template node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22950"><span style="white-space: nowrap"><code class="PARAMETER">data</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer for binary buffer.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22955"><span style="white-space: nowrap"><code class="PARAMETER">dataSize</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the <code class="PARAMETER">data</code> buffer size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22961"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECENCCTXXMLENCRYPT"></a><h3>xmlSecEncCtxXmlEncrypt ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecEncCtxXmlEncrypt (<code class="PARAMETER"><a href="xmlsec-xmlenc.html#XMLSECENCCTX"><span class="TYPE">xmlSecEncCtxPtr</span></a> encCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> tmpl</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>);</pre>
+<p>Encrypts <code class="PARAMETER">node</code> according to template <code class="PARAMETER">tmpl</code>. If requested, <code class="PARAMETER">node</code> is replaced
+with result <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a> node.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22988"><span style="white-space: nowrap"><code class="PARAMETER">encCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a> processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN22994"><span style="white-space: nowrap"><code class="PARAMETER">tmpl</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a> template node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN23000"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to node for encryption.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN23005"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECENCCTXURIENCRYPT"></a><h3>xmlSecEncCtxUriEncrypt ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecEncCtxUriEncrypt (<code class="PARAMETER"><a href="xmlsec-xmlenc.html#XMLSECENCCTX"><span class="TYPE">xmlSecEncCtxPtr</span></a> encCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> tmpl</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *uri</code>);</pre>
+<p>Encrypts data from <code class="PARAMETER">uri</code> according to template <code class="PARAMETER">tmpl</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN23030"><span style="white-space: nowrap"><code class="PARAMETER">encCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a> processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN23036"><span style="white-space: nowrap"><code class="PARAMETER">tmpl</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a> template node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN23042"><span style="white-space: nowrap"><code class="PARAMETER">uri</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the URI.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN23047"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECENCCTXDECRYPT"></a><h3>xmlSecEncCtxDecrypt ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecEncCtxDecrypt (<code class="PARAMETER"><a href="xmlsec-xmlenc.html#XMLSECENCCTX"><span class="TYPE">xmlSecEncCtxPtr</span></a> encCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>);</pre>
+<p>Decrypts <code class="PARAMETER">node</code> and if necessary replaces <code class="PARAMETER">node</code> with decrypted data.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN23069"><span style="white-space: nowrap"><code class="PARAMETER">encCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a> processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN23075"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN23081"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECENCCTXDECRYPTTOBUFFER"></a><h3>xmlSecEncCtxDecryptToBuffer ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECBUFFERPTR"><span class="RETURNVALUE">xmlSecBufferPtr</span></gtkdoclink> xmlSecEncCtxDecryptToBuffer (<code class="PARAMETER"><a href="xmlsec-xmlenc.html#XMLSECENCCTX"><span class="TYPE">xmlSecEncCtxPtr</span></a> encCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>);</pre>
+<p>Decrypts <code class="PARAMETER">node</code> data to the <code class="PARAMETER">encCtx</code> buffer.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN23103"><span style="white-space: nowrap"><code class="PARAMETER">encCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a> processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN23109"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a> node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN23115"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECENCCTXDEBUGDUMP"></a><h3>xmlSecEncCtxDebugDump ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecEncCtxDebugDump (<code class="PARAMETER"><a href="xmlsec-xmlenc.html#XMLSECENCCTX"><span class="TYPE">xmlSecEncCtxPtr</span></a> encCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+<p>Prints the debug information about <code class="PARAMETER">encCtx</code> to <code class="PARAMETER">output</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN23137"><span style="white-space: nowrap"><code class="PARAMETER">encCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a> processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN23143"><span style="white-space: nowrap"><code class="PARAMETER">output</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to output FILE.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECENCCTXDEBUGXMLDUMP"></a><h3>xmlSecEncCtxDebugXmlDump ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecEncCtxDebugXmlDump (<code class="PARAMETER"><a href="xmlsec-xmlenc.html#XMLSECENCCTX"><span class="TYPE">xmlSecEncCtxPtr</span></a> encCtx</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+<p>Prints the debug information about <code class="PARAMETER">encCtx</code> to <code class="PARAMETER">output</code> in XML format.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN23165"><span style="white-space: nowrap"><code class="PARAMETER">encCtx</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to <a href="http://www.w3.org/TR/xmlenc-core/#sec-EncryptedData" target="_top">&lt;enc:EncryptedData/&gt;</a> processing context.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN23171"><span style="white-space: nowrap"><code class="PARAMETER">output</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to output FILE.</p></td>
+</tr>
+</tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-xmldsig.html"><b>&lt;&lt;&lt; xmldsig</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-xmlsec.html"><b>xmlsec &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-xmlsec.html b/docs/api/xmlsec-xmlsec.html
new file mode 100644
index 00000000..f83142b5
--- /dev/null
+++ b/docs/api/xmlsec-xmlsec.html
@@ -0,0 +1,300 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>xmlsec</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Core Library API Reference." href="xmlsec-ref.html">
+<link rel="PREVIOUS" title="xmlenc" href="xmlsec-xmlenc.html">
+<link rel="NEXT" title="xmltree" href="xmlsec-xmltree.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-xmlenc.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-xmltree.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-XMLSEC"></a>xmlsec</h1>
+<div class="REFNAMEDIV">
+<a name="AEN23181"></a><h2>Name</h2>xmlsec -- Utility functions.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-XMLSEC.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS">typedef <font>xmlSecPtr</font>;
+#define <a href="xmlsec-xmlsec.html#XMLSECSIZE">xmlSecSize</a>
+#define <a href="xmlsec-xmlsec.html#XMLSEC-SIZE-BAD-CAST:CAPS">XMLSEC_SIZE_BAD_CAST</a> (val)
+#define <a href="xmlsec-xmlsec.html#XMLSECBYTE">xmlSecByte</a>
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmlsec.html#XMLSECINIT">xmlSecInit</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmlsec.html#XMLSECSHUTDOWN">xmlSecShutdown</a> (<code class="PARAMETER"><span class="TYPE">void</span></code>);
+#define <a href="xmlsec-xmlsec.html#XMLSECCHECKVERSIONEXACT">xmlSecCheckVersionExact</a>
+#define <a href="xmlsec-xmlsec.html#XMLSECCHECKVERSION">xmlSecCheckVersion</a>
+enum <a href="xmlsec-xmlsec.html#XMLSECCHECKVERSIONMODE">xmlSecCheckVersionMode</a>;
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmlsec.html#XMLSECCHECKVERSIONEXT">xmlSecCheckVersionExt</a> (<code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> major</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> minor</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> subminor</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECCHECKVERSIONMODE"><span class="TYPE">xmlSecCheckVersionMode</span></a> mode</code>);
+#define <a href="xmlsec-xmlsec.html#ATTRIBUTE-UNUSED:CAPS">ATTRIBUTE_UNUSED</a>
+#define <a href="xmlsec-xmlsec.html#XMLSEC-PTR-TO-FUNC-IMPL:CAPS">XMLSEC_PTR_TO_FUNC_IMPL</a> (func_type)
+#define <a href="xmlsec-xmlsec.html#XMLSEC-PTR-TO-FUNC:CAPS">XMLSEC_PTR_TO_FUNC</a> (func_type,
+ ptr)
+#define <a href="xmlsec-xmlsec.html#XMLSEC-FUNC-TO-PTR:CAPS">XMLSEC_FUNC_TO_PTR</a> (func_type,
+ func)</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-XMLSEC.DESCRIPTION"></a><h2>Description</h2>
+<p>Utility functions.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-XMLSEC.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECPTR"></a><h3>xmlSecPtr</h3>
+<pre class="PROGRAMLISTING">typedef void* xmlSecPtr;</pre>
+<p>Void pointer.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECSIZE"></a><h3>xmlSecSize</h3>
+<pre class="PROGRAMLISTING">#define xmlSecSize</pre>
+<p>Size of something. Should be typedef instead of define
+but it will break ABI (todo).</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-SIZE-BAD-CAST:CAPS"></a><h3>XMLSEC_SIZE_BAD_CAST()</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_SIZE_BAD_CAST(val) ((xmlSecSize)(val))</pre>
+<p>Bad cast to xmlSecSize</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN23247"><span style="white-space: nowrap"><code class="PARAMETER">val</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the value to cast</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBYTE"></a><h3>xmlSecByte</h3>
+<pre class="PROGRAMLISTING">#define xmlSecByte unsigned char</pre>
+<p>One byte. Should be typedef instead of define
+but it will break ABI (todo).</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECINIT"></a><h3>xmlSecInit ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecInit (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Initializes XML Security Library. The depended libraries
+(LibXML and LibXSLT) must be initialized before.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN23269"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECSHUTDOWN"></a><h3>xmlSecShutdown ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecShutdown (<code class="PARAMETER"><span class="TYPE">void</span></code>);</pre>
+<p>Clean ups the XML Security Library.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN23285"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value otherwise.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECCHECKVERSIONEXACT"></a><h3>xmlSecCheckVersionExact</h3>
+<pre class="PROGRAMLISTING">#define xmlSecCheckVersionExact()</pre>
+<p>Macro. Returns 1 if the loaded xmlsec library version exactly matches
+the one used to compile the caller, 0 if it does not or a negative
+value if an error occurs.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECCHECKVERSION"></a><h3>xmlSecCheckVersion</h3>
+<pre class="PROGRAMLISTING">#define xmlSecCheckVersion()</pre>
+<p>Macro. Returns 1 if the loaded xmlsec library version ABI compatible with
+the one used to compile the caller, 0 if it does not or a negative
+value if an error occurs.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECCHECKVERSIONMODE"></a><h3>enum xmlSecCheckVersionMode</h3>
+<pre class="PROGRAMLISTING">typedef enum {
+ xmlSecCheckVersionExactMatch = 0,
+ xmlSecCheckVersionABICompatible
+} xmlSecCheckVersionMode;</pre>
+<p>The xmlsec library version mode.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECCHECKVERSIONEXACTMATCH"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecCheckVersionExactMatch</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>the version should match exactly.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="XMLSECCHECKVERSIONABICOMPATIBLE"><span style="white-space: nowrap"><tt class="LITERAL">xmlSecCheckVersionABICompatible</tt></span></a></td>
+<td align="LEFT" valign="TOP"><p>the version should be ABI compatible.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECCHECKVERSIONEXT"></a><h3>xmlSecCheckVersionExt ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecCheckVersionExt (<code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> major</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> minor</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> subminor</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECCHECKVERSIONMODE"><span class="TYPE">xmlSecCheckVersionMode</span></a> mode</code>);</pre>
+<p>Checks if the loaded version of xmlsec library could be used.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN23340"><span style="white-space: nowrap"><code class="PARAMETER">major</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the major version number.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN23345"><span style="white-space: nowrap"><code class="PARAMETER">minor</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the minor version number.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN23350"><span style="white-space: nowrap"><code class="PARAMETER">subminor</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the subminor version number.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN23355"><span style="white-space: nowrap"><code class="PARAMETER">mode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the version check mode.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN23360"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 1 if the loaded xmlsec library version is OK to use
+0 if it is not or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="ATTRIBUTE-UNUSED:CAPS"></a><h3>ATTRIBUTE_UNUSED</h3>
+<pre class="PROGRAMLISTING">#define ATTRIBUTE_UNUSED</pre>
+<p>Macro used to signal to GCC unused function parameters</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-PTR-TO-FUNC-IMPL:CAPS"></a><h3>XMLSEC_PTR_TO_FUNC_IMPL()</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_PTR_TO_FUNC_IMPL(func_type)</pre>
+<p>Macro declares helper functions to convert between "void *" pointer and
+function pointer.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN23378"><span style="white-space: nowrap"><code class="PARAMETER">func_type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the function type.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-PTR-TO-FUNC:CAPS"></a><h3>XMLSEC_PTR_TO_FUNC()</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_PTR_TO_FUNC(func_type, ptr)</pre>
+<p>Macro converts from "void*" pointer to "func_type" function pointer.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN23390"><span style="white-space: nowrap"><code class="PARAMETER">func_type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the function type.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN23395"><span style="white-space: nowrap"><code class="PARAMETER">ptr</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the "void*" pointer to be converted.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSEC-FUNC-TO-PTR:CAPS"></a><h3>XMLSEC_FUNC_TO_PTR()</h3>
+<pre class="PROGRAMLISTING">#define XMLSEC_FUNC_TO_PTR(func_type, func)</pre>
+<p>Macro converts from "func_type" function pointer to "void*" pointer.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN23407"><span style="white-space: nowrap"><code class="PARAMETER">func_type</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the function type.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN23412"><span style="white-space: nowrap"><code class="PARAMETER">func</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the "func_type" function pointer to be converted.</p></td>
+</tr>
+</tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-xmlenc.html"><b>&lt;&lt;&lt; xmlenc</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-xmltree.html"><b>xmltree &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec-xmltree.html b/docs/api/xmlsec-xmltree.html
new file mode 100644
index 00000000..63658bab
--- /dev/null
+++ b/docs/api/xmlsec-xmltree.html
@@ -0,0 +1,1529 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>xmltree</title>
+<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.79">
+<link rel="HOME" title="XML Security Library Reference Manual" href="index.html">
+<link rel="UP" title="XML Security Core Library API Reference." href="xmlsec-ref.html">
+<link rel="PREVIOUS" title="xmlsec" href="xmlsec-xmlsec.html">
+<link rel="NEXT" title="x509" href="xmlsec-x509.html">
+<style type="text/css">.synopsis, .classsynopsis {
+ background: #eeeeee;
+ border: solid 1px #aaaaaa;
+ padding: 0.5em;
+}
+.programlisting {
+ background: #eeeeff;
+ border: solid 1px #aaaaff;
+ padding: 0.5em;
+}
+.variablelist {
+ padding: 4px;
+ margin-left: 3em;
+}
+.navigation {
+ background: #ffeeee;
+ border: solid 1px #ffaaaa;
+ margin-top: 0.5em;
+ margin-bottom: 0.5em;
+}
+.navigation a {
+ color: #770000;
+}
+.navigation a:visited {
+ color: #550000;
+}
+.navigation .title {
+ font-size: 200%;
+}</style>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="../images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="../index.html">Home</a></li>
+<li><a href="../download.html">Download</a></li>
+<li><a href="../news.html">News</a></li>
+<li><a href="../documentation.html">Documentation</a></li>
+<ul>
+<li><a href="../faq.html">FAQ</a></li>
+<li><a href="../api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="../api/xmlsec-reference.html">API reference</a></li>
+<li><a href="../api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="../xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="../xmlenc.html">XML Encryption</a></li>
+<li><a href="../c14n.html">XML Canonicalization</a></li>
+<li><a href="../bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="../related.html">Related</a></li>
+<li><a href="../authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="../images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="../images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="../images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<table width="100%" class="navigation" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td><a accesskey="p" href="xmlsec-xmlsec.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
+<td><a accesskey="u" href="xmlsec-ref.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
+<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
+<th width="100%" align="center">XML Security Library Reference Manual</th>
+<td><a accesskey="n" href="xmlsec-x509.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
+</tr></table>
+<h1>
+<a name="XMLSEC-XMLTREE"></a>xmltree</h1>
+<div class="REFNAMEDIV">
+<a name="AEN23422"></a><h2>Name</h2>xmltree -- XML tree operations.</div>
+<div class="REFSYNOPSISDIV">
+<a name="XMLSEC-XMLTREE.SYNOPSIS"></a><h2>Synopsis</h2>
+<pre class="SYNOPSIS">#define <a href="xmlsec-xmltree.html#XMLSECNODEGETNAME">xmlSecNodeGetName</a> (node)
+const <gtkdoclink href="XMLCHAR"><span class="RETURNVALUE">xmlChar</span></gtkdoclink>* <a href="xmlsec-xmltree.html#XMLSECGETNODENSHREF">xmlSecGetNodeNsHref</a> (<code class="PARAMETER">const <gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> cur</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECCHECKNODENAME">xmlSecCheckNodeName</a> (<code class="PARAMETER">const <gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> cur</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *ns</code>);
+<gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECGETNEXTELEMENTNODE">xmlSecGetNextElementNode</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> cur</code>);
+<gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECFINDCHILD">xmlSecFindChild</a> (<code class="PARAMETER">const <gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> parent</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *ns</code>);
+<gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECFINDPARENT">xmlSecFindParent</a> (<code class="PARAMETER">const <gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> cur</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *ns</code>);
+<gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECFINDNODE">xmlSecFindNode</a> (<code class="PARAMETER">const <gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> parent</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *ns</code>);
+<gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECADDCHILD">xmlSecAddChild</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> parent</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *ns</code>);
+<gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECADDCHILDNODE">xmlSecAddChildNode</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> parent</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> child</code>);
+<gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECADDNEXTSIBLING">xmlSecAddNextSibling</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *ns</code>);
+<gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECADDPREVSIBLING">xmlSecAddPrevSibling</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *ns</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECREPLACENODE">xmlSecReplaceNode</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> newNode</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECREPLACENODEANDRETURN">xmlSecReplaceNodeAndReturn</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> newNode</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> *replaced</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECREPLACECONTENT">xmlSecReplaceContent</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> newNode</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECREPLACECONTENTANDRETURN">xmlSecReplaceContentAndReturn</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> newNode</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> *replaced</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECREPLACENODEBUFFER">xmlSecReplaceNodeBuffer</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buffer</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECREPLACENODEBUFFERANDRETURN">xmlSecReplaceNodeBufferAndReturn</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buffer</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> *replaced</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECNODEENCODEANDSETCONTENT">xmlSecNodeEncodeAndSetContent</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *buffer</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECADDIDS">xmlSecAddIDs</a> (<code class="PARAMETER"><gtkdoclink href="XMLDOC"><span class="TYPE">xmlDocPtr</span></gtkdoclink> doc</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> cur</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> **ids</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECGENERATEANDADDID">xmlSecGenerateAndAddID</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *attrName</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *prefix</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> len</code>);
+<gtkdoclink href="XMLCHAR"><span class="RETURNVALUE">xmlChar</span></gtkdoclink>* <a href="xmlsec-xmltree.html#XMLSECGENERATEID">xmlSecGenerateID</a> (<code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *prefix</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> len</code>);
+<gtkdoclink href="XMLDOC"><span class="RETURNVALUE">xmlDocPtr</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECCREATETREE">xmlSecCreateTree</a> (<code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *rootNodeName</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *rootNodeNs</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECISEMPTYNODE">xmlSecIsEmptyNode</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECISEMPTYSTRING">xmlSecIsEmptyString</a> (<code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *str</code>);
+<gtkdoclink href="XMLCHAR"><span class="RETURNVALUE">xmlChar</span></gtkdoclink>* <a href="xmlsec-xmltree.html#XMLSECGETQNAME">xmlSecGetQName</a> (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *href</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *local</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECPRINTXMLSTRING">xmlSecPrintXmlString</a> (<code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *fd</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *str</code>);
+#define <a href="xmlsec-xmltree.html#XMLSECISHEX">xmlSecIsHex</a> (c)
+#define <a href="xmlsec-xmltree.html#XMLSECGETHEX">xmlSecGetHex</a> (c)
+struct <a href="xmlsec-xmltree.html#XMLSECQNAME2INTEGERINFO">xmlSecQName2IntegerInfo</a>;
+typedef <font>xmlSecQName2IntegerInfoConstPtr</font>;
+<gtkdoclink href="XMLSECQNAME2INTEGERINFOCONST"><span class="RETURNVALUE">xmlSecQName2IntegerInfoConstPtr</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECQNAME2INTEGERGETINFO">xmlSecQName2IntegerGetInfo</a>
+ (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2INTEGERINFOCONST"><span class="TYPE">xmlSecQName2IntegerInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> intValue</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECQNAME2INTEGERGETINTEGER">xmlSecQName2IntegerGetInteger</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2INTEGERINFOCONST"><span class="TYPE">xmlSecQName2IntegerInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *qnameHref</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *qnameLocalPart</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> *intValue</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECQNAME2INTEGERGETINTEGERFROMSTRING">xmlSecQName2IntegerGetIntegerFromString</a>
+ (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2INTEGERINFOCONST"><span class="TYPE">xmlSecQName2IntegerInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *qname</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> *intValue</code>);
+<gtkdoclink href="XMLCHAR"><span class="RETURNVALUE">xmlChar</span></gtkdoclink> * <a href="xmlsec-xmltree.html#XMLSECQNAME2INTEGERGETSTRINGFROMINTEGER">xmlSecQName2IntegerGetStringFromInteger</a>
+ (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2INTEGERINFOCONST"><span class="TYPE">xmlSecQName2IntegerInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> intValue</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECQNAME2INTEGERNODEREAD">xmlSecQName2IntegerNodeRead</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2INTEGERINFOCONST"><span class="TYPE">xmlSecQName2IntegerInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> *intValue</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECQNAME2INTEGERNODEWRITE">xmlSecQName2IntegerNodeWrite</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2INTEGERINFOCONST"><span class="TYPE">xmlSecQName2IntegerInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *nodeName</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *nodeNs</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> intValue</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECQNAME2INTEGERATTRIBUTEREAD">xmlSecQName2IntegerAttributeRead</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2INTEGERINFOCONST"><span class="TYPE">xmlSecQName2IntegerInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *attrName</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> *intValue</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECQNAME2INTEGERATTRIBUTEWRITE">xmlSecQName2IntegerAttributeWrite</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2INTEGERINFOCONST"><span class="TYPE">xmlSecQName2IntegerInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *attrName</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> intValue</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECQNAME2INTEGERDEBUGDUMP">xmlSecQName2IntegerDebugDump</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2INTEGERINFOCONST"><span class="TYPE">xmlSecQName2IntegerInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> intValue</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECQNAME2INTEGERDEBUGXMLDUMP">xmlSecQName2IntegerDebugXmlDump</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2INTEGERINFOCONST"><span class="TYPE">xmlSecQName2IntegerInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> intValue</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);
+typedef <a href="xmlsec-xmltree.html#XMLSECBITMASK">xmlSecBitMask</a>;
+struct <a href="xmlsec-xmltree.html#XMLSECQNAME2BITMASKINFO">xmlSecQName2BitMaskInfo</a>;
+typedef <font>xmlSecQName2BitMaskInfoConstPtr</font>;
+<gtkdoclink href="XMLSECQNAME2BITMASKINFOCONST"><span class="RETURNVALUE">xmlSecQName2BitMaskInfoConstPtr</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECQNAME2BITMASKGETINFO">xmlSecQName2BitMaskGetInfo</a>
+ (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2BITMASKINFOCONST"><span class="TYPE">xmlSecQName2BitMaskInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmltree.html#XMLSECBITMASK"><span class="TYPE">xmlSecBitMask</span></a> mask</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECQNAME2BITMASKGETBITMASK">xmlSecQName2BitMaskGetBitMask</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2BITMASKINFOCONST"><span class="TYPE">xmlSecQName2BitMaskInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *qnameLocalPart</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *qnameHref</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmltree.html#XMLSECBITMASK"><span class="TYPE">xmlSecBitMask</span></a> *mask</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECQNAME2BITMASKNODESREAD">xmlSecQName2BitMaskNodesRead</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2BITMASKINFOCONST"><span class="TYPE">xmlSecQName2BitMaskInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> *node</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *nodeName</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *nodeNs</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> stopOnUnknown</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmltree.html#XMLSECBITMASK"><span class="TYPE">xmlSecBitMask</span></a> *mask</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECQNAME2BITMASKGETBITMASKFROMSTRING">xmlSecQName2BitMaskGetBitMaskFromString</a>
+ (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2BITMASKINFOCONST"><span class="TYPE">xmlSecQName2BitMaskInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *qname</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmltree.html#XMLSECBITMASK"><span class="TYPE">xmlSecBitMask</span></a> *mask</code>);
+<gtkdoclink href="XMLCHAR"><span class="RETURNVALUE">xmlChar</span></gtkdoclink> * <a href="xmlsec-xmltree.html#XMLSECQNAME2BITMASKGETSTRINGFROMBITMASK">xmlSecQName2BitMaskGetStringFromBitMask</a>
+ (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2BITMASKINFOCONST"><span class="TYPE">xmlSecQName2BitMaskInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmltree.html#XMLSECBITMASK"><span class="TYPE">xmlSecBitMask</span></a> mask</code>);
+<gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECQNAME2BITMASKNODESWRITE">xmlSecQName2BitMaskNodesWrite</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2BITMASKINFOCONST"><span class="TYPE">xmlSecQName2BitMaskInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *nodeName</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *nodeNs</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmltree.html#XMLSECBITMASK"><span class="TYPE">xmlSecBitMask</span></a> mask</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECQNAME2BITMASKDEBUGDUMP">xmlSecQName2BitMaskDebugDump</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2BITMASKINFOCONST"><span class="TYPE">xmlSecQName2BitMaskInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmltree.html#XMLSECBITMASK"><span class="TYPE">xmlSecBitMask</span></a> mask</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);
+<gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink><a href="xmlsec-xmltree.html#XMLSECQNAME2BITMASKDEBUGXMLDUMP">xmlSecQName2BitMaskDebugXmlDump</a> (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2BITMASKINFOCONST"><span class="TYPE">xmlSecQName2BitMaskInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmltree.html#XMLSECBITMASK"><span class="TYPE">xmlSecBitMask</span></a> mask</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-XMLTREE.DESCRIPTION"></a><h2>Description</h2>
+<p>XML tree operations.</p>
+</div>
+<div class="REFSECT1">
+<a name="XMLSEC-XMLTREE.DETAILS"></a><h2>Details</h2>
+<div class="REFSECT2">
+<a name="XMLSECNODEGETNAME"></a><h3>xmlSecNodeGetName()</h3>
+<pre class="PROGRAMLISTING">#define xmlSecNodeGetName(node)</pre>
+<p>Macro. Returns node's name.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN23970"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to node.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGETNODENSHREF"></a><h3>xmlSecGetNodeNsHref ()</h3>
+<pre class="PROGRAMLISTING">const <gtkdoclink href="XMLCHAR"><span class="RETURNVALUE">xmlChar</span></gtkdoclink>* xmlSecGetNodeNsHref (<code class="PARAMETER">const <gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> cur</code>);</pre>
+<p>Get's node's namespace href.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN23987"><span style="white-space: nowrap"><code class="PARAMETER">cur</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN23992"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> node's namespace href.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECCHECKNODENAME"></a><h3>xmlSecCheckNodeName ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecCheckNodeName (<code class="PARAMETER">const <gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> cur</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *ns</code>);</pre>
+<p>Checks that the node has a given name and a given namespace href.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24015"><span style="white-space: nowrap"><code class="PARAMETER">cur</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to an XML node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24020"><span style="white-space: nowrap"><code class="PARAMETER">name</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the name,</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24025"><span style="white-space: nowrap"><code class="PARAMETER">ns</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the namespace href.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24030"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 1 if the node matches or 0 otherwise.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGETNEXTELEMENTNODE"></a><h3>xmlSecGetNextElementNode ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecGetNextElementNode (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> cur</code>);</pre>
+<p>Seraches for the next element node.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24047"><span style="white-space: nowrap"><code class="PARAMETER">cur</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to an XML node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24052"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to next element node or NULL if it is not found.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECFINDCHILD"></a><h3>xmlSecFindChild ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecFindChild (<code class="PARAMETER">const <gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> parent</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *ns</code>);</pre>
+<p>Searches a direct child of the <code class="PARAMETER">parent</code> node having given name and
+namespace href.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24076"><span style="white-space: nowrap"><code class="PARAMETER">parent</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to XML node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24081"><span style="white-space: nowrap"><code class="PARAMETER">name</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the name.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24086"><span style="white-space: nowrap"><code class="PARAMETER">ns</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the namespace href (may be NULL).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24091"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to the found node or NULL if an error occurs or
+node is not found.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECFINDPARENT"></a><h3>xmlSecFindParent ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecFindParent (<code class="PARAMETER">const <gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> cur</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *ns</code>);</pre>
+<p>Searches the ancestors axis of the <code class="PARAMETER">cur</code> node for a node having given name
+and namespace href.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24115"><span style="white-space: nowrap"><code class="PARAMETER">cur</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to an XML node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24120"><span style="white-space: nowrap"><code class="PARAMETER">name</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the name.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24125"><span style="white-space: nowrap"><code class="PARAMETER">ns</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the namespace href (may be NULL).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24130"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to the found node or NULL if an error occurs or
+node is not found.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECFINDNODE"></a><h3>xmlSecFindNode ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecFindNode (<code class="PARAMETER">const <gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> parent</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *ns</code>);</pre>
+<p>Searches all children of the <code class="PARAMETER">parent</code> node having given name and
+namespace href.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24154"><span style="white-space: nowrap"><code class="PARAMETER">parent</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to XML node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24159"><span style="white-space: nowrap"><code class="PARAMETER">name</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the name.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24164"><span style="white-space: nowrap"><code class="PARAMETER">ns</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the namespace href (may be NULL).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24169"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the pointer to the found node or NULL if an error occurs or
+node is not found.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECADDCHILD"></a><h3>xmlSecAddChild ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecAddChild (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> parent</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *ns</code>);</pre>
+<p>Adds a child to the node <code class="PARAMETER">parent</code> with given <code class="PARAMETER">name</code> and namespace <code class="PARAMETER">ns</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24195"><span style="white-space: nowrap"><code class="PARAMETER">parent</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to an XML node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24200"><span style="white-space: nowrap"><code class="PARAMETER">name</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new node name.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24205"><span style="white-space: nowrap"><code class="PARAMETER">ns</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new node namespace.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24210"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the new node or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECADDCHILDNODE"></a><h3>xmlSecAddChildNode ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecAddChildNode (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> parent</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> child</code>);</pre>
+<p>Adds <code class="PARAMETER">child</code> node to the <code class="PARAMETER">parent</code> node.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24232"><span style="white-space: nowrap"><code class="PARAMETER">parent</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to an XML node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24237"><span style="white-space: nowrap"><code class="PARAMETER">child</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24242"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the new node or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECADDNEXTSIBLING"></a><h3>xmlSecAddNextSibling ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecAddNextSibling (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *ns</code>);</pre>
+<p>Adds next sibling to the node <code class="PARAMETER">node</code> with given <code class="PARAMETER">name</code> and namespace <code class="PARAMETER">ns</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24268"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to an XML node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24273"><span style="white-space: nowrap"><code class="PARAMETER">name</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new node name.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24278"><span style="white-space: nowrap"><code class="PARAMETER">ns</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new node namespace.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24283"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the new node or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECADDPREVSIBLING"></a><h3>xmlSecAddPrevSibling ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLNODEPTR"><span class="RETURNVALUE">xmlNodePtr</span></gtkdoclink> xmlSecAddPrevSibling (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *ns</code>);</pre>
+<p>Adds prev sibling to the node <code class="PARAMETER">node</code> with given <code class="PARAMETER">name</code> and namespace <code class="PARAMETER">ns</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24309"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to an XML node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24314"><span style="white-space: nowrap"><code class="PARAMETER">name</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new node name.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24319"><span style="white-space: nowrap"><code class="PARAMETER">ns</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new node namespace.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24324"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the new node or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECREPLACENODE"></a><h3>xmlSecReplaceNode ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecReplaceNode (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> newNode</code>);</pre>
+<p>Swaps the <code class="PARAMETER">node</code> and <code class="PARAMETER">newNode</code> in the XML tree.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24346"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the current node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24351"><span style="white-space: nowrap"><code class="PARAMETER">newNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24356"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECREPLACENODEANDRETURN"></a><h3>xmlSecReplaceNodeAndReturn ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecReplaceNodeAndReturn (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> newNode</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> *replaced</code>);</pre>
+<p>Swaps the <code class="PARAMETER">node</code> and <code class="PARAMETER">newNode</code> in the XML tree.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24381"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the current node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24386"><span style="white-space: nowrap"><code class="PARAMETER">newNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24391"><span style="white-space: nowrap"><code class="PARAMETER">replaced</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the replaced node, or release it if NULL is given</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24396"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECREPLACECONTENT"></a><h3>xmlSecReplaceContent ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecReplaceContent (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> newNode</code>);</pre>
+<p>Swaps the content of <code class="PARAMETER">node</code> and <code class="PARAMETER">newNode</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24418"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the current node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24423"><span style="white-space: nowrap"><code class="PARAMETER">newNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24428"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECREPLACECONTENTANDRETURN"></a><h3>xmlSecReplaceContentAndReturn ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecReplaceContentAndReturn (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> newNode</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> *replaced</code>);</pre>
+<p>Swaps the content of <code class="PARAMETER">node</code> and <code class="PARAMETER">newNode</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24453"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the current node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24458"><span style="white-space: nowrap"><code class="PARAMETER">newNode</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the new node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24463"><span style="white-space: nowrap"><code class="PARAMETER">replaced</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the replaced nodes, or release them if NULL is given</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24468"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECREPLACENODEBUFFER"></a><h3>xmlSecReplaceNodeBuffer ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecReplaceNodeBuffer (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buffer</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>);</pre>
+<p>Swaps the <code class="PARAMETER">node</code> and the parsed XML data from the <code class="PARAMETER">buffer</code> in the XML tree.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24493"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the current node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24498"><span style="white-space: nowrap"><code class="PARAMETER">buffer</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the XML data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24503"><span style="white-space: nowrap"><code class="PARAMETER">size</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the XML data size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24508"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECREPLACENODEBUFFERANDRETURN"></a><h3>xmlSecReplaceNodeBufferAndReturn ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecReplaceNodeBufferAndReturn (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER">const <a href="xmlsec-xmlsec.html#XMLSECBYTE"><span class="TYPE">xmlSecByte</span></a> *buffer</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> size</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> *replaced</code>);</pre>
+<p>Swaps the <code class="PARAMETER">node</code> and the parsed XML data from the <code class="PARAMETER">buffer</code> in the XML tree.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24536"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the current node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24541"><span style="white-space: nowrap"><code class="PARAMETER">buffer</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the XML data.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24546"><span style="white-space: nowrap"><code class="PARAMETER">size</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the XML data size.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24551"><span style="white-space: nowrap"><code class="PARAMETER">replaced</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the replaced nodes, or release them if NULL is given</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24556"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECNODEENCODEANDSETCONTENT"></a><h3>xmlSecNodeEncodeAndSetContent ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecNodeEncodeAndSetContent (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *buffer</code>);</pre>
+<p>Encodes "special" characters in the <code class="PARAMETER">buffer</code> and sets the result
+as the node content.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24577"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to an XML node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24582"><span style="white-space: nowrap"><code class="PARAMETER">buffer</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to the node content.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24587"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECADDIDS"></a><h3>xmlSecAddIDs ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecAddIDs (<code class="PARAMETER"><gtkdoclink href="XMLDOC"><span class="TYPE">xmlDocPtr</span></gtkdoclink> doc</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> cur</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> **ids</code>);</pre>
+<p>Walks thru all children of the <code class="PARAMETER">cur</code> node and adds all attributes
+from the <code class="PARAMETER">ids</code> list to the <code class="PARAMETER">doc</code> document IDs attributes hash.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24613"><span style="white-space: nowrap"><code class="PARAMETER">doc</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to an XML document.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24618"><span style="white-space: nowrap"><code class="PARAMETER">cur</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to an XML node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24623"><span style="white-space: nowrap"><code class="PARAMETER">ids</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to a NULL terminated list of ID attributes.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGENERATEANDADDID"></a><h3>xmlSecGenerateAndAddID ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecGenerateAndAddID (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *attrName</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *prefix</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> len</code>);</pre>
+<p>Generates a unique ID in the format &lt;<code class="PARAMETER">prefix</code>&gt;base64-encoded(<code class="PARAMETER">len</code> random bytes)
+and puts it in the attribute <code class="PARAMETER">attrName</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24652"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the node to ID attr to.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24657"><span style="white-space: nowrap"><code class="PARAMETER">attrName</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the ID attr name.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24662"><span style="white-space: nowrap"><code class="PARAMETER">prefix</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the prefix to add to the generated ID (can be NULL).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24667"><span style="white-space: nowrap"><code class="PARAMETER">len</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the length of ID.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24672"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGENERATEID"></a><h3>xmlSecGenerateID ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLCHAR"><span class="RETURNVALUE">xmlChar</span></gtkdoclink>* xmlSecGenerateID (<code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *prefix</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmlsec.html#XMLSECSIZE"><span class="TYPE">xmlSecSize</span></a> len</code>);</pre>
+<p>Generates a unique ID in the format &lt;<code class="PARAMETER">prefix</code>&gt;base64-encoded(<code class="PARAMETER">len</code> random bytes).
+The caller is responsible for freeing returned string using <code class="PARAMETER">xmlFree</code> function.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24695"><span style="white-space: nowrap"><code class="PARAMETER">prefix</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the prefix to add to the generated ID (can be NULL).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24700"><span style="white-space: nowrap"><code class="PARAMETER">len</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the length of ID.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24705"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to generated ID string or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECCREATETREE"></a><h3>xmlSecCreateTree ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLDOC"><span class="RETURNVALUE">xmlDocPtr</span></gtkdoclink> xmlSecCreateTree (<code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *rootNodeName</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *rootNodeNs</code>);</pre>
+<p>Creates a new XML tree with one root node <code class="PARAMETER">rootNodeName</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24726"><span style="white-space: nowrap"><code class="PARAMETER">rootNodeName</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the root node name.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24731"><span style="white-space: nowrap"><code class="PARAMETER">rootNodeNs</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the root node namespace (otpional).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24736"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the newly created tree or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECISEMPTYNODE"></a><h3>xmlSecIsEmptyNode ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecIsEmptyNode (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>);</pre>
+<p>Checks whethere the <code class="PARAMETER">node</code> is empty (i.e. has only whitespaces children).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24754"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the node to check</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24759"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 1 if <code class="PARAMETER">node</code> is empty, 0 otherwise or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECISEMPTYSTRING"></a><h3>xmlSecIsEmptyString ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecIsEmptyString (<code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *str</code>);</pre>
+<p>Checks whethere the <code class="PARAMETER">str</code> is empty (i.e. has only whitespaces children).</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24778"><span style="white-space: nowrap"><code class="PARAMETER">str</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the string to check</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24783"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 1 if <code class="PARAMETER">str</code> is empty, 0 otherwise or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGETQNAME"></a><h3>xmlSecGetQName ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLCHAR"><span class="RETURNVALUE">xmlChar</span></gtkdoclink>* xmlSecGetQName (<code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *href</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *local</code>);</pre>
+<p>Creates QName (prefix:local) from <code class="PARAMETER">href</code> and <code class="PARAMETER">local</code> in the context of the <code class="PARAMETER">node</code>.
+Caller is responsible for freeing returned string with xmlFree.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24810"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the context node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24815"><span style="white-space: nowrap"><code class="PARAMETER">href</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the QName href (can be NULL).</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24820"><span style="white-space: nowrap"><code class="PARAMETER">local</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the QName local part.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24825"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> qname or NULL if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECPRINTXMLSTRING"></a><h3>xmlSecPrintXmlString ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecPrintXmlString (<code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *fd</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *str</code>);</pre>
+<p>Encodes the <code class="PARAMETER">str</code> (e.g. replaces '&amp;' with '&amp;amp;') and writes it to <code class="PARAMETER">fd</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24847"><span style="white-space: nowrap"><code class="PARAMETER">fd</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the file descriptor to write the XML string to</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24852"><span style="white-space: nowrap"><code class="PARAMETER">str</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the string</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24857"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> he number of bytes transmitted or a negative value if an error occurs.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECISHEX"></a><h3>xmlSecIsHex()</h3>
+<pre class="PROGRAMLISTING">#define xmlSecIsHex(c)</pre>
+<p>Macro. Returns 1 if <code class="PARAMETER">c</code> is a hex digit or 0 other wise.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN24870"><span style="white-space: nowrap"><code class="PARAMETER">c</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the character.</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECGETHEX"></a><h3>xmlSecGetHex()</h3>
+<pre class="PROGRAMLISTING">#define xmlSecGetHex(c)</pre>
+<p>Macro. Returns the hex value of the <code class="PARAMETER">c</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody><tr>
+<td align="LEFT" valign="TOP"><a name="AEN24883"><span style="white-space: nowrap"><code class="PARAMETER">c</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the character,</p></td>
+</tr></tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECQNAME2INTEGERINFO"></a><h3>struct xmlSecQName2IntegerInfo</h3>
+<pre class="PROGRAMLISTING">struct xmlSecQName2IntegerInfo {
+ const xmlChar* qnameHref;
+ const xmlChar* qnameLocalPart;
+ int intValue;
+};</pre>
+<p>QName &lt;-&gt; Integer conversion definition.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24895"><span style="white-space: nowrap">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *<code class="STRUCTFIELD">qnameHref</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the QName href</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24902"><span style="white-space: nowrap">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *<code class="STRUCTFIELD">qnameLocalPart</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the QName local</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24909"><span style="white-space: nowrap"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> <code class="STRUCTFIELD">intValue</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the integer value</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECQNAME2INTEGERINFOCONSTPTR"></a><h3>xmlSecQName2IntegerInfoConstPtr</h3>
+<pre class="PROGRAMLISTING">typedef const xmlSecQName2IntegerInfo * xmlSecQName2IntegerInfoConstPtr;</pre>
+<p>Pointer to constant QName &lt;-&gt; Integer conversion definition.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECQNAME2INTEGERGETINFO"></a><h3>xmlSecQName2IntegerGetInfo ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECQNAME2INTEGERINFOCONST"><span class="RETURNVALUE">xmlSecQName2IntegerInfoConstPtr</span></gtkdoclink> xmlSecQName2IntegerGetInfo
+ (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2INTEGERINFOCONST"><span class="TYPE">xmlSecQName2IntegerInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> intValue</code>);</pre>
+<p>Maps integer <code class="PARAMETER">intValue</code> to a QName prefix.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24938"><span style="white-space: nowrap"><code class="PARAMETER">info</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the qname&lt;-&gt;integer mapping information.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24943"><span style="white-space: nowrap"><code class="PARAMETER">intValue</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the integer value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24948"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> the QName info that is mapped to <code class="PARAMETER">intValue</code> or NULL if such value
+is not found.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECQNAME2INTEGERGETINTEGER"></a><h3>xmlSecQName2IntegerGetInteger ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecQName2IntegerGetInteger (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2INTEGERINFOCONST"><span class="TYPE">xmlSecQName2IntegerInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *qnameHref</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *qnameLocalPart</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> *intValue</code>);</pre>
+<p>Maps qname qname to an integer and returns it in <code class="PARAMETER">intValue</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24976"><span style="white-space: nowrap"><code class="PARAMETER">info</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the qname&lt;-&gt;integer mapping information.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24981"><span style="white-space: nowrap"><code class="PARAMETER">qnameHref</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the qname href value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24986"><span style="white-space: nowrap"><code class="PARAMETER">qnameLocalPart</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the qname local part value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24991"><span style="white-space: nowrap"><code class="PARAMETER">intValue</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to result integer value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN24996"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs,</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECQNAME2INTEGERGETINTEGERFROMSTRING"></a><h3>xmlSecQName2IntegerGetIntegerFromString ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecQName2IntegerGetIntegerFromString
+ (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2INTEGERINFOCONST"><span class="TYPE">xmlSecQName2IntegerInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *qname</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> *intValue</code>);</pre>
+<p>Converts <code class="PARAMETER">qname</code> into integer in context of <code class="PARAMETER">node</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25024"><span style="white-space: nowrap"><code class="PARAMETER">info</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the qname&lt;-&gt;integer mapping information.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25029"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25034"><span style="white-space: nowrap"><code class="PARAMETER">qname</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the qname string.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25039"><span style="white-space: nowrap"><code class="PARAMETER">intValue</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to result integer value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25044"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs,</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECQNAME2INTEGERGETSTRINGFROMINTEGER"></a><h3>xmlSecQName2IntegerGetStringFromInteger ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLCHAR"><span class="RETURNVALUE">xmlChar</span></gtkdoclink> * xmlSecQName2IntegerGetStringFromInteger
+ (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2INTEGERINFOCONST"><span class="TYPE">xmlSecQName2IntegerInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> intValue</code>);</pre>
+<p>Creates qname string for <code class="PARAMETER">intValue</code> in context of given <code class="PARAMETER">node</code>. Caller
+is responsible for freeing returned string with <code class="PARAMETER">xmlFree</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25070"><span style="white-space: nowrap"><code class="PARAMETER">info</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the qname&lt;-&gt;integer mapping information.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25075"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25080"><span style="white-space: nowrap"><code class="PARAMETER">intValue</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the integer value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25085"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to newly allocated string on success or NULL if an error occurs,</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECQNAME2INTEGERNODEREAD"></a><h3>xmlSecQName2IntegerNodeRead ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecQName2IntegerNodeRead (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2INTEGERINFOCONST"><span class="TYPE">xmlSecQName2IntegerInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> *intValue</code>);</pre>
+<p>Reads the content of <code class="PARAMETER">node</code> and converts it to an integer using mapping
+from <code class="PARAMETER">info</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25110"><span style="white-space: nowrap"><code class="PARAMETER">info</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the qname&lt;-&gt;integer mapping information.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25115"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25120"><span style="white-space: nowrap"><code class="PARAMETER">intValue</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to result integer value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25125"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs,</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECQNAME2INTEGERNODEWRITE"></a><h3>xmlSecQName2IntegerNodeWrite ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecQName2IntegerNodeWrite (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2INTEGERINFOCONST"><span class="TYPE">xmlSecQName2IntegerInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *nodeName</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *nodeNs</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> intValue</code>);</pre>
+<p>Creates new child node in <code class="PARAMETER">node</code> and sets its value to <code class="PARAMETER">intValue</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25156"><span style="white-space: nowrap"><code class="PARAMETER">info</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the qname&lt;-&gt;integer mapping information.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25161"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the parent node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25166"><span style="white-space: nowrap"><code class="PARAMETER">nodeName</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the child node name.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25171"><span style="white-space: nowrap"><code class="PARAMETER">nodeNs</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the child node namespace.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25176"><span style="white-space: nowrap"><code class="PARAMETER">intValue</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the integer value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25181"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs,</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECQNAME2INTEGERATTRIBUTEREAD"></a><h3>xmlSecQName2IntegerAttributeRead ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecQName2IntegerAttributeRead (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2INTEGERINFOCONST"><span class="TYPE">xmlSecQName2IntegerInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *attrName</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> *intValue</code>);</pre>
+<p>Gets the value of <code class="PARAMETER">attrName</code> atrtibute from <code class="PARAMETER">node</code> and converts it to integer
+according to <code class="PARAMETER">info</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25210"><span style="white-space: nowrap"><code class="PARAMETER">info</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the qname&lt;-&gt;integer mapping information.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25215"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the element node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25220"><span style="white-space: nowrap"><code class="PARAMETER">attrName</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the attribute name.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25225"><span style="white-space: nowrap"><code class="PARAMETER">intValue</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to result integer value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25230"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs,</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECQNAME2INTEGERATTRIBUTEWRITE"></a><h3>xmlSecQName2IntegerAttributeWrite ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecQName2IntegerAttributeWrite (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2INTEGERINFOCONST"><span class="TYPE">xmlSecQName2IntegerInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *attrName</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> intValue</code>);</pre>
+<p>Converts <code class="PARAMETER">intValue</code> to a qname and sets it to the value of
+attribute <code class="PARAMETER">attrName</code> in <code class="PARAMETER">node</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25259"><span style="white-space: nowrap"><code class="PARAMETER">info</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the qname&lt;-&gt;integer mapping information.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25264"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the parent node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25269"><span style="white-space: nowrap"><code class="PARAMETER">attrName</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the name of attribute.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25274"><span style="white-space: nowrap"><code class="PARAMETER">intValue</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the integer value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25279"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs,</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECQNAME2INTEGERDEBUGDUMP"></a><h3>xmlSecQName2IntegerDebugDump ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecQName2IntegerDebugDump (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2INTEGERINFOCONST"><span class="TYPE">xmlSecQName2IntegerInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> intValue</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+<p>Prints <code class="PARAMETER">intValue</code> into <code class="PARAMETER">output</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25307"><span style="white-space: nowrap"><code class="PARAMETER">info</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the qname&lt;-&gt;integer mapping information.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25312"><span style="white-space: nowrap"><code class="PARAMETER">intValue</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the integer value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25317"><span style="white-space: nowrap"><code class="PARAMETER">name</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the value name to print.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25322"><span style="white-space: nowrap"><code class="PARAMETER">output</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to output FILE.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECQNAME2INTEGERDEBUGXMLDUMP"></a><h3>xmlSecQName2IntegerDebugXmlDump ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecQName2IntegerDebugXmlDump (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2INTEGERINFOCONST"><span class="TYPE">xmlSecQName2IntegerInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> intValue</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+<p>Prints <code class="PARAMETER">intValue</code> into <code class="PARAMETER">output</code> in XML format.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25350"><span style="white-space: nowrap"><code class="PARAMETER">info</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the qname&lt;-&gt;integer mapping information.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25355"><span style="white-space: nowrap"><code class="PARAMETER">intValue</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the integer value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25360"><span style="white-space: nowrap"><code class="PARAMETER">name</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the value name to print.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25365"><span style="white-space: nowrap"><code class="PARAMETER">output</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to output FILE.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECBITMASK"></a><h3>xmlSecBitMask</h3>
+<pre class="PROGRAMLISTING">typedef unsigned int xmlSecBitMask;</pre>
+<p>Bitmask datatype.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECQNAME2BITMASKINFO"></a><h3>struct xmlSecQName2BitMaskInfo</h3>
+<pre class="PROGRAMLISTING">struct xmlSecQName2BitMaskInfo {
+ const xmlChar* qnameHref;
+ const xmlChar* qnameLocalPart;
+ xmlSecBitMask mask;
+};</pre>
+<p>QName &lt;-&gt; Bitmask conversion definition.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25383"><span style="white-space: nowrap">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *<code class="STRUCTFIELD">qnameHref</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the QName href</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25390"><span style="white-space: nowrap">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *<code class="STRUCTFIELD">qnameLocalPart</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the QName local</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25397"><span style="white-space: nowrap"><a href="xmlsec-xmltree.html#XMLSECBITMASK"><span class="TYPE">xmlSecBitMask</span></a> <code class="STRUCTFIELD">mask</code>;</span></a></td>
+<td align="LEFT" valign="TOP"><p>the bitmask value</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECQNAME2BITMASKINFOCONSTPTR"></a><h3>xmlSecQName2BitMaskInfoConstPtr</h3>
+<pre class="PROGRAMLISTING">typedef const xmlSecQName2BitMaskInfo* xmlSecQName2BitMaskInfoConstPtr;</pre>
+<p>Pointer to constant QName &lt;-&gt; Bitmask conversion definition.</p>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECQNAME2BITMASKGETINFO"></a><h3>xmlSecQName2BitMaskGetInfo ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLSECQNAME2BITMASKINFOCONST"><span class="RETURNVALUE">xmlSecQName2BitMaskInfoConstPtr</span></gtkdoclink> xmlSecQName2BitMaskGetInfo
+ (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2BITMASKINFOCONST"><span class="TYPE">xmlSecQName2BitMaskInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmltree.html#XMLSECBITMASK"><span class="TYPE">xmlSecBitMask</span></a> mask</code>);</pre>
+<p>Converts <code class="PARAMETER">mask</code> to qname.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25426"><span style="white-space: nowrap"><code class="PARAMETER">info</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the qname&lt;-&gt;bit mask mapping information.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25431"><span style="white-space: nowrap"><code class="PARAMETER">mask</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the bit mask.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25436"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to the qname info for <code class="PARAMETER">mask</code> or NULL if mask is unknown.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECQNAME2BITMASKGETBITMASK"></a><h3>xmlSecQName2BitMaskGetBitMask ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecQName2BitMaskGetBitMask (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2BITMASKINFOCONST"><span class="TYPE">xmlSecQName2BitMaskInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *qnameLocalPart</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *qnameHref</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmltree.html#XMLSECBITMASK"><span class="TYPE">xmlSecBitMask</span></a> *mask</code>);</pre>
+<p>Converts <code class="PARAMETER">qnameLocalPart</code> to <code class="PARAMETER">mask</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25465"><span style="white-space: nowrap"><code class="PARAMETER">info</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the qname&lt;-&gt;bit mask mapping information.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25470"><span style="white-space: nowrap"><code class="PARAMETER">qnameLocalPart</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the qname LocalPart value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25475"><span style="white-space: nowrap"><code class="PARAMETER">qnameHref</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the qname Href value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25480"><span style="white-space: nowrap"><code class="PARAMETER">mask</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to result mask.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25485"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs,</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECQNAME2BITMASKNODESREAD"></a><h3>xmlSecQName2BitMaskNodesRead ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecQName2BitMaskNodesRead (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2BITMASKINFOCONST"><span class="TYPE">xmlSecQName2BitMaskInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> *node</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *nodeName</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *nodeNs</code>,
+ <code class="PARAMETER"><gtkdoclink href="INT"><span class="TYPE">int</span></gtkdoclink> stopOnUnknown</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmltree.html#XMLSECBITMASK"><span class="TYPE">xmlSecBitMask</span></a> *mask</code>);</pre>
+<p>Reads &lt;<code class="PARAMETER">nodeNs</code>:<code class="PARAMETER">nodeName</code>&gt; elements and puts the result bit mask
+into <code class="PARAMETER">mask</code>. When function exits, <code class="PARAMETER">node</code> points to the first element node
+after all the &lt;<code class="PARAMETER">nodeNs</code>:<code class="PARAMETER">nodeName</code>&gt; elements.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25523"><span style="white-space: nowrap"><code class="PARAMETER">info</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the qname&lt;-&gt;bit mask mapping information.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25528"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the start.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25533"><span style="white-space: nowrap"><code class="PARAMETER">nodeName</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the mask nodes name.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25538"><span style="white-space: nowrap"><code class="PARAMETER">nodeNs</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the mask nodes namespace.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25543"><span style="white-space: nowrap"><code class="PARAMETER">stopOnUnknown</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>if this flag is set then function exits if unknown
+ value was found.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25548"><span style="white-space: nowrap"><code class="PARAMETER">mask</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to result mask.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25553"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs,</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECQNAME2BITMASKGETBITMASKFROMSTRING"></a><h3>xmlSecQName2BitMaskGetBitMaskFromString ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecQName2BitMaskGetBitMaskFromString
+ (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2BITMASKINFOCONST"><span class="TYPE">xmlSecQName2BitMaskInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *qname</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmltree.html#XMLSECBITMASK"><span class="TYPE">xmlSecBitMask</span></a> *mask</code>);</pre>
+<p>Converts <code class="PARAMETER">qname</code> into integer in context of <code class="PARAMETER">node</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25581"><span style="white-space: nowrap"><code class="PARAMETER">info</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the qname&lt;-&gt;integer mapping information.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25586"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25591"><span style="white-space: nowrap"><code class="PARAMETER">qname</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the qname string.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25596"><span style="white-space: nowrap"><code class="PARAMETER">mask</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to result msk value.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25601"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs,</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECQNAME2BITMASKGETSTRINGFROMBITMASK"></a><h3>xmlSecQName2BitMaskGetStringFromBitMask ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="XMLCHAR"><span class="RETURNVALUE">xmlChar</span></gtkdoclink> * xmlSecQName2BitMaskGetStringFromBitMask
+ (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2BITMASKINFOCONST"><span class="TYPE">xmlSecQName2BitMaskInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmltree.html#XMLSECBITMASK"><span class="TYPE">xmlSecBitMask</span></a> mask</code>);</pre>
+<p>Creates qname string for <code class="PARAMETER">mask</code> in context of given <code class="PARAMETER">node</code>. Caller
+is responsible for freeing returned string with <code class="PARAMETER">xmlFree</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25627"><span style="white-space: nowrap"><code class="PARAMETER">info</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the qname&lt;-&gt;integer mapping information.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25632"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to node.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25637"><span style="white-space: nowrap"><code class="PARAMETER">mask</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the mask.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25642"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> pointer to newly allocated string on success or NULL if an error occurs,</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECQNAME2BITMASKNODESWRITE"></a><h3>xmlSecQName2BitMaskNodesWrite ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="INT"><span class="RETURNVALUE">int</span></gtkdoclink> xmlSecQName2BitMaskNodesWrite (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2BITMASKINFOCONST"><span class="TYPE">xmlSecQName2BitMaskInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER"><gtkdoclink href="XMLNODE"><span class="TYPE">xmlNodePtr</span></gtkdoclink> node</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *nodeName</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *nodeNs</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmltree.html#XMLSECBITMASK"><span class="TYPE">xmlSecBitMask</span></a> mask</code>);</pre>
+<p>Writes &lt;<code class="PARAMETER">nodeNs</code>:<code class="PARAMETER">nodeName</code>&gt; elemnts with values from <code class="PARAMETER">mask</code> to <code class="PARAMETER">node</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25675"><span style="white-space: nowrap"><code class="PARAMETER">info</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the qname&lt;-&gt;bit mask mapping information.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25680"><span style="white-space: nowrap"><code class="PARAMETER">node</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the parent element for mask nodes.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25685"><span style="white-space: nowrap"><code class="PARAMETER">nodeName</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the mask nodes name.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25690"><span style="white-space: nowrap"><code class="PARAMETER">nodeNs</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the mask nodes namespace.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25695"><span style="white-space: nowrap"><code class="PARAMETER">mask</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the bit mask.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25700"><span style="white-space: nowrap"><span class="emphasis"><i class="EMPHASIS">Returns</i></span> :</span></a></td>
+<td align="LEFT" valign="TOP"><p> 0 on success or a negative value if an error occurs,</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECQNAME2BITMASKDEBUGDUMP"></a><h3>xmlSecQName2BitMaskDebugDump ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecQName2BitMaskDebugDump (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2BITMASKINFOCONST"><span class="TYPE">xmlSecQName2BitMaskInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmltree.html#XMLSECBITMASK"><span class="TYPE">xmlSecBitMask</span></a> mask</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+<p>Prints debug information about <code class="PARAMETER">mask</code> to <code class="PARAMETER">output</code>.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25728"><span style="white-space: nowrap"><code class="PARAMETER">info</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the qname&lt;-&gt;bit mask mapping information.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25733"><span style="white-space: nowrap"><code class="PARAMETER">mask</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the bit mask.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25738"><span style="white-space: nowrap"><code class="PARAMETER">name</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the value name to print.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25743"><span style="white-space: nowrap"><code class="PARAMETER">output</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to output FILE.</p></td>
+</tr>
+</tbody></table>
+</div>
+<hr>
+<div class="REFSECT2">
+<a name="XMLSECQNAME2BITMASKDEBUGXMLDUMP"></a><h3>xmlSecQName2BitMaskDebugXmlDump ()</h3>
+<pre class="PROGRAMLISTING"><gtkdoclink href="VOID"><span class="RETURNVALUE">void</span></gtkdoclink> xmlSecQName2BitMaskDebugXmlDump (<code class="PARAMETER"><gtkdoclink href="XMLSECQNAME2BITMASKINFOCONST"><span class="TYPE">xmlSecQName2BitMaskInfoConstPtr</span></gtkdoclink> info</code>,
+ <code class="PARAMETER"><a href="xmlsec-xmltree.html#XMLSECBITMASK"><span class="TYPE">xmlSecBitMask</span></a> mask</code>,
+ <code class="PARAMETER">const <gtkdoclink href="XMLCHAR"><span class="TYPE">xmlChar</span></gtkdoclink> *name</code>,
+ <code class="PARAMETER"><gtkdoclink href="FILE:CAPS"><span class="TYPE">FILE</span></gtkdoclink> *output</code>);</pre>
+<p>Prints debug information about <code class="PARAMETER">mask</code> to <code class="PARAMETER">output</code> in XML format.</p>
+<p></p>
+<table class="variablelist" border="0" cellspacing="0" cellpadding="4"><tbody>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25771"><span style="white-space: nowrap"><code class="PARAMETER">info</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the qname&lt;-&gt;bit mask mapping information.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25776"><span style="white-space: nowrap"><code class="PARAMETER">mask</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the bit mask.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25781"><span style="white-space: nowrap"><code class="PARAMETER">name</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the value name to print.</p></td>
+</tr>
+<tr>
+<td align="LEFT" valign="TOP"><a name="AEN25786"><span style="white-space: nowrap"><code class="PARAMETER">output</code> :</span></a></td>
+<td align="LEFT" valign="TOP"><p>the pointer to output FILE.</p></td>
+</tr>
+</tbody></table>
+</div>
+</div>
+<table class="navigation" width="100%" summary="Navigation footer" cellpadding="2" cellspacing="2"><tr valign="middle">
+<td align="left"><a accesskey="p" href="xmlsec-xmlsec.html"><b>&lt;&lt;&lt; xmlsec</b></a></td>
+<td align="right"><a accesskey="n" href="xmlsec-x509.html"><b>x509 &gt;&gt;&gt;</b></a></td>
+</tr></table>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/api/xmlsec.sgml b/docs/api/xmlsec.sgml
new file mode 100644
index 00000000..afdd9a71
--- /dev/null
+++ b/docs/api/xmlsec.sgml
@@ -0,0 +1,307 @@
+<!doctype book PUBLIC "-//Davenport//DTD DocBook V3.0//EN" [
+<!ENTITY chapter-compiling-and-linking SYSTEM "chapters/compiling-and-linking.sgml">
+<!ENTITY chapter-init-and-shutdown SYSTEM "chapters/init-and-shutdown.sgml">
+<!ENTITY chapter-sign-and-encrypt SYSTEM "chapters/sign-and-encrypt.sgml">
+<!ENTITY chapter-verify-and-decrypt SYSTEM "chapters/verify-and-decrypt.sgml">
+<!ENTITY chapter-creating-templates SYSTEM "chapters/creating-templates.sgml">
+<!ENTITY chapter-using-keys SYSTEM "chapters/using-keys.sgml">
+<!ENTITY chapter-using-keysmngr SYSTEM "chapters/using-keysmngr.sgml">
+<!ENTITY chapter-using-x509-certs SYSTEM "chapters/using-x509-certs.sgml">
+<!ENTITY chapter-using-transforms SYSTEM "chapters/using-transforms.sgml">
+<!ENTITY chapter-using-contexts SYSTEM "chapters/using-contexts.sgml">
+<!ENTITY chapter-new-crypto SYSTEM "chapters/new-crypto.sgml">
+<!ENTITY chapter-examples SYSTEM "chapters/examples.sgml">
+
+<!ENTITY xmlsec-index SYSTEM "xmlsec-index.sgml">
+
+<!ENTITY xmlsec-app SYSTEM "sgml/app.sgml">
+<!ENTITY xmlsec-base64 SYSTEM "sgml/base64.sgml">
+<!ENTITY xmlsec-bn SYSTEM "sgml/bn.sgml">
+<!ENTITY xmlsec-buffer SYSTEM "sgml/buffer.sgml">
+<!ENTITY xmlsec-dl SYSTEM "sgml/dl.sgml">
+<!ENTITY xmlsec-errors SYSTEM "sgml/errors.sgml">
+<!ENTITY xmlsec-io SYSTEM "sgml/io.sgml">
+<!ENTITY xmlsec-keyinfo SYSTEM "sgml/keyinfo.sgml">
+<!ENTITY xmlsec-keysdata SYSTEM "sgml/keysdata.sgml">
+<!ENTITY xmlsec-keys SYSTEM "sgml/keys.sgml">
+<!ENTITY xmlsec-keysmngr SYSTEM "sgml/keysmngr.sgml">
+<!ENTITY xmlsec-list SYSTEM "sgml/list.sgml">
+<!ENTITY xmlsec-membuf SYSTEM "sgml/membuf.sgml">
+<!ENTITY xmlsec-nodeset SYSTEM "sgml/nodeset.sgml">
+<!ENTITY xmlsec-parser SYSTEM "sgml/parser.sgml">
+<!ENTITY xmlsec-templates SYSTEM "sgml/templates.sgml">
+<!ENTITY xmlsec-transforms SYSTEM "sgml/transforms.sgml">
+<!ENTITY xmlsec-version SYSTEM "sgml/version.sgml">
+<!ENTITY xmlsec-xmldsig SYSTEM "sgml/xmldsig.sgml">
+<!ENTITY xmlsec-xmlenc SYSTEM "sgml/xmlenc.sgml">
+<!ENTITY xmlsec-xmlsec SYSTEM "sgml/xmlsec.sgml">
+<!ENTITY xmlsec-xmltree SYSTEM "sgml/xmltree.sgml">
+<!ENTITY xmlsec-x509 SYSTEM "sgml/x509.sgml">
+
+<!ENTITY xmlsec-openssl-app SYSTEM "sgml/openssl/app.sgml">
+<!ENTITY xmlsec-openssl-bn SYSTEM "sgml/openssl/bn.sgml">
+<!ENTITY xmlsec-openssl-ciphers SYSTEM "sgml/openssl/ciphers.sgml">
+<!ENTITY xmlsec-openssl-crypto SYSTEM "sgml/openssl/crypto.sgml">
+<!ENTITY xmlsec-openssl-evp SYSTEM "sgml/openssl/evp.sgml">
+<!ENTITY xmlsec-openssl-x509 SYSTEM "sgml/openssl/x509.sgml">
+
+<!ENTITY xmlsec-gnutls-app SYSTEM "sgml/gnutls/app.sgml">
+<!ENTITY xmlsec-gnutls-crypto SYSTEM "sgml/gnutls/crypto.sgml">
+
+<!ENTITY xmlsec-gcrypt-app SYSTEM "sgml/gcrypt/app.sgml">
+<!ENTITY xmlsec-gcrypt-crypto SYSTEM "sgml/gcrypt/crypto.sgml">
+
+<!ENTITY xmlsec-nss-app SYSTEM "sgml/nss/app.sgml">
+<!ENTITY xmlsec-nss-bignum SYSTEM "sgml/nss/bignum.sgml">
+<!ENTITY xmlsec-nss-crypto SYSTEM "sgml/nss/crypto.sgml">
+<!ENTITY xmlsec-nss-keysstore SYSTEM "sgml/nss/keysstore.sgml">
+<!ENTITY xmlsec-nss-pkikeys SYSTEM "sgml/nss/pkikeys.sgml">
+<!ENTITY xmlsec-nss-x509 SYSTEM "sgml/nss/x509.sgml">
+
+<!ENTITY xmlsec-mscrypto-app SYSTEM "sgml/mscrypto/app.sgml">
+<!ENTITY xmlsec-mscrypto-certkeys SYSTEM "sgml/mscrypto/certkeys.sgml">
+<!ENTITY xmlsec-mscrypto-crypto SYSTEM "sgml/mscrypto/crypto.sgml">
+<!ENTITY xmlsec-mscrypto-keysstore SYSTEM "sgml/mscrypto/keysstore.sgml">
+<!ENTITY xmlsec-mscrypto-x509 SYSTEM "sgml/mscrypto/x509.sgml">
+
+<!ENTITY xmlsec-example-sign1 SYSTEM "examples/sign1.sgml">
+<!ENTITY xmlsec-example-sign2 SYSTEM "examples/sign2.sgml">
+<!ENTITY xmlsec-example-sign3 SYSTEM "examples/sign3.sgml">
+
+<!ENTITY xmlsec-example-verify1 SYSTEM "examples/verify1.sgml">
+<!ENTITY xmlsec-example-verify2 SYSTEM "examples/verify2.sgml">
+<!ENTITY xmlsec-example-verify3 SYSTEM "examples/verify3.sgml">
+<!ENTITY xmlsec-example-verify4 SYSTEM "examples/verify4.sgml">
+
+<!ENTITY xmlsec-example-encrypt1 SYSTEM "examples/encrypt1.sgml">
+<!ENTITY xmlsec-example-encrypt2 SYSTEM "examples/encrypt2.sgml">
+<!ENTITY xmlsec-example-encrypt3 SYSTEM "examples/encrypt3.sgml">
+
+<!ENTITY xmlsec-example-decrypt1 SYSTEM "examples/decrypt1.sgml">
+<!ENTITY xmlsec-example-decrypt2 SYSTEM "examples/decrypt2.sgml">
+<!ENTITY xmlsec-example-decrypt3 SYSTEM "examples/decrypt3.sgml">
+
+<!ENTITY xmlsec-example-sign1-tmpl SYSTEM "examples/sign1-tmpl.sgml">
+<!ENTITY xmlsec-example-sign1-res SYSTEM "examples/sign1-res.sgml">
+<!ENTITY xmlsec-example-sign2-doc SYSTEM "examples/sign2-doc.sgml">
+<!ENTITY xmlsec-example-sign2-res SYSTEM "examples/sign2-res.sgml">
+<!ENTITY xmlsec-example-sign3-doc SYSTEM "examples/sign3-doc.sgml">
+<!ENTITY xmlsec-example-sign3-res SYSTEM "examples/sign3-res.sgml">
+<!ENTITY xmlsec-example-verify4-res SYSTEM "examples/verify4-res.sgml">
+<!ENTITY xmlsec-example-verify4-tmpl SYSTEM "examples/verify4-tmpl.sgml">
+<!ENTITY xmlsec-example-verify4-bad-res SYSTEM "examples/verify4-bad-res.sgml">
+<!ENTITY xmlsec-example-verify4-bad-tmpl SYSTEM "examples/verify4-bad-tmpl.sgml">
+
+<!ENTITY xmlsec-example-encrypt1-tmpl SYSTEM "examples/encrypt1-tmpl.sgml">
+<!ENTITY xmlsec-example-encrypt1-res SYSTEM "examples/encrypt1-res.sgml">
+<!ENTITY xmlsec-example-encrypt2-doc SYSTEM "examples/encrypt2-doc.sgml">
+<!ENTITY xmlsec-example-encrypt2-res SYSTEM "examples/encrypt2-res.sgml">
+<!ENTITY xmlsec-example-encrypt3-doc SYSTEM "examples/encrypt3-doc.sgml">
+<!ENTITY xmlsec-example-encrypt3-res SYSTEM "examples/encrypt3-res.sgml">
+]>
+<book id="index">
+ <bookinfo>
+ <title>XML Security Library Reference Manual</title>
+ <authorgroup>
+ <author>
+ <firstname>Aleksey</firstname>
+ <surname>Sanin</surname>
+ <affiliation>
+ <address>
+ <email>aleksey@aleksey.com</email>
+ </address>
+ </affiliation>
+ </author>
+ </authorgroup>
+ <copyright>
+ <year>2002-2003</year>
+ <holder>Aleksey Sanin</holder>
+ </copyright>
+ <legalnotice>
+ <para>Permission is granted to make and distribute verbatim
+ copies of this manual provided the copyright notice and this
+ permission notice are preserved on all copies.</para>
+ <para>Permission is granted to copy and distribute modified
+ versions of this manual under the conditions for verbatim
+ copying, provided also that the entire resulting derived work is
+ distributed under the terms of a permission notice identical to
+ this one.</para>
+
+ <para>Permission is granted to copy and distribute translations
+ of this manual into another language, under the above conditions
+ for modified versions.</para>
+ </legalnotice>
+
+ <abstract>
+ <para>This manual documents the interfaces of the xmlsec
+ library and has some short notes to help get you up to speed
+ with using the library.</para>
+ </abstract>
+ </bookinfo>
+
+ <part id="xmlsec-notes">
+ <title>XML Security Library Tutorial</title>
+ <chapter id="xmlsec-notes-overview">
+ <title>Overview.</title>
+ <para>XML Security Library provides support for XML Digital Signature
+ and XML Encryption. It is based on LibXML/LibXSLT and can use
+ practicaly any crypto library (currently there is "out of the box"
+ support for OpenSSL, MSCrypto, GnuTLS, GCrypt and NSS).
+ </para>
+ </chapter>
+ <chapter id="xmlsec-notes-structure">
+ <title>XML Security Library Structure.</title>
+ <para>In order to provide the an ability to use different crypto engines,
+ the XML Security Library is splitted in two parts: core library (xmlsec)
+ and crypto library (xmlsec-openssl, xmlsec-mscrypt, xmlsec-gnutls,
+ xmlsec-gcrypt, xmlsec-nss, ...).
+ <figure>
+ <title>The library structure and dependencies.</title>
+ <graphic fileref="images/structure.png" align="center"></graphic>
+ </figure>
+ </para>
+ <para>The core library has no dependency on any crypto library and provides
+ implementation of all the engines as well as support for all the non
+ crypto transforms (xml parser, c14n transforms, xpath and xslt
+ transforms,...). The XML Security Crypto library provides
+ implementations for crypto transforms, crypto keys data and key
+ data stores. Application is linked with particular XML Security
+ Crypto library (or even libraries), but the actual application
+ code might be general enough so switching crypto engine would be
+ a matter of changing several #include directives.</para>
+ </chapter>
+
+ &chapter-compiling-and-linking;
+ &chapter-init-and-shutdown;
+ &chapter-sign-and-encrypt;
+ &chapter-creating-templates;
+ &chapter-verify-and-decrypt;
+ &chapter-using-keys;
+ &chapter-using-keysmngr;
+ &chapter-using-x509-certs;
+ &chapter-using-transforms;
+ &chapter-using-contexts;
+ &chapter-new-crypto;
+ &chapter-examples;
+
+ <chapter id="xmlsec-signature-klasses">
+ <title>APPENDIX A. XML Security Library Signature Klasses.</title>
+ <figure>
+ <title>XML Security Library Signature Klasses.</title>
+ <graphic fileref="images/signature-structure.png" align="center"></graphic>
+ </figure>
+ </chapter>
+
+ <chapter id="xmlsec-encryption-klasses">
+ <title>APPENDIX B. XML Security Library Encryption Klasses.</title>
+ <figure>
+ <title>XML Security Library Encryption Klasses.</title>
+ <graphic fileref="images/encryption-structure.png" align="center"></graphic>
+ </figure>
+ </chapter>
+ </part>
+
+ <part id="xmlsec-reference">
+ <title>XML Security Library API Reference.</title>
+
+ <chapter id="xmlsec-ref">
+ <title>XML Security Core Library API Reference.</title>
+ <para>This section contains the API reference for xmlsec. All
+ the public interfaces are documented here. This reference guide is
+ build by extracting comments from the code sources. </para>
+
+ &xmlsec-app;
+ &xmlsec-base64;
+ &xmlsec-bn;
+ &xmlsec-buffer;
+ &xmlsec-dl;
+ &xmlsec-errors;
+ &xmlsec-io;
+ &xmlsec-keyinfo;
+ &xmlsec-keysdata;
+ &xmlsec-keys;
+ &xmlsec-keysmngr;
+ &xmlsec-list;
+ &xmlsec-membuf;
+ &xmlsec-nodeset;
+ &xmlsec-parser;
+ &xmlsec-templates;
+ &xmlsec-transforms;
+ &xmlsec-version;
+ &xmlsec-xmldsig;
+ &xmlsec-xmlenc;
+ &xmlsec-xmlsec;
+ &xmlsec-xmltree;
+ &xmlsec-x509;
+ </chapter>
+
+ <chapter id="xmlsec-openssl-ref">
+ <title>XML Security Library for OpenSLL API Reference.</title>
+ <para>This section contains the API reference for xmlsec-openssl. All
+ the public interfaces are documented here. This reference guide is
+ build by extracting comments from the code sources. </para>
+
+ &xmlsec-openssl-app;
+ &xmlsec-openssl-bn;
+ &xmlsec-openssl-crypto;
+ &xmlsec-openssl-evp;
+ &xmlsec-openssl-x509;
+ </chapter>
+
+ <chapter id="xmlsec-gnutls-ref">
+ <title>XML Security Library for GnuTLS API Reference.</title>
+ <para>This section contains the API reference for xmlsec-gnutls. All
+ the public interfaces are documented here. This reference guide is
+ build by extracting comments from the code sources. </para>
+
+ &xmlsec-gnutls-app;
+ &xmlsec-gnutls-crypto;
+ </chapter>
+
+ <chapter id="xmlsec-gcrypt-ref">
+ <title>XML Security Library for GCrypt API Reference.</title>
+ <para>This section contains the API reference for xmlsec-gcrypt. All
+ the public interfaces are documented here. This reference guide is
+ build by extracting comments from the code sources. </para>
+
+ &xmlsec-gcrypt-app;
+ &xmlsec-gcrypt-crypto;
+ </chapter>
+
+ <chapter id="xmlsec-nss-ref">
+ <title>XML Security Library for NSS API Reference.</title>
+ <para>This section contains the API reference for xmlsec-nss. All
+ the public interfaces are documented here. This reference guide is
+ build by extracting comments from the code sources. </para>
+
+ &xmlsec-nss-app;
+ &xmlsec-nss-bignum;
+ &xmlsec-nss-crypto;
+ &xmlsec-nss-keysstore;
+ &xmlsec-nss-pkikeys;
+ &xmlsec-nss-x509;
+ </chapter>
+
+ <chapter id="xmlsec-mscrypto-ref">
+ <title>XML Security Library for MSCrypto API Reference.</title>
+ <para>This section contains the API reference for xmlsec-mscrypto. All
+ the public interfaces are documented here. This reference guide is
+ build by extracting comments from the code sources. </para>
+
+ &xmlsec-mscrypto-app;
+ &xmlsec-mscrypto-certkeys;
+ &xmlsec-mscrypto-crypto;
+ &xmlsec-mscrypto-keysstore;
+ &xmlsec-mscrypto-x509;
+ </chapter>
+
+ <chapter id="xmlsec-index">
+ <title>XML Security Library Reference Index</title>
+ <para>
+ <itemizedlist>
+ &xmlsec-index;
+ </itemizedlist>
+ </para>
+ </chapter>
+ </part>
+</book>
diff --git a/docs/authors.html b/docs/authors.html
new file mode 100644
index 00000000..91099daf
--- /dev/null
+++ b/docs/authors.html
@@ -0,0 +1,59 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>XML Security Library: Authors and contributors</title>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="index.html">Home</a></li>
+<li><a href="download.html">Download</a></li>
+<li><a href="news.html">News</a></li>
+<li><a href="documentation.html">Documentation</a></li>
+<ul>
+<li><a href="faq.html">FAQ</a></li>
+<li><a href="api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="api/xmlsec-reference.html">API reference</a></li>
+<li><a href="api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="xmlenc.html">XML Encryption</a></li>
+<li><a href="c14n.html">XML Canonicalization</a></li>
+<li><a href="bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="related.html">Related</a></li>
+<li><a href="authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<div align="center">
+<h1>Authors and contributors</h1>
+</div>
+<ul>
+<li>Aleksey Sanin &lt;aleksey-at-aleksey-dot-com&gt;</li>
+ <li>Igor Zlatkovic &lt;igor-at-stud-dot-fh-frankfurt-dot-de&gt;</li>
+ <li>John Belmonte &lt;john-at-neggie-dot-net&gt;</li>
+ <li>Tej Arora &lt;tej-at-netscape-dot-com&gt; (<a href="http://www.aol.com">AOL, Inc.</a>)</li>
+ <li>Wouter Ketting &lt;wsh-at-xs4all-dot-nl&gt; (<a href="http://www.cordys.com">Cordys R&amp;D BV</a>)</li>
+ <li>Dmitry Belyavsky &lt;beldmit-at-cryptocom-dot-ru&gt; (<a href="http://www.cryptocom.ru">Cryptocom LTD</a>)</li>
+</ul>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/bugs.html b/docs/bugs.html
new file mode 100644
index 00000000..428c0ad8
--- /dev/null
+++ b/docs/bugs.html
@@ -0,0 +1,106 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>XML Security Library: Reporting Bugs</title>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="index.html">Home</a></li>
+<li><a href="download.html">Download</a></li>
+<li><a href="news.html">News</a></li>
+<li><a href="documentation.html">Documentation</a></li>
+<ul>
+<li><a href="faq.html">FAQ</a></li>
+<li><a href="api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="api/xmlsec-reference.html">API reference</a></li>
+<li><a href="api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="xmlenc.html">XML Encryption</a></li>
+<li><a href="c14n.html">XML Canonicalization</a></li>
+<li><a href="bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="related.html">Related</a></li>
+<li><a href="authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<div align="center"><h2>Reporting Bugs and Getting Help</h2></div>
+<p>
+Well, any big enough program has a bug. You simply don't know where
+exactly :) The best way to report a bug is to use the
+<a href="http://bugzilla.gnome.org/buglist.cgi?product=xmlsec">Gnome bug
+tracking database</a>. Please, make sure to use the "xmlsec" module name.
+There is also a mailing list
+<a href="mailto:xmlsec@aleksey.com">xmlsec@aleksey.com</a> with
+<a href="http://www.aleksey.com/pipermail/xmlsec">online
+archive</a>. To subscribe to this list
+please visit <a href="http://www.aleksey.com/mailman/listinfo/xmlsec">list info</a>
+Web page and follow instructions.</p>
+<p>Before writing bug reports or questions do not
+hesitate to check <a href="faq.html">FAQ</a> and old postings in the
+<a href="http://www.aleksey.com/pipermail/xmlsec">mailing
+list</a>. By doing this you might get the answer much faster.
+If you are writing your own code based on the XMLSec library then you should
+try to reproduce your problem with <a href="xmlsec-man.html">xmlsec command
+line utiliy</a> first. And if it works just fine then you know whom to blame,
+don't you? :).
+</p>
+<p>If you did all the steps above and you still think that you found something
+new then send as much information as possible, please.
+A good question or bug report <b>MUST</b> include the following:
+</p>
+<ul>
+<li>XMLSec version number (or the snapshot date).
+ </li>
+<li>The platform/compiler you are using.
+ </li>
+<li>The exact xmlsec utility command line.
+ </li>
+<li>All the files mentioned in this command line.
+ </li>
+<li>The xmlsec utility output.
+</li>
+</ul>
+<p>I'll do my best to fix reported bugs or answer questions as soon as I can.
+And of course, any patches, bug fixes and improvements are always welcome!<br></p>
+<p>Please note, that bug tracking database and mailing list are open to anyone.
+Any private or confidential information posted there became public.
+The author of XMLSec library assumes no responsibility for any damage caused
+by any information distribution using XMLSec
+<a href="http://www.aleksey.com/pipermail/xmlsec">mailing
+list</a>, GNOME CVS or
+<a href="http://bugzilla.gnome.org/buglist.cgi?product=xmlsec">Gnome bug
+tracking database</a>.
+</p>
+<p>
+</p>
+<div align="center">
+<a href="http://www.google.com"><img src="images/bart.gif" alt="Ask google" border="0"></a>
+</div>
+<small>Unfortunatelly, I don't know the author of this picture and I was not
+able to ask permissions to publish it. If you are the author or know
+the author then I would appreciate if you
+<a href="mailto:aleksey@aleksey.com">send me</a> a message so I can ask
+permissions and put author's name here.</small>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/c14n.html b/docs/c14n.html
new file mode 100644
index 00000000..3390cdf3
--- /dev/null
+++ b/docs/c14n.html
@@ -0,0 +1,73 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>XML Security Library: Canonicalization</title>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="index.html">Home</a></li>
+<li><a href="download.html">Download</a></li>
+<li><a href="news.html">News</a></li>
+<li><a href="documentation.html">Documentation</a></li>
+<ul>
+<li><a href="faq.html">FAQ</a></li>
+<li><a href="api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="api/xmlsec-reference.html">API reference</a></li>
+<li><a href="api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="xmlenc.html">XML Encryption</a></li>
+<li><a href="c14n.html">XML Canonicalization</a></li>
+<li><a href="bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="related.html">Related</a></li>
+<li><a href="authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<div align="Center">
+<h2>Canonical XML / Exclusive Canonical XML</h2>
+</div>
+<p>
+Both <a href="http://www.w3.org/TR/xmldsig-core">XML Signature</a>
+ and <a href="http://www.w3.org/TR/xmlenc-core/">XML
+Encryption</a>
+ use XML Canonicalization standards to produce canonical form of the original
+XML document. Except for limitations regarding a few unusual cases, if two
+documents have the same canonical form, then the two documents are logically
+equivalent within the given application context. Implementation of both these
+standards were included in libxml2 library because these algorithms could
+be interested for other applications as well.
+</p>
+<ul>
+<li>
+<a href="http://www.w3.org/TR/xml-c14n">Canonical XML 1.0</a>
+ (included in libxml2)</li>
+<li>
+<a href="http://www.w3.org/TR/xml-exc-c14n">Exclusive Canonical XML 1.0</a>
+ (included in libxml2)</li>
+<li>
+<a href="http://www.w3.org/TR/xml-c14n11/">Canonical XML 1.1</a>
+ (included in libxml2)</li>
+</ul>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/documentation.html b/docs/documentation.html
new file mode 100644
index 00000000..c1936667
--- /dev/null
+++ b/docs/documentation.html
@@ -0,0 +1,65 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>XML Security Library: Documentation</title>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="index.html">Home</a></li>
+<li><a href="download.html">Download</a></li>
+<li><a href="news.html">News</a></li>
+<li><a href="documentation.html">Documentation</a></li>
+<ul>
+<li><a href="faq.html">FAQ</a></li>
+<li><a href="api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="api/xmlsec-reference.html">API reference</a></li>
+<li><a href="api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="xmlenc.html">XML Encryption</a></li>
+<li><a href="c14n.html">XML Canonicalization</a></li>
+<li><a href="bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="related.html">Related</a></li>
+<li><a href="authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<div align="center">
+ <h1>Documentation</h1>
+ </div>
+<ul>
+<li>
+<a href="related.html#books">Books</a><br>
+</li>
+ <li><a href="faq.html">F.A.Q.</a></li>
+ <li><a href="api/xmlsec-notes.html">Tutorial</a></li>
+ <li>
+ <a href="api/xmlsec-reference.html">API Reference Manual</a>
+(automaticaly generated from sources using gtk-doc utility)</li>
+ <li><a href="api/xmlsec-examples.html">Examples</a></li>
+ <li><a href="xmlsec-man.html">xmlsec utility man page</a></li>
+ <li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing
+list archive</a></li>
+ </ul>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/download.html b/docs/download.html
new file mode 100644
index 00000000..4f3cff9d
--- /dev/null
+++ b/docs/download.html
@@ -0,0 +1,115 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>XML Security Library: Download</title>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="index.html">Home</a></li>
+<li><a href="download.html">Download</a></li>
+<li><a href="news.html">News</a></li>
+<li><a href="documentation.html">Documentation</a></li>
+<ul>
+<li><a href="faq.html">FAQ</a></li>
+<li><a href="api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="api/xmlsec-reference.html">API reference</a></li>
+<li><a href="api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="xmlenc.html">XML Encryption</a></li>
+<li><a href="c14n.html">XML Canonicalization</a></li>
+<li><a href="bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="related.html">Related</a></li>
+<li><a href="authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<div align="Center">
+ <h1>Download</h1>
+ </div>
+<h2>Stable releases.</h2>
+<p>The latest stable XML Security Library version is <b>1.2.18</b>:</p>
+<ul>
+<li>
+ <a href="http://www.aleksey.com/xmlsec/download/xmlsec1-1.2.18.tar.gz">Sources
+ for latest version</a>.
+ </li>
+ <li>
+ <a href="http://www.zlatkovic.com/projects/libxml/index.html">Windows
+ binaries</a> for XMLSec Library (as well as LibXML2, LibXSLT and OpenSSL)
+ from <a href="mailto:igor@zlatkovic.com">Igor Zlatkovic</a>.
+ </li>
+ <li>XMLSec Library is included as part of Debian GNU/Linux. For more
+ information see the <a href="http://memebeam.org/toys/DebianXmlsec">coordination page</a>.
+ </li>
+ <li>XMLSec Library <a href="http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/xmlsec/">FreeBSD</a>
+ and <a href="http://www.openbsd.org/cgi-bin/cvsweb/ports/security/xmlsec/">OpenBSD</a>
+ ports.
+ </li>
+</ul>
+<p>The <a href="ftp://ftp.aleksey.com/pub/xmlsec/releases/">previous releases</a> are also available.</p>
+<h2>Requirements</h2>
+<p>
+ The XML Security Library requires:
+ </p>
+<ul>
+<li><a href="http://xmlsoft.org/downloads.html">LibXML</a></li>
+ <li>
+<a href="http://xmlsoft.org/XSLT/downloads.html">LibXSLT</a> (optional)</li>
+</ul>
+<p>and one of the following cryptographic libraries:</p>
+<ul>
+<li>
+<a href="http://www.openssl.org/">OpenSSL</a> version 0.9.8
+ (it also should work with 0.9.7 and 0.9.6 but some features
+ would be disabled).
+ </li>
+ <li>
+<a href="http://www.gnu.org/software/gnutls/">GnuTLS</a>
+ </li>
+ <li>
+<a href="http://www.gnu.org/directory/security/libgcrypt.html">Libgcrypt</a>
+ </li>
+ <li>
+<a href="http://www.mozilla.org/projects/security/pki/nss/">NSS</a> -
+ Mozilla cryptographic library.
+ </li>
+ </ul>
+<h2>Installation (source archive)</h2>
+<p>
+ All steps are usual:<br></p>
+<blockquote>
+<code>gunzip -c xmlsec1-xxx.tar.gz | tar xvf -</code><br><code>cd xmlsec1-xxxx</code><br><code>./configure --help</code><br><code>./configure [possible options] </code><br><code>make</code><br><code>make install</code><br><code>make check</code>
+</blockquote>
+<p>
+ The last step is optional and requires Internet connection to execute
+ some tests.<br></p>
+<h2>GIT</h2>
+<p>XML Security Library is available from the
+<a href="http://live.gnome.org/Git/Developers">Gnome GIT</a>
+(the module name is <b>xmlsec</b>). The online XMLSec
+<a href="http://git.gnome.org/cgit/xmlsec">source browser</a>
+is also available.
+</p>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/faq.html b/docs/faq.html
new file mode 100644
index 00000000..29361786
--- /dev/null
+++ b/docs/faq.html
@@ -0,0 +1,449 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>XML Security Library: Documentation</title>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="index.html">Home</a></li>
+<li><a href="download.html">Download</a></li>
+<li><a href="news.html">News</a></li>
+<li><a href="documentation.html">Documentation</a></li>
+<ul>
+<li><a href="faq.html">FAQ</a></li>
+<li><a href="api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="api/xmlsec-reference.html">API reference</a></li>
+<li><a href="api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="xmlenc.html">XML Encryption</a></li>
+<li><a href="c14n.html">XML Canonicalization</a></li>
+<li><a href="bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="related.html">Related</a></li>
+<li><a href="authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<div align="center">
+ <h1>Frequently Asked Questions</h1>
+ </div>
+<h3>0. Where can I read more about XML Signature and XML
+Encryption?</h3>
+<p>First of all, read the original specifications: <a href="http://www.w3.org/Signature/">XML Digital Signature</a> and <a href="http://www.w3.org/Encryption/">XML Encrytpion</a>. Also there <a href="related.html#books">several books</a> available that can
+help you get started.<br></p>
+<h3>1. License(s).</h3>
+<h4> <a name="section_1_1"></a>1.1. Licensing Terms for
+xmlsec.</h4>
+<p> XML Security Library is released under the <a href="http://www.opensource.org/licenses/mit-license.html">MIT License</a>,
+see the file Copyright in the distribution for the precise wording. </p>
+<h4> <a name="section_1_2"></a>1.2. Can I use xmlsec with
+proprietary application or
+library? Can I use xmlsec with a GNU GPL application or library?</h4>
+<p>Probably, you will need to ask a lawyer. But not-a-lawyer answer
+can be found in the following table:
+</p>
+<table style="text-align: left; width: 85%; margin-left: auto; margin-right: auto;" border="1" cellpadding="2" cellspacing="2"><tbody>
+<tr>
+<td style="vertical-align: top; font-weight: bold;">XML
+Security Library module<br>
+</td>
+ <td style="vertical-align: top; font-weight: bold;">Dependencies<br>
+</td>
+ <td style="vertical-align: top; font-weight: bold;">Dependencies
+License<br>
+</td>
+ <td style="vertical-align: top; font-weight: bold;">Using
+with proprietary
+applications/libraries<br>
+</td>
+ <td style="vertical-align: top; font-weight: bold;">Using
+with MIT/BSD applications/libraries <br>
+</td>
+ <td style="vertical-align: top; font-weight: bold;">Using
+with GPL
+applications/libraries<br>
+</td>
+ </tr>
+<tr>
+<td style="vertical-align: top;">xmlsec-core<br>
+</td>
+ <td style="vertical-align: top;">
+<a href="http://xmlsoft.org">LibXML2</a>/<a href="http://xmlsoft.org/XSLT">LibXSLT</a>
+ </td>
+ <td style="vertical-align: top;"><a href="http://www.opensource.org/licenses/mit-license.html">MIT License</a></td>
+ <td style="vertical-align: top;">Yes.<br>
+</td>
+ <td style="vertical-align: top;">Yes.<br>
+</td>
+ <td style="vertical-align: top;">Yes.<br>
+</td>
+ </tr>
+<tr>
+<td style="vertical-align: top;">xmlsec-openssl (also
+requires
+xmlsec-core library)<br>
+</td>
+ <td style="vertical-align: top;"><a href="http://www.openssl.org">OpenSSL<br></a></td>
+ <td style="vertical-align: top;">OpenSSL License<br>
+</td>
+ <td style="vertical-align: top;">Yes.<br>
+</td>
+ <td style="vertical-align: top;">Yes.</td>
+ <td style="vertical-align: top;">May be. <a href="http://www.openssl.org/support/faq.cgi#LEGAL2">OpenSSL FAQ</a>
+states that OpenSSL library is covered by a <a href="http://www.gnu.org/licenses/gpl-faq.html#WritingFSWithNFLibs">special
+GPL exception</a> thus it could be used in GPLed
+applications/libraries. However, some people think that this is not
+true (<a href="http://lists.debian.org/debian-legal/2002/debian-legal-200210/msg00173.html">one</a>
+and <a href="http://lists.debian.org/debian-legal/2002/debian-legal-200205/msg00127.html">two</a>).
+ </td>
+ </tr>
+<tr>
+<td style="vertical-align: top;">xmlsec-gnutls (also
+requires
+xmlsec-core library) </td>
+ <td style="vertical-align: top;">
+<a href="http://www.gnu.org/software/gnutls/">GnuTLS</a><br>
+</td>
+ <td style="vertical-align: top;">
+<a href="http://www.opensource.org/licenses/gpl-license.php">GPL</a><br>
+</td>
+ <td style="vertical-align: top;">Yes, but only if
+the application is not distributed.<br>
+</td>
+ <td style="vertical-align: top;">Yes.</td>
+ <td style="vertical-align: top;">Yes.<br>
+</td>
+ </tr>
+<tr>
+<td style="vertical-align: top;">xmlsec-gcrypt (also
+requires
+xmlsec-core library) </td>
+ <td style="vertical-align: top;">
+<a href="http://www.gnupg.org/">LibGCrypt</a><br>
+</td>
+ <td style="vertical-align: top;">
+<a href="http://www.opensource.org/licenses/gpl-license.php">GPL</a><br>
+</td>
+ <td style="vertical-align: top;">Yes, but only if
+the application is not distributed.<br>
+</td>
+ <td style="vertical-align: top;">Yes.</td>
+ <td style="vertical-align: top;">Yes.<br>
+</td>
+ </tr>
+<tr>
+<td style="vertical-align: top;">xmlsec-nss (also
+requires
+xmlsec-core library) </td>
+ <td style="vertical-align: top;">
+<a href="http://www.mozilla.org/projects/security/pki/nss/">NSS</a><br>
+</td>
+ <td style="vertical-align: top;">Dual licensing: <a href="http://www.opensource.org/licenses/mozilla1.0.php">Mozilla
+Public License</a> and <a href="http://www.opensource.org/licenses/gpl-license.php">GPL</a> </td>
+ <td style="vertical-align: top;">Yes.<br>
+</td>
+ <td style="vertical-align: top;">Yes.</td>
+ <td style="vertical-align: top;">Probably yes, but at
+the time I
+am writing this there are some <a href="http://bugzilla.mozilla.org/show_bug.cgi?id=217162">unresolved
+issues</a>.<br>
+</td>
+ </tr>
+<tr>
+<td style="vertical-align: top;">xmlsec-mscrypto
+(also requires
+xmlsec-core library) </td>
+ <td style="vertical-align: top;">
+<a href="http://msdn.microsoft.com/security/">MSCrypto API</a><br>
+</td>
+ <td style="vertical-align: top;">Microsoft licensing:
+The libraries are part of MS Windows, and are also distributed with
+Internet Explorer. </td>
+ <td style="vertical-align: top;">Unknown.<br>
+</td>
+ <td style="vertical-align: top;">Unknown.</td>
+ <td style="vertical-align: top;">Unknown.</td>
+ </tr>
+</tbody></table>
+<p>If you have questions about XML Security Library
+licensing then feel free to send these questions to the <a href="bugs.html">mailing list</a>.<br></p>
+<h3>2. Installation.</h3>
+<h4> <a name="section_2_1"></a>2.1. Where can I get xmlsec?</h4>
+<p> The original distribution comes from <a href="http://www.aleksey.com/xmlsec/">XML Security Library page</a>.
+
+</p>
+<h4> <a name="section_2_2"></a>2.2. How to compile xmlsec?</h4>
+<p> On Unix just follow the "standard": </p>
+<blockquote> <code>gunzip -c xmlsec-xxx.tar.gz | tar xvf -</code><br><code>cd xmlsec-xxxx</code><br><code>./configure --help</code><br><code>./configure [possible options] </code><br><code>make</code><br><code>make check</code><br><code>make install</code> </blockquote>
+<p> At that point you may have to rerun ldconfig or similar
+utility to update your list of installed shared libs.<br>
+On Windows the process is more complicated. Please check readme file in
+ <code>xmlsec-xxxx/win32</code> folder. </p>
+<h4> <a name="section_2_3"></a>2.3. What other libraries
+are
+needed to compile/install
+xmlsec?</h4>
+<p> The XML Security Library requires: </p>
+<ul>
+<li><a href="http://xmlsoft.org/downloads.html">LibXML</a></li>
+ <li>
+<a href="http://xmlsoft.org/XSLT/downloads.html">LibXSLT</a>
+(optional)</li>
+ </ul>
+<ul>
+<li> <a href="http://www.openssl.org/">OpenSSL</a>
+version
+0.9.7 (prefered or later) or version 0.9.6. </li>
+<li>
+<a href="http://www.gnu.org/software/gnutls/">GnuTLS</a>
+</li>
+
+<li>
+<a href="http://www.gnu.org/directory/security/libgcrypt.html">Libgcrypt</a>
+</li>
+
+<li>
+<a href="http://www.mozilla.org/projects/security/pki/nss/">NSS</a> -
+Mozilla cryptographic library. </li>
+ </ul>
+<h4> <a name="section_2_4"></a>2.4. Why does make check
+fail
+for some tests?</h4>
+<p> First of all, some tests <b>must</b> fail! Please read
+the messages printed before the tests.<br>
+If you have other failed tests then the next possible reason is that
+you use OpenSSL 0.9.6 and some xmlsec features are disabled in this
+case. Please try to upgrade to OpenSSL 0.9.7 and
+re-configure/re-compile xmlsec.<br>
+if this does not help then probably there is a bug in the xmlsec or in
+the xmlsec tests. Please submit the <a href="http://www.aleksey.com/xmlsec/bugs.html">bug report</a> and I'll
+try to fix it. </p>
+<h4> <a name="section_2_5"></a>2.5. I get the xmlsec
+sources
+from CVS and there is no
+configure script. Where can I get it?</h4>
+<p> The configure (and other Makefiles) are generated. Use
+the <code>autogen.sh</code> script to regenerate the configure and
+Makefiles, like: </p>
+<blockquote> <code>./autogen.sh --prefix=/usr</code> </blockquote>
+<h4> <a name="section_2_6"></a>2.6. I do not need all
+these
+features supported by
+xmlsec. Can I disable some of them?</h4>
+<p> Yes, you can. Please run <code>./configure --help</code>
+for the list of possible configuration options. </p>
+<h4> <a name="section_2_7"></a>2.7. I am compiling XMLSec
+library on Windows and it
+does not compile (crashes right after the launch). Can you help me?</h4>
+<p> There are several possible reasons why you might have
+problems on Windows. All of them originated in the MS C compiler/linker
+and are specific to Windows. Thanks to Igor Zlatkovic for writing these
+long explanations. </p>
+<p> <b>1) Incorrect MS C runtime libraries.</b> </p>
+<p>Windows basically has two C runtimes. The one is called
+libc.lib and can only be linked to statically. The other is called
+msvcrt.dll and can only be linked to dynamically. The first one occurs
+in its single-threaded and multithreaded variant, which gives three
+different runtimes. These three then live in their debug and release
+incarnations, which results in six C runtimes. Worse, different versions
+of Microsoft Visual C/C++ have different runtimes (e.g. MSVC 6.0
+runtime is not compatible with .NET 2003 runtime). The rule is simple:
+exactly the same runtime must be used throughout the application.
+Client code must use the same runtime as XMLSec, LibXML, LibXSLT,
+OpenSSL or any other library used.<br>
+If you downloaded XMLSec, LibXML, LibXSLT and OpenSSL binaries from
+Igor's <a href="http://www.zlatkovic.com/projects/libxml/index.html">page</a>
+then all libraries are all linked to msvcrt.dll (Multithreaded DLL; /MD
+compiler switch). The click-next click-finish wizardry from Visual
+Studio chooses the single-threaded libc.lib as the default when you
+create a new project. And this causes great problems because you
+program crashes on first IO operation, first malloc/free from different
+runtimes or something even more trivial.<br>
+Do not forget that tf you need a different runtime for some reason,
+then you MUST recompile not only XMLSec, but LibXML, LibXSLT and
+OpenSSL as well. </p>
+<p> <b>2) Static linking without correct defines.</b> </p>
+<p>When people link statically to XMLSec, then they must <code>#define
+XMLSEC_STATIC</code> in their source files before including any XMLSec
+header. Almost none is doing that :) This macro has no effect on Unix,
+but it is vital on Windows.<br>
+This applies to LibXML and LibXSLT as well, no matter if these are used
+directly or not. If just XMLSec is used, but everything is linked
+statically, then there must be a </p>
+<blockquote><code> #define LIBXML_STATIC<br>
+#define LIBXSLT_STATIC<br>
+#define XMLSEC_STATIC<br></code></blockquote>
+<p> before any xmlsec header is included. Even if the
+client code doesn't call into libxml at all, still this must be
+defined. XMLSec headers will include LibXML headers and they must have
+these definitions. Without them, every variable XMLSec includes from
+LibXML headers will have <code>__declspec(dllimport)</code> prepended
+and that will give headaches if static LibXML is used for linking.<br>
+This scheme makes it possible to have any combination of static and
+dynamic libraries in the resulting executable. Its cost is the need to <code>#define</code>
+apropriate macros. People would ideally define them by using the
+compiler's <code>/D</code> switch in projects that link statically. </p>
+<h3>3. Developing with XMLSec.</h3>
+<h4> <a name="section_3_1"></a>3.1.
+xmlSecDSigCtxValidate()
+function returned 0. Does
+this mean that the signature is valid?</h4>
+<b>No!</b><p> Function xmlSecDSigCtxValidate() returns 0 when there
+were no <i>processing</i> errors during signature validation (i.e. the
+document has correct syntax, all keys were found, etc.). The signature
+is valid if and only if the xmlSecDSigCtxValidate() function returns 0 <b>and</b>
+the <code>status</code> member of the <code>xmlSecDSigCtx</code>
+structure is equal to <code>xmlSecDSigStatusSucceeded</code>. </p>
+<h4> <a name="section_3_2"></a>3.2. I am trying to sign
+use a
+part of XML document using an "Id" attribute but it does not work. Do
+you support "Id" attributes at all?</h4>
+<p><span style="font-weight: bold;">Yes. </span>LibXML2
+and XMLSec libraries do support ID attributes. However, you have to
+tell LibXML2/XMLSec what is the name of <span style="font-weight: bold;">your </span>ID attribute. XML
+specification does not require ID attribute to have name "Id" or "id".
+It can be anything you want! <br></p>
+<br><code>Id</code><code>Data</code><blockquote><code> &lt;?xml version="1.0"
+encoding="UTF-8"&gt;<br>
+&lt;Root&gt;<br>
+&lt;Data Id="1234"&gt;<br>
+The data I want to sign<br>
+&lt;/Data&gt;<br>
+&lt;/Root&gt;<br></code></blockquote>
+<p>One can use a simple DTD: </p>
+<blockquote><code> &lt;!DOCTYPE test [<br>
+&lt;!ATTLIST Data Id ID #IMPLIED&gt;<br>
+]&gt;<br></code></blockquote>
+<p> The DTD might be directly included in the XML file or
+located in a standalone file. In the second case, you might load the
+DTD in xmlsec command line utility with "--dtd-file" option. <br></p>
+<p>2) Use <a href="http://www.w3.org/TR/xml-id/">xml:id</a>.
+This is a new W3C Working Draft and not all XML parsers support it now
+(LibXML2 does!). <br></p>
+<p>3) Application can directly declare ID attribute to
+LibXML2/XMLSec. If you are using xmlsec command line utility see
+"--id-attr" option. If you are writing a C/C++ application
+yourself, call<code>xmlAddID</code> function.
+However, this approach might make you signature non-interoperable with
+other
+XMLDSig implementations.<br></p>
+<h4>
+<a name="section_3_3"></a>3.3.<span style="font-weight: bold;"> </span>I am trying to sign an
+XML document and I have a
+warning about "empty nodes set". Should I worry about this?</h4>
+<p> Most likely <b>yes</b>. When it's not an error from
+specification point of view, I can hardly imagine a real world case
+that requires signing an empty nodes set (i.e. signing an empty
+string). Most likely, you have this error because you are trying to use
+ID attribute and you do not provide a DTD for the document (see <a href="faq.html#section_3_2">section 3.2</a>
+about ID
+attributes).<br></p>
+<h4> </h4>
+<h4>
+<a name="section_3_4"></a>3.4. I am trying to
+sign/validate a document but
+xmlXPtrEval function can't evaluate "xpointer(id('XXXXXXX'))"
+expression. What's wrong?</h4>
+<p>First of all, read <a href="#section_3_2">section 3.2</a>
+about ID
+attributes.
+If you have tried to declare required ID attribute in DTD and
+you still have problems then I would guess that you are playing with
+Visa 3D protocol. This protocol tries to reference to an "id" attribute
+defined as CDATA instead of ID in the DTD (it is impossible in XML as
+described in <a href="#section_3_2">section 3.2</a>). Even worse, the
+value
+of this Visa 3D "id" attribute may start from number or contain "+" or
+"/" and this breakes <a href="http://www.w3.org/TR/REC-xml#sec-attribute-types">XML
+specification</a> again. Based on this, I have to say that Visa
+3D protocol does not use XML or XMLDSig specifications. And if you can
+then you should
+probably let Visa guys know about this problem (thought it was already
+done
+several times).</p>
+<p>The only good solution for this problem is changing Visa
+3D protocol.
+However,
+it might take time. As a short term solution you can use a special
+"Visa 3D
+hack" in xmlsec. Please note, that nobody (including me) knows what
+else
+might be broken in your application if you decide to use this hack. You
+are on
+your own here because this hack makes your application to work with
+non-XML
+and non-XMLDSig but some "Visa 3D" files. </p>
+<p>In order to process "Visa 3D" documents, you need to do
+two things: </p>
+<ul>
+<li>Register ID attributes manually (<code>xmlAddID</code>
+function or <code>--id-attr</code> option for xmlsec command line
+utility).</li>
+ <li>Enable Visa 3D hack in XML DSig context (<code>dsigCtx-&gt;flags
+|= XMLSEC_DSIG_FLAGS_USE_VISA3D_HACK</code> or <code>--enable-visa3d-hack</code>
+option for xmlsec command line utility).</li>
+ </ul>
+<b>This is a hack</b><b>. You are warned!</b><br><p><b>UPDATE:</b> It appears that recent version (Novemeber, 2005)
+of Visa3D DTD does have this problem corrected and now "id" attribute
+is declared as ID. Just get the new DTD and everything should work
+without this hack.</p>
+<h4>
+<a name="section_3_5"></a>3.5. I have a document signed
+with a certificate that
+is now expired. Can I verify this signature?</h4>
+<p> Yes, you can. However, you need to be carefull. Most
+likely you do want to make sure that the certificate was not expired
+when the document was signed. The <a href="http://www.w3.org/Signature">XML
+Digital Signature</a> specification does not have a standard way to
+include the signature timestamp. Which means that you need to define
+where to put timestamp by yourself. Please note, that the timestamp <b>must</b>
+be signed along with the other data.<br>
+Finaly set the desired verification time in <code>certsVerificationTime</code>
+member of the <code>xmlSecKeyInfoCtx</code> structure. </p>
+<p> If you are using xmlsec command line utility then you
+can use <code>--verification-time &lt;time&gt;</code> option (where <code>&lt;time&gt;</code>
+is the local system time in the "<code>YYYY-MM-DD HH:MM:SS</code>"
+format). </p>
+<h4> <a name="section_3_6"></a>3.6. I really like the
+XMLSec
+library but it is based
+on OpenSSL and I have to use another crypto library in my application.
+Can you write code to support my crypto library?</h4>
+<p> The XMLSec library has a very modular structure and
+there should be no problem with using another crypto library. For
+example, XMLSec already supports <a href="http://www.mozilla.org/projects/security/pki/nss/">NSS</a>,
+MSCrypto API and <a href="http://www.gnu.org/software/gnutls/gnutls.html">GnuTLS</a>.
+Check the latest release and/or the mailing list and you might find
+that your library is already supported or someone working on it.<br>
+If you are not so lucky, then you can either write some code by
+yourself or contact me in private email to discuss possible options. </p>
+<h4> <a name="section_3_7"></a>3.7. I really like the
+XMLSec
+library but it does not
+have cipher or transform that I need. Can you write code for me?</h4>
+<p> The XMLSec library has a very modular structure and
+there should be easy to add any cipher or other transform. Again, you
+can either write some code by yourself or try to talk to me in private
+email. </p>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/images/bart.gif b/docs/images/bart.gif
new file mode 100644
index 00000000..97f47b10
--- /dev/null
+++ b/docs/images/bart.gif
Binary files differ
diff --git a/docs/images/libxml2-logo.png b/docs/images/libxml2-logo.png
new file mode 100644
index 00000000..fbd74c07
--- /dev/null
+++ b/docs/images/libxml2-logo.png
Binary files differ
diff --git a/docs/images/libxslt-logo.png b/docs/images/libxslt-logo.png
new file mode 100644
index 00000000..b828d835
--- /dev/null
+++ b/docs/images/libxslt-logo.png
Binary files differ
diff --git a/docs/images/logo.gif b/docs/images/logo.gif
new file mode 100644
index 00000000..1c8b307a
--- /dev/null
+++ b/docs/images/logo.gif
Binary files differ
diff --git a/docs/images/openssl-logo.png b/docs/images/openssl-logo.png
new file mode 100644
index 00000000..d533901c
--- /dev/null
+++ b/docs/images/openssl-logo.png
Binary files differ
diff --git a/docs/images/xmlsec-logo.gif b/docs/images/xmlsec-logo.gif
new file mode 100644
index 00000000..fa9b8508
--- /dev/null
+++ b/docs/images/xmlsec-logo.gif
Binary files differ
diff --git a/docs/index.html b/docs/index.html
new file mode 100644
index 00000000..8c07d09a
--- /dev/null
+++ b/docs/index.html
@@ -0,0 +1,109 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>XML Security Library</title>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="index.html">Home</a></li>
+<li><a href="download.html">Download</a></li>
+<li><a href="news.html">News</a></li>
+<li><a href="documentation.html">Documentation</a></li>
+<ul>
+<li><a href="faq.html">FAQ</a></li>
+<li><a href="api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="api/xmlsec-reference.html">API reference</a></li>
+<li><a href="api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="xmlenc.html">XML Encryption</a></li>
+<li><a href="c14n.html">XML Canonicalization</a></li>
+<li><a href="bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="related.html">Related</a></li>
+<li><a href="authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<div align="center">
+<h1>XML Security Library</h1>
+</div>
+<p>
+XML Security Library is a C library based on <a href="http://xmlsoft.org/">LibXML2</a>.
+The library supports major XML security standards:
+</p>
+<ul>
+<li><a href="http://www.w3.org/TR/xmldsig-core">XML Signature</a></li>
+<li><a href="http://www.w3.org/TR/xmlenc-core/">XML Encryption</a></li>
+<li>
+<a href="http://www.w3.org/TR/xml-c14n">Canonical XML</a> (part of the
+<a href="http://xmlsoft.org">LibXML2</a>)</li>
+<li>
+<a href="http://www.w3.org/TR/xml-exc-c14n">Exclusive Canonical XML</a>
+(part of the <a href="http://xmlsoft.org">LibXML2</a>)</li>
+</ul>
+<p>
+XML Security Library is released under the
+<a href="http://www.opensource.org/licenses/mit-license.html">MIT Licence</a>
+see the Copyright file in the distribution for details.<br><br></p>
+<p><b>News</b></p>
+<ul>
+<li>May 11 2011<br>
+ The <a href="download.html">XML Security Library 1.2.18</a> release fixes
+ a serious crasher. All users are advised to upgraded as soon as possible.
+</li>
+<li>March 31 2011<br>
+ Changes in <a href="download.html">XML Security Library 1.2.17</a> release:
+ <ul>
+<li>Fixed security issue with libxslt (CVE-2011-1425, reported by Nicolas Gregoire).</li>
+ <li>Fixed a number of build configuration problems, pkcs12 file loading, and gcrypt init/shutdown.</li>
+ </ul>
+</li>
+<li>May 26 2010<br>
+ Changes in <a href="download.html">XML Security Library 1.2.16</a> release:
+ <ul>
+<li>New xmlsec-gcrypt library.</li>
+ <li>xmlsec-gcrypt: Added RSA with SHA1/SHA256/SHA384/SHA512/MD5/RIPEMD160,
+ DSA with SHA1, AES/DES KW support.</li>
+ <li>xmlsec-gnutls: Added X509 support and converted the library to use
+ xmlsec-gcrypt library for all crypto operations.</li>
+ xmlsec-mscrypto: RSA/OAEP and AES/DES KW support.</ul>
+</li>
+ <li>Several minor bug fixes and code cleanups.</li>
+ </ul>
+<li>April 29 2010<br>
+ Changes in <a href="download.html">XML Security Library 1.2.15</a> release:
+ <ul>
+<li>xmlsec-mscrypto: Added HMAC with MD5, SHA1, SHA256/384/512;
+ RSA with MD5, SHA256/384/512 support.</li>
+ <li>xmlsec-mscrypto: Converted to Unicode (the non-Unicode builds are still available as compile time option).</li>
+ <li>xmlsec-nss: Added MD5 and SHA256/384/512 support for digest, HMAC
+ and RSA (the new minimum required version for NSS library is 3.9).</li>
+ <li>xmlsec-gnutls: Added SHA256/384/512 for digest and HMAC;
+ MD5 and RIPEMD160 digests support (the new minimum required version for
+ GnuTLS library is 2.8.0).</li>
+ <li>Fixed typo: "Copyrigth" should be "Copyright".</li>
+ <li>Several critical bug fixes and code cleanups.</li>
+ </ul>
+</li>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/news.html b/docs/news.html
new file mode 100644
index 00000000..7a95943e
--- /dev/null
+++ b/docs/news.html
@@ -0,0 +1,545 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>XML Security Library: News</title>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="index.html">Home</a></li>
+<li><a href="download.html">Download</a></li>
+<li><a href="news.html">News</a></li>
+<li><a href="documentation.html">Documentation</a></li>
+<ul>
+<li><a href="faq.html">FAQ</a></li>
+<li><a href="api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="api/xmlsec-reference.html">API reference</a></li>
+<li><a href="api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="xmlenc.html">XML Encryption</a></li>
+<li><a href="c14n.html">XML Canonicalization</a></li>
+<li><a href="bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="related.html">Related</a></li>
+<li><a href="authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<div align="center">
+<h1>XML Security Library News</h1>
+</div>
+<ul>
+<li>May 11 2011<br>
+ The <a href="download.html">XML Security Library 1.2.18</a> release fixes
+ a serious crasher. All users are advised to upgraded as soon as possible.
+</li>
+
+<li>March 31 2011<br>
+ Changes in <a href="download.html">XML Security Library 1.2.17</a> release:
+ <ul>
+<li>Fixed security issue with libxslt (CVE-2011-1425, reported by Nicolas Gregoire).</li>
+ <li>Fixed a number of build configuration problems, pkcs12 file loading, and gcrypt init/shutdown.</li>
+ </ul>
+</li>
+<li>May 26 2010<br>
+ Changes in <a href="download.html">XML Security Library 1.2.16</a> release:
+ <ul>
+<li>New xmlsec-gcrypt library.</li>
+ <li>xmlsec-gcrypt: Added RSA with SHA1/SHA256/SHA384/SHA512/MD5/RIPEMD160,
+ DSA with SHA1, AES/DES KW support.</li>
+ <li>xmlsec-gnutls: Added X509 support and converted the library to use
+ xmlsec-gcrypt library for all crypto operations.</li>
+ xmlsec-mscrypto: RSA/OAEP and AES/DES KW support.</ul>
+</li>
+ <li>Several minor bug fixes and code cleanups.</li>
+ </ul>
+<li>April 29 2010<br>
+ Changes in <a href="download.html">XML Security Library 1.2.15</a> release:
+ <ul>
+<li>xmlsec-mscrypto: Added HMAC with MD5, SHA1, SHA256/384/512;
+ RSA with MD5, SHA256/384/512 support.</li>
+ <li>xmlsec-mscrypto: Converted to Unicode (the non-Unicode builds are still available as compile time option).</li>
+ <li>xmlsec-nss: Added MD5 and SHA256/384/512 support for digest, HMAC
+ and RSA (the new minimum required version for NSS library is 3.9).</li>
+ <li>xmlsec-gnutls: Added SHA256/384/512 for digest and HMAC;
+ MD5 and RIPEMD160 digests support (the new minimum required version for
+ GnuTLS library is 2.8.0).</li>
+ <li>Fixed typo: "Copyrigth" should be "Copyright".</li>
+ <li>Several critical bug fixes and code cleanups.</li>
+ </ul>
+</li>
+<li>December 5 2009<br>
+ Changes in <a href="download.html">XML Security Library 1.2.14</a> release:
+ <ul>
+<li>XMLSec library is switched from built-in LTDL library to the system
+ LTDL library on Linux/Unix and native calls on Windows to fix
+ <a href="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3736">security
+ issue</a> in LTDL.</li>
+ <li>Fixed minor bugs (see <a href="http://git.gnome.org/cgit/xmlsec/log/">log</a>
+ for complete list).</li>
+ </ul>
+</li>
+<li>September 12 2009<br>
+ Changes in <a href="download.html">XML Security Library 1.2.13</a> release:
+ <ul>
+<li>
+<a href="http://xmlsoft.org/">LibXML2</a> version 2.7.4 is now required</li>
+ <li>Implemented support for <a href="http://www.w3.org/TR/xml-c14n11/">C14N version 1.1</a>
+</li>
+ <li>Increase default minimum hmac size to 80 bits</li>
+ <li>Added support for --with-libxml-src and --with-libxslt-src ./configure options</li>
+ <li>Fixed XML dump output</li>
+ </ul>
+</li>
+<li>July 14 2009<br>
+ The new <a href="download.html">XML Security Library 1.2.12</a> release
+ includes the following changes (see ChangeLog for the complete list of changes):
+ <ul>
+<li>Fixed HMAC vulnerability with small values of HMAC length
+ (<a href="http://www.kb.cert.org/vuls/id/466161">CERT VU #466161</a>).</li>
+ <li>Added support for the GOST implemented by Russian Crypto Pro CSP
+ (patch from Dennis Prochko)</li>
+ <li>Added an option to return the replaced node (based on the patch from Frank Gross)</li>
+ <li>Added new function xmlSecNodeEncodeAndSetContent for encoding
+ special chars in the node content.</li>
+ <li>Added configurable Base64 line length.</li>
+ <li>Bug fixes.</li>
+ </ul>
+</li>
+<li>November 6 2007<br>
+ The new <a href="download.html">XML Security Library 1.2.11</a> release
+ includes the following changes:
+ <ul>
+<li>Mingw port (Roumen Petrov).</li>
+ <li>Better support for non micorsoft CSP's (Wouter and Ed Shallow).</li>
+ <li>Bug fixes.</li>
+ </ul>
+</li>
+<li>June 12 2006<br>
+ The new <a href="download.html">XML Security Library 1.2.10</a> release
+ includes the following changes:
+ <ul>
+<li>GOST algorithms support (Dmitry Belyavsky)</li>
+ <li>Ability to disable system trusted certs in xmlsec-mscrypto
+ (Dmitry Belyavsky)</li>
+ <li>New functions for adding X509IssuerName and X509SerialNumber
+ nodes to the template (Dmitry Belyavsky)</li>
+ <li>Better packaging support for Fedora and Debian (Daniel Veillard, John Belmonte)</li>
+ <li>Cleanups from Coverity tool reports</li>
+ <li>Bug fixes</li>
+ </ul>
+</li>
+<li>July 12 2005<br>
+ The new <a href="download.html">XML Security Library 1.2.9</a> release
+ includes few bug fixes and adds support for the recently released
+ <a href="http://www.openssl.org">OpenSSL 0.9.8</a> including several
+ new algorithms for <a href="xmldsig.html">xmlsec-openssl</a>:
+ <ul>
+<li>SHA224/SHA256/SHA384/SHA512</li>
+ <li>HMAC-SHA224/SHA256/SHA384/SHA512</li>
+ <li>RSA-MD5/RIPEMD160/SHA224/SHA256/SHA384/SHA512</li>
+ </ul>
+</li>
+<li>March 30 2005<br>
+ The new <a href="download.html">XML Security Library 1.2.8</a> release
+ merges OpenOffice.org changes to xmlsec-mscrypto and xmlsec-nss into
+ main xmlsec source tree.
+</li>
+<li>February 23 2005<br>
+ The new <a href="download.html">XML Security Library 1.2.7</a> release
+ includes several bug fixes and minor enchancements:
+ <ul>
+<li>(core) added xmlSecSimpleKeysStoreGetKeys() function;</li>
+ <li>(core) added functions to create &lt;X509Data/&gt; node children
+ in the signature template;</li>
+ <li>(core) fixed xmlSecGenerateID() function;</li>
+ <li>(core) fixed dynamic linking initialization/shutdown when custom memory
+ allocation functions are used;</li>
+ <li>(core) fixed encrypted text parsing and xmlParseInNodeContext() function;</li>
+ <li>(openssl) fixed parsing quoted values in the certificate subject;</li>
+ <li>(mscrypto) negative numbers support in xmlSecBnFromString()/xmlSecBnToString() functions.</li>
+ </ul>
+</li>
+<li>August 25 2004<br>
+ The new <a href="download.html">XML Security Library 1.2.6</a>
+ fixes several minor bugs and adds support for loading keys and
+ certificates from memory.
+</li>
+<li>July 27 2004<br>
+ Created a <a href="related.html#books">list of books</a> about
+ cryptography and security that covers most of the topics needed
+ for using XML Security Library.
+</li>
+<li>April 15 2004<br>
+ The new <a href="download.html">XML Security Library 1.2.5</a>
+ includes a simple XKMS server implementation and fixes a nasty
+ bug with encrypting/decrypting nodes with an empty content.
+</li>
+<li>January 27 2004<br>
+ The new <a href="download.html">XML Security Library 1.2.4</a>
+ release fixes many configuration and installation problems
+ found by John.
+</li>
+<li>January 6 2004<br>
+ The new <a href="download.html">XML Security Library 1.2.3</a>
+ release upgrades xmlsec-gnutls code to support latest gnutls
+ library version (1.0.4) and fixes several configuration and
+ installation problems.
+</li>
+<li>November 11 2003<br>
+ The new <a href="download.html">XML Security Library 1.2.2</a>
+ release includes several improvements in ./configure script
+ (Daniel, Roumen) and a bug fix for certificates serial number
+ processing in xmlsec-mscrypto.
+</li>
+<li>October 14 2003<br>
+ The new <a href="download.html">XML Security Library 1.2.1</a>
+ release includes a special "hack" for supporting ID attributes
+ with invalid values in Visa 3D; fixed processing of root element
+ node siblings (bug #124245); template functions for creating
+ &lt;enc:KeyReference/&gt; and &lt;enc:DataReference/&amp;gt
+ nodes (Wouter); new "XMLSEC_DOCDIR" environment variable
+ for ./configure script; updated README files for xmlsec-crypto
+ libraries.
+</li>
+<li>September 30 2003<br>
+ The major change in the new <a href="download.html">XML Security Library 1.2.0</a>
+ release is the MS Crypto API support implemented by Wouter. Other changes
+ include loading public keys from certificates and improved namespaces
+ support for start node selection with "--node-xpath" command line option
+ for xmlsec command line utility; updated online XML DSig Verifier;
+ updated docs and man pages.
+</li>
+<li>September 17 2003<br>
+ The new <a href="download.html">XML Security Library 1.1.2</a> release
+ introduces dynamical crypto engines loading based on ltdl library (including
+ tutorial, API reference and documentation updates); adds an ability to build
+ multiple xmlsec-crypto libraries in one build on Windows; fixes minor problems
+ in test suite and multiple warnings when building on Sun Solaris.
+</li>
+<li>August 21 2003<br>
+ The new <a href="download.html">XML Security Library 1.1.1</a> release
+ adds &lt;X509Data/&gt; node templates support to xmlsec-nss (Tej);
+ includes new functions for reading keys and certificates from memory
+ for xmlsec-core and xmlsec-openssl (Joachim); fixes several problems
+ in xmlsec configuration files (Roumen) and a bug in URI attribute
+ XInclude processing.
+</li>
+<li>August 5 2003<br>
+ A great patch from Tej that dramaticaly improves xmlsec-nss functionality
+ deserves a minor version number update :). In addition to that, the new
+ <a href="download.html">XML Security Library 1.1.0</a>
+ release includes &lt;X509Data/&gt; node templates support
+ for xmlsec-openssl (Roumen); separate pkg-config files for xmlsec-crypto
+ libraries and minor documentation updates (including coding style
+ and some useful commands for xmlsec developers in a new "HACKING"
+ file).
+</li>
+<li>July 15 2003<br>
+ There were several minor patches during last month and it's time to do
+ a new <a href="download.html">XML Security Library 1.0.4</a>
+ release to pick up them: x509 certificates names comparison function
+ now supports multiple entries woth the same object name (Roumen);
+ multiple build fixes; documentation mistypes fixes.<br>
+ Also I gave an XML Security presentation at
+ <a href="http://oreillynet.com/oscon2003/">OSCON 2003</a> last week.
+ You can download slides <a href="http://www.aleksey.com/xmlsec/extra/xmlsec_oscon_2003.ppt">here</a>.
+</li>
+<li>June 17 2003<br>
+ The <a href="download.html">XML Security Library 1.0.3</a>
+ release adds PKCS#8 support for xmlsec-openssl (Tej) and fixes several
+ configuration and portability problems.
+</li>
+<li>June 03 2003<br>
+ The <a href="download.html">XML Security Library 1.0.2</a>
+ release includes several fixes in xmlsec-nss configuration and
+ linking options (Tej), PKCS21 files reading improvements,
+ minor documentation and help file fixes. Also this release
+ includes some code for XKMS support. This is absolutely not usable
+ right now and not configured in by default. Please, don't
+ use or even compile it in.
+</li>
+<li>April 28 2003<br>
+ The <a href="download.html">XML Security Library 1.0.1</a>
+ release is a maintanance release. It fixes several compilation
+ problems found in 1.0.0 release on the following platforms:
+ OpenBSD/sparc64, Win32 Wacom C, Sun Workshop CC 6.0. Also from
+ now on Win32 MSVC port enables the threading support
+ by default (this is a part of the Igor's change to
+ LibXML2/LibXSLT/XMLSec libraries).If you don't
+ use one of these platforms then you'll see no difference.
+</li>
+<li>April 17 2003<br>
+ The <a href="download.html">XML Security Library 1.0.0</a>
+ release is the major upgrade from 0.0.X version.
+ The new version includes multiple crypto engines support
+ (with "out of the box" support for OpenSSL, GnuTLS and NSS);
+ simplified and cleaned internal structure and API;
+ several performance and memory usage improvements;
+ new or updated documentation (tutorial, API reference manual and
+ examples).
+</li>
+<li>April 10 2003<br>
+ The final release candidate <a href="download.html">XML Security
+ Library 1.0.0rc1</a> is available for download. This release includes
+ minor API polishing,
+ complete <a href="api/xmlsec-ref.html">API Reference Manual</a>,
+ new chapters in the <a href="api/xmlsec-notes.html">tutorial</a> and
+ several new <a href="api/xmlsec-examples.html">examples</a>.
+ Another big change is using major version number in library files
+ to prevent collisions between different library versions.<br>
+ If no major problems will be found then the 1.0.0 release should
+ happen in a week from now.
+ </li>
+<li>April 8 2003<br>
+ The new <a href="download.html">XML Security Library 0.0.15</a>
+ release is a preparation for the upcomming 1.0.0 release and
+ provides an ability to have both versions installed together
+ on the same box.
+ Also this release includes updated expired certificates for
+ the regression test suite and a fix for minor bug in reading binary
+ keys on Windows.
+ </li>
+<li>March 26 2003<br><a href="download.html">XML Security Library 0.1.1</a>
+ release is the first release candidate for the new stable
+ version of XML Security Library. A lot of internal changes
+ including enchanced processing controls, performance improvements
+ for XML transforms, <a href="api/index.html">new documentation</a>,
+ updated <a href="api/xmlsec-examples.html">examples</a>
+ and many many other small things.<br>
+ Please try this release and report bugs. Again, it's the first
+ release candidate and it's very important for me to get your
+ feedback about it. Also if you are missing some features
+ in the library it's the best time to ask!
+</li>
+<li>March 19 2003<br><a href="download.html">XML Security Library 0.0.14</a> release
+ includes several minor bugfixes in references URI
+ processing, binary transforms processing and xmlsec
+ command line utility.
+</li>
+<li>March 5 2003<br>
+ The <a href="download.html">XML Security Library 0.1.0</a> release
+ creates a framework for integrating XML Security Library
+ with almost any crypto engine and even combining multiple crypto
+ engines in one application. As an example, basic support for GnuTLS and NSS
+ libraries is provided (digests, hmac and block ciphers).<br>
+ This is a pre-alpha release <b>not recommended</b> for production
+ (please use the <a href="download.html">stable 0.0.X</a> releases
+ instead). The new 0.1.X API and ABI will defenetly change.
+ However, if you plan to use XML Security Library with a new crypto
+ engine and plan to write some code then you can start now.
+ The "backend" API is pretty stable and I do not expect major
+ changes.
+</li>
+<li>February 21 2003<br><a href="download.html">XML Security Library 0.0.13</a> release
+ fixes incorrect processing of signatures with more than 3 binary
+ transforms in a row, improved pkcs12 files support and minor
+ documentation update.
+</li>
+<li>January 26 2003<br>
+ Two major fixes in <a href="http://www.aleksey.com/pipermail/xmlsec/2003/000507.html">HMAC</a> and
+ <a href="http://www.aleksey.com/pipermail/xmlsec/2003/000516.html">DES/AES</a>
+ algorithms are the reason for the new <a href="download.html">XML Security Library 0.0.12</a> release.
+ Also there are few other minor features and bug fixes (see Changelog in the
+ distribution for more details).
+</li>
+<li>December 3 2002<br>
+ New <a href="download.html">XML Security Library 0.0.11</a> release
+ fixes a <a href="http://www.aleksey.com/pipermail/xmlsec/2002/000368.html">major
+ problem</a> in Reference URI attribute processing. This release
+ also includes several Win32 build process fixes from Igor.
+</li>
+<li>October 20 2002<br>
+ Almost two months from previous release and a lot of minor
+ enchancements are good reasons for the new
+ <a href="download.html">XML Security Library 0.0.10</a> release:
+ <ul>
+<li>Added a way to specify "current time" to verify certificates
+ expiration against it;</li>
+ <li>Implemented XML results output format for the xmlsec command
+ line utility;</li>
+ <li>Fixed XMLDSig examples and added a new one (thanks to Devin
+ Heitmueller);</li>
+ <li>Resolved static link issue and a bunch of other improvements
+ for Win32 platform builds (Igor Zlatkovic);</li>
+ <li>Added dynamic linking option for xmlsec command line utility
+ to help Debian port (John Belmonte);</li>
+ <li>Minor bug fixes.</li>
+ </ul>
+</li>
+<li>August 26 2002<br>
+ I've completelly screwed up. The release 0.0.8 was totally broken
+ (I've simply packaged files from wrong CVS :) )
+ and I am doing a new <a href="download.html">0.0.9 release</a>
+ to fix all the problems. Please upgrade to the new version
+ if you use any of previous XML Security Library releases.<br>
+ I am really sorry for my stupid mistakes and I promise to never
+ do releases on Friday :(<br>
+ And special thanks to Ferrell Moultrie for pointing this out.
+</li>
+<li>August 23 2002<br><a href="download.html">XML Security Library 0.0.8</a> is released:
+ <ul>
+<li>New errors reporting system is created and all the code is updated;</li>
+ <li>Added XPointer transform support;</li>
+ <li>Major enveloped and XPath transforms performance improvements;</li>
+ <li>Updated XPath 2 Filter implementation to reflect latest W3C specifications;</li>
+ <li>
+<a href="xmlsec-man.html">Man page</a> for xmlsec utility is written;</li>
+ <li>Automatically generated <a href="documentation.html">API Reference</a>
+</li>
+ <li>Manual (more than 370 symbols) is created;</li>
+ <li>Minor Win32 bug fixes from Igor;</li>
+ <li>Debian port from John Belmonte.</li>
+ </ul>
+</li>
+<li>July 11 2002<br>
+ XML Security Library <a href="documentation.html">documentation</a>
+ created.
+</li>
+<li>July 10 2002<br>
+ A new <a href="download.html">XML Security Library 0.0.7</a> release
+ includes all small bug fixes for last month and a new LibXML2 library
+ with improved canonicalization.
+</li>
+<li>May 28 2002<br>
+ New LibXML 2.4.22 is <a href="http://xmlsoft.org/news.html">released</a>
+ and new <a href="download.html">XML Security Library 0.0.6</a> is
+ released:
+ <ul>
+<li>Win32 port is added: the idea and most of the configuration scripts
+ code was taken from LibXML2 (written by Igor Zlatkovic). I modified
+ original files so all errors are mine, not Igor's.</li>
+ <li>Many different performance optimizations (especially for RSA/DSA
+ algorithms and enveloped signatures).</li>
+ <li>
+<a href="http://www.w3.org/TR/xmldsig-filter2/">XPath Filter 2</a>
+ and <a href="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2002AprJun/0001.html">Alternative
+ XPath Filter</a> (not compiled by default, use --enable-altxpath configuration
+ switch if you need this transform) support is added. </li>
+ <li>Custom network protocol handler support is added. It is similar
+ to custom protocol handlers in LibXML2 but applied to binary files.</li>
+ <li>Separated XML Security Library RPM into xmlsec and xmlsec-devel
+ (suggested by Devin Heitmueller).</li>
+ </ul>
+</li>
+<li>May 14 2002<br>
+ I've checked in new code for plugging in custom input handlers
+ (similar to ones that exist in LibXML2). The downside is that
+ you have to use <a href="ftp://xmlsoft.org/cvs-snapshot.tar.gz">daily
+ LibXML2 snapshot</a> to compile daily XML Security Library snapshot.
+</li>
+<li>April 28 2002<br><a href="download.html">XMLSec 0.0.5</a> released:
+ <ul>
+<li>Big external and internal cleanup. Now the API looks much more consistent
+ and I hope simple. I hope to declare API frozen in the next couple weeks.
+ Meantime, all comments and suggestions are welcome!</li>
+ <li>Added <a href="http://www.w3.org/TR/xmlenc-core/#sec-Alg-SymmetricKeyWrap">
+ symmetric key wrap</a> (aes, des) support.</li>
+ <li>Added RIPEMD-160 support.</li>
+ </ul>
+</li>
+<li>April 19 2002<br>
+ Minor release <a href="download.html">XMLSec 0.0.4</a> with main
+ goal to fix broken RPM:
+ <ul>
+<li>The RPM is recompiled using OpenSSL 0.9.6. The previous
+ version was compiled with OpenSSL 0.9.7 but I got few complains
+ that there are no RPMs for 0.9.7 yet. The downsides of using 0.9.6 are
+ some functionality limitations for XML Encryption (no AES support,
+ incorrect padding mode for DES, etc.). If you want to use
+ XML Encryption it is better to compile the library from sources
+ and use OpenSSL 0.9.7</li>
+ <li>The testDSig, testEnc and testKeys scripts merged into standalone
+ "xmlsec" application.</li>
+ <li>A couple minor bugs fixed.</li>
+ </ul>
+</li>
+<li>April 17 2002<br>
+ Installed <a href="http://www.aleksey.com/pipermail/xmlsec">
+ xmlsec mailing list.</a>
+</li>
+<li>April 16 2002<br>
+ A lot of changes and time for new release <a href="download.html">XMLSec 0.0.3</a>:
+ <ul>
+<li>The first release that includes <a href="xmlenc.html">XML Encryption support</a>!
+ The bad news is that most of new features require <a href="download.html">OpenSSL 0.9.7</a> which is
+ not officially released yet.</li>
+ <li>Options to enable/disable support for particular algorithms were
+ added to the <code>./configure</code> script.</li>
+ <li>All transforms header files were consolidated in "transforms.h".</li>
+ </ul>
+</li>
+<li>April 6 2002<br>
+ The <a href="download.html">RPM packages</a> are now available.
+</li>
+<li>April 5 2002<br>
+ Test suite updates and new minor release <a href="download.html">XML
+ Security Library 0.0.2a.</a><br>
+ New <a href="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2002AprJun/0017.html">
+ interoperability tests</a>
+ were provided by Merlin Hughes. XML Security Library successfully passed
+ <b>all tests </b>after small test program tweaking and adding workaround
+ for <a href="http://groups.google.com/groups?hl=en&amp;threadm=96uofi%2417gh%241%40FreeBSD.csie.NCTU.edu.tw&amp;rnum=2&amp;prev=/groups%3Fq%3DX509_STORE_add_crl%26hl%3Den%26selm%3D96uofi%252417gh%25241%2540FreeBSD.csie.NCTU.edu.tw%26rnum%3D2">
+ OpenSSL CRL problem.</a>
+ These new tests are included into the distribution and previous Merlin's
+ test suites are removed. Because of these changes I decided to generate
+ a new package that also will include the <a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online
+ XML Digital Signature Verifier</a> code.
+</li>
+<li>April 3 2002<br>
+ The <a href="http://www%2Caleksey.com/xmlsec/xmldsig-verifier.html">Online XML
+ Digital Signature Verifier</a> is available! You can use this tool to
+ verify your XML Digital Signatures from online Web form or using a simple
+ Perl script. The idea was stolen from <a href="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2002AprJun/0006.html">Manoj K.
+ Srivastava.</a>
+</li>
+<li>March 31 2002<br>
+ Some major changes and a time for new release: <a href="download.html">XML Security
+ Library 0.0.2</a>. Now XML Security Library supports <b>all</b> MUST/SHOULD/MAY
+ <a href="xmldsig-interop.html">features</a> from XMLDSig standard!
+ <ul>
+<li>Added X509 certificates and certificate chains support</li>
+ <li>The detailed signature generation/verification results are made available
+ to the application</li>
+ <li>RetrievalMethod, Manifests and <a href="http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt">additional
+ algorithms</a> are added</li>
+ <li>The Transforms and KeyInfo code was significantly re-writen with a goal
+ to separate it from XMLDSig logic for better re-usability (in XML Encryption,
+ etc.)</li>
+ </ul>
+</li>
+<li>March 18 2002<br><ul>
+<li>Fixed wrong way shift of the DSA digest result bug found by Philipp
+ Gühring. This bug is critical and I have to do a <a href="download/xmlsec-0.0.1a.tar.gz">new
+ build.</a>
+</li>
+ <li>Added "--with-pedantic" configuration option and fixed all but "unused
+ variable" warnings (bug reported by Daniel Veillard).</li>
+ </ul>
+</li>
+<li>March 17 2002<br>
+ The <a href="download.html">XML Security Library 0.0.1</a> is released
+ and available for download! Please try it out and send
+ me your comments/suggestions.
+</li>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/related.html b/docs/related.html
new file mode 100644
index 00000000..fe895c45
--- /dev/null
+++ b/docs/related.html
@@ -0,0 +1,165 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>XML Security Library: Related</title>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="index.html">Home</a></li>
+<li><a href="download.html">Download</a></li>
+<li><a href="news.html">News</a></li>
+<li><a href="documentation.html">Documentation</a></li>
+<ul>
+<li><a href="faq.html">FAQ</a></li>
+<li><a href="api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="api/xmlsec-reference.html">API reference</a></li>
+<li><a href="api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="xmlenc.html">XML Encryption</a></li>
+<li><a href="c14n.html">XML Canonicalization</a></li>
+<li><a href="bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="related.html">Related</a></li>
+<li><a href="authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<div align="center">
+ <h1>Related</h1>
+ </div>
+<h3>
+<a name="books"></a> Books</h3>
+<ul>
+<li>
+<a href="http://www.aleksey.com/cgi-bin/books.cgi?ASIN=0201756056">Secure
+XML: The New Syntax for Signatures and Encryption</a> Donald E. Eastlake</li>
+ <li>
+<a href="http://www.aleksey.com/cgi-bin/books.cgi?ASIN=0072193999">XML
+Security</a> Blake Dournaee</li>
+ <li>
+<a href="http://www.aleksey.com/cgi-bin/books.cgi?ASIN=0672326515">Securing
+Web Services with WS-Security : Demystifying WS-Security, WS-Policy,
+SAML, XML Signature, and XML Encryption</a> Jothy Rosenberg</li>
+ <li>
+<a href="http://www.aleksey.com/cgi-bin/books.cgi?ASIN=0471117099">Applied
+Cryptography: Protocols, Algorithms, and Source Code in C, Second
+Edition</a> Bruce Schneier</li>
+ <li>
+<a href="http://www.aleksey.com/cgi-bin/books.cgi?ASIN=0471223573">Practical
+Cryptography</a> Niels Ferguson, Bruce Schneier </li>
+ <li>
+<a href="http://www.aleksey.com/cgi-bin/books.cgi?ASIN=0471453803">Secrets
+and Lies : Digital Security in a Networked World</a> Bruce Schneier</li>
+ <li>
+<a href="http://www.aleksey.com/cgi-bin/books.cgi?ASIN=0072224711">Web
+Services Security</a> Mark O'Neill</li>
+ <li>
+<a href="http://www.aleksey.com/cgi-bin/books.cgi?ASIN=0849308224">Public
+Key Infrastructure: Building Trusted Applications and Web Services</a>
+John R. Vacca</li>
+ <li><a href="http://www.aleksey.com/cgi-bin/books.cgi">More books ...</a></li>
+</ul>
+<h3><a name="#dependencies">Dependencies</a></h3>
+<ul>
+<li> <a href="http://xmlsoft.org/">LibXML</a> - GNOME <a href="http://www.w3.org/TR/REC-xml">XML</a> library. </li>
+ <li> <a href="http://xmlsoft.org/XSLT/">LibXSLT</a> -
+GNOME <a href="http://www.w3.org/TR/xslt">XSLT</a> / <a href="http://www.exslt.org/">EXSLT</a> library.</li>
+ <li> <a href="http://www.openssl.org">OpenSSL</a> - <a href="http://www.netscape.com/eng/ssl3/">SSL</a> / <a href="http://www.consensus.com/ietf-tls/ietf-tls-home.html">TLS</a>
+implementation.</li>
+ <li> <a href="http://www.gnu.org/software/gnutls/">GnuTLS</a>
+</li>
+ <li>
+<a href="http://www.gnu.org/directory/security/libgcrypt.html">Libgcrypt</a>
+ </li>
+ <li> <a href="http://www.mozilla.org/projects/security/pki/nss/">NSS</a> -
+Mozilla cryptographic library. </li>
+ </ul>
+<h3> <a name="projects"></a>Projects</h3>
+<ul>
+<li> <a href="http://www.zlatkovic.com/projects/libxml/index.html">Windows
+binaries</a> for XML Security Library from Igor Zlatkovic.<br>
+</li>
+ <li>XMLSec Library is included as part of Debian
+GNU/Linux. For more information see the <a href="http://memebeam.org/toys/DebianXmlsec">coordination page</a>. </li>
+ <li>XMLSec Library <a href="http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/xmlsec/">FreeBSD</a>
+and <a href="http://www.openbsd.org/cgi-bin/cvsweb/ports/security/xmlsec/">OpenBSD</a>
+ports. </li>
+ <li>
+<a href="http://pyxmlsec.labs.libre-entreprise.org/">PyXMLSec
+Library</a> - Python bindings for XMLSec Library. </li>
+ <li>
+<a href="http://lasso.entrouvert.org/">Lasso
+Library</a> - the <a href="http://www.projectliberty.org/">Liberty Alliance</a>
+standards implementation.</li>
+ <li>
+<a href="http://glasnost.entrouvert.org/">Glasnost</a>
+- content management, electronic vote and groupware sysem. </li>
+ <li> <a href="http://www.opensaml.org/">OpenSAML</a> -
+an open source implementation of <a href="http://www.oasis-open.org/committees/security/#documents">SAML
+1.0 specification</a>. </li>
+ <li> <a href="http://krypto-projekt.fbmnd.fh-frankfurt.de/projekt/packages/index.php">PKCS11
+support</a> for XML Security Library 0.0.X.<br>
+</li>
+ <li> <a href="http://www.bananapos.com">The BananaHead
+Point Of Sale project</a>.<br>
+</li>
+ </ul>
+<h3> <a name="specifcations"></a>Specifcations</h3>
+<ul>
+<li> <a href="http://www.w3.org/TR/xmldsig-core/">XML
+Signature Syntax and Processing Specification</a> (<a href="http://www.w3.org/Signature/Overview.html">working group</a>).</li>
+ <li> <a href="http://www.w3.org/TR/xmlenc-core/">XML
+Encryption Syntax and Processing Specification</a> (<a href="http://www.w3.org/Encryption/2001/">working group</a>).</li>
+ <li> <a href="http://www.w3.org/TR/xkms2/">XML Key
+Management Specification</a> (<a href="http://www.w3.org/2001/XKMS/">working
+group</a>).<br>
+</li>
+ <li> <a href="http://www.w3.org/TR/REC-xml">Extensible
+Markup Language (XML) 1.0 Specification</a>.</li>
+ <li> <a href="http://www.w3.org/TR/REC-xml-names/">Namespaces
+in XML</a>.</li>
+ <li> <a id="xpath" href="http://www.w3.org/TR/xpath" name="xpath">XML Path Language (XPath) Version 1.0</a>.</li>
+ <li> <a href="http://www.w3.org/TR/WD-xptr">XML Pointer
+language (XPointer)</a>.</li>
+ </ul>
+<h3> <a name="reading"></a>Articles</h3>
+<ul>
+<li> <a href="http://www.google.com/url?sa=U&amp;start=1&amp;q=http://www.nue.et-inf.uni-siegen.de/%7Egeuer-pollmann/xml_security.html&amp;e=267">XML
+Security page</a> - Christian Geuer-Pollmann's collection of links
+about
+XML Security.</li>
+ <li> <a href="http://www-106.ibm.com/developerworks/xml/library/s-xmlsec.html/index.html">An
+Introduction to XML Encryption and XML Signature</a>.</li>
+ <li> <a href="http://www.zvon.org/">ZVON.org</a> - the
+guide to the XML galaxy.</li>
+ <li> <a href="http://www.xml.com/pub/a/2003/01/15/ends.html">Securing Web
+Services</a> by Rich Salz, XML.com.</li>
+ <li> <a href="http://www.zdnet.com.au/builder/program/development/story/0%2C2000035066%2C20270869%2C00.htm">Tools
+for securing your XML documents</a> by Brian Schaffner, Builder.com.</li>
+ <li>
+<a href="http://xmlbench.sourceforge.net/">XML
+Benchmark</a>.<br>
+</li>
+ </ul>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/xmldsig-verifier.html b/docs/xmldsig-verifier.html
new file mode 100644
index 00000000..af1626d1
--- /dev/null
+++ b/docs/xmldsig-verifier.html
@@ -0,0 +1,138 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>XML Security Library: XML Digital Signature Online Verifier</title>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="index.html">Home</a></li>
+<li><a href="download.html">Download</a></li>
+<li><a href="news.html">News</a></li>
+<li><a href="documentation.html">Documentation</a></li>
+<ul>
+<li><a href="faq.html">FAQ</a></li>
+<li><a href="api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="api/xmlsec-reference.html">API reference</a></li>
+<li><a href="api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="xmlenc.html">XML Encryption</a></li>
+<li><a href="c14n.html">XML Canonicalization</a></li>
+<li><a href="bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="related.html">Related</a></li>
+<li><a href="authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent"><div align="Center">
+ <h2>Online XML Digital Signature Verifer</h2>
+ <div align="Left">The online XML Digital Signature Verifier is a simple
+cgi script that demonstrates how to use XML Secuirty Library in real applications.
+
+<h4>Copy/Paste the Signed XML Document in the input field below:</h4>
+Please note that <b>all</b> white spaces and carriage returns are <b>significant</b>.
+
+ <form action="http://www.aleksey.com/cgi-bin/xmldsigverify" method="POST">
+ <center>
+ <table width="85%">
+<tr><td>
+ <textarea name="_xmldoc" style="WIDTH: 85%; HEIGHT: 300px"></textarea>
+</td></tr>
+<tr><td>
+ <input type="submit" value="Verify Signature">
+</td></tr>
+</table>
+</center>
+ </form>
+
+<h4>Allowed root certificates and signature keys</h4>
+In order to successfully verify your message
+using XML Digital Signature Online Verifier you should sign it using any of
+following keys:
+<ul>
+<li>any x509 certificate (or certificates chain) based on
+root certificates from standard root CA authorities (Verisign, etc.),
+Merlin's root CA used to sign interoperability
+tests from <a href="tests/keys-certs/merlin.pem">merlin-xmldsig-twenty-three.tar.gz</a>
+or "fake" <a href="tests/keys-certs/cacert.pem">root certificate</a>
+(the corresponding <a href="tests/keys-certs/cakey.pem">private key</a>
+is encrypted using passphrase "secret");
+</li>
+<li>HMAC key "secret" (in hex, 73 65 63 72 65 74);
+</li>
+<li>any key public DSA/RSA key provided in the KeyInfo element of the signature.
+</li>
+</ul>
+<p></p>
+<h4>A small list of signed XML documents from XML DSig Interop
+tests suites</h4>
+ATTENTION: some of these signatures use external resource located on other
+Web servers and may fail if these resource are not available by some
+reasons.
+
+<ul>
+<li>
+<a href="tests/aleksey-xmldsig-01/enveloping-dsa-x509chain.xml">aleksey-xmldsig-01/enveloping-dsa-x509chain.xml</a>
+</li>
+<li>
+<a href="tests/aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160-64.xml">aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160-64.xml</a>
+</li>
+<li>
+<a href="tests/aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160.xml">aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160.xml</a>
+</li>
+<li>
+<a href="tests/aleksey-xmldsig-01/enveloping-rsa-x509chain.xml">aleksey-xmldsig-01/enveloping-rsa-x509chain.xml</a>
+</li>
+<li>
+<a href="tests/merlin-exc-c14n-one/exc-signature.xml">merlin-exc-c14n-one/exc-signature.xml</a>
+</li>
+<li>
+<a href="tests/merlin-xmldsig-twenty-three/signature-enveloped-dsa.xml">merlin-xmldsig-twenty-three/signature-enveloped-dsa.xml</a>
+</li>
+<li>
+<a href="tests/merlin-xmldsig-twenty-three/signature-enveloping-b64-dsa.xml">merlin-xmldsig-twenty-three/signature-enveloping-b64-dsa.xml</a>
+</li>
+<li>
+<a href="tests/merlin-xmldsig-twenty-three/signature-enveloping-dsa.xml">merlin-xmldsig-twenty-three/signature-enveloping-dsa.xml</a>
+</li>
+<li>
+<a href="tests/merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1-40.xml">merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1-40.xml</a>
+</li>
+<li>
+<a href="tests/merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1.xml">merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1.xml</a>
+</li>
+<li>
+<a href="tests/merlin-xmldsig-twenty-three/signature-enveloping-rsa.xml">merlin-xmldsig-twenty-three/signature-enveloping-rsa.xml</a>
+</li>
+<li>
+<a href="tests/merlin-xmldsig-twenty-three/signature-external-b64-dsa.xml">merlin-xmldsig-twenty-three/signature-external-b64-dsa.xml</a>
+</li>
+<li>
+<a href="tests/merlin-xmldsig-twenty-three/signature-external-dsa.xml">merlin-xmldsig-twenty-three/signature-external-dsa.xml</a>
+</li>
+<li>
+<a href="tests/merlin-xmldsig-twenty-three/signature.xml">merlin-xmldsig-twenty-three/signature.xml</a>
+</li>
+</ul>
+</div>
+ </div></td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/xmldsig.html b/docs/xmldsig.html
new file mode 100644
index 00000000..4e008862
--- /dev/null
+++ b/docs/xmldsig.html
@@ -0,0 +1,646 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>XML Security Library: XML Digital Signature</title>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="index.html">Home</a></li>
+<li><a href="download.html">Download</a></li>
+<li><a href="news.html">News</a></li>
+<li><a href="documentation.html">Documentation</a></li>
+<ul>
+<li><a href="faq.html">FAQ</a></li>
+<li><a href="api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="api/xmlsec-reference.html">API reference</a></li>
+<li><a href="api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="xmlenc.html">XML Encryption</a></li>
+<li><a href="c14n.html">XML Canonicalization</a></li>
+<li><a href="bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="related.html">Related</a></li>
+<li><a href="authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<div align="center">
+ <h2>XML Digital Signature</h2>
+ </div>
+<p> <a href="http://www.w3.org/TR/xmldsig-core">XML
+Digital Signature 1.0</a> provides <a href="http://www.w3.org/TR/xmldsig-core/#def-Integrity" class="link-def">integrity,</a> <a href="http://www.w3.org/TR/xmldsig-core/#def-AuthenticationMessage" class="link-def">message authentication,</a> and/or <a href="http://www.w3.org/TR/xmldsig-core/#def-AuthenticationSigner" class="link-def">signer authentication</a> services for data of any
+type, whether located within the XML that includes the signature or
+elsewhere. </p>
+<p> XML Security Library supports all MUST/SHOULD/MAY
+features and algorithms
+described in the W3C standard and provides API to sign prepared
+document templates,
+add signature(s) to a document "on-the-fly" or verify the signature(s)
+in the document. </p>
+<p> <a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">XML Digital
+Signature
+Online Verifier</a> is an example of a real application based on XML
+Security Library. Using this tool you can verify any XML Signature
+and get detailed report on what and how was signed. </p>
+<div align="center">
+ <h3>XML Security Library Interoperability Report</h3>
+ </div>
+<h4 style="text-align: center;">XML Digital Signature 1.0 (<a href="http://www.ietf.org/rfc/rfc3275.txt">RFC 3275</a>)</h4>
+<div align="center">
+ <table style="width: 85%;" border="1" cellpadding="2" cellspacing="2"><tbody>
+<tr>
+<td style="width: 40%;" align="left" valign="top"><b>Features and algorithms</b></td>
+ <td valign="top"><b>XMLSec with OpenSSL</b></td>
+ <td valign="top"><b>XMLSec with GnuTLS</b></td>
+ <td valign="top"><b>XMLSec with GCrypt</b></td>
+ <td valign="top"><b>XMLSec with NSS</b></td>
+ <td valign="top"><b>XMLSec with MSCrypto</b></td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">Detached Signature</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">Enveloping Signature:
+same document reference with fragment (URI="#Object1")</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">Enveloped Signature:
+same document reference (URI="") with Enveloped Signature Transform</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">SignatureValue
+generation/validation</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">Manifest DigestValue
+generation/valdiation</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">Laxly schema valid Signature
+element generation</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">XPointers '#xpointer(/)'</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">XPointers '#xpointer(id("<em>ID</em>"))'</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">XPointers: full suppport</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">XPath</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">the dsig XPath 'here()'
+function (can be used to implement enveloped signature)</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">XSLT transform</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">RetrievalMethod
+(e.g. X509Data)</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">SHA1</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">Base64</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">HMAC-SHA1</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">DSA with SHA1 (DSS) <a href="#dsa-sha1"><sup>(1)</sup></a>
+</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">RSA with SHA1</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" valign="top">X509 support</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">N</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" valign="top">X509 CRL support</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">Minimal C14N (deprecated)</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">
+<a href="http://www.w3.org/TR/xml-c14n">Canonical XML 1.0</a>
+</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">
+<a href="http://www.w3.org/TR/xml-exc-c14n">Exlusive Canonical XML 1.0</a>
+</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">
+<a href="http://www.w3.org/TR/xml-c14n11/">Canonical XML 1.1</a>
+</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">Enveloped Signature</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+</tbody></table>
+<div align="left"> <br><h4 style="text-align: center;">Additional XML Security
+Algorithms (<a href="http://www.ietf.org/rfc/rfc4051.txt">RFC 4051</a>)</h4>
+ <table style="width: 85%; text-align: left; margin-left: auto; margin-right: auto;" border="1" cellpadding="2" cellspacing="2"><tbody>
+<tr>
+<td style="width: 40%;" align="left" valign="top"><b>Features and algorithms<br></b></td>
+ <td valign="top"><b>XMLSec with OpenSSL</b></td>
+ <td valign="top"><b>XMLSec with GnuTLS</b></td>
+ <td valign="top"><b>XMLSec with GCrypt</b></td>
+ <td valign="top"><b>XMLSec with NSS</b></td>
+ <td valign="top"><b>XMLSec with MSCrypto</b></td>
+</tr>
+<tr>
+<td style="vertical-align: top; width: 40%;">MD5</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="vertical-align: top; width: 40%;">SHA224</td>
+ <td valign="top">Y</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
+<tr>
+<td style="vertical-align: top; width: 40%;">SHA256</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="vertical-align: top; width: 40%;">SHA384</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="vertical-align: top; width: 40%;">SHA512</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">HMAC-MD5</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="vertical-align: top; width: 40%;">HMAC-SHA224</td>
+ <td valign="top">Y</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
+<tr>
+<td style="vertical-align: top; width: 40%;">HMAC-SHA256</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="vertical-align: top; width: 40%;">HMAC-SHA384</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">HMAC-SHA512</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" valign="top">HMAC-RIPEMD160</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">N</td>
+</tr>
+<tr>
+<td style="vertical-align: top; width: 40%;">RSA-MD5</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">N</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="vertical-align: top; width: 40%;">RSA-SHA224</td>
+ <td valign="top">Y</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
+<tr>
+<td style="vertical-align: top; width: 40%;">RSA-SHA256</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="vertical-align: top; width: 40%;">RSA-SHA384</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="vertical-align: top; width: 40%;">RSA-SHA512</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="vertical-align: top; width: 40%;">RSA-RIPEMD160</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
+<tr>
+<td style="vertical-align: top; width: 40%;">ECDSA-SHA1</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
+<tr>
+<td style="vertical-align: top; width: 40%;">ECDSA-SHA224</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
+<tr>
+<td style="vertical-align: top; width: 40%;">ECDSA-SHA256</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
+<tr>
+<td style="vertical-align: top; width: 40%;">ECDSA-SHA384</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
+<tr>
+<td style="vertical-align: top; width: 40%;">ECDSA-SHA512</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
+<tr>
+<td style="vertical-align: top; width: 40%;">ESIGN-SHA1</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
+<tr>
+<td style="vertical-align: top; width: 40%;">ESIGN-SHA224</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
+<tr>
+<td style="vertical-align: top; width: 40%;">ESIGN-SHA256</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
+<tr>
+<td style="vertical-align: top; width: 40%;">ESIGN-SHA384</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
+<tr>
+<td style="vertical-align: top; width: 40%;">ESIGN-SHA512</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
+<tr>
+<td style="vertical-align: top; width: 40%;">Minimal C14N (deprecated)</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">XPointer transform</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="vertical-align: top; width: 40%;">ARCFOUR Encryption</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
+<tr>
+<td style="vertical-align: top; width: 40%;">Camellia Block Encryption 128</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
+<tr>
+<td style="vertical-align: top; width: 40%;">Camellia Block Encryption 192</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
+<tr>
+<td style="vertical-align: top; width: 40%;">Camellia Block Encryption 256</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
+<tr>
+<td style="vertical-align: top; width: 40%;">Camellia Key Wrap 128</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
+<tr>
+<td style="vertical-align: top; width: 40%;">Camellia
+Key Wrap 192</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
+<tr>
+<td style="vertical-align: top; width: 40%;">Camellia Key Wrap 256</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
+<tr>
+<td style="vertical-align: top; width: 40%;">PSEC-KEM</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
+</tbody></table>
+<div align="left">
+<h4 style="text-align: center;">Other algorithms</h4>
+ <table style="width: 85%; text-align: left; margin-left: auto; margin-right: auto;" border="1" cellpadding="2" cellspacing="2"><tbody>
+<tr>
+<td style="width: 40%;" align="left" valign="top"><b>Features and algorithms</b></td>
+ <td valign="top"><b>XMLSec with OpenSSL</b></td>
+ <td valign="top"><b>XMLSec with GnuTLS</b></td>
+ <td valign="top"><b>XMLSec with GCrypt</b></td>
+ <td valign="top"><b>XMLSec with NSS</b></td>
+ <td valign="top">
+<b>XMLSec with MSCrypto</b> </td>
+</tr>
+<tr>
+<td style="vertical-align: top; width: 40%;">GOST94 digests</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">Y<a href="#gost-mscrypto"><sup>(2)</sup></a>
+</td>
+</tr>
+<tr>
+<td style="vertical-align: top; width: 40%;">GOST2001 signatures</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">Y<a href="#gost-mscrypto"><sup>(2)</sup></a>
+</td>
+</tr>
+</tbody></table>
+<br><br><a name="dsa-sha1"></a><sup>(1)</sup> Defining <a href="http://www.w3.org/TR/xmldsig-core/#sec-DSAKeyValue"> DSA key</a>
+with Seed and PgenCounter is not supported.
+<br><a name="gost-mscrypto"></a><sup>(2)</sup> Requires install of a CSP
+providing these algorithms.<br><p>Test vectors (from <a href="http://www.w3.org/Signature/2001/04/05-xmldsig-interop.html">IETF/W3C
+XML Signature WG: XML Signature Interoperability page</a>): <br><a href="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2002AprJun/att-0016/01-merlin-xmldsig-twenty-three.tar.gz">merlin-xmldsig-twenty-three.tar.gz</a>
+ <br><a href="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001AprJun/att-00%2033/01-merlin-xmldsig-sixteen.tar.gz">merlin-xmldsig-sixteen.tar.gz</a>
+(features, deprecated)<br><a href="http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2001JanMar/att-0155/04-merlin-xmldsig-fifteen.tar.gz">merlin-xmldsig-fifteen.tar.gz</a>
+(algorithms, deprecated)<br></p>
+ </div>
+ </div>
+</div>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/xmlenc.html b/docs/xmlenc.html
new file mode 100644
index 00000000..415e110f
--- /dev/null
+++ b/docs/xmlenc.html
@@ -0,0 +1,464 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>XML Security Library: XML Encryption</title>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="index.html">Home</a></li>
+<li><a href="download.html">Download</a></li>
+<li><a href="news.html">News</a></li>
+<li><a href="documentation.html">Documentation</a></li>
+<ul>
+<li><a href="faq.html">FAQ</a></li>
+<li><a href="api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="api/xmlsec-reference.html">API reference</a></li>
+<li><a href="api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="xmlenc.html">XML Encryption</a></li>
+<li><a href="c14n.html">XML Canonicalization</a></li>
+<li><a href="bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="related.html">Related</a></li>
+<li><a href="authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent"><div align="center">
+ <h2> XML Encryption </h2>
+<div align="left">
+<a href="http://www.w3.org/TR/xmlenc-core">XML Encryption 1.0</a> standard
+specifies
+the process for encryptind data and representing the result in XML
+document.
+The data may be an XML element, or an XML element content, or any
+arbitrary
+data (including XML document). </div>
+ <div align="center">
+ <h3>XML Security Library Interoperability Report</h3>
+ <h4 style="text-align: center;">XML Encryption 1.0 (<a href="http://www.w3.org/TR/xmlenc-core/">W3C Recommendation</a>)</h4>
+ </div>
+ <div align="center">
+ <p> </p>
+ <table style="width: 85%;" border="1" cellpadding="2" cellspacing="2"><tbody>
+<tr>
+<td style="width: 40%;" align="left" valign="top"><b>Features and algorithms</b></td>
+ <td valign="top"><b>XMLSec with OpenSSL</b></td>
+ <td valign="top"><b>XMLSec with GnuTLS</b></td>
+ <td valign="top"><b>XMLSec with GCrypt</b></td>
+ <td valign="top"><b>XMLSec with NSS</b></td>
+ <td valign="top"><b>XMLSec with MSCrypto</b></td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">Laxly valid schema
+ generation of EncryptedData/EncryptedKey</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">
+ <ul><li>Normalized Form C generations.</li></ul>
+</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">Type, MimeType, and Encoding</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">CipherReference
+ URI derefencing</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">
+ <ul><li>Transforms </li></ul>
+</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">
+ <ul><li>ds:KeyInfo</li></ul>
+</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">
+ <ul><li>enc:DHKeyValue</li></ul>
+</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">
+ <ul><li>ds:KeyName</li></ul>
+</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">
+ <ul><li>ds:RetrievalMethod</li></ul>
+</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">ReferenceList</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">EncryptionProperties</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">Satisfactory Performance</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">Required Type
+ support: Element and Content.</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">Encryption</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">
+ <ul><li>Serialization of XML Element and Content
+ (NFC conversion from non-Unicode encodings).
+ </li></ul>
+</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">
+ <ul><li>Encryptor returns EncryptedData structure. </li></ul>
+</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">
+ <ul><li> Encryptor replaces EncryptedData into source
+ document (when Type is Element or Content).</li></ul>
+</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">Decryption</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">
+ <ul><li>The decryptor returns the data and its Type to
+ the application (be it an octet sequence or key value).</li></ul>
+</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">
+ <ul><li>If data is Element or Content the decryptor
+ return the UTF-8 encoding XML character data.</li></ul>
+</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">
+ <ul><li>If data is Element or Content the decryptor
+ replaces the EncryptedData in the source document with the decrypted
+ data.</li></ul>
+</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">TRIPLEDES</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">AES-128</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">AES-256</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">AES-192</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">RSA-v1.5 (192 bit keys for AES or DES)</td>
+ <td valign="top">Y</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">RSA-OAEP (128 and 256 bit keys for AES)</td>
+ <td valign="top">Y<a href="#rsa-oaep"><sup>(1)</sup></a>
+</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">Diffie-Hellman Key Agreement</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">TRIPLEDES Key Wrap</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">AES-128 Key Wrap (128 bit keys)</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">AES-192 Key Wrap</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">AES-256 Key Wrap (256 bit keys)</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">SHA1</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">SHA256</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">SHA512</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">RIPEMD-160</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">XML Digital Signature</td>
+ <td valign="top">Y </td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">Decryption Transform</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">
+ <ul><li>XPointer support in <code>Except URI</code>
+</li></ul>
+</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+ <td valign="top">N</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top"><a href="http://www.w3.org/TR/xml-c14n">Canonical XML 1.0</a></td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top"><a href="http://www.w3.org/TR/xml-exc-c14n">Exlusive Canonical XML 1.0</a></td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top"><a href="http://www.w3.org/TR/xml-c14n11/">Canonical XML 1.1</a></td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+<tr>
+<td style="width: 40%;" align="left" valign="top">Base64 Encoding</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+ <td valign="top">Y</td>
+</tr>
+</tbody></table>
+<div align="left"> <br><a name="rsa-oaep"></a> <sup>(1)</sup> OpenSSL (and XML
+Security Library) supports only SHA1 as the digest in the RSA-OAEP key
+transport.<br><p> <b>Test vectors (from <a href="http://www.w3.org/Encryption/2002/02-xenc-interop.html">W3C XML
+Encryption
+interop page</a>): </b><br><a href="http://lists.w3.org/Archives/Public/xml-encryption/2002Mar/0008.html">merlin-xmlenc-five.tar.gz</a>
+ <br><a href="http://lists.w3.org/Archives/Public/xml-encryption/2002Mar/att-0052/01-phaos-xmlenc-3.zip">phaos-xmlenc-3.zip</a>
+ <br></p>
+ </div>
+ </div>
+ </div></td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/xmlsec-man.html b/docs/xmlsec-man.html
new file mode 100644
index 00000000..7bd93a70
--- /dev/null
+++ b/docs/xmlsec-man.html
@@ -0,0 +1,291 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<title>Man page of XMLSEC1</title>
+</head>
+<body><table witdh="100%" valign="top"><tr valign="top">
+<td valign="top" align="left" width="210">
+<img src="images/logo.gif" alt="XML Security Library" border="0"><p></p>
+<ul>
+<li><a href="index.html">Home</a></li>
+<li><a href="download.html">Download</a></li>
+<li><a href="news.html">News</a></li>
+<li><a href="documentation.html">Documentation</a></li>
+<ul>
+<li><a href="faq.html">FAQ</a></li>
+<li><a href="api/xmlsec-notes.html">Tutorial</a></li>
+<li><a href="api/xmlsec-reference.html">API reference</a></li>
+<li><a href="api/xmlsec-examples.html">Examples</a></li>
+</ul>
+<li><a href="xmldsig.html">XML Digital Signature</a></li>
+<ul><li><a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a></li></ul>
+<li><a href="xmlenc.html">XML Encryption</a></li>
+<li><a href="c14n.html">XML Canonicalization</a></li>
+<li><a href="bugs.html">Reporting Bugs</a></li>
+<li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+<li><a href="related.html">Related</a></li>
+<li><a href="authors.html">Authors</a></li>
+</ul>
+<table width="100%">
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/"><img src="images/libxml2-logo.png" alt="LibXML2" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://xmlsoft.org/XSLT"><img src="images/libxslt-logo.png" alt="LibXSLT" border="0"></a></td>
+</tr>
+<tr>
+<td width="15"></td>
+<td><a href="http://www.openssl.org/"><img src="images/openssl-logo.png" alt="OpenSSL" border="0"></a></td>
+</tr>
+<!--Links - start--><!--Links - end-->
+</table>
+</td>
+<td valign="top"><table width="100%" valign="top"><tr><td valign="top" align="left" id="xmlsecContent">
+<h1>XMLSEC1</h1>
+<br><br><a href="#index">Index</a><a href="/cgi-bin/man/man2html">Return to Main Contents</a><hr>
+<a name="lbAB"> </a><h2>NAME</h2>
+<a name="lbAC"> </a><h2>SYNOPSIS</h2>
+<b>xmlsec</b><i>&lt;command&gt; </i><i>&lt;options&gt;</i><i>&lt;files&gt;</i><a name="lbAD"> </a><h2>DESCRIPTION</h2>
+<dl compact>
+<dt><b>--help</b></dt>
+<dd> display this help information and exit </dd>
+<dt><b>--help-all</b></dt>
+<dd> display help information for all commands/options and exit </dd>
+<dt>
+<b>--help-</b>&lt;cmd&gt;</dt>
+<dd> display help information for command &lt;cmd&gt; and exit </dd>
+<dt><b>--version</b></dt>
+<dd> print version information and exit </dd>
+<dt><b>--keys</b></dt>
+<dd> keys XML file manipulation </dd>
+<dt><b>--sign</b></dt>
+<dd> sign data and output XML document </dd>
+<dt><b>--verify</b></dt>
+<dd> verify signed document </dd>
+<dt><b>--sign-tmpl</b></dt>
+<dd> create and sign dynamicaly generated signature template </dd>
+<dt><b>--encrypt</b></dt>
+<dd> encrypt data and output XML document </dd>
+<dt><b>--decrypt</b></dt>
+<dd> decrypt data from XML document </dd>
+</dl>
+<a name="lbAE"> </a><h2>OPTIONS</h2>
+<dl compact>
+<dt> <b>--ignore-manifests</b> <dt></dt>
+</dt>
+<dd> <dd>do not process &lt;dsig:Manifest&gt; elements </dd>
+</dd>
+<dt> <b>--store-references</b> <dt></dt>
+</dt>
+<dd> <dd>store and print the result of &lt;dsig:Reference/&gt; element processing just before calculating digest </dd>
+</dd>
+<dt> <b>--store-signatures</b> <dt></dt>
+</dt>
+<dd> <dd>store and print the result of &lt;dsig:Signature&gt; processing just before calculating signature </dd>
+</dd>
+<dt> <b>--enabled-reference-uris</b> &lt;list&gt; <dt></dt>
+</dt>
+<dd> <dd>comma separated list of of the following values: "empty", "same-doc", "local","remote" to restrict possible URI attribute values for the &lt;dsig:Reference&gt; element </dd>
+</dd>
+<dt> <b>--enable-visa3d-hack</b> <dt></dt>
+</dt>
+<dd> <dd>enables Visa3D protocol specific hack for URI attributes processing when we are trying not to use XPath/XPointer engine; this is a hack and I don't know what else might be broken in your application when you use it (also check "--id-attr" option because you might need it) </dd>
+</dd>
+<dt> <b>--binary-data</b> &lt;file&gt; <dt></dt>
+</dt>
+<dd> <dd>binary &lt;file&gt; to encrypt </dd>
+</dd>
+<dt> <b>--xml-data</b> &lt;file&gt; <dt></dt>
+</dt>
+<dd> <dd>XML &lt;file&gt; to encrypt </dd>
+</dd>
+<dt> <b>--enabled-cipher-reference-uris</b> &lt;list&gt; <dt></dt>
+</dt>
+<dd> <dd>comma separated list of of the following values: "empty", "same-doc", "local","remote" to restrict possible URI attribute values for the &lt;enc:CipherReference&gt; element </dd>
+</dd>
+<dt> <b>--session-key</b> &lt;keyKlass&gt;-&lt;keySize&gt; <dt></dt>
+</dt>
+<dd> <dd>generate new session &lt;keyKlass&gt; key of &lt;keySize&gt; bits size (for example, "--session des-192" generates a new 192 bits DES key for DES3 encryption) </dd>
+</dd>
+<dt> <b>--output</b> &lt;filename&gt; <dt></dt>
+</dt>
+<dd> <dd>write result document to file &lt;filename&gt; </dd>
+</dd>
+<dt> <b>--print-debug</b> <dt></dt>
+</dt>
+<dd> <dd>print debug information to stdout </dd>
+</dd>
+<dt> <b>--print-xml-debug</b> <dt></dt>
+</dt>
+<dd> <dd>print debug information to stdout in xml format </dd>
+</dd>
+<dt> <b>--dtd-file</b> &lt;file&gt; <dt></dt>
+</dt>
+<dd> <dd>load the specified file as the DTD </dd>
+</dd>
+<dt> <b>--node-id</b> &lt;id&gt; <dt></dt>
+</dt>
+<dd> <dd>set the operation start point to the node with given &lt;id&gt; </dd>
+</dd>
+<dt> <b>--node-name</b> [&lt;namespace-uri&gt;:]&lt;name&gt; <dt></dt>
+</dt>
+<dd> <dd>set the operation start point to the first node with given &lt;name&gt; and &lt;namespace&gt; URI </dd>
+</dd>
+<dt> <b>--node-xpath</b> &lt;expr&gt; <dt></dt>
+</dt>
+<dd> <dd>set the operation start point to the first node selected by the specified XPath expression </dd>
+</dd>
+<dt> <b>--id-attr[</b>:&lt;attr-name&gt;] [&lt;node-namespace-uri&gt;:]&lt;node-name&gt; <dt></dt>
+</dt>
+<dd> <dd>adds attributes &lt;attr-name&gt; (default value "id") from all nodes with&lt;node-name&gt; and namespace &lt;node-namespace-uri&gt; to the list of known ID attributes; this is a hack and if you can use DTD or schema to declare ID attributes instead (see "--dtd-file" option), I don't know what else might be broken in your application when you use this hack </dd>
+</dd>
+<dt> <b>--enabled-key-data</b> &lt;list&gt; <dt></dt>
+</dt>
+<dd> <dd>comma separated list of enabled key data (list of registered key data klasses is available with "--list-key-data" command); by default, all registered key data are enabled </dd>
+</dd>
+<dt> <b>--enabled-retrieval-uris</b> &lt;list&gt; <dt></dt>
+</dt>
+<dd> <dd>comma separated list of of the following values: "empty", "same-doc", "local","remote" to restrict possible URI attribute values for the &lt;dsig:RetrievalMethod&gt; element. </dd>
+</dd>
+<dt> <b>--gen-key[</b>:&lt;name&gt;] &lt;keyKlass&gt;-&lt;keySize&gt; <dt></dt>
+</dt>
+<dd> <dd>generate new &lt;keyKlass&gt; key of &lt;keySize&gt; bits size, set the key name to &lt;name&gt; and add the result to keys manager (for example, "--gen:mykey rsa-1024" generates a new 1024 bits RSA key and sets it's name to "mykey") </dd>
+</dd>
+<dt> <b>--keys-file</b> &lt;file&gt; <dt></dt>
+</dt>
+<dd> <dd>load keys from XML file </dd>
+</dd>
+<dt> <b>--privkey-pem[</b>:&lt;name&gt;] &lt;file&gt;[,&lt;cafile&gt;[,&lt;cafile&gt;[...]]] <dt></dt>
+</dt>
+<dd> <dd>load private key from PEM file and certificates that verify this key </dd>
+</dd>
+<dt> <b>--privkey-der[</b>:&lt;name&gt;] &lt;file&gt;[,&lt;cafile&gt;[,&lt;cafile&gt;[...]]] <dt></dt>
+</dt>
+<dd> <dd>load private key from DER file and certificates that verify this key </dd>
+</dd>
+<dt> <b>--pkcs8-pem[</b>:&lt;name&gt;] &lt;file&gt;[,&lt;cafile&gt;[,&lt;cafile&gt;[...]]] <dt></dt>
+</dt>
+<dd> <dd>load private key from PKCS8 PEM file and PEM certificates that verify this key </dd>
+</dd>
+<dt> <b>--pkcs8-der[</b>:&lt;name&gt;] &lt;file&gt;[,&lt;cafile&gt;[,&lt;cafile&gt;[...]]] <dt></dt>
+</dt>
+<dd> <dd>load private key from PKCS8 DER file and DER certificates that verify this key </dd>
+</dd>
+<dt> <b>--pubkey-pem[</b>:&lt;name&gt;] &lt;file&gt; <dt></dt>
+</dt>
+<dd> <dd>load public key from PEM file </dd>
+</dd>
+<dt> <b>--pubkey-der[</b>:&lt;name&gt;] &lt;file&gt; <dt></dt>
+</dt>
+<dd> <dd>load public key from DER file </dd>
+</dd>
+<dt> <b>--aeskey[</b>:&lt;name&gt;] &lt;file&gt; <dt></dt>
+</dt>
+<dd> <dd>load AES key from binary file &lt;file&gt; </dd>
+</dd>
+<dt> <b>--deskey[</b>:&lt;name&gt;] &lt;file&gt; <dt></dt>
+</dt>
+<dd> <dd>load DES key from binary file &lt;file&gt; </dd>
+</dd>
+<dt> <b>--hmackey[</b>:&lt;name&gt;] &lt;file&gt; <dt></dt>
+</dt>
+<dd> <dd>load HMAC key from binary file &lt;file&gt; </dd>
+</dd>
+<dt> <b>--pwd</b> &lt;password&gt; <dt></dt>
+</dt>
+<dd> <dd>the password to use for reading keys and certs </dd>
+</dd>
+<dt> <b>--pkcs12[</b>:&lt;name&gt;] &lt;file&gt; <dt></dt>
+</dt>
+<dd> <dd>load load private key from pkcs12 file &lt;file&gt; </dd>
+</dd>
+<dt> <b>--pubkey-cert-pem[</b>:&lt;name&gt;] &lt;file&gt; <dt></dt>
+</dt>
+<dd> <dd>load public key from PEM cert file </dd>
+</dd>
+<dt> <b>--pubkey-cert-der[</b>:&lt;name&gt;] &lt;file&gt; <dt></dt>
+</dt>
+<dd> <dd>load public key from DER cert file </dd>
+</dd>
+<dt> <b>--trusted-pem</b> &lt;file&gt; <dt></dt>
+</dt>
+<dd> <dd>load trusted (root) certificate from PEM file &lt;file&gt; </dd>
+</dd>
+<dt> <b>--untrusted-pem</b> &lt;file&gt; <dt></dt>
+</dt>
+<dd> <dd>load untrusted certificate from PEM file &lt;file&gt; </dd>
+</dd>
+<dt> <b>--trusted-der</b> &lt;file&gt; <dt></dt>
+</dt>
+<dd> <dd>load trusted (root) certificate from DER file &lt;file&gt; </dd>
+</dd>
+<dt> <b>--untrusted-der</b> &lt;file&gt; <dt></dt>
+</dt>
+<dd> <dd>load untrusted certificate from DER file &lt;file&gt; </dd>
+</dd>
+<dt> <b>--verification-time</b> &lt;time&gt; <dt></dt>
+</dt>
+<dd> <dd>the local time in "YYYY-MM-DD HH:MM:SS" format used certificates verification </dd>
+</dd>
+<dt> <b>--depth</b> &lt;number&gt; <dt></dt>
+</dt>
+<dd> <dd>maximum certificates chain depth </dd>
+</dd>
+<dt> <b>--X509-skip-strict-checks</b> <dt></dt>
+</dt>
+<dd> <dd>skip strict checking of X509 data </dd>
+</dd>
+<dt> <b>--crypto</b> &lt;name&gt; <dt></dt>
+</dt>
+<dd> <dd>the name of the crypto engine to use from the following list: openssl, mscrypto, nss, gnutls, gcrypt (if no crypto engine is specified then the default one is used) </dd>
+</dd>
+<dt> <b>--crypto-config</b> &lt;path&gt; <dt></dt>
+</dt>
+<dd> <dd>path to crypto engine configuration </dd>
+</dd>
+<dt> <b>--repeat</b> &lt;number&gt; <dt></dt>
+</dt>
+<dd> <dd>repeat the operation &lt;number&gt; times </dd>
+</dd>
+<dt> <b>--disable-error-msgs</b> <dt></dt>
+</dt>
+<dd> <dd>do not print xmlsec error messages </dd>
+</dd>
+<dt> <b>--print-crypto-error-msgs</b> <dt></dt>
+</dt>
+<dd> <dd>print errors stack at the end </dd>
+</dd>
+<dt> <b>--help</b> <dt></dt>
+</dt>
+<dd> <dd>print help information about the command </dd>
+</dd>
+</dl>
+<a name="lbAF"> </a><h2>AUTHOR</h2>
+<a href="mailto:aleksey@aleksey.com">aleksey@aleksey.com</a><a name="lbAG"> </a><h2>REPORTING BUGS</h2>
+<a href="http://www.aleksey.com/xmlsec/bugs.html">http://www.aleksey.com/xmlsec/bugs.html</a><a name="lbAH"> </a><h2>COPYRIGHT</h2>
+<br><p> </p>
+<hr>
+<a name="index"> </a><h2>Index</h2>
+<dl>
+<dt><a href="#lbAB">NAME</a></dt>
+<dd> </dd>
+<dt><a href="#lbAC">SYNOPSIS</a></dt>
+<dd> </dd>
+<dt><a href="#lbAD">DESCRIPTION</a></dt>
+<dd> </dd>
+<dt><a href="#lbAE">OPTIONS</a></dt>
+<dd> </dd>
+<dt><a href="#lbAF">AUTHOR</a></dt>
+<dd> </dd>
+<dt><a href="#lbAG">REPORTING BUGS</a></dt>
+<dd> </dd>
+<dt><a href="#lbAH">COPYRIGHT</a></dt>
+<dd> </dd>
+</dl>
+<hr>
+<a href="/cgi-bin/man/man2html">man2html</a><br>
+</td></tr></table></td>
+</tr></table></body>
+</html>
diff --git a/docs/xmlsec.xsl b/docs/xmlsec.xsl
new file mode 100644
index 00000000..4cf2aa90
--- /dev/null
+++ b/docs/xmlsec.xsl
@@ -0,0 +1,194 @@
+<xsl:stylesheet version = '1.0' xmlns:xsl='http://www.w3.org/1999/XSL/Transform'>
+ <xsl:output method="html" encoding="ISO-8859-1" />
+ <xsl:param name="topfolder"></xsl:param>
+
+ <xsl:template name="linkto">
+ <xsl:param name="href"/>
+ <xsl:param name="text"/>
+ <xsl:element name="a">
+ <xsl:attribute name="href">
+ <xsl:value-of select="$topfolder"/>
+ <xsl:value-of select="$href"/>
+ </xsl:attribute>
+ <xsl:value-of select="$text"/>
+ </xsl:element>
+ </xsl:template>
+
+ <xsl:template name="myimg">
+ <xsl:param name="src"/>
+ <xsl:param name="alt"/>
+ <xsl:element name="img">
+ <xsl:attribute name="src">
+ <xsl:value-of select="$topfolder"/>
+ <xsl:value-of select="$src"/>
+ </xsl:attribute>
+ <xsl:attribute name="alt">
+ <xsl:value-of select="$alt"/>
+ </xsl:attribute>
+ <xsl:attribute name="border">0</xsl:attribute>
+ </xsl:element>
+ </xsl:template>
+
+ <xsl:template match="/">
+
+<html>
+<head>
+<xsl:copy-of select="//head/*" />
+</head>
+<body>
+<table witdh="100%" valign="top">
+<tr valign="top">
+ <!-- top navigation menu start -->
+ <td valign="top" align="left" width="210">
+ <xsl:call-template name="myimg">
+ <xsl:with-param name="src">images/logo.gif</xsl:with-param>
+ <xsl:with-param name="alt">XML Security Library</xsl:with-param>
+ </xsl:call-template>
+ <p/>
+ <ul>
+
+ <li>
+ <xsl:call-template name="linkto">
+ <xsl:with-param name="href">index.html</xsl:with-param>
+ <xsl:with-param name="text">Home</xsl:with-param>
+ </xsl:call-template>
+ </li>
+ <li>
+ <xsl:call-template name="linkto">
+ <xsl:with-param name="href">download.html</xsl:with-param>
+ <xsl:with-param name="text">Download</xsl:with-param>
+ </xsl:call-template>
+ </li>
+ <li>
+ <xsl:call-template name="linkto">
+ <xsl:with-param name="href">news.html</xsl:with-param>
+ <xsl:with-param name="text">News</xsl:with-param>
+ </xsl:call-template>
+ </li>
+ <li>
+ <xsl:call-template name="linkto">
+ <xsl:with-param name="href">documentation.html</xsl:with-param>
+ <xsl:with-param name="text">Documentation</xsl:with-param>
+ </xsl:call-template>
+ </li>
+ <ul>
+ <li>
+ <xsl:call-template name="linkto">
+ <xsl:with-param name="href">faq.html</xsl:with-param>
+ <xsl:with-param name="text">FAQ</xsl:with-param>
+ </xsl:call-template>
+ </li>
+ <li>
+ <xsl:call-template name="linkto">
+ <xsl:with-param name="href">api/xmlsec-notes.html</xsl:with-param>
+ <xsl:with-param name="text">Tutorial</xsl:with-param>
+ </xsl:call-template>
+ </li>
+ <li>
+ <xsl:call-template name="linkto">
+ <xsl:with-param name="href">api/xmlsec-reference.html</xsl:with-param>
+ <xsl:with-param name="text">API reference</xsl:with-param>
+ </xsl:call-template>
+ </li>
+ <li>
+ <xsl:call-template name="linkto">
+ <xsl:with-param name="href">api/xmlsec-examples.html</xsl:with-param>
+ <xsl:with-param name="text">Examples</xsl:with-param>
+ </xsl:call-template>
+ </li>
+ </ul>
+ <li>
+ <xsl:call-template name="linkto">
+ <xsl:with-param name="href">xmldsig.html</xsl:with-param>
+ <xsl:with-param name="text">XML Digital Signature</xsl:with-param>
+ </xsl:call-template>
+ </li>
+ <ul>
+ <li>
+ <a href="http://www.aleksey.com/xmlsec/xmldsig-verifier.html">Online Verifier</a>
+ </li>
+ </ul>
+ <li>
+ <xsl:call-template name="linkto">
+ <xsl:with-param name="href">xmlenc.html</xsl:with-param>
+ <xsl:with-param name="text">XML Encryption</xsl:with-param>
+ </xsl:call-template>
+ </li>
+ <li>
+ <xsl:call-template name="linkto">
+ <xsl:with-param name="href">c14n.html</xsl:with-param>
+ <xsl:with-param name="text">XML Canonicalization</xsl:with-param>
+ </xsl:call-template>
+ </li>
+ <li>
+ <xsl:call-template name="linkto">
+ <xsl:with-param name="href">bugs.html</xsl:with-param>
+ <xsl:with-param name="text">Reporting Bugs</xsl:with-param>
+ </xsl:call-template>
+ </li>
+ <li><a href="http://www.aleksey.com/pipermail/xmlsec">Mailing list</a></li>
+ <li>
+ <xsl:call-template name="linkto">
+ <xsl:with-param name="href">related.html</xsl:with-param>
+ <xsl:with-param name="text">Related</xsl:with-param>
+ </xsl:call-template>
+ </li>
+ <li>
+ <xsl:call-template name="linkto">
+ <xsl:with-param name="href">authors.html</xsl:with-param>
+ <xsl:with-param name="text">Authors</xsl:with-param>
+ </xsl:call-template>
+ </li>
+ </ul>
+ <table width="100%"><tr><td width="15"></td><td>
+ <a href="http://xmlsoft.org/">
+ <xsl:call-template name="myimg">
+ <xsl:with-param name="src">images/libxml2-logo.png</xsl:with-param>
+ <xsl:with-param name="alt">LibXML2</xsl:with-param>
+ </xsl:call-template>
+ </a>
+ </td></tr><tr><td width="15"></td><td>
+ <a href="http://xmlsoft.org/XSLT">
+ <xsl:call-template name="myimg">
+ <xsl:with-param name="src">images/libxslt-logo.png</xsl:with-param>
+ <xsl:with-param name="alt">LibXSLT</xsl:with-param>
+ </xsl:call-template>
+ </a>
+ </td></tr><tr><td width="15"></td><td>
+ <a href="http://www.openssl.org/">
+ <xsl:call-template name="myimg">
+ <xsl:with-param name="src">images/openssl-logo.png</xsl:with-param>
+ <xsl:with-param name="alt">OpenSSL</xsl:with-param>
+ </xsl:call-template>
+ </a>
+ </td></tr>
+
+ <!-- links block markers -->
+ <xsl:comment>Links - start</xsl:comment>
+ <xsl:comment>Links - end</xsl:comment>
+
+ </table>
+ </td>
+ <!-- top navigation menu end -->
+
+ <td valign="top" >
+ <table width="100%" valign="top">
+ <tr><td valign="top" align="left" id="xmlsecContent">
+ <xsl:choose>
+ <xsl:when test="//td[@id='xmlsecContent']">
+ <xsl:copy-of select="//td[@id='xmlsecContent']/*" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:copy-of select="//body/*" />
+ </xsl:otherwise>
+ </xsl:choose>
+ </td></tr>
+ </table>
+ </td>
+
+</tr></table>
+</body>
+</html>
+
+ </xsl:template>
+</xsl:stylesheet>
diff --git a/examples/Makefile b/examples/Makefile
new file mode 100644
index 00000000..5c87150f
--- /dev/null
+++ b/examples/Makefile
@@ -0,0 +1,40 @@
+#
+#
+#
+PROGRAMS = \
+ sign1 sign2 sign3 \
+ verify1 verify2 verify3 verify4 \
+ encrypt1 encrypt2 encrypt3 \
+ decrypt1 decrypt2 decrypt3 \
+ xmldsigverify \
+ xkms-server
+
+CC = gcc
+CFLAGS += -g $(shell xmlsec1-config --cflags) -DUNIX_SOCKETS
+LDFLAGS += -g $(shell xmlsec1-config --libs)
+
+all: $(PROGRAMS)
+
+clean:
+ @rm -rf $(PROGRAMS)
+
+check: $(PROGRAMS)
+ ./sign1 sign1-tmpl.xml rsakey.pem
+ ./sign2 sign2-doc.xml rsakey.pem
+ ./sign3 sign3-doc.xml rsakey.pem rsacert.pem
+ ./verify1 sign1-res.xml rsapub.pem
+ ./verify1 sign2-res.xml rsapub.pem
+ ./verify2 sign1-res.xml rsapub.pem
+ ./verify2 sign2-res.xml rsapub.pem
+ ./verify3 sign3-res.xml rootcert.pem
+ ./verify4 verify4-res.xml rootcert.pem
+ ./encrypt1 encrypt1-tmpl.xml deskey.bin
+ ./encrypt2 encrypt2-doc.xml deskey.bin
+ ./encrypt3 encrypt3-doc.xml rsakey.pem
+ ./decrypt1 encrypt1-res.xml deskey.bin
+ ./decrypt1 encrypt2-res.xml deskey.bin
+ ./decrypt2 encrypt1-res.xml deskey.bin
+ ./decrypt2 encrypt2-res.xml deskey.bin
+ ./decrypt3 encrypt1-res.xml
+ ./decrypt3 encrypt2-res.xml
+ ./decrypt3 encrypt3-res.xml
diff --git a/examples/Makefile.w32 b/examples/Makefile.w32
new file mode 100644
index 00000000..ee81ab39
--- /dev/null
+++ b/examples/Makefile.w32
@@ -0,0 +1,88 @@
+# Makefile for xmlsec, specific for Windows, MSVC and NMAKE.
+#
+# Take a look at the beginning and modify the variables to suit your
+# environment. Having done that, you can do a
+
+XMLSEC_STATIC = yes
+XMLSEC_CRYPTO = openssl
+XMLSEC_CFLAGS =
+XMLSEC_LIBS =
+
+# There should never be a need to modify anything below this line.
+XMLSEC_OBJS_DIR = build
+XMLSEC_EXAMPLES = \
+ $(XMLSEC_OBJS_DIR)\sign1.exe \
+ $(XMLSEC_OBJS_DIR)\sign2.exe \
+ $(XMLSEC_OBJS_DIR)\sign3.exe \
+ $(XMLSEC_OBJS_DIR)\verify1.exe \
+ $(XMLSEC_OBJS_DIR)\verify2.exe \
+ $(XMLSEC_OBJS_DIR)\verify3.exe \
+ $(XMLSEC_OBJS_DIR)\verify4.exe \
+ $(XMLSEC_OBJS_DIR)\encrypt1.exe \
+ $(XMLSEC_OBJS_DIR)\encrypt2.exe \
+ $(XMLSEC_OBJS_DIR)\encrypt3.exe \
+ $(XMLSEC_OBJS_DIR)\decrypt1.exe \
+ $(XMLSEC_OBJS_DIR)\decrypt2.exe \
+ $(XMLSEC_OBJS_DIR)\decrypt3.exe \
+ $(XMLSEC_OBJS_DIR)\xkms-server.exe \
+
+#
+!IF "$(XMLSEC_CRYPTO)" == "openssl"
+XMLSEC_CFLAGS = $(XMLSEC_CFLAGS) /D "XMLSEC_CRYPTO_OPENSSL" /D "XMLSEC_CRYPTO=\"openssl\""
+XMLSEC_SOLIBS = libxmlsec-openssl.lib libeay32.lib wsock32.lib user32.lib gdi32.lib
+XMLSEC_ALIBS = libxmlsec-openssl_a.lib libeay32.lib wsock32.lib user32.lib gdi32.lib
+!ENDIF
+
+!IF "$(XMLSEC_CRYPTO)" == "nss"
+XMLSEC_CFLAGS = $(XMLSEC_CFLAGS) /D "XMLSEC_CRYPTO_NSS" /D "XMLSEC_CRYPTO=\"nss\""
+XMLSEC_SOLIBS = libxmlsec-nss.lib nss3.lib nspr4.lib plds4.lib plc4.lib
+XMLSEC_ALIBS = libxmlsec-nss_a.lib nss3.lib nspr4.lib plds4.lib plc4.lib
+!ENDIF
+
+!IF "$(XMLSEC_CRYPTO)" == "mscrypto"
+XMLSEC_CFLAGS = $(XMLSEC_CFLAGS) /D "XMLSEC_CRYPTO_MSCRYPTO" /D "XMLSEC_CRYPTO=\"mscrypto\""
+XMLSEC_SOLIBS = libxmlsec-mscrypto.lib user32.lib gdi32.lib crypt32.lib advapi32.lib
+XMLSEC_ALIBS = libxmlsec-mscrypto_a.lib user32.lib gdi32.lib crypt32.lib advapi32.lib
+!ENDIF
+
+!IF "$(XMLSEC_STATIC)" == "yes"
+XMLSEC_CFLAGS = $(XMLSEC_CFLAGS) /D "LIBXML_STATIC" /D "LIBXSLT_STATIC" /D "XMLSEC_STATIC"
+XMLSEC_LIBS = $(XMLSEC_LIBS) $(XMLSEC_ALIBS) libxmlsec_a.lib \
+ libxml2_a.lib libxslt_a.lib libexslt_a.lib
+!ELSE
+XMLSEC_LIBS = $(XMLSEC_LIBS) $(XMLSEC_SOLIBS) libxmlsec.lib libxml2.lib \
+ libxslt.lib libexslt.lib
+!ENDIF
+
+# The preprocessor and its options.
+CPP = cl.exe /EP
+CPPFLAGS = /nologo
+
+# The compiler and its options.
+CC = cl.exe
+CFLAGS = /nologo /D "WIN32" /D "_WINDOWS" /D "_MBCS" /DWIN32_SOCKETS /W1 /MD $(XMLSEC_CFLAGS)
+
+# The linker and its options.
+LD = link.exe
+LDFLAGS = /nologo $(XMLSEC_LIBS) wsock32.lib
+
+# Optimisation and debug symbols.
+!if "$(DEBUG)" == "1"
+CFLAGS = $(CFLAGS) /D "_DEBUG" /Od /Z7
+LDFLAGS = $(LDFLAGS) /DEBUG
+!else
+CFLAGS = $(CFLAGS) /D "NDEBUG" /O2
+LDFLAGS = $(LDFLAGS) /OPT:NOWIN98
+!endif
+
+all : $(XMLSEC_OBJS_DIR) $(XMLSEC_EXAMPLES)
+
+$(XMLSEC_OBJS_DIR) :
+ if not exist $(XMLSEC_OBJS_DIR) mkdir $(XMLSEC_OBJS_DIR)
+
+.c{$(XMLSEC_OBJS_DIR)}.exe :
+ $(CC) /c $(CFLAGS) /Fo$(XMLSEC_OBJS_DIR)\ $<
+ $(LD) $(LDFLAGS) /OUT:$*.exe $*.obj
+
+clean:
+ if exist $(XMLSEC_OBJS_DIR) rmdir /S /Q $(XMLSEC_OBJS_DIR)
diff --git a/examples/README b/examples/README
new file mode 100644
index 00000000..bd680289
--- /dev/null
+++ b/examples/README
@@ -0,0 +1,126 @@
+This folder contains XML Security Library examples.
+
+1. Files List
+-------------------------
+
+ README This file.
+ Makefile *nix makefile.
+ Makefile.w32 Win32 makefile.
+ rsakey.pem Private PEM key file
+ rsapub.pem Public PEM key file
+ rsacert.pem Certificate for rsakey.pem signed with rootcert.pem
+ rootcert.pem Root (trusted) certificate
+ deskey.bin A DES keys
+ sign1.c Signing with a template file
+ sign1-tmpl.xml An example template file for sign1 example
+ sign1-res.xml The result of processing sign1_tmpl.xml by sign1.c
+ sign2.c Signing a file with a dynamicaly created template
+ sign2-doc.xml An example XML file for signing by sign2.c
+ sign2-res.xml The result of signing sign2-doc.xml by sign2.c
+ sign3.c Signing a file with a dynamicaly created template and an X509 certificate
+ sign3-doc.xml An example XML file for signing by sign3.c
+ sign3-res.xml The result of signing sign3-doc.xml by sign3.c
+ verify1.c Verifying a signed document with a single key
+ verify2.c Verifying a signed document using keys manager
+ verify3.c Verifying a signed document using X509 certificate
+ verify4.c Verifying a simple SAML response using X509 certificate
+ verify4-tmpl.xml An example template file with a simple SAML response for verify4 example
+ verify4-res.xml Signed simple SAML response for verification by verify4.c
+ encrypt1.c Encrypting binary data with a template file
+ encrypt1-res.xml An example template file for encrypt1.c
+ encrypt1-tmpl.xml The result of processing encrypt1_tmpl.xml by encrypt1.c
+ encrypt2.c Encrypting XML file using a dynamicaly created template
+ encrypt2-doc.xml An example XML file for encryption by encrypt2.c
+ encrypt2-res.xml The result of encryptin encrypt2-doc.xml by encrypt2.c
+ encrypt2.c Encrypting XML file using a session DES key
+ encrypt2-doc.xml An example XML file for encryption by encrypt3.c
+ encrypt2-res.xml The result of encryptin encrypt3-doc.xml by encrypt3.c
+ decrypt1.c Decrypting binary data using a single key
+ decrypt2.c Decrypting binary data using keys manager
+ decrypt3.c Decrypting binary file using custom keys manager
+ xmldsigverify.c CGI script for signatures verifications
+
+2. Building Examples
+-------------------------
+
+Unixes:
+ Just run the usual 'make' command (assuming that xmlsec, libxml and
+ all other required libraries are already installed).
+
+Windows:
+ - Add paths to include and library files for xmlsec, libxml2, libexslt and
+ openssl or nss to the environment variables INCLUDE and LIB.
+ - Edit 'Makefile.w32' file and specify correct crypto engine (openssl or
+ nss for now). You can also specify necessary include and library paths
+ or change from static linking to using DLLs.
+ - Run 'nmake -f Makefile.w32'
+
+ If something does not work, check the README file in the top level
+ "win32" folder and have fun :)
+
+Other platforms:
+ If none of the above works for you and you've managed to compile xmlsec
+ library by yourself then you probably know what to do.
+
+
+
+3. Runnning Examples.
+-------------------------
+
+The following are just examples and you can use the programs from this
+folder with any other input files:
+
+ ./sign1 sign1-tmpl.xml rsakey.pem
+ ./sign2 sign2-doc.xml rsakey.pem
+ ./sign3 sign3-doc.xml rsakey.pem rsacert.pem
+
+ ./verify1 sign1-res.xml rsapub.pem
+ ./verify1 sign2-res.xml rsapub.pem
+ ./verify2 sign1-res.xml rsapub.pem
+ ./verify2 sign2-res.xml rsapub.pem
+ ./verify3 sign3-res.xml rootcert.pem
+ ./verify4 verify4-res.xml rootcert.pem
+
+ ./encrypt1 encrypt1-tmpl.xml deskey.bin
+ ./encrypt2 encrypt2-doc.xml deskey.bin
+ ./encrypt3 encrypt3-doc.xml rsakey.pem
+
+ ./decrypt1 encrypt1-res.xml deskey.bin
+ ./decrypt1 encrypt2-res.xml deskey.bin
+ ./decrypt2 encrypt1-res.xml deskey.bin
+ ./decrypt2 encrypt2-res.xml deskey.bin
+ ./decrypt3 encrypt1-res.xml
+ ./decrypt3 encrypt2-res.xml
+ ./decrypt3 encrypt3-res.xml
+
+4. Using xmlsec command line tool.
+-------------------------
+For Windows, use "xmlsec" instead of "xmlsec1".
+ xmlsec1 sign --privkey rsakey.pem --output sign1.xml sign1-tmpl.xml
+ xmlsec1 verify --pubkey rsapub.pem sign1.xml
+ xmlsec1 verify --pubkey rsapub.pem sign1-res.xml
+ xmlsec1 verify --pubkey rsapub.pem sign2-res.xml
+ xmlsec1 verify --trusted rootcert.pem sign3-res.xml
+ xmlsec1 verify --trusted rootcert.pem verify4-res.xml
+
+ xmlsec1 encrypt --deskey deskey.bin --binary-data binary.dat --output encrypt1.xml encrypt1-tmpl.xml
+ xmlsec1 decrypt --deskey deskey.bin encrypt1.xml
+ xmlsec1 decrypt --deskey deskey.bin encrypt1-res.xml
+ xmlsec1 decrypt --deskey deskey.bin encrypt2-res.xml
+ xmlsec1 decrypt --privkey rsakey.pem encrypt3-res.xml
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/examples/binary.dat b/examples/binary.dat
new file mode 100644
index 00000000..a039696a
--- /dev/null
+++ b/examples/binary.dat
@@ -0,0 +1 @@
+Big secret \ No newline at end of file
diff --git a/examples/decrypt1.c b/examples/decrypt1.c
new file mode 100644
index 00000000..39ad1039
--- /dev/null
+++ b/examples/decrypt1.c
@@ -0,0 +1,223 @@
+/**
+ * XML Security Library example: Decrypting an encrypted file using a single key.
+ *
+ * Decrypts encrypted XML file using a single DES key from a binary file
+ *
+ * Usage:
+ * ./decrypt1 <xml-enc> <des-key-file>
+ *
+ * Example:
+ * ./decrypt1 encrypt1-res.xml deskey.bin
+ * ./decrypt1 encrypt2-res.xml deskey.bin
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#include <libxml/tree.h>
+#include <libxml/xmlmemory.h>
+#include <libxml/parser.h>
+
+#ifndef XMLSEC_NO_XSLT
+#include <libxslt/xslt.h>
+#include <libxslt/security.h>
+#endif /* XMLSEC_NO_XSLT */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/xmlenc.h>
+#include <xmlsec/crypto.h>
+
+int decrypt_file(const char* enc_file, const char* key_file);
+
+int
+main(int argc, char **argv) {
+#ifndef XMLSEC_NO_XSLT
+ xsltSecurityPrefsPtr xsltSecPrefs = NULL;
+#endif /* XMLSEC_NO_XSLT */
+
+ assert(argv);
+
+ if(argc != 3) {
+ fprintf(stderr, "Error: wrong number of arguments.\n");
+ fprintf(stderr, "Usage: %s <enc-file> <key-file>\n", argv[0]);
+ return(1);
+ }
+
+ /* Init libxml and libxslt libraries */
+ xmlInitParser();
+ LIBXML_TEST_VERSION
+ xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ xmlSubstituteEntitiesDefault(1);
+#ifndef XMLSEC_NO_XSLT
+ xmlIndentTreeOutput = 1;
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init libxslt */
+#ifndef XMLSEC_NO_XSLT
+ /* disable everything */
+ xsltSecPrefs = xsltNewSecurityPrefs();
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid);
+ xsltSetDefaultSecurityPrefs(xsltSecPrefs);
+#endif /* XMLSEC_NO_XSLT */
+
+
+ /* Init xmlsec library */
+ if(xmlSecInit() < 0) {
+ fprintf(stderr, "Error: xmlsec initialization failed.\n");
+ return(-1);
+ }
+
+ /* Check loaded library version */
+ if(xmlSecCheckVersion() != 1) {
+ fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n");
+ return(-1);
+ }
+
+ /* Load default crypto engine if we are supporting dynamic
+ * loading for xmlsec-crypto libraries. Use the crypto library
+ * name ("openssl", "nss", etc.) to load corresponding
+ * xmlsec-crypto library.
+ */
+#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+ if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) {
+ fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n"
+ "that you have it installed and check shared libraries path\n"
+ "(LD_LIBRARY_PATH) envornment variable.\n");
+ return(-1);
+ }
+#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+
+ /* Init crypto library */
+ if(xmlSecCryptoAppInit(NULL) < 0) {
+ fprintf(stderr, "Error: crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* Init xmlsec-crypto library */
+ if(xmlSecCryptoInit() < 0) {
+ fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
+ return(-1);
+ }
+
+ if(decrypt_file(argv[1], argv[2]) < 0) {
+ return(-1);
+ }
+
+ /* Shutdown xmlsec-crypto library */
+ xmlSecCryptoShutdown();
+
+ /* Shutdown crypto library */
+ xmlSecCryptoAppShutdown();
+
+ /* Shutdown xmlsec library */
+ xmlSecShutdown();
+
+ /* Shutdown libxslt/libxml */
+#ifndef XMLSEC_NO_XSLT
+ xsltCleanupGlobals();
+#endif /* XMLSEC_NO_XSLT */
+ xmlCleanupParser();
+
+ return(0);
+}
+
+/**
+ * decrypt_file:
+ * @enc_file: the encrypted XML file name.
+ * @key_file: the Triple DES key file.
+ *
+ * Decrypts the XML file #enc_file using DES key from #key_file and
+ * prints results to stdout.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+decrypt_file(const char* enc_file, const char* key_file) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr node = NULL;
+ xmlSecEncCtxPtr encCtx = NULL;
+ int res = -1;
+
+ assert(enc_file);
+ assert(key_file);
+
+ /* load template */
+ doc = xmlParseFile(enc_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", enc_file);
+ goto done;
+ }
+
+ /* find start node */
+ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeEncryptedData, xmlSecEncNs);
+ if(node == NULL) {
+ fprintf(stderr, "Error: start node not found in \"%s\"\n", enc_file);
+ goto done;
+ }
+
+ /* create encryption context, we don't need keys manager in this example */
+ encCtx = xmlSecEncCtxCreate(NULL);
+ if(encCtx == NULL) {
+ fprintf(stderr,"Error: failed to create encryption context\n");
+ goto done;
+ }
+
+ /* load DES key */
+ encCtx->encKey = xmlSecKeyReadBinaryFile(xmlSecKeyDataDesId, key_file);
+ if(encCtx->encKey == NULL) {
+ fprintf(stderr,"Error: failed to load des key from binary file \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(encCtx->encKey, key_file) < 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* decrypt the data */
+ if((xmlSecEncCtxDecrypt(encCtx, node) < 0) || (encCtx->result == NULL)) {
+ fprintf(stderr,"Error: decryption failed\n");
+ goto done;
+ }
+
+ /* print decrypted data to stdout */
+ if(encCtx->resultReplaced != 0) {
+ fprintf(stdout, "Decrypted XML data:\n");
+ xmlDocDump(stdout, doc);
+ } else {
+ fprintf(stdout, "Decrypted binary data (%d bytes):\n", xmlSecBufferGetSize(encCtx->result));
+ if(xmlSecBufferGetData(encCtx->result) != NULL) {
+ fwrite(xmlSecBufferGetData(encCtx->result),
+ 1,
+ xmlSecBufferGetSize(encCtx->result),
+ stdout);
+ }
+ }
+ fprintf(stdout, "\n");
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(encCtx != NULL) {
+ xmlSecEncCtxDestroy(encCtx);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+
diff --git a/examples/decrypt2.c b/examples/decrypt2.c
new file mode 100644
index 00000000..49513e12
--- /dev/null
+++ b/examples/decrypt2.c
@@ -0,0 +1,293 @@
+/**
+ * XML Security Library example: Decrypting an encrypted file using keys manager.
+ *
+ * Decrypts encrypted XML file using keys manager and a list of
+ * DES key from a binary file
+ *
+ * Usage:
+ * ./decrypt2 <xml-enc> <des-key-file1> [<des-key-file2> [...]]
+ *
+ * Example:
+ * ./decrypt2 encrypt1-res.xml deskey.bin
+ * ./decrypt2 encrypt2-res.xml deskey.bin
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#include <libxml/tree.h>
+#include <libxml/xmlmemory.h>
+#include <libxml/parser.h>
+
+#ifndef XMLSEC_NO_XSLT
+#include <libxslt/xslt.h>
+#include <libxslt/security.h>
+#endif /* XMLSEC_NO_XSLT */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/xmlenc.h>
+#include <xmlsec/crypto.h>
+
+xmlSecKeysMngrPtr load_des_keys(char** files, int files_size);
+int decrypt_file(xmlSecKeysMngrPtr mngr, const char* enc_file);
+
+int
+main(int argc, char **argv) {
+ xmlSecKeysMngrPtr mngr;
+#ifndef XMLSEC_NO_XSLT
+ xsltSecurityPrefsPtr xsltSecPrefs = NULL;
+#endif /* XMLSEC_NO_XSLT */
+
+ assert(argv);
+
+ if(argc != 3) {
+ fprintf(stderr, "Error: wrong number of arguments.\n");
+ fprintf(stderr, "Usage: %s <enc-file> <key-file1> [<key-file2> [...]]\n", argv[0]);
+ return(1);
+ }
+
+ /* Init libxml and libxslt libraries */
+ xmlInitParser();
+ LIBXML_TEST_VERSION
+ xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ xmlSubstituteEntitiesDefault(1);
+#ifndef XMLSEC_NO_XSLT
+ xmlIndentTreeOutput = 1;
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init libxslt */
+#ifndef XMLSEC_NO_XSLT
+ /* disable everything */
+ xsltSecPrefs = xsltNewSecurityPrefs();
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid);
+ xsltSetDefaultSecurityPrefs(xsltSecPrefs);
+#endif /* XMLSEC_NO_XSLT */
+
+
+ /* Init xmlsec library */
+ if(xmlSecInit() < 0) {
+ fprintf(stderr, "Error: xmlsec initialization failed.\n");
+ return(-1);
+ }
+
+ /* Check loaded library version */
+ if(xmlSecCheckVersion() != 1) {
+ fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n");
+ return(-1);
+ }
+
+ /* Load default crypto engine if we are supporting dynamic
+ * loading for xmlsec-crypto libraries. Use the crypto library
+ * name ("openssl", "nss", etc.) to load corresponding
+ * xmlsec-crypto library.
+ */
+#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+ if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) {
+ fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n"
+ "that you have it installed and check shared libraries path\n"
+ "(LD_LIBRARY_PATH) envornment variable.\n");
+ return(-1);
+ }
+#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+
+ /* Init crypto library */
+ if(xmlSecCryptoAppInit(NULL) < 0) {
+ fprintf(stderr, "Error: crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* Init xmlsec-crypto library */
+ if(xmlSecCryptoInit() < 0) {
+ fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* create keys manager and load keys */
+ mngr = load_des_keys(&(argv[2]), argc - 2);
+ if(mngr == NULL) {
+ return(-1);
+ }
+
+ if(decrypt_file(mngr, argv[1]) < 0) {
+ xmlSecKeysMngrDestroy(mngr);
+ return(-1);
+ }
+
+ /* destroy keys manager */
+ xmlSecKeysMngrDestroy(mngr);
+
+ /* Shutdown xmlsec-crypto library */
+ xmlSecCryptoShutdown();
+
+ /* Shutdown crypto library */
+ xmlSecCryptoAppShutdown();
+
+ /* Shutdown xmlsec library */
+ xmlSecShutdown();
+
+ /* Shutdown libxslt/libxml */
+#ifndef XMLSEC_NO_XSLT
+ xsltFreeSecurityPrefs(xsltSecPrefs);
+ xsltCleanupGlobals();
+#endif /* XMLSEC_NO_XSLT */
+ xmlCleanupParser();
+
+ return(0);
+}
+
+/**
+ * load_des_keys:
+ * @files: the list of filenames.
+ * @files_size: the number of filenames in #files.
+ *
+ * Creates simple keys manager and load DES keys from #files in it.
+ * The caller is responsible for destroing returned keys manager using
+ * @xmlSecKeysMngrDestroy.
+ *
+ * Returns the pointer to newly created keys manager or NULL if an error
+ * occurs.
+ */
+xmlSecKeysMngrPtr
+load_des_keys(char** files, int files_size) {
+ xmlSecKeysMngrPtr mngr;
+ xmlSecKeyPtr key;
+ int i;
+
+ assert(files);
+ assert(files_size > 0);
+
+ /* create and initialize keys manager, we use a simple list based
+ * keys manager, implement your own xmlSecKeysStore klass if you need
+ * something more sophisticated
+ */
+ mngr = xmlSecKeysMngrCreate();
+ if(mngr == NULL) {
+ fprintf(stderr, "Error: failed to create keys manager.\n");
+ return(NULL);
+ }
+ if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) {
+ fprintf(stderr, "Error: failed to initialize keys manager.\n");
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ for(i = 0; i < files_size; ++i) {
+ assert(files[i]);
+
+ /* load DES key */
+ key = xmlSecKeyReadBinaryFile(xmlSecKeyDataDesId, files[i]);
+ if(key == NULL) {
+ fprintf(stderr,"Error: failed to load des key from binary file \"%s\"\n", files[i]);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(key, BAD_CAST files[i]) < 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", files[i]);
+ xmlSecKeyDestroy(key);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* add key to keys manager, from now on keys manager is responsible
+ * for destroying key
+ */
+ if(xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key) < 0) {
+ fprintf(stderr,"Error: failed to add key from \"%s\" to keys manager\n", files[i]);
+ xmlSecKeyDestroy(key);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+ }
+
+ return(mngr);
+}
+
+/**
+ * decrypt_file:
+ * @mngr: the pointer to keys manager.
+ * @enc_file: the encrypted XML file name.
+ *
+ * Decrypts the XML file #enc_file using DES key from #key_file and
+ * prints results to stdout.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+decrypt_file(xmlSecKeysMngrPtr mngr, const char* enc_file) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr node = NULL;
+ xmlSecEncCtxPtr encCtx = NULL;
+ int res = -1;
+
+ assert(mngr);
+ assert(enc_file);
+
+ /* load template */
+ doc = xmlParseFile(enc_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", enc_file);
+ goto done;
+ }
+
+ /* find start node */
+ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeEncryptedData, xmlSecEncNs);
+ if(node == NULL) {
+ fprintf(stderr, "Error: start node not found in \"%s\"\n", enc_file);
+ goto done;
+ }
+
+ /* create encryption context */
+ encCtx = xmlSecEncCtxCreate(mngr);
+ if(encCtx == NULL) {
+ fprintf(stderr,"Error: failed to create encryption context\n");
+ goto done;
+ }
+
+ /* decrypt the data */
+ if((xmlSecEncCtxDecrypt(encCtx, node) < 0) || (encCtx->result == NULL)) {
+ fprintf(stderr,"Error: decryption failed\n");
+ goto done;
+ }
+
+ /* print decrypted data to stdout */
+ if(encCtx->resultReplaced != 0) {
+ fprintf(stdout, "Decrypted XML data:\n");
+ xmlDocDump(stdout, doc);
+ } else {
+ fprintf(stdout, "Decrypted binary data (%d bytes):\n", xmlSecBufferGetSize(encCtx->result));
+ if(xmlSecBufferGetData(encCtx->result) != NULL) {
+ fwrite(xmlSecBufferGetData(encCtx->result),
+ 1,
+ xmlSecBufferGetSize(encCtx->result),
+ stdout);
+ }
+ }
+ fprintf(stdout, "\n");
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(encCtx != NULL) {
+ xmlSecEncCtxDestroy(encCtx);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+
diff --git a/examples/decrypt3.c b/examples/decrypt3.c
new file mode 100644
index 00000000..253920fb
--- /dev/null
+++ b/examples/decrypt3.c
@@ -0,0 +1,372 @@
+/**
+ * XML Security Library example: Decrypting an encrypted file using a custom keys manager.
+ *
+ * Decrypts encrypted XML file using a custom files based keys manager.
+ * We assume that key's name in <dsig:KeyName/> element is just
+ * key's file name in the current folder.
+ *
+ * Usage:
+ * ./decrypt3 <xml-enc>
+ *
+ * Example:
+ * ./decrypt3 encrypt1-res.xml
+ * ./decrypt3 encrypt2-res.xml
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <assert.h>
+
+#include <libxml/tree.h>
+#include <libxml/xmlmemory.h>
+#include <libxml/parser.h>
+
+#ifndef XMLSEC_NO_XSLT
+#include <libxslt/xslt.h>
+#include <libxslt/security.h>
+#endif /* XMLSEC_NO_XSLT */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/xmlenc.h>
+#include <xmlsec/crypto.h>
+
+xmlSecKeyStoreId files_keys_store_get_klass(void);
+xmlSecKeysMngrPtr create_files_keys_mngr(void);
+int decrypt_file(xmlSecKeysMngrPtr mngr, const char* enc_file);
+
+int
+main(int argc, char **argv) {
+ xmlSecKeysMngrPtr mngr;
+#ifndef XMLSEC_NO_XSLT
+ xsltSecurityPrefsPtr xsltSecPrefs = NULL;
+#endif /* XMLSEC_NO_XSLT */
+
+ assert(argv);
+
+ if(argc != 2) {
+ fprintf(stderr, "Error: wrong number of arguments.\n");
+ fprintf(stderr, "Usage: %s <enc-file>\n", argv[0]);
+ return(1);
+ }
+
+ /* Init libxml and libxslt libraries */
+ xmlInitParser();
+ LIBXML_TEST_VERSION
+ xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ xmlSubstituteEntitiesDefault(1);
+#ifndef XMLSEC_NO_XSLT
+ xmlIndentTreeOutput = 1;
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init libxslt */
+#ifndef XMLSEC_NO_XSLT
+ /* disable everything */
+ xsltSecPrefs = xsltNewSecurityPrefs();
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid);
+ xsltSetDefaultSecurityPrefs(xsltSecPrefs);
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init xmlsec library */
+ if(xmlSecInit() < 0) {
+ fprintf(stderr, "Error: xmlsec initialization failed.\n");
+ return(-1);
+ }
+
+ /* Check loaded library version */
+ if(xmlSecCheckVersion() != 1) {
+ fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n");
+ return(-1);
+ }
+
+ /* Load default crypto engine if we are supporting dynamic
+ * loading for xmlsec-crypto libraries. Use the crypto library
+ * name ("openssl", "nss", etc.) to load corresponding
+ * xmlsec-crypto library.
+ */
+#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+ if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) {
+ fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n"
+ "that you have it installed and check shared libraries path\n"
+ "(LD_LIBRARY_PATH) envornment variable.\n");
+ return(-1);
+ }
+#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+
+ /* Init crypto library */
+ if(xmlSecCryptoAppInit(NULL) < 0) {
+ fprintf(stderr, "Error: crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* Init xmlsec-crypto library */
+ if(xmlSecCryptoInit() < 0) {
+ fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* create keys manager and load keys */
+ mngr = create_files_keys_mngr();
+ if(mngr == NULL) {
+ return(-1);
+ }
+
+ if(decrypt_file(mngr, argv[1]) < 0) {
+ xmlSecKeysMngrDestroy(mngr);
+ return(-1);
+ }
+
+ /* destroy keys manager */
+ xmlSecKeysMngrDestroy(mngr);
+
+ /* Shutdown xmlsec-crypto library */
+ xmlSecCryptoShutdown();
+
+ /* Shutdown crypto library */
+ xmlSecCryptoAppShutdown();
+
+ /* Shutdown xmlsec library */
+ xmlSecShutdown();
+
+ /* Shutdown libxslt/libxml */
+#ifndef XMLSEC_NO_XSLT
+ xsltFreeSecurityPrefs(xsltSecPrefs);
+ xsltCleanupGlobals();
+#endif /* XMLSEC_NO_XSLT */
+ xmlCleanupParser();
+
+ return(0);
+}
+
+/**
+ * decrypt_file:
+ * @mngr: the pointer to keys manager.
+ * @enc_file: the encrypted XML file name.
+ *
+ * Decrypts the XML file #enc_file using DES key from #key_file and
+ * prints results to stdout.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+decrypt_file(xmlSecKeysMngrPtr mngr, const char* enc_file) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr node = NULL;
+ xmlSecEncCtxPtr encCtx = NULL;
+ int res = -1;
+
+ assert(mngr);
+ assert(enc_file);
+
+ /* load template */
+ doc = xmlParseFile(enc_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", enc_file);
+ goto done;
+ }
+
+ /* find start node */
+ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeEncryptedData, xmlSecEncNs);
+ if(node == NULL) {
+ fprintf(stderr, "Error: start node not found in \"%s\"\n", enc_file);
+ goto done;
+ }
+
+ /* create encryption context */
+ encCtx = xmlSecEncCtxCreate(mngr);
+ if(encCtx == NULL) {
+ fprintf(stderr,"Error: failed to create encryption context\n");
+ goto done;
+ }
+
+ /* decrypt the data */
+ if((xmlSecEncCtxDecrypt(encCtx, node) < 0) || (encCtx->result == NULL)) {
+ fprintf(stderr,"Error: decryption failed\n");
+ goto done;
+ }
+
+ /* print decrypted data to stdout */
+ if(encCtx->resultReplaced != 0) {
+ fprintf(stdout, "Decrypted XML data:\n");
+ xmlDocDump(stdout, doc);
+ } else {
+ fprintf(stdout, "Decrypted binary data (%d bytes):\n", xmlSecBufferGetSize(encCtx->result));
+ if(xmlSecBufferGetData(encCtx->result) != NULL) {
+ fwrite(xmlSecBufferGetData(encCtx->result),
+ 1,
+ xmlSecBufferGetSize(encCtx->result),
+ stdout);
+ }
+ }
+ fprintf(stdout, "\n");
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(encCtx != NULL) {
+ xmlSecEncCtxDestroy(encCtx);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+
+/**
+ * create_files_keys_mngr:
+ *
+ * Creates a files based keys manager: we assume that key name is
+ * the key file name,
+ *
+ * Returns pointer to newly created keys manager or NULL if an error occurs.
+ */
+xmlSecKeysMngrPtr
+create_files_keys_mngr(void) {
+ xmlSecKeyStorePtr keysStore;
+ xmlSecKeysMngrPtr mngr;
+
+ /* create files based keys store */
+ keysStore = xmlSecKeyStoreCreate(files_keys_store_get_klass());
+ if(keysStore == NULL) {
+ fprintf(stderr, "Error: failed to create keys store.\n");
+ return(NULL);
+ }
+
+ /* create keys manager */
+ mngr = xmlSecKeysMngrCreate();
+ if(mngr == NULL) {
+ fprintf(stderr, "Error: failed to create keys manager.\n");
+ xmlSecKeyStoreDestroy(keysStore);
+ return(NULL);
+ }
+
+ /* add store to keys manager, from now on keys manager destroys the store if needed */
+ if(xmlSecKeysMngrAdoptKeysStore(mngr, keysStore) < 0) {
+ fprintf(stderr, "Error: failed to add keys store to keys manager.\n");
+ xmlSecKeyStoreDestroy(keysStore);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* initialize crypto library specific data in keys manager */
+ if(xmlSecCryptoKeysMngrInit(mngr) < 0) {
+ fprintf(stderr, "Error: failed to initialize crypto data in keys manager.\n");
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* set the get key callback */
+ mngr->getKey = xmlSecKeysMngrGetKey;
+ return(mngr);
+}
+
+/****************************************************************************
+ *
+ * Files Keys Store: we assume that key's name (content of the
+ * <dsig:KeyName/> element is a name of the file with a key (in the
+ * current folder).
+ * Attention: this probably not a good solution for high traffic systems.
+ *
+ ***************************************************************************/
+static xmlSecKeyPtr files_keys_store_find_key (xmlSecKeyStorePtr store,
+ const xmlChar* name,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static xmlSecKeyStoreKlass files_keys_store_klass = {
+ sizeof(xmlSecKeyStoreKlass),
+ sizeof(xmlSecKeyStore),
+ BAD_CAST "files-based-keys-store", /* const xmlChar* name; */
+ NULL, /* xmlSecKeyStoreInitializeMethod initialize; */
+ NULL, /* xmlSecKeyStoreFinalizeMethod finalize; */
+ files_keys_store_find_key, /* xmlSecKeyStoreFindKeyMethod findKey; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * files_keys_store_get_klass:
+ *
+ * The files based keys store klass: we assume that key name is the
+ * key file name,
+ *
+ * Returns files based keys store klass.
+ */
+xmlSecKeyStoreId
+files_keys_store_get_klass(void) {
+ return(&files_keys_store_klass);
+}
+
+/**
+ * files_keys_store_find_key:
+ * @store: the pointer to simple keys store.
+ * @name: the desired key name.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> node processing context.
+ *
+ * Lookups key in the @store. The caller is responsible for destroying
+ * returned key with #xmlSecKeyDestroy function.
+ *
+ * Returns pointer to key or NULL if key not found or an error occurs.
+ */
+static xmlSecKeyPtr
+files_keys_store_find_key(xmlSecKeyStorePtr store, const xmlChar* name, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyPtr key;
+ const xmlChar* p;
+
+ assert(store);
+ assert(keyInfoCtx);
+
+ /* it's possible to do not have the key name or desired key type
+ * but we could do nothing in this case */
+ if((name == NULL) || (keyInfoCtx->keyReq.keyId == xmlSecKeyDataIdUnknown)){
+ return(NULL);
+ }
+
+ /* we don't want to open files in a folder other than "current";
+ * to prevent it limit the characters in the key name to alpha/digit,
+ * '.', '-' or '_'.
+ */
+ for(p = name; (*p) != '\0'; ++p) {
+ if(!isalnum((*p)) && ((*p) != '.') && ((*p) != '-') && ((*p) != '_')) {
+ return(NULL);
+ }
+ }
+
+ if((keyInfoCtx->keyReq.keyId == xmlSecKeyDataDsaId) || (keyInfoCtx->keyReq.keyId == xmlSecKeyDataRsaId)) {
+ /* load key from a pem file, if key is not found then it's an error (is it?) */
+ key = xmlSecCryptoAppKeyLoad(name, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
+ if(key == NULL) {
+ fprintf(stderr,"Error: failed to load public pem key from \"%s\"\n", name);
+ return(NULL);
+ }
+ } else {
+ /* otherwise it's a binary key, if key is not found then it's an error (is it?) */
+ key = xmlSecKeyReadBinaryFile(keyInfoCtx->keyReq.keyId, name);
+ if(key == NULL) {
+ fprintf(stderr,"Error: failed to load key from binary file \"%s\"\n", name);
+ return(NULL);
+ }
+ }
+
+ /* set key name */
+ if(xmlSecKeySetName(key, name) < 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", name);
+ xmlSecKeyDestroy(key);
+ return(NULL);
+ }
+
+ return(key);
+}
+
diff --git a/examples/deskey.bin b/examples/deskey.bin
new file mode 100644
index 00000000..019924a7
--- /dev/null
+++ b/examples/deskey.bin
@@ -0,0 +1 @@
+012345670123456701234567 \ No newline at end of file
diff --git a/examples/encrypt1-res.xml b/examples/encrypt1-res.xml
new file mode 100644
index 00000000..cc436a0e
--- /dev/null
+++ b/examples/encrypt1-res.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0"?>
+<!--
+XML Security Library example: Encrypted binary data (encrypt1 example).
+-->
+<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>deskey.bin</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>t6JVBMihIgRyiK8AS8AX5NcXTfkdXPTK</CipherValue>
+ </CipherData>
+</EncryptedData>
diff --git a/examples/encrypt1-tmpl.xml b/examples/encrypt1-tmpl.xml
new file mode 100644
index 00000000..3d61a901
--- /dev/null
+++ b/examples/encrypt1-tmpl.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0"?>
+<!--
+XML Security Library example: Simple encryption template file for encrypt1 example.
+-->
+<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName/>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue></CipherValue>
+ </CipherData>
+</EncryptedData>
diff --git a/examples/encrypt1.c b/examples/encrypt1.c
new file mode 100644
index 00000000..fb4d103f
--- /dev/null
+++ b/examples/encrypt1.c
@@ -0,0 +1,219 @@
+/**
+ * XML Security Library example: Encrypting data using a template file.
+ *
+ * Encrypts binary data using a template file and a DES key from a binary file
+ *
+ * Usage:
+ * ./encrypt1 <xml-tmpl> <des-key-file>
+ *
+ * Example:
+ * ./encrypt1 encrypt1-tmpl.xml deskey.bin > encrypt1-res.xml
+ *
+ * The result could be decrypted with decrypt1 example:
+ * ./decrypt1 encrypt1-res.xml deskey.bin
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#include <libxml/tree.h>
+#include <libxml/xmlmemory.h>
+#include <libxml/parser.h>
+
+#ifndef XMLSEC_NO_XSLT
+#include <libxslt/xslt.h>
+#include <libxslt/security.h>
+#endif /* XMLSEC_NO_XSLT */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/xmlenc.h>
+#include <xmlsec/crypto.h>
+
+int encrypt_file(const char* tmpl_file, const char* key_file,
+ const unsigned char* data, size_t dataSize);
+int
+main(int argc, char **argv) {
+ static const char secret_data[] = "Big secret";
+#ifndef XMLSEC_NO_XSLT
+ xsltSecurityPrefsPtr xsltSecPrefs = NULL;
+#endif /* XMLSEC_NO_XSLT */
+
+ assert(argv);
+
+ if(argc != 3) {
+ fprintf(stderr, "Error: wrong number of arguments.\n");
+ fprintf(stderr, "Usage: %s <tmpl-file> <key-file>\n", argv[0]);
+ return(1);
+ }
+
+ /* Init libxml and libxslt libraries */
+ xmlInitParser();
+ LIBXML_TEST_VERSION
+ xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ xmlSubstituteEntitiesDefault(1);
+#ifndef XMLSEC_NO_XSLT
+ xmlIndentTreeOutput = 1;
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init libxslt */
+#ifndef XMLSEC_NO_XSLT
+ /* disable everything */
+ xsltSecPrefs = xsltNewSecurityPrefs();
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid);
+ xsltSetDefaultSecurityPrefs(xsltSecPrefs);
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init xmlsec library */
+ if(xmlSecInit() < 0) {
+ fprintf(stderr, "Error: xmlsec initialization failed.\n");
+ return(-1);
+ }
+
+ /* Check loaded library version */
+ if(xmlSecCheckVersion() != 1) {
+ fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n");
+ return(-1);
+ }
+
+ /* Load default crypto engine if we are supporting dynamic
+ * loading for xmlsec-crypto libraries. Use the crypto library
+ * name ("openssl", "nss", etc.) to load corresponding
+ * xmlsec-crypto library.
+ */
+#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+ if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) {
+ fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n"
+ "that you have it installed and check shared libraries path\n"
+ "(LD_LIBRARY_PATH) envornment variable.\n");
+ return(-1);
+ }
+#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+
+ /* Init crypto library */
+ if(xmlSecCryptoAppInit(NULL) < 0) {
+ fprintf(stderr, "Error: crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* Init xmlsec-crypto library */
+ if(xmlSecCryptoInit() < 0) {
+ fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
+ return(-1);
+ }
+
+ if(encrypt_file(argv[1], argv[2], secret_data, strlen(secret_data)) < 0) {
+ return(-1);
+ }
+
+ /* Shutdown xmlsec-crypto library */
+ xmlSecCryptoShutdown();
+
+ /* Shutdown crypto library */
+ xmlSecCryptoAppShutdown();
+
+ /* Shutdown xmlsec library */
+ xmlSecShutdown();
+
+ /* Shutdown libxslt/libxml */
+#ifndef XMLSEC_NO_XSLT
+ xsltFreeSecurityPrefs(xsltSecPrefs);
+ xsltCleanupGlobals();
+#endif /* XMLSEC_NO_XSLT */
+ xmlCleanupParser();
+
+ return(0);
+}
+
+/**
+ * encrypt_file:
+ * @tmpl_file: the encryption template file name.
+ * @key_file: the Triple DES key file.
+ * @data: the binary data to encrypt.
+ * @dataSize: the binary data size.
+ *
+ * Encrypts binary #data using template from #tmpl_file and DES key from
+ * #key_file.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+encrypt_file(const char* tmpl_file, const char* key_file,
+ const unsigned char* data, size_t dataSize) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr node = NULL;
+ xmlSecEncCtxPtr encCtx = NULL;
+ int res = -1;
+
+ assert(tmpl_file);
+ assert(key_file);
+ assert(data);
+
+ /* load template */
+ doc = xmlParseFile(tmpl_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", tmpl_file);
+ goto done;
+ }
+
+ /* find start node */
+ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeEncryptedData, xmlSecEncNs);
+ if(node == NULL) {
+ fprintf(stderr, "Error: start node not found in \"%s\"\n", tmpl_file);
+ goto done;
+ }
+
+ /* create encryption context, we don't need keys manager in this example */
+ encCtx = xmlSecEncCtxCreate(NULL);
+ if(encCtx == NULL) {
+ fprintf(stderr,"Error: failed to create encryption context\n");
+ goto done;
+ }
+
+ /* load DES key, assuming that there is not password */
+ encCtx->encKey = xmlSecKeyReadBinaryFile(xmlSecKeyDataDesId, key_file);
+ if(encCtx->encKey == NULL) {
+ fprintf(stderr,"Error: failed to load des key from binary file \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(encCtx->encKey, key_file) < 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* encrypt the data */
+ if(xmlSecEncCtxBinaryEncrypt(encCtx, node, data, dataSize) < 0) {
+ fprintf(stderr,"Error: encryption failed\n");
+ goto done;
+ }
+
+ /* print encrypted data with document to stdout */
+ xmlDocDump(stdout, doc);
+
+ /* success */
+ res = 0;
+
+done:
+
+ /* cleanup */
+ if(encCtx != NULL) {
+ xmlSecEncCtxDestroy(encCtx);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+
diff --git a/examples/encrypt2-doc.xml b/examples/encrypt2-doc.xml
new file mode 100644
index 00000000..d01549d8
--- /dev/null
+++ b/examples/encrypt2-doc.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+XML Security Library example: Original XML doc file before encryption (encrypt2 example).
+-->
+<Envelope xmlns="urn:envelope">
+ <Data>
+ Hello, World!
+ </Data>
+</Envelope>
diff --git a/examples/encrypt2-res.xml b/examples/encrypt2-res.xml
new file mode 100644
index 00000000..d2a0a573
--- /dev/null
+++ b/examples/encrypt2-res.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+XML Security Library example: Encrypted XML file (encrypt2 example).
+-->
+<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element">
+<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+<KeyName>deskey.bin</KeyName>
+</KeyInfo>
+<CipherData>
+<CipherValue>WXlDyktaADlUe+PywKwS3KdKlahCteEKxi/hRlHcXNQlGwNGrYKy8aQ6dLtX1bKg
+IgL/XoAQN3B27zD91b1ZLGh6QQ9CjnVD98+hYJ9TPp4piPnII4vGUA==</CipherValue>
+</CipherData>
+</EncryptedData>
diff --git a/examples/encrypt2.c b/examples/encrypt2.c
new file mode 100644
index 00000000..4f1ad588
--- /dev/null
+++ b/examples/encrypt2.c
@@ -0,0 +1,244 @@
+/**
+ * XML Security Library example: Encrypting XML file with a dynamicaly created template.
+ *
+ * Encrypts XML file using a dynamicaly created template file and a DES key
+ * from a binary file
+ *
+ * Usage:
+ * ./encrypt2 <xml-doc> <des-key-file>
+ *
+ * Example:
+ * ./encrypt2 encrypt2-doc.xml deskey.bin > encrypt2-res.xml
+ *
+ * The result could be decrypted with decrypt1 example:
+ * ./decrypt1 encrypt2-res.xml deskey.bin
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#include <libxml/tree.h>
+#include <libxml/xmlmemory.h>
+#include <libxml/parser.h>
+
+#ifndef XMLSEC_NO_XSLT
+#include <libxslt/xslt.h>
+#include <libxslt/security.h>
+#endif /* XMLSEC_NO_XSLT */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/xmlenc.h>
+#include <xmlsec/templates.h>
+#include <xmlsec/crypto.h>
+
+int encrypt_file(const char* xml_file, const char* key_file);
+
+int
+main(int argc, char **argv) {
+#ifndef XMLSEC_NO_XSLT
+ xsltSecurityPrefsPtr xsltSecPrefs = NULL;
+#endif /* XMLSEC_NO_XSLT */
+
+ assert(argv);
+
+ if(argc != 3) {
+ fprintf(stderr, "Error: wrong number of arguments.\n");
+ fprintf(stderr, "Usage: %s <xml-file> <key-file>\n", argv[0]);
+ return(1);
+ }
+
+ /* Init libxml and libxslt libraries */
+ xmlInitParser();
+ LIBXML_TEST_VERSION
+ xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ xmlSubstituteEntitiesDefault(1);
+#ifndef XMLSEC_NO_XSLT
+ xmlIndentTreeOutput = 1;
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init libxslt */
+#ifndef XMLSEC_NO_XSLT
+ /* disable everything */
+ xsltSecPrefs = xsltNewSecurityPrefs();
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid);
+ xsltSetDefaultSecurityPrefs(xsltSecPrefs);
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init xmlsec library */
+ if(xmlSecInit() < 0) {
+ fprintf(stderr, "Error: xmlsec initialization failed.\n");
+ return(-1);
+ }
+
+ /* Check loaded library version */
+ if(xmlSecCheckVersion() != 1) {
+ fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n");
+ return(-1);
+ }
+
+ /* Load default crypto engine if we are supporting dynamic
+ * loading for xmlsec-crypto libraries. Use the crypto library
+ * name ("openssl", "nss", etc.) to load corresponding
+ * xmlsec-crypto library.
+ */
+#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+ if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) {
+ fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n"
+ "that you have it installed and check shared libraries path\n"
+ "(LD_LIBRARY_PATH) envornment variable.\n");
+ return(-1);
+ }
+#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+
+ /* Init crypto library */
+ if(xmlSecCryptoAppInit(NULL) < 0) {
+ fprintf(stderr, "Error: crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* Init xmlsec-crypto library */
+ if(xmlSecCryptoInit() < 0) {
+ fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
+ return(-1);
+ }
+
+ if(encrypt_file(argv[1], argv[2]) < 0) {
+ return(-1);
+ }
+
+ /* Shutdown xmlsec-crypto library */
+ xmlSecCryptoShutdown();
+
+ /* Shutdown crypto library */
+ xmlSecCryptoAppShutdown();
+
+ /* Shutdown xmlsec library */
+ xmlSecShutdown();
+
+ /* Shutdown libxslt/libxml */
+#ifndef XMLSEC_NO_XSLT
+ xsltFreeSecurityPrefs(xsltSecPrefs);
+ xsltCleanupGlobals();
+#endif /* XMLSEC_NO_XSLT */
+ xmlCleanupParser();
+
+ return(0);
+}
+
+/**
+ * encrypt_file:
+ * @xml_file: the encryption template file name.
+ * @key_file: the Triple DES key file.
+ *
+ * Encrypts #xml_file using a dynamicaly created template and DES key from
+ * #key_file.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+encrypt_file(const char* xml_file, const char* key_file) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr encDataNode = NULL;
+ xmlNodePtr keyInfoNode = NULL;
+ xmlSecEncCtxPtr encCtx = NULL;
+ int res = -1;
+
+ assert(xml_file);
+ assert(key_file);
+
+ /* load template */
+ doc = xmlParseFile(xml_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* create encryption template to encrypt XML file and replace
+ * its content with encryption result */
+ encDataNode = xmlSecTmplEncDataCreate(doc, xmlSecTransformDes3CbcId,
+ NULL, xmlSecTypeEncElement, NULL, NULL);
+ if(encDataNode == NULL) {
+ fprintf(stderr, "Error: failed to create encryption template\n");
+ goto done;
+ }
+
+ /* we want to put encrypted data in the <enc:CipherValue/> node */
+ if(xmlSecTmplEncDataEnsureCipherValue(encDataNode) == NULL) {
+ fprintf(stderr, "Error: failed to add CipherValue node\n");
+ goto done;
+ }
+
+ /* add <dsig:KeyInfo/> and <dsig:KeyName/> nodes to put key name in the signed document */
+ keyInfoNode = xmlSecTmplEncDataEnsureKeyInfo(encDataNode, NULL);
+ if(keyInfoNode == NULL) {
+ fprintf(stderr, "Error: failed to add key info\n");
+ goto done;
+ }
+
+ if(xmlSecTmplKeyInfoAddKeyName(keyInfoNode, NULL) == NULL) {
+ fprintf(stderr, "Error: failed to add key name\n");
+ goto done;
+ }
+
+ /* create encryption context, we don't need keys manager in this example */
+ encCtx = xmlSecEncCtxCreate(NULL);
+ if(encCtx == NULL) {
+ fprintf(stderr,"Error: failed to create encryption context\n");
+ goto done;
+ }
+
+ /* load DES key, assuming that there is not password */
+ encCtx->encKey = xmlSecKeyReadBinaryFile(xmlSecKeyDataDesId, key_file);
+ if(encCtx->encKey == NULL) {
+ fprintf(stderr,"Error: failed to load des key from binary file \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(encCtx->encKey, key_file) < 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* encrypt the data */
+ if(xmlSecEncCtxXmlEncrypt(encCtx, encDataNode, xmlDocGetRootElement(doc)) < 0) {
+ fprintf(stderr,"Error: encryption failed\n");
+ goto done;
+ }
+
+ /* we template is inserted in the doc */
+ encDataNode = NULL;
+
+ /* print encrypted data with document to stdout */
+ xmlDocDump(stdout, doc);
+
+ /* success */
+ res = 0;
+
+done:
+
+ /* cleanup */
+ if(encCtx != NULL) {
+ xmlSecEncCtxDestroy(encCtx);
+ }
+
+ if(encDataNode != NULL) {
+ xmlFreeNode(encDataNode);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+
diff --git a/examples/encrypt3-doc.xml b/examples/encrypt3-doc.xml
new file mode 100644
index 00000000..e017c35a
--- /dev/null
+++ b/examples/encrypt3-doc.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+XML Security Library example: Original XML doc file before encryption (encrypt3 example).
+-->
+<Envelope xmlns="urn:envelope">
+ <Data>
+ Hello, World!
+ </Data>
+</Envelope>
diff --git a/examples/encrypt3-res.xml b/examples/encrypt3-res.xml
new file mode 100644
index 00000000..bcf7439c
--- /dev/null
+++ b/examples/encrypt3-res.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+XML Security Library example: XML doc file encrypted with a session DES key (encrypt3 example).
+-->
+<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element">
+<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
+<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>
+<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+<KeyName>rsakey.pem</KeyName>
+</KeyInfo>
+<CipherData>
+<CipherValue>IPiEu9Nv+EsGyvVeXO9nl5iZhhi+uzQH1I3/DTs3+eamBvioyaawRIlvTql7LYL5
+Mi91Qs8ozfW/fWZ8zB8AE2PosaX37SqiuEta68+65/Ed4v1rkGN0Awux8+gJqJmp
+c2kJhzAoQIAIGAW4nTGP9tl9QUHfwKh2KPA104vezk70ijvF7TrbTmhdfmULAuWK
+Tbsg8sXAPhGmPh5KckM2Xe387iPh4ue2+2TGdWqwXygVdvIUIbcIMq6F+/mWlcmf
+Gs5FVI7CTjaLmeyO4ho+FGmicmqH2hEkZW0a2ktDh4BU/MxYF6L7oayrVWDGp2IH
+dzQAwUT2qJcFjElO8xUz3g==</CipherValue>
+</CipherData>
+</EncryptedKey>
+</KeyInfo>
+<CipherData>
+<CipherValue>xrfPSA+BEI+8ca23RN34gtee5lOMx8Cn+ZGWyxitiktdZ1+XREH+57li63VutCwp
+s6ifbZgXIBsFdxPpMBUFlyTWAAO+NLooIwGoczXi14z62lHr7Ck6FA==</CipherValue>
+</CipherData>
+</EncryptedData>
diff --git a/examples/encrypt3.c b/examples/encrypt3.c
new file mode 100644
index 00000000..aa9465a2
--- /dev/null
+++ b/examples/encrypt3.c
@@ -0,0 +1,340 @@
+/**
+ * XML Security Library example: Encrypting XML file with a session key and dynamicaly created template.
+ *
+ * Encrypts XML file using a dynamicaly created template file and a session
+ * DES key (encrypted with an RSA key).
+ *
+ * Usage:
+ * ./encrypt3 <xml-doc> <rsa-pem-key-file>
+ *
+ * Example:
+ * ./encrypt3 encrypt3-doc.xml rsakey.pem > encrypt3-res.xml
+ *
+ * The result could be decrypted with decrypt3 example:
+ * ./decrypt3 encrypt3-res.xml
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#include <libxml/tree.h>
+#include <libxml/xmlmemory.h>
+#include <libxml/parser.h>
+
+#ifndef XMLSEC_NO_XSLT
+#include <libxslt/xslt.h>
+#include <libxslt/security.h>
+#endif /* XMLSEC_NO_XSLT */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/xmlenc.h>
+#include <xmlsec/templates.h>
+#include <xmlsec/crypto.h>
+
+xmlSecKeysMngrPtr load_rsa_keys(char* key_file);
+int encrypt_file(xmlSecKeysMngrPtr mngr, const char* xml_file, const char* key_name);
+
+int
+main(int argc, char **argv) {
+ xmlSecKeysMngrPtr mngr;
+#ifndef XMLSEC_NO_XSLT
+ xsltSecurityPrefsPtr xsltSecPrefs = NULL;
+#endif /* XMLSEC_NO_XSLT */
+
+ assert(argv);
+
+ if(argc != 3) {
+ fprintf(stderr, "Error: wrong number of arguments.\n");
+ fprintf(stderr, "Usage: %s <xml-file> <key-file>\n", argv[0]);
+ return(1);
+ }
+
+ /* Init libxml and libxslt libraries */
+ xmlInitParser();
+ LIBXML_TEST_VERSION
+ xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ xmlSubstituteEntitiesDefault(1);
+#ifndef XMLSEC_NO_XSLT
+ xmlIndentTreeOutput = 1;
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init libxslt */
+#ifndef XMLSEC_NO_XSLT
+ /* disable everything */
+ xsltSecPrefs = xsltNewSecurityPrefs();
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid);
+ xsltSetDefaultSecurityPrefs(xsltSecPrefs);
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init xmlsec library */
+ if(xmlSecInit() < 0) {
+ fprintf(stderr, "Error: xmlsec initialization failed.\n");
+ return(-1);
+ }
+
+ /* Check loaded library version */
+ if(xmlSecCheckVersion() != 1) {
+ fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n");
+ return(-1);
+ }
+
+ /* Load default crypto engine if we are supporting dynamic
+ * loading for xmlsec-crypto libraries. Use the crypto library
+ * name ("openssl", "nss", etc.) to load corresponding
+ * xmlsec-crypto library.
+ */
+#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+ if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) {
+ fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n"
+ "that you have it installed and check shared libraries path\n"
+ "(LD_LIBRARY_PATH) envornment variable.\n");
+ return(-1);
+ }
+#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+
+ /* Init crypto library */
+ if(xmlSecCryptoAppInit(NULL) < 0) {
+ fprintf(stderr, "Error: crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* Init xmlsec-crypto library */
+ if(xmlSecCryptoInit() < 0) {
+ fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* create keys manager and load keys */
+ mngr = load_rsa_keys(argv[2]);
+ if(mngr == NULL) {
+ return(-1);
+ }
+
+ /* we use key filename as key name here */
+ if(encrypt_file(mngr, argv[1], argv[2]) < 0) {
+ xmlSecKeysMngrDestroy(mngr);
+ return(-1);
+ }
+
+ /* destroy keys manager */
+ xmlSecKeysMngrDestroy(mngr);
+
+ /* Shutdown xmlsec-crypto library */
+ xmlSecCryptoShutdown();
+
+ /* Shutdown crypto library */
+ xmlSecCryptoAppShutdown();
+
+ /* Shutdown xmlsec library */
+ xmlSecShutdown();
+
+ /* Shutdown libxslt/libxml */
+#ifndef XMLSEC_NO_XSLT
+ xsltFreeSecurityPrefs(xsltSecPrefs);
+ xsltCleanupGlobals();
+#endif /* XMLSEC_NO_XSLT */
+ xmlCleanupParser();
+
+ return(0);
+}
+
+/**
+ * load_rsa_keys:
+ * @key_file: the key filename.
+ *
+ * Creates simple keys manager and load RSA key from #key_file in it.
+ * The caller is responsible for destroing returned keys manager using
+ * @xmlSecKeysMngrDestroy.
+ *
+ * Returns the pointer to newly created keys manager or NULL if an error
+ * occurs.
+ */
+xmlSecKeysMngrPtr
+load_rsa_keys(char* key_file) {
+ xmlSecKeysMngrPtr mngr;
+ xmlSecKeyPtr key;
+
+ assert(key_file);
+
+ /* create and initialize keys manager, we use a simple list based
+ * keys manager, implement your own xmlSecKeysStore klass if you need
+ * something more sophisticated
+ */
+ mngr = xmlSecKeysMngrCreate();
+ if(mngr == NULL) {
+ fprintf(stderr, "Error: failed to create keys manager.\n");
+ return(NULL);
+ }
+ if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) {
+ fprintf(stderr, "Error: failed to initialize keys manager.\n");
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* load private RSA key */
+ key = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
+ if(key == NULL) {
+ fprintf(stderr,"Error: failed to load rsa key from file \"%s\"\n", key_file);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(key, BAD_CAST key_file) < 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
+ xmlSecKeyDestroy(key);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* add key to keys manager, from now on keys manager is responsible
+ * for destroying key
+ */
+ if(xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key) < 0) {
+ fprintf(stderr,"Error: failed to add key from \"%s\" to keys manager\n", key_file);
+ xmlSecKeyDestroy(key);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ return(mngr);
+}
+
+/**
+ * encrypt_file:
+ * @mngr: the pointer to keys manager.
+ * @xml_file: the encryption template file name.
+ * @key_name: the RSA key name.
+ *
+ * Encrypts #xml_file using a dynamicaly created template, a session DES key
+ * and an RSA key from keys manager.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+encrypt_file(xmlSecKeysMngrPtr mngr, const char* xml_file, const char* key_name) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr encDataNode = NULL;
+ xmlNodePtr keyInfoNode = NULL;
+ xmlNodePtr encKeyNode = NULL;
+ xmlNodePtr keyInfoNode2 = NULL;
+ xmlSecEncCtxPtr encCtx = NULL;
+ int res = -1;
+
+ assert(mngr);
+ assert(xml_file);
+ assert(key_name);
+
+ /* load template */
+ doc = xmlParseFile(xml_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* create encryption template to encrypt XML file and replace
+ * its content with encryption result */
+ encDataNode = xmlSecTmplEncDataCreate(doc, xmlSecTransformDes3CbcId,
+ NULL, xmlSecTypeEncElement, NULL, NULL);
+ if(encDataNode == NULL) {
+ fprintf(stderr, "Error: failed to create encryption template\n");
+ goto done;
+ }
+
+ /* we want to put encrypted data in the <enc:CipherValue/> node */
+ if(xmlSecTmplEncDataEnsureCipherValue(encDataNode) == NULL) {
+ fprintf(stderr, "Error: failed to add CipherValue node\n");
+ goto done;
+ }
+
+ /* add <dsig:KeyInfo/> */
+ keyInfoNode = xmlSecTmplEncDataEnsureKeyInfo(encDataNode, NULL);
+ if(keyInfoNode == NULL) {
+ fprintf(stderr, "Error: failed to add key info\n");
+ goto done;
+ }
+
+ /* add <enc:EncryptedKey/> to store the encrypted session key */
+ encKeyNode = xmlSecTmplKeyInfoAddEncryptedKey(keyInfoNode,
+ xmlSecTransformRsaPkcs1Id,
+ NULL, NULL, NULL);
+ if(encKeyNode == NULL) {
+ fprintf(stderr, "Error: failed to add key info\n");
+ goto done;
+ }
+
+ /* we want to put encrypted key in the <enc:CipherValue/> node */
+ if(xmlSecTmplEncDataEnsureCipherValue(encKeyNode) == NULL) {
+ fprintf(stderr, "Error: failed to add CipherValue node\n");
+ goto done;
+ }
+
+ /* add <dsig:KeyInfo/> and <dsig:KeyName/> nodes to <enc:EncryptedKey/> */
+ keyInfoNode2 = xmlSecTmplEncDataEnsureKeyInfo(encKeyNode, NULL);
+ if(keyInfoNode2 == NULL) {
+ fprintf(stderr, "Error: failed to add key info\n");
+ goto done;
+ }
+
+ /* set key name so we can lookup key when needed */
+ if(xmlSecTmplKeyInfoAddKeyName(keyInfoNode2, key_name) == NULL) {
+ fprintf(stderr, "Error: failed to add key name\n");
+ goto done;
+ }
+
+ /* create encryption context */
+ encCtx = xmlSecEncCtxCreate(mngr);
+ if(encCtx == NULL) {
+ fprintf(stderr,"Error: failed to create encryption context\n");
+ goto done;
+ }
+
+ /* generate a Triple DES key */
+ encCtx->encKey = xmlSecKeyGenerate(xmlSecKeyDataDesId, 192, xmlSecKeyDataTypeSession);
+ if(encCtx->encKey == NULL) {
+ fprintf(stderr,"Error: failed to generate session des key\n");
+ goto done;
+ }
+
+ /* encrypt the data */
+ if(xmlSecEncCtxXmlEncrypt(encCtx, encDataNode, xmlDocGetRootElement(doc)) < 0) {
+ fprintf(stderr,"Error: encryption failed\n");
+ goto done;
+ }
+
+ /* we template is inserted in the doc */
+ encDataNode = NULL;
+
+ /* print encrypted data with document to stdout */
+ xmlDocDump(stdout, doc);
+
+ /* success */
+ res = 0;
+
+done:
+
+ /* cleanup */
+ if(encCtx != NULL) {
+ xmlSecEncCtxDestroy(encCtx);
+ }
+
+ if(encDataNode != NULL) {
+ xmlFreeNode(encDataNode);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+
diff --git a/examples/mywin32make.bat b/examples/mywin32make.bat
new file mode 100644
index 00000000..a7d22803
--- /dev/null
+++ b/examples/mywin32make.bat
@@ -0,0 +1,18 @@
+@echo off
+REM
+REM This is my personal configuration file.
+REM I am lazy to type all this crap again and again
+REM You are welcome to customize this file for your
+REM needs but do not check it into the CVS, please.
+REM
+REM Aleksey Sanin <aleksey@aleksey.com>
+REM
+
+SET XMLSEC_PREFIX=C:\cygwin\home\local
+SET XMLSEC_INCLUDE=%XMLSEC_PREFIX%\include
+SET XMLSEC_LIB=%XMLSEC_PREFIX%\lib
+
+SET INCLUDE=%XMLSEC_INCLUDE%;%INCLUDE%
+SET LIB=%XMLSEC_LIB%;%LIB%
+
+nmake -f Makefile.w32 %1 %2 %3
diff --git a/examples/rootcert.pem b/examples/rootcert.pem
new file mode 100644
index 00000000..38144d65
--- /dev/null
+++ b/examples/rootcert.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEPDCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTE9MDsGA1UE
+ChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20v
+eG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxl
+a3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4X
+DTAyMDIwMjA4MDAzOFoXDTEyMDEzMTA4MDAzOFowgcsxCzAJBgNVBAYTAlVTMRMw
+EQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxPTA7BgNVBAoT
+NFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3ht
+bHNlYykxGTAXBgNVBAsTEFJvb3QgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtz
+ZXkgU2FuaW4xITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAvSvv4RNOzsjL+FQEoMwkidOOjJQciB2x
+WxI1QPkwFVC5Z86BcQugOWVJ+4JVTtE2uDjFElNI9SMINhd+4GkxlK+TVHvSZfCT
+Ia/EichBfRfZcPjVnXH3pzFCC9JkbGOIFAzuhBcz+KvN8gntuumolN2/fBYCbFZX
+4otzgMd5Rm8CAwEAAaOCASwwggEoMB0GA1UdDgQWBBS0ue+a5pcOaGUemM76VQ2J
+BttMfDCB+AYDVR0jBIHwMIHtgBS0ue+a5pcOaGUemM76VQ2JBttMfKGB0aSBzjCB
+yzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1
+bm55dmFsZTE9MDsGA1UEChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93
+d3cuYWxla3NleS5jb20veG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0
+ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2Vj
+QGFsZWtzZXkuY29tggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEA
+J/+WEipxRms7bdg0ORf+ipHNwgdvWDxaLeQqqKMSacHDFVZyKdurm4onypNI2w9K
+Gk6XKipJT67ew4QpVMgv5LAIoErMxIcVYu1tAfhjtNK5neF6X5v/r/cRQkdIYaaF
+BlnBUmHY6x83aiSMC2ASG2MKL8UDqF/y2/SlPuxmG50=
+-----END CERTIFICATE-----
diff --git a/examples/rsacert.pem b/examples/rsacert.pem
new file mode 100644
index 00000000..02489a43
--- /dev/null
+++ b/examples/rsacert.pem
@@ -0,0 +1,83 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 5 (0x5)
+ Signature Algorithm: md5WithRSAEncryption
+ Issuer: C=US, ST=California, L=Sunnyvale, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Root Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ Validity
+ Not Before: Mar 31 04:02:22 2003 GMT
+ Not After : Mar 28 04:02:22 2013 GMT
+ Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Examples RSA Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:97:b8:fe:b4:3f:83:35:78:16:89:04:ec:2b:61:
+ 8c:bf:c4:5f:00:81:4a:45:e6:d9:cd:e9:e2:3c:97:
+ 3b:45:ad:aa:e6:8d:0b:77:71:07:01:4f:7c:f9:7d:
+ e2:19:aa:dd:91:59:f4:f1:cf:3d:ba:78:46:96:11:
+ 9c:b6:5b:46:39:73:55:23:aa:f7:9e:00:5c:e5:e9:
+ 49:ec:3b:9c:3f:84:99:3a:90:ad:df:7e:64:86:c6:
+ 26:72:ce:31:08:79:7e:13:15:b8:e5:bf:d6:56:02:
+ 8d:60:21:4c:27:18:64:fb:fb:55:70:f6:33:bd:2f:
+ 55:70:d5:5e:7e:99:ae:a4:e0:aa:45:47:13:a8:30:
+ d5:a0:8a:9d:cc:20:ec:e4:8e:51:c9:54:c5:7f:3e:
+ 66:2d:74:bf:a3:7a:f8:f3:ec:94:57:39:b4:ac:00:
+ 75:62:61:54:b4:d0:e0:52:86:f8:5e:77:ec:50:43:
+ 9c:d2:ba:a7:8c:62:5a:bc:b2:fe:f3:cc:62:7e:23:
+ 60:6b:c7:51:49:37:78:7e:25:15:30:ab:fa:b4:ae:
+ 25:8f:22:fc:a3:48:7f:f2:0a:8a:6e:e0:fe:8d:f0:
+ 01:ed:c6:33:cc:6b:a1:fd:a6:80:ef:06:8c:af:f6:
+ 40:3a:8e:42:14:20:61:12:1f:e3:fc:05:b1:05:d5:
+ 65:c3
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 24:84:2C:F2:D4:59:20:62:8B:2E:5C:86:90:A3:AA:30:BA:27:1A:9C
+ X509v3 Authority Key Identifier:
+ keyid:B4:B9:EF:9A:E6:97:0E:68:65:1E:98:CE:FA:55:0D:89:06:DB:4C:7C
+ DirName:/C=US/ST=California/L=Sunnyvale/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Root Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ serial:00
+
+ Signature Algorithm: md5WithRSAEncryption
+ b5:3f:9b:32:31:4a:ff:2f:84:3b:a8:9b:11:5c:a6:5c:f0:76:
+ 52:d9:6e:f4:90:ad:fa:0d:90:c1:98:d5:4a:12:dd:82:6b:37:
+ e8:d9:2d:62:92:c9:61:37:98:86:8f:a4:49:6a:5e:25:d0:18:
+ 69:30:0f:98:8f:43:58:89:31:b2:3b:05:e2:ef:c7:a6:71:5f:
+ f7:fe:73:c5:a7:b2:cd:2e:73:53:71:7d:a8:4c:68:1a:32:1b:
+ 5e:48:2f:8f:9b:7a:a3:b5:f3:67:e8:b1:a2:89:4e:b2:4d:1b:
+ 79:9c:ff:f0:0d:19:4f:4e:b1:03:3d:99:f0:44:b7:8a:0b:34:
+ 9d:83
+-----BEGIN CERTIFICATE-----
+MIIE3zCCBEigAwIBAgIBBTANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTE9MDsGA1UE
+ChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20v
+eG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxl
+a3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4X
+DTAzMDMzMTA0MDIyMloXDTEzMDMyODA0MDIyMlowgb8xCzAJBgNVBAYTAlVTMRMw
+EQYDVQQIEwpDYWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGlicmFy
+eSAoaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMpMSEwHwYDVQQLExhFeGFt
+cGxlcyBSU0EgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAf
+BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAJe4/rQ/gzV4FokE7CthjL/EXwCBSkXm2c3p4jyXO0Wt
+quaNC3dxBwFPfPl94hmq3ZFZ9PHPPbp4RpYRnLZbRjlzVSOq954AXOXpSew7nD+E
+mTqQrd9+ZIbGJnLOMQh5fhMVuOW/1lYCjWAhTCcYZPv7VXD2M70vVXDVXn6ZrqTg
+qkVHE6gw1aCKncwg7OSOUclUxX8+Zi10v6N6+PPslFc5tKwAdWJhVLTQ4FKG+F53
+7FBDnNK6p4xiWryy/vPMYn4jYGvHUUk3eH4lFTCr+rSuJY8i/KNIf/IKim7g/o3w
+Ae3GM8xrof2mgO8GjK/2QDqOQhQgYRIf4/wFsQXVZcMCAwEAAaOCAVcwggFTMAkG
+A1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRp
+ZmljYXRlMB0GA1UdDgQWBBQkhCzy1FkgYosuXIaQo6owuicanDCB+AYDVR0jBIHw
+MIHtgBS0ue+a5pcOaGUemM76VQ2JBttMfKGB0aSBzjCByzELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTE9MDsGA1UE
+ChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20v
+eG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxl
+a3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggEA
+MA0GCSqGSIb3DQEBBAUAA4GBALU/mzIxSv8vhDuomxFcplzwdlLZbvSQrfoNkMGY
+1UoS3YJrN+jZLWKSyWE3mIaPpElqXiXQGGkwD5iPQ1iJMbI7BeLvx6ZxX/f+c8Wn
+ss0uc1NxfahMaBoyG15IL4+beqO182fosaKJTrJNG3mc//ANGU9OsQM9mfBEt4oL
+NJ2D
+-----END CERTIFICATE-----
diff --git a/examples/rsakey.pem b/examples/rsakey.pem
new file mode 100644
index 00000000..55d2fd9b
--- /dev/null
+++ b/examples/rsakey.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAl7j+tD+DNXgWiQTsK2GMv8RfAIFKRebZzeniPJc7Ra2q5o0L
+d3EHAU98+X3iGardkVn08c89unhGlhGctltGOXNVI6r3ngBc5elJ7DucP4SZOpCt
+335khsYmcs4xCHl+ExW45b/WVgKNYCFMJxhk+/tVcPYzvS9VcNVefpmupOCqRUcT
+qDDVoIqdzCDs5I5RyVTFfz5mLXS/o3r48+yUVzm0rAB1YmFUtNDgUob4XnfsUEOc
+0rqnjGJavLL+88xifiNga8dRSTd4fiUVMKv6tK4ljyL8o0h/8gqKbuD+jfAB7cYz
+zGuh/aaA7waMr/ZAOo5CFCBhEh/j/AWxBdVlwwIDAQABAoIBAQCAvt6DnZF9gdW9
+l4vAlBqXb88d4phgELCp5tmviLUnP2NSGEWuqR7Eoeru2z9NgIxblvYfazh6Ty22
+kmNk6rcAcTnB9oYAcVZjUj8EUuEXlTFhXPvuNpafNu3RZd59znqJP1mSu+LpQWku
+NZMlabHnkTLDlGf7FXtvL9/rlgV4qk3QcDVF793JFszWrtK3mnld3KHQ6cuo9iSm
+0rQKtkDjeHsRell8qTQvfBsgG1q2bv8QWT45/eQrra9mMbGTr3DbnXvoeJmTj1VN
+XJV7tBNllxxPahlYMByJaf/Tuva5j6HWUEIfYky5ihr2z1P/fNQ2OSCM6SQHpkiG
+EXQDueXBAoGBAMfW7KcmToEQEcTiqfey6C1LOLoemcX0/ROUktPq/5JQJRRrT4t7
+XevLX0ed8sLyR5T29XQtdnuV0DJfvcJD+6ZwfOcQ+f6ZzCaNXJP97JtEt5kSWY01
+Ei+nphZ0RFvPb04V3qDU9dElU26GR36CRBYJyM2WQPx4v+/YyDSZH9kLAoGBAMJc
+ZBU8pRbIia/FFOHUlS3v5P18nVmXyOd0fvRq0ZelaQCebTZ4K9wjnCfw//yzkb2Z
+0vZFNB+xVBKB0Pt6nVvnSNzxdQ8EAXVFwHtXa25FUyP2RERQgTvmajqmgWjZsDYp
+6GHcK3ZhmdmscQHF/Q2Uo4scvBcheahm9IXiNskpAoGAXelEgTBhSAmTMCEMmti6
+fz6QQ/bJcNu2apMxhOE0hT+gjT34vaWV9481EWTKho5w0TJVGumaem1mz6VqeXaV
+Nhw6tiOmN91ysNNRpEJ6BGWAmjCjYNaF21s/k+HDlhmfRuTEIHSzqDuQP6pewrbY
+5Dpo4SQxGfRsznvjacRj0Q0CgYBN247oBvQnDUxCkhNMZ8kersOvW5T4x9neBge5
+R3UQZ12Jtu0O7dK8C7PJODyDcTeHmTAuIQjBTVrdUw1xP+v7XcoNX9hBnJws6zUw
+85MAiFrGxCcSqqEqaqHRPtQGOXXiLKV/ViA++tgTn4VhbXtyTkG5P1iFd45xjFSV
+sUm7CQKBgDn92tHxzePly1L1mK584TkVryx4cP9RFHpebnmNduGwwjnRuYipoj8y
+pPPAkVbbaA3f9OB2go48rN0Ft9nHdlqgh9BpIKCVtkIb1XN0K3Oa/8BW8W/GAiNG
+HJcsrOtIrGVRdlyJG6bDaN8T49DnhOcsqMbf+IkIvfh50VeE9L/e
+-----END RSA PRIVATE KEY-----
diff --git a/examples/rsapub.pem b/examples/rsapub.pem
new file mode 100644
index 00000000..838a346d
--- /dev/null
+++ b/examples/rsapub.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl7j+tD+DNXgWiQTsK2GM
+v8RfAIFKRebZzeniPJc7Ra2q5o0Ld3EHAU98+X3iGardkVn08c89unhGlhGctltG
+OXNVI6r3ngBc5elJ7DucP4SZOpCt335khsYmcs4xCHl+ExW45b/WVgKNYCFMJxhk
++/tVcPYzvS9VcNVefpmupOCqRUcTqDDVoIqdzCDs5I5RyVTFfz5mLXS/o3r48+yU
+Vzm0rAB1YmFUtNDgUob4XnfsUEOc0rqnjGJavLL+88xifiNga8dRSTd4fiUVMKv6
+tK4ljyL8o0h/8gqKbuD+jfAB7cYzzGuh/aaA7waMr/ZAOo5CFCBhEh/j/AWxBdVl
+wwIDAQAB
+-----END PUBLIC KEY-----
diff --git a/examples/sign1-res.xml b/examples/sign1-res.xml
new file mode 100644
index 00000000..04d8fed0
--- /dev/null
+++ b/examples/sign1-res.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+XML Security Library example: Signed file (sign1 example).
+-->
+<Envelope xmlns="urn:envelope">
+ <Data>
+ Hello, World!
+ </Data>
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <DigestValue>9H/rQr2Axe9hYTV2n/tCp+3UIQQ=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>Mx4psIy9/UY+u8QBJRDrwQWKRaCGz0WOVftyDzAe6WHAFSjMNr7qb2ojq9kdipT8
+Oub5q2OQ7mzdSLiiejkrO1VeqM/90yEIGI4En6KEB6ArEzw+iq4N1wm6EptcyxXx
+M9StAOOa9ilWYqR9Tfx3SW1urUIuKYgUitxsONiUHBVaW6HeX51bsXoTF++4ZI+D
+jiPBjN4HHmr0cbJ6BXk91S27ffZIfp1Qj5nL9onFLUGbR6EFgu2luiRzQbPuM2tP
+XxyI7GZ8AfHnRJK28ARvBC9oi+O1ej20S79CIV7gdBxbLbFprozBHAwOEC57YgJc
+x+YEjSjcO7SBIR1FiUA7pw==</SignatureValue>
+ <KeyInfo>
+ <KeyName>rsakey.pem</KeyName>
+ </KeyInfo>
+ </Signature>
+</Envelope>
diff --git a/examples/sign1-tmpl.xml b/examples/sign1-tmpl.xml
new file mode 100644
index 00000000..ac71a949
--- /dev/null
+++ b/examples/sign1-tmpl.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+XML Security Library example: Simple signature template file for sign1 example.
+-->
+<Envelope xmlns="urn:envelope">
+ <Data>
+ Hello, World!
+ </Data>
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue/>
+ <KeyInfo>
+ <KeyName/>
+ </KeyInfo>
+ </Signature>
+</Envelope>
+
diff --git a/examples/sign1.c b/examples/sign1.c
new file mode 100644
index 00000000..e545843f
--- /dev/null
+++ b/examples/sign1.c
@@ -0,0 +1,212 @@
+/**
+ * XML Security Library example: Signing a template file.
+ *
+ * Signs a template file using a key from PEM file
+ *
+ * Usage:
+ * ./sign1 <xml-tmpl> <pem-key>
+ *
+ * Example:
+ * ./sign1 sign1-tmpl.xml rsakey.pem > sign1-res.xml
+ *
+ * The result signature could be validated using verify1 example:
+ * ./verify1 sign1-res.xml rsapub.pem
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#include <libxml/tree.h>
+#include <libxml/xmlmemory.h>
+#include <libxml/parser.h>
+
+#ifndef XMLSEC_NO_XSLT
+#include <libxslt/xslt.h>
+#include <libxslt/security.h>
+#endif /* XMLSEC_NO_XSLT */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/xmldsig.h>
+#include <xmlsec/crypto.h>
+
+int sign_file(const char* tmpl_file, const char* key_file);
+
+int
+main(int argc, char **argv) {
+#ifndef XMLSEC_NO_XSLT
+ xsltSecurityPrefsPtr xsltSecPrefs = NULL;
+#endif /* XMLSEC_NO_XSLT */
+
+ assert(argv);
+
+ if(argc != 3) {
+ fprintf(stderr, "Error: wrong number of arguments.\n");
+ fprintf(stderr, "Usage: %s <tmpl-file> <key-file>\n", argv[0]);
+ return(1);
+ }
+
+ /* Init libxml and libxslt libraries */
+ xmlInitParser();
+ LIBXML_TEST_VERSION
+ xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ xmlSubstituteEntitiesDefault(1);
+#ifndef XMLSEC_NO_XSLT
+ xmlIndentTreeOutput = 1;
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init libxslt */
+#ifndef XMLSEC_NO_XSLT
+ /* disable everything */
+ xsltSecPrefs = xsltNewSecurityPrefs();
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid);
+ xsltSetDefaultSecurityPrefs(xsltSecPrefs);
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init xmlsec library */
+ if(xmlSecInit() < 0) {
+ fprintf(stderr, "Error: xmlsec initialization failed.\n");
+ return(-1);
+ }
+
+ /* Check loaded library version */
+ if(xmlSecCheckVersion() != 1) {
+ fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n");
+ return(-1);
+ }
+
+ /* Load default crypto engine if we are supporting dynamic
+ * loading for xmlsec-crypto libraries. Use the crypto library
+ * name ("openssl", "nss", etc.) to load corresponding
+ * xmlsec-crypto library.
+ */
+#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+ if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) {
+ fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n"
+ "that you have it installed and check shared libraries path\n"
+ "(LD_LIBRARY_PATH) envornment variable.\n");
+ return(-1);
+ }
+#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+
+ /* Init crypto library */
+ if(xmlSecCryptoAppInit(NULL) < 0) {
+ fprintf(stderr, "Error: crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* Init xmlsec-crypto library */
+ if(xmlSecCryptoInit() < 0) {
+ fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
+ return(-1);
+ }
+
+ if(sign_file(argv[1], argv[2]) < 0) {
+ return(-1);
+ }
+
+ /* Shutdown xmlsec-crypto library */
+ xmlSecCryptoShutdown();
+
+ /* Shutdown crypto library */
+ xmlSecCryptoAppShutdown();
+
+ /* Shutdown xmlsec library */
+ xmlSecShutdown();
+
+ /* Shutdown libxslt/libxml */
+#ifndef XMLSEC_NO_XSLT
+ xsltFreeSecurityPrefs(xsltSecPrefs);
+ xsltCleanupGlobals();
+#endif /* XMLSEC_NO_XSLT */
+ xmlCleanupParser();
+
+ return(0);
+}
+
+/**
+ * sign_file:
+ * @tmpl_file: the signature template file name.
+ * @key_file: the PEM private key file name.
+ *
+ * Signs the #tmpl_file using private key from #key_file.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+sign_file(const char* tmpl_file, const char* key_file) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr node = NULL;
+ xmlSecDSigCtxPtr dsigCtx = NULL;
+ int res = -1;
+
+ assert(tmpl_file);
+ assert(key_file);
+
+ /* load template */
+ doc = xmlParseFile(tmpl_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", tmpl_file);
+ goto done;
+ }
+
+ /* find start node */
+ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
+ if(node == NULL) {
+ fprintf(stderr, "Error: start node not found in \"%s\"\n", tmpl_file);
+ goto done;
+ }
+
+ /* create signature context, we don't need keys manager in this example */
+ dsigCtx = xmlSecDSigCtxCreate(NULL);
+ if(dsigCtx == NULL) {
+ fprintf(stderr,"Error: failed to create signature context\n");
+ goto done;
+ }
+
+ /* load private key, assuming that there is not password */
+ dsigCtx->signKey = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
+ if(dsigCtx->signKey == NULL) {
+ fprintf(stderr,"Error: failed to load private pem key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(dsigCtx->signKey, key_file) < 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* sign the template */
+ if(xmlSecDSigCtxSign(dsigCtx, node) < 0) {
+ fprintf(stderr,"Error: signature failed\n");
+ goto done;
+ }
+
+ /* print signed document to stdout */
+ xmlDocDump(stdout, doc);
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(dsigCtx != NULL) {
+ xmlSecDSigCtxDestroy(dsigCtx);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+
diff --git a/examples/sign2-doc.xml b/examples/sign2-doc.xml
new file mode 100644
index 00000000..5d9fb352
--- /dev/null
+++ b/examples/sign2-doc.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+XML Security Library example: Original XML doc file for sign2 example.
+-->
+<Envelope xmlns="urn:envelope">
+ <Data>
+ Hello, World!
+ </Data>
+</Envelope>
diff --git a/examples/sign2-res.xml b/examples/sign2-res.xml
new file mode 100644
index 00000000..b37cad94
--- /dev/null
+++ b/examples/sign2-res.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+XML Security Library example: Signed XML doc file (sign2 example).
+-->
+<Envelope xmlns="urn:envelope">
+ <Data>
+ Hello, World!
+ </Data>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+<SignedInfo>
+<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+<Reference>
+<Transforms>
+<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+</Transforms>
+<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+<DigestValue>HjY8ilZAIEM2tBbPn5mYO1ieIX4=</DigestValue>
+</Reference>
+</SignedInfo>
+<SignatureValue>SIaj/6KY3C1SmDXU2++Gm31U1xTadFp04WhBgfsJFbxrL+q7GKSKN9kfQ+UpN9+i
+D5fWmuavXEHe4Gw6RMaMEkq2URQo7F68+d5J/ajq8/l4n+xE6/reGScVwT6L4dEP
+XXVJcAi2ZnQ3O7GTNvNGCPibL9mUcyCWBFZ92Uemtc/vJFCQ7ZyKMdMfACgxOwyN
+T/9971oog241/2doudhonc0I/3mgPYWkZdX6yvr62mEjnG+oUZkhWYJ4ewZJ4hM4
+JjbFqZO+OEzDRSbw3DkmuBA/mtlx+3t13SESfEub5hqoMdVmtth/eTb64dsPdl9r
+3k1ACVX9f8aHfQQdJOmLFQ==</SignatureValue>
+<KeyInfo>
+<KeyName>rsakey.pem</KeyName>
+</KeyInfo>
+</Signature></Envelope>
diff --git a/examples/sign2.c b/examples/sign2.c
new file mode 100644
index 00000000..146bbbaa
--- /dev/null
+++ b/examples/sign2.c
@@ -0,0 +1,248 @@
+/**
+ * XML Security Library example: Signing a file with a dynamicaly created template.
+ *
+ * Signs a file using a dynamicaly created template and key from PEM file.
+ * The signature has one reference with one enveloped transform to sign
+ * the whole document except the <dsig:Signature/> node itself.
+ *
+ * Usage:
+ * sign2 <xml-doc> <pem-key>
+ *
+ * Example:
+ * ./sign2 sign2-doc.xml rsakey.pem > sign2-res.xml
+ *
+ * The result signature could be validated using verify1 example:
+ * ./verify1 sign2-res.xml rsapub.pem
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#include <libxml/tree.h>
+#include <libxml/xmlmemory.h>
+#include <libxml/parser.h>
+
+#ifndef XMLSEC_NO_XSLT
+#include <libxslt/xslt.h>
+#include <libxslt/security.h>
+#endif /* XMLSEC_NO_XSLT */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/xmldsig.h>
+#include <xmlsec/templates.h>
+#include <xmlsec/crypto.h>
+
+int sign_file(const char* xml_file, const char* key_file);
+
+int
+main(int argc, char **argv) {
+#ifndef XMLSEC_NO_XSLT
+ xsltSecurityPrefsPtr xsltSecPrefs = NULL;
+#endif /* XMLSEC_NO_XSLT */
+
+ assert(argv);
+
+ if(argc != 3) {
+ fprintf(stderr, "Error: wrong number of arguments.\n");
+ fprintf(stderr, "Usage: %s <xml-file> <key-file>\n", argv[0]);
+ return(1);
+ }
+
+ /* Init libxml and libxslt libraries */
+ xmlInitParser();
+ LIBXML_TEST_VERSION
+ xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ xmlSubstituteEntitiesDefault(1);
+#ifndef XMLSEC_NO_XSLT
+ xmlIndentTreeOutput = 1;
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init libxslt */
+#ifndef XMLSEC_NO_XSLT
+ /* disable everything */
+ xsltSecPrefs = xsltNewSecurityPrefs();
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid);
+ xsltSetDefaultSecurityPrefs(xsltSecPrefs);
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init xmlsec library */
+ if(xmlSecInit() < 0) {
+ fprintf(stderr, "Error: xmlsec initialization failed.\n");
+ return(-1);
+ }
+
+ /* Check loaded library version */
+ if(xmlSecCheckVersion() != 1) {
+ fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n");
+ return(-1);
+ }
+
+ /* Load default crypto engine if we are supporting dynamic
+ * loading for xmlsec-crypto libraries. Use the crypto library
+ * name ("openssl", "nss", etc.) to load corresponding
+ * xmlsec-crypto library.
+ */
+#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+ if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) {
+ fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n"
+ "that you have it installed and check shared libraries path\n"
+ "(LD_LIBRARY_PATH) envornment variable.\n");
+ return(-1);
+ }
+#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+
+ /* Init crypto library */
+ if(xmlSecCryptoAppInit(NULL) < 0) {
+ fprintf(stderr, "Error: crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* Init xmlsec-crypto library */
+ if(xmlSecCryptoInit() < 0) {
+ fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
+ return(-1);
+ }
+
+ if(sign_file(argv[1], argv[2]) < 0) {
+ return(-1);
+ }
+
+ /* Shutdown xmlsec-crypto library */
+ xmlSecCryptoShutdown();
+
+ /* Shutdown crypto library */
+ xmlSecCryptoAppShutdown();
+
+ /* Shutdown xmlsec library */
+ xmlSecShutdown();
+
+ /* Shutdown libxslt/libxml */
+#ifndef XMLSEC_NO_XSLT
+ xsltFreeSecurityPrefs(xsltSecPrefs);
+ xsltCleanupGlobals();
+#endif /* XMLSEC_NO_XSLT */
+ xmlCleanupParser();
+
+ return(0);
+}
+
+/**
+ * sign_file:
+ * @xml_file: the XML file name.
+ * @key_file: the PEM private key file name.
+ *
+ * Signs the #xml_file using private key from #key_file and dynamicaly
+ * created enveloped signature template.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+sign_file(const char* xml_file, const char* key_file) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr signNode = NULL;
+ xmlNodePtr refNode = NULL;
+ xmlNodePtr keyInfoNode = NULL;
+ xmlSecDSigCtxPtr dsigCtx = NULL;
+ int res = -1;
+
+ assert(xml_file);
+ assert(key_file);
+
+ /* load doc file */
+ doc = xmlParseFile(xml_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* create signature template for RSA-SHA1 enveloped signature */
+ signNode = xmlSecTmplSignatureCreate(doc, xmlSecTransformExclC14NId,
+ xmlSecTransformRsaSha1Id, NULL);
+ if(signNode == NULL) {
+ fprintf(stderr, "Error: failed to create signature template\n");
+ goto done;
+ }
+
+ /* add <dsig:Signature/> node to the doc */
+ xmlAddChild(xmlDocGetRootElement(doc), signNode);
+
+ /* add reference */
+ refNode = xmlSecTmplSignatureAddReference(signNode, xmlSecTransformSha1Id,
+ NULL, NULL, NULL);
+ if(refNode == NULL) {
+ fprintf(stderr, "Error: failed to add reference to signature template\n");
+ goto done;
+ }
+
+ /* add enveloped transform */
+ if(xmlSecTmplReferenceAddTransform(refNode, xmlSecTransformEnvelopedId) == NULL) {
+ fprintf(stderr, "Error: failed to add enveloped transform to reference\n");
+ goto done;
+ }
+
+ /* add <dsig:KeyInfo/> and <dsig:KeyName/> nodes to put key name in the signed document */
+ keyInfoNode = xmlSecTmplSignatureEnsureKeyInfo(signNode, NULL);
+ if(keyInfoNode == NULL) {
+ fprintf(stderr, "Error: failed to add key info\n");
+ goto done;
+ }
+
+ if(xmlSecTmplKeyInfoAddKeyName(keyInfoNode, NULL) == NULL) {
+ fprintf(stderr, "Error: failed to add key name\n");
+ goto done;
+ }
+
+ /* create signature context, we don't need keys manager in this example */
+ dsigCtx = xmlSecDSigCtxCreate(NULL);
+ if(dsigCtx == NULL) {
+ fprintf(stderr,"Error: failed to create signature context\n");
+ goto done;
+ }
+
+ /* load private key, assuming that there is not password */
+ dsigCtx->signKey = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
+ if(dsigCtx->signKey == NULL) {
+ fprintf(stderr,"Error: failed to load private pem key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(dsigCtx->signKey, key_file) < 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* sign the template */
+ if(xmlSecDSigCtxSign(dsigCtx, signNode) < 0) {
+ fprintf(stderr,"Error: signature failed\n");
+ goto done;
+ }
+
+ /* print signed document to stdout */
+ xmlDocDump(stdout, doc);
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(dsigCtx != NULL) {
+ xmlSecDSigCtxDestroy(dsigCtx);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+
diff --git a/examples/sign3-doc.xml b/examples/sign3-doc.xml
new file mode 100644
index 00000000..f75da16a
--- /dev/null
+++ b/examples/sign3-doc.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+XML Security Library example: Original XML doc file for sign3 example.
+-->
+<Envelope xmlns="urn:envelope">
+ <Data>
+ Hello, World!
+ </Data>
+</Envelope>
diff --git a/examples/sign3-res.xml b/examples/sign3-res.xml
new file mode 100644
index 00000000..847e1af2
--- /dev/null
+++ b/examples/sign3-res.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+XML Security Library example: Signed XML doc file (sign3 example).
+-->
+<Envelope xmlns="urn:envelope">
+ <Data>
+ Hello, World!
+ </Data>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+<SignedInfo>
+<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+<Reference>
+<Transforms>
+<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+</Transforms>
+<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+<DigestValue>HjY8ilZAIEM2tBbPn5mYO1ieIX4=</DigestValue>
+</Reference>
+</SignedInfo>
+<SignatureValue>SIaj/6KY3C1SmDXU2++Gm31U1xTadFp04WhBgfsJFbxrL+q7GKSKN9kfQ+UpN9+i
+D5fWmuavXEHe4Gw6RMaMEkq2URQo7F68+d5J/ajq8/l4n+xE6/reGScVwT6L4dEP
+XXVJcAi2ZnQ3O7GTNvNGCPibL9mUcyCWBFZ92Uemtc/vJFCQ7ZyKMdMfACgxOwyN
+T/9971oog241/2doudhonc0I/3mgPYWkZdX6yvr62mEjnG+oUZkhWYJ4ewZJ4hM4
+JjbFqZO+OEzDRSbw3DkmuBA/mtlx+3t13SESfEub5hqoMdVmtth/eTb64dsPdl9r
+3k1ACVX9f8aHfQQdJOmLFQ==</SignatureValue>
+<KeyInfo>
+<X509Data>
+<X509Certificate>MIIE3zCCBEigAwIBAgIBBTANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTE9MDsGA1UE
+ChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20v
+eG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxl
+a3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4X
+DTAzMDMzMTA0MDIyMloXDTEzMDMyODA0MDIyMlowgb8xCzAJBgNVBAYTAlVTMRMw
+EQYDVQQIEwpDYWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGlicmFy
+eSAoaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMpMSEwHwYDVQQLExhFeGFt
+cGxlcyBSU0EgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAf
+BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAJe4/rQ/gzV4FokE7CthjL/EXwCBSkXm2c3p4jyXO0Wt
+quaNC3dxBwFPfPl94hmq3ZFZ9PHPPbp4RpYRnLZbRjlzVSOq954AXOXpSew7nD+E
+mTqQrd9+ZIbGJnLOMQh5fhMVuOW/1lYCjWAhTCcYZPv7VXD2M70vVXDVXn6ZrqTg
+qkVHE6gw1aCKncwg7OSOUclUxX8+Zi10v6N6+PPslFc5tKwAdWJhVLTQ4FKG+F53
+7FBDnNK6p4xiWryy/vPMYn4jYGvHUUk3eH4lFTCr+rSuJY8i/KNIf/IKim7g/o3w
+Ae3GM8xrof2mgO8GjK/2QDqOQhQgYRIf4/wFsQXVZcMCAwEAAaOCAVcwggFTMAkG
+A1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRp
+ZmljYXRlMB0GA1UdDgQWBBQkhCzy1FkgYosuXIaQo6owuicanDCB+AYDVR0jBIHw
+MIHtgBS0ue+a5pcOaGUemM76VQ2JBttMfKGB0aSBzjCByzELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTE9MDsGA1UE
+ChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20v
+eG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxl
+a3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggEA
+MA0GCSqGSIb3DQEBBAUAA4GBALU/mzIxSv8vhDuomxFcplzwdlLZbvSQrfoNkMGY
+1UoS3YJrN+jZLWKSyWE3mIaPpElqXiXQGGkwD5iPQ1iJMbI7BeLvx6ZxX/f+c8Wn
+ss0uc1NxfahMaBoyG15IL4+beqO182fosaKJTrJNG3mc//ANGU9OsQM9mfBEt4oL
+NJ2D</X509Certificate>
+</X509Data>
+</KeyInfo>
+</Signature></Envelope>
diff --git a/examples/sign3.c b/examples/sign3.c
new file mode 100644
index 00000000..9d16cf72
--- /dev/null
+++ b/examples/sign3.c
@@ -0,0 +1,261 @@
+/**
+ * XML Security Library example: Signing a file with a dynamicaly created template and an X509 certificate.
+ *
+ * Signs a file using a dynamicaly created template, key from PEM file and
+ * an X509 certificate. The signature has one reference with one enveloped
+ * transform to sign the whole document except the <dsig:Signature/> node
+ * itself. The key certificate is written in the <dsig:X509Data/> node.
+ *
+ * This example was developed and tested with OpenSSL crypto library. The
+ * certificates management policies for another crypto library may break it.
+ *
+ * Usage:
+ * sign3 <xml-doc> <pem-key>
+ *
+ * Example:
+ * ./sign3 sign3-doc.xml rsakey.pem rsacert.pem > sign3-res.xml
+ *
+ * The result signature could be validated using verify3 example:
+ * ./verify3 sign3-res.xml rootcert.pem
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#include <libxml/tree.h>
+#include <libxml/xmlmemory.h>
+#include <libxml/parser.h>
+
+#ifndef XMLSEC_NO_XSLT
+#include <libxslt/xslt.h>
+#include <libxslt/security.h>
+#endif /* XMLSEC_NO_XSLT */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/xmldsig.h>
+#include <xmlsec/templates.h>
+#include <xmlsec/crypto.h>
+
+int sign_file(const char* xml_file, const char* key_file, const char* cert_file);
+
+int
+main(int argc, char **argv) {
+#ifndef XMLSEC_NO_XSLT
+ xsltSecurityPrefsPtr xsltSecPrefs = NULL;
+#endif /* XMLSEC_NO_XSLT */
+
+ assert(argv);
+
+ if(argc != 4) {
+ fprintf(stderr, "Error: wrong number of arguments.\n");
+ fprintf(stderr, "Usage: %s <xml-file> <key-file> <cert-file>\n", argv[0]);
+ return(1);
+ }
+
+ /* Init libxml and libxslt libraries */
+ xmlInitParser();
+ LIBXML_TEST_VERSION
+ xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ xmlSubstituteEntitiesDefault(1);
+#ifndef XMLSEC_NO_XSLT
+ xmlIndentTreeOutput = 1;
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init libxslt */
+#ifndef XMLSEC_NO_XSLT
+ /* disable everything */
+ xsltSecPrefs = xsltNewSecurityPrefs();
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid);
+ xsltSetDefaultSecurityPrefs(xsltSecPrefs);
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init xmlsec library */
+ if(xmlSecInit() < 0) {
+ fprintf(stderr, "Error: xmlsec initialization failed.\n");
+ return(-1);
+ }
+
+ /* Check loaded library version */
+ if(xmlSecCheckVersion() != 1) {
+ fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n");
+ return(-1);
+ }
+
+ /* Load default crypto engine if we are supporting dynamic
+ * loading for xmlsec-crypto libraries. Use the crypto library
+ * name ("openssl", "nss", etc.) to load corresponding
+ * xmlsec-crypto library.
+ */
+#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+ if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) {
+ fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n"
+ "that you have it installed and check shared libraries path\n"
+ "(LD_LIBRARY_PATH) envornment variable.\n");
+ return(-1);
+ }
+#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+
+ /* Init crypto library */
+ if(xmlSecCryptoAppInit(NULL) < 0) {
+ fprintf(stderr, "Error: crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* Init xmlsec-crypto library */
+ if(xmlSecCryptoInit() < 0) {
+ fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
+ return(-1);
+ }
+
+ if(sign_file(argv[1], argv[2], argv[3]) < 0) {
+ return(-1);
+ }
+
+ /* Shutdown xmlsec-crypto library */
+ xmlSecCryptoShutdown();
+
+ /* Shutdown crypto library */
+ xmlSecCryptoAppShutdown();
+
+ /* Shutdown xmlsec library */
+ xmlSecShutdown();
+
+ /* Shutdown libxslt/libxml */
+#ifndef XMLSEC_NO_XSLT
+ xsltFreeSecurityPrefs(xsltSecPrefs);
+ xsltCleanupGlobals();
+#endif /* XMLSEC_NO_XSLT */
+ xmlCleanupParser();
+
+ return(0);
+}
+
+/**
+ * sign_file:
+ * @xml_file: the XML file name.
+ * @key_file: the PEM private key file name.
+ * @cert_file: the x509 certificate PEM file.
+ *
+ * Signs the @xml_file using private key from @key_file and dynamicaly
+ * created enveloped signature template. The certificate from @cert_file
+ * is placed in the <dsig:X509Data/> node.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+sign_file(const char* xml_file, const char* key_file, const char* cert_file) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr signNode = NULL;
+ xmlNodePtr refNode = NULL;
+ xmlNodePtr keyInfoNode = NULL;
+ xmlSecDSigCtxPtr dsigCtx = NULL;
+ int res = -1;
+
+ assert(xml_file);
+ assert(key_file);
+ assert(cert_file);
+
+ /* load doc file */
+ doc = xmlParseFile(xml_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* create signature template for RSA-SHA1 enveloped signature */
+ signNode = xmlSecTmplSignatureCreate(doc, xmlSecTransformExclC14NId,
+ xmlSecTransformRsaSha1Id, NULL);
+ if(signNode == NULL) {
+ fprintf(stderr, "Error: failed to create signature template\n");
+ goto done;
+ }
+
+ /* add <dsig:Signature/> node to the doc */
+ xmlAddChild(xmlDocGetRootElement(doc), signNode);
+
+ /* add reference */
+ refNode = xmlSecTmplSignatureAddReference(signNode, xmlSecTransformSha1Id,
+ NULL, NULL, NULL);
+ if(refNode == NULL) {
+ fprintf(stderr, "Error: failed to add reference to signature template\n");
+ goto done;
+ }
+
+ /* add enveloped transform */
+ if(xmlSecTmplReferenceAddTransform(refNode, xmlSecTransformEnvelopedId) == NULL) {
+ fprintf(stderr, "Error: failed to add enveloped transform to reference\n");
+ goto done;
+ }
+
+ /* add <dsig:KeyInfo/> and <dsig:X509Data/> */
+ keyInfoNode = xmlSecTmplSignatureEnsureKeyInfo(signNode, NULL);
+ if(keyInfoNode == NULL) {
+ fprintf(stderr, "Error: failed to add key info\n");
+ goto done;
+ }
+
+ if(xmlSecTmplKeyInfoAddX509Data(keyInfoNode) == NULL) {
+ fprintf(stderr, "Error: failed to add X509Data node\n");
+ goto done;
+ }
+
+ /* create signature context, we don't need keys manager in this example */
+ dsigCtx = xmlSecDSigCtxCreate(NULL);
+ if(dsigCtx == NULL) {
+ fprintf(stderr,"Error: failed to create signature context\n");
+ goto done;
+ }
+
+ /* load private key, assuming that there is not password */
+ dsigCtx->signKey = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
+ if(dsigCtx->signKey == NULL) {
+ fprintf(stderr,"Error: failed to load private pem key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* load certificate and add to the key */
+ if(xmlSecCryptoAppKeyCertLoad(dsigCtx->signKey, cert_file, xmlSecKeyDataFormatPem) < 0) {
+ fprintf(stderr,"Error: failed to load pem certificate \"%s\"\n", cert_file);
+ goto done;
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(dsigCtx->signKey, key_file) < 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* sign the template */
+ if(xmlSecDSigCtxSign(dsigCtx, signNode) < 0) {
+ fprintf(stderr,"Error: signature failed\n");
+ goto done;
+ }
+
+ /* print signed document to stdout */
+ xmlDocDump(stdout, doc);
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(dsigCtx != NULL) {
+ xmlSecDSigCtxDestroy(dsigCtx);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+
diff --git a/examples/verify1.c b/examples/verify1.c
new file mode 100644
index 00000000..04917e5a
--- /dev/null
+++ b/examples/verify1.c
@@ -0,0 +1,215 @@
+/**
+ * XML Security Library example: Verifying a file using a single key.
+ *
+ * Verifies a file using a key from PEM file.
+ *
+ * Usage:
+ * verify1 <signed-file> <pem-key>
+ *
+ * Example:
+ * ./verify1 sign1-res.xml rsapub.pem
+ * ./verify1 sign2-res.xml rsapub.pem
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#include <libxml/tree.h>
+#include <libxml/xmlmemory.h>
+#include <libxml/parser.h>
+
+#ifndef XMLSEC_NO_XSLT
+#include <libxslt/xslt.h>
+#include <libxslt/security.h>
+#endif /* XMLSEC_NO_XSLT */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/xmldsig.h>
+#include <xmlsec/crypto.h>
+
+int verify_file(const char* xml_file, const char* key_file);
+
+int
+main(int argc, char **argv) {
+#ifndef XMLSEC_NO_XSLT
+ xsltSecurityPrefsPtr xsltSecPrefs = NULL;
+#endif /* XMLSEC_NO_XSLT */
+
+ assert(argv);
+
+ if(argc != 3) {
+ fprintf(stderr, "Error: wrong number of arguments.\n");
+ fprintf(stderr, "Usage: %s <xml-file> <key-file>\n", argv[0]);
+ return(1);
+ }
+
+ /* Init libxml and libxslt libraries */
+ xmlInitParser();
+ LIBXML_TEST_VERSION
+ xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ xmlSubstituteEntitiesDefault(1);
+#ifndef XMLSEC_NO_XSLT
+ xmlIndentTreeOutput = 1;
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init libxslt */
+#ifndef XMLSEC_NO_XSLT
+ /* disable everything */
+ xsltSecPrefs = xsltNewSecurityPrefs();
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid);
+ xsltSetDefaultSecurityPrefs(xsltSecPrefs);
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init xmlsec library */
+ if(xmlSecInit() < 0) {
+ fprintf(stderr, "Error: xmlsec initialization failed.\n");
+ return(-1);
+ }
+
+ /* Check loaded library version */
+ if(xmlSecCheckVersion() != 1) {
+ fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n");
+ return(-1);
+ }
+
+ /* Load default crypto engine if we are supporting dynamic
+ * loading for xmlsec-crypto libraries. Use the crypto library
+ * name ("openssl", "nss", etc.) to load corresponding
+ * xmlsec-crypto library.
+ */
+#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+ if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) {
+ fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n"
+ "that you have it installed and check shared libraries path\n"
+ "(LD_LIBRARY_PATH) envornment variable.\n");
+ return(-1);
+ }
+#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+
+ /* Init crypto library */
+ if(xmlSecCryptoAppInit(NULL) < 0) {
+ fprintf(stderr, "Error: crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* Init xmlsec-crypto library */
+ if(xmlSecCryptoInit() < 0) {
+ fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
+ return(-1);
+ }
+
+ if(verify_file(argv[1], argv[2]) < 0) {
+ return(-1);
+ }
+
+ /* Shutdown xmlsec-crypto library */
+ xmlSecCryptoShutdown();
+
+ /* Shutdown crypto library */
+ xmlSecCryptoAppShutdown();
+
+ /* Shutdown xmlsec library */
+ xmlSecShutdown();
+
+ /* Shutdown libxslt/libxml */
+#ifndef XMLSEC_NO_XSLT
+ xsltFreeSecurityPrefs(xsltSecPrefs);
+ xsltCleanupGlobals();
+#endif /* XMLSEC_NO_XSLT */
+ xmlCleanupParser();
+
+ return(0);
+}
+
+/**
+ * verify_file:
+ * @xml_file: the signed XML file name.
+ * @key_file: the PEM public key file name.
+ *
+ * Verifies XML signature in #xml_file using public key from #key_file.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+verify_file(const char* xml_file, const char* key_file) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr node = NULL;
+ xmlSecDSigCtxPtr dsigCtx = NULL;
+ int res = -1;
+
+ assert(xml_file);
+ assert(key_file);
+
+ /* load file */
+ doc = xmlParseFile(xml_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* find start node */
+ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
+ if(node == NULL) {
+ fprintf(stderr, "Error: start node not found in \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* create signature context, we don't need keys manager in this example */
+ dsigCtx = xmlSecDSigCtxCreate(NULL);
+ if(dsigCtx == NULL) {
+ fprintf(stderr,"Error: failed to create signature context\n");
+ goto done;
+ }
+
+ /* load public key */
+ dsigCtx->signKey = xmlSecCryptoAppKeyLoad(key_file, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
+ if(dsigCtx->signKey == NULL) {
+ fprintf(stderr,"Error: failed to load public pem key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(dsigCtx->signKey, key_file) < 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
+ goto done;
+ }
+
+ /* Verify signature */
+ if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
+ fprintf(stderr,"Error: signature verify\n");
+ goto done;
+ }
+
+ /* print verification result to stdout */
+ if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
+ fprintf(stdout, "Signature is OK\n");
+ } else {
+ fprintf(stdout, "Signature is INVALID\n");
+ }
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(dsigCtx != NULL) {
+ xmlSecDSigCtxDestroy(dsigCtx);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+
+
diff --git a/examples/verify2.c b/examples/verify2.c
new file mode 100644
index 00000000..36fde2d3
--- /dev/null
+++ b/examples/verify2.c
@@ -0,0 +1,285 @@
+/**
+ * XML Security Library example: Verifying a file using keys manager.
+ *
+ * Verifies a file using keys manager
+ *
+ * Usage:
+ * verify2 <signed-file> <public-pem-key1> [<public-pem-key2> [...]]
+ *
+ * Example:
+ * ./verify2 sign1-res.xml rsapub.pem
+ * ./verify2 sign2-res.xml rsapub.pem
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#include <libxml/tree.h>
+#include <libxml/xmlmemory.h>
+#include <libxml/parser.h>
+
+#ifndef XMLSEC_NO_XSLT
+#include <libxslt/xslt.h>
+#include <libxslt/security.h>
+#endif /* XMLSEC_NO_XSLT */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/xmldsig.h>
+#include <xmlsec/crypto.h>
+
+xmlSecKeysMngrPtr load_keys(char** files, int files_size);
+int verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file);
+
+int
+main(int argc, char **argv) {
+#ifndef XMLSEC_NO_XSLT
+ xsltSecurityPrefsPtr xsltSecPrefs = NULL;
+#endif /* XMLSEC_NO_XSLT */
+
+ xmlSecKeysMngrPtr mngr;
+
+ assert(argv);
+
+ if(argc < 3) {
+ fprintf(stderr, "Error: wrong number of arguments.\n");
+ fprintf(stderr, "Usage: %s <xml-file> <key-file1> [<key-file2> [...]]\n", argv[0]);
+ return(1);
+ }
+
+ /* Init libxml and libxslt libraries */
+ xmlInitParser();
+ LIBXML_TEST_VERSION
+ xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ xmlSubstituteEntitiesDefault(1);
+#ifndef XMLSEC_NO_XSLT
+ xmlIndentTreeOutput = 1;
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init libxslt */
+#ifndef XMLSEC_NO_XSLT
+ /* disable everything */
+ xsltSecPrefs = xsltNewSecurityPrefs();
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid);
+ xsltSetDefaultSecurityPrefs(xsltSecPrefs);
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init xmlsec library */
+ if(xmlSecInit() < 0) {
+ fprintf(stderr, "Error: xmlsec initialization failed.\n");
+ return(-1);
+ }
+
+ /* Check loaded library version */
+ if(xmlSecCheckVersion() != 1) {
+ fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n");
+ return(-1);
+ }
+
+ /* Load default crypto engine if we are supporting dynamic
+ * loading for xmlsec-crypto libraries. Use the crypto library
+ * name ("openssl", "nss", etc.) to load corresponding
+ * xmlsec-crypto library.
+ */
+#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+ if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) {
+ fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n"
+ "that you have it installed and check shared libraries path\n"
+ "(LD_LIBRARY_PATH) envornment variable.\n");
+ return(-1);
+ }
+#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+
+ /* Init crypto library */
+ if(xmlSecCryptoAppInit(NULL) < 0) {
+ fprintf(stderr, "Error: crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* Init xmlsec-crypto library */
+ if(xmlSecCryptoInit() < 0) {
+ fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* create keys manager and load keys */
+ mngr = load_keys(&(argv[2]), argc - 2);
+ if(mngr == NULL) {
+ return(-1);
+ }
+
+ /* verify file */
+ if(verify_file(mngr, argv[1]) < 0) {
+ xmlSecKeysMngrDestroy(mngr);
+ return(-1);
+ }
+
+ /* destroy keys manager */
+ xmlSecKeysMngrDestroy(mngr);
+
+ /* Shutdown xmlsec-crypto library */
+ xmlSecCryptoShutdown();
+
+ /* Shutdown crypto library */
+ xmlSecCryptoAppShutdown();
+
+ /* Shutdown xmlsec library */
+ xmlSecShutdown();
+
+ /* Shutdown libxslt/libxml */
+#ifndef XMLSEC_NO_XSLT
+ xsltFreeSecurityPrefs(xsltSecPrefs);
+ xsltCleanupGlobals();
+#endif /* XMLSEC_NO_XSLT */
+ xmlCleanupParser();
+
+ return(0);
+}
+
+/**
+ * load_keys:
+ * @files: the list of filenames.
+ * @files_size: the number of filenames in #files.
+ *
+ * Creates simple keys manager and load PEM keys from #files in it.
+ * The caller is responsible for destroing returned keys manager using
+ * @xmlSecKeysMngrDestroy.
+ *
+ * Returns the pointer to newly created keys manager or NULL if an error
+ * occurs.
+ */
+xmlSecKeysMngrPtr
+load_keys(char** files, int files_size) {
+ xmlSecKeysMngrPtr mngr;
+ xmlSecKeyPtr key;
+ int i;
+
+ assert(files);
+ assert(files_size > 0);
+
+ /* create and initialize keys manager, we use a simple list based
+ * keys manager, implement your own xmlSecKeysStore klass if you need
+ * something more sophisticated
+ */
+ mngr = xmlSecKeysMngrCreate();
+ if(mngr == NULL) {
+ fprintf(stderr, "Error: failed to create keys manager.\n");
+ return(NULL);
+ }
+ if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) {
+ fprintf(stderr, "Error: failed to initialize keys manager.\n");
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ for(i = 0; i < files_size; ++i) {
+ assert(files[i]);
+
+ /* load key */
+ key = xmlSecCryptoAppKeyLoad(files[i], xmlSecKeyDataFormatPem, NULL, NULL, NULL);
+ if(key == NULL) {
+ fprintf(stderr,"Error: failed to load pem key from \"%s\"\n", files[i]);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* set key name to the file name, this is just an example! */
+ if(xmlSecKeySetName(key, BAD_CAST files[i]) < 0) {
+ fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", files[i]);
+ xmlSecKeyDestroy(key);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ /* add key to keys manager, from now on keys manager is responsible
+ * for destroying key
+ */
+ if(xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key) < 0) {
+ fprintf(stderr,"Error: failed to add key from \"%s\" to keys manager\n", files[i]);
+ xmlSecKeyDestroy(key);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+ }
+
+ return(mngr);
+}
+
+/**
+ * verify_file:
+ * @mngr: the pointer to keys manager.
+ * @xml_file: the signed XML file name.
+ *
+ * Verifies XML signature in #xml_file.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr node = NULL;
+ xmlSecDSigCtxPtr dsigCtx = NULL;
+ int res = -1;
+
+ assert(mngr);
+ assert(xml_file);
+
+ /* load file */
+ doc = xmlParseFile(xml_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* find start node */
+ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
+ if(node == NULL) {
+ fprintf(stderr, "Error: start node not found in \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* create signature context */
+ dsigCtx = xmlSecDSigCtxCreate(mngr);
+ if(dsigCtx == NULL) {
+ fprintf(stderr,"Error: failed to create signature context\n");
+ goto done;
+ }
+
+ /* Verify signature */
+ if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
+ fprintf(stderr,"Error: signature verify\n");
+ goto done;
+ }
+
+ /* print verification result to stdout */
+ if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
+ fprintf(stdout, "Signature is OK\n");
+ } else {
+ fprintf(stdout, "Signature is INVALID\n");
+ }
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(dsigCtx != NULL) {
+ xmlSecDSigCtxDestroy(dsigCtx);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+
+
diff --git a/examples/verify3.c b/examples/verify3.c
new file mode 100644
index 00000000..5f0666bb
--- /dev/null
+++ b/examples/verify3.c
@@ -0,0 +1,266 @@
+/**
+ * XML Security Library example: Verifying a file signed with X509 certificate
+ *
+ * Verifies a file signed with X509 certificate.
+ *
+ * This example was developed and tested with OpenSSL crypto library. The
+ * certificates management policies for another crypto library may break it.
+ *
+ * Usage:
+ * verify3 <signed-file> <trusted-cert-pem-file1> [<trusted-cert-pem-file2> [...]]
+ *
+ * Example:
+ * ./verify3 sign3-res.xml rootcert.pem
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#include <libxml/tree.h>
+#include <libxml/xmlmemory.h>
+#include <libxml/parser.h>
+
+#ifndef XMLSEC_NO_XSLT
+#include <libxslt/xslt.h>
+#include <libxslt/security.h>
+#endif /* XMLSEC_NO_XSLT */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/xmldsig.h>
+#include <xmlsec/crypto.h>
+
+xmlSecKeysMngrPtr load_trusted_certs(char** files, int files_size);
+int verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file);
+
+int
+main(int argc, char **argv) {
+#ifndef XMLSEC_NO_XSLT
+ xsltSecurityPrefsPtr xsltSecPrefs = NULL;
+#endif /* XMLSEC_NO_XSLT */
+ xmlSecKeysMngrPtr mngr;
+
+ assert(argv);
+
+ if(argc < 3) {
+ fprintf(stderr, "Error: wrong number of arguments.\n");
+ fprintf(stderr, "Usage: %s <xml-file> <cert-file1> [<cert-file2> [...]]\n", argv[0]);
+ return(1);
+ }
+
+ /* Init libxml and libxslt libraries */
+ xmlInitParser();
+ LIBXML_TEST_VERSION
+ xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ xmlSubstituteEntitiesDefault(1);
+#ifndef XMLSEC_NO_XSLT
+ xmlIndentTreeOutput = 1;
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init libxslt */
+#ifndef XMLSEC_NO_XSLT
+ /* disable everything */
+ xsltSecPrefs = xsltNewSecurityPrefs();
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid);
+ xsltSetDefaultSecurityPrefs(xsltSecPrefs);
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init xmlsec library */
+ if(xmlSecInit() < 0) {
+ fprintf(stderr, "Error: xmlsec initialization failed.\n");
+ return(-1);
+ }
+
+ /* Check loaded library version */
+ if(xmlSecCheckVersion() != 1) {
+ fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n");
+ return(-1);
+ }
+
+ /* Load default crypto engine if we are supporting dynamic
+ * loading for xmlsec-crypto libraries. Use the crypto library
+ * name ("openssl", "nss", etc.) to load corresponding
+ * xmlsec-crypto library.
+ */
+#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+ if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) {
+ fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n"
+ "that you have it installed and check shared libraries path\n"
+ "(LD_LIBRARY_PATH) envornment variable.\n");
+ return(-1);
+ }
+#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+
+ /* Init crypto library */
+ if(xmlSecCryptoAppInit(NULL) < 0) {
+ fprintf(stderr, "Error: crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* Init xmlsec-crypto library */
+ if(xmlSecCryptoInit() < 0) {
+ fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* create keys manager and load trusted certificates */
+ mngr = load_trusted_certs(&(argv[2]), argc - 2);
+ if(mngr == NULL) {
+ return(-1);
+ }
+
+ /* verify file */
+ if(verify_file(mngr, argv[1]) < 0) {
+ xmlSecKeysMngrDestroy(mngr);
+ return(-1);
+ }
+
+ /* destroy keys manager */
+ xmlSecKeysMngrDestroy(mngr);
+
+ /* Shutdown xmlsec-crypto library */
+ xmlSecCryptoShutdown();
+
+ /* Shutdown crypto library */
+ xmlSecCryptoAppShutdown();
+
+ /* Shutdown xmlsec library */
+ xmlSecShutdown();
+
+ /* Shutdown libxslt/libxml */
+#ifndef XMLSEC_NO_XSLT
+ xsltFreeSecurityPrefs(xsltSecPrefs);
+ xsltCleanupGlobals();
+#endif /* XMLSEC_NO_XSLT */
+ xmlCleanupParser();
+
+ return(0);
+}
+
+/**
+ * load_trusted_certs:
+ * @files: the list of filenames.
+ * @files_size: the number of filenames in #files.
+ *
+ * Creates simple keys manager and load trusted certificates from PEM #files.
+ * The caller is responsible for destroing returned keys manager using
+ * @xmlSecKeysMngrDestroy.
+ *
+ * Returns the pointer to newly created keys manager or NULL if an error
+ * occurs.
+ */
+xmlSecKeysMngrPtr
+load_trusted_certs(char** files, int files_size) {
+ xmlSecKeysMngrPtr mngr;
+ int i;
+
+ assert(files);
+ assert(files_size > 0);
+
+ /* create and initialize keys manager, we use a simple list based
+ * keys manager, implement your own xmlSecKeysStore klass if you need
+ * something more sophisticated
+ */
+ mngr = xmlSecKeysMngrCreate();
+ if(mngr == NULL) {
+ fprintf(stderr, "Error: failed to create keys manager.\n");
+ return(NULL);
+ }
+ if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) {
+ fprintf(stderr, "Error: failed to initialize keys manager.\n");
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ for(i = 0; i < files_size; ++i) {
+ assert(files[i]);
+
+ /* load trusted cert */
+ if(xmlSecCryptoAppKeysMngrCertLoad(mngr, files[i], xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) {
+ fprintf(stderr,"Error: failed to load pem certificate from \"%s\"\n", files[i]);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+ }
+
+ return(mngr);
+}
+
+/**
+ * verify_file:
+ * @mngr: the pointer to keys manager.
+ * @xml_file: the signed XML file name.
+ *
+ * Verifies XML signature in #xml_file.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr node = NULL;
+ xmlSecDSigCtxPtr dsigCtx = NULL;
+ int res = -1;
+
+ assert(mngr);
+ assert(xml_file);
+
+ /* load file */
+ doc = xmlParseFile(xml_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* find start node */
+ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
+ if(node == NULL) {
+ fprintf(stderr, "Error: start node not found in \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* create signature context */
+ dsigCtx = xmlSecDSigCtxCreate(mngr);
+ if(dsigCtx == NULL) {
+ fprintf(stderr,"Error: failed to create signature context\n");
+ goto done;
+ }
+
+ /* Verify signature */
+ if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
+ fprintf(stderr,"Error: signature verify\n");
+ goto done;
+ }
+
+ /* print verification result to stdout */
+ if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
+ fprintf(stdout, "Signature is OK\n");
+ } else {
+ fprintf(stdout, "Signature is INVALID\n");
+ }
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(dsigCtx != NULL) {
+ xmlSecDSigCtxDestroy(dsigCtx);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+
+
diff --git a/examples/verify4-bad-res.xml b/examples/verify4-bad-res.xml
new file mode 100644
index 00000000..15928e2c
--- /dev/null
+++ b/examples/verify4-bad-res.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+XML Security Library example: A simple bad SAML response (verify4 example).
+
+This file could be verified with verify3 example (signature is valid)
+but verify4 example fails because of XPath transform which is not allowed
+in a simple SAML response.
+
+This file was created from a template with the following command (replace __ with double dashes):
+ ../apps/xmlsec sign __privkey rsakey.pem,rsacert.pem __output verify4-bad-res.xml verify4-bad-tmpl.xml
+-->
+<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="2002-04-18T16:56:54Z" MajorVersion="1" MinorVersion="0" Recipient="https://shire.target.com" ResponseID="7ddc31-ed4a03d703-FB24AD27D96135B68C99FB9AACFE2FFC">
+ <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:SignedInfo>
+ <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+ <dsig:Reference URI="">
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <dsig:XPath xmlns:samlp_xpath="urn:oasis:names:tc:SAML:1.0:protocol">
+ count(ancestor-or-self::samlp_xpath:Response |
+ here()/ancestor::samlp_xpath:Response[1]) =
+ count(ancestor-or-self::samlp_xpath:Response)
+ </dsig:XPath>
+ </dsig:Transform>
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <dsig:DigestValue>t1nvDq1bZXEhBIXc/DHcqIrjRyI=</dsig:DigestValue>
+ </dsig:Reference>
+ </dsig:SignedInfo>
+ <dsig:SignatureValue>PipZFFmmYcSnSU9p5AcOmFbRYoeatERYPy4IRk+jU26xk9sAM6yfhXtbK8csl/0w
+rjODj1jGcydBGP9I8kFAfHyZ+Ls+A+53oMNl+tGWfe8iICMowIU1HCxJtPrgbTKk
+1gc+VnYJ3IXhoVneeQKqzilXwA5X7FW7hgIecb5KwLShYV3iO8+z8pzt3NEGKAGQ
+p/lQmO3EQR4Zu0bCSOk6zXdlOhe5dPVFXJQLlE8Zz3WjGQNo0l4op0ZXKf1B+syH
+blHx0tnPQDtSBzQdKohJV39UgkGnL3rd5ggBzyXemjMTX8eFxNZ7bh4UgZ+Wo74W
+Zb4ompTc2ImxJfbpszWp8w==</dsig:SignatureValue>
+ <dsig:KeyInfo>
+ <dsig:X509Data>
+<X509Certificate xmlns="http://www.w3.org/2000/09/xmldsig#">MIIE3zCCBEigAwIBAgIBBTANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTE9MDsGA1UE
+ChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20v
+eG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxl
+a3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4X
+DTAzMDMzMTA0MDIyMloXDTEzMDMyODA0MDIyMlowgb8xCzAJBgNVBAYTAlVTMRMw
+EQYDVQQIEwpDYWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGlicmFy
+eSAoaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMpMSEwHwYDVQQLExhFeGFt
+cGxlcyBSU0EgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAf
+BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAJe4/rQ/gzV4FokE7CthjL/EXwCBSkXm2c3p4jyXO0Wt
+quaNC3dxBwFPfPl94hmq3ZFZ9PHPPbp4RpYRnLZbRjlzVSOq954AXOXpSew7nD+E
+mTqQrd9+ZIbGJnLOMQh5fhMVuOW/1lYCjWAhTCcYZPv7VXD2M70vVXDVXn6ZrqTg
+qkVHE6gw1aCKncwg7OSOUclUxX8+Zi10v6N6+PPslFc5tKwAdWJhVLTQ4FKG+F53
+7FBDnNK6p4xiWryy/vPMYn4jYGvHUUk3eH4lFTCr+rSuJY8i/KNIf/IKim7g/o3w
+Ae3GM8xrof2mgO8GjK/2QDqOQhQgYRIf4/wFsQXVZcMCAwEAAaOCAVcwggFTMAkG
+A1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRp
+ZmljYXRlMB0GA1UdDgQWBBQkhCzy1FkgYosuXIaQo6owuicanDCB+AYDVR0jBIHw
+MIHtgBS0ue+a5pcOaGUemM76VQ2JBttMfKGB0aSBzjCByzELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTE9MDsGA1UE
+ChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20v
+eG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxl
+a3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggEA
+MA0GCSqGSIb3DQEBBAUAA4GBALU/mzIxSv8vhDuomxFcplzwdlLZbvSQrfoNkMGY
+1UoS3YJrN+jZLWKSyWE3mIaPpElqXiXQGGkwD5iPQ1iJMbI7BeLvx6ZxX/f+c8Wn
+ss0uc1NxfahMaBoyG15IL4+beqO182fosaKJTrJNG3mc//ANGU9OsQM9mfBEt4oL
+NJ2D</X509Certificate>
+</dsig:X509Data>
+ </dsig:KeyInfo>
+ </dsig:Signature>
+ <Status>
+ <StatusCode Value="samlp:Success"/>
+ </Status>
+ <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="7ddc31-ed4a03d735-FB24AD27D96135B68C99FB9AACFE2FFC" IssueInstant="2002-04-18T16:56:54Z" Issuer="hs.osu.edu" MajorVersion="1" MinorVersion="0">
+ <Conditions NotBefore="2002-04-18T16:56:54Z" NotOnOrAfter="2002-04-18T17:01:54Z">
+ <AudienceRestrictionCondition>
+ <Audience>http://middleware.internet2.edu/shibboleth/clubs/clubshib/1.0/</Audience>
+ </AudienceRestrictionCondition>
+ </Conditions>
+ <AuthenticationStatement AuthenticationInstant="2002-04-18T16:56:53Z" AuthenticationMethod="urn:mace:shibboleth:authmethod">
+ <Subject>
+ <NameIdentifier Format="urn:mace:shibboleth:1.0:handle" NameQualifier="osu.edu">foo</NameIdentifier>
+ <SubjectConfirmation>
+ <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:Bearer</ConfirmationMethod>
+ </SubjectConfirmation>
+ </Subject>
+ <SubjectLocality IPAddress="127.0.0.1"/>
+ <AuthorityBinding AuthorityKind="samlp:AttributeQuery" Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://aa.osu.edu/"/>
+ </AuthenticationStatement>
+ </Assertion>
+</Response>
diff --git a/examples/verify4-bad-tmpl.xml b/examples/verify4-bad-tmpl.xml
new file mode 100644
index 00000000..5cd026f3
--- /dev/null
+++ b/examples/verify4-bad-tmpl.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+XML Security Library example: A simple bad SAML response template (verify4 example).
+
+Sign it using the following command (replace __ with double dashes):
+
+ ../apps/xmlsec sign __privkey rsakey.pem,rsacert.pem __output verify4--bad-res.xml verify4-bad-tmpl.xml
+-->
+<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="2002-04-18T16:56:54Z" MajorVersion="1" MinorVersion="0" Recipient="https://shire.target.com" ResponseID="7ddc31-ed4a03d703-FB24AD27D96135B68C99FB9AACFE2FFC">
+ <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:SignedInfo>
+ <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+ <dsig:Reference URI="">
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <dsig:XPath xmlns:samlp_xpath="urn:oasis:names:tc:SAML:1.0:protocol" >
+ count(ancestor-or-self::samlp_xpath:Response |
+ here()/ancestor::samlp_xpath:Response[1]) =
+ count(ancestor-or-self::samlp_xpath:Response)
+ </dsig:XPath>
+ </dsig:Transform>
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <dsig:DigestValue/>
+ </dsig:Reference>
+ </dsig:SignedInfo>
+ <dsig:SignatureValue/>
+ <dsig:KeyInfo>
+ <dsig:X509Data/>
+ </dsig:KeyInfo>
+ </dsig:Signature>
+ <Status>
+ <StatusCode Value="samlp:Success"/>
+ </Status>
+ <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="7ddc31-ed4a03d735-FB24AD27D96135B68C99FB9AACFE2FFC" IssueInstant="2002-04-18T16:56:54Z" Issuer="hs.osu.edu" MajorVersion="1" MinorVersion="0">
+ <Conditions NotBefore="2002-04-18T16:56:54Z" NotOnOrAfter="2002-04-18T17:01:54Z">
+ <AudienceRestrictionCondition>
+ <Audience>http://middleware.internet2.edu/shibboleth/clubs/clubshib/1.0/</Audience>
+ </AudienceRestrictionCondition>
+ </Conditions>
+ <AuthenticationStatement AuthenticationInstant="2002-04-18T16:56:53Z" AuthenticationMethod="urn:mace:shibboleth:authmethod">
+ <Subject>
+ <NameIdentifier Format="urn:mace:shibboleth:1.0:handle" NameQualifier="osu.edu">foo</NameIdentifier>
+ <SubjectConfirmation>
+ <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:Bearer</ConfirmationMethod>
+ </SubjectConfirmation>
+ </Subject>
+ <SubjectLocality IPAddress="127.0.0.1"/>
+ <AuthorityBinding AuthorityKind="samlp:AttributeQuery" Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://aa.osu.edu/"/>
+ </AuthenticationStatement>
+ </Assertion>
+</Response>
diff --git a/examples/verify4-res.xml b/examples/verify4-res.xml
new file mode 100644
index 00000000..7abe539f
--- /dev/null
+++ b/examples/verify4-res.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+XML Security Library example: A simple SAML response template (verify4 example).
+
+This file was signed using the following command (replace __ with double dashes):
+
+ ../apps/xmlsec sign __privkey rsakey.pem,rsacert.pem __output verify4-res.xml verify4-tmpl.xml
+-->
+<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="2002-04-18T16:56:54Z" MajorVersion="1" MinorVersion="0" Recipient="https://shire.target.com" ResponseID="7ddc31-ed4a03d703-FB24AD27D96135B68C99FB9AACFE2FFC">
+ <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:SignedInfo>
+ <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+ <dsig:Reference URI="">
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <dsig:DigestValue>t1nvDq1bZXEhBIXc/DHcqIrjRyI=</dsig:DigestValue>
+ </dsig:Reference>
+ </dsig:SignedInfo>
+ <dsig:SignatureValue>EsNm7mOj9XY6pq1bfeuzFd1F/LQwbc1K/YgOYgrElk4tr8BhSd5OcrzXBgsivPvm
+HpjvSOBkjctGOFVE7x+6+G8TMudTja1IchEmGMh+pjMBlGNpvxSTedwtnoZBGWAz
+RlfRhRFThskup0T7Or+VBHYygPGM3gmwX0ZWVYpNzM/rfYSk7+obgIp9DxLDIXlW
+oLrJGVivubE+T63CPfBPaUIv1CbfBAzdo+11+8CiVsdWn2qwtGe5Fsmc3eCg06Oj
+sl1nyCIu3AONq1w8jIPOgmITF8PpwDm0+XoQUH0P4kHJqNLphnJZY+GlPAC6VlAW
+2bcAFr4Ul5yzHUBpxCDZfg==</dsig:SignatureValue>
+ <dsig:KeyInfo>
+ <dsig:X509Data>
+<X509Certificate xmlns="http://www.w3.org/2000/09/xmldsig#">MIIE3zCCBEigAwIBAgIBBTANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTE9MDsGA1UE
+ChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20v
+eG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxl
+a3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4X
+DTAzMDMzMTA0MDIyMloXDTEzMDMyODA0MDIyMlowgb8xCzAJBgNVBAYTAlVTMRMw
+EQYDVQQIEwpDYWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGlicmFy
+eSAoaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMpMSEwHwYDVQQLExhFeGFt
+cGxlcyBSU0EgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAf
+BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAJe4/rQ/gzV4FokE7CthjL/EXwCBSkXm2c3p4jyXO0Wt
+quaNC3dxBwFPfPl94hmq3ZFZ9PHPPbp4RpYRnLZbRjlzVSOq954AXOXpSew7nD+E
+mTqQrd9+ZIbGJnLOMQh5fhMVuOW/1lYCjWAhTCcYZPv7VXD2M70vVXDVXn6ZrqTg
+qkVHE6gw1aCKncwg7OSOUclUxX8+Zi10v6N6+PPslFc5tKwAdWJhVLTQ4FKG+F53
+7FBDnNK6p4xiWryy/vPMYn4jYGvHUUk3eH4lFTCr+rSuJY8i/KNIf/IKim7g/o3w
+Ae3GM8xrof2mgO8GjK/2QDqOQhQgYRIf4/wFsQXVZcMCAwEAAaOCAVcwggFTMAkG
+A1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRp
+ZmljYXRlMB0GA1UdDgQWBBQkhCzy1FkgYosuXIaQo6owuicanDCB+AYDVR0jBIHw
+MIHtgBS0ue+a5pcOaGUemM76VQ2JBttMfKGB0aSBzjCByzELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTE9MDsGA1UE
+ChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20v
+eG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxl
+a3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggEA
+MA0GCSqGSIb3DQEBBAUAA4GBALU/mzIxSv8vhDuomxFcplzwdlLZbvSQrfoNkMGY
+1UoS3YJrN+jZLWKSyWE3mIaPpElqXiXQGGkwD5iPQ1iJMbI7BeLvx6ZxX/f+c8Wn
+ss0uc1NxfahMaBoyG15IL4+beqO182fosaKJTrJNG3mc//ANGU9OsQM9mfBEt4oL
+NJ2D</X509Certificate>
+</dsig:X509Data>
+ </dsig:KeyInfo>
+ </dsig:Signature>
+ <Status>
+ <StatusCode Value="samlp:Success"/>
+ </Status>
+ <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="7ddc31-ed4a03d735-FB24AD27D96135B68C99FB9AACFE2FFC" IssueInstant="2002-04-18T16:56:54Z" Issuer="hs.osu.edu" MajorVersion="1" MinorVersion="0">
+ <Conditions NotBefore="2002-04-18T16:56:54Z" NotOnOrAfter="2002-04-18T17:01:54Z">
+ <AudienceRestrictionCondition>
+ <Audience>http://middleware.internet2.edu/shibboleth/clubs/clubshib/1.0/</Audience>
+ </AudienceRestrictionCondition>
+ </Conditions>
+ <AuthenticationStatement AuthenticationInstant="2002-04-18T16:56:53Z" AuthenticationMethod="urn:mace:shibboleth:authmethod">
+ <Subject>
+ <NameIdentifier Format="urn:mace:shibboleth:1.0:handle" NameQualifier="osu.edu">foo</NameIdentifier>
+ <SubjectConfirmation>
+ <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:Bearer</ConfirmationMethod>
+ </SubjectConfirmation>
+ </Subject>
+ <SubjectLocality IPAddress="127.0.0.1"/>
+ <AuthorityBinding AuthorityKind="samlp:AttributeQuery" Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://aa.osu.edu/"/>
+ </AuthenticationStatement>
+ </Assertion>
+</Response>
diff --git a/examples/verify4-tmpl.xml b/examples/verify4-tmpl.xml
new file mode 100644
index 00000000..0546b905
--- /dev/null
+++ b/examples/verify4-tmpl.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+XML Security Library example: A simple SAML response template (verify4 example).
+
+Sign it using the following command (replace __ with double dashes):
+
+ ../apps/xmlsec sign __privkey rsakey.pem,rsacert.pem __output verify4-res.xml verify4-tmpl.xml
+-->
+<Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" IssueInstant="2002-04-18T16:56:54Z" MajorVersion="1" MinorVersion="0" Recipient="https://shire.target.com" ResponseID="7ddc31-ed4a03d703-FB24AD27D96135B68C99FB9AACFE2FFC">
+ <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:SignedInfo>
+ <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+ <dsig:Reference URI="">
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <dsig:DigestValue/>
+ </dsig:Reference>
+ </dsig:SignedInfo>
+ <dsig:SignatureValue/>
+ <dsig:KeyInfo>
+ <dsig:X509Data/>
+ </dsig:KeyInfo>
+ </dsig:Signature>
+ <Status>
+ <StatusCode Value="samlp:Success"/>
+ </Status>
+ <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="7ddc31-ed4a03d735-FB24AD27D96135B68C99FB9AACFE2FFC" IssueInstant="2002-04-18T16:56:54Z" Issuer="hs.osu.edu" MajorVersion="1" MinorVersion="0">
+ <Conditions NotBefore="2002-04-18T16:56:54Z" NotOnOrAfter="2002-04-18T17:01:54Z">
+ <AudienceRestrictionCondition>
+ <Audience>http://middleware.internet2.edu/shibboleth/clubs/clubshib/1.0/</Audience>
+ </AudienceRestrictionCondition>
+ </Conditions>
+ <AuthenticationStatement AuthenticationInstant="2002-04-18T16:56:53Z" AuthenticationMethod="urn:mace:shibboleth:authmethod">
+ <Subject>
+ <NameIdentifier Format="urn:mace:shibboleth:1.0:handle" NameQualifier="osu.edu">foo</NameIdentifier>
+ <SubjectConfirmation>
+ <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:Bearer</ConfirmationMethod>
+ </SubjectConfirmation>
+ </Subject>
+ <SubjectLocality IPAddress="127.0.0.1"/>
+ <AuthorityBinding AuthorityKind="samlp:AttributeQuery" Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://aa.osu.edu/"/>
+ </AuthenticationStatement>
+ </Assertion>
+</Response>
diff --git a/examples/verify4.c b/examples/verify4.c
new file mode 100644
index 00000000..1445e997
--- /dev/null
+++ b/examples/verify4.c
@@ -0,0 +1,309 @@
+/**
+ * XML Security Library example: Verifying a simple SAML response with X509 certificate
+ *
+ * Verifies a simple SAML response. In addition to refular verification
+ * we ensure that the signature has only one <dsig:Reference/> element
+ * with an empty or NULL URI attribute and one enveloped signature transform
+ * as it is required by SAML specification.
+ *
+ * This example was developed and tested with OpenSSL crypto library. The
+ * certificates management policies for another crypto library may break it.
+ *
+ * Usage:
+ * verify4 <signed-file> <trusted-cert-pem-file1> [<trusted-cert-pem-file2> [...]]
+ *
+ * Example (sucecess):
+ * ./verify4 verify4-res.xml rootcert.pem
+ *
+ * Example (failure):
+ * ./verify4 verify4-bad-res.xml rootcert.pem
+ * In the same time, verify3 example successfuly verifies this signature:
+ * ./verify3 verify4-bad-res.xml rootcert.pem
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#include <libxml/tree.h>
+#include <libxml/xmlmemory.h>
+#include <libxml/parser.h>
+
+#ifndef XMLSEC_NO_XSLT
+#include <libxslt/xslt.h>
+#include <libxslt/security.h>
+#endif /* XMLSEC_NO_XSLT */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/xmldsig.h>
+#include <xmlsec/crypto.h>
+
+xmlSecKeysMngrPtr load_trusted_certs(char** files, int files_size);
+int verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file);
+
+int
+main(int argc, char **argv) {
+#ifndef XMLSEC_NO_XSLT
+ xsltSecurityPrefsPtr xsltSecPrefs = NULL;
+#endif /* XMLSEC_NO_XSLT */
+ xmlSecKeysMngrPtr mngr;
+
+ assert(argv);
+
+ if(argc < 3) {
+ fprintf(stderr, "Error: wrong number of arguments.\n");
+ fprintf(stderr, "Usage: %s <xml-file> <cert-file1> [<cert-file2> [...]]\n", argv[0]);
+ return(1);
+ }
+
+ /* Init libxml and libxslt libraries */
+ xmlInitParser();
+ LIBXML_TEST_VERSION
+ xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ xmlSubstituteEntitiesDefault(1);
+#ifndef XMLSEC_NO_XSLT
+ xmlIndentTreeOutput = 1;
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init libxslt */
+#ifndef XMLSEC_NO_XSLT
+ /* disable everything */
+ xsltSecPrefs = xsltNewSecurityPrefs();
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid);
+ xsltSetDefaultSecurityPrefs(xsltSecPrefs);
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init xmlsec library */
+ if(xmlSecInit() < 0) {
+ fprintf(stderr, "Error: xmlsec initialization failed.\n");
+ return(-1);
+ }
+
+ /* Check loaded library version */
+ if(xmlSecCheckVersion() != 1) {
+ fprintf(stderr, "Error: loaded xmlsec library version is not compatible.\n");
+ return(-1);
+ }
+
+ /* Load default crypto engine if we are supporting dynamic
+ * loading for xmlsec-crypto libraries. Use the crypto library
+ * name ("openssl", "nss", etc.) to load corresponding
+ * xmlsec-crypto library.
+ */
+#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+ if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) {
+ fprintf(stderr, "Error: unable to load default xmlsec-crypto library. Make sure\n"
+ "that you have it installed and check shared libraries path\n"
+ "(LD_LIBRARY_PATH) envornment variable.\n");
+ return(-1);
+ }
+#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+
+ /* Init crypto library */
+ if(xmlSecCryptoAppInit(NULL) < 0) {
+ fprintf(stderr, "Error: crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* Init xmlsec-crypto library */
+ if(xmlSecCryptoInit() < 0) {
+ fprintf(stderr, "Error: xmlsec-crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* create keys manager and load trusted certificates */
+ mngr = load_trusted_certs(&(argv[2]), argc - 2);
+ if(mngr == NULL) {
+ return(-1);
+ }
+
+ /* verify file */
+ if(verify_file(mngr, argv[1]) < 0) {
+ xmlSecKeysMngrDestroy(mngr);
+ return(-1);
+ }
+
+ /* destroy keys manager */
+ xmlSecKeysMngrDestroy(mngr);
+
+ /* Shutdown xmlsec-crypto library */
+ xmlSecCryptoShutdown();
+
+ /* Shutdown crypto library */
+ xmlSecCryptoAppShutdown();
+
+ /* Shutdown xmlsec library */
+ xmlSecShutdown();
+
+ /* Shutdown libxslt/libxml */
+#ifndef XMLSEC_NO_XSLT
+ xsltFreeSecurityPrefs(xsltSecPrefs);
+ xsltCleanupGlobals();
+#endif /* XMLSEC_NO_XSLT */
+ xmlCleanupParser();
+
+ return(0);
+}
+
+/**
+ * load_trusted_certs:
+ * @files: the list of filenames.
+ * @files_size: the number of filenames in #files.
+ *
+ * Creates simple keys manager and load trusted certificates from PEM #files.
+ * The caller is responsible for destroing returned keys manager using
+ * @xmlSecKeysMngrDestroy.
+ *
+ * Returns the pointer to newly created keys manager or NULL if an error
+ * occurs.
+ */
+xmlSecKeysMngrPtr
+load_trusted_certs(char** files, int files_size) {
+ xmlSecKeysMngrPtr mngr;
+ int i;
+
+ assert(files);
+ assert(files_size > 0);
+
+ /* create and initialize keys manager, we use a simple list based
+ * keys manager, implement your own xmlSecKeysStore klass if you need
+ * something more sophisticated
+ */
+ mngr = xmlSecKeysMngrCreate();
+ if(mngr == NULL) {
+ fprintf(stderr, "Error: failed to create keys manager.\n");
+ return(NULL);
+ }
+ if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) {
+ fprintf(stderr, "Error: failed to initialize keys manager.\n");
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+
+ for(i = 0; i < files_size; ++i) {
+ assert(files[i]);
+
+ /* load trusted cert */
+ if(xmlSecCryptoAppKeysMngrCertLoad(mngr, files[i], xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) {
+ fprintf(stderr,"Error: failed to load pem certificate from \"%s\"\n", files[i]);
+ xmlSecKeysMngrDestroy(mngr);
+ return(NULL);
+ }
+ }
+
+ return(mngr);
+}
+
+/**
+ * verify_file:
+ * @mngr: the pointer to keys manager.
+ * @xml_file: the signed XML file name.
+ *
+ * Verifies XML signature in #xml_file.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+verify_file(xmlSecKeysMngrPtr mngr, const char* xml_file) {
+ xmlDocPtr doc = NULL;
+ xmlNodePtr node = NULL;
+ xmlSecDSigCtxPtr dsigCtx = NULL;
+ int res = -1;
+
+ assert(mngr);
+ assert(xml_file);
+
+ /* load file */
+ doc = xmlParseFile(xml_file);
+ if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
+ fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* find start node */
+ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
+ if(node == NULL) {
+ fprintf(stderr, "Error: start node not found in \"%s\"\n", xml_file);
+ goto done;
+ }
+
+ /* create signature context */
+ dsigCtx = xmlSecDSigCtxCreate(mngr);
+ if(dsigCtx == NULL) {
+ fprintf(stderr,"Error: failed to create signature context\n");
+ goto done;
+ }
+
+ /* limit the Reference URI attributes to empty or NULL */
+ dsigCtx->enabledReferenceUris = xmlSecTransformUriTypeEmpty;
+
+ /* limit allowed transforms for siganture and reference processing */
+ if((xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformInclC14NId) < 0) ||
+ (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformExclC14NId) < 0) ||
+ (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformSha1Id) < 0) ||
+ (xmlSecDSigCtxEnableSignatureTransform(dsigCtx, xmlSecTransformRsaSha1Id) < 0)) {
+
+ fprintf(stderr,"Error: failed to limit allowed siganture transforms\n");
+ goto done;
+ }
+ if((xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformInclC14NId) < 0) ||
+ (xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformExclC14NId) < 0) ||
+ (xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformSha1Id) < 0) ||
+ (xmlSecDSigCtxEnableReferenceTransform(dsigCtx, xmlSecTransformEnvelopedId) < 0)) {
+
+ fprintf(stderr,"Error: failed to limit allowed reference transforms\n");
+ goto done;
+ }
+
+ /* in addition, limit possible key data to valid X509 certificates only */
+ if(xmlSecPtrListAdd(&(dsigCtx->keyInfoReadCtx.enabledKeyData), BAD_CAST xmlSecKeyDataX509Id) < 0) {
+ fprintf(stderr,"Error: failed to limit allowed key data\n");
+ goto done;
+ }
+
+ /* Verify signature */
+ if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
+ fprintf(stderr,"Error: signature verify\n");
+ goto done;
+ }
+
+ /* check that we have only one Reference */
+ if((dsigCtx->status == xmlSecDSigStatusSucceeded) &&
+ (xmlSecPtrListGetSize(&(dsigCtx->signedInfoReferences)) != 1)) {
+
+ fprintf(stderr,"Error: only one reference is allowed\n");
+ goto done;
+ }
+
+ /* print verification result to stdout */
+ if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
+ fprintf(stdout, "Signature is OK\n");
+ } else {
+ fprintf(stdout, "Signature is INVALID\n");
+ }
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(dsigCtx != NULL) {
+ xmlSecDSigCtxDestroy(dsigCtx);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+ return(res);
+}
+
+
diff --git a/examples/xkms-server.c b/examples/xkms-server.c
new file mode 100644
index 00000000..188d5c73
--- /dev/null
+++ b/examples/xkms-server.c
@@ -0,0 +1,839 @@
+/**
+ * XML Security Library example: simple XKMS server
+ *
+ * Starts XKMS server on specified port.
+ *
+ * Usage:
+ * ./xkms-server [--port <port>] [--format plain|soap-1.1|soap-1.2] <keys-file>
+ *
+ * Example:
+ * ./xkms-server --port 8080 --format soap-1.1 keys.xml
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <assert.h>
+#include <errno.h>
+
+#ifdef XMLSEC_NO_XKMS
+
+int main(int argc, char** argv) {
+ fprintf(stderr, "ERROR: XKMS is disabled.\n");
+ return 1;
+}
+
+#else /* XMLSEC_NO_XKMS */
+
+#include <libxml/tree.h>
+#include <libxml/xmlmemory.h>
+#include <libxml/parser.h>
+
+#ifndef XMLSEC_NO_XSLT
+#include <libxslt/xslt.h>
+#include <libxslt/security.h>
+#endif /* XMLSEC_NO_XSLT */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/buffer.h>
+#include <xmlsec/xkms.h>
+#include <xmlsec/crypto.h>
+
+#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+#include <xmlsec/app.h>
+#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+
+#ifdef UNIX_SOCKETS
+#include <netinet/in.h>
+#include <sys/socket.h>
+#include <arpa/inet.h>
+#include <netinet/tcp.h>
+#include <netdb.h>
+#include <fcntl.h>
+#include <signal.h>
+#else /* UNIX_SOCKETS */
+#ifdef WIN32_SOCKETS
+#include <windows.h>
+#include <winsock.h>
+#else /* WIN32_SOCKETS */
+#error "Your operating system is not supported"
+#endif /* WIN32_SOCKETS */
+#endif /* UNIX_SOCKETS */
+
+#define DEFAULT_PORT 1234
+#define PENDING_QUEUE_SIZE 100
+
+#define LOG_LEVEL_SILENT 0
+#define LOG_LEVEL_INFO 1
+#define LOG_LEVEL_DATA 2
+#define LOG_LEVEL_DEBUG 3
+
+#ifdef UNIX_SOCKETS
+static int sockfd = -1;
+#endif /* UNIX_SOCKETS */
+
+#ifdef WIN32_SOCKETS
+static SOCKET sockfd = -1;
+#endif /* WIN32_SOCKETS */
+
+static int finished = 0;
+static int log_level = LOG_LEVEL_INFO;
+
+static int init_server(unsigned short port);
+static void stop_server();
+static void int_signal_handler(int sig_num);
+static const xmlChar* my_strnstr(const xmlChar* str, xmlSecSize strLen, const xmlChar* tmpl, xmlSecSize tmplLen);
+
+static int handle_connection(int fd, xmlSecXkmsServerCtxPtr xkmsCtx, xmlSecXkmsServerFormat format);
+static int read_request(int fd, const char* in_ip, xmlSecBufferPtr buffer);
+static int send_response(int fd, const char* in_ip, int resp_code,
+ const char* body, int body_size);
+
+static char usage[] = "[--port <port>] [--format plain|soap-1.1|soap-1.2] <keys-file>";
+static char http_header[] =
+ "HTTP/1.0 %d\n"
+ "Server: XML Security Library: Simple XKMS Server/1.0\n"
+ "Content-length: %d\n"
+ "\n";
+static char http_503[] =
+ "Error 503 - Service Unavailable\n";
+
+int main(int argc, char** argv) {
+ int argpos;
+ unsigned short port = DEFAULT_PORT;
+#ifndef XMLSEC_NO_XSLT
+ xsltSecurityPrefsPtr xsltSecPrefs = NULL;
+#endif /* XMLSEC_NO_XSLT */
+ xmlSecKeysMngrPtr mngr = NULL;
+ xmlSecXkmsServerCtxPtr xkmsCtx = NULL;
+ xmlSecXkmsServerFormat format = xmlSecXkmsServerFormatPlain;
+ int ret;
+
+ fprintf(stdout, "Log: server is starting up\n");
+
+ /* Init libxml and libxslt libraries */
+ xmlInitParser();
+ LIBXML_TEST_VERSION
+ xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ xmlSubstituteEntitiesDefault(1);
+#ifndef XMLSEC_NO_XSLT
+ xmlIndentTreeOutput = 1;
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init libxslt */
+#ifndef XMLSEC_NO_XSLT
+ /* disable everything */
+ xsltSecPrefs = xsltNewSecurityPrefs();
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid);
+ xsltSetDefaultSecurityPrefs(xsltSecPrefs);
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init xmlsec library */
+ if(xmlSecInit() < 0) {
+ fprintf(stderr, "Error %d: xmlsec initialization failed.\n", errno);
+ return(-1);
+ }
+
+ /* Check loaded library version */
+ if(xmlSecCheckVersion() != 1) {
+ fprintf(stderr, "Error %d: loaded xmlsec library version is not compatible.\n", errno);
+ return(-1);
+ }
+
+ /* Load default crypto engine if we are supporting dynamic
+ * loading for xmlsec-crypto libraries. Use the crypto library
+ * name ("openssl", "nss", etc.) to load corresponding
+ * xmlsec-crypto library.
+ */
+#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+ if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) {
+ fprintf(stderr, "Error %d: unable to load default xmlsec-crypto library. Make sure\n"
+ "that you have it installed and check shared libraries path\n"
+ "(LD_LIBRARY_PATH) envornment variable.\n", errno);
+ return(-1);
+ }
+#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+
+ /* Init crypto library */
+ if(xmlSecCryptoAppInit(NULL) < 0) {
+ fprintf(stderr, "Error %d: crypto initialization failed.\n", errno);
+ return(-1);
+ }
+
+ /* Init xmlsec-crypto library */
+ if(xmlSecCryptoInit() < 0) {
+ fprintf(stderr, "Error %d: xmlsec-crypto initialization failed.\n", errno);
+ return(-1);
+ }
+
+ /* Create and initialize keys manager */
+ mngr = xmlSecKeysMngrCreate();
+ if(mngr == NULL) {
+ fprintf(stderr, "Error %d: failed to create keys manager.\n", errno);
+ goto done;
+ }
+ if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) {
+ fprintf(stderr, "Error %d: failed to initialize keys manager.\n", errno);
+ goto done;
+ }
+
+ /* Create XKMS server context */
+ xkmsCtx = xmlSecXkmsServerCtxCreate(mngr);
+ if(xkmsCtx == NULL) {
+ fprintf(stderr, "Error %d: XKMS server context initialization failed\n", errno);
+ goto done;
+ }
+
+ /* Process input parameters */
+ for(argpos = 1; (argpos < argc) && (argv[argpos][0] == '-'); argpos++) {
+ if((strcmp(argv[argpos], "--port") == 0) || (strcmp(argv[argpos], "-p") == 0)) {
+ argpos++;
+ port = atoi(argv[argpos]);
+ if(port == 0) {
+ fprintf(stderr, "Error %d: invalid port number \"%s\".\nUsage: %s %s\n", errno, argv[argpos], argv[0], usage);
+ goto done;
+ }
+ } else if((strcmp(argv[argpos], "--format") == 0) || (strcmp(argv[argpos], "-f") == 0)) {
+ argpos++;
+ format = xmlSecXkmsServerFormatFromString(BAD_CAST argv[argpos]);
+ if(format == xmlSecXkmsServerFormatUnknown) {
+ fprintf(stderr, "Error %d: invalid format \"%s\".\nUsage: %s %s\n", errno, argv[argpos], argv[0], usage);
+ goto done;
+ }
+ } else if((strcmp(argv[argpos], "--log-level") == 0) || (strcmp(argv[argpos], "-l") == 0)) {
+ argpos++;
+ log_level = atoi(argv[argpos]);
+ } else {
+ fprintf(stderr, "Error %d: unknown parameter \"%s\".\nUsage: %s %s\n", errno, argv[argpos], argv[0], usage);
+ goto done;
+ }
+ }
+ if(argpos >= argc) {
+ fprintf(stderr, "Error %d: keys file is not specified.\nUsage: %s %s\n", errno, argv[0], usage);
+ goto done;
+ }
+
+ /* Load keys */
+ for(; argpos < argc; argpos++) {
+ if(xmlSecCryptoAppDefaultKeysMngrLoad(mngr, argv[argpos]) < 0) {
+ fprintf(stderr, "Error %d: failed to load xml keys file \"%s\".\nUsage: %s %s\n", errno, argv[argpos], argv[0], usage);
+ goto done;
+ }
+ if(log_level >= LOG_LEVEL_INFO) {
+ fprintf(stdout, "Log: loaded keys from \"%s\"\n", argv[argpos]);
+ }
+ }
+
+ /* Startup TCP server */
+ if(init_server(port) < 0) {
+ fprintf(stderr, "Error, errno: server initialization failed\n", errno);
+ goto done;
+ }
+ assert(sockfd != -1);
+
+ /* main loop: accept connections and process requests */
+ while(finished == 0) {
+ fd_set fds;
+ struct timeval timeout;
+
+ /* Set up polling using select() */
+ FD_ZERO(&fds);
+ FD_SET(sockfd, &fds);
+ memset(&timeout, 0, sizeof(timeout));
+ timeout.tv_sec = 1;
+ ret = select(sockfd + 1, &fds, NULL, NULL, &timeout);
+ if((ret <= 0) || !FD_ISSET(sockfd, &fds)) {
+ /* error, timed out or not our socket: try again */
+ continue;
+ }
+
+ if(handle_connection(sockfd, xkmsCtx, format) < 0) {
+ fprintf(stderr, "Error %d: unable to accept incomming connection\n");
+ goto done;
+ }
+ }
+
+done:
+ if(log_level >= LOG_LEVEL_INFO) {
+ fprintf(stdout, "Log: server is shutting down\n");
+ }
+
+ /* Shutdown TCP server */
+ stop_server();
+
+ /* Destroy xkms server context */
+ if(xkmsCtx != NULL) {
+ xmlSecXkmsServerCtxDestroy(xkmsCtx);
+ xkmsCtx = NULL;
+ }
+
+ /* Destroy keys manager */
+ if(mngr != NULL) {
+ xmlSecKeysMngrDestroy(mngr);
+ mngr = NULL;
+ }
+
+ /* Shutdown xmlsec-crypto library */
+ xmlSecCryptoShutdown();
+
+ /* Shutdown crypto library */
+ xmlSecCryptoAppShutdown();
+
+ /* Shutdown xmlsec library */
+ xmlSecShutdown();
+
+ /* Shutdown libxslt/libxml */
+#ifndef XMLSEC_NO_XSLT
+ xsltFreeSecurityPrefs(xsltSecPrefs);
+ xsltCleanupGlobals();
+#endif /* XMLSEC_NO_XSLT */
+ xmlCleanupParser();
+
+ fprintf(stdout, "Log: server is down, bye!\n");
+ return(0);
+}
+
+/**
+ * init_server:
+ * @port: the server'xmlSecBufferGetData(buffer) TCP port number.
+ *
+ * Starts up a TCP server listening on given @port.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+static int
+init_server(unsigned short port) {
+#ifdef WIN32_SOCKETS
+ WSADATA data;
+#endif /* WIN32_SOCKETS */
+ struct sockaddr_in saddr;
+ int flags;
+
+#ifdef WIN32_SOCKETS
+ if(WSAStartup(MAKEWORD(1,1), &data)) {
+ fprintf(stderr, "Error %d: WSAStartup() failed\n", errno);
+ return(-1);
+ }
+#endif /* WIN32_SOCKETS */
+
+ /* create socket */
+ sockfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
+#ifdef UNIX_SOCKETS
+ if(sockfd == -1) {
+#endif /* UNIX_SOCKETS */
+
+#ifdef WIN32_SOCKETS
+ if(sockfd == INVALID_SOCKET) {
+#endif /* WIN32_SOCKETS */
+
+ fprintf(stderr, "Error %d: socket() failed\n", errno);
+ return(-1);
+ }
+
+ /* enable reuse of address */
+ flags = 1;
+ if(setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, (char *)&flags, sizeof(flags)) != 0) {
+ fprintf(stderr, "Error %d: setsockopt(SO_REUSEADDR) failed\n", errno);
+ return(-1);
+ }
+
+#ifdef UNIX_SOCKETS
+ /* set non-blocking */
+ flags = fcntl(sockfd, F_GETFL);
+ if(flags < 0) {
+ fprintf(stderr, "Error %d: fcntl(F_GETFL) failed\n", errno);
+ return(-1);
+ }
+ if(fcntl(sockfd, F_SETFL, flags | O_NONBLOCK) < 0) {
+ fprintf(stderr, "Error %d: fcntl(F_SETFL) failed\n", errno);
+ return(-1);
+ }
+#endif /* UNIX_SOCKETS */
+
+ /* preset socket structure for socket binding */
+ memset(&saddr, 0, sizeof(saddr));
+ saddr.sin_family = AF_INET;
+ saddr.sin_port = htons(port);
+ saddr.sin_addr.s_addr = INADDR_ANY;
+ if(bind(sockfd, (struct sockaddr *)&saddr, sizeof(struct sockaddr)) != 0) {
+ fprintf(stderr, "Error %d: bind() failed\n", errno);
+ return(-1);
+ }
+
+ /* prepare for listening */
+ if(listen(sockfd, PENDING_QUEUE_SIZE) != 0) {
+ fprintf(stderr, "Error %d: listen() failed\n", errno);
+ return(-1);
+ }
+
+#ifdef UNIX_SOCKETS
+ /* setup SIGINT handler that will stop the server */
+ signal(SIGINT, int_signal_handler);
+#endif /* UNIX_SOCKETS */
+
+ if(log_level >= LOG_LEVEL_INFO) {
+ fprintf(stdout, "Log: server is ready and listening on port %d\n", port);
+ }
+ return(0);
+}
+
+/**
+ * stop_server:
+ *
+ * Shuts down TCP server.
+ */
+static void
+stop_server() {
+#ifdef UNIX_SOCKETS
+ if(sockfd != -1) {
+ shutdown(sockfd, SHUT_RDWR);
+ close(sockfd);
+ sockfd = -1;
+ }
+#endif /* UNIX_SOCKETS */
+
+#ifdef WIN32_SOCKETS
+ if(sockfd != -1) {
+ close(sockfd);
+ sockfd = -1;
+ }
+#endif /* WIN32_SOCKETS */
+ if(log_level >= LOG_LEVEL_INFO) {
+ fprintf(stdout, "Log: server is shutted down\n");
+ }
+}
+
+/**
+ * int_signal_handler:
+ * @sig_num: the signal number.
+ *
+ * Unix's Ctrl-C signal handler that stops the server.
+ */
+static void
+int_signal_handler(int sig_num) {
+ if(log_level >= LOG_LEVEL_INFO) {
+ fprintf(stdout, "Log: server is asked to shutdown\n");
+ }
+ finished = 1;
+}
+
+/**
+ * handle_connection:
+ * @sockfd: the server's socket.
+ * @xkmsCtx: the template XKMS server context.
+ * @format: the expected format of XKMS requests.
+ *
+ * Establishs a connection, forks a child process (onUnix), reads the request,
+ * processes it and writes back the response.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+static int
+handle_connection(int sockfd, xmlSecXkmsServerCtxPtr xkmsCtx, xmlSecXkmsServerFormat format) {
+#ifdef UNIX_SOCKETS
+ int fd = -1;
+#endif /* UNIX_SOCKETS */
+
+#ifdef WIN32_SOCKETS
+ SOCKET fd = -1;
+#endif /* WIN32_SOCKETS */
+
+ int in_child_process = 0;
+ struct sockaddr_in saddr;
+ int saddr_size;
+ xmlSecXkmsServerCtxPtr xkmsCtx2 = NULL;
+ xmlSecBufferPtr buffer = NULL;
+ xmlDocPtr inDoc = NULL;
+ xmlDocPtr outDoc = NULL;
+ xmlNodePtr result = NULL;
+ xmlOutputBufferPtr output = NULL;
+ int resp_ready = 0;
+ int ret;
+
+ assert(sockfd != -1);
+ assert(xkmsCtx != NULL);
+
+ /* Get the socket connection */
+ saddr_size = sizeof(struct sockaddr_in);
+ fd = accept(sockfd, (struct sockaddr *)&saddr, &saddr_size);
+
+#ifdef UNIX_SOCKETS
+ if(sockfd == -1) {
+#endif /* UNIX_SOCKETS */
+
+#ifdef WIN32_SOCKETS
+ if(sockfd == INVALID_SOCKET) {
+#endif /* WIN32_SOCKETS */
+
+ fprintf(stderr, "Error %d: accept() failed\n", errno);
+ return(-1);
+ }
+ if(log_level >= LOG_LEVEL_INFO) {
+ fprintf(stdout, "Log [%s]: got connection\n", inet_ntoa(saddr.sin_addr));
+ }
+
+ /* Create a copy of XKMS server context */
+ xkmsCtx2 = xmlSecXkmsServerCtxCreate(NULL);
+ if(xkmsCtx2 == NULL) {
+ fprintf(stderr, "Error %d [%s]: a copy of XKMS server context initialization failed\n", errno, inet_ntoa(saddr.sin_addr));
+ goto done;
+ }
+ if(xmlSecXkmsServerCtxCopyUserPref(xkmsCtx2, xkmsCtx) < 0) {
+ fprintf(stderr, "Error %d [%s]: XKMS server context copy failed\n", errno, inet_ntoa(saddr.sin_addr));
+ goto done;
+ }
+
+#ifdef UNIX_SOCKETS
+ /* on Unix we use child process to process requests */
+ if(fork()) {
+ /* parent process */
+ return(0);
+ }
+
+ /* child process */
+ in_child_process = 1;
+ close(sockfd); /* we don't need listening socket */
+#endif /* UNIX_SOCKETS */
+
+ buffer = xmlSecBufferCreate(0);
+ if(buffer == NULL) {
+ fprintf(stderr, "Error %d [%s]: xmlSecBufferCreate() failed\n", errno, inet_ntoa(saddr.sin_addr));
+ goto done;
+ }
+
+ /* read input request */
+ ret = read_request(fd, inet_ntoa(saddr.sin_addr), buffer);
+ if(ret < 0) {
+ fprintf(stderr, "Error %d [%s]: read_request() failed\n", errno, inet_ntoa(saddr.sin_addr));
+ goto done;
+ }
+
+ /* parse request */
+ inDoc = xmlParseMemory(xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer) );
+ if((inDoc == NULL) || (xmlDocGetRootElement(inDoc) == NULL)) {
+ fprintf(stderr, "Error %d [%s]: failed to parse request\n", errno, inet_ntoa(saddr.sin_addr));
+ goto done;
+ }
+ xmlSecBufferEmpty(buffer);
+
+ /* prepare result document */
+ outDoc = xmlNewDoc(BAD_CAST "1.0");
+ if(outDoc == NULL) {
+ fprintf(stderr, "Error %d [%s]: failed to create result doc\n", errno, inet_ntoa(saddr.sin_addr));
+ goto done;
+ }
+
+ result = xmlSecXkmsServerCtxProcess(xkmsCtx2, xmlDocGetRootElement(inDoc), format, outDoc);
+ if(result == NULL) {
+ fprintf(stderr, "Error %d [%s]: failed to process xkms server request\n", errno, inet_ntoa(saddr.sin_addr));
+ goto done;
+ }
+
+ /* apppend returned result node to the output document */
+ xmlDocSetRootElement(outDoc, result);
+
+ /* create LibXML2 output buffer */
+ output = xmlSecBufferCreateOutputBuffer(buffer);
+ if(output == NULL) {
+ fprintf(stderr, "Error %d [%s]: xmlSecBufferCreateOutputBuffer() failed\n", errno, inet_ntoa(saddr.sin_addr));
+ goto done;
+ }
+ xmlNodeDumpOutput(output, result->doc, result, 0, 0, NULL);
+
+ xmlOutputBufferClose(output); output = NULL;
+ resp_ready = 1;
+done:
+ /* send back response */
+ if((resp_ready == 1) && (xmlSecBufferGetData(buffer) != NULL)) {
+ ret = send_response(fd, inet_ntoa(saddr.sin_addr), 200, xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer));
+ if(log_level >= LOG_LEVEL_INFO) {
+ fprintf(stdout, "Log [%s]: processed request\n", inet_ntoa(saddr.sin_addr));
+ }
+ } else if(fd >= 0) {
+ ret = send_response(fd, inet_ntoa(saddr.sin_addr), 503, http_503, strlen(http_503));
+ if(log_level >= LOG_LEVEL_INFO) {
+ fprintf(stdout, "Log [%s]: failed to process request\n", inet_ntoa(saddr.sin_addr));
+ }
+ } else {
+ ret = -1;
+ }
+ if(ret < 0) {
+ fprintf(stderr, "Error %d [%s]: send_response() failed\n", errno, inet_ntoa(saddr.sin_addr));
+ }
+
+ /* cleanup */
+ if(output != NULL) {
+ xmlOutputBufferClose(output);
+ output = NULL;
+ }
+
+ if(outDoc != NULL) {
+ xmlFreeDoc(outDoc);
+ outDoc = NULL;
+ }
+
+ if(inDoc != NULL) {
+ xmlFreeDoc(inDoc);
+ inDoc = NULL;
+ }
+
+ if(buffer != NULL) {
+ xmlSecBufferDestroy(buffer);
+ buffer = NULL;
+ }
+
+ if(xkmsCtx2 != NULL) {
+ xmlSecXkmsServerCtxDestroy(xkmsCtx2);
+ xkmsCtx2 = NULL;
+ }
+
+ if(fd >= 0) {
+#ifdef UNIX_SOCKETS
+ shutdown(fd, SHUT_RDWR);
+ close(fd);
+#endif /* UNIX_SCOKETS */
+
+#ifdef WIN32_SOCKETS
+ close(fd);
+#endif /* WIN32_SCOKETS */
+
+ fd = -1;
+ }
+
+ if(in_child_process) {
+ exit(0);
+ }
+ return(0);
+}
+
+/**
+ * read_request:
+ * @fd: the request's socket.
+ * @in_ip: the request's IP address (for logging).
+ * @buffer: the output buffer.
+ *
+ * Reads the request from socket @fd and stores it in the @buffer.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+static int
+read_request(int fd, const char* in_ip, xmlSecBufferPtr buffer) {
+ char buf[1024];
+ const xmlChar* s;
+ const xmlChar* p;
+ int nread;
+ int length = 0;
+ int found = 0;
+ int counter;
+
+ assert(fd != -1);
+ assert(in_ip != NULL);
+ assert(buffer);
+
+ /* first read the http headers */
+ counter = 5;
+ while(my_strnstr(xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer), BAD_CAST "\r\n\r\n", 4) == NULL) {
+ nread = recv(fd, buf, sizeof(buf), 0);
+ if(nread < 0) {
+ fprintf(stderr, "Error %d [%s]: read() failed\n", errno, in_ip);
+ return(-1);
+ }
+
+ if((nread > 0) && (xmlSecBufferAppend(buffer, buf, nread) < 0)) {
+ fprintf(stderr, "Error %d [%s]: xmlSecBufferAppend(%d) failed\n", errno, in_ip, nread);
+ return(-1);
+ }
+
+ if(nread < sizeof(buffer)) {
+ counter--;
+ if(counter <= 0) {
+ break;
+ }
+ }
+ }
+
+ if(xmlSecBufferGetData(buffer) == NULL) {
+ fprintf(stderr, "Error %d [%s]: no bytes read\n", errno, in_ip);
+ return(-1);
+ }
+
+ if(log_level >= LOG_LEVEL_DEBUG) {
+ xmlSecBufferAppend(buffer, BAD_CAST "\0", 1);
+ fprintf(stdout, "Debug [%s]: request headers:\n%s\n", in_ip, xmlSecBufferGetData(buffer));
+ xmlSecBufferRemoveTail(buffer, 1);
+ }
+
+ /* Parse the request and extract the body. We expect the request to look
+ * like this:
+ * POST <path> HTTP/1.x\r\n
+ * <header1>\r\n
+ * <header2>\r\n
+ * ...
+ * <headerN>\r\n
+ * \r\n
+ * <body>
+ */
+
+ /* analyze the first line */
+ p = my_strnstr(xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer), BAD_CAST "\r\n", 2);
+ if(p == NULL) {
+ fprintf(stderr, "Error %d [%s]: there is no HTTP header\n", errno, in_ip);
+ return(-1);
+ }
+ if(xmlStrncasecmp(xmlSecBufferGetData(buffer), BAD_CAST "POST ", 5) != 0) {
+ fprintf(stderr, "Error %d [%s]: not a POST request\n", errno, in_ip);
+ return(-1);
+ }
+ /* "POST " + " HTTP/1.x" == 14 */
+ s = xmlSecBufferGetData(buffer);
+ if(p - s <= 14) {
+ fprintf(stderr, "Error %d [%s]: first line has bad length\n", errno, in_ip);
+ return(-1);
+ }
+ if((xmlStrncasecmp(p - 9, BAD_CAST " HTTP/1.0", 9) != 0) &&
+ (xmlStrncasecmp(p - 9, BAD_CAST " HTTP/1.1", 9) != 0)) {
+
+ fprintf(stderr, "Error %d [%s]: first line does not end with \" HTTP/1.x\"\n", errno, in_ip);
+ return(-1);
+ }
+ if(xmlSecBufferRemoveHead(buffer, p - xmlSecBufferGetData(buffer) + 2) < 0) {
+ fprintf(stderr, "Error %d [%s]: failed to skip first line\n", errno, in_ip);
+ return(-1);
+ }
+
+ /* now skip all the headers (i.e. everything until empty line) */
+ found = 0;
+ while(!found) {
+ p = my_strnstr(xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer), BAD_CAST "\r\n", 2);
+ if(p == NULL) {
+ fprintf(stderr, "Error %d [%s]: there is no HTTP body\n", errno, in_ip);
+ return(-1);
+ }
+
+ if(p == xmlSecBufferGetData(buffer)) {
+ found = 1;
+ } else if(xmlStrncasecmp(xmlSecBufferGetData(buffer), BAD_CAST "Content-length: ", 16) == 0) {
+ length = atoi(xmlSecBufferGetData(buffer) + 16);
+ }
+
+ if(xmlSecBufferRemoveHead(buffer, p - xmlSecBufferGetData(buffer) + 2) < 0) {
+ fprintf(stderr, "Error %d [%s]: failed to skip header line\n", errno, in_ip);
+ return(-1);
+ }
+ }
+
+ /* remove the trailing \0 we added */
+ xmlSecBufferRemoveTail(buffer, 1);
+
+ /* now read the body */
+ counter = 5;
+ while(xmlSecBufferGetSize(buffer) < length) {
+ nread = recv(fd, buf, sizeof(buf), 0);
+ if(nread < 0) {
+ fprintf(stderr, "Error %d [%s]: read() failed\n", errno, in_ip);
+ return(-1);
+ }
+
+ if((nread > 0) && (xmlSecBufferAppend(buffer, buf, nread) < 0)) {
+ fprintf(stderr, "Error %d [%s]: xmlSecBufferAppend(%d) failed\n", errno, in_ip, nread);
+ return(-1);
+ }
+ if(nread < sizeof(buffer)) {
+ counter--;
+ if(counter <= 0) {
+ break;
+ }
+ }
+ }
+ if(log_level >= LOG_LEVEL_INFO) {
+ fprintf(stdout, "Log [%s]: body size is %d bytes\n", in_ip, xmlSecBufferGetSize(buffer));
+ }
+ if(log_level >= LOG_LEVEL_DATA) {
+ xmlSecBufferAppend(buffer, BAD_CAST "\0", 1);
+ fprintf(stdout, "Log [%s]: request body:\n%s\n", in_ip, xmlSecBufferGetData(buffer));
+ xmlSecBufferRemoveTail(buffer, 1);
+ }
+ return(0);
+}
+
+/**
+ * send_response:
+ * @fd: the request's socket.
+ * @in_ip: the request's IP address (for logging).
+ * @resp_code: the HTTP response code.
+ * @body: the response body.
+ * @body_len: the response body length.
+ *
+ * Writes HTTP response headers and @body to the @socket.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+static int
+send_response(int fd, const char* in_ip, int resp_code, const char* body, int body_size) {
+ char header[sizeof(http_header) + 100];
+
+ assert(fd != -1);
+ assert(in_ip != NULL);
+ assert(resp_code > 0);
+ assert(body != NULL);
+
+ /* prepare and send http header */
+ sprintf(header, http_header, resp_code, body_size);
+ if(send(fd, header, strlen(header), 0) == -1) {
+ fprintf(stderr, "Error %d [%s]: send(header) failed\n", errno, in_ip);
+ return(-1);
+ }
+
+ if(log_level >= LOG_LEVEL_DATA) {
+ xmlChar* tmp = xmlStrndup(body, body_size);
+ fprintf(stdout, "Log [%s]: response is\n%s\n", in_ip, tmp);
+ xmlFree(tmp);
+ }
+
+ /* send body */
+ if(send(fd, body, body_size, 0) == -1) {
+ fprintf(stderr, "Error %d [%s]: send(body) failed\n", errno, in_ip);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * my_strnstr:
+ * @str: the soruce string.
+ * @strLen: the source string length.
+ * @tmpl: the template string.
+ * @tmplLen: the template string length.
+ *
+ * Searches for the first occurence of @tmpl in @str.
+ *
+ * Returns pointer to the first occurence of @tmpl in @str or NULL if it is not found.
+ */
+static const xmlChar*
+my_strnstr(const xmlChar* str, xmlSecSize strLen, const xmlChar* tmpl, xmlSecSize tmplLen) {
+ xmlSecSize pos;
+
+ if((str == NULL) || (tmpl == NULL)) {
+ return(NULL);
+ }
+ for(pos = 0; pos + tmplLen <= strLen; pos++) {
+ if(xmlStrncmp(str + pos, tmpl, tmplLen) == 0) {
+ return(str + pos);
+ }
+ }
+
+ return(NULL);
+}
+
+#endif /* XMLSEC_NO_XKMS */
+
diff --git a/examples/xmldsigverify.c b/examples/xmldsigverify.c
new file mode 100644
index 00000000..f4c376ea
--- /dev/null
+++ b/examples/xmldsigverify.c
@@ -0,0 +1,381 @@
+/**
+ * XML Security Library example: CGI verification script.
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+#include <dirent.h>
+
+#include <libxml/tree.h>
+#include <libxml/xmlmemory.h>
+#include <libxml/parser.h>
+
+#ifndef XMLSEC_NO_XSLT
+#include <libxslt/xslt.h>
+#include <libxslt/security.h>
+#endif /* XMLSEC_NO_XSLT */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/xmldsig.h>
+#include <xmlsec/crypto.h>
+
+/* #define XMLDSIGVERIFY_DEFAULT_TRUSTED_CERTS_FOLDER "/etc/httpd/conf/ssl.crt" */
+#define XMLDSIGVERIFY_DEFAULT_TRUSTED_CERTS_FOLDER "/var/www/cgi-bin/keys-certs.def"
+#define XMLDSIGVERIFY_KEY_AND_CERTS_FOLDER "/var/www/cgi-bin/keys-certs"
+
+
+int load_keys(xmlSecKeysMngrPtr mngr, const char* path, int report_loaded_keys);
+int load_trusted_certs(xmlSecKeysMngrPtr mngr, const char* path, int report_loaded_certs);
+int verify_request(xmlSecKeysMngrPtr mngr);
+int url_decode(char *buf, size_t size);
+
+int
+main(int argc, char **argv) {
+ xmlSecKeysMngrPtr mngr;
+#ifndef XMLSEC_NO_XSLT
+ xsltSecurityPrefsPtr xsltSecPrefs = NULL;
+#endif /* XMLSEC_NO_XSLT */
+
+ /* start response */
+ fprintf(stdout, "Content-type: text/plain\n");
+ fprintf(stdout, "\n");
+
+ /* Init libxml and libxslt libraries */
+ xmlInitParser();
+ LIBXML_TEST_VERSION
+ xmlLoadExtDtdDefaultValue = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ xmlSubstituteEntitiesDefault(1);
+#ifndef XMLSEC_NO_XSLT
+ xmlIndentTreeOutput = 1;
+#endif /* XMLSEC_NO_XSLT */
+
+ /* make sure that we print out everything to stdout */
+ xmlGenericErrorContext = stdout;
+
+ /* Init libxslt */
+#ifndef XMLSEC_NO_XSLT
+ /* disable everything */
+ xsltSecPrefs = xsltNewSecurityPrefs();
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid);
+ xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid);
+ xsltSetDefaultSecurityPrefs(xsltSecPrefs);
+#endif /* XMLSEC_NO_XSLT */
+
+ /* Init xmlsec library */
+ if(xmlSecInit() < 0) {
+ fprintf(stdout, "Error: xmlsec initialization failed.\n");
+ return(-1);
+ }
+
+ /* Check loaded library version */
+ if(xmlSecCheckVersion() != 1) {
+ fprintf(stdout, "Error: loaded xmlsec library version is not compatible.\n");
+ return(-1);
+ }
+
+ /* Load default crypto engine if we are supporting dynamic
+ * loading for xmlsec-crypto libraries. Use the crypto library
+ * name ("openssl", "nss", etc.) to load corresponding
+ * xmlsec-crypto library.
+ */
+#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+ if(xmlSecCryptoDLLoadLibrary(BAD_CAST XMLSEC_CRYPTO) < 0) {
+ fprintf(stdout, "Error: unable to load default xmlsec-crypto library. Make sure\n"
+ "that you have it installed and check shared libraries path\n"
+ "(LD_LIBRARY_PATH) envornment variable.\n");
+ return(-1);
+ }
+#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+
+ /* Init crypto library */
+ if(xmlSecCryptoAppInit(XMLDSIGVERIFY_DEFAULT_TRUSTED_CERTS_FOLDER) < 0) {
+ fprintf(stdout, "Error: crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* Init xmlsec-crypto library */
+ if(xmlSecCryptoInit() < 0) {
+ fprintf(stdout, "Error: xmlsec-crypto initialization failed.\n");
+ return(-1);
+ }
+
+ /* create keys manager */
+ mngr = xmlSecKeysMngrCreate();
+ if(mngr == NULL) {
+ fprintf(stdout, "Error: failed to create keys manager.\n");
+ return(-1);
+ }
+ if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) {
+ fprintf(stdout, "Error: failed to initialize keys manager.\n");
+ return(-1);
+ }
+
+ if(load_keys(mngr, XMLDSIGVERIFY_KEY_AND_CERTS_FOLDER, 0) < 0) {
+ xmlSecKeysMngrDestroy(mngr);
+ return(-1);
+ }
+
+ if(load_trusted_certs(mngr, XMLDSIGVERIFY_KEY_AND_CERTS_FOLDER, 0) < 0) {
+ xmlSecKeysMngrDestroy(mngr);
+ return(-1);
+ }
+
+ if(verify_request(mngr) < 0) {
+ xmlSecKeysMngrDestroy(mngr);
+ return(-1);
+ }
+
+ /* Destroy keys manager */
+ xmlSecKeysMngrDestroy(mngr);
+
+ /* Shutdown xmlsec-crypto library */
+ xmlSecCryptoShutdown();
+
+ /* Shutdown crypto library */
+ xmlSecCryptoAppShutdown();
+
+ /* Shutdown xmlsec library */
+ xmlSecShutdown();
+
+ /* Shutdown libxslt/libxml */
+#ifndef XMLSEC_NO_XSLT
+ xsltFreeSecurityPrefs(xsltSecPrefs);
+ xsltCleanupGlobals();
+#endif /* XMLSEC_NO_XSLT */
+
+ xmlCleanupParser();
+
+ return(0);
+}
+
+/**
+ * load_trusted_certs:
+ * @mngr: the keys manager.
+ * @path: the path to a folder that contains trusted certificates.
+ *
+ * Loads trusted certificates from @path.
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int load_trusted_certs(xmlSecKeysMngrPtr mngr, const char* path, int report_loaded_certs) {
+ DIR* dir;
+ struct dirent* entry;
+ char filename[256];
+ int len;
+
+ assert(mngr);
+ assert(path);
+
+ dir = opendir(path);
+ if(dir == NULL) {
+ fprintf(stdout, "Error: failed to open folder \"%s\".\n", path);
+ return(-1);
+ }
+ while((entry = readdir(dir)) != NULL) {
+ assert(entry->d_name);
+ len = strlen(entry->d_name);
+ if((len > 4) && (strcmp(entry->d_name + len - 4, ".pem") == 0)) {
+ snprintf(filename, sizeof(filename), "%s/%s", path, entry->d_name);
+ if(xmlSecCryptoAppKeysMngrCertLoad(mngr, filename, xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted) < 0) {
+ fprintf(stdout,"Error: failed to load pem certificate from \"%s\"\n", filename);
+ closedir(dir);
+ return(-1);
+ }
+ if(report_loaded_certs) {
+ fprintf(stdout, "Loaded trusted certificate from \"%s\"...\n", filename);
+ }
+ } else if((len > 4) && (strcmp(entry->d_name + len - 4, ".der") == 0)) {
+ snprintf(filename, sizeof(filename), "%s/%s", path, entry->d_name);
+ if(xmlSecCryptoAppKeysMngrCertLoad(mngr, filename, xmlSecKeyDataFormatDer, xmlSecKeyDataTypeTrusted) < 0) {
+ fprintf(stdout,"Error: failed to load der certificate from \"%s\"\n", filename);
+ closedir(dir);
+ return(-1);
+ }
+ if(report_loaded_certs) {
+ fprintf(stdout, "Loaded trusted certificate from \"%s\"...\n", filename);
+ }
+ }
+ }
+ closedir(dir);
+ return(0);
+}
+
+int load_keys(xmlSecKeysMngrPtr mngr, const char* path, int report_loaded_keys) {
+ char filename[256];
+
+ assert(mngr);
+
+ snprintf(filename, sizeof(filename), "%s/keys.xml", path);
+ if(xmlSecCryptoAppDefaultKeysMngrLoad(mngr, filename) < 0) {
+ fprintf(stdout,"Error: failed to load keys from \"%s\"\n", filename);
+ return(-1);
+ }
+
+ if(report_loaded_keys) {
+ fprintf(stdout, "Loaded keys from \"%s\"...\n", filename);
+ }
+ return(0);
+}
+
+
+/**
+ * verify_request:
+ * @mng: the keys manager
+ *
+ * Verifies XML signature in the request (stdin).
+ *
+ * Returns 0 on success or a negative value if an error occurs.
+ */
+int
+verify_request(xmlSecKeysMngrPtr mngr) {
+ xmlBufferPtr buffer = NULL;
+ char buf[256];
+ xmlDocPtr doc = NULL;
+ xmlNodePtr node = NULL;
+ xmlSecDSigCtxPtr dsigCtx = NULL;
+ int ret;
+ int res = -1;
+
+ assert(mngr);
+
+ /* load request in the buffer */
+ buffer = xmlBufferCreate();
+ if(buffer == NULL) {
+ fprintf(stdout,"Error: failed to create buffer\n");
+ goto done;
+ }
+
+ while(!feof(stdin)) {
+ ret = fread(buf, 1, sizeof(buf), stdin);
+ if(ret < 0) {
+ fprintf(stdout,"Error: read failed\n");
+ goto done;
+ }
+ xmlBufferAdd(buffer, buf, ret);
+ }
+
+ /* is the document subbmitted from the form? */
+ if(strncmp((char*)xmlBufferContent(buffer), "_xmldoc=", 8) == 0) {
+ xmlBufferShrink(buffer, 8);
+ buffer->use = url_decode((char*)xmlBufferContent(buffer), xmlBufferLength(buffer));
+ }
+
+ /**
+ * Load doc
+ */
+ doc = xmlReadMemory(xmlBufferContent(buffer), xmlBufferLength(buffer),
+ NULL, NULL,
+ XML_PARSE_NOENT | XML_PARSE_NOCDATA |
+ XML_PARSE_PEDANTIC | XML_PARSE_NOCDATA);
+ if (doc == NULL) {
+ fprintf(stdout, "Error: unable to parse xml document (syntax error)\n");
+ goto done;
+ }
+
+ /*
+ * Check the document is of the right kind
+ */
+ if(xmlDocGetRootElement(doc) == NULL) {
+ fprintf(stdout,"Error: empty document\n");
+ goto done;
+ }
+
+ /* find start node */
+ node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeSignature, xmlSecDSigNs);
+ if(node == NULL) {
+ fprintf(stdout, "Error: start <dsig:Signature/> node not found\n");
+ goto done;
+ }
+
+ /* create signature context */
+ dsigCtx = xmlSecDSigCtxCreate(mngr);
+ if(dsigCtx == NULL) {
+ fprintf(stdout,"Error: failed to create signature context\n");
+ goto done;
+ }
+
+ /* we would like to store and print out everything */
+ /* actually we would not because it opens a security hole
+ dsigCtx->flags = XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES |
+ XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES |
+ XMLSEC_DSIG_FLAGS_STORE_SIGNATURE;
+ */
+
+ /* Verify signature */
+ if(xmlSecDSigCtxVerify(dsigCtx, node) < 0) {
+ fprintf(stdout,"Error: signature verification failed\n");
+ goto done;
+ }
+
+ /* print verification result to stdout */
+ if(dsigCtx->status == xmlSecDSigStatusSucceeded) {
+ fprintf(stdout, "RESULT: Signature is OK\n");
+ } else {
+ fprintf(stdout, "RESULT: Signature is INVALID\n");
+ }
+ fprintf(stdout, "---------------------------------------------------\n");
+ xmlSecDSigCtxDebugDump(dsigCtx, stdout);
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(dsigCtx != NULL) {
+ xmlSecDSigCtxDestroy(dsigCtx);
+ }
+
+ if(doc != NULL) {
+ xmlFreeDoc(doc);
+ }
+
+ if(buffer != NULL) {
+ xmlBufferFree(buffer);
+ }
+ return(res);
+}
+
+/* not the best way to do it */
+#define toHex(c) ( ( ('0' <= (c)) && ((c) <= '9') ) ? (c) - '0' : \
+ ( ( ('A' <= (c)) && ((c) <= 'F') ) ? (c) - 'A' + 10 : 0 ) )
+
+/**
+ * url_decode:
+ * @buf: the input buffer.
+ * @size: the input buffer size.
+ *
+ * Does url decoding in-place.
+ *
+ * Returns length of the decoded result on success or
+ * a negative value if an error occurs.
+ */
+int url_decode(char *buf, size_t size) {
+ char *p1, *p2;
+
+ assert(buf);
+
+ p1 = p2 = buf;
+ while(p1 - buf < size) {
+ if(((*p1) == '%') && ((p1 - buf) <= (size - 3))) {
+ *(p2++) = (char)(toHex(p1[1]) * 16 + toHex(p1[2]));
+ p1 += 3;
+ } else if((*p1) == '+') {
+ *(p2++) = ' ';
+ p1++;
+ } else {
+ *(p2++) = *(p1++);
+ }
+ }
+ return(p2 - buf);
+}
+
+
diff --git a/include/Makefile.am b/include/Makefile.am
new file mode 100644
index 00000000..e189efe9
--- /dev/null
+++ b/include/Makefile.am
@@ -0,0 +1,4 @@
+## Process this file with automake to produce Makefile.in
+SUBDIRS=xmlsec
+
+
diff --git a/include/Makefile.in b/include/Makefile.in
new file mode 100644
index 00000000..75062342
--- /dev/null
+++ b/include/Makefile.in
@@ -0,0 +1,656 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = include
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+ html-recursive info-recursive install-data-recursive \
+ install-dvi-recursive install-exec-recursive \
+ install-html-recursive install-info-recursive \
+ install-pdf-recursive install-ps-recursive install-recursive \
+ installcheck-recursive installdirs-recursive pdf-recursive \
+ ps-recursive uninstall-recursive
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
+ distclean-recursive maintainer-clean-recursive
+AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
+ $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \
+ distdir
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = $(SUBDIRS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+am__relativize = \
+ dir0=`pwd`; \
+ sed_first='s,^\([^/]*\)/.*$$,\1,'; \
+ sed_rest='s,^[^/]*/*,,'; \
+ sed_last='s,^.*/\([^/]*\)$$,\1,'; \
+ sed_butlast='s,/*[^/]*$$,,'; \
+ while test -n "$$dir1"; do \
+ first=`echo "$$dir1" | sed -e "$$sed_first"`; \
+ if test "$$first" != "."; then \
+ if test "$$first" = ".."; then \
+ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
+ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
+ else \
+ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
+ if test "$$first2" = "$$first"; then \
+ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
+ else \
+ dir2="../$$dir2"; \
+ fi; \
+ dir0="$$dir0"/"$$first"; \
+ fi; \
+ fi; \
+ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
+ done; \
+ reldir="$$dir2"
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CP = @CP@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GCRYPT_CFLAGS = @GCRYPT_CFLAGS@
+GCRYPT_CRYPTO_LIB = @GCRYPT_CRYPTO_LIB@
+GCRYPT_LIBS = @GCRYPT_LIBS@
+GCRYPT_MIN_VERSION = @GCRYPT_MIN_VERSION@
+GNUTLS_CFLAGS = @GNUTLS_CFLAGS@
+GNUTLS_CRYPTO_LIB = @GNUTLS_CRYPTO_LIB@
+GNUTLS_LIBS = @GNUTLS_LIBS@
+GNUTLS_MIN_VERSION = @GNUTLS_MIN_VERSION@
+GREP = @GREP@
+HELP2MAN = @HELP2MAN@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIBXML_CFLAGS = @LIBXML_CFLAGS@
+LIBXML_CONFIG = @LIBXML_CONFIG@
+LIBXML_LIBS = @LIBXML_LIBS@
+LIBXML_MIN_VERSION = @LIBXML_MIN_VERSION@
+LIBXSLT_CFLAGS = @LIBXSLT_CFLAGS@
+LIBXSLT_CONFIG = @LIBXSLT_CONFIG@
+LIBXSLT_LIBS = @LIBXSLT_LIBS@
+LIBXSLT_MIN_VERSION = @LIBXSLT_MIN_VERSION@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MAN2HTML = @MAN2HTML@
+MKDIR_P = @MKDIR_P@
+MOZILLA_MIN_VERSION = @MOZILLA_MIN_VERSION@
+MSCRYPTO_CFLAGS = @MSCRYPTO_CFLAGS@
+MSCRYPTO_CRYPTO_LIB = @MSCRYPTO_CRYPTO_LIB@
+MSCRYPTO_LIBS = @MSCRYPTO_LIBS@
+MV = @MV@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NSPR_MIN_VERSION = @NSPR_MIN_VERSION@
+NSPR_PACKAGE = @NSPR_PACKAGE@
+NSS_CFLAGS = @NSS_CFLAGS@
+NSS_CRYPTO_LIB = @NSS_CRYPTO_LIB@
+NSS_LIBS = @NSS_LIBS@
+NSS_MIN_VERSION = @NSS_MIN_VERSION@
+NSS_PACKAGE = @NSS_PACKAGE@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_CFLAGS = @OPENSSL_CFLAGS@
+OPENSSL_CRYPTO_LIB = @OPENSSL_CRYPTO_LIB@
+OPENSSL_LIBS = @OPENSSL_LIBS@
+OPENSSL_MIN_VERSION = @OPENSSL_MIN_VERSION@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKGCONFIG_PRESENT = @PKGCONFIG_PRESENT@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+RANLIB = @RANLIB@
+RM = @RM@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+TAR = @TAR@
+U = @U@
+VERSION = @VERSION@
+XMLSEC_APP_DEFINES = @XMLSEC_APP_DEFINES@
+XMLSEC_CFLAGS = @XMLSEC_CFLAGS@
+XMLSEC_CORE_CFLAGS = @XMLSEC_CORE_CFLAGS@
+XMLSEC_CORE_LIBS = @XMLSEC_CORE_LIBS@
+XMLSEC_CRYPTO = @XMLSEC_CRYPTO@
+XMLSEC_CRYPTO_CFLAGS = @XMLSEC_CRYPTO_CFLAGS@
+XMLSEC_CRYPTO_DISABLED_LIST = @XMLSEC_CRYPTO_DISABLED_LIST@
+XMLSEC_CRYPTO_EXTRA_LDFLAGS = @XMLSEC_CRYPTO_EXTRA_LDFLAGS@
+XMLSEC_CRYPTO_LIB = @XMLSEC_CRYPTO_LIB@
+XMLSEC_CRYPTO_LIBS = @XMLSEC_CRYPTO_LIBS@
+XMLSEC_CRYPTO_LIST = @XMLSEC_CRYPTO_LIST@
+XMLSEC_CRYPTO_PC_FILES_LIST = @XMLSEC_CRYPTO_PC_FILES_LIST@
+XMLSEC_DEFINES = @XMLSEC_DEFINES@
+XMLSEC_DL_INCLUDES = @XMLSEC_DL_INCLUDES@
+XMLSEC_DL_LIBS = @XMLSEC_DL_LIBS@
+XMLSEC_DOCDIR = @XMLSEC_DOCDIR@
+XMLSEC_EXTRA_LDFLAGS = @XMLSEC_EXTRA_LDFLAGS@
+XMLSEC_GCRYPT_CFLAGS = @XMLSEC_GCRYPT_CFLAGS@
+XMLSEC_GCRYPT_LIBS = @XMLSEC_GCRYPT_LIBS@
+XMLSEC_GNUTLS_CFLAGS = @XMLSEC_GNUTLS_CFLAGS@
+XMLSEC_GNUTLS_LIBS = @XMLSEC_GNUTLS_LIBS@
+XMLSEC_LIBDIR = @XMLSEC_LIBDIR@
+XMLSEC_LIBS = @XMLSEC_LIBS@
+XMLSEC_NO_AES = @XMLSEC_NO_AES@
+XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_DES = @XMLSEC_NO_DES@
+XMLSEC_NO_DSA = @XMLSEC_NO_DSA@
+XMLSEC_NO_GCRYPT = @XMLSEC_NO_GCRYPT@
+XMLSEC_NO_GNUTLS = @XMLSEC_NO_GNUTLS@
+XMLSEC_NO_GOST = @XMLSEC_NO_GOST@
+XMLSEC_NO_HMAC = @XMLSEC_NO_HMAC@
+XMLSEC_NO_LIBXSLT = @XMLSEC_NO_LIBXSLT@
+XMLSEC_NO_MD5 = @XMLSEC_NO_MD5@
+XMLSEC_NO_MSCRYPTO = @XMLSEC_NO_MSCRYPTO@
+XMLSEC_NO_NSS = @XMLSEC_NO_NSS@
+XMLSEC_NO_OPENSSL = @XMLSEC_NO_OPENSSL@
+XMLSEC_NO_RIPEMD160 = @XMLSEC_NO_RIPEMD160@
+XMLSEC_NO_RSA = @XMLSEC_NO_RSA@
+XMLSEC_NO_SHA1 = @XMLSEC_NO_SHA1@
+XMLSEC_NO_SHA224 = @XMLSEC_NO_SHA224@
+XMLSEC_NO_SHA256 = @XMLSEC_NO_SHA256@
+XMLSEC_NO_SHA384 = @XMLSEC_NO_SHA384@
+XMLSEC_NO_SHA512 = @XMLSEC_NO_SHA512@
+XMLSEC_NO_X509 = @XMLSEC_NO_X509@
+XMLSEC_NO_XKMS = @XMLSEC_NO_XKMS@
+XMLSEC_NO_XMLDSIG = @XMLSEC_NO_XMLDSIG@
+XMLSEC_NO_XMLENC = @XMLSEC_NO_XMLENC@
+XMLSEC_NSS_CFLAGS = @XMLSEC_NSS_CFLAGS@
+XMLSEC_NSS_LIBS = @XMLSEC_NSS_LIBS@
+XMLSEC_OPENSSL_CFLAGS = @XMLSEC_OPENSSL_CFLAGS@
+XMLSEC_OPENSSL_LIBS = @XMLSEC_OPENSSL_LIBS@
+XMLSEC_PACKAGE = @XMLSEC_PACKAGE@
+XMLSEC_STATIC_BINARIES = @XMLSEC_STATIC_BINARIES@
+XMLSEC_VERSION = @XMLSEC_VERSION@
+XMLSEC_VERSION_INFO = @XMLSEC_VERSION_INFO@
+XMLSEC_VERSION_MAJOR = @XMLSEC_VERSION_MAJOR@
+XMLSEC_VERSION_MINOR = @XMLSEC_VERSION_MINOR@
+XMLSEC_VERSION_SAFE = @XMLSEC_VERSION_SAFE@
+XMLSEC_VERSION_SUBMINOR = @XMLSEC_VERSION_SUBMINOR@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+SUBDIRS = xmlsec
+all: all-recursive
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu include/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu include/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+# (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+ @fail= failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ target=`echo $@ | sed s/-recursive//`; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ dot_seen=yes; \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done; \
+ if test "$$dot_seen" = "no"; then \
+ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+ fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+ @fail= failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ case "$@" in \
+ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+ *) list='$(SUBDIRS)' ;; \
+ esac; \
+ rev=''; for subdir in $$list; do \
+ if test "$$subdir" = "."; then :; else \
+ rev="$$subdir $$rev"; \
+ fi; \
+ done; \
+ rev="$$rev ."; \
+ target=`echo $@ | sed s/-recursive//`; \
+ for subdir in $$rev; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done && test -z "$$fail"
+tags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+ done
+ctags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+ include_option=--etags-include; \
+ empty_fix=.; \
+ else \
+ include_option=--include; \
+ empty_fix=; \
+ fi; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test ! -f $$subdir/TAGS || \
+ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
+ fi; \
+ done; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test -d "$(distdir)/$$subdir" \
+ || $(MKDIR_P) "$(distdir)/$$subdir" \
+ || exit 1; \
+ fi; \
+ done
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+ $(am__relativize); \
+ new_distdir=$$reldir; \
+ dir1=$$subdir; dir2="$(top_distdir)"; \
+ $(am__relativize); \
+ new_top_distdir=$$reldir; \
+ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
+ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
+ ($(am__cd) $$subdir && \
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$$new_top_distdir" \
+ distdir="$$new_distdir" \
+ am__remove_distdir=: \
+ am__skip_length_check=: \
+ am__skip_mode_fix=: \
+ distdir) \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-recursive
+all-am: Makefile
+installdirs: installdirs-recursive
+installdirs-am:
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-recursive
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+html-am:
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-recursive
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-recursive
+
+install-html-am:
+
+install-info: install-info-recursive
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-pdf-am:
+
+install-ps: install-ps-recursive
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am:
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \
+ install-am install-strip tags-recursive
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+ all all-am check check-am clean clean-generic clean-libtool \
+ ctags ctags-recursive distclean distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs installdirs-am maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \
+ uninstall uninstall-am
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/include/xmlsec/Makefile.am b/include/xmlsec/Makefile.am
new file mode 100644
index 00000000..08592e1e
--- /dev/null
+++ b/include/xmlsec/Makefile.am
@@ -0,0 +1,63 @@
+## Process this file with automake to produce Makefile.in
+NULL =
+SUBDIRS = private $(XMLSEC_CRYPTO_LIST)
+EXTRA_DIST = skeleton mscrypto $(XMLSEC_CRYPTO_DISABLED_LIST)
+
+xmlsecincdir = $(includedir)/xmlsec1/xmlsec
+
+xmlsecinc_HEADERS = \
+ app.h \
+ base64.h \
+ bn.h \
+ buffer.h \
+ crypto.h \
+ dl.h \
+ errors.h \
+ exports.h \
+ io.h \
+ keyinfo.h \
+ keysdata.h \
+ keys.h \
+ keysmngr.h \
+ list.h \
+ membuf.h \
+ nodeset.h \
+ parser.h \
+ private.h \
+ soap.h \
+ strings.h \
+ templates.h \
+ transforms.h \
+ version.h \
+ x509.h \
+ xkms.h \
+ xmldsig.h \
+ xmlenc.h \
+ xmlsec.h \
+ xmltree.h \
+ $(NULL)
+
+remove-old-headers:
+ @if test "x$(DESTDIR)" = "x" && test -d "$(includedir)/xmlsec"; then \
+ echo "----------------------------------------------------------------------"; \
+ echo; \
+ echo "*** WARNING ***:"; \
+ echo; \
+ echo "You seem to have old xmlsec header files installed in:"; \
+ echo; \
+ echo " \"$(includedir)/xmlsec\""; \
+ echo; \
+ echo "The entire directory will be removed now."; \
+ echo "To allow parallel installation of different xmlsec library versions,"; \
+ echo "the header files are now installed in a version specific subdirectory:"; \
+ echo; \
+ echo " \"$(xmlsecincdir)\""; \
+ echo; \
+ echo "----------------------------------------------------------------------"; \
+ echo; \
+ rm -rf "$(includedir)/xmlsec"; \
+ fi
+
+install-exec-hook: remove-old-headers
+ $(mkinstalldirs) $(DESTDIR)$(xmlsecincdir)
+
diff --git a/include/xmlsec/Makefile.in b/include/xmlsec/Makefile.in
new file mode 100644
index 00000000..0a54afd3
--- /dev/null
+++ b/include/xmlsec/Makefile.in
@@ -0,0 +1,767 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = include/xmlsec
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(srcdir)/version.h.in $(xmlsecinc_HEADERS)
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES = version.h
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+ html-recursive info-recursive install-data-recursive \
+ install-dvi-recursive install-exec-recursive \
+ install-html-recursive install-info-recursive \
+ install-pdf-recursive install-ps-recursive install-recursive \
+ installcheck-recursive installdirs-recursive pdf-recursive \
+ ps-recursive uninstall-recursive
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(xmlsecincdir)"
+HEADERS = $(xmlsecinc_HEADERS)
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
+ distclean-recursive maintainer-clean-recursive
+AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
+ $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \
+ distdir
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = $(SUBDIRS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+am__relativize = \
+ dir0=`pwd`; \
+ sed_first='s,^\([^/]*\)/.*$$,\1,'; \
+ sed_rest='s,^[^/]*/*,,'; \
+ sed_last='s,^.*/\([^/]*\)$$,\1,'; \
+ sed_butlast='s,/*[^/]*$$,,'; \
+ while test -n "$$dir1"; do \
+ first=`echo "$$dir1" | sed -e "$$sed_first"`; \
+ if test "$$first" != "."; then \
+ if test "$$first" = ".."; then \
+ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
+ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
+ else \
+ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
+ if test "$$first2" = "$$first"; then \
+ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
+ else \
+ dir2="../$$dir2"; \
+ fi; \
+ dir0="$$dir0"/"$$first"; \
+ fi; \
+ fi; \
+ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
+ done; \
+ reldir="$$dir2"
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CP = @CP@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GCRYPT_CFLAGS = @GCRYPT_CFLAGS@
+GCRYPT_CRYPTO_LIB = @GCRYPT_CRYPTO_LIB@
+GCRYPT_LIBS = @GCRYPT_LIBS@
+GCRYPT_MIN_VERSION = @GCRYPT_MIN_VERSION@
+GNUTLS_CFLAGS = @GNUTLS_CFLAGS@
+GNUTLS_CRYPTO_LIB = @GNUTLS_CRYPTO_LIB@
+GNUTLS_LIBS = @GNUTLS_LIBS@
+GNUTLS_MIN_VERSION = @GNUTLS_MIN_VERSION@
+GREP = @GREP@
+HELP2MAN = @HELP2MAN@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIBXML_CFLAGS = @LIBXML_CFLAGS@
+LIBXML_CONFIG = @LIBXML_CONFIG@
+LIBXML_LIBS = @LIBXML_LIBS@
+LIBXML_MIN_VERSION = @LIBXML_MIN_VERSION@
+LIBXSLT_CFLAGS = @LIBXSLT_CFLAGS@
+LIBXSLT_CONFIG = @LIBXSLT_CONFIG@
+LIBXSLT_LIBS = @LIBXSLT_LIBS@
+LIBXSLT_MIN_VERSION = @LIBXSLT_MIN_VERSION@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MAN2HTML = @MAN2HTML@
+MKDIR_P = @MKDIR_P@
+MOZILLA_MIN_VERSION = @MOZILLA_MIN_VERSION@
+MSCRYPTO_CFLAGS = @MSCRYPTO_CFLAGS@
+MSCRYPTO_CRYPTO_LIB = @MSCRYPTO_CRYPTO_LIB@
+MSCRYPTO_LIBS = @MSCRYPTO_LIBS@
+MV = @MV@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NSPR_MIN_VERSION = @NSPR_MIN_VERSION@
+NSPR_PACKAGE = @NSPR_PACKAGE@
+NSS_CFLAGS = @NSS_CFLAGS@
+NSS_CRYPTO_LIB = @NSS_CRYPTO_LIB@
+NSS_LIBS = @NSS_LIBS@
+NSS_MIN_VERSION = @NSS_MIN_VERSION@
+NSS_PACKAGE = @NSS_PACKAGE@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_CFLAGS = @OPENSSL_CFLAGS@
+OPENSSL_CRYPTO_LIB = @OPENSSL_CRYPTO_LIB@
+OPENSSL_LIBS = @OPENSSL_LIBS@
+OPENSSL_MIN_VERSION = @OPENSSL_MIN_VERSION@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKGCONFIG_PRESENT = @PKGCONFIG_PRESENT@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+RANLIB = @RANLIB@
+RM = @RM@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+TAR = @TAR@
+U = @U@
+VERSION = @VERSION@
+XMLSEC_APP_DEFINES = @XMLSEC_APP_DEFINES@
+XMLSEC_CFLAGS = @XMLSEC_CFLAGS@
+XMLSEC_CORE_CFLAGS = @XMLSEC_CORE_CFLAGS@
+XMLSEC_CORE_LIBS = @XMLSEC_CORE_LIBS@
+XMLSEC_CRYPTO = @XMLSEC_CRYPTO@
+XMLSEC_CRYPTO_CFLAGS = @XMLSEC_CRYPTO_CFLAGS@
+XMLSEC_CRYPTO_DISABLED_LIST = @XMLSEC_CRYPTO_DISABLED_LIST@
+XMLSEC_CRYPTO_EXTRA_LDFLAGS = @XMLSEC_CRYPTO_EXTRA_LDFLAGS@
+XMLSEC_CRYPTO_LIB = @XMLSEC_CRYPTO_LIB@
+XMLSEC_CRYPTO_LIBS = @XMLSEC_CRYPTO_LIBS@
+XMLSEC_CRYPTO_LIST = @XMLSEC_CRYPTO_LIST@
+XMLSEC_CRYPTO_PC_FILES_LIST = @XMLSEC_CRYPTO_PC_FILES_LIST@
+XMLSEC_DEFINES = @XMLSEC_DEFINES@
+XMLSEC_DL_INCLUDES = @XMLSEC_DL_INCLUDES@
+XMLSEC_DL_LIBS = @XMLSEC_DL_LIBS@
+XMLSEC_DOCDIR = @XMLSEC_DOCDIR@
+XMLSEC_EXTRA_LDFLAGS = @XMLSEC_EXTRA_LDFLAGS@
+XMLSEC_GCRYPT_CFLAGS = @XMLSEC_GCRYPT_CFLAGS@
+XMLSEC_GCRYPT_LIBS = @XMLSEC_GCRYPT_LIBS@
+XMLSEC_GNUTLS_CFLAGS = @XMLSEC_GNUTLS_CFLAGS@
+XMLSEC_GNUTLS_LIBS = @XMLSEC_GNUTLS_LIBS@
+XMLSEC_LIBDIR = @XMLSEC_LIBDIR@
+XMLSEC_LIBS = @XMLSEC_LIBS@
+XMLSEC_NO_AES = @XMLSEC_NO_AES@
+XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_DES = @XMLSEC_NO_DES@
+XMLSEC_NO_DSA = @XMLSEC_NO_DSA@
+XMLSEC_NO_GCRYPT = @XMLSEC_NO_GCRYPT@
+XMLSEC_NO_GNUTLS = @XMLSEC_NO_GNUTLS@
+XMLSEC_NO_GOST = @XMLSEC_NO_GOST@
+XMLSEC_NO_HMAC = @XMLSEC_NO_HMAC@
+XMLSEC_NO_LIBXSLT = @XMLSEC_NO_LIBXSLT@
+XMLSEC_NO_MD5 = @XMLSEC_NO_MD5@
+XMLSEC_NO_MSCRYPTO = @XMLSEC_NO_MSCRYPTO@
+XMLSEC_NO_NSS = @XMLSEC_NO_NSS@
+XMLSEC_NO_OPENSSL = @XMLSEC_NO_OPENSSL@
+XMLSEC_NO_RIPEMD160 = @XMLSEC_NO_RIPEMD160@
+XMLSEC_NO_RSA = @XMLSEC_NO_RSA@
+XMLSEC_NO_SHA1 = @XMLSEC_NO_SHA1@
+XMLSEC_NO_SHA224 = @XMLSEC_NO_SHA224@
+XMLSEC_NO_SHA256 = @XMLSEC_NO_SHA256@
+XMLSEC_NO_SHA384 = @XMLSEC_NO_SHA384@
+XMLSEC_NO_SHA512 = @XMLSEC_NO_SHA512@
+XMLSEC_NO_X509 = @XMLSEC_NO_X509@
+XMLSEC_NO_XKMS = @XMLSEC_NO_XKMS@
+XMLSEC_NO_XMLDSIG = @XMLSEC_NO_XMLDSIG@
+XMLSEC_NO_XMLENC = @XMLSEC_NO_XMLENC@
+XMLSEC_NSS_CFLAGS = @XMLSEC_NSS_CFLAGS@
+XMLSEC_NSS_LIBS = @XMLSEC_NSS_LIBS@
+XMLSEC_OPENSSL_CFLAGS = @XMLSEC_OPENSSL_CFLAGS@
+XMLSEC_OPENSSL_LIBS = @XMLSEC_OPENSSL_LIBS@
+XMLSEC_PACKAGE = @XMLSEC_PACKAGE@
+XMLSEC_STATIC_BINARIES = @XMLSEC_STATIC_BINARIES@
+XMLSEC_VERSION = @XMLSEC_VERSION@
+XMLSEC_VERSION_INFO = @XMLSEC_VERSION_INFO@
+XMLSEC_VERSION_MAJOR = @XMLSEC_VERSION_MAJOR@
+XMLSEC_VERSION_MINOR = @XMLSEC_VERSION_MINOR@
+XMLSEC_VERSION_SAFE = @XMLSEC_VERSION_SAFE@
+XMLSEC_VERSION_SUBMINOR = @XMLSEC_VERSION_SUBMINOR@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+NULL =
+SUBDIRS = private $(XMLSEC_CRYPTO_LIST)
+EXTRA_DIST = skeleton mscrypto $(XMLSEC_CRYPTO_DISABLED_LIST)
+xmlsecincdir = $(includedir)/xmlsec1/xmlsec
+xmlsecinc_HEADERS = \
+ app.h \
+ base64.h \
+ bn.h \
+ buffer.h \
+ crypto.h \
+ dl.h \
+ errors.h \
+ exports.h \
+ io.h \
+ keyinfo.h \
+ keysdata.h \
+ keys.h \
+ keysmngr.h \
+ list.h \
+ membuf.h \
+ nodeset.h \
+ parser.h \
+ private.h \
+ soap.h \
+ strings.h \
+ templates.h \
+ transforms.h \
+ version.h \
+ x509.h \
+ xkms.h \
+ xmldsig.h \
+ xmlenc.h \
+ xmlsec.h \
+ xmltree.h \
+ $(NULL)
+
+all: all-recursive
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu include/xmlsec/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu include/xmlsec/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+version.h: $(top_builddir)/config.status $(srcdir)/version.h.in
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-xmlsecincHEADERS: $(xmlsecinc_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(xmlsecincdir)" || $(MKDIR_P) "$(DESTDIR)$(xmlsecincdir)"
+ @list='$(xmlsecinc_HEADERS)'; test -n "$(xmlsecincdir)" || list=; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(xmlsecincdir)'"; \
+ $(INSTALL_HEADER) $$files "$(DESTDIR)$(xmlsecincdir)" || exit $$?; \
+ done
+
+uninstall-xmlsecincHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(xmlsecinc_HEADERS)'; test -n "$(xmlsecincdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ test -n "$$files" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(xmlsecincdir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(xmlsecincdir)" && rm -f $$files
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+# (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+ @fail= failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ target=`echo $@ | sed s/-recursive//`; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ dot_seen=yes; \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done; \
+ if test "$$dot_seen" = "no"; then \
+ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+ fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+ @fail= failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ case "$@" in \
+ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+ *) list='$(SUBDIRS)' ;; \
+ esac; \
+ rev=''; for subdir in $$list; do \
+ if test "$$subdir" = "."; then :; else \
+ rev="$$subdir $$rev"; \
+ fi; \
+ done; \
+ rev="$$rev ."; \
+ target=`echo $@ | sed s/-recursive//`; \
+ for subdir in $$rev; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done && test -z "$$fail"
+tags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+ done
+ctags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+ include_option=--etags-include; \
+ empty_fix=.; \
+ else \
+ include_option=--include; \
+ empty_fix=; \
+ fi; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test ! -f $$subdir/TAGS || \
+ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
+ fi; \
+ done; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test -d "$(distdir)/$$subdir" \
+ || $(MKDIR_P) "$(distdir)/$$subdir" \
+ || exit 1; \
+ fi; \
+ done
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+ $(am__relativize); \
+ new_distdir=$$reldir; \
+ dir1=$$subdir; dir2="$(top_distdir)"; \
+ $(am__relativize); \
+ new_top_distdir=$$reldir; \
+ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
+ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
+ ($(am__cd) $$subdir && \
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$$new_top_distdir" \
+ distdir="$$new_distdir" \
+ am__remove_distdir=: \
+ am__skip_length_check=: \
+ am__skip_mode_fix=: \
+ distdir) \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-recursive
+all-am: Makefile $(HEADERS)
+installdirs: installdirs-recursive
+installdirs-am:
+ for dir in "$(DESTDIR)$(xmlsecincdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-recursive
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+html-am:
+
+info: info-recursive
+
+info-am:
+
+install-data-am: install-xmlsecincHEADERS
+
+install-dvi: install-dvi-recursive
+
+install-dvi-am:
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+install-html: install-html-recursive
+
+install-html-am:
+
+install-info: install-info-recursive
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-pdf-am:
+
+install-ps: install-ps-recursive
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am: uninstall-xmlsecincHEADERS
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \
+ install-am install-exec-am install-strip tags-recursive
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+ all all-am check check-am clean clean-generic clean-libtool \
+ ctags ctags-recursive distclean distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-exec-hook install-html install-html-am \
+ install-info install-info-am install-man install-pdf \
+ install-pdf-am install-ps install-ps-am install-strip \
+ install-xmlsecincHEADERS installcheck installcheck-am \
+ installdirs installdirs-am maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-generic \
+ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \
+ uninstall uninstall-am uninstall-xmlsecincHEADERS
+
+
+remove-old-headers:
+ @if test "x$(DESTDIR)" = "x" && test -d "$(includedir)/xmlsec"; then \
+ echo "----------------------------------------------------------------------"; \
+ echo; \
+ echo "*** WARNING ***:"; \
+ echo; \
+ echo "You seem to have old xmlsec header files installed in:"; \
+ echo; \
+ echo " \"$(includedir)/xmlsec\""; \
+ echo; \
+ echo "The entire directory will be removed now."; \
+ echo "To allow parallel installation of different xmlsec library versions,"; \
+ echo "the header files are now installed in a version specific subdirectory:"; \
+ echo; \
+ echo " \"$(xmlsecincdir)\""; \
+ echo; \
+ echo "----------------------------------------------------------------------"; \
+ echo; \
+ rm -rf "$(includedir)/xmlsec"; \
+ fi
+
+install-exec-hook: remove-old-headers
+ $(mkinstalldirs) $(DESTDIR)$(xmlsecincdir)
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/include/xmlsec/app.h b/include/xmlsec/app.h
new file mode 100644
index 00000000..7f61ac6b
--- /dev/null
+++ b/include/xmlsec/app.h
@@ -0,0 +1,424 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_APP_H__
+#define __XMLSEC_APP_H__
+
+#ifndef XMLSEC_NO_CRYPTO_DYNAMIC_LOADING
+
+#if !defined(IN_XMLSEC) && !defined(XMLSEC_CRYPTO_DYNAMIC_LOADING)
+#error To use dynamic crypto engines loading define XMLSEC_CRYPTO_DYNAMIC_LOADING
+#endif /* !defined(IN_XMLSEC) && !defined(XMLSEC_CRYPTO_DYNAMIC_LOADING) */
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <libxml/tree.h>
+#include <libxml/xmlIO.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keysdata.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/dl.h>
+
+/**********************************************************************
+ *
+ * Crypto Init/shutdown
+ *
+ *********************************************************************/
+XMLSEC_EXPORT int xmlSecCryptoInit (void);
+XMLSEC_EXPORT int xmlSecCryptoShutdown (void);
+XMLSEC_EXPORT int xmlSecCryptoKeysMngrInit (xmlSecKeysMngrPtr mngr);
+
+/*********************************************************************
+ *
+ * Key data ids
+ *
+ ********************************************************************/
+/**
+ * xmlSecKeyDataAesId:
+ *
+ * The AES key klass.
+ */
+#define xmlSecKeyDataAesId xmlSecKeyDataAesGetKlass()
+XMLSEC_EXPORT xmlSecKeyDataId xmlSecKeyDataAesGetKlass (void);
+/**
+ * xmlSecKeyDataDesId:
+ *
+ * The DES key klass.
+ */
+#define xmlSecKeyDataDesId xmlSecKeyDataDesGetKlass()
+XMLSEC_EXPORT xmlSecKeyDataId xmlSecKeyDataDesGetKlass (void);
+/**
+ * xmlSecKeyDataDsaId:
+ *
+ * The DSA key klass.
+ */
+#define xmlSecKeyDataDsaId xmlSecKeyDataDsaGetKlass()
+XMLSEC_EXPORT xmlSecKeyDataId xmlSecKeyDataDsaGetKlass (void);
+/**
+ * xmlSecKeyDataGost2001Id:
+ *
+ * The GOST2001 key klass.
+ */
+#define xmlSecKeyDataGost2001Id xmlSecKeyDataGost2001GetKlass()
+XMLSEC_EXPORT xmlSecKeyDataId xmlSecKeyDataGost2001GetKlass (void);
+/**
+ * xmlSecKeyDataHmacId:
+ *
+ * The DHMAC key klass.
+ */
+#define xmlSecKeyDataHmacId xmlSecKeyDataHmacGetKlass()
+XMLSEC_EXPORT xmlSecKeyDataId xmlSecKeyDataHmacGetKlass (void);
+/**
+ * xmlSecKeyDataRsaId:
+ *
+ * The RSA key klass.
+ */
+#define xmlSecKeyDataRsaId xmlSecKeyDataRsaGetKlass()
+XMLSEC_EXPORT xmlSecKeyDataId xmlSecKeyDataRsaGetKlass (void);
+/**
+ * xmlSecKeyDataX509Id:
+ *
+ * The X509 data klass.
+ */
+#define xmlSecKeyDataX509Id xmlSecKeyDataX509GetKlass()
+XMLSEC_EXPORT xmlSecKeyDataId xmlSecKeyDataX509GetKlass (void);
+/**
+ * xmlSecKeyDataRawX509CertId:
+ *
+ * The raw X509 certificate klass.
+ */
+#define xmlSecKeyDataRawX509CertId xmlSecKeyDataRawX509CertGetKlass()
+XMLSEC_EXPORT xmlSecKeyDataId xmlSecKeyDataRawX509CertGetKlass(void);
+
+/*********************************************************************
+ *
+ * Key data store ids
+ *
+ ********************************************************************/
+/**
+ * xmlSecX509StoreId:
+ *
+ * The X509 store klass.
+ */
+#define xmlSecX509StoreId xmlSecX509StoreGetKlass()
+XMLSEC_EXPORT xmlSecKeyDataStoreId xmlSecX509StoreGetKlass (void);
+
+/*********************************************************************
+ *
+ * Crypto transforms ids
+ *
+ ********************************************************************/
+/**
+ * xmlSecTransformAes128CbcId:
+ *
+ * The AES128 CBC cipher transform klass.
+ */
+#define xmlSecTransformAes128CbcId xmlSecTransformAes128CbcGetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformAes128CbcGetKlass(void);
+/**
+ * xmlSecTransformAes192CbcId:
+ *
+ * The AES192 CBC cipher transform klass.
+ */
+#define xmlSecTransformAes192CbcId xmlSecTransformAes192CbcGetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformAes192CbcGetKlass(void);
+/**
+ * xmlSecTransformAes256CbcId:
+ *
+ * The AES256 CBC cipher transform klass.
+ */
+#define xmlSecTransformAes256CbcId xmlSecTransformAes256CbcGetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformAes256CbcGetKlass(void);
+/**
+ * xmlSecTransformKWAes128Id:
+ *
+ * The AES 128 key wrap transform klass.
+ */
+#define xmlSecTransformKWAes128Id xmlSecTransformKWAes128GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformKWAes128GetKlass (void);
+/**
+ * xmlSecTransformKWAes192Id:
+ *
+ * The AES 192 key wrap transform klass.
+ */
+#define xmlSecTransformKWAes192Id xmlSecTransformKWAes192GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformKWAes192GetKlass (void);
+/**
+ * xmlSecTransformKWAes256Id:
+ *
+ * The AES 256 key wrap transform klass.
+ */
+#define xmlSecTransformKWAes256Id xmlSecTransformKWAes256GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformKWAes256GetKlass (void);
+/**
+ * xmlSecTransformDes3CbcId:
+ *
+ * The Triple DES encryption transform klass.
+ */
+#define xmlSecTransformDes3CbcId xmlSecTransformDes3CbcGetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformDes3CbcGetKlass (void);
+/**
+ * xmlSecTransformKWDes3Id:
+ *
+ * The DES3 CBC cipher transform klass.
+ */
+#define xmlSecTransformKWDes3Id xmlSecTransformKWDes3GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformKWDes3GetKlass (void);
+/**
+ * xmlSecTransformDsaSha1Id:
+ *
+ * The DSA-SHA1 signature transform klass.
+ */
+#define xmlSecTransformDsaSha1Id xmlSecTransformDsaSha1GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformDsaSha1GetKlass (void);
+
+/**
+ * xmlSecTransformGost2001GostR3411_94Id:
+ *
+ * The GOST2001-GOSTR3411_94 signature transform klass.
+ */
+#define xmlSecTransformGost2001GostR3411_94Id xmlSecTransformGost2001GostR3411_94GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformGost2001GostR3411_94GetKlass (void);
+
+/**
+ * xmlSecTransformHmacMd5Id:
+ *
+ * The HMAC with MD5 signature transform klass.
+ */
+#define xmlSecTransformHmacMd5Id xmlSecTransformHmacMd5GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformHmacMd5GetKlass (void);
+/**
+ * xmlSecTransformHmacRipemd160Id:
+ *
+ * The HMAC with RipeMD160 signature transform klass.
+ */
+#define xmlSecTransformHmacRipemd160Id xmlSecTransformHmacRipemd160GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformHmacRipemd160GetKlass(void);
+/**
+ * xmlSecTransformHmacSha1Id:
+ *
+ * The HMAC with SHA1 signature transform klass.
+ */
+#define xmlSecTransformHmacSha1Id xmlSecTransformHmacSha1GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformHmacSha1GetKlass (void);
+/**
+ * xmlSecTransformHmacSha224Id:
+ *
+ * The HMAC with SHA224 signature transform klass.
+ */
+#define xmlSecTransformHmacSha224Id xmlSecTransformHmacSha224GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformHmacSha224GetKlass (void);
+/**
+ * xmlSecTransformHmacSha256Id:
+ *
+ * The HMAC with SHA256 signature transform klass.
+ */
+#define xmlSecTransformHmacSha256Id xmlSecTransformHmacSha256GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformHmacSha256GetKlass (void);
+/**
+ * xmlSecTransformHmacSha384Id:
+ *
+ * The HMAC with SHA384 signature transform klass.
+ */
+#define xmlSecTransformHmacSha384Id xmlSecTransformHmacSha384GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformHmacSha384GetKlass (void);
+/**
+ * xmlSecTransformHmacSha512Id:
+ *
+ * The HMAC with SHA512 signature transform klass.
+ */
+#define xmlSecTransformHmacSha512Id xmlSecTransformHmacSha512GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformHmacSha512GetKlass (void);
+/**
+ * xmlSecTransformMd5Id:
+ *
+ * The MD5 digest transform klass.
+ */
+#define xmlSecTransformMd5Id xmlSecTransformMd5GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformMd5GetKlass(void);
+/**
+ * xmlSecTransformRipemd160Id:
+ *
+ * The RIPEMD160 digest transform klass.
+ */
+#define xmlSecTransformRipemd160Id xmlSecTransformRipemd160GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformRipemd160GetKlass(void);
+/**
+ * xmlSecTransformRsaMd5Id:
+ *
+ * The RSA-MD5 signature transform klass.
+ */
+#define xmlSecTransformRsaMd5Id xmlSecTransformRsaMd5GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformRsaMd5GetKlass (void);
+/**
+ * xmlSecTransformRsaRipemd160Id:
+ *
+ * The RSA-RIPEMD160 signature transform klass.
+ */
+#define xmlSecTransformRsaRipemd160Id xmlSecTransformRsaRipemd160GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformRsaRipemd160GetKlass (void);
+/**
+ * xmlSecTransformRsaSha1Id:
+ *
+ * The RSA-SHA1 signature transform klass.
+ */
+#define xmlSecTransformRsaSha1Id xmlSecTransformRsaSha1GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformRsaSha1GetKlass (void);
+/**
+ * xmlSecTransformRsaSha224Id:
+ *
+ * The RSA-SHA224 signature transform klass.
+ */
+#define xmlSecTransformRsaSha224Id xmlSecTransformRsaSha224GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformRsaSha224GetKlass (void);
+/**
+ * xmlSecTransformRsaSha256Id:
+ *
+ * The RSA-SHA256 signature transform klass.
+ */
+#define xmlSecTransformRsaSha256Id xmlSecTransformRsaSha256GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformRsaSha256GetKlass (void);
+/**
+ * xmlSecTransformRsaSha384Id:
+ *
+ * The RSA-SHA384 signature transform klass.
+ */
+#define xmlSecTransformRsaSha384Id xmlSecTransformRsaSha384GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformRsaSha384GetKlass (void);
+/**
+ * xmlSecTransformRsaSha512Id:
+ *
+ * The RSA-SHA512 signature transform klass.
+ */
+#define xmlSecTransformRsaSha512Id xmlSecTransformRsaSha512GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformRsaSha512GetKlass (void);
+
+/**
+ * xmlSecTransformRsaPkcs1Id:
+ *
+ * The RSA PKCS1 key transport transform klass.
+ */
+#define xmlSecTransformRsaPkcs1Id xmlSecTransformRsaPkcs1GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformRsaPkcs1GetKlass (void);
+/**
+ * xmlSecTransformRsaOaepId:
+ *
+ * The RSA PKCS1 key transport transform klass.
+ */
+#define xmlSecTransformRsaOaepId xmlSecTransformRsaOaepGetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformRsaOaepGetKlass (void);
+/**
+ * xmlSecTransformGostR3411_94Id:
+ *
+ * The GOSTR3411_94 digest transform klass.
+ */
+#define xmlSecTransformGostR3411_94Id xmlSecTransformGostR3411_94GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformGostR3411_94GetKlass (void);
+/**
+ * xmlSecTransformSha1Id:
+ *
+ * The SHA1 digest transform klass.
+ */
+#define xmlSecTransformSha1Id xmlSecTransformSha1GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformSha1GetKlass (void);
+/**
+ * xmlSecTransformSha224Id:
+ *
+ * The SHA224 digest transform klass.
+ */
+#define xmlSecTransformSha224Id xmlSecTransformSha224GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformSha224GetKlass (void);
+/**
+ * xmlSecTransformSha256Id:
+ *
+ * The SHA256 digest transform klass.
+ */
+#define xmlSecTransformSha256Id xmlSecTransformSha256GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformSha256GetKlass (void);
+/**
+ * xmlSecTransformSha384Id:
+ *
+ * The SHA384 digest transform klass.
+ */
+#define xmlSecTransformSha384Id xmlSecTransformSha384GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformSha384GetKlass (void);
+/**
+ * xmlSecTransformSha512Id:
+ *
+ * The SHA512 digest transform klass.
+ */
+#define xmlSecTransformSha512Id xmlSecTransformSha512GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformSha512GetKlass (void);
+
+/*********************************************************************
+ *
+ * High level routines form xmlsec command line utility
+ *
+ ********************************************************************/
+XMLSEC_EXPORT int xmlSecCryptoAppInit (const char* config);
+XMLSEC_EXPORT int xmlSecCryptoAppShutdown (void);
+XMLSEC_EXPORT int xmlSecCryptoAppDefaultKeysMngrInit (xmlSecKeysMngrPtr mngr);
+XMLSEC_EXPORT int xmlSecCryptoAppDefaultKeysMngrAdoptKey (xmlSecKeysMngrPtr mngr,
+ xmlSecKeyPtr key);
+XMLSEC_EXPORT int xmlSecCryptoAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr,
+ const char* uri);
+XMLSEC_EXPORT int xmlSecCryptoAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr,
+ const char* filename,
+ xmlSecKeyDataType type);
+XMLSEC_EXPORT int xmlSecCryptoAppKeysMngrCertLoad (xmlSecKeysMngrPtr mngr,
+ const char *filename,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type);
+XMLSEC_EXPORT int xmlSecCryptoAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type);
+XMLSEC_EXPORT xmlSecKeyPtr xmlSecCryptoAppKeyLoad (const char *filename,
+ xmlSecKeyDataFormat format,
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx);
+XMLSEC_EXPORT xmlSecKeyPtr xmlSecCryptoAppKeyLoadMemory (const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format,
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx);
+XMLSEC_EXPORT xmlSecKeyPtr xmlSecCryptoAppPkcs12Load (const char* filename,
+ const char* pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx);
+XMLSEC_EXPORT xmlSecKeyPtr xmlSecCryptoAppPkcs12LoadMemory (const xmlSecByte* data,
+ xmlSecSize dataSize,
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx);
+XMLSEC_EXPORT int xmlSecCryptoAppKeyCertLoad (xmlSecKeyPtr key,
+ const char* filename,
+ xmlSecKeyDataFormat format);
+XMLSEC_EXPORT int xmlSecCryptoAppKeyCertLoadMemory(xmlSecKeyPtr key,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format);
+XMLSEC_EXPORT void* xmlSecCryptoAppGetDefaultPwdCallback(void);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* XMLSEC_NO_CRYPTO_DYNAMIC_LOADING */
+
+#endif /* __XMLSEC_APP_H__ */
+
diff --git a/include/xmlsec/base64.h b/include/xmlsec/base64.h
new file mode 100644
index 00000000..28d8fbc4
--- /dev/null
+++ b/include/xmlsec/base64.h
@@ -0,0 +1,67 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Base64 encode/decode transform and utility functions.
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_BASE64_H__
+#define __XMLSEC_BASE64_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/transforms.h>
+
+/**
+ * XMLSEC_BASE64_LINESIZE:
+ *
+ * The default maximum base64 encoded line size.
+ */
+#define XMLSEC_BASE64_LINESIZE 64
+
+XMLSEC_EXPORT int xmlSecBase64GetDefaultLineSize (void);
+XMLSEC_EXPORT void xmlSecBase64SetDefaultLineSize (int columns);
+
+
+/* Base64 Context */
+typedef struct _xmlSecBase64Ctx xmlSecBase64Ctx,
+ *xmlSecBase64CtxPtr;
+
+XMLSEC_EXPORT xmlSecBase64CtxPtr xmlSecBase64CtxCreate (int encode,
+ int columns);
+XMLSEC_EXPORT void xmlSecBase64CtxDestroy (xmlSecBase64CtxPtr ctx);
+XMLSEC_EXPORT int xmlSecBase64CtxInitialize (xmlSecBase64CtxPtr ctx,
+ int encode,
+ int columns);
+XMLSEC_EXPORT void xmlSecBase64CtxFinalize (xmlSecBase64CtxPtr ctx);
+XMLSEC_EXPORT int xmlSecBase64CtxUpdate (xmlSecBase64CtxPtr ctx,
+ const xmlSecByte *in,
+ xmlSecSize inSize,
+ xmlSecByte *out,
+ xmlSecSize outSize);
+XMLSEC_EXPORT int xmlSecBase64CtxFinal (xmlSecBase64CtxPtr ctx,
+ xmlSecByte *out,
+ xmlSecSize outSize);
+
+/* Standalone routines to do base64 encode/decode "at once" */
+XMLSEC_EXPORT xmlChar* xmlSecBase64Encode (const xmlSecByte *buf,
+ xmlSecSize len,
+ int columns);
+XMLSEC_EXPORT int xmlSecBase64Decode (const xmlChar* str,
+ xmlSecByte *buf,
+ xmlSecSize len);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_BASE64_H__ */
+
diff --git a/include/xmlsec/bn.h b/include/xmlsec/bn.h
new file mode 100644
index 00000000..65138ed4
--- /dev/null
+++ b/include/xmlsec/bn.h
@@ -0,0 +1,99 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Simple Big Numbers processing.
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_BN_H__
+#define __XMLSEC_BN_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <libxml/tree.h>
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/buffer.h>
+
+typedef xmlSecBuffer xmlSecBn,
+ *xmlSecBnPtr;
+
+/**
+ * xmlSecBnFormat:
+ * @xmlSecBnBase64: the base64 decoded binary blob.
+ * @xmlSecBnHex: the hex number.
+ * @xmlSecBnDec: the decimal number.
+ *
+ * The big numbers formats.
+ */
+typedef enum {
+ xmlSecBnBase64,
+ xmlSecBnHex,
+ xmlSecBnDec
+} xmlSecBnFormat;
+
+XMLSEC_EXPORT xmlSecBnPtr xmlSecBnCreate (xmlSecSize size);
+XMLSEC_EXPORT void xmlSecBnDestroy (xmlSecBnPtr bn);
+XMLSEC_EXPORT int xmlSecBnInitialize (xmlSecBnPtr bn,
+ xmlSecSize size);
+XMLSEC_EXPORT void xmlSecBnFinalize (xmlSecBnPtr bn);
+XMLSEC_EXPORT xmlSecByte* xmlSecBnGetData (xmlSecBnPtr bn);
+XMLSEC_EXPORT int xmlSecBnSetData (xmlSecBnPtr bn,
+ const xmlSecByte* data,
+ xmlSecSize size);
+XMLSEC_EXPORT xmlSecSize xmlSecBnGetSize (xmlSecBnPtr bn);
+XMLSEC_EXPORT void xmlSecBnZero (xmlSecBnPtr bn);
+
+XMLSEC_EXPORT int xmlSecBnFromString (xmlSecBnPtr bn,
+ const xmlChar* str,
+ xmlSecSize base);
+XMLSEC_EXPORT xmlChar* xmlSecBnToString (xmlSecBnPtr bn,
+ xmlSecSize base);
+XMLSEC_EXPORT int xmlSecBnFromHexString (xmlSecBnPtr bn,
+ const xmlChar* str);
+XMLSEC_EXPORT xmlChar* xmlSecBnToHexString (xmlSecBnPtr bn);
+
+XMLSEC_EXPORT int xmlSecBnFromDecString (xmlSecBnPtr bn,
+ const xmlChar* str);
+XMLSEC_EXPORT xmlChar* xmlSecBnToDecString (xmlSecBnPtr bn);
+
+XMLSEC_EXPORT int xmlSecBnMul (xmlSecBnPtr bn,
+ int multiplier);
+XMLSEC_EXPORT int xmlSecBnDiv (xmlSecBnPtr bn,
+ int divider,
+ int* mod);
+XMLSEC_EXPORT int xmlSecBnAdd (xmlSecBnPtr bn,
+ int delta);
+XMLSEC_EXPORT int xmlSecBnReverse (xmlSecBnPtr bn);
+XMLSEC_EXPORT int xmlSecBnCompare (xmlSecBnPtr bn,
+ const xmlSecByte* data,
+ xmlSecSize dataSize);
+XMLSEC_EXPORT int xmlSecBnCompareReverse (xmlSecBnPtr bn,
+ const xmlSecByte* data,
+ xmlSecSize dataSize);
+XMLSEC_EXPORT int xmlSecBnGetNodeValue (xmlSecBnPtr bn,
+ xmlNodePtr cur,
+ xmlSecBnFormat format,
+ int reverse);
+XMLSEC_EXPORT int xmlSecBnSetNodeValue (xmlSecBnPtr bn,
+ xmlNodePtr cur,
+ xmlSecBnFormat format,
+ int reverse,
+ int addLineBreaks);
+XMLSEC_EXPORT int xmlSecBnBlobSetNodeValue (const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlNodePtr cur,
+ xmlSecBnFormat format,
+ int reverse,
+ int addLineBreaks);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_BN_H__ */
+
diff --git a/include/xmlsec/buffer.h b/include/xmlsec/buffer.h
new file mode 100644
index 00000000..2791a97b
--- /dev/null
+++ b/include/xmlsec/buffer.h
@@ -0,0 +1,108 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Memory buffer.
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_BUFFER_H__
+#define __XMLSEC_BUFFER_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <libxml/tree.h>
+#include <xmlsec/xmlsec.h>
+
+typedef struct _xmlSecBuffer xmlSecBuffer,
+ *xmlSecBufferPtr;
+
+
+/**
+ * xmlSecAllocMode:
+ * @xmlSecAllocModeExact: the memory allocation mode that minimizes total
+ * allocated memory size.
+ * @xmlSecAllocModeDouble: the memory allocation mode that tries to minimize
+ * the number of malloc calls.
+ *
+ * The memory allocation mode (used by @xmlSecBuffer and @xmlSecList).
+ */
+typedef enum {
+ xmlSecAllocModeExact = 0,
+ xmlSecAllocModeDouble
+} xmlSecAllocMode;
+
+/*****************************************************************************
+ *
+ * xmlSecBuffer
+ *
+ ****************************************************************************/
+
+/**
+ * xmlSecBuffer:
+ * @data: the pointer to buffer data.
+ * @size: the current data size.
+ * @maxSize: the max data size (allocated buffer size).
+ * @allocMode: the buffer memory allocation mode.
+ *
+ * Binary data buffer.
+ */
+struct _xmlSecBuffer {
+ xmlSecByte* data;
+ xmlSecSize size;
+ xmlSecSize maxSize;
+ xmlSecAllocMode allocMode;
+};
+
+XMLSEC_EXPORT void xmlSecBufferSetDefaultAllocMode (xmlSecAllocMode defAllocMode,
+ xmlSecSize defInitialSize);
+
+XMLSEC_EXPORT xmlSecBufferPtr xmlSecBufferCreate (xmlSecSize size);
+XMLSEC_EXPORT void xmlSecBufferDestroy (xmlSecBufferPtr buf);
+XMLSEC_EXPORT int xmlSecBufferInitialize (xmlSecBufferPtr buf,
+ xmlSecSize size);
+XMLSEC_EXPORT void xmlSecBufferFinalize (xmlSecBufferPtr buf);
+XMLSEC_EXPORT xmlSecByte* xmlSecBufferGetData (xmlSecBufferPtr buf);
+XMLSEC_EXPORT int xmlSecBufferSetData (xmlSecBufferPtr buf,
+ const xmlSecByte* data,
+ xmlSecSize size);
+XMLSEC_EXPORT xmlSecSize xmlSecBufferGetSize (xmlSecBufferPtr buf);
+XMLSEC_EXPORT int xmlSecBufferSetSize (xmlSecBufferPtr buf,
+ xmlSecSize size);
+XMLSEC_EXPORT xmlSecSize xmlSecBufferGetMaxSize (xmlSecBufferPtr buf);
+XMLSEC_EXPORT int xmlSecBufferSetMaxSize (xmlSecBufferPtr buf,
+ xmlSecSize size);
+XMLSEC_EXPORT void xmlSecBufferEmpty (xmlSecBufferPtr buf);
+XMLSEC_EXPORT int xmlSecBufferAppend (xmlSecBufferPtr buf,
+ const xmlSecByte* data,
+ xmlSecSize size);
+XMLSEC_EXPORT int xmlSecBufferPrepend (xmlSecBufferPtr buf,
+ const xmlSecByte* data,
+ xmlSecSize size);
+XMLSEC_EXPORT int xmlSecBufferRemoveHead (xmlSecBufferPtr buf,
+ xmlSecSize size);
+XMLSEC_EXPORT int xmlSecBufferRemoveTail (xmlSecBufferPtr buf,
+ xmlSecSize size);
+
+XMLSEC_EXPORT int xmlSecBufferReadFile (xmlSecBufferPtr buf,
+ const char* filename);
+
+XMLSEC_EXPORT int xmlSecBufferBase64NodeContentRead(xmlSecBufferPtr buf,
+ xmlNodePtr node);
+XMLSEC_EXPORT int xmlSecBufferBase64NodeContentWrite(xmlSecBufferPtr buf,
+ xmlNodePtr node,
+ int columns);
+
+XMLSEC_EXPORT xmlOutputBufferPtr xmlSecBufferCreateOutputBuffer (xmlSecBufferPtr buf);
+
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_BUFFER_H__ */
+
diff --git a/include/xmlsec/crypto.h b/include/xmlsec/crypto.h
new file mode 100644
index 00000000..f388aa1e
--- /dev/null
+++ b/include/xmlsec/crypto.h
@@ -0,0 +1,75 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Crypto engine selection.
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_CRYPTO_H__
+#define __XMLSEC_CRYPTO_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <xmlsec/xmlsec.h>
+
+/* include nothing if we compile xmlsec library itself */
+#ifndef IN_XMLSEC
+#ifndef IN_XMLSEC_CRYPTO
+
+#if defined(XMLSEC_NO_CRYPTO_DYNAMIC_LOADING) && defined(XMLSEC_CRYPTO_DYNAMIC_LOADING)
+#error Dynamic loading for xmlsec-crypto libraries is disabled during library compilation
+#endif /* defined(XMLSEC_NO_CRYPTO_DYNAMIC_LOADING) && defined(XMLSEC_CRYPTO_DYNAMIC_LOADING) */
+
+#ifdef XMLSEC_CRYPTO_DYNAMIC_LOADING
+#include <xmlsec/app.h>
+#else /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+#ifdef XMLSEC_CRYPTO_OPENSSL
+#include <xmlsec/openssl/app.h>
+#include <xmlsec/openssl/crypto.h>
+#include <xmlsec/openssl/x509.h>
+#include <xmlsec/openssl/symbols.h>
+#else /* XMLSEC_CRYPTO_OPENSSL */
+#ifdef XMLSEC_CRYPTO_MSCRYPTO
+#include <xmlsec/mscrypto/app.h>
+#include <xmlsec/mscrypto/crypto.h>
+#include <xmlsec/mscrypto/x509.h>
+#include <xmlsec/mscrypto/symbols.h>
+#else /* XMLSEC_CRYPTO_MSCRYPTO */
+#ifdef XMLSEC_CRYPTO_NSS
+#include <xmlsec/nss/app.h>
+#include <xmlsec/nss/crypto.h>
+#include <xmlsec/nss/x509.h>
+#include <xmlsec/nss/symbols.h>
+#else /* XMLSEC_CRYPTO_NSS */
+#ifdef XMLSEC_CRYPTO_GNUTLS
+#include <xmlsec/gnutls/app.h>
+#include <xmlsec/gnutls/crypto.h>
+#include <xmlsec/gnutls/symbols.h>
+#else /* XMLSEC_CRYPTO_GNUTLS */
+#ifdef XMLSEC_CRYPTO_GCRYPT
+#include <xmlsec/gcrypt/app.h>
+#include <xmlsec/gcrypt/crypto.h>
+#include <xmlsec/gcrypt/symbols.h>
+#else /* XMLSEC_CRYPTO_GCRYPT */
+#error No crypto library defined
+#endif /* XMLSEC_CRYPTO_GCRYPT */
+#endif /* XMLSEC_CRYPTO_GNUTLS */
+#endif /* XMLSEC_CRYPTO_NSS */
+#endif /* XMLSEC_CRYPTO_MSCRYPTO */
+#endif /* XMLSEC_CRYPTO_OPENSSL */
+#endif /* XMLSEC_CRYPTO_DYNAMIC_LOADING */
+
+#endif /* IN_XMLSEC_CRYPTO */
+#endif /* IN_XMLSEC */
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_CRYPTO_H__ */
+
diff --git a/include/xmlsec/dl.h b/include/xmlsec/dl.h
new file mode 100644
index 00000000..86391a78
--- /dev/null
+++ b/include/xmlsec/dl.h
@@ -0,0 +1,56 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_DL_H__
+#define __XMLSEC_DL_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+typedef struct _xmlSecCryptoDLFunctions xmlSecCryptoDLFunctions,
+ *xmlSecCryptoDLFunctionsPtr;
+
+XMLSEC_EXPORT int xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms
+ (xmlSecCryptoDLFunctionsPtr functions);
+
+#ifndef XMLSEC_NO_CRYPTO_DYNAMIC_LOADING
+
+#include <libxml/tree.h>
+#include <libxml/xmlIO.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keysdata.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/transforms.h>
+
+/****************************************************************************
+ *
+ * Dynamic load functions
+ *
+ ****************************************************************************/
+XMLSEC_EXPORT int xmlSecCryptoDLInit (void);
+XMLSEC_EXPORT int xmlSecCryptoDLShutdown (void);
+
+XMLSEC_EXPORT int xmlSecCryptoDLLoadLibrary (const xmlChar* crypto);
+XMLSEC_EXPORT xmlSecCryptoDLFunctionsPtr xmlSecCryptoDLGetLibraryFunctions(const xmlChar* crypto);
+XMLSEC_EXPORT int xmlSecCryptoDLUnloadLibrary (const xmlChar* crypto);
+
+XMLSEC_EXPORT int xmlSecCryptoDLSetFunctions (xmlSecCryptoDLFunctionsPtr functions);
+XMLSEC_EXPORT xmlSecCryptoDLFunctionsPtr xmlSecCryptoDLGetFunctions (void);
+
+#endif /* XMLSEC_NO_CRYPTO_DYNAMIC_LOADING */
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_APP_H__ */
+
diff --git a/include/xmlsec/errors.h b/include/xmlsec/errors.h
new file mode 100644
index 00000000..6e23620c
--- /dev/null
+++ b/include/xmlsec/errors.h
@@ -0,0 +1,504 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Error codes and error reporting functions.
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_ERRORS_H__
+#define __XMLSEC_ERRORS_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+/***************************************************************
+ *
+ * Error codes
+ *
+ **************************************************************/
+/**
+ * XMLSEC_ERRORS_R_XMLSEC_FAILED:
+ *
+ * An XMLSec function failed (error subject is the failed function).
+ */
+#define XMLSEC_ERRORS_R_XMLSEC_FAILED 1
+
+/**
+ * XMLSEC_ERRORS_R_MALLOC_FAILED:
+ *
+ * Failed to allocate memory error.
+ */
+#define XMLSEC_ERRORS_R_MALLOC_FAILED 2
+
+/**
+ * XMLSEC_ERRORS_R_STRDUP_FAILED:
+ *
+ * Failed to duplicate string error.
+ */
+#define XMLSEC_ERRORS_R_STRDUP_FAILED 3
+
+/**
+ * XMLSEC_ERRORS_R_CRYPTO_FAILED:
+ *
+ * Crypto (OpenSSL) function failed (error subject is the failed function).
+ */
+#define XMLSEC_ERRORS_R_CRYPTO_FAILED 4
+
+/**
+ * XMLSEC_ERRORS_R_XML_FAILED:
+ *
+ * LibXML function failed (error subject is the failed function).
+ */
+#define XMLSEC_ERRORS_R_XML_FAILED 5
+
+/**
+ * XMLSEC_ERRORS_R_XSLT_FAILED:
+ *
+ * LibXSLT function failed (error subject is the failed function).
+ */
+#define XMLSEC_ERRORS_R_XSLT_FAILED 6
+
+/**
+ * XMLSEC_ERRORS_R_IO_FAILED:
+ *
+ * IO operation failed.
+ */
+#define XMLSEC_ERRORS_R_IO_FAILED 7
+
+/**
+ * XMLSEC_ERRORS_R_DISABLED:
+ *
+ * The feature is disabled during compilation.
+ * Check './configure --help' for details on how to
+ * enable it.
+ */
+#define XMLSEC_ERRORS_R_DISABLED 8
+
+/**
+ * XMLSEC_ERRORS_R_NOT_IMPLEMENTED:
+ *
+ * Feature is not implemented.
+ */
+#define XMLSEC_ERRORS_R_NOT_IMPLEMENTED 9
+
+/**
+ * XMLSEC_ERRORS_R_INVALID_SIZE:
+ *
+ * Invalid size.
+ */
+#define XMLSEC_ERRORS_R_INVALID_SIZE 11
+
+/**
+ * XMLSEC_ERRORS_R_INVALID_DATA:
+ *
+ * Invalid data.
+ */
+#define XMLSEC_ERRORS_R_INVALID_DATA 12
+
+/**
+ * XMLSEC_ERRORS_R_INVALID_RESULT:
+ *
+ * Invalid result.
+ */
+#define XMLSEC_ERRORS_R_INVALID_RESULT 13
+
+/**
+ * XMLSEC_ERRORS_R_INVALID_TYPE:
+ *
+ * Invalid type.
+ */
+#define XMLSEC_ERRORS_R_INVALID_TYPE 14
+
+/**
+ * XMLSEC_ERRORS_R_INVALID_OPERATION:
+ *
+ * Invalid operation.
+ */
+#define XMLSEC_ERRORS_R_INVALID_OPERATION 15
+
+/**
+ * XMLSEC_ERRORS_R_INVALID_STATUS:
+ *
+ * Invalid status.
+ */
+#define XMLSEC_ERRORS_R_INVALID_STATUS 16
+
+/**
+ * XMLSEC_ERRORS_R_INVALID_FORMAT:
+ *
+ * Invalid format.
+ */
+#define XMLSEC_ERRORS_R_INVALID_FORMAT 17
+
+/**
+ * XMLSEC_ERRORS_R_DATA_NOT_MATCH:
+ *
+ * The data do not match our expectation.
+ */
+#define XMLSEC_ERRORS_R_DATA_NOT_MATCH 18
+
+/**
+ * XMLSEC_ERRORS_R_INVALID_NODE:
+ *
+ * Invalid node (error subject is the node name).
+ */
+#define XMLSEC_ERRORS_R_INVALID_NODE 21
+
+/**
+ * XMLSEC_ERRORS_R_INVALID_NODE_CONTENT:
+ *
+ * Invalid node content (error subject is the node name).
+ */
+#define XMLSEC_ERRORS_R_INVALID_NODE_CONTENT 22
+
+/**
+ * XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE:
+ *
+ * Invalid node attribute (error subject is the node name).
+ */
+#define XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE 23
+
+/**
+ * XMLSEC_ERRORS_R_MISSING_NODE_ATTRIBUTE:
+ *
+ * Missing node attribute (error subject is the node name).
+ */
+#define XMLSEC_ERRORS_R_MISSING_NODE_ATTRIBUTE 25
+
+/**
+ * XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT:
+ *
+ * Node already present,
+ */
+#define XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT 26
+
+/**
+ * XMLSEC_ERRORS_R_UNEXPECTED_NODE:
+ *
+ * Unexpected node (error subject is the node name).
+ */
+#define XMLSEC_ERRORS_R_UNEXPECTED_NODE 27
+
+/**
+ * XMLSEC_ERRORS_R_NODE_NOT_FOUND:
+ *
+ * Node not found (error subject is the required node name).
+ */
+#define XMLSEC_ERRORS_R_NODE_NOT_FOUND 28
+
+/**
+ * XMLSEC_ERRORS_R_INVALID_TRANSFORM:
+ *
+ * This transform is invlaid here.
+ */
+#define XMLSEC_ERRORS_R_INVALID_TRANSFORM 31
+
+/**
+ * XMLSEC_ERRORS_R_INVALID_TRANSFORM_KEY:
+ *
+ * Key is invalid for this transform.
+ */
+#define XMLSEC_ERRORS_R_INVALID_TRANSFORM_KEY 32
+
+/**
+ * XMLSEC_ERRORS_R_INVALID_URI_TYPE:
+ *
+ * Invalid URI type.
+ */
+#define XMLSEC_ERRORS_R_INVALID_URI_TYPE 33
+
+/**
+ * XMLSEC_ERRORS_R_TRANSFORM_SAME_DOCUMENT_REQUIRED:
+ *
+ * The transform requires the input document to be the same as context.
+ */
+#define XMLSEC_ERRORS_R_TRANSFORM_SAME_DOCUMENT_REQUIRED 34
+
+/**
+ * XMLSEC_ERRORS_R_TRANSFORM_DISABLED:
+ *
+ * The transform is disabled.
+ */
+#define XMLSEC_ERRORS_R_TRANSFORM_DISABLED 35
+
+/**
+ * XMLSEC_ERRORS_R_INVALID_KEY_DATA:
+ *
+ * Key data is invalid.
+ */
+#define XMLSEC_ERRORS_R_INVALID_KEY_DATA 41
+
+/**
+ * XMLSEC_ERRORS_R_KEY_DATA_NOT_FOUND:
+ *
+ * Data is not found (error subject is the data name).
+ */
+#define XMLSEC_ERRORS_R_KEY_DATA_NOT_FOUND 42
+
+/**
+ * XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST:
+ *
+ * The key data is already exist.
+ */
+#define XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST 43
+
+/**
+ * XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE:
+ *
+ * Invalid key size.
+ */
+#define XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE 44
+
+/**
+ * XMLSEC_ERRORS_R_KEY_NOT_FOUND:
+ *
+ * Key not found.
+ */
+#define XMLSEC_ERRORS_R_KEY_NOT_FOUND 45
+
+/**
+ * XMLSEC_ERRORS_R_KEYDATA_DISABLED:
+ *
+ * The key data type disabled.
+ */
+#define XMLSEC_ERRORS_R_KEYDATA_DISABLED 46
+
+/**
+ * XMLSEC_ERRORS_R_MAX_RETRIEVALS_LEVEL:
+ *
+ * Max allowed retrievals level reached.
+ */
+#define XMLSEC_ERRORS_R_MAX_RETRIEVALS_LEVEL 51
+
+/**
+ * XMLSEC_ERRORS_R_MAX_RETRIEVAL_TYPE_MISMATCH:
+ *
+ * The retrieved key data type does not match the one specified
+ * in the <dsig:RetrievalMethod/> node.
+ */
+#define XMLSEC_ERRORS_R_MAX_RETRIEVAL_TYPE_MISMATCH 52
+
+/**
+ * XMLSEC_ERRORS_R_MAX_ENCKEY_LEVEL:
+ *
+ * Max EncryptedKey level reached.
+ */
+#define XMLSEC_ERRORS_R_MAX_ENCKEY_LEVEL 61
+
+/**
+ * XMLSEC_ERRORS_R_CERT_VERIFY_FAILED:
+ *
+ * Certificate verification failed.
+ */
+#define XMLSEC_ERRORS_R_CERT_VERIFY_FAILED 71
+
+/**
+ * XMLSEC_ERRORS_R_CERT_NOT_FOUND:
+ *
+ * Requested certificate is not found.
+ */
+#define XMLSEC_ERRORS_R_CERT_NOT_FOUND 72
+
+/**
+ * XMLSEC_ERRORS_R_CERT_REVOKED:
+ *
+ * The certificate is revoked.
+ */
+#define XMLSEC_ERRORS_R_CERT_REVOKED 73
+
+/**
+ * XMLSEC_ERRORS_R_CERT_ISSUER_FAILED:
+ *
+ * Failed to get certificate issuer.
+ */
+#define XMLSEC_ERRORS_R_CERT_ISSUER_FAILED 74
+
+/**
+ * XMLSEC_ERRORS_R_CERT_NOT_YET_VALID:
+ *
+ * "Not valid before" verification failed.
+ */
+#define XMLSEC_ERRORS_R_CERT_NOT_YET_VALID 75
+
+/**
+ * XMLSEC_ERRORS_R_CERT_HAS_EXPIRED:
+ *
+ * "Not valid after" verification failed.
+ */
+#define XMLSEC_ERRORS_R_CERT_HAS_EXPIRED 76
+
+/**
+ * XMLSEC_ERRORS_R_DSIG_NO_REFERENCES:
+ *
+ * The <dsig:Reference> nodes not found.
+ */
+#define XMLSEC_ERRORS_R_DSIG_NO_REFERENCES 81
+
+/**
+ * XMLSEC_ERRORS_R_DSIG_INVALID_REFERENCE:
+ *
+ * The <dsig:Reference> validation failed.
+ */
+#define XMLSEC_ERRORS_R_DSIG_INVALID_REFERENCE 82
+
+/**
+ * XMLSEC_ERRORS_R_ASSERTION:
+ *
+ * Invalid assertion.
+ */
+#define XMLSEC_ERRORS_R_ASSERTION 100
+
+/**
+ * XMLSEC_ERRORS_MAX_NUMBER:
+ *
+ * The maximum xmlsec errors number.
+ */
+#define XMLSEC_ERRORS_MAX_NUMBER 256
+
+
+
+/*******************************************************************
+ *
+ * Error functions
+ *
+ *******************************************************************/
+/**
+ * xmlSecErrorsCallback:
+ * @file: the error location file name (__FILE__ macro).
+ * @line: the error location line number (__LINE__ macro).
+ * @func: the error location function name (__FUNCTION__ macro).
+ * @errorObject: the error specific error object
+ * @errorSubject: the error specific error subject.
+ * @reason: the error code.
+ * @msg: the additional error message.
+ *
+ * The errors reporting callback function.
+ */
+typedef void (*xmlSecErrorsCallback) (const char* file,
+ int line,
+ const char* func,
+ const char* errorObject,
+ const char* errorSubject,
+ int reason,
+ const char* msg);
+
+
+XMLSEC_EXPORT void xmlSecErrorsInit (void);
+XMLSEC_EXPORT void xmlSecErrorsShutdown (void);
+XMLSEC_EXPORT void xmlSecErrorsSetCallback (xmlSecErrorsCallback callback);
+XMLSEC_EXPORT void xmlSecErrorsDefaultCallback (const char* file,
+ int line,
+ const char* func,
+ const char* errorObject,
+ const char* errorSubject,
+ int reason,
+ const char* msg);
+XMLSEC_EXPORT void xmlSecErrorsDefaultCallbackEnableOutput
+ (int enabled);
+
+XMLSEC_EXPORT int xmlSecErrorsGetCode (xmlSecSize pos);
+XMLSEC_EXPORT const char* xmlSecErrorsGetMsg (xmlSecSize pos);
+
+
+
+/* __FUNCTION__ is defined for MSC compiler < MS VS .NET 2003 */
+#if defined(_MSC_VER) && (_MSC_VER >= 1300)
+#define __XMLSEC_FUNCTION__ __FUNCTION__
+#endif /* _MSC_VER */
+
+/* fallback for __FUNCTION__ */
+#if !defined(__XMLSEC_FUNCTION__)
+#define __XMLSEC_FUNCTION__ ""
+#endif /*!defined(__XMLSEC_FUNCTION__) */
+
+/**
+ * XMLSEC_ERRORS_HERE:
+ *
+ * The macro that specifies the location (file, line and function)
+ * for the xmlSecError() function.
+ */
+#define XMLSEC_ERRORS_HERE __FILE__,__LINE__,__XMLSEC_FUNCTION__
+#ifdef __GNUC__
+#define XMLSEC_ERRORS_PRINTF_ATTRIBUTE __attribute__ ((format (printf, 7, 8)))
+#else /* __GNUC__ */
+#define XMLSEC_ERRORS_PRINTF_ATTRIBUTE
+#endif /* __GNUC__ */
+
+/**
+ * xmlSecErrorsSafeString:
+ * @str: the string.
+ *
+ * Macro. Returns @str if it is not NULL or pointer to "NULL" otherwise.
+ */
+#define xmlSecErrorsSafeString(str) \
+ (((str) != NULL) ? ((char*)(str)) : (char*)"NULL")
+
+/**
+ * XMLSEC_ERRORS_NO_MESSAGE:
+ *
+ * Empty error message " ".
+ */
+#define XMLSEC_ERRORS_NO_MESSAGE " "
+
+
+XMLSEC_EXPORT void xmlSecError (const char* file,
+ int line,
+ const char* func,
+ const char* errorObject,
+ const char* errorSubject,
+ int reason,
+ const char* msg, ...) XMLSEC_ERRORS_PRINTF_ATTRIBUTE;
+
+
+
+/**********************************************************************
+ *
+ * Assertions
+ *
+ **********************************************************************/
+/**
+ * xmlSecAssert:
+ * @p: the expression.
+ *
+ * Macro. Verifies that @p is true and calls return() otherwise.
+ */
+#define xmlSecAssert( p ) \
+ if(!( p ) ) { \
+ xmlSecError(XMLSEC_ERRORS_HERE, \
+ NULL, \
+ #p, \
+ XMLSEC_ERRORS_R_ASSERTION, \
+ XMLSEC_ERRORS_NO_MESSAGE); \
+ return; \
+ }
+
+/**
+ * xmlSecAssert2:
+ * @p: the expression.
+ * @ret: the return value.
+ *
+ * Macro. Verifies that @p is true and calls return(@ret) otherwise.
+ */
+#define xmlSecAssert2( p, ret ) \
+ if(!( p ) ) { \
+ xmlSecError(XMLSEC_ERRORS_HERE, \
+ NULL, \
+ #p, \
+ XMLSEC_ERRORS_R_ASSERTION, \
+ XMLSEC_ERRORS_NO_MESSAGE); \
+ return(ret); \
+ }
+
+
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_ERRORS_H__ */
+
+
diff --git a/include/xmlsec/exports.h b/include/xmlsec/exports.h
new file mode 100644
index 00000000..61678c2b
--- /dev/null
+++ b/include/xmlsec/exports.h
@@ -0,0 +1,111 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Export macro declarations for Win32 platform.
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_EXPORTS_H__
+#define __XMLSEC_EXPORTS_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+/* Now, the export orgy begins. The following we must do for the
+ Windows platform with MSVC compiler. */
+
+#if !defined XMLSEC_EXPORT
+# if defined(_WIN32)
+ /* if we compile libxmlsec itself: */
+# if defined(IN_XMLSEC)
+# if !defined(XMLSEC_STATIC)
+# define XMLSEC_EXPORT __declspec(dllexport)
+# else
+# define XMLSEC_EXPORT extern
+# endif
+ /* if a client program includes this file: */
+# else
+#if 1
+ /* gcc fail by initialisation of global variable with error
+ (as example in .../openssl/ciphers.c):
+ "initializer element is not constant"
+ To avoid this we shouldn't use __declspec(dllimport).
+ This will enable auto-import feature. */
+# define XMLSEC_EXPORT
+#else
+# if !defined(XMLSEC_STATIC)
+# define XMLSEC_EXPORT __declspec(dllimport)
+# else
+# define XMLSEC_EXPORT
+# endif
+#endif
+# endif
+ /* This holds on all other platforms/compilers, which are easier to
+ handle in regard to this. */
+# else
+# define XMLSEC_EXPORT
+# endif
+#endif
+
+#if !defined XMLSEC_CRYPTO_EXPORT
+# if defined(_WIN32)
+ /* if we compile libxmlsec itself: */
+# if defined(IN_XMLSEC_CRYPTO)
+# if !defined(XMLSEC_STATIC)
+# define XMLSEC_CRYPTO_EXPORT __declspec(dllexport)
+# else
+# define XMLSEC_CRYPTO_EXPORT extern
+# endif
+ /* if a client program includes this file: */
+# else
+# if !defined(XMLSEC_STATIC)
+# define XMLSEC_CRYPTO_EXPORT __declspec(dllimport)
+# else
+# define XMLSEC_CRYPTO_EXPORT
+# endif
+# endif
+ /* This holds on all other platforms/compilers, which are easier to
+ handle in regard to this. */
+# else
+# define XMLSEC_CRYPTO_EXPORT
+# endif
+#endif
+
+#if !defined XMLSEC_EXPORT_VAR
+# if defined(_WIN32)
+ /* if we compile libxmlsec itself: */
+# if defined(IN_XMLSEC)
+# if !defined(XMLSEC_STATIC)
+# define XMLSEC_EXPORT_VAR __declspec(dllexport) extern
+# else
+# define XMLSEC_EXPORT_VAR extern
+# endif
+ /* if we compile libxmlsec-crypto itself: */
+# elif defined(IN_XMLSEC_CRYPTO)
+# define XMLSEC_EXPORT_VAR extern
+ /* if a client program includes this file: */
+# else
+# if !defined(XMLSEC_STATIC)
+# define XMLSEC_EXPORT_VAR __declspec(dllimport) extern
+# else
+# define XMLSEC_EXPORT_VAR extern
+# endif
+# endif
+ /* This holds on all other platforms/compilers, which are easier to
+ handle in regard to this. */
+# else
+# define XMLSEC_EXPORT_VAR extern
+# endif
+#endif
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_EXPORTS_H__ */
+
+
diff --git a/include/xmlsec/gcrypt/Makefile.am b/include/xmlsec/gcrypt/Makefile.am
new file mode 100644
index 00000000..82f4f90a
--- /dev/null
+++ b/include/xmlsec/gcrypt/Makefile.am
@@ -0,0 +1,13 @@
+NULL =
+
+xmlsecgcryptincdir = $(includedir)/xmlsec1/xmlsec/gcrypt
+
+xmlsecgcryptinc_HEADERS = \
+app.h \
+crypto.h \
+symbols.h \
+$(NULL)
+
+install-exec-hook:
+ $(mkinstalldirs) $(DESTDIR)$(xmlsecgcryptincdir)
+
diff --git a/include/xmlsec/gcrypt/Makefile.in b/include/xmlsec/gcrypt/Makefile.in
new file mode 100644
index 00000000..28044d47
--- /dev/null
+++ b/include/xmlsec/gcrypt/Makefile.in
@@ -0,0 +1,564 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = include/xmlsec/gcrypt
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(xmlsecgcryptinc_HEADERS)
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(xmlsecgcryptincdir)"
+HEADERS = $(xmlsecgcryptinc_HEADERS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CP = @CP@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GCRYPT_CFLAGS = @GCRYPT_CFLAGS@
+GCRYPT_CRYPTO_LIB = @GCRYPT_CRYPTO_LIB@
+GCRYPT_LIBS = @GCRYPT_LIBS@
+GCRYPT_MIN_VERSION = @GCRYPT_MIN_VERSION@
+GNUTLS_CFLAGS = @GNUTLS_CFLAGS@
+GNUTLS_CRYPTO_LIB = @GNUTLS_CRYPTO_LIB@
+GNUTLS_LIBS = @GNUTLS_LIBS@
+GNUTLS_MIN_VERSION = @GNUTLS_MIN_VERSION@
+GREP = @GREP@
+HELP2MAN = @HELP2MAN@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIBXML_CFLAGS = @LIBXML_CFLAGS@
+LIBXML_CONFIG = @LIBXML_CONFIG@
+LIBXML_LIBS = @LIBXML_LIBS@
+LIBXML_MIN_VERSION = @LIBXML_MIN_VERSION@
+LIBXSLT_CFLAGS = @LIBXSLT_CFLAGS@
+LIBXSLT_CONFIG = @LIBXSLT_CONFIG@
+LIBXSLT_LIBS = @LIBXSLT_LIBS@
+LIBXSLT_MIN_VERSION = @LIBXSLT_MIN_VERSION@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MAN2HTML = @MAN2HTML@
+MKDIR_P = @MKDIR_P@
+MOZILLA_MIN_VERSION = @MOZILLA_MIN_VERSION@
+MSCRYPTO_CFLAGS = @MSCRYPTO_CFLAGS@
+MSCRYPTO_CRYPTO_LIB = @MSCRYPTO_CRYPTO_LIB@
+MSCRYPTO_LIBS = @MSCRYPTO_LIBS@
+MV = @MV@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NSPR_MIN_VERSION = @NSPR_MIN_VERSION@
+NSPR_PACKAGE = @NSPR_PACKAGE@
+NSS_CFLAGS = @NSS_CFLAGS@
+NSS_CRYPTO_LIB = @NSS_CRYPTO_LIB@
+NSS_LIBS = @NSS_LIBS@
+NSS_MIN_VERSION = @NSS_MIN_VERSION@
+NSS_PACKAGE = @NSS_PACKAGE@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_CFLAGS = @OPENSSL_CFLAGS@
+OPENSSL_CRYPTO_LIB = @OPENSSL_CRYPTO_LIB@
+OPENSSL_LIBS = @OPENSSL_LIBS@
+OPENSSL_MIN_VERSION = @OPENSSL_MIN_VERSION@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKGCONFIG_PRESENT = @PKGCONFIG_PRESENT@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+RANLIB = @RANLIB@
+RM = @RM@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+TAR = @TAR@
+U = @U@
+VERSION = @VERSION@
+XMLSEC_APP_DEFINES = @XMLSEC_APP_DEFINES@
+XMLSEC_CFLAGS = @XMLSEC_CFLAGS@
+XMLSEC_CORE_CFLAGS = @XMLSEC_CORE_CFLAGS@
+XMLSEC_CORE_LIBS = @XMLSEC_CORE_LIBS@
+XMLSEC_CRYPTO = @XMLSEC_CRYPTO@
+XMLSEC_CRYPTO_CFLAGS = @XMLSEC_CRYPTO_CFLAGS@
+XMLSEC_CRYPTO_DISABLED_LIST = @XMLSEC_CRYPTO_DISABLED_LIST@
+XMLSEC_CRYPTO_EXTRA_LDFLAGS = @XMLSEC_CRYPTO_EXTRA_LDFLAGS@
+XMLSEC_CRYPTO_LIB = @XMLSEC_CRYPTO_LIB@
+XMLSEC_CRYPTO_LIBS = @XMLSEC_CRYPTO_LIBS@
+XMLSEC_CRYPTO_LIST = @XMLSEC_CRYPTO_LIST@
+XMLSEC_CRYPTO_PC_FILES_LIST = @XMLSEC_CRYPTO_PC_FILES_LIST@
+XMLSEC_DEFINES = @XMLSEC_DEFINES@
+XMLSEC_DL_INCLUDES = @XMLSEC_DL_INCLUDES@
+XMLSEC_DL_LIBS = @XMLSEC_DL_LIBS@
+XMLSEC_DOCDIR = @XMLSEC_DOCDIR@
+XMLSEC_EXTRA_LDFLAGS = @XMLSEC_EXTRA_LDFLAGS@
+XMLSEC_GCRYPT_CFLAGS = @XMLSEC_GCRYPT_CFLAGS@
+XMLSEC_GCRYPT_LIBS = @XMLSEC_GCRYPT_LIBS@
+XMLSEC_GNUTLS_CFLAGS = @XMLSEC_GNUTLS_CFLAGS@
+XMLSEC_GNUTLS_LIBS = @XMLSEC_GNUTLS_LIBS@
+XMLSEC_LIBDIR = @XMLSEC_LIBDIR@
+XMLSEC_LIBS = @XMLSEC_LIBS@
+XMLSEC_NO_AES = @XMLSEC_NO_AES@
+XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_DES = @XMLSEC_NO_DES@
+XMLSEC_NO_DSA = @XMLSEC_NO_DSA@
+XMLSEC_NO_GCRYPT = @XMLSEC_NO_GCRYPT@
+XMLSEC_NO_GNUTLS = @XMLSEC_NO_GNUTLS@
+XMLSEC_NO_GOST = @XMLSEC_NO_GOST@
+XMLSEC_NO_HMAC = @XMLSEC_NO_HMAC@
+XMLSEC_NO_LIBXSLT = @XMLSEC_NO_LIBXSLT@
+XMLSEC_NO_MD5 = @XMLSEC_NO_MD5@
+XMLSEC_NO_MSCRYPTO = @XMLSEC_NO_MSCRYPTO@
+XMLSEC_NO_NSS = @XMLSEC_NO_NSS@
+XMLSEC_NO_OPENSSL = @XMLSEC_NO_OPENSSL@
+XMLSEC_NO_RIPEMD160 = @XMLSEC_NO_RIPEMD160@
+XMLSEC_NO_RSA = @XMLSEC_NO_RSA@
+XMLSEC_NO_SHA1 = @XMLSEC_NO_SHA1@
+XMLSEC_NO_SHA224 = @XMLSEC_NO_SHA224@
+XMLSEC_NO_SHA256 = @XMLSEC_NO_SHA256@
+XMLSEC_NO_SHA384 = @XMLSEC_NO_SHA384@
+XMLSEC_NO_SHA512 = @XMLSEC_NO_SHA512@
+XMLSEC_NO_X509 = @XMLSEC_NO_X509@
+XMLSEC_NO_XKMS = @XMLSEC_NO_XKMS@
+XMLSEC_NO_XMLDSIG = @XMLSEC_NO_XMLDSIG@
+XMLSEC_NO_XMLENC = @XMLSEC_NO_XMLENC@
+XMLSEC_NSS_CFLAGS = @XMLSEC_NSS_CFLAGS@
+XMLSEC_NSS_LIBS = @XMLSEC_NSS_LIBS@
+XMLSEC_OPENSSL_CFLAGS = @XMLSEC_OPENSSL_CFLAGS@
+XMLSEC_OPENSSL_LIBS = @XMLSEC_OPENSSL_LIBS@
+XMLSEC_PACKAGE = @XMLSEC_PACKAGE@
+XMLSEC_STATIC_BINARIES = @XMLSEC_STATIC_BINARIES@
+XMLSEC_VERSION = @XMLSEC_VERSION@
+XMLSEC_VERSION_INFO = @XMLSEC_VERSION_INFO@
+XMLSEC_VERSION_MAJOR = @XMLSEC_VERSION_MAJOR@
+XMLSEC_VERSION_MINOR = @XMLSEC_VERSION_MINOR@
+XMLSEC_VERSION_SAFE = @XMLSEC_VERSION_SAFE@
+XMLSEC_VERSION_SUBMINOR = @XMLSEC_VERSION_SUBMINOR@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+NULL =
+xmlsecgcryptincdir = $(includedir)/xmlsec1/xmlsec/gcrypt
+xmlsecgcryptinc_HEADERS = \
+app.h \
+crypto.h \
+symbols.h \
+$(NULL)
+
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu include/xmlsec/gcrypt/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu include/xmlsec/gcrypt/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-xmlsecgcryptincHEADERS: $(xmlsecgcryptinc_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(xmlsecgcryptincdir)" || $(MKDIR_P) "$(DESTDIR)$(xmlsecgcryptincdir)"
+ @list='$(xmlsecgcryptinc_HEADERS)'; test -n "$(xmlsecgcryptincdir)" || list=; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(xmlsecgcryptincdir)'"; \
+ $(INSTALL_HEADER) $$files "$(DESTDIR)$(xmlsecgcryptincdir)" || exit $$?; \
+ done
+
+uninstall-xmlsecgcryptincHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(xmlsecgcryptinc_HEADERS)'; test -n "$(xmlsecgcryptincdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ test -n "$$files" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(xmlsecgcryptincdir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(xmlsecgcryptincdir)" && rm -f $$files
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(HEADERS)
+installdirs:
+ for dir in "$(DESTDIR)$(xmlsecgcryptincdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-xmlsecgcryptincHEADERS
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-xmlsecgcryptincHEADERS
+
+.MAKE: install-am install-exec-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool ctags distclean distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-exec-hook install-html install-html-am \
+ install-info install-info-am install-man install-pdf \
+ install-pdf-am install-ps install-ps-am install-strip \
+ install-xmlsecgcryptincHEADERS installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
+ ps ps-am tags uninstall uninstall-am \
+ uninstall-xmlsecgcryptincHEADERS
+
+
+install-exec-hook:
+ $(mkinstalldirs) $(DESTDIR)$(xmlsecgcryptincdir)
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/include/xmlsec/gcrypt/app.h b/include/xmlsec/gcrypt/app.h
new file mode 100644
index 00000000..a0759d25
--- /dev/null
+++ b/include/xmlsec/gcrypt/app.h
@@ -0,0 +1,96 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_GCRYPT_APP_H__
+#define __XMLSEC_GCRYPT_APP_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/transforms.h>
+
+/********************************************************************
+ *
+ * Init/shutdown
+ *
+ ********************************************************************/
+XMLSEC_CRYPTO_EXPORT int xmlSecGCryptAppInit (const char* config);
+XMLSEC_CRYPTO_EXPORT int xmlSecGCryptAppShutdown (void);
+
+/********************************************************************
+ *
+ * Keys Manager
+ *
+ ********************************************************************/
+XMLSEC_CRYPTO_EXPORT int xmlSecGCryptAppDefaultKeysMngrInit (xmlSecKeysMngrPtr mngr);
+XMLSEC_CRYPTO_EXPORT int xmlSecGCryptAppDefaultKeysMngrAdoptKey (xmlSecKeysMngrPtr mngr,
+ xmlSecKeyPtr key);
+XMLSEC_CRYPTO_EXPORT int xmlSecGCryptAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr,
+ const char* uri);
+XMLSEC_CRYPTO_EXPORT int xmlSecGCryptAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr,
+ const char* filename,
+ xmlSecKeyDataType type);
+#ifndef XMLSEC_NO_X509
+XMLSEC_CRYPTO_EXPORT int xmlSecGCryptAppKeysMngrCertLoad (xmlSecKeysMngrPtr mngr,
+ const char *filename,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type);
+XMLSEC_CRYPTO_EXPORT int xmlSecGCryptAppKeysMngrCertLoadMemory (xmlSecKeysMngrPtr mngr,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type);
+#endif /* XMLSEC_NO_X509 */
+
+
+/********************************************************************
+ *
+ * Keys
+ *
+ ********************************************************************/
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecGCryptAppKeyLoad (const char *filename,
+ xmlSecKeyDataFormat format,
+ const char *pwd,
+ void *pwdCallback,
+ void* pwdCallbackCtx);
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecGCryptAppKeyLoadMemory (const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format,
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx);
+#ifndef XMLSEC_NO_X509
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecGCryptAppPkcs12Load (const char *filename,
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx);
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecGCryptAppPkcs12LoadMemory (const xmlSecByte* data,
+ xmlSecSize dataSize,
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx);
+XMLSEC_CRYPTO_EXPORT int xmlSecGCryptAppKeyCertLoad (xmlSecKeyPtr key,
+ const char* filename,
+ xmlSecKeyDataFormat format);
+XMLSEC_CRYPTO_EXPORT int xmlSecGCryptAppKeyCertLoadMemory (xmlSecKeyPtr key,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format);
+#endif /* XMLSEC_NO_X509 */
+XMLSEC_CRYPTO_EXPORT void* xmlSecGCryptAppGetDefaultPwdCallback (void);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_GCRYPT_APP_H__ */
+
diff --git a/include/xmlsec/gcrypt/crypto.h b/include/xmlsec/gcrypt/crypto.h
new file mode 100644
index 00000000..e576d8fb
--- /dev/null
+++ b/include/xmlsec/gcrypt/crypto.h
@@ -0,0 +1,460 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_GCRYPT_CRYPTO_H__
+#define __XMLSEC_GCRYPT_CRYPTO_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/dl.h>
+
+XMLSEC_CRYPTO_EXPORT xmlSecCryptoDLFunctionsPtr xmlSecCryptoGetFunctions_gcrypt(void);
+
+/********************************************************************
+ *
+ * Init shutdown
+ *
+ ********************************************************************/
+XMLSEC_CRYPTO_EXPORT int xmlSecGCryptInit (void);
+XMLSEC_CRYPTO_EXPORT int xmlSecGCryptShutdown (void);
+
+XMLSEC_CRYPTO_EXPORT int xmlSecGCryptKeysMngrInit (xmlSecKeysMngrPtr mngr);
+XMLSEC_CRYPTO_EXPORT int xmlSecGCryptGenerateRandom (xmlSecBufferPtr buffer,
+ xmlSecSize size);
+
+
+/********************************************************************
+ *
+ * AES transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_AES
+/**
+ * xmlSecGCryptKeyDataAesId:
+ *
+ * The AES key data klass.
+ */
+#define xmlSecGCryptKeyDataAesId \
+ xmlSecGCryptKeyDataAesGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecGCryptKeyDataAesGetKlass (void);
+XMLSEC_CRYPTO_EXPORT int xmlSecGCryptKeyDataAesSet (xmlSecKeyDataPtr data,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize);
+/**
+ * xmlSecGCryptTransformAes128CbcId:
+ *
+ * The AES128 CBC cipher transform klass.
+ */
+#define xmlSecGCryptTransformAes128CbcId \
+ xmlSecGCryptTransformAes128CbcGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformAes128CbcGetKlass(void);
+
+/**
+ * xmlSecGCryptTransformAes192CbcId:
+ *
+ * The AES192 CBC cipher transform klass.
+ */
+#define xmlSecGCryptTransformAes192CbcId \
+ xmlSecGCryptTransformAes192CbcGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformAes192CbcGetKlass(void);
+
+/**
+ * xmlSecGCryptTransformAes256CbcId:
+ *
+ * The AES256 CBC cipher transform klass.
+ */
+#define xmlSecGCryptTransformAes256CbcId \
+ xmlSecGCryptTransformAes256CbcGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformAes256CbcGetKlass(void);
+
+/**
+ * xmlSecGCryptTransformKWAes128Id:
+ *
+ * The AES 128 key wrap transform klass.
+ */
+#define xmlSecGCryptTransformKWAes128Id \
+ xmlSecGCryptTransformKWAes128GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformKWAes128GetKlass(void);
+
+/**
+ * xmlSecGCryptTransformKWAes192Id:
+ *
+ * The AES 192 key wrap transform klass.
+ */
+#define xmlSecGCryptTransformKWAes192Id \
+ xmlSecGCryptTransformKWAes192GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformKWAes192GetKlass(void);
+
+/**
+ * xmlSecGCryptTransformKWAes256Id:
+ *
+ * The AES 256 key wrap transform klass.
+ */
+#define xmlSecGCryptTransformKWAes256Id \
+ xmlSecGCryptTransformKWAes256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformKWAes256GetKlass(void);
+
+
+#endif /* XMLSEC_NO_AES */
+
+/********************************************************************
+ *
+ * DES transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_DES
+/**
+ * xmlSecGCryptKeyDataDesId:
+ *
+ * The DES key data klass.
+ */
+#define xmlSecGCryptKeyDataDesId \
+ xmlSecGCryptKeyDataDesGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecGCryptKeyDataDesGetKlass (void);
+XMLSEC_CRYPTO_EXPORT int xmlSecGCryptKeyDataDesSet (xmlSecKeyDataPtr data,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize);
+
+/**
+ * xmlSecGCryptTransformDes3CbcId:
+ *
+ * The DES3 CBC cipher transform klass.
+ */
+#define xmlSecGCryptTransformDes3CbcId \
+ xmlSecGCryptTransformDes3CbcGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformDes3CbcGetKlass(void);
+
+/**
+ * xmlSecGCryptTransformKWDes3Id:
+ *
+ * The DES3 KW transform klass.
+ */
+#define xmlSecGCryptTransformKWDes3Id \
+ xmlSecGCryptTransformKWDes3GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformKWDes3GetKlass(void);
+
+#endif /* XMLSEC_NO_DES */
+
+/********************************************************************
+ *
+ * DSA transform
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_DSA
+#include <gcrypt.h>
+
+/**
+ * xmlSecGCryptKeyDataDsaId:
+ *
+ * The DSA key klass.
+ */
+#define xmlSecGCryptKeyDataDsaId \
+ xmlSecGCryptKeyDataDsaGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecGCryptKeyDataDsaGetKlass (void);
+XMLSEC_CRYPTO_EXPORT int xmlSecGCryptKeyDataDsaAdoptKey (xmlSecKeyDataPtr data,
+ gcry_sexp_t dsa_key);
+XMLSEC_CRYPTO_EXPORT int xmlSecGCryptKeyDataDsaAdoptKeyPair (xmlSecKeyDataPtr data,
+ gcry_sexp_t pub_key,
+ gcry_sexp_t priv_key);
+XMLSEC_CRYPTO_EXPORT gcry_sexp_t xmlSecGCryptKeyDataDsaGetPublicKey (xmlSecKeyDataPtr data);
+XMLSEC_CRYPTO_EXPORT gcry_sexp_t xmlSecGCryptKeyDataDsaGetPrivateKey (xmlSecKeyDataPtr data);
+
+#ifndef XMLSEC_NO_SHA1
+/**
+ * xmlSecGCryptTransformDsaSha1Id:
+ *
+ * The DSA SHA1 signature transform klass.
+ */
+#define xmlSecGCryptTransformDsaSha1Id \
+ xmlSecGCryptTransformDsaSha1GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformDsaSha1GetKlass(void);
+#endif /* XMLSEC_NO_SHA1 */
+
+#endif /* XMLSEC_NO_DSA */
+
+
+
+/********************************************************************
+ *
+ * HMAC transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_HMAC
+
+XMLSEC_CRYPTO_EXPORT int xmlSecGCryptHmacGetMinOutputLength(void);
+XMLSEC_CRYPTO_EXPORT void xmlSecGCryptHmacSetMinOutputLength(int min_length);
+
+/**
+ * xmlSecGCryptKeyDataHmacId:
+ *
+ * The HMAC key klass.
+ */
+#define xmlSecGCryptKeyDataHmacId \
+ xmlSecGCryptKeyDataHmacGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecGCryptKeyDataHmacGetKlass (void);
+XMLSEC_CRYPTO_EXPORT int xmlSecGCryptKeyDataHmacSet (xmlSecKeyDataPtr data,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize);
+
+#ifndef XMLSEC_NO_MD5
+/**
+ * xmlSecGCryptTransformHmacMd5Id:
+ *
+ * The HMAC with MD5 signature transform klass.
+ */
+#define xmlSecGCryptTransformHmacMd5Id \
+ xmlSecGCryptTransformHmacMd5GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformHmacMd5GetKlass(void);
+
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+/**
+ * xmlSecGCryptTransformHmacRipemd160Id:
+ *
+ * The HMAC with RipeMD160 signature transform klass.
+ */
+#define xmlSecGCryptTransformHmacRipemd160Id \
+ xmlSecGCryptTransformHmacRipemd160GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformHmacRipemd160GetKlass(void);
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+/**
+ * xmlSecGCryptTransformHmacSha1Id:
+ *
+ * The HMAC with SHA1 signature transform klass.
+ */
+#define xmlSecGCryptTransformHmacSha1Id \
+ xmlSecGCryptTransformHmacSha1GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformHmacSha1GetKlass(void);
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+/**
+ * xmlSecGCryptTransformHmacSha256Id:
+ *
+ * The HMAC with SHA256 signature transform klass.
+ */
+#define xmlSecGCryptTransformHmacSha256Id \
+ xmlSecGCryptTransformHmacSha256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformHmacSha256GetKlass(void);
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/**
+ * xmlSecGCryptTransformHmacSha384Id:
+ *
+ * The HMAC with SHA384 signature transform klass.
+ */
+#define xmlSecGCryptTransformHmacSha384Id \
+ xmlSecGCryptTransformHmacSha384GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformHmacSha384GetKlass(void);
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/**
+ * xmlSecGCryptTransformHmacSha512Id:
+ *
+ * The HMAC with SHA512 signature transform klass.
+ */
+#define xmlSecGCryptTransformHmacSha512Id \
+ xmlSecGCryptTransformHmacSha512GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformHmacSha512GetKlass(void);
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_HMAC */
+
+/********************************************************************
+ *
+ * RSA transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_RSA
+#include <gcrypt.h>
+
+/**
+ * xmlSecGCryptKeyDataRsaId:
+ *
+ * The RSA key klass.
+ */
+#define xmlSecGCryptKeyDataRsaId \
+ xmlSecGCryptKeyDataRsaGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecGCryptKeyDataRsaGetKlass (void);
+XMLSEC_CRYPTO_EXPORT int xmlSecGCryptKeyDataRsaAdoptKey (xmlSecKeyDataPtr data,
+ gcry_sexp_t rsa_key);
+XMLSEC_CRYPTO_EXPORT int xmlSecGCryptKeyDataRsaAdoptKeyPair (xmlSecKeyDataPtr data,
+ gcry_sexp_t pub_key,
+ gcry_sexp_t priv_key);
+XMLSEC_CRYPTO_EXPORT gcry_sexp_t xmlSecGCryptKeyDataRsaGetPublicKey (xmlSecKeyDataPtr data);
+XMLSEC_CRYPTO_EXPORT gcry_sexp_t xmlSecGCryptKeyDataRsaGetPrivateKey (xmlSecKeyDataPtr data);
+
+#ifndef XMLSEC_NO_MD5
+/**
+ * xmlSecGCryptTransformRsaMd5Id:
+ *
+ * The RSA-MD5 signature transform klass.
+ */
+#define xmlSecGCryptTransformRsaMd5Id \
+ xmlSecGCryptTransformRsaMd5GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformRsaMd5GetKlass(void);
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+/**
+ * xmlSecGCryptTransformRsaRipemd160Id:
+ *
+ * The RSA-RIPEMD160 signature transform klass.
+ */
+#define xmlSecGCryptTransformRsaRipemd160Id \
+ xmlSecGCryptTransformRsaRipemd160GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformRsaRipemd160GetKlass(void);
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+/**
+ * xmlSecGCryptTransformRsaSha1Id:
+ *
+ * The RSA-SHA1 signature transform klass.
+ */
+#define xmlSecGCryptTransformRsaSha1Id \
+ xmlSecGCryptTransformRsaSha1GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformRsaSha1GetKlass(void);
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+/**
+ * xmlSecGCryptTransformRsaSha256Id:
+ *
+ * The RSA-SHA256 signature transform klass.
+ */
+#define xmlSecGCryptTransformRsaSha256Id \
+ xmlSecGCryptTransformRsaSha256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformRsaSha256GetKlass(void);
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/**
+ * xmlSecGCryptTransformRsaSha384Id:
+ *
+ * The RSA-SHA384 signature transform klass.
+ */
+#define xmlSecGCryptTransformRsaSha384Id \
+ xmlSecGCryptTransformRsaSha384GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformRsaSha384GetKlass(void);
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/**
+ * xmlSecGCryptTransformRsaSha512Id:
+ *
+ * The RSA-SHA512 signature transform klass.
+ */
+#define xmlSecGCryptTransformRsaSha512Id \
+ xmlSecGCryptTransformRsaSha512GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformRsaSha512GetKlass(void);
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_RSA */
+
+
+/********************************************************************
+ *
+ * SHA transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_SHA1
+/**
+ * xmlSecGCryptTransformSha1Id:
+ *
+ * The HMAC with SHA1 signature transform klass.
+ */
+#define xmlSecGCryptTransformSha1Id \
+ xmlSecGCryptTransformSha1GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformSha1GetKlass(void);
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+/**
+ * xmlSecGCryptTransformSha256Id:
+ *
+ * The HMAC with SHA256 signature transform klass.
+ */
+#define xmlSecGCryptTransformSha256Id \
+ xmlSecGCryptTransformSha256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformSha256GetKlass(void);
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/**
+ * xmlSecGCryptTransformSha384Id:
+ *
+ * The HMAC with SHA384 signature transform klass.
+ */
+#define xmlSecGCryptTransformSha384Id \
+ xmlSecGCryptTransformSha384GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformSha384GetKlass(void);
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/**
+ * xmlSecGCryptTransformSha512Id:
+ *
+ * The HMAC with SHA512 signature transform klass.
+ */
+#define xmlSecGCryptTransformSha512Id \
+ xmlSecGCryptTransformSha512GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformSha512GetKlass(void);
+#endif /* XMLSEC_NO_SHA512 */
+
+/********************************************************************
+ *
+ * Md5 transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_MD5
+/**
+ * xmlSecGCryptTransformMd5Id:
+ *
+ * The MD5 digest transform klass.
+ */
+#define xmlSecGCryptTransformMd5Id \
+ xmlSecGCryptTransformMd5GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformMd5GetKlass(void);
+#endif /* XMLSEC_NO_MD5 */
+
+
+/********************************************************************
+ *
+ * RipeMD160 transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_RIPEMD160
+/**
+ * xmlSecGCryptTransformRipemd160Id:
+ *
+ * The RIPEMD160 digest transform klass.
+ */
+#define xmlSecGCryptTransformRipemd160Id \
+ xmlSecGCryptTransformRipemd160GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGCryptTransformRipemd160GetKlass(void);
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_GCRYPT_CRYPTO_H__ */
+
+#define __XMLSEC_GCRYPT_CRYPTO_H__
diff --git a/include/xmlsec/gcrypt/symbols.h b/include/xmlsec/gcrypt/symbols.h
new file mode 100644
index 00000000..db6c6e98
--- /dev/null
+++ b/include/xmlsec/gcrypt/symbols.h
@@ -0,0 +1,104 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_GCRYPT_SYMBOLS_H__
+#define __XMLSEC_GCRYPT_SYMBOLS_H__
+
+#if !defined(IN_XMLSEC) && defined(XMLSEC_CRYPTO_DYNAMIC_LOADING)
+#error To disable dynamic loading of xmlsec-crypto libraries undefine XMLSEC_CRYPTO_DYNAMIC_LOADING
+#endif /* !defined(IN_XMLSEC) && defined(XMLSEC_CRYPTO_DYNAMIC_LOADING) */
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#ifdef XMLSEC_CRYPTO_GCRYPT
+
+/********************************************************************
+ *
+ * Crypto Init/shutdown
+ *
+ ********************************************************************/
+#define xmlSecCryptoInit xmlSecGCryptInit
+#define xmlSecCryptoShutdown xmlSecGCryptShutdown
+
+#define xmlSecCryptoKeysMngrInit xmlSecGCryptKeysMngrInit
+
+/********************************************************************
+ *
+ * Key data ids
+ *
+ ********************************************************************/
+#define xmlSecKeyDataAesId xmlSecGCryptKeyDataAesId
+#define xmlSecKeyDataDesId xmlSecGCryptKeyDataDesId
+#define xmlSecKeyDataDsaId xmlSecGCryptKeyDataDsaId
+#define xmlSecKeyDataHmacId xmlSecGCryptKeyDataHmacId
+#define xmlSecKeyDataRsaId xmlSecGCryptKeyDataRsaId
+#define xmlSecKeyDataX509Id xmlSecGCryptKeyDataX509Id
+#define xmlSecKeyDataRawX509CertId xmlSecGCryptKeyDataRawX509CertId
+
+/********************************************************************
+ *
+ * Key data store ids
+ *
+ ********************************************************************/
+#define xmlSecX509StoreId xmlSecGCryptX509StoreId
+
+/********************************************************************
+ *
+ * Crypto transforms ids
+ *
+ ********************************************************************/
+#define xmlSecTransformAes128CbcId xmlSecGCryptTransformAes128CbcId
+#define xmlSecTransformAes192CbcId xmlSecGCryptTransformAes192CbcId
+#define xmlSecTransformAes256CbcId xmlSecGCryptTransformAes256CbcId
+#define xmlSecTransformKWAes128Id xmlSecGCryptTransformKWAes128Id
+#define xmlSecTransformKWAes192Id xmlSecGCryptTransformKWAes192Id
+#define xmlSecTransformKWAes256Id xmlSecGCryptTransformKWAes256Id
+#define xmlSecTransformDes3CbcId xmlSecGCryptTransformDes3CbcId
+#define xmlSecTransformKWDes3Id xmlSecGCryptTransformKWDes3Id
+#define xmlSecTransformDsaSha1Id xmlSecGCryptTransformDsaSha1Id
+#define xmlSecTransformHmacMd5Id xmlSecGCryptTransformHmacMd5Id
+#define xmlSecTransformHmacRipemd160Id xmlSecGCryptTransformHmacRipemd160Id
+#define xmlSecTransformHmacSha1Id xmlSecGCryptTransformHmacSha1Id
+#define xmlSecTransformRipemd160Id xmlSecGCryptTransformRipemd160Id
+#define xmlSecTransformRsaSha1Id xmlSecGCryptTransformRsaSha1Id
+#define xmlSecTransformRsaPkcs1Id xmlSecGCryptTransformRsaPkcs1Id
+#define xmlSecTransformRsaOaepId xmlSecGCryptTransformRsaOaepId
+#define xmlSecTransformSha1Id xmlSecGCryptTransformSha1Id
+
+/********************************************************************
+ *
+ * High level routines form xmlsec command line utility
+ *
+ ********************************************************************/
+#define xmlSecCryptoAppInit xmlSecGCryptAppInit
+#define xmlSecCryptoAppShutdown xmlSecGCryptAppShutdown
+#define xmlSecCryptoAppDefaultKeysMngrInit xmlSecGCryptAppDefaultKeysMngrInit
+#define xmlSecCryptoAppDefaultKeysMngrAdoptKey xmlSecGCryptAppDefaultKeysMngrAdoptKey
+#define xmlSecCryptoAppDefaultKeysMngrLoad xmlSecGCryptAppDefaultKeysMngrLoad
+#define xmlSecCryptoAppDefaultKeysMngrSave xmlSecGCryptAppDefaultKeysMngrSave
+#define xmlSecCryptoAppKeysMngrCertLoad xmlSecGCryptAppKeysMngrCertLoad
+#define xmlSecCryptoAppKeysMngrCertLoadMemory xmlSecGCryptAppKeysMngrCertLoadMemory
+#define xmlSecCryptoAppKeyLoad xmlSecGCryptAppKeyLoad
+#define xmlSecCryptoAppPkcs12Load xmlSecGCryptAppPkcs12Load
+#define xmlSecCryptoAppKeyCertLoad xmlSecGCryptAppKeyCertLoad
+#define xmlSecCryptoAppKeyLoadMemory xmlSecGCryptAppKeyLoadMemory
+#define xmlSecCryptoAppPkcs12LoadMemory xmlSecGCryptAppPkcs12LoadMemory
+#define xmlSecCryptoAppKeyCertLoadMemory xmlSecGCryptAppKeyCertLoadMemory
+#define xmlSecCryptoAppGetDefaultPwdCallback xmlSecGCryptAppGetDefaultPwdCallback
+
+#endif /* XMLSEC_CRYPTO_GCRYPT */
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_GCRYPT_CRYPTO_H__ */
+
+#define __XMLSEC_GCRYPT_CRYPTO_H__
diff --git a/include/xmlsec/gnutls/Makefile.am b/include/xmlsec/gnutls/Makefile.am
new file mode 100644
index 00000000..78235c4c
--- /dev/null
+++ b/include/xmlsec/gnutls/Makefile.am
@@ -0,0 +1,14 @@
+NULL =
+
+xmlsecgnutlsincdir = $(includedir)/xmlsec1/xmlsec/gnutls
+
+xmlsecgnutlsinc_HEADERS = \
+app.h \
+crypto.h \
+symbols.h \
+x509.h \
+$(NULL)
+
+install-exec-hook:
+ $(mkinstalldirs) $(DESTDIR)$(xmlsecgnutlsincdir)
+
diff --git a/include/xmlsec/gnutls/Makefile.in b/include/xmlsec/gnutls/Makefile.in
new file mode 100644
index 00000000..a650e801
--- /dev/null
+++ b/include/xmlsec/gnutls/Makefile.in
@@ -0,0 +1,565 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = include/xmlsec/gnutls
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(xmlsecgnutlsinc_HEADERS)
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(xmlsecgnutlsincdir)"
+HEADERS = $(xmlsecgnutlsinc_HEADERS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CP = @CP@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GCRYPT_CFLAGS = @GCRYPT_CFLAGS@
+GCRYPT_CRYPTO_LIB = @GCRYPT_CRYPTO_LIB@
+GCRYPT_LIBS = @GCRYPT_LIBS@
+GCRYPT_MIN_VERSION = @GCRYPT_MIN_VERSION@
+GNUTLS_CFLAGS = @GNUTLS_CFLAGS@
+GNUTLS_CRYPTO_LIB = @GNUTLS_CRYPTO_LIB@
+GNUTLS_LIBS = @GNUTLS_LIBS@
+GNUTLS_MIN_VERSION = @GNUTLS_MIN_VERSION@
+GREP = @GREP@
+HELP2MAN = @HELP2MAN@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIBXML_CFLAGS = @LIBXML_CFLAGS@
+LIBXML_CONFIG = @LIBXML_CONFIG@
+LIBXML_LIBS = @LIBXML_LIBS@
+LIBXML_MIN_VERSION = @LIBXML_MIN_VERSION@
+LIBXSLT_CFLAGS = @LIBXSLT_CFLAGS@
+LIBXSLT_CONFIG = @LIBXSLT_CONFIG@
+LIBXSLT_LIBS = @LIBXSLT_LIBS@
+LIBXSLT_MIN_VERSION = @LIBXSLT_MIN_VERSION@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MAN2HTML = @MAN2HTML@
+MKDIR_P = @MKDIR_P@
+MOZILLA_MIN_VERSION = @MOZILLA_MIN_VERSION@
+MSCRYPTO_CFLAGS = @MSCRYPTO_CFLAGS@
+MSCRYPTO_CRYPTO_LIB = @MSCRYPTO_CRYPTO_LIB@
+MSCRYPTO_LIBS = @MSCRYPTO_LIBS@
+MV = @MV@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NSPR_MIN_VERSION = @NSPR_MIN_VERSION@
+NSPR_PACKAGE = @NSPR_PACKAGE@
+NSS_CFLAGS = @NSS_CFLAGS@
+NSS_CRYPTO_LIB = @NSS_CRYPTO_LIB@
+NSS_LIBS = @NSS_LIBS@
+NSS_MIN_VERSION = @NSS_MIN_VERSION@
+NSS_PACKAGE = @NSS_PACKAGE@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_CFLAGS = @OPENSSL_CFLAGS@
+OPENSSL_CRYPTO_LIB = @OPENSSL_CRYPTO_LIB@
+OPENSSL_LIBS = @OPENSSL_LIBS@
+OPENSSL_MIN_VERSION = @OPENSSL_MIN_VERSION@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKGCONFIG_PRESENT = @PKGCONFIG_PRESENT@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+RANLIB = @RANLIB@
+RM = @RM@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+TAR = @TAR@
+U = @U@
+VERSION = @VERSION@
+XMLSEC_APP_DEFINES = @XMLSEC_APP_DEFINES@
+XMLSEC_CFLAGS = @XMLSEC_CFLAGS@
+XMLSEC_CORE_CFLAGS = @XMLSEC_CORE_CFLAGS@
+XMLSEC_CORE_LIBS = @XMLSEC_CORE_LIBS@
+XMLSEC_CRYPTO = @XMLSEC_CRYPTO@
+XMLSEC_CRYPTO_CFLAGS = @XMLSEC_CRYPTO_CFLAGS@
+XMLSEC_CRYPTO_DISABLED_LIST = @XMLSEC_CRYPTO_DISABLED_LIST@
+XMLSEC_CRYPTO_EXTRA_LDFLAGS = @XMLSEC_CRYPTO_EXTRA_LDFLAGS@
+XMLSEC_CRYPTO_LIB = @XMLSEC_CRYPTO_LIB@
+XMLSEC_CRYPTO_LIBS = @XMLSEC_CRYPTO_LIBS@
+XMLSEC_CRYPTO_LIST = @XMLSEC_CRYPTO_LIST@
+XMLSEC_CRYPTO_PC_FILES_LIST = @XMLSEC_CRYPTO_PC_FILES_LIST@
+XMLSEC_DEFINES = @XMLSEC_DEFINES@
+XMLSEC_DL_INCLUDES = @XMLSEC_DL_INCLUDES@
+XMLSEC_DL_LIBS = @XMLSEC_DL_LIBS@
+XMLSEC_DOCDIR = @XMLSEC_DOCDIR@
+XMLSEC_EXTRA_LDFLAGS = @XMLSEC_EXTRA_LDFLAGS@
+XMLSEC_GCRYPT_CFLAGS = @XMLSEC_GCRYPT_CFLAGS@
+XMLSEC_GCRYPT_LIBS = @XMLSEC_GCRYPT_LIBS@
+XMLSEC_GNUTLS_CFLAGS = @XMLSEC_GNUTLS_CFLAGS@
+XMLSEC_GNUTLS_LIBS = @XMLSEC_GNUTLS_LIBS@
+XMLSEC_LIBDIR = @XMLSEC_LIBDIR@
+XMLSEC_LIBS = @XMLSEC_LIBS@
+XMLSEC_NO_AES = @XMLSEC_NO_AES@
+XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_DES = @XMLSEC_NO_DES@
+XMLSEC_NO_DSA = @XMLSEC_NO_DSA@
+XMLSEC_NO_GCRYPT = @XMLSEC_NO_GCRYPT@
+XMLSEC_NO_GNUTLS = @XMLSEC_NO_GNUTLS@
+XMLSEC_NO_GOST = @XMLSEC_NO_GOST@
+XMLSEC_NO_HMAC = @XMLSEC_NO_HMAC@
+XMLSEC_NO_LIBXSLT = @XMLSEC_NO_LIBXSLT@
+XMLSEC_NO_MD5 = @XMLSEC_NO_MD5@
+XMLSEC_NO_MSCRYPTO = @XMLSEC_NO_MSCRYPTO@
+XMLSEC_NO_NSS = @XMLSEC_NO_NSS@
+XMLSEC_NO_OPENSSL = @XMLSEC_NO_OPENSSL@
+XMLSEC_NO_RIPEMD160 = @XMLSEC_NO_RIPEMD160@
+XMLSEC_NO_RSA = @XMLSEC_NO_RSA@
+XMLSEC_NO_SHA1 = @XMLSEC_NO_SHA1@
+XMLSEC_NO_SHA224 = @XMLSEC_NO_SHA224@
+XMLSEC_NO_SHA256 = @XMLSEC_NO_SHA256@
+XMLSEC_NO_SHA384 = @XMLSEC_NO_SHA384@
+XMLSEC_NO_SHA512 = @XMLSEC_NO_SHA512@
+XMLSEC_NO_X509 = @XMLSEC_NO_X509@
+XMLSEC_NO_XKMS = @XMLSEC_NO_XKMS@
+XMLSEC_NO_XMLDSIG = @XMLSEC_NO_XMLDSIG@
+XMLSEC_NO_XMLENC = @XMLSEC_NO_XMLENC@
+XMLSEC_NSS_CFLAGS = @XMLSEC_NSS_CFLAGS@
+XMLSEC_NSS_LIBS = @XMLSEC_NSS_LIBS@
+XMLSEC_OPENSSL_CFLAGS = @XMLSEC_OPENSSL_CFLAGS@
+XMLSEC_OPENSSL_LIBS = @XMLSEC_OPENSSL_LIBS@
+XMLSEC_PACKAGE = @XMLSEC_PACKAGE@
+XMLSEC_STATIC_BINARIES = @XMLSEC_STATIC_BINARIES@
+XMLSEC_VERSION = @XMLSEC_VERSION@
+XMLSEC_VERSION_INFO = @XMLSEC_VERSION_INFO@
+XMLSEC_VERSION_MAJOR = @XMLSEC_VERSION_MAJOR@
+XMLSEC_VERSION_MINOR = @XMLSEC_VERSION_MINOR@
+XMLSEC_VERSION_SAFE = @XMLSEC_VERSION_SAFE@
+XMLSEC_VERSION_SUBMINOR = @XMLSEC_VERSION_SUBMINOR@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+NULL =
+xmlsecgnutlsincdir = $(includedir)/xmlsec1/xmlsec/gnutls
+xmlsecgnutlsinc_HEADERS = \
+app.h \
+crypto.h \
+symbols.h \
+x509.h \
+$(NULL)
+
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu include/xmlsec/gnutls/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu include/xmlsec/gnutls/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-xmlsecgnutlsincHEADERS: $(xmlsecgnutlsinc_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(xmlsecgnutlsincdir)" || $(MKDIR_P) "$(DESTDIR)$(xmlsecgnutlsincdir)"
+ @list='$(xmlsecgnutlsinc_HEADERS)'; test -n "$(xmlsecgnutlsincdir)" || list=; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(xmlsecgnutlsincdir)'"; \
+ $(INSTALL_HEADER) $$files "$(DESTDIR)$(xmlsecgnutlsincdir)" || exit $$?; \
+ done
+
+uninstall-xmlsecgnutlsincHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(xmlsecgnutlsinc_HEADERS)'; test -n "$(xmlsecgnutlsincdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ test -n "$$files" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(xmlsecgnutlsincdir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(xmlsecgnutlsincdir)" && rm -f $$files
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(HEADERS)
+installdirs:
+ for dir in "$(DESTDIR)$(xmlsecgnutlsincdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-xmlsecgnutlsincHEADERS
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-xmlsecgnutlsincHEADERS
+
+.MAKE: install-am install-exec-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool ctags distclean distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-exec-hook install-html install-html-am \
+ install-info install-info-am install-man install-pdf \
+ install-pdf-am install-ps install-ps-am install-strip \
+ install-xmlsecgnutlsincHEADERS installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
+ ps ps-am tags uninstall uninstall-am \
+ uninstall-xmlsecgnutlsincHEADERS
+
+
+install-exec-hook:
+ $(mkinstalldirs) $(DESTDIR)$(xmlsecgnutlsincdir)
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/include/xmlsec/gnutls/app.h b/include/xmlsec/gnutls/app.h
new file mode 100644
index 00000000..4a2f3e1b
--- /dev/null
+++ b/include/xmlsec/gnutls/app.h
@@ -0,0 +1,96 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_GNUTLS_APP_H__
+#define __XMLSEC_GNUTLS_APP_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/transforms.h>
+
+/********************************************************************
+ *
+ * Init/shutdown
+ *
+ ********************************************************************/
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSAppInit (const char* config);
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSAppShutdown (void);
+
+/********************************************************************
+ *
+ * Keys Manager
+ *
+ ********************************************************************/
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSAppDefaultKeysMngrInit (xmlSecKeysMngrPtr mngr);
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSAppDefaultKeysMngrAdoptKey (xmlSecKeysMngrPtr mngr,
+ xmlSecKeyPtr key);
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr,
+ const char* uri);
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr,
+ const char* filename,
+ xmlSecKeyDataType type);
+#ifndef XMLSEC_NO_X509
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSAppKeysMngrCertLoad (xmlSecKeysMngrPtr mngr,
+ const char *filename,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type);
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSAppKeysMngrCertLoadMemory (xmlSecKeysMngrPtr mngr,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type);
+#endif /* XMLSEC_NO_X509 */
+
+
+/********************************************************************
+ *
+ * Keys
+ *
+ ********************************************************************/
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecGnuTLSAppKeyLoad (const char *filename,
+ xmlSecKeyDataFormat format,
+ const char *pwd,
+ void *pwdCallback,
+ void* pwdCallbackCtx);
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecGnuTLSAppKeyLoadMemory (const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format,
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx);
+#ifndef XMLSEC_NO_X509
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecGnuTLSAppPkcs12Load (const char *filename,
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx);
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecGnuTLSAppPkcs12LoadMemory (const xmlSecByte* data,
+ xmlSecSize dataSize,
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx);
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSAppKeyCertLoad (xmlSecKeyPtr key,
+ const char* filename,
+ xmlSecKeyDataFormat format);
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSAppKeyCertLoadMemory (xmlSecKeyPtr key,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format);
+#endif /* XMLSEC_NO_X509 */
+XMLSEC_CRYPTO_EXPORT void* xmlSecGnuTLSAppGetDefaultPwdCallback (void);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_GNUTLS_APP_H__ */
+
diff --git a/include/xmlsec/gnutls/crypto.h b/include/xmlsec/gnutls/crypto.h
new file mode 100644
index 00000000..09ac5b41
--- /dev/null
+++ b/include/xmlsec/gnutls/crypto.h
@@ -0,0 +1,462 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_GNUTLS_CRYPTO_H__
+#define __XMLSEC_GNUTLS_CRYPTO_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/dl.h>
+
+XMLSEC_CRYPTO_EXPORT xmlSecCryptoDLFunctionsPtr xmlSecCryptoGetFunctions_gnutls(void);
+
+/********************************************************************
+ *
+ * Init shutdown
+ *
+ ********************************************************************/
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSInit (void);
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSShutdown (void);
+
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSKeysMngrInit (xmlSecKeysMngrPtr mngr);
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSGenerateRandom (xmlSecBufferPtr buffer,
+ xmlSecSize size);
+
+
+/********************************************************************
+ *
+ * AES transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_AES
+/**
+ * xmlSecGnuTLSKeyDataAesId:
+ *
+ * The AES key data klass.
+ */
+#define xmlSecGnuTLSKeyDataAesId \
+ xmlSecGnuTLSKeyDataAesGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecGnuTLSKeyDataAesGetKlass (void);
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSKeyDataAesSet (xmlSecKeyDataPtr data,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize);
+/**
+ * xmlSecGnuTLSTransformAes128CbcId:
+ *
+ * The AES128 CBC cipher transform klass.
+ */
+#define xmlSecGnuTLSTransformAes128CbcId \
+ xmlSecGnuTLSTransformAes128CbcGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformAes128CbcGetKlass(void);
+
+/**
+ * xmlSecGnuTLSTransformAes192CbcId:
+ *
+ * The AES192 CBC cipher transform klass.
+ */
+#define xmlSecGnuTLSTransformAes192CbcId \
+ xmlSecGnuTLSTransformAes192CbcGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformAes192CbcGetKlass(void);
+
+/**
+ * xmlSecGnuTLSTransformAes256CbcId:
+ *
+ * The AES256 CBC cipher transform klass.
+ */
+#define xmlSecGnuTLSTransformAes256CbcId \
+ xmlSecGnuTLSTransformAes256CbcGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformAes256CbcGetKlass(void);
+
+/**
+ * xmlSecGnuTLSTransformKWAes128Id:
+ *
+ * The AES 128 key wrap transform klass.
+ */
+#define xmlSecGnuTLSTransformKWAes128Id \
+ xmlSecGnuTLSTransformKWAes128GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformKWAes128GetKlass(void);
+
+/**
+ * xmlSecGnuTLSTransformKWAes192Id:
+ *
+ * The AES 192 key wrap transform klass.
+ */
+#define xmlSecGnuTLSTransformKWAes192Id \
+ xmlSecGnuTLSTransformKWAes192GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformKWAes192GetKlass(void);
+
+/**
+ * xmlSecGnuTLSTransformKWAes256Id:
+ *
+ * The AES 256 key wrap transform klass.
+ */
+#define xmlSecGnuTLSTransformKWAes256Id \
+ xmlSecGnuTLSTransformKWAes256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformKWAes256GetKlass(void);
+
+
+#endif /* XMLSEC_NO_AES */
+
+/********************************************************************
+ *
+ * DES transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_DES
+/**
+ * xmlSecGnuTLSKeyDataDesId:
+ *
+ * The DES key data klass.
+ */
+#define xmlSecGnuTLSKeyDataDesId \
+ xmlSecGnuTLSKeyDataDesGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecGnuTLSKeyDataDesGetKlass (void);
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSKeyDataDesSet (xmlSecKeyDataPtr data,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize);
+
+/**
+ * xmlSecGnuTLSTransformDes3CbcId:
+ *
+ * The DES3 CBC cipher transform klass.
+ */
+#define xmlSecGnuTLSTransformDes3CbcId \
+ xmlSecGnuTLSTransformDes3CbcGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformDes3CbcGetKlass(void);
+
+/**
+ * xmlSecGnuTLSTransformKWDes3Id:
+ *
+ * The DES3 KW transform klass.
+ */
+#define xmlSecGnuTLSTransformKWDes3Id \
+ xmlSecGnuTLSTransformKWDes3GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformKWDes3GetKlass(void);
+
+#endif /* XMLSEC_NO_DES */
+
+/********************************************************************
+ *
+ * DSA transform
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_DSA
+
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+
+/**
+ * xmlSecGnuTLSKeyDataDsaId:
+ *
+ * The DSA key klass.
+ */
+#define xmlSecGnuTLSKeyDataDsaId \
+ xmlSecGnuTLSKeyDataDsaGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecGnuTLSKeyDataDsaGetKlass (void);
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSKeyDataDsaAdoptPrivateKey (xmlSecKeyDataPtr data,
+ gnutls_x509_privkey_t dsa_key);
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSKeyDataDsaAdoptPublicKey (xmlSecKeyDataPtr data,
+ gnutls_datum_t * p,
+ gnutls_datum_t * q,
+ gnutls_datum_t * g,
+ gnutls_datum_t * y);
+
+#ifndef XMLSEC_NO_SHA1
+/**
+ * xmlSecGnuTLSTransformDsaSha1Id:
+ *
+ * The DSA SHA1 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformDsaSha1Id \
+ xmlSecGnuTLSTransformDsaSha1GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformDsaSha1GetKlass(void);
+#endif /* XMLSEC_NO_SHA1 */
+
+#endif /* XMLSEC_NO_DSA */
+
+
+
+/********************************************************************
+ *
+ * HMAC transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_HMAC
+
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSHmacGetMinOutputLength(void);
+XMLSEC_CRYPTO_EXPORT void xmlSecGnuTLSHmacSetMinOutputLength(int min_length);
+
+/**
+ * xmlSecGnuTLSKeyDataHmacId:
+ *
+ * The HMAC key klass.
+ */
+#define xmlSecGnuTLSKeyDataHmacId \
+ xmlSecGnuTLSKeyDataHmacGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecGnuTLSKeyDataHmacGetKlass (void);
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSKeyDataHmacSet (xmlSecKeyDataPtr data,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize);
+
+#ifndef XMLSEC_NO_MD5
+/**
+ * xmlSecGnuTLSTransformHmacMd5Id:
+ *
+ * The HMAC with MD5 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformHmacMd5Id \
+ xmlSecGnuTLSTransformHmacMd5GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformHmacMd5GetKlass(void);
+
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+/**
+ * xmlSecGnuTLSTransformHmacRipemd160Id:
+ *
+ * The HMAC with RipeMD160 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformHmacRipemd160Id \
+ xmlSecGnuTLSTransformHmacRipemd160GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformHmacRipemd160GetKlass(void);
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+/**
+ * xmlSecGnuTLSTransformHmacSha1Id:
+ *
+ * The HMAC with SHA1 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformHmacSha1Id \
+ xmlSecGnuTLSTransformHmacSha1GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformHmacSha1GetKlass(void);
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+/**
+ * xmlSecGnuTLSTransformHmacSha256Id:
+ *
+ * The HMAC with SHA256 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformHmacSha256Id \
+ xmlSecGnuTLSTransformHmacSha256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformHmacSha256GetKlass(void);
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/**
+ * xmlSecGnuTLSTransformHmacSha384Id:
+ *
+ * The HMAC with SHA384 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformHmacSha384Id \
+ xmlSecGnuTLSTransformHmacSha384GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformHmacSha384GetKlass(void);
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/**
+ * xmlSecGnuTLSTransformHmacSha512Id:
+ *
+ * The HMAC with SHA512 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformHmacSha512Id \
+ xmlSecGnuTLSTransformHmacSha512GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformHmacSha512GetKlass(void);
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_HMAC */
+
+/********************************************************************
+ *
+ * RSA transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_RSA
+
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+
+/**
+ * xmlSecGnuTLSKeyDataRsaId:
+ *
+ * The RSA key klass.
+ */
+#define xmlSecGnuTLSKeyDataRsaId \
+ xmlSecGnuTLSKeyDataRsaGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecGnuTLSKeyDataRsaGetKlass (void);
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSKeyDataRsaAdoptPrivateKey (xmlSecKeyDataPtr data,
+ gnutls_x509_privkey_t rsa_key);
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSKeyDataRsaAdoptPublicKey (xmlSecKeyDataPtr data,
+ gnutls_datum_t * m,
+ gnutls_datum_t * e);
+
+#ifndef XMLSEC_NO_MD5
+/**
+ * xmlSecGnuTLSTransformRsaMd5Id:
+ *
+ * The RSA-MD5 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformRsaMd5Id \
+ xmlSecGnuTLSTransformRsaMd5GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformRsaMd5GetKlass(void);
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+/**
+ * xmlSecGnuTLSTransformRsaRipemd160Id:
+ *
+ * The RSA-RIPEMD160 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformRsaRipemd160Id \
+ xmlSecGnuTLSTransformRsaRipemd160GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformRsaRipemd160GetKlass(void);
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+/**
+ * xmlSecGnuTLSTransformRsaSha1Id:
+ *
+ * The RSA-SHA1 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformRsaSha1Id \
+ xmlSecGnuTLSTransformRsaSha1GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformRsaSha1GetKlass(void);
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+/**
+ * xmlSecGnuTLSTransformRsaSha256Id:
+ *
+ * The RSA-SHA256 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformRsaSha256Id \
+ xmlSecGnuTLSTransformRsaSha256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformRsaSha256GetKlass(void);
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/**
+ * xmlSecGnuTLSTransformRsaSha384Id:
+ *
+ * The RSA-SHA384 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformRsaSha384Id \
+ xmlSecGnuTLSTransformRsaSha384GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformRsaSha384GetKlass(void);
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/**
+ * xmlSecGnuTLSTransformRsaSha512Id:
+ *
+ * The RSA-SHA512 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformRsaSha512Id \
+ xmlSecGnuTLSTransformRsaSha512GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformRsaSha512GetKlass(void);
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_RSA */
+
+
+/********************************************************************
+ *
+ * SHA transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_SHA1
+/**
+ * xmlSecGnuTLSTransformSha1Id:
+ *
+ * The HMAC with SHA1 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformSha1Id \
+ xmlSecGnuTLSTransformSha1GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformSha1GetKlass(void);
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+/**
+ * xmlSecGnuTLSTransformSha256Id:
+ *
+ * The HMAC with SHA256 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformSha256Id \
+ xmlSecGnuTLSTransformSha256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformSha256GetKlass(void);
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/**
+ * xmlSecGnuTLSTransformSha384Id:
+ *
+ * The HMAC with SHA384 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformSha384Id \
+ xmlSecGnuTLSTransformSha384GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformSha384GetKlass(void);
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/**
+ * xmlSecGnuTLSTransformSha512Id:
+ *
+ * The HMAC with SHA512 signature transform klass.
+ */
+#define xmlSecGnuTLSTransformSha512Id \
+ xmlSecGnuTLSTransformSha512GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformSha512GetKlass(void);
+#endif /* XMLSEC_NO_SHA512 */
+
+/********************************************************************
+ *
+ * Md5 transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_MD5
+/**
+ * xmlSecGnuTLSTransformMd5Id:
+ *
+ * The MD5 digest transform klass.
+ */
+#define xmlSecGnuTLSTransformMd5Id \
+ xmlSecGnuTLSTransformMd5GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformMd5GetKlass(void);
+#endif /* XMLSEC_NO_MD5 */
+
+
+/********************************************************************
+ *
+ * RipeMD160 transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_RIPEMD160
+/**
+ * xmlSecGnuTLSTransformRipemd160Id:
+ *
+ * The RIPEMD160 digest transform klass.
+ */
+#define xmlSecGnuTLSTransformRipemd160Id \
+ xmlSecGnuTLSTransformRipemd160GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecGnuTLSTransformRipemd160GetKlass(void);
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_GNUTLS_CRYPTO_H__ */
+
+#define __XMLSEC_GNUTLS_CRYPTO_H__
diff --git a/include/xmlsec/gnutls/symbols.h b/include/xmlsec/gnutls/symbols.h
new file mode 100644
index 00000000..818035d6
--- /dev/null
+++ b/include/xmlsec/gnutls/symbols.h
@@ -0,0 +1,104 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_GNUTLS_SYMBOLS_H__
+#define __XMLSEC_GNUTLS_SYMBOLS_H__
+
+#if !defined(IN_XMLSEC) && defined(XMLSEC_CRYPTO_DYNAMIC_LOADING)
+#error To disable dynamic loading of xmlsec-crypto libraries undefine XMLSEC_CRYPTO_DYNAMIC_LOADING
+#endif /* !defined(IN_XMLSEC) && defined(XMLSEC_CRYPTO_DYNAMIC_LOADING) */
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#ifdef XMLSEC_CRYPTO_GNUTLS
+
+/********************************************************************
+ *
+ * Crypto Init/shutdown
+ *
+ ********************************************************************/
+#define xmlSecCryptoInit xmlSecGnuTLSInit
+#define xmlSecCryptoShutdown xmlSecGnuTLSShutdown
+
+#define xmlSecCryptoKeysMngrInit xmlSecGnuTLSKeysMngrInit
+
+/********************************************************************
+ *
+ * Key data ids
+ *
+ ********************************************************************/
+#define xmlSecKeyDataAesId xmlSecGnuTLSKeyDataAesId
+#define xmlSecKeyDataDesId xmlSecGnuTLSKeyDataDesId
+#define xmlSecKeyDataDsaId xmlSecGnuTLSKeyDataDsaId
+#define xmlSecKeyDataHmacId xmlSecGnuTLSKeyDataHmacId
+#define xmlSecKeyDataRsaId xmlSecGnuTLSKeyDataRsaId
+#define xmlSecKeyDataX509Id xmlSecGnuTLSKeyDataX509Id
+#define xmlSecKeyDataRawX509CertId xmlSecGnuTLSKeyDataRawX509CertId
+
+/********************************************************************
+ *
+ * Key data store ids
+ *
+ ********************************************************************/
+#define xmlSecX509StoreId xmlSecGnuTLSX509StoreId
+
+/********************************************************************
+ *
+ * Crypto transforms ids
+ *
+ ********************************************************************/
+#define xmlSecTransformAes128CbcId xmlSecGnuTLSTransformAes128CbcId
+#define xmlSecTransformAes192CbcId xmlSecGnuTLSTransformAes192CbcId
+#define xmlSecTransformAes256CbcId xmlSecGnuTLSTransformAes256CbcId
+#define xmlSecTransformKWAes128Id xmlSecGnuTLSTransformKWAes128Id
+#define xmlSecTransformKWAes192Id xmlSecGnuTLSTransformKWAes192Id
+#define xmlSecTransformKWAes256Id xmlSecGnuTLSTransformKWAes256Id
+#define xmlSecTransformDes3CbcId xmlSecGnuTLSTransformDes3CbcId
+#define xmlSecTransformKWDes3Id xmlSecGnuTLSTransformKWDes3Id
+#define xmlSecTransformDsaSha1Id xmlSecGnuTLSTransformDsaSha1Id
+#define xmlSecTransformHmacMd5Id xmlSecGnuTLSTransformHmacMd5Id
+#define xmlSecTransformHmacRipemd160Id xmlSecGnuTLSTransformHmacRipemd160Id
+#define xmlSecTransformHmacSha1Id xmlSecGnuTLSTransformHmacSha1Id
+#define xmlSecTransformRipemd160Id xmlSecGnuTLSTransformRipemd160Id
+#define xmlSecTransformRsaSha1Id xmlSecGnuTLSTransformRsaSha1Id
+#define xmlSecTransformRsaPkcs1Id xmlSecGnuTLSTransformRsaPkcs1Id
+#define xmlSecTransformRsaOaepId xmlSecGnuTLSTransformRsaOaepId
+#define xmlSecTransformSha1Id xmlSecGnuTLSTransformSha1Id
+
+/********************************************************************
+ *
+ * High level routines form xmlsec command line utility
+ *
+ ********************************************************************/
+#define xmlSecCryptoAppInit xmlSecGnuTLSAppInit
+#define xmlSecCryptoAppShutdown xmlSecGnuTLSAppShutdown
+#define xmlSecCryptoAppDefaultKeysMngrInit xmlSecGnuTLSAppDefaultKeysMngrInit
+#define xmlSecCryptoAppDefaultKeysMngrAdoptKey xmlSecGnuTLSAppDefaultKeysMngrAdoptKey
+#define xmlSecCryptoAppDefaultKeysMngrLoad xmlSecGnuTLSAppDefaultKeysMngrLoad
+#define xmlSecCryptoAppDefaultKeysMngrSave xmlSecGnuTLSAppDefaultKeysMngrSave
+#define xmlSecCryptoAppKeysMngrCertLoad xmlSecGnuTLSAppKeysMngrCertLoad
+#define xmlSecCryptoAppKeysMngrCertLoadMemory xmlSecGnuTLSAppKeysMngrCertLoadMemory
+#define xmlSecCryptoAppKeyLoad xmlSecGnuTLSAppKeyLoad
+#define xmlSecCryptoAppPkcs12Load xmlSecGnuTLSAppPkcs12Load
+#define xmlSecCryptoAppKeyCertLoad xmlSecGnuTLSAppKeyCertLoad
+#define xmlSecCryptoAppKeyLoadMemory xmlSecGnuTLSAppKeyLoadMemory
+#define xmlSecCryptoAppPkcs12LoadMemory xmlSecGnuTLSAppPkcs12LoadMemory
+#define xmlSecCryptoAppKeyCertLoadMemory xmlSecGnuTLSAppKeyCertLoadMemory
+#define xmlSecCryptoAppGetDefaultPwdCallback xmlSecGnuTLSAppGetDefaultPwdCallback
+
+#endif /* XMLSEC_CRYPTO_GNUTLS */
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_GNUTLS_CRYPTO_H__ */
+
+#define __XMLSEC_GNUTLS_CRYPTO_H__
diff --git a/include/xmlsec/gnutls/x509.h b/include/xmlsec/gnutls/x509.h
new file mode 100644
index 00000000..c5c811ad
--- /dev/null
+++ b/include/xmlsec/gnutls/x509.h
@@ -0,0 +1,110 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_GNUTLS_X509_H__
+#define __XMLSEC_GNUTLS_X509_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#ifndef XMLSEC_NO_X509
+
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+
+
+/**************************************************************************
+ *
+ * X509 Key Data
+ *
+ *****************************************************************************/
+/**
+ * xmlSecGnuTLSKeyDataX509Id:
+ *
+ * The GnuTLS X509 data klass.
+ */
+#define xmlSecGnuTLSKeyDataX509Id \
+ xmlSecGnuTLSKeyDataX509GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecGnuTLSKeyDataX509GetKlass (void);
+
+
+XMLSEC_CRYPTO_EXPORT gnutls_x509_crt_t xmlSecGnuTLSKeyDataX509GetKeyCert (xmlSecKeyDataPtr data);
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSKeyDataX509AdoptKeyCert (xmlSecKeyDataPtr data,
+ gnutls_x509_crt_t cert);
+
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSKeyDataX509AdoptCert (xmlSecKeyDataPtr data,
+ gnutls_x509_crt_t cert);
+XMLSEC_CRYPTO_EXPORT gnutls_x509_crt_t xmlSecGnuTLSKeyDataX509GetCert (xmlSecKeyDataPtr data,
+ xmlSecSize pos);
+XMLSEC_CRYPTO_EXPORT xmlSecSize xmlSecGnuTLSKeyDataX509GetCertsSize (xmlSecKeyDataPtr data);
+
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSKeyDataX509AdoptCrl (xmlSecKeyDataPtr data,
+ gnutls_x509_crl_t crl);
+XMLSEC_CRYPTO_EXPORT gnutls_x509_crl_t xmlSecGnuTLSKeyDataX509GetCrl (xmlSecKeyDataPtr data,
+ xmlSecSize pos);
+XMLSEC_CRYPTO_EXPORT xmlSecSize xmlSecGnuTLSKeyDataX509GetCrlsSize (xmlSecKeyDataPtr data);
+
+
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecGnuTLSX509CertGetKey (gnutls_x509_crt_t cert);
+
+/**************************************************************************
+ *
+ * X509 raw cert
+ *
+ *****************************************************************************/
+/**
+ * xmlSecGnuTLSKeyDataRawX509CertId:
+ *
+ * The GnuTLS raw X509 certificate klass.
+ */
+#define xmlSecGnuTLSKeyDataRawX509CertId \
+ xmlSecGnuTLSKeyDataRawX509CertGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecGnuTLSKeyDataRawX509CertGetKlass (void);
+
+/**************************************************************************
+ *
+ * X509 certs store
+ *
+ *****************************************************************************/
+/**
+ * xmlSecGnuTLSX509StoreId:
+ *
+ * The GnuTLS X509 store klass.
+ */
+#define xmlSecGnuTLSX509StoreId \
+ xmlSecGnuTLSX509StoreGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataStoreId xmlSecGnuTLSX509StoreGetKlass (void);
+XMLSEC_CRYPTO_EXPORT gnutls_x509_crt_t xmlSecGnuTLSX509StoreFindCert (const xmlSecKeyDataStorePtr store,
+ const xmlChar *subjectName,
+ const xmlChar *issuerName,
+ const xmlChar *issuerSerial,
+ const xmlChar *ski,
+ const xmlSecKeyInfoCtx* keyInfoCtx);
+XMLSEC_CRYPTO_EXPORT gnutls_x509_crt_t xmlSecGnuTLSX509StoreVerify (xmlSecKeyDataStorePtr store,
+ xmlSecPtrListPtr certs,
+ xmlSecPtrListPtr crls,
+ const xmlSecKeyInfoCtx* keyInfoCtx);
+XMLSEC_CRYPTO_EXPORT int xmlSecGnuTLSX509StoreAdoptCert (xmlSecKeyDataStorePtr store,
+ gnutls_x509_crt_t cert,
+ xmlSecKeyDataType type);
+
+
+
+
+#endif /* XMLSEC_NO_X509 */
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_GNUTLS_X509_H__ */
diff --git a/include/xmlsec/io.h b/include/xmlsec/io.h
new file mode 100644
index 00000000..d5a41c11
--- /dev/null
+++ b/include/xmlsec/io.h
@@ -0,0 +1,54 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Input uri transform and utility functions.
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_IO_H__
+#define __XMLSEC_IO_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <libxml/tree.h>
+#include <libxml/xmlIO.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/transforms.h>
+
+XMLSEC_EXPORT int xmlSecIOInit (void);
+XMLSEC_EXPORT void xmlSecIOShutdown (void);
+XMLSEC_EXPORT void xmlSecIOCleanupCallbacks (void);
+XMLSEC_EXPORT int xmlSecIORegisterDefaultCallbacks (void);
+XMLSEC_EXPORT int xmlSecIORegisterCallbacks (xmlInputMatchCallback matchFunc,
+ xmlInputOpenCallback openFunc,
+ xmlInputReadCallback readFunc,
+ xmlInputCloseCallback closeFunc);
+
+/********************************************************************
+ *
+ * Input URI transform
+ *
+ *******************************************************************/
+/**
+ * xmlSecTransformInputURIId:
+ *
+ * The Input URI transform id.
+ */
+#define xmlSecTransformInputURIId \
+ xmlSecTransformInputURIGetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformInputURIGetKlass (void);
+XMLSEC_EXPORT int xmlSecTransformInputURIOpen (xmlSecTransformPtr transform,
+ const xmlChar* uri);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_IO_H__ */
+
diff --git a/include/xmlsec/keyinfo.h b/include/xmlsec/keyinfo.h
new file mode 100644
index 00000000..5d7cf0e0
--- /dev/null
+++ b/include/xmlsec/keyinfo.h
@@ -0,0 +1,285 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * <dsig:KeyInfo> element processing
+ * (http://www.w3.org/TR/xmlSec-core/#sec-KeyInfo:
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_KEYINFO_H__
+#define __XMLSEC_KEYINFO_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <time.h>
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/list.h>
+#include <xmlsec/keysdata.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+
+/****************************************************************************
+ *
+ * High-level functions
+ *
+ ****************************************************************************/
+XMLSEC_EXPORT int xmlSecKeyInfoNodeRead (xmlNodePtr keyInfoNode,
+ xmlSecKeyPtr key,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+XMLSEC_EXPORT int xmlSecKeyInfoNodeWrite (xmlNodePtr keyInfoNode,
+ xmlSecKeyPtr key,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+
+/**
+ * xmlSecKeyInfoMode:
+ * @xmlSecKeyInfoModeRead: read <dsig:KeyInfo /> element.
+ * @xmlSecKeyInfoModeWrite: write <dsig:KeyInfo /> element.
+ *
+ * The @xmlSecKeyInfoCtx operation mode (read or write).
+ */
+typedef enum {
+ xmlSecKeyInfoModeRead = 0,
+ xmlSecKeyInfoModeWrite
+} xmlSecKeyInfoMode;
+
+/**
+ * XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND:
+ *
+ * If flag is set then we will continue reading <dsig:KeyInfo />
+ * element even when key is already found.
+ */
+#define XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND 0x00000001
+
+/**
+ * XMLSEC_KEYINFO_FLAGS_STOP_ON_UNKNOWN_CHILD:
+ *
+ * If flag is set then we abort if an unknown <dsig:KeyInfo />
+ * child is found.
+ */
+#define XMLSEC_KEYINFO_FLAGS_STOP_ON_UNKNOWN_CHILD 0x00000002
+
+/**
+ * XMLSEC_KEYINFO_FLAGS_KEYNAME_STOP_ON_UNKNOWN:
+ *
+ * If flags is set then we abort if an unknown key name
+ * (content of <dsig:KeyName /> element) is found.
+ */
+#define XMLSEC_KEYINFO_FLAGS_KEYNAME_STOP_ON_UNKNOWN 0x00000004
+
+/**
+ * XMLSEC_KEYINFO_FLAGS_KEYVALUE_STOP_ON_UNKNOWN_CHILD:
+ *
+ * If flags is set then we abort if an unknown <dsig:KeyValue />
+ * child is found.
+ */
+#define XMLSEC_KEYINFO_FLAGS_KEYVALUE_STOP_ON_UNKNOWN_CHILD 0x00000008
+
+/**
+ * XMLSEC_KEYINFO_FLAGS_RETRMETHOD_STOP_ON_UNKNOWN_HREF:
+ *
+ * If flag is set then we abort if an unknown href attribute
+ * of <dsig:RetrievalMethod /> element is found.
+ */
+#define XMLSEC_KEYINFO_FLAGS_RETRMETHOD_STOP_ON_UNKNOWN_HREF 0x00000010
+
+/**
+ * XMLSEC_KEYINFO_FLAGS_RETRMETHOD_STOP_ON_MISMATCH_HREF:
+ *
+ * If flag is set then we abort if an href attribute <dsig:RetrievalMethod />
+ * element does not match the real key data type.
+ */
+#define XMLSEC_KEYINFO_FLAGS_RETRMETHOD_STOP_ON_MISMATCH_HREF 0x00000020
+
+/**
+ * XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD:
+ *
+ * If flags is set then we abort if an unknown <dsig:X509Data />
+ * child is found.
+ */
+#define XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD 0x00000100
+
+/**
+ * XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS:
+ *
+ * If flag is set then we'll load certificates from <dsig:X509Data />
+ * element without verification.
+ */
+#define XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS 0x00000200
+
+/**
+ * XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT:
+ *
+ * If flag is set then we'll stop when we could not resolve reference
+ * to certificate from <dsig:X509IssuerSerial />, <dsig:X509SKI /> or
+ * <dsig:X509SubjectName /> elements.
+ */
+#define XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT 0x00000400
+
+/**
+ * XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT:
+ *
+ * If the flag is set then we'll stop when <dsig:X509Data /> element
+ * processing does not return a verified certificate.
+ */
+#define XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT 0x00000800
+
+/**
+ * XMLSEC_KEYINFO_FLAGS_ENCKEY_DONT_STOP_ON_FAILED_DECRYPTION:
+ *
+ * If the flag is set then we'll stop when <enc:EncryptedKey /> element
+ * processing fails.
+ */
+#define XMLSEC_KEYINFO_FLAGS_ENCKEY_DONT_STOP_ON_FAILED_DECRYPTION 0x00001000
+
+/**
+ * XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE:
+ *
+ * If the flag is set then we'll stop when we found an empty node.
+ * Otherwise we just ignore it.
+ */
+#define XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE 0x00002000
+
+/**
+ * XMLSEC_KEYINFO_FLAGS_X509DATA_SKIP_STRICT_CHECKS:
+ *
+ * If the flag is set then we'll skip strict checking of certs and CRLs
+ */
+#define XMLSEC_KEYINFO_FLAGS_X509DATA_SKIP_STRICT_CHECKS 0x00004000
+
+/**
+ * xmlSecKeyInfoCtx:
+ * @userData: the pointer to user data (xmlsec and xmlsec-crypto
+ * never touch this).
+ * @flags: the bit mask for flags that control processin.
+ * @flags2: reserved for future.
+ * @mode: do we read or write <dsig:KeyInfo /> element.
+ * @keysMngr: the pointer to current keys manager.
+ * @enabledKeyData: the list of enabled @xmlSecKeyDataId (if list is
+ * empty then all data ids are enabled).
+ * @base64LineSize: the max columns size for base64 encoding.
+ * @retrievalMethodCtx: the transforms context for <dsig:RetrievalMethod />
+ * element processing.
+ * @maxRetrievalMethodLevel: the max recursion level when processing
+ * <dsig:RetrievalMethod /> element; default level is 1
+ * (see also @curRetrievalMethodLevel).
+ * @encCtx: the encryption context for <dsig:EncryptedKey /> element
+ * processing.
+ * @maxEncryptedKeyLevel: the max recursion level when processing
+ * <enc:EncryptedKey /> element; default level is 1
+ * (see @curEncryptedKeyLevel).
+ * @certsVerificationTime: the time to use for X509 certificates verification
+ * ("not valid before" and "not valid after" checks);
+ * if @certsVerificationTime is equal to 0 (default)
+ * then we verify certificates against the system's
+ * clock "now".
+ * @certsVerificationDepth: the max certifications chain length (default is 9).
+ * @pgpReserved: reserved for PGP.
+ * @curRetrievalMethodLevel: the current <dsig:RetrievalMethod /> element
+ * processing level (see @maxRetrievalMethodLevel).
+ * @curEncryptedKeyLevel: the current <enc:EncryptedKey /> element
+ * processing level (see @maxEncryptedKeyLevel).
+ * @keyReq: the current key requirements.
+ * @reserved0: reserved for the future.
+ * @reserved1: reserved for the future.
+ *
+ * The <dsig:KeyInfo /> reading or writing context.
+ */
+struct _xmlSecKeyInfoCtx {
+ void* userData;
+ unsigned int flags;
+ unsigned int flags2;
+ xmlSecKeysMngrPtr keysMngr;
+ xmlSecKeyInfoMode mode;
+ xmlSecPtrList enabledKeyData;
+ int base64LineSize;
+
+ /* RetrievalMethod */
+ xmlSecTransformCtx retrievalMethodCtx;
+ int maxRetrievalMethodLevel;
+
+#ifndef XMLSEC_NO_XMLENC
+ /* EncryptedKey */
+ xmlSecEncCtxPtr encCtx;
+ int maxEncryptedKeyLevel;
+#endif /* XMLSEC_NO_XMLENC */
+
+#ifndef XMLSEC_NO_X509
+ /* x509 certificates */
+ time_t certsVerificationTime;
+ int certsVerificationDepth;
+#endif /* XMLSEC_NO_X509 */
+
+ /* PGP */
+ void* pgpReserved; /* TODO */
+
+ /* internal data */
+ int curRetrievalMethodLevel;
+ int curEncryptedKeyLevel;
+ xmlSecKeyReq keyReq;
+
+ /* for the future */
+ void* reserved0;
+ void* reserved1;
+};
+
+XMLSEC_EXPORT xmlSecKeyInfoCtxPtr xmlSecKeyInfoCtxCreate (xmlSecKeysMngrPtr keysMngr);
+XMLSEC_EXPORT void xmlSecKeyInfoCtxDestroy (xmlSecKeyInfoCtxPtr keyInfoCtx);
+XMLSEC_EXPORT int xmlSecKeyInfoCtxInitialize (xmlSecKeyInfoCtxPtr keyInfoCtx,
+ xmlSecKeysMngrPtr keysMngr);
+XMLSEC_EXPORT void xmlSecKeyInfoCtxFinalize (xmlSecKeyInfoCtxPtr keyInfoCtx);
+XMLSEC_EXPORT void xmlSecKeyInfoCtxReset (xmlSecKeyInfoCtxPtr keyInfoCtx);
+XMLSEC_EXPORT int xmlSecKeyInfoCtxCopyUserPref (xmlSecKeyInfoCtxPtr dst,
+ xmlSecKeyInfoCtxPtr src);
+XMLSEC_EXPORT int xmlSecKeyInfoCtxCreateEncCtx (xmlSecKeyInfoCtxPtr keyInfoCtx);
+XMLSEC_EXPORT void xmlSecKeyInfoCtxDebugDump (xmlSecKeyInfoCtxPtr keyInfoCtx,
+ FILE* output);
+XMLSEC_EXPORT void xmlSecKeyInfoCtxDebugXmlDump (xmlSecKeyInfoCtxPtr keyInfoCtx,
+ FILE* output);
+/**
+ * xmlSecKeyDataNameId
+ *
+ * The <dsig:KeyName> processing class.
+ */
+#define xmlSecKeyDataNameId xmlSecKeyDataNameGetKlass()
+XMLSEC_EXPORT xmlSecKeyDataId xmlSecKeyDataNameGetKlass (void);
+
+/**
+ * xmlSecKeyDataValueId
+ *
+ * The <dsig:KeyValue> processing class.
+ */
+#define xmlSecKeyDataValueId xmlSecKeyDataValueGetKlass()
+XMLSEC_EXPORT xmlSecKeyDataId xmlSecKeyDataValueGetKlass (void);
+
+/**
+ * xmlSecKeyDataRetrievalMethodId
+ *
+ * The <dsig:RetrievalMethod> processing class.
+ */
+#define xmlSecKeyDataRetrievalMethodId xmlSecKeyDataRetrievalMethodGetKlass()
+XMLSEC_EXPORT xmlSecKeyDataId xmlSecKeyDataRetrievalMethodGetKlass(void);
+
+#ifndef XMLSEC_NO_XMLENC
+/**
+ * xmlSecKeyDataEncryptedKeyId
+ *
+ * The <enc:EncryptedKey> processing class.
+ */
+#define xmlSecKeyDataEncryptedKeyId xmlSecKeyDataEncryptedKeyGetKlass()
+XMLSEC_EXPORT xmlSecKeyDataId xmlSecKeyDataEncryptedKeyGetKlass(void);
+#endif /* XMLSEC_NO_XMLENC */
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_KEYINFO_H__ */
+
diff --git a/include/xmlsec/keys.h b/include/xmlsec/keys.h
new file mode 100644
index 00000000..620ad492
--- /dev/null
+++ b/include/xmlsec/keys.h
@@ -0,0 +1,278 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Keys.
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_KEYS_H__
+#define __XMLSEC_KEYS_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <time.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/list.h>
+#include <xmlsec/keysdata.h>
+
+
+/**
+ * xmlSecKeyUsage:
+ *
+ * The key usage.
+ */
+typedef unsigned int xmlSecKeyUsage;
+
+/**
+ * xmlSecKeyUsageSign:
+ *
+ * Key can be used in any way.
+
+ */
+#define xmlSecKeyUsageSign 0x00000001
+
+/**
+ * xmlSecKeyUsageVerify:
+ *
+ * Key for signing.
+ */
+#define xmlSecKeyUsageVerify 0x00000002
+
+/**
+ * xmlSecKeyUsageEncrypt:
+ *
+ * Key for signature verification.
+ */
+#define xmlSecKeyUsageEncrypt 0x00000004
+
+/**
+ * xmlSecKeyUsageDecrypt:
+ *
+ * An encryption key.
+ */
+#define xmlSecKeyUsageDecrypt 0x00000008
+
+/**
+ * xmlSecKeyUsageKeyExchange:
+ *
+ * The key is used for key exchange.
+ */
+#define xmlSecKeyUsageKeyExchange 0x00000010
+
+/**
+ * xmlSecKeyUsageAny:
+ *
+ * A decryption key.
+ */
+#define xmlSecKeyUsageAny 0xFFFFFFFF
+
+
+/**************************************************************************
+ *
+ * xmlSecKeyUseWith
+ *
+ *************************************************************************/
+typedef struct _xmlSecKeyUseWith xmlSecKeyUseWith, *xmlSecKeyUseWithPtr;
+XMLSEC_EXPORT int xmlSecKeyUseWithInitialize (xmlSecKeyUseWithPtr keyUseWith);
+XMLSEC_EXPORT void xmlSecKeyUseWithFinalize (xmlSecKeyUseWithPtr keyUseWith);
+XMLSEC_EXPORT void xmlSecKeyUseWithReset (xmlSecKeyUseWithPtr keyUseWith);
+XMLSEC_EXPORT int xmlSecKeyUseWithCopy (xmlSecKeyUseWithPtr dst,
+ xmlSecKeyUseWithPtr src);
+XMLSEC_EXPORT xmlSecKeyUseWithPtr xmlSecKeyUseWithCreate (const xmlChar* application,
+ const xmlChar* identifier);
+XMLSEC_EXPORT xmlSecKeyUseWithPtr xmlSecKeyUseWithDuplicate (xmlSecKeyUseWithPtr keyUseWith);
+XMLSEC_EXPORT void xmlSecKeyUseWithDestroy (xmlSecKeyUseWithPtr keyUseWith);
+XMLSEC_EXPORT int xmlSecKeyUseWithSet (xmlSecKeyUseWithPtr keyUseWith,
+ const xmlChar* application,
+ const xmlChar* identifier);
+XMLSEC_EXPORT void xmlSecKeyUseWithDebugDump (xmlSecKeyUseWithPtr keyUseWith,
+ FILE* output);
+XMLSEC_EXPORT void xmlSecKeyUseWithDebugXmlDump (xmlSecKeyUseWithPtr keyUseWith,
+ FILE* output);
+
+/**
+ * xmlSecKeyUseWith:
+ * @application: the application.
+ * @identifier: the identifier.
+ * @reserved1: reserved for future use.
+ * @reserved2: reserved for future use.
+ *
+ * Information about application and user of the key.
+ */
+struct _xmlSecKeyUseWith {
+ xmlChar* application;
+ xmlChar* identifier;
+
+ void* reserved1;
+ void* reserved2;
+};
+
+/**
+ * xmlSecKeyUseWithPtrListId:
+ *
+ * The keys list klass.
+ */
+#define xmlSecKeyUseWithPtrListId xmlSecKeyUseWithPtrListGetKlass()
+XMLSEC_EXPORT xmlSecPtrListId xmlSecKeyUseWithPtrListGetKlass (void);
+
+/**************************************************************************
+ *
+ * xmlSecKeyReq - what key are we looking for?
+ *
+ *************************************************************************/
+typedef struct _xmlSecKeyReq xmlSecKeyReq, *xmlSecKeyReqPtr;
+
+/**
+ * xmlSecKeyReq:
+ * @keyId: the desired key value klass.
+ * @keyType: the desired key type.
+ * @keyUsage: the desired key usage.
+ * @keyBitsSize: the desired key size (in bits!).
+ * @keyUseWithList: the desired key use with application/identifier information.
+ * @reserved1: reserved for future use.
+ * @reserved2: reserved for future use.
+ *
+ * The key requirements information.
+ */
+struct _xmlSecKeyReq {
+ xmlSecKeyDataId keyId;
+ xmlSecKeyDataType keyType;
+ xmlSecKeyUsage keyUsage;
+ xmlSecSize keyBitsSize;
+ xmlSecPtrList keyUseWithList;
+
+ void* reserved1;
+ void* reserved2;
+};
+
+XMLSEC_EXPORT int xmlSecKeyReqInitialize (xmlSecKeyReqPtr keyReq);
+XMLSEC_EXPORT void xmlSecKeyReqFinalize (xmlSecKeyReqPtr keyReq);
+XMLSEC_EXPORT void xmlSecKeyReqReset (xmlSecKeyReqPtr keyReq);
+XMLSEC_EXPORT int xmlSecKeyReqCopy (xmlSecKeyReqPtr dst,
+ xmlSecKeyReqPtr src);
+XMLSEC_EXPORT int xmlSecKeyReqMatchKey (xmlSecKeyReqPtr keyReq,
+ xmlSecKeyPtr key);
+XMLSEC_EXPORT int xmlSecKeyReqMatchKeyValue (xmlSecKeyReqPtr keyReq,
+ xmlSecKeyDataPtr value);
+XMLSEC_EXPORT void xmlSecKeyReqDebugDump (xmlSecKeyReqPtr keyReq,
+ FILE* output);
+XMLSEC_EXPORT void xmlSecKeyReqDebugXmlDump (xmlSecKeyReqPtr keyReq,
+ FILE* output);
+
+/**
+ * xmlSecKey:
+ * @name: the key name.
+ * @value: the key value.
+ * @dataList: the key data list.
+ * @usage: the key usage.
+ * @notValidBefore: the start key validity interval.
+ * @notValidAfter: the end key validity interval.
+ *
+ * The key.
+ */
+struct _xmlSecKey {
+ xmlChar* name;
+ xmlSecKeyDataPtr value;
+ xmlSecPtrListPtr dataList;
+ xmlSecKeyUsage usage;
+ time_t notValidBefore;
+ time_t notValidAfter;
+};
+
+XMLSEC_EXPORT xmlSecKeyPtr xmlSecKeyCreate (void);
+XMLSEC_EXPORT void xmlSecKeyDestroy (xmlSecKeyPtr key);
+XMLSEC_EXPORT void xmlSecKeyEmpty (xmlSecKeyPtr key);
+XMLSEC_EXPORT xmlSecKeyPtr xmlSecKeyDuplicate (xmlSecKeyPtr key);
+XMLSEC_EXPORT int xmlSecKeyCopy (xmlSecKeyPtr keyDst,
+ xmlSecKeyPtr keySrc);
+
+XMLSEC_EXPORT const xmlChar* xmlSecKeyGetName (xmlSecKeyPtr key);
+XMLSEC_EXPORT int xmlSecKeySetName (xmlSecKeyPtr key,
+ const xmlChar* name);
+
+XMLSEC_EXPORT xmlSecKeyDataType xmlSecKeyGetType (xmlSecKeyPtr key);
+
+XMLSEC_EXPORT xmlSecKeyDataPtr xmlSecKeyGetValue (xmlSecKeyPtr key);
+XMLSEC_EXPORT int xmlSecKeySetValue (xmlSecKeyPtr key,
+ xmlSecKeyDataPtr value);
+
+XMLSEC_EXPORT xmlSecKeyDataPtr xmlSecKeyGetData (xmlSecKeyPtr key,
+ xmlSecKeyDataId dataId);
+XMLSEC_EXPORT xmlSecKeyDataPtr xmlSecKeyEnsureData (xmlSecKeyPtr key,
+ xmlSecKeyDataId dataId);
+XMLSEC_EXPORT int xmlSecKeyAdoptData (xmlSecKeyPtr key,
+ xmlSecKeyDataPtr data);
+
+XMLSEC_EXPORT void xmlSecKeyDebugDump (xmlSecKeyPtr key,
+ FILE *output);
+XMLSEC_EXPORT void xmlSecKeyDebugXmlDump (xmlSecKeyPtr key,
+ FILE *output);
+XMLSEC_EXPORT xmlSecKeyPtr xmlSecKeyGenerate (xmlSecKeyDataId dataId,
+ xmlSecSize sizeBits,
+ xmlSecKeyDataType type);
+XMLSEC_EXPORT xmlSecKeyPtr xmlSecKeyGenerateByName (const xmlChar* name,
+ xmlSecSize sizeBits,
+ xmlSecKeyDataType type);
+
+
+XMLSEC_EXPORT int xmlSecKeyMatch (xmlSecKeyPtr key,
+ const xmlChar *name,
+ xmlSecKeyReqPtr keyReq);
+
+XMLSEC_EXPORT xmlSecKeyPtr xmlSecKeyReadBuffer (xmlSecKeyDataId dataId,
+ xmlSecBuffer* buffer);
+XMLSEC_EXPORT xmlSecKeyPtr xmlSecKeyReadBinaryFile (xmlSecKeyDataId dataId,
+ const char* filename);
+XMLSEC_EXPORT xmlSecKeyPtr xmlSecKeyReadMemory (xmlSecKeyDataId dataId,
+ const xmlSecByte* data,
+ xmlSecSize dataSize);
+
+
+/**
+ * xmlSecKeyIsValid:
+ * @key: the pointer to key.
+ *
+ * Macro. Returns 1 if @key is not NULL and @key->id is not NULL
+ * or 0 otherwise.
+ */
+#define xmlSecKeyIsValid(key) \
+ ((( key ) != NULL) && \
+ (( key )->value != NULL) && \
+ ((( key )->value->id) != NULL))
+/**
+ * xmlSecKeyCheckId:
+ * @key: the pointer to key.
+ * @keyId: the key Id.
+ *
+ * Macro. Returns 1 if @key is valid and @key's id is equal to @keyId.
+ */
+#define xmlSecKeyCheckId(key, keyId) \
+ (xmlSecKeyIsValid(( key )) && \
+ ((( key )->value->id) == ( keyId )))
+
+
+/***********************************************************************
+ *
+ * Keys list
+ *
+ **********************************************************************/
+/**
+ * xmlSecKeyPtrListId:
+ *
+ * The keys list klass.
+ */
+#define xmlSecKeyPtrListId xmlSecKeyPtrListGetKlass()
+XMLSEC_EXPORT xmlSecPtrListId xmlSecKeyPtrListGetKlass (void);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_KEYS_H__ */
+
diff --git a/include/xmlsec/keysdata.h b/include/xmlsec/keysdata.h
new file mode 100644
index 00000000..f7554ca4
--- /dev/null
+++ b/include/xmlsec/keysdata.h
@@ -0,0 +1,837 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Key data.
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_KEYSDATA_H__
+#define __XMLSEC_KEYSDATA_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/buffer.h>
+#include <xmlsec/list.h>
+
+/****************************************************************************
+ *
+ * Forward declarations
+ *
+ ****************************************************************************/
+typedef const struct _xmlSecKeyDataKlass xmlSecKeyDataKlass,
+ *xmlSecKeyDataId;
+typedef const struct _xmlSecKeyDataStoreKlass xmlSecKeyDataStoreKlass,
+ *xmlSecKeyDataStoreId;
+typedef struct _xmlSecKeyDataList xmlSecKeyDataList,
+ *xmlSecKeyDataListPtr;
+
+
+/**************************************************************************
+ *
+ * xmlSecKeyDataUsage
+ *
+ *************************************************************************/
+/**
+ * xmlSecKeyDataUsage:
+ *
+ * The bits mask that determines possible keys data usage.
+ */
+typedef unsigned int xmlSecKeyDataUsage;
+
+/**
+ * xmlSecKeyDataUsageUnknown:
+ *
+ * The key data usage is unknown.
+ */
+#define xmlSecKeyDataUsageUnknown 0x00000
+
+/**
+ * xmlSecKeyDataUsageKeyInfoNodeRead:
+ *
+ * The key data could be read from a <dsig:KeyInfo/> child.
+ */
+#define xmlSecKeyDataUsageKeyInfoNodeRead 0x00001
+
+/**
+ * xmlSecKeyDataUsageKeyInfoNodeWrite:
+ *
+ * The key data could be written to a <dsig:KeyInfo /> child.
+ */
+#define xmlSecKeyDataUsageKeyInfoNodeWrite 0x00002
+
+/**
+ * xmlSecKeyDataUsageKeyValueNodeRead:
+ *
+ * The key data could be read from a <dsig:KeyValue /> child.
+ */
+#define xmlSecKeyDataUsageKeyValueNodeRead 0x00004
+
+/**
+ * xmlSecKeyDataUsageKeyValueNodeWrite:
+ *
+ * The key data could be written to a <dsig:KeyValue /> child.
+ */
+#define xmlSecKeyDataUsageKeyValueNodeWrite 0x00008
+
+/**
+ * xmlSecKeyDataUsageRetrievalMethodNodeXml:
+ *
+ * The key data could be retrieved using <dsig:RetrievalMethod /> node
+ * in XML format.
+ */
+#define xmlSecKeyDataUsageRetrievalMethodNodeXml 0x00010
+
+/**
+ * xmlSecKeyDataUsageRetrievalMethodNodeBin:
+ *
+ * The key data could be retrieved using <dsig:RetrievalMethod /> node
+ * in binary format.
+ */
+#define xmlSecKeyDataUsageRetrievalMethodNodeBin 0x00020
+
+/**
+ * xmlSecKeyDataUsageAny:
+ *
+ * Any key data usage.
+ */
+#define xmlSecKeyDataUsageAny 0xFFFFF
+
+/**
+ * xmlSecKeyDataUsageKeyInfoNode:
+ *
+ * The key data could be read and written from/to a <dsig:KeyInfo /> child.
+ */
+#define xmlSecKeyDataUsageKeyInfoNode \
+ (xmlSecKeyDataUsageKeyInfoNodeRead | xmlSecKeyDataUsageKeyInfoNodeWrite)
+
+/**
+ * xmlSecKeyDataUsageKeyValueNode:
+ *
+ * The key data could be read and written from/to a <dsig:KeyValue /> child.
+ */
+#define xmlSecKeyDataUsageKeyValueNode \
+ (xmlSecKeyDataUsageKeyValueNodeRead | xmlSecKeyDataUsageKeyValueNodeWrite)
+
+/**
+ * xmlSecKeyDataUsageRetrievalMethodNode:
+ *
+ * The key data could be retrieved using <dsig:RetrievalMethod /> node
+ * in any format.
+ */
+#define xmlSecKeyDataUsageRetrievalMethodNode \
+ (xmlSecKeyDataUsageRetrievalMethodNodeXml | xmlSecKeyDataUsageRetrievalMethodNodeBin)
+
+/**************************************************************************
+ *
+ * xmlSecKeyDataType
+ *
+ *************************************************************************/
+/**
+ * xmlSecKeyDataType:
+ *
+ * The key data type (public/private, session/permanet, etc.).
+ */
+typedef unsigned int xmlSecKeyDataType;
+
+/**
+ * xmlSecKeyDataTypeUnknown:
+ *
+ * The key data type is unknown (same as #xmlSecKeyDataTypeNone).
+ */
+#define xmlSecKeyDataTypeUnknown 0x0000
+
+/**
+ * xmlSecKeyDataTypeNone:
+ *
+ * The key data type is unknown (same as #xmlSecKeyDataTypeUnknown).
+ */
+#define xmlSecKeyDataTypeNone xmlSecKeyDataTypeUnknown
+
+/**
+ * xmlSecKeyDataTypePublic:
+ *
+ * The key data contain a public key.
+ */
+#define xmlSecKeyDataTypePublic 0x0001
+
+/**
+ * xmlSecKeyDataTypePrivate:
+ *
+ * The key data contain a private key.
+ */
+#define xmlSecKeyDataTypePrivate 0x0002
+
+/**
+ * xmlSecKeyDataTypeSymmetric:
+ *
+ * The key data contain a symmetric key.
+ */
+#define xmlSecKeyDataTypeSymmetric 0x0004
+
+/**
+ * xmlSecKeyDataTypeSession:
+ *
+ * The key data contain session key (one time key, not stored in keys manager).
+ */
+#define xmlSecKeyDataTypeSession 0x0008
+
+/**
+ * xmlSecKeyDataTypePermanent:
+ *
+ * The key data contain permanent key (stored in keys manager).
+ */
+#define xmlSecKeyDataTypePermanent 0x0010
+
+/**
+ * xmlSecKeyDataTypeTrusted:
+ *
+ * The key data is trusted.
+ */
+#define xmlSecKeyDataTypeTrusted 0x0100
+
+/**
+ * xmlSecKeyDataTypeAny:
+ *
+ * Any key data.
+ */
+#define xmlSecKeyDataTypeAny 0xFFFF
+
+/**************************************************************************
+ *
+ * xmlSecKeyDataFormat
+ *
+ *************************************************************************/
+/**
+ * xmlSecKeyDataFormat:
+ * @xmlSecKeyDataFormatUnknown: the key data format is unknown.
+ * @xmlSecKeyDataFormatBinary: the binary key data.
+ * @xmlSecKeyDataFormatPem: the PEM key data (cert or public/private key).
+ * @xmlSecKeyDataFormatDer: the DER key data (cert or public/private key).
+ * @xmlSecKeyDataFormatPkcs8Pem: the PKCS8 PEM private key.
+ * @xmlSecKeyDataFormatPkcs8Der: the PKCS8 DER private key.
+ * @xmlSecKeyDataFormatPkcs12: the PKCS12 format (bag of keys and certs)
+ * @xmlSecKeyDataFormatCertPem: the PEM cert.
+ * @xmlSecKeyDataFormatCertDer: the DER cert.
+ *
+ * The key data format (binary, der, pem, etc.).
+ */
+typedef enum {
+ xmlSecKeyDataFormatUnknown = 0,
+ xmlSecKeyDataFormatBinary,
+ xmlSecKeyDataFormatPem,
+ xmlSecKeyDataFormatDer,
+ xmlSecKeyDataFormatPkcs8Pem,
+ xmlSecKeyDataFormatPkcs8Der,
+ xmlSecKeyDataFormatPkcs12,
+ xmlSecKeyDataFormatCertPem,
+ xmlSecKeyDataFormatCertDer
+} xmlSecKeyDataFormat;
+
+/**************************************************************************
+ *
+ * Global xmlSecKeyDataIds methods
+ *
+ *************************************************************************/
+XMLSEC_EXPORT xmlSecPtrListPtr xmlSecKeyDataIdsGet (void);
+XMLSEC_EXPORT int xmlSecKeyDataIdsInit (void);
+XMLSEC_EXPORT void xmlSecKeyDataIdsShutdown (void);
+XMLSEC_EXPORT int xmlSecKeyDataIdsRegisterDefault (void);
+XMLSEC_EXPORT int xmlSecKeyDataIdsRegister (xmlSecKeyDataId id);
+
+/**************************************************************************
+ *
+ * xmlSecKeyData
+ *
+ *************************************************************************/
+/**
+ * xmlSecKeyData:
+ * @id: the data id (#xmlSecKeyDataId).
+ * @reserved0: reserved for the future.
+ * @reserved1: reserved for the future.
+ *
+ * The key data: key value (crypto material), x509 data, pgp data, etc.
+ */
+struct _xmlSecKeyData {
+ xmlSecKeyDataId id;
+ void* reserved0;
+ void* reserved1;
+};
+
+XMLSEC_EXPORT xmlSecKeyDataPtr xmlSecKeyDataCreate (xmlSecKeyDataId id);
+XMLSEC_EXPORT xmlSecKeyDataPtr xmlSecKeyDataDuplicate (xmlSecKeyDataPtr data);
+XMLSEC_EXPORT void xmlSecKeyDataDestroy (xmlSecKeyDataPtr data);
+XMLSEC_EXPORT int xmlSecKeyDataGenerate (xmlSecKeyDataPtr data,
+ xmlSecSize sizeBits,
+ xmlSecKeyDataType type);
+XMLSEC_EXPORT xmlSecKeyDataType xmlSecKeyDataGetType (xmlSecKeyDataPtr data);
+XMLSEC_EXPORT xmlSecSize xmlSecKeyDataGetSize (xmlSecKeyDataPtr data);
+XMLSEC_EXPORT const xmlChar* xmlSecKeyDataGetIdentifier (xmlSecKeyDataPtr data);
+XMLSEC_EXPORT void xmlSecKeyDataDebugDump (xmlSecKeyDataPtr data,
+ FILE *output);
+XMLSEC_EXPORT void xmlSecKeyDataDebugXmlDump (xmlSecKeyDataPtr data,
+ FILE *output);
+XMLSEC_EXPORT int xmlSecKeyDataXmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+XMLSEC_EXPORT int xmlSecKeyDataXmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+XMLSEC_EXPORT int xmlSecKeyDataBinRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+XMLSEC_EXPORT int xmlSecKeyDataBinWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlSecByte** buf,
+ xmlSecSize* bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+
+/**
+ * xmlSecKeyDataGetName:
+ * @data: the pointer to key data.
+ *
+ * Macro. Returns the key data name.
+ */
+#define xmlSecKeyDataGetName(data) \
+ ((xmlSecKeyDataIsValid((data))) ? \
+ xmlSecKeyDataKlassGetName((data)->id) : NULL)
+
+/**
+ * xmlSecKeyDataIsValid:
+ * @data: the pointer to data.
+ *
+ * Macro. Returns 1 if @data is not NULL and @data->id is not NULL
+ * or 0 otherwise.
+ */
+#define xmlSecKeyDataIsValid(data) \
+ ((( data ) != NULL) && \
+ (( data )->id != NULL) && \
+ (( data )->id->klassSize >= sizeof(xmlSecKeyDataKlass)) && \
+ (( data )->id->objSize >= sizeof(xmlSecKeyData)) && \
+ (( data )->id->name != NULL))
+/**
+ * xmlSecKeyDataCheckId:
+ * @data: the pointer to data.
+ * @dataId: the data Id.
+ *
+ * Macro. Returns 1 if @data is valid and @data's id is equal to @dataId.
+ */
+#define xmlSecKeyDataCheckId(data, dataId) \
+ (xmlSecKeyDataIsValid(( data )) && \
+ ((( data )->id) == ( dataId )))
+
+/**
+ * xmlSecKeyDataCheckUsage:
+ * @data: the pointer to data.
+ * @usg: the data usage.
+ *
+ * Macro. Returns 1 if @data is valid and could be used for @usg.
+ */
+#define xmlSecKeyDataCheckUsage(data, usg) \
+ (xmlSecKeyDataIsValid(( data )) && \
+ (((( data )->id->usage) & ( usg )) != 0))
+
+/**
+ * xmlSecKeyDataCheckSize:
+ * @data: the pointer to data.
+ * @size: the expected size.
+ *
+ * Macro. Returns 1 if @data is valid and @data's object has at least @size bytes.
+ */
+#define xmlSecKeyDataCheckSize(data, size) \
+ (xmlSecKeyDataIsValid(( data )) && \
+ (( data )->id->objSize >= size))
+
+/**************************************************************************
+ *
+ * xmlSecKeyDataKlass
+ *
+ *************************************************************************/
+/**
+ * xmlSecKeyDataIdUnknown:
+ *
+ * The "unknown" id.
+ */
+#define xmlSecKeyDataIdUnknown ((xmlSecKeyDataId)NULL)
+
+/**
+ * xmlSecKeyDataInitMethod:
+ * @data: the pointer to key data.
+ *
+ * Key data specific initialization method.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+typedef int (*xmlSecKeyDataInitMethod) (xmlSecKeyDataPtr data);
+
+/**
+ * xmlSecKeyDataDuplicateMethod:
+ * @dst: the pointer to destination key data.
+ * @src: the poiniter to source key data.
+ *
+ * Key data specific duplication (copy) method.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+typedef int (*xmlSecKeyDataDuplicateMethod) (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+
+/**
+ * xmlSecKeyDataFinalizeMethod:
+ * @data: the data.
+ *
+ * Key data specific finalization method. All the objects and resources allocated
+ * by the key data object must be freed inside this method.
+ */
+typedef void (*xmlSecKeyDataFinalizeMethod) (xmlSecKeyDataPtr data);
+
+/**
+ * xmlSecKeyDataXmlReadMethod:
+ * @id: the data id.
+ * @key: the key.
+ * @node: the pointer to data's value XML node.
+ * @keyInfoCtx: the <dsig:KeyInfo/> node processing context.
+ *
+ * Key data specific method for reading XML node.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+typedef int (*xmlSecKeyDataXmlReadMethod) (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+/**
+ * xmlSecKeyDataXmlWriteMethod:
+ * @id: the data id.
+ * @key: the key.
+ * @node: the pointer to data's value XML node.
+ * @keyInfoCtx: the <dsig:KeyInfo> node processing context.
+ *
+ * Key data specific method for writing XML node.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+typedef int (*xmlSecKeyDataXmlWriteMethod) (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+/**
+ * xmlSecKeyDataBinReadMethod:
+ * @id: the data id.
+ * @key: the key.
+ * @buf: the input buffer.
+ * @bufSize: the buffer size.
+ * @keyInfoCtx: the <dsig:KeyInfo/> node processing context.
+ *
+ * Key data specific method for reading binary buffer.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+typedef int (*xmlSecKeyDataBinReadMethod) (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+/**
+ * xmlSecKeyDataBinWriteMethod:
+ * @id: the data id.
+ * @key: the key.
+ * @buf: the output buffer.
+ * @bufSize: the buffer size.
+ * @keyInfoCtx: the <dsig:KeyInfo/> node processing context.
+ *
+ * Key data specific method for reading binary buffer.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+typedef int (*xmlSecKeyDataBinWriteMethod) (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlSecByte** buf,
+ xmlSecSize* bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+
+/**
+ * xmlSecKeyDataGenerateMethod:
+ * @data: the pointer to key data.
+ * @sizeBits: the key data specific size.
+ * @type: the required key type (session/permanent, etc.)
+ *
+ * Key data specific method for generating new key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+typedef int (*xmlSecKeyDataGenerateMethod) (xmlSecKeyDataPtr data,
+ xmlSecSize sizeBits,
+ xmlSecKeyDataType type);
+
+/**
+ * xmlSecKeyDataGetTypeMethod:
+ * @data: the data.
+ *
+ * Key data specific method to get the key type.
+ *
+ * Returns: the key type.
+ */
+typedef xmlSecKeyDataType (*xmlSecKeyDataGetTypeMethod) (xmlSecKeyDataPtr data);
+
+/**
+ * xmlSecKeyDataGetSizeMethod:
+ * @data: the pointer to key data.
+ *
+ * Key data specific method to get the key size.
+ *
+ * Returns: the key size in bits.
+ */
+typedef xmlSecSize (*xmlSecKeyDataGetSizeMethod) (xmlSecKeyDataPtr data);
+
+/**
+ * xmlSecKeyDataGetIdentifierMethod:
+ * @data: the pointer to key data.
+ *
+ * Key data specific method to get the key data identifier string (for example,
+ * X509 data identifier is the subject of the verified cert).
+ *
+ * Returns: the identifier string or NULL if an error occurs.
+ */
+typedef const xmlChar* (*xmlSecKeyDataGetIdentifierMethod) (xmlSecKeyDataPtr data);
+
+/**
+ * xmlSecKeyDataDebugDumpMethod:
+ * @data: the data.
+ * @output: the FILE to print debug info (should be open for writing).
+ *
+ * Key data specific method for printing debug info.
+ */
+typedef void (*xmlSecKeyDataDebugDumpMethod) (xmlSecKeyDataPtr data,
+ FILE* output);
+
+/**
+ * xmlSecKeyDataKlass:
+ * @klassSize: the klass size.
+ * @objSize: the object size.
+ * @name: the object name.
+ * @usage: the allowed data usage.
+ * @href: the identification string (href).
+ * @dataNodeName: the data's XML node name.
+ * @dataNodeNs: the data's XML node namespace.
+ * @initialize: the initialization method.
+ * @duplicate: the duplicate (copy) method.
+ * @finalize: the finalization (destroy) method.
+ * @generate: the new data generation method.
+ * @getType: the method to access data's type information.
+ * @getSize: the method to access data's size.
+ * @getIdentifier: the method to access data's string identifier.
+ * @xmlRead: the method for reading data from XML node.
+ * @xmlWrite: the method for writing data to XML node.
+ * @binRead: the method for reading data from a binary buffer.
+ * @binWrite: the method for writing data to binary buffer.
+ * @debugDump: the method for printing debug data information.
+ * @debugXmlDump: the method for printing debug data information in XML format.
+ * @reserved0: reserved for the future.
+ * @reserved1: reserved for the future.
+ *
+ * The data id (klass).
+ */
+struct _xmlSecKeyDataKlass {
+ xmlSecSize klassSize;
+ xmlSecSize objSize;
+
+ /* data */
+ const xmlChar* name;
+ xmlSecKeyDataUsage usage;
+ const xmlChar* href;
+ const xmlChar* dataNodeName;
+ const xmlChar* dataNodeNs;
+
+ /* constructors/destructor */
+ xmlSecKeyDataInitMethod initialize;
+ xmlSecKeyDataDuplicateMethod duplicate;
+ xmlSecKeyDataFinalizeMethod finalize;
+ xmlSecKeyDataGenerateMethod generate;
+
+ /* get info */
+ xmlSecKeyDataGetTypeMethod getType;
+ xmlSecKeyDataGetSizeMethod getSize;
+ xmlSecKeyDataGetIdentifierMethod getIdentifier;
+
+ /* read/write */
+ xmlSecKeyDataXmlReadMethod xmlRead;
+ xmlSecKeyDataXmlWriteMethod xmlWrite;
+ xmlSecKeyDataBinReadMethod binRead;
+ xmlSecKeyDataBinWriteMethod binWrite;
+
+ /* debug */
+ xmlSecKeyDataDebugDumpMethod debugDump;
+ xmlSecKeyDataDebugDumpMethod debugXmlDump;
+
+ /* for the future */
+ void* reserved0;
+ void* reserved1;
+};
+
+/**
+ * xmlSecKeyDataKlassGetName:
+ * @klass: the data klass.
+ *
+ * Macro. Returns data klass name.
+ */
+#define xmlSecKeyDataKlassGetName(klass) \
+ (((klass)) ? ((klass)->name) : NULL)
+
+/***********************************************************************
+ *
+ * Key Data list
+ *
+ **********************************************************************/
+/**
+ * xmlSecKeyDataListId:
+ *
+ *
+ * The key data klasses list klass id.
+ */
+#define xmlSecKeyDataListId xmlSecKeyDataListGetKlass()
+XMLSEC_EXPORT xmlSecPtrListId xmlSecKeyDataListGetKlass (void);
+
+/***********************************************************************
+ *
+ * Key Data Ids list
+ *
+ **********************************************************************/
+/**
+ * xmlSecKeyDataIdListId:
+ *
+ *
+ * The key data list klass id.
+ */
+#define xmlSecKeyDataIdListId xmlSecKeyDataIdListGetKlass()
+XMLSEC_EXPORT xmlSecPtrListId xmlSecKeyDataIdListGetKlass (void);
+XMLSEC_EXPORT int xmlSecKeyDataIdListFind (xmlSecPtrListPtr list,
+ xmlSecKeyDataId dataId);
+XMLSEC_EXPORT xmlSecKeyDataId xmlSecKeyDataIdListFindByNode (xmlSecPtrListPtr list,
+ const xmlChar* nodeName,
+ const xmlChar* nodeNs,
+ xmlSecKeyDataUsage usage);
+XMLSEC_EXPORT xmlSecKeyDataId xmlSecKeyDataIdListFindByHref (xmlSecPtrListPtr list,
+ const xmlChar* href,
+ xmlSecKeyDataUsage usage);
+XMLSEC_EXPORT xmlSecKeyDataId xmlSecKeyDataIdListFindByName (xmlSecPtrListPtr list,
+ const xmlChar* name,
+ xmlSecKeyDataUsage usage);
+XMLSEC_EXPORT void xmlSecKeyDataIdListDebugDump (xmlSecPtrListPtr list,
+ FILE* output);
+XMLSEC_EXPORT void xmlSecKeyDataIdListDebugXmlDump (xmlSecPtrListPtr list,
+ FILE* output);
+
+/**************************************************************************
+ *
+ * xmlSecKeyDataBinary
+ *
+ * key (xmlSecBuffer) is located after xmlSecKeyData structure
+ *
+ *************************************************************************/
+/**
+ * xmlSecKeyDataBinarySize:
+ *
+ * The binary key data object size.
+ */
+#define xmlSecKeyDataBinarySize \
+ (sizeof(xmlSecKeyData) + sizeof(xmlSecBuffer))
+
+XMLSEC_EXPORT int xmlSecKeyDataBinaryValueInitialize (xmlSecKeyDataPtr data);
+XMLSEC_EXPORT int xmlSecKeyDataBinaryValueDuplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+XMLSEC_EXPORT void xmlSecKeyDataBinaryValueFinalize (xmlSecKeyDataPtr data);
+XMLSEC_EXPORT int xmlSecKeyDataBinaryValueXmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+XMLSEC_EXPORT int xmlSecKeyDataBinaryValueXmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+XMLSEC_EXPORT int xmlSecKeyDataBinaryValueBinRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+XMLSEC_EXPORT int xmlSecKeyDataBinaryValueBinWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlSecByte** buf,
+ xmlSecSize* bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+XMLSEC_EXPORT void xmlSecKeyDataBinaryValueDebugDump (xmlSecKeyDataPtr data,
+ FILE* output);
+XMLSEC_EXPORT void xmlSecKeyDataBinaryValueDebugXmlDump (xmlSecKeyDataPtr data,
+ FILE* output);
+
+XMLSEC_EXPORT xmlSecSize xmlSecKeyDataBinaryValueGetSize (xmlSecKeyDataPtr data);
+XMLSEC_EXPORT xmlSecBufferPtr xmlSecKeyDataBinaryValueGetBuffer (xmlSecKeyDataPtr data);
+XMLSEC_EXPORT int xmlSecKeyDataBinaryValueSetBuffer (xmlSecKeyDataPtr data,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize);
+
+/**************************************************************************
+ *
+ * xmlSecKeyDataStore
+ *
+ *************************************************************************/
+/**
+ * xmlSecKeyDataStore:
+ * @id: the store id (#xmlSecKeyDataStoreId).
+ * @reserved0: reserved for the future.
+ * @reserved1: reserved for the future.
+ *
+ * The key data store. Key data store holds common key data specific information
+ * required for key data processing. For example, X509 data store may hold
+ * information about trusted (root) certificates.
+ */
+struct _xmlSecKeyDataStore {
+ xmlSecKeyDataStoreId id;
+
+ /* for the future */
+ void* reserved0;
+ void* reserved1;
+};
+
+XMLSEC_EXPORT xmlSecKeyDataStorePtr xmlSecKeyDataStoreCreate (xmlSecKeyDataStoreId id);
+XMLSEC_EXPORT void xmlSecKeyDataStoreDestroy (xmlSecKeyDataStorePtr store);
+
+/**
+ * xmlSecKeyDataStoreGetName:
+ * @store: the pointer to store.
+ *
+ * Macro. Returns key data store name.
+ */
+#define xmlSecKeyDataStoreGetName(store) \
+ ((xmlSecKeyDataStoreIsValid((store))) ? \
+ xmlSecKeyDataStoreKlassGetName((store)->id) : NULL)
+
+/**
+ * xmlSecKeyDataStoreIsValid:
+ * @store: the pointer to store.
+ *
+ * Macro. Returns 1 if @store is not NULL and @store->id is not NULL
+ * or 0 otherwise.
+ */
+#define xmlSecKeyDataStoreIsValid(store) \
+ ((( store ) != NULL) && ((( store )->id) != NULL))
+/**
+ * xmlSecKeyDataStoreCheckId:
+ * @store: the pointer to store.
+ * @storeId: the store Id.
+ *
+ * Macro. Returns 1 if @store is valid and @store's id is equal to @storeId.
+ */
+#define xmlSecKeyDataStoreCheckId(store, storeId) \
+ (xmlSecKeyDataStoreIsValid(( store )) && \
+ ((( store )->id) == ( storeId )))
+
+/**
+ * xmlSecKeyDataStoreCheckSize:
+ * @store: the pointer to store.
+ * @size: the expected size.
+ *
+ * Macro. Returns 1 if @data is valid and @stores's object has at least @size bytes.
+ */
+#define xmlSecKeyDataStoreCheckSize(store, size) \
+ (xmlSecKeyDataStoreIsValid(( store )) && \
+ (( store )->id->objSize >= size))
+
+
+/**************************************************************************
+ *
+ * xmlSecKeyDataStoreKlass
+ *
+ *************************************************************************/
+/**
+ * xmlSecKeyDataStoreIdUnknown:
+ *
+ * The "unknown" id.
+ */
+#define xmlSecKeyDataStoreIdUnknown NULL
+
+/**
+ * xmlSecKeyDataStoreInitializeMethod:
+ * @store: the data store.
+ *
+ * Key data store specific initialization method.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+typedef int (*xmlSecKeyDataStoreInitializeMethod) (xmlSecKeyDataStorePtr store);
+
+/**
+ * xmlSecKeyDataStoreFinalizeMethod:
+ * @store: the data store.
+ *
+ * Key data store specific finalization (destroy) method.
+ */
+typedef void (*xmlSecKeyDataStoreFinalizeMethod) (xmlSecKeyDataStorePtr store);
+
+/**
+ * xmlSecKeyDataStoreKlass:
+ * @klassSize: the data store klass size.
+ * @objSize: the data store obj size.
+ * @name: the store's name.
+ * @initialize: the store's initialization method.
+ * @finalize: the store's finalization (destroy) method.
+ * @reserved0: reserved for the future.
+ * @reserved1: reserved for the future.
+ *
+ * The data store id (klass).
+ */
+struct _xmlSecKeyDataStoreKlass {
+ xmlSecSize klassSize;
+ xmlSecSize objSize;
+
+ /* data */
+ const xmlChar* name;
+
+ /* constructors/destructor */
+ xmlSecKeyDataStoreInitializeMethod initialize;
+ xmlSecKeyDataStoreFinalizeMethod finalize;
+
+ /* for the future */
+ void* reserved0;
+ void* reserved1;
+};
+
+/**
+ * xmlSecKeyDataStoreKlassGetName:
+ * @klass: the pointer to store klass.
+ *
+ * Macro. Returns store klass name.
+ */
+#define xmlSecKeyDataStoreKlassGetName(klass) \
+ (((klass)) ? ((klass)->name) : NULL)
+
+/***********************************************************************
+ *
+ * Key Data Store list
+ *
+ **********************************************************************/
+/**
+ * xmlSecKeyDataStorePtrListId:
+ *
+ * The data store list id (klass).
+ */
+#define xmlSecKeyDataStorePtrListId xmlSecKeyDataStorePtrListGetKlass()
+XMLSEC_EXPORT xmlSecPtrListId xmlSecKeyDataStorePtrListGetKlass (void);
+
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_KEYSDATA_H__ */
diff --git a/include/xmlsec/keysmngr.h b/include/xmlsec/keysmngr.h
new file mode 100644
index 00000000..289da4c1
--- /dev/null
+++ b/include/xmlsec/keysmngr.h
@@ -0,0 +1,264 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Keys Manager
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_KEYSMGMR_H__
+#define __XMLSEC_KEYSMGMR_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/list.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keysdata.h>
+#include <xmlsec/keyinfo.h>
+
+typedef const struct _xmlSecKeyKlass xmlSecKeyKlass,
+ *xmlSecKeyId;
+typedef const struct _xmlSecKeyStoreKlass xmlSecKeyStoreKlass,
+ *xmlSecKeyStoreId;
+
+
+/****************************************************************************
+ *
+ * Keys Manager
+ *
+ ***************************************************************************/
+XMLSEC_EXPORT xmlSecKeysMngrPtr xmlSecKeysMngrCreate (void);
+XMLSEC_EXPORT void xmlSecKeysMngrDestroy (xmlSecKeysMngrPtr mngr);
+
+XMLSEC_EXPORT xmlSecKeyPtr xmlSecKeysMngrFindKey (xmlSecKeysMngrPtr mngr,
+ const xmlChar* name,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+
+XMLSEC_EXPORT int xmlSecKeysMngrAdoptKeysStore (xmlSecKeysMngrPtr mngr,
+ xmlSecKeyStorePtr store);
+XMLSEC_EXPORT xmlSecKeyStorePtr xmlSecKeysMngrGetKeysStore (xmlSecKeysMngrPtr mngr);
+
+XMLSEC_EXPORT int xmlSecKeysMngrAdoptDataStore (xmlSecKeysMngrPtr mngr,
+ xmlSecKeyDataStorePtr store);
+XMLSEC_EXPORT xmlSecKeyDataStorePtr xmlSecKeysMngrGetDataStore (xmlSecKeysMngrPtr mngr,
+ xmlSecKeyDataStoreId id);
+
+/**
+ * xmlSecGetKeyCallback:
+ * @keyInfoNode: the pointer to <dsig:KeyInfo/> node.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> node processing context.
+ *
+ * Reads the <dsig:KeyInfo/> node @keyInfoNode and extracts the key.
+ *
+ * Returns: the pointer to key or NULL if the key is not found or
+ * an error occurs.
+ */
+typedef xmlSecKeyPtr (*xmlSecGetKeyCallback) (xmlNodePtr keyInfoNode,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+
+/**
+ * xmlSecKeysMngr:
+ * @keysStore: the key store (list of keys known to keys manager).
+ * @storesList: the list of key data stores known to keys manager.
+ * @getKey: the callback used to read <dsig:KeyInfo/> node.
+ *
+ * The keys manager structure.
+ */
+struct _xmlSecKeysMngr {
+ xmlSecKeyStorePtr keysStore;
+ xmlSecPtrList storesList;
+ xmlSecGetKeyCallback getKey;
+};
+
+
+XMLSEC_EXPORT xmlSecKeyPtr xmlSecKeysMngrGetKey (xmlNodePtr keyInfoNode,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+
+
+/**************************************************************************
+ *
+ * xmlSecKeyStore
+ *
+ *************************************************************************/
+/**
+ * xmlSecKeyStore:
+ * @id: the store id (#xmlSecKeyStoreId).
+ * @reserved0: reserved for the future.
+ * @reserved1: reserved for the future.
+ *
+ * The keys store.
+ */
+struct _xmlSecKeyStore {
+ xmlSecKeyStoreId id;
+
+ /* for the future */
+ void* reserved0;
+ void* reserved1;
+};
+
+XMLSEC_EXPORT xmlSecKeyStorePtr xmlSecKeyStoreCreate (xmlSecKeyStoreId id);
+XMLSEC_EXPORT void xmlSecKeyStoreDestroy (xmlSecKeyStorePtr store);
+XMLSEC_EXPORT xmlSecKeyPtr xmlSecKeyStoreFindKey (xmlSecKeyStorePtr store,
+ const xmlChar* name,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+/**
+ * xmlSecKeyStoreGetName:
+ * @store: the pointer to store.
+ *
+ * Macro. Returns key store name.
+ */
+#define xmlSecKeyStoreGetName(store) \
+ ((xmlSecKeyStoreIsValid((store))) ? \
+ xmlSecKeyStoreKlassGetName((store)->id) : NULL)
+
+/**
+ * xmlSecKeyStoreIsValid:
+ * @store: the pointer to store.
+ *
+ * Macro. Returns 1 if @store is not NULL and @store->id is not NULL
+ * or 0 otherwise.
+ */
+#define xmlSecKeyStoreIsValid(store) \
+ ((( store ) != NULL) && ((( store )->id) != NULL))
+/**
+ * xmlSecKeyStoreCheckId:
+ * @store: the pointer to store.
+ * @storeId: the store Id.
+ *
+ * Macro. Returns 1 if @store is valid and @store's id is equal to @storeId.
+ */
+#define xmlSecKeyStoreCheckId(store, storeId) \
+ (xmlSecKeyStoreIsValid(( store )) && \
+ ((( store )->id) == ( storeId )))
+
+/**
+ * xmlSecKeyStoreCheckSize:
+ * @store: the pointer to store.
+ * @size: the expected size.
+ *
+ * Macro. Returns 1 if @store is valid and @stores's object has at least @size bytes.
+ */
+#define xmlSecKeyStoreCheckSize(store, size) \
+ (xmlSecKeyStoreIsValid(( store )) && \
+ (( store )->id->objSize >= size))
+
+
+/**************************************************************************
+ *
+ * xmlSecKeyStoreKlass
+ *
+ *************************************************************************/
+/**
+ * xmlSecKeyStoreIdUnknown:
+ *
+ * The "unknown" id.
+ */
+#define xmlSecKeyStoreIdUnknown ((xmlSecKeyDataStoreId)NULL)
+
+/**
+ * xmlSecKeyStoreInitializeMethod:
+ * @store: the store.
+ *
+ * Keys store specific initialization method.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+typedef int (*xmlSecKeyStoreInitializeMethod) (xmlSecKeyStorePtr store);
+
+/**
+ * xmlSecKeyStoreFinalizeMethod:
+ * @store: the store.
+ *
+ * Keys store specific finalization (destroy) method.
+ */
+typedef void (*xmlSecKeyStoreFinalizeMethod) (xmlSecKeyStorePtr store);
+
+/**
+ * xmlSecKeyStoreFindKeyMethod:
+ * @store: the store.
+ * @name: the desired key name.
+ * @keyInfoCtx: the pointer to key info context.
+ *
+ * Keys store specific find method. The caller is responsible for destroying
+ * the returned key using #xmlSecKeyDestroy method.
+ *
+ * Returns: the pointer to a key or NULL if key is not found or an error occurs.
+ */
+typedef xmlSecKeyPtr (*xmlSecKeyStoreFindKeyMethod) (xmlSecKeyStorePtr store,
+ const xmlChar* name,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+
+/**
+ * xmlSecKeyStoreKlass:
+ * @klassSize: the store klass size.
+ * @objSize: the store obj size.
+ * @name: the store's name.
+ * @initialize: the store's initialization method.
+ * @finalize: the store's finalization (destroy) method.
+ * @findKey: the store's find method.
+ * @reserved0: reserved for the future.
+ * @reserved1: reserved for the future.
+ *
+ * The keys store id (klass).
+ */
+struct _xmlSecKeyStoreKlass {
+ xmlSecSize klassSize;
+ xmlSecSize objSize;
+
+ /* data */
+ const xmlChar* name;
+
+ /* constructors/destructor */
+ xmlSecKeyStoreInitializeMethod initialize;
+ xmlSecKeyStoreFinalizeMethod finalize;
+ xmlSecKeyStoreFindKeyMethod findKey;
+
+ /* for the future */
+ void* reserved0;
+ void* reserved1;
+};
+
+/**
+ * xmlSecKeyStoreKlassGetName:
+ * @klass: the pointer to store klass.
+ *
+ * Macro. Returns store klass name.
+ */
+#define xmlSecKeyStoreKlassGetName(klass) \
+ (((klass)) ? ((klass)->name) : NULL)
+
+
+/****************************************************************************
+ *
+ * Simple Keys Store
+ *
+ ***************************************************************************/
+/**
+ * xmlSecSimpleKeysStoreId:
+ *
+ * A simple keys store klass id.
+ */
+#define xmlSecSimpleKeysStoreId xmlSecSimpleKeysStoreGetKlass()
+XMLSEC_EXPORT xmlSecKeyStoreId xmlSecSimpleKeysStoreGetKlass (void);
+XMLSEC_EXPORT int xmlSecSimpleKeysStoreAdoptKey (xmlSecKeyStorePtr store,
+ xmlSecKeyPtr key);
+XMLSEC_EXPORT int xmlSecSimpleKeysStoreLoad (xmlSecKeyStorePtr store,
+ const char *uri,
+ xmlSecKeysMngrPtr keysMngr);
+XMLSEC_EXPORT int xmlSecSimpleKeysStoreSave (xmlSecKeyStorePtr store,
+ const char *filename,
+ xmlSecKeyDataType type);
+XMLSEC_EXPORT xmlSecPtrListPtr xmlSecSimpleKeysStoreGetKeys (xmlSecKeyStorePtr store);
+
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_KEYSMGMR_H__ */
+
diff --git a/include/xmlsec/list.h b/include/xmlsec/list.h
new file mode 100644
index 00000000..fed98706
--- /dev/null
+++ b/include/xmlsec/list.h
@@ -0,0 +1,194 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * List of pointers.
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_LIST_H__
+#define __XMLSEC_LIST_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/buffer.h>
+
+typedef const struct _xmlSecPtrListKlass xmlSecPtrListKlass,
+ *xmlSecPtrListId;
+typedef struct _xmlSecPtrList xmlSecPtrList,
+ *xmlSecPtrListPtr;
+
+/**
+ * xmlSecPtrList:
+ * @id: the list items description.
+ * @data: the list data.
+ * @use: the current list size.
+ * @max: the max (allocated) list size.
+ * @allocMode: the memory allocation mode.
+ *
+ * The pointers list.
+ */
+struct _xmlSecPtrList {
+ xmlSecPtrListId id;
+
+ xmlSecPtr* data;
+ xmlSecSize use;
+ xmlSecSize max;
+ xmlSecAllocMode allocMode;
+};
+
+XMLSEC_EXPORT void xmlSecPtrListSetDefaultAllocMode(xmlSecAllocMode defAllocMode,
+ xmlSecSize defInitialSize);
+
+
+XMLSEC_EXPORT int xmlSecPtrListInitialize (xmlSecPtrListPtr list,
+ xmlSecPtrListId id);
+XMLSEC_EXPORT void xmlSecPtrListFinalize (xmlSecPtrListPtr list);
+XMLSEC_EXPORT xmlSecPtrListPtr xmlSecPtrListCreate (xmlSecPtrListId id);
+XMLSEC_EXPORT void xmlSecPtrListDestroy (xmlSecPtrListPtr list);
+XMLSEC_EXPORT void xmlSecPtrListEmpty (xmlSecPtrListPtr list);
+
+XMLSEC_EXPORT int xmlSecPtrListCopy (xmlSecPtrListPtr dst,
+ xmlSecPtrListPtr src);
+XMLSEC_EXPORT xmlSecPtrListPtr xmlSecPtrListDuplicate (xmlSecPtrListPtr list);
+
+XMLSEC_EXPORT xmlSecSize xmlSecPtrListGetSize (xmlSecPtrListPtr list);
+XMLSEC_EXPORT xmlSecPtr xmlSecPtrListGetItem (xmlSecPtrListPtr list,
+ xmlSecSize pos);
+XMLSEC_EXPORT int xmlSecPtrListAdd (xmlSecPtrListPtr list,
+ xmlSecPtr item);
+XMLSEC_EXPORT int xmlSecPtrListSet (xmlSecPtrListPtr list,
+ xmlSecPtr item,
+ xmlSecSize pos);
+XMLSEC_EXPORT int xmlSecPtrListRemove (xmlSecPtrListPtr list,
+ xmlSecSize pos);
+XMLSEC_EXPORT xmlSecPtr xmlSecPtrListRemoveAndReturn (xmlSecPtrListPtr list,
+ xmlSecSize pos);
+XMLSEC_EXPORT void xmlSecPtrListDebugDump (xmlSecPtrListPtr list,
+ FILE* output);
+XMLSEC_EXPORT void xmlSecPtrListDebugXmlDump (xmlSecPtrListPtr list,
+ FILE* output);
+
+/**
+ * xmlSecPtrListGetName:
+ * @list: the ponter to list.
+ *
+ * Macro. Returns lists's name.
+ */
+#define xmlSecPtrListGetName(list) \
+ (((list) != NULL) ? xmlSecPtrListKlassGetName((list)->id) : NULL)
+
+/**
+ * xmlSecPtrListIsValid:
+ * @list: the pointer to list.
+ *
+ * Macro. Returns 1 if @list is not NULL and @list->id is not NULL
+ * or 0 otherwise.
+ */
+#define xmlSecPtrListIsValid(list) \
+ ((( list ) != NULL) && ((( list )->id) != NULL))
+/**
+ * xmlSecPtrListCheckId:
+ * @list: the pointer to list.
+ * @dataId: the list Id.
+ *
+ * Macro. Returns 1 if @list is valid and @list's id is equal to @dataId.
+ */
+#define xmlSecPtrListCheckId(list, dataId) \
+ (xmlSecPtrListIsValid(( list )) && \
+ ((( list )->id) == ( dataId )))
+
+
+/**************************************************************************
+ *
+ * List klass
+ *
+ *************************************************************************/
+/**
+ * xmlSecPtrListIdUnknown:
+ *
+ * The "unknown" id.
+ */
+#define xmlSecPtrListIdUnknown NULL
+
+/**
+ * xmlSecPtrDuplicateItemMethod:
+ * @ptr: the poinetr to list item.
+ *
+ * Duplicates item @ptr.
+ *
+ * Returns: pointer to new item copy or NULL if an error occurs.
+ */
+typedef xmlSecPtr (*xmlSecPtrDuplicateItemMethod) (xmlSecPtr ptr);
+
+/**
+ * xmlSecPtrDestroyItemMethod:
+ * @ptr: the poinetr to list item.
+ *
+ * Destroys list item @ptr.
+ */
+typedef void (*xmlSecPtrDestroyItemMethod) (xmlSecPtr ptr);
+
+/**
+ * xmlSecPtrDebugDumpItemMethod:
+ * @ptr: the poinetr to list item.
+ * @output: the output FILE.
+ *
+ * Prints debug information about @item to @output.
+ */
+typedef void (*xmlSecPtrDebugDumpItemMethod) (xmlSecPtr ptr,
+ FILE* output);
+
+/**
+ * xmlSecPtrListKlass:
+ * @name: the list klass name.
+ * @duplicateItem: the duplciate item method.
+ * @destroyItem: the destroy item method.
+ * @debugDumpItem: the debug dump item method.
+ * @debugXmlDumpItem: the debug dump item in xml format method.
+ *
+ * List klass.
+ */
+struct _xmlSecPtrListKlass {
+ const xmlChar* name;
+ xmlSecPtrDuplicateItemMethod duplicateItem;
+ xmlSecPtrDestroyItemMethod destroyItem;
+ xmlSecPtrDebugDumpItemMethod debugDumpItem;
+ xmlSecPtrDebugDumpItemMethod debugXmlDumpItem;
+};
+
+/**
+ * xmlSecPtrListKlassGetName:
+ * @klass: the list klass.
+ *2
+
+ * Macro. Returns the list klass name.
+ */
+#define xmlSecPtrListKlassGetName(klass) \
+ (((klass) != NULL) ? ((klass)->name) : NULL)
+
+/**************************************************************************
+ *
+ * xmlSecStringListKlass
+ *
+ *************************************************************************/
+/**
+ * xmlSecStringListId:
+ *
+ * Strings list klass.
+ */
+#define xmlSecStringListId \
+ xmlSecStringListGetKlass()
+XMLSEC_EXPORT xmlSecPtrListId xmlSecStringListGetKlass (void);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_LIST_H__ */
+
diff --git a/include/xmlsec/membuf.h b/include/xmlsec/membuf.h
new file mode 100644
index 00000000..fbe6da41
--- /dev/null
+++ b/include/xmlsec/membuf.h
@@ -0,0 +1,44 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Memory buffer transform
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_MEMBUF_H__
+#define __XMLSEC_MEMBUF_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/buffer.h>
+#include <xmlsec/transforms.h>
+
+/********************************************************************
+ *
+ * Memory Buffer transform
+ *
+ *******************************************************************/
+/**
+ * xmlSecTransformMemBufId:
+ *
+ * The Memory Buffer transform klass.
+ */
+#define xmlSecTransformMemBufId \
+ xmlSecTransformMemBufGetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformMemBufGetKlass (void);
+XMLSEC_EXPORT xmlSecBufferPtr xmlSecTransformMemBufGetBuffer (xmlSecTransformPtr transform);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_MEMBUF_H__ */
+
diff --git a/include/xmlsec/mscrypto/Makefile.am b/include/xmlsec/mscrypto/Makefile.am
new file mode 100644
index 00000000..18dff94c
--- /dev/null
+++ b/include/xmlsec/mscrypto/Makefile.am
@@ -0,0 +1,16 @@
+NULL =
+
+xmlsecmscryptoincdir = $(includedir)/xmlsec1/xmlsec/mscrypto
+
+xmlsecmscryptoinc_HEADERS = \
+app.h \
+certkeys.h \
+crypto.h \
+keysstore.h \
+symbols.h \
+x509.h \
+$(NULL)
+
+install-exec-hook:
+ $(mkinstalldirs) $(DESTDIR)$(xmlsecmscryptoincdir)
+
diff --git a/include/xmlsec/mscrypto/Makefile.in b/include/xmlsec/mscrypto/Makefile.in
new file mode 100644
index 00000000..477c5cb3
--- /dev/null
+++ b/include/xmlsec/mscrypto/Makefile.in
@@ -0,0 +1,567 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = include/xmlsec/mscrypto
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(xmlsecmscryptoinc_HEADERS)
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(xmlsecmscryptoincdir)"
+HEADERS = $(xmlsecmscryptoinc_HEADERS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CP = @CP@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GCRYPT_CFLAGS = @GCRYPT_CFLAGS@
+GCRYPT_CRYPTO_LIB = @GCRYPT_CRYPTO_LIB@
+GCRYPT_LIBS = @GCRYPT_LIBS@
+GCRYPT_MIN_VERSION = @GCRYPT_MIN_VERSION@
+GNUTLS_CFLAGS = @GNUTLS_CFLAGS@
+GNUTLS_CRYPTO_LIB = @GNUTLS_CRYPTO_LIB@
+GNUTLS_LIBS = @GNUTLS_LIBS@
+GNUTLS_MIN_VERSION = @GNUTLS_MIN_VERSION@
+GREP = @GREP@
+HELP2MAN = @HELP2MAN@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIBXML_CFLAGS = @LIBXML_CFLAGS@
+LIBXML_CONFIG = @LIBXML_CONFIG@
+LIBXML_LIBS = @LIBXML_LIBS@
+LIBXML_MIN_VERSION = @LIBXML_MIN_VERSION@
+LIBXSLT_CFLAGS = @LIBXSLT_CFLAGS@
+LIBXSLT_CONFIG = @LIBXSLT_CONFIG@
+LIBXSLT_LIBS = @LIBXSLT_LIBS@
+LIBXSLT_MIN_VERSION = @LIBXSLT_MIN_VERSION@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MAN2HTML = @MAN2HTML@
+MKDIR_P = @MKDIR_P@
+MOZILLA_MIN_VERSION = @MOZILLA_MIN_VERSION@
+MSCRYPTO_CFLAGS = @MSCRYPTO_CFLAGS@
+MSCRYPTO_CRYPTO_LIB = @MSCRYPTO_CRYPTO_LIB@
+MSCRYPTO_LIBS = @MSCRYPTO_LIBS@
+MV = @MV@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NSPR_MIN_VERSION = @NSPR_MIN_VERSION@
+NSPR_PACKAGE = @NSPR_PACKAGE@
+NSS_CFLAGS = @NSS_CFLAGS@
+NSS_CRYPTO_LIB = @NSS_CRYPTO_LIB@
+NSS_LIBS = @NSS_LIBS@
+NSS_MIN_VERSION = @NSS_MIN_VERSION@
+NSS_PACKAGE = @NSS_PACKAGE@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_CFLAGS = @OPENSSL_CFLAGS@
+OPENSSL_CRYPTO_LIB = @OPENSSL_CRYPTO_LIB@
+OPENSSL_LIBS = @OPENSSL_LIBS@
+OPENSSL_MIN_VERSION = @OPENSSL_MIN_VERSION@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKGCONFIG_PRESENT = @PKGCONFIG_PRESENT@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+RANLIB = @RANLIB@
+RM = @RM@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+TAR = @TAR@
+U = @U@
+VERSION = @VERSION@
+XMLSEC_APP_DEFINES = @XMLSEC_APP_DEFINES@
+XMLSEC_CFLAGS = @XMLSEC_CFLAGS@
+XMLSEC_CORE_CFLAGS = @XMLSEC_CORE_CFLAGS@
+XMLSEC_CORE_LIBS = @XMLSEC_CORE_LIBS@
+XMLSEC_CRYPTO = @XMLSEC_CRYPTO@
+XMLSEC_CRYPTO_CFLAGS = @XMLSEC_CRYPTO_CFLAGS@
+XMLSEC_CRYPTO_DISABLED_LIST = @XMLSEC_CRYPTO_DISABLED_LIST@
+XMLSEC_CRYPTO_EXTRA_LDFLAGS = @XMLSEC_CRYPTO_EXTRA_LDFLAGS@
+XMLSEC_CRYPTO_LIB = @XMLSEC_CRYPTO_LIB@
+XMLSEC_CRYPTO_LIBS = @XMLSEC_CRYPTO_LIBS@
+XMLSEC_CRYPTO_LIST = @XMLSEC_CRYPTO_LIST@
+XMLSEC_CRYPTO_PC_FILES_LIST = @XMLSEC_CRYPTO_PC_FILES_LIST@
+XMLSEC_DEFINES = @XMLSEC_DEFINES@
+XMLSEC_DL_INCLUDES = @XMLSEC_DL_INCLUDES@
+XMLSEC_DL_LIBS = @XMLSEC_DL_LIBS@
+XMLSEC_DOCDIR = @XMLSEC_DOCDIR@
+XMLSEC_EXTRA_LDFLAGS = @XMLSEC_EXTRA_LDFLAGS@
+XMLSEC_GCRYPT_CFLAGS = @XMLSEC_GCRYPT_CFLAGS@
+XMLSEC_GCRYPT_LIBS = @XMLSEC_GCRYPT_LIBS@
+XMLSEC_GNUTLS_CFLAGS = @XMLSEC_GNUTLS_CFLAGS@
+XMLSEC_GNUTLS_LIBS = @XMLSEC_GNUTLS_LIBS@
+XMLSEC_LIBDIR = @XMLSEC_LIBDIR@
+XMLSEC_LIBS = @XMLSEC_LIBS@
+XMLSEC_NO_AES = @XMLSEC_NO_AES@
+XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_DES = @XMLSEC_NO_DES@
+XMLSEC_NO_DSA = @XMLSEC_NO_DSA@
+XMLSEC_NO_GCRYPT = @XMLSEC_NO_GCRYPT@
+XMLSEC_NO_GNUTLS = @XMLSEC_NO_GNUTLS@
+XMLSEC_NO_GOST = @XMLSEC_NO_GOST@
+XMLSEC_NO_HMAC = @XMLSEC_NO_HMAC@
+XMLSEC_NO_LIBXSLT = @XMLSEC_NO_LIBXSLT@
+XMLSEC_NO_MD5 = @XMLSEC_NO_MD5@
+XMLSEC_NO_MSCRYPTO = @XMLSEC_NO_MSCRYPTO@
+XMLSEC_NO_NSS = @XMLSEC_NO_NSS@
+XMLSEC_NO_OPENSSL = @XMLSEC_NO_OPENSSL@
+XMLSEC_NO_RIPEMD160 = @XMLSEC_NO_RIPEMD160@
+XMLSEC_NO_RSA = @XMLSEC_NO_RSA@
+XMLSEC_NO_SHA1 = @XMLSEC_NO_SHA1@
+XMLSEC_NO_SHA224 = @XMLSEC_NO_SHA224@
+XMLSEC_NO_SHA256 = @XMLSEC_NO_SHA256@
+XMLSEC_NO_SHA384 = @XMLSEC_NO_SHA384@
+XMLSEC_NO_SHA512 = @XMLSEC_NO_SHA512@
+XMLSEC_NO_X509 = @XMLSEC_NO_X509@
+XMLSEC_NO_XKMS = @XMLSEC_NO_XKMS@
+XMLSEC_NO_XMLDSIG = @XMLSEC_NO_XMLDSIG@
+XMLSEC_NO_XMLENC = @XMLSEC_NO_XMLENC@
+XMLSEC_NSS_CFLAGS = @XMLSEC_NSS_CFLAGS@
+XMLSEC_NSS_LIBS = @XMLSEC_NSS_LIBS@
+XMLSEC_OPENSSL_CFLAGS = @XMLSEC_OPENSSL_CFLAGS@
+XMLSEC_OPENSSL_LIBS = @XMLSEC_OPENSSL_LIBS@
+XMLSEC_PACKAGE = @XMLSEC_PACKAGE@
+XMLSEC_STATIC_BINARIES = @XMLSEC_STATIC_BINARIES@
+XMLSEC_VERSION = @XMLSEC_VERSION@
+XMLSEC_VERSION_INFO = @XMLSEC_VERSION_INFO@
+XMLSEC_VERSION_MAJOR = @XMLSEC_VERSION_MAJOR@
+XMLSEC_VERSION_MINOR = @XMLSEC_VERSION_MINOR@
+XMLSEC_VERSION_SAFE = @XMLSEC_VERSION_SAFE@
+XMLSEC_VERSION_SUBMINOR = @XMLSEC_VERSION_SUBMINOR@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+NULL =
+xmlsecmscryptoincdir = $(includedir)/xmlsec1/xmlsec/mscrypto
+xmlsecmscryptoinc_HEADERS = \
+app.h \
+certkeys.h \
+crypto.h \
+keysstore.h \
+symbols.h \
+x509.h \
+$(NULL)
+
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu include/xmlsec/mscrypto/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu include/xmlsec/mscrypto/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-xmlsecmscryptoincHEADERS: $(xmlsecmscryptoinc_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(xmlsecmscryptoincdir)" || $(MKDIR_P) "$(DESTDIR)$(xmlsecmscryptoincdir)"
+ @list='$(xmlsecmscryptoinc_HEADERS)'; test -n "$(xmlsecmscryptoincdir)" || list=; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(xmlsecmscryptoincdir)'"; \
+ $(INSTALL_HEADER) $$files "$(DESTDIR)$(xmlsecmscryptoincdir)" || exit $$?; \
+ done
+
+uninstall-xmlsecmscryptoincHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(xmlsecmscryptoinc_HEADERS)'; test -n "$(xmlsecmscryptoincdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ test -n "$$files" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(xmlsecmscryptoincdir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(xmlsecmscryptoincdir)" && rm -f $$files
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(HEADERS)
+installdirs:
+ for dir in "$(DESTDIR)$(xmlsecmscryptoincdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-xmlsecmscryptoincHEADERS
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-xmlsecmscryptoincHEADERS
+
+.MAKE: install-am install-exec-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool ctags distclean distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-exec-hook install-html install-html-am \
+ install-info install-info-am install-man install-pdf \
+ install-pdf-am install-ps install-ps-am install-strip \
+ install-xmlsecmscryptoincHEADERS installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
+ ps ps-am tags uninstall uninstall-am \
+ uninstall-xmlsecmscryptoincHEADERS
+
+
+install-exec-hook:
+ $(mkinstalldirs) $(DESTDIR)$(xmlsecmscryptoincdir)
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/include/xmlsec/mscrypto/app.h b/include/xmlsec/mscrypto/app.h
new file mode 100644
index 00000000..3d23d0e5
--- /dev/null
+++ b/include/xmlsec/mscrypto/app.h
@@ -0,0 +1,116 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
+ */
+#ifndef __XMLSEC_MSCRYPTO_APP_H__
+#define __XMLSEC_MSCRYPTO_APP_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/transforms.h>
+
+#include <windows.h>
+#include <wincrypt.h>
+
+/********************************************************************
+ *
+ * Init/shutdown
+ *
+ ********************************************************************/
+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoAppInit (const char* config);
+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoAppShutdown (void);
+XMLSEC_CRYPTO_EXPORT LPCTSTR xmlSecMSCryptoAppGetCertStoreName (void);
+
+/********************************************************************
+ *
+ * Keys Manager
+ *
+ ********************************************************************/
+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoAppDefaultKeysMngrInit (xmlSecKeysMngrPtr mngr);
+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoAppDefaultKeysMngrAdoptKey (xmlSecKeysMngrPtr mngr,
+ xmlSecKeyPtr key);
+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr,
+ const char* uri);
+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr,
+ const char* filename,
+ xmlSecKeyDataType type);
+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoAppDefaultKeysMngrPrivateKeyLoad (xmlSecKeysMngrPtr mngr,
+ HCRYPTKEY hKey);
+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoAppDefaultKeysMngrPublicKeyLoad (xmlSecKeysMngrPtr mngr,
+ HCRYPTKEY hKey);
+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoAppDefaultKeysMngrSymKeyLoad (xmlSecKeysMngrPtr mngr,
+ HCRYPTKEY hKey);
+#ifndef XMLSEC_NO_X509
+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoAppDefaultKeysMngrAdoptKeyStore (xmlSecKeysMngrPtr mngr,
+ HCERTSTORE keyStore);
+
+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoAppDefaultKeysMngrAdoptTrustedStore(xmlSecKeysMngrPtr mngr,
+ HCERTSTORE trustedStore);
+
+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoAppDefaultKeysMngrAdoptUntrustedStore(xmlSecKeysMngrPtr mngr,
+ HCERTSTORE untrustedStore);
+
+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoAppKeysMngrCertLoad (xmlSecKeysMngrPtr mngr,
+ const char *filename,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type);
+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoAppKeysMngrCertLoadMemory (xmlSecKeysMngrPtr mngr,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type);
+
+#endif /* XMLSEC_NO_X509 */
+
+
+/********************************************************************
+ *
+ * Keys
+ *
+ ********************************************************************/
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecMSCryptoAppKeyLoad (const char *filename,
+ xmlSecKeyDataFormat format,
+ const char *pwd,
+ void *pwdCallback,
+ void* pwdCallbackCtx);
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecMSCryptoAppKeyLoadMemory (const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format,
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx);
+#ifndef XMLSEC_NO_X509
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecMSCryptoAppPkcs12Load (const char *filename,
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx);
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecMSCryptoAppPkcs12LoadMemory (const xmlSecByte* data,
+ xmlSecSize dataSize,
+ const char* pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx);
+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoAppKeyCertLoad (xmlSecKeyPtr key,
+ const char* filename,
+ xmlSecKeyDataFormat format);
+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoAppKeyCertLoadMemory (xmlSecKeyPtr key,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format);
+#endif /* XMLSEC_NO_X509 */
+XMLSEC_CRYPTO_EXPORT void* xmlSecMSCryptoAppGetDefaultPwdCallback (void);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_MSCRYPTO_APP_H__ */
+
diff --git a/include/xmlsec/mscrypto/certkeys.h b/include/xmlsec/mscrypto/certkeys.h
new file mode 100644
index 00000000..1f285656
--- /dev/null
+++ b/include/xmlsec/mscrypto/certkeys.h
@@ -0,0 +1,42 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
+ */
+#ifndef __XMLSEC_MSCRYPTO_CERTKEYS_H__
+#define __XMLSEC_MSCRYPTO_CERTKEYS_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <windows.h>
+#include <wincrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+
+
+XMLSEC_CRYPTO_EXPORT PCCERT_CONTEXT xmlSecMSCryptoKeyDataGetCert (xmlSecKeyDataPtr data);
+XMLSEC_CRYPTO_EXPORT HCRYPTKEY xmlSecMSCryptoKeyDataGetKey (xmlSecKeyDataPtr data,
+ xmlSecKeyDataType type);
+XMLSEC_CRYPTO_EXPORT HCRYPTKEY xmlSecMSCryptoKeyDataGetDecryptKey(xmlSecKeyDataPtr data);
+XMLSEC_CRYPTO_EXPORT PCCERT_CONTEXT xmlSecMSCryptoCertDup (PCCERT_CONTEXT pCert);
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecMSCryptoCertAdopt (PCCERT_CONTEXT pCert,
+ xmlSecKeyDataType type);
+
+XMLSEC_CRYPTO_EXPORT HCRYPTPROV xmlSecMSCryptoKeyDataGetMSCryptoProvider(xmlSecKeyDataPtr data);
+XMLSEC_CRYPTO_EXPORT DWORD xmlSecMSCryptoKeyDataGetMSCryptoKeySpec(xmlSecKeyDataPtr data);
+
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_MSCRYPTO_PCCERT_CONTEXT_H__ */
+
+
diff --git a/include/xmlsec/mscrypto/crypto.h b/include/xmlsec/mscrypto/crypto.h
new file mode 100644
index 00000000..5f3142fc
--- /dev/null
+++ b/include/xmlsec/mscrypto/crypto.h
@@ -0,0 +1,516 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
+ */
+#ifndef __XMLSEC_MSCRYPTO_CRYPTO_H__
+#define __XMLSEC_MSCRYPTO_CRYPTO_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <windows.h>
+#include <wincrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/dl.h>
+
+XMLSEC_CRYPTO_EXPORT xmlSecCryptoDLFunctionsPtr xmlSecCryptoGetFunctions_mscrypto(void);
+
+/********************************************************************
+ *
+ * Init shutdown
+ *
+ ********************************************************************/
+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoInit (void);
+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoShutdown (void);
+
+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoKeysMngrInit (xmlSecKeysMngrPtr mngr);
+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoGenerateRandom (xmlSecBufferPtr buffer,
+ size_t size);
+
+XMLSEC_CRYPTO_EXPORT void xmlSecMSCryptoErrorsDefaultCallback(const char* file,
+ int line,
+ const char* func,
+ const char* errorObject,
+ const char* errorSubject,
+ int reason,
+ const char* msg);
+
+/******************************************************************************
+ *
+ * String encoding conversion utils
+ *
+ ******************************************************************************/
+XMLSEC_CRYPTO_EXPORT LPWSTR xmlSecMSCryptoConvertLocaleToUnicode(const char* str);
+
+XMLSEC_CRYPTO_EXPORT LPWSTR xmlSecMSCryptoConvertUtf8ToUnicode (const xmlChar* str);
+XMLSEC_CRYPTO_EXPORT xmlChar* xmlSecMSCryptoConvertUnicodeToUtf8 (LPCWSTR str);
+
+XMLSEC_CRYPTO_EXPORT xmlChar* xmlSecMSCryptoConvertLocaleToUtf8 (const char* str);
+XMLSEC_CRYPTO_EXPORT char* xmlSecMSCryptoConvertUtf8ToLocale (const xmlChar* str);
+
+XMLSEC_CRYPTO_EXPORT xmlChar* xmlSecMSCryptoConvertTstrToUtf8 (LPCTSTR str);
+XMLSEC_CRYPTO_EXPORT LPTSTR xmlSecMSCryptoConvertUtf8ToTstr (const xmlChar* str);
+
+
+/********************************************************************
+ *
+ * DSA transform
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_DSA
+
+/**
+ * xmlSecMSCryptoKeyDataDsaId:
+ *
+ * The DSA key klass.
+ */
+#define xmlSecMSCryptoKeyDataDsaId \
+ xmlSecMSCryptoKeyDataDsaGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecMSCryptoKeyDataDsaGetKlass (void);
+
+/**
+ * xmlSecMSCryptoTransformDsaSha1Id:
+ *
+ * The DSA SHA1 signature transform klass.
+ */
+#define xmlSecMSCryptoTransformDsaSha1Id \
+ xmlSecMSCryptoTransformDsaSha1GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformDsaSha1GetKlass(void);
+
+#endif /* XMLSEC_NO_DSA */
+
+/********************************************************************
+ *
+ * GOST2001 transform
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_GOST
+
+/**
+ * xmlSecMSCryptoKeyDataGost2001Id:
+ *
+ * The GOST2001 key klass.
+ */
+#define xmlSecMSCryptoKeyDataGost2001Id \
+ xmlSecMSCryptoKeyDataGost2001GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecMSCryptoKeyDataGost2001GetKlass (void);
+
+/**
+ * xmlSecMSCryptoTransformGost2001GostR3411_94Id:
+ *
+ * The GOST2001 GOSTR3411_94 signature transform klass.
+ */
+#define xmlSecMSCryptoTransformGost2001GostR3411_94Id \
+ xmlSecMSCryptoTransformGost2001GostR3411_94GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformGost2001GostR3411_94GetKlass(void);
+
+#endif /* XMLSEC_NO_GOST */
+
+/********************************************************************
+ *
+ * RSA transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_RSA
+
+/**
+ * xmlSecMSCryptoKeyDataRsaId:
+ *
+ * The RSA key klass.
+ */
+#define xmlSecMSCryptoKeyDataRsaId \
+ xmlSecMSCryptoKeyDataRsaGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecMSCryptoKeyDataRsaGetKlass(void);
+
+#ifndef XMLSEC_NO_MD5
+/**
+ * xmlSecMSCryptoTransformRsaMd5Id:
+ *
+ * The RSA-MD5 signature transform klass.
+ */
+#define xmlSecMSCryptoTransformRsaMd5Id \
+ xmlSecMSCryptoTransformRsaMd5GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformRsaMd5GetKlass(void);
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_SHA1
+/**
+ * xmlSecMSCryptoTransformRsaSha1Id:
+ *
+ * The RSA-SHA1 signature transform klass.
+ */
+#define xmlSecMSCryptoTransformRsaSha1Id \
+ xmlSecMSCryptoTransformRsaSha1GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformRsaSha1GetKlass(void);
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+/**
+ * xmlSecMSCryptoTransformRsaSha256Id:
+ *
+ * The RSA-SHA256 signature transform klass.
+ */
+#define xmlSecMSCryptoTransformRsaSha256Id \
+ xmlSecMSCryptoTransformRsaSha256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformRsaSha256GetKlass(void);
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/**
+ * xmlSecMSCryptoTransformRsaSha384Id:
+ *
+ * The RSA-SHA384 signature transform klass.
+ */
+#define xmlSecMSCryptoTransformRsaSha384Id \
+ xmlSecMSCryptoTransformRsaSha384GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformRsaSha384GetKlass(void);
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/**
+ * xmlSecMSCryptoTransformRsaSha512Id:
+ *
+ * The RSA-SHA512 signature transform klass.
+ */
+#define xmlSecMSCryptoTransformRsaSha512Id \
+ xmlSecMSCryptoTransformRsaSha512GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformRsaSha512GetKlass(void);
+#endif /* XMLSEC_NO_SHA512 */
+
+/**
+ * xmlSecMSCryptoTransformRsaPkcs1Id:
+ *
+ * The RSA PKCS1 key transport transform klass.
+ */
+#define xmlSecMSCryptoTransformRsaPkcs1Id \
+ xmlSecMSCryptoTransformRsaPkcs1GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformRsaPkcs1GetKlass(void);
+
+/**
+ * xmlSecMSCryptoTransformRsaOaepId:
+ *
+ * The RSA OAEP key transport transform klass.
+ */
+#define xmlSecMSCryptoTransformRsaOaepId \
+ xmlSecMSCryptoTransformRsaOaepGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformRsaOaepGetKlass(void);
+
+/**
+ * xmlSecMSCryptoTransformRsaOaepId:
+ *
+ * The RSA PKCS1 key transport transform klass.
+ */
+/*
+#define xmlSecMSCryptoTransformRsaOaepId \
+ xmlSecMSCryptoTransformRsaOaepGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformRsaOaepGetKlass(void);
+*/
+#endif /* XMLSEC_NO_RSA */
+
+/********************************************************************
+ *
+ * Md5 transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_MD5
+/**
+ * xmlSecMSCryptoTransformMd5Id:
+ *
+ * The MD5 digest transform klass.
+ */
+#define xmlSecMSCryptoTransformMd5Id \
+ xmlSecMSCryptoTransformMd5GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformMd5GetKlass(void);
+#endif /* XMLSEC_NO_MD5 */
+
+
+/********************************************************************
+ *
+ * SHA1 transform
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_SHA1
+
+/**
+ * xmlSecMSCryptoTransformSha1Id:
+ *
+ * The SHA1 digest transform klass.
+ */
+#define xmlSecMSCryptoTransformSha1Id \
+ xmlSecMSCryptoTransformSha1GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformSha1GetKlass(void);
+#endif /* XMLSEC_NO_SHA1 */
+
+/********************************************************************
+ *
+ * SHA256 transform
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_SHA256
+
+/**
+ * xmlSecMSCryptoTransformSha256Id:
+ *
+ * The SHA256 digest transform klass.
+ */
+#define xmlSecMSCryptoTransformSha256Id \
+ xmlSecMSCryptoTransformSha256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformSha256GetKlass(void);
+#endif /* XMLSEC_NO_SHA256 */
+
+/********************************************************************
+ *
+ * SHA384 transform
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_SHA384
+
+/**
+ * xmlSecMSCryptoTransformSha384Id:
+ *
+ * The SHA384 digest transform klass.
+ */
+#define xmlSecMSCryptoTransformSha384Id \
+ xmlSecMSCryptoTransformSha384GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformSha384GetKlass(void);
+#endif /* XMLSEC_NO_SHA384 */
+
+/********************************************************************
+ *
+ * SHA512 transform
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_SHA512
+
+/**
+ * xmlSecMSCryptoTransformSha512Id:
+ *
+ * The SHA512 digest transform klass.
+ */
+#define xmlSecMSCryptoTransformSha512Id \
+ xmlSecMSCryptoTransformSha512GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformSha512GetKlass(void);
+#endif /* XMLSEC_NO_SHA512 */
+
+/********************************************************************
+ *
+ * GOSTR3411_94 transform
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_GOST
+
+/**
+ * xmlSecMSCryptoTransformGostR3411_94Id:
+ *
+ * The GOSTR3411_94 digest transform klass.
+ */
+#define xmlSecMSCryptoTransformGostR3411_94Id \
+ xmlSecMSCryptoTransformGostR3411_94GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformGostR3411_94GetKlass(void);
+#endif /* XMLSEC_NO_GOST */
+
+/********************************************************************
+ *
+ * AES transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_AES
+/**
+ * xmlSecMSCryptoKeyDataAesId:
+ *
+ * The AES key data klass.
+ */
+#define xmlSecMSCryptoKeyDataAesId \
+ xmlSecMSCryptoKeyDataAesGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecMSCryptoKeyDataAesGetKlass(void);
+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoKeyDataAesSet (xmlSecKeyDataPtr data,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize);
+/**
+ * xmlSecMSCryptoTransformAes128CbcId:
+ *
+ * The AES128 CBC cipher transform klass.
+ */
+#define xmlSecMSCryptoTransformAes128CbcId \
+ xmlSecMSCryptoTransformAes128CbcGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformAes128CbcGetKlass(void);
+
+/**
+ * xmlSecMSCryptoTransformAes192CbcId:
+ *
+ * The AES192 CBC cipher transform klass.
+ */
+#define xmlSecMSCryptoTransformAes192CbcId \
+ xmlSecMSCryptoTransformAes192CbcGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformAes192CbcGetKlass(void);
+
+/**
+ * xmlSecMSCryptoTransformAes256CbcId:
+ *
+ * The AES256 CBC cipher transform klass.
+ */
+#define xmlSecMSCryptoTransformAes256CbcId \
+ xmlSecMSCryptoTransformAes256CbcGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformAes256CbcGetKlass(void);
+
+/**
+ * xmlSecMSCryptoTransformKWAes128Id:
+ *
+ * The AES 128 key wrap transform klass.
+ */
+#define xmlSecMSCryptoTransformKWAes128Id \
+ xmlSecMSCryptoTransformKWAes128GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformKWAes128GetKlass(void);
+
+/**
+ * xmlSecMSCryptoTransformKWAes192Id:
+ *
+ * The AES 192 key wrap transform klass.
+ */
+#define xmlSecMSCryptoTransformKWAes192Id \
+ xmlSecMSCryptoTransformKWAes192GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformKWAes192GetKlass(void);
+
+/**
+ * xmlSecMSCryptoTransformKWAes256Id:
+ *
+ * The AES 256 key wrap transform klass.
+ */
+#define xmlSecMSCryptoTransformKWAes256Id \
+ xmlSecMSCryptoTransformKWAes256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformKWAes256GetKlass(void);
+
+#endif /* XMLSEC_NO_AES */
+
+
+/********************************************************************
+ *
+ * DES transform
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_DES
+
+/**
+ * xmlSecMSCryptoKeyDataDesId:
+ *
+ * The DES key data klass.
+ */
+#define xmlSecMSCryptoKeyDataDesId \
+ xmlSecMSCryptoKeyDataDesGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecMSCryptoKeyDataDesGetKlass(void);
+
+/**
+ * xmlSecMSCryptoTransformDes3CbcId:
+ *
+ * The DES3 CBC cipher transform klass.
+ */
+#define xmlSecMSCryptoTransformDes3CbcId \
+ xmlSecMSCryptoTransformDes3CbcGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformDes3CbcGetKlass(void);
+
+/**
+ * xmlSecMSCryptoTransformKWDes3Id:
+ *
+ * The DES3 KW transform klass.
+ */
+#define xmlSecMSCryptoTransformKWDes3Id \
+ xmlSecMSCryptoTransformKWDes3GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformKWDes3GetKlass(void);
+
+#endif /* XMLSEC_NO_DES */
+
+
+/********************************************************************
+ *
+ * HMAC transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_HMAC
+
+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoHmacGetMinOutputLength(void);
+XMLSEC_CRYPTO_EXPORT void xmlSecMSCryptoHmacSetMinOutputLength(int min_length);
+
+/**
+ * xmlSecMSCryptoKeyDataHmacId:
+ *
+ * The DHMAC key klass.
+ */
+#define xmlSecMSCryptoKeyDataHmacId \
+ xmlSecMSCryptoKeyDataHmacGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecMSCryptoKeyDataHmacGetKlass(void);
+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoKeyDataHmacSet (xmlSecKeyDataPtr data,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize);
+
+#ifndef XMLSEC_NO_MD5
+/**
+ * xmlSecMSCryptoTransformHmacMd5Id:
+ *
+ * The HMAC with MD5 signature transform klass.
+ */
+#define xmlSecMSCryptoTransformHmacMd5Id \
+ xmlSecMSCryptoTransformHmacMd5GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformHmacMd5GetKlass(void);
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_SHA1
+/**
+ * xmlSecMSCryptoTransformHmacSha1Id:
+ *
+ * The HMAC with SHA1 signature transform klass.
+ */
+#define xmlSecMSCryptoTransformHmacSha1Id \
+ xmlSecMSCryptoTransformHmacSha1GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformHmacSha1GetKlass(void);
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+/**
+ * xmlSecMSCryptoTransformHmacSha256Id:
+ *
+ * The HMAC with SHA256 signature transform klass.
+ */
+#define xmlSecMSCryptoTransformHmacSha256Id \
+ xmlSecMSCryptoTransformHmacSha256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformHmacSha256GetKlass(void);
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/**
+ * xmlSecMSCryptoTransformHmacSha384Id:
+ *
+ * The HMAC with SHA384 signature transform klass.
+ */
+#define xmlSecMSCryptoTransformHmacSha384Id \
+ xmlSecMSCryptoTransformHmacSha384GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformHmacSha384GetKlass(void);
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/**
+ * xmlSecMSCryptoTransformHmacSha512Id:
+ *
+ * The HMAC with SHA512 signature transform klass.
+ */
+#define xmlSecMSCryptoTransformHmacSha512Id \
+ xmlSecMSCryptoTransformHmacSha512GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecMSCryptoTransformHmacSha512GetKlass(void);
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_HMAC */
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_MSCRYPTO_CRYPTO_H__ */
+
+#define __XMLSEC_MSCRYPTO_CRYPTO_H__
diff --git a/include/xmlsec/mscrypto/keysstore.h b/include/xmlsec/mscrypto/keysstore.h
new file mode 100644
index 00000000..afaf6a95
--- /dev/null
+++ b/include/xmlsec/mscrypto/keysstore.h
@@ -0,0 +1,48 @@
+/**
+ * XMLSec library
+ *
+ * MSCrypto keys store
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for precise wording.
+ *
+ * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
+ */
+#ifndef __XMLSEC_MSCRYPTO_KEYSSTORE_H__
+#define __XMLSEC_MSCRYPTO_KEYSSTORE_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <xmlsec/xmlsec.h>
+
+/****************************************************************************
+ *
+ * MSCrypto Keys Store
+ *
+ ***************************************************************************/
+/**
+ * xmlSecMSCryptoKeysStoreId:
+ *
+ * A MSCrypto keys store klass id.
+ */
+#define xmlSecMSCryptoKeysStoreId xmlSecMSCryptoKeysStoreGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyStoreId xmlSecMSCryptoKeysStoreGetKlass (void);
+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoKeysStoreAdoptKey (xmlSecKeyStorePtr store,
+ xmlSecKeyPtr key);
+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoKeysStoreLoad (xmlSecKeyStorePtr store,
+ const char *uri,
+ xmlSecKeysMngrPtr keysMngr);
+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoKeysStoreSave (xmlSecKeyStorePtr store,
+ const char *filename,
+ xmlSecKeyDataType type);
+
+
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_MSCRYPTO_KEYSSTORE_H__ */
+
diff --git a/include/xmlsec/mscrypto/symbols.h b/include/xmlsec/mscrypto/symbols.h
new file mode 100644
index 00000000..17000ccf
--- /dev/null
+++ b/include/xmlsec/mscrypto/symbols.h
@@ -0,0 +1,114 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
+ */
+#ifndef __XMLSEC_MSCRYPTO_SYMBOLS_H__
+#define __XMLSEC_MSCRYPTO_SYMBOLS_H__
+
+#if !defined(IN_XMLSEC) && defined(XMLSEC_CRYPTO_DYNAMIC_LOADING)
+#error To disable dynamic loading of xmlsec-crypto libraries undefine XMLSEC_CRYPTO_DYNAMIC_LOADING
+#endif /* !defined(IN_XMLSEC) && defined(XMLSEC_CRYPTO_DYNAMIC_LOADING) */
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#ifdef XMLSEC_CRYPTO_MSCRYPTO
+
+/********************************************************************
+ *
+ * Crypto Init/shutdown
+ *
+ ********************************************************************/
+#define xmlSecCryptoInit xmlSecMSCryptoInit
+#define xmlSecCryptoShutdown xmlSecMSCryptoShutdown
+
+#define xmlSecCryptoKeysMngrInit xmlSecMSCryptoKeysMngrInit
+
+/********************************************************************
+ *
+ * Key data ids
+ *
+ ********************************************************************/
+#define xmlSecKeyDataAesId xmlSecMSCryptoKeyDataAesId
+#define xmlSecKeyDataDesId xmlSecMSCryptoKeyDataDesId
+#define xmlSecKeyDataDsaId xmlSecMSCryptoKeyDataDsaId
+#define xmlSecKeyDataGost2001Id xmlSecMSCryptoKeyDataGost2001Id
+#define xmlSecKeyDataHmacId xmlSecMSCryptoKeyDataHmacId
+#define xmlSecKeyDataRsaId xmlSecMSCryptoKeyDataRsaId
+#define xmlSecKeyDataX509Id xmlSecMSCryptoKeyDataX509Id
+#define xmlSecKeyDataRawX509CertId xmlSecMSCryptoKeyDataRawX509CertId
+
+/********************************************************************
+ *
+ * Key data store ids
+ *
+ ********************************************************************/
+#define xmlSecX509StoreId xmlSecMSCryptoX509StoreId
+
+/********************************************************************
+ *
+ * Crypto transforms ids
+ *
+ ********************************************************************/
+#define xmlSecTransformAes128CbcId xmlSecMSCryptoTransformAes128CbcId
+#define xmlSecTransformAes192CbcId xmlSecMSCryptoTransformAes192CbcId
+#define xmlSecTransformAes256CbcId xmlSecMSCryptoTransformAes256CbcId
+#define xmlSecTransformKWAes128Id xmlSecMSCryptoTransformKWAes128Id
+#define xmlSecTransformKWAes192Id xmlSecMSCryptoTransformKWAes192Id
+#define xmlSecTransformKWAes256Id xmlSecMSCryptoTransformKWAes256Id
+#define xmlSecTransformDes3CbcId xmlSecMSCryptoTransformDes3CbcId
+#define xmlSecTransformKWDes3Id xmlSecMSCryptoTransformKWDes3Id
+#define xmlSecTransformDsaSha1Id xmlSecMSCryptoTransformDsaSha1Id
+#define xmlSecTransformGost2001GostR3411_94Id xmlSecMSCryptoTransformGost2001GostR3411_94Id
+#define xmlSecTransformHmacMd5Id xmlSecMSCryptoTransformHmacMd5Id
+#define xmlSecTransformHmacRipemd160Id xmlSecMSCryptoTransformHmacRipemd160Id
+#define xmlSecTransformHmacSha1Id xmlSecMSCryptoTransformHmacSha1Id
+#define xmlSecTransformRipemd160Id xmlSecMSCryptoTransformRipemd160Id
+#define xmlSecTransformRsaSha1Id xmlSecMSCryptoTransformRsaSha1Id
+#define xmlSecTransformRsaSha256Id xmlSecMSCryptoTransformRsaSha256Id
+#define xmlSecTransformRsaSha384Id xmlSecMSCryptoTransformRsaSha384Id
+#define xmlSecTransformRsaSha512Id xmlSecMSCryptoTransformRsaSha512Id
+#define xmlSecTransformRsaPkcs1Id xmlSecMSCryptoTransformRsaPkcs1Id
+#define xmlSecTransformRsaOaepId xmlSecMSCryptoTransformRsaOaepId
+#define xmlSecTransformSha1Id xmlSecMSCryptoTransformSha1Id
+#define xmlSecTransformSha256Id xmlSecMSCryptoTransformSha256Id
+#define xmlSecTransformSha384Id xmlSecMSCryptoTransformSha384Id
+#define xmlSecTransformSha512Id xmlSecMSCryptoTransformSha512Id
+#define xmlSecTransformGostR3411_94Id xmlSecMSCryptoTransformGostR3411_94Id
+
+/********************************************************************
+ *
+ * High level routines form xmlsec command line utility
+ *
+ ********************************************************************/
+#define xmlSecCryptoAppInit xmlSecMSCryptoAppInit
+#define xmlSecCryptoAppShutdown xmlSecMSCryptoAppShutdown
+#define xmlSecCryptoAppDefaultKeysMngrInit xmlSecMSCryptoAppDefaultKeysMngrInit
+#define xmlSecCryptoAppDefaultKeysMngrAdoptKey xmlSecMSCryptoAppDefaultKeysMngrAdoptKey
+#define xmlSecCryptoAppDefaultKeysMngrLoad xmlSecMSCryptoAppDefaultKeysMngrLoad
+#define xmlSecCryptoAppDefaultKeysMngrSave xmlSecMSCryptoAppDefaultKeysMngrSave
+#define xmlSecCryptoAppKeysMngrCertLoad xmlSecMSCryptoAppKeysMngrCertLoad
+#define xmlSecCryptoAppKeysMngrCertLoadMemory xmlSecMSCryptoAppKeysMngrCertLoadMemory
+#define xmlSecCryptoAppKeyLoad xmlSecMSCryptoAppKeyLoad
+#define xmlSecCryptoAppPkcs12Load xmlSecMSCryptoAppPkcs12Load
+#define xmlSecCryptoAppKeyCertLoad xmlSecMSCryptoAppKeyCertLoad
+#define xmlSecCryptoAppKeyLoadMemory xmlSecMSCryptoAppKeyLoadMemory
+#define xmlSecCryptoAppPkcs12LoadMemory xmlSecMSCryptoAppPkcs12LoadMemory
+#define xmlSecCryptoAppKeyCertLoadMemory xmlSecMSCryptoAppKeyCertLoadMemory
+#define xmlSecCryptoAppGetDefaultPwdCallback xmlSecMSCryptoAppGetDefaultPwdCallback
+
+#endif /* XMLSEC_CRYPTO_MSCRYPTO */
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_MSCRYPTO_CRYPTO_H__ */
+
+#define __XMLSEC_MSCRYPTO_CRYPTO_H__
+
diff --git a/include/xmlsec/mscrypto/x509.h b/include/xmlsec/mscrypto/x509.h
new file mode 100644
index 00000000..60066bda
--- /dev/null
+++ b/include/xmlsec/mscrypto/x509.h
@@ -0,0 +1,92 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
+ */
+#ifndef __XMLSEC_MSCRYPTO_X509_H__
+#define __XMLSEC_MSCRYPTO_X509_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#ifndef XMLSEC_NO_X509
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+
+#include <windows.h>
+#include <wincrypt.h>
+
+/**
+ * xmlSecMSCryptoKeyDataX509Id:
+ *
+ * The MSCrypto X509 data klass.
+ */
+#define xmlSecMSCryptoKeyDataX509Id \
+ xmlSecMSCryptoKeyDataX509GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecMSCryptoKeyDataX509GetKlass(void);
+
+XMLSEC_CRYPTO_EXPORT PCCERT_CONTEXT xmlSecMSCryptoKeyDataX509GetKeyCert (xmlSecKeyDataPtr data);
+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoKeyDataX509AdoptKeyCert (xmlSecKeyDataPtr data,
+ PCCERT_CONTEXT cert);
+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoKeyDataX509AdoptCert (xmlSecKeyDataPtr data,
+ PCCERT_CONTEXT cert);
+XMLSEC_CRYPTO_EXPORT PCCERT_CONTEXT xmlSecMSCryptoKeyDataX509GetCert (xmlSecKeyDataPtr data,
+ xmlSecSize pos);
+XMLSEC_CRYPTO_EXPORT xmlSecSize xmlSecMSCryptoKeyDataX509GetCertsSize (xmlSecKeyDataPtr data);
+
+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoKeyDataX509AdoptCrl (xmlSecKeyDataPtr data,
+ PCCRL_CONTEXT crl);
+XMLSEC_CRYPTO_EXPORT PCCRL_CONTEXT xmlSecMSCryptoKeyDataX509GetCrl (xmlSecKeyDataPtr data,
+ xmlSecSize pos);
+XMLSEC_CRYPTO_EXPORT xmlSecSize xmlSecMSCryptoKeyDataX509GetCrlsSize (xmlSecKeyDataPtr data);
+
+
+/**
+ * xmlSecMSCryptoKeyDataRawX509CertId:
+ *
+ * The MSCrypto raw X509 certificate klass.
+ */
+#define xmlSecMSCryptoKeyDataRawX509CertId \
+ xmlSecMSCryptoKeyDataRawX509CertGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecMSCryptoKeyDataRawX509CertGetKlass(void);
+
+/**
+ * xmlSecMSCryptoX509StoreId:
+ *
+ * The MSCrypto X509 store klass.
+ */
+#define xmlSecMSCryptoX509StoreId \
+ xmlSecMSCryptoX509StoreGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataStoreId xmlSecMSCryptoX509StoreGetKlass(void);
+
+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptCert (xmlSecKeyDataStorePtr store,
+ PCCERT_CONTEXT cert,
+ xmlSecKeyDataType type);
+
+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptKeyStore (xmlSecKeyDataStorePtr store,
+ HCERTSTORE keyStore);
+
+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptTrustedStore(xmlSecKeyDataStorePtr store,
+ HCERTSTORE trustedStore);
+
+XMLSEC_CRYPTO_EXPORT int xmlSecMSCryptoX509StoreAdoptUntrustedStore(xmlSecKeyDataStorePtr store,
+ HCERTSTORE untrustedStore);
+
+XMLSEC_CRYPTO_EXPORT void xmlSecMSCryptoX509StoreEnableSystemTrustedCerts(xmlSecKeyDataStorePtr store,
+ int val);
+
+
+
+#endif /* XMLSEC_NO_X509 */
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_MSCRYPTO_X509_H__ */
diff --git a/include/xmlsec/nodeset.h b/include/xmlsec/nodeset.h
new file mode 100644
index 00000000..104e04fa
--- /dev/null
+++ b/include/xmlsec/nodeset.h
@@ -0,0 +1,139 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Enchanced nodes Set
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_NODESET_H__
+#define __XMLSEC_NODESET_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <libxml/tree.h>
+#include <libxml/xpath.h>
+
+#include <xmlsec/xmlsec.h>
+
+typedef struct _xmlSecNodeSet xmlSecNodeSet, *xmlSecNodeSetPtr;
+
+/**
+ * xmlSecNodeSetType:
+ * @xmlSecNodeSetNormal: nodes set = nodes in the list.
+ * @xmlSecNodeSetInvert: nodes set = all document nodes minus nodes in the list.
+ * @xmlSecNodeSetTree: nodes set = nodes in the list and all their subtress.
+ * @xmlSecNodeSetTreeWithoutComments: nodes set = nodes in the list and
+ * all their subtress but no comment nodes.
+ * @xmlSecNodeSetTreeInvert: nodes set = all document nodes minus nodes in the
+ * list and all their subtress.
+ * @xmlSecNodeSetTreeWithoutCommentsInvert: nodes set = all document nodes
+ * minus (nodes in the list and all their subtress
+ * plus all comment nodes).
+ * @xmlSecNodeSetList: nodes set = all nodes in the chidren list of nodes sets.
+ *
+ * The basic nodes sets types.
+ */
+typedef enum {
+ xmlSecNodeSetNormal = 0,
+ xmlSecNodeSetInvert,
+ xmlSecNodeSetTree,
+ xmlSecNodeSetTreeWithoutComments,
+ xmlSecNodeSetTreeInvert,
+ xmlSecNodeSetTreeWithoutCommentsInvert,
+ xmlSecNodeSetList
+} xmlSecNodeSetType;
+
+/**
+ * xmlSecNodeSetOp:
+ * @xmlSecNodeSetIntersection: intersection.
+ * @xmlSecNodeSetSubtraction: subtraction.
+ * @xmlSecNodeSetUnion: union.
+ *
+ * The simple nodes sets operations.
+ */
+typedef enum {
+ xmlSecNodeSetIntersection = 0,
+ xmlSecNodeSetSubtraction,
+ xmlSecNodeSetUnion
+} xmlSecNodeSetOp;
+
+/**
+ * xmlSecNodeSet:
+ * @nodes: the nodes list.
+ * @doc: the parent XML document.
+ * @destroyDoc: the flag: if set to 1 then @doc will
+ * be destroyed when node set is destroyed.
+ * @type: the nodes set type.
+ * @op: the operation type.
+ * @next: the next nodes set.
+ * @prev: the previous nodes set.
+ * @children: the children list (valid only if type
+ * equal to #xmlSecNodeSetList).
+ *
+ * The enchanced nodes set.
+ */
+struct _xmlSecNodeSet {
+ xmlNodeSetPtr nodes;
+ xmlDocPtr doc;
+ int destroyDoc;
+ xmlSecNodeSetType type;
+ xmlSecNodeSetOp op;
+ xmlSecNodeSetPtr next;
+ xmlSecNodeSetPtr prev;
+ xmlSecNodeSetPtr children;
+};
+
+/**
+ * xmlSecNodeSetWalkCallback:
+ * @nset: the pointer to #xmlSecNodeSet structure.
+ * @cur: the pointer current XML node.
+ * @parent: the pointer to the @cur parent node.
+ * @data: the pointer to application specific data.
+ *
+ * The callback function called once per each node in the nodes set.
+ *
+ * Returns: 0 on success or a negative value if an error occurs
+ * an walk procedure should be interrupted.
+ */
+typedef int (*xmlSecNodeSetWalkCallback) (xmlSecNodeSetPtr nset,
+ xmlNodePtr cur,
+ xmlNodePtr parent,
+ void* data);
+
+XMLSEC_EXPORT xmlSecNodeSetPtr xmlSecNodeSetCreate (xmlDocPtr doc,
+ xmlNodeSetPtr nodes,
+ xmlSecNodeSetType type);
+XMLSEC_EXPORT void xmlSecNodeSetDestroy (xmlSecNodeSetPtr nset);
+XMLSEC_EXPORT void xmlSecNodeSetDocDestroy (xmlSecNodeSetPtr nset);
+XMLSEC_EXPORT int xmlSecNodeSetContains (xmlSecNodeSetPtr nset,
+ xmlNodePtr node,
+ xmlNodePtr parent);
+XMLSEC_EXPORT xmlSecNodeSetPtr xmlSecNodeSetAdd (xmlSecNodeSetPtr nset,
+ xmlSecNodeSetPtr newNSet,
+ xmlSecNodeSetOp op);
+XMLSEC_EXPORT xmlSecNodeSetPtr xmlSecNodeSetAddList (xmlSecNodeSetPtr nset,
+ xmlSecNodeSetPtr newNSet,
+ xmlSecNodeSetOp op);
+XMLSEC_EXPORT xmlSecNodeSetPtr xmlSecNodeSetGetChildren(xmlDocPtr doc,
+ const xmlNodePtr parent,
+ int withComments,
+ int invert);
+XMLSEC_EXPORT int xmlSecNodeSetWalk (xmlSecNodeSetPtr nset,
+ xmlSecNodeSetWalkCallback walkFunc,
+ void* data);
+XMLSEC_EXPORT int xmlSecNodeSetDumpTextNodes(xmlSecNodeSetPtr nset,
+ xmlOutputBufferPtr out);
+XMLSEC_EXPORT void xmlSecNodeSetDebugDump (xmlSecNodeSetPtr nset,
+ FILE *output);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_NODESET_H__ */
+
diff --git a/include/xmlsec/nss/Makefile.am b/include/xmlsec/nss/Makefile.am
new file mode 100644
index 00000000..e3521622
--- /dev/null
+++ b/include/xmlsec/nss/Makefile.am
@@ -0,0 +1,17 @@
+NULL =
+
+xmlsecnssincdir = $(includedir)/xmlsec1/xmlsec/nss
+
+xmlsecnssinc_HEADERS = \
+app.h \
+crypto.h \
+symbols.h \
+bignum.h \
+keysstore.h \
+pkikeys.h \
+x509.h \
+$(NULL)
+
+install-exec-hook:
+ $(mkinstalldirs) $(DESTDIR)$(xmlsecnssincdir)
+
diff --git a/include/xmlsec/nss/Makefile.in b/include/xmlsec/nss/Makefile.in
new file mode 100644
index 00000000..0fcffb44
--- /dev/null
+++ b/include/xmlsec/nss/Makefile.in
@@ -0,0 +1,568 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = include/xmlsec/nss
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(xmlsecnssinc_HEADERS)
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(xmlsecnssincdir)"
+HEADERS = $(xmlsecnssinc_HEADERS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CP = @CP@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GCRYPT_CFLAGS = @GCRYPT_CFLAGS@
+GCRYPT_CRYPTO_LIB = @GCRYPT_CRYPTO_LIB@
+GCRYPT_LIBS = @GCRYPT_LIBS@
+GCRYPT_MIN_VERSION = @GCRYPT_MIN_VERSION@
+GNUTLS_CFLAGS = @GNUTLS_CFLAGS@
+GNUTLS_CRYPTO_LIB = @GNUTLS_CRYPTO_LIB@
+GNUTLS_LIBS = @GNUTLS_LIBS@
+GNUTLS_MIN_VERSION = @GNUTLS_MIN_VERSION@
+GREP = @GREP@
+HELP2MAN = @HELP2MAN@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIBXML_CFLAGS = @LIBXML_CFLAGS@
+LIBXML_CONFIG = @LIBXML_CONFIG@
+LIBXML_LIBS = @LIBXML_LIBS@
+LIBXML_MIN_VERSION = @LIBXML_MIN_VERSION@
+LIBXSLT_CFLAGS = @LIBXSLT_CFLAGS@
+LIBXSLT_CONFIG = @LIBXSLT_CONFIG@
+LIBXSLT_LIBS = @LIBXSLT_LIBS@
+LIBXSLT_MIN_VERSION = @LIBXSLT_MIN_VERSION@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MAN2HTML = @MAN2HTML@
+MKDIR_P = @MKDIR_P@
+MOZILLA_MIN_VERSION = @MOZILLA_MIN_VERSION@
+MSCRYPTO_CFLAGS = @MSCRYPTO_CFLAGS@
+MSCRYPTO_CRYPTO_LIB = @MSCRYPTO_CRYPTO_LIB@
+MSCRYPTO_LIBS = @MSCRYPTO_LIBS@
+MV = @MV@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NSPR_MIN_VERSION = @NSPR_MIN_VERSION@
+NSPR_PACKAGE = @NSPR_PACKAGE@
+NSS_CFLAGS = @NSS_CFLAGS@
+NSS_CRYPTO_LIB = @NSS_CRYPTO_LIB@
+NSS_LIBS = @NSS_LIBS@
+NSS_MIN_VERSION = @NSS_MIN_VERSION@
+NSS_PACKAGE = @NSS_PACKAGE@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_CFLAGS = @OPENSSL_CFLAGS@
+OPENSSL_CRYPTO_LIB = @OPENSSL_CRYPTO_LIB@
+OPENSSL_LIBS = @OPENSSL_LIBS@
+OPENSSL_MIN_VERSION = @OPENSSL_MIN_VERSION@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKGCONFIG_PRESENT = @PKGCONFIG_PRESENT@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+RANLIB = @RANLIB@
+RM = @RM@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+TAR = @TAR@
+U = @U@
+VERSION = @VERSION@
+XMLSEC_APP_DEFINES = @XMLSEC_APP_DEFINES@
+XMLSEC_CFLAGS = @XMLSEC_CFLAGS@
+XMLSEC_CORE_CFLAGS = @XMLSEC_CORE_CFLAGS@
+XMLSEC_CORE_LIBS = @XMLSEC_CORE_LIBS@
+XMLSEC_CRYPTO = @XMLSEC_CRYPTO@
+XMLSEC_CRYPTO_CFLAGS = @XMLSEC_CRYPTO_CFLAGS@
+XMLSEC_CRYPTO_DISABLED_LIST = @XMLSEC_CRYPTO_DISABLED_LIST@
+XMLSEC_CRYPTO_EXTRA_LDFLAGS = @XMLSEC_CRYPTO_EXTRA_LDFLAGS@
+XMLSEC_CRYPTO_LIB = @XMLSEC_CRYPTO_LIB@
+XMLSEC_CRYPTO_LIBS = @XMLSEC_CRYPTO_LIBS@
+XMLSEC_CRYPTO_LIST = @XMLSEC_CRYPTO_LIST@
+XMLSEC_CRYPTO_PC_FILES_LIST = @XMLSEC_CRYPTO_PC_FILES_LIST@
+XMLSEC_DEFINES = @XMLSEC_DEFINES@
+XMLSEC_DL_INCLUDES = @XMLSEC_DL_INCLUDES@
+XMLSEC_DL_LIBS = @XMLSEC_DL_LIBS@
+XMLSEC_DOCDIR = @XMLSEC_DOCDIR@
+XMLSEC_EXTRA_LDFLAGS = @XMLSEC_EXTRA_LDFLAGS@
+XMLSEC_GCRYPT_CFLAGS = @XMLSEC_GCRYPT_CFLAGS@
+XMLSEC_GCRYPT_LIBS = @XMLSEC_GCRYPT_LIBS@
+XMLSEC_GNUTLS_CFLAGS = @XMLSEC_GNUTLS_CFLAGS@
+XMLSEC_GNUTLS_LIBS = @XMLSEC_GNUTLS_LIBS@
+XMLSEC_LIBDIR = @XMLSEC_LIBDIR@
+XMLSEC_LIBS = @XMLSEC_LIBS@
+XMLSEC_NO_AES = @XMLSEC_NO_AES@
+XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_DES = @XMLSEC_NO_DES@
+XMLSEC_NO_DSA = @XMLSEC_NO_DSA@
+XMLSEC_NO_GCRYPT = @XMLSEC_NO_GCRYPT@
+XMLSEC_NO_GNUTLS = @XMLSEC_NO_GNUTLS@
+XMLSEC_NO_GOST = @XMLSEC_NO_GOST@
+XMLSEC_NO_HMAC = @XMLSEC_NO_HMAC@
+XMLSEC_NO_LIBXSLT = @XMLSEC_NO_LIBXSLT@
+XMLSEC_NO_MD5 = @XMLSEC_NO_MD5@
+XMLSEC_NO_MSCRYPTO = @XMLSEC_NO_MSCRYPTO@
+XMLSEC_NO_NSS = @XMLSEC_NO_NSS@
+XMLSEC_NO_OPENSSL = @XMLSEC_NO_OPENSSL@
+XMLSEC_NO_RIPEMD160 = @XMLSEC_NO_RIPEMD160@
+XMLSEC_NO_RSA = @XMLSEC_NO_RSA@
+XMLSEC_NO_SHA1 = @XMLSEC_NO_SHA1@
+XMLSEC_NO_SHA224 = @XMLSEC_NO_SHA224@
+XMLSEC_NO_SHA256 = @XMLSEC_NO_SHA256@
+XMLSEC_NO_SHA384 = @XMLSEC_NO_SHA384@
+XMLSEC_NO_SHA512 = @XMLSEC_NO_SHA512@
+XMLSEC_NO_X509 = @XMLSEC_NO_X509@
+XMLSEC_NO_XKMS = @XMLSEC_NO_XKMS@
+XMLSEC_NO_XMLDSIG = @XMLSEC_NO_XMLDSIG@
+XMLSEC_NO_XMLENC = @XMLSEC_NO_XMLENC@
+XMLSEC_NSS_CFLAGS = @XMLSEC_NSS_CFLAGS@
+XMLSEC_NSS_LIBS = @XMLSEC_NSS_LIBS@
+XMLSEC_OPENSSL_CFLAGS = @XMLSEC_OPENSSL_CFLAGS@
+XMLSEC_OPENSSL_LIBS = @XMLSEC_OPENSSL_LIBS@
+XMLSEC_PACKAGE = @XMLSEC_PACKAGE@
+XMLSEC_STATIC_BINARIES = @XMLSEC_STATIC_BINARIES@
+XMLSEC_VERSION = @XMLSEC_VERSION@
+XMLSEC_VERSION_INFO = @XMLSEC_VERSION_INFO@
+XMLSEC_VERSION_MAJOR = @XMLSEC_VERSION_MAJOR@
+XMLSEC_VERSION_MINOR = @XMLSEC_VERSION_MINOR@
+XMLSEC_VERSION_SAFE = @XMLSEC_VERSION_SAFE@
+XMLSEC_VERSION_SUBMINOR = @XMLSEC_VERSION_SUBMINOR@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+NULL =
+xmlsecnssincdir = $(includedir)/xmlsec1/xmlsec/nss
+xmlsecnssinc_HEADERS = \
+app.h \
+crypto.h \
+symbols.h \
+bignum.h \
+keysstore.h \
+pkikeys.h \
+x509.h \
+$(NULL)
+
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu include/xmlsec/nss/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu include/xmlsec/nss/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-xmlsecnssincHEADERS: $(xmlsecnssinc_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(xmlsecnssincdir)" || $(MKDIR_P) "$(DESTDIR)$(xmlsecnssincdir)"
+ @list='$(xmlsecnssinc_HEADERS)'; test -n "$(xmlsecnssincdir)" || list=; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(xmlsecnssincdir)'"; \
+ $(INSTALL_HEADER) $$files "$(DESTDIR)$(xmlsecnssincdir)" || exit $$?; \
+ done
+
+uninstall-xmlsecnssincHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(xmlsecnssinc_HEADERS)'; test -n "$(xmlsecnssincdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ test -n "$$files" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(xmlsecnssincdir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(xmlsecnssincdir)" && rm -f $$files
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(HEADERS)
+installdirs:
+ for dir in "$(DESTDIR)$(xmlsecnssincdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-xmlsecnssincHEADERS
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-xmlsecnssincHEADERS
+
+.MAKE: install-am install-exec-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool ctags distclean distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-exec-hook install-html install-html-am \
+ install-info install-info-am install-man install-pdf \
+ install-pdf-am install-ps install-ps-am install-strip \
+ install-xmlsecnssincHEADERS installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
+ ps ps-am tags uninstall uninstall-am \
+ uninstall-xmlsecnssincHEADERS
+
+
+install-exec-hook:
+ $(mkinstalldirs) $(DESTDIR)$(xmlsecnssincdir)
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/include/xmlsec/nss/app.h b/include/xmlsec/nss/app.h
new file mode 100644
index 00000000..387d34ec
--- /dev/null
+++ b/include/xmlsec/nss/app.h
@@ -0,0 +1,118 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ * Copyright (c) 2003 America Online, Inc. All rights reserved.
+ */
+#ifndef __XMLSEC_NSS_APP_H__
+#define __XMLSEC_NSS_APP_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <nspr.h>
+#include <nss.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/transforms.h>
+
+/********************************************************************
+ *
+ * Init/shutdown
+ *
+ ********************************************************************/
+XMLSEC_CRYPTO_EXPORT int xmlSecNssAppInit (const char* config);
+XMLSEC_CRYPTO_EXPORT int xmlSecNssAppShutdown (void);
+
+/********************************************************************
+ *
+ * Keys Manager
+ *
+ ********************************************************************/
+XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrInit (xmlSecKeysMngrPtr mngr);
+XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr,
+ xmlSecKeyPtr key);
+XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr,
+ const char* uri);
+XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr,
+ const char* filename,
+ xmlSecKeyDataType type);
+#ifndef XMLSEC_NO_X509
+XMLSEC_CRYPTO_EXPORT int xmlSecNssAppKeysMngrCertLoad (xmlSecKeysMngrPtr mngr,
+ const char *filename,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type);
+XMLSEC_CRYPTO_EXPORT int xmlSecNssAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr,
+ const xmlSecByte *data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type);
+XMLSEC_CRYPTO_EXPORT int xmlSecNssAppKeysMngrCertLoadSECItem(xmlSecKeysMngrPtr mngr,
+ SECItem* secItem,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type);
+#endif /* XMLSEC_NO_X509 */
+
+
+/********************************************************************
+ *
+ * Keys
+ *
+ ********************************************************************/
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecNssAppKeyLoad (const char *filename,
+ xmlSecKeyDataFormat format,
+ const char *pwd,
+ void *pwdCallback,
+ void* pwdCallbackCtx);
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecNssAppKeyLoadMemory (const xmlSecByte *data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format,
+ const char *pwd,
+ void *pwdCallback,
+ void* pwdCallbackCtx);
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecNssAppKeyLoadSECItem (SECItem* secItem,
+ xmlSecKeyDataFormat format,
+ const char *pwd,
+ void *pwdCallback,
+ void* pwdCallbackCtx);
+#ifndef XMLSEC_NO_X509
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecNssAppPkcs12Load (const char *filename,
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx);
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecNssAppPkcs12LoadMemory (const xmlSecByte *data,
+ xmlSecSize dataSize,
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx);
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecNssAppPkcs12LoadSECItem (SECItem* secItem,
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx);
+XMLSEC_CRYPTO_EXPORT int xmlSecNssAppKeyCertLoad (xmlSecKeyPtr key,
+ const char* filename,
+ xmlSecKeyDataFormat format);
+XMLSEC_CRYPTO_EXPORT int xmlSecNssAppKeyCertLoadMemory (xmlSecKeyPtr key,
+ const xmlSecByte *data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format);
+XMLSEC_CRYPTO_EXPORT int xmlSecNssAppKeyCertLoadSECItem (xmlSecKeyPtr key,
+ SECItem* secItem,
+ xmlSecKeyDataFormat format);
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecNssAppKeyFromCertLoadSECItem(SECItem* secItem,
+ xmlSecKeyDataFormat format);
+#endif /* XMLSEC_NO_X509 */
+XMLSEC_CRYPTO_EXPORT void* xmlSecNssAppGetDefaultPwdCallback(void);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_NSS_APP_H__ */
+
diff --git a/include/xmlsec/nss/bignum.h b/include/xmlsec/nss/bignum.h
new file mode 100644
index 00000000..6147d20a
--- /dev/null
+++ b/include/xmlsec/nss/bignum.h
@@ -0,0 +1,37 @@
+/**
+ * XMLSec library
+ *
+ * Reading/writing BIGNUM values
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for precise wording.
+ *
+ * Copyright (c) 2003 America Online, Inc. All rights reserved.
+ */
+#ifndef __XMLSEC_NSS_BIGNUM_H__
+#define __XMLSEC_NSS_BIGNUM_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <libxml/tree.h>
+
+#include <nspr.h>
+#include <nss.h>
+
+#include <xmlsec/xmlsec.h>
+
+XMLSEC_CRYPTO_EXPORT SECItem* xmlSecNssNodeGetBigNumValue (PRArenaPool *arena,
+ const xmlNodePtr cur,
+ SECItem *a);
+XMLSEC_CRYPTO_EXPORT int xmlSecNssNodeSetBigNumValue (xmlNodePtr cur,
+ const SECItem *a,
+ int addLineBreaks);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_NSS_BIGNUM_H__ */
+
diff --git a/include/xmlsec/nss/crypto.h b/include/xmlsec/nss/crypto.h
new file mode 100644
index 00000000..a1c11948
--- /dev/null
+++ b/include/xmlsec/nss/crypto.h
@@ -0,0 +1,469 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ * Copyright (c) 2003 America Online, Inc. All rights reserved.
+ */
+#ifndef __XMLSEC_NSS_CRYPTO_H__
+#define __XMLSEC_NSS_CRYPTO_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <nspr.h>
+#include <nss.h>
+#include <pk11func.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/dl.h>
+
+XMLSEC_CRYPTO_EXPORT xmlSecCryptoDLFunctionsPtr xmlSecCryptoGetFunctions_nss(void);
+
+/********************************************************************
+ *
+ * Init shutdown
+ *
+ ********************************************************************/
+XMLSEC_CRYPTO_EXPORT int xmlSecNssInit (void);
+XMLSEC_CRYPTO_EXPORT int xmlSecNssShutdown (void);
+
+XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysMngrInit (xmlSecKeysMngrPtr mngr);
+XMLSEC_CRYPTO_EXPORT int xmlSecNssGenerateRandom (xmlSecBufferPtr buffer,
+ xmlSecSize size);
+
+XMLSEC_CRYPTO_EXPORT void xmlSecNssErrorsDefaultCallback (const char* file,
+ int line,
+ const char* func,
+ const char* errorObject,
+ const char* errorSubject,
+ int reason,
+ const char* msg);
+
+XMLSEC_CRYPTO_EXPORT PK11SlotInfo * xmlSecNssGetInternalKeySlot(void);
+
+/********************************************************************
+ *
+ * AES transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_AES
+/**
+ * xmlSecNssKeyDataAesId:
+ *
+ * The AES key data klass.
+ */
+#define xmlSecNssKeyDataAesId \
+ xmlSecNssKeyDataAesGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecNssKeyDataAesGetKlass (void);
+XMLSEC_CRYPTO_EXPORT int xmlSecNssKeyDataAesSet (xmlSecKeyDataPtr data,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize);
+/**
+ * xmlSecNssTransformAes128CbcId:
+ *
+ * The AES128 CBC cipher transform klass.
+ */
+#define xmlSecNssTransformAes128CbcId \
+ xmlSecNssTransformAes128CbcGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformAes128CbcGetKlass(void);
+
+/**
+ * xmlSecNssTransformAes192CbcId:
+ *
+ * The AES192 CBC cipher transform klass.
+ */
+#define xmlSecNssTransformAes192CbcId \
+ xmlSecNssTransformAes192CbcGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformAes192CbcGetKlass(void);
+
+/**
+ * xmlSecNssTransformAes256CbcId:
+ *
+ * The AES256 CBC cipher transform klass.
+ */
+#define xmlSecNssTransformAes256CbcId \
+ xmlSecNssTransformAes256CbcGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformAes256CbcGetKlass(void);
+
+/**
+ * xmlSecNssTransformKWAes128Id:
+ *
+ * The AES 128 key wrap transform klass.
+ */
+#define xmlSecNssTransformKWAes128Id \
+ xmlSecNssTransformKWAes128GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformKWAes128GetKlass(void);
+
+/**
+ * xmlSecNssTransformKWAes192Id:
+ *
+ * The AES 192 key wrap transform klass.
+ */
+#define xmlSecNssTransformKWAes192Id \
+ xmlSecNssTransformKWAes192GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformKWAes192GetKlass(void);
+
+/**
+ * xmlSecNssTransformKWAes256Id:
+ *
+ * The AES 256 key wrap transform klass.
+ */
+#define xmlSecNssTransformKWAes256Id \
+ xmlSecNssTransformKWAes256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformKWAes256GetKlass(void);
+
+#endif /* XMLSEC_NO_AES */
+
+/********************************************************************
+ *
+ * DES transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_DES
+/**
+ * xmlSecNssKeyDataDesId:
+ *
+ * The DES key data klass.
+ */
+#define xmlSecNssKeyDataDesId \
+ xmlSecNssKeyDataDesGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecNssKeyDataDesGetKlass (void);
+XMLSEC_CRYPTO_EXPORT int xmlSecNssKeyDataDesSet (xmlSecKeyDataPtr data,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize);
+
+/**
+ * xmlSecNssTransformDes3CbcId:
+ *
+ * The Triple DES CBC cipher transform klass.
+ */
+#define xmlSecNssTransformDes3CbcId \
+ xmlSecNssTransformDes3CbcGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformDes3CbcGetKlass(void);
+
+/**
+* xmlSecNssTransformKWDes3Id:
+*
+* The DES3 KW transform klass.
+*/
+#define xmlSecNssTransformKWDes3Id \
+ xmlSecNssTransformKWDes3GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformKWDes3GetKlass(void);
+
+
+#endif /* XMLSEC_NO_DES */
+
+/********************************************************************
+ *
+ * DSA transform
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_DSA
+
+/**
+ * xmlSecNssKeyDataDsaId:
+ *
+ * The DSA key klass.
+ */
+#define xmlSecNssKeyDataDsaId \
+ xmlSecNssKeyDataDsaGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecNssKeyDataDsaGetKlass (void);
+
+/**
+ * xmlSecNssTransformDsaSha1Id:
+ *
+ * The DSA SHA1 signature transform klass.
+ */
+#define xmlSecNssTransformDsaSha1Id \
+ xmlSecNssTransformDsaSha1GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformDsaSha1GetKlass(void);
+
+#endif /* XMLSEC_NO_DSA */
+
+
+/********************************************************************
+ *
+ * HMAC transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_HMAC
+
+XMLSEC_CRYPTO_EXPORT int xmlSecNssHmacGetMinOutputLength(void);
+XMLSEC_CRYPTO_EXPORT void xmlSecNssHmacSetMinOutputLength(int min_length);
+
+/**
+ * xmlSecNssKeyDataHmacId:
+ *
+ * The DHMAC key data klass.
+ */
+#define xmlSecNssKeyDataHmacId \
+ xmlSecNssKeyDataHmacGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecNssKeyDataHmacGetKlass (void);
+XMLSEC_CRYPTO_EXPORT int xmlSecNssKeyDataHmacSet (xmlSecKeyDataPtr data,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize);
+#ifndef XMLSEC_NO_MD5
+/**
+ * xmlSecNssTransformHmacMd5Id:
+ *
+ * The HMAC with MD5 signature transform klass.
+ */
+#define xmlSecNssTransformHmacMd5Id \
+ xmlSecNssTransformHmacMd5GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformHmacMd5GetKlass(void);
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+/**
+ * xmlSecNssTransformHmacRipemd160Id:
+ *
+ * The HMAC with RipeMD160 signature transform klass.
+ */
+#define xmlSecNssTransformHmacRipemd160Id \
+ xmlSecNssTransformHmacRipemd160GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformHmacRipemd160GetKlass(void);
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+/**
+ * xmlSecNssTransformHmacSha1Id:
+ *
+ * The HMAC with SHA1 signature transform klass.
+ */
+#define xmlSecNssTransformHmacSha1Id \
+ xmlSecNssTransformHmacSha1GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformHmacSha1GetKlass(void);
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+/**
+ * xmlSecNssTransformHmacSha256Id:
+ *
+ * The HMAC with SHA256 signature transform klass.
+ */
+#define xmlSecNssTransformHmacSha256Id \
+ xmlSecNssTransformHmacSha256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformHmacSha256GetKlass(void);
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/**
+ * xmlSecNssTransformHmacSha384Id:
+ *
+ * The HMAC with SHA384 signature transform klass.
+ */
+#define xmlSecNssTransformHmacSha384Id \
+ xmlSecNssTransformHmacSha384GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformHmacSha384GetKlass(void);
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/**
+ * xmlSecNssTransformHmacSha512Id:
+ *
+ * The HMAC with SHA512 signature transform klass.
+ */
+#define xmlSecNssTransformHmacSha512Id \
+ xmlSecNssTransformHmacSha512GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformHmacSha512GetKlass(void);
+#endif /* XMLSEC_NO_SHA512 */
+
+
+#endif /* XMLSEC_NO_HMAC */
+
+
+/********************************************************************
+ *
+ * RSA transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_RSA
+
+/**
+ * xmlSecNssKeyDataRsaId:
+ *
+ * The RSA key klass.
+ */
+#define xmlSecNssKeyDataRsaId \
+ xmlSecNssKeyDataRsaGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecNssKeyDataRsaGetKlass (void);
+
+#ifndef XMLSEC_NO_MD5
+/**
+ * xmlSecNssTransformRsaMd5Id:
+ *
+ * The RSA-MD5 signature transform klass.
+ */
+#define xmlSecNssTransformRsaMd5Id \
+ xmlSecNssTransformRsaMd5GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaMd5GetKlass(void);
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_SHA1
+/**
+ * xmlSecNssTransformRsaSha1Id:
+ *
+ * The RSA-SHA1 signature transform klass.
+ */
+#define xmlSecNssTransformRsaSha1Id \
+ xmlSecNssTransformRsaSha1GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaSha1GetKlass(void);
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+/**
+ * xmlSecNssTransformRsaSha256Id:
+ *
+ * The RSA-SHA256 signature transform klass.
+ */
+#define xmlSecNssTransformRsaSha256Id \
+ xmlSecNssTransformRsaSha256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaSha256GetKlass(void);
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/**
+ * xmlSecNssTransformRsaSha384Id:
+ *
+ * The RSA-SHA384 signature transform klass.
+ */
+#define xmlSecNssTransformRsaSha384Id \
+ xmlSecNssTransformRsaSha384GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaSha384GetKlass(void);
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/**
+ * xmlSecNssTransformRsaSha512Id:
+ *
+ * The RSA-SHA512 signature transform klass.
+ */
+#define xmlSecNssTransformRsaSha512Id \
+ xmlSecNssTransformRsaSha512GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaSha512GetKlass(void);
+#endif /* XMLSEC_NO_SHA512 */
+
+/**
+ * xmlSecNssTransformRsaPkcs1Id:
+ *
+ * The RSA PKCS1 key transport transform klass.
+ */
+#define xmlSecNssTransformRsaPkcs1Id \
+ xmlSecNssTransformRsaPkcs1GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaPkcs1GetKlass(void);
+
+/* aleksey, April 2010: NSS 3.12.6 has CKM_RSA_PKCS_OAEP algorithm but
+ it doesn't implement the SHA1 OAEP PKCS we need
+
+ https://bugzilla.mozilla.org/show_bug.cgi?id=158747
+*/
+#ifdef XMLSEC_NSS_RSA_OAEP_TODO
+/**
+ * xmlSecNssTransformRsaOaepId:
+ *
+ * The RSA OAEP key transport transform klass.
+ */
+#define xmlSecNssTransformRsaOaepId \
+ xmlSecNssTransformRsaOaepGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformRsaOaepGetKlass(void);
+#endif /* XMLSEC_NSS_RSA_OAEP_TODO */
+
+#endif /* XMLSEC_NO_RSA */
+
+
+/********************************************************************
+ *
+ * SHA1 transform
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_SHA1
+/**
+ * xmlSecNssTransformSha1Id:
+ *
+ * The SHA1 digest transform klass.
+ */
+#define xmlSecNssTransformSha1Id \
+ xmlSecNssTransformSha1GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformSha1GetKlass (void);
+#endif /* XMLSEC_NO_SHA1 */
+
+/********************************************************************
+ *
+ * SHA256 transform
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_SHA256
+/**
+ * xmlSecNssTransformSha256Id:
+ *
+ * The SHA256 digest transform klass.
+ */
+#define xmlSecNssTransformSha256Id \
+ xmlSecNssTransformSha256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformSha256GetKlass(void);
+#endif /* XMLSEC_NO_SHA256 */
+
+/********************************************************************
+ *
+ * SHA384 transform
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_SHA384
+/**
+ * xmlSecNssTransformSha384Id:
+ *
+ * The SHA384 digest transform klass.
+ */
+#define xmlSecNssTransformSha384Id \
+ xmlSecNssTransformSha384GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformSha384GetKlass(void);
+#endif /* XMLSEC_NO_SHA384 */
+
+/********************************************************************
+ *
+ * SHA512 transform
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_SHA512
+/**
+ * xmlSecNssTransformSha512Id:
+ *
+ * The SHA512 digest transform klass.
+ */
+#define xmlSecNssTransformSha512Id \
+ xmlSecNssTransformSha512GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformSha512GetKlass(void);
+#endif /* XMLSEC_NO_SHA512 */
+
+/********************************************************************
+ *
+ * MD5 transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_MD5
+/**
+ * xmlSecNssTransformMd5Id:
+ *
+ * The MD5 digest transform klass.
+ */
+#define xmlSecNssTransformMd5Id \
+ xmlSecNssTransformMd5GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecNssTransformMd5GetKlass(void);
+#endif /* XMLSEC_NO_MD5 */
+
+
+
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_NSS_CRYPTO_H__ */
+
+#define __XMLSEC_NSS_CRYPTO_H__
diff --git a/include/xmlsec/nss/keysstore.h b/include/xmlsec/nss/keysstore.h
new file mode 100644
index 00000000..a2cc289b
--- /dev/null
+++ b/include/xmlsec/nss/keysstore.h
@@ -0,0 +1,46 @@
+/**
+ * XMLSec library
+ *
+ * Nss keys store
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for precise wording.
+ *
+ * Copyright (c) 2003 America Online, Inc. All rights reserved
+ */
+#ifndef __XMLSEC_NSS_KEYSSTORE_H__
+#define __XMLSEC_NSS_KEYSSTORE_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <xmlsec/xmlsec.h>
+
+/****************************************************************************
+ *
+ * Nss Keys Store
+ *
+ ***************************************************************************/
+/**
+ * xmlSecNssKeysStoreId:
+ *
+ * A Nss keys store klass id.
+ */
+#define xmlSecNssKeysStoreId xmlSecNssKeysStoreGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyStoreId xmlSecNssKeysStoreGetKlass (void);
+XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKey (xmlSecKeyStorePtr store,
+ xmlSecKeyPtr key);
+XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreLoad (xmlSecKeyStorePtr store,
+ const char *uri,
+ xmlSecKeysMngrPtr keysMngr);
+XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreSave (xmlSecKeyStorePtr store,
+ const char *filename,
+ xmlSecKeyDataType type);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_NSS_KEYSSTORE_H__ */
+
diff --git a/include/xmlsec/nss/pkikeys.h b/include/xmlsec/nss/pkikeys.h
new file mode 100644
index 00000000..cb498482
--- /dev/null
+++ b/include/xmlsec/nss/pkikeys.h
@@ -0,0 +1,44 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (c) 2003 America Online, Inc. All rights reserved.
+ */
+#ifndef __XMLSEC_NSS_PKIKEYS_H__
+#define __XMLSEC_NSS_PKIKEYS_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <nspr.h>
+#include <nss.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+
+
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecNssPKIAdoptKey (SECKEYPrivateKey *privkey,
+ SECKEYPublicKey *pubkey);
+
+XMLSEC_CRYPTO_EXPORT SECKEYPublicKey* xmlSecNssPKIKeyDataGetPubKey (xmlSecKeyDataPtr data);
+
+XMLSEC_CRYPTO_EXPORT SECKEYPrivateKey* xmlSecNssPKIKeyDataGetPrivKey (xmlSecKeyDataPtr data);
+
+XMLSEC_CRYPTO_EXPORT KeyType xmlSecNssPKIKeyDataGetKeyType (xmlSecKeyDataPtr data);
+
+XMLSEC_CRYPTO_EXPORT int xmlSecNssPKIKeyDataDuplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+
+
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_NSS_PKIKEYS_H__ */
+
+
diff --git a/include/xmlsec/nss/symbols.h b/include/xmlsec/nss/symbols.h
new file mode 100644
index 00000000..9520cb83
--- /dev/null
+++ b/include/xmlsec/nss/symbols.h
@@ -0,0 +1,106 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ * Copyright (c) 2003 America Online, Inc. All rights reserved.
+ */
+#ifndef __XMLSEC_NSS_SYMBOLS_H__
+#define __XMLSEC_NSS_SYMBOLS_H__
+
+#if !defined(IN_XMLSEC) && defined(XMLSEC_CRYPTO_DYNAMIC_LOADING)
+#error To disable dynamic loading of xmlsec-crypto libraries undefine XMLSEC_CRYPTO_DYNAMIC_LOADING
+#endif /* !defined(IN_XMLSEC) && defined(XMLSEC_CRYPTO_DYNAMIC_LOADING) */
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#ifdef XMLSEC_CRYPTO_NSS
+
+/********************************************************************
+ *
+ * Crypto Init/shutdown
+ *
+ ********************************************************************/
+#define xmlSecCryptoInit xmlSecNssInit
+#define xmlSecCryptoShutdown xmlSecNssShutdown
+
+#define xmlSecCryptoKeysMngrInit xmlSecNssKeysMngrInit
+
+/********************************************************************
+ *
+ * Key data ids
+ *
+ ********************************************************************/
+#define xmlSecKeyDataAesId xmlSecNssKeyDataAesId
+#define xmlSecKeyDataDesId xmlSecNssKeyDataDesId
+#define xmlSecKeyDataDsaId xmlSecNssKeyDataDsaId
+#define xmlSecKeyDataHmacId xmlSecNssKeyDataHmacId
+#define xmlSecKeyDataRsaId xmlSecNssKeyDataRsaId
+#define xmlSecKeyDataX509Id xmlSecNssKeyDataX509Id
+#define xmlSecKeyDataRawX509CertId xmlSecNssKeyDataRawX509CertId
+
+/********************************************************************
+ *
+ * Key data store ids
+ *
+ ********************************************************************/
+#define xmlSecX509StoreId xmlSecNssX509StoreId
+
+/********************************************************************
+ *
+ * Crypto transforms ids
+ *
+ ********************************************************************/
+#define xmlSecTransformAes128CbcId xmlSecNssTransformAes128CbcId
+#define xmlSecTransformAes192CbcId xmlSecNssTransformAes192CbcId
+#define xmlSecTransformAes256CbcId xmlSecNssTransformAes256CbcId
+#define xmlSecTransformKWAes128Id xmlSecNssTransformKWAes128Id
+#define xmlSecTransformKWAes192Id xmlSecNssTransformKWAes192Id
+#define xmlSecTransformKWAes256Id xmlSecNssTransformKWAes256Id
+#define xmlSecTransformDes3CbcId xmlSecNssTransformDes3CbcId
+#define xmlSecTransformKWDes3Id xmlSecNssTransformKWDes3Id
+#define xmlSecTransformDsaSha1Id xmlSecNssTransformDsaSha1Id
+#define xmlSecTransformHmacMd5Id xmlSecNssTransformHmacMd5Id
+#define xmlSecTransformHmacRipemd160Id xmlSecNssTransformHmacRipemd160Id
+#define xmlSecTransformHmacSha1Id xmlSecNssTransformHmacSha1Id
+#define xmlSecTransformRipemd160Id xmlSecNssTransformRipemd160Id
+#define xmlSecTransformRsaSha1Id xmlSecNssTransformRsaSha1Id
+#define xmlSecTransformRsaPkcs1Id xmlSecNssTransformRsaPkcs1Id
+#define xmlSecTransformRsaOaepId xmlSecNssTransformRsaOaepId
+#define xmlSecTransformSha1Id xmlSecNssTransformSha1Id
+
+/********************************************************************
+ *
+ * High level routines form xmlsec command line utility
+ *
+ ********************************************************************/
+#define xmlSecCryptoAppInit xmlSecNssAppInit
+#define xmlSecCryptoAppShutdown xmlSecNssAppShutdown
+#define xmlSecCryptoAppDefaultKeysMngrInit xmlSecNssAppDefaultKeysMngrInit
+#define xmlSecCryptoAppDefaultKeysMngrAdoptKey xmlSecNssAppDefaultKeysMngrAdoptKey
+#define xmlSecCryptoAppDefaultKeysMngrLoad xmlSecNssAppDefaultKeysMngrLoad
+#define xmlSecCryptoAppDefaultKeysMngrSave xmlSecNssAppDefaultKeysMngrSave
+#define xmlSecCryptoAppKeysMngrCertLoad xmlSecNssAppKeysMngrCertLoad
+#define xmlSecCryptoAppKeysMngrCertLoadMemory xmlSecNssAppKeysMngrCertLoadMemory
+#define xmlSecCryptoAppKeyLoad xmlSecNssAppKeyLoad
+#define xmlSecCryptoAppPkcs12Load xmlSecNssAppPkcs12Load
+#define xmlSecCryptoAppKeyCertLoad xmlSecNssAppKeyCertLoad
+#define xmlSecCryptoAppKeyLoadMemory xmlSecNssAppKeyLoadMemory
+#define xmlSecCryptoAppPkcs12LoadMemory xmlSecNssAppPkcs12LoadMemory
+#define xmlSecCryptoAppKeyCertLoadMemory xmlSecNssAppKeyCertLoadMemory
+#define xmlSecCryptoAppGetDefaultPwdCallback xmlSecNssAppGetDefaultPwdCallback
+
+#endif /* XMLSEC_CRYPTO_NSS */
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_NSS_CRYPTO_H__ */
+
+#define __XMLSEC_NSS_CRYPTO_H__
diff --git a/include/xmlsec/nss/x509.h b/include/xmlsec/nss/x509.h
new file mode 100644
index 00000000..fe5ceb4a
--- /dev/null
+++ b/include/xmlsec/nss/x509.h
@@ -0,0 +1,91 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (c) 2003 America Online, Inc. All rights reserved.
+ */
+#ifndef __XMLSEC_NSS_X509_H__
+#define __XMLSEC_NSS_X509_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#ifndef XMLSEC_NO_X509
+
+#include <nspr.h>
+#include <nss.h>
+#include <cert.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+
+/**
+ * xmlSecNssKeyDataX509Id:
+ *
+ * The NSS X509 data klass.
+ */
+#define xmlSecNssKeyDataX509Id \
+ xmlSecNssKeyDataX509GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecNssKeyDataX509GetKlass(void);
+
+XMLSEC_CRYPTO_EXPORT CERTCertificate* xmlSecNssKeyDataX509GetKeyCert(xmlSecKeyDataPtr data);
+XMLSEC_CRYPTO_EXPORT int xmlSecNssKeyDataX509AdoptKeyCert(xmlSecKeyDataPtr data,
+ CERTCertificate* cert);
+
+XMLSEC_CRYPTO_EXPORT int xmlSecNssKeyDataX509AdoptCert(xmlSecKeyDataPtr data,
+ CERTCertificate* cert);
+XMLSEC_CRYPTO_EXPORT CERTCertificate* xmlSecNssKeyDataX509GetCert (xmlSecKeyDataPtr data,
+ xmlSecSize pos);
+XMLSEC_CRYPTO_EXPORT xmlSecSize xmlSecNssKeyDataX509GetCertsSize(xmlSecKeyDataPtr data);
+
+XMLSEC_CRYPTO_EXPORT int xmlSecNssKeyDataX509AdoptCrl(xmlSecKeyDataPtr data,
+ CERTSignedCrl* crl);
+XMLSEC_CRYPTO_EXPORT CERTSignedCrl* xmlSecNssKeyDataX509GetCrl (xmlSecKeyDataPtr data,
+ xmlSecSize pos);
+XMLSEC_CRYPTO_EXPORT xmlSecSize xmlSecNssKeyDataX509GetCrlsSize(xmlSecKeyDataPtr data);
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecNssX509CertGetKey (CERTCertificate* cert);
+
+
+/**
+ * xmlSecNssKeyDataRawX509CertId:
+ *
+ * The NSS raw X509 certificate klass.
+ */
+#define xmlSecNssKeyDataRawX509CertId \
+ xmlSecNssKeyDataRawX509CertGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecNssKeyDataRawX509CertGetKlass(void);
+
+/**
+ * xmlSecNssX509StoreId:
+ *
+ * The NSS X509 store klass.
+ */
+#define xmlSecNssX509StoreId \
+ xmlSecNssX509StoreGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataStoreId xmlSecNssX509StoreGetKlass(void);
+XMLSEC_CRYPTO_EXPORT CERTCertificate* xmlSecNssX509StoreFindCert (xmlSecKeyDataStorePtr store,
+ xmlChar *subjectName,
+ xmlChar *issuerName,
+ xmlChar *issuerSerial,
+ xmlChar *ski,
+ xmlSecKeyInfoCtx* keyInfoCtx);
+
+XMLSEC_CRYPTO_EXPORT CERTCertificate* xmlSecNssX509StoreVerify (xmlSecKeyDataStorePtr store,
+ CERTCertList* certs,
+ xmlSecKeyInfoCtx* keyInfoCtx);
+XMLSEC_CRYPTO_EXPORT int xmlSecNssX509StoreAdoptCert (xmlSecKeyDataStorePtr store,
+ CERTCertificate* cert,
+ xmlSecKeyDataType type);
+
+
+#endif /* XMLSEC_NO_X509 */
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_NSS_X509_H__ */
diff --git a/include/xmlsec/openssl/Makefile.am b/include/xmlsec/openssl/Makefile.am
new file mode 100644
index 00000000..a7e0be57
--- /dev/null
+++ b/include/xmlsec/openssl/Makefile.am
@@ -0,0 +1,16 @@
+NULL =
+
+xmlsecopensslincdir = $(includedir)/xmlsec1/xmlsec/openssl
+
+xmlsecopensslinc_HEADERS = \
+app.h \
+bn.h \
+crypto.h \
+evp.h \
+symbols.h \
+x509.h \
+$(NULL)
+
+install-exec-hook:
+ $(mkinstalldirs) $(DESTDIR)$(xmlsecopensslincdir)
+
diff --git a/include/xmlsec/openssl/Makefile.in b/include/xmlsec/openssl/Makefile.in
new file mode 100644
index 00000000..eade143d
--- /dev/null
+++ b/include/xmlsec/openssl/Makefile.in
@@ -0,0 +1,567 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = include/xmlsec/openssl
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(xmlsecopensslinc_HEADERS)
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(xmlsecopensslincdir)"
+HEADERS = $(xmlsecopensslinc_HEADERS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CP = @CP@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GCRYPT_CFLAGS = @GCRYPT_CFLAGS@
+GCRYPT_CRYPTO_LIB = @GCRYPT_CRYPTO_LIB@
+GCRYPT_LIBS = @GCRYPT_LIBS@
+GCRYPT_MIN_VERSION = @GCRYPT_MIN_VERSION@
+GNUTLS_CFLAGS = @GNUTLS_CFLAGS@
+GNUTLS_CRYPTO_LIB = @GNUTLS_CRYPTO_LIB@
+GNUTLS_LIBS = @GNUTLS_LIBS@
+GNUTLS_MIN_VERSION = @GNUTLS_MIN_VERSION@
+GREP = @GREP@
+HELP2MAN = @HELP2MAN@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIBXML_CFLAGS = @LIBXML_CFLAGS@
+LIBXML_CONFIG = @LIBXML_CONFIG@
+LIBXML_LIBS = @LIBXML_LIBS@
+LIBXML_MIN_VERSION = @LIBXML_MIN_VERSION@
+LIBXSLT_CFLAGS = @LIBXSLT_CFLAGS@
+LIBXSLT_CONFIG = @LIBXSLT_CONFIG@
+LIBXSLT_LIBS = @LIBXSLT_LIBS@
+LIBXSLT_MIN_VERSION = @LIBXSLT_MIN_VERSION@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MAN2HTML = @MAN2HTML@
+MKDIR_P = @MKDIR_P@
+MOZILLA_MIN_VERSION = @MOZILLA_MIN_VERSION@
+MSCRYPTO_CFLAGS = @MSCRYPTO_CFLAGS@
+MSCRYPTO_CRYPTO_LIB = @MSCRYPTO_CRYPTO_LIB@
+MSCRYPTO_LIBS = @MSCRYPTO_LIBS@
+MV = @MV@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NSPR_MIN_VERSION = @NSPR_MIN_VERSION@
+NSPR_PACKAGE = @NSPR_PACKAGE@
+NSS_CFLAGS = @NSS_CFLAGS@
+NSS_CRYPTO_LIB = @NSS_CRYPTO_LIB@
+NSS_LIBS = @NSS_LIBS@
+NSS_MIN_VERSION = @NSS_MIN_VERSION@
+NSS_PACKAGE = @NSS_PACKAGE@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_CFLAGS = @OPENSSL_CFLAGS@
+OPENSSL_CRYPTO_LIB = @OPENSSL_CRYPTO_LIB@
+OPENSSL_LIBS = @OPENSSL_LIBS@
+OPENSSL_MIN_VERSION = @OPENSSL_MIN_VERSION@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKGCONFIG_PRESENT = @PKGCONFIG_PRESENT@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+RANLIB = @RANLIB@
+RM = @RM@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+TAR = @TAR@
+U = @U@
+VERSION = @VERSION@
+XMLSEC_APP_DEFINES = @XMLSEC_APP_DEFINES@
+XMLSEC_CFLAGS = @XMLSEC_CFLAGS@
+XMLSEC_CORE_CFLAGS = @XMLSEC_CORE_CFLAGS@
+XMLSEC_CORE_LIBS = @XMLSEC_CORE_LIBS@
+XMLSEC_CRYPTO = @XMLSEC_CRYPTO@
+XMLSEC_CRYPTO_CFLAGS = @XMLSEC_CRYPTO_CFLAGS@
+XMLSEC_CRYPTO_DISABLED_LIST = @XMLSEC_CRYPTO_DISABLED_LIST@
+XMLSEC_CRYPTO_EXTRA_LDFLAGS = @XMLSEC_CRYPTO_EXTRA_LDFLAGS@
+XMLSEC_CRYPTO_LIB = @XMLSEC_CRYPTO_LIB@
+XMLSEC_CRYPTO_LIBS = @XMLSEC_CRYPTO_LIBS@
+XMLSEC_CRYPTO_LIST = @XMLSEC_CRYPTO_LIST@
+XMLSEC_CRYPTO_PC_FILES_LIST = @XMLSEC_CRYPTO_PC_FILES_LIST@
+XMLSEC_DEFINES = @XMLSEC_DEFINES@
+XMLSEC_DL_INCLUDES = @XMLSEC_DL_INCLUDES@
+XMLSEC_DL_LIBS = @XMLSEC_DL_LIBS@
+XMLSEC_DOCDIR = @XMLSEC_DOCDIR@
+XMLSEC_EXTRA_LDFLAGS = @XMLSEC_EXTRA_LDFLAGS@
+XMLSEC_GCRYPT_CFLAGS = @XMLSEC_GCRYPT_CFLAGS@
+XMLSEC_GCRYPT_LIBS = @XMLSEC_GCRYPT_LIBS@
+XMLSEC_GNUTLS_CFLAGS = @XMLSEC_GNUTLS_CFLAGS@
+XMLSEC_GNUTLS_LIBS = @XMLSEC_GNUTLS_LIBS@
+XMLSEC_LIBDIR = @XMLSEC_LIBDIR@
+XMLSEC_LIBS = @XMLSEC_LIBS@
+XMLSEC_NO_AES = @XMLSEC_NO_AES@
+XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_DES = @XMLSEC_NO_DES@
+XMLSEC_NO_DSA = @XMLSEC_NO_DSA@
+XMLSEC_NO_GCRYPT = @XMLSEC_NO_GCRYPT@
+XMLSEC_NO_GNUTLS = @XMLSEC_NO_GNUTLS@
+XMLSEC_NO_GOST = @XMLSEC_NO_GOST@
+XMLSEC_NO_HMAC = @XMLSEC_NO_HMAC@
+XMLSEC_NO_LIBXSLT = @XMLSEC_NO_LIBXSLT@
+XMLSEC_NO_MD5 = @XMLSEC_NO_MD5@
+XMLSEC_NO_MSCRYPTO = @XMLSEC_NO_MSCRYPTO@
+XMLSEC_NO_NSS = @XMLSEC_NO_NSS@
+XMLSEC_NO_OPENSSL = @XMLSEC_NO_OPENSSL@
+XMLSEC_NO_RIPEMD160 = @XMLSEC_NO_RIPEMD160@
+XMLSEC_NO_RSA = @XMLSEC_NO_RSA@
+XMLSEC_NO_SHA1 = @XMLSEC_NO_SHA1@
+XMLSEC_NO_SHA224 = @XMLSEC_NO_SHA224@
+XMLSEC_NO_SHA256 = @XMLSEC_NO_SHA256@
+XMLSEC_NO_SHA384 = @XMLSEC_NO_SHA384@
+XMLSEC_NO_SHA512 = @XMLSEC_NO_SHA512@
+XMLSEC_NO_X509 = @XMLSEC_NO_X509@
+XMLSEC_NO_XKMS = @XMLSEC_NO_XKMS@
+XMLSEC_NO_XMLDSIG = @XMLSEC_NO_XMLDSIG@
+XMLSEC_NO_XMLENC = @XMLSEC_NO_XMLENC@
+XMLSEC_NSS_CFLAGS = @XMLSEC_NSS_CFLAGS@
+XMLSEC_NSS_LIBS = @XMLSEC_NSS_LIBS@
+XMLSEC_OPENSSL_CFLAGS = @XMLSEC_OPENSSL_CFLAGS@
+XMLSEC_OPENSSL_LIBS = @XMLSEC_OPENSSL_LIBS@
+XMLSEC_PACKAGE = @XMLSEC_PACKAGE@
+XMLSEC_STATIC_BINARIES = @XMLSEC_STATIC_BINARIES@
+XMLSEC_VERSION = @XMLSEC_VERSION@
+XMLSEC_VERSION_INFO = @XMLSEC_VERSION_INFO@
+XMLSEC_VERSION_MAJOR = @XMLSEC_VERSION_MAJOR@
+XMLSEC_VERSION_MINOR = @XMLSEC_VERSION_MINOR@
+XMLSEC_VERSION_SAFE = @XMLSEC_VERSION_SAFE@
+XMLSEC_VERSION_SUBMINOR = @XMLSEC_VERSION_SUBMINOR@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+NULL =
+xmlsecopensslincdir = $(includedir)/xmlsec1/xmlsec/openssl
+xmlsecopensslinc_HEADERS = \
+app.h \
+bn.h \
+crypto.h \
+evp.h \
+symbols.h \
+x509.h \
+$(NULL)
+
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu include/xmlsec/openssl/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu include/xmlsec/openssl/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-xmlsecopensslincHEADERS: $(xmlsecopensslinc_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(xmlsecopensslincdir)" || $(MKDIR_P) "$(DESTDIR)$(xmlsecopensslincdir)"
+ @list='$(xmlsecopensslinc_HEADERS)'; test -n "$(xmlsecopensslincdir)" || list=; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(xmlsecopensslincdir)'"; \
+ $(INSTALL_HEADER) $$files "$(DESTDIR)$(xmlsecopensslincdir)" || exit $$?; \
+ done
+
+uninstall-xmlsecopensslincHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(xmlsecopensslinc_HEADERS)'; test -n "$(xmlsecopensslincdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ test -n "$$files" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(xmlsecopensslincdir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(xmlsecopensslincdir)" && rm -f $$files
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(HEADERS)
+installdirs:
+ for dir in "$(DESTDIR)$(xmlsecopensslincdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-xmlsecopensslincHEADERS
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-xmlsecopensslincHEADERS
+
+.MAKE: install-am install-exec-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool ctags distclean distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-exec-hook install-html install-html-am \
+ install-info install-info-am install-man install-pdf \
+ install-pdf-am install-ps install-ps-am install-strip \
+ install-xmlsecopensslincHEADERS installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
+ ps ps-am tags uninstall uninstall-am \
+ uninstall-xmlsecopensslincHEADERS
+
+
+install-exec-hook:
+ $(mkinstalldirs) $(DESTDIR)$(xmlsecopensslincdir)
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/include/xmlsec/openssl/app.h b/include/xmlsec/openssl/app.h
new file mode 100644
index 00000000..2fd70e8e
--- /dev/null
+++ b/include/xmlsec/openssl/app.h
@@ -0,0 +1,128 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_OPENSSL_APP_H__
+#define __XMLSEC_OPENSSL_APP_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <openssl/pem.h>
+#include <openssl/bio.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/transforms.h>
+
+/********************************************************************
+ *
+ * Init/shutdown
+ *
+ ********************************************************************/
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLAppInit (const char* config);
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLAppShutdown (void);
+
+/********************************************************************
+ *
+ * Keys Manager
+ *
+ *******************************************************************/
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr);
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr,
+ xmlSecKeyPtr key);
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLAppDefaultKeysMngrLoad(xmlSecKeysMngrPtr mngr,
+ const char* uri);
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLAppDefaultKeysMngrSave(xmlSecKeysMngrPtr mngr,
+ const char* filename,
+ xmlSecKeyDataType type);
+#ifndef XMLSEC_NO_X509
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr,
+ const char *filename,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type);
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type);
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLAppKeysMngrCertLoadBIO(xmlSecKeysMngrPtr mngr,
+ BIO* bio,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type);
+
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLAppKeysMngrAddCertsPath(xmlSecKeysMngrPtr mngr,
+ const char *path);
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLAppKeysMngrAddCertsFile(xmlSecKeysMngrPtr mngr,
+ const char *file);
+
+#endif /* XMLSEC_NO_X509 */
+
+
+/********************************************************************
+ *
+ * Keys
+ *
+ ********************************************************************/
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecOpenSSLAppKeyLoad (const char *filename,
+ xmlSecKeyDataFormat format,
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx);
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecOpenSSLAppKeyLoadMemory (const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format,
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx);
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecOpenSSLAppKeyLoadBIO (BIO* bio,
+ xmlSecKeyDataFormat format,
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx);
+
+#ifndef XMLSEC_NO_X509
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecOpenSSLAppPkcs12Load (const char* filename,
+ const char* pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx);
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecOpenSSLAppPkcs12LoadMemory(const xmlSecByte* data,
+ xmlSecSize dataSize,
+ const char* pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx);
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecOpenSSLAppPkcs12LoadBIO (BIO* bio,
+ const char* pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx);
+
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLAppKeyCertLoad (xmlSecKeyPtr key,
+ const char* filename,
+ xmlSecKeyDataFormat format);
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLAppKeyCertLoadMemory(xmlSecKeyPtr key,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format);
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLAppKeyCertLoadBIO (xmlSecKeyPtr key,
+ BIO* bio,
+ xmlSecKeyDataFormat format);
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecOpenSSLAppKeyFromCertLoadBIO(BIO* bio,
+ xmlSecKeyDataFormat format);
+#endif /* XMLSEC_NO_X509 */
+
+XMLSEC_CRYPTO_EXPORT void* xmlSecOpenSSLAppGetDefaultPwdCallback(void);
+
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_OPENSSL_APP_H__ */
+
+
diff --git a/include/xmlsec/openssl/bn.h b/include/xmlsec/openssl/bn.h
new file mode 100644
index 00000000..bdb9c7cb
--- /dev/null
+++ b/include/xmlsec/openssl/bn.h
@@ -0,0 +1,35 @@
+/**
+ * XMLSec library
+ *
+ * Reading/writing BIGNUM values
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_BN_H__
+#define __XMLSEC_BN_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <openssl/bn.h>
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+
+XMLSEC_CRYPTO_EXPORT BIGNUM* xmlSecOpenSSLNodeGetBNValue (const xmlNodePtr cur,
+ BIGNUM **a);
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLNodeSetBNValue (xmlNodePtr cur,
+ const BIGNUM *a,
+ int addLineBreaks);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_BN_H__ */
+
diff --git a/include/xmlsec/openssl/crypto.h b/include/xmlsec/openssl/crypto.h
new file mode 100644
index 00000000..78f907a4
--- /dev/null
+++ b/include/xmlsec/openssl/crypto.h
@@ -0,0 +1,561 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_OPENSSL_CRYPTO_H__
+#define __XMLSEC_OPENSSL_CRYPTO_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/dl.h>
+
+#include <openssl/err.h>
+
+XMLSEC_CRYPTO_EXPORT xmlSecCryptoDLFunctionsPtr xmlSecCryptoGetFunctions_openssl(void);
+
+/********************************************************************
+ *
+ * Init shutdown
+ *
+ ********************************************************************/
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLInit (void);
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLShutdown (void);
+
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLKeysMngrInit (xmlSecKeysMngrPtr mngr);
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLGenerateRandom (xmlSecBufferPtr buffer,
+ xmlSecSize size);
+
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLSetDefaultTrustedCertsFolder(const xmlChar* path);
+XMLSEC_CRYPTO_EXPORT const xmlChar* xmlSecOpenSSLGetDefaultTrustedCertsFolder(void);
+
+/********************************************************************
+ *
+ * AES transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_AES
+/**
+ * xmlSecOpenSSLKeyDataAesId:
+ *
+ * The AES key klass.
+ */
+#define xmlSecOpenSSLKeyDataAesId \
+ xmlSecOpenSSLKeyDataAesGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecOpenSSLKeyDataAesGetKlass (void);
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLKeyDataAesSet (xmlSecKeyDataPtr data,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize);
+/**
+ * xmlSecOpenSSLTransformAes128CbcId:
+ *
+ * The AES128 CBC cipher transform klass.
+ */
+#define xmlSecOpenSSLTransformAes128CbcId \
+ xmlSecOpenSSLTransformAes128CbcGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformAes128CbcGetKlass(void);
+
+/**
+ * xmlSecOpenSSLTransformAes192CbcId:
+ *
+ * The AES192 CBC cipher transform klass.
+ */
+#define xmlSecOpenSSLTransformAes192CbcId \
+ xmlSecOpenSSLTransformAes192CbcGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformAes192CbcGetKlass(void);
+
+/**
+ * xmlSecOpenSSLTransformAes256CbcId:
+ *
+ * The AES256 CBC cipher transform klass.
+ */
+#define xmlSecOpenSSLTransformAes256CbcId \
+ xmlSecOpenSSLTransformAes256CbcGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformAes256CbcGetKlass(void);
+
+/**
+ * xmlSecOpenSSLTransformKWAes128Id:
+ *
+ * The AES 128 key wrap transform klass.
+ */
+#define xmlSecOpenSSLTransformKWAes128Id \
+ xmlSecOpenSSLTransformKWAes128GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformKWAes128GetKlass(void);
+
+/**
+ * xmlSecOpenSSLTransformKWAes192Id:
+ *
+ * The AES 192 key wrap transform klass.
+ */
+#define xmlSecOpenSSLTransformKWAes192Id \
+ xmlSecOpenSSLTransformKWAes192GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformKWAes192GetKlass(void);
+
+/**
+ * xmlSecOpenSSLTransformKWAes256Id:
+ *
+ * The AES 256 key wrap transform klass.
+ */
+#define xmlSecOpenSSLTransformKWAes256Id \
+ xmlSecOpenSSLTransformKWAes256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformKWAes256GetKlass(void);
+
+#endif /* XMLSEC_NO_AES */
+
+/********************************************************************
+ *
+ * DES transform
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_DES
+/**
+ * xmlSecOpenSSLKeyDataDesId:
+ *
+ * The DES key klass.
+ */
+#define xmlSecOpenSSLKeyDataDesId \
+ xmlSecOpenSSLKeyDataDesGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecOpenSSLKeyDataDesGetKlass (void);
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLKeyDataDesSet (xmlSecKeyDataPtr data,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize);
+/**
+ * xmlSecOpenSSLTransformDes3CbcId:
+ *
+ * The DES3 CBC cipher transform klass.
+ */
+#define xmlSecOpenSSLTransformDes3CbcId \
+ xmlSecOpenSSLTransformDes3CbcGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformDes3CbcGetKlass(void);
+
+/**
+ * xmlSecOpenSSLTransformKWDes3Id:
+ *
+ * The DES3 KW transform klass.
+ */
+#define xmlSecOpenSSLTransformKWDes3Id \
+ xmlSecOpenSSLTransformKWDes3GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformKWDes3GetKlass(void);
+
+#endif /* XMLSEC_NO_DES */
+
+/********************************************************************
+ *
+ * DSA transform
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_DSA
+#include <openssl/dsa.h>
+#include <openssl/evp.h>
+
+/**
+ * xmlSecOpenSSLKeyDataDsaId:
+ *
+ * The DSA key klass.
+ */
+#define xmlSecOpenSSLKeyDataDsaId \
+ xmlSecOpenSSLKeyDataDsaGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecOpenSSLKeyDataDsaGetKlass (void);
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLKeyDataDsaAdoptDsa (xmlSecKeyDataPtr data,
+ DSA* dsa);
+XMLSEC_CRYPTO_EXPORT DSA* xmlSecOpenSSLKeyDataDsaGetDsa (xmlSecKeyDataPtr data);
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLKeyDataDsaAdoptEvp (xmlSecKeyDataPtr data,
+ EVP_PKEY* pKey);
+XMLSEC_CRYPTO_EXPORT EVP_PKEY* xmlSecOpenSSLKeyDataDsaGetEvp (xmlSecKeyDataPtr data);
+
+#ifndef XMLSEC_NO_SHA1
+/**
+ * xmlSecOpenSSLTransformDsaSha1Id:
+ *
+ * The DSA SHA1 signature transform klass.
+ */
+#define xmlSecOpenSSLTransformDsaSha1Id \
+ xmlSecOpenSSLTransformDsaSha1GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformDsaSha1GetKlass(void);
+#endif /* XMLSEC_NO_SHA1 */
+
+#endif /* XMLSEC_NO_DSA */
+
+/********************************************************************
+ *
+ * HMAC transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_HMAC
+
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLHmacGetMinOutputLength(void);
+XMLSEC_CRYPTO_EXPORT void xmlSecOpenSSLHmacSetMinOutputLength(int min_length);
+
+/**
+ * xmlSecOpenSSLKeyDataHmacId:
+ *
+ * The DHMAC key klass.
+ */
+#define xmlSecOpenSSLKeyDataHmacId \
+ xmlSecOpenSSLKeyDataHmacGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecOpenSSLKeyDataHmacGetKlass(void);
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLKeyDataHmacSet (xmlSecKeyDataPtr data,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize);
+
+#ifndef XMLSEC_NO_MD5
+/**
+ * xmlSecOpenSSLTransformHmacMd5Id:
+ *
+ * The HMAC with MD5 signature transform klass.
+ */
+#define xmlSecOpenSSLTransformHmacMd5Id \
+ xmlSecOpenSSLTransformHmacMd5GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformHmacMd5GetKlass(void);
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+/**
+ * xmlSecOpenSSLTransformHmacRipemd160Id:
+ *
+ * The HMAC with RipeMD160 signature transform klass.
+ */
+#define xmlSecOpenSSLTransformHmacRipemd160Id \
+ xmlSecOpenSSLTransformHmacRipemd160GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformHmacRipemd160GetKlass(void);
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+/**
+ * xmlSecOpenSSLTransformHmacSha1Id:
+ *
+ * The HMAC with SHA1 signature transform klass.
+ */
+#define xmlSecOpenSSLTransformHmacSha1Id \
+ xmlSecOpenSSLTransformHmacSha1GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformHmacSha1GetKlass(void);
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+/**
+ * xmlSecOpenSSLTransformHmacSha224Id:
+ *
+ * The HMAC with SHA224 signature transform klass.
+ */
+#define xmlSecOpenSSLTransformHmacSha224Id \
+ xmlSecOpenSSLTransformHmacSha224GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformHmacSha224GetKlass(void);
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+/**
+ * xmlSecOpenSSLTransformHmacSha256Id:
+ *
+ * The HMAC with SHA256 signature transform klass.
+ */
+#define xmlSecOpenSSLTransformHmacSha256Id \
+ xmlSecOpenSSLTransformHmacSha256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformHmacSha256GetKlass(void);
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/**
+ * xmlSecOpenSSLTransformHmacSha384Id:
+ *
+ * The HMAC with SHA384 signature transform klass.
+ */
+#define xmlSecOpenSSLTransformHmacSha384Id \
+ xmlSecOpenSSLTransformHmacSha384GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformHmacSha384GetKlass(void);
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/**
+ * xmlSecOpenSSLTransformHmacSha512Id:
+ *
+ * The HMAC with SHA512 signature transform klass.
+ */
+#define xmlSecOpenSSLTransformHmacSha512Id \
+ xmlSecOpenSSLTransformHmacSha512GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformHmacSha512GetKlass(void);
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_HMAC */
+
+/********************************************************************
+ *
+ * Md5 transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_MD5
+/**
+ * xmlSecOpenSSLTransformMd5Id:
+ *
+ * The MD5 digest transform klass.
+ */
+#define xmlSecOpenSSLTransformMd5Id \
+ xmlSecOpenSSLTransformMd5GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformMd5GetKlass(void);
+#endif /* XMLSEC_NO_MD5 */
+
+
+/********************************************************************
+ *
+ * RipeMD160 transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_RIPEMD160
+/**
+ * xmlSecOpenSSLTransformRipemd160Id:
+ *
+ * The RIPEMD160 digest transform klass.
+ */
+#define xmlSecOpenSSLTransformRipemd160Id \
+ xmlSecOpenSSLTransformRipemd160GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformRipemd160GetKlass(void);
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+/********************************************************************
+ *
+ * RSA transforms
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_RSA
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+
+/**
+ * xmlSecOpenSSLKeyDataRsaId:
+ *
+ * The RSA key klass.
+ */
+#define xmlSecOpenSSLKeyDataRsaId \
+ xmlSecOpenSSLKeyDataRsaGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecOpenSSLKeyDataRsaGetKlass (void);
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLKeyDataRsaAdoptRsa (xmlSecKeyDataPtr data,
+ RSA* rsa);
+XMLSEC_CRYPTO_EXPORT RSA* xmlSecOpenSSLKeyDataRsaGetRsa (xmlSecKeyDataPtr data);
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLKeyDataRsaAdoptEvp (xmlSecKeyDataPtr data,
+ EVP_PKEY* pKey);
+XMLSEC_CRYPTO_EXPORT EVP_PKEY* xmlSecOpenSSLKeyDataRsaGetEvp (xmlSecKeyDataPtr data);
+
+#ifndef XMLSEC_NO_MD5
+/**
+ * xmlSecOpenSSLTransformRsaMd5Id:
+ *
+ * The RSA-MD5 signature transform klass.
+ */
+#define xmlSecOpenSSLTransformRsaMd5Id \
+ xmlSecOpenSSLTransformRsaMd5GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformRsaMd5GetKlass(void);
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+/**
+ * xmlSecOpenSSLTransformRsaRipemd160Id:
+ *
+ * The RSA-RIPEMD160 signature transform klass.
+ */
+#define xmlSecOpenSSLTransformRsaRipemd160Id \
+ xmlSecOpenSSLTransformRsaRipemd160GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformRsaRipemd160GetKlass(void);
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+/**
+ * xmlSecOpenSSLTransformRsaSha1Id:
+ *
+ * The RSA-SHA1 signature transform klass.
+ */
+#define xmlSecOpenSSLTransformRsaSha1Id \
+ xmlSecOpenSSLTransformRsaSha1GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformRsaSha1GetKlass(void);
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+/**
+ * xmlSecOpenSSLTransformRsaSha224Id:
+ *
+ * The RSA-SHA224 signature transform klass.
+ */
+#define xmlSecOpenSSLTransformRsaSha224Id \
+ xmlSecOpenSSLTransformRsaSha224GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformRsaSha224GetKlass(void);
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+/**
+ * xmlSecOpenSSLTransformRsaSha256Id:
+ *
+ * The RSA-SHA256 signature transform klass.
+ */
+#define xmlSecOpenSSLTransformRsaSha256Id \
+ xmlSecOpenSSLTransformRsaSha256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformRsaSha256GetKlass(void);
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/**
+ * xmlSecOpenSSLTransformRsaSha384Id:
+ *
+ * The RSA-SHA384 signature transform klass.
+ */
+#define xmlSecOpenSSLTransformRsaSha384Id \
+ xmlSecOpenSSLTransformRsaSha384GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformRsaSha384GetKlass(void);
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/**
+ * xmlSecOpenSSLTransformRsaSha512Id:
+ *
+ * The RSA-SHA512 signature transform klass.
+ */
+#define xmlSecOpenSSLTransformRsaSha512Id \
+ xmlSecOpenSSLTransformRsaSha512GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformRsaSha512GetKlass(void);
+#endif /* XMLSEC_NO_SHA512 */
+
+/**
+ * xmlSecOpenSSLTransformRsaPkcs1Id:
+ *
+ * The RSA PKCS1 key transport transform klass.
+ */
+#define xmlSecOpenSSLTransformRsaPkcs1Id \
+ xmlSecOpenSSLTransformRsaPkcs1GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformRsaPkcs1GetKlass(void);
+
+/**
+ * xmlSecOpenSSLTransformRsaOaepId:
+ *
+ * The RSA PKCS1 key transport transform klass.
+ */
+#define xmlSecOpenSSLTransformRsaOaepId \
+ xmlSecOpenSSLTransformRsaOaepGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformRsaOaepGetKlass(void);
+
+#endif /* XMLSEC_NO_RSA */
+
+
+/********************************************************************
+ *
+ * SHA1 transform
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_SHA1
+/**
+ * xmlSecOpenSSLTransformSha1Id:
+ *
+ * The SHA1 digest transform klass.
+ */
+#define xmlSecOpenSSLTransformSha1Id \
+ xmlSecOpenSSLTransformSha1GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformSha1GetKlass(void);
+#endif /* XMLSEC_NO_SHA1 */
+
+
+/********************************************************************
+ *
+ * SHA224 transform
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_SHA224
+/**
+ * xmlSecOpenSSLTransformSha224Id:
+ *
+ * The SHA224 digest transform klass.
+ */
+#define xmlSecOpenSSLTransformSha224Id \
+ xmlSecOpenSSLTransformSha224GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformSha224GetKlass(void);
+#endif /* XMLSEC_NO_SHA224 */
+
+
+/********************************************************************
+ *
+ * SHA256 transform
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_SHA256
+/**
+ * xmlSecOpenSSLTransformSha256Id:
+ *
+ * The SHA256 digest transform klass.
+ */
+#define xmlSecOpenSSLTransformSha256Id \
+ xmlSecOpenSSLTransformSha256GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformSha256GetKlass(void);
+#endif /* XMLSEC_NO_SHA256 */
+
+/********************************************************************
+ *
+ * SHA384 transform
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_SHA384
+/**
+ * xmlSecOpenSSLTransformSha384Id:
+ *
+ * The SHA384 digest transform klass.
+ */
+#define xmlSecOpenSSLTransformSha384Id \
+ xmlSecOpenSSLTransformSha384GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformSha384GetKlass(void);
+#endif /* XMLSEC_NO_SHA384 */
+
+/********************************************************************
+ *
+ * SHA512 transform
+ *
+ *******************************************************************/
+#ifndef XMLSEC_NO_SHA512
+/**
+ * xmlSecOpenSSLTransformSha512Id:
+ *
+ * The SHA512 digest transform klass.
+ */
+#define xmlSecOpenSSLTransformSha512Id \
+ xmlSecOpenSSLTransformSha512GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecTransformId xmlSecOpenSSLTransformSha512GetKlass(void);
+#endif /* XMLSEC_NO_SHA512 */
+
+
+
+
+/**************************************************************
+ *
+ * Error constants for OpenSSL
+ *
+ *************************************************************/
+/**
+ * XMLSEC_OPENSSL_ERRORS_LIB:
+ *
+ * Macro. The XMLSec library klass for OpenSSL errors reporting functions.
+ */
+#define XMLSEC_OPENSSL_ERRORS_LIB (ERR_LIB_USER + 57)
+
+/**
+ * XMLSEC_OPENSSL_ERRORS_FUNCTION:
+ *
+ * Macro. The XMLSec library functions OpenSSL errors reporting functions.
+ */
+#define XMLSEC_OPENSSL_ERRORS_FUNCTION 0
+
+XMLSEC_CRYPTO_EXPORT void xmlSecOpenSSLErrorsDefaultCallback (const char* file,
+ int line,
+ const char* func,
+ const char* errorObject,
+ const char* errorSubject,
+ int reason,
+ const char* msg);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_OPENSSL_CRYPTO_H__ */
+
+#define __XMLSEC_OPENSSL_CRYPTO_H__
diff --git a/include/xmlsec/openssl/evp.h b/include/xmlsec/openssl/evp.h
new file mode 100644
index 00000000..30db8f43
--- /dev/null
+++ b/include/xmlsec/openssl/evp.h
@@ -0,0 +1,44 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_OPENSSL_EVP_H__
+#define __XMLSEC_OPENSSL_EVP_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <openssl/evp.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+
+#include <xmlsec/openssl/crypto.h>
+
+
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLEvpKeyDataAdoptEvp (xmlSecKeyDataPtr data,
+ EVP_PKEY* pKey);
+XMLSEC_CRYPTO_EXPORT EVP_PKEY* xmlSecOpenSSLEvpKeyDataGetEvp (xmlSecKeyDataPtr data);
+
+/******************************************************************************
+ *
+ * EVP helper functions
+ *
+ *****************************************************************************/
+XMLSEC_CRYPTO_EXPORT EVP_PKEY* xmlSecOpenSSLEvpKeyDup (EVP_PKEY* pKey);
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecOpenSSLEvpKeyAdopt (EVP_PKEY *pKey);
+
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_OPENSSL_EVP_H__ */
+
+
diff --git a/include/xmlsec/openssl/symbols.h b/include/xmlsec/openssl/symbols.h
new file mode 100644
index 00000000..f99dfb6c
--- /dev/null
+++ b/include/xmlsec/openssl/symbols.h
@@ -0,0 +1,123 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_OPENSSL_SYMBOLS_H__
+#define __XMLSEC_OPENSSL_SYMBOLS_H__
+
+#if !defined(IN_XMLSEC) && defined(XMLSEC_CRYPTO_DYNAMIC_LOADING)
+#error To disable dynamic loading of xmlsec-crypto libraries undefine XMLSEC_CRYPTO_DYNAMIC_LOADING
+#endif /* !defined(IN_XMLSEC) && defined(XMLSEC_CRYPTO_DYNAMIC_LOADING) */
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#ifdef XMLSEC_CRYPTO_OPENSSL
+
+/********************************************************************
+ *
+ * Crypto Init/shutdown
+ *
+ ********************************************************************/
+#define xmlSecCryptoInit xmlSecOpenSSLInit
+#define xmlSecCryptoShutdown xmlSecOpenSSLShutdown
+
+#define xmlSecCryptoKeysMngrInit xmlSecOpenSSLKeysMngrInit
+
+/********************************************************************
+ *
+ * Key data ids
+ *
+ ********************************************************************/
+#define xmlSecKeyDataAesId xmlSecOpenSSLKeyDataAesId
+#define xmlSecKeyDataDesId xmlSecOpenSSLKeyDataDesId
+#define xmlSecKeyDataDsaId xmlSecOpenSSLKeyDataDsaId
+#define xmlSecKeyDataHmacId xmlSecOpenSSLKeyDataHmacId
+#define xmlSecKeyDataRsaId xmlSecOpenSSLKeyDataRsaId
+#define xmlSecKeyDataX509Id xmlSecOpenSSLKeyDataX509Id
+#define xmlSecKeyDataRawX509CertId xmlSecOpenSSLKeyDataRawX509CertId
+
+/********************************************************************
+ *
+ * Key data store ids
+ *
+ ********************************************************************/
+#define xmlSecX509StoreId xmlSecOpenSSLX509StoreId
+
+/********************************************************************
+ *
+ * Crypto transforms ids
+ *
+ ********************************************************************/
+#define xmlSecTransformAes128CbcId xmlSecOpenSSLTransformAes128CbcId
+#define xmlSecTransformAes192CbcId xmlSecOpenSSLTransformAes192CbcId
+#define xmlSecTransformAes256CbcId xmlSecOpenSSLTransformAes256CbcId
+#define xmlSecTransformKWAes128Id xmlSecOpenSSLTransformKWAes128Id
+#define xmlSecTransformKWAes192Id xmlSecOpenSSLTransformKWAes192Id
+#define xmlSecTransformKWAes256Id xmlSecOpenSSLTransformKWAes256Id
+#define xmlSecTransformDes3CbcId xmlSecOpenSSLTransformDes3CbcId
+#define xmlSecTransformKWDes3Id xmlSecOpenSSLTransformKWDes3Id
+#define xmlSecTransformDsaSha1Id xmlSecOpenSSLTransformDsaSha1Id
+#define xmlSecTransformHmacMd5Id xmlSecOpenSSLTransformHmacMd5Id
+#define xmlSecTransformHmacRipemd160Id xmlSecOpenSSLTransformHmacRipemd160Id
+#define xmlSecTransformHmacSha1Id xmlSecOpenSSLTransformHmacSha1Id
+#define xmlSecTransformHmacSha224Id xmlSecOpenSSLTransformHmacSha224Id
+#define xmlSecTransformHmacSha256Id xmlSecOpenSSLTransformHmacSha256Id
+#define xmlSecTransformHmacSha384Id xmlSecOpenSSLTransformHmacSha384Id
+#define xmlSecTransformHmacSha512Id xmlSecOpenSSLTransformHmacSha512Id
+#define xmlSecTransformMd5Id xmlSecOpenSSLTransformMd5Id
+#define xmlSecTransformRipemd160Id xmlSecOpenSSLTransformRipemd160Id
+#define xmlSecTransformRsaMd5Id xmlSecOpenSSLTransformRsaMd5Id
+#define xmlSecTransformRsaRipemd160Id xmlSecOpenSSLTransformRsaRipemd160Id
+#define xmlSecTransformRsaSha1Id xmlSecOpenSSLTransformRsaSha1Id
+#define xmlSecTransformRsaSha224Id xmlSecOpenSSLTransformRsaSha224Id
+#define xmlSecTransformRsaSha256Id xmlSecOpenSSLTransformRsaSha256Id
+#define xmlSecTransformRsaSha384Id xmlSecOpenSSLTransformRsaSha384Id
+#define xmlSecTransformRsaSha512Id xmlSecOpenSSLTransformRsaSha512Id
+#define xmlSecTransformRsaPkcs1Id xmlSecOpenSSLTransformRsaPkcs1Id
+#define xmlSecTransformRsaOaepId xmlSecOpenSSLTransformRsaOaepId
+#define xmlSecTransformSha1Id xmlSecOpenSSLTransformSha1Id
+#define xmlSecTransformSha224Id xmlSecOpenSSLTransformSha224Id
+#define xmlSecTransformSha256Id xmlSecOpenSSLTransformSha256Id
+#define xmlSecTransformSha384Id xmlSecOpenSSLTransformSha384Id
+#define xmlSecTransformSha512Id xmlSecOpenSSLTransformSha512Id
+
+/********************************************************************
+ *
+ * High level routines form xmlsec command line utility
+ *
+ ********************************************************************/
+#define xmlSecCryptoAppInit xmlSecOpenSSLAppInit
+#define xmlSecCryptoAppShutdown xmlSecOpenSSLAppShutdown
+#define xmlSecCryptoAppDefaultKeysMngrInit xmlSecOpenSSLAppDefaultKeysMngrInit
+#define xmlSecCryptoAppDefaultKeysMngrAdoptKey xmlSecOpenSSLAppDefaultKeysMngrAdoptKey
+#define xmlSecCryptoAppDefaultKeysMngrLoad xmlSecOpenSSLAppDefaultKeysMngrLoad
+#define xmlSecCryptoAppDefaultKeysMngrSave xmlSecOpenSSLAppDefaultKeysMngrSave
+#define xmlSecCryptoAppKeysMngrCertLoad xmlSecOpenSSLAppKeysMngrCertLoad
+#define xmlSecCryptoAppKeysMngrCertLoadMemory xmlSecOpenSSLAppKeysMngrCertLoadMemory
+#define xmlSecCryptoAppKeyLoad xmlSecOpenSSLAppKeyLoad
+#define xmlSecCryptoAppPkcs12Load xmlSecOpenSSLAppPkcs12Load
+#define xmlSecCryptoAppKeyCertLoad xmlSecOpenSSLAppKeyCertLoad
+#define xmlSecCryptoAppKeyLoadMemory xmlSecOpenSSLAppKeyLoadMemory
+#define xmlSecCryptoAppPkcs12LoadMemory xmlSecOpenSSLAppPkcs12LoadMemory
+#define xmlSecCryptoAppKeyCertLoadMemory xmlSecOpenSSLAppKeyCertLoadMemory
+#define xmlSecCryptoAppGetDefaultPwdCallback xmlSecOpenSSLAppGetDefaultPwdCallback
+
+
+/* todo: this should go away on next API refresh */
+#define xmlSecCryptoAppKeysMngrAddCertsPath xmlSecOpenSSLAppKeysMngrAddCertsPath
+
+#endif /* XMLSEC_CRYPTO_OPENSSL */
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_OPENSSL_CRYPTO_H__ */
+
+#define __XMLSEC_OPENSSL_CRYPTO_H__
diff --git a/include/xmlsec/openssl/x509.h b/include/xmlsec/openssl/x509.h
new file mode 100644
index 00000000..6da3281a
--- /dev/null
+++ b/include/xmlsec/openssl/x509.h
@@ -0,0 +1,109 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_OPENSSL_X509_H__
+#define __XMLSEC_OPENSSL_X509_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#ifndef XMLSEC_NO_X509
+
+#include <openssl/x509.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+
+/**
+ * XMLSEC_STACK_OF_X509:
+ *
+ * Macro. To make docbook happy.
+ */
+#define XMLSEC_STACK_OF_X509 STACK_OF(X509)
+
+/**
+ * XMLSEC_STACK_OF_X509_CRL:
+ *
+ * Macro. To make docbook happy.
+ */
+#define XMLSEC_STACK_OF_X509_CRL STACK_OF(X509_CRL)
+
+/**
+ * xmlSecOpenSSLKeyDataX509Id:
+ *
+ * The OpenSSL X509 data klass.
+ */
+#define xmlSecOpenSSLKeyDataX509Id \
+ xmlSecOpenSSLKeyDataX509GetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecOpenSSLKeyDataX509GetKlass(void);
+
+XMLSEC_CRYPTO_EXPORT X509* xmlSecOpenSSLKeyDataX509GetKeyCert(xmlSecKeyDataPtr data);
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLKeyDataX509AdoptKeyCert(xmlSecKeyDataPtr data,
+ X509* cert);
+
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLKeyDataX509AdoptCert(xmlSecKeyDataPtr data,
+ X509* cert);
+XMLSEC_CRYPTO_EXPORT X509* xmlSecOpenSSLKeyDataX509GetCert (xmlSecKeyDataPtr data,
+ xmlSecSize pos);
+XMLSEC_CRYPTO_EXPORT xmlSecSize xmlSecOpenSSLKeyDataX509GetCertsSize(xmlSecKeyDataPtr data);
+
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLKeyDataX509AdoptCrl(xmlSecKeyDataPtr data,
+ X509_CRL* crl);
+XMLSEC_CRYPTO_EXPORT X509_CRL* xmlSecOpenSSLKeyDataX509GetCrl (xmlSecKeyDataPtr data,
+ xmlSecSize pos);
+XMLSEC_CRYPTO_EXPORT xmlSecSize xmlSecOpenSSLKeyDataX509GetCrlsSize(xmlSecKeyDataPtr data);
+
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecOpenSSLX509CertGetKey (X509* cert);
+
+
+/**
+ * xmlSecOpenSSLKeyDataRawX509CertId:
+ *
+ * The OpenSSL raw X509 certificate klass.
+ */
+#define xmlSecOpenSSLKeyDataRawX509CertId \
+ xmlSecOpenSSLKeyDataRawX509CertGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataId xmlSecOpenSSLKeyDataRawX509CertGetKlass(void);
+
+/**
+ * xmlSecOpenSSLX509StoreId:
+ *
+ * The OpenSSL X509 store klass.
+ */
+#define xmlSecOpenSSLX509StoreId \
+ xmlSecOpenSSLX509StoreGetKlass()
+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataStoreId xmlSecOpenSSLX509StoreGetKlass(void);
+XMLSEC_CRYPTO_EXPORT X509* xmlSecOpenSSLX509StoreFindCert (xmlSecKeyDataStorePtr store,
+ xmlChar *subjectName,
+ xmlChar *issuerName,
+ xmlChar *issuerSerial,
+ xmlChar *ski,
+ xmlSecKeyInfoCtx* keyInfoCtx);
+XMLSEC_CRYPTO_EXPORT X509* xmlSecOpenSSLX509StoreVerify (xmlSecKeyDataStorePtr store,
+ XMLSEC_STACK_OF_X509* certs,
+ XMLSEC_STACK_OF_X509_CRL* crls,
+ xmlSecKeyInfoCtx* keyInfoCtx);
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLX509StoreAdoptCert (xmlSecKeyDataStorePtr store,
+ X509* cert,
+ xmlSecKeyDataType type);
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLX509StoreAdoptCrl (xmlSecKeyDataStorePtr store,
+ X509_CRL* crl);
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLX509StoreAddCertsPath(xmlSecKeyDataStorePtr store,
+ const char* path);
+XMLSEC_CRYPTO_EXPORT int xmlSecOpenSSLX509StoreAddCertsFile(xmlSecKeyDataStorePtr store,
+ const char* file);
+
+#endif /* XMLSEC_NO_X509 */
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_OPENSSL_X509_H__ */
diff --git a/include/xmlsec/parser.h b/include/xmlsec/parser.h
new file mode 100644
index 00000000..182f2951
--- /dev/null
+++ b/include/xmlsec/parser.h
@@ -0,0 +1,51 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * XML Parser transform and utility functions.
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_PARSER_H__
+#define __XMLSEC_PARSER_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/transforms.h>
+
+
+XMLSEC_EXPORT xmlDocPtr xmlSecParseFile (const char *filename);
+XMLSEC_EXPORT xmlDocPtr xmlSecParseMemory (const xmlSecByte *buffer,
+ xmlSecSize size,
+ int recovery);
+XMLSEC_EXPORT xmlDocPtr xmlSecParseMemoryExt (const xmlSecByte *prefix,
+ xmlSecSize prefixSize,
+ const xmlSecByte *buffer,
+ xmlSecSize bufferSize,
+ const xmlSecByte *postfix,
+ xmlSecSize postfixSize);
+
+
+/**
+ * xmlSecTransformXmlParserId:
+ *
+ * The XML Parser transform klass.
+ */
+#define xmlSecTransformXmlParserId \
+ xmlSecTransformXmlParserGetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformXmlParserGetKlass (void);
+
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_PARSER_H__ */
+
diff --git a/include/xmlsec/private.h b/include/xmlsec/private.h
new file mode 100644
index 00000000..3e3bbc95
--- /dev/null
+++ b/include/xmlsec/private.h
@@ -0,0 +1,489 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * These are internal private declarations. You don't want to use this file
+ * unless you are building xmlsec or xmlsec-<crypto> library.
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_PRIVATE_H__
+#define __XMLSEC_PRIVATE_H__
+
+#ifndef XMLSEC_PRIVATE
+#error "xmlsec/private.h file contains private xmlsec definitions and should not be used outside xmlsec or xmlsec-<crypto> libraries"
+#endif /* XMLSEC_PRIVATE */
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <libxml/tree.h>
+#include <libxml/xmlIO.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keysdata.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/transforms.h>
+
+
+/*****************************************************************************
+ *
+ * Crypto Init/shutdown
+ *
+ ****************************************************************************/
+/**
+ * xmlSecCryptoInitMethod:
+ *
+ * xmlsec-crypto libraryinitialization method.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+typedef int (*xmlSecCryptoInitMethod) (void);
+/**
+ * xmlSecCryptoShutdownMethod:
+ *
+ * xmlsec-crypto library shutdown method.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+typedef int (*xmlSecCryptoShutdownMethod) (void);
+/**
+ * xmlSecCryptoKeysMngrInitMethod:
+ * @mngr: the pointer to keys manager.
+ *
+ * Initializes @mngr with xmlsec-crypto library specific data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+typedef int (*xmlSecCryptoKeysMngrInitMethod) (xmlSecKeysMngrPtr mngr);
+
+/*****************************************************************************
+ *
+ * Key data ids
+ *
+ ****************************************************************************/
+/**
+ * xmlSecCryptoKeyDataGetKlassMethod:
+ *
+ * Gets the key data klass.
+ *
+ * Returns: pointer to key data klass or NULL if an error occurs
+ * (the xmlsec-crypto library is not loaded or this key data klass is not
+ * implemented).
+ */
+typedef xmlSecKeyDataId (*xmlSecCryptoKeyDataGetKlassMethod) (void);
+
+/*****************************************************************************
+ *
+ * Key data store ids
+ *
+ ****************************************************************************/
+/**
+ * xmlSecCryptoKeyDataStoreGetKlassMethod:
+ *
+ * Gets the key data store klass.
+ *
+ * Returns: pointer to key data store klass or NULL if an error occurs
+ * (the xmlsec-crypto library is not loaded or this key data store klass is not
+ * implemented).
+ */
+typedef xmlSecKeyDataStoreId (*xmlSecCryptoKeyDataStoreGetKlassMethod)(void);
+
+/*****************************************************************************
+ *
+ * Crypto transforms ids
+ *
+ ****************************************************************************/
+/**
+ * xmlSecCryptoTransformGetKlassMethod:
+ *
+ * Gets the transform klass.
+ *
+ * Returns: pointer to transform klass or NULL if an error occurs
+ * (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+typedef xmlSecTransformId (*xmlSecCryptoTransformGetKlassMethod) (void);
+
+/*****************************************************************************
+ *
+ * High level routines form xmlsec command line utility
+ *
+ ****************************************************************************/
+/**
+ * xmlSecCryptoAppInitMethod:
+ * @config: the path to crypto library configuration.
+ *
+ * General crypto engine initialization. This function is used
+ * by XMLSec command line utility and called before
+ * @xmlSecInit function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+typedef int (*xmlSecCryptoAppInitMethod) (const char* config);
+/**
+ * xmlSecCryptoAppShutdownMethod:
+ *
+ * General crypto engine shutdown. This function is used
+ * by XMLSec command line utility and called after
+ * @xmlSecShutdown function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+typedef int (*xmlSecCryptoAppShutdownMethod) (void);
+/**
+ * xmlSecCryptoAppDefaultKeysMngrInitMethod:
+ * @mngr: the pointer to keys manager.
+ *
+ * Initializes @mngr with simple keys store #xmlSecSimpleKeysStoreId
+ * and a default crypto key data stores.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+typedef int (*xmlSecCryptoAppDefaultKeysMngrInitMethod)
+ (xmlSecKeysMngrPtr mngr);
+/**
+ * xmlSecCryptoAppDefaultKeysMngrAdoptKeyMethod:
+ * @mngr: the pointer to keys manager.
+ * @key: the pointer to key.
+ *
+ * Adds @key to the keys manager @mngr created with #xmlSecCryptoAppDefaultKeysMngrInit
+ * function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+typedef int (*xmlSecCryptoAppDefaultKeysMngrAdoptKeyMethod)
+ (xmlSecKeysMngrPtr mngr,
+ xmlSecKeyPtr key);
+/**
+ * xmlSecCryptoAppDefaultKeysMngrLoadMethod:
+ * @mngr: the pointer to keys manager.
+ * @uri: the uri.
+ *
+ * Loads XML keys file from @uri to the keys manager @mngr created
+ * with #xmlSecCryptoAppDefaultKeysMngrInit function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+typedef int (*xmlSecCryptoAppDefaultKeysMngrLoadMethod)
+ (xmlSecKeysMngrPtr mngr,
+ const char* uri);
+/**
+ * xmlSecCryptoAppDefaultKeysMngrSaveMethod:
+ * @mngr: the pointer to keys manager.
+ * @filename: the destination filename.
+ * @type: the type of keys to save (public/private/symmetric).
+ *
+ * Saves keys from @mngr to XML keys file.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+typedef int (*xmlSecCryptoAppDefaultKeysMngrSaveMethod)
+ (xmlSecKeysMngrPtr mngr,
+ const char* filename,
+ xmlSecKeyDataType type);
+/**
+ * xmlSecCryptoAppKeysMngrCertLoadMethod:
+ * @mngr: the keys manager.
+ * @filename: the certificate file.
+ * @format: the certificate file format.
+ * @type: the flag that indicates is the certificate in @filename
+ * trusted or not.
+ *
+ * Reads cert from @filename and adds to the list of trusted or known
+ * untrusted certs in @store.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+typedef int (*xmlSecCryptoAppKeysMngrCertLoadMethod)(xmlSecKeysMngrPtr mngr,
+ const char *filename,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type);
+/**
+ * xmlSecCryptoAppKeysMngrCertLoadMemoryMethod:
+ * @mngr: the keys manager.
+ * @data: the key data.
+ * @dataSize: the key data size.
+ * @format: the certificate format.
+ * @type: the flag that indicates is the certificate in @data
+ * trusted or not.
+ *
+ * Reads cert from @data and adds to the list of trusted or known
+ * untrusted certs in @store.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+typedef int (*xmlSecCryptoAppKeysMngrCertLoadMemoryMethod)(xmlSecKeysMngrPtr mngr,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type);
+/**
+ * xmlSecCryptoAppKeyLoadMethod:
+ * @filename: the key filename.
+ * @format: the key file format.
+ * @pwd: the key file password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key from the a file.
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+typedef xmlSecKeyPtr (*xmlSecCryptoAppKeyLoadMethod) (const char *filename,
+ xmlSecKeyDataFormat format,
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx);
+
+/**
+ * xmlSecCryptoAppKeyLoadMemoryMethod:
+ * @data: the key data.
+ * @dataSize: the key data size.
+ * @format: the key data format.
+ * @pwd: the key data password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key from the binary data buffer.
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+typedef xmlSecKeyPtr (*xmlSecCryptoAppKeyLoadMemoryMethod) (const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format,
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx);
+
+
+/**
+ * xmlSecCryptoAppPkcs12LoadMethod:
+ * @filename: the PKCS12 key filename.
+ * @pwd: the PKCS12 file password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key and all associated certificates from the PKCS12 file.
+ * For uniformity, call xmlSecCryptoAppKeyLoad instead of this function. Pass
+ * in format=xmlSecKeyDataFormatPkcs12.
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+typedef xmlSecKeyPtr (*xmlSecCryptoAppPkcs12LoadMethod) (const char* filename,
+ const char* pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx);
+/**
+ * xmlSecCryptoAppPkcs12LoadMemoryMethod:
+ * @data: the pkcs12 data.
+ * @dataSize: the pkcs12 data size.
+ * @pwd: the PKCS12 data password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key and all associated certificates from the PKCS12 binary data.
+ * For uniformity, call xmlSecCryptoAppKeyLoad instead of this function. Pass
+ * in format=xmlSecKeyDataFormatPkcs12.
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+typedef xmlSecKeyPtr (*xmlSecCryptoAppPkcs12LoadMemoryMethod)(const xmlSecByte* data,
+ xmlSecSize dataSize,
+ const char* pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx);
+/**
+ * xmlSecCryptoAppKeyCertLoadMethod:
+ * @key: the pointer to key.
+ * @filename: the certificate filename.
+ * @format: the certificate file format.
+ *
+ * Reads the certificate from $@filename and adds it to key.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+typedef int (*xmlSecCryptoAppKeyCertLoadMethod) (xmlSecKeyPtr key,
+ const char* filename,
+ xmlSecKeyDataFormat format);
+
+/**
+ * xmlSecCryptoAppKeyCertLoadMemoryMethod:
+ * @key: the pointer to key.
+ * @data: the cert data.
+ * @dataSize: the cert data size.
+ * @format: the certificate data format.
+ *
+ * Reads the certificate from binary @data buffer and adds it to key.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+typedef int (*xmlSecCryptoAppKeyCertLoadMemoryMethod)(xmlSecKeyPtr key,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format);
+/**
+ * xmlSecCryptoDLFunctions:
+ * @cryptoInit: the xmlsec-crypto library initialization method.
+ * @cryptoShutdown: the xmlsec-crypto library shutdown method.
+ * @cryptoKeysMngrInit: the xmlsec-crypto library keys manager init method.
+ * @keyDataAesGetKlass: the method to get pointer to AES key data klass.
+ * @keyDataDesGetKlass: the method to get pointer to DES key data klass.
+ * @keyDataDsaGetKlass: the method to get pointer to DSA key data klass.
+ * @keyDataGost2001GetKlass: the method to get pointer to GOST 2001 key data klass.
+ * @keyDataHmacGetKlass: the method to get pointer to HMAC key data klass.
+ * @keyDataRsaGetKlass: the method to get pointer to RSA key data klass.
+ * @keyDataX509GetKlass: the method to get pointer to X509 key data klass.
+ * @keyDataRawX509CertGetKlass: the method to get pointer to raw X509 cert key data klass.
+ * @x509StoreGetKlass: the method to get pointer to X509 key data store.
+ * @transformAes128CbcGetKlass: the method to get pointer to AES 128 encryption transform.
+ * @transformAes192CbcGetKlass: the method to get pointer to AES 192 encryption transform.
+ * @transformAes256CbcGetKlass: the method to get pointer to AES 256 encryption transform.
+ * @transformKWAes128GetKlass: the method to get pointer to AES 128 key wrapper transform.
+ * @transformKWAes192GetKlass: the method to get pointer to AES 192 key wrapper transform.
+ * @transformKWAes256GetKlass: the method to get pointer to AES 256 key wrapper transform.
+ * @transformDes3CbcGetKlass: the method to get pointer to Triple DES encryption transform.
+ * @transformKWDes3GetKlass: the method to get pointer to Triple DES key wrapper transform.
+ * @transformDsaSha1GetKlass: the method to get pointer to DSA-SHA1 signature transform.
+ * @transformGost2001GostR3411_94GetKlass: the method to get pointer to GOST2001 transform.
+ * @transformHmacMd5GetKlass: the method to get pointer to HMAC-MD5 transform.
+ * @transformHmacRipemd160GetKlass: the method to get pointer to HMAC-RIPEMD160 transform.
+ * @transformHmacSha1GetKlass: the method to get pointer to HMAC-SHA1 transform.
+ * @transformHmacSha224GetKlass: the method to get pointer to HMAC-SHA224 transform.
+ * @transformHmacSha256GetKlass: the method to get pointer to HMAC-SHA256 transform.
+ * @transformHmacSha384GetKlass: the method to get pointer to HMAC-SHA384 transform.
+ * @transformHmacSha512GetKlass: the method to get pointer to HMAC-SHA512 transform.
+ * @transformMd5GetKlass: the method to get pointer to MD5 digest transform.
+ * @transformRipemd160GetKlass: the method to get pointer to RIPEMD160 digest transform.
+ * @transformRsaMd5GetKlass: the method to get pointer to RSA-MD5 signature transform.
+ * @transformRsaRipemd160GetKlass: the method to get pointer to RSA-RIPEMD160 signature transform.
+ * @transformRsaSha1GetKlass: the method to get pointer to RSA-SHA1 signature transform.
+ * @transformRsaSha224GetKlass: the method to get pointer to RSA-SHA224 signature transform.
+ * @transformRsaSha256GetKlass: the method to get pointer to RSA-SHA256 signature transform.
+ * @transformRsaSha384GetKlass: the method to get pointer to RSA-SHA384 signature transform.
+ * @transformRsaSha512GetKlass: the method to get pointer to RSA-SHA512 signature transform.
+ * @transformRsaPkcs1GetKlass: the method to get pointer to RSA-PKCS1_5 key transport transform.
+ * @transformRsaOaepGetKlass: the method to get pointer to RSA-OAEP key transport transform.
+ * @transformGostR3411_94GetKlass: the method to get pointer to GOST R3411 transform.
+ * @transformSha1GetKlass: the method to get pointer to SHA1 digest transform.
+ * @transformSha224GetKlass: the method to get pointer to SHA224 digest transform.
+ * @transformSha256GetKlass: the method to get pointer to SHA256 digest transform.
+ * @transformSha384GetKlass: the method to get pointer to SHA384 digest transform.
+ * @transformSha512GetKlass: the method to get pointer to SHA512 digest transform.
+ * @cryptoAppInit: the default crypto engine initialization method.
+ * @cryptoAppShutdown: the default crypto engine shutdown method.
+ * @cryptoAppDefaultKeysMngrInit: the default keys manager init method.
+ * @cryptoAppDefaultKeysMngrAdoptKey: the default keys manager adopt key method.
+ * @cryptoAppDefaultKeysMngrLoad: the default keys manager load method.
+ * @cryptoAppDefaultKeysMngrSave: the default keys manager save method.
+ * @cryptoAppKeysMngrCertLoad: the default keys manager file cert load method.
+ * @cryptoAppKeysMngrCertLoadMemory: the default keys manager memory cert load method.
+ * @cryptoAppKeyLoad: the key file load method.
+ * @cryptoAppKeyLoadMemory: the meory key load method.
+ * @cryptoAppPkcs12Load: the pkcs12 file load method.
+ * @cryptoAppPkcs12LoadMemory: the memory pkcs12 load method.
+ * @cryptoAppKeyCertLoad: the cert file load method.
+ * @cryptoAppKeyCertLoadMemory: the memory cert load method.
+ * @cryptoAppDefaultPwdCallback:the default password callback.
+ *
+ * The list of crypto engine functions, key data and transform classes.
+ */
+struct _xmlSecCryptoDLFunctions {
+ /* Crypto Init/shutdown */
+ xmlSecCryptoInitMethod cryptoInit;
+ xmlSecCryptoShutdownMethod cryptoShutdown;
+ xmlSecCryptoKeysMngrInitMethod cryptoKeysMngrInit;
+
+ /* Key data ids */
+ xmlSecCryptoKeyDataGetKlassMethod keyDataAesGetKlass;
+ xmlSecCryptoKeyDataGetKlassMethod keyDataDesGetKlass;
+ xmlSecCryptoKeyDataGetKlassMethod keyDataDsaGetKlass;
+ xmlSecCryptoKeyDataGetKlassMethod keyDataGost2001GetKlass;
+ xmlSecCryptoKeyDataGetKlassMethod keyDataHmacGetKlass;
+ xmlSecCryptoKeyDataGetKlassMethod keyDataRsaGetKlass;
+ xmlSecCryptoKeyDataGetKlassMethod keyDataX509GetKlass;
+ xmlSecCryptoKeyDataGetKlassMethod keyDataRawX509CertGetKlass;
+
+ /* Key data store ids */
+ xmlSecCryptoKeyDataStoreGetKlassMethod x509StoreGetKlass;
+
+ /* Crypto transforms ids */
+ xmlSecCryptoTransformGetKlassMethod transformAes128CbcGetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformAes192CbcGetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformAes256CbcGetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformKWAes128GetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformKWAes192GetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformKWAes256GetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformDes3CbcGetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformKWDes3GetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformDsaSha1GetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformGost2001GostR3411_94GetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformHmacMd5GetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformHmacRipemd160GetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformHmacSha1GetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformHmacSha224GetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformHmacSha256GetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformHmacSha384GetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformHmacSha512GetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformMd5GetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformRipemd160GetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformRsaMd5GetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformRsaRipemd160GetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformRsaSha1GetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformRsaSha224GetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformRsaSha256GetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformRsaSha384GetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformRsaSha512GetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformRsaPkcs1GetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformRsaOaepGetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformGostR3411_94GetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformSha1GetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformSha224GetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformSha256GetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformSha384GetKlass;
+ xmlSecCryptoTransformGetKlassMethod transformSha512GetKlass;
+
+ /* High level routines form xmlsec command line utility */
+ xmlSecCryptoAppInitMethod cryptoAppInit;
+ xmlSecCryptoAppShutdownMethod cryptoAppShutdown;
+ xmlSecCryptoAppDefaultKeysMngrInitMethod cryptoAppDefaultKeysMngrInit;
+ xmlSecCryptoAppDefaultKeysMngrAdoptKeyMethod cryptoAppDefaultKeysMngrAdoptKey;
+ xmlSecCryptoAppDefaultKeysMngrLoadMethod cryptoAppDefaultKeysMngrLoad;
+ xmlSecCryptoAppDefaultKeysMngrSaveMethod cryptoAppDefaultKeysMngrSave;
+ xmlSecCryptoAppKeysMngrCertLoadMethod cryptoAppKeysMngrCertLoad;
+ xmlSecCryptoAppKeysMngrCertLoadMemoryMethod cryptoAppKeysMngrCertLoadMemory;
+ xmlSecCryptoAppKeyLoadMethod cryptoAppKeyLoad;
+ xmlSecCryptoAppKeyLoadMemoryMethod cryptoAppKeyLoadMemory;
+ xmlSecCryptoAppPkcs12LoadMethod cryptoAppPkcs12Load;
+ xmlSecCryptoAppPkcs12LoadMemoryMethod cryptoAppPkcs12LoadMemory;
+ xmlSecCryptoAppKeyCertLoadMethod cryptoAppKeyCertLoad;
+ xmlSecCryptoAppKeyCertLoadMemoryMethod cryptoAppKeyCertLoadMemory;
+ void* cryptoAppDefaultPwdCallback;
+};
+
+#include <libxml/xmlstring.h>
+
+/**
+ * xmlSecStrPrintf:
+ *
+ * Prints a string (see @xmlStrPrintf).
+ */
+#define xmlSecStrPrintf xmlStrPrintf
+
+/**
+ * xmlSecStrVPrintf:
+ *
+ * Prints a string (see @xmlStrVPrintf).
+ */
+#define xmlSecStrVPrintf xmlStrVPrintf
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_PRIVATE_H__ */
+
diff --git a/include/xmlsec/private/Makefile.am b/include/xmlsec/private/Makefile.am
new file mode 100644
index 00000000..74de46a8
--- /dev/null
+++ b/include/xmlsec/private/Makefile.am
@@ -0,0 +1,12 @@
+NULL =
+
+xmlsecprivateincdir = $(includedir)/xmlsec1/xmlsec/private
+
+xmlsecprivateinc_HEADERS = \
+xslt.h \
+xkms.h \
+$(NULL)
+
+install-exec-hook:
+ $(mkinstalldirs) $(DESTDIR)$(xmlsecprivateincdir)
+
diff --git a/include/xmlsec/private/Makefile.in b/include/xmlsec/private/Makefile.in
new file mode 100644
index 00000000..7cf8a641
--- /dev/null
+++ b/include/xmlsec/private/Makefile.in
@@ -0,0 +1,563 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = include/xmlsec/private
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
+ $(xmlsecprivateinc_HEADERS)
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(xmlsecprivateincdir)"
+HEADERS = $(xmlsecprivateinc_HEADERS)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CP = @CP@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GCRYPT_CFLAGS = @GCRYPT_CFLAGS@
+GCRYPT_CRYPTO_LIB = @GCRYPT_CRYPTO_LIB@
+GCRYPT_LIBS = @GCRYPT_LIBS@
+GCRYPT_MIN_VERSION = @GCRYPT_MIN_VERSION@
+GNUTLS_CFLAGS = @GNUTLS_CFLAGS@
+GNUTLS_CRYPTO_LIB = @GNUTLS_CRYPTO_LIB@
+GNUTLS_LIBS = @GNUTLS_LIBS@
+GNUTLS_MIN_VERSION = @GNUTLS_MIN_VERSION@
+GREP = @GREP@
+HELP2MAN = @HELP2MAN@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIBXML_CFLAGS = @LIBXML_CFLAGS@
+LIBXML_CONFIG = @LIBXML_CONFIG@
+LIBXML_LIBS = @LIBXML_LIBS@
+LIBXML_MIN_VERSION = @LIBXML_MIN_VERSION@
+LIBXSLT_CFLAGS = @LIBXSLT_CFLAGS@
+LIBXSLT_CONFIG = @LIBXSLT_CONFIG@
+LIBXSLT_LIBS = @LIBXSLT_LIBS@
+LIBXSLT_MIN_VERSION = @LIBXSLT_MIN_VERSION@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MAN2HTML = @MAN2HTML@
+MKDIR_P = @MKDIR_P@
+MOZILLA_MIN_VERSION = @MOZILLA_MIN_VERSION@
+MSCRYPTO_CFLAGS = @MSCRYPTO_CFLAGS@
+MSCRYPTO_CRYPTO_LIB = @MSCRYPTO_CRYPTO_LIB@
+MSCRYPTO_LIBS = @MSCRYPTO_LIBS@
+MV = @MV@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NSPR_MIN_VERSION = @NSPR_MIN_VERSION@
+NSPR_PACKAGE = @NSPR_PACKAGE@
+NSS_CFLAGS = @NSS_CFLAGS@
+NSS_CRYPTO_LIB = @NSS_CRYPTO_LIB@
+NSS_LIBS = @NSS_LIBS@
+NSS_MIN_VERSION = @NSS_MIN_VERSION@
+NSS_PACKAGE = @NSS_PACKAGE@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_CFLAGS = @OPENSSL_CFLAGS@
+OPENSSL_CRYPTO_LIB = @OPENSSL_CRYPTO_LIB@
+OPENSSL_LIBS = @OPENSSL_LIBS@
+OPENSSL_MIN_VERSION = @OPENSSL_MIN_VERSION@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKGCONFIG_PRESENT = @PKGCONFIG_PRESENT@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+RANLIB = @RANLIB@
+RM = @RM@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+TAR = @TAR@
+U = @U@
+VERSION = @VERSION@
+XMLSEC_APP_DEFINES = @XMLSEC_APP_DEFINES@
+XMLSEC_CFLAGS = @XMLSEC_CFLAGS@
+XMLSEC_CORE_CFLAGS = @XMLSEC_CORE_CFLAGS@
+XMLSEC_CORE_LIBS = @XMLSEC_CORE_LIBS@
+XMLSEC_CRYPTO = @XMLSEC_CRYPTO@
+XMLSEC_CRYPTO_CFLAGS = @XMLSEC_CRYPTO_CFLAGS@
+XMLSEC_CRYPTO_DISABLED_LIST = @XMLSEC_CRYPTO_DISABLED_LIST@
+XMLSEC_CRYPTO_EXTRA_LDFLAGS = @XMLSEC_CRYPTO_EXTRA_LDFLAGS@
+XMLSEC_CRYPTO_LIB = @XMLSEC_CRYPTO_LIB@
+XMLSEC_CRYPTO_LIBS = @XMLSEC_CRYPTO_LIBS@
+XMLSEC_CRYPTO_LIST = @XMLSEC_CRYPTO_LIST@
+XMLSEC_CRYPTO_PC_FILES_LIST = @XMLSEC_CRYPTO_PC_FILES_LIST@
+XMLSEC_DEFINES = @XMLSEC_DEFINES@
+XMLSEC_DL_INCLUDES = @XMLSEC_DL_INCLUDES@
+XMLSEC_DL_LIBS = @XMLSEC_DL_LIBS@
+XMLSEC_DOCDIR = @XMLSEC_DOCDIR@
+XMLSEC_EXTRA_LDFLAGS = @XMLSEC_EXTRA_LDFLAGS@
+XMLSEC_GCRYPT_CFLAGS = @XMLSEC_GCRYPT_CFLAGS@
+XMLSEC_GCRYPT_LIBS = @XMLSEC_GCRYPT_LIBS@
+XMLSEC_GNUTLS_CFLAGS = @XMLSEC_GNUTLS_CFLAGS@
+XMLSEC_GNUTLS_LIBS = @XMLSEC_GNUTLS_LIBS@
+XMLSEC_LIBDIR = @XMLSEC_LIBDIR@
+XMLSEC_LIBS = @XMLSEC_LIBS@
+XMLSEC_NO_AES = @XMLSEC_NO_AES@
+XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_DES = @XMLSEC_NO_DES@
+XMLSEC_NO_DSA = @XMLSEC_NO_DSA@
+XMLSEC_NO_GCRYPT = @XMLSEC_NO_GCRYPT@
+XMLSEC_NO_GNUTLS = @XMLSEC_NO_GNUTLS@
+XMLSEC_NO_GOST = @XMLSEC_NO_GOST@
+XMLSEC_NO_HMAC = @XMLSEC_NO_HMAC@
+XMLSEC_NO_LIBXSLT = @XMLSEC_NO_LIBXSLT@
+XMLSEC_NO_MD5 = @XMLSEC_NO_MD5@
+XMLSEC_NO_MSCRYPTO = @XMLSEC_NO_MSCRYPTO@
+XMLSEC_NO_NSS = @XMLSEC_NO_NSS@
+XMLSEC_NO_OPENSSL = @XMLSEC_NO_OPENSSL@
+XMLSEC_NO_RIPEMD160 = @XMLSEC_NO_RIPEMD160@
+XMLSEC_NO_RSA = @XMLSEC_NO_RSA@
+XMLSEC_NO_SHA1 = @XMLSEC_NO_SHA1@
+XMLSEC_NO_SHA224 = @XMLSEC_NO_SHA224@
+XMLSEC_NO_SHA256 = @XMLSEC_NO_SHA256@
+XMLSEC_NO_SHA384 = @XMLSEC_NO_SHA384@
+XMLSEC_NO_SHA512 = @XMLSEC_NO_SHA512@
+XMLSEC_NO_X509 = @XMLSEC_NO_X509@
+XMLSEC_NO_XKMS = @XMLSEC_NO_XKMS@
+XMLSEC_NO_XMLDSIG = @XMLSEC_NO_XMLDSIG@
+XMLSEC_NO_XMLENC = @XMLSEC_NO_XMLENC@
+XMLSEC_NSS_CFLAGS = @XMLSEC_NSS_CFLAGS@
+XMLSEC_NSS_LIBS = @XMLSEC_NSS_LIBS@
+XMLSEC_OPENSSL_CFLAGS = @XMLSEC_OPENSSL_CFLAGS@
+XMLSEC_OPENSSL_LIBS = @XMLSEC_OPENSSL_LIBS@
+XMLSEC_PACKAGE = @XMLSEC_PACKAGE@
+XMLSEC_STATIC_BINARIES = @XMLSEC_STATIC_BINARIES@
+XMLSEC_VERSION = @XMLSEC_VERSION@
+XMLSEC_VERSION_INFO = @XMLSEC_VERSION_INFO@
+XMLSEC_VERSION_MAJOR = @XMLSEC_VERSION_MAJOR@
+XMLSEC_VERSION_MINOR = @XMLSEC_VERSION_MINOR@
+XMLSEC_VERSION_SAFE = @XMLSEC_VERSION_SAFE@
+XMLSEC_VERSION_SUBMINOR = @XMLSEC_VERSION_SUBMINOR@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+NULL =
+xmlsecprivateincdir = $(includedir)/xmlsec1/xmlsec/private
+xmlsecprivateinc_HEADERS = \
+xslt.h \
+xkms.h \
+$(NULL)
+
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu include/xmlsec/private/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu include/xmlsec/private/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-xmlsecprivateincHEADERS: $(xmlsecprivateinc_HEADERS)
+ @$(NORMAL_INSTALL)
+ test -z "$(xmlsecprivateincdir)" || $(MKDIR_P) "$(DESTDIR)$(xmlsecprivateincdir)"
+ @list='$(xmlsecprivateinc_HEADERS)'; test -n "$(xmlsecprivateincdir)" || list=; \
+ for p in $$list; do \
+ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; \
+ done | $(am__base_list) | \
+ while read files; do \
+ echo " $(INSTALL_HEADER) $$files '$(DESTDIR)$(xmlsecprivateincdir)'"; \
+ $(INSTALL_HEADER) $$files "$(DESTDIR)$(xmlsecprivateincdir)" || exit $$?; \
+ done
+
+uninstall-xmlsecprivateincHEADERS:
+ @$(NORMAL_UNINSTALL)
+ @list='$(xmlsecprivateinc_HEADERS)'; test -n "$(xmlsecprivateincdir)" || list=; \
+ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+ test -n "$$files" || exit 0; \
+ echo " ( cd '$(DESTDIR)$(xmlsecprivateincdir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(xmlsecprivateincdir)" && rm -f $$files
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(HEADERS)
+installdirs:
+ for dir in "$(DESTDIR)$(xmlsecprivateincdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-xmlsecprivateincHEADERS
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+ @$(NORMAL_INSTALL)
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-xmlsecprivateincHEADERS
+
+.MAKE: install-am install-exec-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libtool ctags distclean distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-exec-hook install-html install-html-am \
+ install-info install-info-am install-man install-pdf \
+ install-pdf-am install-ps install-ps-am install-strip \
+ install-xmlsecprivateincHEADERS installcheck installcheck-am \
+ installdirs maintainer-clean maintainer-clean-generic \
+ mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
+ ps ps-am tags uninstall uninstall-am \
+ uninstall-xmlsecprivateincHEADERS
+
+
+install-exec-hook:
+ $(mkinstalldirs) $(DESTDIR)$(xmlsecprivateincdir)
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/include/xmlsec/private/xkms.h b/include/xmlsec/private/xkms.h
new file mode 100644
index 00000000..0c606641
--- /dev/null
+++ b/include/xmlsec/private/xkms.h
@@ -0,0 +1,121 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * "XML Key Management Specification v 2.0" implementation
+ * http://www.w3.org/TR/xkms2/
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_PRIVATE_XKMS_H__
+#define __XMLSEC_PRIVATE_XKMS_H__
+
+#ifndef XMLSEC_PRIVATE
+#error "xmlsec/private/xkms.h file contains private xmlsec definitions and should not be used outside xmlsec or xmlsec-<crypto> libraries"
+#endif /* XMLSEC_PRIVATE */
+
+#ifndef XMLSEC_NO_XKMS
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+#include <stdio.h>
+
+#include <libxml/tree.h>
+#include <libxml/parser.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/buffer.h>
+#include <xmlsec/list.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/xkms.h>
+
+/************************************************************************
+ *
+ * XKMS RespondWith Klass
+ *
+ ************************************************************************/
+typedef int (*xmlSecXkmsRespondWithNodeReadMethod) (xmlSecXkmsRespondWithId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+typedef int (*xmlSecXkmsRespondWithNodeWriteMethod) (xmlSecXkmsRespondWithId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+struct _xmlSecXkmsRespondWithKlass {
+ const xmlChar* valueName;
+ const xmlChar* valueNs;
+
+ const xmlChar* nodeName;
+ const xmlChar* nodeNs;
+
+ xmlSecXkmsRespondWithNodeReadMethod readNode;
+ xmlSecXkmsRespondWithNodeWriteMethod writeNode;
+
+ void* reserved1;
+ void* reserved2;
+};
+
+#define xmlSecXkmsRespondWithKlassGetName(id) \
+ ((((id) != NULL) && ((id)->valueName != NULL)) ? (id)->valueName : NULL)
+
+/************************************************************************
+ *
+ * XKMS ServerRequest Klass
+ *
+ ************************************************************************/
+typedef int (*xmlSecXkmsServerRequestNodeReadMethod)
+ (xmlSecXkmsServerRequestId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+typedef int (*xmlSecXkmsServerRequestExecuteMethod)
+ (xmlSecXkmsServerRequestId id,
+ xmlSecXkmsServerCtxPtr ctx);
+typedef int (*xmlSecXkmsServerRequestNodeWriteMethod)
+ (xmlSecXkmsServerRequestId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+struct _xmlSecXkmsServerRequestKlass {
+ const xmlChar* name;
+ const xmlChar* requestNodeName;
+ const xmlChar* requestNodeNs;
+ const xmlChar* resultNodeName;
+ const xmlChar* resultNodeNs;
+ xmlSecBitMask flags;
+
+ xmlSecXkmsServerRequestNodeReadMethod readNode;
+ xmlSecXkmsServerRequestNodeWriteMethod writeNode;
+ xmlSecXkmsServerRequestExecuteMethod execute;
+
+ void* reserved1;
+ void* reserved2;
+};
+
+#define xmlSecXkmsServerRequestKlassGetName(id) \
+ ((((id) != NULL) && ((id)->name != NULL)) ? (id)->name : NULL)
+
+
+/************************************************************************
+ *
+ * XKMS ServerRequest Klass flags
+ *
+ ************************************************************************/
+/**
+ * XMLSEC_XKMS_SERVER_REQUEST_KLASS_ALLOWED_IN_COUMPOUND:
+ *
+ * The server request klass is allowed in xkms:CompoundRequest element.
+ */
+#define XMLSEC_XKMS_SERVER_REQUEST_KLASS_ALLOWED_IN_COUMPOUND 0x00000001
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* XMLSEC_NO_XKMS */
+
+#endif /* __XMLSEC_PRIVATE_XKMS_H__ */
+
diff --git a/include/xmlsec/private/xslt.h b/include/xmlsec/private/xslt.h
new file mode 100644
index 00000000..e9ba6977
--- /dev/null
+++ b/include/xmlsec/private/xslt.h
@@ -0,0 +1,34 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * XSLT helper functions
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_PRIVATE_XSLT_H__
+#define __XMLSEC_PRIVATE_XSLT_H__
+
+#ifndef XMLSEC_PRIVATE
+#error "xmlsec/private/xslt.h file contains private xmlsec definitions and should not be used outside xmlsec or xmlsec-<crypto> libraries"
+#endif /* XMLSEC_PRIVATE */
+
+#ifndef XMLSEC_NO_XSLT
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+void xmlSecTransformXsltInitialize (void);
+void xmlSecTransformXsltShutdown (void);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* XMLSEC_NO_XSLT */
+
+#endif /* __XMLSEC_PRIVATE_XSLT_H__ */
+
diff --git a/include/xmlsec/skeleton/Makefile.am b/include/xmlsec/skeleton/Makefile.am
new file mode 100644
index 00000000..d520494d
--- /dev/null
+++ b/include/xmlsec/skeleton/Makefile.am
@@ -0,0 +1,13 @@
+NULL =
+
+xmlsecskeletonincdir = $(includedir)/xmlsec1/xmlsec/skeleton
+
+xmlsecskeletoninc_HEADERS = \
+app.h \
+crypto.h \
+symbols.h \
+$(NULL)
+
+install-exec-hook:
+ $(mkinstalldirs) $(DESTDIR)$(xmlsecskeletonincdir)
+
diff --git a/include/xmlsec/skeleton/app.h b/include/xmlsec/skeleton/app.h
new file mode 100644
index 00000000..0429f7ba
--- /dev/null
+++ b/include/xmlsec/skeleton/app.h
@@ -0,0 +1,97 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_SKELETON_APP_H__
+#define __XMLSEC_SKELETON_APP_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/transforms.h>
+
+/********************************************************************
+ *
+ * Init/shutdown
+ *
+ ********************************************************************/
+XMLSEC_CRYPTO_EXPORT int xmlSecSkeletonAppInit (const char* config);
+XMLSEC_CRYPTO_EXPORT int xmlSecSkeletonAppShutdown (void);
+
+/********************************************************************
+ *
+ * Keys Manager
+ *
+ ********************************************************************/
+XMLSEC_CRYPTO_EXPORT int xmlSecSkeletonAppDefaultKeysMngrInit (xmlSecKeysMngrPtr mngr);
+XMLSEC_CRYPTO_EXPORT int xmlSecSkeletonAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr,
+ xmlSecKeyPtr key);
+XMLSEC_CRYPTO_EXPORT int xmlSecSkeletonAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr,
+ const char* uri);
+XMLSEC_CRYPTO_EXPORT int xmlSecSkeletonAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr,
+ const char* filename,
+ xmlSecKeyDataType type);
+#ifndef XMLSEC_NO_X509
+XMLSEC_CRYPTO_EXPORT int xmlSecSkeletonAppKeysMngrCertLoad (xmlSecKeysMngrPtr mngr,
+ const char *filename,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type);
+XMLSEC_CRYPTO_EXPORT int xmlSecSkeletonAppKeysMngrCertLoadMemory (xmlSecKeysMngrPtr mngr,
+ const xmlSecByte *data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type);
+#endif /* XMLSEC_NO_X509 */
+
+
+/********************************************************************
+ *
+ * Keys
+ *
+ ********************************************************************/
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecSkeletonAppKeyLoad (const char *filename,
+ xmlSecKeyDataFormat format,
+ const char *pwd,
+ void *pwdCallback,
+ void* pwdCallbackCtx);
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecSkeletonAppKeyLoadMemory (const xmlSecByte *data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format,
+ const char *pwd,
+ void *pwdCallback,
+ void* pwdCallbackCtx);
+#ifndef XMLSEC_NO_X509
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecSkeletonAppPkcs12Load (const char *filename,
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx);
+XMLSEC_CRYPTO_EXPORT xmlSecKeyPtr xmlSecSkeletonAppPkcs12LoadMemory (const xmlSecByte *data,
+ xmlSecSize dataSize,
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx);
+XMLSEC_CRYPTO_EXPORT int xmlSecSkeletonAppKeyCertLoad (xmlSecKeyPtr key,
+ const char* filename,
+ xmlSecKeyDataFormat format);
+XMLSEC_CRYPTO_EXPORT int xmlSecSkeletonAppKeyCertLoadMemory (xmlSecKeyPtr key,
+ const xmlSecByte *data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format);
+#endif /* XMLSEC_NO_X509 */
+
+XMLSEC_CRYPTO_EXPORT void* xmlSecSkeletonAppGetDefaultPwdCallback (void);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_SKELETON_APP_H__ */
+
diff --git a/include/xmlsec/skeleton/crypto.h b/include/xmlsec/skeleton/crypto.h
new file mode 100644
index 00000000..30346669
--- /dev/null
+++ b/include/xmlsec/skeleton/crypto.h
@@ -0,0 +1,40 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_SKELETON_CRYPTO_H__
+#define __XMLSEC_SKELETON_CRYPTO_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/dl.h>
+
+XMLSEC_CRYPTO_EXPORT xmlSecCryptoDLFunctionsPtr xmlSecCryptoGetFunctions_skeleton(void);
+
+/********************************************************************
+ *
+ * Init shutdown
+ *
+ ********************************************************************/
+XMLSEC_CRYPTO_EXPORT int xmlSecSkeletonInit (void);
+XMLSEC_CRYPTO_EXPORT int xmlSecSkeletonShutdown (void);
+
+XMLSEC_CRYPTO_EXPORT int xmlSecSkeletonKeysMngrInit (xmlSecKeysMngrPtr mngr);
+
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_SKELETON_CRYPTO_H__ */
+
+#define __XMLSEC_SKELETON_CRYPTO_H__
diff --git a/include/xmlsec/skeleton/symbols.h b/include/xmlsec/skeleton/symbols.h
new file mode 100644
index 00000000..7be57a49
--- /dev/null
+++ b/include/xmlsec/skeleton/symbols.h
@@ -0,0 +1,117 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_SKELETON_SYMBOLS_H__
+#define __XMLSEC_SKELETON_SYMBOLS_H__
+
+#if !defined(IN_XMLSEC) && defined(XMLSEC_CRYPTO_DYNAMIC_LOADING)
+#error To disable dynamic loading of xmlsec-crypto libraries undefine XMLSEC_CRYPTO_DYNAMIC_LOADING
+#endif /* !defined(IN_XMLSEC) && defined(XMLSEC_CRYPTO_DYNAMIC_LOADING) */
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#ifdef XMLSEC_CRYPTO_SKELETON
+
+/********************************************************************
+ *
+ * Crypto Init/shutdown
+ *
+ ********************************************************************/
+#define xmlSecCryptoInit xmlSecSkeletonInit
+#define xmlSecCryptoShutdown xmlSecSkeletonShutdown
+
+#define xmlSecCryptoKeysMngrInit xmlSecSkeletonKeysMngrInit
+
+/********************************************************************
+ *
+ * Key data ids
+ *
+ ********************************************************************/
+#define xmlSecKeyDataAesId xmlSecSkeletonKeyDataAesId
+#define xmlSecKeyDataDesId xmlSecSkeletonKeyDataDesId
+#define xmlSecKeyDataDsaId xmlSecSkeletonKeyDataDsaId
+#define xmlSecKeyDataHmacId xmlSecSkeletonKeyDataHmacId
+#define xmlSecKeyDataRsaId xmlSecSkeletonKeyDataRsaId
+#define xmlSecKeyDataX509Id xmlSecSkeletonKeyDataX509Id
+#define xmlSecKeyDataRawX509CertId xmlSecSkeletonKeyDataRawX509CertId
+
+/********************************************************************
+ *
+ * Key data store ids
+ *
+ ********************************************************************/
+#define xmlSecX509StoreId xmlSecSkeletonX509StoreId
+
+/********************************************************************
+ *
+ * Crypto transforms ids
+ *
+ ********************************************************************/
+#define xmlSecTransformAes128CbcId xmlSecSkeletonTransformAes128CbcId
+#define xmlSecTransformAes192CbcId xmlSecSkeletonTransformAes192CbcId
+#define xmlSecTransformAes256CbcId xmlSecSkeletonTransformAes256CbcId
+#define xmlSecTransformKWAes128Id xmlSecSkeletonTransformKWAes128Id
+#define xmlSecTransformKWAes192Id xmlSecSkeletonTransformKWAes192Id
+#define xmlSecTransformKWAes256Id xmlSecSkeletonTransformKWAes256Id
+#define xmlSecTransformDes3CbcId xmlSecSkeletonTransformDes3CbcId
+#define xmlSecTransformKWDes3Id xmlSecSkeletonTransformKWDes3Id
+#define xmlSecTransformDsaSha1Id xmlSecSkeletonTransformDsaSha1Id
+#define xmlSecTransformHmacMd5Id xmlSecSkeletonTransformHmacMd5Id
+#define xmlSecTransformHmacRipemd160Id xmlSecSkeletonTransformHmacRipemd160Id
+#define xmlSecTransformHmacSha1Id xmlSecSkeletonTransformHmacSha1Id
+#define xmlSecTransformHmacSha224Id xmlSecSkeletonTransformHmacSha224Id
+#define xmlSecTransformHmacSha256Id xmlSecSkeletonTransformHmacSha256Id
+#define xmlSecTransformHmacSha384Id xmlSecSkeletonTransformHmacSha384Id
+#define xmlSecTransformHmacSha512Id xmlSecSkeletonTransformHmacSha512Id
+#define xmlSecTransformMd5Id xmlSecSkeletonTransformMd5Id
+#define xmlSecTransformRipemd160Id xmlSecSkeletonTransformRipemd160Id
+#define xmlSecTransformRsaSha1Id xmlSecSkeletonTransformRsaSha1Id
+#define xmlSecTransformRsaSha224Id xmlSecSkeletonTransformRsaSha224Id
+#define xmlSecTransformRsaSha256Id xmlSecSkeletonTransformRsaSha256Id
+#define xmlSecTransformRsaSha384Id xmlSecSkeletonTransformRsaSha384Id
+#define xmlSecTransformRsaSha512Id xmlSecSkeletonTransformRsaSha512Id
+#define xmlSecTransformRsaPkcs1Id xmlSecSkeletonTransformRsaPkcs1Id
+#define xmlSecTransformRsaOaepId xmlSecSkeletonTransformRsaOaepId
+#define xmlSecTransformSha1Id xmlSecSkeletonTransformSha1Id
+#define xmlSecTransformSha224Id xmlSecSkeletonTransformSha224Id
+#define xmlSecTransformSha256Id xmlSecSkeletonTransformSha256Id
+#define xmlSecTransformSha384Id xmlSecSkeletonTransformSha384Id
+#define xmlSecTransformSha512Id xmlSecSkeletonTransformSha512Id
+
+/********************************************************************
+ *
+ * High level routines form xmlsec command line utility
+ *
+ ********************************************************************/
+#define xmlSecCryptoAppInit xmlSecSkeletonAppInit
+#define xmlSecCryptoAppShutdown xmlSecSkeletonAppShutdown
+#define xmlSecCryptoAppDefaultKeysMngrInit xmlSecSkeletonAppDefaultKeysMngrInit
+#define xmlSecCryptoAppDefaultKeysMngrAdoptKey xmlSecSkeletonAppDefaultKeysMngrAdoptKey
+#define xmlSecCryptoAppDefaultKeysMngrLoad xmlSecSkeletonAppDefaultKeysMngrLoad
+#define xmlSecCryptoAppDefaultKeysMngrSave xmlSecSkeletonAppDefaultKeysMngrSave
+#define xmlSecCryptoAppKeysMngrCertLoad xmlSecSkeletonAppKeysMngrCertLoad
+#define xmlSecCryptoAppKeysMngrCertLoadMemory xmlSecSkeletonAppKeysMngrCertLoadMemory
+#define xmlSecCryptoAppKeyLoad xmlSecSkeletonAppKeyLoad
+#define xmlSecCryptoAppPkcs12Load xmlSecSkeletonAppPkcs12Load
+#define xmlSecCryptoAppKeyCertLoad xmlSecSkeletonAppKeyCertLoad
+#define xmlSecCryptoAppKeyLoadMemory xmlSecSkeletonAppKeyLoadMemory
+#define xmlSecCryptoAppPkcs12LoadMemory xmlSecSkeletonAppPkcs12LoadMemory
+#define xmlSecCryptoAppKeyCertLoadMemory xmlSecSkeletonAppKeyCertLoadMemory
+#define xmlSecCryptoAppGetDefaultPwdCallback xmlSecSkeletonAppGetDefaultPwdCallback
+
+#endif /* XMLSEC_CRYPTO_SKELETON */
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_SKELETON_CRYPTO_H__ */
+
+#define __XMLSEC_SKELETON_CRYPTO_H__
diff --git a/include/xmlsec/soap.h b/include/xmlsec/soap.h
new file mode 100644
index 00000000..c4efc00f
--- /dev/null
+++ b/include/xmlsec/soap.h
@@ -0,0 +1,130 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Simple SOAP messages parsing/creation.
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_SOAP_H__
+#define __XMLSEC_SOAP_H__
+
+#ifndef XMLSEC_NO_SOAP
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <libxml/tree.h>
+#include <xmlsec/xmlsec.h>
+
+
+/***********************************************************************
+ *
+ * SOAP 1.1
+ *
+ **********************************************************************/
+XMLSEC_EXPORT xmlNodePtr xmlSecSoap11CreateEnvelope (xmlDocPtr doc);
+XMLSEC_EXPORT xmlNodePtr xmlSecSoap11EnsureHeader (xmlNodePtr envNode);
+XMLSEC_EXPORT xmlNodePtr xmlSecSoap11AddBodyEntry (xmlNodePtr envNode,
+ xmlNodePtr entryNode);
+XMLSEC_EXPORT xmlNodePtr xmlSecSoap11AddFaultEntry (xmlNodePtr envNode,
+ const xmlChar* faultCodeHref,
+ const xmlChar* faultCodeLocalPart,
+ const xmlChar* faultString,
+ const xmlChar* faultActor);
+XMLSEC_EXPORT int xmlSecSoap11CheckEnvelope (xmlNodePtr envNode);
+XMLSEC_EXPORT xmlNodePtr xmlSecSoap11GetHeader (xmlNodePtr envNode);
+XMLSEC_EXPORT xmlNodePtr xmlSecSoap11GetBody (xmlNodePtr envNode);
+XMLSEC_EXPORT xmlSecSize xmlSecSoap11GetBodyEntriesNumber(xmlNodePtr envNode);
+XMLSEC_EXPORT xmlNodePtr xmlSecSoap11GetBodyEntry (xmlNodePtr envNode,
+ xmlSecSize pos);
+XMLSEC_EXPORT xmlNodePtr xmlSecSoap11GetFaultEntry (xmlNodePtr envNode);
+
+
+/***********************************************************************
+ *
+ * SOAP 1.2
+ *
+ **********************************************************************/
+/**
+ * xmlSecSoap12FaultCode:
+ * @xmlSecSoap12FaultCodeUnknown: The fault code is not available.
+ * @xmlSecSoap12FaultCodeVersionMismatch: The faulting node found an
+ * invalid element information
+ * item instead of the expected
+ * Envelope element information item.
+ * @xmlSecSoap12FaultCodeMustUnderstand: An immediate child element
+ * information item of the SOAP
+ * Header element information item
+ * targeted at the faulting node
+ * that was not understood by the
+ * faulting node contained a SOAP
+ * mustUnderstand attribute
+ * information item with a value of "true"
+ * @xmlSecSoap12FaultCodeDataEncodingUnknown: A SOAP header block or SOAP
+ * body child element information
+ * item targeted at the faulting
+ * SOAP node is scoped with a data
+ * encoding that the faulting node
+ * does not support.
+ * @xmlSecSoap12FaultCodeSender: The message was incorrectly
+ * formed or did not contain the
+ * appropriate information in order
+ * to succeed.
+ * @xmlSecSoap12FaultCodeReceiver: The message could not be processed
+ * for reasons attributable to the
+ * processing of the message rather
+ * than to the contents of the
+ * message itself.
+ *
+ * The values of the <Value> child element information item of the
+ * <Code> element information item (http://www.w3.org/TR/2003/REC-soap12-part1-20030624/#faultcodes).
+ */
+typedef enum {
+ xmlSecSoap12FaultCodeUnknown = 0,
+ xmlSecSoap12FaultCodeVersionMismatch,
+ xmlSecSoap12FaultCodeMustUnderstand,
+ xmlSecSoap12FaultCodeDataEncodingUnknown,
+ xmlSecSoap12FaultCodeSender,
+ xmlSecSoap12FaultCodeReceiver
+} xmlSecSoap12FaultCode;
+
+XMLSEC_EXPORT xmlNodePtr xmlSecSoap12CreateEnvelope (xmlDocPtr doc);
+XMLSEC_EXPORT xmlNodePtr xmlSecSoap12EnsureHeader (xmlNodePtr envNode);
+XMLSEC_EXPORT xmlNodePtr xmlSecSoap12AddBodyEntry (xmlNodePtr envNode,
+ xmlNodePtr entryNode);
+XMLSEC_EXPORT xmlNodePtr xmlSecSoap12AddFaultEntry (xmlNodePtr envNode,
+ xmlSecSoap12FaultCode faultCode,
+ const xmlChar* faultReasonText,
+ const xmlChar* faultReasonLang,
+ const xmlChar* faultNodeURI,
+ const xmlChar* faultRole);
+XMLSEC_EXPORT xmlNodePtr xmlSecSoap12AddFaultSubcode (xmlNodePtr faultNode,
+ const xmlChar* subCodeHref,
+ const xmlChar* subCodeName);
+XMLSEC_EXPORT xmlNodePtr xmlSecSoap12AddFaultReasonText (xmlNodePtr faultNode,
+ const xmlChar* faultReasonText,
+ const xmlChar* faultReasonLang);
+XMLSEC_EXPORT xmlNodePtr xmlSecSoap12AddFaultDetailEntry (xmlNodePtr faultNode,
+ xmlNodePtr detailEntryNode);
+XMLSEC_EXPORT int xmlSecSoap12CheckEnvelope (xmlNodePtr envNode);
+XMLSEC_EXPORT xmlNodePtr xmlSecSoap12GetHeader (xmlNodePtr envNode);
+XMLSEC_EXPORT xmlNodePtr xmlSecSoap12GetBody (xmlNodePtr envNode);
+XMLSEC_EXPORT xmlSecSize xmlSecSoap12GetBodyEntriesNumber(xmlNodePtr envNode);
+XMLSEC_EXPORT xmlNodePtr xmlSecSoap12GetBodyEntry (xmlNodePtr envNode,
+ xmlSecSize pos);
+XMLSEC_EXPORT xmlNodePtr xmlSecSoap12GetFaultEntry (xmlNodePtr envNode);
+
+
+#endif /* XMLSEC_NO_SOAP */
+
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_SOAP_H__ */
+
diff --git a/include/xmlsec/strings.h b/include/xmlsec/strings.h
new file mode 100644
index 00000000..98650bf6
--- /dev/null
+++ b/include/xmlsec/strings.h
@@ -0,0 +1,610 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * All the string constans.
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_STRINGS_H__
+#define __XMLSEC_STRINGS_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+
+/*************************************************************************
+ *
+ * Global Namespaces
+ *
+ ************************************************************************/
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNs[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecDSigNs[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecEncNs[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecXkmsNs[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecXPathNs[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecXPath2Ns[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecXPointerNs[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecSoap11Ns[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecSoap12Ns[];
+
+
+/*************************************************************************
+ *
+ * DSig Nodes
+ *
+ ************************************************************************/
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeSignature[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeSignedInfo[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeSignatureValue[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeCanonicalizationMethod[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeSignatureMethod[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeDigestMethod[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeDigestValue[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeObject[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeManifest[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeSignatureProperties[];
+
+/*************************************************************************
+ *
+ * Encryption Nodes
+ *
+ ************************************************************************/
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeEncryptedData[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeEncryptionMethod[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeEncryptionProperties[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeEncryptionProperty[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeCipherData[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeCipherValue[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeCipherReference[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeReferenceList[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeDataReference[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeKeyReference[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeCarriedKeyName[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecTypeEncContent[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecTypeEncElement[];
+
+/*************************************************************************
+ *
+ * XKMS nodes, attributes and value strings
+ *
+ ************************************************************************/
+#ifndef XMLSEC_NO_XKMS
+XMLSEC_EXPORT_VAR const xmlChar xmlSecXkmsServerRequestResultName[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecXkmsServerRequestStatusName[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecXkmsServerRequestLocateName[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecXkmsServerRequestValidateName[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecXkmsServerRequestCompoundName[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeResult[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeStatusRequest[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeStatusResult[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeLocateRequest[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeLocateResult[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeValidateRequest[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeValidateResult[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeCompoundRequest[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeCompoundResult[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeMessageExtension[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeOpaqueClientData[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeResponseMechanism[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeRespondWith[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodePendingNotification[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeQueryKeyBinding[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeKeyUsage[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeUseKeyWith[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeTimeInstant[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeRequestSignatureValue[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeUnverifiedKeyBinding[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeValidityInterval[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeStatus[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeValidReason[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeInvalidReason[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeIndeterminateReason[];
+
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecAttrService[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecAttrNonce[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecAttrOriginalRequestId[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecAttrResponseLimit[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecAttrMechanism[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecAttrIdentifier[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecAttrApplication[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecAttrResultMajor[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecAttrResultMinor[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecAttrRequestId[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecAttrNotBefore[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecAttrNotOnOrAfter[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecAttrTime[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecAttrStatusValue[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecResponseMechanismPending[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecResponseMechanismRepresent[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecResponseMechanismRequestSignatureValue[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecRespondWithKeyName[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecRespondWithKeyValue[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecRespondWithX509Cert[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecRespondWithX509Chain[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecRespondWithX509CRL[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecRespondWithOCSP[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecRespondWithRetrievalMethod[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecRespondWithPGP[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecRespondWithPGPWeb[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecRespondWithSPKI[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecRespondWithPrivateKey[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecStatusResultSuccess[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecStatusResultFailed[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecStatusResultPending[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecKeyUsageEncryption[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecKeyUsageSignature[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecKeyUsageExchange[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecKeyBindingStatusValid[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecKeyBindingStatusInvalid[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecKeyBindingStatusIndeterminate[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecKeyBindingReasonIssuerTrust[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecKeyBindingReasonRevocationStatus[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecKeyBindingReasonValidityInterval[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecKeyBindingReasonSignature[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecResultMajorCodeSuccess[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecResultMajorCodeVersionMismatch[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecResultMajorCodeSender[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecResultMajorCodeReceiver[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecResultMajorCodeRepresent[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecResultMajorCodePending[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecResultMinorCodeNoMatch[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecResultMinorCodeTooManyResponses[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecResultMinorCodeIncomplete[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecResultMinorCodeFailure[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecResultMinorCodeRefused[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecResultMinorCodeNoAuthentication[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecResultMinorCodeMessageNotSupported[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecResultMinorCodeUnknownResponseId[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecResultMinorCodeNotSynchronous[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecXkmsSoapFaultReasonLang[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecXkmsSoapFaultReasonUnsupportedVersion[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecXkmsSoapFaultReasonUnableToProcess[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecXkmsSoapFaultReasonServiceUnavailable[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecXkmsSoapFaultReasonMessageNotSupported[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecXkmsSoapFaultReasonMessageInvalid[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecXkmsSoapSubcodeValueMessageNotSupported[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecXkmsSoapSubcodeValueBadMessage[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecXkmsFormatStrPlain[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecXkmsFormatStrSoap11[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecXkmsFormatStrSoap12[];
+
+#endif /* XMLSEC_NO_XKMS */
+
+/*************************************************************************
+ *
+ * KeyInfo and Transform Nodes
+ *
+ ************************************************************************/
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeKeyInfo[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeReference[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeTransforms[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeTransform[];
+
+/*************************************************************************
+ *
+ * Attributes
+ *
+ ************************************************************************/
+XMLSEC_EXPORT_VAR const xmlChar xmlSecAttrId[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecAttrURI[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecAttrType[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecAttrMimeType[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecAttrEncoding[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecAttrAlgorithm[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecAttrTarget[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecAttrFilter[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecAttrRecipient[];
+
+/*************************************************************************
+ *
+ * AES strings
+ *
+ ************************************************************************/
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameAESKeyValue[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeAESKeyValue[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefAESKeyValue[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameAes128Cbc[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefAes128Cbc[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameAes192Cbc[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefAes192Cbc[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameAes256Cbc[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefAes256Cbc[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameKWAes128[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefKWAes128[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameKWAes192[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefKWAes192[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameKWAes256[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefKWAes256[];
+
+/*************************************************************************
+ *
+ * BASE64 strings
+ *
+ ************************************************************************/
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameBase64[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefBase64[];
+
+/*************************************************************************
+ *
+ * C14N strings
+ *
+ ************************************************************************/
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameC14N[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefC14N[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameC14NWithComments[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefC14NWithComments[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameC14N11[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefC14N11[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameC14N11WithComments[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefC14N11WithComments[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameExcC14N[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefExcC14N[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameExcC14NWithComments[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefExcC14NWithComments[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNsExcC14N[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNsExcC14NWithComments[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeInclusiveNamespaces[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecAttrPrefixList[];
+
+/*************************************************************************
+ *
+ * DES strings
+ *
+ ************************************************************************/
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameDESKeyValue[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeDESKeyValue[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefDESKeyValue[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameDes3Cbc[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefDes3Cbc[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameKWDes3[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefKWDes3[];
+
+/*************************************************************************
+ *
+ * DSA strings
+ *
+ ************************************************************************/
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameDSAKeyValue[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeDSAKeyValue[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefDSAKeyValue[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeDSAP[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeDSAQ[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeDSAG[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeDSAJ[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeDSAX[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeDSAY[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeDSASeed[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeDSAPgenCounter[];
+
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameDsaSha1[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefDsaSha1[];
+
+/*************************************************************************
+ *
+ * GOST2001 strings
+ *
+ ************************************************************************/
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameGOST2001KeyValue[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeGOST2001KeyValue[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefGOST2001KeyValue[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameGost2001GostR3411_94[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefGost2001GostR3411_94[];
+
+/*************************************************************************
+ *
+ * EncryptedKey
+ *
+ ************************************************************************/
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameEncryptedKey[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeEncryptedKey[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefEncryptedKey[];
+
+/*************************************************************************
+ *
+ * Enveloped transform strings
+ *
+ ************************************************************************/
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameEnveloped[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefEnveloped[];
+
+/*************************************************************************
+ *
+ * HMAC strings
+ *
+ ************************************************************************/
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameHMACKeyValue[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeHMACKeyValue[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefHMACKeyValue[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeHMACOutputLength[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameHmacMd5[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefHmacMd5[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameHmacRipemd160[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefHmacRipemd160[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameHmacSha1[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefHmacSha1[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameHmacSha224[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefHmacSha224[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameHmacSha256[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefHmacSha256[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameHmacSha384[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefHmacSha384[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameHmacSha512[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefHmacSha512[];
+
+/*************************************************************************
+ *
+ * KeyName strings
+ *
+ ************************************************************************/
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameKeyName[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeKeyName[];
+
+/*************************************************************************
+ *
+ * KeyValue strings
+ *
+ ************************************************************************/
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameKeyValue[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeKeyValue[];
+
+/*************************************************************************
+ *
+ * Memory Buffer strings
+ *
+ ************************************************************************/
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameMemBuf[];
+
+/*************************************************************************
+ *
+ * MD5 strings
+ *
+ ************************************************************************/
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameMd5[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefMd5[];
+
+/*************************************************************************
+ *
+ * RetrievalMethod
+ *
+ ************************************************************************/
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameRetrievalMethod[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeRetrievalMethod[];
+
+/*************************************************************************
+ *
+ * RIPEMD160 strings
+ *
+ ************************************************************************/
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameRipemd160[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefRipemd160[];
+
+/*************************************************************************
+ *
+ * RSA strings
+ *
+ ************************************************************************/
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameRSAKeyValue[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeRSAKeyValue[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefRSAKeyValue[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeRSAModulus[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeRSAExponent[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeRSAPrivateExponent[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameRsaMd5[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefRsaMd5[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameRsaRipemd160[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefRsaRipemd160[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameRsaSha1[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefRsaSha1[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameRsaSha224[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefRsaSha224[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameRsaSha256[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefRsaSha256[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameRsaSha384[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefRsaSha384[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameRsaSha512[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefRsaSha512[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameRsaPkcs1[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefRsaPkcs1[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameRsaOaep[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefRsaOaep[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeRsaOAEPparams[];
+
+/*************************************************************************
+ *
+ * GOSTR3411_94 strings
+ *
+ ************************************************************************/
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameGostR3411_94[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefGostR3411_94[];
+
+/*************************************************************************
+ *
+ * SHA1 strings
+ *
+ ************************************************************************/
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameSha1[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefSha1[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameSha224[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefSha224[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameSha256[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefSha256[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameSha384[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefSha384[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameSha512[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefSha512[];
+
+/*************************************************************************
+ *
+ * X509 strings
+ *
+ ************************************************************************/
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameX509Data[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeX509Data[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefX509Data[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeX509Certificate[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeX509CRL[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeX509SubjectName[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeX509IssuerSerial[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeX509IssuerName[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeX509SerialNumber[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeX509SKI[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameRawX509Cert[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefRawX509Cert[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameX509Store[];
+
+/*************************************************************************
+ *
+ * PGP strings
+ *
+ ************************************************************************/
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNamePGPData[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodePGPData[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefPGPData[];
+
+/*************************************************************************
+ *
+ * SPKI strings
+ *
+ ************************************************************************/
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameSPKIData[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeSPKIData[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefSPKIData[];
+
+/*************************************************************************
+ *
+ * XPath/XPointer strings
+ *
+ ************************************************************************/
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameXPath[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeXPath[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameXPath2[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeXPath2[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecXPath2FilterIntersect[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecXPath2FilterSubtract[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecXPath2FilterUnion[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameXPointer[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeXPointer[];
+
+/*************************************************************************
+ *
+ * Xslt strings
+ *
+ ************************************************************************/
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNameXslt[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecHrefXslt[];
+
+#ifndef XMLSEC_NO_SOAP
+/*************************************************************************
+ *
+ * SOAP 1.1/1.2 strings
+ *
+ ************************************************************************/
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeEnvelope[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeHeader[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeBody[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeFault[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeFaultCode[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeFaultString[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeFaultActor[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeFaultDetail[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeCode[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeReason[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeNode[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeRole[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeDetail[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeValue[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeSubcode[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecNodeText[];
+
+XMLSEC_EXPORT_VAR const xmlChar xmlSecSoapFaultCodeVersionMismatch[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecSoapFaultCodeMustUnderstand[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecSoapFaultCodeClient[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecSoapFaultCodeServer[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecSoapFaultCodeReceiver[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecSoapFaultCodeSender[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecSoapFaultDataEncodningUnknown[];
+
+
+#endif /* XMLSEC_NO_SOAP */
+
+/*************************************************************************
+ *
+ * Utility strings
+ *
+ ************************************************************************/
+XMLSEC_EXPORT_VAR const xmlChar xmlSecStringEmpty[];
+XMLSEC_EXPORT_VAR const xmlChar xmlSecStringCR[];
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_STRINGS_H__ */
+
+
diff --git a/include/xmlsec/templates.h b/include/xmlsec/templates.h
new file mode 100644
index 00000000..815cddce
--- /dev/null
+++ b/include/xmlsec/templates.h
@@ -0,0 +1,162 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * KeyInfo node processing
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_TEMPLATES_H__
+#define __XMLSEC_TEMPALTES_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/transforms.h>
+
+/***********************************************************************
+ *
+ * <dsig:Signature> node
+ *
+ **********************************************************************/
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplSignatureCreate (xmlDocPtr doc,
+ xmlSecTransformId c14nMethodId,
+ xmlSecTransformId signMethodId,
+ const xmlChar *id);
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplSignatureCreateNsPref (xmlDocPtr doc,
+ xmlSecTransformId c14nMethodId,
+ xmlSecTransformId signMethodId,
+ const xmlChar *id,
+ const xmlChar *nsPrefix);
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplSignatureEnsureKeyInfo (xmlNodePtr signNode,
+ const xmlChar *id);
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplSignatureAddReference (xmlNodePtr signNode,
+ xmlSecTransformId digestMethodId,
+ const xmlChar *id,
+ const xmlChar *uri,
+ const xmlChar *type);
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplSignatureAddObject (xmlNodePtr signNode,
+ const xmlChar *id,
+ const xmlChar *mimeType,
+ const xmlChar *encoding);
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplSignatureGetSignMethodNode (xmlNodePtr signNode);
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplSignatureGetC14NMethodNode (xmlNodePtr signNode);
+
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplReferenceAddTransform (xmlNodePtr referenceNode,
+ xmlSecTransformId transformId);
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplObjectAddSignProperties (xmlNodePtr objectNode,
+ const xmlChar *id,
+ const xmlChar *target);
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplObjectAddManifest (xmlNodePtr objectNode,
+ const xmlChar *id);
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplManifestAddReference (xmlNodePtr manifestNode,
+ xmlSecTransformId digestMethodId,
+ const xmlChar *id,
+ const xmlChar *uri,
+ const xmlChar *type);
+
+/***********************************************************************
+ *
+ * <enc:EncryptedData> node
+ *
+ **********************************************************************/
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplEncDataCreate (xmlDocPtr doc,
+ xmlSecTransformId encMethodId,
+ const xmlChar *id,
+ const xmlChar *type,
+ const xmlChar *mimeType,
+ const xmlChar *encoding);
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplEncDataEnsureKeyInfo (xmlNodePtr encNode,
+ const xmlChar *id);
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplEncDataEnsureEncProperties (xmlNodePtr encNode,
+ const xmlChar *id);
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplEncDataAddEncProperty (xmlNodePtr encNode,
+ const xmlChar *id,
+ const xmlChar *target);
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplEncDataEnsureCipherValue (xmlNodePtr encNode);
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplEncDataEnsureCipherReference (xmlNodePtr encNode,
+ const xmlChar *uri);
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplEncDataGetEncMethodNode (xmlNodePtr encNode);
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplCipherReferenceAddTransform (xmlNodePtr cipherReferenceNode,
+ xmlSecTransformId transformId);
+
+/***********************************************************************
+ *
+ * <enc:EncryptedKey> node
+ *
+ **********************************************************************/
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplReferenceListAddDataReference(xmlNodePtr encNode,
+ const xmlChar *uri);
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplReferenceListAddKeyReference (xmlNodePtr encNode,
+ const xmlChar *uri);
+
+/***********************************************************************
+ *
+ * <dsig:KeyInfo> node
+ *
+ **********************************************************************/
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplKeyInfoAddKeyName (xmlNodePtr keyInfoNode,
+ const xmlChar* name);
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplKeyInfoAddKeyValue (xmlNodePtr keyInfoNode);
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplKeyInfoAddX509Data (xmlNodePtr keyInfoNode);
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplKeyInfoAddRetrievalMethod (xmlNodePtr keyInfoNode,
+ const xmlChar *uri,
+ const xmlChar *type);
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplRetrievalMethodAddTransform (xmlNodePtr retrMethodNode,
+ xmlSecTransformId transformId);
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplKeyInfoAddEncryptedKey (xmlNodePtr keyInfoNode,
+ xmlSecTransformId encMethodId,
+ const xmlChar *id,
+ const xmlChar *type,
+ const xmlChar *recipient);
+
+/***********************************************************************
+ *
+ * <dsig:X509Data> node
+ *
+ **********************************************************************/
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplX509DataAddIssuerSerial (xmlNodePtr x509DataNode);
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplX509IssuerSerialAddIssuerName(xmlNodePtr x509IssuerSerialNode, const xmlChar* issuerName);
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplX509IssuerSerialAddSerialNumber(xmlNodePtr x509IssuerSerialNode, const xmlChar* serial);
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplX509DataAddSubjectName (xmlNodePtr x509DataNode);
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplX509DataAddSKI (xmlNodePtr x509DataNode);
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplX509DataAddCertificate (xmlNodePtr x509DataNode);
+XMLSEC_EXPORT xmlNodePtr xmlSecTmplX509DataAddCRL (xmlNodePtr x509DataNode);
+
+/***********************************************************************
+ *
+ * <dsig:Transform> node
+ *
+ **********************************************************************/
+XMLSEC_EXPORT int xmlSecTmplTransformAddHmacOutputLength (xmlNodePtr transformNode,
+ xmlSecSize bitsLen);
+XMLSEC_EXPORT int xmlSecTmplTransformAddRsaOaepParam (xmlNodePtr transformNode,
+ const xmlSecByte *buf,
+ xmlSecSize size);
+XMLSEC_EXPORT int xmlSecTmplTransformAddXsltStylesheet (xmlNodePtr transformNode,
+ const xmlChar *xslt);
+XMLSEC_EXPORT int xmlSecTmplTransformAddC14NInclNamespaces(xmlNodePtr transformNode,
+ const xmlChar *prefixList);
+XMLSEC_EXPORT int xmlSecTmplTransformAddXPath (xmlNodePtr transformNode,
+ const xmlChar *expression,
+ const xmlChar **nsList);
+XMLSEC_EXPORT int xmlSecTmplTransformAddXPath2 (xmlNodePtr transformNode,
+ const xmlChar* type,
+ const xmlChar *expression,
+ const xmlChar **nsList);
+XMLSEC_EXPORT int xmlSecTmplTransformAddXPointer (xmlNodePtr transformNode,
+ const xmlChar *expression,
+ const xmlChar **nsList);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_KEYINFO_TEMPLATES_H__ */
+
diff --git a/include/xmlsec/transforms.h b/include/xmlsec/transforms.h
new file mode 100644
index 00000000..f0c70c91
--- /dev/null
+++ b/include/xmlsec/transforms.h
@@ -0,0 +1,994 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * The transforms engine
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_TRANSFORMS_H__
+#define __XMLSEC_TRANSFORMS_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <libxml/tree.h>
+#include <libxml/xpath.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/buffer.h>
+#include <xmlsec/list.h>
+#include <xmlsec/nodeset.h>
+#include <xmlsec/keys.h>
+
+typedef const struct _xmlSecTransformKlass xmlSecTransformKlass,
+ *xmlSecTransformId;
+
+/**
+ * XMLSEC_TRANSFORM_BINARY_CHUNK:
+ *
+ * The binary data chunks size. XMLSec processes binary data one chunk
+ * at a time. Changing this impacts xmlsec memory usage and performance.
+ */
+#define XMLSEC_TRANSFORM_BINARY_CHUNK 64
+
+/**********************************************************************
+ *
+ * High-level functions
+ *
+ *********************************************************************/
+XMLSEC_EXPORT xmlSecPtrListPtr xmlSecTransformIdsGet (void);
+XMLSEC_EXPORT int xmlSecTransformIdsInit (void);
+XMLSEC_EXPORT void xmlSecTransformIdsShutdown (void);
+XMLSEC_EXPORT int xmlSecTransformIdsRegisterDefault(void);
+XMLSEC_EXPORT int xmlSecTransformIdsRegister (xmlSecTransformId id);
+
+/**
+ * xmlSecTransformStatus:
+ * @xmlSecTransformStatusNone: the status unknown.
+ * @xmlSecTransformStatusWorking: the transform is executed.
+ * @xmlSecTransformStatusFinished: the transform finished
+ * @xmlSecTransformStatusOk: the transform succeeded.
+ * @xmlSecTransformStatusFail: the transform failed (an error occur).
+ *
+ * The transform execution status.
+ */
+typedef enum {
+ xmlSecTransformStatusNone = 0,
+ xmlSecTransformStatusWorking,
+ xmlSecTransformStatusFinished,
+ xmlSecTransformStatusOk,
+ xmlSecTransformStatusFail
+} xmlSecTransformStatus;
+
+/**
+ * xmlSecTransformMode:
+ * @xmlSecTransformModeNone: the mode is unknown.
+ * @xmlSecTransformModePush: pushing data thru transform.
+ * @xmlSecTransformModePop: popping data from transform.
+ *
+ * The transform operation mode
+ */
+typedef enum {
+ xmlSecTransformModeNone = 0,
+ xmlSecTransformModePush,
+ xmlSecTransformModePop
+} xmlSecTransformMode;
+
+/**
+ * xmlSecTransformOperation:
+ * @xmlSecTransformOperationNone: the operation is unknown.
+ * @xmlSecTransformOperationEncode: the encode operation (for base64 transform).
+ * @xmlSecTransformOperationDecode: the decode operation (for base64 transform).
+ * @xmlSecTransformOperationSign: the sign or digest operation.
+ * @xmlSecTransformOperationVerify: the verification of signature or digest operation.
+ * @xmlSecTransformOperationEncrypt: the encryption operation.
+ * @xmlSecTransformOperationDecrypt: the decryption operation.
+ *
+ * The transform operation.
+ */
+typedef enum {
+ xmlSecTransformOperationNone = 0,
+ xmlSecTransformOperationEncode,
+ xmlSecTransformOperationDecode,
+ xmlSecTransformOperationSign,
+ xmlSecTransformOperationVerify,
+ xmlSecTransformOperationEncrypt,
+ xmlSecTransformOperationDecrypt
+} xmlSecTransformOperation;
+
+/**************************************************************************
+ *
+ * xmlSecTransformUriType:
+ *
+ *************************************************************************/
+/**
+ * xmlSecTransformUriType:
+ *
+ * URI transform type bit mask.
+ */
+typedef unsigned int xmlSecTransformUriType;
+
+/**
+ * xmlSecTransformUriTypeNone:
+ *
+ * The URI type is unknown or not set.
+ */
+#define xmlSecTransformUriTypeNone 0x0000
+
+/**
+ * xmlSecTransformUriTypeEmpty:
+ *
+ * The empty URI ("") type.
+ */
+#define xmlSecTransformUriTypeEmpty 0x0001
+
+/**
+ * xmlSecTransformUriTypeSameDocument:
+ *
+ * The smae document ("#...") but not empty ("") URI type.
+ */
+#define xmlSecTransformUriTypeSameDocument 0x0002
+
+/**
+ * xmlSecTransformUriTypeLocal:
+ *
+ * The local URI ("file:///....") type.
+ */
+#define xmlSecTransformUriTypeLocal 0x0004
+
+/**
+ * xmlSecTransformUriTypeRemote:
+ *
+ * The remote URI type.
+ */
+#define xmlSecTransformUriTypeRemote 0x0008
+
+/**
+ * xmlSecTransformUriTypeAny:
+ *
+ * Any URI type.
+ */
+#define xmlSecTransformUriTypeAny 0xFFFF
+
+XMLSEC_EXPORT int xmlSecTransformUriTypeCheck (xmlSecTransformUriType type,
+ const xmlChar* uri);
+/**************************************************************************
+ *
+ * xmlSecTransformDataType
+ *
+ *************************************************************************/
+/**
+ * xmlSecTransformDataType:
+ *
+ * Transform data type bit mask.
+ */
+typedef xmlSecByte xmlSecTransformDataType;
+
+/**
+ * xmlSecTransformDataTypeUnknown:
+ *
+ * The transform data type is unknown or nor data expected.
+ */
+#define xmlSecTransformDataTypeUnknown 0x0000
+
+/**
+ * xmlSecTransformDataTypeBin:
+ *
+ * The binary transform data.
+ */
+#define xmlSecTransformDataTypeBin 0x0001
+
+/**
+ * xmlSecTransformDataTypeXml:
+ *
+ * The xml transform data.
+ */
+#define xmlSecTransformDataTypeXml 0x0002
+
+/**************************************************************************
+ *
+ * xmlSecTransformUsage
+ *
+ *************************************************************************/
+/**
+ * xmlSecTransformUsage:
+ *
+ * The transform usage bit mask.
+ */
+typedef unsigned int xmlSecTransformUsage;
+
+/**
+ * xmlSecTransformUsageUnknown:
+ *
+ * Transforms usage is unknown or undefined.
+ */
+#define xmlSecTransformUsageUnknown 0x0000
+
+/**
+ * xmlSecTransformUsageDSigTransform:
+ *
+ * Transform could be used in <dsig:Transform>.
+ */
+#define xmlSecTransformUsageDSigTransform 0x0001
+
+/**
+ * xmlSecTransformUsageC14NMethod:
+ *
+ * Transform could be used in <dsig:CanonicalizationMethod>.
+ */
+#define xmlSecTransformUsageC14NMethod 0x0002
+
+/**
+ * xmlSecTransformUsageDigestMethod:
+ *
+ * Transform could be used in <dsig:DigestMethod>.
+ */
+#define xmlSecTransformUsageDigestMethod 0x0004
+
+/**
+ * xmlSecTransformUsageSignatureMethod:
+ *
+ * Transform could be used in <dsig:SignatureMethod>.
+ */
+#define xmlSecTransformUsageSignatureMethod 0x0008
+
+/**
+ * xmlSecTransformUsageEncryptionMethod:
+ *
+ * Transform could be used in <enc:EncryptionMethod>.
+ */
+#define xmlSecTransformUsageEncryptionMethod 0x0010
+
+/**
+ * xmlSecTransformUsageAny:
+ *
+ * Transform could be used for operation.
+ */
+#define xmlSecTransformUsageAny 0xFFFF
+
+/**************************************************************************
+ *
+ * xmlSecTransformCtx
+ *
+ *************************************************************************/
+/**
+ * xmlSecTransformCtxPreExecuteCallback:
+ * @transformCtx: the pointer to transform's context.
+ *
+ * The callback called after creating transforms chain but before
+ * starting data processing. Application can use this callback to
+ * do additional transforms chain verification or modification and
+ * aborting transforms execution (if necessary).
+ *
+ * Returns: 0 on success and a negative value otherwise (in this case,
+ * transforms chain will not be executed and xmlsec processing stops).
+ */
+typedef int (*xmlSecTransformCtxPreExecuteCallback) (xmlSecTransformCtxPtr transformCtx);
+
+/**
+ * XMLSEC_TRANSFORMCTX_FLAGS_USE_VISA3D_HACK:
+ *
+ * If this flag is set then URI ID references are resolved directly
+ * without using XPointers. This allows one to sign/verify Visa3D
+ * documents that don't follow XML, XPointer and XML DSig specifications.
+ */
+#define XMLSEC_TRANSFORMCTX_FLAGS_USE_VISA3D_HACK 0x00000001
+
+/**
+ * xmlSecTransformCtx:
+ * @userData: the pointer to user data (xmlsec and xmlsec-crypto never
+ * touch this).
+ * @flags: the bit mask flags to control transforms execution
+ * (reserved for the future).
+ * @flags2: the bit mask flags to control transforms execution
+ * (reserved for the future).
+ * @enabledUris: the allowed transform data source uri types.
+ * @enabledTransforms: the list of enabled transforms; if list is empty (default)
+ * then all registered transforms are enabled.
+ * @preExecCallback: the callback called after preparing transform chain
+ * and right before actual data processing; application
+ * can use this callback to change transforms parameters,
+ * insert additional transforms in the chain or do
+ * additional validation (and abort transform execution
+ * if needed).
+ * @result: the pointer to transforms result buffer.
+ * @status: the transforms chain processng status.
+ * @uri: the data source URI without xpointer expression.
+ * @xptrExpr: the xpointer expression from data source URI (if any).
+ * @first: the first transform in the chain.
+ * @last: the last transform in the chain.
+ * @reserved0: reserved for the future.
+ * @reserved1: reserved for the future.
+ *
+ * The transform execution context.
+ */
+struct _xmlSecTransformCtx {
+ /* user settings */
+ void* userData;
+ unsigned int flags;
+ unsigned int flags2;
+ xmlSecTransformUriType enabledUris;
+ xmlSecPtrList enabledTransforms;
+ xmlSecTransformCtxPreExecuteCallback preExecCallback;
+
+ /* results */
+ xmlSecBufferPtr result;
+ xmlSecTransformStatus status;
+ xmlChar* uri;
+ xmlChar* xptrExpr;
+ xmlSecTransformPtr first;
+ xmlSecTransformPtr last;
+
+ /* for the future */
+ void* reserved0;
+ void* reserved1;
+};
+
+XMLSEC_EXPORT xmlSecTransformCtxPtr xmlSecTransformCtxCreate (void);
+XMLSEC_EXPORT void xmlSecTransformCtxDestroy (xmlSecTransformCtxPtr ctx);
+XMLSEC_EXPORT int xmlSecTransformCtxInitialize (xmlSecTransformCtxPtr ctx);
+XMLSEC_EXPORT void xmlSecTransformCtxFinalize (xmlSecTransformCtxPtr ctx);
+XMLSEC_EXPORT void xmlSecTransformCtxReset (xmlSecTransformCtxPtr ctx);
+XMLSEC_EXPORT int xmlSecTransformCtxCopyUserPref (xmlSecTransformCtxPtr dst,
+ xmlSecTransformCtxPtr src);
+XMLSEC_EXPORT int xmlSecTransformCtxSetUri (xmlSecTransformCtxPtr ctx,
+ const xmlChar* uri,
+ xmlNodePtr hereNode);
+XMLSEC_EXPORT int xmlSecTransformCtxAppend (xmlSecTransformCtxPtr ctx,
+ xmlSecTransformPtr transform);
+XMLSEC_EXPORT int xmlSecTransformCtxPrepend (xmlSecTransformCtxPtr ctx,
+ xmlSecTransformPtr transform);
+XMLSEC_EXPORT xmlSecTransformPtr xmlSecTransformCtxCreateAndAppend(xmlSecTransformCtxPtr ctx,
+ xmlSecTransformId id);
+XMLSEC_EXPORT xmlSecTransformPtr xmlSecTransformCtxCreateAndPrepend(xmlSecTransformCtxPtr ctx,
+ xmlSecTransformId id);
+XMLSEC_EXPORT xmlSecTransformPtr xmlSecTransformCtxNodeRead (xmlSecTransformCtxPtr ctx,
+ xmlNodePtr node,
+ xmlSecTransformUsage usage);
+XMLSEC_EXPORT int xmlSecTransformCtxNodesListRead (xmlSecTransformCtxPtr ctx,
+ xmlNodePtr node,
+ xmlSecTransformUsage usage);
+XMLSEC_EXPORT int xmlSecTransformCtxPrepare (xmlSecTransformCtxPtr ctx,
+ xmlSecTransformDataType inputDataType);
+XMLSEC_EXPORT int xmlSecTransformCtxBinaryExecute (xmlSecTransformCtxPtr ctx,
+ const xmlSecByte* data,
+ xmlSecSize dataSize);
+XMLSEC_EXPORT int xmlSecTransformCtxUriExecute (xmlSecTransformCtxPtr ctx,
+ const xmlChar* uri);
+XMLSEC_EXPORT int xmlSecTransformCtxXmlExecute (xmlSecTransformCtxPtr ctx,
+ xmlSecNodeSetPtr nodes);
+XMLSEC_EXPORT int xmlSecTransformCtxExecute (xmlSecTransformCtxPtr ctx,
+ xmlDocPtr doc);
+XMLSEC_EXPORT void xmlSecTransformCtxDebugDump (xmlSecTransformCtxPtr ctx,
+ FILE* output);
+XMLSEC_EXPORT void xmlSecTransformCtxDebugXmlDump (xmlSecTransformCtxPtr ctx,
+ FILE* output);
+
+/**************************************************************************
+ *
+ * xmlSecTransform
+ *
+ *************************************************************************/
+/**
+ * xmlSecTransform:
+ * @id: the transform id (pointer to #xmlSecTransformId).
+ * @operation: the transform's opertaion.
+ * @status: the current status.
+ * @hereNode: the pointer to transform's <dsig:Transform /> node.
+ * @next: the pointer to next transform in the chain.
+ * @prev: the pointer to previous transform in the chain.
+ * @inBuf: the input binary data buffer.
+ * @outBuf: the output binary data buffer.
+ * @inNodes: the input XML nodes.
+ * @outNodes: the output XML nodes.
+ * @reserved0: reserved for the future.
+ * @reserved1: reserved for the future.
+ *
+ * The transform structure.
+ */
+struct _xmlSecTransform {
+ xmlSecTransformId id;
+ xmlSecTransformOperation operation;
+ xmlSecTransformStatus status;
+ xmlNodePtr hereNode;
+
+ /* transforms chain */
+ xmlSecTransformPtr next;
+ xmlSecTransformPtr prev;
+
+ /* binary data */
+ xmlSecBuffer inBuf;
+ xmlSecBuffer outBuf;
+
+ /* xml data */
+ xmlSecNodeSetPtr inNodes;
+ xmlSecNodeSetPtr outNodes;
+
+ /* reserved for the future */
+ void* reserved0;
+ void* reserved1;
+};
+
+XMLSEC_EXPORT xmlSecTransformPtr xmlSecTransformCreate (xmlSecTransformId id);
+XMLSEC_EXPORT void xmlSecTransformDestroy (xmlSecTransformPtr transform);
+XMLSEC_EXPORT xmlSecTransformPtr xmlSecTransformNodeRead (xmlNodePtr node,
+ xmlSecTransformUsage usage,
+ xmlSecTransformCtxPtr transformCtx);
+XMLSEC_EXPORT int xmlSecTransformPump (xmlSecTransformPtr left,
+ xmlSecTransformPtr right,
+ xmlSecTransformCtxPtr transformCtx);
+XMLSEC_EXPORT int xmlSecTransformSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+XMLSEC_EXPORT int xmlSecTransformSetKeyReq(xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+XMLSEC_EXPORT int xmlSecTransformVerify (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+XMLSEC_EXPORT int xmlSecTransformVerifyNodeContent(xmlSecTransformPtr transform,
+ xmlNodePtr node,
+ xmlSecTransformCtxPtr transformCtx);
+XMLSEC_EXPORT xmlSecTransformDataType xmlSecTransformGetDataType(xmlSecTransformPtr transform,
+ xmlSecTransformMode mode,
+ xmlSecTransformCtxPtr transformCtx);
+XMLSEC_EXPORT int xmlSecTransformPushBin (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ int final,
+ xmlSecTransformCtxPtr transformCtx);
+XMLSEC_EXPORT int xmlSecTransformPopBin (xmlSecTransformPtr transform,
+ xmlSecByte* data,
+ xmlSecSize maxDataSize,
+ xmlSecSize* dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+XMLSEC_EXPORT int xmlSecTransformPushXml (xmlSecTransformPtr transform,
+ xmlSecNodeSetPtr nodes,
+ xmlSecTransformCtxPtr transformCtx);
+XMLSEC_EXPORT int xmlSecTransformPopXml (xmlSecTransformPtr transform,
+ xmlSecNodeSetPtr* nodes,
+ xmlSecTransformCtxPtr transformCtx);
+XMLSEC_EXPORT int xmlSecTransformExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+XMLSEC_EXPORT void xmlSecTransformDebugDump(xmlSecTransformPtr transform,
+ FILE* output);
+XMLSEC_EXPORT void xmlSecTransformDebugXmlDump(xmlSecTransformPtr transform,
+ FILE* output);
+/**
+ * xmlSecTransformGetName:
+ * @transform: the pointer to transform.
+ *
+ * Macro. Returns transform name.
+ */
+#define xmlSecTransformGetName(transform) \
+ ((xmlSecTransformIsValid((transform))) ? \
+ xmlSecTransformKlassGetName((transform)->id) : NULL)
+
+/**
+ * xmlSecTransformIsValid:
+ * @transform: the pointer to transform.
+ *
+ * Macro. Returns 1 if the @transform is valid or 0 otherwise.
+ */
+#define xmlSecTransformIsValid(transform) \
+ ((( transform ) != NULL) && \
+ (( transform )->id != NULL) && \
+ (( transform )->id->klassSize >= sizeof(xmlSecTransformKlass)) && \
+ (( transform )->id->objSize >= sizeof(xmlSecTransform)) && \
+ (( transform )->id->name != NULL))
+
+/**
+ * xmlSecTransformCheckId:
+ * @transform: the pointer to transform.
+ * @i: the transform id.
+ *
+ * Macro. Returns 1 if the @transform is valid and has specified id @i
+ * or 0 otherwise.
+ */
+#define xmlSecTransformCheckId(transform, i) \
+ (xmlSecTransformIsValid(( transform )) && \
+ ((((const xmlSecTransformId) (( transform )->id))) == ( i )))
+
+/**
+ * xmlSecTransformCheckSize:
+ * @transform: the pointer to transform.
+ * @size: the transform object size.
+ *
+ * Macro. Returns 1 if the @transform is valid and has at least @size
+ * bytes or 0 otherwise.
+ */
+#define xmlSecTransformCheckSize(transform, size) \
+ (xmlSecTransformIsValid(( transform )) && \
+ ((( transform )->id->objSize) >= ( size )))
+
+
+/************************************************************************
+ *
+ * Operations on transforms chain
+ *
+ ************************************************************************/
+XMLSEC_EXPORT int xmlSecTransformConnect (xmlSecTransformPtr left,
+ xmlSecTransformPtr right,
+ xmlSecTransformCtxPtr transformCtx);
+XMLSEC_EXPORT void xmlSecTransformRemove (xmlSecTransformPtr transform);
+
+/************************************************************************
+ *
+ * Default callbacks, most of the transforms can use them
+ *
+ ************************************************************************/
+XMLSEC_EXPORT xmlSecTransformDataType xmlSecTransformDefaultGetDataType(xmlSecTransformPtr transform,
+ xmlSecTransformMode mode,
+ xmlSecTransformCtxPtr transformCtx);
+XMLSEC_EXPORT int xmlSecTransformDefaultPushBin(xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ int final,
+ xmlSecTransformCtxPtr transformCtx);
+XMLSEC_EXPORT int xmlSecTransformDefaultPopBin(xmlSecTransformPtr transform,
+ xmlSecByte* data,
+ xmlSecSize maxDataSize,
+ xmlSecSize* dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+XMLSEC_EXPORT int xmlSecTransformDefaultPushXml(xmlSecTransformPtr transform,
+ xmlSecNodeSetPtr nodes,
+ xmlSecTransformCtxPtr transformCtx);
+XMLSEC_EXPORT int xmlSecTransformDefaultPopXml(xmlSecTransformPtr transform,
+ xmlSecNodeSetPtr* nodes,
+ xmlSecTransformCtxPtr transformCtx);
+
+/************************************************************************
+ *
+ * IO buffers for transforms
+ *
+ ************************************************************************/
+XMLSEC_EXPORT xmlOutputBufferPtr xmlSecTransformCreateOutputBuffer(xmlSecTransformPtr transform,
+ xmlSecTransformCtxPtr transformCtx);
+XMLSEC_EXPORT xmlParserInputBufferPtr xmlSecTransformCreateInputBuffer(xmlSecTransformPtr transform,
+ xmlSecTransformCtxPtr transformCtx);
+
+/************************************************************************
+ *
+ * Transform Klass
+ *
+ ************************************************************************/
+/**
+ * xmlSecTransformInitializeMethod:
+ * @transform: the pointer to transform object.
+ *
+ * The transform specific initialization method.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+typedef int (*xmlSecTransformInitializeMethod) (xmlSecTransformPtr transform);
+
+/**
+ * xmlSecTransformFinalizeMethod:
+ * @transform: the pointer to transform object.
+ *
+ * The transform specific destroy method.
+ */
+typedef void (*xmlSecTransformFinalizeMethod) (xmlSecTransformPtr transform);
+
+/**
+ * xmlSecTransformGetDataTypeMethod:
+ * @transform: the pointer to transform object.
+ * @mode: the mode.
+ * @transformCtx: the pointer to transform context object.
+ *
+ * The transform specific method to query information about transform
+ * data type in specified mode @mode.
+ *
+ * Returns: transform data type.
+ */
+typedef xmlSecTransformDataType (*xmlSecTransformGetDataTypeMethod)(xmlSecTransformPtr transform,
+ xmlSecTransformMode mode,
+ xmlSecTransformCtxPtr transformCtx);
+
+/**
+ * xmlSecTransformNodeReadMethod:
+ * @transform: the pointer to transform object.
+ * @node: the pointer to <dsig:Transform/> node.
+ * @transformCtx: the pointer to transform context object.
+ *
+ * The transform specific method to read the transform data from
+ * the @node.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+typedef int (*xmlSecTransformNodeReadMethod) (xmlSecTransformPtr transform,
+ xmlNodePtr node,
+ xmlSecTransformCtxPtr transformCtx);
+
+/**
+ * xmlSecTransformNodeWriteMethod:
+ * @transform: the pointer to transform object.
+ * @node: the pointer to <dsig:Transform/> node.
+ * @transformCtx: the pointer to transform context object.
+ *
+ * The transform specific method to write transform information to an XML node @node.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+typedef int (*xmlSecTransformNodeWriteMethod) (xmlSecTransformPtr transform,
+ xmlNodePtr node,
+ xmlSecTransformCtxPtr transformCtx);
+
+/**
+ * xmlSecTransformSetKeyRequirementsMethod:
+ * @transform: the pointer to transform object.
+ * @keyReq: the pointer to key requirements structure.
+ *
+ * Transform specific method to set transform's key requirements.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+typedef int (*xmlSecTransformSetKeyRequirementsMethod)(xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+
+/**
+ * xmlSecTransformSetKeyMethod:
+ * @transform: the pointer to transform object.
+ * @key: the pointer to key.
+ *
+ * The transform specific method to set the key for use.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+typedef int (*xmlSecTransformSetKeyMethod) (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+
+/**
+ * xmlSecTransformVerifyMethod:
+ * @transform: the pointer to transform object.
+ * @data: the input buffer.
+ * @dataSize: the size of input buffer @data.
+ * @transformCtx: the pointer to transform context object.
+ *
+ * The transform specific method to verify transform processing results
+ * (used by digest and signature transforms). This method sets @status
+ * member of the #xmlSecTransform structure to either #xmlSecTransformStatusOk
+ * if verification succeeded or #xmlSecTransformStatusFail otherwise.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+typedef int (*xmlSecTransformVerifyMethod) (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+/**
+ * xmlSecTransformPushBinMethod:
+ * @transform: the pointer to transform object.
+ * @data: the input binary data,
+ * @dataSize: the input data size.
+ * @final: the flag: if set to 1 then it's the last
+ * data chunk.
+ * @transformCtx: the pointer to transform context object.
+ *
+ * The transform specific method to process data from @data and push
+ * result to the next transform in the chain.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+typedef int (*xmlSecTransformPushBinMethod) (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ int final,
+ xmlSecTransformCtxPtr transformCtx);
+/**
+ * xmlSecTransformPopBinMethod:
+ * @transform: the pointer to transform object.
+ * @data: the buffer to store result data.
+ * @maxDataSize: the size of the buffer @data.
+ * @dataSize: the pointer to returned data size.
+ * @transformCtx: the pointer to transform context object.
+ *
+ * The transform specific method to pop data from previous transform
+ * in the chain and return result in the @data buffer. The size of returned
+ * data is placed in the @dataSize.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+typedef int (*xmlSecTransformPopBinMethod) (xmlSecTransformPtr transform,
+ xmlSecByte* data,
+ xmlSecSize maxDataSize,
+ xmlSecSize* dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+/**
+ * xmlSecTransformPushXmlMethod:
+ * @transform: the pointer to transform object.
+ * @nodes: the input nodes.
+ * @transformCtx: the pointer to transform context object.
+ *
+ * The transform specific method to process @nodes and push result to the next
+ * transform in the chain.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+typedef int (*xmlSecTransformPushXmlMethod) (xmlSecTransformPtr transform,
+ xmlSecNodeSetPtr nodes,
+ xmlSecTransformCtxPtr transformCtx);
+/**
+ * xmlSecTransformPopXmlMethod:
+ * @transform: the pointer to transform object.
+ * @nodes: the pointer to store popinter to result nodes.
+ * @transformCtx: the pointer to transform context object.
+ *
+ * The transform specific method to pop data from previous transform in the chain,
+ * process the data and return result in @nodes.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+typedef int (*xmlSecTransformPopXmlMethod) (xmlSecTransformPtr transform,
+ xmlSecNodeSetPtr* nodes,
+ xmlSecTransformCtxPtr transformCtx);
+/**
+ * xmlSecTransformExecuteMethod:
+ * @transform: the pointer to transform object.
+ * @last: the flag: if set to 1 then it's the last data chunk.
+ * @transformCtx: the pointer to transform context object.
+ *
+ * Transform specific method to process a chunk of data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+typedef int (*xmlSecTransformExecuteMethod) (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+
+/**
+ * xmlSecTransformKlass:
+ * @klassSize: the transform klass structure size.
+ * @objSize: the transform object size.
+ * @name: the transform's name.
+ * @href: the transform's identification string (href).
+ * @usage: the allowed transforms usages.
+ * @initialize: the initialization method.
+ * @finalize: the finmalization (destroy) function.
+ * @readNode: the XML node read method.
+ * @writeNode: the XML node write method.
+ * @setKeyReq: the set key requirements method.
+ * @setKey: the set key method.
+ * @verify: the verify method (for digest and signature transforms).
+ * @getDataType: the input/output data type query method.
+ * @pushBin: the binary data "push thru chain" processing method.
+ * @popBin: the binary data "pop from chain" procesing method.
+ * @pushXml: the XML data "push thru chain" processing method.
+ * @popXml: the XML data "pop from chain" procesing method.
+ * @execute: the low level data processing method used by default
+ * implementations of @pushBin, @popBin, @pushXml and @popXml.
+ * @reserved0: reserved for the future.
+ * @reserved1: reserved for the future.
+ *
+ * The transform klass desccription structure.
+ */
+struct _xmlSecTransformKlass {
+ /* data */
+ xmlSecSize klassSize;
+ xmlSecSize objSize;
+ const xmlChar* name;
+ const xmlChar* href;
+ xmlSecTransformUsage usage;
+
+ /* methods */
+ xmlSecTransformInitializeMethod initialize;
+ xmlSecTransformFinalizeMethod finalize;
+
+ xmlSecTransformNodeReadMethod readNode;
+ xmlSecTransformNodeWriteMethod writeNode;
+
+ xmlSecTransformSetKeyRequirementsMethod setKeyReq;
+ xmlSecTransformSetKeyMethod setKey;
+ xmlSecTransformVerifyMethod verify;
+ xmlSecTransformGetDataTypeMethod getDataType;
+
+ xmlSecTransformPushBinMethod pushBin;
+ xmlSecTransformPopBinMethod popBin;
+ xmlSecTransformPushXmlMethod pushXml;
+ xmlSecTransformPopXmlMethod popXml;
+
+ /* low level method */
+ xmlSecTransformExecuteMethod execute;
+
+ /* reserved for future */
+ void* reserved0;
+ void* reserved1;
+};
+
+/**
+ * xmlSecTransformKlassGetName:
+ * @klass: the transofrm's klass.
+ *
+ * Macro. Returns transform klass name.
+ */
+#define xmlSecTransformKlassGetName(klass) \
+ (((klass)) ? ((klass)->name) : NULL)
+
+/***********************************************************************
+ *
+ * Transform Ids list
+ *
+ **********************************************************************/
+/**
+ * xmlSecTransformIdListId:
+ *
+ * Transform klasses list klass.
+ */
+#define xmlSecTransformIdListId xmlSecTransformIdListGetKlass()
+XMLSEC_EXPORT xmlSecPtrListId xmlSecTransformIdListGetKlass (void);
+XMLSEC_EXPORT int xmlSecTransformIdListFind (xmlSecPtrListPtr list,
+ xmlSecTransformId transformId);
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformIdListFindByHref (xmlSecPtrListPtr list,
+ const xmlChar* href,
+ xmlSecTransformUsage usage);
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformIdListFindByName (xmlSecPtrListPtr list,
+ const xmlChar* name,
+ xmlSecTransformUsage usage);
+XMLSEC_EXPORT void xmlSecTransformIdListDebugDump (xmlSecPtrListPtr list,
+ FILE* output);
+XMLSEC_EXPORT void xmlSecTransformIdListDebugXmlDump(xmlSecPtrListPtr list,
+ FILE* output);
+
+
+/********************************************************************
+ *
+ * XML Sec Library Transform Ids
+ *
+ *******************************************************************/
+/**
+ * xmlSecTransformIdUnknown:
+ *
+ * The "unknown" transform id (NULL).
+ */
+#define xmlSecTransformIdUnknown ((xmlSecTransformId)NULL)
+
+/**
+ * xmlSecTransformBase64Id:
+ *
+ * The base64 encode transform klass.
+ */
+#define xmlSecTransformBase64Id \
+ xmlSecTransformBase64GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformBase64GetKlass (void);
+XMLSEC_EXPORT void xmlSecTransformBase64SetLineSize (xmlSecTransformPtr transform,
+ xmlSecSize lineSize);
+/**
+ * xmlSecTransformInclC14NId:
+ *
+ * The regular (inclusive) C14N without comments transform klass.
+ */
+#define xmlSecTransformInclC14NId \
+ xmlSecTransformInclC14NGetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformInclC14NGetKlass (void);
+
+/**
+ * xmlSecTransformInclC14NWithCommentsId:
+ *
+ * The regular (inclusive) C14N with comments transform klass.
+ */
+#define xmlSecTransformInclC14NWithCommentsId \
+ xmlSecTransformInclC14NWithCommentsGetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformInclC14NWithCommentsGetKlass(void);
+
+/**
+ * xmlSecTransformInclC14N11Id:
+ *
+ * The regular (inclusive) C14N 1.1 without comments transform klass.
+ */
+#define xmlSecTransformInclC14N11Id \
+ xmlSecTransformInclC14N11GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformInclC14N11GetKlass (void);
+
+/**
+ * xmlSecTransformInclC14N11WithCommentsId:
+ *
+ * The regular (inclusive) C14N 1.1 with comments transform klass.
+ */
+#define xmlSecTransformInclC14N11WithCommentsId \
+ xmlSecTransformInclC14N11WithCommentsGetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformInclC14N11WithCommentsGetKlass(void);
+
+/**
+ * xmlSecTransformExclC14NId
+ *
+ * The exclusive C14N without comments transform klass.
+ */
+#define xmlSecTransformExclC14NId \
+ xmlSecTransformExclC14NGetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformExclC14NGetKlass (void);
+
+/**
+ * xmlSecTransformExclC14NWithCommentsId:
+ *
+ * The exclusive C14N with comments transform klass.
+ */
+#define xmlSecTransformExclC14NWithCommentsId \
+ xmlSecTransformExclC14NWithCommentsGetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformExclC14NWithCommentsGetKlass(void);
+
+/**
+ * xmlSecTransformEnvelopedId:
+ *
+ * The "enveloped" transform klass.
+ */
+#define xmlSecTransformEnvelopedId \
+ xmlSecTransformEnvelopedGetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformEnvelopedGetKlass (void);
+
+/**
+ * xmlSecTransformXPathId:
+ *
+ * The XPath transform klass.
+ */
+#define xmlSecTransformXPathId \
+ xmlSecTransformXPathGetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformXPathGetKlass (void);
+
+/**
+ * xmlSecTransformXPath2Id:
+ *
+ * The XPath2 transform klass.
+ */
+#define xmlSecTransformXPath2Id \
+ xmlSecTransformXPath2GetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformXPath2GetKlass (void);
+
+/**
+ * xmlSecTransformXPointerId:
+ *
+ * The XPointer transform klass.
+ */
+#define xmlSecTransformXPointerId \
+ xmlSecTransformXPointerGetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformXPointerGetKlass (void);
+XMLSEC_EXPORT int xmlSecTransformXPointerSetExpr (xmlSecTransformPtr transform,
+ const xmlChar* expr,
+ xmlSecNodeSetType nodeSetType,
+ xmlNodePtr hereNode);
+#ifndef XMLSEC_NO_XSLT
+#include <libxslt/security.h>
+
+/**
+ * xmlSecTransformXsltId:
+ *
+ * The XSLT transform klass.
+ */
+#define xmlSecTransformXsltId \
+ xmlSecTransformXsltGetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformXsltGetKlass (void);
+XMLSEC_EXPORT void xmlSecTransformXsltSetDefaultSecurityPrefs(xsltSecurityPrefsPtr sec);
+#endif /* XMLSEC_NO_XSLT */
+
+/**
+ * xmlSecTransformRemoveXmlTagsC14NId:
+ *
+ * The "remove all xml tags" transform klass (used before base64 transforms).
+ */
+#define xmlSecTransformRemoveXmlTagsC14NId \
+ xmlSecTransformRemoveXmlTagsC14NGetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformRemoveXmlTagsC14NGetKlass(void);
+
+/**
+ * xmlSecTransformVisa3DHackId:
+ *
+ * Selects node subtree by given node id string. The only reason why we need this
+ * is Visa3D protocol. It doesn't follow XML/XPointer/XMLDSig specs and allows
+ * invalid XPointer expressions in the URI attribute. Since we couldn't evaluate
+ * such expressions thru XPath/XPointer engine, we need to have this hack here.
+ */
+#define xmlSecTransformVisa3DHackId \
+ xmlSecTransformVisa3DHackGetKlass()
+XMLSEC_EXPORT xmlSecTransformId xmlSecTransformVisa3DHackGetKlass (void);
+XMLSEC_EXPORT int xmlSecTransformVisa3DHackSetID (xmlSecTransformPtr transform,
+ const xmlChar* id);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_TRANSFORMS_H__ */
+
diff --git a/include/xmlsec/version.h b/include/xmlsec/version.h
new file mode 100644
index 00000000..1874ee0e
--- /dev/null
+++ b/include/xmlsec/version.h
@@ -0,0 +1,61 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Version information
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_VERSION_H__
+#define __XMLSEC_VERSION_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+/**
+ * XMLSEC_VERSION:
+ *
+ * The library version string in the format
+ * "<major-number>.<minor-number>.<sub-minor-number>".
+ */
+#define XMLSEC_VERSION "1.2.18"
+
+/**
+ * XMLSEC_VERSION_MAJOR:
+ *
+ * The library major version number.
+ */
+#define XMLSEC_VERSION_MAJOR 1
+
+/**
+ * XMLSEC_VERSION_MINOR:
+ *
+ * The library minor version number.
+ */
+#define XMLSEC_VERSION_MINOR 2
+
+/**
+ * XMLSEC_VERSION_SUBMINOR:
+ *
+ * The library sub-minor version number.
+ */
+#define XMLSEC_VERSION_SUBMINOR 18
+
+/**
+ * XMLSEC_VERSION_INFO:
+ *
+ * The library version info string in the format
+ * "<major-number>+<minor-number>:<sub-minor-number>:<minor-number>".
+ */
+#define XMLSEC_VERSION_INFO "3:18:2"
+
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_VERSION_H__ */
+
diff --git a/include/xmlsec/version.h.in b/include/xmlsec/version.h.in
new file mode 100644
index 00000000..16bbafa0
--- /dev/null
+++ b/include/xmlsec/version.h.in
@@ -0,0 +1,61 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Version information
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_VERSION_H__
+#define __XMLSEC_VERSION_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+/**
+ * XMLSEC_VERSION:
+ *
+ * The library version string in the format
+ * "<major-number>.<minor-number>.<sub-minor-number>".
+ */
+#define XMLSEC_VERSION "@XMLSEC_VERSION@"
+
+/**
+ * XMLSEC_VERSION_MAJOR:
+ *
+ * The library major version number.
+ */
+#define XMLSEC_VERSION_MAJOR @XMLSEC_VERSION_MAJOR@
+
+/**
+ * XMLSEC_VERSION_MINOR:
+ *
+ * The library minor version number.
+ */
+#define XMLSEC_VERSION_MINOR @XMLSEC_VERSION_MINOR@
+
+/**
+ * XMLSEC_VERSION_SUBMINOR:
+ *
+ * The library sub-minor version number.
+ */
+#define XMLSEC_VERSION_SUBMINOR @XMLSEC_VERSION_SUBMINOR@
+
+/**
+ * XMLSEC_VERSION_INFO:
+ *
+ * The library version info string in the format
+ * "<major-number>+<minor-number>:<sub-minor-number>:<minor-number>".
+ */
+#define XMLSEC_VERSION_INFO "@XMLSEC_VERSION_INFO@"
+
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_VERSION_H__ */
+
diff --git a/include/xmlsec/x509.h b/include/xmlsec/x509.h
new file mode 100644
index 00000000..e58f37c0
--- /dev/null
+++ b/include/xmlsec/x509.h
@@ -0,0 +1,80 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_X509_H__
+#define __XMLSEC_X509_H__
+
+#ifndef XMLSEC_NO_X509
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+#include <stdio.h>
+
+#include <libxml/tree.h>
+#include <libxml/parser.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/buffer.h>
+#include <xmlsec/list.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/transforms.h>
+
+/**
+ * XMLSEC_X509DATA_CERTIFICATE_NODE:
+ *
+ * <dsig:X509Certificate/> node found or would be written back.
+ */
+#define XMLSEC_X509DATA_CERTIFICATE_NODE 0x00000001
+/**
+ * XMLSEC_X509DATA_SUBJECTNAME_NODE:
+ *
+ * <dsig:X509SubjectName/> node found or would be written back.
+ */
+#define XMLSEC_X509DATA_SUBJECTNAME_NODE 0x00000002
+/**
+ * XMLSEC_X509DATA_ISSUERSERIAL_NODE:
+ *
+ * <dsig:X509IssuerSerial/> node found or would be written back.
+ */
+#define XMLSEC_X509DATA_ISSUERSERIAL_NODE 0x00000004
+/**
+ * XMLSEC_X509DATA_SKI_NODE:
+ *
+ * <dsig:/X509SKI> node found or would be written back.
+ */
+#define XMLSEC_X509DATA_SKI_NODE 0x00000008
+/**
+ * XMLSEC_X509DATA_CRL_NODE:
+ *
+ * <dsig:X509CRL/> node found or would be written back.
+ */
+#define XMLSEC_X509DATA_CRL_NODE 0x00000010
+/**
+ * XMLSEC_X509DATA_DEFAULT:
+ *
+ * Default set of nodes to write in case of empty
+ * <dsig:X509Data/> node template.
+ */
+#define XMLSEC_X509DATA_DEFAULT \
+ (XMLSEC_X509DATA_CERTIFICATE_NODE | XMLSEC_X509DATA_CRL_NODE)
+
+XMLSEC_EXPORT int xmlSecX509DataGetNodeContent (xmlNodePtr node,
+ int deleteChildren,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* XMLSEC_NO_X509 */
+
+#endif /* __XMLSEC_X509_H__ */
+
diff --git a/include/xmlsec/xkms.h b/include/xmlsec/xkms.h
new file mode 100644
index 00000000..8035035e
--- /dev/null
+++ b/include/xmlsec/xkms.h
@@ -0,0 +1,652 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * "XML Key Management Specification v 2.0" implementation
+ * http://www.w3.org/TR/xkms2/
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_XKMS_H__
+#define __XMLSEC_XKMS_H__
+
+#ifndef XMLSEC_NO_XKMS
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+#include <stdio.h>
+
+#include <libxml/tree.h>
+#include <libxml/parser.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/buffer.h>
+#include <xmlsec/list.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/transforms.h>
+
+/************************************************************************
+ *
+ * Forward declarations. These internal xmlsec library structures are
+ * declared in "xmlsec/private/xkms.h" file.
+ *
+ ************************************************************************/
+typedef struct _xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithKlass,
+ *xmlSecXkmsRespondWithId;
+
+typedef struct _xmlSecXkmsServerRequestKlass xmlSecXkmsServerRequestKlass,
+ *xmlSecXkmsServerRequestId;
+
+
+/**
+ * xmlSecXkmsResultMajor:
+ * @xmlSecXkmsResultMajorSuccess: The operation succeeded.
+ * @xmlSecXkmsResultMajorVersionMismatch: The service does not support
+ * the protocol version specified
+ * in the request.
+ * @xmlSecXkmsResultMajorSender: An error occurred that was due
+ * to the message sent by the sender.
+ * @xmlSecXkmsResultMajorReceiver: An error occurred at the receiver.
+ * @xmlSecXkmsResultMajorRepresent: The service has not acted on the
+ * request. In order for the request
+ * to be acted upon the request MUST
+ * be represented with the specified
+ * nonce in accordance with the two
+ * phase protocol.
+ * @xmlSecXkmsResultMajorPending: The request has been accepted
+ * for processing and the service
+ * will return the result asynchronously.
+ *
+ * The values for ResultMajor attribute.
+ */
+typedef enum {
+ xmlSecXkmsResultMajorSuccess = 0,
+ xmlSecXkmsResultMajorVersionMismatch,
+ xmlSecXkmsResultMajorSender,
+ xmlSecXkmsResultMajorReceiver,
+ xmlSecXkmsResultMajorRepresent,
+ xmlSecXkmsResultMajorPending
+} xmlSecXkmsResultMajor;
+
+/**
+ * xmlSecXkmsResultMinor:
+ * @xmlSecXkmsResultMinorNone: No minor result code available.
+ * @xmlSecXkmsResultMinorNoMatch: No match was found for the search
+ * prototype provided.
+ * @xmlSecXkmsResultMinorTooManyResponses: The request resulted in the
+ * number of responses that
+ * exceeded either the ResponseLimit
+ * value specified in the request or
+ * some other limit determined by
+ * the service. The service MAY
+ * either return a subset of the
+ * possible responses or none at all.
+ * @xmlSecXkmsResultMinorIncomplete: Only part of the information
+ * requested could be provided.
+ * @xmlSecXkmsResultMinorFailure: The service attempted to perform
+ * the request but the operation
+ * failed for unspecified reasons.
+ * @xmlSecXkmsResultMinorRefused: The operation was refused. The
+ * service did not attempt to
+ * perform the request.
+ * @xmlSecXkmsResultMinorNoAuthentication: The operation was refused
+ * because the necessary authentication
+ * information was incorrect or missing.
+ * @xmlSecXkmsResultMinorMessageNotSupported: The receiver does not implement
+ * the specified operation.
+ * @xmlSecXkmsResultMinorUnknownResponseId: The ResponseId for which pending
+ * status was requested is unknown to
+ * the service.
+ * @xmlSecXkmsResultMinorSynchronous: The receiver does not support
+ * synchronous processing of this
+ * type of request.
+ *
+ * The values for ResultMinor attribute.
+ */
+typedef enum {
+ xmlSecXkmsResultMinorNone = 0,
+ xmlSecXkmsResultMinorNoMatch,
+ xmlSecXkmsResultMinorTooManyResponses,
+ xmlSecXkmsResultMinorIncomplete,
+ xmlSecXkmsResultMinorFailure,
+ xmlSecXkmsResultMinorRefused,
+ xmlSecXkmsResultMinorNoAuthentication,
+ xmlSecXkmsResultMinorMessageNotSupported,
+ xmlSecXkmsResultMinorUnknownResponseId,
+ xmlSecXkmsResultMinorSynchronous
+} xmlSecXkmsResultMinor;
+
+/**
+ * xmlSecXkmsKeyBindingStatus:
+ * @xmlSecXkmsKeyBindingStatusNone: The key status is not available.
+ * @xmlSecXkmsKeyBindingStatusValid: The key is valid.
+ * @xmlSecXkmsKeyBindingStatusInvalid: The key is not valid.
+ * @xmlSecXkmsKeyBindingStatusIndeterminate: Could not determine key status.
+ *
+ * The values for key binding StatusValue attribute.
+ */
+typedef enum {
+ xmlSecXkmsKeyBindingStatusNone,
+ xmlSecXkmsKeyBindingStatusValid,
+ xmlSecXkmsKeyBindingStatusInvalid,
+ xmlSecXkmsKeyBindingStatusIndeterminate
+} xmlSecXkmsKeyBindingStatus;
+
+/**
+ * xmlSecXkmsServerFormat:
+ * @xmlSecXkmsServerFormatUnknown: The format is unknown.
+ * @xmlSecXkmsServerFormatPlain: The request/response are not enveloped.
+ * @xmlSecXkmsServerFormatSoap1_1: The request/response are SOAP 1.1 encapsulated
+ * @xmlSecXkmsServerFormatSoap1_2: The request/response are SOAP 1.2 encapsulated.
+ *
+ * The xkms server request/response format.
+ */
+typedef enum {
+ xmlSecXkmsServerFormatUnknown = 0,
+ xmlSecXkmsServerFormatPlain,
+ xmlSecXkmsServerFormatSoap11,
+ xmlSecXkmsServerFormatSoap12
+} xmlSecXkmsServerFormat;
+
+XMLSEC_EXPORT xmlSecXkmsServerFormat xmlSecXkmsServerFormatFromString
+ (const xmlChar* str);
+XMLSEC_EXPORT const xmlChar* xmlSecXkmsServerFormatToString (xmlSecXkmsServerFormat format);
+
+/************************************************************************
+ *
+ * XKMS requests server side processing klass
+ *
+ ************************************************************************/
+/**
+ * xmlSecXkmsServerCtx:
+ * @userData: the pointer to user data (xmlsec and xmlsec-crypto libraries
+ * never touches this).
+ * @flags: the XML Encryption processing flags.
+ * @flags2: the XML Encryption processing flags.
+ * @keyInfoReadCtx: the reading key context.
+ * @keyInfoWriteCtx: the writing key context (not used for signature verification).
+ * @reserved0: reserved for the future.
+ * @reserved1: reserved for the future.
+ *
+ * XKMS context.
+ */
+struct _xmlSecXkmsServerCtx {
+ /* these data user can set before performing the operation */
+ void* userData;
+ xmlSecBitMask flags;
+ xmlSecBitMask flags2;
+ xmlSecKeyInfoCtx keyInfoReadCtx;
+ xmlSecKeyInfoCtx keyInfoWriteCtx;
+ xmlSecPtrList enabledRespondWithIds;
+ xmlSecPtrList enabledServerRequestIds;
+ xmlChar* expectedService;
+ xmlChar* idPrefix;
+ xmlSecSize idLen;
+
+ /* these data are returned */
+ xmlSecPtrList keys;
+ xmlSecXkmsResultMajor resultMajor;
+ xmlSecXkmsResultMinor resultMinor;
+ xmlSecXkmsServerRequestId requestId;
+ xmlChar* id;
+ xmlChar* service;
+ xmlChar* nonce;
+ xmlChar* originalRequestId;
+ xmlChar* pendingNotificationMechanism;
+ xmlChar* pendingNotificationIdentifier;
+ int responseLimit;
+ xmlSecBitMask responseMechanismMask;
+ xmlSecPtrListPtr compoundRequestContexts;
+
+ /* these are internal data, nobody should change that except us */
+ xmlNodePtr requestNode;
+ xmlNodePtr opaqueClientDataNode;
+ xmlNodePtr firtsMsgExtNode;
+ xmlNodePtr keyInfoNode;
+ xmlSecPtrList respWithList;
+
+ /* reserved for future */
+ void* reserved0;
+ void* reserved1;
+};
+
+XMLSEC_EXPORT xmlSecXkmsServerCtxPtr xmlSecXkmsServerCtxCreate (xmlSecKeysMngrPtr keysMngr);
+XMLSEC_EXPORT void xmlSecXkmsServerCtxDestroy (xmlSecXkmsServerCtxPtr ctx);
+XMLSEC_EXPORT int xmlSecXkmsServerCtxInitialize (xmlSecXkmsServerCtxPtr ctx,
+ xmlSecKeysMngrPtr keysMngr);
+XMLSEC_EXPORT void xmlSecXkmsServerCtxFinalize (xmlSecXkmsServerCtxPtr ctx);
+XMLSEC_EXPORT void xmlSecXkmsServerCtxReset (xmlSecXkmsServerCtxPtr ctx);
+XMLSEC_EXPORT int xmlSecXkmsServerCtxCopyUserPref (xmlSecXkmsServerCtxPtr dst,
+ xmlSecXkmsServerCtxPtr src);
+XMLSEC_EXPORT xmlNodePtr xmlSecXkmsServerCtxProcess (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node,
+ xmlSecXkmsServerFormat format,
+ xmlDocPtr doc);
+XMLSEC_EXPORT int xmlSecXkmsServerCtxRequestRead (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+XMLSEC_EXPORT xmlNodePtr xmlSecXkmsServerCtxResponseWrite(xmlSecXkmsServerCtxPtr ctx,
+ xmlDocPtr doc);
+XMLSEC_EXPORT xmlNodePtr xmlSecXkmsServerCtxRequestUnwrap(xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node,
+ xmlSecXkmsServerFormat format);
+XMLSEC_EXPORT xmlNodePtr xmlSecXkmsServerCtxResponseWrap (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node,
+ xmlSecXkmsServerFormat format,
+ xmlDocPtr doc);
+XMLSEC_EXPORT xmlNodePtr xmlSecXkmsServerCtxFatalErrorResponseCreate
+ (xmlSecXkmsServerCtxPtr ctx,
+ xmlSecXkmsServerFormat format,
+ xmlDocPtr doc);
+XMLSEC_EXPORT void xmlSecXkmsServerCtxSetResult (xmlSecXkmsServerCtxPtr ctx,
+ xmlSecXkmsResultMajor resultMajor,
+ xmlSecXkmsResultMinor resultMinor);
+XMLSEC_EXPORT void xmlSecXkmsServerCtxDebugDump (xmlSecXkmsServerCtxPtr ctx,
+ FILE* output);
+XMLSEC_EXPORT void xmlSecXkmsServerCtxDebugXmlDump (xmlSecXkmsServerCtxPtr ctx,
+ FILE* output);
+
+/************************************************************************
+ *
+ * xmlSecXkmsServerCtxPtr list
+ *
+ ************************************************************************/
+/**
+ * xmlSecXkmsServerCtxPtrListId:
+ *
+ * zmlSecXkmsServerCtx klasses list klass.
+ */
+#define xmlSecXkmsServerCtxPtrListId xmlSecXkmsServerCtxPtrListGetKlass()
+XMLSEC_EXPORT xmlSecPtrListId xmlSecXkmsServerCtxPtrListGetKlass
+ (void);
+
+/************************************************************************
+ *
+ * xmlSecXkmsServerCtxFlags
+ *
+ ************************************************************************/
+/**
+ * XMLSEC_XKMS_SERVER_FLAGS_STOP_ON_UNKNOWN_RESPONSE_MECHANISM
+ *
+ * If flag is set then we abort if an unknown <xkms:ResponseMechanism/>
+ * value is found.
+ */
+#define XMLSEC_XKMS_SERVER_FLAGS_STOP_ON_UNKNOWN_RESPONSE_MECHANISM 0x00000001
+
+/**
+ * XMLSEC_XKMS_SERVER_FLAGS_STOP_ON_UNKNOWN_RESPOND_WITH
+ *
+ * If flag is set then we abort if an unknown <xkms:RespondWith/>
+ * value is found.
+ */
+#define XMLSEC_XKMS_SERVER_FLAGS_STOP_ON_UNKNOWN_RESPOND_WITH 0x00000002
+
+/**
+ * XMLSEC_XKMS_SERVER_FLAGS_STOP_ON_UNKNOWN_KEY_USAGE
+ *
+ * If flag is set then we abort if an unknown <xkms:KeyUsage/>
+ * value is found.
+ */
+#define XMLSEC_XKMS_SERVER_FLAGS_STOP_ON_UNKNOWN_KEY_USAGE 0x00000004
+
+/************************************************************************
+ *
+ * XKMS ResponseMechanism element values.
+ *
+ ************************************************************************/
+/**
+ * XMLSEC_XKMS_RESPONSE_MECHANISM_MASK_REPRESENT:
+ *
+ * XKMS ResponseMechanism element value. The requestor is prepared to
+ * accept a response that uses asynchronous processing, i.e. the service
+ * MAY return the MajorResult code Pending.
+ */
+#define XMLSEC_XKMS_RESPONSE_MECHANISM_MASK_PENDING 0x00000001
+
+/**
+ * XMLSEC_XKMS_RESPONSE_MECHANISM_MASK_REPRESENT:
+ *
+ * XKMS ResponseMechanism element value. The requestor is prepared to
+ * accept a response that uses the two phase protocol, i.e. the service
+ * MAY return the MajorResult code Represent.
+ */
+#define XMLSEC_XKMS_RESPONSE_MECHANISM_MASK_REPRESENT 0x00000002
+
+/**
+ * XMLSEC_XKMS_RESPONSE_MECHANISM_MASK_REQUEST_SIGNATURE_VALUE:
+ *
+ * XKMS ResponseMechanism element value. The requestor is prepared to
+ * accept a response that carries a <RequestSignatureValue> element.
+ */
+#define XMLSEC_XKMS_RESPONSE_MECHANISM_MASK_REQUEST_SIGNATURE_VALUE 0x00000004
+
+/************************************************************************
+ *
+ * XKMS ResponseLimit element values
+ *
+ ************************************************************************/
+/**
+ * XMLSEC_XKMS_NO_RESPONSE_LIMIT:
+ *
+ * The ResponseLimit is not specified.
+ */
+#define XMLSEC_XKMS_NO_RESPONSE_LIMIT -1
+
+
+/************************************************************************
+ *
+ * XKMS KeyBinding reason values
+ *
+ ************************************************************************/
+/**
+ * XMLSEC_XKMS_KEY_BINDING_REASON_MASK_ISSUER_TRAST:
+ *
+ * The issuer of the information on which the key binding is based is
+ * considered to be trustworthy by the XKMS service.
+ *
+ * X.509 Equivalents
+ * - Valid: Certificate path anchored by trusted root successfully constructed.
+ * - Invalid: Certificate path could not be constructed to a trusted root.
+ */
+#define XMLSEC_XKMS_KEY_BINDING_REASON_MASK_ISSUER_TRAST 0x00000001
+
+/**
+ * XMLSEC_XKMS_KEY_BINDING_REASON_MASK_REVOCATION_STATUS:
+ *
+ * The XKMS service has affirmatively verified the status of the
+ * key binding with an authoritative source
+ *
+ * X.509 Equivalents
+ * - Valid: Certificate status validated using CRL or OCSP.
+ * - Invalid: Certificate status returned revoked or suspended.
+ */
+#define XMLSEC_XKMS_KEY_BINDING_REASON_MASK_REVOCATION_STATUS 0x00000002
+
+/**
+ * XMLSEC_XKMS_KEY_BINDING_REASON_MASK_VALIDITY_INTERVAL:
+ *
+ * The requested time instant was within the validity interval of
+ * the key binding
+ *
+ * X.509 Equivalents
+ * - Valid: The certificate chain was valid at the requested time instant.
+ * - Invalid: The requested time instant was before or after the certificate
+ * chain validity interval.
+ */
+#define XMLSEC_XKMS_KEY_BINDING_REASON_MASK_VALIDITY_INTERVAL 0x00000004
+
+/**
+ * XMLSEC_XKMS_KEY_BINDING_REASON_MASK_SIGNATURE:
+ *
+ * Signature on signed data provided by the client in the <Keyinfo> element was
+ * successfully verified.
+ *
+ * X.509 Equivalents
+ * - Valid: Certificate Signature verified.
+ * - Invalid: Certificate Signature verification failed.
+ */
+#define XMLSEC_XKMS_KEY_BINDING_REASON_MASK_SIGNATURE 0x00000008
+
+
+/************************************************************************
+ *
+ * XKMS RespondWith Klass
+ *
+ ************************************************************************/
+XMLSEC_EXPORT xmlSecPtrListPtr xmlSecXkmsRespondWithIdsGet (void);
+XMLSEC_EXPORT int xmlSecXkmsRespondWithIdsInit (void);
+XMLSEC_EXPORT void xmlSecXkmsRespondWithIdsShutdown(void);
+XMLSEC_EXPORT int xmlSecXkmsRespondWithIdsRegisterDefault
+ (void);
+XMLSEC_EXPORT int xmlSecXkmsRespondWithIdsRegister(xmlSecXkmsRespondWithId id);
+XMLSEC_EXPORT int xmlSecXkmsRespondWithNodeRead (xmlSecXkmsRespondWithId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+XMLSEC_EXPORT int xmlSecXkmsRespondWithNodeWrite (xmlSecXkmsRespondWithId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+XMLSEC_EXPORT void xmlSecXkmsRespondWithDebugDump (xmlSecXkmsRespondWithId id,
+ FILE* output);
+XMLSEC_EXPORT void xmlSecXkmsRespondWithDebugXmlDump
+ (xmlSecXkmsRespondWithId id,
+ FILE* output);
+XMLSEC_EXPORT int xmlSecXkmsRespondWithDefaultNodeRead
+ (xmlSecXkmsRespondWithId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+XMLSEC_EXPORT int xmlSecXkmsRespondWithDefaultNodeWrite
+ (xmlSecXkmsRespondWithId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+/************************************************************************
+ *
+ * XKMS RespondWith Klass List
+ *
+ ************************************************************************/
+/**
+ * xmlSecXkmsRespondWithIdListId:
+ *
+ * XKMS RespondWith klasses list klass.
+ */
+#define xmlSecXkmsRespondWithIdListId xmlSecXkmsRespondWithIdListGetKlass()
+XMLSEC_EXPORT xmlSecPtrListId xmlSecXkmsRespondWithIdListGetKlass
+ (void);
+XMLSEC_EXPORT int xmlSecXkmsRespondWithIdListFind (xmlSecPtrListPtr list,
+ xmlSecXkmsRespondWithId id);
+XMLSEC_EXPORT xmlSecXkmsRespondWithId xmlSecXkmsRespondWithIdListFindByNodeValue
+ (xmlSecPtrListPtr list,
+ xmlNodePtr node);
+XMLSEC_EXPORT int xmlSecXkmsRespondWithIdListWrite(xmlSecPtrListPtr list,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+
+/********************************************************************
+ *
+ * XML Sec Library RespondWith Ids
+ *
+ *******************************************************************/
+/**
+ * xmlSecXkmsRespondWithIdUnknown:
+ *
+ * The "unknown" RespondWith id (NULL).
+ */
+#define xmlSecXkmsRespondWithIdUnknown NULL
+
+/**
+ * xmlSecXkmsRespondWithKeyNameId:
+ *
+ * The respond with KeyName klass.
+ */
+#define xmlSecXkmsRespondWithKeyNameId \
+ xmlSecXkmsRespondWithKeyNameGetKlass()
+XMLSEC_EXPORT xmlSecXkmsRespondWithId xmlSecXkmsRespondWithKeyNameGetKlass(void);
+
+/**
+ * xmlSecXkmsRespondWithKeyValueId:
+ *
+ * The respond with KeyValue klass.
+ */
+#define xmlSecXkmsRespondWithKeyValueId \
+ xmlSecXkmsRespondWithKeyValueGetKlass()
+XMLSEC_EXPORT xmlSecXkmsRespondWithId xmlSecXkmsRespondWithKeyValueGetKlass(void);
+
+/**
+ * xmlSecXkmsRespondWithPrivateKeyId:
+ *
+ * The respond with PrivateKey klass.
+ */
+#define xmlSecXkmsRespondWithPrivateKeyId \
+ xmlSecXkmsRespondWithPrivateKeyGetKlass()
+XMLSEC_EXPORT xmlSecXkmsRespondWithId xmlSecXkmsRespondWithPrivateKeyGetKlass(void);
+
+/**
+ * xmlSecXkmsRespondWithRetrievalMethodId:
+ *
+ * The respond with RetrievalMethod klass.
+ */
+#define xmlSecXkmsRespondWithRetrievalMethodId \
+ xmlSecXkmsRespondWithRetrievalMethodGetKlass()
+XMLSEC_EXPORT xmlSecXkmsRespondWithId xmlSecXkmsRespondWithRetrievalMethodGetKlass(void);
+
+/**
+ * xmlSecXkmsRespondWithX509CertId:
+ *
+ * The respond with X509Cert klass.
+ */
+#define xmlSecXkmsRespondWithX509CertId \
+ xmlSecXkmsRespondWithX509CertGetKlass()
+XMLSEC_EXPORT xmlSecXkmsRespondWithId xmlSecXkmsRespondWithX509CertGetKlass(void);
+
+/**
+ * xmlSecXkmsRespondWithX509ChainId:
+ *
+ * The respond with X509Chain klass.
+ */
+#define xmlSecXkmsRespondWithX509ChainId \
+ xmlSecXkmsRespondWithX509ChainGetKlass()
+XMLSEC_EXPORT xmlSecXkmsRespondWithId xmlSecXkmsRespondWithX509ChainGetKlass(void);
+
+/**
+ * xmlSecXkmsRespondWithX509CRLId:
+ *
+ * The respond with X509CRL klass.
+ */
+#define xmlSecXkmsRespondWithX509CRLId \
+ xmlSecXkmsRespondWithX509CRLGetKlass()
+XMLSEC_EXPORT xmlSecXkmsRespondWithId xmlSecXkmsRespondWithX509CRLGetKlass(void);
+
+
+/**
+ * xmlSecXkmsRespondWithPGPId:
+ *
+ * The respond with PGP klass.
+ */
+#define xmlSecXkmsRespondWithPGPId \
+ xmlSecXkmsRespondWithPGPGetKlass()
+XMLSEC_EXPORT xmlSecXkmsRespondWithId xmlSecXkmsRespondWithPGPGetKlass(void);
+
+/**
+ * xmlSecXkmsRespondWithSPKIId:
+ *
+ * The respond with SPKI klass.
+ */
+#define xmlSecXkmsRespondWithSPKIId \
+ xmlSecXkmsRespondWithSPKIGetKlass()
+XMLSEC_EXPORT xmlSecXkmsRespondWithId xmlSecXkmsRespondWithSPKIGetKlass(void);
+
+
+/************************************************************************
+ *
+ * XKMS ServerRequest Klass
+ *
+ ************************************************************************/
+XMLSEC_EXPORT xmlSecPtrListPtr xmlSecXkmsServerRequestIdsGet (void);
+XMLSEC_EXPORT int xmlSecXkmsServerRequestIdsInit (void);
+XMLSEC_EXPORT void xmlSecXkmsServerRequestIdsShutdown
+ (void);
+XMLSEC_EXPORT int xmlSecXkmsServerRequestIdsRegisterDefault
+ (void);
+XMLSEC_EXPORT int xmlSecXkmsServerRequestIdsRegister
+ (xmlSecXkmsServerRequestId id);
+XMLSEC_EXPORT int xmlSecXkmsServerRequestNodeRead (xmlSecXkmsServerRequestId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+XMLSEC_EXPORT int xmlSecXkmsServerRequestExecute (xmlSecXkmsServerRequestId id,
+ xmlSecXkmsServerCtxPtr ctx);
+XMLSEC_EXPORT xmlNodePtr xmlSecXkmsServerRequestNodeWrite(xmlSecXkmsServerRequestId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlDocPtr doc,
+ xmlNodePtr node);
+XMLSEC_EXPORT void xmlSecXkmsServerRequestDebugDump(xmlSecXkmsServerRequestId id,
+ FILE* output);
+XMLSEC_EXPORT void xmlSecXkmsServerRequestDebugXmlDump
+ (xmlSecXkmsServerRequestId id,
+ FILE* output);
+
+/************************************************************************
+ *
+ * XKMS ServerRequest Klass List
+ *
+ ************************************************************************/
+/**
+ * xmlSecXkmsServerRequestIdListId:
+ *
+ * XKMS ServerRequest klasses list klass.
+ */
+#define xmlSecXkmsServerRequestIdListId xmlSecXkmsServerRequestIdListGetKlass()
+XMLSEC_EXPORT xmlSecPtrListId xmlSecXkmsServerRequestIdListGetKlass
+ (void);
+XMLSEC_EXPORT int xmlSecXkmsServerRequestIdListFind
+ (xmlSecPtrListPtr list,
+ xmlSecXkmsServerRequestId id);
+XMLSEC_EXPORT xmlSecXkmsServerRequestId xmlSecXkmsServerRequestIdListFindByName
+ (xmlSecPtrListPtr list,
+ const xmlChar* name);
+XMLSEC_EXPORT xmlSecXkmsServerRequestId xmlSecXkmsServerRequestIdListFindByNode
+ (xmlSecPtrListPtr list,
+ xmlNodePtr node);
+
+/**
+ * xmlSecXkmsServerRequestIdUnknown:
+ *
+ * The "unknown" ServerRequest id (NULL).
+ */
+#define xmlSecXkmsServerRequestIdUnknown NULL
+
+/**
+ * xmlSecXkmsServerRequestResultId:
+ *
+ * The Result response klass.
+ */
+#define xmlSecXkmsServerRequestResultId \
+ xmlSecXkmsServerRequestResultGetKlass()
+XMLSEC_EXPORT xmlSecXkmsServerRequestId xmlSecXkmsServerRequestResultGetKlass(void);
+
+/**
+ * xmlSecXkmsServerRequestStatusId:
+ *
+ * The StatusRequest klass.
+ */
+#define xmlSecXkmsServerRequestStatusId \
+ xmlSecXkmsServerRequestStatusGetKlass()
+XMLSEC_EXPORT xmlSecXkmsServerRequestId xmlSecXkmsServerRequestStatusGetKlass(void);
+
+/**
+ * xmlSecXkmsServerRequestCompoundId:
+ *
+ * The CompoundRequest klass.
+ */
+#define xmlSecXkmsServerRequestCompoundId \
+ xmlSecXkmsServerRequestCompoundGetKlass()
+XMLSEC_EXPORT xmlSecXkmsServerRequestId xmlSecXkmsServerRequestCompoundGetKlass(void);
+
+/**
+ * xmlSecXkmsServerRequestLocateId:
+ *
+ * The LocateRequest klass.
+ */
+#define xmlSecXkmsServerRequestLocateId \
+ xmlSecXkmsServerRequestLocateGetKlass()
+XMLSEC_EXPORT xmlSecXkmsServerRequestId xmlSecXkmsServerRequestLocateGetKlass(void);
+
+/**
+ * xmlSecXkmsServerRequestValidateId:
+ *
+ * The ValidateRequest klass.
+ */
+#define xmlSecXkmsServerRequestValidateId \
+ xmlSecXkmsServerRequestValidateGetKlass()
+XMLSEC_EXPORT xmlSecXkmsServerRequestId xmlSecXkmsServerRequestValidateGetKlass(void);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* XMLSEC_NO_XKMS */
+
+#endif /* __XMLSEC_XKMS_H__ */
+
diff --git a/include/xmlsec/xmldsig.h b/include/xmlsec/xmldsig.h
new file mode 100644
index 00000000..689980b4
--- /dev/null
+++ b/include/xmlsec/xmldsig.h
@@ -0,0 +1,281 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * "XML Digital Signature" implementation
+ * http://www.w3.org/TR/xmldsig-core/
+ * http://www.w3.org/Signature/Overview.html
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_XMLDSIG_H__
+#define __XMLSEC_XMLDSIG_H__
+
+#ifndef XMLSEC_NO_XMLDSIG
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <libxml/tree.h>
+#include <libxml/parser.h>
+
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/list.h>
+#include <xmlsec/buffer.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/transforms.h>
+
+typedef struct _xmlSecDSigReferenceCtx xmlSecDSigReferenceCtx,
+ *xmlSecDSigReferenceCtxPtr;
+
+/**
+ * xmlSecDSigStatus:
+ * @xmlSecDSigStatusUnknown: the status is unknow.
+ * @xmlSecDSigStatusSucceeded: the processing succeeded.
+ * @xmlSecDSigStatusInvalid: the processing failed.
+ *
+ * XML Digital signature processing status.
+ */
+typedef enum {
+ xmlSecDSigStatusUnknown = 0,
+ xmlSecDSigStatusSucceeded,
+ xmlSecDSigStatusInvalid
+} xmlSecDSigStatus;
+
+/**************************************************************************
+ *
+ * xmlSecDSigCtx
+ *
+ *************************************************************************/
+
+/**
+ * XMLSEC_DSIG_FLAGS_IGNORE_MANIFESTS:
+ *
+ * If this flag is set then <dsig:Manifests/> nodes will not be processed.
+ */
+#define XMLSEC_DSIG_FLAGS_IGNORE_MANIFESTS 0x00000001
+
+/**
+ * XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES:
+ *
+ * If this flag is set then pre-digest buffer for <dsig:Reference/> child
+ * of <dsig:KeyInfo/> element will be stored in #xmlSecDSigCtx.
+ */
+#define XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES 0x00000002
+
+/**
+ * XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES:
+ *
+ * If this flag is set then pre-digest buffer for <dsig:Reference/> child
+ * of <dsig:Manifest/> element will be stored in #xmlSecDSigCtx.
+ */
+#define XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES 0x00000004
+
+/**
+ * XMLSEC_DSIG_FLAGS_STORE_SIGNATURE:
+ *
+ * If this flag is set then pre-signature buffer for <dsig:SignedInfo/>
+ * element processing will be stored in #xmlSecDSigCtx.
+ */
+#define XMLSEC_DSIG_FLAGS_STORE_SIGNATURE 0x00000008
+
+/**
+ * XMLSEC_DSIG_FLAGS_USE_VISA3D_HACK:
+ *
+ * If this flag is set then URI ID references are resolved directly
+ * without using XPointers. This allows one to sign/verify Visa3D
+ * documents that don't follow XML, XPointer and XML DSig specifications.
+ */
+#define XMLSEC_DSIG_FLAGS_USE_VISA3D_HACK 0x00000010
+
+/**
+ * xmlSecDSigCtx:
+ * @userData: the pointer to user data (xmlsec and xmlsec-crypto libraries
+ * never touches this).
+ * @flags: the XML Digital Signature processing flags.
+ * @flags2: the XML Digital Signature processing flags.
+ * @keyInfoReadCtx: the reading key context.
+ * @keyInfoWriteCtx: the writing key context (not used for signature verification).
+ * @transformCtx: the <dsig:SignedInfo/> node processing context.
+ * @enabledReferenceUris: the URI types allowed for <dsig:Reference/> node.
+ * @enabledReferenceTransforms: the list of transforms allowed in <dsig:Reference/> node.
+ * @referencePreExecuteCallback:the callback for <dsig:Reference/> node processing.
+ * @defSignMethodId: the default signing method klass.
+ * @defC14NMethodId: the default c14n method klass.
+ * @defDigestMethodId: the default digest method klass.
+ * @signKey: the signature key; application may set #signKey
+ * before calling #xmlSecDSigCtxSign or #xmlSecDSigCtxVerify
+ * functions.
+ * @operation: the operation: sign or verify.
+ * @result: the pointer to signature (not valid for signature verificaction).
+ * @status: the <dsig:Signatuire/> procesisng status.
+ * @signMethod: the pointer to signature transform.
+ * @c14nMethod: the pointer to c14n transform.
+ * @preSignMemBufMethod: the pointer to binary buffer right before signature
+ * (valid only if #XMLSEC_DSIG_FLAGS_STORE_SIGNATURE flag is set).
+ * @signValueNode: the pointer to <dsig:SignatureValue/> node.
+ * @id: the pointer to Id attribute of <dsig:Signature/> node.
+ * @signedInfoReferences: the list of references in <dsig:SignedInfo/> node.
+ * @manifestReferences: the list of references in <dsig:Manifest/> nodes.
+ * @reserved0: reserved for the future.
+ * @reserved1: reserved for the future.
+ *
+ * XML DSig processing context.
+ */
+struct _xmlSecDSigCtx {
+ /* these data user can set before performing the operation */
+ void* userData;
+ unsigned int flags;
+ unsigned int flags2;
+ xmlSecKeyInfoCtx keyInfoReadCtx;
+ xmlSecKeyInfoCtx keyInfoWriteCtx;
+ xmlSecTransformCtx transformCtx;
+ xmlSecTransformUriType enabledReferenceUris;
+ xmlSecPtrListPtr enabledReferenceTransforms;
+ xmlSecTransformCtxPreExecuteCallback referencePreExecuteCallback;
+ xmlSecTransformId defSignMethodId;
+ xmlSecTransformId defC14NMethodId;
+ xmlSecTransformId defDigestMethodId;
+
+ /* these data are returned */
+ xmlSecKeyPtr signKey;
+ xmlSecTransformOperation operation;
+ xmlSecBufferPtr result;
+ xmlSecDSigStatus status;
+ xmlSecTransformPtr signMethod;
+ xmlSecTransformPtr c14nMethod;
+ xmlSecTransformPtr preSignMemBufMethod;
+ xmlNodePtr signValueNode;
+ xmlChar* id;
+ xmlSecPtrList signedInfoReferences;
+ xmlSecPtrList manifestReferences;
+
+ /* reserved for future */
+ void* reserved0;
+ void* reserved1;
+};
+
+/* constructor/destructor */
+XMLSEC_EXPORT xmlSecDSigCtxPtr xmlSecDSigCtxCreate (xmlSecKeysMngrPtr keysMngr);
+XMLSEC_EXPORT void xmlSecDSigCtxDestroy (xmlSecDSigCtxPtr dsigCtx);
+XMLSEC_EXPORT int xmlSecDSigCtxInitialize (xmlSecDSigCtxPtr dsigCtx,
+ xmlSecKeysMngrPtr keysMngr);
+XMLSEC_EXPORT void xmlSecDSigCtxFinalize (xmlSecDSigCtxPtr dsigCtx);
+XMLSEC_EXPORT int xmlSecDSigCtxSign (xmlSecDSigCtxPtr dsigCtx,
+ xmlNodePtr tmpl);
+XMLSEC_EXPORT int xmlSecDSigCtxVerify (xmlSecDSigCtxPtr dsigCtx,
+ xmlNodePtr node);
+XMLSEC_EXPORT int xmlSecDSigCtxEnableReferenceTransform(xmlSecDSigCtxPtr dsigCtx,
+ xmlSecTransformId transformId);
+XMLSEC_EXPORT int xmlSecDSigCtxEnableSignatureTransform(xmlSecDSigCtxPtr dsigCtx,
+ xmlSecTransformId transformId);
+XMLSEC_EXPORT xmlSecBufferPtr xmlSecDSigCtxGetPreSignBuffer (xmlSecDSigCtxPtr dsigCtx);
+XMLSEC_EXPORT void xmlSecDSigCtxDebugDump (xmlSecDSigCtxPtr dsigCtx,
+ FILE* output);
+XMLSEC_EXPORT void xmlSecDSigCtxDebugXmlDump (xmlSecDSigCtxPtr dsigCtx,
+ FILE* output);
+
+
+/**************************************************************************
+ *
+ * xmlSecDSigReferenceCtx
+ *
+ *************************************************************************/
+/**
+ * xmlSecDSigReferenceOrigin:
+ * @xmlSecDSigReferenceOriginSignedInfo:reference in <dsig:SignedInfo> node.
+ * @xmlSecDSigReferenceOriginManifest: reference <dsig:Manifest> node.
+ *
+ * The possible <dsig:Reference/> node locations: in the <dsig:SignedInfo/>
+ * node or in the <dsig:Manifest/> node.
+ */
+typedef enum {
+ xmlSecDSigReferenceOriginSignedInfo,
+ xmlSecDSigReferenceOriginManifest
+} xmlSecDSigReferenceOrigin;
+
+/**
+ * xmlSecDSigReferenceCtx:
+ * @userData: the pointer to user data (xmlsec and xmlsec-crypto libraries
+ * never touches this).
+ * @dsigCtx: the pointer to "parent" <dsig:Signature/> processing context.
+ * @origin: the signature origin (<dsig:SignedInfo/> or <dsig:Manifest/>).
+ * @transformCtx: the reference processing transforms context.
+ * @digestMethod: the pointer to digest transform.
+ * @result: the pointer to digest result.
+ * @status: the reference processing status.
+ * @preDigestMemBufMethod: the pointer to binary buffer right before digest
+ * (valid only if either
+ * #XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES or
+ * #XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES flags are set).
+ * @id: the <dsig:Reference/> node ID attribute.
+ * @uri: the <dsig:Reference/> node URI attribute.
+ * @type: the <dsig:Reference/> node Type attribute.
+ * @reserved0: reserved for the future.
+ * @reserved1: reserved for the future.
+ *
+ * The <dsig:Reference/> processing context.
+ */
+struct _xmlSecDSigReferenceCtx {
+ void* userData;
+ xmlSecDSigCtxPtr dsigCtx;
+ xmlSecDSigReferenceOrigin origin;
+ xmlSecTransformCtx transformCtx;
+ xmlSecTransformPtr digestMethod;
+
+ xmlSecBufferPtr result;
+ xmlSecDSigStatus status;
+ xmlSecTransformPtr preDigestMemBufMethod;
+ xmlChar* id;
+ xmlChar* uri;
+ xmlChar* type;
+
+ /* reserved for future */
+ void* reserved0;
+ void* reserved1;
+};
+
+XMLSEC_EXPORT xmlSecDSigReferenceCtxPtr xmlSecDSigReferenceCtxCreate(xmlSecDSigCtxPtr dsigCtx,
+ xmlSecDSigReferenceOrigin origin);
+XMLSEC_EXPORT void xmlSecDSigReferenceCtxDestroy (xmlSecDSigReferenceCtxPtr dsigRefCtx);
+XMLSEC_EXPORT int xmlSecDSigReferenceCtxInitialize(xmlSecDSigReferenceCtxPtr dsigRefCtx,
+ xmlSecDSigCtxPtr dsigCtx,
+ xmlSecDSigReferenceOrigin origin);
+XMLSEC_EXPORT void xmlSecDSigReferenceCtxFinalize (xmlSecDSigReferenceCtxPtr dsigRefCtx);
+XMLSEC_EXPORT int xmlSecDSigReferenceCtxProcessNode(xmlSecDSigReferenceCtxPtr dsigRefCtx,
+ xmlNodePtr node);
+XMLSEC_EXPORT xmlSecBufferPtr xmlSecDSigReferenceCtxGetPreDigestBuffer
+ (xmlSecDSigReferenceCtxPtr dsigRefCtx);
+XMLSEC_EXPORT void xmlSecDSigReferenceCtxDebugDump (xmlSecDSigReferenceCtxPtr dsigRefCtx,
+ FILE* output);
+XMLSEC_EXPORT void xmlSecDSigReferenceCtxDebugXmlDump(xmlSecDSigReferenceCtxPtr dsigRefCtx,
+ FILE* output);
+
+/**************************************************************************
+ *
+ * xmlSecDSigReferenceCtxListKlass
+ *
+ *************************************************************************/
+/**
+ * xmlSecDSigReferenceCtxListId:
+ *
+ * The references list klass.
+ */
+#define xmlSecDSigReferenceCtxListId \
+ xmlSecDSigReferenceCtxListGetKlass()
+XMLSEC_EXPORT xmlSecPtrListId xmlSecDSigReferenceCtxListGetKlass(void);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* XMLSEC_NO_XMLDSIG */
+
+#endif /* __XMLSEC_XMLDSIG_H__ */
+
diff --git a/include/xmlsec/xmlenc.h b/include/xmlsec/xmlenc.h
new file mode 100644
index 00000000..8f972779
--- /dev/null
+++ b/include/xmlsec/xmlenc.h
@@ -0,0 +1,163 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * "XML Encryption" implementation
+ * http://www.w3.org/TR/xmlenc-core
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_XMLENC_H__
+#define __XMLSEC_XMLENC_H__
+
+#ifndef XMLSEC_NO_XMLENC
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+#include <stdio.h>
+
+#include <libxml/tree.h>
+#include <libxml/parser.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/buffer.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/transforms.h>
+
+/**
+ * xmlEncCtxMode:
+ * @xmlEncCtxModeEncryptedData: the <enc:EncryptedData/> element procesing.
+ * @xmlEncCtxModeEncryptedKey: the <enc:EncryptedKey/> element processing.
+ *
+ * The #xmlSecEncCtx mode.
+ */
+typedef enum {
+ xmlEncCtxModeEncryptedData = 0,
+ xmlEncCtxModeEncryptedKey
+} xmlEncCtxMode;
+
+
+/**
+ * XMLSEC_ENC_RETURN_REPLACED_NODE:
+ *
+ * If this flag is set, then the replaced node will be returned in the replacedNodeList
+ */
+#define XMLSEC_ENC_RETURN_REPLACED_NODE 0x00000001
+
+/**
+ * xmlSecEncCtx:
+ * @userData: the pointer to user data (xmlsec and xmlsec-crypto libraries
+ * never touches this).
+ * @flags: the XML Encryption processing flags.
+ * @flags2: the XML Encryption processing flags.
+ * @mode: the mode.
+ * @keyInfoReadCtx: the reading key context.
+ * @keyInfoWriteCtx: the writing key context (not used for signature verification).
+ * @transformCtx: the transforms processing context.
+ * @defEncMethodId: the default encryption method (used if
+ * <enc:EncryptionMethod/> node is not present).
+ * @encKey: the signature key; application may set #encKey
+ * before calling encryption/decryption functions.
+ * @operation: the operation: encrypt or decrypt.
+ * @result: the pointer to signature (not valid for signature verificaction).
+ * @resultBase64Encoded: the flag: if set then result in #result is base64 encoded.
+ * @resultReplaced: the flag: if set then resulted <enc:EncryptedData/>
+ * or <enc:EncryptedKey/> node is added to the document.
+ * @encMethod: the pointer to encryption transform.
+ * @replacedNodeList: the first node of the list of replaced nodes depending on the nodeReplacementMode
+ * @id: the ID attribute of <enc:EncryptedData/>
+ * or <enc:EncryptedKey/> node.
+ * @type: the Type attribute of <enc:EncryptedData/>
+ * or <enc:EncryptedKey/> node.
+ * @mimeType: the MimeType attribute of <enc:EncryptedData/>
+ * or <enc:EncryptedKey/> node.
+ * @encoding: the Encoding attributeof <enc:EncryptedData/>
+ * or <enc:EncryptedKey/> node.
+ * @recipient: the Recipient attribute of <enc:EncryptedKey/> node..
+ * @carriedKeyName: the CarriedKeyName attribute of <enc:EncryptedKey/> node.
+ * @encDataNode: the pointer to <enc:EncryptedData/>
+ * or <enc:EncryptedKey/> node.
+ * @encMethodNode: the pointer to <enc:EncryptionMethod/> node.
+ * @keyInfoNode: the pointer to <enc:KeyInfo/> node.
+ * @cipherValueNode: the pointer to <enc:CipherValue/> node.
+ * @reserved1: reserved for the future.
+ *
+ * XML Encrypiton context.
+ */
+struct _xmlSecEncCtx {
+ /* these data user can set before performing the operation */
+ void* userData;
+ unsigned int flags;
+ unsigned int flags2;
+ xmlEncCtxMode mode;
+ xmlSecKeyInfoCtx keyInfoReadCtx;
+ xmlSecKeyInfoCtx keyInfoWriteCtx;
+ xmlSecTransformCtx transformCtx;
+ xmlSecTransformId defEncMethodId;
+
+ /* these data are returned */
+ xmlSecKeyPtr encKey;
+ xmlSecTransformOperation operation;
+ xmlSecBufferPtr result;
+ int resultBase64Encoded;
+ int resultReplaced;
+ xmlSecTransformPtr encMethod;
+
+ /* attributes from EncryptedData or EncryptedKey */
+ xmlChar* id;
+ xmlChar* type;
+ xmlChar* mimeType;
+ xmlChar* encoding;
+ xmlChar* recipient;
+ xmlChar* carriedKeyName;
+
+ /* these are internal data, nobody should change that except us */
+ xmlNodePtr encDataNode;
+ xmlNodePtr encMethodNode;
+ xmlNodePtr keyInfoNode;
+ xmlNodePtr cipherValueNode;
+
+ xmlNodePtr replacedNodeList; /* the pointer to the replaced node */
+ void* reserved1; /* reserved for future */
+};
+
+XMLSEC_EXPORT xmlSecEncCtxPtr xmlSecEncCtxCreate (xmlSecKeysMngrPtr keysMngr);
+XMLSEC_EXPORT void xmlSecEncCtxDestroy (xmlSecEncCtxPtr encCtx);
+XMLSEC_EXPORT int xmlSecEncCtxInitialize (xmlSecEncCtxPtr encCtx,
+ xmlSecKeysMngrPtr keysMngr);
+XMLSEC_EXPORT void xmlSecEncCtxFinalize (xmlSecEncCtxPtr encCtx);
+XMLSEC_EXPORT int xmlSecEncCtxCopyUserPref (xmlSecEncCtxPtr dst,
+ xmlSecEncCtxPtr src);
+XMLSEC_EXPORT void xmlSecEncCtxReset (xmlSecEncCtxPtr encCtx);
+XMLSEC_EXPORT int xmlSecEncCtxBinaryEncrypt (xmlSecEncCtxPtr encCtx,
+ xmlNodePtr tmpl,
+ const xmlSecByte* data,
+ xmlSecSize dataSize);
+XMLSEC_EXPORT int xmlSecEncCtxXmlEncrypt (xmlSecEncCtxPtr encCtx,
+ xmlNodePtr tmpl,
+ xmlNodePtr node);
+XMLSEC_EXPORT int xmlSecEncCtxUriEncrypt (xmlSecEncCtxPtr encCtx,
+ xmlNodePtr tmpl,
+ const xmlChar *uri);
+XMLSEC_EXPORT int xmlSecEncCtxDecrypt (xmlSecEncCtxPtr encCtx,
+ xmlNodePtr node);
+XMLSEC_EXPORT xmlSecBufferPtr xmlSecEncCtxDecryptToBuffer (xmlSecEncCtxPtr encCtx,
+ xmlNodePtr node );
+XMLSEC_EXPORT void xmlSecEncCtxDebugDump (xmlSecEncCtxPtr encCtx,
+ FILE* output);
+XMLSEC_EXPORT void xmlSecEncCtxDebugXmlDump (xmlSecEncCtxPtr encCtx,
+ FILE* output);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* XMLSEC_NO_XMLENC */
+
+#endif /* __XMLSEC_XMLENC_H__ */
+
diff --git a/include/xmlsec/xmlsec.h b/include/xmlsec/xmlsec.h
new file mode 100644
index 00000000..ad44918b
--- /dev/null
+++ b/include/xmlsec/xmlsec.h
@@ -0,0 +1,216 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * General functions and forward declarations.
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_H__
+#define __XMLSEC_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <libxml/tree.h>
+
+#include <xmlsec/version.h>
+#include <xmlsec/exports.h>
+#include <xmlsec/strings.h>
+
+/***********************************************************************
+ *
+ * Basic types to make ports to exotic platforms easier
+ *
+ ***********************************************************************/
+/**
+ * xmlSecPtr:
+ *
+ * Void pointer.
+ */
+typedef void* xmlSecPtr;
+
+/**
+ * xmlSecSize:
+ *
+ * Size of something. Should be typedef instead of define
+ * but it will break ABI (todo).
+ */
+#ifdef XMLSEC_NO_SIZE_T
+#define xmlSecSize unsigned int
+#else /* XMLSEC_NO_SIZE_T */
+#define xmlSecSize size_t
+#endif /* XMLSEC_NO_SIZE_T */
+
+/**
+ * XMLSEC_SIZE_BAD_CAST:
+ * @val: the value to cast
+ *
+ * Bad cast to xmlSecSize
+ */
+#define XMLSEC_SIZE_BAD_CAST(val) ((xmlSecSize)(val))
+
+/**
+ * xmlSecByte:
+ *
+ * One byte. Should be typedef instead of define
+ * but it will break ABI (todo).
+ */
+#define xmlSecByte unsigned char
+
+/***********************************************************************
+ *
+ * Forward declarations
+ *
+ ***********************************************************************/
+typedef struct _xmlSecKeyData xmlSecKeyData, *xmlSecKeyDataPtr;
+typedef struct _xmlSecKeyDataStore xmlSecKeyDataStore, *xmlSecKeyDataStorePtr;
+typedef struct _xmlSecKeyInfoCtx xmlSecKeyInfoCtx, *xmlSecKeyInfoCtxPtr;
+typedef struct _xmlSecKey xmlSecKey, *xmlSecKeyPtr;
+typedef struct _xmlSecKeyStore xmlSecKeyStore, *xmlSecKeyStorePtr;
+typedef struct _xmlSecKeysMngr xmlSecKeysMngr, *xmlSecKeysMngrPtr;
+typedef struct _xmlSecTransform xmlSecTransform, *xmlSecTransformPtr;
+typedef struct _xmlSecTransformCtx xmlSecTransformCtx, *xmlSecTransformCtxPtr;
+
+#ifndef XMLSEC_NO_XMLDSIG
+typedef struct _xmlSecDSigCtx xmlSecDSigCtx, *xmlSecDSigCtxPtr;
+#endif /* XMLSEC_NO_XMLDSIG */
+
+#ifndef XMLSEC_NO_XMLENC
+typedef struct _xmlSecEncCtx xmlSecEncCtx, *xmlSecEncCtxPtr;
+#endif /* XMLSEC_NO_XMLENC */
+
+#ifndef XMLSEC_NO_XKMS
+typedef struct _xmlSecXkmsServerCtx xmlSecXkmsServerCtx, *xmlSecXkmsServerCtxPtr;
+#endif /* XMLSEC_NO_XKMS */
+
+XMLSEC_EXPORT int xmlSecInit (void);
+XMLSEC_EXPORT int xmlSecShutdown (void);
+
+
+
+/***********************************************************************
+ *
+ * Version checking
+ *
+ ***********************************************************************/
+/**
+ * xmlSecCheckVersionExact:
+ *
+ * Macro. Returns 1 if the loaded xmlsec library version exactly matches
+ * the one used to compile the caller, 0 if it does not or a negative
+ * value if an error occurs.
+ */
+#define xmlSecCheckVersionExact() \
+ xmlSecCheckVersionExt(XMLSEC_VERSION_MAJOR, XMLSEC_VERSION_MINOR, XMLSEC_VERSION_SUBMINOR, xmlSecCheckVersionExactMatch)
+
+/**
+ * xmlSecCheckVersion:
+ *
+ * Macro. Returns 1 if the loaded xmlsec library version ABI compatible with
+ * the one used to compile the caller, 0 if it does not or a negative
+ * value if an error occurs.
+ */
+#define xmlSecCheckVersion() \
+ xmlSecCheckVersionExt(XMLSEC_VERSION_MAJOR, XMLSEC_VERSION_MINOR, XMLSEC_VERSION_SUBMINOR, xmlSecCheckVersionABICompatible)
+
+/**
+ * xmlSecCheckVersionMode:
+ * @xmlSecCheckVersionExactMatch: the version should match exactly.
+ * @xmlSecCheckVersionABICompatible: the version should be ABI compatible.
+ *
+ * The xmlsec library version mode.
+ */
+typedef enum {
+ xmlSecCheckVersionExactMatch = 0,
+ xmlSecCheckVersionABICompatible
+} xmlSecCheckVersionMode;
+
+XMLSEC_EXPORT int xmlSecCheckVersionExt (int major,
+ int minor,
+ int subminor,
+ xmlSecCheckVersionMode mode);
+
+/**
+ * ATTRIBUTE_UNUSED:
+ *
+ * Macro used to signal to GCC unused function parameters
+ */
+#ifdef __GNUC__
+#ifdef HAVE_ANSIDECL_H
+#include <ansidecl.h>
+#endif
+#ifndef ATTRIBUTE_UNUSED
+#define ATTRIBUTE_UNUSED
+#endif
+#else
+#define ATTRIBUTE_UNUSED
+#endif
+
+/***********************************************************************
+ *
+ * Helpers to convert from void* to function pointer, this silence
+ * gcc warning
+ *
+ * warning: ISO C forbids conversion of object pointer to function
+ * pointer type
+ *
+ * The workaround is to declare a union that does the conversion. This is
+ * guaranteed (ISO/IEC 9899:1990 "C89"/"C90") to match exactly.
+ *
+ ***********************************************************************/
+
+/**
+ * XMLSEC_PTR_TO_FUNC_IMPL:
+ * @func_type: the function type.
+ *
+ * Macro declares helper functions to convert between "void *" pointer and
+ * function pointer.
+ */
+#define XMLSEC_PTR_TO_FUNC_IMPL(func_type) \
+ union xmlSecPtrToFuncUnion_ ##func_type { \
+ void *ptr; \
+ func_type * func; \
+ } ; \
+ static func_type * xmlSecPtrToFunc_ ##func_type(void * ptr) { \
+ union xmlSecPtrToFuncUnion_ ##func_type x; \
+ x.ptr = ptr; \
+ return (x.func); \
+ } \
+ static void * xmlSecFuncToPtr_ ##func_type(func_type * func) { \
+ union xmlSecPtrToFuncUnion_ ##func_type x; \
+ x.func = func; \
+ return (x.ptr); \
+ }
+
+/**
+ * XMLSEC_PTR_TO_FUNC:
+ * @func_type: the function type.
+ * @ptr: the "void*" pointer to be converted.
+ *
+ * Macro converts from "void*" pointer to "func_type" function pointer.
+ */
+#define XMLSEC_PTR_TO_FUNC(func_type, ptr) \
+ xmlSecPtrToFunc_ ##func_type((ptr))
+
+/**
+ * XMLSEC_FUNC_TO_PTR:
+ * @func_type: the function type.
+ * @func: the "func_type" function pointer to be converted.
+ *
+ * Macro converts from "func_type" function pointer to "void*" pointer.
+ */
+#define XMLSEC_FUNC_TO_PTR(func_type, func) \
+ xmlSecFuncToPtr_ ##func_type((func))
+
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_H__ */
+
+
diff --git a/include/xmlsec/xmltree.h b/include/xmlsec/xmltree.h
new file mode 100644
index 00000000..c75e51eb
--- /dev/null
+++ b/include/xmlsec/xmltree.h
@@ -0,0 +1,275 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Common XML utility functions
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_TREE_H__
+#define __XMLSEC_TREE_H__
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#include <stdio.h>
+
+#include <libxml/tree.h>
+#include <libxml/xpath.h>
+#include <xmlsec/xmlsec.h>
+
+/**
+ * xmlSecNodeGetName:
+ * @node: the pointer to node.
+ *
+ * Macro. Returns node's name.
+ */
+#define xmlSecNodeGetName(node) \
+ (((node)) ? ((const char*)((node)->name)) : NULL)
+
+XMLSEC_EXPORT const xmlChar* xmlSecGetNodeNsHref (const xmlNodePtr cur);
+XMLSEC_EXPORT int xmlSecCheckNodeName (const xmlNodePtr cur,
+ const xmlChar *name,
+ const xmlChar *ns);
+XMLSEC_EXPORT xmlNodePtr xmlSecGetNextElementNode(xmlNodePtr cur);
+XMLSEC_EXPORT xmlNodePtr xmlSecFindChild (const xmlNodePtr parent,
+ const xmlChar *name,
+ const xmlChar *ns);
+XMLSEC_EXPORT xmlNodePtr xmlSecFindParent (const xmlNodePtr cur,
+ const xmlChar *name,
+ const xmlChar *ns);
+XMLSEC_EXPORT xmlNodePtr xmlSecFindNode (const xmlNodePtr parent,
+ const xmlChar *name,
+ const xmlChar *ns);
+XMLSEC_EXPORT xmlNodePtr xmlSecAddChild (xmlNodePtr parent,
+ const xmlChar *name,
+ const xmlChar *ns);
+XMLSEC_EXPORT xmlNodePtr xmlSecAddChildNode (xmlNodePtr parent,
+ xmlNodePtr child);
+XMLSEC_EXPORT xmlNodePtr xmlSecAddNextSibling (xmlNodePtr node,
+ const xmlChar *name,
+ const xmlChar *ns);
+XMLSEC_EXPORT xmlNodePtr xmlSecAddPrevSibling (xmlNodePtr node,
+ const xmlChar *name,
+ const xmlChar *ns);
+
+XMLSEC_EXPORT int xmlSecReplaceNode (xmlNodePtr node,
+ xmlNodePtr newNode);
+XMLSEC_EXPORT int xmlSecReplaceNodeAndReturn
+ (xmlNodePtr node,
+ xmlNodePtr newNode,
+ xmlNodePtr* replaced);
+XMLSEC_EXPORT int xmlSecReplaceContent (xmlNodePtr node,
+ xmlNodePtr newNode);
+XMLSEC_EXPORT int xmlSecReplaceContentAndReturn
+ (xmlNodePtr node,
+ xmlNodePtr newNode,
+ xmlNodePtr* replaced);
+XMLSEC_EXPORT int xmlSecReplaceNodeBuffer (xmlNodePtr node,
+ const xmlSecByte *buffer,
+ xmlSecSize size);
+XMLSEC_EXPORT int xmlSecReplaceNodeBufferAndReturn
+ (xmlNodePtr node,
+ const xmlSecByte *buffer,
+ xmlSecSize size,
+ xmlNodePtr* replaced);
+XMLSEC_EXPORT int xmlSecNodeEncodeAndSetContent
+ (xmlNodePtr node,
+ const xmlChar *buffer);
+XMLSEC_EXPORT void xmlSecAddIDs (xmlDocPtr doc,
+ xmlNodePtr cur,
+ const xmlChar** ids);
+XMLSEC_EXPORT int xmlSecGenerateAndAddID (xmlNodePtr node,
+ const xmlChar* attrName,
+ const xmlChar* prefix,
+ xmlSecSize len);
+XMLSEC_EXPORT xmlChar* xmlSecGenerateID (const xmlChar* prefix,
+ xmlSecSize len);
+
+XMLSEC_EXPORT xmlDocPtr xmlSecCreateTree (const xmlChar* rootNodeName,
+ const xmlChar* rootNodeNs);
+XMLSEC_EXPORT int xmlSecIsEmptyNode (xmlNodePtr node);
+XMLSEC_EXPORT int xmlSecIsEmptyString (const xmlChar* str);
+XMLSEC_EXPORT xmlChar* xmlSecGetQName (xmlNodePtr node,
+ const xmlChar* href,
+ const xmlChar* local);
+
+
+XMLSEC_EXPORT int xmlSecPrintXmlString (FILE * fd,
+ const xmlChar * str);
+
+/**
+ * xmlSecIsHex:
+ * @c: the character.
+ *
+ * Macro. Returns 1 if @c is a hex digit or 0 other wise.
+ */
+#define xmlSecIsHex(c) \
+ (( (('0' <= (c)) && ((c) <= '9')) || \
+ (('a' <= (c)) && ((c) <= 'f')) || \
+ (('A' <= (c)) && ((c) <= 'F')) ) ? 1 : 0)
+
+/**
+ * xmlSecGetHex:
+ * @c: the character,
+ *
+ * Macro. Returns the hex value of the @c.
+ */
+#define xmlSecGetHex(c) \
+ ( (('0' <= (c)) && ((c) <= '9')) ? (c) - '0' : \
+ ( (('a' <= (c)) && ((c) <= 'f')) ? (c) - 'a' + 10 : \
+ ( (('A' <= (c)) && ((c) <= 'F')) ? (c) - 'A' + 10 : 0 )))
+
+/*************************************************************************
+ *
+ * QName <-> Integer mapping
+ *
+ ************************************************************************/
+
+/**
+ * xmlSecQName2IntegerInfo:
+ * @qnameHref: the QName href
+ * @qnameLocalPart: the QName local
+ * @intValue: the integer value
+ *
+ * QName <-> Integer conversion definition.
+ */
+typedef struct _xmlSecQName2IntegerInfo xmlSecQName2IntegerInfo, *xmlSecQName2IntegerInfoPtr;
+struct _xmlSecQName2IntegerInfo {
+ const xmlChar* qnameHref;
+ const xmlChar* qnameLocalPart;
+ int intValue;
+};
+
+/**
+ * xmlSecQName2IntegerInfoConstPtr:
+ *
+ * Pointer to constant QName <-> Integer conversion definition.
+ */
+typedef const xmlSecQName2IntegerInfo * xmlSecQName2IntegerInfoConstPtr;
+
+XMLSEC_EXPORT xmlSecQName2IntegerInfoConstPtr xmlSecQName2IntegerGetInfo
+ (xmlSecQName2IntegerInfoConstPtr info,
+ int intValue);
+XMLSEC_EXPORT int xmlSecQName2IntegerGetInteger (xmlSecQName2IntegerInfoConstPtr info,
+ const xmlChar* qnameHref,
+ const xmlChar* qnameLocalPart,
+ int* intValue);
+XMLSEC_EXPORT int xmlSecQName2IntegerGetIntegerFromString
+ (xmlSecQName2IntegerInfoConstPtr info,
+ xmlNodePtr node,
+ const xmlChar* qname,
+ int* intValue);
+XMLSEC_EXPORT xmlChar* xmlSecQName2IntegerGetStringFromInteger
+ (xmlSecQName2IntegerInfoConstPtr info,
+ xmlNodePtr node,
+ int intValue);
+XMLSEC_EXPORT int xmlSecQName2IntegerNodeRead (xmlSecQName2IntegerInfoConstPtr info,
+ xmlNodePtr node,
+ int* intValue);
+XMLSEC_EXPORT int xmlSecQName2IntegerNodeWrite (xmlSecQName2IntegerInfoConstPtr info,
+ xmlNodePtr node,
+ const xmlChar* nodeName,
+ const xmlChar* nodeNs,
+ int intValue);
+XMLSEC_EXPORT int xmlSecQName2IntegerAttributeRead(xmlSecQName2IntegerInfoConstPtr info,
+ xmlNodePtr node,
+ const xmlChar* attrName,
+ int* intValue);
+XMLSEC_EXPORT int xmlSecQName2IntegerAttributeWrite(xmlSecQName2IntegerInfoConstPtr info,
+ xmlNodePtr node,
+ const xmlChar* attrName,
+ int intValue);
+XMLSEC_EXPORT void xmlSecQName2IntegerDebugDump (xmlSecQName2IntegerInfoConstPtr info,
+ int intValue,
+ const xmlChar* name,
+ FILE* output);
+XMLSEC_EXPORT void xmlSecQName2IntegerDebugXmlDump(xmlSecQName2IntegerInfoConstPtr info,
+ int intValue,
+ const xmlChar* name,
+ FILE* output);
+
+/*************************************************************************
+ *
+ * QName <-> Bitmask mapping
+ *
+ ************************************************************************/
+
+/**
+ * xmlSecBitMask:
+ *
+ * Bitmask datatype.
+ */
+typedef unsigned int xmlSecBitMask;
+
+/**
+ * xmlSecQName2BitMaskInfo:
+ * @qnameHref: the QName href
+ * @qnameLocalPart: the QName local
+ * @mask: the bitmask value
+ *
+ * QName <-> Bitmask conversion definition.
+ */
+typedef struct _xmlSecQName2BitMaskInfo xmlSecQName2BitMaskInfo, *xmlSecQName2BitMaskInfoPtr;
+
+struct _xmlSecQName2BitMaskInfo {
+ const xmlChar* qnameHref;
+ const xmlChar* qnameLocalPart;
+ xmlSecBitMask mask;
+};
+
+/**
+ * xmlSecQName2BitMaskInfoConstPtr:
+ *
+ * Pointer to constant QName <-> Bitmask conversion definition.
+ */
+typedef const xmlSecQName2BitMaskInfo* xmlSecQName2BitMaskInfoConstPtr;
+
+XMLSEC_EXPORT xmlSecQName2BitMaskInfoConstPtr xmlSecQName2BitMaskGetInfo
+ (xmlSecQName2BitMaskInfoConstPtr info,
+ xmlSecBitMask mask);
+XMLSEC_EXPORT int xmlSecQName2BitMaskGetBitMask (xmlSecQName2BitMaskInfoConstPtr info,
+ const xmlChar* qnameLocalPart,
+ const xmlChar* qnameHref,
+ xmlSecBitMask* mask);
+XMLSEC_EXPORT int xmlSecQName2BitMaskNodesRead (xmlSecQName2BitMaskInfoConstPtr info,
+ xmlNodePtr* node,
+ const xmlChar* nodeName,
+ const xmlChar* nodeNs,
+ int stopOnUnknown,
+ xmlSecBitMask* mask);
+XMLSEC_EXPORT int xmlSecQName2BitMaskGetBitMaskFromString
+ (xmlSecQName2BitMaskInfoConstPtr info,
+ xmlNodePtr node,
+ const xmlChar* qname,
+ xmlSecBitMask* mask);
+XMLSEC_EXPORT xmlChar* xmlSecQName2BitMaskGetStringFromBitMask
+ (xmlSecQName2BitMaskInfoConstPtr info,
+ xmlNodePtr node,
+ xmlSecBitMask mask);
+XMLSEC_EXPORT int xmlSecQName2BitMaskNodesWrite (xmlSecQName2BitMaskInfoConstPtr info,
+ xmlNodePtr node,
+ const xmlChar* nodeName,
+ const xmlChar* nodeNs,
+ xmlSecBitMask mask);
+XMLSEC_EXPORT void xmlSecQName2BitMaskDebugDump (xmlSecQName2BitMaskInfoConstPtr info,
+ xmlSecBitMask mask,
+ const xmlChar* name,
+ FILE* output);
+XMLSEC_EXPORT void xmlSecQName2BitMaskDebugXmlDump(xmlSecQName2BitMaskInfoConstPtr info,
+ xmlSecBitMask mask,
+ const xmlChar* name,
+ FILE* output);
+
+
+
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_TREE_H__ */
+
diff --git a/install-sh b/install-sh
new file mode 100755
index 00000000..6781b987
--- /dev/null
+++ b/install-sh
@@ -0,0 +1,520 @@
+#!/bin/sh
+# install - install a program, script, or datafile
+
+scriptversion=2009-04-28.21; # UTC
+
+# This originates from X11R5 (mit/util/scripts/install.sh), which was
+# later released in X11R6 (xc/config/util/install.sh) with the
+# following copyright and license.
+#
+# Copyright (C) 1994 X Consortium
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# Except as contained in this notice, the name of the X Consortium shall not
+# be used in advertising or otherwise to promote the sale, use or other deal-
+# ings in this Software without prior written authorization from the X Consor-
+# tium.
+#
+#
+# FSF changes to this file are in the public domain.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# `make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+
+nl='
+'
+IFS=" "" $nl"
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit=${DOITPROG-}
+if test -z "$doit"; then
+ doit_exec=exec
+else
+ doit_exec=$doit
+fi
+
+# Put in absolute file names if you don't have them in your path;
+# or use environment vars.
+
+chgrpprog=${CHGRPPROG-chgrp}
+chmodprog=${CHMODPROG-chmod}
+chownprog=${CHOWNPROG-chown}
+cmpprog=${CMPPROG-cmp}
+cpprog=${CPPROG-cp}
+mkdirprog=${MKDIRPROG-mkdir}
+mvprog=${MVPROG-mv}
+rmprog=${RMPROG-rm}
+stripprog=${STRIPPROG-strip}
+
+posix_glob='?'
+initialize_posix_glob='
+ test "$posix_glob" != "?" || {
+ if (set -f) 2>/dev/null; then
+ posix_glob=
+ else
+ posix_glob=:
+ fi
+ }
+'
+
+posix_mkdir=
+
+# Desired mode of installed file.
+mode=0755
+
+chgrpcmd=
+chmodcmd=$chmodprog
+chowncmd=
+mvcmd=$mvprog
+rmcmd="$rmprog -f"
+stripcmd=
+
+src=
+dst=
+dir_arg=
+dst_arg=
+
+copy_on_change=false
+no_target_directory=
+
+usage="\
+Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
+ or: $0 [OPTION]... SRCFILES... DIRECTORY
+ or: $0 [OPTION]... -t DIRECTORY SRCFILES...
+ or: $0 [OPTION]... -d DIRECTORIES...
+
+In the 1st form, copy SRCFILE to DSTFILE.
+In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
+In the 4th, create DIRECTORIES.
+
+Options:
+ --help display this help and exit.
+ --version display version info and exit.
+
+ -c (ignored)
+ -C install only if different (preserve the last data modification time)
+ -d create directories instead of installing files.
+ -g GROUP $chgrpprog installed files to GROUP.
+ -m MODE $chmodprog installed files to MODE.
+ -o USER $chownprog installed files to USER.
+ -s $stripprog installed files.
+ -t DIRECTORY install into DIRECTORY.
+ -T report an error if DSTFILE is a directory.
+
+Environment variables override the default commands:
+ CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
+ RMPROG STRIPPROG
+"
+
+while test $# -ne 0; do
+ case $1 in
+ -c) ;;
+
+ -C) copy_on_change=true;;
+
+ -d) dir_arg=true;;
+
+ -g) chgrpcmd="$chgrpprog $2"
+ shift;;
+
+ --help) echo "$usage"; exit $?;;
+
+ -m) mode=$2
+ case $mode in
+ *' '* | *' '* | *'
+'* | *'*'* | *'?'* | *'['*)
+ echo "$0: invalid mode: $mode" >&2
+ exit 1;;
+ esac
+ shift;;
+
+ -o) chowncmd="$chownprog $2"
+ shift;;
+
+ -s) stripcmd=$stripprog;;
+
+ -t) dst_arg=$2
+ shift;;
+
+ -T) no_target_directory=true;;
+
+ --version) echo "$0 $scriptversion"; exit $?;;
+
+ --) shift
+ break;;
+
+ -*) echo "$0: invalid option: $1" >&2
+ exit 1;;
+
+ *) break;;
+ esac
+ shift
+done
+
+if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
+ # When -d is used, all remaining arguments are directories to create.
+ # When -t is used, the destination is already specified.
+ # Otherwise, the last argument is the destination. Remove it from $@.
+ for arg
+ do
+ if test -n "$dst_arg"; then
+ # $@ is not empty: it contains at least $arg.
+ set fnord "$@" "$dst_arg"
+ shift # fnord
+ fi
+ shift # arg
+ dst_arg=$arg
+ done
+fi
+
+if test $# -eq 0; then
+ if test -z "$dir_arg"; then
+ echo "$0: no input file specified." >&2
+ exit 1
+ fi
+ # It's OK to call `install-sh -d' without argument.
+ # This can happen when creating conditional directories.
+ exit 0
+fi
+
+if test -z "$dir_arg"; then
+ trap '(exit $?); exit' 1 2 13 15
+
+ # Set umask so as not to create temps with too-generous modes.
+ # However, 'strip' requires both read and write access to temps.
+ case $mode in
+ # Optimize common cases.
+ *644) cp_umask=133;;
+ *755) cp_umask=22;;
+
+ *[0-7])
+ if test -z "$stripcmd"; then
+ u_plus_rw=
+ else
+ u_plus_rw='% 200'
+ fi
+ cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
+ *)
+ if test -z "$stripcmd"; then
+ u_plus_rw=
+ else
+ u_plus_rw=,u+rw
+ fi
+ cp_umask=$mode$u_plus_rw;;
+ esac
+fi
+
+for src
+do
+ # Protect names starting with `-'.
+ case $src in
+ -*) src=./$src;;
+ esac
+
+ if test -n "$dir_arg"; then
+ dst=$src
+ dstdir=$dst
+ test -d "$dstdir"
+ dstdir_status=$?
+ else
+
+ # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
+ # might cause directories to be created, which would be especially bad
+ # if $src (and thus $dsttmp) contains '*'.
+ if test ! -f "$src" && test ! -d "$src"; then
+ echo "$0: $src does not exist." >&2
+ exit 1
+ fi
+
+ if test -z "$dst_arg"; then
+ echo "$0: no destination specified." >&2
+ exit 1
+ fi
+
+ dst=$dst_arg
+ # Protect names starting with `-'.
+ case $dst in
+ -*) dst=./$dst;;
+ esac
+
+ # If destination is a directory, append the input filename; won't work
+ # if double slashes aren't ignored.
+ if test -d "$dst"; then
+ if test -n "$no_target_directory"; then
+ echo "$0: $dst_arg: Is a directory" >&2
+ exit 1
+ fi
+ dstdir=$dst
+ dst=$dstdir/`basename "$src"`
+ dstdir_status=0
+ else
+ # Prefer dirname, but fall back on a substitute if dirname fails.
+ dstdir=`
+ (dirname "$dst") 2>/dev/null ||
+ expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+ X"$dst" : 'X\(//\)[^/]' \| \
+ X"$dst" : 'X\(//\)$' \| \
+ X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
+ echo X"$dst" |
+ sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)[^/].*/{
+ s//\1/
+ q
+ }
+ /^X\(\/\/\)$/{
+ s//\1/
+ q
+ }
+ /^X\(\/\).*/{
+ s//\1/
+ q
+ }
+ s/.*/./; q'
+ `
+
+ test -d "$dstdir"
+ dstdir_status=$?
+ fi
+ fi
+
+ obsolete_mkdir_used=false
+
+ if test $dstdir_status != 0; then
+ case $posix_mkdir in
+ '')
+ # Create intermediate dirs using mode 755 as modified by the umask.
+ # This is like FreeBSD 'install' as of 1997-10-28.
+ umask=`umask`
+ case $stripcmd.$umask in
+ # Optimize common cases.
+ *[2367][2367]) mkdir_umask=$umask;;
+ .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
+
+ *[0-7])
+ mkdir_umask=`expr $umask + 22 \
+ - $umask % 100 % 40 + $umask % 20 \
+ - $umask % 10 % 4 + $umask % 2
+ `;;
+ *) mkdir_umask=$umask,go-w;;
+ esac
+
+ # With -d, create the new directory with the user-specified mode.
+ # Otherwise, rely on $mkdir_umask.
+ if test -n "$dir_arg"; then
+ mkdir_mode=-m$mode
+ else
+ mkdir_mode=
+ fi
+
+ posix_mkdir=false
+ case $umask in
+ *[123567][0-7][0-7])
+ # POSIX mkdir -p sets u+wx bits regardless of umask, which
+ # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
+ ;;
+ *)
+ tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
+ trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
+
+ if (umask $mkdir_umask &&
+ exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
+ then
+ if test -z "$dir_arg" || {
+ # Check for POSIX incompatibilities with -m.
+ # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
+ # other-writeable bit of parent directory when it shouldn't.
+ # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
+ ls_ld_tmpdir=`ls -ld "$tmpdir"`
+ case $ls_ld_tmpdir in
+ d????-?r-*) different_mode=700;;
+ d????-?--*) different_mode=755;;
+ *) false;;
+ esac &&
+ $mkdirprog -m$different_mode -p -- "$tmpdir" && {
+ ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
+ test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
+ }
+ }
+ then posix_mkdir=:
+ fi
+ rmdir "$tmpdir/d" "$tmpdir"
+ else
+ # Remove any dirs left behind by ancient mkdir implementations.
+ rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
+ fi
+ trap '' 0;;
+ esac;;
+ esac
+
+ if
+ $posix_mkdir && (
+ umask $mkdir_umask &&
+ $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
+ )
+ then :
+ else
+
+ # The umask is ridiculous, or mkdir does not conform to POSIX,
+ # or it failed possibly due to a race condition. Create the
+ # directory the slow way, step by step, checking for races as we go.
+
+ case $dstdir in
+ /*) prefix='/';;
+ -*) prefix='./';;
+ *) prefix='';;
+ esac
+
+ eval "$initialize_posix_glob"
+
+ oIFS=$IFS
+ IFS=/
+ $posix_glob set -f
+ set fnord $dstdir
+ shift
+ $posix_glob set +f
+ IFS=$oIFS
+
+ prefixes=
+
+ for d
+ do
+ test -z "$d" && continue
+
+ prefix=$prefix$d
+ if test -d "$prefix"; then
+ prefixes=
+ else
+ if $posix_mkdir; then
+ (umask=$mkdir_umask &&
+ $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
+ # Don't fail if two instances are running concurrently.
+ test -d "$prefix" || exit 1
+ else
+ case $prefix in
+ *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
+ *) qprefix=$prefix;;
+ esac
+ prefixes="$prefixes '$qprefix'"
+ fi
+ fi
+ prefix=$prefix/
+ done
+
+ if test -n "$prefixes"; then
+ # Don't fail if two instances are running concurrently.
+ (umask $mkdir_umask &&
+ eval "\$doit_exec \$mkdirprog $prefixes") ||
+ test -d "$dstdir" || exit 1
+ obsolete_mkdir_used=true
+ fi
+ fi
+ fi
+
+ if test -n "$dir_arg"; then
+ { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
+ { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
+ { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
+ test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
+ else
+
+ # Make a couple of temp file names in the proper directory.
+ dsttmp=$dstdir/_inst.$$_
+ rmtmp=$dstdir/_rm.$$_
+
+ # Trap to clean up those temp files at exit.
+ trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
+
+ # Copy the file name to the temp name.
+ (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
+
+ # and set any options; do chmod last to preserve setuid bits.
+ #
+ # If any of these fail, we abort the whole thing. If we want to
+ # ignore errors from any of these, just make sure not to ignore
+ # errors from the above "$doit $cpprog $src $dsttmp" command.
+ #
+ { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
+ { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
+ { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
+ { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
+
+ # If -C, don't bother to copy if it wouldn't change the file.
+ if $copy_on_change &&
+ old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` &&
+ new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` &&
+
+ eval "$initialize_posix_glob" &&
+ $posix_glob set -f &&
+ set X $old && old=:$2:$4:$5:$6 &&
+ set X $new && new=:$2:$4:$5:$6 &&
+ $posix_glob set +f &&
+
+ test "$old" = "$new" &&
+ $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
+ then
+ rm -f "$dsttmp"
+ else
+ # Rename the file to the real destination.
+ $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
+
+ # The rename failed, perhaps because mv can't rename something else
+ # to itself, or perhaps because mv is so ancient that it does not
+ # support -f.
+ {
+ # Now remove or move aside any old file at destination location.
+ # We try this two ways since rm can't unlink itself on some
+ # systems and the destination file might be busy for other
+ # reasons. In this case, the final cleanup might fail but the new
+ # file should still install successfully.
+ {
+ test ! -f "$dst" ||
+ $doit $rmcmd -f "$dst" 2>/dev/null ||
+ { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
+ { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
+ } ||
+ { echo "$0: cannot unlink or rename $dst" >&2
+ (exit 1); exit 1
+ }
+ } &&
+
+ # Now rename the file to the real destination.
+ $doit $mvcmd "$dsttmp" "$dst"
+ }
+ fi || exit 1
+
+ trap '' 0
+ fi
+done
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
diff --git a/ltmain.sh b/ltmain.sh
new file mode 100755
index 00000000..7ed280bc
--- /dev/null
+++ b/ltmain.sh
@@ -0,0 +1,8413 @@
+# Generated from ltmain.m4sh.
+
+# ltmain.sh (GNU libtool) 2.2.6b
+# Written by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, 2007 2008 Free Software Foundation, Inc.
+# This is free software; see the source for copying conditions. There is NO
+# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+# GNU Libtool is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# As a special exception to the GNU General Public License,
+# if you distribute this file as part of a program or library that
+# is built using GNU Libtool, you may include this file under the
+# same distribution terms that you use for the rest of that program.
+#
+# GNU Libtool is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GNU Libtool; see the file COPYING. If not, a copy
+# can be downloaded from http://www.gnu.org/licenses/gpl.html,
+# or obtained by writing to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+# Usage: $progname [OPTION]... [MODE-ARG]...
+#
+# Provide generalized library-building support services.
+#
+# --config show all configuration variables
+# --debug enable verbose shell tracing
+# -n, --dry-run display commands without modifying any files
+# --features display basic configuration information and exit
+# --mode=MODE use operation mode MODE
+# --preserve-dup-deps don't remove duplicate dependency libraries
+# --quiet, --silent don't print informational messages
+# --tag=TAG use configuration variables from tag TAG
+# -v, --verbose print informational messages (default)
+# --version print version information
+# -h, --help print short or long help message
+#
+# MODE must be one of the following:
+#
+# clean remove files from the build directory
+# compile compile a source file into a libtool object
+# execute automatically set library path, then run a program
+# finish complete the installation of libtool libraries
+# install install libraries or executables
+# link create a library or an executable
+# uninstall remove libraries from an installed directory
+#
+# MODE-ARGS vary depending on the MODE.
+# Try `$progname --help --mode=MODE' for a more detailed description of MODE.
+#
+# When reporting a bug, please describe a test case to reproduce it and
+# include the following information:
+#
+# host-triplet: $host
+# shell: $SHELL
+# compiler: $LTCC
+# compiler flags: $LTCFLAGS
+# linker: $LD (gnu? $with_gnu_ld)
+# $progname: (GNU libtool) 2.2.6b Debian-2.2.6b-2ubuntu1
+# automake: $automake_version
+# autoconf: $autoconf_version
+#
+# Report bugs to <bug-libtool@gnu.org>.
+
+PROGRAM=ltmain.sh
+PACKAGE=libtool
+VERSION="2.2.6b Debian-2.2.6b-2ubuntu1"
+TIMESTAMP=""
+package_revision=1.3017
+
+# Be Bourne compatible
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+ emulate sh
+ NULLCMD=:
+ # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '${1+"$@"}'='"$@"'
+ setopt NO_GLOB_SUBST
+else
+ case `(set -o) 2>/dev/null` in *posix*) set -o posix;; esac
+fi
+BIN_SH=xpg4; export BIN_SH # for Tru64
+DUALCASE=1; export DUALCASE # for MKS sh
+
+# NLS nuisances: We save the old values to restore during execute mode.
+# Only set LANG and LC_ALL to C if already set.
+# These must not be set unconditionally because not all systems understand
+# e.g. LANG=C (notably SCO).
+lt_user_locale=
+lt_safe_locale=
+for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES
+do
+ eval "if test \"\${$lt_var+set}\" = set; then
+ save_$lt_var=\$$lt_var
+ $lt_var=C
+ export $lt_var
+ lt_user_locale=\"$lt_var=\\\$save_\$lt_var; \$lt_user_locale\"
+ lt_safe_locale=\"$lt_var=C; \$lt_safe_locale\"
+ fi"
+done
+
+$lt_unset CDPATH
+
+
+
+
+
+: ${CP="cp -f"}
+: ${ECHO="echo"}
+: ${EGREP="/bin/grep -E"}
+: ${FGREP="/bin/grep -F"}
+: ${GREP="/bin/grep"}
+: ${LN_S="ln -s"}
+: ${MAKE="make"}
+: ${MKDIR="mkdir"}
+: ${MV="mv -f"}
+: ${RM="rm -f"}
+: ${SED="/bin/sed"}
+: ${SHELL="${CONFIG_SHELL-/bin/sh}"}
+: ${Xsed="$SED -e 1s/^X//"}
+
+# Global variables:
+EXIT_SUCCESS=0
+EXIT_FAILURE=1
+EXIT_MISMATCH=63 # $? = 63 is used to indicate version mismatch to missing.
+EXIT_SKIP=77 # $? = 77 is used to indicate a skipped test to automake.
+
+exit_status=$EXIT_SUCCESS
+
+# Make sure IFS has a sensible default
+lt_nl='
+'
+IFS=" $lt_nl"
+
+dirname="s,/[^/]*$,,"
+basename="s,^.*/,,"
+
+# func_dirname_and_basename file append nondir_replacement
+# perform func_basename and func_dirname in a single function
+# call:
+# dirname: Compute the dirname of FILE. If nonempty,
+# add APPEND to the result, otherwise set result
+# to NONDIR_REPLACEMENT.
+# value returned in "$func_dirname_result"
+# basename: Compute filename of FILE.
+# value retuned in "$func_basename_result"
+# Implementation must be kept synchronized with func_dirname
+# and func_basename. For efficiency, we do not delegate to
+# those functions but instead duplicate the functionality here.
+func_dirname_and_basename ()
+{
+ # Extract subdirectory from the argument.
+ func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"`
+ if test "X$func_dirname_result" = "X${1}"; then
+ func_dirname_result="${3}"
+ else
+ func_dirname_result="$func_dirname_result${2}"
+ fi
+ func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"`
+}
+
+# Generated shell functions inserted here.
+
+# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh
+# is ksh but when the shell is invoked as "sh" and the current value of
+# the _XPG environment variable is not equal to 1 (one), the special
+# positional parameter $0, within a function call, is the name of the
+# function.
+progpath="$0"
+
+# The name of this program:
+# In the unlikely event $progname began with a '-', it would play havoc with
+# func_echo (imagine progname=-n), so we prepend ./ in that case:
+func_dirname_and_basename "$progpath"
+progname=$func_basename_result
+case $progname in
+ -*) progname=./$progname ;;
+esac
+
+# Make sure we have an absolute path for reexecution:
+case $progpath in
+ [\\/]*|[A-Za-z]:\\*) ;;
+ *[\\/]*)
+ progdir=$func_dirname_result
+ progdir=`cd "$progdir" && pwd`
+ progpath="$progdir/$progname"
+ ;;
+ *)
+ save_IFS="$IFS"
+ IFS=:
+ for progdir in $PATH; do
+ IFS="$save_IFS"
+ test -x "$progdir/$progname" && break
+ done
+ IFS="$save_IFS"
+ test -n "$progdir" || progdir=`pwd`
+ progpath="$progdir/$progname"
+ ;;
+esac
+
+# Sed substitution that helps us do robust quoting. It backslashifies
+# metacharacters that are still active within double-quoted strings.
+Xsed="${SED}"' -e 1s/^X//'
+sed_quote_subst='s/\([`"$\\]\)/\\\1/g'
+
+# Same as above, but do not quote variable references.
+double_quote_subst='s/\(["`\\]\)/\\\1/g'
+
+# Re-`\' parameter expansions in output of double_quote_subst that were
+# `\'-ed in input to the same. If an odd number of `\' preceded a '$'
+# in input to double_quote_subst, that '$' was protected from expansion.
+# Since each input `\' is now two `\'s, look for any number of runs of
+# four `\'s followed by two `\'s and then a '$'. `\' that '$'.
+bs='\\'
+bs2='\\\\'
+bs4='\\\\\\\\'
+dollar='\$'
+sed_double_backslash="\
+ s/$bs4/&\\
+/g
+ s/^$bs2$dollar/$bs&/
+ s/\\([^$bs]\\)$bs2$dollar/\\1$bs2$bs$dollar/g
+ s/\n//g"
+
+# Standard options:
+opt_dry_run=false
+opt_help=false
+opt_quiet=false
+opt_verbose=false
+opt_warning=:
+
+# func_echo arg...
+# Echo program name prefixed message, along with the current mode
+# name if it has been set yet.
+func_echo ()
+{
+ $ECHO "$progname${mode+: }$mode: $*"
+}
+
+# func_verbose arg...
+# Echo program name prefixed message in verbose mode only.
+func_verbose ()
+{
+ $opt_verbose && func_echo ${1+"$@"}
+
+ # A bug in bash halts the script if the last line of a function
+ # fails when set -e is in force, so we need another command to
+ # work around that:
+ :
+}
+
+# func_error arg...
+# Echo program name prefixed message to standard error.
+func_error ()
+{
+ $ECHO "$progname${mode+: }$mode: "${1+"$@"} 1>&2
+}
+
+# func_warning arg...
+# Echo program name prefixed warning message to standard error.
+func_warning ()
+{
+ $opt_warning && $ECHO "$progname${mode+: }$mode: warning: "${1+"$@"} 1>&2
+
+ # bash bug again:
+ :
+}
+
+# func_fatal_error arg...
+# Echo program name prefixed message to standard error, and exit.
+func_fatal_error ()
+{
+ func_error ${1+"$@"}
+ exit $EXIT_FAILURE
+}
+
+# func_fatal_help arg...
+# Echo program name prefixed message to standard error, followed by
+# a help hint, and exit.
+func_fatal_help ()
+{
+ func_error ${1+"$@"}
+ func_fatal_error "$help"
+}
+help="Try \`$progname --help' for more information." ## default
+
+
+# func_grep expression filename
+# Check whether EXPRESSION matches any line of FILENAME, without output.
+func_grep ()
+{
+ $GREP "$1" "$2" >/dev/null 2>&1
+}
+
+
+# func_mkdir_p directory-path
+# Make sure the entire path to DIRECTORY-PATH is available.
+func_mkdir_p ()
+{
+ my_directory_path="$1"
+ my_dir_list=
+
+ if test -n "$my_directory_path" && test "$opt_dry_run" != ":"; then
+
+ # Protect directory names starting with `-'
+ case $my_directory_path in
+ -*) my_directory_path="./$my_directory_path" ;;
+ esac
+
+ # While some portion of DIR does not yet exist...
+ while test ! -d "$my_directory_path"; do
+ # ...make a list in topmost first order. Use a colon delimited
+ # list incase some portion of path contains whitespace.
+ my_dir_list="$my_directory_path:$my_dir_list"
+
+ # If the last portion added has no slash in it, the list is done
+ case $my_directory_path in */*) ;; *) break ;; esac
+
+ # ...otherwise throw away the child directory and loop
+ my_directory_path=`$ECHO "X$my_directory_path" | $Xsed -e "$dirname"`
+ done
+ my_dir_list=`$ECHO "X$my_dir_list" | $Xsed -e 's,:*$,,'`
+
+ save_mkdir_p_IFS="$IFS"; IFS=':'
+ for my_dir in $my_dir_list; do
+ IFS="$save_mkdir_p_IFS"
+ # mkdir can fail with a `File exist' error if two processes
+ # try to create one of the directories concurrently. Don't
+ # stop in that case!
+ $MKDIR "$my_dir" 2>/dev/null || :
+ done
+ IFS="$save_mkdir_p_IFS"
+
+ # Bail out if we (or some other process) failed to create a directory.
+ test -d "$my_directory_path" || \
+ func_fatal_error "Failed to create \`$1'"
+ fi
+}
+
+
+# func_mktempdir [string]
+# Make a temporary directory that won't clash with other running
+# libtool processes, and avoids race conditions if possible. If
+# given, STRING is the basename for that directory.
+func_mktempdir ()
+{
+ my_template="${TMPDIR-/tmp}/${1-$progname}"
+
+ if test "$opt_dry_run" = ":"; then
+ # Return a directory name, but don't create it in dry-run mode
+ my_tmpdir="${my_template}-$$"
+ else
+
+ # If mktemp works, use that first and foremost
+ my_tmpdir=`mktemp -d "${my_template}-XXXXXXXX" 2>/dev/null`
+
+ if test ! -d "$my_tmpdir"; then
+ # Failing that, at least try and use $RANDOM to avoid a race
+ my_tmpdir="${my_template}-${RANDOM-0}$$"
+
+ save_mktempdir_umask=`umask`
+ umask 0077
+ $MKDIR "$my_tmpdir"
+ umask $save_mktempdir_umask
+ fi
+
+ # If we're not in dry-run mode, bomb out on failure
+ test -d "$my_tmpdir" || \
+ func_fatal_error "cannot create temporary directory \`$my_tmpdir'"
+ fi
+
+ $ECHO "X$my_tmpdir" | $Xsed
+}
+
+
+# func_quote_for_eval arg
+# Aesthetically quote ARG to be evaled later.
+# This function returns two values: FUNC_QUOTE_FOR_EVAL_RESULT
+# is double-quoted, suitable for a subsequent eval, whereas
+# FUNC_QUOTE_FOR_EVAL_UNQUOTED_RESULT has merely all characters
+# which are still active within double quotes backslashified.
+func_quote_for_eval ()
+{
+ case $1 in
+ *[\\\`\"\$]*)
+ func_quote_for_eval_unquoted_result=`$ECHO "X$1" | $Xsed -e "$sed_quote_subst"` ;;
+ *)
+ func_quote_for_eval_unquoted_result="$1" ;;
+ esac
+
+ case $func_quote_for_eval_unquoted_result in
+ # Double-quote args containing shell metacharacters to delay
+ # word splitting, command substitution and and variable
+ # expansion for a subsequent eval.
+ # Many Bourne shells cannot handle close brackets correctly
+ # in scan sets, so we specify it separately.
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ func_quote_for_eval_result="\"$func_quote_for_eval_unquoted_result\""
+ ;;
+ *)
+ func_quote_for_eval_result="$func_quote_for_eval_unquoted_result"
+ esac
+}
+
+
+# func_quote_for_expand arg
+# Aesthetically quote ARG to be evaled later; same as above,
+# but do not quote variable references.
+func_quote_for_expand ()
+{
+ case $1 in
+ *[\\\`\"]*)
+ my_arg=`$ECHO "X$1" | $Xsed \
+ -e "$double_quote_subst" -e "$sed_double_backslash"` ;;
+ *)
+ my_arg="$1" ;;
+ esac
+
+ case $my_arg in
+ # Double-quote args containing shell metacharacters to delay
+ # word splitting and command substitution for a subsequent eval.
+ # Many Bourne shells cannot handle close brackets correctly
+ # in scan sets, so we specify it separately.
+ *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"")
+ my_arg="\"$my_arg\""
+ ;;
+ esac
+
+ func_quote_for_expand_result="$my_arg"
+}
+
+
+# func_show_eval cmd [fail_exp]
+# Unless opt_silent is true, then output CMD. Then, if opt_dryrun is
+# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP
+# is given, then evaluate it.
+func_show_eval ()
+{
+ my_cmd="$1"
+ my_fail_exp="${2-:}"
+
+ ${opt_silent-false} || {
+ func_quote_for_expand "$my_cmd"
+ eval "func_echo $func_quote_for_expand_result"
+ }
+
+ if ${opt_dry_run-false}; then :; else
+ eval "$my_cmd"
+ my_status=$?
+ if test "$my_status" -eq 0; then :; else
+ eval "(exit $my_status); $my_fail_exp"
+ fi
+ fi
+}
+
+
+# func_show_eval_locale cmd [fail_exp]
+# Unless opt_silent is true, then output CMD. Then, if opt_dryrun is
+# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP
+# is given, then evaluate it. Use the saved locale for evaluation.
+func_show_eval_locale ()
+{
+ my_cmd="$1"
+ my_fail_exp="${2-:}"
+
+ ${opt_silent-false} || {
+ func_quote_for_expand "$my_cmd"
+ eval "func_echo $func_quote_for_expand_result"
+ }
+
+ if ${opt_dry_run-false}; then :; else
+ eval "$lt_user_locale
+ $my_cmd"
+ my_status=$?
+ eval "$lt_safe_locale"
+ if test "$my_status" -eq 0; then :; else
+ eval "(exit $my_status); $my_fail_exp"
+ fi
+ fi
+}
+
+
+
+
+
+# func_version
+# Echo version message to standard output and exit.
+func_version ()
+{
+ $SED -n '/^# '$PROGRAM' (GNU /,/# warranty; / {
+ s/^# //
+ s/^# *$//
+ s/\((C)\)[ 0-9,-]*\( [1-9][0-9]*\)/\1\2/
+ p
+ }' < "$progpath"
+ exit $?
+}
+
+# func_usage
+# Echo short help message to standard output and exit.
+func_usage ()
+{
+ $SED -n '/^# Usage:/,/# -h/ {
+ s/^# //
+ s/^# *$//
+ s/\$progname/'$progname'/
+ p
+ }' < "$progpath"
+ $ECHO
+ $ECHO "run \`$progname --help | more' for full usage"
+ exit $?
+}
+
+# func_help
+# Echo long help message to standard output and exit.
+func_help ()
+{
+ $SED -n '/^# Usage:/,/# Report bugs to/ {
+ s/^# //
+ s/^# *$//
+ s*\$progname*'$progname'*
+ s*\$host*'"$host"'*
+ s*\$SHELL*'"$SHELL"'*
+ s*\$LTCC*'"$LTCC"'*
+ s*\$LTCFLAGS*'"$LTCFLAGS"'*
+ s*\$LD*'"$LD"'*
+ s/\$with_gnu_ld/'"$with_gnu_ld"'/
+ s/\$automake_version/'"`(automake --version) 2>/dev/null |$SED 1q`"'/
+ s/\$autoconf_version/'"`(autoconf --version) 2>/dev/null |$SED 1q`"'/
+ p
+ }' < "$progpath"
+ exit $?
+}
+
+# func_missing_arg argname
+# Echo program name prefixed message to standard error and set global
+# exit_cmd.
+func_missing_arg ()
+{
+ func_error "missing argument for $1"
+ exit_cmd=exit
+}
+
+exit_cmd=:
+
+
+
+
+
+# Check that we have a working $ECHO.
+if test "X$1" = X--no-reexec; then
+ # Discard the --no-reexec flag, and continue.
+ shift
+elif test "X$1" = X--fallback-echo; then
+ # Avoid inline document here, it may be left over
+ :
+elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t'; then
+ # Yippee, $ECHO works!
+ :
+else
+ # Restart under the correct shell, and then maybe $ECHO will work.
+ exec $SHELL "$progpath" --no-reexec ${1+"$@"}
+fi
+
+if test "X$1" = X--fallback-echo; then
+ # used as fallback echo
+ shift
+ cat <<EOF
+$*
+EOF
+ exit $EXIT_SUCCESS
+fi
+
+magic="%%%MAGIC variable%%%"
+magic_exe="%%%MAGIC EXE variable%%%"
+
+# Global variables.
+# $mode is unset
+nonopt=
+execute_dlfiles=
+preserve_args=
+lo2o="s/\\.lo\$/.${objext}/"
+o2lo="s/\\.${objext}\$/.lo/"
+extracted_archives=
+extracted_serial=0
+
+opt_dry_run=false
+opt_duplicate_deps=false
+opt_silent=false
+opt_debug=:
+
+# If this variable is set in any of the actions, the command in it
+# will be execed at the end. This prevents here-documents from being
+# left over by shells.
+exec_cmd=
+
+# func_fatal_configuration arg...
+# Echo program name prefixed message to standard error, followed by
+# a configuration failure hint, and exit.
+func_fatal_configuration ()
+{
+ func_error ${1+"$@"}
+ func_error "See the $PACKAGE documentation for more information."
+ func_fatal_error "Fatal configuration error."
+}
+
+
+# func_config
+# Display the configuration for all the tags in this script.
+func_config ()
+{
+ re_begincf='^# ### BEGIN LIBTOOL'
+ re_endcf='^# ### END LIBTOOL'
+
+ # Default configuration.
+ $SED "1,/$re_begincf CONFIG/d;/$re_endcf CONFIG/,\$d" < "$progpath"
+
+ # Now print the configurations for the tags.
+ for tagname in $taglist; do
+ $SED -n "/$re_begincf TAG CONFIG: $tagname\$/,/$re_endcf TAG CONFIG: $tagname\$/p" < "$progpath"
+ done
+
+ exit $?
+}
+
+# func_features
+# Display the features supported by this script.
+func_features ()
+{
+ $ECHO "host: $host"
+ if test "$build_libtool_libs" = yes; then
+ $ECHO "enable shared libraries"
+ else
+ $ECHO "disable shared libraries"
+ fi
+ if test "$build_old_libs" = yes; then
+ $ECHO "enable static libraries"
+ else
+ $ECHO "disable static libraries"
+ fi
+
+ exit $?
+}
+
+# func_enable_tag tagname
+# Verify that TAGNAME is valid, and either flag an error and exit, or
+# enable the TAGNAME tag. We also add TAGNAME to the global $taglist
+# variable here.
+func_enable_tag ()
+{
+ # Global variable:
+ tagname="$1"
+
+ re_begincf="^# ### BEGIN LIBTOOL TAG CONFIG: $tagname\$"
+ re_endcf="^# ### END LIBTOOL TAG CONFIG: $tagname\$"
+ sed_extractcf="/$re_begincf/,/$re_endcf/p"
+
+ # Validate tagname.
+ case $tagname in
+ *[!-_A-Za-z0-9,/]*)
+ func_fatal_error "invalid tag name: $tagname"
+ ;;
+ esac
+
+ # Don't test for the "default" C tag, as we know it's
+ # there but not specially marked.
+ case $tagname in
+ CC) ;;
+ *)
+ if $GREP "$re_begincf" "$progpath" >/dev/null 2>&1; then
+ taglist="$taglist $tagname"
+
+ # Evaluate the configuration. Be careful to quote the path
+ # and the sed script, to avoid splitting on whitespace, but
+ # also don't use non-portable quotes within backquotes within
+ # quotes we have to do it in 2 steps:
+ extractedcf=`$SED -n -e "$sed_extractcf" < "$progpath"`
+ eval "$extractedcf"
+ else
+ func_error "ignoring unknown tag $tagname"
+ fi
+ ;;
+ esac
+}
+
+# Parse options once, thoroughly. This comes as soon as possible in
+# the script to make things like `libtool --version' happen quickly.
+{
+
+ # Shorthand for --mode=foo, only valid as the first argument
+ case $1 in
+ clean|clea|cle|cl)
+ shift; set dummy --mode clean ${1+"$@"}; shift
+ ;;
+ compile|compil|compi|comp|com|co|c)
+ shift; set dummy --mode compile ${1+"$@"}; shift
+ ;;
+ execute|execut|execu|exec|exe|ex|e)
+ shift; set dummy --mode execute ${1+"$@"}; shift
+ ;;
+ finish|finis|fini|fin|fi|f)
+ shift; set dummy --mode finish ${1+"$@"}; shift
+ ;;
+ install|instal|insta|inst|ins|in|i)
+ shift; set dummy --mode install ${1+"$@"}; shift
+ ;;
+ link|lin|li|l)
+ shift; set dummy --mode link ${1+"$@"}; shift
+ ;;
+ uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u)
+ shift; set dummy --mode uninstall ${1+"$@"}; shift
+ ;;
+ esac
+
+ # Parse non-mode specific arguments:
+ while test "$#" -gt 0; do
+ opt="$1"
+ shift
+
+ case $opt in
+ --config) func_config ;;
+
+ --debug) preserve_args="$preserve_args $opt"
+ func_echo "enabling shell trace mode"
+ opt_debug='set -x'
+ $opt_debug
+ ;;
+
+ -dlopen) test "$#" -eq 0 && func_missing_arg "$opt" && break
+ execute_dlfiles="$execute_dlfiles $1"
+ shift
+ ;;
+
+ --dry-run | -n) opt_dry_run=: ;;
+ --features) func_features ;;
+ --finish) mode="finish" ;;
+
+ --mode) test "$#" -eq 0 && func_missing_arg "$opt" && break
+ case $1 in
+ # Valid mode arguments:
+ clean) ;;
+ compile) ;;
+ execute) ;;
+ finish) ;;
+ install) ;;
+ link) ;;
+ relink) ;;
+ uninstall) ;;
+
+ # Catch anything else as an error
+ *) func_error "invalid argument for $opt"
+ exit_cmd=exit
+ break
+ ;;
+ esac
+
+ mode="$1"
+ shift
+ ;;
+
+ --preserve-dup-deps)
+ opt_duplicate_deps=: ;;
+
+ --quiet|--silent) preserve_args="$preserve_args $opt"
+ opt_silent=:
+ ;;
+
+ --verbose| -v) preserve_args="$preserve_args $opt"
+ opt_silent=false
+ ;;
+
+ --tag) test "$#" -eq 0 && func_missing_arg "$opt" && break
+ preserve_args="$preserve_args $opt $1"
+ func_enable_tag "$1" # tagname is set here
+ shift
+ ;;
+
+ # Separate optargs to long options:
+ -dlopen=*|--mode=*|--tag=*)
+ func_opt_split "$opt"
+ set dummy "$func_opt_split_opt" "$func_opt_split_arg" ${1+"$@"}
+ shift
+ ;;
+
+ -\?|-h) func_usage ;;
+ --help) opt_help=: ;;
+ --version) func_version ;;
+
+ -*) func_fatal_help "unrecognized option \`$opt'" ;;
+
+ *) nonopt="$opt"
+ break
+ ;;
+ esac
+ done
+
+
+ case $host in
+ *cygwin* | *mingw* | *pw32* | *cegcc*)
+ # don't eliminate duplications in $postdeps and $predeps
+ opt_duplicate_compiler_generated_deps=:
+ ;;
+ *)
+ opt_duplicate_compiler_generated_deps=$opt_duplicate_deps
+ ;;
+ esac
+
+ # Having warned about all mis-specified options, bail out if
+ # anything was wrong.
+ $exit_cmd $EXIT_FAILURE
+}
+
+# func_check_version_match
+# Ensure that we are using m4 macros, and libtool script from the same
+# release of libtool.
+func_check_version_match ()
+{
+ if test "$package_revision" != "$macro_revision"; then
+ if test "$VERSION" != "$macro_version"; then
+ if test -z "$macro_version"; then
+ cat >&2 <<_LT_EOF
+$progname: Version mismatch error. This is $PACKAGE $VERSION, but the
+$progname: definition of this LT_INIT comes from an older release.
+$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION
+$progname: and run autoconf again.
+_LT_EOF
+ else
+ cat >&2 <<_LT_EOF
+$progname: Version mismatch error. This is $PACKAGE $VERSION, but the
+$progname: definition of this LT_INIT comes from $PACKAGE $macro_version.
+$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION
+$progname: and run autoconf again.
+_LT_EOF
+ fi
+ else
+ cat >&2 <<_LT_EOF
+$progname: Version mismatch error. This is $PACKAGE $VERSION, revision $package_revision,
+$progname: but the definition of this LT_INIT comes from revision $macro_revision.
+$progname: You should recreate aclocal.m4 with macros from revision $package_revision
+$progname: of $PACKAGE $VERSION and run autoconf again.
+_LT_EOF
+ fi
+
+ exit $EXIT_MISMATCH
+ fi
+}
+
+
+## ----------- ##
+## Main. ##
+## ----------- ##
+
+$opt_help || {
+ # Sanity checks first:
+ func_check_version_match
+
+ if test "$build_libtool_libs" != yes && test "$build_old_libs" != yes; then
+ func_fatal_configuration "not configured to build any kind of library"
+ fi
+
+ test -z "$mode" && func_fatal_error "error: you must specify a MODE."
+
+
+ # Darwin sucks
+ eval std_shrext=\"$shrext_cmds\"
+
+
+ # Only execute mode is allowed to have -dlopen flags.
+ if test -n "$execute_dlfiles" && test "$mode" != execute; then
+ func_error "unrecognized option \`-dlopen'"
+ $ECHO "$help" 1>&2
+ exit $EXIT_FAILURE
+ fi
+
+ # Change the help message to a mode-specific one.
+ generic_help="$help"
+ help="Try \`$progname --help --mode=$mode' for more information."
+}
+
+
+# func_lalib_p file
+# True iff FILE is a libtool `.la' library or `.lo' object file.
+# This function is only a basic sanity check; it will hardly flush out
+# determined imposters.
+func_lalib_p ()
+{
+ test -f "$1" &&
+ $SED -e 4q "$1" 2>/dev/null \
+ | $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1
+}
+
+# func_lalib_unsafe_p file
+# True iff FILE is a libtool `.la' library or `.lo' object file.
+# This function implements the same check as func_lalib_p without
+# resorting to external programs. To this end, it redirects stdin and
+# closes it afterwards, without saving the original file descriptor.
+# As a safety measure, use it only where a negative result would be
+# fatal anyway. Works if `file' does not exist.
+func_lalib_unsafe_p ()
+{
+ lalib_p=no
+ if test -f "$1" && test -r "$1" && exec 5<&0 <"$1"; then
+ for lalib_p_l in 1 2 3 4
+ do
+ read lalib_p_line
+ case "$lalib_p_line" in
+ \#\ Generated\ by\ *$PACKAGE* ) lalib_p=yes; break;;
+ esac
+ done
+ exec 0<&5 5<&-
+ fi
+ test "$lalib_p" = yes
+}
+
+# func_ltwrapper_script_p file
+# True iff FILE is a libtool wrapper script
+# This function is only a basic sanity check; it will hardly flush out
+# determined imposters.
+func_ltwrapper_script_p ()
+{
+ func_lalib_p "$1"
+}
+
+# func_ltwrapper_executable_p file
+# True iff FILE is a libtool wrapper executable
+# This function is only a basic sanity check; it will hardly flush out
+# determined imposters.
+func_ltwrapper_executable_p ()
+{
+ func_ltwrapper_exec_suffix=
+ case $1 in
+ *.exe) ;;
+ *) func_ltwrapper_exec_suffix=.exe ;;
+ esac
+ $GREP "$magic_exe" "$1$func_ltwrapper_exec_suffix" >/dev/null 2>&1
+}
+
+# func_ltwrapper_scriptname file
+# Assumes file is an ltwrapper_executable
+# uses $file to determine the appropriate filename for a
+# temporary ltwrapper_script.
+func_ltwrapper_scriptname ()
+{
+ func_ltwrapper_scriptname_result=""
+ if func_ltwrapper_executable_p "$1"; then
+ func_dirname_and_basename "$1" "" "."
+ func_stripname '' '.exe' "$func_basename_result"
+ func_ltwrapper_scriptname_result="$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper"
+ fi
+}
+
+# func_ltwrapper_p file
+# True iff FILE is a libtool wrapper script or wrapper executable
+# This function is only a basic sanity check; it will hardly flush out
+# determined imposters.
+func_ltwrapper_p ()
+{
+ func_ltwrapper_script_p "$1" || func_ltwrapper_executable_p "$1"
+}
+
+
+# func_execute_cmds commands fail_cmd
+# Execute tilde-delimited COMMANDS.
+# If FAIL_CMD is given, eval that upon failure.
+# FAIL_CMD may read-access the current command in variable CMD!
+func_execute_cmds ()
+{
+ $opt_debug
+ save_ifs=$IFS; IFS='~'
+ for cmd in $1; do
+ IFS=$save_ifs
+ eval cmd=\"$cmd\"
+ func_show_eval "$cmd" "${2-:}"
+ done
+ IFS=$save_ifs
+}
+
+
+# func_source file
+# Source FILE, adding directory component if necessary.
+# Note that it is not necessary on cygwin/mingw to append a dot to
+# FILE even if both FILE and FILE.exe exist: automatic-append-.exe
+# behavior happens only for exec(3), not for open(2)! Also, sourcing
+# `FILE.' does not work on cygwin managed mounts.
+func_source ()
+{
+ $opt_debug
+ case $1 in
+ */* | *\\*) . "$1" ;;
+ *) . "./$1" ;;
+ esac
+}
+
+
+# func_infer_tag arg
+# Infer tagged configuration to use if any are available and
+# if one wasn't chosen via the "--tag" command line option.
+# Only attempt this if the compiler in the base compile
+# command doesn't match the default compiler.
+# arg is usually of the form 'gcc ...'
+func_infer_tag ()
+{
+ $opt_debug
+ if test -n "$available_tags" && test -z "$tagname"; then
+ CC_quoted=
+ for arg in $CC; do
+ func_quote_for_eval "$arg"
+ CC_quoted="$CC_quoted $func_quote_for_eval_result"
+ done
+ case $@ in
+ # Blanks in the command may have been stripped by the calling shell,
+ # but not from the CC environment variable when configure was run.
+ " $CC "* | "$CC "* | " `$ECHO $CC` "* | "`$ECHO $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$ECHO $CC_quoted` "* | "`$ECHO $CC_quoted` "*) ;;
+ # Blanks at the start of $base_compile will cause this to fail
+ # if we don't check for them as well.
+ *)
+ for z in $available_tags; do
+ if $GREP "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then
+ # Evaluate the configuration.
+ eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`"
+ CC_quoted=
+ for arg in $CC; do
+ # Double-quote args containing other shell metacharacters.
+ func_quote_for_eval "$arg"
+ CC_quoted="$CC_quoted $func_quote_for_eval_result"
+ done
+ case "$@ " in
+ " $CC "* | "$CC "* | " `$ECHO $CC` "* | "`$ECHO $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$ECHO $CC_quoted` "* | "`$ECHO $CC_quoted` "*)
+ # The compiler in the base compile command matches
+ # the one in the tagged configuration.
+ # Assume this is the tagged configuration we want.
+ tagname=$z
+ break
+ ;;
+ esac
+ fi
+ done
+ # If $tagname still isn't set, then no tagged configuration
+ # was found and let the user know that the "--tag" command
+ # line option must be used.
+ if test -z "$tagname"; then
+ func_echo "unable to infer tagged configuration"
+ func_fatal_error "specify a tag with \`--tag'"
+# else
+# func_verbose "using $tagname tagged configuration"
+ fi
+ ;;
+ esac
+ fi
+}
+
+
+
+# func_write_libtool_object output_name pic_name nonpic_name
+# Create a libtool object file (analogous to a ".la" file),
+# but don't create it if we're doing a dry run.
+func_write_libtool_object ()
+{
+ write_libobj=${1}
+ if test "$build_libtool_libs" = yes; then
+ write_lobj=\'${2}\'
+ else
+ write_lobj=none
+ fi
+
+ if test "$build_old_libs" = yes; then
+ write_oldobj=\'${3}\'
+ else
+ write_oldobj=none
+ fi
+
+ $opt_dry_run || {
+ cat >${write_libobj}T <<EOF
+# $write_libobj - a libtool object file
+# Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# Name of the PIC object.
+pic_object=$write_lobj
+
+# Name of the non-PIC object
+non_pic_object=$write_oldobj
+
+EOF
+ $MV "${write_libobj}T" "${write_libobj}"
+ }
+}
+
+# func_mode_compile arg...
+func_mode_compile ()
+{
+ $opt_debug
+ # Get the compilation command and the source file.
+ base_compile=
+ srcfile="$nonopt" # always keep a non-empty value in "srcfile"
+ suppress_opt=yes
+ suppress_output=
+ arg_mode=normal
+ libobj=
+ later=
+ pie_flag=
+
+ for arg
+ do
+ case $arg_mode in
+ arg )
+ # do not "continue". Instead, add this to base_compile
+ lastarg="$arg"
+ arg_mode=normal
+ ;;
+
+ target )
+ libobj="$arg"
+ arg_mode=normal
+ continue
+ ;;
+
+ normal )
+ # Accept any command-line options.
+ case $arg in
+ -o)
+ test -n "$libobj" && \
+ func_fatal_error "you cannot specify \`-o' more than once"
+ arg_mode=target
+ continue
+ ;;
+
+ -pie | -fpie | -fPIE)
+ pie_flag="$pie_flag $arg"
+ continue
+ ;;
+
+ -shared | -static | -prefer-pic | -prefer-non-pic)
+ later="$later $arg"
+ continue
+ ;;
+
+ -no-suppress)
+ suppress_opt=no
+ continue
+ ;;
+
+ -Xcompiler)
+ arg_mode=arg # the next one goes into the "base_compile" arg list
+ continue # The current "srcfile" will either be retained or
+ ;; # replaced later. I would guess that would be a bug.
+
+ -Wc,*)
+ func_stripname '-Wc,' '' "$arg"
+ args=$func_stripname_result
+ lastarg=
+ save_ifs="$IFS"; IFS=','
+ for arg in $args; do
+ IFS="$save_ifs"
+ func_quote_for_eval "$arg"
+ lastarg="$lastarg $func_quote_for_eval_result"
+ done
+ IFS="$save_ifs"
+ func_stripname ' ' '' "$lastarg"
+ lastarg=$func_stripname_result
+
+ # Add the arguments to base_compile.
+ base_compile="$base_compile $lastarg"
+ continue
+ ;;
+
+ *)
+ # Accept the current argument as the source file.
+ # The previous "srcfile" becomes the current argument.
+ #
+ lastarg="$srcfile"
+ srcfile="$arg"
+ ;;
+ esac # case $arg
+ ;;
+ esac # case $arg_mode
+
+ # Aesthetically quote the previous argument.
+ func_quote_for_eval "$lastarg"
+ base_compile="$base_compile $func_quote_for_eval_result"
+ done # for arg
+
+ case $arg_mode in
+ arg)
+ func_fatal_error "you must specify an argument for -Xcompile"
+ ;;
+ target)
+ func_fatal_error "you must specify a target with \`-o'"
+ ;;
+ *)
+ # Get the name of the library object.
+ test -z "$libobj" && {
+ func_basename "$srcfile"
+ libobj="$func_basename_result"
+ }
+ ;;
+ esac
+
+ # Recognize several different file suffixes.
+ # If the user specifies -o file.o, it is replaced with file.lo
+ case $libobj in
+ *.[cCFSifmso] | \
+ *.ada | *.adb | *.ads | *.asm | \
+ *.c++ | *.cc | *.ii | *.class | *.cpp | *.cxx | \
+ *.[fF][09]? | *.for | *.java | *.obj | *.sx)
+ func_xform "$libobj"
+ libobj=$func_xform_result
+ ;;
+ esac
+
+ case $libobj in
+ *.lo) func_lo2o "$libobj"; obj=$func_lo2o_result ;;
+ *)
+ func_fatal_error "cannot determine name of library object from \`$libobj'"
+ ;;
+ esac
+
+ func_infer_tag $base_compile
+
+ for arg in $later; do
+ case $arg in
+ -shared)
+ test "$build_libtool_libs" != yes && \
+ func_fatal_configuration "can not build a shared library"
+ build_old_libs=no
+ continue
+ ;;
+
+ -static)
+ build_libtool_libs=no
+ build_old_libs=yes
+ continue
+ ;;
+
+ -prefer-pic)
+ pic_mode=yes
+ continue
+ ;;
+
+ -prefer-non-pic)
+ pic_mode=no
+ continue
+ ;;
+ esac
+ done
+
+ func_quote_for_eval "$libobj"
+ test "X$libobj" != "X$func_quote_for_eval_result" \
+ && $ECHO "X$libobj" | $GREP '[]~#^*{};<>?"'"'"' &()|`$[]' \
+ && func_warning "libobj name \`$libobj' may not contain shell special characters."
+ func_dirname_and_basename "$obj" "/" ""
+ objname="$func_basename_result"
+ xdir="$func_dirname_result"
+ lobj=${xdir}$objdir/$objname
+
+ test -z "$base_compile" && \
+ func_fatal_help "you must specify a compilation command"
+
+ # Delete any leftover library objects.
+ if test "$build_old_libs" = yes; then
+ removelist="$obj $lobj $libobj ${libobj}T"
+ else
+ removelist="$lobj $libobj ${libobj}T"
+ fi
+
+ # On Cygwin there's no "real" PIC flag so we must build both object types
+ case $host_os in
+ cygwin* | mingw* | pw32* | os2* | cegcc*)
+ pic_mode=default
+ ;;
+ esac
+ if test "$pic_mode" = no && test "$deplibs_check_method" != pass_all; then
+ # non-PIC code in shared libraries is not supported
+ pic_mode=default
+ fi
+
+ # Calculate the filename of the output object if compiler does
+ # not support -o with -c
+ if test "$compiler_c_o" = no; then
+ output_obj=`$ECHO "X$srcfile" | $Xsed -e 's%^.*/%%' -e 's%\.[^.]*$%%'`.${objext}
+ lockfile="$output_obj.lock"
+ else
+ output_obj=
+ need_locks=no
+ lockfile=
+ fi
+
+ # Lock this critical section if it is needed
+ # We use this script file to make the link, it avoids creating a new file
+ if test "$need_locks" = yes; then
+ until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do
+ func_echo "Waiting for $lockfile to be removed"
+ sleep 2
+ done
+ elif test "$need_locks" = warn; then
+ if test -f "$lockfile"; then
+ $ECHO "\
+*** ERROR, $lockfile exists and contains:
+`cat $lockfile 2>/dev/null`
+
+This indicates that another process is trying to use the same
+temporary object file, and libtool could not work around it because
+your compiler does not support \`-c' and \`-o' together. If you
+repeat this compilation, it may succeed, by chance, but you had better
+avoid parallel builds (make -j) in this platform, or get a better
+compiler."
+
+ $opt_dry_run || $RM $removelist
+ exit $EXIT_FAILURE
+ fi
+ removelist="$removelist $output_obj"
+ $ECHO "$srcfile" > "$lockfile"
+ fi
+
+ $opt_dry_run || $RM $removelist
+ removelist="$removelist $lockfile"
+ trap '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' 1 2 15
+
+ if test -n "$fix_srcfile_path"; then
+ eval srcfile=\"$fix_srcfile_path\"
+ fi
+ func_quote_for_eval "$srcfile"
+ qsrcfile=$func_quote_for_eval_result
+
+ # Only build a PIC object if we are building libtool libraries.
+ if test "$build_libtool_libs" = yes; then
+ # Without this assignment, base_compile gets emptied.
+ fbsd_hideous_sh_bug=$base_compile
+
+ if test "$pic_mode" != no; then
+ command="$base_compile $qsrcfile $pic_flag"
+ else
+ # Don't build PIC code
+ command="$base_compile $qsrcfile"
+ fi
+
+ func_mkdir_p "$xdir$objdir"
+
+ if test -z "$output_obj"; then
+ # Place PIC objects in $objdir
+ command="$command -o $lobj"
+ fi
+
+ func_show_eval_locale "$command" \
+ 'test -n "$output_obj" && $RM $removelist; exit $EXIT_FAILURE'
+
+ if test "$need_locks" = warn &&
+ test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then
+ $ECHO "\
+*** ERROR, $lockfile contains:
+`cat $lockfile 2>/dev/null`
+
+but it should contain:
+$srcfile
+
+This indicates that another process is trying to use the same
+temporary object file, and libtool could not work around it because
+your compiler does not support \`-c' and \`-o' together. If you
+repeat this compilation, it may succeed, by chance, but you had better
+avoid parallel builds (make -j) in this platform, or get a better
+compiler."
+
+ $opt_dry_run || $RM $removelist
+ exit $EXIT_FAILURE
+ fi
+
+ # Just move the object if needed, then go on to compile the next one
+ if test -n "$output_obj" && test "X$output_obj" != "X$lobj"; then
+ func_show_eval '$MV "$output_obj" "$lobj"' \
+ 'error=$?; $opt_dry_run || $RM $removelist; exit $error'
+ fi
+
+ # Allow error messages only from the first compilation.
+ if test "$suppress_opt" = yes; then
+ suppress_output=' >/dev/null 2>&1'
+ fi
+ fi
+
+ # Only build a position-dependent object if we build old libraries.
+ if test "$build_old_libs" = yes; then
+ if test "$pic_mode" != yes; then
+ # Don't build PIC code
+ command="$base_compile $qsrcfile$pie_flag"
+ else
+ command="$base_compile $qsrcfile $pic_flag"
+ fi
+ if test "$compiler_c_o" = yes; then
+ command="$command -o $obj"
+ fi
+
+ # Suppress compiler output if we already did a PIC compilation.
+ command="$command$suppress_output"
+ func_show_eval_locale "$command" \
+ '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE'
+
+ if test "$need_locks" = warn &&
+ test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then
+ $ECHO "\
+*** ERROR, $lockfile contains:
+`cat $lockfile 2>/dev/null`
+
+but it should contain:
+$srcfile
+
+This indicates that another process is trying to use the same
+temporary object file, and libtool could not work around it because
+your compiler does not support \`-c' and \`-o' together. If you
+repeat this compilation, it may succeed, by chance, but you had better
+avoid parallel builds (make -j) in this platform, or get a better
+compiler."
+
+ $opt_dry_run || $RM $removelist
+ exit $EXIT_FAILURE
+ fi
+
+ # Just move the object if needed
+ if test -n "$output_obj" && test "X$output_obj" != "X$obj"; then
+ func_show_eval '$MV "$output_obj" "$obj"' \
+ 'error=$?; $opt_dry_run || $RM $removelist; exit $error'
+ fi
+ fi
+
+ $opt_dry_run || {
+ func_write_libtool_object "$libobj" "$objdir/$objname" "$objname"
+
+ # Unlock the critical section if it was locked
+ if test "$need_locks" != no; then
+ removelist=$lockfile
+ $RM "$lockfile"
+ fi
+ }
+
+ exit $EXIT_SUCCESS
+}
+
+$opt_help || {
+test "$mode" = compile && func_mode_compile ${1+"$@"}
+}
+
+func_mode_help ()
+{
+ # We need to display help for each of the modes.
+ case $mode in
+ "")
+ # Generic help is extracted from the usage comments
+ # at the start of this file.
+ func_help
+ ;;
+
+ clean)
+ $ECHO \
+"Usage: $progname [OPTION]... --mode=clean RM [RM-OPTION]... FILE...
+
+Remove files from the build directory.
+
+RM is the name of the program to use to delete files associated with each FILE
+(typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed
+to RM.
+
+If FILE is a libtool library, object or program, all the files associated
+with it are deleted. Otherwise, only FILE itself is deleted using RM."
+ ;;
+
+ compile)
+ $ECHO \
+"Usage: $progname [OPTION]... --mode=compile COMPILE-COMMAND... SOURCEFILE
+
+Compile a source file into a libtool library object.
+
+This mode accepts the following additional options:
+
+ -o OUTPUT-FILE set the output file name to OUTPUT-FILE
+ -no-suppress do not suppress compiler output for multiple passes
+ -prefer-pic try to building PIC objects only
+ -prefer-non-pic try to building non-PIC objects only
+ -shared do not build a \`.o' file suitable for static linking
+ -static only build a \`.o' file suitable for static linking
+
+COMPILE-COMMAND is a command to be used in creating a \`standard' object file
+from the given SOURCEFILE.
+
+The output file name is determined by removing the directory component from
+SOURCEFILE, then substituting the C source code suffix \`.c' with the
+library object suffix, \`.lo'."
+ ;;
+
+ execute)
+ $ECHO \
+"Usage: $progname [OPTION]... --mode=execute COMMAND [ARGS]...
+
+Automatically set library path, then run a program.
+
+This mode accepts the following additional options:
+
+ -dlopen FILE add the directory containing FILE to the library path
+
+This mode sets the library path environment variable according to \`-dlopen'
+flags.
+
+If any of the ARGS are libtool executable wrappers, then they are translated
+into their corresponding uninstalled binary, and any of their required library
+directories are added to the library path.
+
+Then, COMMAND is executed, with ARGS as arguments."
+ ;;
+
+ finish)
+ $ECHO \
+"Usage: $progname [OPTION]... --mode=finish [LIBDIR]...
+
+Complete the installation of libtool libraries.
+
+Each LIBDIR is a directory that contains libtool libraries.
+
+The commands that this mode executes may require superuser privileges. Use
+the \`--dry-run' option if you just want to see what would be executed."
+ ;;
+
+ install)
+ $ECHO \
+"Usage: $progname [OPTION]... --mode=install INSTALL-COMMAND...
+
+Install executables or libraries.
+
+INSTALL-COMMAND is the installation command. The first component should be
+either the \`install' or \`cp' program.
+
+The following components of INSTALL-COMMAND are treated specially:
+
+ -inst-prefix PREFIX-DIR Use PREFIX-DIR as a staging area for installation
+
+The rest of the components are interpreted as arguments to that command (only
+BSD-compatible install options are recognized)."
+ ;;
+
+ link)
+ $ECHO \
+"Usage: $progname [OPTION]... --mode=link LINK-COMMAND...
+
+Link object files or libraries together to form another library, or to
+create an executable program.
+
+LINK-COMMAND is a command using the C compiler that you would use to create
+a program from several object files.
+
+The following components of LINK-COMMAND are treated specially:
+
+ -all-static do not do any dynamic linking at all
+ -avoid-version do not add a version suffix if possible
+ -dlopen FILE \`-dlpreopen' FILE if it cannot be dlopened at runtime
+ -dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols
+ -export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3)
+ -export-symbols SYMFILE
+ try to export only the symbols listed in SYMFILE
+ -export-symbols-regex REGEX
+ try to export only the symbols matching REGEX
+ -LLIBDIR search LIBDIR for required installed libraries
+ -lNAME OUTPUT-FILE requires the installed library libNAME
+ -module build a library that can dlopened
+ -no-fast-install disable the fast-install mode
+ -no-install link a not-installable executable
+ -no-undefined declare that a library does not refer to external symbols
+ -o OUTPUT-FILE create OUTPUT-FILE from the specified objects
+ -objectlist FILE Use a list of object files found in FILE to specify objects
+ -precious-files-regex REGEX
+ don't remove output files matching REGEX
+ -release RELEASE specify package release information
+ -rpath LIBDIR the created library will eventually be installed in LIBDIR
+ -R[ ]LIBDIR add LIBDIR to the runtime path of programs and libraries
+ -shared only do dynamic linking of libtool libraries
+ -shrext SUFFIX override the standard shared library file extension
+ -static do not do any dynamic linking of uninstalled libtool libraries
+ -static-libtool-libs
+ do not do any dynamic linking of libtool libraries
+ -version-info CURRENT[:REVISION[:AGE]]
+ specify library version info [each variable defaults to 0]
+ -weak LIBNAME declare that the target provides the LIBNAME interface
+
+All other options (arguments beginning with \`-') are ignored.
+
+Every other argument is treated as a filename. Files ending in \`.la' are
+treated as uninstalled libtool libraries, other files are standard or library
+object files.
+
+If the OUTPUT-FILE ends in \`.la', then a libtool library is created,
+only library objects (\`.lo' files) may be specified, and \`-rpath' is
+required, except when creating a convenience library.
+
+If OUTPUT-FILE ends in \`.a' or \`.lib', then a standard library is created
+using \`ar' and \`ranlib', or on Windows using \`lib'.
+
+If OUTPUT-FILE ends in \`.lo' or \`.${objext}', then a reloadable object file
+is created, otherwise an executable program is created."
+ ;;
+
+ uninstall)
+ $ECHO \
+"Usage: $progname [OPTION]... --mode=uninstall RM [RM-OPTION]... FILE...
+
+Remove libraries from an installation directory.
+
+RM is the name of the program to use to delete files associated with each FILE
+(typically \`/bin/rm'). RM-OPTIONS are options (such as \`-f') to be passed
+to RM.
+
+If FILE is a libtool library, all the files associated with it are deleted.
+Otherwise, only FILE itself is deleted using RM."
+ ;;
+
+ *)
+ func_fatal_help "invalid operation mode \`$mode'"
+ ;;
+ esac
+
+ $ECHO
+ $ECHO "Try \`$progname --help' for more information about other modes."
+
+ exit $?
+}
+
+ # Now that we've collected a possible --mode arg, show help if necessary
+ $opt_help && func_mode_help
+
+
+# func_mode_execute arg...
+func_mode_execute ()
+{
+ $opt_debug
+ # The first argument is the command name.
+ cmd="$nonopt"
+ test -z "$cmd" && \
+ func_fatal_help "you must specify a COMMAND"
+
+ # Handle -dlopen flags immediately.
+ for file in $execute_dlfiles; do
+ test -f "$file" \
+ || func_fatal_help "\`$file' is not a file"
+
+ dir=
+ case $file in
+ *.la)
+ # Check to see that this really is a libtool archive.
+ func_lalib_unsafe_p "$file" \
+ || func_fatal_help "\`$lib' is not a valid libtool archive"
+
+ # Read the libtool library.
+ dlname=
+ library_names=
+ func_source "$file"
+
+ # Skip this library if it cannot be dlopened.
+ if test -z "$dlname"; then
+ # Warn if it was a shared library.
+ test -n "$library_names" && \
+ func_warning "\`$file' was not linked with \`-export-dynamic'"
+ continue
+ fi
+
+ func_dirname "$file" "" "."
+ dir="$func_dirname_result"
+
+ if test -f "$dir/$objdir/$dlname"; then
+ dir="$dir/$objdir"
+ else
+ if test ! -f "$dir/$dlname"; then
+ func_fatal_error "cannot find \`$dlname' in \`$dir' or \`$dir/$objdir'"
+ fi
+ fi
+ ;;
+
+ *.lo)
+ # Just add the directory containing the .lo file.
+ func_dirname "$file" "" "."
+ dir="$func_dirname_result"
+ ;;
+
+ *)
+ func_warning "\`-dlopen' is ignored for non-libtool libraries and objects"
+ continue
+ ;;
+ esac
+
+ # Get the absolute pathname.
+ absdir=`cd "$dir" && pwd`
+ test -n "$absdir" && dir="$absdir"
+
+ # Now add the directory to shlibpath_var.
+ if eval "test -z \"\$$shlibpath_var\""; then
+ eval "$shlibpath_var=\"\$dir\""
+ else
+ eval "$shlibpath_var=\"\$dir:\$$shlibpath_var\""
+ fi
+ done
+
+ # This variable tells wrapper scripts just to set shlibpath_var
+ # rather than running their programs.
+ libtool_execute_magic="$magic"
+
+ # Check if any of the arguments is a wrapper script.
+ args=
+ for file
+ do
+ case $file in
+ -*) ;;
+ *)
+ # Do a test to see if this is really a libtool program.
+ if func_ltwrapper_script_p "$file"; then
+ func_source "$file"
+ # Transform arg to wrapped name.
+ file="$progdir/$program"
+ elif func_ltwrapper_executable_p "$file"; then
+ func_ltwrapper_scriptname "$file"
+ func_source "$func_ltwrapper_scriptname_result"
+ # Transform arg to wrapped name.
+ file="$progdir/$program"
+ fi
+ ;;
+ esac
+ # Quote arguments (to preserve shell metacharacters).
+ func_quote_for_eval "$file"
+ args="$args $func_quote_for_eval_result"
+ done
+
+ if test "X$opt_dry_run" = Xfalse; then
+ if test -n "$shlibpath_var"; then
+ # Export the shlibpath_var.
+ eval "export $shlibpath_var"
+ fi
+
+ # Restore saved environment variables
+ for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES
+ do
+ eval "if test \"\${save_$lt_var+set}\" = set; then
+ $lt_var=\$save_$lt_var; export $lt_var
+ else
+ $lt_unset $lt_var
+ fi"
+ done
+
+ # Now prepare to actually exec the command.
+ exec_cmd="\$cmd$args"
+ else
+ # Display what would be done.
+ if test -n "$shlibpath_var"; then
+ eval "\$ECHO \"\$shlibpath_var=\$$shlibpath_var\""
+ $ECHO "export $shlibpath_var"
+ fi
+ $ECHO "$cmd$args"
+ exit $EXIT_SUCCESS
+ fi
+}
+
+test "$mode" = execute && func_mode_execute ${1+"$@"}
+
+
+# func_mode_finish arg...
+func_mode_finish ()
+{
+ $opt_debug
+ libdirs="$nonopt"
+ admincmds=
+
+ if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then
+ for dir
+ do
+ libdirs="$libdirs $dir"
+ done
+
+ for libdir in $libdirs; do
+ if test -n "$finish_cmds"; then
+ # Do each command in the finish commands.
+ func_execute_cmds "$finish_cmds" 'admincmds="$admincmds
+'"$cmd"'"'
+ fi
+ if test -n "$finish_eval"; then
+ # Do the single finish_eval.
+ eval cmds=\"$finish_eval\"
+ $opt_dry_run || eval "$cmds" || admincmds="$admincmds
+ $cmds"
+ fi
+ done
+ fi
+
+ # Exit here if they wanted silent mode.
+ $opt_silent && exit $EXIT_SUCCESS
+
+ $ECHO "X----------------------------------------------------------------------" | $Xsed
+ $ECHO "Libraries have been installed in:"
+ for libdir in $libdirs; do
+ $ECHO " $libdir"
+ done
+ $ECHO
+ $ECHO "If you ever happen to want to link against installed libraries"
+ $ECHO "in a given directory, LIBDIR, you must either use libtool, and"
+ $ECHO "specify the full pathname of the library, or use the \`-LLIBDIR'"
+ $ECHO "flag during linking and do at least one of the following:"
+ if test -n "$shlibpath_var"; then
+ $ECHO " - add LIBDIR to the \`$shlibpath_var' environment variable"
+ $ECHO " during execution"
+ fi
+ if test -n "$runpath_var"; then
+ $ECHO " - add LIBDIR to the \`$runpath_var' environment variable"
+ $ECHO " during linking"
+ fi
+ if test -n "$hardcode_libdir_flag_spec"; then
+ libdir=LIBDIR
+ eval flag=\"$hardcode_libdir_flag_spec\"
+
+ $ECHO " - use the \`$flag' linker flag"
+ fi
+ if test -n "$admincmds"; then
+ $ECHO " - have your system administrator run these commands:$admincmds"
+ fi
+ if test -f /etc/ld.so.conf; then
+ $ECHO " - have your system administrator add LIBDIR to \`/etc/ld.so.conf'"
+ fi
+ $ECHO
+
+ $ECHO "See any operating system documentation about shared libraries for"
+ case $host in
+ solaris2.[6789]|solaris2.1[0-9])
+ $ECHO "more information, such as the ld(1), crle(1) and ld.so(8) manual"
+ $ECHO "pages."
+ ;;
+ *)
+ $ECHO "more information, such as the ld(1) and ld.so(8) manual pages."
+ ;;
+ esac
+ $ECHO "X----------------------------------------------------------------------" | $Xsed
+ exit $EXIT_SUCCESS
+}
+
+test "$mode" = finish && func_mode_finish ${1+"$@"}
+
+
+# func_mode_install arg...
+func_mode_install ()
+{
+ $opt_debug
+ # There may be an optional sh(1) argument at the beginning of
+ # install_prog (especially on Windows NT).
+ if test "$nonopt" = "$SHELL" || test "$nonopt" = /bin/sh ||
+ # Allow the use of GNU shtool's install command.
+ $ECHO "X$nonopt" | $GREP shtool >/dev/null; then
+ # Aesthetically quote it.
+ func_quote_for_eval "$nonopt"
+ install_prog="$func_quote_for_eval_result "
+ arg=$1
+ shift
+ else
+ install_prog=
+ arg=$nonopt
+ fi
+
+ # The real first argument should be the name of the installation program.
+ # Aesthetically quote it.
+ func_quote_for_eval "$arg"
+ install_prog="$install_prog$func_quote_for_eval_result"
+
+ # We need to accept at least all the BSD install flags.
+ dest=
+ files=
+ opts=
+ prev=
+ install_type=
+ isdir=no
+ stripme=
+ for arg
+ do
+ if test -n "$dest"; then
+ files="$files $dest"
+ dest=$arg
+ continue
+ fi
+
+ case $arg in
+ -d) isdir=yes ;;
+ -f)
+ case " $install_prog " in
+ *[\\\ /]cp\ *) ;;
+ *) prev=$arg ;;
+ esac
+ ;;
+ -g | -m | -o)
+ prev=$arg
+ ;;
+ -s)
+ stripme=" -s"
+ continue
+ ;;
+ -*)
+ ;;
+ *)
+ # If the previous option needed an argument, then skip it.
+ if test -n "$prev"; then
+ prev=
+ else
+ dest=$arg
+ continue
+ fi
+ ;;
+ esac
+
+ # Aesthetically quote the argument.
+ func_quote_for_eval "$arg"
+ install_prog="$install_prog $func_quote_for_eval_result"
+ done
+
+ test -z "$install_prog" && \
+ func_fatal_help "you must specify an install program"
+
+ test -n "$prev" && \
+ func_fatal_help "the \`$prev' option requires an argument"
+
+ if test -z "$files"; then
+ if test -z "$dest"; then
+ func_fatal_help "no file or destination specified"
+ else
+ func_fatal_help "you must specify a destination"
+ fi
+ fi
+
+ # Strip any trailing slash from the destination.
+ func_stripname '' '/' "$dest"
+ dest=$func_stripname_result
+
+ # Check to see that the destination is a directory.
+ test -d "$dest" && isdir=yes
+ if test "$isdir" = yes; then
+ destdir="$dest"
+ destname=
+ else
+ func_dirname_and_basename "$dest" "" "."
+ destdir="$func_dirname_result"
+ destname="$func_basename_result"
+
+ # Not a directory, so check to see that there is only one file specified.
+ set dummy $files; shift
+ test "$#" -gt 1 && \
+ func_fatal_help "\`$dest' is not a directory"
+ fi
+ case $destdir in
+ [\\/]* | [A-Za-z]:[\\/]*) ;;
+ *)
+ for file in $files; do
+ case $file in
+ *.lo) ;;
+ *)
+ func_fatal_help "\`$destdir' must be an absolute directory name"
+ ;;
+ esac
+ done
+ ;;
+ esac
+
+ # This variable tells wrapper scripts just to set variables rather
+ # than running their programs.
+ libtool_install_magic="$magic"
+
+ staticlibs=
+ future_libdirs=
+ current_libdirs=
+ for file in $files; do
+
+ # Do each installation.
+ case $file in
+ *.$libext)
+ # Do the static libraries later.
+ staticlibs="$staticlibs $file"
+ ;;
+
+ *.la)
+ # Check to see that this really is a libtool archive.
+ func_lalib_unsafe_p "$file" \
+ || func_fatal_help "\`$file' is not a valid libtool archive"
+
+ library_names=
+ old_library=
+ relink_command=
+ func_source "$file"
+
+ # Add the libdir to current_libdirs if it is the destination.
+ if test "X$destdir" = "X$libdir"; then
+ case "$current_libdirs " in
+ *" $libdir "*) ;;
+ *) current_libdirs="$current_libdirs $libdir" ;;
+ esac
+ else
+ # Note the libdir as a future libdir.
+ case "$future_libdirs " in
+ *" $libdir "*) ;;
+ *) future_libdirs="$future_libdirs $libdir" ;;
+ esac
+ fi
+
+ func_dirname "$file" "/" ""
+ dir="$func_dirname_result"
+ dir="$dir$objdir"
+
+ if test -n "$relink_command"; then
+ # Determine the prefix the user has applied to our future dir.
+ inst_prefix_dir=`$ECHO "X$destdir" | $Xsed -e "s%$libdir\$%%"`
+
+ # Don't allow the user to place us outside of our expected
+ # location b/c this prevents finding dependent libraries that
+ # are installed to the same prefix.
+ # At present, this check doesn't affect windows .dll's that
+ # are installed into $libdir/../bin (currently, that works fine)
+ # but it's something to keep an eye on.
+ test "$inst_prefix_dir" = "$destdir" && \
+ func_fatal_error "error: cannot install \`$file' to a directory not ending in $libdir"
+
+ if test -n "$inst_prefix_dir"; then
+ # Stick the inst_prefix_dir data into the link command.
+ relink_command=`$ECHO "X$relink_command" | $Xsed -e "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"`
+ else
+ relink_command=`$ECHO "X$relink_command" | $Xsed -e "s%@inst_prefix_dir@%%"`
+ fi
+
+ func_warning "relinking \`$file'"
+ func_show_eval "$relink_command" \
+ 'func_fatal_error "error: relink \`$file'\'' with the above command before installing it"'
+ fi
+
+ # See the names of the shared library.
+ set dummy $library_names; shift
+ if test -n "$1"; then
+ realname="$1"
+ shift
+
+ srcname="$realname"
+ test -n "$relink_command" && srcname="$realname"T
+
+ # Install the shared library and build the symlinks.
+ func_show_eval "$install_prog $dir/$srcname $destdir/$realname" \
+ 'exit $?'
+ tstripme="$stripme"
+ case $host_os in
+ cygwin* | mingw* | pw32* | cegcc*)
+ case $realname in
+ *.dll.a)
+ tstripme=""
+ ;;
+ esac
+ ;;
+ esac
+ if test -n "$tstripme" && test -n "$striplib"; then
+ func_show_eval "$striplib $destdir/$realname" 'exit $?'
+ fi
+
+ if test "$#" -gt 0; then
+ # Delete the old symlinks, and create new ones.
+ # Try `ln -sf' first, because the `ln' binary might depend on
+ # the symlink we replace! Solaris /bin/ln does not understand -f,
+ # so we also need to try rm && ln -s.
+ for linkname
+ do
+ test "$linkname" != "$realname" \
+ && func_show_eval "(cd $destdir && { $LN_S -f $realname $linkname || { $RM $linkname && $LN_S $realname $linkname; }; })"
+ done
+ fi
+
+ # Do each command in the postinstall commands.
+ lib="$destdir/$realname"
+ func_execute_cmds "$postinstall_cmds" 'exit $?'
+ fi
+
+ # Install the pseudo-library for information purposes.
+ func_basename "$file"
+ name="$func_basename_result"
+ instname="$dir/$name"i
+ func_show_eval "$install_prog $instname $destdir/$name" 'exit $?'
+
+ # Maybe install the static library, too.
+ test -n "$old_library" && staticlibs="$staticlibs $dir/$old_library"
+ ;;
+
+ *.lo)
+ # Install (i.e. copy) a libtool object.
+
+ # Figure out destination file name, if it wasn't already specified.
+ if test -n "$destname"; then
+ destfile="$destdir/$destname"
+ else
+ func_basename "$file"
+ destfile="$func_basename_result"
+ destfile="$destdir/$destfile"
+ fi
+
+ # Deduce the name of the destination old-style object file.
+ case $destfile in
+ *.lo)
+ func_lo2o "$destfile"
+ staticdest=$func_lo2o_result
+ ;;
+ *.$objext)
+ staticdest="$destfile"
+ destfile=
+ ;;
+ *)
+ func_fatal_help "cannot copy a libtool object to \`$destfile'"
+ ;;
+ esac
+
+ # Install the libtool object if requested.
+ test -n "$destfile" && \
+ func_show_eval "$install_prog $file $destfile" 'exit $?'
+
+ # Install the old object if enabled.
+ if test "$build_old_libs" = yes; then
+ # Deduce the name of the old-style object file.
+ func_lo2o "$file"
+ staticobj=$func_lo2o_result
+ func_show_eval "$install_prog \$staticobj \$staticdest" 'exit $?'
+ fi
+ exit $EXIT_SUCCESS
+ ;;
+
+ *)
+ # Figure out destination file name, if it wasn't already specified.
+ if test -n "$destname"; then
+ destfile="$destdir/$destname"
+ else
+ func_basename "$file"
+ destfile="$func_basename_result"
+ destfile="$destdir/$destfile"
+ fi
+
+ # If the file is missing, and there is a .exe on the end, strip it
+ # because it is most likely a libtool script we actually want to
+ # install
+ stripped_ext=""
+ case $file in
+ *.exe)
+ if test ! -f "$file"; then
+ func_stripname '' '.exe' "$file"
+ file=$func_stripname_result
+ stripped_ext=".exe"
+ fi
+ ;;
+ esac
+
+ # Do a test to see if this is really a libtool program.
+ case $host in
+ *cygwin* | *mingw*)
+ if func_ltwrapper_executable_p "$file"; then
+ func_ltwrapper_scriptname "$file"
+ wrapper=$func_ltwrapper_scriptname_result
+ else
+ func_stripname '' '.exe' "$file"
+ wrapper=$func_stripname_result
+ fi
+ ;;
+ *)
+ wrapper=$file
+ ;;
+ esac
+ if func_ltwrapper_script_p "$wrapper"; then
+ notinst_deplibs=
+ relink_command=
+
+ func_source "$wrapper"
+
+ # Check the variables that should have been set.
+ test -z "$generated_by_libtool_version" && \
+ func_fatal_error "invalid libtool wrapper script \`$wrapper'"
+
+ finalize=yes
+ for lib in $notinst_deplibs; do
+ # Check to see that each library is installed.
+ libdir=
+ if test -f "$lib"; then
+ func_source "$lib"
+ fi
+ libfile="$libdir/"`$ECHO "X$lib" | $Xsed -e 's%^.*/%%g'` ### testsuite: skip nested quoting test
+ if test -n "$libdir" && test ! -f "$libfile"; then
+ func_warning "\`$lib' has not been installed in \`$libdir'"
+ finalize=no
+ fi
+ done
+
+ relink_command=
+ func_source "$wrapper"
+
+ outputname=
+ if test "$fast_install" = no && test -n "$relink_command"; then
+ $opt_dry_run || {
+ if test "$finalize" = yes; then
+ tmpdir=`func_mktempdir`
+ func_basename "$file$stripped_ext"
+ file="$func_basename_result"
+ outputname="$tmpdir/$file"
+ # Replace the output file specification.
+ relink_command=`$ECHO "X$relink_command" | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g'`
+
+ $opt_silent || {
+ func_quote_for_expand "$relink_command"
+ eval "func_echo $func_quote_for_expand_result"
+ }
+ if eval "$relink_command"; then :
+ else
+ func_error "error: relink \`$file' with the above command before installing it"
+ $opt_dry_run || ${RM}r "$tmpdir"
+ continue
+ fi
+ file="$outputname"
+ else
+ func_warning "cannot relink \`$file'"
+ fi
+ }
+ else
+ # Install the binary that we compiled earlier.
+ file=`$ECHO "X$file$stripped_ext" | $Xsed -e "s%\([^/]*\)$%$objdir/\1%"`
+ fi
+ fi
+
+ # remove .exe since cygwin /usr/bin/install will append another
+ # one anyway
+ case $install_prog,$host in
+ */usr/bin/install*,*cygwin*)
+ case $file:$destfile in
+ *.exe:*.exe)
+ # this is ok
+ ;;
+ *.exe:*)
+ destfile=$destfile.exe
+ ;;
+ *:*.exe)
+ func_stripname '' '.exe' "$destfile"
+ destfile=$func_stripname_result
+ ;;
+ esac
+ ;;
+ esac
+ func_show_eval "$install_prog\$stripme \$file \$destfile" 'exit $?'
+ $opt_dry_run || if test -n "$outputname"; then
+ ${RM}r "$tmpdir"
+ fi
+ ;;
+ esac
+ done
+
+ for file in $staticlibs; do
+ func_basename "$file"
+ name="$func_basename_result"
+
+ # Set up the ranlib parameters.
+ oldlib="$destdir/$name"
+
+ func_show_eval "$install_prog \$file \$oldlib" 'exit $?'
+
+ if test -n "$stripme" && test -n "$old_striplib"; then
+ func_show_eval "$old_striplib $oldlib" 'exit $?'
+ fi
+
+ # Do each command in the postinstall commands.
+ func_execute_cmds "$old_postinstall_cmds" 'exit $?'
+ done
+
+ test -n "$future_libdirs" && \
+ func_warning "remember to run \`$progname --finish$future_libdirs'"
+
+ if test -n "$current_libdirs"; then
+ # Maybe just do a dry run.
+ $opt_dry_run && current_libdirs=" -n$current_libdirs"
+ exec_cmd='$SHELL $progpath $preserve_args --finish$current_libdirs'
+ else
+ exit $EXIT_SUCCESS
+ fi
+}
+
+test "$mode" = install && func_mode_install ${1+"$@"}
+
+
+# func_generate_dlsyms outputname originator pic_p
+# Extract symbols from dlprefiles and create ${outputname}S.o with
+# a dlpreopen symbol table.
+func_generate_dlsyms ()
+{
+ $opt_debug
+ my_outputname="$1"
+ my_originator="$2"
+ my_pic_p="${3-no}"
+ my_prefix=`$ECHO "$my_originator" | sed 's%[^a-zA-Z0-9]%_%g'`
+ my_dlsyms=
+
+ if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
+ if test -n "$NM" && test -n "$global_symbol_pipe"; then
+ my_dlsyms="${my_outputname}S.c"
+ else
+ func_error "not configured to extract global symbols from dlpreopened files"
+ fi
+ fi
+
+ if test -n "$my_dlsyms"; then
+ case $my_dlsyms in
+ "") ;;
+ *.c)
+ # Discover the nlist of each of the dlfiles.
+ nlist="$output_objdir/${my_outputname}.nm"
+
+ func_show_eval "$RM $nlist ${nlist}S ${nlist}T"
+
+ # Parse the name list into a source file.
+ func_verbose "creating $output_objdir/$my_dlsyms"
+
+ $opt_dry_run || $ECHO > "$output_objdir/$my_dlsyms" "\
+/* $my_dlsyms - symbol resolution table for \`$my_outputname' dlsym emulation. */
+/* Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION */
+
+#ifdef __cplusplus
+extern \"C\" {
+#endif
+
+/* External symbol declarations for the compiler. */\
+"
+
+ if test "$dlself" = yes; then
+ func_verbose "generating symbol list for \`$output'"
+
+ $opt_dry_run || echo ': @PROGRAM@ ' > "$nlist"
+
+ # Add our own program objects to the symbol list.
+ progfiles=`$ECHO "X$objs$old_deplibs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+ for progfile in $progfiles; do
+ func_verbose "extracting global C symbols from \`$progfile'"
+ $opt_dry_run || eval "$NM $progfile | $global_symbol_pipe >> '$nlist'"
+ done
+
+ if test -n "$exclude_expsyms"; then
+ $opt_dry_run || {
+ eval '$EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T'
+ eval '$MV "$nlist"T "$nlist"'
+ }
+ fi
+
+ if test -n "$export_symbols_regex"; then
+ $opt_dry_run || {
+ eval '$EGREP -e "$export_symbols_regex" "$nlist" > "$nlist"T'
+ eval '$MV "$nlist"T "$nlist"'
+ }
+ fi
+
+ # Prepare the list of exported symbols
+ if test -z "$export_symbols"; then
+ export_symbols="$output_objdir/$outputname.exp"
+ $opt_dry_run || {
+ $RM $export_symbols
+ eval "${SED} -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"'
+ case $host in
+ *cygwin* | *mingw* | *cegcc* )
+ eval "echo EXPORTS "'> "$output_objdir/$outputname.def"'
+ eval 'cat "$export_symbols" >> "$output_objdir/$outputname.def"'
+ ;;
+ esac
+ }
+ else
+ $opt_dry_run || {
+ eval "${SED} -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"'
+ eval '$GREP -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T'
+ eval '$MV "$nlist"T "$nlist"'
+ case $host in
+ *cygwin | *mingw* | *cegcc* )
+ eval "echo EXPORTS "'> "$output_objdir/$outputname.def"'
+ eval 'cat "$nlist" >> "$output_objdir/$outputname.def"'
+ ;;
+ esac
+ }
+ fi
+ fi
+
+ for dlprefile in $dlprefiles; do
+ func_verbose "extracting global C symbols from \`$dlprefile'"
+ func_basename "$dlprefile"
+ name="$func_basename_result"
+ $opt_dry_run || {
+ eval '$ECHO ": $name " >> "$nlist"'
+ eval "$NM $dlprefile 2>/dev/null | $global_symbol_pipe >> '$nlist'"
+ }
+ done
+
+ $opt_dry_run || {
+ # Make sure we have at least an empty file.
+ test -f "$nlist" || : > "$nlist"
+
+ if test -n "$exclude_expsyms"; then
+ $EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T
+ $MV "$nlist"T "$nlist"
+ fi
+
+ # Try sorting and uniquifying the output.
+ if $GREP -v "^: " < "$nlist" |
+ if sort -k 3 </dev/null >/dev/null 2>&1; then
+ sort -k 3
+ else
+ sort +2
+ fi |
+ uniq > "$nlist"S; then
+ :
+ else
+ $GREP -v "^: " < "$nlist" > "$nlist"S
+ fi
+
+ if test -f "$nlist"S; then
+ eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$my_dlsyms"'
+ else
+ $ECHO '/* NONE */' >> "$output_objdir/$my_dlsyms"
+ fi
+
+ $ECHO >> "$output_objdir/$my_dlsyms" "\
+
+/* The mapping between symbol names and symbols. */
+typedef struct {
+ const char *name;
+ void *address;
+} lt_dlsymlist;
+"
+ case $host in
+ *cygwin* | *mingw* | *cegcc* )
+ $ECHO >> "$output_objdir/$my_dlsyms" "\
+/* DATA imports from DLLs on WIN32 con't be const, because
+ runtime relocations are performed -- see ld's documentation
+ on pseudo-relocs. */"
+ lt_dlsym_const= ;;
+ *osf5*)
+ echo >> "$output_objdir/$my_dlsyms" "\
+/* This system does not cope well with relocations in const data */"
+ lt_dlsym_const= ;;
+ *)
+ lt_dlsym_const=const ;;
+ esac
+
+ $ECHO >> "$output_objdir/$my_dlsyms" "\
+extern $lt_dlsym_const lt_dlsymlist
+lt_${my_prefix}_LTX_preloaded_symbols[];
+$lt_dlsym_const lt_dlsymlist
+lt_${my_prefix}_LTX_preloaded_symbols[] =
+{\
+ { \"$my_originator\", (void *) 0 },"
+
+ case $need_lib_prefix in
+ no)
+ eval "$global_symbol_to_c_name_address" < "$nlist" >> "$output_objdir/$my_dlsyms"
+ ;;
+ *)
+ eval "$global_symbol_to_c_name_address_lib_prefix" < "$nlist" >> "$output_objdir/$my_dlsyms"
+ ;;
+ esac
+ $ECHO >> "$output_objdir/$my_dlsyms" "\
+ {0, (void *) 0}
+};
+
+/* This works around a problem in FreeBSD linker */
+#ifdef FREEBSD_WORKAROUND
+static const void *lt_preloaded_setup() {
+ return lt_${my_prefix}_LTX_preloaded_symbols;
+}
+#endif
+
+#ifdef __cplusplus
+}
+#endif\
+"
+ } # !$opt_dry_run
+
+ pic_flag_for_symtable=
+ case "$compile_command " in
+ *" -static "*) ;;
+ *)
+ case $host in
+ # compiling the symbol table file with pic_flag works around
+ # a FreeBSD bug that causes programs to crash when -lm is
+ # linked before any other PIC object. But we must not use
+ # pic_flag when linking with -static. The problem exists in
+ # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1.
+ *-*-freebsd2*|*-*-freebsd3.0*|*-*-freebsdelf3.0*)
+ pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND" ;;
+ *-*-hpux*)
+ pic_flag_for_symtable=" $pic_flag" ;;
+ *)
+ if test "X$my_pic_p" != Xno; then
+ pic_flag_for_symtable=" $pic_flag"
+ fi
+ ;;
+ esac
+ ;;
+ esac
+ symtab_cflags=
+ for arg in $LTCFLAGS; do
+ case $arg in
+ -pie | -fpie | -fPIE) ;;
+ *) symtab_cflags="$symtab_cflags $arg" ;;
+ esac
+ done
+
+ # Now compile the dynamic symbol file.
+ func_show_eval '(cd $output_objdir && $LTCC$symtab_cflags -c$no_builtin_flag$pic_flag_for_symtable "$my_dlsyms")' 'exit $?'
+
+ # Clean up the generated files.
+ func_show_eval '$RM "$output_objdir/$my_dlsyms" "$nlist" "${nlist}S" "${nlist}T"'
+
+ # Transform the symbol file into the correct name.
+ symfileobj="$output_objdir/${my_outputname}S.$objext"
+ case $host in
+ *cygwin* | *mingw* | *cegcc* )
+ if test -f "$output_objdir/$my_outputname.def"; then
+ compile_command=`$ECHO "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"`
+ finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"`
+ else
+ compile_command=`$ECHO "X$compile_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"`
+ finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"`
+ fi
+ ;;
+ *)
+ compile_command=`$ECHO "X$compile_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"`
+ finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"`
+ ;;
+ esac
+ ;;
+ *)
+ func_fatal_error "unknown suffix for \`$my_dlsyms'"
+ ;;
+ esac
+ else
+ # We keep going just in case the user didn't refer to
+ # lt_preloaded_symbols. The linker will fail if global_symbol_pipe
+ # really was required.
+
+ # Nullify the symbol file.
+ compile_command=`$ECHO "X$compile_command" | $Xsed -e "s% @SYMFILE@%%"`
+ finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s% @SYMFILE@%%"`
+ fi
+}
+
+# func_win32_libid arg
+# return the library type of file 'arg'
+#
+# Need a lot of goo to handle *both* DLLs and import libs
+# Has to be a shell function in order to 'eat' the argument
+# that is supplied when $file_magic_command is called.
+func_win32_libid ()
+{
+ $opt_debug
+ win32_libid_type="unknown"
+ win32_fileres=`file -L $1 2>/dev/null`
+ case $win32_fileres in
+ *ar\ archive\ import\ library*) # definitely import
+ win32_libid_type="x86 archive import"
+ ;;
+ *ar\ archive*) # could be an import, or static
+ if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null |
+ $EGREP 'file format pe-i386(.*architecture: i386)?' >/dev/null ; then
+ win32_nmres=`eval $NM -f posix -A $1 |
+ $SED -n -e '
+ 1,100{
+ / I /{
+ s,.*,import,
+ p
+ q
+ }
+ }'`
+ case $win32_nmres in
+ import*) win32_libid_type="x86 archive import";;
+ *) win32_libid_type="x86 archive static";;
+ esac
+ fi
+ ;;
+ *DLL*)
+ win32_libid_type="x86 DLL"
+ ;;
+ *executable*) # but shell scripts are "executable" too...
+ case $win32_fileres in
+ *MS\ Windows\ PE\ Intel*)
+ win32_libid_type="x86 DLL"
+ ;;
+ esac
+ ;;
+ esac
+ $ECHO "$win32_libid_type"
+}
+
+
+
+# func_extract_an_archive dir oldlib
+func_extract_an_archive ()
+{
+ $opt_debug
+ f_ex_an_ar_dir="$1"; shift
+ f_ex_an_ar_oldlib="$1"
+ func_show_eval "(cd \$f_ex_an_ar_dir && $AR x \"\$f_ex_an_ar_oldlib\")" 'exit $?'
+ if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then
+ :
+ else
+ func_fatal_error "object name conflicts in archive: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib"
+ fi
+}
+
+
+# func_extract_archives gentop oldlib ...
+func_extract_archives ()
+{
+ $opt_debug
+ my_gentop="$1"; shift
+ my_oldlibs=${1+"$@"}
+ my_oldobjs=""
+ my_xlib=""
+ my_xabs=""
+ my_xdir=""
+
+ for my_xlib in $my_oldlibs; do
+ # Extract the objects.
+ case $my_xlib in
+ [\\/]* | [A-Za-z]:[\\/]*) my_xabs="$my_xlib" ;;
+ *) my_xabs=`pwd`"/$my_xlib" ;;
+ esac
+ func_basename "$my_xlib"
+ my_xlib="$func_basename_result"
+ my_xlib_u=$my_xlib
+ while :; do
+ case " $extracted_archives " in
+ *" $my_xlib_u "*)
+ func_arith $extracted_serial + 1
+ extracted_serial=$func_arith_result
+ my_xlib_u=lt$extracted_serial-$my_xlib ;;
+ *) break ;;
+ esac
+ done
+ extracted_archives="$extracted_archives $my_xlib_u"
+ my_xdir="$my_gentop/$my_xlib_u"
+
+ func_mkdir_p "$my_xdir"
+
+ case $host in
+ *-darwin*)
+ func_verbose "Extracting $my_xabs"
+ # Do not bother doing anything if just a dry run
+ $opt_dry_run || {
+ darwin_orig_dir=`pwd`
+ cd $my_xdir || exit $?
+ darwin_archive=$my_xabs
+ darwin_curdir=`pwd`
+ darwin_base_archive=`basename "$darwin_archive"`
+ darwin_arches=`$LIPO -info "$darwin_archive" 2>/dev/null | $GREP Architectures 2>/dev/null || true`
+ if test -n "$darwin_arches"; then
+ darwin_arches=`$ECHO "$darwin_arches" | $SED -e 's/.*are://'`
+ darwin_arch=
+ func_verbose "$darwin_base_archive has multiple architectures $darwin_arches"
+ for darwin_arch in $darwin_arches ; do
+ func_mkdir_p "unfat-$$/${darwin_base_archive}-${darwin_arch}"
+ $LIPO -thin $darwin_arch -output "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" "${darwin_archive}"
+ cd "unfat-$$/${darwin_base_archive}-${darwin_arch}"
+ func_extract_an_archive "`pwd`" "${darwin_base_archive}"
+ cd "$darwin_curdir"
+ $RM "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}"
+ done # $darwin_arches
+ ## Okay now we've a bunch of thin objects, gotta fatten them up :)
+ darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print | $SED -e "$basename" | sort -u`
+ darwin_file=
+ darwin_files=
+ for darwin_file in $darwin_filelist; do
+ darwin_files=`find unfat-$$ -name $darwin_file -print | $NL2SP`
+ $LIPO -create -output "$darwin_file" $darwin_files
+ done # $darwin_filelist
+ $RM -rf unfat-$$
+ cd "$darwin_orig_dir"
+ else
+ cd $darwin_orig_dir
+ func_extract_an_archive "$my_xdir" "$my_xabs"
+ fi # $darwin_arches
+ } # !$opt_dry_run
+ ;;
+ *)
+ func_extract_an_archive "$my_xdir" "$my_xabs"
+ ;;
+ esac
+ my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | $NL2SP`
+ done
+
+ func_extract_archives_result="$my_oldobjs"
+}
+
+
+
+# func_emit_wrapper_part1 [arg=no]
+#
+# Emit the first part of a libtool wrapper script on stdout.
+# For more information, see the description associated with
+# func_emit_wrapper(), below.
+func_emit_wrapper_part1 ()
+{
+ func_emit_wrapper_part1_arg1=no
+ if test -n "$1" ; then
+ func_emit_wrapper_part1_arg1=$1
+ fi
+
+ $ECHO "\
+#! $SHELL
+
+# $output - temporary wrapper script for $objdir/$outputname
+# Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION
+#
+# The $output program cannot be directly executed until all the libtool
+# libraries that it depends on are installed.
+#
+# This wrapper script should never be moved out of the build directory.
+# If it is, it will not operate correctly.
+
+# Sed substitution that helps us do robust quoting. It backslashifies
+# metacharacters that are still active within double-quoted strings.
+Xsed='${SED} -e 1s/^X//'
+sed_quote_subst='$sed_quote_subst'
+
+# Be Bourne compatible
+if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then
+ emulate sh
+ NULLCMD=:
+ # Zsh 3.x and 4.x performs word splitting on \${1+\"\$@\"}, which
+ # is contrary to our usage. Disable this feature.
+ alias -g '\${1+\"\$@\"}'='\"\$@\"'
+ setopt NO_GLOB_SUBST
+else
+ case \`(set -o) 2>/dev/null\` in *posix*) set -o posix;; esac
+fi
+BIN_SH=xpg4; export BIN_SH # for Tru64
+DUALCASE=1; export DUALCASE # for MKS sh
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+relink_command=\"$relink_command\"
+
+# This environment variable determines our operation mode.
+if test \"\$libtool_install_magic\" = \"$magic\"; then
+ # install mode needs the following variables:
+ generated_by_libtool_version='$macro_version'
+ notinst_deplibs='$notinst_deplibs'
+else
+ # When we are sourced in execute mode, \$file and \$ECHO are already set.
+ if test \"\$libtool_execute_magic\" != \"$magic\"; then
+ ECHO=\"$qecho\"
+ file=\"\$0\"
+ # Make sure echo works.
+ if test \"X\$1\" = X--no-reexec; then
+ # Discard the --no-reexec flag, and continue.
+ shift
+ elif test \"X\`{ \$ECHO '\t'; } 2>/dev/null\`\" = 'X\t'; then
+ # Yippee, \$ECHO works!
+ :
+ else
+ # Restart under the correct shell, and then maybe \$ECHO will work.
+ exec $SHELL \"\$0\" --no-reexec \${1+\"\$@\"}
+ fi
+ fi\
+"
+ $ECHO "\
+
+ # Find the directory that this script lives in.
+ thisdir=\`\$ECHO \"X\$file\" | \$Xsed -e 's%/[^/]*$%%'\`
+ test \"x\$thisdir\" = \"x\$file\" && thisdir=.
+
+ # Follow symbolic links until we get to the real thisdir.
+ file=\`ls -ld \"\$file\" | ${SED} -n 's/.*-> //p'\`
+ while test -n \"\$file\"; do
+ destdir=\`\$ECHO \"X\$file\" | \$Xsed -e 's%/[^/]*\$%%'\`
+
+ # If there was a directory component, then change thisdir.
+ if test \"x\$destdir\" != \"x\$file\"; then
+ case \"\$destdir\" in
+ [\\\\/]* | [A-Za-z]:[\\\\/]*) thisdir=\"\$destdir\" ;;
+ *) thisdir=\"\$thisdir/\$destdir\" ;;
+ esac
+ fi
+
+ file=\`\$ECHO \"X\$file\" | \$Xsed -e 's%^.*/%%'\`
+ file=\`ls -ld \"\$thisdir/\$file\" | ${SED} -n 's/.*-> //p'\`
+ done
+"
+}
+# end: func_emit_wrapper_part1
+
+# func_emit_wrapper_part2 [arg=no]
+#
+# Emit the second part of a libtool wrapper script on stdout.
+# For more information, see the description associated with
+# func_emit_wrapper(), below.
+func_emit_wrapper_part2 ()
+{
+ func_emit_wrapper_part2_arg1=no
+ if test -n "$1" ; then
+ func_emit_wrapper_part2_arg1=$1
+ fi
+
+ $ECHO "\
+
+ # Usually 'no', except on cygwin/mingw when embedded into
+ # the cwrapper.
+ WRAPPER_SCRIPT_BELONGS_IN_OBJDIR=$func_emit_wrapper_part2_arg1
+ if test \"\$WRAPPER_SCRIPT_BELONGS_IN_OBJDIR\" = \"yes\"; then
+ # special case for '.'
+ if test \"\$thisdir\" = \".\"; then
+ thisdir=\`pwd\`
+ fi
+ # remove .libs from thisdir
+ case \"\$thisdir\" in
+ *[\\\\/]$objdir ) thisdir=\`\$ECHO \"X\$thisdir\" | \$Xsed -e 's%[\\\\/][^\\\\/]*$%%'\` ;;
+ $objdir ) thisdir=. ;;
+ esac
+ fi
+
+ # Try to get the absolute directory name.
+ absdir=\`cd \"\$thisdir\" && pwd\`
+ test -n \"\$absdir\" && thisdir=\"\$absdir\"
+"
+
+ if test "$fast_install" = yes; then
+ $ECHO "\
+ program=lt-'$outputname'$exeext
+ progdir=\"\$thisdir/$objdir\"
+
+ if test ! -f \"\$progdir/\$program\" ||
+ { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | ${SED} 1q\`; \\
+ test \"X\$file\" != \"X\$progdir/\$program\"; }; then
+
+ file=\"\$\$-\$program\"
+
+ if test ! -d \"\$progdir\"; then
+ $MKDIR \"\$progdir\"
+ else
+ $RM \"\$progdir/\$file\"
+ fi"
+
+ $ECHO "\
+
+ # relink executable if necessary
+ if test -n \"\$relink_command\"; then
+ if relink_command_output=\`eval \$relink_command 2>&1\`; then :
+ else
+ $ECHO \"\$relink_command_output\" >&2
+ $RM \"\$progdir/\$file\"
+ exit 1
+ fi
+ fi
+
+ $MV \"\$progdir/\$file\" \"\$progdir/\$program\" 2>/dev/null ||
+ { $RM \"\$progdir/\$program\";
+ $MV \"\$progdir/\$file\" \"\$progdir/\$program\"; }
+ $RM \"\$progdir/\$file\"
+ fi"
+ else
+ $ECHO "\
+ program='$outputname'
+ progdir=\"\$thisdir/$objdir\"
+"
+ fi
+
+ $ECHO "\
+
+ if test -f \"\$progdir/\$program\"; then"
+
+ # Export our shlibpath_var if we have one.
+ if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then
+ $ECHO "\
+ # Add our own library path to $shlibpath_var
+ $shlibpath_var=\"$temp_rpath\$$shlibpath_var\"
+
+ # Some systems cannot cope with colon-terminated $shlibpath_var
+ # The second colon is a workaround for a bug in BeOS R4 sed
+ $shlibpath_var=\`\$ECHO \"X\$$shlibpath_var\" | \$Xsed -e 's/::*\$//'\`
+
+ export $shlibpath_var
+"
+ fi
+
+ # fixup the dll searchpath if we need to.
+ if test -n "$dllsearchpath"; then
+ $ECHO "\
+ # Add the dll search path components to the executable PATH
+ PATH=$dllsearchpath:\$PATH
+"
+ fi
+
+ $ECHO "\
+ if test \"\$libtool_execute_magic\" != \"$magic\"; then
+ # Run the actual program with our arguments.
+"
+ case $host in
+ # Backslashes separate directories on plain windows
+ *-*-mingw | *-*-os2* | *-cegcc*)
+ $ECHO "\
+ exec \"\$progdir\\\\\$program\" \${1+\"\$@\"}
+"
+ ;;
+
+ *)
+ $ECHO "\
+ exec \"\$progdir/\$program\" \${1+\"\$@\"}
+"
+ ;;
+ esac
+ $ECHO "\
+ \$ECHO \"\$0: cannot exec \$program \$*\" 1>&2
+ exit 1
+ fi
+ else
+ # The program doesn't exist.
+ \$ECHO \"\$0: error: \\\`\$progdir/\$program' does not exist\" 1>&2
+ \$ECHO \"This script is just a wrapper for \$program.\" 1>&2
+ $ECHO \"See the $PACKAGE documentation for more information.\" 1>&2
+ exit 1
+ fi
+fi\
+"
+}
+# end: func_emit_wrapper_part2
+
+
+# func_emit_wrapper [arg=no]
+#
+# Emit a libtool wrapper script on stdout.
+# Don't directly open a file because we may want to
+# incorporate the script contents within a cygwin/mingw
+# wrapper executable. Must ONLY be called from within
+# func_mode_link because it depends on a number of variables
+# set therein.
+#
+# ARG is the value that the WRAPPER_SCRIPT_BELONGS_IN_OBJDIR
+# variable will take. If 'yes', then the emitted script
+# will assume that the directory in which it is stored is
+# the $objdir directory. This is a cygwin/mingw-specific
+# behavior.
+func_emit_wrapper ()
+{
+ func_emit_wrapper_arg1=no
+ if test -n "$1" ; then
+ func_emit_wrapper_arg1=$1
+ fi
+
+ # split this up so that func_emit_cwrapperexe_src
+ # can call each part independently.
+ func_emit_wrapper_part1 "${func_emit_wrapper_arg1}"
+ func_emit_wrapper_part2 "${func_emit_wrapper_arg1}"
+}
+
+
+# func_to_host_path arg
+#
+# Convert paths to host format when used with build tools.
+# Intended for use with "native" mingw (where libtool itself
+# is running under the msys shell), or in the following cross-
+# build environments:
+# $build $host
+# mingw (msys) mingw [e.g. native]
+# cygwin mingw
+# *nix + wine mingw
+# where wine is equipped with the `winepath' executable.
+# In the native mingw case, the (msys) shell automatically
+# converts paths for any non-msys applications it launches,
+# but that facility isn't available from inside the cwrapper.
+# Similar accommodations are necessary for $host mingw and
+# $build cygwin. Calling this function does no harm for other
+# $host/$build combinations not listed above.
+#
+# ARG is the path (on $build) that should be converted to
+# the proper representation for $host. The result is stored
+# in $func_to_host_path_result.
+func_to_host_path ()
+{
+ func_to_host_path_result="$1"
+ if test -n "$1" ; then
+ case $host in
+ *mingw* )
+ lt_sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g'
+ case $build in
+ *mingw* ) # actually, msys
+ # awkward: cmd appends spaces to result
+ lt_sed_strip_trailing_spaces="s/[ ]*\$//"
+ func_to_host_path_tmp1=`( cmd //c echo "$1" |\
+ $SED -e "$lt_sed_strip_trailing_spaces" ) 2>/dev/null || echo ""`
+ func_to_host_path_result=`echo "$func_to_host_path_tmp1" |\
+ $SED -e "$lt_sed_naive_backslashify"`
+ ;;
+ *cygwin* )
+ func_to_host_path_tmp1=`cygpath -w "$1"`
+ func_to_host_path_result=`echo "$func_to_host_path_tmp1" |\
+ $SED -e "$lt_sed_naive_backslashify"`
+ ;;
+ * )
+ # Unfortunately, winepath does not exit with a non-zero
+ # error code, so we are forced to check the contents of
+ # stdout. On the other hand, if the command is not
+ # found, the shell will set an exit code of 127 and print
+ # *an error message* to stdout. So we must check for both
+ # error code of zero AND non-empty stdout, which explains
+ # the odd construction:
+ func_to_host_path_tmp1=`winepath -w "$1" 2>/dev/null`
+ if test "$?" -eq 0 && test -n "${func_to_host_path_tmp1}"; then
+ func_to_host_path_result=`echo "$func_to_host_path_tmp1" |\
+ $SED -e "$lt_sed_naive_backslashify"`
+ else
+ # Allow warning below.
+ func_to_host_path_result=""
+ fi
+ ;;
+ esac
+ if test -z "$func_to_host_path_result" ; then
+ func_error "Could not determine host path corresponding to"
+ func_error " '$1'"
+ func_error "Continuing, but uninstalled executables may not work."
+ # Fallback:
+ func_to_host_path_result="$1"
+ fi
+ ;;
+ esac
+ fi
+}
+# end: func_to_host_path
+
+# func_to_host_pathlist arg
+#
+# Convert pathlists to host format when used with build tools.
+# See func_to_host_path(), above. This function supports the
+# following $build/$host combinations (but does no harm for
+# combinations not listed here):
+# $build $host
+# mingw (msys) mingw [e.g. native]
+# cygwin mingw
+# *nix + wine mingw
+#
+# Path separators are also converted from $build format to
+# $host format. If ARG begins or ends with a path separator
+# character, it is preserved (but converted to $host format)
+# on output.
+#
+# ARG is a pathlist (on $build) that should be converted to
+# the proper representation on $host. The result is stored
+# in $func_to_host_pathlist_result.
+func_to_host_pathlist ()
+{
+ func_to_host_pathlist_result="$1"
+ if test -n "$1" ; then
+ case $host in
+ *mingw* )
+ lt_sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g'
+ # Remove leading and trailing path separator characters from
+ # ARG. msys behavior is inconsistent here, cygpath turns them
+ # into '.;' and ';.', and winepath ignores them completely.
+ func_to_host_pathlist_tmp2="$1"
+ # Once set for this call, this variable should not be
+ # reassigned. It is used in tha fallback case.
+ func_to_host_pathlist_tmp1=`echo "$func_to_host_pathlist_tmp2" |\
+ $SED -e 's|^:*||' -e 's|:*$||'`
+ case $build in
+ *mingw* ) # Actually, msys.
+ # Awkward: cmd appends spaces to result.
+ lt_sed_strip_trailing_spaces="s/[ ]*\$//"
+ func_to_host_pathlist_tmp2=`( cmd //c echo "$func_to_host_pathlist_tmp1" |\
+ $SED -e "$lt_sed_strip_trailing_spaces" ) 2>/dev/null || echo ""`
+ func_to_host_pathlist_result=`echo "$func_to_host_pathlist_tmp2" |\
+ $SED -e "$lt_sed_naive_backslashify"`
+ ;;
+ *cygwin* )
+ func_to_host_pathlist_tmp2=`cygpath -w -p "$func_to_host_pathlist_tmp1"`
+ func_to_host_pathlist_result=`echo "$func_to_host_pathlist_tmp2" |\
+ $SED -e "$lt_sed_naive_backslashify"`
+ ;;
+ * )
+ # unfortunately, winepath doesn't convert pathlists
+ func_to_host_pathlist_result=""
+ func_to_host_pathlist_oldIFS=$IFS
+ IFS=:
+ for func_to_host_pathlist_f in $func_to_host_pathlist_tmp1 ; do
+ IFS=$func_to_host_pathlist_oldIFS
+ if test -n "$func_to_host_pathlist_f" ; then
+ func_to_host_path "$func_to_host_pathlist_f"
+ if test -n "$func_to_host_path_result" ; then
+ if test -z "$func_to_host_pathlist_result" ; then
+ func_to_host_pathlist_result="$func_to_host_path_result"
+ else
+ func_to_host_pathlist_result="$func_to_host_pathlist_result;$func_to_host_path_result"
+ fi
+ fi
+ fi
+ IFS=:
+ done
+ IFS=$func_to_host_pathlist_oldIFS
+ ;;
+ esac
+ if test -z "$func_to_host_pathlist_result" ; then
+ func_error "Could not determine the host path(s) corresponding to"
+ func_error " '$1'"
+ func_error "Continuing, but uninstalled executables may not work."
+ # Fallback. This may break if $1 contains DOS-style drive
+ # specifications. The fix is not to complicate the expression
+ # below, but for the user to provide a working wine installation
+ # with winepath so that path translation in the cross-to-mingw
+ # case works properly.
+ lt_replace_pathsep_nix_to_dos="s|:|;|g"
+ func_to_host_pathlist_result=`echo "$func_to_host_pathlist_tmp1" |\
+ $SED -e "$lt_replace_pathsep_nix_to_dos"`
+ fi
+ # Now, add the leading and trailing path separators back
+ case "$1" in
+ :* ) func_to_host_pathlist_result=";$func_to_host_pathlist_result"
+ ;;
+ esac
+ case "$1" in
+ *: ) func_to_host_pathlist_result="$func_to_host_pathlist_result;"
+ ;;
+ esac
+ ;;
+ esac
+ fi
+}
+# end: func_to_host_pathlist
+
+# func_emit_cwrapperexe_src
+# emit the source code for a wrapper executable on stdout
+# Must ONLY be called from within func_mode_link because
+# it depends on a number of variable set therein.
+func_emit_cwrapperexe_src ()
+{
+ cat <<EOF
+
+/* $cwrappersource - temporary wrapper executable for $objdir/$outputname
+ Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION
+
+ The $output program cannot be directly executed until all the libtool
+ libraries that it depends on are installed.
+
+ This wrapper executable should never be moved out of the build directory.
+ If it is, it will not operate correctly.
+
+ Currently, it simply execs the wrapper *script* "$SHELL $output",
+ but could eventually absorb all of the scripts functionality and
+ exec $objdir/$outputname directly.
+*/
+EOF
+ cat <<"EOF"
+#include <stdio.h>
+#include <stdlib.h>
+#ifdef _MSC_VER
+# include <direct.h>
+# include <process.h>
+# include <io.h>
+# define setmode _setmode
+#else
+# include <unistd.h>
+# include <stdint.h>
+# ifdef __CYGWIN__
+# include <io.h>
+# define HAVE_SETENV
+# ifdef __STRICT_ANSI__
+char *realpath (const char *, char *);
+int putenv (char *);
+int setenv (const char *, const char *, int);
+# endif
+# endif
+#endif
+#include <malloc.h>
+#include <stdarg.h>
+#include <assert.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+
+#if defined(PATH_MAX)
+# define LT_PATHMAX PATH_MAX
+#elif defined(MAXPATHLEN)
+# define LT_PATHMAX MAXPATHLEN
+#else
+# define LT_PATHMAX 1024
+#endif
+
+#ifndef S_IXOTH
+# define S_IXOTH 0
+#endif
+#ifndef S_IXGRP
+# define S_IXGRP 0
+#endif
+
+#ifdef _MSC_VER
+# define S_IXUSR _S_IEXEC
+# define stat _stat
+# ifndef _INTPTR_T_DEFINED
+# define intptr_t int
+# endif
+#endif
+
+#ifndef DIR_SEPARATOR
+# define DIR_SEPARATOR '/'
+# define PATH_SEPARATOR ':'
+#endif
+
+#if defined (_WIN32) || defined (__MSDOS__) || defined (__DJGPP__) || \
+ defined (__OS2__)
+# define HAVE_DOS_BASED_FILE_SYSTEM
+# define FOPEN_WB "wb"
+# ifndef DIR_SEPARATOR_2
+# define DIR_SEPARATOR_2 '\\'
+# endif
+# ifndef PATH_SEPARATOR_2
+# define PATH_SEPARATOR_2 ';'
+# endif
+#endif
+
+#ifndef DIR_SEPARATOR_2
+# define IS_DIR_SEPARATOR(ch) ((ch) == DIR_SEPARATOR)
+#else /* DIR_SEPARATOR_2 */
+# define IS_DIR_SEPARATOR(ch) \
+ (((ch) == DIR_SEPARATOR) || ((ch) == DIR_SEPARATOR_2))
+#endif /* DIR_SEPARATOR_2 */
+
+#ifndef PATH_SEPARATOR_2
+# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR)
+#else /* PATH_SEPARATOR_2 */
+# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR_2)
+#endif /* PATH_SEPARATOR_2 */
+
+#ifdef __CYGWIN__
+# define FOPEN_WB "wb"
+#endif
+
+#ifndef FOPEN_WB
+# define FOPEN_WB "w"
+#endif
+#ifndef _O_BINARY
+# define _O_BINARY 0
+#endif
+
+#define XMALLOC(type, num) ((type *) xmalloc ((num) * sizeof(type)))
+#define XFREE(stale) do { \
+ if (stale) { free ((void *) stale); stale = 0; } \
+} while (0)
+
+#undef LTWRAPPER_DEBUGPRINTF
+#if defined DEBUGWRAPPER
+# define LTWRAPPER_DEBUGPRINTF(args) ltwrapper_debugprintf args
+static void
+ltwrapper_debugprintf (const char *fmt, ...)
+{
+ va_list args;
+ va_start (args, fmt);
+ (void) vfprintf (stderr, fmt, args);
+ va_end (args);
+}
+#else
+# define LTWRAPPER_DEBUGPRINTF(args)
+#endif
+
+const char *program_name = NULL;
+
+void *xmalloc (size_t num);
+char *xstrdup (const char *string);
+const char *base_name (const char *name);
+char *find_executable (const char *wrapper);
+char *chase_symlinks (const char *pathspec);
+int make_executable (const char *path);
+int check_executable (const char *path);
+char *strendzap (char *str, const char *pat);
+void lt_fatal (const char *message, ...);
+void lt_setenv (const char *name, const char *value);
+char *lt_extend_str (const char *orig_value, const char *add, int to_end);
+void lt_opt_process_env_set (const char *arg);
+void lt_opt_process_env_prepend (const char *arg);
+void lt_opt_process_env_append (const char *arg);
+int lt_split_name_value (const char *arg, char** name, char** value);
+void lt_update_exe_path (const char *name, const char *value);
+void lt_update_lib_path (const char *name, const char *value);
+
+static const char *script_text_part1 =
+EOF
+
+ func_emit_wrapper_part1 yes |
+ $SED -e 's/\([\\"]\)/\\\1/g' \
+ -e 's/^/ "/' -e 's/$/\\n"/'
+ echo ";"
+ cat <<EOF
+
+static const char *script_text_part2 =
+EOF
+ func_emit_wrapper_part2 yes |
+ $SED -e 's/\([\\"]\)/\\\1/g' \
+ -e 's/^/ "/' -e 's/$/\\n"/'
+ echo ";"
+
+ cat <<EOF
+const char * MAGIC_EXE = "$magic_exe";
+const char * LIB_PATH_VARNAME = "$shlibpath_var";
+EOF
+
+ if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then
+ func_to_host_pathlist "$temp_rpath"
+ cat <<EOF
+const char * LIB_PATH_VALUE = "$func_to_host_pathlist_result";
+EOF
+ else
+ cat <<"EOF"
+const char * LIB_PATH_VALUE = "";
+EOF
+ fi
+
+ if test -n "$dllsearchpath"; then
+ func_to_host_pathlist "$dllsearchpath:"
+ cat <<EOF
+const char * EXE_PATH_VARNAME = "PATH";
+const char * EXE_PATH_VALUE = "$func_to_host_pathlist_result";
+EOF
+ else
+ cat <<"EOF"
+const char * EXE_PATH_VARNAME = "";
+const char * EXE_PATH_VALUE = "";
+EOF
+ fi
+
+ if test "$fast_install" = yes; then
+ cat <<EOF
+const char * TARGET_PROGRAM_NAME = "lt-$outputname"; /* hopefully, no .exe */
+EOF
+ else
+ cat <<EOF
+const char * TARGET_PROGRAM_NAME = "$outputname"; /* hopefully, no .exe */
+EOF
+ fi
+
+
+ cat <<"EOF"
+
+#define LTWRAPPER_OPTION_PREFIX "--lt-"
+#define LTWRAPPER_OPTION_PREFIX_LENGTH 5
+
+static const size_t opt_prefix_len = LTWRAPPER_OPTION_PREFIX_LENGTH;
+static const char *ltwrapper_option_prefix = LTWRAPPER_OPTION_PREFIX;
+
+static const char *dumpscript_opt = LTWRAPPER_OPTION_PREFIX "dump-script";
+
+static const size_t env_set_opt_len = LTWRAPPER_OPTION_PREFIX_LENGTH + 7;
+static const char *env_set_opt = LTWRAPPER_OPTION_PREFIX "env-set";
+ /* argument is putenv-style "foo=bar", value of foo is set to bar */
+
+static const size_t env_prepend_opt_len = LTWRAPPER_OPTION_PREFIX_LENGTH + 11;
+static const char *env_prepend_opt = LTWRAPPER_OPTION_PREFIX "env-prepend";
+ /* argument is putenv-style "foo=bar", new value of foo is bar${foo} */
+
+static const size_t env_append_opt_len = LTWRAPPER_OPTION_PREFIX_LENGTH + 10;
+static const char *env_append_opt = LTWRAPPER_OPTION_PREFIX "env-append";
+ /* argument is putenv-style "foo=bar", new value of foo is ${foo}bar */
+
+int
+main (int argc, char *argv[])
+{
+ char **newargz;
+ int newargc;
+ char *tmp_pathspec;
+ char *actual_cwrapper_path;
+ char *actual_cwrapper_name;
+ char *target_name;
+ char *lt_argv_zero;
+ intptr_t rval = 127;
+
+ int i;
+
+ program_name = (char *) xstrdup (base_name (argv[0]));
+ LTWRAPPER_DEBUGPRINTF (("(main) argv[0] : %s\n", argv[0]));
+ LTWRAPPER_DEBUGPRINTF (("(main) program_name : %s\n", program_name));
+
+ /* very simple arg parsing; don't want to rely on getopt */
+ for (i = 1; i < argc; i++)
+ {
+ if (strcmp (argv[i], dumpscript_opt) == 0)
+ {
+EOF
+ case "$host" in
+ *mingw* | *cygwin* )
+ # make stdout use "unix" line endings
+ echo " setmode(1,_O_BINARY);"
+ ;;
+ esac
+
+ cat <<"EOF"
+ printf ("%s", script_text_part1);
+ printf ("%s", script_text_part2);
+ return 0;
+ }
+ }
+
+ newargz = XMALLOC (char *, argc + 1);
+ tmp_pathspec = find_executable (argv[0]);
+ if (tmp_pathspec == NULL)
+ lt_fatal ("Couldn't find %s", argv[0]);
+ LTWRAPPER_DEBUGPRINTF (("(main) found exe (before symlink chase) at : %s\n",
+ tmp_pathspec));
+
+ actual_cwrapper_path = chase_symlinks (tmp_pathspec);
+ LTWRAPPER_DEBUGPRINTF (("(main) found exe (after symlink chase) at : %s\n",
+ actual_cwrapper_path));
+ XFREE (tmp_pathspec);
+
+ actual_cwrapper_name = xstrdup( base_name (actual_cwrapper_path));
+ strendzap (actual_cwrapper_path, actual_cwrapper_name);
+
+ /* wrapper name transforms */
+ strendzap (actual_cwrapper_name, ".exe");
+ tmp_pathspec = lt_extend_str (actual_cwrapper_name, ".exe", 1);
+ XFREE (actual_cwrapper_name);
+ actual_cwrapper_name = tmp_pathspec;
+ tmp_pathspec = 0;
+
+ /* target_name transforms -- use actual target program name; might have lt- prefix */
+ target_name = xstrdup (base_name (TARGET_PROGRAM_NAME));
+ strendzap (target_name, ".exe");
+ tmp_pathspec = lt_extend_str (target_name, ".exe", 1);
+ XFREE (target_name);
+ target_name = tmp_pathspec;
+ tmp_pathspec = 0;
+
+ LTWRAPPER_DEBUGPRINTF (("(main) libtool target name: %s\n",
+ target_name));
+EOF
+
+ cat <<EOF
+ newargz[0] =
+ XMALLOC (char, (strlen (actual_cwrapper_path) +
+ strlen ("$objdir") + 1 + strlen (actual_cwrapper_name) + 1));
+ strcpy (newargz[0], actual_cwrapper_path);
+ strcat (newargz[0], "$objdir");
+ strcat (newargz[0], "/");
+EOF
+
+ cat <<"EOF"
+ /* stop here, and copy so we don't have to do this twice */
+ tmp_pathspec = xstrdup (newargz[0]);
+
+ /* do NOT want the lt- prefix here, so use actual_cwrapper_name */
+ strcat (newargz[0], actual_cwrapper_name);
+
+ /* DO want the lt- prefix here if it exists, so use target_name */
+ lt_argv_zero = lt_extend_str (tmp_pathspec, target_name, 1);
+ XFREE (tmp_pathspec);
+ tmp_pathspec = NULL;
+EOF
+
+ case $host_os in
+ mingw*)
+ cat <<"EOF"
+ {
+ char* p;
+ while ((p = strchr (newargz[0], '\\')) != NULL)
+ {
+ *p = '/';
+ }
+ while ((p = strchr (lt_argv_zero, '\\')) != NULL)
+ {
+ *p = '/';
+ }
+ }
+EOF
+ ;;
+ esac
+
+ cat <<"EOF"
+ XFREE (target_name);
+ XFREE (actual_cwrapper_path);
+ XFREE (actual_cwrapper_name);
+
+ lt_setenv ("BIN_SH", "xpg4"); /* for Tru64 */
+ lt_setenv ("DUALCASE", "1"); /* for MSK sh */
+ lt_update_lib_path (LIB_PATH_VARNAME, LIB_PATH_VALUE);
+ lt_update_exe_path (EXE_PATH_VARNAME, EXE_PATH_VALUE);
+
+ newargc=0;
+ for (i = 1; i < argc; i++)
+ {
+ if (strncmp (argv[i], env_set_opt, env_set_opt_len) == 0)
+ {
+ if (argv[i][env_set_opt_len] == '=')
+ {
+ const char *p = argv[i] + env_set_opt_len + 1;
+ lt_opt_process_env_set (p);
+ }
+ else if (argv[i][env_set_opt_len] == '\0' && i + 1 < argc)
+ {
+ lt_opt_process_env_set (argv[++i]); /* don't copy */
+ }
+ else
+ lt_fatal ("%s missing required argument", env_set_opt);
+ continue;
+ }
+ if (strncmp (argv[i], env_prepend_opt, env_prepend_opt_len) == 0)
+ {
+ if (argv[i][env_prepend_opt_len] == '=')
+ {
+ const char *p = argv[i] + env_prepend_opt_len + 1;
+ lt_opt_process_env_prepend (p);
+ }
+ else if (argv[i][env_prepend_opt_len] == '\0' && i + 1 < argc)
+ {
+ lt_opt_process_env_prepend (argv[++i]); /* don't copy */
+ }
+ else
+ lt_fatal ("%s missing required argument", env_prepend_opt);
+ continue;
+ }
+ if (strncmp (argv[i], env_append_opt, env_append_opt_len) == 0)
+ {
+ if (argv[i][env_append_opt_len] == '=')
+ {
+ const char *p = argv[i] + env_append_opt_len + 1;
+ lt_opt_process_env_append (p);
+ }
+ else if (argv[i][env_append_opt_len] == '\0' && i + 1 < argc)
+ {
+ lt_opt_process_env_append (argv[++i]); /* don't copy */
+ }
+ else
+ lt_fatal ("%s missing required argument", env_append_opt);
+ continue;
+ }
+ if (strncmp (argv[i], ltwrapper_option_prefix, opt_prefix_len) == 0)
+ {
+ /* however, if there is an option in the LTWRAPPER_OPTION_PREFIX
+ namespace, but it is not one of the ones we know about and
+ have already dealt with, above (inluding dump-script), then
+ report an error. Otherwise, targets might begin to believe
+ they are allowed to use options in the LTWRAPPER_OPTION_PREFIX
+ namespace. The first time any user complains about this, we'll
+ need to make LTWRAPPER_OPTION_PREFIX a configure-time option
+ or a configure.ac-settable value.
+ */
+ lt_fatal ("Unrecognized option in %s namespace: '%s'",
+ ltwrapper_option_prefix, argv[i]);
+ }
+ /* otherwise ... */
+ newargz[++newargc] = xstrdup (argv[i]);
+ }
+ newargz[++newargc] = NULL;
+
+ LTWRAPPER_DEBUGPRINTF (("(main) lt_argv_zero : %s\n", (lt_argv_zero ? lt_argv_zero : "<NULL>")));
+ for (i = 0; i < newargc; i++)
+ {
+ LTWRAPPER_DEBUGPRINTF (("(main) newargz[%d] : %s\n", i, (newargz[i] ? newargz[i] : "<NULL>")));
+ }
+
+EOF
+
+ case $host_os in
+ mingw*)
+ cat <<"EOF"
+ /* execv doesn't actually work on mingw as expected on unix */
+ rval = _spawnv (_P_WAIT, lt_argv_zero, (const char * const *) newargz);
+ if (rval == -1)
+ {
+ /* failed to start process */
+ LTWRAPPER_DEBUGPRINTF (("(main) failed to launch target \"%s\": errno = %d\n", lt_argv_zero, errno));
+ return 127;
+ }
+ return rval;
+EOF
+ ;;
+ *)
+ cat <<"EOF"
+ execv (lt_argv_zero, newargz);
+ return rval; /* =127, but avoids unused variable warning */
+EOF
+ ;;
+ esac
+
+ cat <<"EOF"
+}
+
+void *
+xmalloc (size_t num)
+{
+ void *p = (void *) malloc (num);
+ if (!p)
+ lt_fatal ("Memory exhausted");
+
+ return p;
+}
+
+char *
+xstrdup (const char *string)
+{
+ return string ? strcpy ((char *) xmalloc (strlen (string) + 1),
+ string) : NULL;
+}
+
+const char *
+base_name (const char *name)
+{
+ const char *base;
+
+#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
+ /* Skip over the disk name in MSDOS pathnames. */
+ if (isalpha ((unsigned char) name[0]) && name[1] == ':')
+ name += 2;
+#endif
+
+ for (base = name; *name; name++)
+ if (IS_DIR_SEPARATOR (*name))
+ base = name + 1;
+ return base;
+}
+
+int
+check_executable (const char *path)
+{
+ struct stat st;
+
+ LTWRAPPER_DEBUGPRINTF (("(check_executable) : %s\n",
+ path ? (*path ? path : "EMPTY!") : "NULL!"));
+ if ((!path) || (!*path))
+ return 0;
+
+ if ((stat (path, &st) >= 0)
+ && (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH)))
+ return 1;
+ else
+ return 0;
+}
+
+int
+make_executable (const char *path)
+{
+ int rval = 0;
+ struct stat st;
+
+ LTWRAPPER_DEBUGPRINTF (("(make_executable) : %s\n",
+ path ? (*path ? path : "EMPTY!") : "NULL!"));
+ if ((!path) || (!*path))
+ return 0;
+
+ if (stat (path, &st) >= 0)
+ {
+ rval = chmod (path, st.st_mode | S_IXOTH | S_IXGRP | S_IXUSR);
+ }
+ return rval;
+}
+
+/* Searches for the full path of the wrapper. Returns
+ newly allocated full path name if found, NULL otherwise
+ Does not chase symlinks, even on platforms that support them.
+*/
+char *
+find_executable (const char *wrapper)
+{
+ int has_slash = 0;
+ const char *p;
+ const char *p_next;
+ /* static buffer for getcwd */
+ char tmp[LT_PATHMAX + 1];
+ int tmp_len;
+ char *concat_name;
+
+ LTWRAPPER_DEBUGPRINTF (("(find_executable) : %s\n",
+ wrapper ? (*wrapper ? wrapper : "EMPTY!") : "NULL!"));
+
+ if ((wrapper == NULL) || (*wrapper == '\0'))
+ return NULL;
+
+ /* Absolute path? */
+#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
+ if (isalpha ((unsigned char) wrapper[0]) && wrapper[1] == ':')
+ {
+ concat_name = xstrdup (wrapper);
+ if (check_executable (concat_name))
+ return concat_name;
+ XFREE (concat_name);
+ }
+ else
+ {
+#endif
+ if (IS_DIR_SEPARATOR (wrapper[0]))
+ {
+ concat_name = xstrdup (wrapper);
+ if (check_executable (concat_name))
+ return concat_name;
+ XFREE (concat_name);
+ }
+#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
+ }
+#endif
+
+ for (p = wrapper; *p; p++)
+ if (*p == '/')
+ {
+ has_slash = 1;
+ break;
+ }
+ if (!has_slash)
+ {
+ /* no slashes; search PATH */
+ const char *path = getenv ("PATH");
+ if (path != NULL)
+ {
+ for (p = path; *p; p = p_next)
+ {
+ const char *q;
+ size_t p_len;
+ for (q = p; *q; q++)
+ if (IS_PATH_SEPARATOR (*q))
+ break;
+ p_len = q - p;
+ p_next = (*q == '\0' ? q : q + 1);
+ if (p_len == 0)
+ {
+ /* empty path: current directory */
+ if (getcwd (tmp, LT_PATHMAX) == NULL)
+ lt_fatal ("getcwd failed");
+ tmp_len = strlen (tmp);
+ concat_name =
+ XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1);
+ memcpy (concat_name, tmp, tmp_len);
+ concat_name[tmp_len] = '/';
+ strcpy (concat_name + tmp_len + 1, wrapper);
+ }
+ else
+ {
+ concat_name =
+ XMALLOC (char, p_len + 1 + strlen (wrapper) + 1);
+ memcpy (concat_name, p, p_len);
+ concat_name[p_len] = '/';
+ strcpy (concat_name + p_len + 1, wrapper);
+ }
+ if (check_executable (concat_name))
+ return concat_name;
+ XFREE (concat_name);
+ }
+ }
+ /* not found in PATH; assume curdir */
+ }
+ /* Relative path | not found in path: prepend cwd */
+ if (getcwd (tmp, LT_PATHMAX) == NULL)
+ lt_fatal ("getcwd failed");
+ tmp_len = strlen (tmp);
+ concat_name = XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1);
+ memcpy (concat_name, tmp, tmp_len);
+ concat_name[tmp_len] = '/';
+ strcpy (concat_name + tmp_len + 1, wrapper);
+
+ if (check_executable (concat_name))
+ return concat_name;
+ XFREE (concat_name);
+ return NULL;
+}
+
+char *
+chase_symlinks (const char *pathspec)
+{
+#ifndef S_ISLNK
+ return xstrdup (pathspec);
+#else
+ char buf[LT_PATHMAX];
+ struct stat s;
+ char *tmp_pathspec = xstrdup (pathspec);
+ char *p;
+ int has_symlinks = 0;
+ while (strlen (tmp_pathspec) && !has_symlinks)
+ {
+ LTWRAPPER_DEBUGPRINTF (("checking path component for symlinks: %s\n",
+ tmp_pathspec));
+ if (lstat (tmp_pathspec, &s) == 0)
+ {
+ if (S_ISLNK (s.st_mode) != 0)
+ {
+ has_symlinks = 1;
+ break;
+ }
+
+ /* search backwards for last DIR_SEPARATOR */
+ p = tmp_pathspec + strlen (tmp_pathspec) - 1;
+ while ((p > tmp_pathspec) && (!IS_DIR_SEPARATOR (*p)))
+ p--;
+ if ((p == tmp_pathspec) && (!IS_DIR_SEPARATOR (*p)))
+ {
+ /* no more DIR_SEPARATORS left */
+ break;
+ }
+ *p = '\0';
+ }
+ else
+ {
+ char *errstr = strerror (errno);
+ lt_fatal ("Error accessing file %s (%s)", tmp_pathspec, errstr);
+ }
+ }
+ XFREE (tmp_pathspec);
+
+ if (!has_symlinks)
+ {
+ return xstrdup (pathspec);
+ }
+
+ tmp_pathspec = realpath (pathspec, buf);
+ if (tmp_pathspec == 0)
+ {
+ lt_fatal ("Could not follow symlinks for %s", pathspec);
+ }
+ return xstrdup (tmp_pathspec);
+#endif
+}
+
+char *
+strendzap (char *str, const char *pat)
+{
+ size_t len, patlen;
+
+ assert (str != NULL);
+ assert (pat != NULL);
+
+ len = strlen (str);
+ patlen = strlen (pat);
+
+ if (patlen <= len)
+ {
+ str += len - patlen;
+ if (strcmp (str, pat) == 0)
+ *str = '\0';
+ }
+ return str;
+}
+
+static void
+lt_error_core (int exit_status, const char *mode,
+ const char *message, va_list ap)
+{
+ fprintf (stderr, "%s: %s: ", program_name, mode);
+ vfprintf (stderr, message, ap);
+ fprintf (stderr, ".\n");
+
+ if (exit_status >= 0)
+ exit (exit_status);
+}
+
+void
+lt_fatal (const char *message, ...)
+{
+ va_list ap;
+ va_start (ap, message);
+ lt_error_core (EXIT_FAILURE, "FATAL", message, ap);
+ va_end (ap);
+}
+
+void
+lt_setenv (const char *name, const char *value)
+{
+ LTWRAPPER_DEBUGPRINTF (("(lt_setenv) setting '%s' to '%s'\n",
+ (name ? name : "<NULL>"),
+ (value ? value : "<NULL>")));
+ {
+#ifdef HAVE_SETENV
+ /* always make a copy, for consistency with !HAVE_SETENV */
+ char *str = xstrdup (value);
+ setenv (name, str, 1);
+#else
+ int len = strlen (name) + 1 + strlen (value) + 1;
+ char *str = XMALLOC (char, len);
+ sprintf (str, "%s=%s", name, value);
+ if (putenv (str) != EXIT_SUCCESS)
+ {
+ XFREE (str);
+ }
+#endif
+ }
+}
+
+char *
+lt_extend_str (const char *orig_value, const char *add, int to_end)
+{
+ char *new_value;
+ if (orig_value && *orig_value)
+ {
+ int orig_value_len = strlen (orig_value);
+ int add_len = strlen (add);
+ new_value = XMALLOC (char, add_len + orig_value_len + 1);
+ if (to_end)
+ {
+ strcpy (new_value, orig_value);
+ strcpy (new_value + orig_value_len, add);
+ }
+ else
+ {
+ strcpy (new_value, add);
+ strcpy (new_value + add_len, orig_value);
+ }
+ }
+ else
+ {
+ new_value = xstrdup (add);
+ }
+ return new_value;
+}
+
+int
+lt_split_name_value (const char *arg, char** name, char** value)
+{
+ const char *p;
+ int len;
+ if (!arg || !*arg)
+ return 1;
+
+ p = strchr (arg, (int)'=');
+
+ if (!p)
+ return 1;
+
+ *value = xstrdup (++p);
+
+ len = strlen (arg) - strlen (*value);
+ *name = XMALLOC (char, len);
+ strncpy (*name, arg, len-1);
+ (*name)[len - 1] = '\0';
+
+ return 0;
+}
+
+void
+lt_opt_process_env_set (const char *arg)
+{
+ char *name = NULL;
+ char *value = NULL;
+
+ if (lt_split_name_value (arg, &name, &value) != 0)
+ {
+ XFREE (name);
+ XFREE (value);
+ lt_fatal ("bad argument for %s: '%s'", env_set_opt, arg);
+ }
+
+ lt_setenv (name, value);
+ XFREE (name);
+ XFREE (value);
+}
+
+void
+lt_opt_process_env_prepend (const char *arg)
+{
+ char *name = NULL;
+ char *value = NULL;
+ char *new_value = NULL;
+
+ if (lt_split_name_value (arg, &name, &value) != 0)
+ {
+ XFREE (name);
+ XFREE (value);
+ lt_fatal ("bad argument for %s: '%s'", env_prepend_opt, arg);
+ }
+
+ new_value = lt_extend_str (getenv (name), value, 0);
+ lt_setenv (name, new_value);
+ XFREE (new_value);
+ XFREE (name);
+ XFREE (value);
+}
+
+void
+lt_opt_process_env_append (const char *arg)
+{
+ char *name = NULL;
+ char *value = NULL;
+ char *new_value = NULL;
+
+ if (lt_split_name_value (arg, &name, &value) != 0)
+ {
+ XFREE (name);
+ XFREE (value);
+ lt_fatal ("bad argument for %s: '%s'", env_append_opt, arg);
+ }
+
+ new_value = lt_extend_str (getenv (name), value, 1);
+ lt_setenv (name, new_value);
+ XFREE (new_value);
+ XFREE (name);
+ XFREE (value);
+}
+
+void
+lt_update_exe_path (const char *name, const char *value)
+{
+ LTWRAPPER_DEBUGPRINTF (("(lt_update_exe_path) modifying '%s' by prepending '%s'\n",
+ (name ? name : "<NULL>"),
+ (value ? value : "<NULL>")));
+
+ if (name && *name && value && *value)
+ {
+ char *new_value = lt_extend_str (getenv (name), value, 0);
+ /* some systems can't cope with a ':'-terminated path #' */
+ int len = strlen (new_value);
+ while (((len = strlen (new_value)) > 0) && IS_PATH_SEPARATOR (new_value[len-1]))
+ {
+ new_value[len-1] = '\0';
+ }
+ lt_setenv (name, new_value);
+ XFREE (new_value);
+ }
+}
+
+void
+lt_update_lib_path (const char *name, const char *value)
+{
+ LTWRAPPER_DEBUGPRINTF (("(lt_update_lib_path) modifying '%s' by prepending '%s'\n",
+ (name ? name : "<NULL>"),
+ (value ? value : "<NULL>")));
+
+ if (name && *name && value && *value)
+ {
+ char *new_value = lt_extend_str (getenv (name), value, 0);
+ lt_setenv (name, new_value);
+ XFREE (new_value);
+ }
+}
+
+
+EOF
+}
+# end: func_emit_cwrapperexe_src
+
+# func_mode_link arg...
+func_mode_link ()
+{
+ $opt_debug
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*)
+ # It is impossible to link a dll without this setting, and
+ # we shouldn't force the makefile maintainer to figure out
+ # which system we are compiling for in order to pass an extra
+ # flag for every libtool invocation.
+ # allow_undefined=no
+
+ # FIXME: Unfortunately, there are problems with the above when trying
+ # to make a dll which has undefined symbols, in which case not
+ # even a static library is built. For now, we need to specify
+ # -no-undefined on the libtool link line when we can be certain
+ # that all symbols are satisfied, otherwise we get a static library.
+ allow_undefined=yes
+ ;;
+ *)
+ allow_undefined=yes
+ ;;
+ esac
+ libtool_args=$nonopt
+ base_compile="$nonopt $@"
+ compile_command=$nonopt
+ finalize_command=$nonopt
+
+ compile_rpath=
+ finalize_rpath=
+ compile_shlibpath=
+ finalize_shlibpath=
+ convenience=
+ old_convenience=
+ deplibs=
+ old_deplibs=
+ compiler_flags=
+ linker_flags=
+ dllsearchpath=
+ lib_search_path=`pwd`
+ inst_prefix_dir=
+ new_inherited_linker_flags=
+
+ avoid_version=no
+ dlfiles=
+ dlprefiles=
+ dlself=no
+ export_dynamic=no
+ export_symbols=
+ export_symbols_regex=
+ generated=
+ libobjs=
+ ltlibs=
+ module=no
+ no_install=no
+ objs=
+ non_pic_objects=
+ precious_files_regex=
+ prefer_static_libs=no
+ preload=no
+ prev=
+ prevarg=
+ release=
+ rpath=
+ xrpath=
+ perm_rpath=
+ temp_rpath=
+ thread_safe=no
+ vinfo=
+ vinfo_number=no
+ weak_libs=
+ single_module="${wl}-single_module"
+ func_infer_tag $base_compile
+
+ # We need to know -static, to get the right output filenames.
+ for arg
+ do
+ case $arg in
+ -shared)
+ test "$build_libtool_libs" != yes && \
+ func_fatal_configuration "can not build a shared library"
+ build_old_libs=no
+ break
+ ;;
+ -all-static | -static | -static-libtool-libs)
+ case $arg in
+ -all-static)
+ if test "$build_libtool_libs" = yes && test -z "$link_static_flag"; then
+ func_warning "complete static linking is impossible in this configuration"
+ fi
+ if test -n "$link_static_flag"; then
+ dlopen_self=$dlopen_self_static
+ fi
+ prefer_static_libs=yes
+ ;;
+ -static)
+ if test -z "$pic_flag" && test -n "$link_static_flag"; then
+ dlopen_self=$dlopen_self_static
+ fi
+ prefer_static_libs=built
+ ;;
+ -static-libtool-libs)
+ if test -z "$pic_flag" && test -n "$link_static_flag"; then
+ dlopen_self=$dlopen_self_static
+ fi
+ prefer_static_libs=yes
+ ;;
+ esac
+ build_libtool_libs=no
+ build_old_libs=yes
+ break
+ ;;
+ esac
+ done
+
+ # See if our shared archives depend on static archives.
+ test -n "$old_archive_from_new_cmds" && build_old_libs=yes
+
+ # Go through the arguments, transforming them on the way.
+ while test "$#" -gt 0; do
+ arg="$1"
+ shift
+ func_quote_for_eval "$arg"
+ qarg=$func_quote_for_eval_unquoted_result
+ func_append libtool_args " $func_quote_for_eval_result"
+
+ # If the previous option needs an argument, assign it.
+ if test -n "$prev"; then
+ case $prev in
+ output)
+ func_append compile_command " @OUTPUT@"
+ func_append finalize_command " @OUTPUT@"
+ ;;
+ esac
+
+ case $prev in
+ dlfiles|dlprefiles)
+ if test "$preload" = no; then
+ # Add the symbol object into the linking commands.
+ func_append compile_command " @SYMFILE@"
+ func_append finalize_command " @SYMFILE@"
+ preload=yes
+ fi
+ case $arg in
+ *.la | *.lo) ;; # We handle these cases below.
+ force)
+ if test "$dlself" = no; then
+ dlself=needless
+ export_dynamic=yes
+ fi
+ prev=
+ continue
+ ;;
+ self)
+ if test "$prev" = dlprefiles; then
+ dlself=yes
+ elif test "$prev" = dlfiles && test "$dlopen_self" != yes; then
+ dlself=yes
+ else
+ dlself=needless
+ export_dynamic=yes
+ fi
+ prev=
+ continue
+ ;;
+ *)
+ if test "$prev" = dlfiles; then
+ dlfiles="$dlfiles $arg"
+ else
+ dlprefiles="$dlprefiles $arg"
+ fi
+ prev=
+ continue
+ ;;
+ esac
+ ;;
+ expsyms)
+ export_symbols="$arg"
+ test -f "$arg" \
+ || func_fatal_error "symbol file \`$arg' does not exist"
+ prev=
+ continue
+ ;;
+ expsyms_regex)
+ export_symbols_regex="$arg"
+ prev=
+ continue
+ ;;
+ framework)
+ case $host in
+ *-*-darwin*)
+ case "$deplibs " in
+ *" $qarg.ltframework "*) ;;
+ *) deplibs="$deplibs $qarg.ltframework" # this is fixed later
+ ;;
+ esac
+ ;;
+ esac
+ prev=
+ continue
+ ;;
+ inst_prefix)
+ inst_prefix_dir="$arg"
+ prev=
+ continue
+ ;;
+ objectlist)
+ if test -f "$arg"; then
+ save_arg=$arg
+ moreargs=
+ for fil in `cat "$save_arg"`
+ do
+# moreargs="$moreargs $fil"
+ arg=$fil
+ # A libtool-controlled object.
+
+ # Check to see that this really is a libtool object.
+ if func_lalib_unsafe_p "$arg"; then
+ pic_object=
+ non_pic_object=
+
+ # Read the .lo file
+ func_source "$arg"
+
+ if test -z "$pic_object" ||
+ test -z "$non_pic_object" ||
+ test "$pic_object" = none &&
+ test "$non_pic_object" = none; then
+ func_fatal_error "cannot find name of object for \`$arg'"
+ fi
+
+ # Extract subdirectory from the argument.
+ func_dirname "$arg" "/" ""
+ xdir="$func_dirname_result"
+
+ if test "$pic_object" != none; then
+ # Prepend the subdirectory the object is found in.
+ pic_object="$xdir$pic_object"
+
+ if test "$prev" = dlfiles; then
+ if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then
+ dlfiles="$dlfiles $pic_object"
+ prev=
+ continue
+ else
+ # If libtool objects are unsupported, then we need to preload.
+ prev=dlprefiles
+ fi
+ fi
+
+ # CHECK ME: I think I busted this. -Ossama
+ if test "$prev" = dlprefiles; then
+ # Preload the old-style object.
+ dlprefiles="$dlprefiles $pic_object"
+ prev=
+ fi
+
+ # A PIC object.
+ func_append libobjs " $pic_object"
+ arg="$pic_object"
+ fi
+
+ # Non-PIC object.
+ if test "$non_pic_object" != none; then
+ # Prepend the subdirectory the object is found in.
+ non_pic_object="$xdir$non_pic_object"
+
+ # A standard non-PIC object
+ func_append non_pic_objects " $non_pic_object"
+ if test -z "$pic_object" || test "$pic_object" = none ; then
+ arg="$non_pic_object"
+ fi
+ else
+ # If the PIC object exists, use it instead.
+ # $xdir was prepended to $pic_object above.
+ non_pic_object="$pic_object"
+ func_append non_pic_objects " $non_pic_object"
+ fi
+ else
+ # Only an error if not doing a dry-run.
+ if $opt_dry_run; then
+ # Extract subdirectory from the argument.
+ func_dirname "$arg" "/" ""
+ xdir="$func_dirname_result"
+
+ func_lo2o "$arg"
+ pic_object=$xdir$objdir/$func_lo2o_result
+ non_pic_object=$xdir$func_lo2o_result
+ func_append libobjs " $pic_object"
+ func_append non_pic_objects " $non_pic_object"
+ else
+ func_fatal_error "\`$arg' is not a valid libtool object"
+ fi
+ fi
+ done
+ else
+ func_fatal_error "link input file \`$arg' does not exist"
+ fi
+ arg=$save_arg
+ prev=
+ continue
+ ;;
+ precious_regex)
+ precious_files_regex="$arg"
+ prev=
+ continue
+ ;;
+ release)
+ release="-$arg"
+ prev=
+ continue
+ ;;
+ rpath | xrpath)
+ # We need an absolute path.
+ case $arg in
+ [\\/]* | [A-Za-z]:[\\/]*) ;;
+ *)
+ func_fatal_error "only absolute run-paths are allowed"
+ ;;
+ esac
+ if test "$prev" = rpath; then
+ case "$rpath " in
+ *" $arg "*) ;;
+ *) rpath="$rpath $arg" ;;
+ esac
+ else
+ case "$xrpath " in
+ *" $arg "*) ;;
+ *) xrpath="$xrpath $arg" ;;
+ esac
+ fi
+ prev=
+ continue
+ ;;
+ shrext)
+ shrext_cmds="$arg"
+ prev=
+ continue
+ ;;
+ weak)
+ weak_libs="$weak_libs $arg"
+ prev=
+ continue
+ ;;
+ xcclinker)
+ linker_flags="$linker_flags $qarg"
+ compiler_flags="$compiler_flags $qarg"
+ prev=
+ func_append compile_command " $qarg"
+ func_append finalize_command " $qarg"
+ continue
+ ;;
+ xcompiler)
+ compiler_flags="$compiler_flags $qarg"
+ prev=
+ func_append compile_command " $qarg"
+ func_append finalize_command " $qarg"
+ continue
+ ;;
+ xlinker)
+ linker_flags="$linker_flags $qarg"
+ compiler_flags="$compiler_flags $wl$qarg"
+ prev=
+ func_append compile_command " $wl$qarg"
+ func_append finalize_command " $wl$qarg"
+ continue
+ ;;
+ *)
+ eval "$prev=\"\$arg\""
+ prev=
+ continue
+ ;;
+ esac
+ fi # test -n "$prev"
+
+ prevarg="$arg"
+
+ case $arg in
+ -all-static)
+ if test -n "$link_static_flag"; then
+ # See comment for -static flag below, for more details.
+ func_append compile_command " $link_static_flag"
+ func_append finalize_command " $link_static_flag"
+ fi
+ continue
+ ;;
+
+ -allow-undefined)
+ # FIXME: remove this flag sometime in the future.
+ func_fatal_error "\`-allow-undefined' must not be used because it is the default"
+ ;;
+
+ -avoid-version)
+ avoid_version=yes
+ continue
+ ;;
+
+ -dlopen)
+ prev=dlfiles
+ continue
+ ;;
+
+ -dlpreopen)
+ prev=dlprefiles
+ continue
+ ;;
+
+ -export-dynamic)
+ export_dynamic=yes
+ continue
+ ;;
+
+ -export-symbols | -export-symbols-regex)
+ if test -n "$export_symbols" || test -n "$export_symbols_regex"; then
+ func_fatal_error "more than one -exported-symbols argument is not allowed"
+ fi
+ if test "X$arg" = "X-export-symbols"; then
+ prev=expsyms
+ else
+ prev=expsyms_regex
+ fi
+ continue
+ ;;
+
+ -framework)
+ prev=framework
+ continue
+ ;;
+
+ -inst-prefix-dir)
+ prev=inst_prefix
+ continue
+ ;;
+
+ # The native IRIX linker understands -LANG:*, -LIST:* and -LNO:*
+ # so, if we see these flags be careful not to treat them like -L
+ -L[A-Z][A-Z]*:*)
+ case $with_gcc/$host in
+ no/*-*-irix* | /*-*-irix*)
+ func_append compile_command " $arg"
+ func_append finalize_command " $arg"
+ ;;
+ esac
+ continue
+ ;;
+
+ -L*)
+ func_stripname '-L' '' "$arg"
+ dir=$func_stripname_result
+ if test -z "$dir"; then
+ if test "$#" -gt 0; then
+ func_fatal_error "require no space between \`-L' and \`$1'"
+ else
+ func_fatal_error "need path for \`-L' option"
+ fi
+ fi
+ # We need an absolute path.
+ case $dir in
+ [\\/]* | [A-Za-z]:[\\/]*) ;;
+ *)
+ absdir=`cd "$dir" && pwd`
+ test -z "$absdir" && \
+ func_fatal_error "cannot determine absolute directory name of \`$dir'"
+ dir="$absdir"
+ ;;
+ esac
+ case "$deplibs " in
+ *" -L$dir "*) ;;
+ *)
+ deplibs="$deplibs -L$dir"
+ lib_search_path="$lib_search_path $dir"
+ ;;
+ esac
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*)
+ testbindir=`$ECHO "X$dir" | $Xsed -e 's*/lib$*/bin*'`
+ case :$dllsearchpath: in
+ *":$dir:"*) ;;
+ ::) dllsearchpath=$dir;;
+ *) dllsearchpath="$dllsearchpath:$dir";;
+ esac
+ case :$dllsearchpath: in
+ *":$testbindir:"*) ;;
+ ::) dllsearchpath=$testbindir;;
+ *) dllsearchpath="$dllsearchpath:$testbindir";;
+ esac
+ ;;
+ esac
+ continue
+ ;;
+
+ -l*)
+ if test "X$arg" = "X-lc" || test "X$arg" = "X-lm"; then
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc*)
+ # These systems don't actually have a C or math library (as such)
+ continue
+ ;;
+ *-*-os2*)
+ # These systems don't actually have a C library (as such)
+ test "X$arg" = "X-lc" && continue
+ ;;
+ *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+ # Do not include libc due to us having libc/libc_r.
+ test "X$arg" = "X-lc" && continue
+ ;;
+ *-*-rhapsody* | *-*-darwin1.[012])
+ # Rhapsody C and math libraries are in the System framework
+ deplibs="$deplibs System.ltframework"
+ continue
+ ;;
+ *-*-sco3.2v5* | *-*-sco5v6*)
+ # Causes problems with __ctype
+ test "X$arg" = "X-lc" && continue
+ ;;
+ *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*)
+ # Compiler inserts libc in the correct place for threads to work
+ test "X$arg" = "X-lc" && continue
+ ;;
+ esac
+ elif test "X$arg" = "X-lc_r"; then
+ case $host in
+ *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+ # Do not include libc_r directly, use -pthread flag.
+ continue
+ ;;
+ esac
+ fi
+ deplibs="$deplibs $arg"
+ continue
+ ;;
+
+ -module)
+ module=yes
+ continue
+ ;;
+
+ # Tru64 UNIX uses -model [arg] to determine the layout of C++
+ # classes, name mangling, and exception handling.
+ # Darwin uses the -arch flag to determine output architecture.
+ -model|-arch|-isysroot)
+ compiler_flags="$compiler_flags $arg"
+ func_append compile_command " $arg"
+ func_append finalize_command " $arg"
+ prev=xcompiler
+ continue
+ ;;
+
+ -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads)
+ compiler_flags="$compiler_flags $arg"
+ func_append compile_command " $arg"
+ func_append finalize_command " $arg"
+ case "$new_inherited_linker_flags " in
+ *" $arg "*) ;;
+ * ) new_inherited_linker_flags="$new_inherited_linker_flags $arg" ;;
+ esac
+ continue
+ ;;
+
+ -multi_module)
+ single_module="${wl}-multi_module"
+ continue
+ ;;
+
+ -no-fast-install)
+ fast_install=no
+ continue
+ ;;
+
+ -no-install)
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-darwin* | *-cegcc*)
+ # The PATH hackery in wrapper scripts is required on Windows
+ # and Darwin in order for the loader to find any dlls it needs.
+ func_warning "\`-no-install' is ignored for $host"
+ func_warning "assuming \`-no-fast-install' instead"
+ fast_install=no
+ ;;
+ *) no_install=yes ;;
+ esac
+ continue
+ ;;
+
+ -no-undefined)
+ allow_undefined=no
+ continue
+ ;;
+
+ -objectlist)
+ prev=objectlist
+ continue
+ ;;
+
+ -o) prev=output ;;
+
+ -precious-files-regex)
+ prev=precious_regex
+ continue
+ ;;
+
+ -release)
+ prev=release
+ continue
+ ;;
+
+ -rpath)
+ prev=rpath
+ continue
+ ;;
+
+ -R)
+ prev=xrpath
+ continue
+ ;;
+
+ -R*)
+ func_stripname '-R' '' "$arg"
+ dir=$func_stripname_result
+ # We need an absolute path.
+ case $dir in
+ [\\/]* | [A-Za-z]:[\\/]*) ;;
+ *)
+ func_fatal_error "only absolute run-paths are allowed"
+ ;;
+ esac
+ case "$xrpath " in
+ *" $dir "*) ;;
+ *) xrpath="$xrpath $dir" ;;
+ esac
+ continue
+ ;;
+
+ -shared)
+ # The effects of -shared are defined in a previous loop.
+ continue
+ ;;
+
+ -shrext)
+ prev=shrext
+ continue
+ ;;
+
+ -static | -static-libtool-libs)
+ # The effects of -static are defined in a previous loop.
+ # We used to do the same as -all-static on platforms that
+ # didn't have a PIC flag, but the assumption that the effects
+ # would be equivalent was wrong. It would break on at least
+ # Digital Unix and AIX.
+ continue
+ ;;
+
+ -thread-safe)
+ thread_safe=yes
+ continue
+ ;;
+
+ -version-info)
+ prev=vinfo
+ continue
+ ;;
+
+ -version-number)
+ prev=vinfo
+ vinfo_number=yes
+ continue
+ ;;
+
+ -weak)
+ prev=weak
+ continue
+ ;;
+
+ -Wc,*)
+ func_stripname '-Wc,' '' "$arg"
+ args=$func_stripname_result
+ arg=
+ save_ifs="$IFS"; IFS=','
+ for flag in $args; do
+ IFS="$save_ifs"
+ func_quote_for_eval "$flag"
+ arg="$arg $wl$func_quote_for_eval_result"
+ compiler_flags="$compiler_flags $func_quote_for_eval_result"
+ done
+ IFS="$save_ifs"
+ func_stripname ' ' '' "$arg"
+ arg=$func_stripname_result
+ ;;
+
+ -Wl,*)
+ func_stripname '-Wl,' '' "$arg"
+ args=$func_stripname_result
+ arg=
+ save_ifs="$IFS"; IFS=','
+ for flag in $args; do
+ IFS="$save_ifs"
+ func_quote_for_eval "$flag"
+ arg="$arg $wl$func_quote_for_eval_result"
+ compiler_flags="$compiler_flags $wl$func_quote_for_eval_result"
+ linker_flags="$linker_flags $func_quote_for_eval_result"
+ done
+ IFS="$save_ifs"
+ func_stripname ' ' '' "$arg"
+ arg=$func_stripname_result
+ ;;
+
+ -Xcompiler)
+ prev=xcompiler
+ continue
+ ;;
+
+ -Xlinker)
+ prev=xlinker
+ continue
+ ;;
+
+ -XCClinker)
+ prev=xcclinker
+ continue
+ ;;
+
+ # -msg_* for osf cc
+ -msg_*)
+ func_quote_for_eval "$arg"
+ arg="$func_quote_for_eval_result"
+ ;;
+
+ # -64, -mips[0-9] enable 64-bit mode on the SGI compiler
+ # -r[0-9][0-9]* specifies the processor on the SGI compiler
+ # -xarch=*, -xtarget=* enable 64-bit mode on the Sun compiler
+ # +DA*, +DD* enable 64-bit mode on the HP compiler
+ # -q* pass through compiler args for the IBM compiler
+ # -m*, -t[45]*, -txscale* pass through architecture-specific
+ # compiler args for GCC
+ # -F/path gives path to uninstalled frameworks, gcc on darwin
+ # -p, -pg, --coverage, -fprofile-* pass through profiling flag for GCC
+ # @file GCC response files
+ -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \
+ -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*)
+ func_quote_for_eval "$arg"
+ arg="$func_quote_for_eval_result"
+ func_append compile_command " $arg"
+ func_append finalize_command " $arg"
+ compiler_flags="$compiler_flags $arg"
+ continue
+ ;;
+
+ # Some other compiler flag.
+ -* | +*)
+ func_quote_for_eval "$arg"
+ arg="$func_quote_for_eval_result"
+ ;;
+
+ *.$objext)
+ # A standard object.
+ objs="$objs $arg"
+ ;;
+
+ *.lo)
+ # A libtool-controlled object.
+
+ # Check to see that this really is a libtool object.
+ if func_lalib_unsafe_p "$arg"; then
+ pic_object=
+ non_pic_object=
+
+ # Read the .lo file
+ func_source "$arg"
+
+ if test -z "$pic_object" ||
+ test -z "$non_pic_object" ||
+ test "$pic_object" = none &&
+ test "$non_pic_object" = none; then
+ func_fatal_error "cannot find name of object for \`$arg'"
+ fi
+
+ # Extract subdirectory from the argument.
+ func_dirname "$arg" "/" ""
+ xdir="$func_dirname_result"
+
+ if test "$pic_object" != none; then
+ # Prepend the subdirectory the object is found in.
+ pic_object="$xdir$pic_object"
+
+ if test "$prev" = dlfiles; then
+ if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then
+ dlfiles="$dlfiles $pic_object"
+ prev=
+ continue
+ else
+ # If libtool objects are unsupported, then we need to preload.
+ prev=dlprefiles
+ fi
+ fi
+
+ # CHECK ME: I think I busted this. -Ossama
+ if test "$prev" = dlprefiles; then
+ # Preload the old-style object.
+ dlprefiles="$dlprefiles $pic_object"
+ prev=
+ fi
+
+ # A PIC object.
+ func_append libobjs " $pic_object"
+ arg="$pic_object"
+ fi
+
+ # Non-PIC object.
+ if test "$non_pic_object" != none; then
+ # Prepend the subdirectory the object is found in.
+ non_pic_object="$xdir$non_pic_object"
+
+ # A standard non-PIC object
+ func_append non_pic_objects " $non_pic_object"
+ if test -z "$pic_object" || test "$pic_object" = none ; then
+ arg="$non_pic_object"
+ fi
+ else
+ # If the PIC object exists, use it instead.
+ # $xdir was prepended to $pic_object above.
+ non_pic_object="$pic_object"
+ func_append non_pic_objects " $non_pic_object"
+ fi
+ else
+ # Only an error if not doing a dry-run.
+ if $opt_dry_run; then
+ # Extract subdirectory from the argument.
+ func_dirname "$arg" "/" ""
+ xdir="$func_dirname_result"
+
+ func_lo2o "$arg"
+ pic_object=$xdir$objdir/$func_lo2o_result
+ non_pic_object=$xdir$func_lo2o_result
+ func_append libobjs " $pic_object"
+ func_append non_pic_objects " $non_pic_object"
+ else
+ func_fatal_error "\`$arg' is not a valid libtool object"
+ fi
+ fi
+ ;;
+
+ *.$libext)
+ # An archive.
+ deplibs="$deplibs $arg"
+ old_deplibs="$old_deplibs $arg"
+ continue
+ ;;
+
+ *.la)
+ # A libtool-controlled library.
+
+ if test "$prev" = dlfiles; then
+ # This library was specified with -dlopen.
+ dlfiles="$dlfiles $arg"
+ prev=
+ elif test "$prev" = dlprefiles; then
+ # The library was specified with -dlpreopen.
+ dlprefiles="$dlprefiles $arg"
+ prev=
+ else
+ deplibs="$deplibs $arg"
+ fi
+ continue
+ ;;
+
+ # Some other compiler argument.
+ *)
+ # Unknown arguments in both finalize_command and compile_command need
+ # to be aesthetically quoted because they are evaled later.
+ func_quote_for_eval "$arg"
+ arg="$func_quote_for_eval_result"
+ ;;
+ esac # arg
+
+ # Now actually substitute the argument into the commands.
+ if test -n "$arg"; then
+ func_append compile_command " $arg"
+ func_append finalize_command " $arg"
+ fi
+ done # argument parsing loop
+
+ test -n "$prev" && \
+ func_fatal_help "the \`$prevarg' option requires an argument"
+
+ if test "$export_dynamic" = yes && test -n "$export_dynamic_flag_spec"; then
+ eval arg=\"$export_dynamic_flag_spec\"
+ func_append compile_command " $arg"
+ func_append finalize_command " $arg"
+ fi
+
+ oldlibs=
+ # calculate the name of the file, without its directory
+ func_basename "$output"
+ outputname="$func_basename_result"
+ libobjs_save="$libobjs"
+
+ if test -n "$shlibpath_var"; then
+ # get the directories listed in $shlibpath_var
+ eval shlib_search_path=\`\$ECHO \"X\${$shlibpath_var}\" \| \$Xsed -e \'s/:/ /g\'\`
+ else
+ shlib_search_path=
+ fi
+ eval sys_lib_search_path=\"$sys_lib_search_path_spec\"
+ eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\"
+
+ func_dirname "$output" "/" ""
+ output_objdir="$func_dirname_result$objdir"
+ # Create the object directory.
+ func_mkdir_p "$output_objdir"
+
+ # Determine the type of output
+ case $output in
+ "")
+ func_fatal_help "you must specify an output file"
+ ;;
+ *.$libext) linkmode=oldlib ;;
+ *.lo | *.$objext) linkmode=obj ;;
+ *.la) linkmode=lib ;;
+ *) linkmode=prog ;; # Anything else should be a program.
+ esac
+
+ specialdeplibs=
+
+ libs=
+ # Find all interdependent deplibs by searching for libraries
+ # that are linked more than once (e.g. -la -lb -la)
+ for deplib in $deplibs; do
+ if $opt_duplicate_deps ; then
+ case "$libs " in
+ *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+ esac
+ fi
+ libs="$libs $deplib"
+ done
+
+ if test "$linkmode" = lib; then
+ libs="$predeps $libs $compiler_lib_search_path $postdeps"
+
+ # Compute libraries that are listed more than once in $predeps
+ # $postdeps and mark them as special (i.e., whose duplicates are
+ # not to be eliminated).
+ pre_post_deps=
+ if $opt_duplicate_compiler_generated_deps; then
+ for pre_post_dep in $predeps $postdeps; do
+ case "$pre_post_deps " in
+ *" $pre_post_dep "*) specialdeplibs="$specialdeplibs $pre_post_deps" ;;
+ esac
+ pre_post_deps="$pre_post_deps $pre_post_dep"
+ done
+ fi
+ pre_post_deps=
+ fi
+
+ deplibs=
+ newdependency_libs=
+ newlib_search_path=
+ need_relink=no # whether we're linking any uninstalled libtool libraries
+ notinst_deplibs= # not-installed libtool libraries
+ notinst_path= # paths that contain not-installed libtool libraries
+
+ case $linkmode in
+ lib)
+ passes="conv dlpreopen link"
+ for file in $dlfiles $dlprefiles; do
+ case $file in
+ *.la) ;;
+ *)
+ func_fatal_help "libraries can \`-dlopen' only libtool libraries: $file"
+ ;;
+ esac
+ done
+ ;;
+ prog)
+ compile_deplibs=
+ finalize_deplibs=
+ alldeplibs=no
+ newdlfiles=
+ newdlprefiles=
+ passes="conv scan dlopen dlpreopen link"
+ ;;
+ *) passes="conv"
+ ;;
+ esac
+
+ for pass in $passes; do
+ # The preopen pass in lib mode reverses $deplibs; put it back here
+ # so that -L comes before libs that need it for instance...
+ if test "$linkmode,$pass" = "lib,link"; then
+ ## FIXME: Find the place where the list is rebuilt in the wrong
+ ## order, and fix it there properly
+ tmp_deplibs=
+ for deplib in $deplibs; do
+ tmp_deplibs="$deplib $tmp_deplibs"
+ done
+ deplibs="$tmp_deplibs"
+ fi
+
+ if test "$linkmode,$pass" = "lib,link" ||
+ test "$linkmode,$pass" = "prog,scan"; then
+ libs="$deplibs"
+ deplibs=
+ fi
+ if test "$linkmode" = prog; then
+ case $pass in
+ dlopen) libs="$dlfiles" ;;
+ dlpreopen) libs="$dlprefiles" ;;
+ link)
+ libs="$deplibs %DEPLIBS%"
+ test "X$link_all_deplibs" != Xno && libs="$libs $dependency_libs"
+ ;;
+ esac
+ fi
+ if test "$linkmode,$pass" = "lib,dlpreopen"; then
+ # Collect and forward deplibs of preopened libtool libs
+ for lib in $dlprefiles; do
+ # Ignore non-libtool-libs
+ dependency_libs=
+ case $lib in
+ *.la) func_source "$lib" ;;
+ esac
+
+ # Collect preopened libtool deplibs, except any this library
+ # has declared as weak libs
+ for deplib in $dependency_libs; do
+ deplib_base=`$ECHO "X$deplib" | $Xsed -e "$basename"`
+ case " $weak_libs " in
+ *" $deplib_base "*) ;;
+ *) deplibs="$deplibs $deplib" ;;
+ esac
+ done
+ done
+ libs="$dlprefiles"
+ fi
+ if test "$pass" = dlopen; then
+ # Collect dlpreopened libraries
+ save_deplibs="$deplibs"
+ deplibs=
+ fi
+
+ for deplib in $libs; do
+ lib=
+ found=no
+ case $deplib in
+ -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads)
+ if test "$linkmode,$pass" = "prog,link"; then
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ else
+ compiler_flags="$compiler_flags $deplib"
+ if test "$linkmode" = lib ; then
+ case "$new_inherited_linker_flags " in
+ *" $deplib "*) ;;
+ * ) new_inherited_linker_flags="$new_inherited_linker_flags $deplib" ;;
+ esac
+ fi
+ fi
+ continue
+ ;;
+ -l*)
+ if test "$linkmode" != lib && test "$linkmode" != prog; then
+ func_warning "\`-l' is ignored for archives/objects"
+ continue
+ fi
+ func_stripname '-l' '' "$deplib"
+ name=$func_stripname_result
+ if test "$linkmode" = lib; then
+ searchdirs="$newlib_search_path $lib_search_path $compiler_lib_search_dirs $sys_lib_search_path $shlib_search_path"
+ else
+ searchdirs="$newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path"
+ fi
+ for searchdir in $searchdirs; do
+ for search_ext in .la $std_shrext .so .a; do
+ # Search the libtool library
+ lib="$searchdir/lib${name}${search_ext}"
+ if test -f "$lib"; then
+ if test "$search_ext" = ".la"; then
+ found=yes
+ else
+ found=no
+ fi
+ break 2
+ fi
+ done
+ done
+ if test "$found" != yes; then
+ # deplib doesn't seem to be a libtool library
+ if test "$linkmode,$pass" = "prog,link"; then
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ else
+ deplibs="$deplib $deplibs"
+ test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs"
+ fi
+ continue
+ else # deplib is a libtool library
+ # If $allow_libtool_libs_with_static_runtimes && $deplib is a stdlib,
+ # We need to do some special things here, and not later.
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ case " $predeps $postdeps " in
+ *" $deplib "*)
+ if func_lalib_p "$lib"; then
+ library_names=
+ old_library=
+ func_source "$lib"
+ for l in $old_library $library_names; do
+ ll="$l"
+ done
+ if test "X$ll" = "X$old_library" ; then # only static version available
+ found=no
+ func_dirname "$lib" "" "."
+ ladir="$func_dirname_result"
+ lib=$ladir/$old_library
+ if test "$linkmode,$pass" = "prog,link"; then
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ else
+ deplibs="$deplib $deplibs"
+ test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs"
+ fi
+ continue
+ fi
+ fi
+ ;;
+ *) ;;
+ esac
+ fi
+ fi
+ ;; # -l
+ *.ltframework)
+ if test "$linkmode,$pass" = "prog,link"; then
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ else
+ deplibs="$deplib $deplibs"
+ if test "$linkmode" = lib ; then
+ case "$new_inherited_linker_flags " in
+ *" $deplib "*) ;;
+ * ) new_inherited_linker_flags="$new_inherited_linker_flags $deplib" ;;
+ esac
+ fi
+ fi
+ continue
+ ;;
+ -L*)
+ case $linkmode in
+ lib)
+ deplibs="$deplib $deplibs"
+ test "$pass" = conv && continue
+ newdependency_libs="$deplib $newdependency_libs"
+ func_stripname '-L' '' "$deplib"
+ newlib_search_path="$newlib_search_path $func_stripname_result"
+ ;;
+ prog)
+ if test "$pass" = conv; then
+ deplibs="$deplib $deplibs"
+ continue
+ fi
+ if test "$pass" = scan; then
+ deplibs="$deplib $deplibs"
+ else
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ fi
+ func_stripname '-L' '' "$deplib"
+ newlib_search_path="$newlib_search_path $func_stripname_result"
+ ;;
+ *)
+ func_warning "\`-L' is ignored for archives/objects"
+ ;;
+ esac # linkmode
+ continue
+ ;; # -L
+ -R*)
+ if test "$pass" = link; then
+ func_stripname '-R' '' "$deplib"
+ dir=$func_stripname_result
+ # Make sure the xrpath contains only unique directories.
+ case "$xrpath " in
+ *" $dir "*) ;;
+ *) xrpath="$xrpath $dir" ;;
+ esac
+ fi
+ deplibs="$deplib $deplibs"
+ continue
+ ;;
+ *.la) lib="$deplib" ;;
+ *.$libext)
+ if test "$pass" = conv; then
+ deplibs="$deplib $deplibs"
+ continue
+ fi
+ case $linkmode in
+ lib)
+ # Linking convenience modules into shared libraries is allowed,
+ # but linking other static libraries is non-portable.
+ case " $dlpreconveniencelibs " in
+ *" $deplib "*) ;;
+ *)
+ valid_a_lib=no
+ case $deplibs_check_method in
+ match_pattern*)
+ set dummy $deplibs_check_method; shift
+ match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"`
+ if eval "\$ECHO \"X$deplib\"" 2>/dev/null | $Xsed -e 10q \
+ | $EGREP "$match_pattern_regex" > /dev/null; then
+ valid_a_lib=yes
+ fi
+ ;;
+ pass_all)
+ valid_a_lib=yes
+ ;;
+ esac
+ if test "$valid_a_lib" != yes; then
+ $ECHO
+ $ECHO "*** Warning: Trying to link with static lib archive $deplib."
+ $ECHO "*** I have the capability to make that library automatically link in when"
+ $ECHO "*** you link to this library. But I can only do this if you have a"
+ $ECHO "*** shared version of the library, which you do not appear to have"
+ $ECHO "*** because the file extensions .$libext of this argument makes me believe"
+ $ECHO "*** that it is just a static archive that I should not use here."
+ else
+ $ECHO
+ $ECHO "*** Warning: Linking the shared library $output against the"
+ $ECHO "*** static library $deplib is not portable!"
+ deplibs="$deplib $deplibs"
+ fi
+ ;;
+ esac
+ continue
+ ;;
+ prog)
+ if test "$pass" != link; then
+ deplibs="$deplib $deplibs"
+ else
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ fi
+ continue
+ ;;
+ esac # linkmode
+ ;; # *.$libext
+ *.lo | *.$objext)
+ if test "$pass" = conv; then
+ deplibs="$deplib $deplibs"
+ elif test "$linkmode" = prog; then
+ if test "$pass" = dlpreopen || test "$dlopen_support" != yes || test "$build_libtool_libs" = no; then
+ # If there is no dlopen support or we're linking statically,
+ # we need to preload.
+ newdlprefiles="$newdlprefiles $deplib"
+ compile_deplibs="$deplib $compile_deplibs"
+ finalize_deplibs="$deplib $finalize_deplibs"
+ else
+ newdlfiles="$newdlfiles $deplib"
+ fi
+ fi
+ continue
+ ;;
+ %DEPLIBS%)
+ alldeplibs=yes
+ continue
+ ;;
+ esac # case $deplib
+
+ if test "$found" = yes || test -f "$lib"; then :
+ else
+ func_fatal_error "cannot find the library \`$lib' or unhandled argument \`$deplib'"
+ fi
+
+ # Check to see that this really is a libtool archive.
+ func_lalib_unsafe_p "$lib" \
+ || func_fatal_error "\`$lib' is not a valid libtool archive"
+
+ func_dirname "$lib" "" "."
+ ladir="$func_dirname_result"
+
+ dlname=
+ dlopen=
+ dlpreopen=
+ libdir=
+ library_names=
+ old_library=
+ inherited_linker_flags=
+ # If the library was installed with an old release of libtool,
+ # it will not redefine variables installed, or shouldnotlink
+ installed=yes
+ shouldnotlink=no
+ avoidtemprpath=
+
+
+ # Read the .la file
+ func_source "$lib"
+
+ # Convert "-framework foo" to "foo.ltframework"
+ if test -n "$inherited_linker_flags"; then
+ tmp_inherited_linker_flags=`$ECHO "X$inherited_linker_flags" | $Xsed -e 's/-framework \([^ $]*\)/\1.ltframework/g'`
+ for tmp_inherited_linker_flag in $tmp_inherited_linker_flags; do
+ case " $new_inherited_linker_flags " in
+ *" $tmp_inherited_linker_flag "*) ;;
+ *) new_inherited_linker_flags="$new_inherited_linker_flags $tmp_inherited_linker_flag";;
+ esac
+ done
+ fi
+ dependency_libs=`$ECHO "X $dependency_libs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+ if test "$linkmode,$pass" = "lib,link" ||
+ test "$linkmode,$pass" = "prog,scan" ||
+ { test "$linkmode" != prog && test "$linkmode" != lib; }; then
+ test -n "$dlopen" && dlfiles="$dlfiles $dlopen"
+ test -n "$dlpreopen" && dlprefiles="$dlprefiles $dlpreopen"
+ fi
+
+ if test "$pass" = conv; then
+ # Only check for convenience libraries
+ deplibs="$lib $deplibs"
+ if test -z "$libdir"; then
+ if test -z "$old_library"; then
+ func_fatal_error "cannot find name of link library for \`$lib'"
+ fi
+ # It is a libtool convenience library, so add in its objects.
+ convenience="$convenience $ladir/$objdir/$old_library"
+ old_convenience="$old_convenience $ladir/$objdir/$old_library"
+ tmp_libs=
+ for deplib in $dependency_libs; do
+ deplibs="$deplib $deplibs"
+ if $opt_duplicate_deps ; then
+ case "$tmp_libs " in
+ *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+ esac
+ fi
+ tmp_libs="$tmp_libs $deplib"
+ done
+ elif test "$linkmode" != prog && test "$linkmode" != lib; then
+ func_fatal_error "\`$lib' is not a convenience library"
+ fi
+ continue
+ fi # $pass = conv
+
+
+ # Get the name of the library we link against.
+ linklib=
+ for l in $old_library $library_names; do
+ linklib="$l"
+ done
+ if test -z "$linklib"; then
+ func_fatal_error "cannot find name of link library for \`$lib'"
+ fi
+
+ # This library was specified with -dlopen.
+ if test "$pass" = dlopen; then
+ if test -z "$libdir"; then
+ func_fatal_error "cannot -dlopen a convenience library: \`$lib'"
+ fi
+ if test -z "$dlname" ||
+ test "$dlopen_support" != yes ||
+ test "$build_libtool_libs" = no; then
+ # If there is no dlname, no dlopen support or we're linking
+ # statically, we need to preload. We also need to preload any
+ # dependent libraries so libltdl's deplib preloader doesn't
+ # bomb out in the load deplibs phase.
+ dlprefiles="$dlprefiles $lib $dependency_libs"
+ else
+ newdlfiles="$newdlfiles $lib"
+ fi
+ continue
+ fi # $pass = dlopen
+
+ # We need an absolute path.
+ case $ladir in
+ [\\/]* | [A-Za-z]:[\\/]*) abs_ladir="$ladir" ;;
+ *)
+ abs_ladir=`cd "$ladir" && pwd`
+ if test -z "$abs_ladir"; then
+ func_warning "cannot determine absolute directory name of \`$ladir'"
+ func_warning "passing it literally to the linker, although it might fail"
+ abs_ladir="$ladir"
+ fi
+ ;;
+ esac
+ func_basename "$lib"
+ laname="$func_basename_result"
+
+ # Find the relevant object directory and library name.
+ if test "X$installed" = Xyes; then
+ if test ! -f "$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then
+ func_warning "library \`$lib' was moved."
+ dir="$ladir"
+ absdir="$abs_ladir"
+ libdir="$abs_ladir"
+ else
+ dir="$libdir"
+ absdir="$libdir"
+ fi
+ test "X$hardcode_automatic" = Xyes && avoidtemprpath=yes
+ else
+ if test ! -f "$ladir/$objdir/$linklib" && test -f "$abs_ladir/$linklib"; then
+ dir="$ladir"
+ absdir="$abs_ladir"
+ # Remove this search path later
+ notinst_path="$notinst_path $abs_ladir"
+ else
+ dir="$ladir/$objdir"
+ absdir="$abs_ladir/$objdir"
+ # Remove this search path later
+ notinst_path="$notinst_path $abs_ladir"
+ fi
+ fi # $installed = yes
+ func_stripname 'lib' '.la' "$laname"
+ name=$func_stripname_result
+
+ # This library was specified with -dlpreopen.
+ if test "$pass" = dlpreopen; then
+ if test -z "$libdir" && test "$linkmode" = prog; then
+ func_fatal_error "only libraries may -dlpreopen a convenience library: \`$lib'"
+ fi
+ # Prefer using a static library (so that no silly _DYNAMIC symbols
+ # are required to link).
+ if test -n "$old_library"; then
+ newdlprefiles="$newdlprefiles $dir/$old_library"
+ # Keep a list of preopened convenience libraries to check
+ # that they are being used correctly in the link pass.
+ test -z "$libdir" && \
+ dlpreconveniencelibs="$dlpreconveniencelibs $dir/$old_library"
+ # Otherwise, use the dlname, so that lt_dlopen finds it.
+ elif test -n "$dlname"; then
+ newdlprefiles="$newdlprefiles $dir/$dlname"
+ else
+ newdlprefiles="$newdlprefiles $dir/$linklib"
+ fi
+ fi # $pass = dlpreopen
+
+ if test -z "$libdir"; then
+ # Link the convenience library
+ if test "$linkmode" = lib; then
+ deplibs="$dir/$old_library $deplibs"
+ elif test "$linkmode,$pass" = "prog,link"; then
+ compile_deplibs="$dir/$old_library $compile_deplibs"
+ finalize_deplibs="$dir/$old_library $finalize_deplibs"
+ else
+ deplibs="$lib $deplibs" # used for prog,scan pass
+ fi
+ continue
+ fi
+
+
+ if test "$linkmode" = prog && test "$pass" != link; then
+ newlib_search_path="$newlib_search_path $ladir"
+ deplibs="$lib $deplibs"
+
+ linkalldeplibs=no
+ if test "$link_all_deplibs" != no || test -z "$library_names" ||
+ test "$build_libtool_libs" = no; then
+ linkalldeplibs=yes
+ fi
+
+ tmp_libs=
+ for deplib in $dependency_libs; do
+ case $deplib in
+ -L*) func_stripname '-L' '' "$deplib"
+ newlib_search_path="$newlib_search_path $func_stripname_result"
+ ;;
+ esac
+ # Need to link against all dependency_libs?
+ if test "$linkalldeplibs" = yes; then
+ deplibs="$deplib $deplibs"
+ else
+ # Need to hardcode shared library paths
+ # or/and link against static libraries
+ newdependency_libs="$deplib $newdependency_libs"
+ fi
+ if $opt_duplicate_deps ; then
+ case "$tmp_libs " in
+ *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+ esac
+ fi
+ tmp_libs="$tmp_libs $deplib"
+ done # for deplib
+ continue
+ fi # $linkmode = prog...
+
+ if test "$linkmode,$pass" = "prog,link"; then
+ if test -n "$library_names" &&
+ { { test "$prefer_static_libs" = no ||
+ test "$prefer_static_libs,$installed" = "built,yes"; } ||
+ test -z "$old_library"; }; then
+ # We need to hardcode the library path
+ if test -n "$shlibpath_var" && test -z "$avoidtemprpath" ; then
+ # Make sure the rpath contains only unique directories.
+ case "$temp_rpath:" in
+ *"$absdir:"*) ;;
+ *) temp_rpath="$temp_rpath$absdir:" ;;
+ esac
+ fi
+
+ # Hardcode the library path.
+ # Skip directories that are in the system default run-time
+ # search path.
+ case " $sys_lib_dlsearch_path " in
+ *" $absdir "*) ;;
+ *)
+ case "$compile_rpath " in
+ *" $absdir "*) ;;
+ *) compile_rpath="$compile_rpath $absdir"
+ esac
+ ;;
+ esac
+ case " $sys_lib_dlsearch_path " in
+ *" $libdir "*) ;;
+ *)
+ case "$finalize_rpath " in
+ *" $libdir "*) ;;
+ *) finalize_rpath="$finalize_rpath $libdir"
+ esac
+ ;;
+ esac
+ fi # $linkmode,$pass = prog,link...
+
+ if test "$alldeplibs" = yes &&
+ { test "$deplibs_check_method" = pass_all ||
+ { test "$build_libtool_libs" = yes &&
+ test -n "$library_names"; }; }; then
+ # We only need to search for static libraries
+ continue
+ fi
+ fi
+
+ link_static=no # Whether the deplib will be linked statically
+ use_static_libs=$prefer_static_libs
+ if test "$use_static_libs" = built && test "$installed" = yes; then
+ use_static_libs=no
+ fi
+ if test -n "$library_names" &&
+ { test "$use_static_libs" = no || test -z "$old_library"; }; then
+ case $host in
+ *cygwin* | *mingw* | *cegcc*)
+ # No point in relinking DLLs because paths are not encoded
+ notinst_deplibs="$notinst_deplibs $lib"
+ need_relink=no
+ ;;
+ *)
+ if test "$installed" = no; then
+ notinst_deplibs="$notinst_deplibs $lib"
+ need_relink=yes
+ fi
+ ;;
+ esac
+ # This is a shared library
+
+ # Warn about portability, can't link against -module's on some
+ # systems (darwin). Don't bleat about dlopened modules though!
+ dlopenmodule=""
+ for dlpremoduletest in $dlprefiles; do
+ if test "X$dlpremoduletest" = "X$lib"; then
+ dlopenmodule="$dlpremoduletest"
+ break
+ fi
+ done
+ if test -z "$dlopenmodule" && test "$shouldnotlink" = yes && test "$pass" = link; then
+ $ECHO
+ if test "$linkmode" = prog; then
+ $ECHO "*** Warning: Linking the executable $output against the loadable module"
+ else
+ $ECHO "*** Warning: Linking the shared library $output against the loadable module"
+ fi
+ $ECHO "*** $linklib is not portable!"
+ fi
+ if test "$linkmode" = lib &&
+ test "$hardcode_into_libs" = yes; then
+ # Hardcode the library path.
+ # Skip directories that are in the system default run-time
+ # search path.
+ case " $sys_lib_dlsearch_path " in
+ *" $absdir "*) ;;
+ *)
+ case "$compile_rpath " in
+ *" $absdir "*) ;;
+ *) compile_rpath="$compile_rpath $absdir"
+ esac
+ ;;
+ esac
+ case " $sys_lib_dlsearch_path " in
+ *" $libdir "*) ;;
+ *)
+ case "$finalize_rpath " in
+ *" $libdir "*) ;;
+ *) finalize_rpath="$finalize_rpath $libdir"
+ esac
+ ;;
+ esac
+ fi
+
+ if test -n "$old_archive_from_expsyms_cmds"; then
+ # figure out the soname
+ set dummy $library_names
+ shift
+ realname="$1"
+ shift
+ libname=`eval "\\$ECHO \"$libname_spec\""`
+ # use dlname if we got it. it's perfectly good, no?
+ if test -n "$dlname"; then
+ soname="$dlname"
+ elif test -n "$soname_spec"; then
+ # bleh windows
+ case $host in
+ *cygwin* | mingw* | *cegcc*)
+ func_arith $current - $age
+ major=$func_arith_result
+ versuffix="-$major"
+ ;;
+ esac
+ eval soname=\"$soname_spec\"
+ else
+ soname="$realname"
+ fi
+
+ # Make a new name for the extract_expsyms_cmds to use
+ soroot="$soname"
+ func_basename "$soroot"
+ soname="$func_basename_result"
+ func_stripname 'lib' '.dll' "$soname"
+ newlib=libimp-$func_stripname_result.a
+
+ # If the library has no export list, then create one now
+ if test -f "$output_objdir/$soname-def"; then :
+ else
+ func_verbose "extracting exported symbol list from \`$soname'"
+ func_execute_cmds "$extract_expsyms_cmds" 'exit $?'
+ fi
+
+ # Create $newlib
+ if test -f "$output_objdir/$newlib"; then :; else
+ func_verbose "generating import library for \`$soname'"
+ func_execute_cmds "$old_archive_from_expsyms_cmds" 'exit $?'
+ fi
+ # make sure the library variables are pointing to the new library
+ dir=$output_objdir
+ linklib=$newlib
+ fi # test -n "$old_archive_from_expsyms_cmds"
+
+ if test "$linkmode" = prog || test "$mode" != relink; then
+ add_shlibpath=
+ add_dir=
+ add=
+ lib_linked=yes
+ case $hardcode_action in
+ immediate | unsupported)
+ if test "$hardcode_direct" = no; then
+ add="$dir/$linklib"
+ case $host in
+ *-*-sco3.2v5.0.[024]*) add_dir="-L$dir" ;;
+ *-*-sysv4*uw2*) add_dir="-L$dir" ;;
+ *-*-sysv5OpenUNIX* | *-*-sysv5UnixWare7.[01].[10]* | \
+ *-*-unixware7*) add_dir="-L$dir" ;;
+ *-*-darwin* )
+ # if the lib is a (non-dlopened) module then we can not
+ # link against it, someone is ignoring the earlier warnings
+ if /usr/bin/file -L $add 2> /dev/null |
+ $GREP ": [^:]* bundle" >/dev/null ; then
+ if test "X$dlopenmodule" != "X$lib"; then
+ $ECHO "*** Warning: lib $linklib is a module, not a shared library"
+ if test -z "$old_library" ; then
+ $ECHO
+ $ECHO "*** And there doesn't seem to be a static archive available"
+ $ECHO "*** The link will probably fail, sorry"
+ else
+ add="$dir/$old_library"
+ fi
+ elif test -n "$old_library"; then
+ add="$dir/$old_library"
+ fi
+ fi
+ esac
+ elif test "$hardcode_minus_L" = no; then
+ case $host in
+ *-*-sunos*) add_shlibpath="$dir" ;;
+ esac
+ add_dir="-L$dir"
+ add="-l$name"
+ elif test "$hardcode_shlibpath_var" = no; then
+ add_shlibpath="$dir"
+ add="-l$name"
+ else
+ lib_linked=no
+ fi
+ ;;
+ relink)
+ if test "$hardcode_direct" = yes &&
+ test "$hardcode_direct_absolute" = no; then
+ add="$dir/$linklib"
+ elif test "$hardcode_minus_L" = yes; then
+ add_dir="-L$dir"
+ # Try looking first in the location we're being installed to.
+ if test -n "$inst_prefix_dir"; then
+ case $libdir in
+ [\\/]*)
+ add_dir="$add_dir -L$inst_prefix_dir$libdir"
+ ;;
+ esac
+ fi
+ add="-l$name"
+ elif test "$hardcode_shlibpath_var" = yes; then
+ add_shlibpath="$dir"
+ add="-l$name"
+ else
+ lib_linked=no
+ fi
+ ;;
+ *) lib_linked=no ;;
+ esac
+
+ if test "$lib_linked" != yes; then
+ func_fatal_configuration "unsupported hardcode properties"
+ fi
+
+ if test -n "$add_shlibpath"; then
+ case :$compile_shlibpath: in
+ *":$add_shlibpath:"*) ;;
+ *) compile_shlibpath="$compile_shlibpath$add_shlibpath:" ;;
+ esac
+ fi
+ if test "$linkmode" = prog; then
+ test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs"
+ test -n "$add" && compile_deplibs="$add $compile_deplibs"
+ else
+ test -n "$add_dir" && deplibs="$add_dir $deplibs"
+ test -n "$add" && deplibs="$add $deplibs"
+ if test "$hardcode_direct" != yes &&
+ test "$hardcode_minus_L" != yes &&
+ test "$hardcode_shlibpath_var" = yes; then
+ case :$finalize_shlibpath: in
+ *":$libdir:"*) ;;
+ *) finalize_shlibpath="$finalize_shlibpath$libdir:" ;;
+ esac
+ fi
+ fi
+ fi
+
+ if test "$linkmode" = prog || test "$mode" = relink; then
+ add_shlibpath=
+ add_dir=
+ add=
+ # Finalize command for both is simple: just hardcode it.
+ if test "$hardcode_direct" = yes &&
+ test "$hardcode_direct_absolute" = no; then
+ add="$libdir/$linklib"
+ elif test "$hardcode_minus_L" = yes; then
+ add_dir="-L$libdir"
+ add="-l$name"
+ elif test "$hardcode_shlibpath_var" = yes; then
+ case :$finalize_shlibpath: in
+ *":$libdir:"*) ;;
+ *) finalize_shlibpath="$finalize_shlibpath$libdir:" ;;
+ esac
+ add="-l$name"
+ elif test "$hardcode_automatic" = yes; then
+ if test -n "$inst_prefix_dir" &&
+ test -f "$inst_prefix_dir$libdir/$linklib" ; then
+ add="$inst_prefix_dir$libdir/$linklib"
+ else
+ add="$libdir/$linklib"
+ fi
+ else
+ # We cannot seem to hardcode it, guess we'll fake it.
+ add_dir="-L$libdir"
+ # Try looking first in the location we're being installed to.
+ if test -n "$inst_prefix_dir"; then
+ case $libdir in
+ [\\/]*)
+ add_dir="$add_dir -L$inst_prefix_dir$libdir"
+ ;;
+ esac
+ fi
+ add="-l$name"
+ fi
+
+ if test "$linkmode" = prog; then
+ test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs"
+ test -n "$add" && finalize_deplibs="$add $finalize_deplibs"
+ else
+ test -n "$add_dir" && deplibs="$add_dir $deplibs"
+ test -n "$add" && deplibs="$add $deplibs"
+ fi
+ fi
+ elif test "$linkmode" = prog; then
+ # Here we assume that one of hardcode_direct or hardcode_minus_L
+ # is not unsupported. This is valid on all known static and
+ # shared platforms.
+ if test "$hardcode_direct" != unsupported; then
+ test -n "$old_library" && linklib="$old_library"
+ compile_deplibs="$dir/$linklib $compile_deplibs"
+ finalize_deplibs="$dir/$linklib $finalize_deplibs"
+ else
+ compile_deplibs="-l$name -L$dir $compile_deplibs"
+ finalize_deplibs="-l$name -L$dir $finalize_deplibs"
+ fi
+ elif test "$build_libtool_libs" = yes; then
+ # Not a shared library
+ if test "$deplibs_check_method" != pass_all; then
+ # We're trying link a shared library against a static one
+ # but the system doesn't support it.
+
+ # Just print a warning and add the library to dependency_libs so
+ # that the program can be linked against the static library.
+ $ECHO
+ $ECHO "*** Warning: This system can not link to static lib archive $lib."
+ $ECHO "*** I have the capability to make that library automatically link in when"
+ $ECHO "*** you link to this library. But I can only do this if you have a"
+ $ECHO "*** shared version of the library, which you do not appear to have."
+ if test "$module" = yes; then
+ $ECHO "*** But as you try to build a module library, libtool will still create "
+ $ECHO "*** a static module, that should work as long as the dlopening application"
+ $ECHO "*** is linked with the -dlopen flag to resolve symbols at runtime."
+ if test -z "$global_symbol_pipe"; then
+ $ECHO
+ $ECHO "*** However, this would only work if libtool was able to extract symbol"
+ $ECHO "*** lists from a program, using \`nm' or equivalent, but libtool could"
+ $ECHO "*** not find such a program. So, this module is probably useless."
+ $ECHO "*** \`nm' from GNU binutils and a full rebuild may help."
+ fi
+ if test "$build_old_libs" = no; then
+ build_libtool_libs=module
+ build_old_libs=yes
+ else
+ build_libtool_libs=no
+ fi
+ fi
+ else
+ deplibs="$dir/$old_library $deplibs"
+ link_static=yes
+ fi
+ fi # link shared/static library?
+
+ if test "$linkmode" = lib; then
+ if test -n "$dependency_libs" &&
+ { test "$hardcode_into_libs" != yes ||
+ test "$build_old_libs" = yes ||
+ test "$link_static" = yes; }; then
+ # Extract -R from dependency_libs
+ temp_deplibs=
+ for libdir in $dependency_libs; do
+ case $libdir in
+ -R*) func_stripname '-R' '' "$libdir"
+ temp_xrpath=$func_stripname_result
+ case " $xrpath " in
+ *" $temp_xrpath "*) ;;
+ *) xrpath="$xrpath $temp_xrpath";;
+ esac;;
+ *) temp_deplibs="$temp_deplibs $libdir";;
+ esac
+ done
+ dependency_libs="$temp_deplibs"
+ fi
+
+ newlib_search_path="$newlib_search_path $absdir"
+ # Link against this library
+ test "$link_static" = no && newdependency_libs="$abs_ladir/$laname $newdependency_libs"
+ # ... and its dependency_libs
+ tmp_libs=
+ for deplib in $dependency_libs; do
+ newdependency_libs="$deplib $newdependency_libs"
+ if $opt_duplicate_deps ; then
+ case "$tmp_libs " in
+ *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+ esac
+ fi
+ tmp_libs="$tmp_libs $deplib"
+ done
+
+ if test "$link_all_deplibs" != no; then
+ # Add the search paths of all dependency libraries
+ for deplib in $dependency_libs; do
+ path=
+ case $deplib in
+ -L*) path="$deplib" ;;
+ *.la)
+ func_dirname "$deplib" "" "."
+ dir="$func_dirname_result"
+ # We need an absolute path.
+ case $dir in
+ [\\/]* | [A-Za-z]:[\\/]*) absdir="$dir" ;;
+ *)
+ absdir=`cd "$dir" && pwd`
+ if test -z "$absdir"; then
+ func_warning "cannot determine absolute directory name of \`$dir'"
+ absdir="$dir"
+ fi
+ ;;
+ esac
+ if $GREP "^installed=no" $deplib > /dev/null; then
+ case $host in
+ *-*-darwin*)
+ depdepl=
+ eval deplibrary_names=`${SED} -n -e 's/^library_names=\(.*\)$/\1/p' $deplib`
+ if test -n "$deplibrary_names" ; then
+ for tmp in $deplibrary_names ; do
+ depdepl=$tmp
+ done
+ if test -f "$absdir/$objdir/$depdepl" ; then
+ depdepl="$absdir/$objdir/$depdepl"
+ darwin_install_name=`${OTOOL} -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'`
+ if test -z "$darwin_install_name"; then
+ darwin_install_name=`${OTOOL64} -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'`
+ fi
+ compiler_flags="$compiler_flags ${wl}-dylib_file ${wl}${darwin_install_name}:${depdepl}"
+ linker_flags="$linker_flags -dylib_file ${darwin_install_name}:${depdepl}"
+ path=
+ fi
+ fi
+ ;;
+ *)
+ path="-L$absdir/$objdir"
+ ;;
+ esac
+ else
+ eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
+ test -z "$libdir" && \
+ func_fatal_error "\`$deplib' is not a valid libtool archive"
+ test "$absdir" != "$libdir" && \
+ func_warning "\`$deplib' seems to be moved"
+
+ path="-L$absdir"
+ fi
+ ;;
+ esac
+ case " $deplibs " in
+ *" $path "*) ;;
+ *) deplibs="$path $deplibs" ;;
+ esac
+ done
+ fi # link_all_deplibs != no
+ fi # linkmode = lib
+ done # for deplib in $libs
+ if test "$pass" = link; then
+ if test "$linkmode" = "prog"; then
+ compile_deplibs="$new_inherited_linker_flags $compile_deplibs"
+ finalize_deplibs="$new_inherited_linker_flags $finalize_deplibs"
+ else
+ compiler_flags="$compiler_flags "`$ECHO "X $new_inherited_linker_flags" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+ fi
+ fi
+ dependency_libs="$newdependency_libs"
+ if test "$pass" = dlpreopen; then
+ # Link the dlpreopened libraries before other libraries
+ for deplib in $save_deplibs; do
+ deplibs="$deplib $deplibs"
+ done
+ fi
+ if test "$pass" != dlopen; then
+ if test "$pass" != conv; then
+ # Make sure lib_search_path contains only unique directories.
+ lib_search_path=
+ for dir in $newlib_search_path; do
+ case "$lib_search_path " in
+ *" $dir "*) ;;
+ *) lib_search_path="$lib_search_path $dir" ;;
+ esac
+ done
+ newlib_search_path=
+ fi
+
+ if test "$linkmode,$pass" != "prog,link"; then
+ vars="deplibs"
+ else
+ vars="compile_deplibs finalize_deplibs"
+ fi
+ for var in $vars dependency_libs; do
+ # Add libraries to $var in reverse order
+ eval tmp_libs=\"\$$var\"
+ new_libs=
+ for deplib in $tmp_libs; do
+ # FIXME: Pedantically, this is the right thing to do, so
+ # that some nasty dependency loop isn't accidentally
+ # broken:
+ #new_libs="$deplib $new_libs"
+ # Pragmatically, this seems to cause very few problems in
+ # practice:
+ case $deplib in
+ -L*) new_libs="$deplib $new_libs" ;;
+ -R*) ;;
+ *)
+ # And here is the reason: when a library appears more
+ # than once as an explicit dependence of a library, or
+ # is implicitly linked in more than once by the
+ # compiler, it is considered special, and multiple
+ # occurrences thereof are not removed. Compare this
+ # with having the same library being listed as a
+ # dependency of multiple other libraries: in this case,
+ # we know (pedantically, we assume) the library does not
+ # need to be listed more than once, so we keep only the
+ # last copy. This is not always right, but it is rare
+ # enough that we require users that really mean to play
+ # such unportable linking tricks to link the library
+ # using -Wl,-lname, so that libtool does not consider it
+ # for duplicate removal.
+ case " $specialdeplibs " in
+ *" $deplib "*) new_libs="$deplib $new_libs" ;;
+ *)
+ case " $new_libs " in
+ *" $deplib "*) ;;
+ *) new_libs="$deplib $new_libs" ;;
+ esac
+ ;;
+ esac
+ ;;
+ esac
+ done
+ tmp_libs=
+ for deplib in $new_libs; do
+ case $deplib in
+ -L*)
+ case " $tmp_libs " in
+ *" $deplib "*) ;;
+ *) tmp_libs="$tmp_libs $deplib" ;;
+ esac
+ ;;
+ *) tmp_libs="$tmp_libs $deplib" ;;
+ esac
+ done
+ eval $var=\"$tmp_libs\"
+ done # for var
+ fi
+ # Last step: remove runtime libs from dependency_libs
+ # (they stay in deplibs)
+ tmp_libs=
+ for i in $dependency_libs ; do
+ case " $predeps $postdeps $compiler_lib_search_path " in
+ *" $i "*)
+ i=""
+ ;;
+ esac
+ if test -n "$i" ; then
+ tmp_libs="$tmp_libs $i"
+ fi
+ done
+ dependency_libs=$tmp_libs
+ done # for pass
+ if test "$linkmode" = prog; then
+ dlfiles="$newdlfiles"
+ fi
+ if test "$linkmode" = prog || test "$linkmode" = lib; then
+ dlprefiles="$newdlprefiles"
+ fi
+
+ case $linkmode in
+ oldlib)
+ if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
+ func_warning "\`-dlopen' is ignored for archives"
+ fi
+
+ case " $deplibs" in
+ *\ -l* | *\ -L*)
+ func_warning "\`-l' and \`-L' are ignored for archives" ;;
+ esac
+
+ test -n "$rpath" && \
+ func_warning "\`-rpath' is ignored for archives"
+
+ test -n "$xrpath" && \
+ func_warning "\`-R' is ignored for archives"
+
+ test -n "$vinfo" && \
+ func_warning "\`-version-info/-version-number' is ignored for archives"
+
+ test -n "$release" && \
+ func_warning "\`-release' is ignored for archives"
+
+ test -n "$export_symbols$export_symbols_regex" && \
+ func_warning "\`-export-symbols' is ignored for archives"
+
+ # Now set the variables for building old libraries.
+ build_libtool_libs=no
+ oldlibs="$output"
+ objs="$objs$old_deplibs"
+ ;;
+
+ lib)
+ # Make sure we only generate libraries of the form `libNAME.la'.
+ case $outputname in
+ lib*)
+ func_stripname 'lib' '.la' "$outputname"
+ name=$func_stripname_result
+ eval shared_ext=\"$shrext_cmds\"
+ eval libname=\"$libname_spec\"
+ ;;
+ *)
+ test "$module" = no && \
+ func_fatal_help "libtool library \`$output' must begin with \`lib'"
+
+ if test "$need_lib_prefix" != no; then
+ # Add the "lib" prefix for modules if required
+ func_stripname '' '.la' "$outputname"
+ name=$func_stripname_result
+ eval shared_ext=\"$shrext_cmds\"
+ eval libname=\"$libname_spec\"
+ else
+ func_stripname '' '.la' "$outputname"
+ libname=$func_stripname_result
+ fi
+ ;;
+ esac
+
+ if test -n "$objs"; then
+ if test "$deplibs_check_method" != pass_all; then
+ func_fatal_error "cannot build libtool library \`$output' from non-libtool objects on this host:$objs"
+ else
+ $ECHO
+ $ECHO "*** Warning: Linking the shared library $output against the non-libtool"
+ $ECHO "*** objects $objs is not portable!"
+ libobjs="$libobjs $objs"
+ fi
+ fi
+
+ test "$dlself" != no && \
+ func_warning "\`-dlopen self' is ignored for libtool libraries"
+
+ set dummy $rpath
+ shift
+ test "$#" -gt 1 && \
+ func_warning "ignoring multiple \`-rpath's for a libtool library"
+
+ install_libdir="$1"
+
+ oldlibs=
+ if test -z "$rpath"; then
+ if test "$build_libtool_libs" = yes; then
+ # Building a libtool convenience library.
+ # Some compilers have problems with a `.al' extension so
+ # convenience libraries should have the same extension an
+ # archive normally would.
+ oldlibs="$output_objdir/$libname.$libext $oldlibs"
+ build_libtool_libs=convenience
+ build_old_libs=yes
+ fi
+
+ test -n "$vinfo" && \
+ func_warning "\`-version-info/-version-number' is ignored for convenience libraries"
+
+ test -n "$release" && \
+ func_warning "\`-release' is ignored for convenience libraries"
+ else
+
+ # Parse the version information argument.
+ save_ifs="$IFS"; IFS=':'
+ set dummy $vinfo 0 0 0
+ shift
+ IFS="$save_ifs"
+
+ test -n "$7" && \
+ func_fatal_help "too many parameters to \`-version-info'"
+
+ # convert absolute version numbers to libtool ages
+ # this retains compatibility with .la files and attempts
+ # to make the code below a bit more comprehensible
+
+ case $vinfo_number in
+ yes)
+ number_major="$1"
+ number_minor="$2"
+ number_revision="$3"
+ #
+ # There are really only two kinds -- those that
+ # use the current revision as the major version
+ # and those that subtract age and use age as
+ # a minor version. But, then there is irix
+ # which has an extra 1 added just for fun
+ #
+ case $version_type in
+ darwin|linux|osf|windows|none)
+ func_arith $number_major + $number_minor
+ current=$func_arith_result
+ age="$number_minor"
+ revision="$number_revision"
+ ;;
+ freebsd-aout|freebsd-elf|sunos)
+ current="$number_major"
+ revision="$number_minor"
+ age="0"
+ ;;
+ irix|nonstopux)
+ func_arith $number_major + $number_minor
+ current=$func_arith_result
+ age="$number_minor"
+ revision="$number_minor"
+ lt_irix_increment=no
+ ;;
+ *)
+ func_fatal_configuration "$modename: unknown library version type \`$version_type'"
+ ;;
+ esac
+ ;;
+ no)
+ current="$1"
+ revision="$2"
+ age="$3"
+ ;;
+ esac
+
+ # Check that each of the things are valid numbers.
+ case $current in
+ 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
+ *)
+ func_error "CURRENT \`$current' must be a nonnegative integer"
+ func_fatal_error "\`$vinfo' is not valid version information"
+ ;;
+ esac
+
+ case $revision in
+ 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
+ *)
+ func_error "REVISION \`$revision' must be a nonnegative integer"
+ func_fatal_error "\`$vinfo' is not valid version information"
+ ;;
+ esac
+
+ case $age in
+ 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
+ *)
+ func_error "AGE \`$age' must be a nonnegative integer"
+ func_fatal_error "\`$vinfo' is not valid version information"
+ ;;
+ esac
+
+ if test "$age" -gt "$current"; then
+ func_error "AGE \`$age' is greater than the current interface number \`$current'"
+ func_fatal_error "\`$vinfo' is not valid version information"
+ fi
+
+ # Calculate the version variables.
+ major=
+ versuffix=
+ verstring=
+ case $version_type in
+ none) ;;
+
+ darwin)
+ # Like Linux, but with the current version available in
+ # verstring for coding it into the library header
+ func_arith $current - $age
+ major=.$func_arith_result
+ versuffix="$major.$age.$revision"
+ # Darwin ld doesn't like 0 for these options...
+ func_arith $current + 1
+ minor_current=$func_arith_result
+ xlcverstring="${wl}-compatibility_version ${wl}$minor_current ${wl}-current_version ${wl}$minor_current.$revision"
+ verstring="-compatibility_version $minor_current -current_version $minor_current.$revision"
+ ;;
+
+ freebsd-aout)
+ major=".$current"
+ versuffix=".$current.$revision";
+ ;;
+
+ freebsd-elf)
+ major=".$current"
+ versuffix=".$current"
+ ;;
+
+ irix | nonstopux)
+ if test "X$lt_irix_increment" = "Xno"; then
+ func_arith $current - $age
+ else
+ func_arith $current - $age + 1
+ fi
+ major=$func_arith_result
+
+ case $version_type in
+ nonstopux) verstring_prefix=nonstopux ;;
+ *) verstring_prefix=sgi ;;
+ esac
+ verstring="$verstring_prefix$major.$revision"
+
+ # Add in all the interfaces that we are compatible with.
+ loop=$revision
+ while test "$loop" -ne 0; do
+ func_arith $revision - $loop
+ iface=$func_arith_result
+ func_arith $loop - 1
+ loop=$func_arith_result
+ verstring="$verstring_prefix$major.$iface:$verstring"
+ done
+
+ # Before this point, $major must not contain `.'.
+ major=.$major
+ versuffix="$major.$revision"
+ ;;
+
+ linux)
+ func_arith $current - $age
+ major=.$func_arith_result
+ versuffix="$major.$age.$revision"
+ ;;
+
+ osf)
+ func_arith $current - $age
+ major=.$func_arith_result
+ versuffix=".$current.$age.$revision"
+ verstring="$current.$age.$revision"
+
+ # Add in all the interfaces that we are compatible with.
+ loop=$age
+ while test "$loop" -ne 0; do
+ func_arith $current - $loop
+ iface=$func_arith_result
+ func_arith $loop - 1
+ loop=$func_arith_result
+ verstring="$verstring:${iface}.0"
+ done
+
+ # Make executables depend on our current version.
+ verstring="$verstring:${current}.0"
+ ;;
+
+ qnx)
+ major=".$current"
+ versuffix=".$current"
+ ;;
+
+ sunos)
+ major=".$current"
+ versuffix=".$current.$revision"
+ ;;
+
+ windows)
+ # Use '-' rather than '.', since we only want one
+ # extension on DOS 8.3 filesystems.
+ func_arith $current - $age
+ major=$func_arith_result
+ versuffix="-$major"
+ ;;
+
+ *)
+ func_fatal_configuration "unknown library version type \`$version_type'"
+ ;;
+ esac
+
+ # Clear the version info if we defaulted, and they specified a release.
+ if test -z "$vinfo" && test -n "$release"; then
+ major=
+ case $version_type in
+ darwin)
+ # we can't check for "0.0" in archive_cmds due to quoting
+ # problems, so we reset it completely
+ verstring=
+ ;;
+ *)
+ verstring="0.0"
+ ;;
+ esac
+ if test "$need_version" = no; then
+ versuffix=
+ else
+ versuffix=".0.0"
+ fi
+ fi
+
+ # Remove version info from name if versioning should be avoided
+ if test "$avoid_version" = yes && test "$need_version" = no; then
+ major=
+ versuffix=
+ verstring=""
+ fi
+
+ # Check to see if the archive will have undefined symbols.
+ if test "$allow_undefined" = yes; then
+ if test "$allow_undefined_flag" = unsupported; then
+ func_warning "undefined symbols not allowed in $host shared libraries"
+ build_libtool_libs=no
+ build_old_libs=yes
+ fi
+ else
+ # Don't allow undefined symbols.
+ allow_undefined_flag="$no_undefined_flag"
+ fi
+
+ fi
+
+ func_generate_dlsyms "$libname" "$libname" "yes"
+ libobjs="$libobjs $symfileobj"
+ test "X$libobjs" = "X " && libobjs=
+
+ if test "$mode" != relink; then
+ # Remove our outputs, but don't remove object files since they
+ # may have been created when compiling PIC objects.
+ removelist=
+ tempremovelist=`$ECHO "$output_objdir/*"`
+ for p in $tempremovelist; do
+ case $p in
+ *.$objext | *.gcno)
+ ;;
+ $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/${libname}${release}.*)
+ if test "X$precious_files_regex" != "X"; then
+ if $ECHO "$p" | $EGREP -e "$precious_files_regex" >/dev/null 2>&1
+ then
+ continue
+ fi
+ fi
+ removelist="$removelist $p"
+ ;;
+ *) ;;
+ esac
+ done
+ test -n "$removelist" && \
+ func_show_eval "${RM}r \$removelist"
+ fi
+
+ # Now set the variables for building old libraries.
+ if test "$build_old_libs" = yes && test "$build_libtool_libs" != convenience ; then
+ oldlibs="$oldlibs $output_objdir/$libname.$libext"
+
+ # Transform .lo files to .o files.
+ oldobjs="$objs "`$ECHO "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}'$/d' -e "$lo2o" | $NL2SP`
+ fi
+
+ # Eliminate all temporary directories.
+ #for path in $notinst_path; do
+ # lib_search_path=`$ECHO "X$lib_search_path " | $Xsed -e "s% $path % %g"`
+ # deplibs=`$ECHO "X$deplibs " | $Xsed -e "s% -L$path % %g"`
+ # dependency_libs=`$ECHO "X$dependency_libs " | $Xsed -e "s% -L$path % %g"`
+ #done
+
+ if test -n "$xrpath"; then
+ # If the user specified any rpath flags, then add them.
+ temp_xrpath=
+ for libdir in $xrpath; do
+ temp_xrpath="$temp_xrpath -R$libdir"
+ case "$finalize_rpath " in
+ *" $libdir "*) ;;
+ *) finalize_rpath="$finalize_rpath $libdir" ;;
+ esac
+ done
+ if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then
+ dependency_libs="$temp_xrpath $dependency_libs"
+ fi
+ fi
+
+ # Make sure dlfiles contains only unique files that won't be dlpreopened
+ old_dlfiles="$dlfiles"
+ dlfiles=
+ for lib in $old_dlfiles; do
+ case " $dlprefiles $dlfiles " in
+ *" $lib "*) ;;
+ *) dlfiles="$dlfiles $lib" ;;
+ esac
+ done
+
+ # Make sure dlprefiles contains only unique files
+ old_dlprefiles="$dlprefiles"
+ dlprefiles=
+ for lib in $old_dlprefiles; do
+ case "$dlprefiles " in
+ *" $lib "*) ;;
+ *) dlprefiles="$dlprefiles $lib" ;;
+ esac
+ done
+
+ if test "$build_libtool_libs" = yes; then
+ if test -n "$rpath"; then
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos* | *-cegcc*)
+ # these systems don't actually have a c library (as such)!
+ ;;
+ *-*-rhapsody* | *-*-darwin1.[012])
+ # Rhapsody C library is in the System framework
+ deplibs="$deplibs System.ltframework"
+ ;;
+ *-*-netbsd*)
+ # Don't link with libc until the a.out ld.so is fixed.
+ ;;
+ *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+ # Do not include libc due to us having libc/libc_r.
+ ;;
+ *-*-sco3.2v5* | *-*-sco5v6*)
+ # Causes problems with __ctype
+ ;;
+ *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*)
+ # Compiler inserts libc in the correct place for threads to work
+ ;;
+ *)
+ # Add libc to deplibs on all other systems if necessary.
+ if test "$build_libtool_need_lc" = "yes"; then
+ deplibs="$deplibs -lc"
+ fi
+ ;;
+ esac
+ fi
+
+ # Transform deplibs into only deplibs that can be linked in shared.
+ name_save=$name
+ libname_save=$libname
+ release_save=$release
+ versuffix_save=$versuffix
+ major_save=$major
+ # I'm not sure if I'm treating the release correctly. I think
+ # release should show up in the -l (ie -lgmp5) so we don't want to
+ # add it in twice. Is that correct?
+ release=""
+ versuffix=""
+ major=""
+ newdeplibs=
+ droppeddeps=no
+ case $deplibs_check_method in
+ pass_all)
+ # Don't check for shared/static. Everything works.
+ # This might be a little naive. We might want to check
+ # whether the library exists or not. But this is on
+ # osf3 & osf4 and I'm not really sure... Just
+ # implementing what was already the behavior.
+ newdeplibs=$deplibs
+ ;;
+ test_compile)
+ # This code stresses the "libraries are programs" paradigm to its
+ # limits. Maybe even breaks it. We compile a program, linking it
+ # against the deplibs as a proxy for the library. Then we can check
+ # whether they linked in statically or dynamically with ldd.
+ $opt_dry_run || $RM conftest.c
+ cat > conftest.c <<EOF
+ int main() { return 0; }
+EOF
+ $opt_dry_run || $RM conftest
+ if $LTCC $LTCFLAGS -o conftest conftest.c $deplibs; then
+ ldd_output=`ldd conftest`
+ for i in $deplibs; do
+ case $i in
+ -l*)
+ func_stripname -l '' "$i"
+ name=$func_stripname_result
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ case " $predeps $postdeps " in
+ *" $i "*)
+ newdeplibs="$newdeplibs $i"
+ i=""
+ ;;
+ esac
+ fi
+ if test -n "$i" ; then
+ libname=`eval "\\$ECHO \"$libname_spec\""`
+ deplib_matches=`eval "\\$ECHO \"$library_names_spec\""`
+ set dummy $deplib_matches; shift
+ deplib_match=$1
+ if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then
+ newdeplibs="$newdeplibs $i"
+ else
+ droppeddeps=yes
+ $ECHO
+ $ECHO "*** Warning: dynamic linker does not accept needed library $i."
+ $ECHO "*** I have the capability to make that library automatically link in when"
+ $ECHO "*** you link to this library. But I can only do this if you have a"
+ $ECHO "*** shared version of the library, which I believe you do not have"
+ $ECHO "*** because a test_compile did reveal that the linker did not use it for"
+ $ECHO "*** its dynamic dependency list that programs get resolved with at runtime."
+ fi
+ fi
+ ;;
+ *)
+ newdeplibs="$newdeplibs $i"
+ ;;
+ esac
+ done
+ else
+ # Error occurred in the first compile. Let's try to salvage
+ # the situation: Compile a separate program for each library.
+ for i in $deplibs; do
+ case $i in
+ -l*)
+ func_stripname -l '' "$i"
+ name=$func_stripname_result
+ $opt_dry_run || $RM conftest
+ if $LTCC $LTCFLAGS -o conftest conftest.c $i; then
+ ldd_output=`ldd conftest`
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ case " $predeps $postdeps " in
+ *" $i "*)
+ newdeplibs="$newdeplibs $i"
+ i=""
+ ;;
+ esac
+ fi
+ if test -n "$i" ; then
+ libname=`eval "\\$ECHO \"$libname_spec\""`
+ deplib_matches=`eval "\\$ECHO \"$library_names_spec\""`
+ set dummy $deplib_matches; shift
+ deplib_match=$1
+ if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then
+ newdeplibs="$newdeplibs $i"
+ else
+ droppeddeps=yes
+ $ECHO
+ $ECHO "*** Warning: dynamic linker does not accept needed library $i."
+ $ECHO "*** I have the capability to make that library automatically link in when"
+ $ECHO "*** you link to this library. But I can only do this if you have a"
+ $ECHO "*** shared version of the library, which you do not appear to have"
+ $ECHO "*** because a test_compile did reveal that the linker did not use this one"
+ $ECHO "*** as a dynamic dependency that programs can get resolved with at runtime."
+ fi
+ fi
+ else
+ droppeddeps=yes
+ $ECHO
+ $ECHO "*** Warning! Library $i is needed by this library but I was not able to"
+ $ECHO "*** make it link in! You will probably need to install it or some"
+ $ECHO "*** library that it depends on before this library will be fully"
+ $ECHO "*** functional. Installing it before continuing would be even better."
+ fi
+ ;;
+ *)
+ newdeplibs="$newdeplibs $i"
+ ;;
+ esac
+ done
+ fi
+ ;;
+ file_magic*)
+ set dummy $deplibs_check_method; shift
+ file_magic_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"`
+ for a_deplib in $deplibs; do
+ case $a_deplib in
+ -l*)
+ func_stripname -l '' "$a_deplib"
+ name=$func_stripname_result
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ case " $predeps $postdeps " in
+ *" $a_deplib "*)
+ newdeplibs="$newdeplibs $a_deplib"
+ a_deplib=""
+ ;;
+ esac
+ fi
+ if test -n "$a_deplib" ; then
+ libname=`eval "\\$ECHO \"$libname_spec\""`
+ for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
+ potential_libs=`ls $i/$libname[.-]* 2>/dev/null`
+ for potent_lib in $potential_libs; do
+ # Follow soft links.
+ if ls -lLd "$potent_lib" 2>/dev/null |
+ $GREP " -> " >/dev/null; then
+ continue
+ fi
+ # The statement above tries to avoid entering an
+ # endless loop below, in case of cyclic links.
+ # We might still enter an endless loop, since a link
+ # loop can be closed while we follow links,
+ # but so what?
+ potlib="$potent_lib"
+ while test -h "$potlib" 2>/dev/null; do
+ potliblink=`ls -ld $potlib | ${SED} 's/.* -> //'`
+ case $potliblink in
+ [\\/]* | [A-Za-z]:[\\/]*) potlib="$potliblink";;
+ *) potlib=`$ECHO "X$potlib" | $Xsed -e 's,[^/]*$,,'`"$potliblink";;
+ esac
+ done
+ if eval $file_magic_cmd \"\$potlib\" 2>/dev/null |
+ $SED -e 10q |
+ $EGREP "$file_magic_regex" > /dev/null; then
+ newdeplibs="$newdeplibs $a_deplib"
+ a_deplib=""
+ break 2
+ fi
+ done
+ done
+ fi
+ if test -n "$a_deplib" ; then
+ droppeddeps=yes
+ $ECHO
+ $ECHO "*** Warning: linker path does not have real file for library $a_deplib."
+ $ECHO "*** I have the capability to make that library automatically link in when"
+ $ECHO "*** you link to this library. But I can only do this if you have a"
+ $ECHO "*** shared version of the library, which you do not appear to have"
+ $ECHO "*** because I did check the linker path looking for a file starting"
+ if test -z "$potlib" ; then
+ $ECHO "*** with $libname but no candidates were found. (...for file magic test)"
+ else
+ $ECHO "*** with $libname and none of the candidates passed a file format test"
+ $ECHO "*** using a file magic. Last file checked: $potlib"
+ fi
+ fi
+ ;;
+ *)
+ # Add a -L argument.
+ newdeplibs="$newdeplibs $a_deplib"
+ ;;
+ esac
+ done # Gone through all deplibs.
+ ;;
+ match_pattern*)
+ set dummy $deplibs_check_method; shift
+ match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"`
+ for a_deplib in $deplibs; do
+ case $a_deplib in
+ -l*)
+ func_stripname -l '' "$a_deplib"
+ name=$func_stripname_result
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ case " $predeps $postdeps " in
+ *" $a_deplib "*)
+ newdeplibs="$newdeplibs $a_deplib"
+ a_deplib=""
+ ;;
+ esac
+ fi
+ if test -n "$a_deplib" ; then
+ libname=`eval "\\$ECHO \"$libname_spec\""`
+ for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
+ potential_libs=`ls $i/$libname[.-]* 2>/dev/null`
+ for potent_lib in $potential_libs; do
+ potlib="$potent_lib" # see symlink-check above in file_magic test
+ if eval "\$ECHO \"X$potent_lib\"" 2>/dev/null | $Xsed -e 10q | \
+ $EGREP "$match_pattern_regex" > /dev/null; then
+ newdeplibs="$newdeplibs $a_deplib"
+ a_deplib=""
+ break 2
+ fi
+ done
+ done
+ fi
+ if test -n "$a_deplib" ; then
+ droppeddeps=yes
+ $ECHO
+ $ECHO "*** Warning: linker path does not have real file for library $a_deplib."
+ $ECHO "*** I have the capability to make that library automatically link in when"
+ $ECHO "*** you link to this library. But I can only do this if you have a"
+ $ECHO "*** shared version of the library, which you do not appear to have"
+ $ECHO "*** because I did check the linker path looking for a file starting"
+ if test -z "$potlib" ; then
+ $ECHO "*** with $libname but no candidates were found. (...for regex pattern test)"
+ else
+ $ECHO "*** with $libname and none of the candidates passed a file format test"
+ $ECHO "*** using a regex pattern. Last file checked: $potlib"
+ fi
+ fi
+ ;;
+ *)
+ # Add a -L argument.
+ newdeplibs="$newdeplibs $a_deplib"
+ ;;
+ esac
+ done # Gone through all deplibs.
+ ;;
+ none | unknown | *)
+ newdeplibs=""
+ tmp_deplibs=`$ECHO "X $deplibs" | $Xsed \
+ -e 's/ -lc$//' -e 's/ -[LR][^ ]*//g'`
+ if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+ for i in $predeps $postdeps ; do
+ # can't use Xsed below, because $i might contain '/'
+ tmp_deplibs=`$ECHO "X $tmp_deplibs" | $Xsed -e "s,$i,,"`
+ done
+ fi
+ if $ECHO "X $tmp_deplibs" | $Xsed -e 's/[ ]//g' |
+ $GREP . >/dev/null; then
+ $ECHO
+ if test "X$deplibs_check_method" = "Xnone"; then
+ $ECHO "*** Warning: inter-library dependencies are not supported in this platform."
+ else
+ $ECHO "*** Warning: inter-library dependencies are not known to be supported."
+ fi
+ $ECHO "*** All declared inter-library dependencies are being dropped."
+ droppeddeps=yes
+ fi
+ ;;
+ esac
+ versuffix=$versuffix_save
+ major=$major_save
+ release=$release_save
+ libname=$libname_save
+ name=$name_save
+
+ case $host in
+ *-*-rhapsody* | *-*-darwin1.[012])
+ # On Rhapsody replace the C library with the System framework
+ newdeplibs=`$ECHO "X $newdeplibs" | $Xsed -e 's/ -lc / System.ltframework /'`
+ ;;
+ esac
+
+ if test "$droppeddeps" = yes; then
+ if test "$module" = yes; then
+ $ECHO
+ $ECHO "*** Warning: libtool could not satisfy all declared inter-library"
+ $ECHO "*** dependencies of module $libname. Therefore, libtool will create"
+ $ECHO "*** a static module, that should work as long as the dlopening"
+ $ECHO "*** application is linked with the -dlopen flag."
+ if test -z "$global_symbol_pipe"; then
+ $ECHO
+ $ECHO "*** However, this would only work if libtool was able to extract symbol"
+ $ECHO "*** lists from a program, using \`nm' or equivalent, but libtool could"
+ $ECHO "*** not find such a program. So, this module is probably useless."
+ $ECHO "*** \`nm' from GNU binutils and a full rebuild may help."
+ fi
+ if test "$build_old_libs" = no; then
+ oldlibs="$output_objdir/$libname.$libext"
+ build_libtool_libs=module
+ build_old_libs=yes
+ else
+ build_libtool_libs=no
+ fi
+ else
+ $ECHO "*** The inter-library dependencies that have been dropped here will be"
+ $ECHO "*** automatically added whenever a program is linked with this library"
+ $ECHO "*** or is declared to -dlopen it."
+
+ if test "$allow_undefined" = no; then
+ $ECHO
+ $ECHO "*** Since this library must not contain undefined symbols,"
+ $ECHO "*** because either the platform does not support them or"
+ $ECHO "*** it was explicitly requested with -no-undefined,"
+ $ECHO "*** libtool will only create a static version of it."
+ if test "$build_old_libs" = no; then
+ oldlibs="$output_objdir/$libname.$libext"
+ build_libtool_libs=module
+ build_old_libs=yes
+ else
+ build_libtool_libs=no
+ fi
+ fi
+ fi
+ fi
+ # Done checking deplibs!
+ deplibs=$newdeplibs
+ fi
+ # Time to change all our "foo.ltframework" stuff back to "-framework foo"
+ case $host in
+ *-*-darwin*)
+ newdeplibs=`$ECHO "X $newdeplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+ new_inherited_linker_flags=`$ECHO "X $new_inherited_linker_flags" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+ deplibs=`$ECHO "X $deplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+ ;;
+ esac
+
+ # move library search paths that coincide with paths to not yet
+ # installed libraries to the beginning of the library search list
+ new_libs=
+ for path in $notinst_path; do
+ case " $new_libs " in
+ *" -L$path/$objdir "*) ;;
+ *)
+ case " $deplibs " in
+ *" -L$path/$objdir "*)
+ new_libs="$new_libs -L$path/$objdir" ;;
+ esac
+ ;;
+ esac
+ done
+ for deplib in $deplibs; do
+ case $deplib in
+ -L*)
+ case " $new_libs " in
+ *" $deplib "*) ;;
+ *) new_libs="$new_libs $deplib" ;;
+ esac
+ ;;
+ *) new_libs="$new_libs $deplib" ;;
+ esac
+ done
+ deplibs="$new_libs"
+
+ # All the library-specific variables (install_libdir is set above).
+ library_names=
+ old_library=
+ dlname=
+
+ # Test again, we may have decided not to build it any more
+ if test "$build_libtool_libs" = yes; then
+ if test "$hardcode_into_libs" = yes; then
+ # Hardcode the library paths
+ hardcode_libdirs=
+ dep_rpath=
+ rpath="$finalize_rpath"
+ test "$mode" != relink && rpath="$compile_rpath$rpath"
+ for libdir in $rpath; do
+ if test -n "$hardcode_libdir_flag_spec"; then
+ if test -n "$hardcode_libdir_separator"; then
+ if test -z "$hardcode_libdirs"; then
+ hardcode_libdirs="$libdir"
+ else
+ # Just accumulate the unique libdirs.
+ case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
+ *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
+ ;;
+ *)
+ hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
+ ;;
+ esac
+ fi
+ else
+ eval flag=\"$hardcode_libdir_flag_spec\"
+ dep_rpath="$dep_rpath $flag"
+ fi
+ elif test -n "$runpath_var"; then
+ case "$perm_rpath " in
+ *" $libdir "*) ;;
+ *) perm_rpath="$perm_rpath $libdir" ;;
+ esac
+ fi
+ done
+ # Substitute the hardcoded libdirs into the rpath.
+ if test -n "$hardcode_libdir_separator" &&
+ test -n "$hardcode_libdirs"; then
+ libdir="$hardcode_libdirs"
+ if test -n "$hardcode_libdir_flag_spec_ld"; then
+ eval dep_rpath=\"$hardcode_libdir_flag_spec_ld\"
+ else
+ eval dep_rpath=\"$hardcode_libdir_flag_spec\"
+ fi
+ fi
+ if test -n "$runpath_var" && test -n "$perm_rpath"; then
+ # We should set the runpath_var.
+ rpath=
+ for dir in $perm_rpath; do
+ rpath="$rpath$dir:"
+ done
+ eval "$runpath_var='$rpath\$$runpath_var'; export $runpath_var"
+ fi
+ test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs"
+ fi
+
+ shlibpath="$finalize_shlibpath"
+ test "$mode" != relink && shlibpath="$compile_shlibpath$shlibpath"
+ if test -n "$shlibpath"; then
+ eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var"
+ fi
+
+ # Get the real and link names of the library.
+ eval shared_ext=\"$shrext_cmds\"
+ eval library_names=\"$library_names_spec\"
+ set dummy $library_names
+ shift
+ realname="$1"
+ shift
+
+ if test -n "$soname_spec"; then
+ eval soname=\"$soname_spec\"
+ else
+ soname="$realname"
+ fi
+ if test -z "$dlname"; then
+ dlname=$soname
+ fi
+
+ lib="$output_objdir/$realname"
+ linknames=
+ for link
+ do
+ linknames="$linknames $link"
+ done
+
+ # Use standard objects if they are pic
+ test -z "$pic_flag" && libobjs=`$ECHO "X$libobjs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+ test "X$libobjs" = "X " && libobjs=
+
+ delfiles=
+ if test -n "$export_symbols" && test -n "$include_expsyms"; then
+ $opt_dry_run || cp "$export_symbols" "$output_objdir/$libname.uexp"
+ export_symbols="$output_objdir/$libname.uexp"
+ delfiles="$delfiles $export_symbols"
+ fi
+
+ orig_export_symbols=
+ case $host_os in
+ cygwin* | mingw* | cegcc*)
+ if test -n "$export_symbols" && test -z "$export_symbols_regex"; then
+ # exporting using user supplied symfile
+ if test "x`$SED 1q $export_symbols`" != xEXPORTS; then
+ # and it's NOT already a .def file. Must figure out
+ # which of the given symbols are data symbols and tag
+ # them as such. So, trigger use of export_symbols_cmds.
+ # export_symbols gets reassigned inside the "prepare
+ # the list of exported symbols" if statement, so the
+ # include_expsyms logic still works.
+ orig_export_symbols="$export_symbols"
+ export_symbols=
+ always_export_symbols=yes
+ fi
+ fi
+ ;;
+ esac
+
+ # Prepare the list of exported symbols
+ if test -z "$export_symbols"; then
+ if test "$always_export_symbols" = yes || test -n "$export_symbols_regex"; then
+ func_verbose "generating symbol list for \`$libname.la'"
+ export_symbols="$output_objdir/$libname.exp"
+ $opt_dry_run || $RM $export_symbols
+ cmds=$export_symbols_cmds
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ func_len " $cmd"
+ len=$func_len_result
+ if test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then
+ func_show_eval "$cmd" 'exit $?'
+ skipped_export=false
+ else
+ # The command line is too long to execute in one step.
+ func_verbose "using reloadable object file for export list..."
+ skipped_export=:
+ # Break out early, otherwise skipped_export may be
+ # set to false by a later but shorter cmd.
+ break
+ fi
+ done
+ IFS="$save_ifs"
+ if test -n "$export_symbols_regex" && test "X$skipped_export" != "X:"; then
+ func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"'
+ func_show_eval '$MV "${export_symbols}T" "$export_symbols"'
+ fi
+ fi
+ fi
+
+ if test -n "$export_symbols" && test -n "$include_expsyms"; then
+ tmp_export_symbols="$export_symbols"
+ test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols"
+ $opt_dry_run || eval '$ECHO "X$include_expsyms" | $Xsed | $SP2NL >> "$tmp_export_symbols"'
+ fi
+
+ if test "X$skipped_export" != "X:" && test -n "$orig_export_symbols"; then
+ # The given exports_symbols file has to be filtered, so filter it.
+ func_verbose "filter symbol list for \`$libname.la' to tag DATA exports"
+ # FIXME: $output_objdir/$libname.filter potentially contains lots of
+ # 's' commands which not all seds can handle. GNU sed should be fine
+ # though. Also, the filter scales superlinearly with the number of
+ # global variables. join(1) would be nice here, but unfortunately
+ # isn't a blessed tool.
+ $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter
+ delfiles="$delfiles $export_symbols $output_objdir/$libname.filter"
+ export_symbols=$output_objdir/$libname.def
+ $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols
+ fi
+
+ tmp_deplibs=
+ for test_deplib in $deplibs; do
+ case " $convenience " in
+ *" $test_deplib "*) ;;
+ *)
+ tmp_deplibs="$tmp_deplibs $test_deplib"
+ ;;
+ esac
+ done
+ deplibs="$tmp_deplibs"
+
+ if test -n "$convenience"; then
+ if test -n "$whole_archive_flag_spec" &&
+ test "$compiler_needs_object" = yes &&
+ test -z "$libobjs"; then
+ # extract the archives, so we have objects to list.
+ # TODO: could optimize this to just extract one archive.
+ whole_archive_flag_spec=
+ fi
+ if test -n "$whole_archive_flag_spec"; then
+ save_libobjs=$libobjs
+ eval libobjs=\"\$libobjs $whole_archive_flag_spec\"
+ test "X$libobjs" = "X " && libobjs=
+ else
+ gentop="$output_objdir/${outputname}x"
+ generated="$generated $gentop"
+
+ func_extract_archives $gentop $convenience
+ libobjs="$libobjs $func_extract_archives_result"
+ test "X$libobjs" = "X " && libobjs=
+ fi
+ fi
+
+ if test "$thread_safe" = yes && test -n "$thread_safe_flag_spec"; then
+ eval flag=\"$thread_safe_flag_spec\"
+ linker_flags="$linker_flags $flag"
+ fi
+
+ # Make a backup of the uninstalled library when relinking
+ if test "$mode" = relink; then
+ $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}U && $MV $realname ${realname}U)' || exit $?
+ fi
+
+ # Do each of the archive commands.
+ if test "$module" = yes && test -n "$module_cmds" ; then
+ if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then
+ eval test_cmds=\"$module_expsym_cmds\"
+ cmds=$module_expsym_cmds
+ else
+ eval test_cmds=\"$module_cmds\"
+ cmds=$module_cmds
+ fi
+ else
+ if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then
+ eval test_cmds=\"$archive_expsym_cmds\"
+ cmds=$archive_expsym_cmds
+ else
+ eval test_cmds=\"$archive_cmds\"
+ cmds=$archive_cmds
+ fi
+ fi
+
+ if test "X$skipped_export" != "X:" &&
+ func_len " $test_cmds" &&
+ len=$func_len_result &&
+ test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then
+ :
+ else
+ # The command line is too long to link in one step, link piecewise
+ # or, if using GNU ld and skipped_export is not :, use a linker
+ # script.
+
+ # Save the value of $output and $libobjs because we want to
+ # use them later. If we have whole_archive_flag_spec, we
+ # want to use save_libobjs as it was before
+ # whole_archive_flag_spec was expanded, because we can't
+ # assume the linker understands whole_archive_flag_spec.
+ # This may have to be revisited, in case too many
+ # convenience libraries get linked in and end up exceeding
+ # the spec.
+ if test -z "$convenience" || test -z "$whole_archive_flag_spec"; then
+ save_libobjs=$libobjs
+ fi
+ save_output=$output
+ output_la=`$ECHO "X$output" | $Xsed -e "$basename"`
+
+ # Clear the reloadable object creation command queue and
+ # initialize k to one.
+ test_cmds=
+ concat_cmds=
+ objlist=
+ last_robj=
+ k=1
+
+ if test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "$with_gnu_ld" = yes; then
+ output=${output_objdir}/${output_la}.lnkscript
+ func_verbose "creating GNU ld script: $output"
+ $ECHO 'INPUT (' > $output
+ for obj in $save_libobjs
+ do
+ $ECHO "$obj" >> $output
+ done
+ $ECHO ')' >> $output
+ delfiles="$delfiles $output"
+ elif test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "X$file_list_spec" != X; then
+ output=${output_objdir}/${output_la}.lnk
+ func_verbose "creating linker input file list: $output"
+ : > $output
+ set x $save_libobjs
+ shift
+ firstobj=
+ if test "$compiler_needs_object" = yes; then
+ firstobj="$1 "
+ shift
+ fi
+ for obj
+ do
+ $ECHO "$obj" >> $output
+ done
+ delfiles="$delfiles $output"
+ output=$firstobj\"$file_list_spec$output\"
+ else
+ if test -n "$save_libobjs"; then
+ func_verbose "creating reloadable object files..."
+ output=$output_objdir/$output_la-${k}.$objext
+ eval test_cmds=\"$reload_cmds\"
+ func_len " $test_cmds"
+ len0=$func_len_result
+ len=$len0
+
+ # Loop over the list of objects to be linked.
+ for obj in $save_libobjs
+ do
+ func_len " $obj"
+ func_arith $len + $func_len_result
+ len=$func_arith_result
+ if test "X$objlist" = X ||
+ test "$len" -lt "$max_cmd_len"; then
+ func_append objlist " $obj"
+ else
+ # The command $test_cmds is almost too long, add a
+ # command to the queue.
+ if test "$k" -eq 1 ; then
+ # The first file doesn't have a previous command to add.
+ eval concat_cmds=\"$reload_cmds $objlist $last_robj\"
+ else
+ # All subsequent reloadable object files will link in
+ # the last one created.
+ eval concat_cmds=\"\$concat_cmds~$reload_cmds $objlist $last_robj~\$RM $last_robj\"
+ fi
+ last_robj=$output_objdir/$output_la-${k}.$objext
+ func_arith $k + 1
+ k=$func_arith_result
+ output=$output_objdir/$output_la-${k}.$objext
+ objlist=$obj
+ func_len " $last_robj"
+ func_arith $len0 + $func_len_result
+ len=$func_arith_result
+ fi
+ done
+ # Handle the remaining objects by creating one last
+ # reloadable object file. All subsequent reloadable object
+ # files will link in the last one created.
+ test -z "$concat_cmds" || concat_cmds=$concat_cmds~
+ eval concat_cmds=\"\${concat_cmds}$reload_cmds $objlist $last_robj\"
+ if test -n "$last_robj"; then
+ eval concat_cmds=\"\${concat_cmds}~\$RM $last_robj\"
+ fi
+ delfiles="$delfiles $output"
+
+ else
+ output=
+ fi
+
+ if ${skipped_export-false}; then
+ func_verbose "generating symbol list for \`$libname.la'"
+ export_symbols="$output_objdir/$libname.exp"
+ $opt_dry_run || $RM $export_symbols
+ libobjs=$output
+ # Append the command to create the export file.
+ test -z "$concat_cmds" || concat_cmds=$concat_cmds~
+ eval concat_cmds=\"\$concat_cmds$export_symbols_cmds\"
+ if test -n "$last_robj"; then
+ eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\"
+ fi
+ fi
+
+ test -n "$save_libobjs" &&
+ func_verbose "creating a temporary reloadable object file: $output"
+
+ # Loop through the commands generated above and execute them.
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $concat_cmds; do
+ IFS="$save_ifs"
+ $opt_silent || {
+ func_quote_for_expand "$cmd"
+ eval "func_echo $func_quote_for_expand_result"
+ }
+ $opt_dry_run || eval "$cmd" || {
+ lt_exit=$?
+
+ # Restore the uninstalled library and exit
+ if test "$mode" = relink; then
+ ( cd "$output_objdir" && \
+ $RM "${realname}T" && \
+ $MV "${realname}U" "$realname" )
+ fi
+
+ exit $lt_exit
+ }
+ done
+ IFS="$save_ifs"
+
+ if test -n "$export_symbols_regex" && ${skipped_export-false}; then
+ func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"'
+ func_show_eval '$MV "${export_symbols}T" "$export_symbols"'
+ fi
+ fi
+
+ if ${skipped_export-false}; then
+ if test -n "$export_symbols" && test -n "$include_expsyms"; then
+ tmp_export_symbols="$export_symbols"
+ test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols"
+ $opt_dry_run || eval '$ECHO "X$include_expsyms" | $Xsed | $SP2NL >> "$tmp_export_symbols"'
+ fi
+
+ if test -n "$orig_export_symbols"; then
+ # The given exports_symbols file has to be filtered, so filter it.
+ func_verbose "filter symbol list for \`$libname.la' to tag DATA exports"
+ # FIXME: $output_objdir/$libname.filter potentially contains lots of
+ # 's' commands which not all seds can handle. GNU sed should be fine
+ # though. Also, the filter scales superlinearly with the number of
+ # global variables. join(1) would be nice here, but unfortunately
+ # isn't a blessed tool.
+ $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter
+ delfiles="$delfiles $export_symbols $output_objdir/$libname.filter"
+ export_symbols=$output_objdir/$libname.def
+ $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols
+ fi
+ fi
+
+ libobjs=$output
+ # Restore the value of output.
+ output=$save_output
+
+ if test -n "$convenience" && test -n "$whole_archive_flag_spec"; then
+ eval libobjs=\"\$libobjs $whole_archive_flag_spec\"
+ test "X$libobjs" = "X " && libobjs=
+ fi
+ # Expand the library linking commands again to reset the
+ # value of $libobjs for piecewise linking.
+
+ # Do each of the archive commands.
+ if test "$module" = yes && test -n "$module_cmds" ; then
+ if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then
+ cmds=$module_expsym_cmds
+ else
+ cmds=$module_cmds
+ fi
+ else
+ if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then
+ cmds=$archive_expsym_cmds
+ else
+ cmds=$archive_cmds
+ fi
+ fi
+ fi
+
+ if test -n "$delfiles"; then
+ # Append the command to remove temporary files to $cmds.
+ eval cmds=\"\$cmds~\$RM $delfiles\"
+ fi
+
+ # Add any objects from preloaded convenience libraries
+ if test -n "$dlprefiles"; then
+ gentop="$output_objdir/${outputname}x"
+ generated="$generated $gentop"
+
+ func_extract_archives $gentop $dlprefiles
+ libobjs="$libobjs $func_extract_archives_result"
+ test "X$libobjs" = "X " && libobjs=
+ fi
+
+ save_ifs="$IFS"; IFS='~'
+ for cmd in $cmds; do
+ IFS="$save_ifs"
+ eval cmd=\"$cmd\"
+ $opt_silent || {
+ func_quote_for_expand "$cmd"
+ eval "func_echo $func_quote_for_expand_result"
+ }
+ $opt_dry_run || eval "$cmd" || {
+ lt_exit=$?
+
+ # Restore the uninstalled library and exit
+ if test "$mode" = relink; then
+ ( cd "$output_objdir" && \
+ $RM "${realname}T" && \
+ $MV "${realname}U" "$realname" )
+ fi
+
+ exit $lt_exit
+ }
+ done
+ IFS="$save_ifs"
+
+ # Restore the uninstalled library and exit
+ if test "$mode" = relink; then
+ $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}T && $MV $realname ${realname}T && $MV ${realname}U $realname)' || exit $?
+
+ if test -n "$convenience"; then
+ if test -z "$whole_archive_flag_spec"; then
+ func_show_eval '${RM}r "$gentop"'
+ fi
+ fi
+
+ exit $EXIT_SUCCESS
+ fi
+
+ # Create links to the real library.
+ for linkname in $linknames; do
+ if test "$realname" != "$linkname"; then
+ func_show_eval '(cd "$output_objdir" && $RM "$linkname" && $LN_S "$realname" "$linkname")' 'exit $?'
+ fi
+ done
+
+ # If -module or -export-dynamic was specified, set the dlname.
+ if test "$module" = yes || test "$export_dynamic" = yes; then
+ # On all known operating systems, these are identical.
+ dlname="$soname"
+ fi
+ fi
+ ;;
+
+ obj)
+ if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
+ func_warning "\`-dlopen' is ignored for objects"
+ fi
+
+ case " $deplibs" in
+ *\ -l* | *\ -L*)
+ func_warning "\`-l' and \`-L' are ignored for objects" ;;
+ esac
+
+ test -n "$rpath" && \
+ func_warning "\`-rpath' is ignored for objects"
+
+ test -n "$xrpath" && \
+ func_warning "\`-R' is ignored for objects"
+
+ test -n "$vinfo" && \
+ func_warning "\`-version-info' is ignored for objects"
+
+ test -n "$release" && \
+ func_warning "\`-release' is ignored for objects"
+
+ case $output in
+ *.lo)
+ test -n "$objs$old_deplibs" && \
+ func_fatal_error "cannot build library object \`$output' from non-libtool objects"
+
+ libobj=$output
+ func_lo2o "$libobj"
+ obj=$func_lo2o_result
+ ;;
+ *)
+ libobj=
+ obj="$output"
+ ;;
+ esac
+
+ # Delete the old objects.
+ $opt_dry_run || $RM $obj $libobj
+
+ # Objects from convenience libraries. This assumes
+ # single-version convenience libraries. Whenever we create
+ # different ones for PIC/non-PIC, this we'll have to duplicate
+ # the extraction.
+ reload_conv_objs=
+ gentop=
+ # reload_cmds runs $LD directly, so let us get rid of
+ # -Wl from whole_archive_flag_spec and hope we can get by with
+ # turning comma into space..
+ wl=
+
+ if test -n "$convenience"; then
+ if test -n "$whole_archive_flag_spec"; then
+ eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\"
+ reload_conv_objs=$reload_objs\ `$ECHO "X$tmp_whole_archive_flags" | $Xsed -e 's|,| |g'`
+ else
+ gentop="$output_objdir/${obj}x"
+ generated="$generated $gentop"
+
+ func_extract_archives $gentop $convenience
+ reload_conv_objs="$reload_objs $func_extract_archives_result"
+ fi
+ fi
+
+ # Create the old-style object.
+ reload_objs="$objs$old_deplibs "`$ECHO "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}$'/d' -e '/\.lib$/d' -e "$lo2o" | $NL2SP`" $reload_conv_objs" ### testsuite: skip nested quoting test
+
+ output="$obj"
+ func_execute_cmds "$reload_cmds" 'exit $?'
+
+ # Exit if we aren't doing a library object file.
+ if test -z "$libobj"; then
+ if test -n "$gentop"; then
+ func_show_eval '${RM}r "$gentop"'
+ fi
+
+ exit $EXIT_SUCCESS
+ fi
+
+ if test "$build_libtool_libs" != yes; then
+ if test -n "$gentop"; then
+ func_show_eval '${RM}r "$gentop"'
+ fi
+
+ # Create an invalid libtool object if no PIC, so that we don't
+ # accidentally link it into a program.
+ # $show "echo timestamp > $libobj"
+ # $opt_dry_run || eval "echo timestamp > $libobj" || exit $?
+ exit $EXIT_SUCCESS
+ fi
+
+ if test -n "$pic_flag" || test "$pic_mode" != default; then
+ # Only do commands if we really have different PIC objects.
+ reload_objs="$libobjs $reload_conv_objs"
+ output="$libobj"
+ func_execute_cmds "$reload_cmds" 'exit $?'
+ fi
+
+ if test -n "$gentop"; then
+ func_show_eval '${RM}r "$gentop"'
+ fi
+
+ exit $EXIT_SUCCESS
+ ;;
+
+ prog)
+ case $host in
+ *cygwin*) func_stripname '' '.exe' "$output"
+ output=$func_stripname_result.exe;;
+ esac
+ test -n "$vinfo" && \
+ func_warning "\`-version-info' is ignored for programs"
+
+ test -n "$release" && \
+ func_warning "\`-release' is ignored for programs"
+
+ test "$preload" = yes \
+ && test "$dlopen_support" = unknown \
+ && test "$dlopen_self" = unknown \
+ && test "$dlopen_self_static" = unknown && \
+ func_warning "\`LT_INIT([dlopen])' not used. Assuming no dlopen support."
+
+ case $host in
+ *-*-rhapsody* | *-*-darwin1.[012])
+ # On Rhapsody replace the C library is the System framework
+ compile_deplibs=`$ECHO "X $compile_deplibs" | $Xsed -e 's/ -lc / System.ltframework /'`
+ finalize_deplibs=`$ECHO "X $finalize_deplibs" | $Xsed -e 's/ -lc / System.ltframework /'`
+ ;;
+ esac
+
+ case $host in
+ *-*-darwin*)
+ # Don't allow lazy linking, it breaks C++ global constructors
+ # But is supposedly fixed on 10.4 or later (yay!).
+ if test "$tagname" = CXX ; then
+ case ${MACOSX_DEPLOYMENT_TARGET-10.0} in
+ 10.[0123])
+ compile_command="$compile_command ${wl}-bind_at_load"
+ finalize_command="$finalize_command ${wl}-bind_at_load"
+ ;;
+ esac
+ fi
+ # Time to change all our "foo.ltframework" stuff back to "-framework foo"
+ compile_deplibs=`$ECHO "X $compile_deplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+ finalize_deplibs=`$ECHO "X $finalize_deplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+ ;;
+ esac
+
+
+ # move library search paths that coincide with paths to not yet
+ # installed libraries to the beginning of the library search list
+ new_libs=
+ for path in $notinst_path; do
+ case " $new_libs " in
+ *" -L$path/$objdir "*) ;;
+ *)
+ case " $compile_deplibs " in
+ *" -L$path/$objdir "*)
+ new_libs="$new_libs -L$path/$objdir" ;;
+ esac
+ ;;
+ esac
+ done
+ for deplib in $compile_deplibs; do
+ case $deplib in
+ -L*)
+ case " $new_libs " in
+ *" $deplib "*) ;;
+ *) new_libs="$new_libs $deplib" ;;
+ esac
+ ;;
+ *) new_libs="$new_libs $deplib" ;;
+ esac
+ done
+ compile_deplibs="$new_libs"
+
+
+ compile_command="$compile_command $compile_deplibs"
+ finalize_command="$finalize_command $finalize_deplibs"
+
+ if test -n "$rpath$xrpath"; then
+ # If the user specified any rpath flags, then add them.
+ for libdir in $rpath $xrpath; do
+ # This is the magic to use -rpath.
+ case "$finalize_rpath " in
+ *" $libdir "*) ;;
+ *) finalize_rpath="$finalize_rpath $libdir" ;;
+ esac
+ done
+ fi
+
+ # Now hardcode the library paths
+ rpath=
+ hardcode_libdirs=
+ for libdir in $compile_rpath $finalize_rpath; do
+ if test -n "$hardcode_libdir_flag_spec"; then
+ if test -n "$hardcode_libdir_separator"; then
+ if test -z "$hardcode_libdirs"; then
+ hardcode_libdirs="$libdir"
+ else
+ # Just accumulate the unique libdirs.
+ case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
+ *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
+ ;;
+ *)
+ hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
+ ;;
+ esac
+ fi
+ else
+ eval flag=\"$hardcode_libdir_flag_spec\"
+ rpath="$rpath $flag"
+ fi
+ elif test -n "$runpath_var"; then
+ case "$perm_rpath " in
+ *" $libdir "*) ;;
+ *) perm_rpath="$perm_rpath $libdir" ;;
+ esac
+ fi
+ case $host in
+ *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*)
+ testbindir=`${ECHO} "$libdir" | ${SED} -e 's*/lib$*/bin*'`
+ case :$dllsearchpath: in
+ *":$libdir:"*) ;;
+ ::) dllsearchpath=$libdir;;
+ *) dllsearchpath="$dllsearchpath:$libdir";;
+ esac
+ case :$dllsearchpath: in
+ *":$testbindir:"*) ;;
+ ::) dllsearchpath=$testbindir;;
+ *) dllsearchpath="$dllsearchpath:$testbindir";;
+ esac
+ ;;
+ esac
+ done
+ # Substitute the hardcoded libdirs into the rpath.
+ if test -n "$hardcode_libdir_separator" &&
+ test -n "$hardcode_libdirs"; then
+ libdir="$hardcode_libdirs"
+ eval rpath=\" $hardcode_libdir_flag_spec\"
+ fi
+ compile_rpath="$rpath"
+
+ rpath=
+ hardcode_libdirs=
+ for libdir in $finalize_rpath; do
+ if test -n "$hardcode_libdir_flag_spec"; then
+ if test -n "$hardcode_libdir_separator"; then
+ if test -z "$hardcode_libdirs"; then
+ hardcode_libdirs="$libdir"
+ else
+ # Just accumulate the unique libdirs.
+ case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
+ *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
+ ;;
+ *)
+ hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
+ ;;
+ esac
+ fi
+ else
+ eval flag=\"$hardcode_libdir_flag_spec\"
+ rpath="$rpath $flag"
+ fi
+ elif test -n "$runpath_var"; then
+ case "$finalize_perm_rpath " in
+ *" $libdir "*) ;;
+ *) finalize_perm_rpath="$finalize_perm_rpath $libdir" ;;
+ esac
+ fi
+ done
+ # Substitute the hardcoded libdirs into the rpath.
+ if test -n "$hardcode_libdir_separator" &&
+ test -n "$hardcode_libdirs"; then
+ libdir="$hardcode_libdirs"
+ eval rpath=\" $hardcode_libdir_flag_spec\"
+ fi
+ finalize_rpath="$rpath"
+
+ if test -n "$libobjs" && test "$build_old_libs" = yes; then
+ # Transform all the library objects into standard objects.
+ compile_command=`$ECHO "X$compile_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+ finalize_command=`$ECHO "X$finalize_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+ fi
+
+ func_generate_dlsyms "$outputname" "@PROGRAM@" "no"
+
+ # template prelinking step
+ if test -n "$prelink_cmds"; then
+ func_execute_cmds "$prelink_cmds" 'exit $?'
+ fi
+
+ wrappers_required=yes
+ case $host in
+ *cygwin* | *mingw* )
+ if test "$build_libtool_libs" != yes; then
+ wrappers_required=no
+ fi
+ ;;
+ *cegcc)
+ # Disable wrappers for cegcc, we are cross compiling anyway.
+ wrappers_required=no
+ ;;
+ *)
+ if test "$need_relink" = no || test "$build_libtool_libs" != yes; then
+ wrappers_required=no
+ fi
+ ;;
+ esac
+ if test "$wrappers_required" = no; then
+ # Replace the output file specification.
+ compile_command=`$ECHO "X$compile_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'`
+ link_command="$compile_command$compile_rpath"
+
+ # We have no uninstalled library dependencies, so finalize right now.
+ exit_status=0
+ func_show_eval "$link_command" 'exit_status=$?'
+
+ # Delete the generated files.
+ if test -f "$output_objdir/${outputname}S.${objext}"; then
+ func_show_eval '$RM "$output_objdir/${outputname}S.${objext}"'
+ fi
+
+ exit $exit_status
+ fi
+
+ if test -n "$compile_shlibpath$finalize_shlibpath"; then
+ compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command"
+ fi
+ if test -n "$finalize_shlibpath"; then
+ finalize_command="$shlibpath_var=\"$finalize_shlibpath\$$shlibpath_var\" $finalize_command"
+ fi
+
+ compile_var=
+ finalize_var=
+ if test -n "$runpath_var"; then
+ if test -n "$perm_rpath"; then
+ # We should set the runpath_var.
+ rpath=
+ for dir in $perm_rpath; do
+ rpath="$rpath$dir:"
+ done
+ compile_var="$runpath_var=\"$rpath\$$runpath_var\" "
+ fi
+ if test -n "$finalize_perm_rpath"; then
+ # We should set the runpath_var.
+ rpath=
+ for dir in $finalize_perm_rpath; do
+ rpath="$rpath$dir:"
+ done
+ finalize_var="$runpath_var=\"$rpath\$$runpath_var\" "
+ fi
+ fi
+
+ if test "$no_install" = yes; then
+ # We don't need to create a wrapper script.
+ link_command="$compile_var$compile_command$compile_rpath"
+ # Replace the output file specification.
+ link_command=`$ECHO "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'`
+ # Delete the old output file.
+ $opt_dry_run || $RM $output
+ # Link the executable and exit
+ func_show_eval "$link_command" 'exit $?'
+ exit $EXIT_SUCCESS
+ fi
+
+ if test "$hardcode_action" = relink; then
+ # Fast installation is not supported
+ link_command="$compile_var$compile_command$compile_rpath"
+ relink_command="$finalize_var$finalize_command$finalize_rpath"
+
+ func_warning "this platform does not like uninstalled shared libraries"
+ func_warning "\`$output' will be relinked during installation"
+ else
+ if test "$fast_install" != no; then
+ link_command="$finalize_var$compile_command$finalize_rpath"
+ if test "$fast_install" = yes; then
+ relink_command=`$ECHO "X$compile_var$compile_command$compile_rpath" | $Xsed -e 's%@OUTPUT@%\$progdir/\$file%g'`
+ else
+ # fast_install is set to needless
+ relink_command=
+ fi
+ else
+ link_command="$compile_var$compile_command$compile_rpath"
+ relink_command="$finalize_var$finalize_command$finalize_rpath"
+ fi
+ fi
+
+ # Replace the output file specification.
+ link_command=`$ECHO "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'`
+
+ # Delete the old output files.
+ $opt_dry_run || $RM $output $output_objdir/$outputname $output_objdir/lt-$outputname
+
+ func_show_eval "$link_command" 'exit $?'
+
+ # Now create the wrapper script.
+ func_verbose "creating $output"
+
+ # Quote the relink command for shipping.
+ if test -n "$relink_command"; then
+ # Preserve any variables that may affect compiler behavior
+ for var in $variables_saved_for_relink; do
+ if eval test -z \"\${$var+set}\"; then
+ relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command"
+ elif eval var_value=\$$var; test -z "$var_value"; then
+ relink_command="$var=; export $var; $relink_command"
+ else
+ func_quote_for_eval "$var_value"
+ relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command"
+ fi
+ done
+ relink_command="(cd `pwd`; $relink_command)"
+ relink_command=`$ECHO "X$relink_command" | $Xsed -e "$sed_quote_subst"`
+ fi
+
+ # Quote $ECHO for shipping.
+ if test "X$ECHO" = "X$SHELL $progpath --fallback-echo"; then
+ case $progpath in
+ [\\/]* | [A-Za-z]:[\\/]*) qecho="$SHELL $progpath --fallback-echo";;
+ *) qecho="$SHELL `pwd`/$progpath --fallback-echo";;
+ esac
+ qecho=`$ECHO "X$qecho" | $Xsed -e "$sed_quote_subst"`
+ else
+ qecho=`$ECHO "X$ECHO" | $Xsed -e "$sed_quote_subst"`
+ fi
+
+ # Only actually do things if not in dry run mode.
+ $opt_dry_run || {
+ # win32 will think the script is a binary if it has
+ # a .exe suffix, so we strip it off here.
+ case $output in
+ *.exe) func_stripname '' '.exe' "$output"
+ output=$func_stripname_result ;;
+ esac
+ # test for cygwin because mv fails w/o .exe extensions
+ case $host in
+ *cygwin*)
+ exeext=.exe
+ func_stripname '' '.exe' "$outputname"
+ outputname=$func_stripname_result ;;
+ *) exeext= ;;
+ esac
+ case $host in
+ *cygwin* | *mingw* )
+ func_dirname_and_basename "$output" "" "."
+ output_name=$func_basename_result
+ output_path=$func_dirname_result
+ cwrappersource="$output_path/$objdir/lt-$output_name.c"
+ cwrapper="$output_path/$output_name.exe"
+ $RM $cwrappersource $cwrapper
+ trap "$RM $cwrappersource $cwrapper; exit $EXIT_FAILURE" 1 2 15
+
+ func_emit_cwrapperexe_src > $cwrappersource
+
+ # The wrapper executable is built using the $host compiler,
+ # because it contains $host paths and files. If cross-
+ # compiling, it, like the target executable, must be
+ # executed on the $host or under an emulation environment.
+ $opt_dry_run || {
+ $LTCC $LTCFLAGS -o $cwrapper $cwrappersource
+ $STRIP $cwrapper
+ }
+
+ # Now, create the wrapper script for func_source use:
+ func_ltwrapper_scriptname $cwrapper
+ $RM $func_ltwrapper_scriptname_result
+ trap "$RM $func_ltwrapper_scriptname_result; exit $EXIT_FAILURE" 1 2 15
+ $opt_dry_run || {
+ # note: this script will not be executed, so do not chmod.
+ if test "x$build" = "x$host" ; then
+ $cwrapper --lt-dump-script > $func_ltwrapper_scriptname_result
+ else
+ func_emit_wrapper no > $func_ltwrapper_scriptname_result
+ fi
+ }
+ ;;
+ * )
+ $RM $output
+ trap "$RM $output; exit $EXIT_FAILURE" 1 2 15
+
+ func_emit_wrapper no > $output
+ chmod +x $output
+ ;;
+ esac
+ }
+ exit $EXIT_SUCCESS
+ ;;
+ esac
+
+ # See if we need to build an old-fashioned archive.
+ for oldlib in $oldlibs; do
+
+ if test "$build_libtool_libs" = convenience; then
+ oldobjs="$libobjs_save $symfileobj"
+ addlibs="$convenience"
+ build_libtool_libs=no
+ else
+ if test "$build_libtool_libs" = module; then
+ oldobjs="$libobjs_save"
+ build_libtool_libs=no
+ else
+ oldobjs="$old_deplibs $non_pic_objects"
+ if test "$preload" = yes && test -f "$symfileobj"; then
+ oldobjs="$oldobjs $symfileobj"
+ fi
+ fi
+ addlibs="$old_convenience"
+ fi
+
+ if test -n "$addlibs"; then
+ gentop="$output_objdir/${outputname}x"
+ generated="$generated $gentop"
+
+ func_extract_archives $gentop $addlibs
+ oldobjs="$oldobjs $func_extract_archives_result"
+ fi
+
+ # Do each command in the archive commands.
+ if test -n "$old_archive_from_new_cmds" && test "$build_libtool_libs" = yes; then
+ cmds=$old_archive_from_new_cmds
+ else
+
+ # Add any objects from preloaded convenience libraries
+ if test -n "$dlprefiles"; then
+ gentop="$output_objdir/${outputname}x"
+ generated="$generated $gentop"
+
+ func_extract_archives $gentop $dlprefiles
+ oldobjs="$oldobjs $func_extract_archives_result"
+ fi
+
+ # POSIX demands no paths to be encoded in archives. We have
+ # to avoid creating archives with duplicate basenames if we
+ # might have to extract them afterwards, e.g., when creating a
+ # static archive out of a convenience library, or when linking
+ # the entirety of a libtool archive into another (currently
+ # not supported by libtool).
+ if (for obj in $oldobjs
+ do
+ func_basename "$obj"
+ $ECHO "$func_basename_result"
+ done | sort | sort -uc >/dev/null 2>&1); then
+ :
+ else
+ $ECHO "copying selected object files to avoid basename conflicts..."
+ gentop="$output_objdir/${outputname}x"
+ generated="$generated $gentop"
+ func_mkdir_p "$gentop"
+ save_oldobjs=$oldobjs
+ oldobjs=
+ counter=1
+ for obj in $save_oldobjs
+ do
+ func_basename "$obj"
+ objbase="$func_basename_result"
+ case " $oldobjs " in
+ " ") oldobjs=$obj ;;
+ *[\ /]"$objbase "*)
+ while :; do
+ # Make sure we don't pick an alternate name that also
+ # overlaps.
+ newobj=lt$counter-$objbase
+ func_arith $counter + 1
+ counter=$func_arith_result
+ case " $oldobjs " in
+ *[\ /]"$newobj "*) ;;
+ *) if test ! -f "$gentop/$newobj"; then break; fi ;;
+ esac
+ done
+ func_show_eval "ln $obj $gentop/$newobj || cp $obj $gentop/$newobj"
+ oldobjs="$oldobjs $gentop/$newobj"
+ ;;
+ *) oldobjs="$oldobjs $obj" ;;
+ esac
+ done
+ fi
+ eval cmds=\"$old_archive_cmds\"
+
+ func_len " $cmds"
+ len=$func_len_result
+ if test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then
+ cmds=$old_archive_cmds
+ else
+ # the command line is too long to link in one step, link in parts
+ func_verbose "using piecewise archive linking..."
+ save_RANLIB=$RANLIB
+ RANLIB=:
+ objlist=
+ concat_cmds=
+ save_oldobjs=$oldobjs
+ oldobjs=
+ # Is there a better way of finding the last object in the list?
+ for obj in $save_oldobjs
+ do
+ last_oldobj=$obj
+ done
+ eval test_cmds=\"$old_archive_cmds\"
+ func_len " $test_cmds"
+ len0=$func_len_result
+ len=$len0
+ for obj in $save_oldobjs
+ do
+ func_len " $obj"
+ func_arith $len + $func_len_result
+ len=$func_arith_result
+ func_append objlist " $obj"
+ if test "$len" -lt "$max_cmd_len"; then
+ :
+ else
+ # the above command should be used before it gets too long
+ oldobjs=$objlist
+ if test "$obj" = "$last_oldobj" ; then
+ RANLIB=$save_RANLIB
+ fi
+ test -z "$concat_cmds" || concat_cmds=$concat_cmds~
+ eval concat_cmds=\"\${concat_cmds}$old_archive_cmds\"
+ objlist=
+ len=$len0
+ fi
+ done
+ RANLIB=$save_RANLIB
+ oldobjs=$objlist
+ if test "X$oldobjs" = "X" ; then
+ eval cmds=\"\$concat_cmds\"
+ else
+ eval cmds=\"\$concat_cmds~\$old_archive_cmds\"
+ fi
+ fi
+ fi
+ func_execute_cmds "$cmds" 'exit $?'
+ done
+
+ test -n "$generated" && \
+ func_show_eval "${RM}r$generated"
+
+ # Now create the libtool archive.
+ case $output in
+ *.la)
+ old_library=
+ test "$build_old_libs" = yes && old_library="$libname.$libext"
+ func_verbose "creating $output"
+
+ # Preserve any variables that may affect compiler behavior
+ for var in $variables_saved_for_relink; do
+ if eval test -z \"\${$var+set}\"; then
+ relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command"
+ elif eval var_value=\$$var; test -z "$var_value"; then
+ relink_command="$var=; export $var; $relink_command"
+ else
+ func_quote_for_eval "$var_value"
+ relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command"
+ fi
+ done
+ # Quote the link command for shipping.
+ relink_command="(cd `pwd`; $SHELL $progpath $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)"
+ relink_command=`$ECHO "X$relink_command" | $Xsed -e "$sed_quote_subst"`
+ if test "$hardcode_automatic" = yes ; then
+ relink_command=
+ fi
+
+ # Only create the output if not a dry run.
+ $opt_dry_run || {
+ for installed in no yes; do
+ if test "$installed" = yes; then
+ if test -z "$install_libdir"; then
+ break
+ fi
+ output="$output_objdir/$outputname"i
+ # Replace all uninstalled libtool libraries with the installed ones
+ newdependency_libs=
+ for deplib in $dependency_libs; do
+ case $deplib in
+ *.la)
+ func_basename "$deplib"
+ name="$func_basename_result"
+ eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
+ test -z "$libdir" && \
+ func_fatal_error "\`$deplib' is not a valid libtool archive"
+ newdependency_libs="$newdependency_libs $libdir/$name"
+ ;;
+ *) newdependency_libs="$newdependency_libs $deplib" ;;
+ esac
+ done
+ dependency_libs="$newdependency_libs"
+ newdlfiles=
+
+ for lib in $dlfiles; do
+ case $lib in
+ *.la)
+ func_basename "$lib"
+ name="$func_basename_result"
+ eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
+ test -z "$libdir" && \
+ func_fatal_error "\`$lib' is not a valid libtool archive"
+ newdlfiles="$newdlfiles $libdir/$name"
+ ;;
+ *) newdlfiles="$newdlfiles $lib" ;;
+ esac
+ done
+ dlfiles="$newdlfiles"
+ newdlprefiles=
+ for lib in $dlprefiles; do
+ case $lib in
+ *.la)
+ # Only pass preopened files to the pseudo-archive (for
+ # eventual linking with the app. that links it) if we
+ # didn't already link the preopened objects directly into
+ # the library:
+ func_basename "$lib"
+ name="$func_basename_result"
+ eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
+ test -z "$libdir" && \
+ func_fatal_error "\`$lib' is not a valid libtool archive"
+ newdlprefiles="$newdlprefiles $libdir/$name"
+ ;;
+ esac
+ done
+ dlprefiles="$newdlprefiles"
+ else
+ newdlfiles=
+ for lib in $dlfiles; do
+ case $lib in
+ [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;;
+ *) abs=`pwd`"/$lib" ;;
+ esac
+ newdlfiles="$newdlfiles $abs"
+ done
+ dlfiles="$newdlfiles"
+ newdlprefiles=
+ for lib in $dlprefiles; do
+ case $lib in
+ [\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;;
+ *) abs=`pwd`"/$lib" ;;
+ esac
+ newdlprefiles="$newdlprefiles $abs"
+ done
+ dlprefiles="$newdlprefiles"
+ fi
+ $RM $output
+ # place dlname in correct position for cygwin
+ tdlname=$dlname
+ case $host,$output,$installed,$module,$dlname in
+ *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll | *cegcc*,*lai,yes,no,*.dll) tdlname=../bin/$dlname ;;
+ esac
+ $ECHO > $output "\
+# $outputname - a libtool library file
+# Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# The name that we can dlopen(3).
+dlname='$tdlname'
+
+# Names of this library.
+library_names='$library_names'
+
+# The name of the static archive.
+old_library='$old_library'
+
+# Linker flags that can not go in dependency_libs.
+inherited_linker_flags='$new_inherited_linker_flags'
+
+# Libraries that this one depends upon.
+dependency_libs='$dependency_libs'
+
+# Names of additional weak libraries provided by this library
+weak_library_names='$weak_libs'
+
+# Version information for $libname.
+current=$current
+age=$age
+revision=$revision
+
+# Is this an already installed library?
+installed=$installed
+
+# Should we warn about portability when linking against -modules?
+shouldnotlink=$module
+
+# Files to dlopen/dlpreopen
+dlopen='$dlfiles'
+dlpreopen='$dlprefiles'
+
+# Directory that this library needs to be installed in:
+libdir='$install_libdir'"
+ if test "$installed" = no && test "$need_relink" = yes; then
+ $ECHO >> $output "\
+relink_command=\"$relink_command\""
+ fi
+ done
+ }
+
+ # Do a symbolic link so that the libtool archive can be found in
+ # LD_LIBRARY_PATH before the program is installed.
+ func_show_eval '( cd "$output_objdir" && $RM "$outputname" && $LN_S "../$outputname" "$outputname" )' 'exit $?'
+ ;;
+ esac
+ exit $EXIT_SUCCESS
+}
+
+{ test "$mode" = link || test "$mode" = relink; } &&
+ func_mode_link ${1+"$@"}
+
+
+# func_mode_uninstall arg...
+func_mode_uninstall ()
+{
+ $opt_debug
+ RM="$nonopt"
+ files=
+ rmforce=
+ exit_status=0
+
+ # This variable tells wrapper scripts just to set variables rather
+ # than running their programs.
+ libtool_install_magic="$magic"
+
+ for arg
+ do
+ case $arg in
+ -f) RM="$RM $arg"; rmforce=yes ;;
+ -*) RM="$RM $arg" ;;
+ *) files="$files $arg" ;;
+ esac
+ done
+
+ test -z "$RM" && \
+ func_fatal_help "you must specify an RM program"
+
+ rmdirs=
+
+ origobjdir="$objdir"
+ for file in $files; do
+ func_dirname "$file" "" "."
+ dir="$func_dirname_result"
+ if test "X$dir" = X.; then
+ objdir="$origobjdir"
+ else
+ objdir="$dir/$origobjdir"
+ fi
+ func_basename "$file"
+ name="$func_basename_result"
+ test "$mode" = uninstall && objdir="$dir"
+
+ # Remember objdir for removal later, being careful to avoid duplicates
+ if test "$mode" = clean; then
+ case " $rmdirs " in
+ *" $objdir "*) ;;
+ *) rmdirs="$rmdirs $objdir" ;;
+ esac
+ fi
+
+ # Don't error if the file doesn't exist and rm -f was used.
+ if { test -L "$file"; } >/dev/null 2>&1 ||
+ { test -h "$file"; } >/dev/null 2>&1 ||
+ test -f "$file"; then
+ :
+ elif test -d "$file"; then
+ exit_status=1
+ continue
+ elif test "$rmforce" = yes; then
+ continue
+ fi
+
+ rmfiles="$file"
+
+ case $name in
+ *.la)
+ # Possibly a libtool archive, so verify it.
+ if func_lalib_p "$file"; then
+ func_source $dir/$name
+
+ # Delete the libtool libraries and symlinks.
+ for n in $library_names; do
+ rmfiles="$rmfiles $objdir/$n"
+ done
+ test -n "$old_library" && rmfiles="$rmfiles $objdir/$old_library"
+
+ case "$mode" in
+ clean)
+ case " $library_names " in
+ # " " in the beginning catches empty $dlname
+ *" $dlname "*) ;;
+ *) rmfiles="$rmfiles $objdir/$dlname" ;;
+ esac
+ test -n "$libdir" && rmfiles="$rmfiles $objdir/$name $objdir/${name}i"
+ ;;
+ uninstall)
+ if test -n "$library_names"; then
+ # Do each command in the postuninstall commands.
+ func_execute_cmds "$postuninstall_cmds" 'test "$rmforce" = yes || exit_status=1'
+ fi
+
+ if test -n "$old_library"; then
+ # Do each command in the old_postuninstall commands.
+ func_execute_cmds "$old_postuninstall_cmds" 'test "$rmforce" = yes || exit_status=1'
+ fi
+ # FIXME: should reinstall the best remaining shared library.
+ ;;
+ esac
+ fi
+ ;;
+
+ *.lo)
+ # Possibly a libtool object, so verify it.
+ if func_lalib_p "$file"; then
+
+ # Read the .lo file
+ func_source $dir/$name
+
+ # Add PIC object to the list of files to remove.
+ if test -n "$pic_object" &&
+ test "$pic_object" != none; then
+ rmfiles="$rmfiles $dir/$pic_object"
+ fi
+
+ # Add non-PIC object to the list of files to remove.
+ if test -n "$non_pic_object" &&
+ test "$non_pic_object" != none; then
+ rmfiles="$rmfiles $dir/$non_pic_object"
+ fi
+ fi
+ ;;
+
+ *)
+ if test "$mode" = clean ; then
+ noexename=$name
+ case $file in
+ *.exe)
+ func_stripname '' '.exe' "$file"
+ file=$func_stripname_result
+ func_stripname '' '.exe' "$name"
+ noexename=$func_stripname_result
+ # $file with .exe has already been added to rmfiles,
+ # add $file without .exe
+ rmfiles="$rmfiles $file"
+ ;;
+ esac
+ # Do a test to see if this is a libtool program.
+ if func_ltwrapper_p "$file"; then
+ if func_ltwrapper_executable_p "$file"; then
+ func_ltwrapper_scriptname "$file"
+ relink_command=
+ func_source $func_ltwrapper_scriptname_result
+ rmfiles="$rmfiles $func_ltwrapper_scriptname_result"
+ else
+ relink_command=
+ func_source $dir/$noexename
+ fi
+
+ # note $name still contains .exe if it was in $file originally
+ # as does the version of $file that was added into $rmfiles
+ rmfiles="$rmfiles $objdir/$name $objdir/${name}S.${objext}"
+ if test "$fast_install" = yes && test -n "$relink_command"; then
+ rmfiles="$rmfiles $objdir/lt-$name"
+ fi
+ if test "X$noexename" != "X$name" ; then
+ rmfiles="$rmfiles $objdir/lt-${noexename}.c"
+ fi
+ fi
+ fi
+ ;;
+ esac
+ func_show_eval "$RM $rmfiles" 'exit_status=1'
+ done
+ objdir="$origobjdir"
+
+ # Try to remove the ${objdir}s in the directories where we deleted files
+ for dir in $rmdirs; do
+ if test -d "$dir"; then
+ func_show_eval "rmdir $dir >/dev/null 2>&1"
+ fi
+ done
+
+ exit $exit_status
+}
+
+{ test "$mode" = uninstall || test "$mode" = clean; } &&
+ func_mode_uninstall ${1+"$@"}
+
+test -z "$mode" && {
+ help="$generic_help"
+ func_fatal_help "you must specify a MODE"
+}
+
+test -z "$exec_cmd" && \
+ func_fatal_help "invalid operation mode \`$mode'"
+
+if test -n "$exec_cmd"; then
+ eval exec "$exec_cmd"
+ exit $EXIT_FAILURE
+fi
+
+exit $exit_status
+
+
+# The TAGs below are defined such that we never get into a situation
+# in which we disable both kinds of libraries. Given conflicting
+# choices, we go for a static library, that is the most portable,
+# since we can't tell whether shared libraries were disabled because
+# the user asked for that or because the platform doesn't support
+# them. This is particularly important on AIX, because we don't
+# support having both static and shared libraries enabled at the same
+# time on that platform, so we default to a shared-only configuration.
+# If a disable-shared tag is given, we'll fallback to a static-only
+# configuration. But we'll never go from static-only to shared-only.
+
+# ### BEGIN LIBTOOL TAG CONFIG: disable-shared
+build_libtool_libs=no
+build_old_libs=yes
+# ### END LIBTOOL TAG CONFIG: disable-shared
+
+# ### BEGIN LIBTOOL TAG CONFIG: disable-static
+build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac`
+# ### END LIBTOOL TAG CONFIG: disable-static
+
+# Local Variables:
+# mode:shell-script
+# sh-indentation:2
+# End:
+# vi:sw=2
+
diff --git a/m4/libtool.m4 b/m4/libtool.m4
new file mode 100644
index 00000000..a3fee536
--- /dev/null
+++ b/m4/libtool.m4
@@ -0,0 +1,7377 @@
+# libtool.m4 - Configure libtool for the host system. -*-Autoconf-*-
+#
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
+# 2006, 2007, 2008 Free Software Foundation, Inc.
+# Written by Gordon Matzigkeit, 1996
+#
+# This file is free software; the Free Software Foundation gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+
+m4_define([_LT_COPYING], [dnl
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
+# 2006, 2007, 2008 Free Software Foundation, Inc.
+# Written by Gordon Matzigkeit, 1996
+#
+# This file is part of GNU Libtool.
+#
+# GNU Libtool is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version.
+#
+# As a special exception to the GNU General Public License,
+# if you distribute this file as part of a program or library that
+# is built using GNU Libtool, you may include this file under the
+# same distribution terms that you use for the rest of that program.
+#
+# GNU Libtool is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GNU Libtool; see the file COPYING. If not, a copy
+# can be downloaded from http://www.gnu.org/licenses/gpl.html, or
+# obtained by writing to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+])
+
+# serial 56 LT_INIT
+
+
+# LT_PREREQ(VERSION)
+# ------------------
+# Complain and exit if this libtool version is less that VERSION.
+m4_defun([LT_PREREQ],
+[m4_if(m4_version_compare(m4_defn([LT_PACKAGE_VERSION]), [$1]), -1,
+ [m4_default([$3],
+ [m4_fatal([Libtool version $1 or higher is required],
+ 63)])],
+ [$2])])
+
+
+# _LT_CHECK_BUILDDIR
+# ------------------
+# Complain if the absolute build directory name contains unusual characters
+m4_defun([_LT_CHECK_BUILDDIR],
+[case `pwd` in
+ *\ * | *\ *)
+ AC_MSG_WARN([Libtool does not cope well with whitespace in `pwd`]) ;;
+esac
+])
+
+
+# LT_INIT([OPTIONS])
+# ------------------
+AC_DEFUN([LT_INIT],
+[AC_PREREQ([2.58])dnl We use AC_INCLUDES_DEFAULT
+AC_BEFORE([$0], [LT_LANG])dnl
+AC_BEFORE([$0], [LT_OUTPUT])dnl
+AC_BEFORE([$0], [LTDL_INIT])dnl
+m4_require([_LT_CHECK_BUILDDIR])dnl
+
+dnl Autoconf doesn't catch unexpanded LT_ macros by default:
+m4_pattern_forbid([^_?LT_[A-Z_]+$])dnl
+m4_pattern_allow([^(_LT_EOF|LT_DLGLOBAL|LT_DLLAZY_OR_NOW|LT_MULTI_MODULE)$])dnl
+dnl aclocal doesn't pull ltoptions.m4, ltsugar.m4, or ltversion.m4
+dnl unless we require an AC_DEFUNed macro:
+AC_REQUIRE([LTOPTIONS_VERSION])dnl
+AC_REQUIRE([LTSUGAR_VERSION])dnl
+AC_REQUIRE([LTVERSION_VERSION])dnl
+AC_REQUIRE([LTOBSOLETE_VERSION])dnl
+m4_require([_LT_PROG_LTMAIN])dnl
+
+dnl Parse OPTIONS
+_LT_SET_OPTIONS([$0], [$1])
+
+# This can be used to rebuild libtool when needed
+LIBTOOL_DEPS="$ltmain"
+
+# Always use our own libtool.
+LIBTOOL='$(SHELL) $(top_builddir)/libtool'
+AC_SUBST(LIBTOOL)dnl
+
+_LT_SETUP
+
+# Only expand once:
+m4_define([LT_INIT])
+])# LT_INIT
+
+# Old names:
+AU_ALIAS([AC_PROG_LIBTOOL], [LT_INIT])
+AU_ALIAS([AM_PROG_LIBTOOL], [LT_INIT])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_PROG_LIBTOOL], [])
+dnl AC_DEFUN([AM_PROG_LIBTOOL], [])
+
+
+# _LT_CC_BASENAME(CC)
+# -------------------
+# Calculate cc_basename. Skip known compiler wrappers and cross-prefix.
+m4_defun([_LT_CC_BASENAME],
+[for cc_temp in $1""; do
+ case $cc_temp in
+ compile | *[[\\/]]compile | ccache | *[[\\/]]ccache ) ;;
+ distcc | *[[\\/]]distcc | purify | *[[\\/]]purify ) ;;
+ \-*) ;;
+ *) break;;
+ esac
+done
+cc_basename=`$ECHO "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+])
+
+
+# _LT_FILEUTILS_DEFAULTS
+# ----------------------
+# It is okay to use these file commands and assume they have been set
+# sensibly after `m4_require([_LT_FILEUTILS_DEFAULTS])'.
+m4_defun([_LT_FILEUTILS_DEFAULTS],
+[: ${CP="cp -f"}
+: ${MV="mv -f"}
+: ${RM="rm -f"}
+])# _LT_FILEUTILS_DEFAULTS
+
+
+# _LT_SETUP
+# ---------
+m4_defun([_LT_SETUP],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+AC_REQUIRE([AC_CANONICAL_BUILD])dnl
+_LT_DECL([], [host_alias], [0], [The host system])dnl
+_LT_DECL([], [host], [0])dnl
+_LT_DECL([], [host_os], [0])dnl
+dnl
+_LT_DECL([], [build_alias], [0], [The build system])dnl
+_LT_DECL([], [build], [0])dnl
+_LT_DECL([], [build_os], [0])dnl
+dnl
+AC_REQUIRE([AC_PROG_CC])dnl
+AC_REQUIRE([LT_PATH_LD])dnl
+AC_REQUIRE([LT_PATH_NM])dnl
+dnl
+AC_REQUIRE([AC_PROG_LN_S])dnl
+test -z "$LN_S" && LN_S="ln -s"
+_LT_DECL([], [LN_S], [1], [Whether we need soft or hard links])dnl
+dnl
+AC_REQUIRE([LT_CMD_MAX_LEN])dnl
+_LT_DECL([objext], [ac_objext], [0], [Object file suffix (normally "o")])dnl
+_LT_DECL([], [exeext], [0], [Executable file suffix (normally "")])dnl
+dnl
+m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_CHECK_SHELL_FEATURES])dnl
+m4_require([_LT_CMD_RELOAD])dnl
+m4_require([_LT_CHECK_MAGIC_METHOD])dnl
+m4_require([_LT_CMD_OLD_ARCHIVE])dnl
+m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl
+
+_LT_CONFIG_LIBTOOL_INIT([
+# See if we are running on zsh, and set the options which allow our
+# commands through without removal of \ escapes INIT.
+if test -n "\${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+fi
+])
+if test -n "${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+fi
+
+_LT_CHECK_OBJDIR
+
+m4_require([_LT_TAG_COMPILER])dnl
+_LT_PROG_ECHO_BACKSLASH
+
+case $host_os in
+aix3*)
+ # AIX sometimes has problems with the GCC collect2 program. For some
+ # reason, if we set the COLLECT_NAMES environment variable, the problems
+ # vanish in a puff of smoke.
+ if test "X${COLLECT_NAMES+set}" != Xset; then
+ COLLECT_NAMES=
+ export COLLECT_NAMES
+ fi
+ ;;
+esac
+
+# Sed substitution that helps us do robust quoting. It backslashifies
+# metacharacters that are still active within double-quoted strings.
+sed_quote_subst='s/\([["`$\\]]\)/\\\1/g'
+
+# Same as above, but do not quote variable references.
+double_quote_subst='s/\([["`\\]]\)/\\\1/g'
+
+# Sed substitution to delay expansion of an escaped shell variable in a
+# double_quote_subst'ed string.
+delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
+
+# Sed substitution to delay expansion of an escaped single quote.
+delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g'
+
+# Sed substitution to avoid accidental globbing in evaled expressions
+no_glob_subst='s/\*/\\\*/g'
+
+# Global variables:
+ofile=libtool
+can_build_shared=yes
+
+# All known linkers require a `.a' archive for static linking (except MSVC,
+# which needs '.lib').
+libext=a
+
+with_gnu_ld="$lt_cv_prog_gnu_ld"
+
+old_CC="$CC"
+old_CFLAGS="$CFLAGS"
+
+# Set sane defaults for various variables
+test -z "$CC" && CC=cc
+test -z "$LTCC" && LTCC=$CC
+test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS
+test -z "$LD" && LD=ld
+test -z "$ac_objext" && ac_objext=o
+
+_LT_CC_BASENAME([$compiler])
+
+# Only perform the check for file, if the check method requires it
+test -z "$MAGIC_CMD" && MAGIC_CMD=file
+case $deplibs_check_method in
+file_magic*)
+ if test "$file_magic_cmd" = '$MAGIC_CMD'; then
+ _LT_PATH_MAGIC
+ fi
+ ;;
+esac
+
+# Use C for the default configuration in the libtool script
+LT_SUPPORTED_TAG([CC])
+_LT_LANG_C_CONFIG
+_LT_LANG_DEFAULT_CONFIG
+_LT_CONFIG_COMMANDS
+])# _LT_SETUP
+
+
+# _LT_PROG_LTMAIN
+# ---------------
+# Note that this code is called both from `configure', and `config.status'
+# now that we use AC_CONFIG_COMMANDS to generate libtool. Notably,
+# `config.status' has no value for ac_aux_dir unless we are using Automake,
+# so we pass a copy along to make sure it has a sensible value anyway.
+m4_defun([_LT_PROG_LTMAIN],
+[m4_ifdef([AC_REQUIRE_AUX_FILE], [AC_REQUIRE_AUX_FILE([ltmain.sh])])dnl
+_LT_CONFIG_LIBTOOL_INIT([ac_aux_dir='$ac_aux_dir'])
+ltmain="$ac_aux_dir/ltmain.sh"
+])# _LT_PROG_LTMAIN
+
+
+## ------------------------------------- ##
+## Accumulate code for creating libtool. ##
+## ------------------------------------- ##
+
+# So that we can recreate a full libtool script including additional
+# tags, we accumulate the chunks of code to send to AC_CONFIG_COMMANDS
+# in macros and then make a single call at the end using the `libtool'
+# label.
+
+
+# _LT_CONFIG_LIBTOOL_INIT([INIT-COMMANDS])
+# ----------------------------------------
+# Register INIT-COMMANDS to be passed to AC_CONFIG_COMMANDS later.
+m4_define([_LT_CONFIG_LIBTOOL_INIT],
+[m4_ifval([$1],
+ [m4_append([_LT_OUTPUT_LIBTOOL_INIT],
+ [$1
+])])])
+
+# Initialize.
+m4_define([_LT_OUTPUT_LIBTOOL_INIT])
+
+
+# _LT_CONFIG_LIBTOOL([COMMANDS])
+# ------------------------------
+# Register COMMANDS to be passed to AC_CONFIG_COMMANDS later.
+m4_define([_LT_CONFIG_LIBTOOL],
+[m4_ifval([$1],
+ [m4_append([_LT_OUTPUT_LIBTOOL_COMMANDS],
+ [$1
+])])])
+
+# Initialize.
+m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS])
+
+
+# _LT_CONFIG_SAVE_COMMANDS([COMMANDS], [INIT_COMMANDS])
+# -----------------------------------------------------
+m4_defun([_LT_CONFIG_SAVE_COMMANDS],
+[_LT_CONFIG_LIBTOOL([$1])
+_LT_CONFIG_LIBTOOL_INIT([$2])
+])
+
+
+# _LT_FORMAT_COMMENT([COMMENT])
+# -----------------------------
+# Add leading comment marks to the start of each line, and a trailing
+# full-stop to the whole comment if one is not present already.
+m4_define([_LT_FORMAT_COMMENT],
+[m4_ifval([$1], [
+m4_bpatsubst([m4_bpatsubst([$1], [^ *], [# ])],
+ [['`$\]], [\\\&])]m4_bmatch([$1], [[!?.]$], [], [.])
+)])
+
+
+
+## ------------------------ ##
+## FIXME: Eliminate VARNAME ##
+## ------------------------ ##
+
+
+# _LT_DECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION], [IS-TAGGED?])
+# -------------------------------------------------------------------
+# CONFIGNAME is the name given to the value in the libtool script.
+# VARNAME is the (base) name used in the configure script.
+# VALUE may be 0, 1 or 2 for a computed quote escaped value based on
+# VARNAME. Any other value will be used directly.
+m4_define([_LT_DECL],
+[lt_if_append_uniq([lt_decl_varnames], [$2], [, ],
+ [lt_dict_add_subkey([lt_decl_dict], [$2], [libtool_name],
+ [m4_ifval([$1], [$1], [$2])])
+ lt_dict_add_subkey([lt_decl_dict], [$2], [value], [$3])
+ m4_ifval([$4],
+ [lt_dict_add_subkey([lt_decl_dict], [$2], [description], [$4])])
+ lt_dict_add_subkey([lt_decl_dict], [$2],
+ [tagged?], [m4_ifval([$5], [yes], [no])])])
+])
+
+
+# _LT_TAGDECL([CONFIGNAME], VARNAME, VALUE, [DESCRIPTION])
+# --------------------------------------------------------
+m4_define([_LT_TAGDECL], [_LT_DECL([$1], [$2], [$3], [$4], [yes])])
+
+
+# lt_decl_tag_varnames([SEPARATOR], [VARNAME1...])
+# ------------------------------------------------
+m4_define([lt_decl_tag_varnames],
+[_lt_decl_filter([tagged?], [yes], $@)])
+
+
+# _lt_decl_filter(SUBKEY, VALUE, [SEPARATOR], [VARNAME1..])
+# ---------------------------------------------------------
+m4_define([_lt_decl_filter],
+[m4_case([$#],
+ [0], [m4_fatal([$0: too few arguments: $#])],
+ [1], [m4_fatal([$0: too few arguments: $#: $1])],
+ [2], [lt_dict_filter([lt_decl_dict], [$1], [$2], [], lt_decl_varnames)],
+ [3], [lt_dict_filter([lt_decl_dict], [$1], [$2], [$3], lt_decl_varnames)],
+ [lt_dict_filter([lt_decl_dict], $@)])[]dnl
+])
+
+
+# lt_decl_quote_varnames([SEPARATOR], [VARNAME1...])
+# --------------------------------------------------
+m4_define([lt_decl_quote_varnames],
+[_lt_decl_filter([value], [1], $@)])
+
+
+# lt_decl_dquote_varnames([SEPARATOR], [VARNAME1...])
+# ---------------------------------------------------
+m4_define([lt_decl_dquote_varnames],
+[_lt_decl_filter([value], [2], $@)])
+
+
+# lt_decl_varnames_tagged([SEPARATOR], [VARNAME1...])
+# ---------------------------------------------------
+m4_define([lt_decl_varnames_tagged],
+[m4_assert([$# <= 2])dnl
+_$0(m4_quote(m4_default([$1], [[, ]])),
+ m4_ifval([$2], [[$2]], [m4_dquote(lt_decl_tag_varnames)]),
+ m4_split(m4_normalize(m4_quote(_LT_TAGS)), [ ]))])
+m4_define([_lt_decl_varnames_tagged],
+[m4_ifval([$3], [lt_combine([$1], [$2], [_], $3)])])
+
+
+# lt_decl_all_varnames([SEPARATOR], [VARNAME1...])
+# ------------------------------------------------
+m4_define([lt_decl_all_varnames],
+[_$0(m4_quote(m4_default([$1], [[, ]])),
+ m4_if([$2], [],
+ m4_quote(lt_decl_varnames),
+ m4_quote(m4_shift($@))))[]dnl
+])
+m4_define([_lt_decl_all_varnames],
+[lt_join($@, lt_decl_varnames_tagged([$1],
+ lt_decl_tag_varnames([[, ]], m4_shift($@))))dnl
+])
+
+
+# _LT_CONFIG_STATUS_DECLARE([VARNAME])
+# ------------------------------------
+# Quote a variable value, and forward it to `config.status' so that its
+# declaration there will have the same value as in `configure'. VARNAME
+# must have a single quote delimited value for this to work.
+m4_define([_LT_CONFIG_STATUS_DECLARE],
+[$1='`$ECHO "X$][$1" | $Xsed -e "$delay_single_quote_subst"`'])
+
+
+# _LT_CONFIG_STATUS_DECLARATIONS
+# ------------------------------
+# We delimit libtool config variables with single quotes, so when
+# we write them to config.status, we have to be sure to quote all
+# embedded single quotes properly. In configure, this macro expands
+# each variable declared with _LT_DECL (and _LT_TAGDECL) into:
+#
+# <var>='`$ECHO "X$<var>" | $Xsed -e "$delay_single_quote_subst"`'
+m4_defun([_LT_CONFIG_STATUS_DECLARATIONS],
+[m4_foreach([_lt_var], m4_quote(lt_decl_all_varnames),
+ [m4_n([_LT_CONFIG_STATUS_DECLARE(_lt_var)])])])
+
+
+# _LT_LIBTOOL_TAGS
+# ----------------
+# Output comment and list of tags supported by the script
+m4_defun([_LT_LIBTOOL_TAGS],
+[_LT_FORMAT_COMMENT([The names of the tagged configurations supported by this script])dnl
+available_tags="_LT_TAGS"dnl
+])
+
+
+# _LT_LIBTOOL_DECLARE(VARNAME, [TAG])
+# -----------------------------------
+# Extract the dictionary values for VARNAME (optionally with TAG) and
+# expand to a commented shell variable setting:
+#
+# # Some comment about what VAR is for.
+# visible_name=$lt_internal_name
+m4_define([_LT_LIBTOOL_DECLARE],
+[_LT_FORMAT_COMMENT(m4_quote(lt_dict_fetch([lt_decl_dict], [$1],
+ [description])))[]dnl
+m4_pushdef([_libtool_name],
+ m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [libtool_name])))[]dnl
+m4_case(m4_quote(lt_dict_fetch([lt_decl_dict], [$1], [value])),
+ [0], [_libtool_name=[$]$1],
+ [1], [_libtool_name=$lt_[]$1],
+ [2], [_libtool_name=$lt_[]$1],
+ [_libtool_name=lt_dict_fetch([lt_decl_dict], [$1], [value])])[]dnl
+m4_ifval([$2], [_$2])[]m4_popdef([_libtool_name])[]dnl
+])
+
+
+# _LT_LIBTOOL_CONFIG_VARS
+# -----------------------
+# Produce commented declarations of non-tagged libtool config variables
+# suitable for insertion in the LIBTOOL CONFIG section of the `libtool'
+# script. Tagged libtool config variables (even for the LIBTOOL CONFIG
+# section) are produced by _LT_LIBTOOL_TAG_VARS.
+m4_defun([_LT_LIBTOOL_CONFIG_VARS],
+[m4_foreach([_lt_var],
+ m4_quote(_lt_decl_filter([tagged?], [no], [], lt_decl_varnames)),
+ [m4_n([_LT_LIBTOOL_DECLARE(_lt_var)])])])
+
+
+# _LT_LIBTOOL_TAG_VARS(TAG)
+# -------------------------
+m4_define([_LT_LIBTOOL_TAG_VARS],
+[m4_foreach([_lt_var], m4_quote(lt_decl_tag_varnames),
+ [m4_n([_LT_LIBTOOL_DECLARE(_lt_var, [$1])])])])
+
+
+# _LT_TAGVAR(VARNAME, [TAGNAME])
+# ------------------------------
+m4_define([_LT_TAGVAR], [m4_ifval([$2], [$1_$2], [$1])])
+
+
+# _LT_CONFIG_COMMANDS
+# -------------------
+# Send accumulated output to $CONFIG_STATUS. Thanks to the lists of
+# variables for single and double quote escaping we saved from calls
+# to _LT_DECL, we can put quote escaped variables declarations
+# into `config.status', and then the shell code to quote escape them in
+# for loops in `config.status'. Finally, any additional code accumulated
+# from calls to _LT_CONFIG_LIBTOOL_INIT is expanded.
+m4_defun([_LT_CONFIG_COMMANDS],
+[AC_PROVIDE_IFELSE([LT_OUTPUT],
+ dnl If the libtool generation code has been placed in $CONFIG_LT,
+ dnl instead of duplicating it all over again into config.status,
+ dnl then we will have config.status run $CONFIG_LT later, so it
+ dnl needs to know what name is stored there:
+ [AC_CONFIG_COMMANDS([libtool],
+ [$SHELL $CONFIG_LT || AS_EXIT(1)], [CONFIG_LT='$CONFIG_LT'])],
+ dnl If the libtool generation code is destined for config.status,
+ dnl expand the accumulated commands and init code now:
+ [AC_CONFIG_COMMANDS([libtool],
+ [_LT_OUTPUT_LIBTOOL_COMMANDS], [_LT_OUTPUT_LIBTOOL_COMMANDS_INIT])])
+])#_LT_CONFIG_COMMANDS
+
+
+# Initialize.
+m4_define([_LT_OUTPUT_LIBTOOL_COMMANDS_INIT],
+[
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+sed_quote_subst='$sed_quote_subst'
+double_quote_subst='$double_quote_subst'
+delay_variable_subst='$delay_variable_subst'
+_LT_CONFIG_STATUS_DECLARATIONS
+LTCC='$LTCC'
+LTCFLAGS='$LTCFLAGS'
+compiler='$compiler_DEFAULT'
+
+# Quote evaled strings.
+for var in lt_decl_all_varnames([[ \
+]], lt_decl_quote_varnames); do
+ case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in
+ *[[\\\\\\\`\\"\\\$]]*)
+ eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$sed_quote_subst\\"\\\`\\\\\\""
+ ;;
+ *)
+ eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
+ ;;
+ esac
+done
+
+# Double-quote double-evaled strings.
+for var in lt_decl_all_varnames([[ \
+]], lt_decl_dquote_varnames); do
+ case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in
+ *[[\\\\\\\`\\"\\\$]]*)
+ eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\""
+ ;;
+ *)
+ eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
+ ;;
+ esac
+done
+
+# Fix-up fallback echo if it was mangled by the above quoting rules.
+case \$lt_ECHO in
+*'\\\[$]0 --fallback-echo"')dnl "
+ lt_ECHO=\`\$ECHO "X\$lt_ECHO" | \$Xsed -e 's/\\\\\\\\\\\\\\\[$]0 --fallback-echo"\[$]/\[$]0 --fallback-echo"/'\`
+ ;;
+esac
+
+_LT_OUTPUT_LIBTOOL_INIT
+])
+
+
+# LT_OUTPUT
+# ---------
+# This macro allows early generation of the libtool script (before
+# AC_OUTPUT is called), incase it is used in configure for compilation
+# tests.
+AC_DEFUN([LT_OUTPUT],
+[: ${CONFIG_LT=./config.lt}
+AC_MSG_NOTICE([creating $CONFIG_LT])
+cat >"$CONFIG_LT" <<_LTEOF
+#! $SHELL
+# Generated by $as_me.
+# Run this file to recreate a libtool stub with the current configuration.
+
+lt_cl_silent=false
+SHELL=\${CONFIG_SHELL-$SHELL}
+_LTEOF
+
+cat >>"$CONFIG_LT" <<\_LTEOF
+AS_SHELL_SANITIZE
+_AS_PREPARE
+
+exec AS_MESSAGE_FD>&1
+exec AS_MESSAGE_LOG_FD>>config.log
+{
+ echo
+ AS_BOX([Running $as_me.])
+} >&AS_MESSAGE_LOG_FD
+
+lt_cl_help="\
+\`$as_me' creates a local libtool stub from the current configuration,
+for use in further configure time tests before the real libtool is
+generated.
+
+Usage: $[0] [[OPTIONS]]
+
+ -h, --help print this help, then exit
+ -V, --version print version number, then exit
+ -q, --quiet do not print progress messages
+ -d, --debug don't remove temporary files
+
+Report bugs to <bug-libtool@gnu.org>."
+
+lt_cl_version="\
+m4_ifset([AC_PACKAGE_NAME], [AC_PACKAGE_NAME ])config.lt[]dnl
+m4_ifset([AC_PACKAGE_VERSION], [ AC_PACKAGE_VERSION])
+configured by $[0], generated by m4_PACKAGE_STRING.
+
+Copyright (C) 2008 Free Software Foundation, Inc.
+This config.lt script is free software; the Free Software Foundation
+gives unlimited permision to copy, distribute and modify it."
+
+while test $[#] != 0
+do
+ case $[1] in
+ --version | --v* | -V )
+ echo "$lt_cl_version"; exit 0 ;;
+ --help | --h* | -h )
+ echo "$lt_cl_help"; exit 0 ;;
+ --debug | --d* | -d )
+ debug=: ;;
+ --quiet | --q* | --silent | --s* | -q )
+ lt_cl_silent=: ;;
+
+ -*) AC_MSG_ERROR([unrecognized option: $[1]
+Try \`$[0] --help' for more information.]) ;;
+
+ *) AC_MSG_ERROR([unrecognized argument: $[1]
+Try \`$[0] --help' for more information.]) ;;
+ esac
+ shift
+done
+
+if $lt_cl_silent; then
+ exec AS_MESSAGE_FD>/dev/null
+fi
+_LTEOF
+
+cat >>"$CONFIG_LT" <<_LTEOF
+_LT_OUTPUT_LIBTOOL_COMMANDS_INIT
+_LTEOF
+
+cat >>"$CONFIG_LT" <<\_LTEOF
+AC_MSG_NOTICE([creating $ofile])
+_LT_OUTPUT_LIBTOOL_COMMANDS
+AS_EXIT(0)
+_LTEOF
+chmod +x "$CONFIG_LT"
+
+# configure is writing to config.log, but config.lt does its own redirection,
+# appending to config.log, which fails on DOS, as config.log is still kept
+# open by configure. Here we exec the FD to /dev/null, effectively closing
+# config.log, so it can be properly (re)opened and appended to by config.lt.
+if test "$no_create" != yes; then
+ lt_cl_success=:
+ test "$silent" = yes &&
+ lt_config_lt_args="$lt_config_lt_args --quiet"
+ exec AS_MESSAGE_LOG_FD>/dev/null
+ $SHELL "$CONFIG_LT" $lt_config_lt_args || lt_cl_success=false
+ exec AS_MESSAGE_LOG_FD>>config.log
+ $lt_cl_success || AS_EXIT(1)
+fi
+])# LT_OUTPUT
+
+
+# _LT_CONFIG(TAG)
+# ---------------
+# If TAG is the built-in tag, create an initial libtool script with a
+# default configuration from the untagged config vars. Otherwise add code
+# to config.status for appending the configuration named by TAG from the
+# matching tagged config vars.
+m4_defun([_LT_CONFIG],
+[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+_LT_CONFIG_SAVE_COMMANDS([
+ m4_define([_LT_TAG], m4_if([$1], [], [C], [$1]))dnl
+ m4_if(_LT_TAG, [C], [
+ # See if we are running on zsh, and set the options which allow our
+ # commands through without removal of \ escapes.
+ if test -n "${ZSH_VERSION+set}" ; then
+ setopt NO_GLOB_SUBST
+ fi
+
+ cfgfile="${ofile}T"
+ trap "$RM \"$cfgfile\"; exit 1" 1 2 15
+ $RM "$cfgfile"
+
+ cat <<_LT_EOF >> "$cfgfile"
+#! $SHELL
+
+# `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services.
+# Generated automatically by $as_me ($PACKAGE$TIMESTAMP) $VERSION
+# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+# NOTE: Changes made to this file will be lost: look at ltmain.sh.
+#
+_LT_COPYING
+_LT_LIBTOOL_TAGS
+
+# ### BEGIN LIBTOOL CONFIG
+_LT_LIBTOOL_CONFIG_VARS
+_LT_LIBTOOL_TAG_VARS
+# ### END LIBTOOL CONFIG
+
+_LT_EOF
+
+ case $host_os in
+ aix3*)
+ cat <<\_LT_EOF >> "$cfgfile"
+# AIX sometimes has problems with the GCC collect2 program. For some
+# reason, if we set the COLLECT_NAMES environment variable, the problems
+# vanish in a puff of smoke.
+if test "X${COLLECT_NAMES+set}" != Xset; then
+ COLLECT_NAMES=
+ export COLLECT_NAMES
+fi
+_LT_EOF
+ ;;
+ esac
+
+ _LT_PROG_LTMAIN
+
+ # We use sed instead of cat because bash on DJGPP gets confused if
+ # if finds mixed CR/LF and LF-only lines. Since sed operates in
+ # text mode, it properly converts lines to CR/LF. This bash problem
+ # is reportedly fixed, but why not run on old versions too?
+ sed '/^# Generated shell functions inserted here/q' "$ltmain" >> "$cfgfile" \
+ || (rm -f "$cfgfile"; exit 1)
+
+ _LT_PROG_XSI_SHELLFNS
+
+ sed -n '/^# Generated shell functions inserted here/,$p' "$ltmain" >> "$cfgfile" \
+ || (rm -f "$cfgfile"; exit 1)
+
+ mv -f "$cfgfile" "$ofile" ||
+ (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
+ chmod +x "$ofile"
+],
+[cat <<_LT_EOF >> "$ofile"
+
+dnl Unfortunately we have to use $1 here, since _LT_TAG is not expanded
+dnl in a comment (ie after a #).
+# ### BEGIN LIBTOOL TAG CONFIG: $1
+_LT_LIBTOOL_TAG_VARS(_LT_TAG)
+# ### END LIBTOOL TAG CONFIG: $1
+_LT_EOF
+])dnl /m4_if
+],
+[m4_if([$1], [], [
+ PACKAGE='$PACKAGE'
+ VERSION='$VERSION'
+ TIMESTAMP='$TIMESTAMP'
+ RM='$RM'
+ ofile='$ofile'], [])
+])dnl /_LT_CONFIG_SAVE_COMMANDS
+])# _LT_CONFIG
+
+
+# LT_SUPPORTED_TAG(TAG)
+# ---------------------
+# Trace this macro to discover what tags are supported by the libtool
+# --tag option, using:
+# autoconf --trace 'LT_SUPPORTED_TAG:$1'
+AC_DEFUN([LT_SUPPORTED_TAG], [])
+
+
+# C support is built-in for now
+m4_define([_LT_LANG_C_enabled], [])
+m4_define([_LT_TAGS], [])
+
+
+# LT_LANG(LANG)
+# -------------
+# Enable libtool support for the given language if not already enabled.
+AC_DEFUN([LT_LANG],
+[AC_BEFORE([$0], [LT_OUTPUT])dnl
+m4_case([$1],
+ [C], [_LT_LANG(C)],
+ [C++], [_LT_LANG(CXX)],
+ [Java], [_LT_LANG(GCJ)],
+ [Fortran 77], [_LT_LANG(F77)],
+ [Fortran], [_LT_LANG(FC)],
+ [Windows Resource], [_LT_LANG(RC)],
+ [m4_ifdef([_LT_LANG_]$1[_CONFIG],
+ [_LT_LANG($1)],
+ [m4_fatal([$0: unsupported language: "$1"])])])dnl
+])# LT_LANG
+
+
+# _LT_LANG(LANGNAME)
+# ------------------
+m4_defun([_LT_LANG],
+[m4_ifdef([_LT_LANG_]$1[_enabled], [],
+ [LT_SUPPORTED_TAG([$1])dnl
+ m4_append([_LT_TAGS], [$1 ])dnl
+ m4_define([_LT_LANG_]$1[_enabled], [])dnl
+ _LT_LANG_$1_CONFIG($1)])dnl
+])# _LT_LANG
+
+
+# _LT_LANG_DEFAULT_CONFIG
+# -----------------------
+m4_defun([_LT_LANG_DEFAULT_CONFIG],
+[AC_PROVIDE_IFELSE([AC_PROG_CXX],
+ [LT_LANG(CXX)],
+ [m4_define([AC_PROG_CXX], defn([AC_PROG_CXX])[LT_LANG(CXX)])])
+
+AC_PROVIDE_IFELSE([AC_PROG_F77],
+ [LT_LANG(F77)],
+ [m4_define([AC_PROG_F77], defn([AC_PROG_F77])[LT_LANG(F77)])])
+
+AC_PROVIDE_IFELSE([AC_PROG_FC],
+ [LT_LANG(FC)],
+ [m4_define([AC_PROG_FC], defn([AC_PROG_FC])[LT_LANG(FC)])])
+
+dnl The call to [A][M_PROG_GCJ] is quoted like that to stop aclocal
+dnl pulling things in needlessly.
+AC_PROVIDE_IFELSE([AC_PROG_GCJ],
+ [LT_LANG(GCJ)],
+ [AC_PROVIDE_IFELSE([A][M_PROG_GCJ],
+ [LT_LANG(GCJ)],
+ [AC_PROVIDE_IFELSE([LT_PROG_GCJ],
+ [LT_LANG(GCJ)],
+ [m4_ifdef([AC_PROG_GCJ],
+ [m4_define([AC_PROG_GCJ], defn([AC_PROG_GCJ])[LT_LANG(GCJ)])])
+ m4_ifdef([A][M_PROG_GCJ],
+ [m4_define([A][M_PROG_GCJ], defn([A][M_PROG_GCJ])[LT_LANG(GCJ)])])
+ m4_ifdef([LT_PROG_GCJ],
+ [m4_define([LT_PROG_GCJ], defn([LT_PROG_GCJ])[LT_LANG(GCJ)])])])])])
+
+AC_PROVIDE_IFELSE([LT_PROG_RC],
+ [LT_LANG(RC)],
+ [m4_define([LT_PROG_RC], defn([LT_PROG_RC])[LT_LANG(RC)])])
+])# _LT_LANG_DEFAULT_CONFIG
+
+# Obsolete macros:
+AU_DEFUN([AC_LIBTOOL_CXX], [LT_LANG(C++)])
+AU_DEFUN([AC_LIBTOOL_F77], [LT_LANG(Fortran 77)])
+AU_DEFUN([AC_LIBTOOL_FC], [LT_LANG(Fortran)])
+AU_DEFUN([AC_LIBTOOL_GCJ], [LT_LANG(Java)])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_CXX], [])
+dnl AC_DEFUN([AC_LIBTOOL_F77], [])
+dnl AC_DEFUN([AC_LIBTOOL_FC], [])
+dnl AC_DEFUN([AC_LIBTOOL_GCJ], [])
+
+
+# _LT_TAG_COMPILER
+# ----------------
+m4_defun([_LT_TAG_COMPILER],
+[AC_REQUIRE([AC_PROG_CC])dnl
+
+_LT_DECL([LTCC], [CC], [1], [A C compiler])dnl
+_LT_DECL([LTCFLAGS], [CFLAGS], [1], [LTCC compiler flags])dnl
+_LT_TAGDECL([CC], [compiler], [1], [A language specific compiler])dnl
+_LT_TAGDECL([with_gcc], [GCC], [0], [Is the compiler the GNU compiler?])dnl
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+])# _LT_TAG_COMPILER
+
+
+# _LT_COMPILER_BOILERPLATE
+# ------------------------
+# Check for compiler boilerplate output or warnings with
+# the simple compiler test code.
+m4_defun([_LT_COMPILER_BOILERPLATE],
+[m4_require([_LT_DECL_SED])dnl
+ac_outfile=conftest.$ac_objext
+echo "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$RM conftest*
+])# _LT_COMPILER_BOILERPLATE
+
+
+# _LT_LINKER_BOILERPLATE
+# ----------------------
+# Check for linker boilerplate output or warnings with
+# the simple link test code.
+m4_defun([_LT_LINKER_BOILERPLATE],
+[m4_require([_LT_DECL_SED])dnl
+ac_outfile=conftest.$ac_objext
+echo "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$RM -r conftest*
+])# _LT_LINKER_BOILERPLATE
+
+# _LT_REQUIRED_DARWIN_CHECKS
+# -------------------------
+m4_defun_once([_LT_REQUIRED_DARWIN_CHECKS],[
+ case $host_os in
+ rhapsody* | darwin*)
+ AC_CHECK_TOOL([DSYMUTIL], [dsymutil], [:])
+ AC_CHECK_TOOL([NMEDIT], [nmedit], [:])
+ AC_CHECK_TOOL([LIPO], [lipo], [:])
+ AC_CHECK_TOOL([OTOOL], [otool], [:])
+ AC_CHECK_TOOL([OTOOL64], [otool64], [:])
+ _LT_DECL([], [DSYMUTIL], [1],
+ [Tool to manipulate archived DWARF debug symbol files on Mac OS X])
+ _LT_DECL([], [NMEDIT], [1],
+ [Tool to change global to local symbols on Mac OS X])
+ _LT_DECL([], [LIPO], [1],
+ [Tool to manipulate fat objects and archives on Mac OS X])
+ _LT_DECL([], [OTOOL], [1],
+ [ldd/readelf like tool for Mach-O binaries on Mac OS X])
+ _LT_DECL([], [OTOOL64], [1],
+ [ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4])
+
+ AC_CACHE_CHECK([for -single_module linker flag],[lt_cv_apple_cc_single_mod],
+ [lt_cv_apple_cc_single_mod=no
+ if test -z "${LT_MULTI_MODULE}"; then
+ # By default we will add the -single_module flag. You can override
+ # by either setting the environment variable LT_MULTI_MODULE
+ # non-empty at configure time, or by adding -multi_module to the
+ # link flags.
+ rm -rf libconftest.dylib*
+ echo "int foo(void){return 1;}" > conftest.c
+ echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
+-dynamiclib -Wl,-single_module conftest.c" >&AS_MESSAGE_LOG_FD
+ $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
+ -dynamiclib -Wl,-single_module conftest.c 2>conftest.err
+ _lt_result=$?
+ if test -f libconftest.dylib && test ! -s conftest.err && test $_lt_result = 0; then
+ lt_cv_apple_cc_single_mod=yes
+ else
+ cat conftest.err >&AS_MESSAGE_LOG_FD
+ fi
+ rm -rf libconftest.dylib*
+ rm -f conftest.*
+ fi])
+ AC_CACHE_CHECK([for -exported_symbols_list linker flag],
+ [lt_cv_ld_exported_symbols_list],
+ [lt_cv_ld_exported_symbols_list=no
+ save_LDFLAGS=$LDFLAGS
+ echo "_main" > conftest.sym
+ LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])],
+ [lt_cv_ld_exported_symbols_list=yes],
+ [lt_cv_ld_exported_symbols_list=no])
+ LDFLAGS="$save_LDFLAGS"
+ ])
+ case $host_os in
+ rhapsody* | darwin1.[[012]])
+ _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;;
+ darwin1.*)
+ _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;;
+ darwin*) # darwin 5.x on
+ # if running on 10.5 or later, the deployment target defaults
+ # to the OS version, if on x86, and 10.4, the deployment
+ # target defaults to 10.4. Don't you love it?
+ case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
+ 10.0,*86*-darwin8*|10.0,*-darwin[[91]]*)
+ _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;;
+ 10.[[012]]*)
+ _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;;
+ 10.*)
+ _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;;
+ esac
+ ;;
+ esac
+ if test "$lt_cv_apple_cc_single_mod" = "yes"; then
+ _lt_dar_single_mod='$single_module'
+ fi
+ if test "$lt_cv_ld_exported_symbols_list" = "yes"; then
+ _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym'
+ else
+ _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}'
+ fi
+ if test "$DSYMUTIL" != ":"; then
+ _lt_dsymutil='~$DSYMUTIL $lib || :'
+ else
+ _lt_dsymutil=
+ fi
+ ;;
+ esac
+])
+
+
+# _LT_DARWIN_LINKER_FEATURES
+# --------------------------
+# Checks for linker and compiler features on darwin
+m4_defun([_LT_DARWIN_LINKER_FEATURES],
+[
+ m4_require([_LT_REQUIRED_DARWIN_CHECKS])
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+ _LT_TAGVAR(hardcode_direct, $1)=no
+ _LT_TAGVAR(hardcode_automatic, $1)=yes
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
+ _LT_TAGVAR(whole_archive_flag_spec, $1)=''
+ _LT_TAGVAR(link_all_deplibs, $1)=yes
+ _LT_TAGVAR(allow_undefined_flag, $1)="$_lt_dar_allow_undefined"
+ case $cc_basename in
+ ifort*) _lt_dar_can_shared=yes ;;
+ *) _lt_dar_can_shared=$GCC ;;
+ esac
+ if test "$_lt_dar_can_shared" = "yes"; then
+ output_verbose_link_cmd=echo
+ _LT_TAGVAR(archive_cmds, $1)="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}"
+ _LT_TAGVAR(module_cmds, $1)="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}"
+ _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}"
+ _LT_TAGVAR(module_expsym_cmds, $1)="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}"
+ m4_if([$1], [CXX],
+[ if test "$lt_cv_apple_cc_single_mod" != "yes"; then
+ _LT_TAGVAR(archive_cmds, $1)="\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dsymutil}"
+ _LT_TAGVAR(archive_expsym_cmds, $1)="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dar_export_syms}${_lt_dsymutil}"
+ fi
+],[])
+ else
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+])
+
+# _LT_SYS_MODULE_PATH_AIX
+# -----------------------
+# Links a minimal program and checks the executable
+# for the system default hardcoded library path. In most cases,
+# this is /usr/lib:/lib, but when the MPI compilers are used
+# the location of the communication and MPI libs are included too.
+# If we don't find anything, use the default library path according
+# to the aix ld manual.
+m4_defun([_LT_SYS_MODULE_PATH_AIX],
+[m4_require([_LT_DECL_SED])dnl
+AC_LINK_IFELSE(AC_LANG_PROGRAM,[
+lt_aix_libpath_sed='
+ /Import File Strings/,/^$/ {
+ /^0/ {
+ s/^0 *\(.*\)$/\1/
+ p
+ }
+ }'
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then
+ aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+fi],[])
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+])# _LT_SYS_MODULE_PATH_AIX
+
+
+# _LT_SHELL_INIT(ARG)
+# -------------------
+m4_define([_LT_SHELL_INIT],
+[ifdef([AC_DIVERSION_NOTICE],
+ [AC_DIVERT_PUSH(AC_DIVERSION_NOTICE)],
+ [AC_DIVERT_PUSH(NOTICE)])
+$1
+AC_DIVERT_POP
+])# _LT_SHELL_INIT
+
+
+# _LT_PROG_ECHO_BACKSLASH
+# -----------------------
+# Add some code to the start of the generated configure script which
+# will find an echo command which doesn't interpret backslashes.
+m4_defun([_LT_PROG_ECHO_BACKSLASH],
+[_LT_SHELL_INIT([
+# Check that we are running under the correct shell.
+SHELL=${CONFIG_SHELL-/bin/sh}
+
+case X$lt_ECHO in
+X*--fallback-echo)
+ # Remove one level of quotation (which was required for Make).
+ ECHO=`echo "$lt_ECHO" | sed 's,\\\\\[$]\\[$]0,'[$]0','`
+ ;;
+esac
+
+ECHO=${lt_ECHO-echo}
+if test "X[$]1" = X--no-reexec; then
+ # Discard the --no-reexec flag, and continue.
+ shift
+elif test "X[$]1" = X--fallback-echo; then
+ # Avoid inline document here, it may be left over
+ :
+elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' ; then
+ # Yippee, $ECHO works!
+ :
+else
+ # Restart under the correct shell.
+ exec $SHELL "[$]0" --no-reexec ${1+"[$]@"}
+fi
+
+if test "X[$]1" = X--fallback-echo; then
+ # used as fallback echo
+ shift
+ cat <<_LT_EOF
+[$]*
+_LT_EOF
+ exit 0
+fi
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+if test -z "$lt_ECHO"; then
+ if test "X${echo_test_string+set}" != Xset; then
+ # find a string as large as possible, as long as the shell can cope with it
+ for cmd in 'sed 50q "[$]0"' 'sed 20q "[$]0"' 'sed 10q "[$]0"' 'sed 2q "[$]0"' 'echo test'; do
+ # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ...
+ if { echo_test_string=`eval $cmd`; } 2>/dev/null &&
+ { test "X$echo_test_string" = "X$echo_test_string"; } 2>/dev/null
+ then
+ break
+ fi
+ done
+ fi
+
+ if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ :
+ else
+ # The Solaris, AIX, and Digital Unix default echo programs unquote
+ # backslashes. This makes it impossible to quote backslashes using
+ # echo "$something" | sed 's/\\/\\\\/g'
+ #
+ # So, first we look for a working echo in the user's PATH.
+
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for dir in $PATH /usr/ucb; do
+ IFS="$lt_save_ifs"
+ if (test -f $dir/echo || test -f $dir/echo$ac_exeext) &&
+ test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ ECHO="$dir/echo"
+ break
+ fi
+ done
+ IFS="$lt_save_ifs"
+
+ if test "X$ECHO" = Xecho; then
+ # We didn't find a better echo, so look for alternatives.
+ if test "X`{ print -r '\t'; } 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`{ print -r "$echo_test_string"; } 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ # This shell has a builtin print -r that does the trick.
+ ECHO='print -r'
+ elif { test -f /bin/ksh || test -f /bin/ksh$ac_exeext; } &&
+ test "X$CONFIG_SHELL" != X/bin/ksh; then
+ # If we have ksh, try running configure again with it.
+ ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh}
+ export ORIGINAL_CONFIG_SHELL
+ CONFIG_SHELL=/bin/ksh
+ export CONFIG_SHELL
+ exec $CONFIG_SHELL "[$]0" --no-reexec ${1+"[$]@"}
+ else
+ # Try using printf.
+ ECHO='printf %s\n'
+ if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' &&
+ echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ # Cool, printf works
+ :
+ elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` &&
+ test "X$echo_testing_string" = 'X\t' &&
+ echo_testing_string=`($ORIGINAL_CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL
+ export CONFIG_SHELL
+ SHELL="$CONFIG_SHELL"
+ export SHELL
+ ECHO="$CONFIG_SHELL [$]0 --fallback-echo"
+ elif echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo '\t') 2>/dev/null` &&
+ test "X$echo_testing_string" = 'X\t' &&
+ echo_testing_string=`($CONFIG_SHELL "[$]0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+ test "X$echo_testing_string" = "X$echo_test_string"; then
+ ECHO="$CONFIG_SHELL [$]0 --fallback-echo"
+ else
+ # maybe with a smaller string...
+ prev=:
+
+ for cmd in 'echo test' 'sed 2q "[$]0"' 'sed 10q "[$]0"' 'sed 20q "[$]0"' 'sed 50q "[$]0"'; do
+ if { test "X$echo_test_string" = "X`eval $cmd`"; } 2>/dev/null
+ then
+ break
+ fi
+ prev="$cmd"
+ done
+
+ if test "$prev" != 'sed 50q "[$]0"'; then
+ echo_test_string=`eval $prev`
+ export echo_test_string
+ exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "[$]0" ${1+"[$]@"}
+ else
+ # Oops. We lost completely, so just stick with echo.
+ ECHO=echo
+ fi
+ fi
+ fi
+ fi
+ fi
+fi
+
+# Copy echo and quote the copy suitably for passing to libtool from
+# the Makefile, instead of quoting the original, which is used later.
+lt_ECHO=$ECHO
+if test "X$lt_ECHO" = "X$CONFIG_SHELL [$]0 --fallback-echo"; then
+ lt_ECHO="$CONFIG_SHELL \\\$\[$]0 --fallback-echo"
+fi
+
+AC_SUBST(lt_ECHO)
+])
+_LT_DECL([], [SHELL], [1], [Shell to use when invoking shell scripts])
+_LT_DECL([], [ECHO], [1],
+ [An echo program that does not interpret backslashes])
+])# _LT_PROG_ECHO_BACKSLASH
+
+
+# _LT_ENABLE_LOCK
+# ---------------
+m4_defun([_LT_ENABLE_LOCK],
+[AC_ARG_ENABLE([libtool-lock],
+ [AS_HELP_STRING([--disable-libtool-lock],
+ [avoid locking (might break parallel builds)])])
+test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
+
+# Some flags need to be propagated to the compiler or linker for good
+# libtool support.
+case $host in
+ia64-*-hpux*)
+ # Find out which ABI we are using.
+ echo 'int i;' > conftest.$ac_ext
+ if AC_TRY_EVAL(ac_compile); then
+ case `/usr/bin/file conftest.$ac_objext` in
+ *ELF-32*)
+ HPUX_IA64_MODE="32"
+ ;;
+ *ELF-64*)
+ HPUX_IA64_MODE="64"
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+*-*-irix6*)
+ # Find out which ABI we are using.
+ echo '[#]line __oline__ "configure"' > conftest.$ac_ext
+ if AC_TRY_EVAL(ac_compile); then
+ if test "$lt_cv_prog_gnu_ld" = yes; then
+ case `/usr/bin/file conftest.$ac_objext` in
+ *32-bit*)
+ LD="${LD-ld} -melf32bsmip"
+ ;;
+ *N32*)
+ LD="${LD-ld} -melf32bmipn32"
+ ;;
+ *64-bit*)
+ LD="${LD-ld} -melf64bmip"
+ ;;
+ esac
+ else
+ case `/usr/bin/file conftest.$ac_objext` in
+ *32-bit*)
+ LD="${LD-ld} -32"
+ ;;
+ *N32*)
+ LD="${LD-ld} -n32"
+ ;;
+ *64-bit*)
+ LD="${LD-ld} -64"
+ ;;
+ esac
+ fi
+ fi
+ rm -rf conftest*
+ ;;
+
+x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \
+s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
+ # Find out which ABI we are using.
+ echo 'int i;' > conftest.$ac_ext
+ if AC_TRY_EVAL(ac_compile); then
+ case `/usr/bin/file conftest.o` in
+ *32-bit*)
+ case $host in
+ x86_64-*kfreebsd*-gnu)
+ LD="${LD-ld} -m elf_i386_fbsd"
+ ;;
+ x86_64-*linux*)
+ LD="${LD-ld} -m elf_i386"
+ ;;
+ ppc64-*linux*|powerpc64-*linux*)
+ LD="${LD-ld} -m elf32ppclinux"
+ ;;
+ s390x-*linux*)
+ LD="${LD-ld} -m elf_s390"
+ ;;
+ sparc64-*linux*)
+ LD="${LD-ld} -m elf32_sparc"
+ ;;
+ esac
+ ;;
+ *64-bit*)
+ case $host in
+ x86_64-*kfreebsd*-gnu)
+ LD="${LD-ld} -m elf_x86_64_fbsd"
+ ;;
+ x86_64-*linux*)
+ LD="${LD-ld} -m elf_x86_64"
+ ;;
+ ppc*-*linux*|powerpc*-*linux*)
+ LD="${LD-ld} -m elf64ppc"
+ ;;
+ s390*-*linux*|s390*-*tpf*)
+ LD="${LD-ld} -m elf64_s390"
+ ;;
+ sparc*-*linux*)
+ LD="${LD-ld} -m elf64_sparc"
+ ;;
+ esac
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+
+*-*-sco3.2v5*)
+ # On SCO OpenServer 5, we need -belf to get full-featured binaries.
+ SAVE_CFLAGS="$CFLAGS"
+ CFLAGS="$CFLAGS -belf"
+ AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf,
+ [AC_LANG_PUSH(C)
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[]],[[]])],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no])
+ AC_LANG_POP])
+ if test x"$lt_cv_cc_needs_belf" != x"yes"; then
+ # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
+ CFLAGS="$SAVE_CFLAGS"
+ fi
+ ;;
+sparc*-*solaris*)
+ # Find out which ABI we are using.
+ echo 'int i;' > conftest.$ac_ext
+ if AC_TRY_EVAL(ac_compile); then
+ case `/usr/bin/file conftest.o` in
+ *64-bit*)
+ case $lt_cv_prog_gnu_ld in
+ yes*) LD="${LD-ld} -m elf64_sparc" ;;
+ *)
+ if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
+ LD="${LD-ld} -64"
+ fi
+ ;;
+ esac
+ ;;
+ esac
+ fi
+ rm -rf conftest*
+ ;;
+esac
+
+need_locks="$enable_libtool_lock"
+])# _LT_ENABLE_LOCK
+
+
+# _LT_CMD_OLD_ARCHIVE
+# -------------------
+m4_defun([_LT_CMD_OLD_ARCHIVE],
+[AC_CHECK_TOOL(AR, ar, false)
+test -z "$AR" && AR=ar
+test -z "$AR_FLAGS" && AR_FLAGS=cru
+_LT_DECL([], [AR], [1], [The archiver])
+_LT_DECL([], [AR_FLAGS], [1])
+
+AC_CHECK_TOOL(STRIP, strip, :)
+test -z "$STRIP" && STRIP=:
+_LT_DECL([], [STRIP], [1], [A symbol stripping program])
+
+AC_CHECK_TOOL(RANLIB, ranlib, :)
+test -z "$RANLIB" && RANLIB=:
+_LT_DECL([], [RANLIB], [1],
+ [Commands used to install an old-style archive])
+
+# Determine commands to create old-style static archives.
+old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs'
+old_postinstall_cmds='chmod 644 $oldlib'
+old_postuninstall_cmds=
+
+if test -n "$RANLIB"; then
+ case $host_os in
+ openbsd*)
+ old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib"
+ ;;
+ *)
+ old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib"
+ ;;
+ esac
+ old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
+fi
+_LT_DECL([], [old_postinstall_cmds], [2])
+_LT_DECL([], [old_postuninstall_cmds], [2])
+_LT_TAGDECL([], [old_archive_cmds], [2],
+ [Commands used to build an old-style archive])
+])# _LT_CMD_OLD_ARCHIVE
+
+
+# _LT_COMPILER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
+# [OUTPUT-FILE], [ACTION-SUCCESS], [ACTION-FAILURE])
+# ----------------------------------------------------------------
+# Check whether the given compiler option works
+AC_DEFUN([_LT_COMPILER_OPTION],
+[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_DECL_SED])dnl
+AC_CACHE_CHECK([$1], [$2],
+ [$2=no
+ m4_if([$4], , [ac_outfile=conftest.$ac_objext], [ac_outfile=$4])
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+ lt_compiler_flag="$3"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ # The option is referenced via a variable to avoid confusing sed.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
+ (eval "$lt_compile" 2>conftest.err)
+ ac_status=$?
+ cat conftest.err >&AS_MESSAGE_LOG_FD
+ echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
+ if (exit $ac_status) && test -s "$ac_outfile"; then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings other than the usual output.
+ $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+ $2=yes
+ fi
+ fi
+ $RM conftest*
+])
+
+if test x"[$]$2" = xyes; then
+ m4_if([$5], , :, [$5])
+else
+ m4_if([$6], , :, [$6])
+fi
+])# _LT_COMPILER_OPTION
+
+# Old name:
+AU_ALIAS([AC_LIBTOOL_COMPILER_OPTION], [_LT_COMPILER_OPTION])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_COMPILER_OPTION], [])
+
+
+# _LT_LINKER_OPTION(MESSAGE, VARIABLE-NAME, FLAGS,
+# [ACTION-SUCCESS], [ACTION-FAILURE])
+# ----------------------------------------------------
+# Check whether the given linker option works
+AC_DEFUN([_LT_LINKER_OPTION],
+[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_DECL_SED])dnl
+AC_CACHE_CHECK([$1], [$2],
+ [$2=no
+ save_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS $3"
+ echo "$lt_simple_link_test_code" > conftest.$ac_ext
+ if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
+ # The linker can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ if test -s conftest.err; then
+ # Append any errors to the config.log.
+ cat conftest.err 1>&AS_MESSAGE_LOG_FD
+ $ECHO "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp
+ $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+ if diff conftest.exp conftest.er2 >/dev/null; then
+ $2=yes
+ fi
+ else
+ $2=yes
+ fi
+ fi
+ $RM -r conftest*
+ LDFLAGS="$save_LDFLAGS"
+])
+
+if test x"[$]$2" = xyes; then
+ m4_if([$4], , :, [$4])
+else
+ m4_if([$5], , :, [$5])
+fi
+])# _LT_LINKER_OPTION
+
+# Old name:
+AU_ALIAS([AC_LIBTOOL_LINKER_OPTION], [_LT_LINKER_OPTION])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_LINKER_OPTION], [])
+
+
+# LT_CMD_MAX_LEN
+#---------------
+AC_DEFUN([LT_CMD_MAX_LEN],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+# find the maximum length of command line arguments
+AC_MSG_CHECKING([the maximum length of command line arguments])
+AC_CACHE_VAL([lt_cv_sys_max_cmd_len], [dnl
+ i=0
+ teststring="ABCD"
+
+ case $build_os in
+ msdosdjgpp*)
+ # On DJGPP, this test can blow up pretty badly due to problems in libc
+ # (any single argument exceeding 2000 bytes causes a buffer overrun
+ # during glob expansion). Even if it were fixed, the result of this
+ # check would be larger than it should be.
+ lt_cv_sys_max_cmd_len=12288; # 12K is about right
+ ;;
+
+ gnu*)
+ # Under GNU Hurd, this test is not required because there is
+ # no limit to the length of command line arguments.
+ # Libtool will interpret -1 as no limit whatsoever
+ lt_cv_sys_max_cmd_len=-1;
+ ;;
+
+ cygwin* | mingw* | cegcc*)
+ # On Win9x/ME, this test blows up -- it succeeds, but takes
+ # about 5 minutes as the teststring grows exponentially.
+ # Worse, since 9x/ME are not pre-emptively multitasking,
+ # you end up with a "frozen" computer, even though with patience
+ # the test eventually succeeds (with a max line length of 256k).
+ # Instead, let's just punt: use the minimum linelength reported by
+ # all of the supported platforms: 8192 (on NT/2K/XP).
+ lt_cv_sys_max_cmd_len=8192;
+ ;;
+
+ amigaos*)
+ # On AmigaOS with pdksh, this test takes hours, literally.
+ # So we just punt and use a minimum line length of 8192.
+ lt_cv_sys_max_cmd_len=8192;
+ ;;
+
+ netbsd* | freebsd* | openbsd* | darwin* | dragonfly*)
+ # This has been around since 386BSD, at least. Likely further.
+ if test -x /sbin/sysctl; then
+ lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
+ elif test -x /usr/sbin/sysctl; then
+ lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
+ else
+ lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs
+ fi
+ # And add a safety zone
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
+ ;;
+
+ interix*)
+ # We know the value 262144 and hardcode it with a safety zone (like BSD)
+ lt_cv_sys_max_cmd_len=196608
+ ;;
+
+ osf*)
+ # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
+ # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
+ # nice to cause kernel panics so lets avoid the loop below.
+ # First set a reasonable default.
+ lt_cv_sys_max_cmd_len=16384
+ #
+ if test -x /sbin/sysconfig; then
+ case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
+ *1*) lt_cv_sys_max_cmd_len=-1 ;;
+ esac
+ fi
+ ;;
+ sco3.2v5*)
+ lt_cv_sys_max_cmd_len=102400
+ ;;
+ sysv5* | sco5v6* | sysv4.2uw2*)
+ kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
+ if test -n "$kargmax"; then
+ lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[[ ]]//'`
+ else
+ lt_cv_sys_max_cmd_len=32768
+ fi
+ ;;
+ *)
+ lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null`
+ if test -n "$lt_cv_sys_max_cmd_len"; then
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
+ else
+ # Make teststring a little bigger before we do anything with it.
+ # a 1K string should be a reasonable start.
+ for i in 1 2 3 4 5 6 7 8 ; do
+ teststring=$teststring$teststring
+ done
+ SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
+ # If test is not a shell built-in, we'll probably end up computing a
+ # maximum length that is only half of the actual maximum length, but
+ # we can't tell.
+ while { test "X"`$SHELL [$]0 --fallback-echo "X$teststring$teststring" 2>/dev/null` \
+ = "XX$teststring$teststring"; } >/dev/null 2>&1 &&
+ test $i != 17 # 1/2 MB should be enough
+ do
+ i=`expr $i + 1`
+ teststring=$teststring$teststring
+ done
+ # Only check the string length outside the loop.
+ lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1`
+ teststring=
+ # Add a significant safety factor because C++ compilers can tack on
+ # massive amounts of additional arguments before passing them to the
+ # linker. It appears as though 1/2 is a usable value.
+ lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
+ fi
+ ;;
+ esac
+])
+if test -n $lt_cv_sys_max_cmd_len ; then
+ AC_MSG_RESULT($lt_cv_sys_max_cmd_len)
+else
+ AC_MSG_RESULT(none)
+fi
+max_cmd_len=$lt_cv_sys_max_cmd_len
+_LT_DECL([], [max_cmd_len], [0],
+ [What is the maximum length of a command?])
+])# LT_CMD_MAX_LEN
+
+# Old name:
+AU_ALIAS([AC_LIBTOOL_SYS_MAX_CMD_LEN], [LT_CMD_MAX_LEN])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_SYS_MAX_CMD_LEN], [])
+
+
+# _LT_HEADER_DLFCN
+# ----------------
+m4_defun([_LT_HEADER_DLFCN],
+[AC_CHECK_HEADERS([dlfcn.h], [], [], [AC_INCLUDES_DEFAULT])dnl
+])# _LT_HEADER_DLFCN
+
+
+# _LT_TRY_DLOPEN_SELF (ACTION-IF-TRUE, ACTION-IF-TRUE-W-USCORE,
+# ACTION-IF-FALSE, ACTION-IF-CROSS-COMPILING)
+# ----------------------------------------------------------------
+m4_defun([_LT_TRY_DLOPEN_SELF],
+[m4_require([_LT_HEADER_DLFCN])dnl
+if test "$cross_compiling" = yes; then :
+ [$4]
+else
+ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<_LT_EOF
+[#line __oline__ "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+# define LT_DLGLOBAL RTLD_GLOBAL
+#else
+# ifdef DL_GLOBAL
+# define LT_DLGLOBAL DL_GLOBAL
+# else
+# define LT_DLGLOBAL 0
+# endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+ find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+# ifdef RTLD_LAZY
+# define LT_DLLAZY_OR_NOW RTLD_LAZY
+# else
+# ifdef DL_LAZY
+# define LT_DLLAZY_OR_NOW DL_LAZY
+# else
+# ifdef RTLD_NOW
+# define LT_DLLAZY_OR_NOW RTLD_NOW
+# else
+# ifdef DL_NOW
+# define LT_DLLAZY_OR_NOW DL_NOW
+# else
+# define LT_DLLAZY_OR_NOW 0
+# endif
+# endif
+# endif
+# endif
+#endif
+
+void fnord() { int i=42;}
+int main ()
+{
+ void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+ int status = $lt_dlunknown;
+
+ if (self)
+ {
+ if (dlsym (self,"fnord")) status = $lt_dlno_uscore;
+ else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+ /* dlclose (self); */
+ }
+ else
+ puts (dlerror ());
+
+ return status;
+}]
+_LT_EOF
+ if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext} 2>/dev/null; then
+ (./conftest; exit; ) >&AS_MESSAGE_LOG_FD 2>/dev/null
+ lt_status=$?
+ case x$lt_status in
+ x$lt_dlno_uscore) $1 ;;
+ x$lt_dlneed_uscore) $2 ;;
+ x$lt_dlunknown|x*) $3 ;;
+ esac
+ else :
+ # compilation failed
+ $3
+ fi
+fi
+rm -fr conftest*
+])# _LT_TRY_DLOPEN_SELF
+
+
+# LT_SYS_DLOPEN_SELF
+# ------------------
+AC_DEFUN([LT_SYS_DLOPEN_SELF],
+[m4_require([_LT_HEADER_DLFCN])dnl
+if test "x$enable_dlopen" != xyes; then
+ enable_dlopen=unknown
+ enable_dlopen_self=unknown
+ enable_dlopen_self_static=unknown
+else
+ lt_cv_dlopen=no
+ lt_cv_dlopen_libs=
+
+ case $host_os in
+ beos*)
+ lt_cv_dlopen="load_add_on"
+ lt_cv_dlopen_libs=
+ lt_cv_dlopen_self=yes
+ ;;
+
+ mingw* | pw32* | cegcc*)
+ lt_cv_dlopen="LoadLibrary"
+ lt_cv_dlopen_libs=
+ ;;
+
+ cygwin*)
+ lt_cv_dlopen="dlopen"
+ lt_cv_dlopen_libs=
+ ;;
+
+ darwin*)
+ # if libdl is installed we need to link against it
+ AC_CHECK_LIB([dl], [dlopen],
+ [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"],[
+ lt_cv_dlopen="dyld"
+ lt_cv_dlopen_libs=
+ lt_cv_dlopen_self=yes
+ ])
+ ;;
+
+ *)
+ AC_CHECK_FUNC([shl_load],
+ [lt_cv_dlopen="shl_load"],
+ [AC_CHECK_LIB([dld], [shl_load],
+ [lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld"],
+ [AC_CHECK_FUNC([dlopen],
+ [lt_cv_dlopen="dlopen"],
+ [AC_CHECK_LIB([dl], [dlopen],
+ [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"],
+ [AC_CHECK_LIB([svld], [dlopen],
+ [lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"],
+ [AC_CHECK_LIB([dld], [dld_link],
+ [lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld"])
+ ])
+ ])
+ ])
+ ])
+ ])
+ ;;
+ esac
+
+ if test "x$lt_cv_dlopen" != xno; then
+ enable_dlopen=yes
+ else
+ enable_dlopen=no
+ fi
+
+ case $lt_cv_dlopen in
+ dlopen)
+ save_CPPFLAGS="$CPPFLAGS"
+ test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
+
+ save_LDFLAGS="$LDFLAGS"
+ wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
+
+ save_LIBS="$LIBS"
+ LIBS="$lt_cv_dlopen_libs $LIBS"
+
+ AC_CACHE_CHECK([whether a program can dlopen itself],
+ lt_cv_dlopen_self, [dnl
+ _LT_TRY_DLOPEN_SELF(
+ lt_cv_dlopen_self=yes, lt_cv_dlopen_self=yes,
+ lt_cv_dlopen_self=no, lt_cv_dlopen_self=cross)
+ ])
+
+ if test "x$lt_cv_dlopen_self" = xyes; then
+ wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
+ AC_CACHE_CHECK([whether a statically linked program can dlopen itself],
+ lt_cv_dlopen_self_static, [dnl
+ _LT_TRY_DLOPEN_SELF(
+ lt_cv_dlopen_self_static=yes, lt_cv_dlopen_self_static=yes,
+ lt_cv_dlopen_self_static=no, lt_cv_dlopen_self_static=cross)
+ ])
+ fi
+
+ CPPFLAGS="$save_CPPFLAGS"
+ LDFLAGS="$save_LDFLAGS"
+ LIBS="$save_LIBS"
+ ;;
+ esac
+
+ case $lt_cv_dlopen_self in
+ yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
+ *) enable_dlopen_self=unknown ;;
+ esac
+
+ case $lt_cv_dlopen_self_static in
+ yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
+ *) enable_dlopen_self_static=unknown ;;
+ esac
+fi
+_LT_DECL([dlopen_support], [enable_dlopen], [0],
+ [Whether dlopen is supported])
+_LT_DECL([dlopen_self], [enable_dlopen_self], [0],
+ [Whether dlopen of programs is supported])
+_LT_DECL([dlopen_self_static], [enable_dlopen_self_static], [0],
+ [Whether dlopen of statically linked programs is supported])
+])# LT_SYS_DLOPEN_SELF
+
+# Old name:
+AU_ALIAS([AC_LIBTOOL_DLOPEN_SELF], [LT_SYS_DLOPEN_SELF])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_DLOPEN_SELF], [])
+
+
+# _LT_COMPILER_C_O([TAGNAME])
+# ---------------------------
+# Check to see if options -c and -o are simultaneously supported by compiler.
+# This macro does not hard code the compiler like AC_PROG_CC_C_O.
+m4_defun([_LT_COMPILER_C_O],
+[m4_require([_LT_DECL_SED])dnl
+m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_TAG_COMPILER])dnl
+AC_CACHE_CHECK([if $compiler supports -c -o file.$ac_objext],
+ [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)],
+ [_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=no
+ $RM -r conftest 2>/dev/null
+ mkdir conftest
+ cd conftest
+ mkdir out
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ lt_compiler_flag="-o out/conftest2.$ac_objext"
+ # Insert the option either (1) after the last *FLAGS variable, or
+ # (2) before a word containing "conftest.", or (3) at the end.
+ # Note that $ac_compile itself does not contain backslashes and begins
+ # with a dollar sign (not a hyphen), so the echo should work correctly.
+ lt_compile=`echo "$ac_compile" | $SED \
+ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+ -e 's: [[^ ]]*conftest\.: $lt_compiler_flag&:; t' \
+ -e 's:$: $lt_compiler_flag:'`
+ (eval echo "\"\$as_me:__oline__: $lt_compile\"" >&AS_MESSAGE_LOG_FD)
+ (eval "$lt_compile" 2>out/conftest.err)
+ ac_status=$?
+ cat out/conftest.err >&AS_MESSAGE_LOG_FD
+ echo "$as_me:__oline__: \$? = $ac_status" >&AS_MESSAGE_LOG_FD
+ if (exit $ac_status) && test -s out/conftest2.$ac_objext
+ then
+ # The compiler can only warn and ignore the option if not recognized
+ # So say no if there are warnings
+ $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
+ $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+ if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+ _LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
+ fi
+ fi
+ chmod u+w . 2>&AS_MESSAGE_LOG_FD
+ $RM conftest*
+ # SGI C++ compiler will create directory out/ii_files/ for
+ # template instantiation
+ test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
+ $RM out/* && rmdir out
+ cd ..
+ $RM -r conftest
+ $RM conftest*
+])
+_LT_TAGDECL([compiler_c_o], [lt_cv_prog_compiler_c_o], [1],
+ [Does compiler simultaneously support -c and -o options?])
+])# _LT_COMPILER_C_O
+
+
+# _LT_COMPILER_FILE_LOCKS([TAGNAME])
+# ----------------------------------
+# Check to see if we can do hard links to lock some files if needed
+m4_defun([_LT_COMPILER_FILE_LOCKS],
+[m4_require([_LT_ENABLE_LOCK])dnl
+m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+_LT_COMPILER_C_O([$1])
+
+hard_links="nottested"
+if test "$_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)" = no && test "$need_locks" != no; then
+ # do not overwrite the value of need_locks provided by the user
+ AC_MSG_CHECKING([if we can lock with hard links])
+ hard_links=yes
+ $RM conftest*
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ touch conftest.a
+ ln conftest.a conftest.b 2>&5 || hard_links=no
+ ln conftest.a conftest.b 2>/dev/null && hard_links=no
+ AC_MSG_RESULT([$hard_links])
+ if test "$hard_links" = no; then
+ AC_MSG_WARN([`$CC' does not support `-c -o', so `make -j' may be unsafe])
+ need_locks=warn
+ fi
+else
+ need_locks=no
+fi
+_LT_DECL([], [need_locks], [1], [Must we lock files when doing compilation?])
+])# _LT_COMPILER_FILE_LOCKS
+
+
+# _LT_CHECK_OBJDIR
+# ----------------
+m4_defun([_LT_CHECK_OBJDIR],
+[AC_CACHE_CHECK([for objdir], [lt_cv_objdir],
+[rm -f .libs 2>/dev/null
+mkdir .libs 2>/dev/null
+if test -d .libs; then
+ lt_cv_objdir=.libs
+else
+ # MS-DOS does not allow filenames that begin with a dot.
+ lt_cv_objdir=_libs
+fi
+rmdir .libs 2>/dev/null])
+objdir=$lt_cv_objdir
+_LT_DECL([], [objdir], [0],
+ [The name of the directory that contains temporary libtool files])dnl
+m4_pattern_allow([LT_OBJDIR])dnl
+AC_DEFINE_UNQUOTED(LT_OBJDIR, "$lt_cv_objdir/",
+ [Define to the sub-directory in which libtool stores uninstalled libraries.])
+])# _LT_CHECK_OBJDIR
+
+
+# _LT_LINKER_HARDCODE_LIBPATH([TAGNAME])
+# --------------------------------------
+# Check hardcoding attributes.
+m4_defun([_LT_LINKER_HARDCODE_LIBPATH],
+[AC_MSG_CHECKING([how to hardcode library paths into programs])
+_LT_TAGVAR(hardcode_action, $1)=
+if test -n "$_LT_TAGVAR(hardcode_libdir_flag_spec, $1)" ||
+ test -n "$_LT_TAGVAR(runpath_var, $1)" ||
+ test "X$_LT_TAGVAR(hardcode_automatic, $1)" = "Xyes" ; then
+
+ # We can hardcode non-existent directories.
+ if test "$_LT_TAGVAR(hardcode_direct, $1)" != no &&
+ # If the only mechanism to avoid hardcoding is shlibpath_var, we
+ # have to relink, otherwise we might link with an installed library
+ # when we should be linking with a yet-to-be-installed one
+ ## test "$_LT_TAGVAR(hardcode_shlibpath_var, $1)" != no &&
+ test "$_LT_TAGVAR(hardcode_minus_L, $1)" != no; then
+ # Linking always hardcodes the temporary library directory.
+ _LT_TAGVAR(hardcode_action, $1)=relink
+ else
+ # We can link without hardcoding, and we can hardcode nonexisting dirs.
+ _LT_TAGVAR(hardcode_action, $1)=immediate
+ fi
+else
+ # We cannot hardcode anything, or else we can only hardcode existing
+ # directories.
+ _LT_TAGVAR(hardcode_action, $1)=unsupported
+fi
+AC_MSG_RESULT([$_LT_TAGVAR(hardcode_action, $1)])
+
+if test "$_LT_TAGVAR(hardcode_action, $1)" = relink ||
+ test "$_LT_TAGVAR(inherit_rpath, $1)" = yes; then
+ # Fast installation is not supported
+ enable_fast_install=no
+elif test "$shlibpath_overrides_runpath" = yes ||
+ test "$enable_shared" = no; then
+ # Fast installation is not necessary
+ enable_fast_install=needless
+fi
+_LT_TAGDECL([], [hardcode_action], [0],
+ [How to hardcode a shared library path into an executable])
+])# _LT_LINKER_HARDCODE_LIBPATH
+
+
+# _LT_CMD_STRIPLIB
+# ----------------
+m4_defun([_LT_CMD_STRIPLIB],
+[m4_require([_LT_DECL_EGREP])
+striplib=
+old_striplib=
+AC_MSG_CHECKING([whether stripping libraries is possible])
+if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
+ test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
+ test -z "$striplib" && striplib="$STRIP --strip-unneeded"
+ AC_MSG_RESULT([yes])
+else
+# FIXME - insert some real tests, host_os isn't really good enough
+ case $host_os in
+ darwin*)
+ if test -n "$STRIP" ; then
+ striplib="$STRIP -x"
+ old_striplib="$STRIP -S"
+ AC_MSG_RESULT([yes])
+ else
+ AC_MSG_RESULT([no])
+ fi
+ ;;
+ *)
+ AC_MSG_RESULT([no])
+ ;;
+ esac
+fi
+_LT_DECL([], [old_striplib], [1], [Commands to strip libraries])
+_LT_DECL([], [striplib], [1])
+])# _LT_CMD_STRIPLIB
+
+
+# _LT_SYS_DYNAMIC_LINKER([TAG])
+# -----------------------------
+# PORTME Fill in your ld.so characteristics
+m4_defun([_LT_SYS_DYNAMIC_LINKER],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+m4_require([_LT_DECL_EGREP])dnl
+m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_DECL_OBJDUMP])dnl
+m4_require([_LT_DECL_SED])dnl
+AC_MSG_CHECKING([dynamic linker characteristics])
+m4_if([$1],
+ [], [
+if test "$GCC" = yes; then
+ case $host_os in
+ darwin*) lt_awk_arg="/^libraries:/,/LR/" ;;
+ *) lt_awk_arg="/^libraries:/" ;;
+ esac
+ lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if $ECHO "$lt_search_path_spec" | $GREP ';' >/dev/null ; then
+ # if the path contains ";" then we assume it to be the separator
+ # otherwise default to the standard path separator (i.e. ":") - it is
+ # assumed that no part of a normal pathname contains ";" but that should
+ # okay in the real world where ";" in dirpaths is itself problematic.
+ lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+ # Ok, now we have the path, separated by spaces, we can step through it
+ # and add multilib dir if necessary.
+ lt_tmp_lt_search_path_spec=
+ lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null`
+ for lt_sys_path in $lt_search_path_spec; do
+ if test -d "$lt_sys_path/$lt_multi_os_dir"; then
+ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir"
+ else
+ test -d "$lt_sys_path" && \
+ lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path"
+ fi
+ done
+ lt_search_path_spec=`$ECHO $lt_tmp_lt_search_path_spec | awk '
+BEGIN {RS=" "; FS="/|\n";} {
+ lt_foo="";
+ lt_count=0;
+ for (lt_i = NF; lt_i > 0; lt_i--) {
+ if ($lt_i != "" && $lt_i != ".") {
+ if ($lt_i == "..") {
+ lt_count++;
+ } else {
+ if (lt_count == 0) {
+ lt_foo="/" $lt_i lt_foo;
+ } else {
+ lt_count--;
+ }
+ }
+ }
+ }
+ if (lt_foo != "") { lt_freq[[lt_foo]]++; }
+ if (lt_freq[[lt_foo]] == 1) { print lt_foo; }
+}'`
+ sys_lib_search_path_spec=`$ECHO $lt_search_path_spec`
+else
+ sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+fi])
+library_names_spec=
+libname_spec='lib$name'
+soname_spec=
+shrext_cmds=".so"
+postinstall_cmds=
+postuninstall_cmds=
+finish_cmds=
+finish_eval=
+shlibpath_var=
+shlibpath_overrides_runpath=unknown
+version_type=none
+dynamic_linker="$host_os ld.so"
+sys_lib_dlsearch_path_spec="/lib /usr/lib"
+need_lib_prefix=unknown
+hardcode_into_libs=no
+
+# when you set need_version to no, make sure it does not cause -set_version
+# flags to be left without arguments
+need_version=unknown
+
+case $host_os in
+aix3*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
+ shlibpath_var=LIBPATH
+
+ # AIX 3 has no versioning support, so we append a major version to the name.
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+
+aix[[4-9]]*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ hardcode_into_libs=yes
+ if test "$host_cpu" = ia64; then
+ # AIX 5 supports IA64
+ library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ else
+ # With GCC up to 2.95.x, collect2 would create an import file
+ # for dependence libraries. The import file would start with
+ # the line `#! .'. This would cause the generated library to
+ # depend on `.', always an invalid library. This was fixed in
+ # development snapshots of GCC prior to 3.0.
+ case $host_os in
+ aix4 | aix4.[[01]] | aix4.[[01]].*)
+ if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
+ echo ' yes '
+ echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then
+ :
+ else
+ can_build_shared=no
+ fi
+ ;;
+ esac
+ # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
+ # soname into executable. Probably we can add versioning support to
+ # collect2, so additional links can be useful in future.
+ if test "$aix_use_runtimelinking" = yes; then
+ # If using run time linking (on AIX 4.2 or later) use lib<name>.so
+ # instead of lib<name>.a to let people know that these are not
+ # typical AIX shared libraries.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ else
+ # We preserve .a as extension for shared libraries through AIX4.2
+ # and later when we are not doing run time linking.
+ library_names_spec='${libname}${release}.a $libname.a'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ fi
+ shlibpath_var=LIBPATH
+ fi
+ ;;
+
+amigaos*)
+ case $host_cpu in
+ powerpc)
+ # Since July 2007 AmigaOS4 officially supports .so libraries.
+ # When compiling the executable, add -use-dynld -Lsobjs: to the compileline.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ ;;
+ m68k)
+ library_names_spec='$libname.ixlibrary $libname.a'
+ # Create ${libname}_ixlibrary.a entries in /sys/libs.
+ finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$ECHO "X$lib" | $Xsed -e '\''s%^.*/\([[^/]]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+ ;;
+ esac
+ ;;
+
+beos*)
+ library_names_spec='${libname}${shared_ext}'
+ dynamic_linker="$host_os ld.so"
+ shlibpath_var=LIBRARY_PATH
+ ;;
+
+bsdi[[45]]*)
+ version_type=linux
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
+ sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
+ # the default ld.so.conf also contains /usr/contrib/lib and
+ # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
+ # libtool to hard-code these into programs
+ ;;
+
+cygwin* | mingw* | pw32* | cegcc*)
+ version_type=windows
+ shrext_cmds=".dll"
+ need_version=no
+ need_lib_prefix=no
+
+ case $GCC,$host_os in
+ yes,cygwin* | yes,mingw* | yes,pw32* | yes,cegcc*)
+ library_names_spec='$libname.dll.a'
+ # DLL is installed to $(libdir)/../bin by postinstall_cmds
+ postinstall_cmds='base_file=`basename \${file}`~
+ dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~
+ dldir=$destdir/`dirname \$dlpath`~
+ test -d \$dldir || mkdir -p \$dldir~
+ $install_prog $dir/$dlname \$dldir/$dlname~
+ chmod a+x \$dldir/$dlname~
+ if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
+ eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
+ fi'
+ postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+ dlpath=$dir/\$dldll~
+ $RM \$dlpath'
+ shlibpath_overrides_runpath=yes
+
+ case $host_os in
+ cygwin*)
+ # Cygwin DLLs use 'cyg' prefix rather than 'lib'
+ soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
+ ;;
+ mingw* | cegcc*)
+ # MinGW DLLs use traditional 'lib' prefix
+ soname_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}'
+ sys_lib_search_path_spec=`$CC -print-search-dirs | $GREP "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+ if $ECHO "$sys_lib_search_path_spec" | [$GREP ';[c-zC-Z]:/' >/dev/null]; then
+ # It is most probably a Windows format PATH printed by
+ # mingw gcc, but we are running on Cygwin. Gcc prints its search
+ # path with ; separators, and with drive letters. We can handle the
+ # drive letters (cygwin fileutils understands them), so leave them,
+ # especially as we might pass files found there to a mingw objdump,
+ # which wouldn't understand a cygwinified path. Ahh.
+ sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+ else
+ sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"`
+ fi
+ ;;
+ pw32*)
+ # pw32 DLLs use 'pw' prefix rather than 'lib'
+ library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext}'
+ ;;
+ esac
+ ;;
+
+ *)
+ library_names_spec='${libname}`echo ${release} | $SED -e 's/[[.]]/-/g'`${versuffix}${shared_ext} $libname.lib'
+ ;;
+ esac
+ dynamic_linker='Win32 ld.exe'
+ # FIXME: first we should search . and the directory the executable is in
+ shlibpath_var=PATH
+ ;;
+
+darwin* | rhapsody*)
+ dynamic_linker="$host_os dyld"
+ version_type=darwin
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext'
+ soname_spec='${libname}${release}${major}$shared_ext'
+ shlibpath_overrides_runpath=yes
+ shlibpath_var=DYLD_LIBRARY_PATH
+ shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
+m4_if([$1], [],[
+ sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"])
+ sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
+ ;;
+
+dgux*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+freebsd1*)
+ dynamic_linker=no
+ ;;
+
+freebsd* | dragonfly*)
+ # DragonFly does not have aout. When/if they implement a new
+ # versioning mechanism, adjust this.
+ if test -x /usr/bin/objformat; then
+ objformat=`/usr/bin/objformat`
+ else
+ case $host_os in
+ freebsd[[123]]*) objformat=aout ;;
+ *) objformat=elf ;;
+ esac
+ fi
+ version_type=freebsd-$objformat
+ case $version_type in
+ freebsd-elf*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ need_version=no
+ need_lib_prefix=no
+ ;;
+ freebsd-*)
+ library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
+ need_version=yes
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_os in
+ freebsd2*)
+ shlibpath_overrides_runpath=yes
+ ;;
+ freebsd3.[[01]]* | freebsdelf3.[[01]]*)
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ freebsd3.[[2-9]]* | freebsdelf3.[[2-9]]* | \
+ freebsd4.[[0-5]] | freebsdelf4.[[0-5]] | freebsd4.1.1 | freebsdelf4.1.1)
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+ *) # from 4.6 on, and DragonFly
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+ esac
+ ;;
+
+gnu*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ hardcode_into_libs=yes
+ ;;
+
+hpux9* | hpux10* | hpux11*)
+ # Give a soname corresponding to the major version so that dld.sl refuses to
+ # link against other versions.
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ case $host_cpu in
+ ia64*)
+ shrext_cmds='.so'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.so"
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ if test "X$HPUX_IA64_MODE" = X32; then
+ sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+ else
+ sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+ fi
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ hppa*64*)
+ shrext_cmds='.sl'
+ hardcode_into_libs=yes
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
+ shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
+ sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+ ;;
+ *)
+ shrext_cmds='.sl'
+ dynamic_linker="$host_os dld.sl"
+ shlibpath_var=SHLIB_PATH
+ shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ ;;
+ esac
+ # HP-UX runs *really* slowly unless shared libraries are mode 555.
+ postinstall_cmds='chmod 555 $lib'
+ ;;
+
+interix[[3-9]]*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $host_os in
+ nonstopux*) version_type=nonstopux ;;
+ *)
+ if test "$lt_cv_prog_gnu_ld" = yes; then
+ version_type=linux
+ else
+ version_type=irix
+ fi ;;
+ esac
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
+ case $host_os in
+ irix5* | nonstopux*)
+ libsuff= shlibsuff=
+ ;;
+ *)
+ case $LD in # libtool.m4 will add one of these switches to LD
+ *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
+ libsuff= shlibsuff= libmagic=32-bit;;
+ *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
+ libsuff=32 shlibsuff=N32 libmagic=N32;;
+ *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
+ libsuff=64 shlibsuff=64 libmagic=64-bit;;
+ *) libsuff= shlibsuff= libmagic=never-match;;
+ esac
+ ;;
+ esac
+ shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
+ sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
+ hardcode_into_libs=yes
+ ;;
+
+# No shared lib support for Linux oldld, aout, or coff.
+linux*oldld* | linux*aout* | linux*coff*)
+ dynamic_linker=no
+ ;;
+
+# This must be Linux ELF.
+linux* | k*bsd*-gnu | kopensolaris*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ # Some binutils ld are patched to set DT_RUNPATH
+ save_LDFLAGS=$LDFLAGS
+ save_libdir=$libdir
+ eval "libdir=/foo; wl=\"$_LT_TAGVAR(lt_prog_compiler_wl, $1)\"; \
+ LDFLAGS=\"\$LDFLAGS $_LT_TAGVAR(hardcode_libdir_flag_spec, $1)\""
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([],[])],
+ [AS_IF([ ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null],
+ [shlibpath_overrides_runpath=yes])])
+ LDFLAGS=$save_LDFLAGS
+ libdir=$save_libdir
+
+ # This implies no fast_install, which is unacceptable.
+ # Some rework will be needed to allow for fast_install
+ # before this can be enabled.
+ hardcode_into_libs=yes
+
+ # Append ld.so.conf contents to the search path
+ if test -f /etc/ld.so.conf; then
+ lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \[$]2)); skip = 1; } { if (!skip) print \[$]0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+ sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
+ fi
+
+ # We used to test for /lib/ld.so.1 and disable shared libraries on
+ # powerpc, because MkLinux only supported shared libraries with the
+ # GNU dynamic linker. Since this was broken with cross compilers,
+ # most powerpc-linux boxes support dynamic linking these days and
+ # people can always --disable-shared, the test was removed, and we
+ # assume the GNU/Linux dynamic linker is in use.
+ dynamic_linker='GNU/Linux ld.so'
+ ;;
+
+netbsdelf*-gnu)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='NetBSD ld.elf_so'
+ ;;
+
+netbsd*)
+ version_type=sunos
+ need_lib_prefix=no
+ need_version=no
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ dynamic_linker='NetBSD (a.out) ld.so'
+ else
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ dynamic_linker='NetBSD ld.elf_so'
+ fi
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ ;;
+
+newsos6)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ ;;
+
+*nto* | *qnx*)
+ version_type=qnx
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ dynamic_linker='ldqnx.so'
+ ;;
+
+openbsd*)
+ version_type=sunos
+ sys_lib_dlsearch_path_spec="/usr/lib"
+ need_lib_prefix=no
+ # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
+ case $host_os in
+ openbsd3.3 | openbsd3.3.*) need_version=yes ;;
+ *) need_version=no ;;
+ esac
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ case $host_os in
+ openbsd2.[[89]] | openbsd2.[[89]].*)
+ shlibpath_overrides_runpath=no
+ ;;
+ *)
+ shlibpath_overrides_runpath=yes
+ ;;
+ esac
+ else
+ shlibpath_overrides_runpath=yes
+ fi
+ ;;
+
+os2*)
+ libname_spec='$name'
+ shrext_cmds=".dll"
+ need_lib_prefix=no
+ library_names_spec='$libname${shared_ext} $libname.a'
+ dynamic_linker='OS/2 ld.exe'
+ shlibpath_var=LIBPATH
+ ;;
+
+osf3* | osf4* | osf5*)
+ version_type=osf
+ need_lib_prefix=no
+ need_version=no
+ soname_spec='${libname}${release}${shared_ext}$major'
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
+ sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
+ ;;
+
+rdos*)
+ dynamic_linker=no
+ ;;
+
+solaris*)
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ # ldd complains unless libraries are executable
+ postinstall_cmds='chmod +x $lib'
+ ;;
+
+sunos4*)
+ version_type=sunos
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+ finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ if test "$with_gnu_ld" = yes; then
+ need_lib_prefix=no
+ fi
+ need_version=yes
+ ;;
+
+sysv4 | sysv4.3*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ case $host_vendor in
+ sni)
+ shlibpath_overrides_runpath=no
+ need_lib_prefix=no
+ runpath_var=LD_RUN_PATH
+ ;;
+ siemens)
+ need_lib_prefix=no
+ ;;
+ motorola)
+ need_lib_prefix=no
+ need_version=no
+ shlibpath_overrides_runpath=no
+ sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
+ ;;
+ esac
+ ;;
+
+sysv4*MP*)
+ if test -d /usr/nec ;then
+ version_type=linux
+ library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
+ soname_spec='$libname${shared_ext}.$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ fi
+ ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+ version_type=freebsd-elf
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=yes
+ hardcode_into_libs=yes
+ if test "$with_gnu_ld" = yes; then
+ sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
+ else
+ sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
+ case $host_os in
+ sco3.2v5*)
+ sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
+ ;;
+ esac
+ fi
+ sys_lib_dlsearch_path_spec='/usr/lib'
+ ;;
+
+tpf*)
+ # TPF is a cross-target only. Preferred cross-host = GNU/Linux.
+ version_type=linux
+ need_lib_prefix=no
+ need_version=no
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ shlibpath_var=LD_LIBRARY_PATH
+ shlibpath_overrides_runpath=no
+ hardcode_into_libs=yes
+ ;;
+
+uts4*)
+ version_type=linux
+ library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+ soname_spec='${libname}${release}${shared_ext}$major'
+ shlibpath_var=LD_LIBRARY_PATH
+ ;;
+
+*)
+ dynamic_linker=no
+ ;;
+esac
+AC_MSG_RESULT([$dynamic_linker])
+test "$dynamic_linker" = no && can_build_shared=no
+
+variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
+if test "$GCC" = yes; then
+ variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
+fi
+
+if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then
+ sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec"
+fi
+if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then
+ sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec"
+fi
+
+_LT_DECL([], [variables_saved_for_relink], [1],
+ [Variables whose values should be saved in libtool wrapper scripts and
+ restored at link time])
+_LT_DECL([], [need_lib_prefix], [0],
+ [Do we need the "lib" prefix for modules?])
+_LT_DECL([], [need_version], [0], [Do we need a version for libraries?])
+_LT_DECL([], [version_type], [0], [Library versioning type])
+_LT_DECL([], [runpath_var], [0], [Shared library runtime path variable])
+_LT_DECL([], [shlibpath_var], [0],[Shared library path variable])
+_LT_DECL([], [shlibpath_overrides_runpath], [0],
+ [Is shlibpath searched before the hard-coded library search path?])
+_LT_DECL([], [libname_spec], [1], [Format of library name prefix])
+_LT_DECL([], [library_names_spec], [1],
+ [[List of archive names. First name is the real one, the rest are links.
+ The last name is the one that the linker finds with -lNAME]])
+_LT_DECL([], [soname_spec], [1],
+ [[The coded name of the library, if different from the real name]])
+_LT_DECL([], [postinstall_cmds], [2],
+ [Command to use after installation of a shared archive])
+_LT_DECL([], [postuninstall_cmds], [2],
+ [Command to use after uninstallation of a shared archive])
+_LT_DECL([], [finish_cmds], [2],
+ [Commands used to finish a libtool library installation in a directory])
+_LT_DECL([], [finish_eval], [1],
+ [[As "finish_cmds", except a single script fragment to be evaled but
+ not shown]])
+_LT_DECL([], [hardcode_into_libs], [0],
+ [Whether we should hardcode library paths into libraries])
+_LT_DECL([], [sys_lib_search_path_spec], [2],
+ [Compile-time system search path for libraries])
+_LT_DECL([], [sys_lib_dlsearch_path_spec], [2],
+ [Run-time system search path for libraries])
+])# _LT_SYS_DYNAMIC_LINKER
+
+
+# _LT_PATH_TOOL_PREFIX(TOOL)
+# --------------------------
+# find a file program which can recognize shared library
+AC_DEFUN([_LT_PATH_TOOL_PREFIX],
+[m4_require([_LT_DECL_EGREP])dnl
+AC_MSG_CHECKING([for $1])
+AC_CACHE_VAL(lt_cv_path_MAGIC_CMD,
+[case $MAGIC_CMD in
+[[\\/*] | ?:[\\/]*])
+ lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
+ ;;
+*)
+ lt_save_MAGIC_CMD="$MAGIC_CMD"
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+dnl $ac_dummy forces splitting on constant user-supplied paths.
+dnl POSIX.2 word splitting is done only on the output of word expansions,
+dnl not every word. This closes a longstanding sh security hole.
+ ac_dummy="m4_if([$2], , $PATH, [$2])"
+ for ac_dir in $ac_dummy; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f $ac_dir/$1; then
+ lt_cv_path_MAGIC_CMD="$ac_dir/$1"
+ if test -n "$file_magic_test_file"; then
+ case $deplibs_check_method in
+ "file_magic "*)
+ file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
+ MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+ if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
+ $EGREP "$file_magic_regex" > /dev/null; then
+ :
+ else
+ cat <<_LT_EOF 1>&2
+
+*** Warning: the command libtool uses to detect shared libraries,
+*** $file_magic_cmd, produces output that libtool cannot recognize.
+*** The result is that libtool may fail to recognize shared libraries
+*** as such. This will affect the creation of libtool libraries that
+*** depend on shared libraries, but programs linked with such libtool
+*** libraries will work regardless of this problem. Nevertheless, you
+*** may want to report the problem to your system manager and/or to
+*** bug-libtool@gnu.org
+
+_LT_EOF
+ fi ;;
+ esac
+ fi
+ break
+ fi
+ done
+ IFS="$lt_save_ifs"
+ MAGIC_CMD="$lt_save_MAGIC_CMD"
+ ;;
+esac])
+MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+if test -n "$MAGIC_CMD"; then
+ AC_MSG_RESULT($MAGIC_CMD)
+else
+ AC_MSG_RESULT(no)
+fi
+_LT_DECL([], [MAGIC_CMD], [0],
+ [Used to examine libraries when file_magic_cmd begins with "file"])dnl
+])# _LT_PATH_TOOL_PREFIX
+
+# Old name:
+AU_ALIAS([AC_PATH_TOOL_PREFIX], [_LT_PATH_TOOL_PREFIX])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_PATH_TOOL_PREFIX], [])
+
+
+# _LT_PATH_MAGIC
+# --------------
+# find a file program which can recognize a shared library
+m4_defun([_LT_PATH_MAGIC],
+[_LT_PATH_TOOL_PREFIX(${ac_tool_prefix}file, /usr/bin$PATH_SEPARATOR$PATH)
+if test -z "$lt_cv_path_MAGIC_CMD"; then
+ if test -n "$ac_tool_prefix"; then
+ _LT_PATH_TOOL_PREFIX(file, /usr/bin$PATH_SEPARATOR$PATH)
+ else
+ MAGIC_CMD=:
+ fi
+fi
+])# _LT_PATH_MAGIC
+
+
+# LT_PATH_LD
+# ----------
+# find the pathname to the GNU or non-GNU linker
+AC_DEFUN([LT_PATH_LD],
+[AC_REQUIRE([AC_PROG_CC])dnl
+AC_REQUIRE([AC_CANONICAL_HOST])dnl
+AC_REQUIRE([AC_CANONICAL_BUILD])dnl
+m4_require([_LT_DECL_SED])dnl
+m4_require([_LT_DECL_EGREP])dnl
+
+AC_ARG_WITH([gnu-ld],
+ [AS_HELP_STRING([--with-gnu-ld],
+ [assume the C compiler uses GNU ld @<:@default=no@:>@])],
+ [test "$withval" = no || with_gnu_ld=yes],
+ [with_gnu_ld=no])dnl
+
+ac_prog=ld
+if test "$GCC" = yes; then
+ # Check if gcc -print-prog-name=ld gives a path.
+ AC_MSG_CHECKING([for ld used by $CC])
+ case $host in
+ *-*-mingw*)
+ # gcc leaves a trailing carriage return which upsets mingw
+ ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
+ *)
+ ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
+ esac
+ case $ac_prog in
+ # Accept absolute paths.
+ [[\\/]]* | ?:[[\\/]]*)
+ re_direlt='/[[^/]][[^/]]*/\.\./'
+ # Canonicalize the pathname of ld
+ ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'`
+ while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
+ ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
+ done
+ test -z "$LD" && LD="$ac_prog"
+ ;;
+ "")
+ # If it fails, then pretend we aren't using GCC.
+ ac_prog=ld
+ ;;
+ *)
+ # If it is relative, then search for the first ld in PATH.
+ with_gnu_ld=unknown
+ ;;
+ esac
+elif test "$with_gnu_ld" = yes; then
+ AC_MSG_CHECKING([for GNU ld])
+else
+ AC_MSG_CHECKING([for non-GNU ld])
+fi
+AC_CACHE_VAL(lt_cv_path_LD,
+[if test -z "$LD"; then
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+ lt_cv_path_LD="$ac_dir/$ac_prog"
+ # Check to see if the program is GNU ld. I'd rather use --version,
+ # but apparently some variants of GNU ld only accept -v.
+ # Break only if it was the GNU/non-GNU ld that we prefer.
+ case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
+ *GNU* | *'with BFD'*)
+ test "$with_gnu_ld" != no && break
+ ;;
+ *)
+ test "$with_gnu_ld" != yes && break
+ ;;
+ esac
+ fi
+ done
+ IFS="$lt_save_ifs"
+else
+ lt_cv_path_LD="$LD" # Let the user override the test with a path.
+fi])
+LD="$lt_cv_path_LD"
+if test -n "$LD"; then
+ AC_MSG_RESULT($LD)
+else
+ AC_MSG_RESULT(no)
+fi
+test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH])
+_LT_PATH_LD_GNU
+AC_SUBST([LD])
+
+_LT_TAGDECL([], [LD], [1], [The linker used to build libraries])
+])# LT_PATH_LD
+
+# Old names:
+AU_ALIAS([AM_PROG_LD], [LT_PATH_LD])
+AU_ALIAS([AC_PROG_LD], [LT_PATH_LD])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AM_PROG_LD], [])
+dnl AC_DEFUN([AC_PROG_LD], [])
+
+
+# _LT_PATH_LD_GNU
+#- --------------
+m4_defun([_LT_PATH_LD_GNU],
+[AC_CACHE_CHECK([if the linker ($LD) is GNU ld], lt_cv_prog_gnu_ld,
+[# I'd rather use --version here, but apparently some GNU lds only accept -v.
+case `$LD -v 2>&1 </dev/null` in
+*GNU* | *'with BFD'*)
+ lt_cv_prog_gnu_ld=yes
+ ;;
+*)
+ lt_cv_prog_gnu_ld=no
+ ;;
+esac])
+with_gnu_ld=$lt_cv_prog_gnu_ld
+])# _LT_PATH_LD_GNU
+
+
+# _LT_CMD_RELOAD
+# --------------
+# find reload flag for linker
+# -- PORTME Some linkers may need a different reload flag.
+m4_defun([_LT_CMD_RELOAD],
+[AC_CACHE_CHECK([for $LD option to reload object files],
+ lt_cv_ld_reload_flag,
+ [lt_cv_ld_reload_flag='-r'])
+reload_flag=$lt_cv_ld_reload_flag
+case $reload_flag in
+"" | " "*) ;;
+*) reload_flag=" $reload_flag" ;;
+esac
+reload_cmds='$LD$reload_flag -o $output$reload_objs'
+case $host_os in
+ darwin*)
+ if test "$GCC" = yes; then
+ reload_cmds='$LTCC $LTCFLAGS -nostdlib ${wl}-r -o $output$reload_objs'
+ else
+ reload_cmds='$LD$reload_flag -o $output$reload_objs'
+ fi
+ ;;
+esac
+_LT_DECL([], [reload_flag], [1], [How to create reloadable object files])dnl
+_LT_DECL([], [reload_cmds], [2])dnl
+])# _LT_CMD_RELOAD
+
+
+# _LT_CHECK_MAGIC_METHOD
+# ----------------------
+# how to check for library dependencies
+# -- PORTME fill in with the dynamic library characteristics
+m4_defun([_LT_CHECK_MAGIC_METHOD],
+[m4_require([_LT_DECL_EGREP])
+m4_require([_LT_DECL_OBJDUMP])
+AC_CACHE_CHECK([how to recognize dependent libraries],
+lt_cv_deplibs_check_method,
+[lt_cv_file_magic_cmd='$MAGIC_CMD'
+lt_cv_file_magic_test_file=
+lt_cv_deplibs_check_method='unknown'
+# Need to set the preceding variable on all platforms that support
+# interlibrary dependencies.
+# 'none' -- dependencies not supported.
+# `unknown' -- same as none, but documents that we really don't know.
+# 'pass_all' -- all dependencies passed with no checks.
+# 'test_compile' -- check by making test program.
+# 'file_magic [[regex]]' -- check by looking for files in library path
+# which responds to the $file_magic_cmd with a given extended regex.
+# If you have `file' or equivalent on your system and you're not sure
+# whether `pass_all' will *always* work, you probably want this one.
+
+case $host_os in
+aix[[4-9]]*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+beos*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+bsdi[[45]]*)
+ lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib)'
+ lt_cv_file_magic_cmd='/usr/bin/file -L'
+ lt_cv_file_magic_test_file=/shlib/libc.so
+ ;;
+
+cygwin*)
+ # func_win32_libid is a shell function defined in ltmain.sh
+ lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
+ lt_cv_file_magic_cmd='func_win32_libid'
+ ;;
+
+mingw* | pw32*)
+ # Base MSYS/MinGW do not provide the 'file' command needed by
+ # func_win32_libid shell function, so use a weaker test based on 'objdump',
+ # unless we find 'file', for example because we are cross-compiling.
+ if ( file / ) >/dev/null 2>&1; then
+ lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
+ lt_cv_file_magic_cmd='func_win32_libid'
+ else
+ lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?'
+ lt_cv_file_magic_cmd='$OBJDUMP -f'
+ fi
+ ;;
+
+cegcc)
+ # use the weaker test based on 'objdump'. See mingw*.
+ lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?'
+ lt_cv_file_magic_cmd='$OBJDUMP -f'
+ ;;
+
+darwin* | rhapsody*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+freebsd* | dragonfly*)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
+ case $host_cpu in
+ i*86 )
+ # Not sure whether the presence of OpenBSD here was a mistake.
+ # Let's accept both of them until this is cleared up.
+ lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[[3-9]]86 (compact )?demand paged shared library'
+ lt_cv_file_magic_cmd=/usr/bin/file
+ lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
+ ;;
+ esac
+ else
+ lt_cv_deplibs_check_method=pass_all
+ fi
+ ;;
+
+gnu*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+hpux10.20* | hpux11*)
+ lt_cv_file_magic_cmd=/usr/bin/file
+ case $host_cpu in
+ ia64*)
+ lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|ELF-[[0-9]][[0-9]]) shared object file - IA64'
+ lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
+ ;;
+ hppa*64*)
+ [lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]']
+ lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
+ ;;
+ *)
+ lt_cv_deplibs_check_method='file_magic (s[[0-9]][[0-9]][[0-9]]|PA-RISC[[0-9]].[[0-9]]) shared library'
+ lt_cv_file_magic_test_file=/usr/lib/libc.sl
+ ;;
+ esac
+ ;;
+
+interix[[3-9]]*)
+ # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
+ lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|\.a)$'
+ ;;
+
+irix5* | irix6* | nonstopux*)
+ case $LD in
+ *-32|*"-32 ") libmagic=32-bit;;
+ *-n32|*"-n32 ") libmagic=N32;;
+ *-64|*"-64 ") libmagic=64-bit;;
+ *) libmagic=never-match;;
+ esac
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+# This must be Linux ELF.
+linux* | k*bsd*-gnu | kopensolaris*-gnu)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+netbsd* | netbsdelf*-gnu)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
+ lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
+ else
+ lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so|_pic\.a)$'
+ fi
+ ;;
+
+newos6*)
+ lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (executable|dynamic lib)'
+ lt_cv_file_magic_cmd=/usr/bin/file
+ lt_cv_file_magic_test_file=/usr/lib/libnls.so
+ ;;
+
+*nto* | *qnx*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+openbsd*)
+ if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|\.so|_pic\.a)$'
+ else
+ lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
+ fi
+ ;;
+
+osf3* | osf4* | osf5*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+rdos*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+solaris*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+
+sysv4 | sysv4.3*)
+ case $host_vendor in
+ motorola)
+ lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[ML]]SB (shared object|dynamic lib) M[[0-9]][[0-9]]* Version [[0-9]]'
+ lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
+ ;;
+ ncr)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ sequent)
+ lt_cv_file_magic_cmd='/bin/file'
+ lt_cv_deplibs_check_method='file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB (shared object|dynamic lib )'
+ ;;
+ sni)
+ lt_cv_file_magic_cmd='/bin/file'
+ lt_cv_deplibs_check_method="file_magic ELF [[0-9]][[0-9]]*-bit [[LM]]SB dynamic lib"
+ lt_cv_file_magic_test_file=/lib/libc.so
+ ;;
+ siemens)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ pc)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+ esac
+ ;;
+
+tpf*)
+ lt_cv_deplibs_check_method=pass_all
+ ;;
+esac
+])
+file_magic_cmd=$lt_cv_file_magic_cmd
+deplibs_check_method=$lt_cv_deplibs_check_method
+test -z "$deplibs_check_method" && deplibs_check_method=unknown
+
+_LT_DECL([], [deplibs_check_method], [1],
+ [Method to check whether dependent libraries are shared objects])
+_LT_DECL([], [file_magic_cmd], [1],
+ [Command to use when deplibs_check_method == "file_magic"])
+])# _LT_CHECK_MAGIC_METHOD
+
+
+# LT_PATH_NM
+# ----------
+# find the pathname to a BSD- or MS-compatible name lister
+AC_DEFUN([LT_PATH_NM],
+[AC_REQUIRE([AC_PROG_CC])dnl
+AC_CACHE_CHECK([for BSD- or MS-compatible name lister (nm)], lt_cv_path_NM,
+[if test -n "$NM"; then
+ # Let the user override the test.
+ lt_cv_path_NM="$NM"
+else
+ lt_nm_to_check="${ac_tool_prefix}nm"
+ if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
+ lt_nm_to_check="$lt_nm_to_check nm"
+ fi
+ for lt_tmp_nm in $lt_nm_to_check; do
+ lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+ for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
+ IFS="$lt_save_ifs"
+ test -z "$ac_dir" && ac_dir=.
+ tmp_nm="$ac_dir/$lt_tmp_nm"
+ if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then
+ # Check to see if the nm accepts a BSD-compat flag.
+ # Adding the `sed 1q' prevents false positives on HP-UX, which says:
+ # nm: unknown option "B" ignored
+ # Tru64's nm complains that /dev/null is an invalid object file
+ case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in
+ */dev/null* | *'Invalid file or object type'*)
+ lt_cv_path_NM="$tmp_nm -B"
+ break
+ ;;
+ *)
+ case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
+ */dev/null*)
+ lt_cv_path_NM="$tmp_nm -p"
+ break
+ ;;
+ *)
+ lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
+ continue # so that we can try to find one that supports BSD flags
+ ;;
+ esac
+ ;;
+ esac
+ fi
+ done
+ IFS="$lt_save_ifs"
+ done
+ : ${lt_cv_path_NM=no}
+fi])
+if test "$lt_cv_path_NM" != "no"; then
+ NM="$lt_cv_path_NM"
+else
+ # Didn't find any BSD compatible name lister, look for dumpbin.
+ AC_CHECK_TOOLS(DUMPBIN, ["dumpbin -symbols" "link -dump -symbols"], :)
+ AC_SUBST([DUMPBIN])
+ if test "$DUMPBIN" != ":"; then
+ NM="$DUMPBIN"
+ fi
+fi
+test -z "$NM" && NM=nm
+AC_SUBST([NM])
+_LT_DECL([], [NM], [1], [A BSD- or MS-compatible name lister])dnl
+
+AC_CACHE_CHECK([the name lister ($NM) interface], [lt_cv_nm_interface],
+ [lt_cv_nm_interface="BSD nm"
+ echo "int some_variable = 0;" > conftest.$ac_ext
+ (eval echo "\"\$as_me:__oline__: $ac_compile\"" >&AS_MESSAGE_LOG_FD)
+ (eval "$ac_compile" 2>conftest.err)
+ cat conftest.err >&AS_MESSAGE_LOG_FD
+ (eval echo "\"\$as_me:__oline__: $NM \\\"conftest.$ac_objext\\\"\"" >&AS_MESSAGE_LOG_FD)
+ (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
+ cat conftest.err >&AS_MESSAGE_LOG_FD
+ (eval echo "\"\$as_me:__oline__: output\"" >&AS_MESSAGE_LOG_FD)
+ cat conftest.out >&AS_MESSAGE_LOG_FD
+ if $GREP 'External.*some_variable' conftest.out > /dev/null; then
+ lt_cv_nm_interface="MS dumpbin"
+ fi
+ rm -f conftest*])
+])# LT_PATH_NM
+
+# Old names:
+AU_ALIAS([AM_PROG_NM], [LT_PATH_NM])
+AU_ALIAS([AC_PROG_NM], [LT_PATH_NM])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AM_PROG_NM], [])
+dnl AC_DEFUN([AC_PROG_NM], [])
+
+
+# LT_LIB_M
+# --------
+# check for math library
+AC_DEFUN([LT_LIB_M],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+LIBM=
+case $host in
+*-*-beos* | *-*-cygwin* | *-*-pw32* | *-*-darwin*)
+ # These system don't have libm, or don't need it
+ ;;
+*-ncr-sysv4.3*)
+ AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM="-lmw")
+ AC_CHECK_LIB(m, cos, LIBM="$LIBM -lm")
+ ;;
+*)
+ AC_CHECK_LIB(m, cos, LIBM="-lm")
+ ;;
+esac
+AC_SUBST([LIBM])
+])# LT_LIB_M
+
+# Old name:
+AU_ALIAS([AC_CHECK_LIBM], [LT_LIB_M])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_CHECK_LIBM], [])
+
+
+# _LT_COMPILER_NO_RTTI([TAGNAME])
+# -------------------------------
+m4_defun([_LT_COMPILER_NO_RTTI],
+[m4_require([_LT_TAG_COMPILER])dnl
+
+_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
+
+if test "$GCC" = yes; then
+ _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
+
+ _LT_COMPILER_OPTION([if $compiler supports -fno-rtti -fno-exceptions],
+ lt_cv_prog_compiler_rtti_exceptions,
+ [-fno-rtti -fno-exceptions], [],
+ [_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)="$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1) -fno-rtti -fno-exceptions"])
+fi
+_LT_TAGDECL([no_builtin_flag], [lt_prog_compiler_no_builtin_flag], [1],
+ [Compiler flag to turn off builtin functions])
+])# _LT_COMPILER_NO_RTTI
+
+
+# _LT_CMD_GLOBAL_SYMBOLS
+# ----------------------
+m4_defun([_LT_CMD_GLOBAL_SYMBOLS],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+AC_REQUIRE([AC_PROG_CC])dnl
+AC_REQUIRE([LT_PATH_NM])dnl
+AC_REQUIRE([LT_PATH_LD])dnl
+m4_require([_LT_DECL_SED])dnl
+m4_require([_LT_DECL_EGREP])dnl
+m4_require([_LT_TAG_COMPILER])dnl
+
+# Check for command to grab the raw symbol name followed by C symbol from nm.
+AC_MSG_CHECKING([command to parse $NM output from $compiler object])
+AC_CACHE_VAL([lt_cv_sys_global_symbol_pipe],
+[
+# These are sane defaults that work on at least a few old systems.
+# [They come from Ultrix. What could be older than Ultrix?!! ;)]
+
+# Character class describing NM global symbol codes.
+symcode='[[BCDEGRST]]'
+
+# Regexp to match symbols that can be accessed directly from C.
+sympat='\([[_A-Za-z]][[_A-Za-z0-9]]*\)'
+
+# Define system-specific variables.
+case $host_os in
+aix*)
+ symcode='[[BCDT]]'
+ ;;
+cygwin* | mingw* | pw32* | cegcc*)
+ symcode='[[ABCDGISTW]]'
+ ;;
+hpux*)
+ if test "$host_cpu" = ia64; then
+ symcode='[[ABCDEGRST]]'
+ fi
+ ;;
+irix* | nonstopux*)
+ symcode='[[BCDEGRST]]'
+ ;;
+osf*)
+ symcode='[[BCDEGQRST]]'
+ ;;
+solaris*)
+ symcode='[[BDRT]]'
+ ;;
+sco3.2v5*)
+ symcode='[[DT]]'
+ ;;
+sysv4.2uw2*)
+ symcode='[[DT]]'
+ ;;
+sysv5* | sco5v6* | unixware* | OpenUNIX*)
+ symcode='[[ABDT]]'
+ ;;
+sysv4)
+ symcode='[[DFNSTU]]'
+ ;;
+esac
+
+# If we're using GNU nm, then use its standard symbol codes.
+case `$NM -V 2>&1` in
+*GNU* | *'with BFD'*)
+ symcode='[[ABCDGIRSTW]]' ;;
+esac
+
+# Transform an extracted symbol line into a proper C declaration.
+# Some systems (esp. on ia64) link data and code symbols differently,
+# so use this general approach.
+lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
+
+# Transform an extracted symbol line into symbol name and symbol address
+lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"\2\", (void *) \&\2},/p'"
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([[^ ]]*\) $/ {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([[^ ]]*\) \(lib[[^ ]]*\)$/ {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([[^ ]]*\) \([[^ ]]*\)$/ {\"lib\2\", (void *) \&\2},/p'"
+
+# Handle CRLF in mingw tool chain
+opt_cr=
+case $build_os in
+mingw*)
+ opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp
+ ;;
+esac
+
+# Try without a prefix underscore, then with it.
+for ac_symprfx in "" "_"; do
+
+ # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
+ symxfrm="\\1 $ac_symprfx\\2 \\2"
+
+ # Write the raw and C identifiers.
+ if test "$lt_cv_nm_interface" = "MS dumpbin"; then
+ # Fake it for dumpbin and say T for any non-static function
+ # and D for any global variable.
+ # Also find C++ and __fastcall symbols from MSVC++,
+ # which start with @ or ?.
+ lt_cv_sys_global_symbol_pipe="$AWK ['"\
+" {last_section=section; section=\$ 3};"\
+" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
+" \$ 0!~/External *\|/{next};"\
+" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
+" {if(hide[section]) next};"\
+" {f=0}; \$ 0~/\(\).*\|/{f=1}; {printf f ? \"T \" : \"D \"};"\
+" {split(\$ 0, a, /\||\r/); split(a[2], s)};"\
+" s[1]~/^[@?]/{print s[1], s[1]; next};"\
+" s[1]~prfx {split(s[1],t,\"@\"); print t[1], substr(t[1],length(prfx))}"\
+" ' prfx=^$ac_symprfx]"
+ else
+ lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[[ ]]\($symcode$symcode*\)[[ ]][[ ]]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
+ fi
+
+ # Check to see that the pipe works correctly.
+ pipe_works=no
+
+ rm -f conftest*
+ cat > conftest.$ac_ext <<_LT_EOF
+#ifdef __cplusplus
+extern "C" {
+#endif
+char nm_test_var;
+void nm_test_func(void);
+void nm_test_func(void){}
+#ifdef __cplusplus
+}
+#endif
+int main(){nm_test_var='a';nm_test_func();return(0);}
+_LT_EOF
+
+ if AC_TRY_EVAL(ac_compile); then
+ # Now try to grab the symbols.
+ nlist=conftest.nm
+ if AC_TRY_EVAL(NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) && test -s "$nlist"; then
+ # Try sorting and uniquifying the output.
+ if sort "$nlist" | uniq > "$nlist"T; then
+ mv -f "$nlist"T "$nlist"
+ else
+ rm -f "$nlist"T
+ fi
+
+ # Make sure that we snagged all the symbols we need.
+ if $GREP ' nm_test_var$' "$nlist" >/dev/null; then
+ if $GREP ' nm_test_func$' "$nlist" >/dev/null; then
+ cat <<_LT_EOF > conftest.$ac_ext
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+_LT_EOF
+ # Now generate the symbol file.
+ eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext'
+
+ cat <<_LT_EOF >> conftest.$ac_ext
+
+/* The mapping between symbol names and symbols. */
+const struct {
+ const char *name;
+ void *address;
+}
+lt__PROGRAM__LTX_preloaded_symbols[[]] =
+{
+ { "@PROGRAM@", (void *) 0 },
+_LT_EOF
+ $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/ {\"\2\", (void *) \&\2},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext
+ cat <<\_LT_EOF >> conftest.$ac_ext
+ {0, (void *) 0}
+};
+
+/* This works around a problem in FreeBSD linker */
+#ifdef FREEBSD_WORKAROUND
+static const void *lt_preloaded_setup() {
+ return lt__PROGRAM__LTX_preloaded_symbols;
+}
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+_LT_EOF
+ # Now try linking the two files.
+ mv conftest.$ac_objext conftstm.$ac_objext
+ lt_save_LIBS="$LIBS"
+ lt_save_CFLAGS="$CFLAGS"
+ LIBS="conftstm.$ac_objext"
+ CFLAGS="$CFLAGS$_LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)"
+ if AC_TRY_EVAL(ac_link) && test -s conftest${ac_exeext}; then
+ pipe_works=yes
+ fi
+ LIBS="$lt_save_LIBS"
+ CFLAGS="$lt_save_CFLAGS"
+ else
+ echo "cannot find nm_test_func in $nlist" >&AS_MESSAGE_LOG_FD
+ fi
+ else
+ echo "cannot find nm_test_var in $nlist" >&AS_MESSAGE_LOG_FD
+ fi
+ else
+ echo "cannot run $lt_cv_sys_global_symbol_pipe" >&AS_MESSAGE_LOG_FD
+ fi
+ else
+ echo "$progname: failed program was:" >&AS_MESSAGE_LOG_FD
+ cat conftest.$ac_ext >&5
+ fi
+ rm -rf conftest* conftst*
+
+ # Do not use the global_symbol_pipe unless it works.
+ if test "$pipe_works" = yes; then
+ break
+ else
+ lt_cv_sys_global_symbol_pipe=
+ fi
+done
+])
+if test -z "$lt_cv_sys_global_symbol_pipe"; then
+ lt_cv_sys_global_symbol_to_cdecl=
+fi
+if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
+ AC_MSG_RESULT(failed)
+else
+ AC_MSG_RESULT(ok)
+fi
+
+_LT_DECL([global_symbol_pipe], [lt_cv_sys_global_symbol_pipe], [1],
+ [Take the output of nm and produce a listing of raw symbols and C names])
+_LT_DECL([global_symbol_to_cdecl], [lt_cv_sys_global_symbol_to_cdecl], [1],
+ [Transform the output of nm in a proper C declaration])
+_LT_DECL([global_symbol_to_c_name_address],
+ [lt_cv_sys_global_symbol_to_c_name_address], [1],
+ [Transform the output of nm in a C name address pair])
+_LT_DECL([global_symbol_to_c_name_address_lib_prefix],
+ [lt_cv_sys_global_symbol_to_c_name_address_lib_prefix], [1],
+ [Transform the output of nm in a C name address pair when lib prefix is needed])
+]) # _LT_CMD_GLOBAL_SYMBOLS
+
+
+# _LT_COMPILER_PIC([TAGNAME])
+# ---------------------------
+m4_defun([_LT_COMPILER_PIC],
+[m4_require([_LT_TAG_COMPILER])dnl
+_LT_TAGVAR(lt_prog_compiler_wl, $1)=
+_LT_TAGVAR(lt_prog_compiler_pic, $1)=
+_LT_TAGVAR(lt_prog_compiler_static, $1)=
+
+AC_MSG_CHECKING([for $compiler option to produce PIC])
+m4_if([$1], [CXX], [
+ # C++ specific cases for pic, static, wl, etc.
+ if test "$GXX" = yes; then
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+
+ case $host_os in
+ aix*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ fi
+ ;;
+
+ amigaos*)
+ case $host_cpu in
+ powerpc)
+ # see comment about AmigaOS4 .so support
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ m68k)
+ # FIXME: we need at least 68020 code to build shared libraries, but
+ # adding the `-m68020' flag to GCC prevents building anything better,
+ # like `-m68040'.
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
+ ;;
+ esac
+ ;;
+
+ beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+ # PIC is the default for these OSes.
+ ;;
+ mingw* | cygwin* | os2* | pw32* | cegcc*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ # Although the cygwin gcc ignores -fPIC, still need this for old-style
+ # (--disable-auto-import) libraries
+ m4_if([$1], [GCJ], [],
+ [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
+ ;;
+ darwin* | rhapsody*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
+ ;;
+ *djgpp*)
+ # DJGPP does not support shared libraries at all
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)=
+ ;;
+ interix[[3-9]]*)
+ # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+ # Instead, we relocate shared libraries at runtime.
+ ;;
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
+ fi
+ ;;
+ hpux*)
+ # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
+ # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag
+ # sets the default TLS model and affects inlining.
+ case $host_cpu in
+ hppa*64*)
+ ;;
+ *)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ esac
+ ;;
+ *qnx* | *nto*)
+ # QNX uses GNU C++, but need to define -shared option too, otherwise
+ # it will coredump.
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
+ ;;
+ *)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ esac
+ else
+ case $host_os in
+ aix[[4-9]]*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ else
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
+ fi
+ ;;
+ chorus*)
+ case $cc_basename in
+ cxch68*)
+ # Green Hills C++ Compiler
+ # _LT_TAGVAR(lt_prog_compiler_static, $1)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a"
+ ;;
+ esac
+ ;;
+ dgux*)
+ case $cc_basename in
+ ec++*)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ ;;
+ ghcx*)
+ # Green Hills C++ Compiler
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ freebsd* | dragonfly*)
+ # FreeBSD uses GNU C++
+ ;;
+ hpux9* | hpux10* | hpux11*)
+ case $cc_basename in
+ CC*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive'
+ if test "$host_cpu" != ia64; then
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
+ fi
+ ;;
+ aCC*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive'
+ case $host_cpu in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
+ ;;
+ esac
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ interix*)
+ # This is c89, which is MS Visual C++ (no shared libs)
+ # Anyone wants to do a port?
+ ;;
+ irix5* | irix6* | nonstopux*)
+ case $cc_basename in
+ CC*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ # CC pic flag -KPIC is the default.
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ linux* | k*bsd*-gnu | kopensolaris*-gnu)
+ case $cc_basename in
+ KCC*)
+ # KAI C++ Compiler
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ ecpc* )
+ # old Intel C++ for x86_64 which still supported -KPIC.
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+ ;;
+ icpc* )
+ # Intel C++, used to be incompatible with GCC.
+ # ICC 10 doesn't accept -KPIC any more.
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+ ;;
+ pgCC* | pgcpp*)
+ # Portland Group C++ compiler
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+ cxx*)
+ # Compaq C++
+ # Make sure the PIC flag is empty. It appears that all Alpha
+ # Linux and Compaq Tru64 Unix objects are PIC.
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)=
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ ;;
+ xlc* | xlC*)
+ # IBM XL 8.0 on PPC
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
+ ;;
+ *)
+ case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ C*)
+ # Sun C++ 5.9
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
+ ;;
+ esac
+ ;;
+ esac
+ ;;
+ lynxos*)
+ ;;
+ m88k*)
+ ;;
+ mvs*)
+ case $cc_basename in
+ cxx*)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-W c,exportall'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ netbsd* | netbsdelf*-gnu)
+ ;;
+ *qnx* | *nto*)
+ # QNX uses GNU C++, but need to define -shared option too, otherwise
+ # it will coredump.
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
+ ;;
+ osf3* | osf4* | osf5*)
+ case $cc_basename in
+ KCC*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='--backend -Wl,'
+ ;;
+ RCC*)
+ # Rational C++ 2.4.1
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+ ;;
+ cxx*)
+ # Digital/Compaq C++
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ # Make sure the PIC flag is empty. It appears that all Alpha
+ # Linux and Compaq Tru64 Unix objects are PIC.
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)=
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ psos*)
+ ;;
+ solaris*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.2, 5.x and Centerline C++
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
+ ;;
+ gcx*)
+ # Green Hills C++ Compiler
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ sunos4*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.x
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+ lcc*)
+ # Lucid
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+ case $cc_basename in
+ CC*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+ esac
+ ;;
+ tandem*)
+ case $cc_basename in
+ NCC*)
+ # NonStop-UX NCC 3.20
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ ;;
+ *)
+ ;;
+ esac
+ ;;
+ vxworks*)
+ ;;
+ *)
+ _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+ ;;
+ esac
+ fi
+],
+[
+ if test "$GCC" = yes; then
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+
+ case $host_os in
+ aix*)
+ # All AIX code is PIC.
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ fi
+ ;;
+
+ amigaos*)
+ case $host_cpu in
+ powerpc)
+ # see comment about AmigaOS4 .so support
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ m68k)
+ # FIXME: we need at least 68020 code to build shared libraries, but
+ # adding the `-m68020' flag to GCC prevents building anything better,
+ # like `-m68040'.
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-m68020 -resident32 -malways-restore-a4'
+ ;;
+ esac
+ ;;
+
+ beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+ # PIC is the default for these OSes.
+ ;;
+
+ mingw* | cygwin* | pw32* | os2* | cegcc*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ # Although the cygwin gcc ignores -fPIC, still need this for old-style
+ # (--disable-auto-import) libraries
+ m4_if([$1], [GCJ], [],
+ [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
+ ;;
+
+ darwin* | rhapsody*)
+ # PIC is the default on this platform
+ # Common symbols not allowed in MH_DYLIB files
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fno-common'
+ ;;
+
+ hpux*)
+ # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
+ # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag
+ # sets the default TLS model and affects inlining.
+ case $host_cpu in
+ hppa*64*)
+ # +Z the default
+ ;;
+ *)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ esac
+ ;;
+
+ interix[[3-9]]*)
+ # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+ # Instead, we relocate shared libraries at runtime.
+ ;;
+
+ msdosdjgpp*)
+ # Just because we use GCC doesn't mean we suddenly get shared libraries
+ # on systems that don't support them.
+ _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+ enable_shared=no
+ ;;
+
+ *nto* | *qnx*)
+ # QNX uses GNU C++, but need to define -shared option too, otherwise
+ # it will coredump.
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)=-Kconform_pic
+ fi
+ ;;
+
+ *)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ ;;
+ esac
+ else
+ # PORTME Check for flag to pass linker flags through the system compiler.
+ case $host_os in
+ aix*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ if test "$host_cpu" = ia64; then
+ # AIX 5 now supports IA64 processor
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ else
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-bnso -bI:/lib/syscalls.exp'
+ fi
+ ;;
+
+ mingw* | cygwin* | pw32* | os2* | cegcc*)
+ # This hack is so that the source file can tell whether it is being
+ # built for inclusion in a dll (and should export symbols for example).
+ m4_if([$1], [GCJ], [],
+ [_LT_TAGVAR(lt_prog_compiler_pic, $1)='-DDLL_EXPORT'])
+ ;;
+
+ hpux9* | hpux10* | hpux11*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+ # not for PA HP-UX.
+ case $host_cpu in
+ hppa*64*|ia64*)
+ # +Z the default
+ ;;
+ *)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='+Z'
+ ;;
+ esac
+ # Is there a better lt_prog_compiler_static that works with the bundled CC?
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='${wl}-a ${wl}archive'
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ # PIC (with -KPIC) is the default.
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ ;;
+
+ linux* | k*bsd*-gnu | kopensolaris*-gnu)
+ case $cc_basename in
+ # old Intel for x86_64 which still supported -KPIC.
+ ecc*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+ ;;
+ # icc used to be incompatible with GCC.
+ # ICC 10 doesn't accept -KPIC any more.
+ icc* | ifort*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-static'
+ ;;
+ # Lahey Fortran 8.1.
+ lf95*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='--shared'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='--static'
+ ;;
+ pgcc* | pgf77* | pgf90* | pgf95*)
+ # Portland Group compilers (*not* the Pentium gcc compiler,
+ # which looks to be a dead project)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fpic'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+ ccc*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ # All Alpha code is PIC.
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ ;;
+ xl*)
+ # IBM XL C 8.0/Fortran 10.1 on PPC
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-qpic'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-qstaticlink'
+ ;;
+ *)
+ case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ C*)
+ # Sun C 5.9
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ ;;
+ *Sun\ F*)
+ # Sun Fortran 8.3 passes all unrecognized flags to the linker
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)=''
+ ;;
+ esac
+ ;;
+ esac
+ ;;
+
+ newsos6)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+
+ *nto* | *qnx*)
+ # QNX uses GNU C++, but need to define -shared option too, otherwise
+ # it will coredump.
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-fPIC -shared'
+ ;;
+
+ osf3* | osf4* | osf5*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ # All OSF/1 code is PIC.
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ ;;
+
+ rdos*)
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-non_shared'
+ ;;
+
+ solaris*)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ case $cc_basename in
+ f77* | f90* | f95*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld ';;
+ *)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,';;
+ esac
+ ;;
+
+ sunos4*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Qoption ld '
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-PIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+
+ sysv4 | sysv4.2uw2* | sysv4.3*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec ;then
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-Kconform_pic'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ fi
+ ;;
+
+ sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-KPIC'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+
+ unicos*)
+ _LT_TAGVAR(lt_prog_compiler_wl, $1)='-Wl,'
+ _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+ ;;
+
+ uts4*)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)='-pic'
+ _LT_TAGVAR(lt_prog_compiler_static, $1)='-Bstatic'
+ ;;
+
+ *)
+ _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no
+ ;;
+ esac
+ fi
+])
+case $host_os in
+ # For platforms which do not support PIC, -DPIC is meaningless:
+ *djgpp*)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)=
+ ;;
+ *)
+ _LT_TAGVAR(lt_prog_compiler_pic, $1)="$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])"
+ ;;
+esac
+AC_MSG_RESULT([$_LT_TAGVAR(lt_prog_compiler_pic, $1)])
+_LT_TAGDECL([wl], [lt_prog_compiler_wl], [1],
+ [How to pass a linker flag through the compiler])
+
+#
+# Check to make sure the PIC flag actually works.
+#
+if test -n "$_LT_TAGVAR(lt_prog_compiler_pic, $1)"; then
+ _LT_COMPILER_OPTION([if $compiler PIC flag $_LT_TAGVAR(lt_prog_compiler_pic, $1) works],
+ [_LT_TAGVAR(lt_cv_prog_compiler_pic_works, $1)],
+ [$_LT_TAGVAR(lt_prog_compiler_pic, $1)@&t@m4_if([$1],[],[ -DPIC],[m4_if([$1],[CXX],[ -DPIC],[])])], [],
+ [case $_LT_TAGVAR(lt_prog_compiler_pic, $1) in
+ "" | " "*) ;;
+ *) _LT_TAGVAR(lt_prog_compiler_pic, $1)=" $_LT_TAGVAR(lt_prog_compiler_pic, $1)" ;;
+ esac],
+ [_LT_TAGVAR(lt_prog_compiler_pic, $1)=
+ _LT_TAGVAR(lt_prog_compiler_can_build_shared, $1)=no])
+fi
+_LT_TAGDECL([pic_flag], [lt_prog_compiler_pic], [1],
+ [Additional compiler flags for building library objects])
+
+#
+# Check to make sure the static flag actually works.
+#
+wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1) eval lt_tmp_static_flag=\"$_LT_TAGVAR(lt_prog_compiler_static, $1)\"
+_LT_LINKER_OPTION([if $compiler static flag $lt_tmp_static_flag works],
+ _LT_TAGVAR(lt_cv_prog_compiler_static_works, $1),
+ $lt_tmp_static_flag,
+ [],
+ [_LT_TAGVAR(lt_prog_compiler_static, $1)=])
+_LT_TAGDECL([link_static_flag], [lt_prog_compiler_static], [1],
+ [Compiler flag to prevent dynamic linking])
+])# _LT_COMPILER_PIC
+
+
+# _LT_LINKER_SHLIBS([TAGNAME])
+# ----------------------------
+# See if the linker supports building shared libraries.
+m4_defun([_LT_LINKER_SHLIBS],
+[AC_REQUIRE([LT_PATH_LD])dnl
+AC_REQUIRE([LT_PATH_NM])dnl
+m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_DECL_EGREP])dnl
+m4_require([_LT_DECL_SED])dnl
+m4_require([_LT_CMD_GLOBAL_SYMBOLS])dnl
+m4_require([_LT_TAG_COMPILER])dnl
+AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
+m4_if([$1], [CXX], [
+ _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ case $host_os in
+ aix[[4-9]]*)
+ # If we're using GNU nm, then we don't want the "-C" option.
+ # -C means demangle to AIX nm, but means don't demangle with GNU nm
+ if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
+ _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+ else
+ _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+ fi
+ ;;
+ pw32*)
+ _LT_TAGVAR(export_symbols_cmds, $1)="$ltdll_cmds"
+ ;;
+ cygwin* | mingw* | cegcc*)
+ _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/;/^.*[[ ]]__nm__/s/^.*[[ ]]__nm__\([[^ ]]*\)[[ ]][[^ ]]*/\1 DATA/;/^I[[ ]]/d;/^[[AITW]][[ ]]/s/.* //'\'' | sort | uniq > $export_symbols'
+ ;;
+ linux* | k*bsd*-gnu)
+ _LT_TAGVAR(link_all_deplibs, $1)=no
+ ;;
+ *)
+ _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ ;;
+ esac
+ _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*']
+], [
+ runpath_var=
+ _LT_TAGVAR(allow_undefined_flag, $1)=
+ _LT_TAGVAR(always_export_symbols, $1)=no
+ _LT_TAGVAR(archive_cmds, $1)=
+ _LT_TAGVAR(archive_expsym_cmds, $1)=
+ _LT_TAGVAR(compiler_needs_object, $1)=no
+ _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)=
+ _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+ _LT_TAGVAR(hardcode_automatic, $1)=no
+ _LT_TAGVAR(hardcode_direct, $1)=no
+ _LT_TAGVAR(hardcode_direct_absolute, $1)=no
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
+ _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=
+ _LT_TAGVAR(hardcode_minus_L, $1)=no
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
+ _LT_TAGVAR(inherit_rpath, $1)=no
+ _LT_TAGVAR(link_all_deplibs, $1)=unknown
+ _LT_TAGVAR(module_cmds, $1)=
+ _LT_TAGVAR(module_expsym_cmds, $1)=
+ _LT_TAGVAR(old_archive_from_new_cmds, $1)=
+ _LT_TAGVAR(old_archive_from_expsyms_cmds, $1)=
+ _LT_TAGVAR(thread_safe_flag_spec, $1)=
+ _LT_TAGVAR(whole_archive_flag_spec, $1)=
+ # include_expsyms should be a list of space-separated symbols to be *always*
+ # included in the symbol list
+ _LT_TAGVAR(include_expsyms, $1)=
+ # exclude_expsyms can be an extended regexp of symbols to exclude
+ # it will be wrapped by ` (' and `)$', so one must not match beginning or
+ # end of line. Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
+ # as well as any symbol that contains `d'.
+ _LT_TAGVAR(exclude_expsyms, $1)=['_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*']
+ # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
+ # platforms (ab)use it in PIC code, but their linkers get confused if
+ # the symbol is explicitly referenced. Since portable code cannot
+ # rely on this symbol name, it's probably fine to never include it in
+ # preloaded symbol tables.
+ # Exclude shared library initialization/finalization symbols.
+dnl Note also adjust exclude_expsyms for C++ above.
+ extract_expsyms_cmds=
+
+ case $host_os in
+ cygwin* | mingw* | pw32* | cegcc*)
+ # FIXME: the MSVC++ port hasn't been tested in a loooong time
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ if test "$GCC" != yes; then
+ with_gnu_ld=no
+ fi
+ ;;
+ interix*)
+ # we just hope/assume this is gcc and not c89 (= MSVC++)
+ with_gnu_ld=yes
+ ;;
+ openbsd*)
+ with_gnu_ld=no
+ ;;
+ linux* | k*bsd*-gnu)
+ _LT_TAGVAR(link_all_deplibs, $1)=no
+ ;;
+ esac
+
+ _LT_TAGVAR(ld_shlibs, $1)=yes
+ if test "$with_gnu_ld" = yes; then
+ # If archive_cmds runs LD, not CC, wlarc should be empty
+ wlarc='${wl}'
+
+ # Set some defaults for GNU ld with shared library support. These
+ # are reset later if shared libraries are not supported. Putting them
+ # here allows them to be overridden if necessary.
+ runpath_var=LD_RUN_PATH
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+ # ancient GNU ld didn't support --whole-archive et. al.
+ if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
+ _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ else
+ _LT_TAGVAR(whole_archive_flag_spec, $1)=
+ fi
+ supports_anon_versioning=no
+ case `$LD -v 2>&1` in
+ *GNU\ gold*) supports_anon_versioning=yes ;;
+ *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.10.*) ;; # catch versions < 2.11
+ *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
+ *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
+ *\ 2.11.*) ;; # other 2.11 versions
+ *) supports_anon_versioning=yes ;;
+ esac
+
+ # See if GNU ld supports shared libraries.
+ case $host_os in
+ aix[[3-9]]*)
+ # On AIX/PPC, the GNU linker is very broken
+ if test "$host_cpu" != ia64; then
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ cat <<_LT_EOF 1>&2
+
+*** Warning: the GNU linker, at least up to release 2.9.1, is reported
+*** to be unable to reliably create shared libraries on AIX.
+*** Therefore, libtool is disabling shared libraries support. If you
+*** really care for shared libraries, you may want to modify your PATH
+*** so that a non-GNU linker is found, and then restart.
+
+_LT_EOF
+ fi
+ ;;
+
+ amigaos*)
+ case $host_cpu in
+ powerpc)
+ # see comment about AmigaOS4 .so support
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)=''
+ ;;
+ m68k)
+ _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes
+ ;;
+ esac
+ ;;
+
+ beos*)
+ if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+ # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
+ # support --undefined. This deserves some investigation. FIXME
+ _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ else
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+
+ cygwin* | mingw* | pw32* | cegcc*)
+ # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
+ # as there is no search path for DLLs.
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+ _LT_TAGVAR(always_export_symbols, $1)=no
+ _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+ _LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[[BCDGRS]][[ ]]/s/.*[[ ]]\([[^ ]]*\)/\1 DATA/'\'' | $SED -e '\''/^[[AITW]][[ ]]/s/.*[[ ]]//'\'' | sort | uniq > $export_symbols'
+
+ if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ # If the export-symbols file already is a .def file (1st line
+ # is EXPORTS), use it as is; otherwise, prepend...
+ _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+ cp $export_symbols $output_objdir/$soname.def;
+ else
+ echo EXPORTS > $output_objdir/$soname.def;
+ cat $export_symbols >> $output_objdir/$soname.def;
+ fi~
+ $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ else
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+
+ interix[[3-9]]*)
+ _LT_TAGVAR(hardcode_direct, $1)=no
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
+ # Instead, shared libraries are loaded at an image base (0x10000000 by
+ # default) and relocated if they conflict, which is a slow very memory
+ # consuming and fragmenting process. To avoid this, we pick a random,
+ # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
+ # time. Moving up from 0x10000000 also allows more sbrk(2) space.
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ ;;
+
+ gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu)
+ tmp_diet=no
+ if test "$host_os" = linux-dietlibc; then
+ case $cc_basename in
+ diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn)
+ esac
+ fi
+ if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \
+ && test "$tmp_diet" = no
+ then
+ tmp_addflag=
+ tmp_sharedflag='-shared'
+ case $cc_basename,$host_cpu in
+ pgcc*) # Portland Group C compiler
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ tmp_addflag=' $pic_flag'
+ ;;
+ pgf77* | pgf90* | pgf95*) # Portland Group f77 and f90 compilers
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ tmp_addflag=' $pic_flag -Mnomain' ;;
+ ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64
+ tmp_addflag=' -i_dynamic' ;;
+ efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64
+ tmp_addflag=' -i_dynamic -nofor_main' ;;
+ ifc* | ifort*) # Intel Fortran compiler
+ tmp_addflag=' -nofor_main' ;;
+ lf95*) # Lahey Fortran 8.1
+ _LT_TAGVAR(whole_archive_flag_spec, $1)=
+ tmp_sharedflag='--shared' ;;
+ xl[[cC]]*) # IBM XL C 8.0 on PPC (deal with xlf below)
+ tmp_sharedflag='-qmkshrobj'
+ tmp_addflag= ;;
+ esac
+ case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ C*) # Sun C 5.9
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ _LT_TAGVAR(compiler_needs_object, $1)=yes
+ tmp_sharedflag='-G' ;;
+ *Sun\ F*) # Sun Fortran 8.3
+ tmp_sharedflag='-G' ;;
+ esac
+ _LT_TAGVAR(archive_cmds, $1)='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+
+ if test "x$supports_anon_versioning" = xyes; then
+ _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ echo "local: *; };" >> $output_objdir/$libname.ver~
+ $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
+ fi
+
+ case $cc_basename in
+ xlf*)
+ # IBM XL Fortran 10.1 on PPC cannot create shared libs itself
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='--whole-archive$convenience --no-whole-archive'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
+ _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='-rpath $libdir'
+ _LT_TAGVAR(archive_cmds, $1)='$LD -shared $libobjs $deplibs $compiler_flags -soname $soname -o $lib'
+ if test "x$supports_anon_versioning" = xyes; then
+ _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ echo "local: *; };" >> $output_objdir/$libname.ver~
+ $LD -shared $libobjs $deplibs $compiler_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
+ fi
+ ;;
+ esac
+ else
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+
+ netbsd* | netbsdelf*-gnu)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+ _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
+ wlarc=
+ else
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ fi
+ ;;
+
+ solaris*)
+ if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ cat <<_LT_EOF 1>&2
+
+*** Warning: The releases 2.8.* of the GNU linker cannot reliably
+*** create shared libraries on Solaris systems. Therefore, libtool
+*** is disabling shared libraries support. We urge you to upgrade GNU
+*** binutils to release 2.9.1 or newer. Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+_LT_EOF
+ elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+
+ sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
+ case `$LD -v 2>&1` in
+ *\ [[01]].* | *\ 2.[[0-9]].* | *\ 2.1[[0-5]].*)
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ cat <<_LT_EOF 1>&2
+
+*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not
+*** reliably create shared libraries on SCO systems. Therefore, libtool
+*** is disabling shared libraries support. We urge you to upgrade GNU
+*** binutils to release 2.16.91.0.3 or newer. Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+_LT_EOF
+ ;;
+ *)
+ # For security reasons, it is highly recommended that you always
+ # use absolute paths for naming shared libraries, and exclude the
+ # DT_RUNPATH tag from executables and libraries. But doing so
+ # requires that you compile everything twice, which is a pain.
+ if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ esac
+ ;;
+
+ sunos4*)
+ _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ wlarc=
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ *)
+ if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ else
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ esac
+
+ if test "$_LT_TAGVAR(ld_shlibs, $1)" = no; then
+ runpath_var=
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)=
+ _LT_TAGVAR(whole_archive_flag_spec, $1)=
+ fi
+ else
+ # PORTME fill in a description of your system's linker (not GNU ld)
+ case $host_os in
+ aix3*)
+ _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+ _LT_TAGVAR(always_export_symbols, $1)=yes
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
+ # Note: this linker hardcodes the directories in LIBPATH if there
+ # are no directories specified by -L.
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes
+ if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then
+ # Neither direct hardcoding nor static linking is supported with a
+ # broken collect2.
+ _LT_TAGVAR(hardcode_direct, $1)=unsupported
+ fi
+ ;;
+
+ aix[[4-9]]*)
+ if test "$host_cpu" = ia64; then
+ # On IA64, the linker does run time linking by default, so we don't
+ # have to do anything special.
+ aix_use_runtimelinking=no
+ exp_sym_flag='-Bexport'
+ no_entry_flag=""
+ else
+ # If we're using GNU nm, then we don't want the "-C" option.
+ # -C means demangle to AIX nm, but means don't demangle with GNU nm
+ if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
+ _LT_TAGVAR(export_symbols_cmds, $1)='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+ else
+ _LT_TAGVAR(export_symbols_cmds, $1)='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && ([substr](\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+ fi
+ aix_use_runtimelinking=no
+
+ # Test if we are trying to use run time linking or normal
+ # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+ # need to do runtime linking.
+ case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*)
+ for ld_flag in $LDFLAGS; do
+ if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
+ aix_use_runtimelinking=yes
+ break
+ fi
+ done
+ ;;
+ esac
+
+ exp_sym_flag='-bexport'
+ no_entry_flag='-bnoentry'
+ fi
+
+ # When large executables or shared objects are built, AIX ld can
+ # have problems creating the table of contents. If linking a library
+ # or program results in "error TOC overflow" add -mminimal-toc to
+ # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
+ # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+ _LT_TAGVAR(archive_cmds, $1)=''
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
+ _LT_TAGVAR(link_all_deplibs, $1)=yes
+ _LT_TAGVAR(file_list_spec, $1)='${wl}-f,'
+
+ if test "$GCC" = yes; then
+ case $host_os in aix4.[[012]]|aix4.[[012]].*)
+ # We only want to do this on AIX 4.2 and lower, the check
+ # below for broken collect2 doesn't work under 4.3+
+ collect2name=`${CC} -print-prog-name=collect2`
+ if test -f "$collect2name" &&
+ strings "$collect2name" | $GREP resolve_lib_name >/dev/null
+ then
+ # We have reworked collect2
+ :
+ else
+ # We have old collect2
+ _LT_TAGVAR(hardcode_direct, $1)=unsupported
+ # It fails to find uninstalled libraries when the uninstalled
+ # path is not listed in the libpath. Setting hardcode_minus_L
+ # to unsupported forces relinking
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=
+ fi
+ ;;
+ esac
+ shared_flag='-shared'
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag="$shared_flag "'${wl}-G'
+ fi
+ _LT_TAGVAR(link_all_deplibs, $1)=no
+ else
+ # not using gcc
+ if test "$host_cpu" = ia64; then
+ # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+ # chokes on -Wl,-G. The following line is correct:
+ shared_flag='-G'
+ else
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag='${wl}-G'
+ else
+ shared_flag='${wl}-bM:SRE'
+ fi
+ fi
+ fi
+
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-bexpall'
+ # It seems that -bexpall does not export symbols beginning with
+ # underscore (_), so it is better to generate a list of symbols to export.
+ _LT_TAGVAR(always_export_symbols, $1)=yes
+ if test "$aix_use_runtimelinking" = yes; then
+ # Warning - without using the other runtime loading flags (-brtl),
+ # -berok will link without error, but may produce a broken library.
+ _LT_TAGVAR(allow_undefined_flag, $1)='-berok'
+ # Determine the default libpath from the value encoded in an
+ # empty executable.
+ _LT_SYS_MODULE_PATH_AIX
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+ else
+ if test "$host_cpu" = ia64; then
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib'
+ _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
+ _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
+ else
+ # Determine the default libpath from the value encoded in an
+ # empty executable.
+ _LT_SYS_MODULE_PATH_AIX
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
+ # Warning - without using the other run time loading flags,
+ # -berok will link without error, but may produce a broken library.
+ _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok'
+ _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok'
+ # Exported symbols can be pulled into shared objects from archives
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
+ # This is similar to how AIX traditionally builds its shared libraries.
+ _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+ fi
+ fi
+ ;;
+
+ amigaos*)
+ case $host_cpu in
+ powerpc)
+ # see comment about AmigaOS4 .so support
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)=''
+ ;;
+ m68k)
+ _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes
+ ;;
+ esac
+ ;;
+
+ bsdi[[45]]*)
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)=-rdynamic
+ ;;
+
+ cygwin* | mingw* | pw32* | cegcc*)
+ # When not using gcc, we currently assume that we are using
+ # Microsoft Visual C++.
+ # hardcode_libdir_flag_spec is actually meaningless, as there is
+ # no search path for DLLs.
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)=' '
+ _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+ # Tell ltmain to make .lib files, not .a files.
+ libext=lib
+ # Tell ltmain to make .dll files, not .so files.
+ shrext_cmds=".dll"
+ # FIXME: Setting linknames here is a bad hack.
+ _LT_TAGVAR(archive_cmds, $1)='$CC -o $lib $libobjs $compiler_flags `$ECHO "X$deplibs" | $Xsed -e '\''s/ -lc$//'\''` -link -dll~linknames='
+ # The linker will automatically build a .lib file if we build a DLL.
+ _LT_TAGVAR(old_archive_from_new_cmds, $1)='true'
+ # FIXME: Should let the user specify the lib program.
+ _LT_TAGVAR(old_archive_cmds, $1)='lib -OUT:$oldlib$oldobjs$old_deplibs'
+ _LT_TAGVAR(fix_srcfile_path, $1)='`cygpath -w "$srcfile"`'
+ _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+ ;;
+
+ darwin* | rhapsody*)
+ _LT_DARWIN_LINKER_FEATURES($1)
+ ;;
+
+ dgux*)
+ _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ freebsd1*)
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+
+ # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
+ # support. Future versions do this automatically, but an explicit c++rt0.o
+ # does not break anything, and helps significantly (at the cost of a little
+ # extra space).
+ freebsd2.2*)
+ _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ # Unfortunately, older versions of FreeBSD 2 do not have this feature.
+ freebsd2*)
+ _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
+ freebsd* | dragonfly*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ hpux9*)
+ if test "$GCC" = yes; then
+ _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ else
+ _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ fi
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ ;;
+
+ hpux10*)
+ if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ _LT_TAGVAR(archive_cmds, $1)='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
+ fi
+ if test "$with_gnu_ld" = no; then
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)='+b $libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes
+ fi
+ ;;
+
+ hpux11*)
+ if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+ case $host_cpu in
+ hppa*64*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ ia64*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ else
+ case $host_cpu in
+ hppa*64*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ ia64*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ fi
+ if test "$with_gnu_ld" = no; then
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ case $host_cpu in
+ hppa*64*|ia64*)
+ _LT_TAGVAR(hardcode_direct, $1)=no
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+ *)
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+
+ # hardcode_minus_L: Not really in the search PATH,
+ # but as the default location of the library.
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes
+ ;;
+ esac
+ fi
+ ;;
+
+ irix5* | irix6* | nonstopux*)
+ if test "$GCC" = yes; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ # Try to use the -exported_symbol ld option, if it does not
+ # work, assume that -exports_file does not work either and
+ # implicitly export all symbols.
+ save_LDFLAGS="$LDFLAGS"
+ LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null"
+ AC_LINK_IFELSE(int foo(void) {},
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib'
+ )
+ LDFLAGS="$save_LDFLAGS"
+ else
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib'
+ fi
+ _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_TAGVAR(inherit_rpath, $1)=yes
+ _LT_TAGVAR(link_all_deplibs, $1)=yes
+ ;;
+
+ netbsd* | netbsdelf*-gnu)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+ _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
+ else
+ _LT_TAGVAR(archive_cmds, $1)='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF
+ fi
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ newsos6)
+ _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ *nto* | *qnx*)
+ ;;
+
+ openbsd*)
+ if test -f /usr/libexec/ld.so; then
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
+ if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ else
+ case $host_os in
+ openbsd[[01]].* | openbsd2.[[0-7]] | openbsd2.[[0-7]].*)
+ _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ ;;
+ *)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ ;;
+ esac
+ fi
+ else
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+
+ os2*)
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+ _LT_TAGVAR(archive_cmds, $1)='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$ECHO DATA >> $output_objdir/$libname.def~$ECHO " SINGLE NONSHARED" >> $output_objdir/$libname.def~$ECHO EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
+ _LT_TAGVAR(old_archive_from_new_cmds, $1)='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
+ ;;
+
+ osf3*)
+ if test "$GCC" = yes; then
+ _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ fi
+ _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+ ;;
+
+ osf4* | osf5*) # as osf3* with the addition of -msym flag
+ if test "$GCC" = yes; then
+ _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ else
+ _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~
+ $CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp'
+
+ # Both c and cxx compiler support -rpath directly
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
+ fi
+ _LT_TAGVAR(archive_cmds_need_lc, $1)='no'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+ ;;
+
+ solaris*)
+ _LT_TAGVAR(no_undefined_flag, $1)=' -z defs'
+ if test "$GCC" = yes; then
+ wlarc='${wl}'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $CC -shared ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
+ else
+ case `$CC -V 2>&1` in
+ *"Compilers 5.0"*)
+ wlarc=''
+ _LT_TAGVAR(archive_cmds, $1)='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp'
+ ;;
+ *)
+ wlarc='${wl}'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $CC -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
+ ;;
+ esac
+ fi
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ case $host_os in
+ solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
+ *)
+ # The compiler driver will combine and reorder linker options,
+ # but understands `-z linker_flag'. GCC discards it without `$wl',
+ # but is careful enough not to reorder.
+ # Supported since Solaris 2.6 (maybe 2.5.1?)
+ if test "$GCC" = yes; then
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract'
+ else
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract'
+ fi
+ ;;
+ esac
+ _LT_TAGVAR(link_all_deplibs, $1)=yes
+ ;;
+
+ sunos4*)
+ if test "x$host_vendor" = xsequent; then
+ # Use $CC to link under sequent, because it throws in some extra .o
+ # files that make .init and .fini sections work.
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ _LT_TAGVAR(archive_cmds, $1)='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
+ fi
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ sysv4)
+ case $host_vendor in
+ sni)
+ _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_TAGVAR(hardcode_direct, $1)=yes # is this really true???
+ ;;
+ siemens)
+ ## LD is ld it makes a PLAMLIB
+ ## CC just makes a GrossModule.
+ _LT_TAGVAR(archive_cmds, $1)='$LD -G -o $lib $libobjs $deplibs $linker_flags'
+ _LT_TAGVAR(reload_cmds, $1)='$CC -r -o $output$reload_objs'
+ _LT_TAGVAR(hardcode_direct, $1)=no
+ ;;
+ motorola)
+ _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_TAGVAR(hardcode_direct, $1)=no #Motorola manual says yes, but my tests say they lie
+ ;;
+ esac
+ runpath_var='LD_RUN_PATH'
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ sysv4.3*)
+ _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='-Bexport'
+ ;;
+
+ sysv4*MP*)
+ if test -d /usr/nec; then
+ _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ runpath_var=LD_RUN_PATH
+ hardcode_runpath_var=yes
+ _LT_TAGVAR(ld_shlibs, $1)=yes
+ fi
+ ;;
+
+ sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*)
+ _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text'
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ runpath_var='LD_RUN_PATH'
+
+ if test "$GCC" = yes; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ fi
+ ;;
+
+ sysv5* | sco3.2v5* | sco5v6*)
+ # Note: We can NOT use -z defs as we might desire, because we do not
+ # link with -lc, and that would cause any symbols used from libc to
+ # always be unresolved, which means just about no library would
+ # ever link correctly. If we're not using GNU ld we use -z text
+ # though, which does catch some bad symbols but isn't as heavy-handed
+ # as -z defs.
+ _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text'
+ _LT_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs'
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R,$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
+ _LT_TAGVAR(link_all_deplibs, $1)=yes
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport'
+ runpath_var='LD_RUN_PATH'
+
+ if test "$GCC" = yes; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ else
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ fi
+ ;;
+
+ uts4*)
+ _LT_TAGVAR(archive_cmds, $1)='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+
+ *)
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+
+ if test x$host_vendor = xsni; then
+ case $host in
+ sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Blargedynsym'
+ ;;
+ esac
+ fi
+ fi
+])
+AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)])
+test "$_LT_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no
+
+_LT_TAGVAR(with_gnu_ld, $1)=$with_gnu_ld
+
+_LT_DECL([], [libext], [0], [Old archive suffix (normally "a")])dnl
+_LT_DECL([], [shrext_cmds], [1], [Shared library suffix (normally ".so")])dnl
+_LT_DECL([], [extract_expsyms_cmds], [2],
+ [The commands to extract the exported symbol list from a shared archive])
+
+#
+# Do we need to explicitly link libc?
+#
+case "x$_LT_TAGVAR(archive_cmds_need_lc, $1)" in
+x|xyes)
+ # Assume -lc should be added
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
+
+ if test "$enable_shared" = yes && test "$GCC" = yes; then
+ case $_LT_TAGVAR(archive_cmds, $1) in
+ *'~'*)
+ # FIXME: we may have to deal with multi-command sequences.
+ ;;
+ '$CC '*)
+ # Test whether the compiler implicitly links with -lc since on some
+ # systems, -lgcc has to come before -lc. If gcc already passes -lc
+ # to ld, don't add -lc before -lgcc.
+ AC_MSG_CHECKING([whether -lc should be explicitly linked in])
+ $RM conftest*
+ echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+ if AC_TRY_EVAL(ac_compile) 2>conftest.err; then
+ soname=conftest
+ lib=conftest
+ libobjs=conftest.$ac_objext
+ deplibs=
+ wl=$_LT_TAGVAR(lt_prog_compiler_wl, $1)
+ pic_flag=$_LT_TAGVAR(lt_prog_compiler_pic, $1)
+ compiler_flags=-v
+ linker_flags=-v
+ verstring=
+ output_objdir=.
+ libname=conftest
+ lt_save_allow_undefined_flag=$_LT_TAGVAR(allow_undefined_flag, $1)
+ _LT_TAGVAR(allow_undefined_flag, $1)=
+ if AC_TRY_EVAL(_LT_TAGVAR(archive_cmds, $1) 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1)
+ then
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+ else
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
+ fi
+ _LT_TAGVAR(allow_undefined_flag, $1)=$lt_save_allow_undefined_flag
+ else
+ cat conftest.err 1>&5
+ fi
+ $RM conftest*
+ AC_MSG_RESULT([$_LT_TAGVAR(archive_cmds_need_lc, $1)])
+ ;;
+ esac
+ fi
+ ;;
+esac
+
+_LT_TAGDECL([build_libtool_need_lc], [archive_cmds_need_lc], [0],
+ [Whether or not to add -lc for building shared libraries])
+_LT_TAGDECL([allow_libtool_libs_with_static_runtimes],
+ [enable_shared_with_static_runtimes], [0],
+ [Whether or not to disallow shared libs when runtime libs are static])
+_LT_TAGDECL([], [export_dynamic_flag_spec], [1],
+ [Compiler flag to allow reflexive dlopens])
+_LT_TAGDECL([], [whole_archive_flag_spec], [1],
+ [Compiler flag to generate shared objects directly from archives])
+_LT_TAGDECL([], [compiler_needs_object], [1],
+ [Whether the compiler copes with passing no objects directly])
+_LT_TAGDECL([], [old_archive_from_new_cmds], [2],
+ [Create an old-style archive from a shared archive])
+_LT_TAGDECL([], [old_archive_from_expsyms_cmds], [2],
+ [Create a temporary old-style archive to link instead of a shared archive])
+_LT_TAGDECL([], [archive_cmds], [2], [Commands used to build a shared archive])
+_LT_TAGDECL([], [archive_expsym_cmds], [2])
+_LT_TAGDECL([], [module_cmds], [2],
+ [Commands used to build a loadable module if different from building
+ a shared archive.])
+_LT_TAGDECL([], [module_expsym_cmds], [2])
+_LT_TAGDECL([], [with_gnu_ld], [1],
+ [Whether we are building with GNU ld or not])
+_LT_TAGDECL([], [allow_undefined_flag], [1],
+ [Flag that allows shared libraries with undefined symbols to be built])
+_LT_TAGDECL([], [no_undefined_flag], [1],
+ [Flag that enforces no undefined symbols])
+_LT_TAGDECL([], [hardcode_libdir_flag_spec], [1],
+ [Flag to hardcode $libdir into a binary during linking.
+ This must work even if $libdir does not exist])
+_LT_TAGDECL([], [hardcode_libdir_flag_spec_ld], [1],
+ [[If ld is used when linking, flag to hardcode $libdir into a binary
+ during linking. This must work even if $libdir does not exist]])
+_LT_TAGDECL([], [hardcode_libdir_separator], [1],
+ [Whether we need a single "-rpath" flag with a separated argument])
+_LT_TAGDECL([], [hardcode_direct], [0],
+ [Set to "yes" if using DIR/libNAME${shared_ext} during linking hardcodes
+ DIR into the resulting binary])
+_LT_TAGDECL([], [hardcode_direct_absolute], [0],
+ [Set to "yes" if using DIR/libNAME${shared_ext} during linking hardcodes
+ DIR into the resulting binary and the resulting library dependency is
+ "absolute", i.e impossible to change by setting ${shlibpath_var} if the
+ library is relocated])
+_LT_TAGDECL([], [hardcode_minus_L], [0],
+ [Set to "yes" if using the -LDIR flag during linking hardcodes DIR
+ into the resulting binary])
+_LT_TAGDECL([], [hardcode_shlibpath_var], [0],
+ [Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR
+ into the resulting binary])
+_LT_TAGDECL([], [hardcode_automatic], [0],
+ [Set to "yes" if building a shared library automatically hardcodes DIR
+ into the library and all subsequent libraries and executables linked
+ against it])
+_LT_TAGDECL([], [inherit_rpath], [0],
+ [Set to yes if linker adds runtime paths of dependent libraries
+ to runtime path list])
+_LT_TAGDECL([], [link_all_deplibs], [0],
+ [Whether libtool must link a program against all its dependency libraries])
+_LT_TAGDECL([], [fix_srcfile_path], [1],
+ [Fix the shell variable $srcfile for the compiler])
+_LT_TAGDECL([], [always_export_symbols], [0],
+ [Set to "yes" if exported symbols are required])
+_LT_TAGDECL([], [export_symbols_cmds], [2],
+ [The commands to list exported symbols])
+_LT_TAGDECL([], [exclude_expsyms], [1],
+ [Symbols that should not be listed in the preloaded symbols])
+_LT_TAGDECL([], [include_expsyms], [1],
+ [Symbols that must always be exported])
+_LT_TAGDECL([], [prelink_cmds], [2],
+ [Commands necessary for linking programs (against libraries) with templates])
+_LT_TAGDECL([], [file_list_spec], [1],
+ [Specify filename containing input files])
+dnl FIXME: Not yet implemented
+dnl _LT_TAGDECL([], [thread_safe_flag_spec], [1],
+dnl [Compiler flag to generate thread safe objects])
+])# _LT_LINKER_SHLIBS
+
+
+# _LT_LANG_C_CONFIG([TAG])
+# ------------------------
+# Ensure that the configuration variables for a C compiler are suitably
+# defined. These variables are subsequently used by _LT_CONFIG to write
+# the compiler configuration to `libtool'.
+m4_defun([_LT_LANG_C_CONFIG],
+[m4_require([_LT_DECL_EGREP])dnl
+lt_save_CC="$CC"
+AC_LANG_PUSH(C)
+
+# Source file extension for C test sources.
+ac_ext=c
+
+# Object file extension for compiled C test sources.
+objext=o
+_LT_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="int some_variable = 0;"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='int main(){return(0);}'
+
+_LT_TAG_COMPILER
+# Save the default compiler, since it gets overwritten when the other
+# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP.
+compiler_DEFAULT=$CC
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+## CAVEAT EMPTOR:
+## There is no encapsulation within the following macros, do not change
+## the running order or otherwise move them around unless you know exactly
+## what you are doing...
+if test -n "$compiler"; then
+ _LT_COMPILER_NO_RTTI($1)
+ _LT_COMPILER_PIC($1)
+ _LT_COMPILER_C_O($1)
+ _LT_COMPILER_FILE_LOCKS($1)
+ _LT_LINKER_SHLIBS($1)
+ _LT_SYS_DYNAMIC_LINKER($1)
+ _LT_LINKER_HARDCODE_LIBPATH($1)
+ LT_SYS_DLOPEN_SELF
+ _LT_CMD_STRIPLIB
+
+ # Report which library types will actually be built
+ AC_MSG_CHECKING([if libtool supports shared libraries])
+ AC_MSG_RESULT([$can_build_shared])
+
+ AC_MSG_CHECKING([whether to build shared libraries])
+ test "$can_build_shared" = "no" && enable_shared=no
+
+ # On AIX, shared libraries and static libraries use the same namespace, and
+ # are all built from PIC.
+ case $host_os in
+ aix3*)
+ test "$enable_shared" = yes && enable_static=no
+ if test -n "$RANLIB"; then
+ archive_cmds="$archive_cmds~\$RANLIB \$lib"
+ postinstall_cmds='$RANLIB $lib'
+ fi
+ ;;
+
+ aix[[4-9]]*)
+ if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
+ test "$enable_shared" = yes && enable_static=no
+ fi
+ ;;
+ esac
+ AC_MSG_RESULT([$enable_shared])
+
+ AC_MSG_CHECKING([whether to build static libraries])
+ # Make sure either enable_shared or enable_static is yes.
+ test "$enable_shared" = yes || enable_static=yes
+ AC_MSG_RESULT([$enable_static])
+
+ _LT_CONFIG($1)
+fi
+AC_LANG_POP
+CC="$lt_save_CC"
+])# _LT_LANG_C_CONFIG
+
+
+# _LT_PROG_CXX
+# ------------
+# Since AC_PROG_CXX is broken, in that it returns g++ if there is no c++
+# compiler, we have our own version here.
+m4_defun([_LT_PROG_CXX],
+[
+pushdef([AC_MSG_ERROR], [_lt_caught_CXX_error=yes])
+AC_PROG_CXX
+if test -n "$CXX" && ( test "X$CXX" != "Xno" &&
+ ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) ||
+ (test "X$CXX" != "Xg++"))) ; then
+ AC_PROG_CXXCPP
+else
+ _lt_caught_CXX_error=yes
+fi
+popdef([AC_MSG_ERROR])
+])# _LT_PROG_CXX
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([_LT_PROG_CXX], [])
+
+
+# _LT_LANG_CXX_CONFIG([TAG])
+# --------------------------
+# Ensure that the configuration variables for a C++ compiler are suitably
+# defined. These variables are subsequently used by _LT_CONFIG to write
+# the compiler configuration to `libtool'.
+m4_defun([_LT_LANG_CXX_CONFIG],
+[AC_REQUIRE([_LT_PROG_CXX])dnl
+m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+m4_require([_LT_DECL_EGREP])dnl
+
+AC_LANG_PUSH(C++)
+_LT_TAGVAR(archive_cmds_need_lc, $1)=no
+_LT_TAGVAR(allow_undefined_flag, $1)=
+_LT_TAGVAR(always_export_symbols, $1)=no
+_LT_TAGVAR(archive_expsym_cmds, $1)=
+_LT_TAGVAR(compiler_needs_object, $1)=no
+_LT_TAGVAR(export_dynamic_flag_spec, $1)=
+_LT_TAGVAR(hardcode_direct, $1)=no
+_LT_TAGVAR(hardcode_direct_absolute, $1)=no
+_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
+_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
+_LT_TAGVAR(hardcode_libdir_separator, $1)=
+_LT_TAGVAR(hardcode_minus_L, $1)=no
+_LT_TAGVAR(hardcode_shlibpath_var, $1)=unsupported
+_LT_TAGVAR(hardcode_automatic, $1)=no
+_LT_TAGVAR(inherit_rpath, $1)=no
+_LT_TAGVAR(module_cmds, $1)=
+_LT_TAGVAR(module_expsym_cmds, $1)=
+_LT_TAGVAR(link_all_deplibs, $1)=unknown
+_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+_LT_TAGVAR(no_undefined_flag, $1)=
+_LT_TAGVAR(whole_archive_flag_spec, $1)=
+_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
+
+# Source file extension for C++ test sources.
+ac_ext=cpp
+
+# Object file extension for compiled C++ test sources.
+objext=o
+_LT_TAGVAR(objext, $1)=$objext
+
+# No sense in running all these tests if we already determined that
+# the CXX compiler isn't working. Some variables (like enable_shared)
+# are currently assumed to apply to all compilers on this platform,
+# and will be corrupted by setting them based on a non-working compiler.
+if test "$_lt_caught_CXX_error" != yes; then
+ # Code to be used in simple compile tests
+ lt_simple_compile_test_code="int some_variable = 0;"
+
+ # Code to be used in simple link tests
+ lt_simple_link_test_code='int main(int, char *[[]]) { return(0); }'
+
+ # ltmain only uses $CC for tagged configurations so make sure $CC is set.
+ _LT_TAG_COMPILER
+
+ # save warnings/boilerplate of simple test code
+ _LT_COMPILER_BOILERPLATE
+ _LT_LINKER_BOILERPLATE
+
+ # Allow CC to be a program name with arguments.
+ lt_save_CC=$CC
+ lt_save_LD=$LD
+ lt_save_GCC=$GCC
+ GCC=$GXX
+ lt_save_with_gnu_ld=$with_gnu_ld
+ lt_save_path_LD=$lt_cv_path_LD
+ if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then
+ lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx
+ else
+ $as_unset lt_cv_prog_gnu_ld
+ fi
+ if test -n "${lt_cv_path_LDCXX+set}"; then
+ lt_cv_path_LD=$lt_cv_path_LDCXX
+ else
+ $as_unset lt_cv_path_LD
+ fi
+ test -z "${LDCXX+set}" || LD=$LDCXX
+ CC=${CXX-"c++"}
+ compiler=$CC
+ _LT_TAGVAR(compiler, $1)=$CC
+ _LT_CC_BASENAME([$compiler])
+
+ if test -n "$compiler"; then
+ # We don't want -fno-exception when compiling C++ code, so set the
+ # no_builtin_flag separately
+ if test "$GXX" = yes; then
+ _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=' -fno-builtin'
+ else
+ _LT_TAGVAR(lt_prog_compiler_no_builtin_flag, $1)=
+ fi
+
+ if test "$GXX" = yes; then
+ # Set up default GNU C++ configuration
+
+ LT_PATH_LD
+
+ # Check if GNU C++ uses GNU ld as the underlying linker, since the
+ # archiving commands below assume that GNU ld is being used.
+ if test "$with_gnu_ld" = yes; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+
+ # If archive_cmds runs LD, not CC, wlarc should be empty
+ # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to
+ # investigate it a little bit more. (MM)
+ wlarc='${wl}'
+
+ # ancient GNU ld didn't support --whole-archive et. al.
+ if eval "`$CC -print-prog-name=ld` --help 2>&1" |
+ $GREP 'no-whole-archive' > /dev/null; then
+ _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ else
+ _LT_TAGVAR(whole_archive_flag_spec, $1)=
+ fi
+ else
+ with_gnu_ld=no
+ wlarc=
+
+ # A generic and very simple default shared library creation
+ # command for GNU C++ for the case where it uses the native
+ # linker, instead of GNU ld. If possible, this setting should
+ # overridden to take advantage of the native linker features on
+ # the platform it is being used on.
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
+ fi
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
+
+ else
+ GXX=no
+ with_gnu_ld=no
+ wlarc=
+ fi
+
+ # PORTME: fill in a description of your system's C++ link characteristics
+ AC_MSG_CHECKING([whether the $compiler linker ($LD) supports shared libraries])
+ _LT_TAGVAR(ld_shlibs, $1)=yes
+ case $host_os in
+ aix3*)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ aix[[4-9]]*)
+ if test "$host_cpu" = ia64; then
+ # On IA64, the linker does run time linking by default, so we don't
+ # have to do anything special.
+ aix_use_runtimelinking=no
+ exp_sym_flag='-Bexport'
+ no_entry_flag=""
+ else
+ aix_use_runtimelinking=no
+
+ # Test if we are trying to use run time linking or normal
+ # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+ # need to do runtime linking.
+ case $host_os in aix4.[[23]]|aix4.[[23]].*|aix[[5-9]]*)
+ for ld_flag in $LDFLAGS; do
+ case $ld_flag in
+ *-brtl*)
+ aix_use_runtimelinking=yes
+ break
+ ;;
+ esac
+ done
+ ;;
+ esac
+
+ exp_sym_flag='-bexport'
+ no_entry_flag='-bnoentry'
+ fi
+
+ # When large executables or shared objects are built, AIX ld can
+ # have problems creating the table of contents. If linking a library
+ # or program results in "error TOC overflow" add -mminimal-toc to
+ # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not
+ # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+ _LT_TAGVAR(archive_cmds, $1)=''
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
+ _LT_TAGVAR(link_all_deplibs, $1)=yes
+ _LT_TAGVAR(file_list_spec, $1)='${wl}-f,'
+
+ if test "$GXX" = yes; then
+ case $host_os in aix4.[[012]]|aix4.[[012]].*)
+ # We only want to do this on AIX 4.2 and lower, the check
+ # below for broken collect2 doesn't work under 4.3+
+ collect2name=`${CC} -print-prog-name=collect2`
+ if test -f "$collect2name" &&
+ strings "$collect2name" | $GREP resolve_lib_name >/dev/null
+ then
+ # We have reworked collect2
+ :
+ else
+ # We have old collect2
+ _LT_TAGVAR(hardcode_direct, $1)=unsupported
+ # It fails to find uninstalled libraries when the uninstalled
+ # path is not listed in the libpath. Setting hardcode_minus_L
+ # to unsupported forces relinking
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=
+ fi
+ esac
+ shared_flag='-shared'
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag="$shared_flag "'${wl}-G'
+ fi
+ else
+ # not using gcc
+ if test "$host_cpu" = ia64; then
+ # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+ # chokes on -Wl,-G. The following line is correct:
+ shared_flag='-G'
+ else
+ if test "$aix_use_runtimelinking" = yes; then
+ shared_flag='${wl}-G'
+ else
+ shared_flag='${wl}-bM:SRE'
+ fi
+ fi
+ fi
+
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-bexpall'
+ # It seems that -bexpall does not export symbols beginning with
+ # underscore (_), so it is better to generate a list of symbols to
+ # export.
+ _LT_TAGVAR(always_export_symbols, $1)=yes
+ if test "$aix_use_runtimelinking" = yes; then
+ # Warning - without using the other runtime loading flags (-brtl),
+ # -berok will link without error, but may produce a broken library.
+ _LT_TAGVAR(allow_undefined_flag, $1)='-berok'
+ # Determine the default libpath from the value encoded in an empty
+ # executable.
+ _LT_SYS_MODULE_PATH_AIX
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
+
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+ else
+ if test "$host_cpu" = ia64; then
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $libdir:/usr/lib:/lib'
+ _LT_TAGVAR(allow_undefined_flag, $1)="-z nodefs"
+ _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
+ else
+ # Determine the default libpath from the value encoded in an
+ # empty executable.
+ _LT_SYS_MODULE_PATH_AIX
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-blibpath:$libdir:'"$aix_libpath"
+ # Warning - without using the other run time loading flags,
+ # -berok will link without error, but may produce a broken library.
+ _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-bernotok'
+ _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-berok'
+ # Exported symbols can be pulled into shared objects from archives
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='$convenience'
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=yes
+ # This is similar to how AIX traditionally builds its shared
+ # libraries.
+ _LT_TAGVAR(archive_expsym_cmds, $1)="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+ fi
+ fi
+ ;;
+
+ beos*)
+ if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+ _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+ # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
+ # support --undefined. This deserves some investigation. FIXME
+ _LT_TAGVAR(archive_cmds, $1)='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ else
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+
+ chorus*)
+ case $cc_basename in
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ ;;
+
+ cygwin* | mingw* | pw32* | cegcc*)
+ # _LT_TAGVAR(hardcode_libdir_flag_spec, $1) is actually meaningless,
+ # as there is no search path for DLLs.
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-L$libdir'
+ _LT_TAGVAR(allow_undefined_flag, $1)=unsupported
+ _LT_TAGVAR(always_export_symbols, $1)=no
+ _LT_TAGVAR(enable_shared_with_static_runtimes, $1)=yes
+
+ if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ # If the export-symbols file already is a .def file (1st line
+ # is EXPORTS), use it as is; otherwise, prepend...
+ _LT_TAGVAR(archive_expsym_cmds, $1)='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+ cp $export_symbols $output_objdir/$soname.def;
+ else
+ echo EXPORTS > $output_objdir/$soname.def;
+ cat $export_symbols >> $output_objdir/$soname.def;
+ fi~
+ $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+ else
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ darwin* | rhapsody*)
+ _LT_DARWIN_LINKER_FEATURES($1)
+ ;;
+
+ dgux*)
+ case $cc_basename in
+ ec++*)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ ghcx*)
+ # Green Hills C++ Compiler
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ ;;
+
+ freebsd[[12]]*)
+ # C++ shared libraries reported to be fairly broken before
+ # switch to ELF
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+
+ freebsd-elf*)
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+ ;;
+
+ freebsd* | dragonfly*)
+ # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
+ # conventions
+ _LT_TAGVAR(ld_shlibs, $1)=yes
+ ;;
+
+ gnu*)
+ ;;
+
+ hpux9*)
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
+ # but as the default
+ # location of the library.
+
+ case $cc_basename in
+ CC*)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ aCC*)
+ _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -b ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+ ;;
+ *)
+ if test "$GXX" = yes; then
+ _LT_TAGVAR(archive_cmds, $1)='$RM $output_objdir/$soname~$CC -shared -nostdlib -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+ else
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ esac
+ ;;
+
+ hpux10*|hpux11*)
+ if test $with_gnu_ld = no; then
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}+b ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ case $host_cpu in
+ hppa*64*|ia64*)
+ ;;
+ *)
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ ;;
+ esac
+ fi
+ case $host_cpu in
+ hppa*64*|ia64*)
+ _LT_TAGVAR(hardcode_direct, $1)=no
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ ;;
+ *)
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
+ _LT_TAGVAR(hardcode_minus_L, $1)=yes # Not in the search PATH,
+ # but as the default
+ # location of the library.
+ ;;
+ esac
+
+ case $cc_basename in
+ CC*)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ aCC*)
+ case $host_cpu in
+ hppa*64*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ ia64*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ *)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ esac
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+ ;;
+ *)
+ if test "$GXX" = yes; then
+ if test $with_gnu_ld = no; then
+ case $host_cpu in
+ hppa*64*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ ia64*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ *)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ ;;
+ esac
+ fi
+ else
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ esac
+ ;;
+
+ interix[[3-9]]*)
+ _LT_TAGVAR(hardcode_direct, $1)=no
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
+ # Instead, shared libraries are loaded at an image base (0x10000000 by
+ # default) and relocated if they conflict, which is a slow very memory
+ # consuming and fragmenting process. To avoid this, we pick a random,
+ # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
+ # time. Moving up from 0x10000000 also allows more sbrk(2) space.
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+ ;;
+ irix5* | irix6*)
+ case $cc_basename in
+ CC*)
+ # SGI C++
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+
+ # Archives containing C++ object files must be created using
+ # "CC -ar", where "CC" is the IRIX C++ compiler. This is
+ # necessary to make sure instantiated templates are included
+ # in the archive.
+ _LT_TAGVAR(old_archive_cmds, $1)='$CC -ar -WR,-u -o $oldlib $oldobjs'
+ ;;
+ *)
+ if test "$GXX" = yes; then
+ if test "$with_gnu_ld" = no; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ else
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` -o $lib'
+ fi
+ fi
+ _LT_TAGVAR(link_all_deplibs, $1)=yes
+ ;;
+ esac
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+ _LT_TAGVAR(inherit_rpath, $1)=yes
+ ;;
+
+ linux* | k*bsd*-gnu | kopensolaris*-gnu)
+ case $cc_basename in
+ KCC*)
+ # Kuck and Associates, Inc. (KAI) C++ Compiler
+
+ # KCC will only create a shared library if the output file
+ # ends with ".so" (or ".sl" for HP-UX), so rename the library
+ # to its proper name (with version) after linking.
+ _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib ${wl}-retain-symbols-file,$export_symbols; mv \$templib $lib'
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+
+ # Archives containing C++ object files must be created using
+ # "CC -Bstatic", where "CC" is the KAI C++ compiler.
+ _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs'
+ ;;
+ icpc* | ecpc* )
+ # Intel C++
+ with_gnu_ld=yes
+ # version 8.0 and above of icpc choke on multiply defined symbols
+ # if we add $predep_objects and $postdep_objects, however 7.1 and
+ # earlier do not add the objects themselves.
+ case `$CC -V 2>&1` in
+ *"Version 7."*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ ;;
+ *) # Version 8.0 or newer
+ tmp_idyn=
+ case $host_cpu in
+ ia64*) tmp_idyn=' -i_dynamic';;
+ esac
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+ ;;
+ esac
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive$convenience ${wl}--no-whole-archive'
+ ;;
+ pgCC* | pgcpp*)
+ # Portland Group C++ compiler
+ case `$CC -V` in
+ *pgCC\ [[1-5]]* | *pgcpp\ [[1-5]]*)
+ _LT_TAGVAR(prelink_cmds, $1)='tpldir=Template.dir~
+ rm -rf $tpldir~
+ $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~
+ compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"'
+ _LT_TAGVAR(old_archive_cmds, $1)='tpldir=Template.dir~
+ rm -rf $tpldir~
+ $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~
+ $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~
+ $RANLIB $oldlib'
+ _LT_TAGVAR(archive_cmds, $1)='tpldir=Template.dir~
+ rm -rf $tpldir~
+ $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='tpldir=Template.dir~
+ rm -rf $tpldir~
+ $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
+ $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
+ ;;
+ *) # Version 6 will use weak symbols
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
+ ;;
+ esac
+
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}--rpath ${wl}$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ ;;
+ cxx*)
+ # Compaq C++
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib ${wl}-retain-symbols-file $wl$export_symbols'
+
+ runpath_var=LD_RUN_PATH
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`$ECHO "X$templist" | $Xsed -e "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+ ;;
+ xl*)
+ # IBM XL 8.0 on PPC, with GNU ld
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}--export-dynamic'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+ if test "x$supports_anon_versioning" = xyes; then
+ _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $output_objdir/$libname.ver~
+ cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+ echo "local: *; };" >> $output_objdir/$libname.ver~
+ $CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
+ fi
+ ;;
+ *)
+ case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ C*)
+ # Sun C++ 5.9
+ _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file ${wl}$export_symbols'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+ _LT_TAGVAR(compiler_needs_object, $1)=yes
+
+ # Not sure whether something based on
+ # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1
+ # would be better.
+ output_verbose_link_cmd='echo'
+
+ # Archives containing C++ object files must be created using
+ # "CC -xar", where "CC" is the Sun C++ compiler. This is
+ # necessary to make sure instantiated templates are included
+ # in the archive.
+ _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs'
+ ;;
+ esac
+ ;;
+ esac
+ ;;
+
+ lynxos*)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+
+ m88k*)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+
+ mvs*)
+ case $cc_basename in
+ cxx*)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ ;;
+
+ netbsd*)
+ if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+ _LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags'
+ wlarc=
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ fi
+ # Workaround some broken pre-1.5 toolchains
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"'
+ ;;
+
+ *nto* | *qnx*)
+ _LT_TAGVAR(ld_shlibs, $1)=yes
+ ;;
+
+ openbsd2*)
+ # C++ shared libraries are fairly broken
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+
+ openbsd*)
+ if test -f /usr/libexec/ld.so; then
+ _LT_TAGVAR(hardcode_direct, $1)=yes
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ _LT_TAGVAR(hardcode_direct_absolute, $1)=yes
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib'
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-E'
+ _LT_TAGVAR(whole_archive_flag_spec, $1)="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+ fi
+ output_verbose_link_cmd=echo
+ else
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+
+ osf3* | osf4* | osf5*)
+ case $cc_basename in
+ KCC*)
+ # Kuck and Associates, Inc. (KAI) C++ Compiler
+
+ # KCC will only create a shared library if the output file
+ # ends with ".so" (or ".sl" for HP-UX), so rename the library
+ # to its proper name (with version) after linking.
+ _LT_TAGVAR(archive_cmds, $1)='tempext=`echo $shared_ext | $SED -e '\''s/\([[^()0-9A-Za-z{}]]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath,$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ # Archives containing C++ object files must be created using
+ # the KAI C++ compiler.
+ case $host in
+ osf3*) _LT_TAGVAR(old_archive_cmds, $1)='$CC -Bstatic -o $oldlib $oldobjs' ;;
+ *) _LT_TAGVAR(old_archive_cmds, $1)='$CC -o $oldlib $oldobjs' ;;
+ esac
+ ;;
+ RCC*)
+ # Rational C++ 2.4.1
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ cxx*)
+ case $host in
+ osf3*)
+ _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && $ECHO "X${wl}-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ ;;
+ *)
+ _LT_TAGVAR(allow_undefined_flag, $1)=' -expect_unresolved \*'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~
+ echo "-hidden">> $lib.exp~
+ $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname ${wl}-input ${wl}$lib.exp `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~
+ $RM $lib.exp'
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-rpath $libdir'
+ ;;
+ esac
+
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ #
+ # There doesn't appear to be a way to prevent this compiler from
+ # explicitly linking system object files so we need to strip them
+ # from the output so that they don't get included in the library
+ # dependencies.
+ output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`$ECHO "X$templist" | $Xsed -e "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+ ;;
+ *)
+ if test "$GXX" = yes && test "$with_gnu_ld" = no; then
+ _LT_TAGVAR(allow_undefined_flag, $1)=' ${wl}-expect_unresolved ${wl}\*'
+ case $host in
+ osf3*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ ;;
+ *)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+ ;;
+ esac
+
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-rpath ${wl}$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=:
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
+
+ else
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ fi
+ ;;
+ esac
+ ;;
+
+ psos*)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+
+ sunos4*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.x
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ lcc*)
+ # Lucid
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ ;;
+
+ solaris*)
+ case $cc_basename in
+ CC*)
+ # Sun C++ 4.2, 5.x and Centerline C++
+ _LT_TAGVAR(archive_cmds_need_lc,$1)=yes
+ _LT_TAGVAR(no_undefined_flag, $1)=' -zdefs'
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $CC -G${allow_undefined_flag} ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
+
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='-R$libdir'
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ case $host_os in
+ solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
+ *)
+ # The compiler driver will combine and reorder linker options,
+ # but understands `-z linker_flag'.
+ # Supported since Solaris 2.6 (maybe 2.5.1?)
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='-z allextract$convenience -z defaultextract'
+ ;;
+ esac
+ _LT_TAGVAR(link_all_deplibs, $1)=yes
+
+ output_verbose_link_cmd='echo'
+
+ # Archives containing C++ object files must be created using
+ # "CC -xar", where "CC" is the Sun C++ compiler. This is
+ # necessary to make sure instantiated templates are included
+ # in the archive.
+ _LT_TAGVAR(old_archive_cmds, $1)='$CC -xar -o $oldlib $oldobjs'
+ ;;
+ gcx*)
+ # Green Hills C++ Compiler
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+
+ # The C++ compiler must be used to create the archive.
+ _LT_TAGVAR(old_archive_cmds, $1)='$CC $LDFLAGS -archive -o $oldlib $oldobjs'
+ ;;
+ *)
+ # GNU C++ compiler with Solaris linker
+ if test "$GXX" = yes && test "$with_gnu_ld" = no; then
+ _LT_TAGVAR(no_undefined_flag, $1)=' ${wl}-z ${wl}defs'
+ if $CC --version | $GREP -v '^2\.7' > /dev/null; then
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $CC -shared -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
+ else
+ # g++ 2.7 appears to require `-G' NOT `-shared' on this
+ # platform.
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+ $CC -G -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
+
+ # Commands to make compiler produce verbose output that lists
+ # what "hidden" libraries, object files and flags are used when
+ # linking a shared library.
+ output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
+ fi
+
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R $wl$libdir'
+ case $host_os in
+ solaris2.[[0-5]] | solaris2.[[0-5]].*) ;;
+ *)
+ _LT_TAGVAR(whole_archive_flag_spec, $1)='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract'
+ ;;
+ esac
+ fi
+ ;;
+ esac
+ ;;
+
+ sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[[01]].[[10]]* | unixware7* | sco3.2v5.0.[[024]]*)
+ _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text'
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ runpath_var='LD_RUN_PATH'
+
+ case $cc_basename in
+ CC*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ ;;
+
+ sysv5* | sco3.2v5* | sco5v6*)
+ # Note: We can NOT use -z defs as we might desire, because we do not
+ # link with -lc, and that would cause any symbols used from libc to
+ # always be unresolved, which means just about no library would
+ # ever link correctly. If we're not using GNU ld we use -z text
+ # though, which does catch some bad symbols but isn't as heavy-handed
+ # as -z defs.
+ _LT_TAGVAR(no_undefined_flag, $1)='${wl}-z,text'
+ _LT_TAGVAR(allow_undefined_flag, $1)='${wl}-z,nodefs'
+ _LT_TAGVAR(archive_cmds_need_lc, $1)=no
+ _LT_TAGVAR(hardcode_shlibpath_var, $1)=no
+ _LT_TAGVAR(hardcode_libdir_flag_spec, $1)='${wl}-R,$libdir'
+ _LT_TAGVAR(hardcode_libdir_separator, $1)=':'
+ _LT_TAGVAR(link_all_deplibs, $1)=yes
+ _LT_TAGVAR(export_dynamic_flag_spec, $1)='${wl}-Bexport'
+ runpath_var='LD_RUN_PATH'
+
+ case $cc_basename in
+ CC*)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ *)
+ _LT_TAGVAR(archive_cmds, $1)='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ _LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+ ;;
+ esac
+ ;;
+
+ tandem*)
+ case $cc_basename in
+ NCC*)
+ # NonStop-UX NCC 3.20
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+ ;;
+
+ vxworks*)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+
+ *)
+ # FIXME: insert proper C++ library support
+ _LT_TAGVAR(ld_shlibs, $1)=no
+ ;;
+ esac
+
+ AC_MSG_RESULT([$_LT_TAGVAR(ld_shlibs, $1)])
+ test "$_LT_TAGVAR(ld_shlibs, $1)" = no && can_build_shared=no
+
+ _LT_TAGVAR(GCC, $1)="$GXX"
+ _LT_TAGVAR(LD, $1)="$LD"
+
+ ## CAVEAT EMPTOR:
+ ## There is no encapsulation within the following macros, do not change
+ ## the running order or otherwise move them around unless you know exactly
+ ## what you are doing...
+ _LT_SYS_HIDDEN_LIBDEPS($1)
+ _LT_COMPILER_PIC($1)
+ _LT_COMPILER_C_O($1)
+ _LT_COMPILER_FILE_LOCKS($1)
+ _LT_LINKER_SHLIBS($1)
+ _LT_SYS_DYNAMIC_LINKER($1)
+ _LT_LINKER_HARDCODE_LIBPATH($1)
+
+ _LT_CONFIG($1)
+ fi # test -n "$compiler"
+
+ CC=$lt_save_CC
+ LDCXX=$LD
+ LD=$lt_save_LD
+ GCC=$lt_save_GCC
+ with_gnu_ld=$lt_save_with_gnu_ld
+ lt_cv_path_LDCXX=$lt_cv_path_LD
+ lt_cv_path_LD=$lt_save_path_LD
+ lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld
+ lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld
+fi # test "$_lt_caught_CXX_error" != yes
+
+AC_LANG_POP
+])# _LT_LANG_CXX_CONFIG
+
+
+# _LT_SYS_HIDDEN_LIBDEPS([TAGNAME])
+# ---------------------------------
+# Figure out "hidden" library dependencies from verbose
+# compiler output when linking a shared library.
+# Parse the compiler output and extract the necessary
+# objects, libraries and library flags.
+m4_defun([_LT_SYS_HIDDEN_LIBDEPS],
+[m4_require([_LT_FILEUTILS_DEFAULTS])dnl
+# Dependencies to place before and after the object being linked:
+_LT_TAGVAR(predep_objects, $1)=
+_LT_TAGVAR(postdep_objects, $1)=
+_LT_TAGVAR(predeps, $1)=
+_LT_TAGVAR(postdeps, $1)=
+_LT_TAGVAR(compiler_lib_search_path, $1)=
+
+dnl we can't use the lt_simple_compile_test_code here,
+dnl because it contains code intended for an executable,
+dnl not a library. It's possible we should let each
+dnl tag define a new lt_????_link_test_code variable,
+dnl but it's only used here...
+m4_if([$1], [], [cat > conftest.$ac_ext <<_LT_EOF
+int a;
+void foo (void) { a = 0; }
+_LT_EOF
+], [$1], [CXX], [cat > conftest.$ac_ext <<_LT_EOF
+class Foo
+{
+public:
+ Foo (void) { a = 0; }
+private:
+ int a;
+};
+_LT_EOF
+], [$1], [F77], [cat > conftest.$ac_ext <<_LT_EOF
+ subroutine foo
+ implicit none
+ integer*4 a
+ a=0
+ return
+ end
+_LT_EOF
+], [$1], [FC], [cat > conftest.$ac_ext <<_LT_EOF
+ subroutine foo
+ implicit none
+ integer a
+ a=0
+ return
+ end
+_LT_EOF
+], [$1], [GCJ], [cat > conftest.$ac_ext <<_LT_EOF
+public class foo {
+ private int a;
+ public void bar (void) {
+ a = 0;
+ }
+};
+_LT_EOF
+])
+dnl Parse the compiler output and extract the necessary
+dnl objects, libraries and library flags.
+if AC_TRY_EVAL(ac_compile); then
+ # Parse the compiler output and extract the necessary
+ # objects, libraries and library flags.
+
+ # Sentinel used to keep track of whether or not we are before
+ # the conftest object file.
+ pre_test_object_deps_done=no
+
+ for p in `eval "$output_verbose_link_cmd"`; do
+ case $p in
+
+ -L* | -R* | -l*)
+ # Some compilers place space between "-{L,R}" and the path.
+ # Remove the space.
+ if test $p = "-L" ||
+ test $p = "-R"; then
+ prev=$p
+ continue
+ else
+ prev=
+ fi
+
+ if test "$pre_test_object_deps_done" = no; then
+ case $p in
+ -L* | -R*)
+ # Internal compiler library paths should come after those
+ # provided the user. The postdeps already come after the
+ # user supplied libs so there is no need to process them.
+ if test -z "$_LT_TAGVAR(compiler_lib_search_path, $1)"; then
+ _LT_TAGVAR(compiler_lib_search_path, $1)="${prev}${p}"
+ else
+ _LT_TAGVAR(compiler_lib_search_path, $1)="${_LT_TAGVAR(compiler_lib_search_path, $1)} ${prev}${p}"
+ fi
+ ;;
+ # The "-l" case would never come before the object being
+ # linked, so don't bother handling this case.
+ esac
+ else
+ if test -z "$_LT_TAGVAR(postdeps, $1)"; then
+ _LT_TAGVAR(postdeps, $1)="${prev}${p}"
+ else
+ _LT_TAGVAR(postdeps, $1)="${_LT_TAGVAR(postdeps, $1)} ${prev}${p}"
+ fi
+ fi
+ ;;
+
+ *.$objext)
+ # This assumes that the test object file only shows up
+ # once in the compiler output.
+ if test "$p" = "conftest.$objext"; then
+ pre_test_object_deps_done=yes
+ continue
+ fi
+
+ if test "$pre_test_object_deps_done" = no; then
+ if test -z "$_LT_TAGVAR(predep_objects, $1)"; then
+ _LT_TAGVAR(predep_objects, $1)="$p"
+ else
+ _LT_TAGVAR(predep_objects, $1)="$_LT_TAGVAR(predep_objects, $1) $p"
+ fi
+ else
+ if test -z "$_LT_TAGVAR(postdep_objects, $1)"; then
+ _LT_TAGVAR(postdep_objects, $1)="$p"
+ else
+ _LT_TAGVAR(postdep_objects, $1)="$_LT_TAGVAR(postdep_objects, $1) $p"
+ fi
+ fi
+ ;;
+
+ *) ;; # Ignore the rest.
+
+ esac
+ done
+
+ # Clean up.
+ rm -f a.out a.exe
+else
+ echo "libtool.m4: error: problem compiling $1 test program"
+fi
+
+$RM -f confest.$objext
+
+# PORTME: override above test on systems where it is broken
+m4_if([$1], [CXX],
+[case $host_os in
+interix[[3-9]]*)
+ # Interix 3.5 installs completely hosed .la files for C++, so rather than
+ # hack all around it, let's just trust "g++" to DTRT.
+ _LT_TAGVAR(predep_objects,$1)=
+ _LT_TAGVAR(postdep_objects,$1)=
+ _LT_TAGVAR(postdeps,$1)=
+ ;;
+
+linux*)
+ case `$CC -V 2>&1 | sed 5q` in
+ *Sun\ C*)
+ # Sun C++ 5.9
+
+ # The more standards-conforming stlport4 library is
+ # incompatible with the Cstd library. Avoid specifying
+ # it if it's in CXXFLAGS. Ignore libCrun as
+ # -library=stlport4 depends on it.
+ case " $CXX $CXXFLAGS " in
+ *" -library=stlport4 "*)
+ solaris_use_stlport4=yes
+ ;;
+ esac
+
+ if test "$solaris_use_stlport4" != yes; then
+ _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun'
+ fi
+ ;;
+ esac
+ ;;
+
+solaris*)
+ case $cc_basename in
+ CC*)
+ # The more standards-conforming stlport4 library is
+ # incompatible with the Cstd library. Avoid specifying
+ # it if it's in CXXFLAGS. Ignore libCrun as
+ # -library=stlport4 depends on it.
+ case " $CXX $CXXFLAGS " in
+ *" -library=stlport4 "*)
+ solaris_use_stlport4=yes
+ ;;
+ esac
+
+ # Adding this requires a known-good setup of shared libraries for
+ # Sun compiler versions before 5.6, else PIC objects from an old
+ # archive will be linked into the output, leading to subtle bugs.
+ if test "$solaris_use_stlport4" != yes; then
+ _LT_TAGVAR(postdeps,$1)='-library=Cstd -library=Crun'
+ fi
+ ;;
+ esac
+ ;;
+esac
+])
+
+case " $_LT_TAGVAR(postdeps, $1) " in
+*" -lc "*) _LT_TAGVAR(archive_cmds_need_lc, $1)=no ;;
+esac
+ _LT_TAGVAR(compiler_lib_search_dirs, $1)=
+if test -n "${_LT_TAGVAR(compiler_lib_search_path, $1)}"; then
+ _LT_TAGVAR(compiler_lib_search_dirs, $1)=`echo " ${_LT_TAGVAR(compiler_lib_search_path, $1)}" | ${SED} -e 's! -L! !g' -e 's!^ !!'`
+fi
+_LT_TAGDECL([], [compiler_lib_search_dirs], [1],
+ [The directories searched by this compiler when creating a shared library])
+_LT_TAGDECL([], [predep_objects], [1],
+ [Dependencies to place before and after the objects being linked to
+ create a shared library])
+_LT_TAGDECL([], [postdep_objects], [1])
+_LT_TAGDECL([], [predeps], [1])
+_LT_TAGDECL([], [postdeps], [1])
+_LT_TAGDECL([], [compiler_lib_search_path], [1],
+ [The library search path used internally by the compiler when linking
+ a shared library])
+])# _LT_SYS_HIDDEN_LIBDEPS
+
+
+# _LT_PROG_F77
+# ------------
+# Since AC_PROG_F77 is broken, in that it returns the empty string
+# if there is no fortran compiler, we have our own version here.
+m4_defun([_LT_PROG_F77],
+[
+pushdef([AC_MSG_ERROR], [_lt_disable_F77=yes])
+AC_PROG_F77
+if test -z "$F77" || test "X$F77" = "Xno"; then
+ _lt_disable_F77=yes
+fi
+popdef([AC_MSG_ERROR])
+])# _LT_PROG_F77
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([_LT_PROG_F77], [])
+
+
+# _LT_LANG_F77_CONFIG([TAG])
+# --------------------------
+# Ensure that the configuration variables for a Fortran 77 compiler are
+# suitably defined. These variables are subsequently used by _LT_CONFIG
+# to write the compiler configuration to `libtool'.
+m4_defun([_LT_LANG_F77_CONFIG],
+[AC_REQUIRE([_LT_PROG_F77])dnl
+AC_LANG_PUSH(Fortran 77)
+
+_LT_TAGVAR(archive_cmds_need_lc, $1)=no
+_LT_TAGVAR(allow_undefined_flag, $1)=
+_LT_TAGVAR(always_export_symbols, $1)=no
+_LT_TAGVAR(archive_expsym_cmds, $1)=
+_LT_TAGVAR(export_dynamic_flag_spec, $1)=
+_LT_TAGVAR(hardcode_direct, $1)=no
+_LT_TAGVAR(hardcode_direct_absolute, $1)=no
+_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
+_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
+_LT_TAGVAR(hardcode_libdir_separator, $1)=
+_LT_TAGVAR(hardcode_minus_L, $1)=no
+_LT_TAGVAR(hardcode_automatic, $1)=no
+_LT_TAGVAR(inherit_rpath, $1)=no
+_LT_TAGVAR(module_cmds, $1)=
+_LT_TAGVAR(module_expsym_cmds, $1)=
+_LT_TAGVAR(link_all_deplibs, $1)=unknown
+_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+_LT_TAGVAR(no_undefined_flag, $1)=
+_LT_TAGVAR(whole_archive_flag_spec, $1)=
+_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
+
+# Source file extension for f77 test sources.
+ac_ext=f
+
+# Object file extension for compiled f77 test sources.
+objext=o
+_LT_TAGVAR(objext, $1)=$objext
+
+# No sense in running all these tests if we already determined that
+# the F77 compiler isn't working. Some variables (like enable_shared)
+# are currently assumed to apply to all compilers on this platform,
+# and will be corrupted by setting them based on a non-working compiler.
+if test "$_lt_disable_F77" != yes; then
+ # Code to be used in simple compile tests
+ lt_simple_compile_test_code="\
+ subroutine t
+ return
+ end
+"
+
+ # Code to be used in simple link tests
+ lt_simple_link_test_code="\
+ program t
+ end
+"
+
+ # ltmain only uses $CC for tagged configurations so make sure $CC is set.
+ _LT_TAG_COMPILER
+
+ # save warnings/boilerplate of simple test code
+ _LT_COMPILER_BOILERPLATE
+ _LT_LINKER_BOILERPLATE
+
+ # Allow CC to be a program name with arguments.
+ lt_save_CC="$CC"
+ lt_save_GCC=$GCC
+ CC=${F77-"f77"}
+ compiler=$CC
+ _LT_TAGVAR(compiler, $1)=$CC
+ _LT_CC_BASENAME([$compiler])
+ GCC=$G77
+ if test -n "$compiler"; then
+ AC_MSG_CHECKING([if libtool supports shared libraries])
+ AC_MSG_RESULT([$can_build_shared])
+
+ AC_MSG_CHECKING([whether to build shared libraries])
+ test "$can_build_shared" = "no" && enable_shared=no
+
+ # On AIX, shared libraries and static libraries use the same namespace, and
+ # are all built from PIC.
+ case $host_os in
+ aix3*)
+ test "$enable_shared" = yes && enable_static=no
+ if test -n "$RANLIB"; then
+ archive_cmds="$archive_cmds~\$RANLIB \$lib"
+ postinstall_cmds='$RANLIB $lib'
+ fi
+ ;;
+ aix[[4-9]]*)
+ if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
+ test "$enable_shared" = yes && enable_static=no
+ fi
+ ;;
+ esac
+ AC_MSG_RESULT([$enable_shared])
+
+ AC_MSG_CHECKING([whether to build static libraries])
+ # Make sure either enable_shared or enable_static is yes.
+ test "$enable_shared" = yes || enable_static=yes
+ AC_MSG_RESULT([$enable_static])
+
+ _LT_TAGVAR(GCC, $1)="$G77"
+ _LT_TAGVAR(LD, $1)="$LD"
+
+ ## CAVEAT EMPTOR:
+ ## There is no encapsulation within the following macros, do not change
+ ## the running order or otherwise move them around unless you know exactly
+ ## what you are doing...
+ _LT_COMPILER_PIC($1)
+ _LT_COMPILER_C_O($1)
+ _LT_COMPILER_FILE_LOCKS($1)
+ _LT_LINKER_SHLIBS($1)
+ _LT_SYS_DYNAMIC_LINKER($1)
+ _LT_LINKER_HARDCODE_LIBPATH($1)
+
+ _LT_CONFIG($1)
+ fi # test -n "$compiler"
+
+ GCC=$lt_save_GCC
+ CC="$lt_save_CC"
+fi # test "$_lt_disable_F77" != yes
+
+AC_LANG_POP
+])# _LT_LANG_F77_CONFIG
+
+
+# _LT_PROG_FC
+# -----------
+# Since AC_PROG_FC is broken, in that it returns the empty string
+# if there is no fortran compiler, we have our own version here.
+m4_defun([_LT_PROG_FC],
+[
+pushdef([AC_MSG_ERROR], [_lt_disable_FC=yes])
+AC_PROG_FC
+if test -z "$FC" || test "X$FC" = "Xno"; then
+ _lt_disable_FC=yes
+fi
+popdef([AC_MSG_ERROR])
+])# _LT_PROG_FC
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([_LT_PROG_FC], [])
+
+
+# _LT_LANG_FC_CONFIG([TAG])
+# -------------------------
+# Ensure that the configuration variables for a Fortran compiler are
+# suitably defined. These variables are subsequently used by _LT_CONFIG
+# to write the compiler configuration to `libtool'.
+m4_defun([_LT_LANG_FC_CONFIG],
+[AC_REQUIRE([_LT_PROG_FC])dnl
+AC_LANG_PUSH(Fortran)
+
+_LT_TAGVAR(archive_cmds_need_lc, $1)=no
+_LT_TAGVAR(allow_undefined_flag, $1)=
+_LT_TAGVAR(always_export_symbols, $1)=no
+_LT_TAGVAR(archive_expsym_cmds, $1)=
+_LT_TAGVAR(export_dynamic_flag_spec, $1)=
+_LT_TAGVAR(hardcode_direct, $1)=no
+_LT_TAGVAR(hardcode_direct_absolute, $1)=no
+_LT_TAGVAR(hardcode_libdir_flag_spec, $1)=
+_LT_TAGVAR(hardcode_libdir_flag_spec_ld, $1)=
+_LT_TAGVAR(hardcode_libdir_separator, $1)=
+_LT_TAGVAR(hardcode_minus_L, $1)=no
+_LT_TAGVAR(hardcode_automatic, $1)=no
+_LT_TAGVAR(inherit_rpath, $1)=no
+_LT_TAGVAR(module_cmds, $1)=
+_LT_TAGVAR(module_expsym_cmds, $1)=
+_LT_TAGVAR(link_all_deplibs, $1)=unknown
+_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+_LT_TAGVAR(no_undefined_flag, $1)=
+_LT_TAGVAR(whole_archive_flag_spec, $1)=
+_LT_TAGVAR(enable_shared_with_static_runtimes, $1)=no
+
+# Source file extension for fc test sources.
+ac_ext=${ac_fc_srcext-f}
+
+# Object file extension for compiled fc test sources.
+objext=o
+_LT_TAGVAR(objext, $1)=$objext
+
+# No sense in running all these tests if we already determined that
+# the FC compiler isn't working. Some variables (like enable_shared)
+# are currently assumed to apply to all compilers on this platform,
+# and will be corrupted by setting them based on a non-working compiler.
+if test "$_lt_disable_FC" != yes; then
+ # Code to be used in simple compile tests
+ lt_simple_compile_test_code="\
+ subroutine t
+ return
+ end
+"
+
+ # Code to be used in simple link tests
+ lt_simple_link_test_code="\
+ program t
+ end
+"
+
+ # ltmain only uses $CC for tagged configurations so make sure $CC is set.
+ _LT_TAG_COMPILER
+
+ # save warnings/boilerplate of simple test code
+ _LT_COMPILER_BOILERPLATE
+ _LT_LINKER_BOILERPLATE
+
+ # Allow CC to be a program name with arguments.
+ lt_save_CC="$CC"
+ lt_save_GCC=$GCC
+ CC=${FC-"f95"}
+ compiler=$CC
+ GCC=$ac_cv_fc_compiler_gnu
+
+ _LT_TAGVAR(compiler, $1)=$CC
+ _LT_CC_BASENAME([$compiler])
+
+ if test -n "$compiler"; then
+ AC_MSG_CHECKING([if libtool supports shared libraries])
+ AC_MSG_RESULT([$can_build_shared])
+
+ AC_MSG_CHECKING([whether to build shared libraries])
+ test "$can_build_shared" = "no" && enable_shared=no
+
+ # On AIX, shared libraries and static libraries use the same namespace, and
+ # are all built from PIC.
+ case $host_os in
+ aix3*)
+ test "$enable_shared" = yes && enable_static=no
+ if test -n "$RANLIB"; then
+ archive_cmds="$archive_cmds~\$RANLIB \$lib"
+ postinstall_cmds='$RANLIB $lib'
+ fi
+ ;;
+ aix[[4-9]]*)
+ if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
+ test "$enable_shared" = yes && enable_static=no
+ fi
+ ;;
+ esac
+ AC_MSG_RESULT([$enable_shared])
+
+ AC_MSG_CHECKING([whether to build static libraries])
+ # Make sure either enable_shared or enable_static is yes.
+ test "$enable_shared" = yes || enable_static=yes
+ AC_MSG_RESULT([$enable_static])
+
+ _LT_TAGVAR(GCC, $1)="$ac_cv_fc_compiler_gnu"
+ _LT_TAGVAR(LD, $1)="$LD"
+
+ ## CAVEAT EMPTOR:
+ ## There is no encapsulation within the following macros, do not change
+ ## the running order or otherwise move them around unless you know exactly
+ ## what you are doing...
+ _LT_SYS_HIDDEN_LIBDEPS($1)
+ _LT_COMPILER_PIC($1)
+ _LT_COMPILER_C_O($1)
+ _LT_COMPILER_FILE_LOCKS($1)
+ _LT_LINKER_SHLIBS($1)
+ _LT_SYS_DYNAMIC_LINKER($1)
+ _LT_LINKER_HARDCODE_LIBPATH($1)
+
+ _LT_CONFIG($1)
+ fi # test -n "$compiler"
+
+ GCC=$lt_save_GCC
+ CC="$lt_save_CC"
+fi # test "$_lt_disable_FC" != yes
+
+AC_LANG_POP
+])# _LT_LANG_FC_CONFIG
+
+
+# _LT_LANG_GCJ_CONFIG([TAG])
+# --------------------------
+# Ensure that the configuration variables for the GNU Java Compiler compiler
+# are suitably defined. These variables are subsequently used by _LT_CONFIG
+# to write the compiler configuration to `libtool'.
+m4_defun([_LT_LANG_GCJ_CONFIG],
+[AC_REQUIRE([LT_PROG_GCJ])dnl
+AC_LANG_SAVE
+
+# Source file extension for Java test sources.
+ac_ext=java
+
+# Object file extension for compiled Java test sources.
+objext=o
+_LT_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="class foo {}"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='public class conftest { public static void main(String[[]] argv) {}; }'
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+_LT_TAG_COMPILER
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+# Allow CC to be a program name with arguments.
+lt_save_CC="$CC"
+lt_save_GCC=$GCC
+GCC=yes
+CC=${GCJ-"gcj"}
+compiler=$CC
+_LT_TAGVAR(compiler, $1)=$CC
+_LT_TAGVAR(LD, $1)="$LD"
+_LT_CC_BASENAME([$compiler])
+
+# GCJ did not exist at the time GCC didn't implicitly link libc in.
+_LT_TAGVAR(archive_cmds_need_lc, $1)=no
+
+_LT_TAGVAR(old_archive_cmds, $1)=$old_archive_cmds
+
+## CAVEAT EMPTOR:
+## There is no encapsulation within the following macros, do not change
+## the running order or otherwise move them around unless you know exactly
+## what you are doing...
+if test -n "$compiler"; then
+ _LT_COMPILER_NO_RTTI($1)
+ _LT_COMPILER_PIC($1)
+ _LT_COMPILER_C_O($1)
+ _LT_COMPILER_FILE_LOCKS($1)
+ _LT_LINKER_SHLIBS($1)
+ _LT_LINKER_HARDCODE_LIBPATH($1)
+
+ _LT_CONFIG($1)
+fi
+
+AC_LANG_RESTORE
+
+GCC=$lt_save_GCC
+CC="$lt_save_CC"
+])# _LT_LANG_GCJ_CONFIG
+
+
+# _LT_LANG_RC_CONFIG([TAG])
+# -------------------------
+# Ensure that the configuration variables for the Windows resource compiler
+# are suitably defined. These variables are subsequently used by _LT_CONFIG
+# to write the compiler configuration to `libtool'.
+m4_defun([_LT_LANG_RC_CONFIG],
+[AC_REQUIRE([LT_PROG_RC])dnl
+AC_LANG_SAVE
+
+# Source file extension for RC test sources.
+ac_ext=rc
+
+# Object file extension for compiled RC test sources.
+objext=o
+_LT_TAGVAR(objext, $1)=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code='sample MENU { MENUITEM "&Soup", 100, CHECKED }'
+
+# Code to be used in simple link tests
+lt_simple_link_test_code="$lt_simple_compile_test_code"
+
+# ltmain only uses $CC for tagged configurations so make sure $CC is set.
+_LT_TAG_COMPILER
+
+# save warnings/boilerplate of simple test code
+_LT_COMPILER_BOILERPLATE
+_LT_LINKER_BOILERPLATE
+
+# Allow CC to be a program name with arguments.
+lt_save_CC="$CC"
+lt_save_GCC=$GCC
+GCC=
+CC=${RC-"windres"}
+compiler=$CC
+_LT_TAGVAR(compiler, $1)=$CC
+_LT_CC_BASENAME([$compiler])
+_LT_TAGVAR(lt_cv_prog_compiler_c_o, $1)=yes
+
+if test -n "$compiler"; then
+ :
+ _LT_CONFIG($1)
+fi
+
+GCC=$lt_save_GCC
+AC_LANG_RESTORE
+CC="$lt_save_CC"
+])# _LT_LANG_RC_CONFIG
+
+
+# LT_PROG_GCJ
+# -----------
+AC_DEFUN([LT_PROG_GCJ],
+[m4_ifdef([AC_PROG_GCJ], [AC_PROG_GCJ],
+ [m4_ifdef([A][M_PROG_GCJ], [A][M_PROG_GCJ],
+ [AC_CHECK_TOOL(GCJ, gcj,)
+ test "x${GCJFLAGS+set}" = xset || GCJFLAGS="-g -O2"
+ AC_SUBST(GCJFLAGS)])])[]dnl
+])
+
+# Old name:
+AU_ALIAS([LT_AC_PROG_GCJ], [LT_PROG_GCJ])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([LT_AC_PROG_GCJ], [])
+
+
+# LT_PROG_RC
+# ----------
+AC_DEFUN([LT_PROG_RC],
+[AC_CHECK_TOOL(RC, windres,)
+])
+
+# Old name:
+AU_ALIAS([LT_AC_PROG_RC], [LT_PROG_RC])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([LT_AC_PROG_RC], [])
+
+
+# _LT_DECL_EGREP
+# --------------
+# If we don't have a new enough Autoconf to choose the best grep
+# available, choose the one first in the user's PATH.
+m4_defun([_LT_DECL_EGREP],
+[AC_REQUIRE([AC_PROG_EGREP])dnl
+AC_REQUIRE([AC_PROG_FGREP])dnl
+test -z "$GREP" && GREP=grep
+_LT_DECL([], [GREP], [1], [A grep program that handles long lines])
+_LT_DECL([], [EGREP], [1], [An ERE matcher])
+_LT_DECL([], [FGREP], [1], [A literal string matcher])
+dnl Non-bleeding-edge autoconf doesn't subst GREP, so do it here too
+AC_SUBST([GREP])
+])
+
+
+# _LT_DECL_OBJDUMP
+# --------------
+# If we don't have a new enough Autoconf to choose the best objdump
+# available, choose the one first in the user's PATH.
+m4_defun([_LT_DECL_OBJDUMP],
+[AC_CHECK_TOOL(OBJDUMP, objdump, false)
+test -z "$OBJDUMP" && OBJDUMP=objdump
+_LT_DECL([], [OBJDUMP], [1], [An object symbol dumper])
+AC_SUBST([OBJDUMP])
+])
+
+
+# _LT_DECL_SED
+# ------------
+# Check for a fully-functional sed program, that truncates
+# as few characters as possible. Prefer GNU sed if found.
+m4_defun([_LT_DECL_SED],
+[AC_PROG_SED
+test -z "$SED" && SED=sed
+Xsed="$SED -e 1s/^X//"
+_LT_DECL([], [SED], [1], [A sed program that does not truncate output])
+_LT_DECL([], [Xsed], ["\$SED -e 1s/^X//"],
+ [Sed that helps us avoid accidentally triggering echo(1) options like -n])
+])# _LT_DECL_SED
+
+m4_ifndef([AC_PROG_SED], [
+############################################################
+# NOTE: This macro has been submitted for inclusion into #
+# GNU Autoconf as AC_PROG_SED. When it is available in #
+# a released version of Autoconf we should remove this #
+# macro and use it instead. #
+############################################################
+
+m4_defun([AC_PROG_SED],
+[AC_MSG_CHECKING([for a sed that does not truncate output])
+AC_CACHE_VAL(lt_cv_path_SED,
+[# Loop through the user's path and test for sed and gsed.
+# Then use that list of sed's as ones to test for truncation.
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for lt_ac_prog in sed gsed; do
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if $as_executable_p "$as_dir/$lt_ac_prog$ac_exec_ext"; then
+ lt_ac_sed_list="$lt_ac_sed_list $as_dir/$lt_ac_prog$ac_exec_ext"
+ fi
+ done
+ done
+done
+IFS=$as_save_IFS
+lt_ac_max=0
+lt_ac_count=0
+# Add /usr/xpg4/bin/sed as it is typically found on Solaris
+# along with /bin/sed that truncates output.
+for lt_ac_sed in $lt_ac_sed_list /usr/xpg4/bin/sed; do
+ test ! -f $lt_ac_sed && continue
+ cat /dev/null > conftest.in
+ lt_ac_count=0
+ echo $ECHO_N "0123456789$ECHO_C" >conftest.in
+ # Check for GNU sed and select it if it is found.
+ if "$lt_ac_sed" --version 2>&1 < /dev/null | grep 'GNU' > /dev/null; then
+ lt_cv_path_SED=$lt_ac_sed
+ break
+ fi
+ while true; do
+ cat conftest.in conftest.in >conftest.tmp
+ mv conftest.tmp conftest.in
+ cp conftest.in conftest.nl
+ echo >>conftest.nl
+ $lt_ac_sed -e 's/a$//' < conftest.nl >conftest.out || break
+ cmp -s conftest.out conftest.nl || break
+ # 10000 chars as input seems more than enough
+ test $lt_ac_count -gt 10 && break
+ lt_ac_count=`expr $lt_ac_count + 1`
+ if test $lt_ac_count -gt $lt_ac_max; then
+ lt_ac_max=$lt_ac_count
+ lt_cv_path_SED=$lt_ac_sed
+ fi
+ done
+done
+])
+SED=$lt_cv_path_SED
+AC_SUBST([SED])
+AC_MSG_RESULT([$SED])
+])#AC_PROG_SED
+])#m4_ifndef
+
+# Old name:
+AU_ALIAS([LT_AC_PROG_SED], [AC_PROG_SED])
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([LT_AC_PROG_SED], [])
+
+
+# _LT_CHECK_SHELL_FEATURES
+# ------------------------
+# Find out whether the shell is Bourne or XSI compatible,
+# or has some other useful features.
+m4_defun([_LT_CHECK_SHELL_FEATURES],
+[AC_MSG_CHECKING([whether the shell understands some XSI constructs])
+# Try some XSI features
+xsi_shell=no
+( _lt_dummy="a/b/c"
+ test "${_lt_dummy##*/},${_lt_dummy%/*},"${_lt_dummy%"$_lt_dummy"}, \
+ = c,a/b,, \
+ && eval 'test $(( 1 + 1 )) -eq 2 \
+ && test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \
+ && xsi_shell=yes
+AC_MSG_RESULT([$xsi_shell])
+_LT_CONFIG_LIBTOOL_INIT([xsi_shell='$xsi_shell'])
+
+AC_MSG_CHECKING([whether the shell understands "+="])
+lt_shell_append=no
+( foo=bar; set foo baz; eval "$[1]+=\$[2]" && test "$foo" = barbaz ) \
+ >/dev/null 2>&1 \
+ && lt_shell_append=yes
+AC_MSG_RESULT([$lt_shell_append])
+_LT_CONFIG_LIBTOOL_INIT([lt_shell_append='$lt_shell_append'])
+
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+ lt_unset=unset
+else
+ lt_unset=false
+fi
+_LT_DECL([], [lt_unset], [0], [whether the shell understands "unset"])dnl
+
+# test EBCDIC or ASCII
+case `echo X|tr X '\101'` in
+ A) # ASCII based system
+ # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr
+ lt_SP2NL='tr \040 \012'
+ lt_NL2SP='tr \015\012 \040\040'
+ ;;
+ *) # EBCDIC based system
+ lt_SP2NL='tr \100 \n'
+ lt_NL2SP='tr \r\n \100\100'
+ ;;
+esac
+_LT_DECL([SP2NL], [lt_SP2NL], [1], [turn spaces into newlines])dnl
+_LT_DECL([NL2SP], [lt_NL2SP], [1], [turn newlines into spaces])dnl
+])# _LT_CHECK_SHELL_FEATURES
+
+
+# _LT_PROG_XSI_SHELLFNS
+# ---------------------
+# Bourne and XSI compatible variants of some useful shell functions.
+m4_defun([_LT_PROG_XSI_SHELLFNS],
+[case $xsi_shell in
+ yes)
+ cat << \_LT_EOF >> "$cfgfile"
+
+# func_dirname file append nondir_replacement
+# Compute the dirname of FILE. If nonempty, add APPEND to the result,
+# otherwise set result to NONDIR_REPLACEMENT.
+func_dirname ()
+{
+ case ${1} in
+ */*) func_dirname_result="${1%/*}${2}" ;;
+ * ) func_dirname_result="${3}" ;;
+ esac
+}
+
+# func_basename file
+func_basename ()
+{
+ func_basename_result="${1##*/}"
+}
+
+# func_dirname_and_basename file append nondir_replacement
+# perform func_basename and func_dirname in a single function
+# call:
+# dirname: Compute the dirname of FILE. If nonempty,
+# add APPEND to the result, otherwise set result
+# to NONDIR_REPLACEMENT.
+# value returned in "$func_dirname_result"
+# basename: Compute filename of FILE.
+# value retuned in "$func_basename_result"
+# Implementation must be kept synchronized with func_dirname
+# and func_basename. For efficiency, we do not delegate to
+# those functions but instead duplicate the functionality here.
+func_dirname_and_basename ()
+{
+ case ${1} in
+ */*) func_dirname_result="${1%/*}${2}" ;;
+ * ) func_dirname_result="${3}" ;;
+ esac
+ func_basename_result="${1##*/}"
+}
+
+# func_stripname prefix suffix name
+# strip PREFIX and SUFFIX off of NAME.
+# PREFIX and SUFFIX must not contain globbing or regex special
+# characters, hashes, percent signs, but SUFFIX may contain a leading
+# dot (in which case that matches only a dot).
+func_stripname ()
+{
+ # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are
+ # positional parameters, so assign one to ordinary parameter first.
+ func_stripname_result=${3}
+ func_stripname_result=${func_stripname_result#"${1}"}
+ func_stripname_result=${func_stripname_result%"${2}"}
+}
+
+# func_opt_split
+func_opt_split ()
+{
+ func_opt_split_opt=${1%%=*}
+ func_opt_split_arg=${1#*=}
+}
+
+# func_lo2o object
+func_lo2o ()
+{
+ case ${1} in
+ *.lo) func_lo2o_result=${1%.lo}.${objext} ;;
+ *) func_lo2o_result=${1} ;;
+ esac
+}
+
+# func_xform libobj-or-source
+func_xform ()
+{
+ func_xform_result=${1%.*}.lo
+}
+
+# func_arith arithmetic-term...
+func_arith ()
+{
+ func_arith_result=$(( $[*] ))
+}
+
+# func_len string
+# STRING may not start with a hyphen.
+func_len ()
+{
+ func_len_result=${#1}
+}
+
+_LT_EOF
+ ;;
+ *) # Bourne compatible functions.
+ cat << \_LT_EOF >> "$cfgfile"
+
+# func_dirname file append nondir_replacement
+# Compute the dirname of FILE. If nonempty, add APPEND to the result,
+# otherwise set result to NONDIR_REPLACEMENT.
+func_dirname ()
+{
+ # Extract subdirectory from the argument.
+ func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"`
+ if test "X$func_dirname_result" = "X${1}"; then
+ func_dirname_result="${3}"
+ else
+ func_dirname_result="$func_dirname_result${2}"
+ fi
+}
+
+# func_basename file
+func_basename ()
+{
+ func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"`
+}
+
+dnl func_dirname_and_basename
+dnl A portable version of this function is already defined in general.m4sh
+dnl so there is no need for it here.
+
+# func_stripname prefix suffix name
+# strip PREFIX and SUFFIX off of NAME.
+# PREFIX and SUFFIX must not contain globbing or regex special
+# characters, hashes, percent signs, but SUFFIX may contain a leading
+# dot (in which case that matches only a dot).
+# func_strip_suffix prefix name
+func_stripname ()
+{
+ case ${2} in
+ .*) func_stripname_result=`$ECHO "X${3}" \
+ | $Xsed -e "s%^${1}%%" -e "s%\\\\${2}\$%%"`;;
+ *) func_stripname_result=`$ECHO "X${3}" \
+ | $Xsed -e "s%^${1}%%" -e "s%${2}\$%%"`;;
+ esac
+}
+
+# sed scripts:
+my_sed_long_opt='1s/^\(-[[^=]]*\)=.*/\1/;q'
+my_sed_long_arg='1s/^-[[^=]]*=//'
+
+# func_opt_split
+func_opt_split ()
+{
+ func_opt_split_opt=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_opt"`
+ func_opt_split_arg=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_arg"`
+}
+
+# func_lo2o object
+func_lo2o ()
+{
+ func_lo2o_result=`$ECHO "X${1}" | $Xsed -e "$lo2o"`
+}
+
+# func_xform libobj-or-source
+func_xform ()
+{
+ func_xform_result=`$ECHO "X${1}" | $Xsed -e 's/\.[[^.]]*$/.lo/'`
+}
+
+# func_arith arithmetic-term...
+func_arith ()
+{
+ func_arith_result=`expr "$[@]"`
+}
+
+# func_len string
+# STRING may not start with a hyphen.
+func_len ()
+{
+ func_len_result=`expr "$[1]" : ".*" 2>/dev/null || echo $max_cmd_len`
+}
+
+_LT_EOF
+esac
+
+case $lt_shell_append in
+ yes)
+ cat << \_LT_EOF >> "$cfgfile"
+
+# func_append var value
+# Append VALUE to the end of shell variable VAR.
+func_append ()
+{
+ eval "$[1]+=\$[2]"
+}
+_LT_EOF
+ ;;
+ *)
+ cat << \_LT_EOF >> "$cfgfile"
+
+# func_append var value
+# Append VALUE to the end of shell variable VAR.
+func_append ()
+{
+ eval "$[1]=\$$[1]\$[2]"
+}
+
+_LT_EOF
+ ;;
+ esac
+])
diff --git a/m4/ltoptions.m4 b/m4/ltoptions.m4
new file mode 100644
index 00000000..34151a3b
--- /dev/null
+++ b/m4/ltoptions.m4
@@ -0,0 +1,368 @@
+# Helper functions for option handling. -*- Autoconf -*-
+#
+# Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc.
+# Written by Gary V. Vaughan, 2004
+#
+# This file is free software; the Free Software Foundation gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+
+# serial 6 ltoptions.m4
+
+# This is to help aclocal find these macros, as it can't see m4_define.
+AC_DEFUN([LTOPTIONS_VERSION], [m4_if([1])])
+
+
+# _LT_MANGLE_OPTION(MACRO-NAME, OPTION-NAME)
+# ------------------------------------------
+m4_define([_LT_MANGLE_OPTION],
+[[_LT_OPTION_]m4_bpatsubst($1__$2, [[^a-zA-Z0-9_]], [_])])
+
+
+# _LT_SET_OPTION(MACRO-NAME, OPTION-NAME)
+# ---------------------------------------
+# Set option OPTION-NAME for macro MACRO-NAME, and if there is a
+# matching handler defined, dispatch to it. Other OPTION-NAMEs are
+# saved as a flag.
+m4_define([_LT_SET_OPTION],
+[m4_define(_LT_MANGLE_OPTION([$1], [$2]))dnl
+m4_ifdef(_LT_MANGLE_DEFUN([$1], [$2]),
+ _LT_MANGLE_DEFUN([$1], [$2]),
+ [m4_warning([Unknown $1 option `$2'])])[]dnl
+])
+
+
+# _LT_IF_OPTION(MACRO-NAME, OPTION-NAME, IF-SET, [IF-NOT-SET])
+# ------------------------------------------------------------
+# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
+m4_define([_LT_IF_OPTION],
+[m4_ifdef(_LT_MANGLE_OPTION([$1], [$2]), [$3], [$4])])
+
+
+# _LT_UNLESS_OPTIONS(MACRO-NAME, OPTION-LIST, IF-NOT-SET)
+# -------------------------------------------------------
+# Execute IF-NOT-SET unless all options in OPTION-LIST for MACRO-NAME
+# are set.
+m4_define([_LT_UNLESS_OPTIONS],
+[m4_foreach([_LT_Option], m4_split(m4_normalize([$2])),
+ [m4_ifdef(_LT_MANGLE_OPTION([$1], _LT_Option),
+ [m4_define([$0_found])])])[]dnl
+m4_ifdef([$0_found], [m4_undefine([$0_found])], [$3
+])[]dnl
+])
+
+
+# _LT_SET_OPTIONS(MACRO-NAME, OPTION-LIST)
+# ----------------------------------------
+# OPTION-LIST is a space-separated list of Libtool options associated
+# with MACRO-NAME. If any OPTION has a matching handler declared with
+# LT_OPTION_DEFINE, dispatch to that macro; otherwise complain about
+# the unknown option and exit.
+m4_defun([_LT_SET_OPTIONS],
+[# Set options
+m4_foreach([_LT_Option], m4_split(m4_normalize([$2])),
+ [_LT_SET_OPTION([$1], _LT_Option)])
+
+m4_if([$1],[LT_INIT],[
+ dnl
+ dnl Simply set some default values (i.e off) if boolean options were not
+ dnl specified:
+ _LT_UNLESS_OPTIONS([LT_INIT], [dlopen], [enable_dlopen=no
+ ])
+ _LT_UNLESS_OPTIONS([LT_INIT], [win32-dll], [enable_win32_dll=no
+ ])
+ dnl
+ dnl If no reference was made to various pairs of opposing options, then
+ dnl we run the default mode handler for the pair. For example, if neither
+ dnl `shared' nor `disable-shared' was passed, we enable building of shared
+ dnl archives by default:
+ _LT_UNLESS_OPTIONS([LT_INIT], [shared disable-shared], [_LT_ENABLE_SHARED])
+ _LT_UNLESS_OPTIONS([LT_INIT], [static disable-static], [_LT_ENABLE_STATIC])
+ _LT_UNLESS_OPTIONS([LT_INIT], [pic-only no-pic], [_LT_WITH_PIC])
+ _LT_UNLESS_OPTIONS([LT_INIT], [fast-install disable-fast-install],
+ [_LT_ENABLE_FAST_INSTALL])
+ ])
+])# _LT_SET_OPTIONS
+
+
+## --------------------------------- ##
+## Macros to handle LT_INIT options. ##
+## --------------------------------- ##
+
+# _LT_MANGLE_DEFUN(MACRO-NAME, OPTION-NAME)
+# -----------------------------------------
+m4_define([_LT_MANGLE_DEFUN],
+[[_LT_OPTION_DEFUN_]m4_bpatsubst(m4_toupper([$1__$2]), [[^A-Z0-9_]], [_])])
+
+
+# LT_OPTION_DEFINE(MACRO-NAME, OPTION-NAME, CODE)
+# -----------------------------------------------
+m4_define([LT_OPTION_DEFINE],
+[m4_define(_LT_MANGLE_DEFUN([$1], [$2]), [$3])[]dnl
+])# LT_OPTION_DEFINE
+
+
+# dlopen
+# ------
+LT_OPTION_DEFINE([LT_INIT], [dlopen], [enable_dlopen=yes
+])
+
+AU_DEFUN([AC_LIBTOOL_DLOPEN],
+[_LT_SET_OPTION([LT_INIT], [dlopen])
+AC_DIAGNOSE([obsolete],
+[$0: Remove this warning and the call to _LT_SET_OPTION when you
+put the `dlopen' option into LT_INIT's first parameter.])
+])
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_DLOPEN], [])
+
+
+# win32-dll
+# ---------
+# Declare package support for building win32 dll's.
+LT_OPTION_DEFINE([LT_INIT], [win32-dll],
+[enable_win32_dll=yes
+
+case $host in
+*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-cegcc*)
+ AC_CHECK_TOOL(AS, as, false)
+ AC_CHECK_TOOL(DLLTOOL, dlltool, false)
+ AC_CHECK_TOOL(OBJDUMP, objdump, false)
+ ;;
+esac
+
+test -z "$AS" && AS=as
+_LT_DECL([], [AS], [0], [Assembler program])dnl
+
+test -z "$DLLTOOL" && DLLTOOL=dlltool
+_LT_DECL([], [DLLTOOL], [0], [DLL creation program])dnl
+
+test -z "$OBJDUMP" && OBJDUMP=objdump
+_LT_DECL([], [OBJDUMP], [0], [Object dumper program])dnl
+])# win32-dll
+
+AU_DEFUN([AC_LIBTOOL_WIN32_DLL],
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+_LT_SET_OPTION([LT_INIT], [win32-dll])
+AC_DIAGNOSE([obsolete],
+[$0: Remove this warning and the call to _LT_SET_OPTION when you
+put the `win32-dll' option into LT_INIT's first parameter.])
+])
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_WIN32_DLL], [])
+
+
+# _LT_ENABLE_SHARED([DEFAULT])
+# ----------------------------
+# implement the --enable-shared flag, and supports the `shared' and
+# `disable-shared' LT_INIT options.
+# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'.
+m4_define([_LT_ENABLE_SHARED],
+[m4_define([_LT_ENABLE_SHARED_DEFAULT], [m4_if($1, no, no, yes)])dnl
+AC_ARG_ENABLE([shared],
+ [AS_HELP_STRING([--enable-shared@<:@=PKGS@:>@],
+ [build shared libraries @<:@default=]_LT_ENABLE_SHARED_DEFAULT[@:>@])],
+ [p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_shared=yes ;;
+ no) enable_shared=no ;;
+ *)
+ enable_shared=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_shared=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac],
+ [enable_shared=]_LT_ENABLE_SHARED_DEFAULT)
+
+ _LT_DECL([build_libtool_libs], [enable_shared], [0],
+ [Whether or not to build shared libraries])
+])# _LT_ENABLE_SHARED
+
+LT_OPTION_DEFINE([LT_INIT], [shared], [_LT_ENABLE_SHARED([yes])])
+LT_OPTION_DEFINE([LT_INIT], [disable-shared], [_LT_ENABLE_SHARED([no])])
+
+# Old names:
+AC_DEFUN([AC_ENABLE_SHARED],
+[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[shared])
+])
+
+AC_DEFUN([AC_DISABLE_SHARED],
+[_LT_SET_OPTION([LT_INIT], [disable-shared])
+])
+
+AU_DEFUN([AM_ENABLE_SHARED], [AC_ENABLE_SHARED($@)])
+AU_DEFUN([AM_DISABLE_SHARED], [AC_DISABLE_SHARED($@)])
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AM_ENABLE_SHARED], [])
+dnl AC_DEFUN([AM_DISABLE_SHARED], [])
+
+
+
+# _LT_ENABLE_STATIC([DEFAULT])
+# ----------------------------
+# implement the --enable-static flag, and support the `static' and
+# `disable-static' LT_INIT options.
+# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'.
+m4_define([_LT_ENABLE_STATIC],
+[m4_define([_LT_ENABLE_STATIC_DEFAULT], [m4_if($1, no, no, yes)])dnl
+AC_ARG_ENABLE([static],
+ [AS_HELP_STRING([--enable-static@<:@=PKGS@:>@],
+ [build static libraries @<:@default=]_LT_ENABLE_STATIC_DEFAULT[@:>@])],
+ [p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_static=yes ;;
+ no) enable_static=no ;;
+ *)
+ enable_static=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_static=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac],
+ [enable_static=]_LT_ENABLE_STATIC_DEFAULT)
+
+ _LT_DECL([build_old_libs], [enable_static], [0],
+ [Whether or not to build static libraries])
+])# _LT_ENABLE_STATIC
+
+LT_OPTION_DEFINE([LT_INIT], [static], [_LT_ENABLE_STATIC([yes])])
+LT_OPTION_DEFINE([LT_INIT], [disable-static], [_LT_ENABLE_STATIC([no])])
+
+# Old names:
+AC_DEFUN([AC_ENABLE_STATIC],
+[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[static])
+])
+
+AC_DEFUN([AC_DISABLE_STATIC],
+[_LT_SET_OPTION([LT_INIT], [disable-static])
+])
+
+AU_DEFUN([AM_ENABLE_STATIC], [AC_ENABLE_STATIC($@)])
+AU_DEFUN([AM_DISABLE_STATIC], [AC_DISABLE_STATIC($@)])
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AM_ENABLE_STATIC], [])
+dnl AC_DEFUN([AM_DISABLE_STATIC], [])
+
+
+
+# _LT_ENABLE_FAST_INSTALL([DEFAULT])
+# ----------------------------------
+# implement the --enable-fast-install flag, and support the `fast-install'
+# and `disable-fast-install' LT_INIT options.
+# DEFAULT is either `yes' or `no'. If omitted, it defaults to `yes'.
+m4_define([_LT_ENABLE_FAST_INSTALL],
+[m4_define([_LT_ENABLE_FAST_INSTALL_DEFAULT], [m4_if($1, no, no, yes)])dnl
+AC_ARG_ENABLE([fast-install],
+ [AS_HELP_STRING([--enable-fast-install@<:@=PKGS@:>@],
+ [optimize for fast installation @<:@default=]_LT_ENABLE_FAST_INSTALL_DEFAULT[@:>@])],
+ [p=${PACKAGE-default}
+ case $enableval in
+ yes) enable_fast_install=yes ;;
+ no) enable_fast_install=no ;;
+ *)
+ enable_fast_install=no
+ # Look at the argument we got. We use all the common list separators.
+ lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+ for pkg in $enableval; do
+ IFS="$lt_save_ifs"
+ if test "X$pkg" = "X$p"; then
+ enable_fast_install=yes
+ fi
+ done
+ IFS="$lt_save_ifs"
+ ;;
+ esac],
+ [enable_fast_install=]_LT_ENABLE_FAST_INSTALL_DEFAULT)
+
+_LT_DECL([fast_install], [enable_fast_install], [0],
+ [Whether or not to optimize for fast installation])dnl
+])# _LT_ENABLE_FAST_INSTALL
+
+LT_OPTION_DEFINE([LT_INIT], [fast-install], [_LT_ENABLE_FAST_INSTALL([yes])])
+LT_OPTION_DEFINE([LT_INIT], [disable-fast-install], [_LT_ENABLE_FAST_INSTALL([no])])
+
+# Old names:
+AU_DEFUN([AC_ENABLE_FAST_INSTALL],
+[_LT_SET_OPTION([LT_INIT], m4_if([$1], [no], [disable-])[fast-install])
+AC_DIAGNOSE([obsolete],
+[$0: Remove this warning and the call to _LT_SET_OPTION when you put
+the `fast-install' option into LT_INIT's first parameter.])
+])
+
+AU_DEFUN([AC_DISABLE_FAST_INSTALL],
+[_LT_SET_OPTION([LT_INIT], [disable-fast-install])
+AC_DIAGNOSE([obsolete],
+[$0: Remove this warning and the call to _LT_SET_OPTION when you put
+the `disable-fast-install' option into LT_INIT's first parameter.])
+])
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_ENABLE_FAST_INSTALL], [])
+dnl AC_DEFUN([AM_DISABLE_FAST_INSTALL], [])
+
+
+# _LT_WITH_PIC([MODE])
+# --------------------
+# implement the --with-pic flag, and support the `pic-only' and `no-pic'
+# LT_INIT options.
+# MODE is either `yes' or `no'. If omitted, it defaults to `both'.
+m4_define([_LT_WITH_PIC],
+[AC_ARG_WITH([pic],
+ [AS_HELP_STRING([--with-pic],
+ [try to use only PIC/non-PIC objects @<:@default=use both@:>@])],
+ [pic_mode="$withval"],
+ [pic_mode=default])
+
+test -z "$pic_mode" && pic_mode=m4_default([$1], [default])
+
+_LT_DECL([], [pic_mode], [0], [What type of objects to build])dnl
+])# _LT_WITH_PIC
+
+LT_OPTION_DEFINE([LT_INIT], [pic-only], [_LT_WITH_PIC([yes])])
+LT_OPTION_DEFINE([LT_INIT], [no-pic], [_LT_WITH_PIC([no])])
+
+# Old name:
+AU_DEFUN([AC_LIBTOOL_PICMODE],
+[_LT_SET_OPTION([LT_INIT], [pic-only])
+AC_DIAGNOSE([obsolete],
+[$0: Remove this warning and the call to _LT_SET_OPTION when you
+put the `pic-only' option into LT_INIT's first parameter.])
+])
+
+dnl aclocal-1.4 backwards compatibility:
+dnl AC_DEFUN([AC_LIBTOOL_PICMODE], [])
+
+## ----------------- ##
+## LTDL_INIT Options ##
+## ----------------- ##
+
+m4_define([_LTDL_MODE], [])
+LT_OPTION_DEFINE([LTDL_INIT], [nonrecursive],
+ [m4_define([_LTDL_MODE], [nonrecursive])])
+LT_OPTION_DEFINE([LTDL_INIT], [recursive],
+ [m4_define([_LTDL_MODE], [recursive])])
+LT_OPTION_DEFINE([LTDL_INIT], [subproject],
+ [m4_define([_LTDL_MODE], [subproject])])
+
+m4_define([_LTDL_TYPE], [])
+LT_OPTION_DEFINE([LTDL_INIT], [installable],
+ [m4_define([_LTDL_TYPE], [installable])])
+LT_OPTION_DEFINE([LTDL_INIT], [convenience],
+ [m4_define([_LTDL_TYPE], [convenience])])
diff --git a/m4/ltsugar.m4 b/m4/ltsugar.m4
new file mode 100644
index 00000000..9000a057
--- /dev/null
+++ b/m4/ltsugar.m4
@@ -0,0 +1,123 @@
+# ltsugar.m4 -- libtool m4 base layer. -*-Autoconf-*-
+#
+# Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc.
+# Written by Gary V. Vaughan, 2004
+#
+# This file is free software; the Free Software Foundation gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+
+# serial 6 ltsugar.m4
+
+# This is to help aclocal find these macros, as it can't see m4_define.
+AC_DEFUN([LTSUGAR_VERSION], [m4_if([0.1])])
+
+
+# lt_join(SEP, ARG1, [ARG2...])
+# -----------------------------
+# Produce ARG1SEPARG2...SEPARGn, omitting [] arguments and their
+# associated separator.
+# Needed until we can rely on m4_join from Autoconf 2.62, since all earlier
+# versions in m4sugar had bugs.
+m4_define([lt_join],
+[m4_if([$#], [1], [],
+ [$#], [2], [[$2]],
+ [m4_if([$2], [], [], [[$2]_])$0([$1], m4_shift(m4_shift($@)))])])
+m4_define([_lt_join],
+[m4_if([$#$2], [2], [],
+ [m4_if([$2], [], [], [[$1$2]])$0([$1], m4_shift(m4_shift($@)))])])
+
+
+# lt_car(LIST)
+# lt_cdr(LIST)
+# ------------
+# Manipulate m4 lists.
+# These macros are necessary as long as will still need to support
+# Autoconf-2.59 which quotes differently.
+m4_define([lt_car], [[$1]])
+m4_define([lt_cdr],
+[m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])],
+ [$#], 1, [],
+ [m4_dquote(m4_shift($@))])])
+m4_define([lt_unquote], $1)
+
+
+# lt_append(MACRO-NAME, STRING, [SEPARATOR])
+# ------------------------------------------
+# Redefine MACRO-NAME to hold its former content plus `SEPARATOR'`STRING'.
+# Note that neither SEPARATOR nor STRING are expanded; they are appended
+# to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked).
+# No SEPARATOR is output if MACRO-NAME was previously undefined (different
+# than defined and empty).
+#
+# This macro is needed until we can rely on Autoconf 2.62, since earlier
+# versions of m4sugar mistakenly expanded SEPARATOR but not STRING.
+m4_define([lt_append],
+[m4_define([$1],
+ m4_ifdef([$1], [m4_defn([$1])[$3]])[$2])])
+
+
+
+# lt_combine(SEP, PREFIX-LIST, INFIX, SUFFIX1, [SUFFIX2...])
+# ----------------------------------------------------------
+# Produce a SEP delimited list of all paired combinations of elements of
+# PREFIX-LIST with SUFFIX1 through SUFFIXn. Each element of the list
+# has the form PREFIXmINFIXSUFFIXn.
+# Needed until we can rely on m4_combine added in Autoconf 2.62.
+m4_define([lt_combine],
+[m4_if(m4_eval([$# > 3]), [1],
+ [m4_pushdef([_Lt_sep], [m4_define([_Lt_sep], m4_defn([lt_car]))])]]dnl
+[[m4_foreach([_Lt_prefix], [$2],
+ [m4_foreach([_Lt_suffix],
+ ]m4_dquote(m4_dquote(m4_shift(m4_shift(m4_shift($@)))))[,
+ [_Lt_sep([$1])[]m4_defn([_Lt_prefix])[$3]m4_defn([_Lt_suffix])])])])])
+
+
+# lt_if_append_uniq(MACRO-NAME, VARNAME, [SEPARATOR], [UNIQ], [NOT-UNIQ])
+# -----------------------------------------------------------------------
+# Iff MACRO-NAME does not yet contain VARNAME, then append it (delimited
+# by SEPARATOR if supplied) and expand UNIQ, else NOT-UNIQ.
+m4_define([lt_if_append_uniq],
+[m4_ifdef([$1],
+ [m4_if(m4_index([$3]m4_defn([$1])[$3], [$3$2$3]), [-1],
+ [lt_append([$1], [$2], [$3])$4],
+ [$5])],
+ [lt_append([$1], [$2], [$3])$4])])
+
+
+# lt_dict_add(DICT, KEY, VALUE)
+# -----------------------------
+m4_define([lt_dict_add],
+[m4_define([$1($2)], [$3])])
+
+
+# lt_dict_add_subkey(DICT, KEY, SUBKEY, VALUE)
+# --------------------------------------------
+m4_define([lt_dict_add_subkey],
+[m4_define([$1($2:$3)], [$4])])
+
+
+# lt_dict_fetch(DICT, KEY, [SUBKEY])
+# ----------------------------------
+m4_define([lt_dict_fetch],
+[m4_ifval([$3],
+ m4_ifdef([$1($2:$3)], [m4_defn([$1($2:$3)])]),
+ m4_ifdef([$1($2)], [m4_defn([$1($2)])]))])
+
+
+# lt_if_dict_fetch(DICT, KEY, [SUBKEY], VALUE, IF-TRUE, [IF-FALSE])
+# -----------------------------------------------------------------
+m4_define([lt_if_dict_fetch],
+[m4_if(lt_dict_fetch([$1], [$2], [$3]), [$4],
+ [$5],
+ [$6])])
+
+
+# lt_dict_filter(DICT, [SUBKEY], VALUE, [SEPARATOR], KEY, [...])
+# --------------------------------------------------------------
+m4_define([lt_dict_filter],
+[m4_if([$5], [], [],
+ [lt_join(m4_quote(m4_default([$4], [[, ]])),
+ lt_unquote(m4_split(m4_normalize(m4_foreach(_Lt_key, lt_car([m4_shiftn(4, $@)]),
+ [lt_if_dict_fetch([$1], _Lt_key, [$2], [$3], [_Lt_key ])])))))])[]dnl
+])
diff --git a/m4/ltversion.m4 b/m4/ltversion.m4
new file mode 100644
index 00000000..f3c53098
--- /dev/null
+++ b/m4/ltversion.m4
@@ -0,0 +1,23 @@
+# ltversion.m4 -- version numbers -*- Autoconf -*-
+#
+# Copyright (C) 2004 Free Software Foundation, Inc.
+# Written by Scott James Remnant, 2004
+#
+# This file is free software; the Free Software Foundation gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+
+# Generated from ltversion.in.
+
+# serial 3017 ltversion.m4
+# This file is part of GNU Libtool
+
+m4_define([LT_PACKAGE_VERSION], [2.2.6b])
+m4_define([LT_PACKAGE_REVISION], [1.3017])
+
+AC_DEFUN([LTVERSION_VERSION],
+[macro_version='2.2.6b'
+macro_revision='1.3017'
+_LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?])
+_LT_DECL(, macro_revision, 0)
+])
diff --git a/m4/lt~obsolete.m4 b/m4/lt~obsolete.m4
new file mode 100644
index 00000000..637bb206
--- /dev/null
+++ b/m4/lt~obsolete.m4
@@ -0,0 +1,92 @@
+# lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*-
+#
+# Copyright (C) 2004, 2005, 2007 Free Software Foundation, Inc.
+# Written by Scott James Remnant, 2004.
+#
+# This file is free software; the Free Software Foundation gives
+# unlimited permission to copy and/or distribute it, with or without
+# modifications, as long as this notice is preserved.
+
+# serial 4 lt~obsolete.m4
+
+# These exist entirely to fool aclocal when bootstrapping libtool.
+#
+# In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN)
+# which have later been changed to m4_define as they aren't part of the
+# exported API, or moved to Autoconf or Automake where they belong.
+#
+# The trouble is, aclocal is a bit thick. It'll see the old AC_DEFUN
+# in /usr/share/aclocal/libtool.m4 and remember it, then when it sees us
+# using a macro with the same name in our local m4/libtool.m4 it'll
+# pull the old libtool.m4 in (it doesn't see our shiny new m4_define
+# and doesn't know about Autoconf macros at all.)
+#
+# So we provide this file, which has a silly filename so it's always
+# included after everything else. This provides aclocal with the
+# AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything
+# because those macros already exist, or will be overwritten later.
+# We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6.
+#
+# Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here.
+# Yes, that means every name once taken will need to remain here until
+# we give up compatibility with versions before 1.7, at which point
+# we need to keep only those names which we still refer to.
+
+# This is to help aclocal find these macros, as it can't see m4_define.
+AC_DEFUN([LTOBSOLETE_VERSION], [m4_if([1])])
+
+m4_ifndef([AC_LIBTOOL_LINKER_OPTION], [AC_DEFUN([AC_LIBTOOL_LINKER_OPTION])])
+m4_ifndef([AC_PROG_EGREP], [AC_DEFUN([AC_PROG_EGREP])])
+m4_ifndef([_LT_AC_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH])])
+m4_ifndef([_LT_AC_SHELL_INIT], [AC_DEFUN([_LT_AC_SHELL_INIT])])
+m4_ifndef([_LT_AC_SYS_LIBPATH_AIX], [AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX])])
+m4_ifndef([_LT_PROG_LTMAIN], [AC_DEFUN([_LT_PROG_LTMAIN])])
+m4_ifndef([_LT_AC_TAGVAR], [AC_DEFUN([_LT_AC_TAGVAR])])
+m4_ifndef([AC_LTDL_ENABLE_INSTALL], [AC_DEFUN([AC_LTDL_ENABLE_INSTALL])])
+m4_ifndef([AC_LTDL_PREOPEN], [AC_DEFUN([AC_LTDL_PREOPEN])])
+m4_ifndef([_LT_AC_SYS_COMPILER], [AC_DEFUN([_LT_AC_SYS_COMPILER])])
+m4_ifndef([_LT_AC_LOCK], [AC_DEFUN([_LT_AC_LOCK])])
+m4_ifndef([AC_LIBTOOL_SYS_OLD_ARCHIVE], [AC_DEFUN([AC_LIBTOOL_SYS_OLD_ARCHIVE])])
+m4_ifndef([_LT_AC_TRY_DLOPEN_SELF], [AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF])])
+m4_ifndef([AC_LIBTOOL_PROG_CC_C_O], [AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O])])
+m4_ifndef([AC_LIBTOOL_SYS_HARD_LINK_LOCKS], [AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS])])
+m4_ifndef([AC_LIBTOOL_OBJDIR], [AC_DEFUN([AC_LIBTOOL_OBJDIR])])
+m4_ifndef([AC_LTDL_OBJDIR], [AC_DEFUN([AC_LTDL_OBJDIR])])
+m4_ifndef([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH], [AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH])])
+m4_ifndef([AC_LIBTOOL_SYS_LIB_STRIP], [AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP])])
+m4_ifndef([AC_PATH_MAGIC], [AC_DEFUN([AC_PATH_MAGIC])])
+m4_ifndef([AC_PROG_LD_GNU], [AC_DEFUN([AC_PROG_LD_GNU])])
+m4_ifndef([AC_PROG_LD_RELOAD_FLAG], [AC_DEFUN([AC_PROG_LD_RELOAD_FLAG])])
+m4_ifndef([AC_DEPLIBS_CHECK_METHOD], [AC_DEFUN([AC_DEPLIBS_CHECK_METHOD])])
+m4_ifndef([AC_LIBTOOL_PROG_COMPILER_NO_RTTI], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI])])
+m4_ifndef([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE], [AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE])])
+m4_ifndef([AC_LIBTOOL_PROG_COMPILER_PIC], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC])])
+m4_ifndef([AC_LIBTOOL_PROG_LD_SHLIBS], [AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS])])
+m4_ifndef([AC_LIBTOOL_POSTDEP_PREDEP], [AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP])])
+m4_ifndef([LT_AC_PROG_EGREP], [AC_DEFUN([LT_AC_PROG_EGREP])])
+m4_ifndef([LT_AC_PROG_SED], [AC_DEFUN([LT_AC_PROG_SED])])
+m4_ifndef([_LT_CC_BASENAME], [AC_DEFUN([_LT_CC_BASENAME])])
+m4_ifndef([_LT_COMPILER_BOILERPLATE], [AC_DEFUN([_LT_COMPILER_BOILERPLATE])])
+m4_ifndef([_LT_LINKER_BOILERPLATE], [AC_DEFUN([_LT_LINKER_BOILERPLATE])])
+m4_ifndef([_AC_PROG_LIBTOOL], [AC_DEFUN([_AC_PROG_LIBTOOL])])
+m4_ifndef([AC_LIBTOOL_SETUP], [AC_DEFUN([AC_LIBTOOL_SETUP])])
+m4_ifndef([_LT_AC_CHECK_DLFCN], [AC_DEFUN([_LT_AC_CHECK_DLFCN])])
+m4_ifndef([AC_LIBTOOL_SYS_DYNAMIC_LINKER], [AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER])])
+m4_ifndef([_LT_AC_TAGCONFIG], [AC_DEFUN([_LT_AC_TAGCONFIG])])
+m4_ifndef([AC_DISABLE_FAST_INSTALL], [AC_DEFUN([AC_DISABLE_FAST_INSTALL])])
+m4_ifndef([_LT_AC_LANG_CXX], [AC_DEFUN([_LT_AC_LANG_CXX])])
+m4_ifndef([_LT_AC_LANG_F77], [AC_DEFUN([_LT_AC_LANG_F77])])
+m4_ifndef([_LT_AC_LANG_GCJ], [AC_DEFUN([_LT_AC_LANG_GCJ])])
+m4_ifndef([AC_LIBTOOL_RC], [AC_DEFUN([AC_LIBTOOL_RC])])
+m4_ifndef([AC_LIBTOOL_LANG_C_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG])])
+m4_ifndef([_LT_AC_LANG_C_CONFIG], [AC_DEFUN([_LT_AC_LANG_C_CONFIG])])
+m4_ifndef([AC_LIBTOOL_LANG_CXX_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG])])
+m4_ifndef([_LT_AC_LANG_CXX_CONFIG], [AC_DEFUN([_LT_AC_LANG_CXX_CONFIG])])
+m4_ifndef([AC_LIBTOOL_LANG_F77_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG])])
+m4_ifndef([_LT_AC_LANG_F77_CONFIG], [AC_DEFUN([_LT_AC_LANG_F77_CONFIG])])
+m4_ifndef([AC_LIBTOOL_LANG_GCJ_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG])])
+m4_ifndef([_LT_AC_LANG_GCJ_CONFIG], [AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG])])
+m4_ifndef([AC_LIBTOOL_LANG_RC_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG])])
+m4_ifndef([_LT_AC_LANG_RC_CONFIG], [AC_DEFUN([_LT_AC_LANG_RC_CONFIG])])
+m4_ifndef([AC_LIBTOOL_CONFIG], [AC_DEFUN([AC_LIBTOOL_CONFIG])])
+m4_ifndef([_LT_AC_FILE_LTDLL_C], [AC_DEFUN([_LT_AC_FILE_LTDLL_C])])
diff --git a/man/Makefile.am b/man/Makefile.am
new file mode 100644
index 00000000..3b03a96e
--- /dev/null
+++ b/man/Makefile.am
@@ -0,0 +1,52 @@
+NULL =
+
+man_MANS = \
+ xmlsec1.1 \
+ xmlsec1-config.1 \
+ $(NULL)
+
+EXTRA_DIST = \
+ xmlsec1.1 \
+ xmlsec1-config.1 \
+ $(NULL)
+
+XMLSEC_PROGRAM=$(top_builddir)/apps/xmlsec1
+XMLSEC_CONFIG_PROGRAM=$(top_builddir)/xmlsec1-config
+XMLSEC_HTML=$(top_builddir)/docs/xmlsec-man.html
+
+all:
+
+docs: man-clean man $(XMLSEC_HTML)
+
+
+man-clean:
+ @rm -rf $(man_MANS)
+
+man: $(man_MANS)
+
+$(XMLSEC_HTML): xmlsec1.1
+ man2html xmlsec1.1 | \
+ grep -v '^Content-type: text/html' | \
+ tr "[:cntrl:]" " " > \
+ $(XMLSEC_HTML)
+
+xmlsec1.1:
+ @rm -f xmlsec1.1
+ help2man --help-option=--help-all --no-info \
+ --name="sign, verify, encrypt and decrypt XML documents" \
+ --version-option=--version \
+ $(XMLSEC_PROGRAM) > xmlsec1.1
+
+xmlsec1-config.1:
+ @chmod 766 $(XMLSEC_CONFIG_PROGRAM)
+ @rm -f xmlsec1-config.1
+ help2man --help-option=--help --no-info \
+ --name="detail installed version of xmlsec library" \
+ --version-option=--version \
+ $(XMLSEC_CONFIG_PROGRAM) > xmlsec1-config.1
+
+$(XMLSEC_PROGRAM):
+ @cd ../apps;make
+
+clean:
+
diff --git a/man/Makefile.in b/man/Makefile.in
new file mode 100644
index 00000000..6f658797
--- /dev/null
+++ b/man/Makefile.in
@@ -0,0 +1,582 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = man
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+SOURCES =
+DIST_SOURCES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+man1dir = $(mandir)/man1
+am__installdirs = "$(DESTDIR)$(man1dir)"
+NROFF = nroff
+MANS = $(man_MANS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CP = @CP@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GCRYPT_CFLAGS = @GCRYPT_CFLAGS@
+GCRYPT_CRYPTO_LIB = @GCRYPT_CRYPTO_LIB@
+GCRYPT_LIBS = @GCRYPT_LIBS@
+GCRYPT_MIN_VERSION = @GCRYPT_MIN_VERSION@
+GNUTLS_CFLAGS = @GNUTLS_CFLAGS@
+GNUTLS_CRYPTO_LIB = @GNUTLS_CRYPTO_LIB@
+GNUTLS_LIBS = @GNUTLS_LIBS@
+GNUTLS_MIN_VERSION = @GNUTLS_MIN_VERSION@
+GREP = @GREP@
+HELP2MAN = @HELP2MAN@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIBXML_CFLAGS = @LIBXML_CFLAGS@
+LIBXML_CONFIG = @LIBXML_CONFIG@
+LIBXML_LIBS = @LIBXML_LIBS@
+LIBXML_MIN_VERSION = @LIBXML_MIN_VERSION@
+LIBXSLT_CFLAGS = @LIBXSLT_CFLAGS@
+LIBXSLT_CONFIG = @LIBXSLT_CONFIG@
+LIBXSLT_LIBS = @LIBXSLT_LIBS@
+LIBXSLT_MIN_VERSION = @LIBXSLT_MIN_VERSION@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MAN2HTML = @MAN2HTML@
+MKDIR_P = @MKDIR_P@
+MOZILLA_MIN_VERSION = @MOZILLA_MIN_VERSION@
+MSCRYPTO_CFLAGS = @MSCRYPTO_CFLAGS@
+MSCRYPTO_CRYPTO_LIB = @MSCRYPTO_CRYPTO_LIB@
+MSCRYPTO_LIBS = @MSCRYPTO_LIBS@
+MV = @MV@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NSPR_MIN_VERSION = @NSPR_MIN_VERSION@
+NSPR_PACKAGE = @NSPR_PACKAGE@
+NSS_CFLAGS = @NSS_CFLAGS@
+NSS_CRYPTO_LIB = @NSS_CRYPTO_LIB@
+NSS_LIBS = @NSS_LIBS@
+NSS_MIN_VERSION = @NSS_MIN_VERSION@
+NSS_PACKAGE = @NSS_PACKAGE@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_CFLAGS = @OPENSSL_CFLAGS@
+OPENSSL_CRYPTO_LIB = @OPENSSL_CRYPTO_LIB@
+OPENSSL_LIBS = @OPENSSL_LIBS@
+OPENSSL_MIN_VERSION = @OPENSSL_MIN_VERSION@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKGCONFIG_PRESENT = @PKGCONFIG_PRESENT@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+RANLIB = @RANLIB@
+RM = @RM@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+TAR = @TAR@
+U = @U@
+VERSION = @VERSION@
+XMLSEC_APP_DEFINES = @XMLSEC_APP_DEFINES@
+XMLSEC_CFLAGS = @XMLSEC_CFLAGS@
+XMLSEC_CORE_CFLAGS = @XMLSEC_CORE_CFLAGS@
+XMLSEC_CORE_LIBS = @XMLSEC_CORE_LIBS@
+XMLSEC_CRYPTO = @XMLSEC_CRYPTO@
+XMLSEC_CRYPTO_CFLAGS = @XMLSEC_CRYPTO_CFLAGS@
+XMLSEC_CRYPTO_DISABLED_LIST = @XMLSEC_CRYPTO_DISABLED_LIST@
+XMLSEC_CRYPTO_EXTRA_LDFLAGS = @XMLSEC_CRYPTO_EXTRA_LDFLAGS@
+XMLSEC_CRYPTO_LIB = @XMLSEC_CRYPTO_LIB@
+XMLSEC_CRYPTO_LIBS = @XMLSEC_CRYPTO_LIBS@
+XMLSEC_CRYPTO_LIST = @XMLSEC_CRYPTO_LIST@
+XMLSEC_CRYPTO_PC_FILES_LIST = @XMLSEC_CRYPTO_PC_FILES_LIST@
+XMLSEC_DEFINES = @XMLSEC_DEFINES@
+XMLSEC_DL_INCLUDES = @XMLSEC_DL_INCLUDES@
+XMLSEC_DL_LIBS = @XMLSEC_DL_LIBS@
+XMLSEC_DOCDIR = @XMLSEC_DOCDIR@
+XMLSEC_EXTRA_LDFLAGS = @XMLSEC_EXTRA_LDFLAGS@
+XMLSEC_GCRYPT_CFLAGS = @XMLSEC_GCRYPT_CFLAGS@
+XMLSEC_GCRYPT_LIBS = @XMLSEC_GCRYPT_LIBS@
+XMLSEC_GNUTLS_CFLAGS = @XMLSEC_GNUTLS_CFLAGS@
+XMLSEC_GNUTLS_LIBS = @XMLSEC_GNUTLS_LIBS@
+XMLSEC_LIBDIR = @XMLSEC_LIBDIR@
+XMLSEC_LIBS = @XMLSEC_LIBS@
+XMLSEC_NO_AES = @XMLSEC_NO_AES@
+XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_DES = @XMLSEC_NO_DES@
+XMLSEC_NO_DSA = @XMLSEC_NO_DSA@
+XMLSEC_NO_GCRYPT = @XMLSEC_NO_GCRYPT@
+XMLSEC_NO_GNUTLS = @XMLSEC_NO_GNUTLS@
+XMLSEC_NO_GOST = @XMLSEC_NO_GOST@
+XMLSEC_NO_HMAC = @XMLSEC_NO_HMAC@
+XMLSEC_NO_LIBXSLT = @XMLSEC_NO_LIBXSLT@
+XMLSEC_NO_MD5 = @XMLSEC_NO_MD5@
+XMLSEC_NO_MSCRYPTO = @XMLSEC_NO_MSCRYPTO@
+XMLSEC_NO_NSS = @XMLSEC_NO_NSS@
+XMLSEC_NO_OPENSSL = @XMLSEC_NO_OPENSSL@
+XMLSEC_NO_RIPEMD160 = @XMLSEC_NO_RIPEMD160@
+XMLSEC_NO_RSA = @XMLSEC_NO_RSA@
+XMLSEC_NO_SHA1 = @XMLSEC_NO_SHA1@
+XMLSEC_NO_SHA224 = @XMLSEC_NO_SHA224@
+XMLSEC_NO_SHA256 = @XMLSEC_NO_SHA256@
+XMLSEC_NO_SHA384 = @XMLSEC_NO_SHA384@
+XMLSEC_NO_SHA512 = @XMLSEC_NO_SHA512@
+XMLSEC_NO_X509 = @XMLSEC_NO_X509@
+XMLSEC_NO_XKMS = @XMLSEC_NO_XKMS@
+XMLSEC_NO_XMLDSIG = @XMLSEC_NO_XMLDSIG@
+XMLSEC_NO_XMLENC = @XMLSEC_NO_XMLENC@
+XMLSEC_NSS_CFLAGS = @XMLSEC_NSS_CFLAGS@
+XMLSEC_NSS_LIBS = @XMLSEC_NSS_LIBS@
+XMLSEC_OPENSSL_CFLAGS = @XMLSEC_OPENSSL_CFLAGS@
+XMLSEC_OPENSSL_LIBS = @XMLSEC_OPENSSL_LIBS@
+XMLSEC_PACKAGE = @XMLSEC_PACKAGE@
+XMLSEC_STATIC_BINARIES = @XMLSEC_STATIC_BINARIES@
+XMLSEC_VERSION = @XMLSEC_VERSION@
+XMLSEC_VERSION_INFO = @XMLSEC_VERSION_INFO@
+XMLSEC_VERSION_MAJOR = @XMLSEC_VERSION_MAJOR@
+XMLSEC_VERSION_MINOR = @XMLSEC_VERSION_MINOR@
+XMLSEC_VERSION_SAFE = @XMLSEC_VERSION_SAFE@
+XMLSEC_VERSION_SUBMINOR = @XMLSEC_VERSION_SUBMINOR@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+NULL =
+man_MANS = \
+ xmlsec1.1 \
+ xmlsec1-config.1 \
+ $(NULL)
+
+EXTRA_DIST = \
+ xmlsec1.1 \
+ xmlsec1-config.1 \
+ $(NULL)
+
+XMLSEC_PROGRAM = $(top_builddir)/apps/xmlsec1
+XMLSEC_CONFIG_PROGRAM = $(top_builddir)/xmlsec1-config
+XMLSEC_HTML = $(top_builddir)/docs/xmlsec-man.html
+all: all-am
+
+.SUFFIXES:
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu man/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu man/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+install-man1: $(man_MANS)
+ @$(NORMAL_INSTALL)
+ test -z "$(man1dir)" || $(MKDIR_P) "$(DESTDIR)$(man1dir)"
+ @list=''; test -n "$(man1dir)" || exit 0; \
+ { for i in $$list; do echo "$$i"; done; \
+ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ sed -n '/\.1[a-z]*$$/p'; \
+ } | while read p; do \
+ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+ echo "$$d$$p"; echo "$$p"; \
+ done | \
+ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
+ sed 'N;N;s,\n, ,g' | { \
+ list=; while read file base inst; do \
+ if test "$$base" = "$$inst"; then list="$$list $$file"; else \
+ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \
+ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \
+ fi; \
+ done; \
+ for i in $$list; do echo "$$i"; done | $(am__base_list) | \
+ while read files; do \
+ test -z "$$files" || { \
+ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \
+ $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \
+ done; }
+
+uninstall-man1:
+ @$(NORMAL_UNINSTALL)
+ @list=''; test -n "$(man1dir)" || exit 0; \
+ files=`{ for i in $$list; do echo "$$i"; done; \
+ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \
+ sed -n '/\.1[a-z]*$$/p'; \
+ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \
+ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
+ test -z "$$files" || { \
+ echo " ( cd '$(DESTDIR)$(man1dir)' && rm -f" $$files ")"; \
+ cd "$(DESTDIR)$(man1dir)" && rm -f $$files; }
+tags: TAGS
+TAGS:
+
+ctags: CTAGS
+CTAGS:
+
+
+distdir: $(DISTFILES)
+ @list='$(MANS)'; if test -n "$$list"; then \
+ list=`for p in $$list; do \
+ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
+ if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \
+ if test -n "$$list" && \
+ grep 'ab help2man is required to generate this page' $$list >/dev/null; then \
+ echo "error: found man pages containing the \`missing help2man' replacement text:" >&2; \
+ grep -l 'ab help2man is required to generate this page' $$list | sed 's/^/ /' >&2; \
+ echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \
+ echo " typically \`make maintainer-clean' will remove them" >&2; \
+ exit 1; \
+ else :; fi; \
+ else :; fi
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(MANS)
+installdirs:
+ for dir in "$(DESTDIR)$(man1dir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean-am: clean-generic clean-libtool mostlyclean-am
+
+distclean: distclean-am
+ -rm -f Makefile
+distclean-am: clean-am distclean-generic
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-man
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am:
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man: install-man1
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-generic mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-man
+
+uninstall-man: uninstall-man1
+
+.MAKE: install-am install-strip
+
+.PHONY: all all-am check check-am clean clean-generic clean-libtool \
+ distclean distclean-generic distclean-libtool distdir dvi \
+ dvi-am html html-am info info-am install install-am \
+ install-data install-data-am install-dvi install-dvi-am \
+ install-exec install-exec-am install-html install-html-am \
+ install-info install-info-am install-man install-man1 \
+ install-pdf install-pdf-am install-ps install-ps-am \
+ install-strip installcheck installcheck-am installdirs \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ uninstall uninstall-am uninstall-man uninstall-man1
+
+
+all:
+
+docs: man-clean man $(XMLSEC_HTML)
+
+man-clean:
+ @rm -rf $(man_MANS)
+
+man: $(man_MANS)
+
+$(XMLSEC_HTML): xmlsec1.1
+ man2html xmlsec1.1 | \
+ grep -v '^Content-type: text/html' | \
+ tr "[:cntrl:]" " " > \
+ $(XMLSEC_HTML)
+
+xmlsec1.1:
+ @rm -f xmlsec1.1
+ help2man --help-option=--help-all --no-info \
+ --name="sign, verify, encrypt and decrypt XML documents" \
+ --version-option=--version \
+ $(XMLSEC_PROGRAM) > xmlsec1.1
+
+xmlsec1-config.1:
+ @chmod 766 $(XMLSEC_CONFIG_PROGRAM)
+ @rm -f xmlsec1-config.1
+ help2man --help-option=--help --no-info \
+ --name="detail installed version of xmlsec library" \
+ --version-option=--version \
+ $(XMLSEC_CONFIG_PROGRAM) > xmlsec1-config.1
+
+$(XMLSEC_PROGRAM):
+ @cd ../apps;make
+
+clean:
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/man/xmlsec1-config.1 b/man/xmlsec1-config.1
new file mode 100644
index 00000000..8e14e6c1
--- /dev/null
+++ b/man/xmlsec1-config.1
@@ -0,0 +1,34 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.38.2.
+.TH XMLSEC1-CONFIG "1" "May 2011" "xmlsec1-config 1.2.18" "User Commands"
+.SH NAME
+xmlsec1-config \- detail installed version of xmlsec library
+.SH SYNOPSIS
+.B xmlsec1-config
+[\fIOPTION\fR]...
+.SH DESCRIPTION
+Known values for OPTION are:
+.TP
+\fB\-\-prefix\fR=\fIDIR\fR
+change XMLSEC prefix
+.TP
+\fB\-\-exec\-prefix\fR=\fIDIR\fR
+change XMLSEC executable prefix
+.TP
+\fB\-\-libs\fR
+print library linking information
+.TP
+\fB\-\-cflags\fR
+print pre\-processor and compiler flags
+.TP
+\fB\-\-crypto\fR
+print the default crypto library name
+.TP
+\fB\-\-help\fR
+display this help and exit
+.TP
+\fB\-\-version\fR
+output version information
+.TP
+\fB\-\-crypto\fR=\fILIB\fR
+configure with XMLSEC crypto library (one of the
+following: none default openssl nss gnutls gcrypt)
diff --git a/man/xmlsec1.1 b/man/xmlsec1.1
new file mode 100644
index 00000000..d9414c12
--- /dev/null
+++ b/man/xmlsec1.1
@@ -0,0 +1,269 @@
+.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.38.2.
+.TH XMLSEC1 "1" "May 2011" "xmlsec1 1.2.18 (openssl)" "User Commands"
+.SH NAME
+xmlsec1 \- sign, verify, encrypt and decrypt XML documents
+.SH SYNOPSIS
+.B xmlsec
+\fI<command> \fR[\fI<options>\fR] [\fI<files>\fR]
+.SH DESCRIPTION
+xmlsec is a command line tool for signing, verifying, encrypting and
+decrypting XML documents. The allowed <command> values are:
+.TP
+\fB\-\-help\fR
+display this help information and exit
+.TP
+\fB\-\-help\-all\fR
+display help information for all commands/options and exit
+.TP
+\fB\-\-help\-\fR<cmd>
+display help information for command <cmd> and exit
+.TP
+\fB\-\-version\fR
+print version information and exit
+.TP
+\fB\-\-keys\fR
+keys XML file manipulation
+.TP
+\fB\-\-sign\fR
+sign data and output XML document
+.TP
+\fB\-\-verify\fR
+verify signed document
+.TP
+\fB\-\-sign\-tmpl\fR
+create and sign dynamicaly generated signature template
+.TP
+\fB\-\-encrypt\fR
+encrypt data and output XML document
+.TP
+\fB\-\-decrypt\fR
+decrypt data from XML document
+.SH OPTIONS
+.HP
+\fB\-\-ignore\-manifests\fR
+.IP
+do not process <dsig:Manifest> elements
+.HP
+\fB\-\-store\-references\fR
+.IP
+store and print the result of <dsig:Reference/> element processing
+just before calculating digest
+.HP
+\fB\-\-store\-signatures\fR
+.IP
+store and print the result of <dsig:Signature> processing
+just before calculating signature
+.HP
+\fB\-\-enabled\-reference\-uris\fR <list>
+.IP
+comma separated list of of the following values:
+"empty", "same\-doc", "local","remote" to restrict possible URI
+attribute values for the <dsig:Reference> element
+.HP
+\fB\-\-enable\-visa3d\-hack\fR
+.IP
+enables Visa3D protocol specific hack for URI attributes processing
+when we are trying not to use XPath/XPointer engine; this is a hack
+and I don't know what else might be broken in your application when
+you use it (also check "\-\-id\-attr" option because you might need it)
+.HP
+\fB\-\-binary\-data\fR <file>
+.IP
+binary <file> to encrypt
+.HP
+\fB\-\-xml\-data\fR <file>
+.IP
+XML <file> to encrypt
+.HP
+\fB\-\-enabled\-cipher\-reference\-uris\fR <list>
+.IP
+comma separated list of of the following values:
+"empty", "same\-doc", "local","remote" to restrict possible URI
+attribute values for the <enc:CipherReference> element
+.HP
+\fB\-\-session\-key\fR <keyKlass>\-<keySize>
+.IP
+generate new session <keyKlass> key of <keySize> bits size
+(for example, "\-\-session des\-192" generates a new 192 bits
+DES key for DES3 encryption)
+.HP
+\fB\-\-output\fR <filename>
+.IP
+write result document to file <filename>
+.HP
+\fB\-\-print\-debug\fR
+.IP
+print debug information to stdout
+.HP
+\fB\-\-print\-xml\-debug\fR
+.IP
+print debug information to stdout in xml format
+.HP
+\fB\-\-dtd\-file\fR <file>
+.IP
+load the specified file as the DTD
+.HP
+\fB\-\-node\-id\fR <id>
+.IP
+set the operation start point to the node with given <id>
+.HP
+\fB\-\-node\-name\fR [<namespace\-uri>:]<name>
+.IP
+set the operation start point to the first node
+with given <name> and <namespace> URI
+.HP
+\fB\-\-node\-xpath\fR <expr>
+.IP
+set the operation start point to the first node
+selected by the specified XPath expression
+.HP
+\fB\-\-id\-attr[\fR:<attr\-name>] [<node\-namespace\-uri>:]<node\-name>
+.IP
+adds attributes <attr\-name> (default value "id") from all nodes
+with<node\-name> and namespace <node\-namespace\-uri> to the list of
+known ID attributes; this is a hack and if you can use DTD or schema
+to declare ID attributes instead (see "\-\-dtd\-file" option),
+I don't know what else might be broken in your application when
+you use this hack
+.HP
+\fB\-\-enabled\-key\-data\fR <list>
+.IP
+comma separated list of enabled key data (list of
+registered key data klasses is available with "\-\-list\-key\-data"
+command); by default, all registered key data are enabled
+.HP
+\fB\-\-enabled\-retrieval\-uris\fR <list>
+.IP
+comma separated list of of the following values:
+"empty", "same\-doc", "local","remote" to restrict possible URI
+attribute values for the <dsig:RetrievalMethod> element.
+.HP
+\fB\-\-gen\-key[\fR:<name>] <keyKlass>\-<keySize>
+.IP
+generate new <keyKlass> key of <keySize> bits size,
+set the key name to <name> and add the result to keys
+manager (for example, "\-\-gen:mykey rsa\-1024" generates
+a new 1024 bits RSA key and sets it's name to "mykey")
+.HP
+\fB\-\-keys\-file\fR <file>
+.IP
+load keys from XML file
+.HP
+\fB\-\-privkey\-pem[\fR:<name>] <file>[,<cafile>[,<cafile>[...]]]
+.IP
+load private key from PEM file and certificates
+that verify this key
+.HP
+\fB\-\-privkey\-der[\fR:<name>] <file>[,<cafile>[,<cafile>[...]]]
+.IP
+load private key from DER file and certificates
+that verify this key
+.HP
+\fB\-\-pkcs8\-pem[\fR:<name>] <file>[,<cafile>[,<cafile>[...]]]
+.IP
+load private key from PKCS8 PEM file and PEM certificates
+that verify this key
+.HP
+\fB\-\-pkcs8\-der[\fR:<name>] <file>[,<cafile>[,<cafile>[...]]]
+.IP
+load private key from PKCS8 DER file and DER certificates
+that verify this key
+.HP
+\fB\-\-pubkey\-pem[\fR:<name>] <file>
+.IP
+load public key from PEM file
+.HP
+\fB\-\-pubkey\-der[\fR:<name>] <file>
+.IP
+load public key from DER file
+.HP
+\fB\-\-aeskey[\fR:<name>] <file>
+.IP
+load AES key from binary file <file>
+.HP
+\fB\-\-deskey[\fR:<name>] <file>
+.IP
+load DES key from binary file <file>
+.HP
+\fB\-\-hmackey[\fR:<name>] <file>
+.IP
+load HMAC key from binary file <file>
+.HP
+\fB\-\-pwd\fR <password>
+.IP
+the password to use for reading keys and certs
+.HP
+\fB\-\-pkcs12[\fR:<name>] <file>
+.IP
+load load private key from pkcs12 file <file>
+.HP
+\fB\-\-pubkey\-cert\-pem[\fR:<name>] <file>
+.IP
+load public key from PEM cert file
+.HP
+\fB\-\-pubkey\-cert\-der[\fR:<name>] <file>
+.IP
+load public key from DER cert file
+.HP
+\fB\-\-trusted\-pem\fR <file>
+.IP
+load trusted (root) certificate from PEM file <file>
+.HP
+\fB\-\-untrusted\-pem\fR <file>
+.IP
+load untrusted certificate from PEM file <file>
+.HP
+\fB\-\-trusted\-der\fR <file>
+.IP
+load trusted (root) certificate from DER file <file>
+.HP
+\fB\-\-untrusted\-der\fR <file>
+.IP
+load untrusted certificate from DER file <file>
+.HP
+\fB\-\-verification\-time\fR <time>
+.IP
+the local time in "YYYY\-MM\-DD HH:MM:SS" format
+used certificates verification
+.HP
+\fB\-\-depth\fR <number>
+.IP
+maximum certificates chain depth
+.HP
+\fB\-\-X509\-skip\-strict\-checks\fR
+.IP
+skip strict checking of X509 data
+.HP
+\fB\-\-crypto\fR <name>
+.IP
+the name of the crypto engine to use from the following
+list: openssl, mscrypto, nss, gnutls, gcrypt (if no crypto engine is
+specified then the default one is used)
+.HP
+\fB\-\-crypto\-config\fR <path>
+.IP
+path to crypto engine configuration
+.HP
+\fB\-\-repeat\fR <number>
+.IP
+repeat the operation <number> times
+.HP
+\fB\-\-disable\-error\-msgs\fR
+.IP
+do not print xmlsec error messages
+.HP
+\fB\-\-print\-crypto\-error\-msgs\fR
+.IP
+print errors stack at the end
+.HP
+\fB\-\-help\fR
+.IP
+print help information about the command
+.SH AUTHOR
+Written by Aleksey Sanin <aleksey@aleksey.com>.
+.SH "REPORTING BUGS"
+Report bugs to http://www.aleksey.com/xmlsec/bugs.html
+.SH COPYRIGHT
+Copyright \(co 2002\-2003 Aleksey Sanin.
+.br
+This is free software: see the source for copying information.
diff --git a/missing b/missing
new file mode 100755
index 00000000..28055d2a
--- /dev/null
+++ b/missing
@@ -0,0 +1,376 @@
+#! /bin/sh
+# Common stub for a few missing GNU programs while installing.
+
+scriptversion=2009-04-28.21; # UTC
+
+# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006,
+# 2008, 2009 Free Software Foundation, Inc.
+# Originally by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+if test $# -eq 0; then
+ echo 1>&2 "Try \`$0 --help' for more information"
+ exit 1
+fi
+
+run=:
+sed_output='s/.* --output[ =]\([^ ]*\).*/\1/p'
+sed_minuso='s/.* -o \([^ ]*\).*/\1/p'
+
+# In the cases where this matters, `missing' is being run in the
+# srcdir already.
+if test -f configure.ac; then
+ configure_ac=configure.ac
+else
+ configure_ac=configure.in
+fi
+
+msg="missing on your system"
+
+case $1 in
+--run)
+ # Try to run requested program, and just exit if it succeeds.
+ run=
+ shift
+ "$@" && exit 0
+ # Exit code 63 means version mismatch. This often happens
+ # when the user try to use an ancient version of a tool on
+ # a file that requires a minimum version. In this case we
+ # we should proceed has if the program had been absent, or
+ # if --run hadn't been passed.
+ if test $? = 63; then
+ run=:
+ msg="probably too old"
+ fi
+ ;;
+
+ -h|--h|--he|--hel|--help)
+ echo "\
+$0 [OPTION]... PROGRAM [ARGUMENT]...
+
+Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an
+error status if there is no known handling for PROGRAM.
+
+Options:
+ -h, --help display this help and exit
+ -v, --version output version information and exit
+ --run try to run the given command, and emulate it if it fails
+
+Supported PROGRAM values:
+ aclocal touch file \`aclocal.m4'
+ autoconf touch file \`configure'
+ autoheader touch file \`config.h.in'
+ autom4te touch the output file, or create a stub one
+ automake touch all \`Makefile.in' files
+ bison create \`y.tab.[ch]', if possible, from existing .[ch]
+ flex create \`lex.yy.c', if possible, from existing .c
+ help2man touch the output file
+ lex create \`lex.yy.c', if possible, from existing .c
+ makeinfo touch the output file
+ tar try tar, gnutar, gtar, then tar without non-portable flags
+ yacc create \`y.tab.[ch]', if possible, from existing .[ch]
+
+Version suffixes to PROGRAM as well as the prefixes \`gnu-', \`gnu', and
+\`g' are ignored when checking the name.
+
+Send bug reports to <bug-automake@gnu.org>."
+ exit $?
+ ;;
+
+ -v|--v|--ve|--ver|--vers|--versi|--versio|--version)
+ echo "missing $scriptversion (GNU Automake)"
+ exit $?
+ ;;
+
+ -*)
+ echo 1>&2 "$0: Unknown \`$1' option"
+ echo 1>&2 "Try \`$0 --help' for more information"
+ exit 1
+ ;;
+
+esac
+
+# normalize program name to check for.
+program=`echo "$1" | sed '
+ s/^gnu-//; t
+ s/^gnu//; t
+ s/^g//; t'`
+
+# Now exit if we have it, but it failed. Also exit now if we
+# don't have it and --version was passed (most likely to detect
+# the program). This is about non-GNU programs, so use $1 not
+# $program.
+case $1 in
+ lex*|yacc*)
+ # Not GNU programs, they don't have --version.
+ ;;
+
+ tar*)
+ if test -n "$run"; then
+ echo 1>&2 "ERROR: \`tar' requires --run"
+ exit 1
+ elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
+ exit 1
+ fi
+ ;;
+
+ *)
+ if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
+ # We have it, but it failed.
+ exit 1
+ elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
+ # Could not run --version or --help. This is probably someone
+ # running `$TOOL --version' or `$TOOL --help' to check whether
+ # $TOOL exists and not knowing $TOOL uses missing.
+ exit 1
+ fi
+ ;;
+esac
+
+# If it does not exist, or fails to run (possibly an outdated version),
+# try to emulate it.
+case $program in
+ aclocal*)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified \`acinclude.m4' or \`${configure_ac}'. You might want
+ to install the \`Automake' and \`Perl' packages. Grab them from
+ any GNU archive site."
+ touch aclocal.m4
+ ;;
+
+ autoconf*)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified \`${configure_ac}'. You might want to install the
+ \`Autoconf' and \`GNU m4' packages. Grab them from any GNU
+ archive site."
+ touch configure
+ ;;
+
+ autoheader*)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified \`acconfig.h' or \`${configure_ac}'. You might want
+ to install the \`Autoconf' and \`GNU m4' packages. Grab them
+ from any GNU archive site."
+ files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}`
+ test -z "$files" && files="config.h"
+ touch_files=
+ for f in $files; do
+ case $f in
+ *:*) touch_files="$touch_files "`echo "$f" |
+ sed -e 's/^[^:]*://' -e 's/:.*//'`;;
+ *) touch_files="$touch_files $f.in";;
+ esac
+ done
+ touch $touch_files
+ ;;
+
+ automake*)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'.
+ You might want to install the \`Automake' and \`Perl' packages.
+ Grab them from any GNU archive site."
+ find . -type f -name Makefile.am -print |
+ sed 's/\.am$/.in/' |
+ while read f; do touch "$f"; done
+ ;;
+
+ autom4te*)
+ echo 1>&2 "\
+WARNING: \`$1' is needed, but is $msg.
+ You might have modified some files without having the
+ proper tools for further handling them.
+ You can get \`$1' as part of \`Autoconf' from any GNU
+ archive site."
+
+ file=`echo "$*" | sed -n "$sed_output"`
+ test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+ if test -f "$file"; then
+ touch $file
+ else
+ test -z "$file" || exec >$file
+ echo "#! /bin/sh"
+ echo "# Created by GNU Automake missing as a replacement of"
+ echo "# $ $@"
+ echo "exit 0"
+ chmod +x $file
+ exit 1
+ fi
+ ;;
+
+ bison*|yacc*)
+ echo 1>&2 "\
+WARNING: \`$1' $msg. You should only need it if
+ you modified a \`.y' file. You may need the \`Bison' package
+ in order for those modifications to take effect. You can get
+ \`Bison' from any GNU archive site."
+ rm -f y.tab.c y.tab.h
+ if test $# -ne 1; then
+ eval LASTARG="\${$#}"
+ case $LASTARG in
+ *.y)
+ SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
+ if test -f "$SRCFILE"; then
+ cp "$SRCFILE" y.tab.c
+ fi
+ SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'`
+ if test -f "$SRCFILE"; then
+ cp "$SRCFILE" y.tab.h
+ fi
+ ;;
+ esac
+ fi
+ if test ! -f y.tab.h; then
+ echo >y.tab.h
+ fi
+ if test ! -f y.tab.c; then
+ echo 'main() { return 0; }' >y.tab.c
+ fi
+ ;;
+
+ lex*|flex*)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified a \`.l' file. You may need the \`Flex' package
+ in order for those modifications to take effect. You can get
+ \`Flex' from any GNU archive site."
+ rm -f lex.yy.c
+ if test $# -ne 1; then
+ eval LASTARG="\${$#}"
+ case $LASTARG in
+ *.l)
+ SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
+ if test -f "$SRCFILE"; then
+ cp "$SRCFILE" lex.yy.c
+ fi
+ ;;
+ esac
+ fi
+ if test ! -f lex.yy.c; then
+ echo 'main() { return 0; }' >lex.yy.c
+ fi
+ ;;
+
+ help2man*)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified a dependency of a manual page. You may need the
+ \`Help2man' package in order for those modifications to take
+ effect. You can get \`Help2man' from any GNU archive site."
+
+ file=`echo "$*" | sed -n "$sed_output"`
+ test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+ if test -f "$file"; then
+ touch $file
+ else
+ test -z "$file" || exec >$file
+ echo ".ab help2man is required to generate this page"
+ exit $?
+ fi
+ ;;
+
+ makeinfo*)
+ echo 1>&2 "\
+WARNING: \`$1' is $msg. You should only need it if
+ you modified a \`.texi' or \`.texinfo' file, or any other file
+ indirectly affecting the aspect of the manual. The spurious
+ call might also be the consequence of using a buggy \`make' (AIX,
+ DU, IRIX). You might want to install the \`Texinfo' package or
+ the \`GNU make' package. Grab either from any GNU archive site."
+ # The file to touch is that specified with -o ...
+ file=`echo "$*" | sed -n "$sed_output"`
+ test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+ if test -z "$file"; then
+ # ... or it is the one specified with @setfilename ...
+ infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'`
+ file=`sed -n '
+ /^@setfilename/{
+ s/.* \([^ ]*\) *$/\1/
+ p
+ q
+ }' $infile`
+ # ... or it is derived from the source name (dir/f.texi becomes f.info)
+ test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info
+ fi
+ # If the file does not exist, the user really needs makeinfo;
+ # let's fail without touching anything.
+ test -f $file || exit 1
+ touch $file
+ ;;
+
+ tar*)
+ shift
+
+ # We have already tried tar in the generic part.
+ # Look for gnutar/gtar before invocation to avoid ugly error
+ # messages.
+ if (gnutar --version > /dev/null 2>&1); then
+ gnutar "$@" && exit 0
+ fi
+ if (gtar --version > /dev/null 2>&1); then
+ gtar "$@" && exit 0
+ fi
+ firstarg="$1"
+ if shift; then
+ case $firstarg in
+ *o*)
+ firstarg=`echo "$firstarg" | sed s/o//`
+ tar "$firstarg" "$@" && exit 0
+ ;;
+ esac
+ case $firstarg in
+ *h*)
+ firstarg=`echo "$firstarg" | sed s/h//`
+ tar "$firstarg" "$@" && exit 0
+ ;;
+ esac
+ fi
+
+ echo 1>&2 "\
+WARNING: I can't seem to be able to run \`tar' with the given arguments.
+ You may want to install GNU tar or Free paxutils, or check the
+ command line arguments."
+ exit 1
+ ;;
+
+ *)
+ echo 1>&2 "\
+WARNING: \`$1' is needed, and is $msg.
+ You might have modified some files without having the
+ proper tools for further handling them. Check the \`README' file,
+ it often tells you about the needed prerequisites for installing
+ this package. You may also peek at any GNU archive site, in case
+ some other package would contain this missing \`$1' program."
+ exit 1
+ ;;
+esac
+
+exit 0
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
diff --git a/scripts/build_release.sh b/scripts/build_release.sh
new file mode 100755
index 00000000..dc9edd0f
--- /dev/null
+++ b/scripts/build_release.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+# config
+cur_pwd=`pwd`
+today=`date +%F-%T`
+
+git_uri=git://git.gnome.org/xmlsec
+rpm_root=/usr/src/redhat
+build_root="$rpm_root/BUILD/xmlsec-build-area-$today"
+
+echo "Creating build area $build_root"
+rm -rf "$build_root"
+mkdir -p "$build_root"
+cd "$build_root"
+
+echo "Checking out the module '$git_url'"
+git clone $git_uri
+cd xmlsec
+find . -name ".git" | xargs rm -r
+
+./autogen.sh --prefix=/usr --sysconfdir=/etc
+make tar-release
+# can't build rpm on ubuntu
+# make rpm-release
+
+tar_file=`ls xmlsec*.tar.gz`
+echo "Moving sources tar file to $rpm_root/SOURCES/$tar_file"
+mv $tar_file $rpm_root/SOURCES
+
+echo "Cleanup"
+cd "$cur_pwd"
+#rm -rf "$build_root"
+
diff --git a/scripts/change-release.sh b/scripts/change-release.sh
new file mode 100755
index 00000000..23c6baf0
--- /dev/null
+++ b/scripts/change-release.sh
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+
+old_release=$1
+new_release=$2
+
+sh_files=`find . -name "*.sh" -print`
+am_files=`find . -name "*.am" -print`
+in_files=`find . -name "*.in" -print`
+html_files=`find . -name "*.html" -print`
+sgml_files=`find . -name "*.sgml" -print`
+cvsignore_files=`find . -name ".cvsignore" -print`
+
+files="$sh_files $am_files $in_files $html_files $sgml_files $cvsignore_files"
+for i in $files; do
+ echo Processing $i ...
+ sed "s/$old_release/$new_release/g" $i > $i.tmp
+ if [ $? != 0 ]; then
+ echo "Failed to process file $i"
+ exit 1
+ fi
+
+ mode=`stat -c "%a" $i`
+ chmod $mode $i.tmp
+ if [ $? != 0 ]; then
+ echo "Failed to retore permissions for $i"
+ exit 1
+ fi
+done
+
+for i in $files; do
+ echo Moving $i ...
+ mv $i.tmp $i
+done
diff --git a/scripts/push_release.sh b/scripts/push_release.sh
new file mode 100755
index 00000000..162c31a8
--- /dev/null
+++ b/scripts/push_release.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+# input
+version=$1
+
+# config
+svn_module=xmlsec
+svn_uri=svn+ssh://aleksey@svn.gnome.org/svn/$svn_module/trunk
+svn_branch_uri=svn+ssh://aleksey@svn.gnome.org/svn/$svn_module/branches/$version
+
+rpm_name=xmlsec1
+rpm_root=/usr/src/redhat
+remote_root=aleksey@ftp.aleksey.com:/var/ftp/pub/xmlsec/releases
+build_target=i386
+
+echo "Uploading to aleksey.com"
+scp $rpm_root/SOURCES/$rpm_name-$version.tar.gz \
+ $rpm_root/SRPMS/$rpm_name-$version-*.src.rpm \
+ $rpm_root/RPMS/$build_target/$rpm_name-$version-*.$build_target.rpm \
+ $rpm_root/RPMS/$build_target/$rpm_name-devel-$version-*.$build_target.rpm \
+ $rpm_root/RPMS/$build_target/$rpm_name-openssl-$version-*.$build_target.rpm \
+ $rpm_root/RPMS/$build_target/$rpm_name-openssl-devel-$version-*.$build_target.rpm \
+ $rpm_root/RPMS/$build_target/$rpm_name-nss-$version-*.$build_target.rpm \
+ $rpm_root/RPMS/$build_target/$rpm_name-nss-devel-$version-*.$build_target.rpm \
+ $remote_root
+
+
+echo "Creating SVN branch $version"
+svn copy $svn_uri $svn_branch_uri -m"creating release $version branch"
+
diff --git a/scripts/remove-gtkdoclink.pl b/scripts/remove-gtkdoclink.pl
new file mode 100755
index 00000000..84ab625c
--- /dev/null
+++ b/scripts/remove-gtkdoclink.pl
@@ -0,0 +1,20 @@
+#!/usr/bin/perl -w
+
+use strict;
+
+my $file;
+while ($file = shift @ARGV) {
+ print "Processing $file..\n";
+ open (IN, $file) || die "Can't open $file: $!";
+ my $entire_file;
+ while(<IN>) {
+ $entire_file = $entire_file . $_;
+ }
+ close (IN);
+ $entire_file =~ s%<GTKDOCLINK\s+HREF="([^"]*)"\s*>(.*?)</GTKDOCLINK\s*>% "<font>$2</font>" %ge;
+
+ open (OUT, ">$file") || die "Can't open $file: $!";
+ print OUT $entire_file;
+ close (OUT);
+}
+
diff --git a/scripts/test_errors.pl b/scripts/test_errors.pl
new file mode 100755
index 00000000..76173b82
--- /dev/null
+++ b/scripts/test_errors.pl
@@ -0,0 +1,38 @@
+#!/usr/bin/perl
+
+my $file;
+while ($file = shift @ARGV) {
+ # print "Processing file $file...\n";
+ open(IN, "$file") || die "Unable to open file $file";
+ $state = "";
+ $line=0;
+ while(<IN>) {
+ $line++;
+ chomp;
+
+ if($state eq "") {
+ if(/xmlSecError\((.*)/) {
+ $state = "$file,$line," . $1;
+ }
+ } else {
+ if(/(.*);/) {
+ $_ = $state . $1;
+ $state = "";
+
+ while(/\t/) {
+ s/\t//;
+ }
+ while(/\, /) {
+ s/\, /\,/;
+ }
+ while(/\,/) {
+ s/\,/\;/;
+ }
+ print "$_\n";
+ } else {
+ $state = $state . $_;
+ }
+ }
+ }
+ close IN;
+}
diff --git a/scripts/test_release.sh b/scripts/test_release.sh
new file mode 100755
index 00000000..705f7963
--- /dev/null
+++ b/scripts/test_release.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+module=$1
+version=$2
+build_root=/tmp
+rpm_root=/usr/src/redhat
+
+./autogen.sh --prefix=/usr --sysconfdir=/etc
+make dist
+mv $module-$version.tar.gz $rpm_root/SOURCES
+rpm -ba $module.spec
+
diff --git a/src/Makefile.am b/src/Makefile.am
new file mode 100644
index 00000000..3883ab6f
--- /dev/null
+++ b/src/Makefile.am
@@ -0,0 +1,71 @@
+NULL =
+
+SUBDIRS = . $(XMLSEC_CRYPTO_LIST)
+
+INCLUDES = \
+ -DPACKAGE=\"@PACKAGE@\" \
+ -I../include \
+ -I$(top_srcdir)/include \
+ $(XMLSEC_DEFINES) \
+ $(XMLSEC_DL_INCLUDES) \
+ $(LIBXSLT_CFLAGS) \
+ $(LIBXML_CFLAGS) \
+ $(NULL)
+
+EXTRA_DIST = \
+ globals.h \
+ kw_aes_des.h \
+ skeleton \
+ mscrypto \
+ $(XMLSEC_CRYPTO_DISABLED_LIST) \
+ $(NULL)
+
+lib_LTLIBRARIES = \
+ libxmlsec1.la \
+ $(NULL)
+
+libxmlsec1_la_SOURCES = \
+ $(LTDL_SOURCE_FILES) \
+ app.c \
+ base64.c \
+ bn.c \
+ buffer.c \
+ c14n.c \
+ dl.c \
+ enveloped.c \
+ errors.c \
+ io.c \
+ keyinfo.c \
+ keys.c \
+ keysdata.c \
+ keysmngr.c \
+ kw_aes_des.c \
+ list.c \
+ membuf.c \
+ nodeset.c \
+ parser.c \
+ soap.c \
+ strings.c \
+ templates.c \
+ transforms.c \
+ x509.c \
+ xkms.c \
+ xmldsig.c \
+ xmlenc.c \
+ xmlsec.c \
+ xmltree.c \
+ xpath.c \
+ xslt.c \
+ $(NULL)
+
+libxmlsec1_la_LIBADD = \
+ $(LIBXSLT_LIBS) \
+ $(LIBXML_LIBS) \
+ $(XMLSEC_DL_LIBS) \
+ $(NULL)
+
+libxmlsec1_la_LDFLAGS = \
+ @XMLSEC_EXTRA_LDFLAGS@ \
+ -version-info @XMLSEC_VERSION_INFO@ \
+ $(NULL)
+
diff --git a/src/Makefile.in b/src/Makefile.in
new file mode 100644
index 00000000..545abac5
--- /dev/null
+++ b/src/Makefile.in
@@ -0,0 +1,878 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+subdir = src
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(libdir)"
+LTLIBRARIES = $(lib_LTLIBRARIES)
+am__DEPENDENCIES_1 =
+libxmlsec1_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+ $(am__DEPENDENCIES_1)
+am__objects_1 =
+am_libxmlsec1_la_OBJECTS = app.lo base64.lo bn.lo buffer.lo c14n.lo \
+ dl.lo enveloped.lo errors.lo io.lo keyinfo.lo keys.lo \
+ keysdata.lo keysmngr.lo kw_aes_des.lo list.lo membuf.lo \
+ nodeset.lo parser.lo soap.lo strings.lo templates.lo \
+ transforms.lo x509.lo xkms.lo xmldsig.lo xmlenc.lo xmlsec.lo \
+ xmltree.lo xpath.lo xslt.lo $(am__objects_1)
+libxmlsec1_la_OBJECTS = $(am_libxmlsec1_la_OBJECTS)
+libxmlsec1_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libxmlsec1_la_LDFLAGS) $(LDFLAGS) -o $@
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libxmlsec1_la_SOURCES)
+DIST_SOURCES = $(libxmlsec1_la_SOURCES)
+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
+ html-recursive info-recursive install-data-recursive \
+ install-dvi-recursive install-exec-recursive \
+ install-html-recursive install-info-recursive \
+ install-pdf-recursive install-ps-recursive install-recursive \
+ installcheck-recursive installdirs-recursive pdf-recursive \
+ ps-recursive uninstall-recursive
+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
+ distclean-recursive maintainer-clean-recursive
+AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
+ $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \
+ distdir
+ETAGS = etags
+CTAGS = ctags
+DIST_SUBDIRS = $(SUBDIRS)
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+am__relativize = \
+ dir0=`pwd`; \
+ sed_first='s,^\([^/]*\)/.*$$,\1,'; \
+ sed_rest='s,^[^/]*/*,,'; \
+ sed_last='s,^.*/\([^/]*\)$$,\1,'; \
+ sed_butlast='s,/*[^/]*$$,,'; \
+ while test -n "$$dir1"; do \
+ first=`echo "$$dir1" | sed -e "$$sed_first"`; \
+ if test "$$first" != "."; then \
+ if test "$$first" = ".."; then \
+ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
+ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
+ else \
+ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
+ if test "$$first2" = "$$first"; then \
+ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
+ else \
+ dir2="../$$dir2"; \
+ fi; \
+ dir0="$$dir0"/"$$first"; \
+ fi; \
+ fi; \
+ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
+ done; \
+ reldir="$$dir2"
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CP = @CP@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GCRYPT_CFLAGS = @GCRYPT_CFLAGS@
+GCRYPT_CRYPTO_LIB = @GCRYPT_CRYPTO_LIB@
+GCRYPT_LIBS = @GCRYPT_LIBS@
+GCRYPT_MIN_VERSION = @GCRYPT_MIN_VERSION@
+GNUTLS_CFLAGS = @GNUTLS_CFLAGS@
+GNUTLS_CRYPTO_LIB = @GNUTLS_CRYPTO_LIB@
+GNUTLS_LIBS = @GNUTLS_LIBS@
+GNUTLS_MIN_VERSION = @GNUTLS_MIN_VERSION@
+GREP = @GREP@
+HELP2MAN = @HELP2MAN@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIBXML_CFLAGS = @LIBXML_CFLAGS@
+LIBXML_CONFIG = @LIBXML_CONFIG@
+LIBXML_LIBS = @LIBXML_LIBS@
+LIBXML_MIN_VERSION = @LIBXML_MIN_VERSION@
+LIBXSLT_CFLAGS = @LIBXSLT_CFLAGS@
+LIBXSLT_CONFIG = @LIBXSLT_CONFIG@
+LIBXSLT_LIBS = @LIBXSLT_LIBS@
+LIBXSLT_MIN_VERSION = @LIBXSLT_MIN_VERSION@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MAN2HTML = @MAN2HTML@
+MKDIR_P = @MKDIR_P@
+MOZILLA_MIN_VERSION = @MOZILLA_MIN_VERSION@
+MSCRYPTO_CFLAGS = @MSCRYPTO_CFLAGS@
+MSCRYPTO_CRYPTO_LIB = @MSCRYPTO_CRYPTO_LIB@
+MSCRYPTO_LIBS = @MSCRYPTO_LIBS@
+MV = @MV@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NSPR_MIN_VERSION = @NSPR_MIN_VERSION@
+NSPR_PACKAGE = @NSPR_PACKAGE@
+NSS_CFLAGS = @NSS_CFLAGS@
+NSS_CRYPTO_LIB = @NSS_CRYPTO_LIB@
+NSS_LIBS = @NSS_LIBS@
+NSS_MIN_VERSION = @NSS_MIN_VERSION@
+NSS_PACKAGE = @NSS_PACKAGE@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_CFLAGS = @OPENSSL_CFLAGS@
+OPENSSL_CRYPTO_LIB = @OPENSSL_CRYPTO_LIB@
+OPENSSL_LIBS = @OPENSSL_LIBS@
+OPENSSL_MIN_VERSION = @OPENSSL_MIN_VERSION@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKGCONFIG_PRESENT = @PKGCONFIG_PRESENT@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+RANLIB = @RANLIB@
+RM = @RM@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+TAR = @TAR@
+U = @U@
+VERSION = @VERSION@
+XMLSEC_APP_DEFINES = @XMLSEC_APP_DEFINES@
+XMLSEC_CFLAGS = @XMLSEC_CFLAGS@
+XMLSEC_CORE_CFLAGS = @XMLSEC_CORE_CFLAGS@
+XMLSEC_CORE_LIBS = @XMLSEC_CORE_LIBS@
+XMLSEC_CRYPTO = @XMLSEC_CRYPTO@
+XMLSEC_CRYPTO_CFLAGS = @XMLSEC_CRYPTO_CFLAGS@
+XMLSEC_CRYPTO_DISABLED_LIST = @XMLSEC_CRYPTO_DISABLED_LIST@
+XMLSEC_CRYPTO_EXTRA_LDFLAGS = @XMLSEC_CRYPTO_EXTRA_LDFLAGS@
+XMLSEC_CRYPTO_LIB = @XMLSEC_CRYPTO_LIB@
+XMLSEC_CRYPTO_LIBS = @XMLSEC_CRYPTO_LIBS@
+XMLSEC_CRYPTO_LIST = @XMLSEC_CRYPTO_LIST@
+XMLSEC_CRYPTO_PC_FILES_LIST = @XMLSEC_CRYPTO_PC_FILES_LIST@
+XMLSEC_DEFINES = @XMLSEC_DEFINES@
+XMLSEC_DL_INCLUDES = @XMLSEC_DL_INCLUDES@
+XMLSEC_DL_LIBS = @XMLSEC_DL_LIBS@
+XMLSEC_DOCDIR = @XMLSEC_DOCDIR@
+XMLSEC_EXTRA_LDFLAGS = @XMLSEC_EXTRA_LDFLAGS@
+XMLSEC_GCRYPT_CFLAGS = @XMLSEC_GCRYPT_CFLAGS@
+XMLSEC_GCRYPT_LIBS = @XMLSEC_GCRYPT_LIBS@
+XMLSEC_GNUTLS_CFLAGS = @XMLSEC_GNUTLS_CFLAGS@
+XMLSEC_GNUTLS_LIBS = @XMLSEC_GNUTLS_LIBS@
+XMLSEC_LIBDIR = @XMLSEC_LIBDIR@
+XMLSEC_LIBS = @XMLSEC_LIBS@
+XMLSEC_NO_AES = @XMLSEC_NO_AES@
+XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_DES = @XMLSEC_NO_DES@
+XMLSEC_NO_DSA = @XMLSEC_NO_DSA@
+XMLSEC_NO_GCRYPT = @XMLSEC_NO_GCRYPT@
+XMLSEC_NO_GNUTLS = @XMLSEC_NO_GNUTLS@
+XMLSEC_NO_GOST = @XMLSEC_NO_GOST@
+XMLSEC_NO_HMAC = @XMLSEC_NO_HMAC@
+XMLSEC_NO_LIBXSLT = @XMLSEC_NO_LIBXSLT@
+XMLSEC_NO_MD5 = @XMLSEC_NO_MD5@
+XMLSEC_NO_MSCRYPTO = @XMLSEC_NO_MSCRYPTO@
+XMLSEC_NO_NSS = @XMLSEC_NO_NSS@
+XMLSEC_NO_OPENSSL = @XMLSEC_NO_OPENSSL@
+XMLSEC_NO_RIPEMD160 = @XMLSEC_NO_RIPEMD160@
+XMLSEC_NO_RSA = @XMLSEC_NO_RSA@
+XMLSEC_NO_SHA1 = @XMLSEC_NO_SHA1@
+XMLSEC_NO_SHA224 = @XMLSEC_NO_SHA224@
+XMLSEC_NO_SHA256 = @XMLSEC_NO_SHA256@
+XMLSEC_NO_SHA384 = @XMLSEC_NO_SHA384@
+XMLSEC_NO_SHA512 = @XMLSEC_NO_SHA512@
+XMLSEC_NO_X509 = @XMLSEC_NO_X509@
+XMLSEC_NO_XKMS = @XMLSEC_NO_XKMS@
+XMLSEC_NO_XMLDSIG = @XMLSEC_NO_XMLDSIG@
+XMLSEC_NO_XMLENC = @XMLSEC_NO_XMLENC@
+XMLSEC_NSS_CFLAGS = @XMLSEC_NSS_CFLAGS@
+XMLSEC_NSS_LIBS = @XMLSEC_NSS_LIBS@
+XMLSEC_OPENSSL_CFLAGS = @XMLSEC_OPENSSL_CFLAGS@
+XMLSEC_OPENSSL_LIBS = @XMLSEC_OPENSSL_LIBS@
+XMLSEC_PACKAGE = @XMLSEC_PACKAGE@
+XMLSEC_STATIC_BINARIES = @XMLSEC_STATIC_BINARIES@
+XMLSEC_VERSION = @XMLSEC_VERSION@
+XMLSEC_VERSION_INFO = @XMLSEC_VERSION_INFO@
+XMLSEC_VERSION_MAJOR = @XMLSEC_VERSION_MAJOR@
+XMLSEC_VERSION_MINOR = @XMLSEC_VERSION_MINOR@
+XMLSEC_VERSION_SAFE = @XMLSEC_VERSION_SAFE@
+XMLSEC_VERSION_SUBMINOR = @XMLSEC_VERSION_SUBMINOR@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+NULL =
+SUBDIRS = . $(XMLSEC_CRYPTO_LIST)
+INCLUDES = \
+ -DPACKAGE=\"@PACKAGE@\" \
+ -I../include \
+ -I$(top_srcdir)/include \
+ $(XMLSEC_DEFINES) \
+ $(XMLSEC_DL_INCLUDES) \
+ $(LIBXSLT_CFLAGS) \
+ $(LIBXML_CFLAGS) \
+ $(NULL)
+
+EXTRA_DIST = \
+ globals.h \
+ kw_aes_des.h \
+ skeleton \
+ mscrypto \
+ $(XMLSEC_CRYPTO_DISABLED_LIST) \
+ $(NULL)
+
+lib_LTLIBRARIES = \
+ libxmlsec1.la \
+ $(NULL)
+
+libxmlsec1_la_SOURCES = \
+ $(LTDL_SOURCE_FILES) \
+ app.c \
+ base64.c \
+ bn.c \
+ buffer.c \
+ c14n.c \
+ dl.c \
+ enveloped.c \
+ errors.c \
+ io.c \
+ keyinfo.c \
+ keys.c \
+ keysdata.c \
+ keysmngr.c \
+ kw_aes_des.c \
+ list.c \
+ membuf.c \
+ nodeset.c \
+ parser.c \
+ soap.c \
+ strings.c \
+ templates.c \
+ transforms.c \
+ x509.c \
+ xkms.c \
+ xmldsig.c \
+ xmlenc.c \
+ xmlsec.c \
+ xmltree.c \
+ xpath.c \
+ xslt.c \
+ $(NULL)
+
+libxmlsec1_la_LIBADD = \
+ $(LIBXSLT_LIBS) \
+ $(LIBXML_LIBS) \
+ $(XMLSEC_DL_LIBS) \
+ $(NULL)
+
+libxmlsec1_la_LDFLAGS = \
+ @XMLSEC_EXTRA_LDFLAGS@ \
+ -version-info @XMLSEC_VERSION_INFO@ \
+ $(NULL)
+
+all: all-recursive
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
+ @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \
+ }
+
+uninstall-libLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \
+ done
+
+clean-libLTLIBRARIES:
+ -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libxmlsec1.la: $(libxmlsec1_la_OBJECTS) $(libxmlsec1_la_DEPENDENCIES)
+ $(libxmlsec1_la_LINK) -rpath $(libdir) $(libxmlsec1_la_OBJECTS) $(libxmlsec1_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/app.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/base64.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bn.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/buffer.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/c14n.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dl.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/enveloped.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/errors.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/io.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keyinfo.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keys.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keysdata.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/keysmngr.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kw_aes_des.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/list.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/membuf.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nodeset.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/parser.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/soap.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/strings.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/templates.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/transforms.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xkms.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xmldsig.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xmlenc.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xmlsec.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xmltree.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xpath.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xslt.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+# This directory's subdirectories are mostly independent; you can cd
+# into them and run `make' without going through this Makefile.
+# To change the values of `make' variables: instead of editing Makefiles,
+# (1) if the variable is set in `config.status', edit `config.status'
+# (which will cause the Makefiles to be regenerated when you run `make');
+# (2) otherwise, pass the desired values on the `make' command line.
+$(RECURSIVE_TARGETS):
+ @fail= failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ target=`echo $@ | sed s/-recursive//`; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ dot_seen=yes; \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done; \
+ if test "$$dot_seen" = "no"; then \
+ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
+ fi; test -z "$$fail"
+
+$(RECURSIVE_CLEAN_TARGETS):
+ @fail= failcom='exit 1'; \
+ for f in x $$MAKEFLAGS; do \
+ case $$f in \
+ *=* | --[!k]*);; \
+ *k*) failcom='fail=yes';; \
+ esac; \
+ done; \
+ dot_seen=no; \
+ case "$@" in \
+ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
+ *) list='$(SUBDIRS)' ;; \
+ esac; \
+ rev=''; for subdir in $$list; do \
+ if test "$$subdir" = "."; then :; else \
+ rev="$$subdir $$rev"; \
+ fi; \
+ done; \
+ rev="$$rev ."; \
+ target=`echo $@ | sed s/-recursive//`; \
+ for subdir in $$rev; do \
+ echo "Making $$target in $$subdir"; \
+ if test "$$subdir" = "."; then \
+ local_target="$$target-am"; \
+ else \
+ local_target="$$target"; \
+ fi; \
+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
+ || eval $$failcom; \
+ done && test -z "$$fail"
+tags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
+ done
+ctags-recursive:
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
+ done
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
+ include_option=--etags-include; \
+ empty_fix=.; \
+ else \
+ include_option=--include; \
+ empty_fix=; \
+ fi; \
+ list='$(SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test ! -f $$subdir/TAGS || \
+ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
+ fi; \
+ done; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ test -d "$(distdir)/$$subdir" \
+ || $(MKDIR_P) "$(distdir)/$$subdir" \
+ || exit 1; \
+ fi; \
+ done
+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
+ if test "$$subdir" = .; then :; else \
+ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
+ $(am__relativize); \
+ new_distdir=$$reldir; \
+ dir1=$$subdir; dir2="$(top_distdir)"; \
+ $(am__relativize); \
+ new_top_distdir=$$reldir; \
+ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
+ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
+ ($(am__cd) $$subdir && \
+ $(MAKE) $(AM_MAKEFLAGS) \
+ top_distdir="$$new_top_distdir" \
+ distdir="$$new_distdir" \
+ am__remove_distdir=: \
+ am__skip_length_check=: \
+ am__skip_mode_fix=: \
+ distdir) \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-recursive
+all-am: Makefile $(LTLIBRARIES)
+installdirs: installdirs-recursive
+installdirs-am:
+ for dir in "$(DESTDIR)$(libdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-recursive
+install-exec: install-exec-recursive
+install-data: install-data-recursive
+uninstall: uninstall-recursive
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-recursive
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-recursive
+
+clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
+ mostlyclean-am
+
+distclean: distclean-recursive
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-recursive
+
+dvi-am:
+
+html: html-recursive
+
+html-am:
+
+info: info-recursive
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-recursive
+
+install-dvi-am:
+
+install-exec-am: install-libLTLIBRARIES
+
+install-html: install-html-recursive
+
+install-html-am:
+
+install-info: install-info-recursive
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-recursive
+
+install-pdf-am:
+
+install-ps: install-ps-recursive
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-recursive
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-recursive
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-recursive
+
+pdf-am:
+
+ps: ps-recursive
+
+ps-am:
+
+uninstall-am: uninstall-libLTLIBRARIES
+
+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \
+ install-am install-strip tags-recursive
+
+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
+ all all-am check check-am clean clean-generic \
+ clean-libLTLIBRARIES clean-libtool ctags ctags-recursive \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-libLTLIBRARIES install-man install-pdf \
+ install-pdf-am install-ps install-ps-am install-strip \
+ installcheck installcheck-am installdirs installdirs-am \
+ maintainer-clean maintainer-clean-generic mostlyclean \
+ mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
+ pdf pdf-am ps ps-am tags tags-recursive uninstall uninstall-am \
+ uninstall-libLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/app.c b/src/app.c
new file mode 100644
index 00000000..925c24bb
--- /dev/null
+++ b/src/app.c
@@ -0,0 +1,1498 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#ifndef XMLSEC_NO_CRYPTO_DYNAMIC_LOADING
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <string.h>
+#include <time.h>
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/app.h>
+#include <xmlsec/list.h>
+#include <xmlsec/keysdata.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/private.h>
+#include <xmlsec/errors.h>
+
+
+/******************************************************************************
+ *
+ * Crypto Init/shutdown
+ *
+ *****************************************************************************/
+/**
+ * xmlSecCryptoInit:
+ *
+ * XMLSec library specific crypto engine initialization.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecCryptoInit(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoInit == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cryptoInit",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->cryptoInit());
+}
+
+/**
+ * xmlSecCryptoShutdown:
+ *
+ * XMLSec library specific crypto engine shutdown.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecCryptoShutdown(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoShutdown == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cryptoShutdown",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->cryptoShutdown());
+}
+
+/**
+ * xmlSecCryptoKeysMngrInit:
+ * @mngr: the pointer to keys manager.
+ *
+ * Adds crypto specific key data stores in keys manager.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecCryptoKeysMngrInit(xmlSecKeysMngrPtr mngr) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoKeysMngrInit == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cryptoKeysMngrInit",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->cryptoKeysMngrInit(mngr));
+}
+
+/******************************************************************************
+ *
+ * Key data ids
+ *
+ *****************************************************************************/
+/**
+ * xmlSecKeyDataAesGetKlass:
+ *
+ * The AES key data klass.
+ *
+ * Returns: AES key data klass or NULL if an error occurs
+ * (xmlsec-crypto library is not loaded or the AES key data
+ * klass is not implemented).
+ */
+xmlSecKeyDataId
+xmlSecKeyDataAesGetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->keyDataAesGetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "keyDataAesId",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecKeyDataIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->keyDataAesGetKlass());
+}
+
+/**
+ * xmlSecKeyDataDesGetKlass:
+ *
+ * The DES key data klass.
+ *
+ * Returns: DES key data klass or NULL if an error occurs
+ * (xmlsec-crypto library is not loaded or the DES key data
+ * klass is not implemented).
+ */
+xmlSecKeyDataId
+xmlSecKeyDataDesGetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->keyDataDesGetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "keyDataDesId",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecKeyDataIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->keyDataDesGetKlass());
+}
+
+/**
+ * xmlSecKeyDataDsaGetKlass:
+ *
+ * The DSA key data klass.
+ *
+ * Returns: DSA key data klass or NULL if an error occurs
+ * (xmlsec-crypto library is not loaded or the DSA key data
+ * klass is not implemented).
+ */
+xmlSecKeyDataId
+xmlSecKeyDataDsaGetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->keyDataDsaGetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "keyDataDsaId",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecKeyDataIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->keyDataDsaGetKlass());
+}
+
+/**
+ * xmlSecKeyDataGost2001GetKlass:
+ *
+ * The GOST2001 key data klass.
+ *
+ * Returns: GOST2001 key data klass or NULL if an error occurs
+ * (xmlsec-crypto library is not loaded or the GOST2001 key data
+ * klass is not implemented).
+ */
+xmlSecKeyDataId
+xmlSecKeyDataGost2001GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->keyDataGost2001GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "keyDataGost2001Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecKeyDataIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->keyDataGost2001GetKlass());
+}
+
+/**
+ * xmlSecKeyDataHmacGetKlass:
+ *
+ * The HMAC key data klass.
+ *
+ * Returns: HMAC key data klass or NULL if an error occurs
+ * (xmlsec-crypto library is not loaded or the HMAC key data
+ * klass is not implemented).
+ */
+xmlSecKeyDataId
+xmlSecKeyDataHmacGetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->keyDataHmacGetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "keyDataHmacId",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecKeyDataIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->keyDataHmacGetKlass());
+}
+
+/**
+ * xmlSecKeyDataRsaGetKlass:
+ *
+ * The RSA key data klass.
+ *
+ * Returns: RSA key data klass or NULL if an error occurs
+ * (xmlsec-crypto library is not loaded or the RSA key data
+ * klass is not implemented).
+ */
+xmlSecKeyDataId
+xmlSecKeyDataRsaGetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->keyDataRsaGetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "keyDataRsaId",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecKeyDataIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->keyDataRsaGetKlass());
+}
+
+/**
+ * xmlSecKeyDataX509GetKlass:
+ *
+ * The X509 key data klass.
+ *
+ * Returns: X509 key data klass or NULL if an error occurs
+ * (xmlsec-crypto library is not loaded or the X509 key data
+ * klass is not implemented).
+ */
+xmlSecKeyDataId
+xmlSecKeyDataX509GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->keyDataX509GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "keyDataX509Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecKeyDataIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->keyDataX509GetKlass());
+}
+
+/**
+ * xmlSecKeyDataRawX509CertGetKlass:
+ *
+ * The raw X509 cert key data klass.
+ *
+ * Returns: raw x509 cert key data klass or NULL if an error occurs
+ * (xmlsec-crypto library is not loaded or the raw X509 cert key data
+ * klass is not implemented).
+ */
+xmlSecKeyDataId
+xmlSecKeyDataRawX509CertGetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->keyDataRawX509CertGetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "keyDataRawX509CertId",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecKeyDataIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->keyDataRawX509CertGetKlass());
+}
+
+/******************************************************************************
+ *
+ * Key data store ids
+ *
+ *****************************************************************************/
+/**
+ * xmlSecX509StoreGetKlass:
+ *
+ * The X509 certificates key data store klass.
+ *
+ * Returns: pointer to X509 certificates key data store klass or NULL if
+ * an error occurs (xmlsec-crypto library is not loaded or the raw X509
+ * cert key data klass is not implemented).
+ */
+xmlSecKeyDataStoreId
+xmlSecX509StoreGetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->x509StoreGetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "x509StoreId",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecKeyStoreIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->x509StoreGetKlass());
+}
+
+/******************************************************************************
+ *
+ * Crypto transforms ids
+ *
+ *****************************************************************************/
+/**
+ * xmlSecTransformAes128CbcGetKlass:
+ *
+ * AES 128 CBC encryption transform klass.
+ *
+ * Returns: pointer to AES 128 CBC encryption transform or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformAes128CbcGetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformAes128CbcGetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformAes128CbcId",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformAes128CbcGetKlass());
+}
+
+/**
+ * xmlSecTransformAes192CbcGetKlass:
+ *
+ * AES 192 CBC encryption transform klass.
+ *
+ * Returns: pointer to AES 192 CBC encryption transform or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformAes192CbcGetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformAes192CbcGetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformAes192CbcId",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformAes192CbcGetKlass());
+}
+
+/**
+ * xmlSecTransformAes256CbcGetKlass:
+ *
+ * AES 256 CBC encryption transform klass.
+ *
+ * Returns: pointer to AES 256 CBC encryption transform or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformAes256CbcGetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformAes256CbcGetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformAes256CbcId",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformAes256CbcGetKlass());
+}
+
+/**
+ * xmlSecTransformKWAes128GetKlass:
+ *
+ * The AES-128 kew wrapper transform klass.
+ *
+ * Returns: AES-128 kew wrapper transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformKWAes128GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformKWAes128GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformKWAes128Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformKWAes128GetKlass());
+}
+
+/**
+ * xmlSecTransformKWAes192GetKlass:
+ *
+ * The AES-192 kew wrapper transform klass.
+ *
+ * Returns: AES-192 kew wrapper transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformKWAes192GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformKWAes192GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformKWAes192Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformKWAes192GetKlass());
+}
+
+/**
+ * xmlSecTransformKWAes256GetKlass:
+ *
+ * The AES-256 kew wrapper transform klass.
+ *
+ * Returns: AES-256 kew wrapper transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformKWAes256GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformKWAes256GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformKWAes256Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformKWAes256GetKlass());
+}
+
+/**
+ * xmlSecTransformDes3CbcGetKlass:
+ *
+ * Triple DES CBC encryption transform klass.
+ *
+ * Returns: pointer to Triple DES encryption transform or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformDes3CbcGetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformDes3CbcGetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformDes3CbcId",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformDes3CbcGetKlass());
+}
+
+/**
+ * xmlSecTransformKWDes3GetKlass:
+ *
+ * The Triple DES key wrapper transform klass.
+ *
+ * Returns: Triple DES key wrapper transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformKWDes3GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformKWDes3GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformKWDes3Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformKWDes3GetKlass());
+}
+
+/**
+ * xmlSecTransformDsaSha1GetKlass:
+ *
+ * The DSA-SHA1 signature transform klass.
+ *
+ * Returns: DSA-SHA1 signature transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformDsaSha1GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformDsaSha1GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformDsaSha1Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformDsaSha1GetKlass());
+}
+
+/**
+ * xmlSecTransformGost2001GostR3411_94GetKlass:
+ *
+ * The GOST2001-GOSTR3411_94 signature transform klass.
+ *
+ * Returns: GOST2001-GOSTR3411_94 signature transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformGost2001GostR3411_94GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformGost2001GostR3411_94GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformGost2001GostR3411_94Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformGost2001GostR3411_94GetKlass());
+}
+
+/**
+ * xmlSecTransformHmacMd5GetKlass:
+ *
+ * The HMAC-MD5 transform klass.
+ *
+ * Returns: the HMAC-MD5 transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformHmacMd5GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformHmacMd5GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformHmacMd5Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformHmacMd5GetKlass());
+}
+
+/**
+ * xmlSecTransformHmacRipemd160GetKlass:
+ *
+ * The HMAC-RIPEMD160 transform klass.
+ *
+ * Returns: the HMAC-RIPEMD160 transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformHmacRipemd160GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformHmacRipemd160GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformHmacRipemd160Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformHmacRipemd160GetKlass());
+}
+
+/**
+ * xmlSecTransformHmacSha1GetKlass:
+ *
+ * The HMAC-SHA1 transform klass.
+ *
+ * Returns: the HMAC-SHA1 transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformHmacSha1GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformHmacSha1GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformHmacSha1Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformHmacSha1GetKlass());
+}
+
+/**
+ * xmlSecTransformHmacSha224GetKlass:
+ *
+ * The HMAC-SHA224 transform klass.
+ *
+ * Returns: the HMAC-SHA224 transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformHmacSha224GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformHmacSha224GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformHmacSha224Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformHmacSha224GetKlass());
+}
+
+/**
+ * xmlSecTransformHmacSha256GetKlass:
+ *
+ * The HMAC-SHA256 transform klass.
+ *
+ * Returns: the HMAC-SHA256 transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformHmacSha256GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformHmacSha256GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformHmacSha256Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformHmacSha256GetKlass());
+}
+
+/**
+ * xmlSecTransformHmacSha384GetKlass:
+ *
+ * The HMAC-SHA384 transform klass.
+ *
+ * Returns: the HMAC-SHA384 transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformHmacSha384GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformHmacSha384GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformHmacSha384Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformHmacSha384GetKlass());
+}
+
+/**
+ * xmlSecTransformHmacSha512GetKlass:
+ *
+ * The HMAC-SHA512 transform klass.
+ *
+ * Returns: the HMAC-SHA512 transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformHmacSha512GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformHmacSha512GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformHmacSha512Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformHmacSha512GetKlass());
+}
+
+/**
+ * xmlSecTransformMd5GetKlass:
+ *
+ * MD5 digest transform klass.
+ *
+ * Returns: pointer to MD5 digest transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformMd5GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformMd5GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformMd5Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformMd5GetKlass());
+}
+
+/**
+ * xmlSecTransformRipemd160GetKlass:
+ *
+ * RIPEMD-160 digest transform klass.
+ *
+ * Returns: pointer to RIPEMD-160 digest transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformRipemd160GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformRipemd160GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformRipemd160Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformRipemd160GetKlass());
+}
+
+/**
+ * xmlSecTransformRsaMd5GetKlass:
+ *
+ * The RSA-MD5 signature transform klass.
+ *
+ * Returns: RSA-MD5 signature transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformRsaMd5GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformRsaMd5GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformRsaMd5Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformRsaMd5GetKlass());
+}
+
+/**
+ * xmlSecTransformRsaRipemd160GetKlass:
+ *
+ * The RSA-RIPEMD160 signature transform klass.
+ *
+ * Returns: RSA-RIPEMD160 signature transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformRsaRipemd160GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformRsaRipemd160GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformRsaRipemd160Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformRsaRipemd160GetKlass());
+}
+
+/**
+ * xmlSecTransformRsaSha1GetKlass:
+ *
+ * The RSA-SHA1 signature transform klass.
+ *
+ * Returns: RSA-SHA1 signature transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformRsaSha1GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformRsaSha1GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformRsaSha1Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformRsaSha1GetKlass());
+}
+
+/**
+ * xmlSecTransformRsaSha224GetKlass:
+ *
+ * The RSA-SHA224 signature transform klass.
+ *
+ * Returns: RSA-SHA224 signature transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformRsaSha224GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformRsaSha224GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformRsaSha224Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformRsaSha224GetKlass());
+}
+
+/**
+ * xmlSecTransformRsaSha256GetKlass:
+ *
+ * The RSA-SHA256 signature transform klass.
+ *
+ * Returns: RSA-SHA256 signature transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformRsaSha256GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformRsaSha256GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformRsaSha256Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformRsaSha256GetKlass());
+}
+
+/**
+ * xmlSecTransformRsaSha384GetKlass:
+ *
+ * The RSA-SHA384 signature transform klass.
+ *
+ * Returns: RSA-SHA384 signature transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformRsaSha384GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformRsaSha384GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformRsaSha384Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformRsaSha384GetKlass());
+}
+
+/**
+ * xmlSecTransformRsaSha512GetKlass:
+ *
+ * The RSA-SHA512 signature transform klass.
+ *
+ * Returns: RSA-SHA512 signature transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformRsaSha512GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformRsaSha512GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformRsaSha512Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformRsaSha512GetKlass());
+}
+
+/**
+ * xmlSecTransformRsaPkcs1GetKlass:
+ *
+ * The RSA-PKCS1 key transport transform klass.
+ *
+ * Returns: RSA-PKCS1 key transport transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformRsaPkcs1GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformRsaPkcs1GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformRsaPkcs1Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformRsaPkcs1GetKlass());
+}
+
+/**
+ * xmlSecTransformRsaOaepGetKlass:
+ *
+ * The RSA-OAEP key transport transform klass.
+ *
+ * Returns: RSA-OAEP key transport transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformRsaOaepGetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformRsaOaepGetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformRsaOaepId",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformRsaOaepGetKlass());
+}
+
+/**
+ * xmlSecTransformGostR3411_94GetKlass:
+ *
+ * GOSTR3411_94 digest transform klass.
+ *
+ * Returns: pointer to GOSTR3411_94 digest transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformGostR3411_94GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformGostR3411_94GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformGostR3411_94Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformGostR3411_94GetKlass());
+}
+
+
+/**
+ * xmlSecTransformSha1GetKlass:
+ *
+ * SHA-1 digest transform klass.
+ *
+ * Returns: pointer to SHA-1 digest transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformSha1GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformSha1GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformSha1Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformSha1GetKlass());
+}
+
+/**
+ * xmlSecTransformSha224GetKlass:
+ *
+ * SHA224 digest transform klass.
+ *
+ * Returns: pointer to SHA224 digest transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformSha224GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformSha224GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformSha224Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformSha224GetKlass());
+}
+
+/**
+ * xmlSecTransformSha256GetKlass:
+ *
+ * SHA256 digest transform klass.
+ *
+ * Returns: pointer to SHA256 digest transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformSha256GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformSha256GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformSha256Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformSha256GetKlass());
+}
+
+/**
+ * xmlSecTransformSha384GetKlass:
+ *
+ * SHA384 digest transform klass.
+ *
+ * Returns: pointer to SHA384 digest transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformSha384GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformSha384GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformSha384Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformSha384GetKlass());
+}
+
+/**
+ * xmlSecTransformSha512GetKlass:
+ *
+ * SHA512 digest transform klass.
+ *
+ * Returns: pointer to SHA512 digest transform klass or NULL if an error
+ * occurs (the xmlsec-crypto library is not loaded or this transform is not
+ * implemented).
+ */
+xmlSecTransformId
+xmlSecTransformSha512GetKlass(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformSha512GetKlass == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "transformSha512Id",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecTransformIdUnknown);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->transformSha512GetKlass());
+}
+
+/******************************************************************************
+ *
+ * High level routines form xmlsec command line utility
+ *
+ *****************************************************************************/
+/**
+ * xmlSecCryptoAppInit:
+ * @config: the path to crypto library configuration.
+ *
+ * General crypto engine initialization. This function is used
+ * by XMLSec command line utility and called before
+ * @xmlSecInit function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecCryptoAppInit(const char* config) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppInit == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cryptoAppInit",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->cryptoAppInit(config));
+}
+
+
+/**
+ * xmlSecCryptoAppShutdown:
+ *
+ * General crypto engine shutdown. This function is used
+ * by XMLSec command line utility and called after
+ * @xmlSecShutdown function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecCryptoAppShutdown(void) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppShutdown == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cryptoAppShutdown",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->cryptoAppShutdown());
+}
+
+/**
+ * xmlSecCryptoAppDefaultKeysMngrInit:
+ * @mngr: the pointer to keys manager.
+ *
+ * Initializes @mngr with simple keys store #xmlSecSimpleKeysStoreId
+ * and a default crypto key data stores.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecCryptoAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppDefaultKeysMngrInit == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cryptoAppDefaultKeysMngrInit",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->cryptoAppDefaultKeysMngrInit(mngr));
+}
+
+/**
+ * xmlSecCryptoAppDefaultKeysMngrAdoptKey:
+ * @mngr: the pointer to keys manager.
+ * @key: the pointer to key.
+ *
+ * Adds @key to the keys manager @mngr created with #xmlSecCryptoAppDefaultKeysMngrInit
+ * function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecCryptoAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr, xmlSecKeyPtr key) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppDefaultKeysMngrAdoptKey == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cryptoAppDefaultKeysMngrAdoptKey",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->cryptoAppDefaultKeysMngrAdoptKey(mngr, key));
+}
+
+/**
+ * xmlSecCryptoAppDefaultKeysMngrLoad:
+ * @mngr: the pointer to keys manager.
+ * @uri: the uri.
+ *
+ * Loads XML keys file from @uri to the keys manager @mngr created
+ * with #xmlSecCryptoAppDefaultKeysMngrInit function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecCryptoAppDefaultKeysMngrLoad(xmlSecKeysMngrPtr mngr, const char* uri) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppDefaultKeysMngrLoad == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cryptoAppDefaultKeysMngrLoad",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->cryptoAppDefaultKeysMngrLoad(mngr, uri));
+}
+
+/**
+ * xmlSecCryptoAppDefaultKeysMngrSave:
+ * @mngr: the pointer to keys manager.
+ * @filename: the destination filename.
+ * @type: the type of keys to save (public/private/symmetric).
+ *
+ * Saves keys from @mngr to XML keys file.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecCryptoAppDefaultKeysMngrSave(xmlSecKeysMngrPtr mngr, const char* filename,
+ xmlSecKeyDataType type) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppDefaultKeysMngrSave == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cryptoAppDefaultKeysMngrSave",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->cryptoAppDefaultKeysMngrSave(mngr, filename, type));
+}
+
+/**
+ * xmlSecCryptoAppKeysMngrCertLoad:
+ * @mngr: the keys manager.
+ * @filename: the certificate file.
+ * @format: the certificate file format.
+ * @type: the flag that indicates is the certificate in @filename
+ * trusted or not.
+ *
+ * Reads cert from @filename and adds to the list of trusted or known
+ * untrusted certs in @store.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecCryptoAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename,
+ xmlSecKeyDataFormat format, xmlSecKeyDataType type) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppKeysMngrCertLoad == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cryptoAppKeysMngrCertLoad",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->cryptoAppKeysMngrCertLoad(mngr, filename, format, type));
+}
+
+/**
+ * xmlSecCryptoAppKeysMngrCertLoadMemory:
+ * @mngr: the keys manager.
+ * @data: the certificate binary data.
+ * @dataSize: the certificate binary data size.
+ * @format: the certificate file format.
+ * @type: the flag that indicates is the certificate trusted or not.
+ *
+ * Reads cert from binary buffer @data and adds to the list of trusted or known
+ * untrusted certs in @store.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecCryptoAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr, const xmlSecByte* data,
+ xmlSecSize dataSize, xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppKeysMngrCertLoadMemory == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cryptoAppKeysMngrCertLoadMemory",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->cryptoAppKeysMngrCertLoadMemory(mngr, data, dataSize, format, type));
+}
+
+/**
+ * xmlSecCryptoAppKeyLoad:
+ * @filename: the key filename.
+ * @format: the key file format.
+ * @pwd: the key file password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key from the a file.
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecCryptoAppKeyLoad(const char *filename, xmlSecKeyDataFormat format,
+ const char *pwd, void* pwdCallback, void* pwdCallbackCtx) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppKeyLoad == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cryptoAppKeyLoad",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->cryptoAppKeyLoad(filename, format, pwd, pwdCallback, pwdCallbackCtx));
+}
+
+/**
+ * xmlSecCryptoAppKeyLoadMemory:
+ * @data: the binary key data.
+ * @dataSize: the size of binary key.
+ * @format: the key file format.
+ * @pwd: the key file password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key from the memory buffer.
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecCryptoAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize, xmlSecKeyDataFormat format,
+ const char *pwd, void* pwdCallback, void* pwdCallbackCtx) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppKeyLoadMemory == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cryptoAppKeyLoadMemory",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->cryptoAppKeyLoadMemory(data, dataSize, format, pwd, pwdCallback, pwdCallbackCtx));
+}
+
+/**
+ * xmlSecCryptoAppPkcs12Load:
+ * @filename: the PKCS12 key filename.
+ * @pwd: the PKCS12 file password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key and all associated certificates from the PKCS12 file.
+ * For uniformity, call xmlSecCryptoAppKeyLoad instead of this function. Pass
+ * in format=xmlSecKeyDataFormatPkcs12.
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecCryptoAppPkcs12Load(const char* filename, const char* pwd, void* pwdCallback,
+ void* pwdCallbackCtx) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppPkcs12Load == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cryptoAppPkcs12Load",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->cryptoAppPkcs12Load(filename, pwd, pwdCallback, pwdCallbackCtx));
+}
+
+/**
+ * xmlSecCryptoAppPkcs12LoadMemory:
+ * @data: the PKCS12 binary data.
+ * @dataSize: the PKCS12 binary data size.
+ * @pwd: the PKCS12 file password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key and all associated certificates from the PKCS12 data in memory buffer.
+ * For uniformity, call xmlSecCryptoAppKeyLoadMemory instead of this function. Pass
+ * in format=xmlSecKeyDataFormatPkcs12.
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecCryptoAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize,
+ const char *pwd, void* pwdCallback,
+ void* pwdCallbackCtx) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppPkcs12LoadMemory == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cryptoAppPkcs12LoadMemory",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->cryptoAppPkcs12LoadMemory(data, dataSize, pwd, pwdCallback, pwdCallbackCtx));
+}
+
+/**
+ * xmlSecCryptoAppKeyCertLoad:
+ * @key: the pointer to key.
+ * @filename: the certificate filename.
+ * @format: the certificate file format.
+ *
+ * Reads the certificate from $@filename and adds it to key.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecCryptoAppKeyCertLoad(xmlSecKeyPtr key, const char* filename, xmlSecKeyDataFormat format) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppKeyCertLoad == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cryptoAppKeyCertLoad",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->cryptoAppKeyCertLoad(key, filename, format));
+}
+
+/**
+ * xmlSecCryptoAppKeyCertLoadMemory:
+ * @key: the pointer to key.
+ * @data: the certificate binary data.
+ * @dataSize: the certificate binary data size.
+ * @format: the certificate file format.
+ *
+ * Reads the certificate from memory buffer and adds it to key.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecCryptoAppKeyCertLoadMemory(xmlSecKeyPtr key, const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecKeyDataFormat format) {
+ if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppKeyCertLoadMemory == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cryptoAppKeyCertLoadMemory",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->cryptoAppKeyCertLoadMemory(key, data, dataSize, format));
+}
+
+/**
+ * xmlSecCryptoAppGetDefaultPwdCallback:
+ *
+ * Gets default password callback.
+ *
+ * Returns: default password callback.
+ */
+void*
+xmlSecCryptoAppGetDefaultPwdCallback(void) {
+ if(xmlSecCryptoDLGetFunctions() == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ return(xmlSecCryptoDLGetFunctions()->cryptoAppDefaultPwdCallback);
+}
+
+#endif /* XMLSEC_NO_CRYPTO_DYNAMIC_LOADING */
+
diff --git a/src/base64.c b/src/base64.c
new file mode 100644
index 00000000..53e66945
--- /dev/null
+++ b/src/base64.c
@@ -0,0 +1,1034 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Base64 encode/decode transform and utility functions.
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/errors.h>
+
+/*
+ * the table to map numbers to base64
+ */
+static const xmlSecByte base64[] =
+{
+/* 0 1 2 3 4 5 6 7 */
+ 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', /* 0 */
+ 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', /* 1 */
+ 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', /* 2 */
+ 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', /* 3 */
+ 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', /* 4 */
+ 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', /* 5 */
+ 'w', 'x', 'y', 'z', '0', '1', '2', '3', /* 6 */
+ '4', '5', '6', '7', '8', '9', '+', '/' /* 7 */
+};
+
+
+/* few macros to simplify the code */
+#define xmlSecBase64Encode1(a) (((a) >> 2) & 0x3F)
+#define xmlSecBase64Encode2(a, b) ((((a) << 4) & 0x30) + (((b) >> 4) & 0x0F))
+#define xmlSecBase64Encode3(b, c) ((((b) << 2) & 0x3c) + (((c) >> 6) & 0x03))
+#define xmlSecBase64Encode4(c) ((c) & 0x3F)
+
+#define xmlSecBase64Decode1(a, b) (((a) << 2) | (((b) & 0x3F) >> 4))
+#define xmlSecBase64Decode2(b, c) (((b) << 4) | (((c) & 0x3F) >> 2))
+#define xmlSecBase64Decode3(c, d) (((c) << 6) | ((d) & 0x3F))
+
+#define xmlSecIsBase64Char(ch) ((((ch) >= 'A') && ((ch) <= 'Z')) || \
+ (((ch) >= 'a') && ((ch) <= 'z')) || \
+ (((ch) >= '0') && ((ch) <= '9')) || \
+ ((ch) == '+') || ((ch) == '/'))
+#define xmlSecIsBase64Space(ch) (((ch) == ' ') || ((ch) == '\t') || \
+ ((ch) == '\x0d') || ((ch) == '\x0a'))
+
+
+
+/***********************************************************************
+ *
+ * Base64 Context
+ *
+ ***********************************************************************/
+typedef enum {
+ xmlSecBase64StatusConsumeAndNext = 0,
+ xmlSecBase64StatusConsumeAndRepeat,
+ xmlSecBase64StatusNext,
+ xmlSecBase64StatusDone,
+ xmlSecBase64StatusFailed
+} xmlSecBase64Status;
+
+struct _xmlSecBase64Ctx {
+ int encode;
+ int inByte;
+ int inPos;
+ xmlSecSize linePos;
+ xmlSecSize columns;
+ int finished;
+};
+
+static xmlSecBase64Status xmlSecBase64CtxEncodeByte (xmlSecBase64CtxPtr ctx,
+ xmlSecByte inByte,
+ xmlSecByte* outByte);
+static xmlSecBase64Status xmlSecBase64CtxEncodeByteFinal (xmlSecBase64CtxPtr ctx,
+ xmlSecByte* outByte);
+static xmlSecBase64Status xmlSecBase64CtxDecodeByte (xmlSecBase64CtxPtr ctx,
+ xmlSecByte inByte,
+ xmlSecByte* outByte);
+static int xmlSecBase64CtxEncode (xmlSecBase64CtxPtr ctx,
+ const xmlSecByte* inBuf,
+ xmlSecSize inBufSize,
+ xmlSecSize* inBufResSize,
+ xmlSecByte* outBuf,
+ xmlSecSize outBufSize,
+ xmlSecSize* outBufResSize);
+static int xmlSecBase64CtxEncodeFinal (xmlSecBase64CtxPtr ctx,
+ xmlSecByte* outBuf,
+ xmlSecSize outBufSize,
+ xmlSecSize* outBufResSize);
+static int xmlSecBase64CtxDecode (xmlSecBase64CtxPtr ctx,
+ const xmlSecByte* inBuf,
+ xmlSecSize inBufSize,
+ xmlSecSize* inBufResSize,
+ xmlSecByte* outBuf,
+ xmlSecSize outBufSize,
+ xmlSecSize* outBufResSize);
+static int xmlSecBase64CtxDecodeIsFinished (xmlSecBase64CtxPtr ctx);
+
+
+static int g_xmlsec_base64_default_line_size = XMLSEC_BASE64_LINESIZE;
+
+/**
+ * xmlSecBase64GetDefaultLineSize:
+ *
+ * Gets the current default line size.
+ *
+ * Returns: the current default line size.
+ */
+int
+xmlSecBase64GetDefaultLineSize(void)
+{
+ return g_xmlsec_base64_default_line_size;
+}
+
+/**
+ * xmlSecBase64SetDefaultLineSize:
+ * @columns: number of columns
+ *
+ * Sets the current default line size.
+ */
+void
+xmlSecBase64SetDefaultLineSize(int columns)
+{
+ g_xmlsec_base64_default_line_size = columns;
+}
+
+/**
+ * xmlSecBase64CtxCreate:
+ * @encode: the encode/decode flag (1 - encode, 0 - decode)
+ * @columns: the max line length.
+ *
+ * Allocates and initializes new base64 context.
+ *
+ * Returns: a pointer to newly created #xmlSecBase64Ctx structure
+ * or NULL if an error occurs.
+ */
+xmlSecBase64CtxPtr
+xmlSecBase64CtxCreate(int encode, int columns) {
+ xmlSecBase64CtxPtr ctx;
+ int ret;
+
+ /*
+ * Allocate a new xmlSecBase64CtxPtr and fill the fields.
+ */
+ ctx = (xmlSecBase64CtxPtr) xmlMalloc(sizeof(xmlSecBase64Ctx));
+ if (ctx == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "sizeof(xmlSecBase64Ctx)=%d",
+ sizeof(xmlSecBase64Ctx));
+ return(NULL);
+ }
+
+ ret = xmlSecBase64CtxInitialize(ctx, encode, columns);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64CtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBase64CtxDestroy(ctx);
+ return(NULL);
+ }
+ return(ctx);
+}
+
+/**
+ * xmlSecBase64CtxDestroy:
+ * @ctx: the pointer to #xmlSecBase64Ctx structure.
+ *
+ * Destroys base64 context.
+ */
+void
+xmlSecBase64CtxDestroy(xmlSecBase64CtxPtr ctx) {
+ xmlSecAssert(ctx != NULL);
+
+ xmlSecBase64CtxFinalize(ctx);
+ xmlFree(ctx);
+}
+
+/**
+ * xmlSecBase64CtxInitialize:
+ * @ctx: the pointer to #xmlSecBase64Ctx structure,
+ * @encode: the encode/decode flag (1 - encode, 0 - decode)
+ * @columns: the max line length.
+ *
+ * Initializes new base64 context.
+ *
+ * Returns: 0 on success and a negative value otherwise.
+ */
+int
+xmlSecBase64CtxInitialize(xmlSecBase64CtxPtr ctx, int encode, int columns) {
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecBase64Ctx));
+
+ ctx->encode = encode;
+ ctx->columns = columns;
+ return(0);
+}
+
+/**
+ * xmlSecBase64CtxFinalize:
+ * @ctx: the pointer to #xmlSecBase64Ctx structure,
+ *
+ * Frees all the resources allocated by @ctx.
+ */
+void
+xmlSecBase64CtxFinalize(xmlSecBase64CtxPtr ctx) {
+ xmlSecAssert(ctx != NULL);
+
+ memset(ctx, 0, sizeof(xmlSecBase64Ctx));
+}
+
+/**
+ * xmlSecBase64CtxUpdate:
+ * @ctx: the pointer to #xmlSecBase64Ctx structure
+ * @in: the input buffer
+ * @inSize: the input buffer size
+ * @out: the output buffer
+ * @outSize: the output buffer size
+ *
+ * Encodes or decodes the next piece of data from input buffer.
+ *
+ * Returns: the number of bytes written to output buffer or
+ * -1 if an error occurs.
+ */
+int
+xmlSecBase64CtxUpdate(xmlSecBase64CtxPtr ctx,
+ const xmlSecByte *in, xmlSecSize inSize,
+ xmlSecByte *out, xmlSecSize outSize) {
+ xmlSecSize inResSize = 0, outResSize = 0;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+
+ if(ctx->encode != 0) {
+ ret = xmlSecBase64CtxEncode(ctx, in, inSize, &inResSize,
+ out, outSize, &outResSize);
+ if((ret < 0) || (inResSize != inSize)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64CtxEncode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else {
+ ret = xmlSecBase64CtxDecode(ctx, in, inSize, &inResSize,
+ out, outSize, &outResSize);
+ if((ret < 0) || (inResSize != inSize)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64CtxDecode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ return(outResSize);
+}
+
+/**
+ * xmlSecBase64CtxFinal:
+ * @ctx: the pointer to #xmlSecBase64Ctx structure
+ * @out: the output buffer
+ * @outSize: the output buffer size
+ *
+ * Encodes or decodes the last piece of data stored in the context
+ * and finalizes the result.
+ *
+ * Returns: the number of bytes written to output buffer or
+ * -1 if an error occurs.
+ */
+int
+xmlSecBase64CtxFinal(xmlSecBase64CtxPtr ctx,
+ xmlSecByte *out, xmlSecSize outSize) {
+ xmlSecSize outResSize = 0;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize > 0, -1);
+
+ if(ctx->encode != 0) {
+ ret = xmlSecBase64CtxEncodeFinal(ctx, out, outSize, &outResSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64CtxEncodeFinal",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "outSize=%d", outSize);
+ return(-1);
+ }
+ } else {
+ if(!xmlSecBase64CtxDecodeIsFinished(ctx)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64CtxIsFinished",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ /* add \0 */
+ if((outResSize + 1) < outSize) {
+ out[outResSize] = '\0';
+ }
+ return(outResSize);
+}
+
+static xmlSecBase64Status
+xmlSecBase64CtxEncodeByte(xmlSecBase64CtxPtr ctx, xmlSecByte inByte, xmlSecByte* outByte) {
+ xmlSecAssert2(ctx != NULL, xmlSecBase64StatusFailed);
+ xmlSecAssert2(outByte != NULL, xmlSecBase64StatusFailed);
+
+ if((ctx->columns > 0) && (ctx->linePos >= ctx->columns)) {
+ (*outByte) = '\n';
+ ctx->linePos = 0;
+ return(xmlSecBase64StatusConsumeAndRepeat);
+ } else if(ctx->inPos == 0) {
+ /* we just started new block */
+ (*outByte) = base64[xmlSecBase64Encode1(inByte)];
+ ctx->inByte = inByte;
+ ++ctx->linePos;
+ ++ctx->inPos;
+ return(xmlSecBase64StatusConsumeAndNext);
+ } else if(ctx->inPos == 1) {
+ (*outByte) = base64[xmlSecBase64Encode2(ctx->inByte, inByte)];
+ ctx->inByte = inByte;
+ ++ctx->linePos;
+ ++ctx->inPos;
+ return(xmlSecBase64StatusConsumeAndNext);
+ } else if(ctx->inPos == 2) {
+ (*outByte) = base64[xmlSecBase64Encode3(ctx->inByte, inByte)];
+ ctx->inByte = inByte;
+ ++ctx->linePos;
+ ++ctx->inPos;
+ return(xmlSecBase64StatusConsumeAndRepeat);
+ } else if(ctx->inPos == 3) {
+ (*outByte) = base64[xmlSecBase64Encode4(ctx->inByte)];
+ ++ctx->linePos;
+ ctx->inByte = 0;
+ ctx->inPos = 0;
+ return(xmlSecBase64StatusConsumeAndNext);
+ }
+
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "ctx->inPos=%d", ctx->inPos);
+ return(xmlSecBase64StatusFailed);
+}
+
+static xmlSecBase64Status
+xmlSecBase64CtxEncodeByteFinal(xmlSecBase64CtxPtr ctx, xmlSecByte* outByte) {
+ xmlSecAssert2(ctx != NULL, xmlSecBase64StatusFailed);
+ xmlSecAssert2(outByte != NULL, xmlSecBase64StatusFailed);
+
+ if(ctx->inPos == 0) {
+ return(xmlSecBase64StatusDone);
+ } else if((ctx->columns > 0) && (ctx->linePos >= ctx->columns)) {
+ (*outByte) = '\n';
+ ctx->linePos = 0;
+ return(xmlSecBase64StatusConsumeAndRepeat);
+ } else if(ctx->finished == 0) {
+ ctx->finished = 1;
+ return(xmlSecBase64CtxEncodeByte(ctx, 0, outByte));
+ } else if(ctx->inPos < 3) {
+ (*outByte) = '=';
+ ++ctx->inPos;
+ ++ctx->linePos;
+ return(xmlSecBase64StatusConsumeAndRepeat);
+ } else if(ctx->inPos == 3) {
+ (*outByte) = '=';
+ ++ctx->linePos;
+ ctx->inPos = 0;
+ return(xmlSecBase64StatusConsumeAndRepeat);
+ }
+
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "ctx->inPos=%d", ctx->inPos);
+ return(xmlSecBase64StatusFailed);
+}
+
+static xmlSecBase64Status
+xmlSecBase64CtxDecodeByte(xmlSecBase64CtxPtr ctx, xmlSecByte inByte, xmlSecByte* outByte) {
+ xmlSecAssert2(ctx != NULL, xmlSecBase64StatusFailed);
+ xmlSecAssert2(outByte != NULL, xmlSecBase64StatusFailed);
+
+ if((ctx->finished != 0) && (ctx->inPos == 0)) {
+ return(xmlSecBase64StatusDone);
+ } if(inByte == '=') {
+ ctx->finished = 1;
+ if(ctx->inPos < 2) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "ctx->inPos=%d", ctx->inPos);
+ return(xmlSecBase64StatusFailed);
+ } else if(ctx->inPos == 2) {
+ ++ctx->inPos;
+ return(xmlSecBase64StatusNext);
+ } else if(ctx->inPos == 3) {
+ ctx->inPos = 0;
+ return(xmlSecBase64StatusNext);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "ctx->inPos=%d", ctx->inPos);
+ return(xmlSecBase64StatusFailed);
+ }
+ } else if(xmlSecIsBase64Space(inByte)) {
+ return(xmlSecBase64StatusNext);
+ } else if(!xmlSecIsBase64Char(inByte) || (ctx->finished != 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "inByte=0x%02x", inByte);
+ return(xmlSecBase64StatusFailed);
+ }
+
+ /* convert from character to position in base64 array */
+ if((inByte >= 'A') && (inByte <= 'Z')) {
+ inByte = (inByte - 'A');
+ } else if((inByte >= 'a') && (inByte <= 'z')) {
+ inByte = 26 + (inByte - 'a');
+ } else if((inByte >= '0') && (inByte <= '9')) {
+ inByte = 52 + (inByte - '0');
+ } else if(inByte == '+') {
+ inByte = 62;
+ } else if(inByte == '/') {
+ inByte = 63;
+ }
+
+ if(ctx->inPos == 0) {
+ ctx->inByte = inByte;
+ ++ctx->inPos;
+ return(xmlSecBase64StatusNext);
+ } else if(ctx->inPos == 1) {
+ (*outByte) = xmlSecBase64Decode1(ctx->inByte, inByte);
+ ctx->inByte = inByte;
+ ++ctx->inPos;
+ return(xmlSecBase64StatusConsumeAndNext);
+ } else if(ctx->inPos == 2) {
+ (*outByte) = xmlSecBase64Decode2(ctx->inByte, inByte);
+ ctx->inByte = inByte;
+ ++ctx->inPos;
+ return(xmlSecBase64StatusConsumeAndNext);
+ } else if(ctx->inPos == 3) {
+ (*outByte) = xmlSecBase64Decode3(ctx->inByte, inByte);
+ ctx->inByte = 0;
+ ctx->inPos = 0;
+ return(xmlSecBase64StatusConsumeAndNext);
+ }
+
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "ctx->inPos=%d", ctx->inPos);
+ return(xmlSecBase64StatusFailed);
+}
+
+
+static int
+xmlSecBase64CtxEncode(xmlSecBase64CtxPtr ctx,
+ const xmlSecByte* inBuf, xmlSecSize inBufSize, xmlSecSize* inBufResSize,
+ xmlSecByte* outBuf, xmlSecSize outBufSize, xmlSecSize* outBufResSize) {
+ xmlSecBase64Status status = xmlSecBase64StatusNext;
+ xmlSecSize inPos, outPos;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(inBuf != NULL, -1);
+ xmlSecAssert2(inBufResSize != NULL, -1);
+ xmlSecAssert2(outBuf != NULL, -1);
+ xmlSecAssert2(outBufResSize != NULL, -1);
+
+ /* encode */
+ for(inPos = outPos = 0; (inPos < inBufSize) && (outPos < outBufSize); ) {
+ status = xmlSecBase64CtxEncodeByte(ctx, inBuf[inPos], &(outBuf[outPos]));
+ switch(status) {
+ case xmlSecBase64StatusConsumeAndNext:
+ ++inPos;
+ ++outPos;
+ break;
+ case xmlSecBase64StatusConsumeAndRepeat:
+ ++outPos;
+ break;
+ case xmlSecBase64StatusNext:
+ case xmlSecBase64StatusDone:
+ case xmlSecBase64StatusFailed:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64CtxEncodeByte",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "status=%d", status);
+ return(-1);
+ }
+ }
+
+ (*inBufResSize) = inPos;
+ (*outBufResSize) = outPos;
+
+ return(0);
+}
+
+static int
+xmlSecBase64CtxEncodeFinal(xmlSecBase64CtxPtr ctx,
+ xmlSecByte* outBuf, xmlSecSize outBufSize, xmlSecSize* outBufResSize) {
+ xmlSecBase64Status status = xmlSecBase64StatusNext;
+ xmlSecSize outPos;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(outBuf != NULL, -1);
+ xmlSecAssert2(outBufResSize != NULL, -1);
+
+ /* encode final bytes */
+ for(outPos = 0; (outPos < outBufSize) && (status != xmlSecBase64StatusDone); ) {
+ status = xmlSecBase64CtxEncodeByteFinal(ctx, &(outBuf[outPos]));
+ switch(status) {
+ case xmlSecBase64StatusConsumeAndNext:
+ case xmlSecBase64StatusConsumeAndRepeat:
+ ++outPos;
+ break;
+ case xmlSecBase64StatusDone:
+ break;
+ case xmlSecBase64StatusNext:
+ case xmlSecBase64StatusFailed:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64CtxEncodeByteFinal",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "status=%d", status);
+ return(-1);
+ }
+ }
+
+ if(status != xmlSecBase64StatusDone) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "outBufSize=%d", outBufSize);
+ return(-1);
+ }
+ if(outPos < outBufSize) {
+ outBuf[outPos] = '\0'; /* just in case */
+ }
+
+ (*outBufResSize) = outPos;
+ return(0);
+}
+
+
+static int
+xmlSecBase64CtxDecode(xmlSecBase64CtxPtr ctx,
+ const xmlSecByte* inBuf, xmlSecSize inBufSize, xmlSecSize* inBufResSize,
+ xmlSecByte* outBuf, xmlSecSize outBufSize, xmlSecSize* outBufResSize) {
+ xmlSecBase64Status status = xmlSecBase64StatusNext;
+ xmlSecSize inPos, outPos;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(inBuf != NULL, -1);
+ xmlSecAssert2(inBufResSize != NULL, -1);
+ xmlSecAssert2(outBuf != NULL, -1);
+ xmlSecAssert2(outBufResSize != NULL, -1);
+
+ /* decode */
+ for(inPos = outPos = 0; (inPos < inBufSize) && (outPos < outBufSize) && (status != xmlSecBase64StatusDone); ) {
+ status = xmlSecBase64CtxDecodeByte(ctx, inBuf[inPos], &(outBuf[outPos]));
+ switch(status) {
+ case xmlSecBase64StatusConsumeAndNext:
+ ++inPos;
+ ++outPos;
+ break;
+ case xmlSecBase64StatusConsumeAndRepeat:
+ ++outPos;
+ break;
+ case xmlSecBase64StatusNext:
+ ++inPos;
+ break;
+ case xmlSecBase64StatusDone:
+ break;
+ case xmlSecBase64StatusFailed:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64CtxDecodeByte",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "status=%d", status);
+ return(-1);
+ }
+ }
+
+ /* skip spaces at the end */
+ while((inPos < inBufSize) && xmlSecIsBase64Space(inBuf[inPos])) {
+ ++inPos;
+ }
+
+ (*inBufResSize) = inPos;
+ (*outBufResSize) = outPos;
+
+ return(0);
+}
+
+static int
+xmlSecBase64CtxDecodeIsFinished(xmlSecBase64CtxPtr ctx) {
+ xmlSecAssert2(ctx != NULL, -1);
+
+ return((ctx->inPos == 0) ? 1 : 0);
+}
+
+/**
+ * xmlSecBase64Encode:
+ * @buf: the input buffer.
+ * @len: the input buffer size.
+ * @columns: the output max line length (if 0 then no line breaks
+ * would be inserted)
+ *
+ * Encodes the data from input buffer and allocates the string for the result.
+ * The caller is responsible for freeing returned buffer using
+ * xmlFree() function.
+ *
+ * Returns: newly allocated string with base64 encoded data
+ * or NULL if an error occurs.
+ */
+xmlChar*
+xmlSecBase64Encode(const xmlSecByte *buf, xmlSecSize len, int columns) {
+ xmlSecBase64Ctx ctx;
+ xmlChar *ptr;
+ xmlSecSize size;
+ int size_update, size_final;
+ int ret;
+
+ xmlSecAssert2(buf != NULL, NULL);
+
+ ret = xmlSecBase64CtxInitialize(&ctx, 1, columns);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64CtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ /* create result buffer */
+ size = (4 * len) / 3 + 4;
+ if(columns > 0) {
+ size += (size / columns) + 4;
+ }
+ ptr = (xmlChar*) xmlMalloc(size);
+ if(ptr == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", size);
+ xmlSecBase64CtxFinalize(&ctx);
+ return(NULL);
+ }
+
+ ret = xmlSecBase64CtxUpdate(&ctx, buf, len, (xmlSecByte*)ptr, size);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64CtxUpdate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "len=%d", len);
+ xmlFree(ptr);
+ xmlSecBase64CtxFinalize(&ctx);
+ return(NULL);
+ }
+ size_update = ret;
+
+ ret = xmlSecBase64CtxFinal(&ctx, ((xmlSecByte*)ptr) + size_update, size - size_update);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64CtxFinal",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(ptr);
+ xmlSecBase64CtxFinalize(&ctx);
+ return(NULL);
+ }
+ size_final = ret;
+ ptr[size_update + size_final] = '\0';
+
+ xmlSecBase64CtxFinalize(&ctx);
+ return(ptr);
+}
+
+/**
+ * xmlSecBase64Decode:
+ * @str: the input buffer with base64 encoded string
+ * @buf: the output buffer
+ * @len: the output buffer size
+ *
+ * Decodes input base64 encoded string and puts result into
+ * the output buffer.
+ *
+ * Returns: the number of bytes written to the output buffer or
+ * a negative value if an error occurs
+ */
+int
+xmlSecBase64Decode(const xmlChar* str, xmlSecByte *buf, xmlSecSize len) {
+ xmlSecBase64Ctx ctx;
+ int size_update;
+ int size_final;
+ int ret;
+
+ xmlSecAssert2(str != NULL, -1);
+ xmlSecAssert2(buf != NULL, -1);
+
+ ret = xmlSecBase64CtxInitialize(&ctx, 0, 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64CtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecBase64CtxUpdate(&ctx, (const xmlSecByte*)str, xmlStrlen(str), buf, len);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64CtxUpdate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBase64CtxFinalize(&ctx);
+ return(-1);
+ }
+
+ size_update = ret;
+ ret = xmlSecBase64CtxFinal(&ctx, buf + size_update, len - size_update);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64CtxFinal",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBase64CtxFinalize(&ctx);
+ return(-1);
+ }
+ size_final = ret;
+
+ xmlSecBase64CtxFinalize(&ctx);
+ return(size_update + size_final);
+}
+
+/**************************************************************
+ *
+ * Base64 Transform
+ *
+ * xmlSecBase64Ctx is located after xmlSecTransform
+ *
+ **************************************************************/
+#define xmlSecBase64Size \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecBase64Ctx))
+#define xmlSecBase64GetCtx(transform) \
+ ((xmlSecTransformCheckSize((transform), xmlSecBase64Size)) ? \
+ (xmlSecBase64CtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)) : \
+ (xmlSecBase64CtxPtr)NULL)
+
+static int xmlSecBase64Initialize (xmlSecTransformPtr transform);
+static void xmlSecBase64Finalize (xmlSecTransformPtr transform);
+static int xmlSecBase64Execute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+
+static xmlSecTransformKlass xmlSecBase64Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecBase64Size, /* xmlSecSize objSize */
+
+ xmlSecNameBase64, /* const xmlChar* name; */
+ xmlSecHrefBase64, /* const xmlChar* href; */
+ xmlSecTransformUsageDSigTransform, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecBase64Initialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecBase64Finalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecBase64Execute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecTransformBase64GetKlass:
+ *
+ * The Base64 transform klass (http://www.w3.org/TR/xmldsig-core/#sec-Base-64).
+ * The normative specification for base64 decoding transforms is RFC 2045
+ * (http://www.ietf.org/rfc/rfc2045.txt). The base64 Transform element has
+ * no content. The input is decoded by the algorithms. This transform is
+ * useful if an application needs to sign the raw data associated with
+ * the encoded content of an element.
+ *
+ * Returns: base64 transform id.
+ */
+xmlSecTransformId
+xmlSecTransformBase64GetKlass(void) {
+ return(&xmlSecBase64Klass);
+}
+
+/**
+ * xmlSecTransformBase64SetLineSize:
+ * @transform: the pointer to BASE64 encode transform.
+ * @lineSize: the new max line size.
+ *
+ * Sets the max line size to @lineSize.
+ */
+void
+xmlSecTransformBase64SetLineSize(xmlSecTransformPtr transform, xmlSecSize lineSize) {
+ xmlSecBase64CtxPtr ctx;
+
+ xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecTransformBase64Id));
+
+ ctx = xmlSecBase64GetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ ctx->columns = lineSize;
+}
+
+static int
+xmlSecBase64Initialize(xmlSecTransformPtr transform) {
+ xmlSecBase64CtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformBase64Id), -1);
+
+ ctx = xmlSecBase64GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ transform->operation = xmlSecTransformOperationDecode;
+ ret = xmlSecBase64CtxInitialize(ctx, 0, xmlSecBase64GetDefaultLineSize());
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBase64CtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static void
+xmlSecBase64Finalize(xmlSecTransformPtr transform) {
+ xmlSecBase64CtxPtr ctx;
+
+ xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecTransformBase64Id));
+
+ ctx = xmlSecBase64GetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ xmlSecBase64CtxFinalize(ctx);
+}
+
+static int
+xmlSecBase64Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecBase64CtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ xmlSecSize inSize, outSize, outLen;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformBase64Id), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncode) || (transform->operation == xmlSecTransformOperationDecode), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecBase64GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ ctx->encode = (transform->operation == xmlSecTransformOperationEncode) ? 1 : 0;
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ switch(transform->status) {
+ case xmlSecTransformStatusWorking:
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+ if(inSize > 0) {
+ if(ctx->encode != 0) {
+ outLen = 4 * inSize / 3 + 8;
+ if(ctx->columns > 0) {
+ outLen += inSize / ctx->columns + 4;
+ }
+ } else {
+ outLen = 3 * inSize / 4 + 8;
+ }
+ ret = xmlSecBufferSetMaxSize(out, outSize + outLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + outLen);
+ return(-1);
+ }
+
+ /* encode/decode the next chunk */
+ ret = xmlSecBase64CtxUpdate(ctx, xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out) + outSize,
+ outLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBase64CtxUpdate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outLen = ret;
+
+ /* set correct size */
+ ret = xmlSecBufferSetSize(out, outSize + outLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + outLen);
+ return(-1);
+ }
+
+ /* remove chunk from input */
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ }
+
+ if(last) {
+ outSize = xmlSecBufferGetSize(out);
+
+ ret = xmlSecBufferSetMaxSize(out, outSize + 16);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + 16);
+ return(-1);
+ }
+
+ /* add from ctx buffer */
+ ret = xmlSecBase64CtxFinal(ctx, xmlSecBufferGetData(out) + outSize, 16);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBase64CtxFinal",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outLen = ret;
+
+ /* set correct size */
+ ret = xmlSecBufferSetSize(out, outSize + outLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + outLen);
+ return(-1);
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
+ break;
+ case xmlSecTransformStatusFinished:
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
+ break;
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+ return(0);
+}
+
+
diff --git a/src/bn.c b/src/bn.c
new file mode 100644
index 00000000..06a31d5b
--- /dev/null
+++ b/src/bn.c
@@ -0,0 +1,1060 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Big Numbers.
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/bn.h>
+#include <xmlsec/errors.h>
+
+/* table for converting hex digits back to bytes */
+static const int xmlSecBnLookupTable[] =
+{
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, -1, -1, -1, -1, -1, -1,
+ -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, 10, 11, 12, 13, 14, 15, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
+ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1
+};
+
+static const char xmlSecBnRevLookupTable[] =
+{
+ '0', '1', '2', '3', '4', '5', '6', '7',
+ '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'
+};
+
+/*****************************************************************************
+ *
+ * xmlSecBn
+ *
+ ****************************************************************************/
+/**
+ * xmlSecBnCreate:
+ * @size: the initial allocated BN size.
+ *
+ * Creates a new BN object. Caller is responsible for destroying it
+ * by calling @xmlSecBnDestroy function.
+ *
+ * Returns: the newly BN or a NULL if an error occurs.
+ */
+xmlSecBnPtr
+xmlSecBnCreate(xmlSecSize size) {
+ return(xmlSecBufferCreate(size));
+}
+
+/**
+ * xmlSecBnDestroy:
+ * @bn: the pointer to BN.
+ *
+ * Destroys @bn object created with @xmlSecBnCreate function.
+ */
+void
+xmlSecBnDestroy(xmlSecBnPtr bn) {
+ xmlSecBufferDestroy(bn);
+}
+
+/**
+ * xmlSecBnInitialize:
+ * @bn: the pointer to BN.
+ * @size: the initial allocated BN size.
+ *
+ * Initializes a BN object. Caller is responsible for destroying it
+ * by calling @xmlSecBnFinalize function.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecBnInitialize(xmlSecBnPtr bn, xmlSecSize size) {
+ return(xmlSecBufferInitialize(bn, size));
+}
+
+/**
+ * xmlSecBnFinalize:
+ * @bn: the pointer to BN.
+ *
+ * Destroys @bn object created with @xmlSecBnInitialize function.
+ */
+void
+xmlSecBnFinalize(xmlSecBnPtr bn) {
+ xmlSecBufferFinalize(bn);
+}
+
+/**
+ * xmlSecBnGetData:
+ * @bn: the pointer to BN.
+ *
+ * Gets pointer to the binary @bn representation.
+ *
+ * Returns: pointer to binary BN data or NULL if an error occurs.
+ */
+xmlSecByte*
+xmlSecBnGetData(xmlSecBnPtr bn) {
+ return(xmlSecBufferGetData(bn));
+}
+
+/**
+ * xmlSecBnSetData:
+ * @bn: the pointer to BN.
+ * @data: the pointer to new BN binary data.
+ * @size: the size of new BN data.
+ *
+ * Sets the value of @bn to @data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecBnSetData(xmlSecBnPtr bn, const xmlSecByte* data, xmlSecSize size) {
+ return(xmlSecBufferSetData(bn, data, size));
+}
+
+/**
+ * xmlSecBnGetSize:
+ * @bn: the pointer to BN.
+ *
+ * Gets the size of binary data in @bn.
+ *
+ * Returns: the size of binary data.
+ */
+xmlSecSize
+xmlSecBnGetSize(xmlSecBnPtr bn) {
+ return(xmlSecBufferGetSize(bn));
+}
+
+/**
+ * xmlSecBnZero:
+ * @bn: the pointer to BN.
+ *
+ * Sets the value of @bn to zero.
+ */
+void
+xmlSecBnZero(xmlSecBnPtr bn) {
+ xmlSecBufferEmpty(bn);
+}
+
+/**
+ * xmlSecBnFromString:
+ * @bn: the pointer to BN.
+ * @str: the string with BN.
+ * @base: the base for @str.
+ *
+ * Reads @bn from string @str assuming it has base @base.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecBnFromString(xmlSecBnPtr bn, const xmlChar* str, xmlSecSize base) {
+ xmlSecSize i, len, size;
+ xmlSecByte ch;
+ xmlSecByte* data;
+ int positive;
+ int nn;
+ int ret;
+
+ xmlSecAssert2(bn != NULL, -1);
+ xmlSecAssert2(str != NULL, -1);
+ xmlSecAssert2(base > 1, -1);
+ xmlSecAssert2(base <= sizeof(xmlSecBnRevLookupTable), -1);
+
+ /* trivial case */
+ len = xmlStrlen(str);
+ if(len == 0) {
+ return(0);
+ }
+
+ /* The result size could not exceed the input string length
+ * because each char fits inside a byte in all cases :)
+ * In truth, it would be likely less than 1/2 input string length
+ * because each byte is represented by 2 chars. If needed,
+ * buffer size would be increased by Mul/Add functions.
+ * Finally, we can add one byte for 00 or 10 prefix.
+ */
+ ret = xmlSecBufferSetMaxSize(bn, xmlSecBufferGetSize(bn) + len / 2 + 1 + 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnRevLookupTable",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", len / 2 + 1);
+ return (-1);
+ }
+
+ /* figure out if it is positive or negative number */
+ positive = 1;
+ i = 0;
+ while(i < len) {
+ ch = str[i++];
+
+ /* skip spaces */
+ if(isspace(ch)) {
+ continue;
+ }
+
+ /* check if it is + or - */
+ if(ch == '+') {
+ positive = 1;
+ break;
+ } else if(ch == '-') {
+ positive = 0;
+ break;
+ }
+
+ /* otherwise, it must be start of the number */
+ nn = xmlSecBnLookupTable[ch];
+ if((nn >= 0) && ((xmlSecSize)nn < base)) {
+ xmlSecAssert2(i > 0, -1);
+
+ /* no sign, positive by default */
+ positive = 1;
+ --i; /* make sure that we will look at this character in next loop */
+ break;
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "char=%c;base=%d",
+ ch, base);
+ return (-1);
+ }
+ }
+
+ /* now parse the number itself */
+ while(i < len) {
+ ch = str[i++];
+ if(isspace(ch)) {
+ continue;
+ }
+
+ xmlSecAssert2(ch <= sizeof(xmlSecBnLookupTable), -1);
+ nn = xmlSecBnLookupTable[ch];
+ if((nn < 0) || ((xmlSecSize)nn > base)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "char=%c;base=%d",
+ ch, base);
+ return (-1);
+ }
+
+ ret = xmlSecBnMul(bn, base);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnMul",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "base=%d", base);
+ return (-1);
+ }
+
+ ret = xmlSecBnAdd(bn, nn);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "base=%d", base);
+ return (-1);
+}
+ }
+
+ /* check if we need to add 00 prefix, do this for empty bn too */
+ data = xmlSecBufferGetData(bn);
+ size = xmlSecBufferGetSize(bn);
+ if(((size > 0) && (data[0] > 127)) || (size == 0)) {
+ ch = 0;
+ ret = xmlSecBufferPrepend(bn, &ch, 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferPrepend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "base=%d", base);
+ return (-1);
+ }
+ }
+
+ /* do 2's compliment and add 1 to represent negative value */
+ if(positive == 0) {
+ data = xmlSecBufferGetData(bn);
+ size = xmlSecBufferGetSize(bn);
+ for(i = 0; i < size; ++i) {
+ data[i] ^= 0xFF;
+ }
+
+ ret = xmlSecBnAdd(bn, 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "base=%d", base);
+ return (-1);
+ }
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecBnToString:
+ * @bn: the pointer to BN.
+ * @base: the base for returned string.
+ *
+ * Writes @bn to string with base @base. Caller is responsible for
+ * freeing returned string with @xmlFree.
+ *
+ * Returns: the string represenataion if BN or a NULL if an error occurs.
+ */
+xmlChar*
+xmlSecBnToString(xmlSecBnPtr bn, xmlSecSize base) {
+ xmlSecBn bn2;
+ int positive = 1;
+ xmlChar* res;
+ xmlSecSize i, len, size;
+ xmlSecByte* data;
+ int ret;
+ int nn;
+ xmlChar ch;
+
+ xmlSecAssert2(bn != NULL, NULL);
+ xmlSecAssert2(base > 1, NULL);
+ xmlSecAssert2(base <= sizeof(xmlSecBnRevLookupTable), NULL);
+
+
+ /* copy bn */
+ data = xmlSecBufferGetData(bn);
+ size = xmlSecBufferGetSize(bn);
+ ret = xmlSecBnInitialize(&bn2, size);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", size);
+ return (NULL);
+ }
+
+ ret = xmlSecBnSetData(&bn2, data, size);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnSetData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", size);
+ xmlSecBnFinalize(&bn2);
+ return (NULL);
+ }
+
+ /* check if it is a negative number or not */
+ data = xmlSecBufferGetData(&bn2);
+ size = xmlSecBufferGetSize(&bn2);
+ if((size > 0) && (data[0] > 127)) {
+ /* subtract 1 and do 2's compliment */
+ ret = xmlSecBnAdd(&bn2, -1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", size);
+ xmlSecBnFinalize(&bn2);
+ return (NULL);
+ }
+ for(i = 0; i < size; ++i) {
+ data[i] ^= 0xFF;
+ }
+
+ positive = 0;
+ } else {
+ positive = 1;
+ }
+
+ /* Result string len is
+ * len = log base (256) * <bn size>
+ * Since the smallest base == 2 then we can get away with
+ * len = 8 * <bn size>
+ */
+ len = 8 * size + 1 + 1;
+ res = (xmlChar*)xmlMalloc(len + 1);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "len=%d", len);
+ xmlSecBnFinalize(&bn2);
+ return (NULL);
+ }
+ memset(res, 0, len + 1);
+
+ for(i = 0; (xmlSecBufferGetSize(&bn2) > 0) && (i < len); i++) {
+ if(xmlSecBnDiv(&bn2, base, &nn) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnDiv",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "base=%d", base);
+ xmlFree(res);
+ xmlSecBnFinalize(&bn2);
+ return (NULL);
+ }
+ xmlSecAssert2((size_t)nn < sizeof(xmlSecBnRevLookupTable), NULL);
+ res[i] = xmlSecBnRevLookupTable[nn];
+ }
+ xmlSecAssert2(i < len, NULL);
+
+ /* we might have '0' at the beggining, remove it but keep one zero */
+ for(len = i; (len > 1) && (res[len - 1] == '0'); len--);
+ res[len] = '\0';
+
+ /* add "-" for negative numbers */
+ if(positive == 0) {
+ res[len] = '-';
+ res[++len] = '\0';
+ }
+
+ /* swap the string because we wrote it in reverse order */
+ for(i = 0; i < len / 2; i++) {
+ ch = res[i];
+ res[i] = res[len - i - 1];
+ res[len - i - 1] = ch;
+ }
+
+ xmlSecBnFinalize(&bn2);
+ return(res);
+}
+
+/**
+ * xmlSecBnFromHexString:
+ * @bn: the pointer to BN.
+ * @str: the string with BN.
+ *
+ * Reads @bn from hex string @str.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecBnFromHexString(xmlSecBnPtr bn, const xmlChar* str) {
+ return(xmlSecBnFromString(bn, str, 16));
+}
+
+/**
+ * xmlSecBnToHexString:
+ * @bn: the pointer to BN.
+ *
+ * Writes @bn to hex string. Caller is responsible for
+ * freeing returned string with @xmlFree.
+ *
+ * Returns: the string represenataion if BN or a NULL if an error occurs.
+ */
+xmlChar*
+xmlSecBnToHexString(xmlSecBnPtr bn) {
+ return(xmlSecBnToString(bn, 16));
+}
+
+/**
+ * xmlSecBnFromDecString:
+ * @bn: the pointer to BN.
+ * @str: the string with BN.
+ *
+ * Reads @bn from decimal string @str.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecBnFromDecString(xmlSecBnPtr bn, const xmlChar* str) {
+ return(xmlSecBnFromString(bn, str, 10));
+}
+
+/**
+ * xmlSecBnToDecString:
+ * @bn: the pointer to BN.
+ *
+ * Writes @bn to decimal string. Caller is responsible for
+ * freeing returned string with @xmlFree.
+ *
+ * Returns: the string represenataion if BN or a NULL if an error occurs.
+ */
+xmlChar*
+xmlSecBnToDecString(xmlSecBnPtr bn) {
+ return(xmlSecBnToString(bn, 10));
+}
+
+/**
+ * xmlSecBnMul:
+ * @bn: the pointer to BN.
+ * @multiplier: the multiplier.
+ *
+ * Multiplies @bn with @multiplier.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecBnMul(xmlSecBnPtr bn, int multiplier) {
+ xmlSecByte* data;
+ int over;
+ xmlSecSize i;
+ xmlSecByte ch;
+ int ret;
+
+ xmlSecAssert2(bn != NULL, -1);
+ xmlSecAssert2(multiplier > 0, -1);
+
+ if(multiplier == 1) {
+ return(0);
+ }
+
+ data = xmlSecBufferGetData(bn);
+ i = xmlSecBufferGetSize(bn);
+ over = 0;
+ while(i > 0) {
+ xmlSecAssert2(data != NULL, -1);
+
+ over = over + multiplier * data[--i];
+ data[i] = over % 256;
+ over = over / 256;
+ }
+
+ while(over > 0) {
+ ch = over % 256;
+ over = over / 256;
+
+ ret = xmlSecBufferPrepend(bn, &ch, 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferPrepend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=1");
+ return (-1);
+ }
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecBnDiv:
+ * @bn: the pointer to BN.
+ * @divider: the divider
+ * @mod: the pointer for modulus result.
+ *
+ * Divides @bn by @divider and places modulus into @mod.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecBnDiv(xmlSecBnPtr bn, int divider, int* mod) {
+ int over;
+ xmlSecSize i, size;
+ xmlSecByte* data;
+ int ret;
+
+ xmlSecAssert2(bn != NULL, -1);
+ xmlSecAssert2(divider > 0, -1);
+ xmlSecAssert2(mod != NULL, -1);
+
+ if(divider == 1) {
+ return(0);
+ }
+
+ data = xmlSecBufferGetData(bn);
+ size = xmlSecBufferGetSize(bn);
+ for(over = 0, i = 0; i < size; i++) {
+ xmlSecAssert2(data != NULL, -1);
+
+ over = over * 256 + data[i];
+ data[i] = over / divider;
+ over = over % divider;
+ }
+ (*mod) = over;
+
+ /* remove leading zeros */
+ for(i = 0; i < size; i++) {
+ xmlSecAssert2(data != NULL, -1);
+
+ if(data[i] != 0) {
+ break;
+ }
+ }
+ if(i > 0) {
+ ret = xmlSecBufferRemoveHead(bn, i);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", i);
+ return (-1);
+ }
+ }
+ return(0);
+}
+
+/**
+ * xmlSecBnAdd:
+ * @bn: the pointer to BN.
+ * @delta: the delta.
+ *
+ * Adds @delta to @bn.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecBnAdd(xmlSecBnPtr bn, int delta) {
+ int over, tmp;
+ xmlSecByte* data;
+ xmlSecSize i;
+ xmlSecByte ch;
+ int ret;
+
+ xmlSecAssert2(bn != NULL, -1);
+
+ if(delta == 0) {
+ return(0);
+ }
+
+ data = xmlSecBufferGetData(bn);
+ if(delta > 0) {
+ for(over = delta, i = xmlSecBufferGetSize(bn); (i > 0) && (over > 0) ;) {
+ xmlSecAssert2(data != NULL, -1);
+
+ tmp = data[--i];
+ over += tmp;
+ data[i] = over % 256;
+ over = over / 256;
+ }
+
+ while(over > 0) {
+ ch = over % 256;
+ over = over / 256;
+
+ ret = xmlSecBufferPrepend(bn, &ch, 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferPrepend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=1");
+ return (-1);
+ }
+ }
+ } else {
+ for(over = -delta, i = xmlSecBufferGetSize(bn); (i > 0) && (over > 0);) {
+ xmlSecAssert2(data != NULL, -1);
+
+ tmp = data[--i];
+ if(tmp < over) {
+ data[i] = 0;
+ over = (over - tmp) / 256;
+ } else {
+ data[i] = tmp - over;
+ over = 0;
+ }
+ }
+ }
+ return(0);
+}
+
+/**
+ * xmlSecBnReverse:
+ * @bn: the pointer to BN.
+ *
+ * Reverses bytes order in @bn.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecBnReverse(xmlSecBnPtr bn) {
+ xmlSecByte* data;
+ xmlSecSize i, j, size;
+ xmlSecByte ch;
+
+ xmlSecAssert2(bn != NULL, -1);
+
+ data = xmlSecBufferGetData(bn);
+ size = xmlSecBufferGetSize(bn);
+ for(i = 0, j = size - 1; i < size / 2; ++i, --j) {
+ xmlSecAssert2(data != NULL, -1);
+
+ ch = data[i];
+ data[i] = data[j];
+ data[j] = ch;
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecBnCompare:
+ * @bn: the pointer to BN.
+ * @data: the data to compare BN to.
+ * @dataSize: the @data size.
+ *
+ * Compares the @bn with @data.
+ *
+ * Returns: 0 if data is equal, negative value if @bn is less or positive value if @bn
+ * is greater than @data.
+ */
+int
+xmlSecBnCompare(xmlSecBnPtr bn, const xmlSecByte* data, xmlSecSize dataSize) {
+ xmlSecByte* bnData;
+ xmlSecSize bnSize;
+
+ xmlSecAssert2(bn != NULL, -1);
+
+ bnData = xmlSecBnGetData(bn);
+ bnSize = xmlSecBnGetSize(bn);
+
+ /* skip zeros in the beggining */
+ while((dataSize > 0) && (data != 0) && (data[0] == 0)) {
+ ++data;
+ --dataSize;
+ }
+ while((bnSize > 0) && (bnData != 0) && (bnData[0] == 0)) {
+ ++bnData;
+ --bnSize;
+ }
+
+ if(((bnData == NULL) || (bnSize == 0)) && ((data == NULL) || (dataSize == 0))) {
+ return(0);
+ } else if((bnData == NULL) || (bnSize == 0)) {
+ return(-1);
+ } else if((data == NULL) || (dataSize == 0)) {
+ return(1);
+ } else if(bnSize < dataSize) {
+ return(-1);
+ } else if(bnSize > dataSize) {
+ return(-1);
+ }
+
+ xmlSecAssert2(bnData != NULL, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(bnSize == dataSize, -1);
+
+ return(memcmp(bnData, data, dataSize));
+}
+
+/**
+ * xmlSecBnCompareReverse:
+ * @bn: the pointer to BN.
+ * @data: the data to compare BN to.
+ * @dataSize: the @data size.
+ *
+ * Compares the @bn with reverse @data.
+ *
+ * Returns: 0 if data is equal, negative value if @bn is less or positive value if @bn
+ * is greater than @data.
+ */
+int
+xmlSecBnCompareReverse(xmlSecBnPtr bn, const xmlSecByte* data, xmlSecSize dataSize) {
+ xmlSecByte* bnData;
+ xmlSecSize bnSize;
+ xmlSecSize i, j;
+
+ xmlSecAssert2(bn != NULL, -1);
+
+ bnData = xmlSecBnGetData(bn);
+ bnSize = xmlSecBnGetSize(bn);
+
+ /* skip zeros in the beggining */
+ while((dataSize > 0) && (data != 0) && (data[dataSize - 1] == 0)) {
+ --dataSize;
+ }
+ while((bnSize > 0) && (bnData != 0) && (bnData[0] == 0)) {
+ ++bnData;
+ --bnSize;
+ }
+
+ if(((bnData == NULL) || (bnSize == 0)) && ((data == NULL) || (dataSize == 0))) {
+ return(0);
+ } else if((bnData == NULL) || (bnSize == 0)) {
+ return(-1);
+ } else if((data == NULL) || (dataSize == 0)) {
+ return(1);
+ } else if(bnSize < dataSize) {
+ return(-1);
+ } else if(bnSize > dataSize) {
+ return(-1);
+ }
+
+ xmlSecAssert2(bnData != NULL, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(bnSize == dataSize, -1);
+ for(i = 0, j = dataSize - 1; i < dataSize; ++i, --j) {
+ if(bnData[i] < data[j]) {
+ return(-1);
+ } else if(data[j] < bnData[i]) {
+ return(1);
+ }
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecBnGetNodeValue:
+ * @bn: the pointer to BN.
+ * @cur: the poitner to an XML node.
+ * @format: the BN format.
+ * @reverse: if set then reverse read buffer after reading.
+ *
+ * Converts the node content from @format to @bn.
+ *
+ * Returns: 0 on success and a negative values if an error occurs.
+ */
+int
+xmlSecBnGetNodeValue(xmlSecBnPtr bn, xmlNodePtr cur, xmlSecBnFormat format, int reverse) {
+ xmlChar* content;
+ int ret;
+
+ xmlSecAssert2(bn != NULL, -1);
+ xmlSecAssert2(cur != NULL, -1);
+
+ switch(format) {
+ case xmlSecBnBase64:
+ ret = xmlSecBufferBase64NodeContentRead(bn, cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferBase64NodeContentRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ break;
+ case xmlSecBnHex:
+ content = xmlNodeGetContent(cur);
+ if(content == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNodeGetContent",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ ret = xmlSecBnFromHexString(bn, content);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnFromHexString",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(content);
+ return(-1);
+ }
+ xmlFree(content);
+ break;
+ case xmlSecBnDec:
+ content = xmlNodeGetContent(cur);
+ if(content == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNodeGetContent",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ ret = xmlSecBnFromDecString(bn, content);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnFromDecString",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(content);
+ return(-1);
+ }
+ xmlFree(content);
+ break;
+ }
+
+ if(reverse != 0) {
+ ret = xmlSecBnReverse(bn);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnReverse",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ return(0);
+}
+
+/**
+ * xmlSecBnSetNodeValue:
+ * @bn: the pointer to BN.
+ * @cur: the poitner to an XML node.
+ * @format: the BN format.
+ * @reverse: the flag that indicates whether to reverse the buffer before writing.
+ * @addLineBreaks: the flag; it is equal to 1 then linebreaks will be added before and after new buffer content.
+ *
+ * Converts the @bn and sets it to node content.
+ *
+ * Returns: 0 on success and a negative values if an error occurs.
+ */
+int
+xmlSecBnSetNodeValue(xmlSecBnPtr bn, xmlNodePtr cur, xmlSecBnFormat format, int reverse, int addLineBreaks) {
+ xmlChar* content;
+ int ret;
+
+ xmlSecAssert2(bn != NULL, -1);
+ xmlSecAssert2(cur != NULL, -1);
+
+ if(reverse != 0) {
+ ret = xmlSecBnReverse(bn);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnReverse",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ if(addLineBreaks) {
+ xmlNodeAddContent(cur, xmlSecStringCR);
+ }
+
+ switch(format) {
+ case xmlSecBnBase64:
+ ret = xmlSecBufferBase64NodeContentWrite(bn, cur, xmlSecBase64GetDefaultLineSize());
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferBase64NodeContentWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ break;
+ case xmlSecBnHex:
+ content = xmlSecBnToHexString(bn);
+ if(content == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnToHexString",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(content);
+ return(-1);
+ }
+ xmlNodeSetContent(cur, content);
+ xmlFree(content);
+ break;
+ case xmlSecBnDec:
+ content = xmlSecBnToDecString(bn);
+ if(content == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnToDecString",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(content);
+ return(-1);
+ }
+ xmlNodeSetContent(cur, content);
+ xmlFree(content);
+ break;
+ }
+
+ if(addLineBreaks) {
+ xmlNodeAddContent(cur, xmlSecStringCR);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecBnBlobSetNodeValue:
+ * @data: the pointer to BN blob.
+ * @dataSize: the size of BN blob.
+ * @cur: the poitner to an XML node.
+ * @format: the BN format.
+ * @reverse: the flag that indicates whether to reverse the buffer before writing.
+ * @addLineBreaks: if the flag is equal to 1 then
+ * linebreaks will be added before and after
+ * new buffer content.
+ *
+ * Converts the @blob and sets it to node content.
+ *
+ * Returns: 0 on success and a negative values if an error occurs.
+ */
+int
+xmlSecBnBlobSetNodeValue(const xmlSecByte* data, xmlSecSize dataSize,
+ xmlNodePtr cur, xmlSecBnFormat format, int reverse,
+ int addLineBreaks) {
+ xmlSecBn bn;
+ int ret;
+
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(cur != NULL, -1);
+
+ ret = xmlSecBnInitialize(&bn, dataSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecBnSetData(&bn, data, dataSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnSetData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBnFinalize(&bn);
+ return(-1);
+ }
+
+ ret = xmlSecBnSetNodeValue(&bn, cur, format, reverse, addLineBreaks);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnSetNodeValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBnFinalize(&bn);
+ return(-1);
+ }
+
+ xmlSecBnFinalize(&bn);
+ return(0);
+}
+
+
diff --git a/src/buffer.c b/src/buffer.c
new file mode 100644
index 00000000..0efbfed2
--- /dev/null
+++ b/src/buffer.c
@@ -0,0 +1,674 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Memory buffer.
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/buffer.h>
+#include <xmlsec/errors.h>
+
+/*****************************************************************************
+ *
+ * xmlSecBuffer
+ *
+ ****************************************************************************/
+static xmlSecAllocMode gAllocMode = xmlSecAllocModeDouble;
+static xmlSecSize gInitialSize = 1024;
+
+/**
+ * xmlSecBufferSetDefaultAllocMode:
+ * @defAllocMode: the new default buffer allocation mode.
+ * @defInitialSize: the new default buffer minimal intial size.
+ *
+ * Sets new global default allocation mode and minimal intial size.
+ */
+void
+xmlSecBufferSetDefaultAllocMode(xmlSecAllocMode defAllocMode, xmlSecSize defInitialSize) {
+ xmlSecAssert(defInitialSize > 0);
+
+ gAllocMode = defAllocMode;
+ gInitialSize = defInitialSize;
+}
+
+/**
+ * xmlSecBufferCreate:
+ * @size: the intial size.
+ *
+ * Allocates and initalizes new memory buffer with given size.
+ * Caller is responsible for calling #xmlSecBufferDestroy function
+ * to free the buffer.
+ *
+ * Returns: pointer to newly allocated buffer or NULL if an error occurs.
+ */
+xmlSecBufferPtr
+xmlSecBufferCreate(xmlSecSize size) {
+ xmlSecBufferPtr buf;
+ int ret;
+
+ buf = (xmlSecBufferPtr)xmlMalloc(sizeof(xmlSecBuffer));
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "sizeof(xmlSecBuffer)=%d", sizeof(xmlSecBuffer));
+ return(NULL);
+ }
+
+ ret = xmlSecBufferInitialize(buf, size);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", size);
+ xmlSecBufferDestroy(buf);
+ return(NULL);
+ }
+ return(buf);
+}
+
+/**
+ * xmlSecBufferDestroy:
+ * @buf: the pointer to buffer object.
+ *
+ * Desrtoys buffer object created with #xmlSecBufferCreate function.
+ */
+void
+xmlSecBufferDestroy(xmlSecBufferPtr buf) {
+ xmlSecAssert(buf != NULL);
+
+ xmlSecBufferFinalize(buf);
+ xmlFree(buf);
+}
+
+/**
+ * xmlSecBufferInitialize:
+ * @buf: the pointer to buffer object.
+ * @size: the initial buffer size.
+ *
+ * Initializes buffer object @buf. Caller is responsible for calling
+ * #xmlSecBufferFinalize function to free allocated resources.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecBufferInitialize(xmlSecBufferPtr buf, xmlSecSize size) {
+ xmlSecAssert2(buf != NULL, -1);
+
+ buf->data = NULL;
+ buf->size = buf->maxSize = 0;
+ buf->allocMode = gAllocMode;
+
+ return(xmlSecBufferSetMaxSize(buf, size));
+}
+
+/**
+ * xmlSecBufferFinalize:
+ * @buf: the pointer to buffer object.
+ *
+ * Frees allocated resource for a buffer intialized with #xmlSecBufferInitialize
+ * function.
+ */
+void
+xmlSecBufferFinalize(xmlSecBufferPtr buf) {
+ xmlSecAssert(buf != NULL);
+
+ xmlSecBufferEmpty(buf);
+ if(buf->data != 0) {
+ xmlFree(buf->data);
+ }
+ buf->data = NULL;
+ buf->size = buf->maxSize = 0;
+}
+
+/**
+ * xmlSecBufferEmpty:
+ * @buf: the pointer to buffer object.
+ *
+ * Empties the buffer.
+ */
+void
+xmlSecBufferEmpty(xmlSecBufferPtr buf) {
+ xmlSecAssert(buf != NULL);
+
+ if(buf->data != 0) {
+ xmlSecAssert(buf->maxSize > 0);
+
+ memset(buf->data, 0, buf->maxSize);
+ }
+ buf->size = 0;
+}
+
+/**
+ * xmlSecBufferGetData:
+ * @buf: the pointer to buffer object.
+ *
+ * Gets pointer to buffer's data.
+ *
+ * Returns: pointer to buffer's data.
+ */
+xmlSecByte*
+xmlSecBufferGetData(xmlSecBufferPtr buf) {
+ xmlSecAssert2(buf != NULL, NULL);
+
+ return(buf->data);
+}
+
+/**
+ * xmlSecBufferSetData:
+ * @buf: the pointer to buffer object.
+ * @data: the data.
+ * @size: the data size.
+ *
+ * Sets the value of the buffer to @data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecBufferSetData(xmlSecBufferPtr buf, const xmlSecByte* data, xmlSecSize size) {
+ int ret;
+
+ xmlSecAssert2(buf != NULL, -1);
+
+ xmlSecBufferEmpty(buf);
+ if(size > 0) {
+ xmlSecAssert2(data != NULL, -1);
+
+ ret = xmlSecBufferSetMaxSize(buf, size);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", size);
+ return(-1);
+ }
+
+ memcpy(buf->data, data, size);
+ }
+
+ buf->size = size;
+ return(0);
+}
+
+/**
+ * xmlSecBufferGetSize:
+ * @buf: the pointer to buffer object.
+ *
+ * Gets the current buffer data size.
+ *
+ * Returns: the current data size.
+ */
+xmlSecSize
+xmlSecBufferGetSize(xmlSecBufferPtr buf) {
+ xmlSecAssert2(buf != NULL, 0);
+
+ return(buf->size);
+}
+
+/**
+ * xmlSecBufferSetSize:
+ * @buf: the pointer to buffer object.
+ * @size: the new data size.
+ *
+ * Sets new buffer data size. If necessary, buffer grows to
+ * have at least @size bytes.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecBufferSetSize(xmlSecBufferPtr buf, xmlSecSize size) {
+ int ret;
+
+ xmlSecAssert2(buf != NULL, -1);
+
+ ret = xmlSecBufferSetMaxSize(buf, size);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", size);
+ return(-1);
+ }
+
+
+ buf->size = size;
+ return(0);
+}
+
+/**
+ * xmlSecBufferGetMaxSize:
+ * @buf: the pointer to buffer object.
+ *
+ * Gets the maximum (allocated) buffer size.
+ *
+ * Returns: the maximum (allocated) buffer size.
+ */
+xmlSecSize
+xmlSecBufferGetMaxSize(xmlSecBufferPtr buf) {
+ xmlSecAssert2(buf != NULL, 0);
+
+ return(buf->maxSize);
+}
+
+/**
+ * xmlSecBufferSetMaxSize:
+ * @buf: the pointer to buffer object.
+ * @size: the new maximum size.
+ *
+ * Sets new buffer maximum size. If necessary, buffer grows to
+ * have at least @size bytes.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecBufferSetMaxSize(xmlSecBufferPtr buf, xmlSecSize size) {
+ xmlSecByte* newData;
+ xmlSecSize newSize = 0;
+
+ xmlSecAssert2(buf != NULL, -1);
+ if(size <= buf->maxSize) {
+ return(0);
+ }
+
+ switch(buf->allocMode) {
+ case xmlSecAllocModeExact:
+ newSize = size + 8;
+ break;
+ case xmlSecAllocModeDouble:
+ newSize = 2 * size + 32;
+ break;
+ }
+
+ if(newSize < gInitialSize) {
+ newSize = gInitialSize;
+ }
+
+
+ if(buf->data != NULL) {
+ newData = (xmlSecByte*)xmlRealloc(buf->data, newSize);
+ } else {
+ newData = (xmlSecByte*)xmlMalloc(newSize);
+ }
+ if(newData == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", newSize);
+ return(-1);
+ }
+
+ buf->data = newData;
+ buf->maxSize = newSize;
+
+ if(buf->size < buf->maxSize) {
+ xmlSecAssert2(buf->data != NULL, -1);
+ memset(buf->data + buf->size, 0, buf->maxSize - buf->size);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecBufferAppend:
+ * @buf: the pointer to buffer object.
+ * @data: the data.
+ * @size: the data size.
+ *
+ * Appends the @data after the current data stored in the buffer.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecBufferAppend(xmlSecBufferPtr buf, const xmlSecByte* data, xmlSecSize size) {
+ int ret;
+
+ xmlSecAssert2(buf != NULL, -1);
+
+ if(size > 0) {
+ xmlSecAssert2(data != NULL, -1);
+
+ ret = xmlSecBufferSetMaxSize(buf, buf->size + size);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", buf->size + size);
+ return(-1);
+ }
+
+ memcpy(buf->data + buf->size, data, size);
+ buf->size += size;
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecBufferPrepend:
+ * @buf: the pointer to buffer object.
+ * @data: the data.
+ * @size: the data size.
+ *
+ * Prepends the @data before the current data stored in the buffer.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecBufferPrepend(xmlSecBufferPtr buf, const xmlSecByte* data, xmlSecSize size) {
+ int ret;
+
+ xmlSecAssert2(buf != NULL, -1);
+
+ if(size > 0) {
+ xmlSecAssert2(data != NULL, -1);
+
+ ret = xmlSecBufferSetMaxSize(buf, buf->size + size);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", buf->size + size);
+ return(-1);
+ }
+
+ memmove(buf->data + size, buf->data, buf->size);
+ memcpy(buf->data, data, size);
+ buf->size += size;
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecBufferRemoveHead:
+ * @buf: the pointer to buffer object.
+ * @size: the number of bytes to be removed.
+ *
+ * Removes @size bytes from the beginning of the current buffer.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecBufferRemoveHead(xmlSecBufferPtr buf, xmlSecSize size) {
+ xmlSecAssert2(buf != NULL, -1);
+
+ if(size < buf->size) {
+ xmlSecAssert2(buf->data != NULL, -1);
+
+ buf->size -= size;
+ memmove(buf->data, buf->data + size, buf->size);
+ } else {
+ buf->size = 0;
+ }
+ if(buf->size < buf->maxSize) {
+ xmlSecAssert2(buf->data != NULL, -1);
+ memset(buf->data + buf->size, 0, buf->maxSize - buf->size);
+ }
+ return(0);
+}
+
+/**
+ * xmlSecBufferRemoveTail:
+ * @buf: the pointer to buffer object.
+ * @size: the number of bytes to be removed.
+ *
+ * Removes @size bytes from the end of current buffer.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecBufferRemoveTail(xmlSecBufferPtr buf, xmlSecSize size) {
+ xmlSecAssert2(buf != NULL, -1);
+
+ if(size < buf->size) {
+ buf->size -= size;
+ } else {
+ buf->size = 0;
+ }
+ if(buf->size < buf->maxSize) {
+ xmlSecAssert2(buf->data != NULL, -1);
+ memset(buf->data + buf->size, 0, buf->maxSize - buf->size);
+ }
+ return(0);
+}
+
+/**
+ * xmlSecBufferReadFile:
+ * @buf: the pointer to buffer object.
+ * @filename: the filename.
+ *
+ * Reads the content of the file @filename in the buffer.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecBufferReadFile(xmlSecBufferPtr buf, const char* filename) {
+ xmlSecByte buffer[1024];
+ FILE* f;
+ int ret, len;
+
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(filename != NULL, -1);
+
+ f = fopen(filename, "rb");
+ if(f == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "fopen",
+ XMLSEC_ERRORS_R_IO_FAILED,
+ "filename=%s;errno=%d",
+ xmlSecErrorsSafeString(filename),
+ errno);
+ return(-1);
+ }
+
+ while(1) {
+ len = fread(buffer, 1, sizeof(buffer), f);
+ if(len == 0) {
+ break;
+ }else if(len < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "fread",
+ XMLSEC_ERRORS_R_IO_FAILED,
+ "filename=%s;errno=%d",
+ xmlSecErrorsSafeString(filename),
+ errno);
+ fclose(f);
+ return(-1);
+ }
+
+ ret = xmlSecBufferAppend(buf, buffer, len);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d",
+ len);
+ fclose(f);
+ return(-1);
+ }
+ }
+
+ fclose(f);
+ return(0);
+}
+
+/**
+ * xmlSecBufferBase64NodeContentRead:
+ * @buf: the pointer to buffer object.
+ * @node: the pointer to node.
+ *
+ * Reads the content of the @node, base64 decodes it and stores the
+ * result in the buffer.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecBufferBase64NodeContentRead(xmlSecBufferPtr buf, xmlNodePtr node) {
+ xmlChar* content;
+ xmlSecSize size;
+ int ret;
+
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ content = xmlNodeGetContent(node);
+ if(content == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* base64 decode size is less than input size */
+ ret = xmlSecBufferSetMaxSize(buf, xmlStrlen(content));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(content);
+ return(-1);
+ }
+
+ ret = xmlSecBase64Decode(content, xmlSecBufferGetData(buf), xmlSecBufferGetMaxSize(buf));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Decode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(content);
+ return(-1);
+ }
+ size = ret;
+
+ ret = xmlSecBufferSetSize(buf, size);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", size);
+ xmlFree(content);
+ return(-1);
+ }
+ xmlFree(content);
+
+ return(0);
+}
+
+/**
+ * xmlSecBufferBase64NodeContentWrite:
+ * @buf: the pointer to buffer object.
+ * @node: the pointer to a node.
+ * @columns: the max line size fro base64 encoded data.
+ *
+ * Sets the content of the @node to the base64 encoded buffer data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecBufferBase64NodeContentWrite(xmlSecBufferPtr buf, xmlNodePtr node, int columns) {
+ xmlChar* content;
+
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ content = xmlSecBase64Encode(xmlSecBufferGetData(buf), xmlSecBufferGetSize(buf), columns);
+ if(content == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ xmlNodeAddContent(node, content);
+ xmlFree(content);
+
+ return(0);
+}
+
+/************************************************************************
+ *
+ * IO buffer
+ *
+ ************************************************************************/
+static int xmlSecBufferIOWrite (xmlSecBufferPtr buf,
+ const xmlSecByte *data,
+ xmlSecSize size);
+static int xmlSecBufferIOClose (xmlSecBufferPtr buf);
+
+/**
+ * xmlSecBufferCreateOutputBuffer:
+ * @buf: the pointer to buffer.
+ *
+ * Creates new LibXML output buffer to store data in the @buf. Caller is
+ * responsible for destroying @buf when processing is done.
+ *
+ * Returns: pointer to newly allocated output buffer or NULL if an error
+ * occurs.
+ */
+xmlOutputBufferPtr
+xmlSecBufferCreateOutputBuffer(xmlSecBufferPtr buf) {
+ return(xmlOutputBufferCreateIO((xmlOutputWriteCallback)xmlSecBufferIOWrite,
+ (xmlOutputCloseCallback)xmlSecBufferIOClose,
+ buf,
+ NULL));
+}
+
+static int
+xmlSecBufferIOWrite(xmlSecBufferPtr buf, const xmlSecByte *data, xmlSecSize size) {
+ int ret;
+
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(data != NULL, -1);
+
+ ret = xmlSecBufferAppend(buf, data, size);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", size);
+ return(-1);
+ }
+
+ return(size);
+}
+
+static int
+xmlSecBufferIOClose(xmlSecBufferPtr buf) {
+ xmlSecAssert2(buf != NULL, -1);
+
+ /* just do nothing */
+ return(0);
+}
diff --git a/src/c14n.c b/src/c14n.c
new file mode 100644
index 00000000..5967a35e
--- /dev/null
+++ b/src/c14n.c
@@ -0,0 +1,801 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Canonicalization transforms.
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <libxml/tree.h>
+#include <libxml/c14n.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/list.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/errors.h>
+
+/******************************************************************************
+ *
+ * C14N transforms
+ *
+ * Inclusive namespaces list for ExclC14N (xmlSecStringList) is located
+ * after xmlSecTransform structure
+ *
+ *****************************************************************************/
+#define xmlSecTransformC14NSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecPtrList))
+#define xmlSecTransformC14NGetNsList(transform) \
+ ((xmlSecTransformCheckSize((transform), xmlSecTransformC14NSize)) ? \
+ (xmlSecPtrListPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)) : \
+ (xmlSecPtrListPtr)NULL)
+
+#define xmlSecTransformC14NCheckId(transform) \
+ (xmlSecTransformInclC14NCheckId((transform)) || \
+ xmlSecTransformInclC14N11CheckId((transform)) || \
+ xmlSecTransformExclC14NCheckId((transform)) || \
+ xmlSecTransformCheckId((transform), xmlSecTransformRemoveXmlTagsC14NId))
+#define xmlSecTransformInclC14NCheckId(transform) \
+ (xmlSecTransformCheckId((transform), xmlSecTransformInclC14NId) || \
+ xmlSecTransformCheckId((transform), xmlSecTransformInclC14NWithCommentsId))
+#define xmlSecTransformInclC14N11CheckId(transform) \
+ (xmlSecTransformCheckId((transform), xmlSecTransformInclC14N11Id) || \
+ xmlSecTransformCheckId((transform), xmlSecTransformInclC14N11WithCommentsId))
+#define xmlSecTransformExclC14NCheckId(transform) \
+ (xmlSecTransformCheckId((transform), xmlSecTransformExclC14NId) || \
+ xmlSecTransformCheckId((transform), xmlSecTransformExclC14NWithCommentsId) )
+
+
+static int xmlSecTransformC14NInitialize (xmlSecTransformPtr transform);
+static void xmlSecTransformC14NFinalize (xmlSecTransformPtr transform);
+static int xmlSecTransformC14NNodeRead (xmlSecTransformPtr transform,
+ xmlNodePtr node,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecTransformC14NPushXml (xmlSecTransformPtr transform,
+ xmlSecNodeSetPtr nodes,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecTransformC14NPopBin (xmlSecTransformPtr transform,
+ xmlSecByte* data,
+ xmlSecSize maxDataSize,
+ xmlSecSize* dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecTransformC14NExecute (xmlSecTransformId id,
+ xmlSecNodeSetPtr nodes,
+ xmlChar** nsList,
+ xmlOutputBufferPtr buf);
+static int
+xmlSecTransformC14NInitialize(xmlSecTransformPtr transform) {
+ xmlSecPtrListPtr nsList;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformC14NCheckId(transform), -1);
+
+ nsList = xmlSecTransformC14NGetNsList(transform);
+ xmlSecAssert2(nsList != NULL, -1);
+
+ ret = xmlSecPtrListInitialize(nsList, xmlSecStringListId);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecPtrListInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+static void
+xmlSecTransformC14NFinalize(xmlSecTransformPtr transform) {
+ xmlSecPtrListPtr nsList;
+
+ xmlSecAssert(xmlSecTransformC14NCheckId(transform));
+
+ nsList = xmlSecTransformC14NGetNsList(transform);
+ xmlSecAssert(xmlSecPtrListCheckId(nsList, xmlSecStringListId));
+
+ xmlSecPtrListFinalize(nsList);
+}
+
+static int
+xmlSecTransformC14NNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecPtrListPtr nsList;
+ xmlNodePtr cur;
+ xmlChar *list;
+ xmlChar *p, *n, *tmp;
+ int ret;
+
+ /* we have something to read only for exclusive c14n transforms */
+ xmlSecAssert2(xmlSecTransformExclC14NCheckId(transform), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ nsList = xmlSecTransformC14NGetNsList(transform);
+ xmlSecAssert2(xmlSecPtrListCheckId(nsList, xmlSecStringListId), -1);
+ xmlSecAssert2(xmlSecPtrListGetSize(nsList) == 0, -1);
+
+ /* there is only one optional node */
+ cur = xmlSecGetNextElementNode(node->children);
+ if(cur != NULL) {
+ if(!xmlSecCheckNodeName(cur, xmlSecNodeInclusiveNamespaces, xmlSecNsExcC14N)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ list = xmlGetProp(cur, xmlSecAttrPrefixList);
+ if(list == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecAttrPrefixList),
+ XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+
+ /* the list of namespaces is space separated */
+ for(p = n = list; ((p != NULL) && ((*p) != '\0')); p = n) {
+ n = (xmlChar*)xmlStrchr(p, ' ');
+ if(n != NULL) {
+ *(n++) = '\0';
+ }
+
+ tmp = xmlStrdup(p);
+ if(tmp == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_STRDUP_FAILED,
+ "len=%d", xmlStrlen(p));
+ xmlFree(list);
+ return(-1);
+ }
+
+ ret = xmlSecPtrListAdd(nsList, tmp);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(tmp);
+ xmlFree(list);
+ return(-1);
+ }
+ }
+ xmlFree(list);
+
+ /* add NULL at the end */
+ ret = xmlSecPtrListAdd(nsList, NULL);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* check that we have nothing else */
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecTransformC14NPushXml(xmlSecTransformPtr transform, xmlSecNodeSetPtr nodes,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlOutputBufferPtr buf;
+ xmlSecPtrListPtr nsList;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformC14NCheckId(transform), -1);
+ xmlSecAssert2(nodes != NULL, -1);
+ xmlSecAssert2(nodes->doc != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ /* check/update current transform status */
+ switch(transform->status) {
+ case xmlSecTransformStatusNone:
+ transform->status = xmlSecTransformStatusWorking;
+ break;
+ case xmlSecTransformStatusWorking:
+ case xmlSecTransformStatusFinished:
+ return(0);
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+ xmlSecAssert2(transform->status == xmlSecTransformStatusWorking, -1);
+
+ /* prepare output buffer: next transform or ourselves */
+ if(transform->next != NULL) {
+ buf = xmlSecTransformCreateOutputBuffer(transform->next, transformCtx);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecTransformCreateOutputBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else {
+ buf = xmlSecBufferCreateOutputBuffer(&(transform->outBuf));
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferCreateOutputBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ /* we are using a semi-hack here: we know that xmlSecPtrList keeps
+ * all pointers in the big array */
+ nsList = xmlSecTransformC14NGetNsList(transform);
+ xmlSecAssert2(xmlSecPtrListCheckId(nsList, xmlSecStringListId), -1);
+
+ ret = xmlSecTransformC14NExecute(transform->id, nodes, (xmlChar**)(nsList->data), buf);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecTransformC14NExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlOutputBufferClose(buf);
+ return(-1);
+ }
+
+ ret = xmlOutputBufferClose(buf);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlOutputBufferClose",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ return(0);
+}
+
+static int
+xmlSecTransformC14NPopBin(xmlSecTransformPtr transform, xmlSecByte* data,
+ xmlSecSize maxDataSize, xmlSecSize* dataSize,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecPtrListPtr nsList;
+ xmlSecBufferPtr out;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformC14NCheckId(transform), -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(dataSize != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ out = &(transform->outBuf);
+ if(transform->status == xmlSecTransformStatusNone) {
+ xmlOutputBufferPtr buf;
+
+ xmlSecAssert2(transform->inNodes == NULL, -1);
+
+ /* todo: isn't it an error? */
+ if(transform->prev == NULL) {
+ (*dataSize) = 0;
+ transform->status = xmlSecTransformStatusFinished;
+ return(0);
+ }
+
+ /* get xml data from previous transform */
+ ret = xmlSecTransformPopXml(transform->prev, &(transform->inNodes), transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecTransformPopXml",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* dump everything to internal buffer */
+ buf = xmlSecBufferCreateOutputBuffer(out);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferCreateOutputBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* we are using a semi-hack here: we know that xmlSecPtrList keeps
+ * all pointers in the big array */
+ nsList = xmlSecTransformC14NGetNsList(transform);
+ xmlSecAssert2(xmlSecPtrListCheckId(nsList, xmlSecStringListId), -1);
+
+ ret = xmlSecTransformC14NExecute(transform->id, transform->inNodes, (xmlChar**)(nsList->data), buf);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecTransformC14NExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlOutputBufferClose(buf);
+ return(-1);
+ }
+ ret = xmlOutputBufferClose(buf);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlOutputBufferClose",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if(transform->status == xmlSecTransformStatusWorking) {
+ xmlSecSize outSize;
+
+ /* return chunk after chunk */
+ outSize = xmlSecBufferGetSize(out);
+ if(outSize > maxDataSize) {
+ outSize = maxDataSize;
+ }
+ if(outSize > XMLSEC_TRANSFORM_BINARY_CHUNK) {
+ outSize = XMLSEC_TRANSFORM_BINARY_CHUNK;
+ }
+ if(outSize > 0) {
+ xmlSecAssert2(xmlSecBufferGetData(&(transform->outBuf)), -1);
+
+ memcpy(data, xmlSecBufferGetData(&(transform->outBuf)), outSize);
+ ret = xmlSecBufferRemoveHead(&(transform->outBuf), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
+ }
+ } else if(xmlSecBufferGetSize(out) == 0) {
+ transform->status = xmlSecTransformStatusFinished;
+ }
+ (*dataSize) = outSize;
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no output */
+ xmlSecAssert2(xmlSecBufferGetSize(out) == 0, -1);
+ (*dataSize) = 0;
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecTransformC14NExecute(xmlSecTransformId id, xmlSecNodeSetPtr nodes, xmlChar** nsList,
+ xmlOutputBufferPtr buf) {
+ int ret;
+
+ xmlSecAssert2(id != xmlSecTransformIdUnknown, -1);
+ xmlSecAssert2(nodes != NULL, -1);
+ xmlSecAssert2(nodes->doc != NULL, -1);
+ xmlSecAssert2(buf != NULL, -1);
+
+ /* execute c14n transform */
+ if(id == xmlSecTransformInclC14NId) {
+ ret = xmlC14NExecute(nodes->doc,
+ (xmlC14NIsVisibleCallback)xmlSecNodeSetContains,
+ nodes, XML_C14N_1_0, NULL, 0, buf);
+ } else if(id == xmlSecTransformInclC14NWithCommentsId) {
+ ret = xmlC14NExecute(nodes->doc,
+ (xmlC14NIsVisibleCallback)xmlSecNodeSetContains,
+ nodes, XML_C14N_1_0, NULL, 1, buf);
+ } else if(id == xmlSecTransformInclC14N11Id) {
+ ret = xmlC14NExecute(nodes->doc,
+ (xmlC14NIsVisibleCallback)xmlSecNodeSetContains,
+ nodes, XML_C14N_1_1, NULL, 0, buf);
+ } else if(id == xmlSecTransformInclC14N11WithCommentsId) {
+ ret = xmlC14NExecute(nodes->doc,
+ (xmlC14NIsVisibleCallback)xmlSecNodeSetContains,
+ nodes, XML_C14N_1_1, NULL, 1, buf);
+ } else if(id == xmlSecTransformExclC14NId) {
+ ret = xmlC14NExecute(nodes->doc,
+ (xmlC14NIsVisibleCallback)xmlSecNodeSetContains,
+ nodes, XML_C14N_EXCLUSIVE_1_0, nsList, 0, buf);
+ } else if(id == xmlSecTransformExclC14NWithCommentsId) {
+ ret = xmlC14NExecute(nodes->doc,
+ (xmlC14NIsVisibleCallback)xmlSecNodeSetContains,
+ nodes, XML_C14N_EXCLUSIVE_1_0, nsList, 1, buf);
+ } else if(id == xmlSecTransformRemoveXmlTagsC14NId) {
+ ret = xmlSecNodeSetDumpTextNodes(nodes, buf);
+ } else {
+ /* shoudn't be possible to come here, actually */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(id)),
+ "xmlC14NExecute",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/***************************************************************************
+ *
+ * C14N
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecTransformInclC14NKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecTransformC14NSize, /* xmlSecSize objSize */
+
+ xmlSecNameC14N, /* const xmlChar* name; */
+ xmlSecHrefC14N, /* const xmlChar* href; */
+ xmlSecTransformUsageC14NMethod | xmlSecTransformUsageDSigTransform,
+ /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecTransformC14NInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecTransformC14NFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ NULL, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformC14NPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ xmlSecTransformC14NPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ NULL, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecTransformInclC14NGetKlass:
+ *
+ * Inclusive (regular) canonicalization that omits comments transform klass
+ * (http://www.w3.org/TR/xmldsig-core/#sec-c14nAlg and
+ * http://www.w3.org/TR/2001/REC-xml-c14n-20010315).
+ *
+ * Returns: c14n transform id.
+ */
+xmlSecTransformId
+xmlSecTransformInclC14NGetKlass(void) {
+ return(&xmlSecTransformInclC14NKlass);
+}
+
+/***************************************************************************
+ *
+ * C14N With Comments
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecTransformInclC14NWithCommentsKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecTransformC14NSize, /* xmlSecSize objSize */
+
+ /* same as xmlSecTransformId */
+ xmlSecNameC14NWithComments, /* const xmlChar* name; */
+ xmlSecHrefC14NWithComments, /* const xmlChar* href; */
+ xmlSecTransformUsageC14NMethod | xmlSecTransformUsageDSigTransform,
+ /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecTransformC14NInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecTransformC14NFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod read; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ NULL, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformC14NPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ xmlSecTransformC14NPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ NULL, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecTransformInclC14NWithCommentsGetKlass:
+ *
+ * Inclusive (regular) canonicalization that includes comments transform klass
+ * (http://www.w3.org/TR/xmldsig-core/#sec-c14nAlg and
+ * http://www.w3.org/TR/2001/REC-xml-c14n-20010315).
+ *
+ * Returns: c14n with comments transform id.
+ */
+xmlSecTransformId
+xmlSecTransformInclC14NWithCommentsGetKlass(void) {
+ return(&xmlSecTransformInclC14NWithCommentsKlass);
+}
+
+/***************************************************************************
+ *
+ * C14N v1.1
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecTransformInclC14N11Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecTransformC14NSize, /* xmlSecSize objSize */
+
+ xmlSecNameC14N11, /* const xmlChar* name; */
+ xmlSecHrefC14N11, /* const xmlChar* href; */
+ xmlSecTransformUsageC14NMethod | xmlSecTransformUsageDSigTransform,
+ /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecTransformC14NInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecTransformC14NFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ NULL, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformC14NPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ xmlSecTransformC14NPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ NULL, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecTransformInclC14N11GetKlass:
+ *
+ * C14N version 1.1 (http://www.w3.org/TR/xml-c14n11)
+ *
+ * Returns: c14n v1.1 transform id.
+ */
+xmlSecTransformId
+xmlSecTransformInclC14N11GetKlass(void) {
+ return(&xmlSecTransformInclC14N11Klass);
+}
+
+/***************************************************************************
+ *
+ * C14N v1.1 With Comments
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecTransformInclC14N11WithCommentsKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecTransformC14NSize, /* xmlSecSize objSize */
+
+ /* same as xmlSecTransformId */
+ xmlSecNameC14N11WithComments, /* const xmlChar* name; */
+ xmlSecHrefC14N11WithComments, /* const xmlChar* href; */
+ xmlSecTransformUsageC14NMethod | xmlSecTransformUsageDSigTransform,
+ /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecTransformC14NInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecTransformC14NFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod read; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ NULL, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformC14NPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ xmlSecTransformC14NPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ NULL, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecTransformInclC14N11WithCommentsGetKlass:
+ *
+ * C14N version 1.1 (http://www.w3.org/TR/xml-c14n11) with comments
+ *
+ * Returns: c14n v1.1 with comments transform id.
+ */
+xmlSecTransformId
+xmlSecTransformInclC14N11WithCommentsGetKlass(void) {
+ return(&xmlSecTransformInclC14N11WithCommentsKlass);
+}
+
+
+/***************************************************************************
+ *
+ * Excl C14N
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecTransformExclC14NKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecTransformC14NSize, /* xmlSecSize objSize */
+
+ xmlSecNameExcC14N, /* const xmlChar* name; */
+ xmlSecHrefExcC14N, /* const xmlChar* href; */
+ xmlSecTransformUsageC14NMethod | xmlSecTransformUsageDSigTransform,
+ /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecTransformC14NInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecTransformC14NFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecTransformC14NNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ NULL, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformC14NPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ xmlSecTransformC14NPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ NULL, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecTransformExclC14NGetKlass:
+ *
+ * Exclusive canoncicalization that ommits comments transform klass
+ * (http://www.w3.org/TR/xml-exc-c14n/).
+ *
+ * Returns: exclusive c14n transform id.
+ */
+xmlSecTransformId
+xmlSecTransformExclC14NGetKlass(void) {
+ return(&xmlSecTransformExclC14NKlass);
+}
+
+/***************************************************************************
+ *
+ * Excl C14N With Comments
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecTransformExclC14NWithCommentsKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecTransformC14NSize, /* xmlSecSize objSize */
+
+ xmlSecNameExcC14NWithComments, /* const xmlChar* name; */
+ xmlSecHrefExcC14NWithComments, /* const xmlChar* href; */
+ xmlSecTransformUsageC14NMethod | xmlSecTransformUsageDSigTransform,
+ /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecTransformC14NInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecTransformC14NFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecTransformC14NNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ NULL, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformC14NPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ xmlSecTransformC14NPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ NULL, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecTransformExclC14NWithCommentsGetKlass:
+ *
+ * Exclusive canoncicalization that includes comments transform klass
+ * (http://www.w3.org/TR/xml-exc-c14n/).
+ *
+ * Returns: exclusive c14n with comments transform id.
+ */
+xmlSecTransformId
+xmlSecTransformExclC14NWithCommentsGetKlass(void) {
+ return(&xmlSecTransformExclC14NWithCommentsKlass);
+}
+
+/***************************************************************************
+ *
+ * Remove XML tags C14N
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecTransformRemoveXmlTagsC14NKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecTransformC14NSize, /* xmlSecSize objSize */
+
+ BAD_CAST "remove-xml-tags-transform", /* const xmlChar* name; */
+ NULL, /* const xmlChar* href; */
+ xmlSecTransformUsageC14NMethod | xmlSecTransformUsageDSigTransform,
+ /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecTransformC14NInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecTransformC14NFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ NULL, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformC14NPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ xmlSecTransformC14NPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ NULL, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecTransformRemoveXmlTagsC14NGetKlass:
+ *
+ * The "remove xml tags" transform klass (http://www.w3.org/TR/xmldsig-core/#sec-Base-64):
+ * Base64 transform requires an octet stream for input. If an XPath node-set
+ * (or sufficiently functional alternative) is given as input, then it is
+ * converted to an octet stream by performing operations logically equivalent
+ * to 1) applying an XPath transform with expression self::text(), then 2)
+ * taking the string-value of the node-set. Thus, if an XML element is
+ * identified by a barename XPointer in the Reference URI, and its content
+ * consists solely of base64 encoded character data, then this transform
+ * automatically strips away the start and end tags of the identified element
+ * and any of its descendant elements as well as any descendant comments and
+ * processing instructions. The output of this transform is an octet stream.
+ *
+ * Returns: "remove xml tags" transform id.
+ */
+xmlSecTransformId
+xmlSecTransformRemoveXmlTagsC14NGetKlass(void) {
+ return(&xmlSecTransformRemoveXmlTagsC14NKlass);
+}
+
diff --git a/src/dl.c b/src/dl.c
new file mode 100644
index 00000000..6e8a56a6
--- /dev/null
+++ b/src/dl.c
@@ -0,0 +1,994 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <string.h>
+#include <time.h>
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/app.h>
+#include <xmlsec/list.h>
+#include <xmlsec/keysdata.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/private.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/errors.h>
+#include <xmlsec/dl.h>
+
+#ifndef XMLSEC_NO_CRYPTO_DYNAMIC_LOADING
+
+
+#ifdef XMLSEC_DL_LIBLTDL
+#include <ltdl.h>
+#endif /* XMLSEC_DL_LIBLTDL */
+
+#ifdef XMLSEC_DL_WIN32
+#include <windows.h>
+#endif /* XMLSEC_DL_WIN32 */
+
+/***********************************************************************
+ *
+ * loaded libraries list
+ *
+ **********************************************************************/
+typedef struct _xmlSecCryptoDLLibrary xmlSecCryptoDLLibrary,
+ *xmlSecCryptoDLLibraryPtr;
+struct _xmlSecCryptoDLLibrary {
+ xmlChar* name;
+ xmlChar* filename;
+ xmlChar* getFunctionsName;
+ xmlSecCryptoDLFunctionsPtr functions;
+
+#ifdef XMLSEC_DL_LIBLTDL
+ lt_dlhandle handle;
+#endif /* XMLSEC_DL_LIBLTDL */
+
+#ifdef XMLSEC_DL_WIN32
+ HINSTANCE handle;
+#endif /* XMLSEC_DL_WIN32 */
+};
+
+static xmlSecCryptoDLLibraryPtr xmlSecCryptoDLLibraryCreate (const xmlChar* name);
+static void xmlSecCryptoDLLibraryDestroy (xmlSecCryptoDLLibraryPtr lib);
+static xmlSecCryptoDLLibraryPtr xmlSecCryptoDLLibraryDuplicate (xmlSecCryptoDLLibraryPtr lib);
+static xmlChar* xmlSecCryptoDLLibraryConstructFilename (const xmlChar* name);
+static xmlChar* xmlSecCryptoDLLibraryConstructGetFunctionsName(const xmlChar* name);
+
+
+static xmlSecPtrListKlass xmlSecCryptoDLLibrariesListKlass = {
+ BAD_CAST "dl-libraries-list",
+ (xmlSecPtrDuplicateItemMethod)xmlSecCryptoDLLibraryDuplicate,/* xmlSecPtrDuplicateItemMethod duplicateItem; */
+ (xmlSecPtrDestroyItemMethod)xmlSecCryptoDLLibraryDestroy, /* xmlSecPtrDestroyItemMethod destroyItem; */
+ NULL, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
+ NULL, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
+};
+static xmlSecPtrListId xmlSecCryptoDLLibrariesListGetKlass (void);
+static int xmlSecCryptoDLLibrariesListFindByName (xmlSecPtrListPtr list,
+ const xmlChar* name);
+
+typedef xmlSecCryptoDLFunctionsPtr xmlSecCryptoGetFunctionsCallback(void);
+
+/* conversion from ptr to func "the right way" */
+XMLSEC_PTR_TO_FUNC_IMPL(xmlSecCryptoGetFunctionsCallback)
+
+
+static xmlSecCryptoDLLibraryPtr
+xmlSecCryptoDLLibraryCreate(const xmlChar* name) {
+ xmlSecCryptoDLLibraryPtr lib;
+ xmlSecCryptoGetFunctionsCallback * getFunctions;
+
+ xmlSecAssert2(name != NULL, NULL);
+
+ /* fprintf (stderr, "loading \"library %s\"...\n", name); */
+
+ /* Allocate a new xmlSecCryptoDLLibrary and fill the fields. */
+ lib = (xmlSecCryptoDLLibraryPtr)xmlMalloc(sizeof(xmlSecCryptoDLLibrary));
+ if(lib == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", sizeof(lib));
+ return(NULL);
+ }
+ memset(lib, 0, sizeof(xmlSecCryptoDLLibrary));
+
+ lib->name = xmlStrdup(name);
+ if(lib->name == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "xmlStrdup",
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecCryptoDLLibraryDestroy(lib);
+ return(NULL);
+ }
+
+ lib->filename = xmlSecCryptoDLLibraryConstructFilename(name);
+ if(lib->filename == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "xmlSecCryptoDLLibraryConstructFilename",
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecCryptoDLLibraryDestroy(lib);
+ return(NULL);
+ }
+
+ lib->getFunctionsName = xmlSecCryptoDLLibraryConstructGetFunctionsName(name);
+ if(lib->getFunctionsName == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "xmlSecCryptoDLLibraryConstructGetFunctionsName",
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecCryptoDLLibraryDestroy(lib);
+ return(NULL);
+ }
+
+#ifdef XMLSEC_DL_LIBLTDL
+ lib->handle = lt_dlopenext((char*)lib->filename);
+ if(lib->handle == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "lt_dlopenext",
+ NULL,
+ XMLSEC_ERRORS_R_IO_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(lib->filename));
+ xmlSecCryptoDLLibraryDestroy(lib);
+ return(NULL);
+ }
+
+ getFunctions = XMLSEC_PTR_TO_FUNC(xmlSecCryptoGetFunctionsCallback,
+ lt_dlsym(lib->handle, (char*)lib->getFunctionsName)
+ );
+ if(getFunctions == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "lt_dlsym",
+ NULL,
+ XMLSEC_ERRORS_R_IO_FAILED,
+ "function=%s",
+ xmlSecErrorsSafeString(lib->getFunctionsName));
+ xmlSecCryptoDLLibraryDestroy(lib);
+ return(NULL);
+ }
+#endif /* XMLSEC_DL_LIBLTDL */
+
+#ifdef XMLSEC_DL_WIN32
+ lib->handle = LoadLibraryA((char*)lib->filename);
+ if(lib->handle == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "LoadLibraryA",
+ NULL,
+ XMLSEC_ERRORS_R_IO_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(lib->filename));
+ xmlSecCryptoDLLibraryDestroy(lib);
+ return(NULL);
+ }
+
+ getFunctions = XMLSEC_PTR_TO_FUNC(xmlSecCryptoGetFunctionsCallback,
+ GetProcAddress(
+ lib->handle,
+ (const char*)lib->getFunctionsName
+ )
+ );
+ if(getFunctions == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "GetProcAddressA",
+ NULL,
+ XMLSEC_ERRORS_R_IO_FAILED,
+ "function=%s",
+ xmlSecErrorsSafeString(lib->getFunctionsName));
+ xmlSecCryptoDLLibraryDestroy(lib);
+ return(NULL);
+ }
+#endif /* XMLSEC_DL_WIN32 */
+
+ if(getFunctions == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "invalid configuration: no way to load library");
+ xmlSecCryptoDLLibraryDestroy(lib);
+ return(NULL);
+ }
+
+ lib->functions = getFunctions();
+ if(lib->functions == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "getFunctions",
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecCryptoDLLibraryDestroy(lib);
+ return(NULL);
+ }
+
+ /* fprintf (stderr, "library %s loaded\n", name); */
+ return(lib);
+}
+
+static void
+xmlSecCryptoDLLibraryDestroy(xmlSecCryptoDLLibraryPtr lib) {
+ xmlSecAssert(lib != NULL);
+
+ /* fprintf (stderr, "unloading \"library %s\"...\n", lib->name); */
+ if(lib->name != NULL) {
+ xmlFree(lib->name);
+ }
+
+ if(lib->filename != NULL) {
+ xmlFree(lib->filename);
+ }
+
+ if(lib->getFunctionsName != NULL) {
+ xmlFree(lib->getFunctionsName);
+ }
+
+#ifdef XMLSEC_DL_LIBLTDL
+ if(lib->handle != NULL) {
+ int ret;
+
+ ret = lt_dlclose(lib->handle);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "lt_dlclose",
+ NULL,
+ XMLSEC_ERRORS_R_IO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ }
+ }
+#endif /* XMLSEC_DL_LIBLTDL */
+
+#ifdef XMLSEC_DL_WIN32
+ if(lib->handle != NULL) {
+ BOOL res;
+
+ res = FreeLibrary(lib->handle);
+ if(!res) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "FreeLibrary",
+ NULL,
+ XMLSEC_ERRORS_R_IO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ }
+ }
+#endif /* XMLSEC_DL_WIN32*/
+
+ memset(lib, 0, sizeof(xmlSecCryptoDLLibrary));
+ xmlFree(lib);
+}
+
+static xmlSecCryptoDLLibraryPtr
+xmlSecCryptoDLLibraryDuplicate(xmlSecCryptoDLLibraryPtr lib) {
+ xmlSecAssert2(lib != NULL, NULL);
+ xmlSecAssert2(lib->name != NULL, NULL);
+
+ return(xmlSecCryptoDLLibraryCreate(lib->name));
+}
+
+static xmlChar*
+xmlSecCryptoDLLibraryConstructFilename(const xmlChar* name) {
+ static xmlChar tmpl[] = "lib%s-%s";
+ xmlChar* res;
+ int len;
+
+ xmlSecAssert2(name != NULL, NULL);
+
+ /* TODO */
+ len = xmlStrlen(BAD_CAST PACKAGE) + xmlStrlen(name) + xmlStrlen(tmpl) + 1;
+ res = (xmlChar*)xmlMalloc(len + 1);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", len + 1);
+ return(NULL);
+ }
+ xmlSecStrPrintf(res, len, tmpl, PACKAGE, name);
+
+ return(res);
+}
+
+static xmlChar*
+xmlSecCryptoDLLibraryConstructGetFunctionsName(const xmlChar* name) {
+ static xmlChar tmpl[] = "xmlSecCryptoGetFunctions_%s";
+ xmlChar* res;
+ int len;
+
+ xmlSecAssert2(name != NULL, NULL);
+
+ len = xmlStrlen(name) + xmlStrlen(tmpl) + 1;
+ res = (xmlChar*)xmlMalloc(len + 1);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", len + 1);
+ return(NULL);
+ }
+ xmlSecStrPrintf(res, len, tmpl, name);
+
+ return(res);
+}
+
+static xmlSecPtrListId
+xmlSecCryptoDLLibrariesListGetKlass(void) {
+ return(&xmlSecCryptoDLLibrariesListKlass);
+}
+
+static int
+xmlSecCryptoDLLibrariesListFindByName(xmlSecPtrListPtr list, const xmlChar* name) {
+ xmlSecSize i, size;
+ xmlSecCryptoDLLibraryPtr lib;
+
+ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecCryptoDLLibrariesListGetKlass()), -1);
+ xmlSecAssert2(name != NULL, -1);
+
+ size = xmlSecPtrListGetSize(list);
+ for(i = 0; i < size; ++i) {
+ lib = (xmlSecCryptoDLLibraryPtr)xmlSecPtrListGetItem(list, i);
+ if((lib != NULL) && (lib->name != NULL) && (xmlStrcmp(lib->name, name) == 0)) {
+ return(i);
+ }
+ }
+ return(-1);
+}
+
+/******************************************************************************
+ *
+ * Dynamic load functions
+ *
+ *****************************************************************************/
+static xmlSecCryptoDLFunctionsPtr gXmlSecCryptoDLFunctions = NULL;
+static xmlSecPtrList gXmlSecCryptoDLLibraries;
+
+/**
+ * xmlSecCryptoDLInit:
+ *
+ * Initializes dynamic loading engine. This is an internal function
+ * and should not be called by application directly.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecCryptoDLInit(void) {
+ int ret;
+
+ ret = xmlSecPtrListInitialize(&gXmlSecCryptoDLLibraries, xmlSecCryptoDLLibrariesListGetKlass());
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListPtrInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecCryptoDLLibrariesListGetKlass");
+ return(-1);
+ }
+
+#ifdef XMLSEC_DL_LIBLTDL
+ ret = lt_dlinit ();
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "lt_dlinit",
+ XMLSEC_ERRORS_R_IO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+#endif /* XMLSEC_DL_LIBLTDL */
+
+ return(0);
+}
+
+
+/**
+ * xmlSecCryptoDLShutdown:
+ *
+ * Shutdowns dynamic loading engine. This is an internal function
+ * and should not be called by application directly.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecCryptoDLShutdown(void) {
+ int ret;
+
+ xmlSecPtrListFinalize(&gXmlSecCryptoDLLibraries);
+
+#ifdef XMLSEC_DL_LIBLTDL
+ ret = lt_dlexit ();
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "lt_dlexit",
+ XMLSEC_ERRORS_R_IO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ }
+#endif /* XMLSEC_DL_LIBLTDL */
+
+ return(0);
+}
+
+/**
+ * xmlSecCryptoDLLoadLibrary:
+ * @crypto: the desired crypto library name ("openssl", "nss", ...).
+ *
+ * Loads the xmlsec-<crypto> library. This function is NOT thread safe,
+ * application MUST NOT call #xmlSecCryptoDLLoadLibrary, #xmlSecCryptoDLGetLibraryFunctions,
+ * and #xmlSecCryptoDLUnloadLibrary functions from multiple threads.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecCryptoDLLoadLibrary(const xmlChar* crypto) {
+ xmlSecCryptoDLFunctionsPtr functions;
+ int ret;
+
+ xmlSecAssert2(crypto != NULL, -1);
+
+ functions = xmlSecCryptoDLGetLibraryFunctions(crypto);
+ if(functions == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCryptoDLGetLibraryFunctions",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecCryptoDLSetFunctions(functions);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCryptoDLSetFunctions",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+/**
+ * xmlSecCryptoDLGetLibraryFunctions:
+ * @crypto: the desired crypto library name ("openssl", "nss", ...).
+ *
+ * Loads the xmlsec-<crypto> library and gets global crypto functions/transforms/keys data/keys store
+ * table. This function is NOT thread safe, application MUST NOT call #xmlSecCryptoDLLoadLibrary,
+ * #xmlSecCryptoDLGetLibraryFunctions, and #xmlSecCryptoDLUnloadLibrary functions from multiple threads.
+ *
+ * Returns: the table or NULL if an error occurs.
+ */
+xmlSecCryptoDLFunctionsPtr
+xmlSecCryptoDLGetLibraryFunctions(const xmlChar* crypto) {
+ xmlSecCryptoDLLibraryPtr lib;
+ int pos;
+ int ret;
+
+ xmlSecAssert2(crypto != NULL, NULL);
+
+ pos = xmlSecCryptoDLLibrariesListFindByName(&gXmlSecCryptoDLLibraries, crypto);
+ if(pos >= 0) {
+ lib = (xmlSecCryptoDLLibraryPtr)xmlSecPtrListGetItem(&gXmlSecCryptoDLLibraries, pos);
+ xmlSecAssert2(lib != NULL, NULL);
+ xmlSecAssert2(lib->functions != NULL, NULL);
+
+ return(lib->functions);
+ }
+
+ lib = xmlSecCryptoDLLibraryCreate(crypto);
+ if(lib == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCryptoDLLibraryCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "crypto=%s",
+ xmlSecErrorsSafeString(crypto));
+ return(NULL);
+ }
+
+ ret = xmlSecPtrListAdd(&gXmlSecCryptoDLLibraries, lib);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "crypto=%s",
+ xmlSecErrorsSafeString(crypto));
+ xmlSecCryptoDLLibraryDestroy(lib);
+ return(NULL);
+ }
+
+ return(lib->functions);
+}
+
+/**
+ * xmlSecCryptoDLUnloadLibrary:
+ * @crypto: the desired crypto library name ("openssl", "nss", ...).
+ *
+ * Unloads the xmlsec-<crypto> library. All pointers to this library
+ * functions tables became invalid. This function is NOT thread safe,
+ * application MUST NOT call #xmlSecCryptoDLLoadLibrary, #xmlSecCryptoDLGetLibraryFunctions,
+ * and #xmlSecCryptoDLUnloadLibrary functions from multiple threads.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecCryptoDLUnloadLibrary(const xmlChar* crypto) {
+ xmlSecCryptoDLLibraryPtr lib;
+ int pos;
+ int ret;
+
+ xmlSecAssert2(crypto != NULL, -1);
+
+ pos = xmlSecCryptoDLLibrariesListFindByName(&gXmlSecCryptoDLLibraries, crypto);
+ if(pos < 0) {
+ /* todo: is it an error? */
+ return(0);
+ }
+
+ lib = (xmlSecCryptoDLLibraryPtr)xmlSecPtrListGetItem(&gXmlSecCryptoDLLibraries, pos);
+ if((lib != NULL) && (lib->functions == gXmlSecCryptoDLFunctions)) {
+ gXmlSecCryptoDLFunctions = NULL;
+ }
+
+ ret = xmlSecPtrListRemove(&gXmlSecCryptoDLLibraries, pos);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListRemove",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecCryptoDLSetFunctions:
+ * @functions: the new table
+ *
+ * Sets global crypto functions/transforms/keys data/keys store table.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecCryptoDLSetFunctions(xmlSecCryptoDLFunctionsPtr functions) {
+ xmlSecAssert2(functions != NULL, -1);
+
+ gXmlSecCryptoDLFunctions = functions;
+
+ return(0);
+}
+
+/**
+ * xmlSecCryptoDLGetFunctions:
+ *
+ * Gets global crypto functions/transforms/keys data/keys store table.
+ *
+ * Returns: the table.
+ */
+xmlSecCryptoDLFunctionsPtr
+xmlSecCryptoDLGetFunctions(void) {
+ return(gXmlSecCryptoDLFunctions);
+}
+
+#endif /* XMLSEC_NO_CRYPTO_DYNAMIC_LOADING */
+
+/**
+ * xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms:
+ * @functions: the functions table.
+ *
+ * Registers the key data and transforms klasses from @functions table in xmlsec.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(struct _xmlSecCryptoDLFunctions* functions) {
+ xmlSecAssert2(functions != NULL, -1);
+
+ /****************************************************************************
+ *
+ * Register keys
+ *
+ ****************************************************************************/
+ if((functions->keyDataAesGetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataAesGetKlass()) < 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataAesGetKlass())),
+ "xmlSecKeyDataIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ if((functions->keyDataDesGetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataDesGetKlass()) < 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataDesGetKlass())),
+ "xmlSecKeyDataIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ if((functions->keyDataDsaGetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataDsaGetKlass()) < 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataDsaGetKlass())),
+ "xmlSecKeyDataIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ if((functions->keyDataGost2001GetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataGost2001GetKlass()) < 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataGost2001GetKlass())),
+ "xmlSecKeyDataIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ if((functions->keyDataHmacGetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataHmacGetKlass()) < 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataHmacGetKlass())),
+ "xmlSecKeyDataIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ if((functions->keyDataRsaGetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataRsaGetKlass()) < 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataRsaGetKlass())),
+ "xmlSecKeyDataIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ if((functions->keyDataX509GetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataX509GetKlass()) < 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataX509GetKlass())),
+ "xmlSecKeyDataIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ if((functions->keyDataRawX509CertGetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataRawX509CertGetKlass()) < 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataRawX509CertGetKlass())),
+ "xmlSecKeyDataIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+
+ /****************************************************************************
+ *
+ * Register transforms
+ *
+ ****************************************************************************/
+ if((functions->transformAes128CbcGetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformAes128CbcGetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformAes128CbcGetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformAes192CbcGetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformAes192CbcGetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformAes192CbcGetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformAes256CbcGetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformAes256CbcGetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformAes256CbcGetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformKWAes128GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformKWAes128GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformKWAes128GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformKWAes192GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformKWAes192GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformKWAes192GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformKWAes256GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformKWAes256GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformKWAes256GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformDes3CbcGetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformDes3CbcGetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformDes3CbcGetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformKWDes3GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformKWDes3GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformKWDes3GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformGost2001GostR3411_94GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformGost2001GostR3411_94GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformGost2001GostR3411_94GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformDsaSha1GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformDsaSha1GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformDsaSha1GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformHmacMd5GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformHmacMd5GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformHmacMd5GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformHmacRipemd160GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformHmacRipemd160GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformHmacRipemd160GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformHmacSha1GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformHmacSha1GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformHmacSha1GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformHmacSha224GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformHmacSha224GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformHmacSha224GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformHmacSha256GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformHmacSha256GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformHmacSha256GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformHmacSha384GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformHmacSha384GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformHmacSha384GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformHmacSha512GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformHmacSha512GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformHmacSha512GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformMd5GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformMd5GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformMd5GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformRipemd160GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformRipemd160GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRipemd160GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformRsaMd5GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformRsaMd5GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaMd5GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformRsaRipemd160GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformRsaRipemd160GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaRipemd160GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformRsaSha1GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformRsaSha1GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaSha1GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformRsaSha224GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformRsaSha224GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaSha224GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformRsaSha256GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformRsaSha256GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaSha256GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformRsaSha384GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformRsaSha384GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaSha384GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformRsaSha512GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformRsaSha512GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaSha512GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformRsaPkcs1GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformRsaPkcs1GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaPkcs1GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformRsaOaepGetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformRsaOaepGetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaOaepGetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformGostR3411_94GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformGostR3411_94GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformGostR3411_94GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformSha1GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformSha1GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformSha1GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformSha224GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformSha224GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformSha224GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformSha256GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformSha256GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformSha256GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformSha384GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformSha384GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformSha384GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((functions->transformSha512GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformSha512GetKlass()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformSha512GetKlass())),
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* done */
+ return(0);
+}
+
+
diff --git a/src/enveloped.c b/src/enveloped.c
new file mode 100644
index 00000000..8047d318
--- /dev/null
+++ b/src/enveloped.c
@@ -0,0 +1,152 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Enveloped transform.
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <libxml/tree.h>
+#include <libxml/xpath.h>
+#include <libxml/xpathInternals.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+/**************************************************************************
+ *
+ * Enveloped transform
+ *
+ *************************************************************************/
+static int xmlSecTransformEnvelopedExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+
+
+static xmlSecTransformKlass xmlSecTransformEnvelopedKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ sizeof(xmlSecTransform), /* xmlSecSize objSize */
+
+ xmlSecNameEnveloped, /* const xmlChar* name; */
+ xmlSecHrefEnveloped, /* const xmlChar* href; */
+ xmlSecTransformUsageDSigTransform, /* xmlSecTransformUsage usage; */
+
+ NULL, /* xmlSecTransformInitializeMethod initialize; */
+ NULL, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ NULL, /* xmlSecTransformPushBinMethod pushBin; */
+ NULL, /* xmlSecTransformPopBinMethod popBin; */
+ xmlSecTransformDefaultPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
+ xmlSecTransformDefaultPopXml, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecTransformEnvelopedExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecTransformEnvelopedGetKlass:
+ *
+ * The enveloped transform klass (http://www.w3.org/TR/xmldsig-core/#sec-EnvelopedSignature):
+ *
+ * An enveloped signature transform T removes the whole Signature element
+ * containing T from the digest calculation of the Reference element
+ * containing T. The entire string of characters used by an XML processor
+ * to match the Signature with the XML production element is removed.
+ * The output of the transform is equivalent to the output that would
+ * result from replacing T with an XPath transform containing the following
+ * XPath parameter element:
+ *
+ * <XPath xmlns:dsig="&dsig;">
+ * count(ancestor-or-self::dsig:Signature |
+ * here()/ancestor::dsig:Signature[1]) >
+ * count(ancestor-or-self::dsig:Signature)</XPath>
+ *
+ * The input and output requirements of this transform are identical to
+ * those of the XPath transform, but may only be applied to a node-set from
+ * its parent XML document. Note that it is not necessary to use an XPath
+ * expression evaluator to create this transform. However, this transform
+ * MUST produce output in exactly the same manner as the XPath transform
+ * parameterized by the XPath expression above.
+ *
+ * Returns: enveloped transform id.
+ */
+xmlSecTransformId
+xmlSecTransformEnvelopedGetKlass(void) {
+ return(&xmlSecTransformEnvelopedKlass);
+}
+
+static int
+xmlSecTransformEnvelopedExecute(xmlSecTransformPtr transform, int last,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlNodePtr node;
+ xmlSecNodeSetPtr children;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformEnvelopedId), -1);
+ xmlSecAssert2(transform->hereNode != NULL, -1);
+ xmlSecAssert2(transform->outNodes == NULL, -1);
+ xmlSecAssert2(last != 0, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ if((transform->inNodes != NULL) && (transform->inNodes->doc != transform->hereNode->doc)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_TRANSFORM_SAME_DOCUMENT_REQUIRED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* find signature node and get all its children in the nodes set */
+ node = xmlSecFindParent(transform->hereNode, xmlSecNodeSignature, xmlSecDSigNs);
+ if(node == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeSignature),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ children = xmlSecNodeSetGetChildren(node->doc, node, 1, 1);
+ if(children == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecNodeSetGetChildren",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
+ return(-1);
+ }
+
+ /* intersect <dsig:Signature/> node children with input nodes (if exist) */
+ transform->outNodes = xmlSecNodeSetAdd(transform->inNodes, children, xmlSecNodeSetIntersection);
+ if(transform->outNodes == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecNodeSetAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecNodeSetDestroy(children);
+ return(-1);
+ }
+
+ return(0);
+}
+
diff --git a/src/errors.c b/src/errors.c
new file mode 100644
index 00000000..c9886d36
--- /dev/null
+++ b/src/errors.c
@@ -0,0 +1,242 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Error codes and error reporting functions.
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <time.h>
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/private.h>
+#include <xmlsec/errors.h>
+
+#define XMLSEC_ERRORS_BUFFER_SIZE 1024
+
+typedef struct _xmlSecErrorDescription xmlSecErrorDescription, *xmlSecErrorDescriptionPtr;
+struct _xmlSecErrorDescription {
+ int errorCode;
+ const char* errorMsg;
+};
+
+static xmlSecErrorDescription xmlSecErrorsTable[XMLSEC_ERRORS_MAX_NUMBER + 1] = {
+ { XMLSEC_ERRORS_R_XMLSEC_FAILED, "xmlsec library function failed" },
+ { XMLSEC_ERRORS_R_MALLOC_FAILED, "malloc function failed" },
+ { XMLSEC_ERRORS_R_STRDUP_FAILED, "strdup function failed" },
+ { XMLSEC_ERRORS_R_CRYPTO_FAILED, "crypto library function failed" },
+ { XMLSEC_ERRORS_R_XML_FAILED, "libxml2 library function failed" },
+ { XMLSEC_ERRORS_R_XSLT_FAILED, "libxslt library function failed" },
+ { XMLSEC_ERRORS_R_IO_FAILED, "io function failed" },
+ { XMLSEC_ERRORS_R_DISABLED, "feature is disabled" },
+ { XMLSEC_ERRORS_R_NOT_IMPLEMENTED, "feature is not implemented" },
+ { XMLSEC_ERRORS_R_INVALID_SIZE, "invalid size" },
+ { XMLSEC_ERRORS_R_INVALID_DATA, "invalid data" },
+ { XMLSEC_ERRORS_R_INVALID_RESULT, "invalid result" },
+ { XMLSEC_ERRORS_R_INVALID_TYPE, "invalid type" },
+ { XMLSEC_ERRORS_R_INVALID_OPERATION, "invalid operation" },
+ { XMLSEC_ERRORS_R_INVALID_STATUS, "invalid status" },
+ { XMLSEC_ERRORS_R_INVALID_FORMAT, "invalid format" },
+ { XMLSEC_ERRORS_R_DATA_NOT_MATCH, "data do not match" },
+ { XMLSEC_ERRORS_R_INVALID_NODE, "invalid node" },
+ { XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, "invalid node content" },
+ { XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, "invalid node attribute" },
+ { XMLSEC_ERRORS_R_MISSING_NODE_ATTRIBUTE, "missing node attribute" },
+ { XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT, "node already present" },
+ { XMLSEC_ERRORS_R_UNEXPECTED_NODE, "unexpected node" },
+ { XMLSEC_ERRORS_R_NODE_NOT_FOUND, "node node found" },
+ { XMLSEC_ERRORS_R_INVALID_TRANSFORM, "invalid transform" },
+ { XMLSEC_ERRORS_R_INVALID_TRANSFORM_KEY, "invalid transform key" },
+ { XMLSEC_ERRORS_R_INVALID_URI_TYPE, "invalid URI type" },
+ { XMLSEC_ERRORS_R_TRANSFORM_SAME_DOCUMENT_REQUIRED, "same document is required for transform" },
+ { XMLSEC_ERRORS_R_TRANSFORM_DISABLED, "transform is disabled" },
+ { XMLSEC_ERRORS_R_INVALID_KEY_DATA, "invalid key data" },
+ { XMLSEC_ERRORS_R_KEY_DATA_NOT_FOUND, "key data is not found" },
+ { XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST, "key data already exist" },
+ { XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, "invalid key data size" },
+ { XMLSEC_ERRORS_R_KEY_NOT_FOUND, "key is not found" },
+ { XMLSEC_ERRORS_R_KEYDATA_DISABLED, "key data is disabled" },
+ { XMLSEC_ERRORS_R_MAX_RETRIEVALS_LEVEL, "maximum key retrieval level" },
+ { XMLSEC_ERRORS_R_MAX_RETRIEVAL_TYPE_MISMATCH,"key retrieval type mismatch" },
+ { XMLSEC_ERRORS_R_MAX_ENCKEY_LEVEL, "maximum encrypted key level" },
+ { XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, "certificate verification failed" },
+ { XMLSEC_ERRORS_R_CERT_NOT_FOUND, "certificate is not found" },
+ { XMLSEC_ERRORS_R_CERT_REVOKED, "certificate is revoked" },
+ { XMLSEC_ERRORS_R_CERT_ISSUER_FAILED, "certificate issuer check failed" },
+ { XMLSEC_ERRORS_R_CERT_NOT_YET_VALID, "certificate is not yet valid" },
+ { XMLSEC_ERRORS_R_CERT_HAS_EXPIRED, "certificate has expirred" },
+ { XMLSEC_ERRORS_R_DSIG_NO_REFERENCES, "Reference nodes are not found" },
+ { XMLSEC_ERRORS_R_DSIG_INVALID_REFERENCE, "Reference verification failed" },
+ { XMLSEC_ERRORS_R_ASSERTION, "assertion" },
+ { 0, NULL}
+};
+
+static xmlSecErrorsCallback xmlSecErrorsClbk = xmlSecErrorsDefaultCallback;
+static int xmlSecPrintErrorMessages = 1; /* whether the error messages will be printed immidiatelly */
+
+/**
+ * xmlSecErrorsInit:
+ *
+ * Initializes the errors reporting. It is called from #xmlSecInit function.
+ * and applications must not call this function directly.
+ */
+void
+xmlSecErrorsInit(void) {
+}
+
+/**
+ * xmlSecErrorsShutdown:
+ *
+ * Cleanups the errors reporting. It is called from #xmlSecShutdown function.
+ * and applications must not call this function directly.
+ */
+void
+xmlSecErrorsShutdown(void) {
+}
+
+/**
+ * xmlSecErrorsSetCallback:
+ * @callback: the new errors callback function.
+ *
+ * Sets the errors callback function to @callback that will be called
+ * every time an error occurs.
+ */
+void
+xmlSecErrorsSetCallback(xmlSecErrorsCallback callback) {
+ xmlSecErrorsClbk = callback;
+}
+
+/**
+ * xmlSecErrorsDefaultCallback:
+ * @file: the error location file name (__FILE__ macro).
+ * @line: the error location line number (__LINE__ macro).
+ * @func: the error location function name (__FUNCTION__ macro).
+ * @errorObject: the error specific error object
+ * @errorSubject: the error specific error subject.
+ * @reason: the error code.
+ * @msg: the additional error message.
+ *
+ * The default error reporting callback that utilizes LibXML
+ * error reporting #xmlGenericError function.
+ */
+void
+xmlSecErrorsDefaultCallback(const char* file, int line, const char* func,
+ const char* errorObject, const char* errorSubject,
+ int reason, const char* msg) {
+ if(xmlSecPrintErrorMessages) {
+ const char* error_msg = NULL;
+ xmlSecSize i;
+
+ for(i = 0; (i < XMLSEC_ERRORS_MAX_NUMBER) && (xmlSecErrorsGetMsg(i) != NULL); ++i) {
+ if(xmlSecErrorsGetCode(i) == reason) {
+ error_msg = xmlSecErrorsGetMsg(i);
+ break;
+ }
+ }
+ xmlGenericError(xmlGenericErrorContext,
+ "func=%s:file=%s:line=%d:obj=%s:subj=%s:error=%d:%s:%s\n",
+ (func != NULL) ? func : "unknown",
+ (file != NULL) ? file : "unknown",
+ line,
+ (errorObject != NULL) ? errorObject : "unknown",
+ (errorSubject != NULL) ? errorSubject : "unknown",
+ reason,
+ (error_msg != NULL) ? error_msg : "",
+ (msg != NULL) ? msg : "");
+ }
+}
+
+/**
+ * xmlSecErrorsDefaultCallbackEnableOutput:
+ * @enabled: the flag.
+ *
+ * Enables or disables calling LibXML2 callback from the default
+ * errors callback.
+ */
+void
+xmlSecErrorsDefaultCallbackEnableOutput(int enabled) {
+ xmlSecPrintErrorMessages = enabled;
+}
+
+/**
+ * xmlSecErrorsGetCode:
+ * @pos: the error position.
+ *
+ * Gets the known error code at position @pos.
+ *
+ * Returns: the known error code or 0 if @pos is greater than
+ * total number of known error codes.
+ */
+int
+xmlSecErrorsGetCode(xmlSecSize pos) {
+ /* could not use asserts here! */
+ if(pos < sizeof(xmlSecErrorsTable) / sizeof(xmlSecErrorsTable[0])) {
+ return(xmlSecErrorsTable[pos].errorCode);
+ }
+ return(0);
+}
+
+/**
+ * xmlSecErrorsGetMsg:
+ * @pos: the error position.
+ *
+ * Gets the known error message at position @pos.
+ *
+ * Returns: the known error message or NULL if @pos is greater than
+ * total number of known error codes.
+ */
+const char*
+xmlSecErrorsGetMsg(xmlSecSize pos) {
+ /* could not use asserts here! */
+ if(pos < sizeof(xmlSecErrorsTable) / sizeof(xmlSecErrorsTable[0])) {
+ return(xmlSecErrorsTable[pos].errorMsg);
+ }
+ return(NULL);
+}
+
+/**
+ * xmlSecError:
+ * @file: the error location filename (__FILE__).
+ * @line: the error location line number (__LINE__).
+ * @func: the error location function (__FUNCTIION__).
+ * @errorObject: the error specific error object
+ * @errorSubject: the error specific error subject.
+ * @reason: the error code.
+ * @msg: the error message in printf format.
+ * @...: the parameters for the @msg.
+ *
+ * Reports an error to the default (#xmlSecErrorsDefaultCallback) or
+ * application specific callback installed using #xmlSecErrorsSetCallback
+ * function.
+ */
+void
+xmlSecError(const char* file, int line, const char* func,
+ const char* errorObject, const char* errorSubject,
+ int reason, const char* msg, ...) {
+
+ if(xmlSecErrorsClbk != NULL) {
+ xmlChar error_msg[XMLSEC_ERRORS_BUFFER_SIZE];
+
+ if(msg != NULL) {
+ va_list va;
+
+ va_start(va, msg);
+ xmlSecStrVPrintf(error_msg, sizeof(error_msg), BAD_CAST msg, va);
+ error_msg[sizeof(error_msg) - 1] = '\0';
+ va_end(va);
+ } else {
+ error_msg[0] = '\0';
+ }
+ xmlSecErrorsClbk(file, line, func, errorObject, errorSubject, reason, (char*)error_msg);
+ }
+}
diff --git a/src/gcrypt/Makefile.am b/src/gcrypt/Makefile.am
new file mode 100644
index 00000000..734c429f
--- /dev/null
+++ b/src/gcrypt/Makefile.am
@@ -0,0 +1,55 @@
+NULL =
+
+EXTRA_DIST = \
+ README \
+ $(NULL)
+
+lib_LTLIBRARIES = \
+ libxmlsec1-gcrypt.la \
+ $(NULL)
+
+libxmlsec1_gcrypt_la_CPPFLAGS = \
+ -DPACKAGE=\"@PACKAGE@\" \
+ -DGCRYPT_MIN_VERSION=\"$(GCRYPT_MIN_VERSION)\" \
+ -I../../include \
+ -I$(top_srcdir)/include \
+ $(XMLSEC_DEFINES) \
+ $(GCRYPT_CFLAGS) \
+ $(LIBXSLT_CFLAGS) \
+ $(LIBXML_CFLAGS) \
+ $(NULL)
+
+libxmlsec1_gcrypt_la_SOURCES =\
+ app.c \
+ asn1.h \
+ asn1.c \
+ ciphers.c \
+ crypto.c \
+ digests.c \
+ hmac.c \
+ kw_aes.c \
+ kw_des.c \
+ symkeys.c \
+ asymkeys.c \
+ signatures.c \
+ globals.h \
+ $(NULL)
+
+if SHAREDLIB_HACK
+libxmlsec1_gcrypt_la_SOURCES += ../strings.c
+endif
+
+libxmlsec1_gcrypt_la_LIBADD = \
+ $(GCRYPT_LIBS) \
+ $(LIBXSLT_LIBS) \
+ $(LIBXML_LIBS) \
+ ../libxmlsec1.la \
+ $(NULL)
+
+libxmlsec1_gcrypt_la_DEPENDENCIES = \
+ $(NULL)
+
+libxmlsec1_gcrypt_la_LDFLAGS = \
+ @XMLSEC_CRYPTO_EXTRA_LDFLAGS@ \
+ -version-info @XMLSEC_VERSION_INFO@ \
+ $(NULL)
diff --git a/src/gcrypt/Makefile.in b/src/gcrypt/Makefile.in
new file mode 100644
index 00000000..13a08d13
--- /dev/null
+++ b/src/gcrypt/Makefile.in
@@ -0,0 +1,764 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@SHAREDLIB_HACK_TRUE@am__append_1 = ../strings.c
+subdir = src/gcrypt
+DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(libdir)"
+LTLIBRARIES = $(lib_LTLIBRARIES)
+am__DEPENDENCIES_1 =
+am__libxmlsec1_gcrypt_la_SOURCES_DIST = app.c asn1.h asn1.c ciphers.c \
+ crypto.c digests.c hmac.c kw_aes.c kw_des.c symkeys.c \
+ asymkeys.c signatures.c globals.h ../strings.c
+am__objects_1 =
+@SHAREDLIB_HACK_TRUE@am__objects_2 = libxmlsec1_gcrypt_la-strings.lo
+am_libxmlsec1_gcrypt_la_OBJECTS = libxmlsec1_gcrypt_la-app.lo \
+ libxmlsec1_gcrypt_la-asn1.lo libxmlsec1_gcrypt_la-ciphers.lo \
+ libxmlsec1_gcrypt_la-crypto.lo libxmlsec1_gcrypt_la-digests.lo \
+ libxmlsec1_gcrypt_la-hmac.lo libxmlsec1_gcrypt_la-kw_aes.lo \
+ libxmlsec1_gcrypt_la-kw_des.lo libxmlsec1_gcrypt_la-symkeys.lo \
+ libxmlsec1_gcrypt_la-asymkeys.lo \
+ libxmlsec1_gcrypt_la-signatures.lo $(am__objects_1) \
+ $(am__objects_2)
+libxmlsec1_gcrypt_la_OBJECTS = $(am_libxmlsec1_gcrypt_la_OBJECTS)
+libxmlsec1_gcrypt_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libxmlsec1_gcrypt_la_LDFLAGS) $(LDFLAGS) -o $@
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libxmlsec1_gcrypt_la_SOURCES)
+DIST_SOURCES = $(am__libxmlsec1_gcrypt_la_SOURCES_DIST)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CP = @CP@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GCRYPT_CFLAGS = @GCRYPT_CFLAGS@
+GCRYPT_CRYPTO_LIB = @GCRYPT_CRYPTO_LIB@
+GCRYPT_LIBS = @GCRYPT_LIBS@
+GCRYPT_MIN_VERSION = @GCRYPT_MIN_VERSION@
+GNUTLS_CFLAGS = @GNUTLS_CFLAGS@
+GNUTLS_CRYPTO_LIB = @GNUTLS_CRYPTO_LIB@
+GNUTLS_LIBS = @GNUTLS_LIBS@
+GNUTLS_MIN_VERSION = @GNUTLS_MIN_VERSION@
+GREP = @GREP@
+HELP2MAN = @HELP2MAN@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIBXML_CFLAGS = @LIBXML_CFLAGS@
+LIBXML_CONFIG = @LIBXML_CONFIG@
+LIBXML_LIBS = @LIBXML_LIBS@
+LIBXML_MIN_VERSION = @LIBXML_MIN_VERSION@
+LIBXSLT_CFLAGS = @LIBXSLT_CFLAGS@
+LIBXSLT_CONFIG = @LIBXSLT_CONFIG@
+LIBXSLT_LIBS = @LIBXSLT_LIBS@
+LIBXSLT_MIN_VERSION = @LIBXSLT_MIN_VERSION@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MAN2HTML = @MAN2HTML@
+MKDIR_P = @MKDIR_P@
+MOZILLA_MIN_VERSION = @MOZILLA_MIN_VERSION@
+MSCRYPTO_CFLAGS = @MSCRYPTO_CFLAGS@
+MSCRYPTO_CRYPTO_LIB = @MSCRYPTO_CRYPTO_LIB@
+MSCRYPTO_LIBS = @MSCRYPTO_LIBS@
+MV = @MV@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NSPR_MIN_VERSION = @NSPR_MIN_VERSION@
+NSPR_PACKAGE = @NSPR_PACKAGE@
+NSS_CFLAGS = @NSS_CFLAGS@
+NSS_CRYPTO_LIB = @NSS_CRYPTO_LIB@
+NSS_LIBS = @NSS_LIBS@
+NSS_MIN_VERSION = @NSS_MIN_VERSION@
+NSS_PACKAGE = @NSS_PACKAGE@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_CFLAGS = @OPENSSL_CFLAGS@
+OPENSSL_CRYPTO_LIB = @OPENSSL_CRYPTO_LIB@
+OPENSSL_LIBS = @OPENSSL_LIBS@
+OPENSSL_MIN_VERSION = @OPENSSL_MIN_VERSION@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKGCONFIG_PRESENT = @PKGCONFIG_PRESENT@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+RANLIB = @RANLIB@
+RM = @RM@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+TAR = @TAR@
+U = @U@
+VERSION = @VERSION@
+XMLSEC_APP_DEFINES = @XMLSEC_APP_DEFINES@
+XMLSEC_CFLAGS = @XMLSEC_CFLAGS@
+XMLSEC_CORE_CFLAGS = @XMLSEC_CORE_CFLAGS@
+XMLSEC_CORE_LIBS = @XMLSEC_CORE_LIBS@
+XMLSEC_CRYPTO = @XMLSEC_CRYPTO@
+XMLSEC_CRYPTO_CFLAGS = @XMLSEC_CRYPTO_CFLAGS@
+XMLSEC_CRYPTO_DISABLED_LIST = @XMLSEC_CRYPTO_DISABLED_LIST@
+XMLSEC_CRYPTO_EXTRA_LDFLAGS = @XMLSEC_CRYPTO_EXTRA_LDFLAGS@
+XMLSEC_CRYPTO_LIB = @XMLSEC_CRYPTO_LIB@
+XMLSEC_CRYPTO_LIBS = @XMLSEC_CRYPTO_LIBS@
+XMLSEC_CRYPTO_LIST = @XMLSEC_CRYPTO_LIST@
+XMLSEC_CRYPTO_PC_FILES_LIST = @XMLSEC_CRYPTO_PC_FILES_LIST@
+XMLSEC_DEFINES = @XMLSEC_DEFINES@
+XMLSEC_DL_INCLUDES = @XMLSEC_DL_INCLUDES@
+XMLSEC_DL_LIBS = @XMLSEC_DL_LIBS@
+XMLSEC_DOCDIR = @XMLSEC_DOCDIR@
+XMLSEC_EXTRA_LDFLAGS = @XMLSEC_EXTRA_LDFLAGS@
+XMLSEC_GCRYPT_CFLAGS = @XMLSEC_GCRYPT_CFLAGS@
+XMLSEC_GCRYPT_LIBS = @XMLSEC_GCRYPT_LIBS@
+XMLSEC_GNUTLS_CFLAGS = @XMLSEC_GNUTLS_CFLAGS@
+XMLSEC_GNUTLS_LIBS = @XMLSEC_GNUTLS_LIBS@
+XMLSEC_LIBDIR = @XMLSEC_LIBDIR@
+XMLSEC_LIBS = @XMLSEC_LIBS@
+XMLSEC_NO_AES = @XMLSEC_NO_AES@
+XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_DES = @XMLSEC_NO_DES@
+XMLSEC_NO_DSA = @XMLSEC_NO_DSA@
+XMLSEC_NO_GCRYPT = @XMLSEC_NO_GCRYPT@
+XMLSEC_NO_GNUTLS = @XMLSEC_NO_GNUTLS@
+XMLSEC_NO_GOST = @XMLSEC_NO_GOST@
+XMLSEC_NO_HMAC = @XMLSEC_NO_HMAC@
+XMLSEC_NO_LIBXSLT = @XMLSEC_NO_LIBXSLT@
+XMLSEC_NO_MD5 = @XMLSEC_NO_MD5@
+XMLSEC_NO_MSCRYPTO = @XMLSEC_NO_MSCRYPTO@
+XMLSEC_NO_NSS = @XMLSEC_NO_NSS@
+XMLSEC_NO_OPENSSL = @XMLSEC_NO_OPENSSL@
+XMLSEC_NO_RIPEMD160 = @XMLSEC_NO_RIPEMD160@
+XMLSEC_NO_RSA = @XMLSEC_NO_RSA@
+XMLSEC_NO_SHA1 = @XMLSEC_NO_SHA1@
+XMLSEC_NO_SHA224 = @XMLSEC_NO_SHA224@
+XMLSEC_NO_SHA256 = @XMLSEC_NO_SHA256@
+XMLSEC_NO_SHA384 = @XMLSEC_NO_SHA384@
+XMLSEC_NO_SHA512 = @XMLSEC_NO_SHA512@
+XMLSEC_NO_X509 = @XMLSEC_NO_X509@
+XMLSEC_NO_XKMS = @XMLSEC_NO_XKMS@
+XMLSEC_NO_XMLDSIG = @XMLSEC_NO_XMLDSIG@
+XMLSEC_NO_XMLENC = @XMLSEC_NO_XMLENC@
+XMLSEC_NSS_CFLAGS = @XMLSEC_NSS_CFLAGS@
+XMLSEC_NSS_LIBS = @XMLSEC_NSS_LIBS@
+XMLSEC_OPENSSL_CFLAGS = @XMLSEC_OPENSSL_CFLAGS@
+XMLSEC_OPENSSL_LIBS = @XMLSEC_OPENSSL_LIBS@
+XMLSEC_PACKAGE = @XMLSEC_PACKAGE@
+XMLSEC_STATIC_BINARIES = @XMLSEC_STATIC_BINARIES@
+XMLSEC_VERSION = @XMLSEC_VERSION@
+XMLSEC_VERSION_INFO = @XMLSEC_VERSION_INFO@
+XMLSEC_VERSION_MAJOR = @XMLSEC_VERSION_MAJOR@
+XMLSEC_VERSION_MINOR = @XMLSEC_VERSION_MINOR@
+XMLSEC_VERSION_SAFE = @XMLSEC_VERSION_SAFE@
+XMLSEC_VERSION_SUBMINOR = @XMLSEC_VERSION_SUBMINOR@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+NULL =
+EXTRA_DIST = \
+ README \
+ $(NULL)
+
+lib_LTLIBRARIES = \
+ libxmlsec1-gcrypt.la \
+ $(NULL)
+
+libxmlsec1_gcrypt_la_CPPFLAGS = \
+ -DPACKAGE=\"@PACKAGE@\" \
+ -DGCRYPT_MIN_VERSION=\"$(GCRYPT_MIN_VERSION)\" \
+ -I../../include \
+ -I$(top_srcdir)/include \
+ $(XMLSEC_DEFINES) \
+ $(GCRYPT_CFLAGS) \
+ $(LIBXSLT_CFLAGS) \
+ $(LIBXML_CFLAGS) \
+ $(NULL)
+
+libxmlsec1_gcrypt_la_SOURCES = app.c asn1.h asn1.c ciphers.c crypto.c \
+ digests.c hmac.c kw_aes.c kw_des.c symkeys.c asymkeys.c \
+ signatures.c globals.h $(NULL) $(am__append_1)
+libxmlsec1_gcrypt_la_LIBADD = \
+ $(GCRYPT_LIBS) \
+ $(LIBXSLT_LIBS) \
+ $(LIBXML_LIBS) \
+ ../libxmlsec1.la \
+ $(NULL)
+
+libxmlsec1_gcrypt_la_DEPENDENCIES = \
+ $(NULL)
+
+libxmlsec1_gcrypt_la_LDFLAGS = \
+ @XMLSEC_CRYPTO_EXTRA_LDFLAGS@ \
+ -version-info @XMLSEC_VERSION_INFO@ \
+ $(NULL)
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/gcrypt/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/gcrypt/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
+ @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \
+ }
+
+uninstall-libLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \
+ done
+
+clean-libLTLIBRARIES:
+ -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libxmlsec1-gcrypt.la: $(libxmlsec1_gcrypt_la_OBJECTS) $(libxmlsec1_gcrypt_la_DEPENDENCIES)
+ $(libxmlsec1_gcrypt_la_LINK) -rpath $(libdir) $(libxmlsec1_gcrypt_la_OBJECTS) $(libxmlsec1_gcrypt_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gcrypt_la-app.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gcrypt_la-asn1.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gcrypt_la-asymkeys.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gcrypt_la-ciphers.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gcrypt_la-crypto.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gcrypt_la-digests.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gcrypt_la-hmac.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gcrypt_la-kw_aes.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gcrypt_la-kw_des.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gcrypt_la-signatures.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gcrypt_la-strings.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gcrypt_la-symkeys.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+libxmlsec1_gcrypt_la-app.lo: app.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gcrypt_la-app.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gcrypt_la-app.Tpo -c -o libxmlsec1_gcrypt_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gcrypt_la-app.Tpo $(DEPDIR)/libxmlsec1_gcrypt_la-app.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='app.c' object='libxmlsec1_gcrypt_la-app.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gcrypt_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
+
+libxmlsec1_gcrypt_la-asn1.lo: asn1.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gcrypt_la-asn1.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gcrypt_la-asn1.Tpo -c -o libxmlsec1_gcrypt_la-asn1.lo `test -f 'asn1.c' || echo '$(srcdir)/'`asn1.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gcrypt_la-asn1.Tpo $(DEPDIR)/libxmlsec1_gcrypt_la-asn1.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asn1.c' object='libxmlsec1_gcrypt_la-asn1.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gcrypt_la-asn1.lo `test -f 'asn1.c' || echo '$(srcdir)/'`asn1.c
+
+libxmlsec1_gcrypt_la-ciphers.lo: ciphers.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gcrypt_la-ciphers.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gcrypt_la-ciphers.Tpo -c -o libxmlsec1_gcrypt_la-ciphers.lo `test -f 'ciphers.c' || echo '$(srcdir)/'`ciphers.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gcrypt_la-ciphers.Tpo $(DEPDIR)/libxmlsec1_gcrypt_la-ciphers.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ciphers.c' object='libxmlsec1_gcrypt_la-ciphers.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gcrypt_la-ciphers.lo `test -f 'ciphers.c' || echo '$(srcdir)/'`ciphers.c
+
+libxmlsec1_gcrypt_la-crypto.lo: crypto.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gcrypt_la-crypto.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gcrypt_la-crypto.Tpo -c -o libxmlsec1_gcrypt_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gcrypt_la-crypto.Tpo $(DEPDIR)/libxmlsec1_gcrypt_la-crypto.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto.c' object='libxmlsec1_gcrypt_la-crypto.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gcrypt_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c
+
+libxmlsec1_gcrypt_la-digests.lo: digests.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gcrypt_la-digests.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gcrypt_la-digests.Tpo -c -o libxmlsec1_gcrypt_la-digests.lo `test -f 'digests.c' || echo '$(srcdir)/'`digests.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gcrypt_la-digests.Tpo $(DEPDIR)/libxmlsec1_gcrypt_la-digests.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='digests.c' object='libxmlsec1_gcrypt_la-digests.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gcrypt_la-digests.lo `test -f 'digests.c' || echo '$(srcdir)/'`digests.c
+
+libxmlsec1_gcrypt_la-hmac.lo: hmac.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gcrypt_la-hmac.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gcrypt_la-hmac.Tpo -c -o libxmlsec1_gcrypt_la-hmac.lo `test -f 'hmac.c' || echo '$(srcdir)/'`hmac.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gcrypt_la-hmac.Tpo $(DEPDIR)/libxmlsec1_gcrypt_la-hmac.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='hmac.c' object='libxmlsec1_gcrypt_la-hmac.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gcrypt_la-hmac.lo `test -f 'hmac.c' || echo '$(srcdir)/'`hmac.c
+
+libxmlsec1_gcrypt_la-kw_aes.lo: kw_aes.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gcrypt_la-kw_aes.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gcrypt_la-kw_aes.Tpo -c -o libxmlsec1_gcrypt_la-kw_aes.lo `test -f 'kw_aes.c' || echo '$(srcdir)/'`kw_aes.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gcrypt_la-kw_aes.Tpo $(DEPDIR)/libxmlsec1_gcrypt_la-kw_aes.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kw_aes.c' object='libxmlsec1_gcrypt_la-kw_aes.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gcrypt_la-kw_aes.lo `test -f 'kw_aes.c' || echo '$(srcdir)/'`kw_aes.c
+
+libxmlsec1_gcrypt_la-kw_des.lo: kw_des.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gcrypt_la-kw_des.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gcrypt_la-kw_des.Tpo -c -o libxmlsec1_gcrypt_la-kw_des.lo `test -f 'kw_des.c' || echo '$(srcdir)/'`kw_des.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gcrypt_la-kw_des.Tpo $(DEPDIR)/libxmlsec1_gcrypt_la-kw_des.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kw_des.c' object='libxmlsec1_gcrypt_la-kw_des.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gcrypt_la-kw_des.lo `test -f 'kw_des.c' || echo '$(srcdir)/'`kw_des.c
+
+libxmlsec1_gcrypt_la-symkeys.lo: symkeys.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gcrypt_la-symkeys.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gcrypt_la-symkeys.Tpo -c -o libxmlsec1_gcrypt_la-symkeys.lo `test -f 'symkeys.c' || echo '$(srcdir)/'`symkeys.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gcrypt_la-symkeys.Tpo $(DEPDIR)/libxmlsec1_gcrypt_la-symkeys.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='symkeys.c' object='libxmlsec1_gcrypt_la-symkeys.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gcrypt_la-symkeys.lo `test -f 'symkeys.c' || echo '$(srcdir)/'`symkeys.c
+
+libxmlsec1_gcrypt_la-asymkeys.lo: asymkeys.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gcrypt_la-asymkeys.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gcrypt_la-asymkeys.Tpo -c -o libxmlsec1_gcrypt_la-asymkeys.lo `test -f 'asymkeys.c' || echo '$(srcdir)/'`asymkeys.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gcrypt_la-asymkeys.Tpo $(DEPDIR)/libxmlsec1_gcrypt_la-asymkeys.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asymkeys.c' object='libxmlsec1_gcrypt_la-asymkeys.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gcrypt_la-asymkeys.lo `test -f 'asymkeys.c' || echo '$(srcdir)/'`asymkeys.c
+
+libxmlsec1_gcrypt_la-signatures.lo: signatures.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gcrypt_la-signatures.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gcrypt_la-signatures.Tpo -c -o libxmlsec1_gcrypt_la-signatures.lo `test -f 'signatures.c' || echo '$(srcdir)/'`signatures.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gcrypt_la-signatures.Tpo $(DEPDIR)/libxmlsec1_gcrypt_la-signatures.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='signatures.c' object='libxmlsec1_gcrypt_la-signatures.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gcrypt_la-signatures.lo `test -f 'signatures.c' || echo '$(srcdir)/'`signatures.c
+
+libxmlsec1_gcrypt_la-strings.lo: ../strings.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gcrypt_la-strings.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gcrypt_la-strings.Tpo -c -o libxmlsec1_gcrypt_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gcrypt_la-strings.Tpo $(DEPDIR)/libxmlsec1_gcrypt_la-strings.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='../strings.c' object='libxmlsec1_gcrypt_la-strings.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gcrypt_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gcrypt_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(libdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-libLTLIBRARIES
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-libLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libLTLIBRARIES clean-libtool ctags distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am \
+ install-libLTLIBRARIES install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-libLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/gcrypt/README b/src/gcrypt/README
new file mode 100644
index 00000000..dcaa5a0d
--- /dev/null
+++ b/src/gcrypt/README
@@ -0,0 +1,9 @@
+The xmlsec-gcrypt implementation is really limited and is not ready
+for production use. The only supported crypto transforms are:
+
+ - HMAC
+ - Tripple DES
+ - AES [128|192|256]
+ - SHA1
+
+
diff --git a/src/gcrypt/app.c b/src/gcrypt/app.c
new file mode 100644
index 00000000..ab95f6dd
--- /dev/null
+++ b/src/gcrypt/app.c
@@ -0,0 +1,663 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <gcrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gcrypt/app.h>
+#include <xmlsec/gcrypt/crypto.h>
+
+#include "asn1.h"
+
+/**
+ * xmlSecGCryptAppInit:
+ * @config: the path to GCrypt configuration (unused).
+ *
+ * General crypto engine initialization. This function is used
+ * by XMLSec command line utility and called before
+ * @xmlSecInit function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptAppInit(const char* config ATTRIBUTE_UNUSED) {
+ /* Secure memory initialisation based on documentation from:
+ http://www.gnupg.org/documentation/manuals/gcrypt/Initializing-the-library.html
+ NOTE sample code don't check gcry_control(...) return code
+
+ All flags from:
+ http://www.gnupg.org/documentation/manuals/gcrypt/Controlling-the-library.html
+
+ Also libgcrypt NEWS entries:
++++++
+.....
+Noteworthy changes in version 1.4.3 (2008-09-18)
+------------------------------------------------
+
+ * Try to auto-initialize Libgcrypt to minimize the effect of
+ applications not doing that correctly. This is not a perfect
+ solution but given that many applicationion would totally fail
+ without such a hack, we try to help at least with the most common
+ cases. Folks, please read the manual to learn how to properly
+ initialize Libgcrypt!
+
+ * Auto-initialize the secure memory to 32k instead of aborting the
+ process.
+.....
++++++
+ */
+
+ /* Version check should be the very first call because it
+ makes sure that important subsystems are intialized. */
+
+ /* NOTE configure.in defines GCRYPT_MIN_VERSION */
+ if (!gcry_check_version (GCRYPT_MIN_VERSION)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_check_version",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* We don't want to see any warnings, e.g. because we have not yet
+ parsed program options which might be used to suppress such
+ warnings. */
+ gcry_control(GCRYCTL_SUSPEND_SECMEM_WARN);
+
+ /* ... If required, other initialization goes here. Note that the
+ process might still be running with increased privileges and that
+ the secure memory has not been intialized. */
+
+ /* Allocate a pool of 32k secure memory. This make the secure memory
+ available and also drops privileges where needed. */
+ gcry_control(GCRYCTL_INIT_SECMEM, 32768, 0);
+
+ /* It is now okay to let Libgcrypt complain when there was/is
+ a problem with the secure memory. */
+ gcry_control(GCRYCTL_RESUME_SECMEM_WARN);
+
+ /* ... If required, other initialization goes here. */
+
+ /* Tell Libgcrypt that initialization has completed. */
+ gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
+
+ return(0);
+}
+
+/**
+ * xmlSecGCryptAppShutdown:
+ *
+ * General crypto engine shutdown. This function is used
+ * by XMLSec command line utility and called after
+ * @xmlSecShutdown function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptAppShutdown(void) {
+ gcry_error_t err;
+
+ err = gcry_control(GCRYCTL_TERM_SECMEM);
+ if (gcry_err_code(err)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_control(GCRYCTL_TERM_SECMEM)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+/**
+ * xmlSecGCryptAppKeyLoad:
+ * @filename: the key filename.
+ * @format: the key file format.
+ * @pwd: the key file password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key from the a file.
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecGCryptAppKeyLoad(const char *filename, xmlSecKeyDataFormat format,
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx) {
+ xmlSecKeyPtr key;
+ xmlSecBuffer buffer;
+ int ret;
+
+ xmlSecAssert2(filename != NULL, NULL);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
+
+ ret = xmlSecBufferInitialize(&buffer, 4*1024);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ ret = xmlSecBufferReadFile(&buffer, filename);
+ if((ret < 0) || (xmlSecBufferGetData(&buffer) == NULL) || (xmlSecBufferGetSize(&buffer) <= 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferReadFile",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ xmlSecBufferFinalize(&buffer);
+ return(NULL);
+ }
+
+ key = xmlSecGCryptAppKeyLoadMemory(xmlSecBufferGetData(&buffer),
+ xmlSecBufferGetSize(&buffer),
+ format, pwd, pwdCallback, pwdCallbackCtx);
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAppKeyLoadMemory",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ xmlSecBufferFinalize(&buffer);
+ return(NULL);
+ }
+
+ /* cleanup */
+ xmlSecBufferFinalize(&buffer);
+ return(key);
+}
+
+/**
+ * xmlSecGCryptAppKeyLoadMemory:
+ * @data: the binary key data.
+ * @dataSize: the size of binary key.
+ * @format: the key file format.
+ * @pwd: the key file password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key from the memory buffer.
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecGCryptAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecKeyDataFormat format,
+ const char *pwd ATTRIBUTE_UNUSED,
+ void* pwdCallback ATTRIBUTE_UNUSED,
+ void* pwdCallbackCtx ATTRIBUTE_UNUSED)
+{
+ xmlSecKeyPtr key = NULL;
+ xmlSecKeyDataPtr key_data = NULL;
+ int ret;
+
+ xmlSecAssert2(data != NULL, NULL);
+ xmlSecAssert2(dataSize > 0, NULL);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
+
+ switch(format) {
+ case xmlSecKeyDataFormatDer:
+ key_data = xmlSecGCryptParseDer(data, dataSize, xmlSecGCryptDerKeyTypeAuto);
+ if(key_data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptParseDer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ break;
+ case xmlSecKeyDataFormatPem:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAppKeyLoadMemory",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (NULL);
+#ifndef XMLSEC_NO_X509
+ case xmlSecKeyDataFormatPkcs12:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAppKeyLoadMemory",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (NULL);
+#endif /* XMLSEC_NO_X509 */
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_FORMAT,
+ "format=%d", format);
+ return(NULL);
+ }
+
+ /* we should have key data by now */
+ xmlSecAssert2(key_data != NULL, NULL);
+ key = xmlSecKeyCreate();
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(key_data);
+ return(NULL);
+ }
+
+ ret = xmlSecKeySetValue(key, key_data);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(key_data)));
+ xmlSecKeyDestroy(key);
+ xmlSecKeyDataDestroy(key_data);
+ return(NULL);
+ }
+ key_data = NULL; /* key_data is owned by key */
+
+ /* done */
+ return(key);
+}
+
+#ifndef XMLSEC_NO_X509
+/**
+ * xmlSecGCryptAppKeyCertLoad:
+ * @key: the pointer to key.
+ * @filename: the certificate filename.
+ * @format: the certificate file format.
+ *
+ * Reads the certificate from $@filename and adds it to key
+ * (not implemented yet).
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptAppKeyCertLoad(xmlSecKeyPtr key, const char* filename,
+ xmlSecKeyDataFormat format) {
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(filename != NULL, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ /* TODO */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAppKeyCertLoad",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+}
+
+/**
+ * xmlSecGCryptAppKeyCertLoadMemory:
+ * @key: the pointer to key.
+ * @data: the certificate binary data.
+ * @dataSize: the certificate binary data size.
+ * @format: the certificate file format.
+ *
+ * Reads the certificate from memory buffer and adds it to key (not implemented yet).
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptAppKeyCertLoadMemory(xmlSecKeyPtr key,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format) {
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(dataSize > 0, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ /* TODO */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAppKeyCertLoadMemory",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+}
+
+/**
+ * xmlSecGCryptAppPkcs12Load:
+ * @filename: the PKCS12 key filename.
+ * @pwd: the PKCS12 file password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key and all associated certificates from the PKCS12 file
+ * (not implemented yet).
+ * For uniformity, call xmlSecGCryptAppKeyLoad instead of this function. Pass
+ * in format=xmlSecKeyDataFormatPkcs12.
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecGCryptAppPkcs12Load(const char *filename,
+ const char *pwd ATTRIBUTE_UNUSED,
+ void* pwdCallback ATTRIBUTE_UNUSED,
+ void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
+ xmlSecAssert2(filename != NULL, NULL);
+
+ /* TODO */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAppPkcs12Load",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+}
+
+/**
+ * xmlSecGCryptAppPkcs12LoadMemory:
+ * @data: the PKCS12 binary data.
+ * @dataSize: the PKCS12 binary data size.
+ * @pwd: the PKCS12 file password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key and all associated certificates from the PKCS12 data in memory buffer.
+ * For uniformity, call xmlSecGCryptAppKeyLoadMemory instead of this function. Pass
+ * in format=xmlSecKeyDataFormatPkcs12 (not implemented yet).
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecGCryptAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize,
+ const char *pwd ATTRIBUTE_UNUSED,
+ void* pwdCallback ATTRIBUTE_UNUSED,
+ void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
+ xmlSecAssert2(data != NULL, NULL);
+ xmlSecAssert2(dataSize > 0, NULL);
+
+ /* TODO */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAppPkcs12LoadMemory",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+}
+
+/**
+ * xmlSecGCryptAppKeysMngrCertLoad:
+ * @mngr: the keys manager.
+ * @filename: the certificate file.
+ * @format: the certificate file format.
+ * @type: the flag that indicates is the certificate in @filename
+ * trusted or not.
+ *
+ * Reads cert from @filename and adds to the list of trusted or known
+ * untrusted certs in @store (not implemented yet).
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr,
+ const char *filename,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(filename != NULL, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ /* TODO */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAppKeysMngrCertLoad",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+}
+
+/**
+ * xmlSecGCryptAppKeysMngrCertLoadMemory:
+ * @mngr: the keys manager.
+ * @data: the certificate binary data.
+ * @dataSize: the certificate binary data size.
+ * @format: the certificate file format.
+ * @type: the flag that indicates is the certificate trusted or not.
+ *
+ * Reads cert from binary buffer @data and adds to the list of trusted or known
+ * untrusted certs in @store (not implemented yet).
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(dataSize > 0, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ /* TODO */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAppKeysMngrCertLoadMemory",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+}
+
+#endif /* XMLSEC_NO_X509 */
+
+/**
+ * xmlSecGCryptAppDefaultKeysMngrInit:
+ * @mngr: the pointer to keys manager.
+ *
+ * Initializes @mngr with simple keys store #xmlSecSimpleKeysStoreId
+ * and a default GCrypt crypto key data stores.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) {
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+
+ /* create simple keys store if needed */
+ if(xmlSecKeysMngrGetKeysStore(mngr) == NULL) {
+ xmlSecKeyStorePtr keysStore;
+
+ keysStore = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
+ if(keysStore == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyStoreCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecSimpleKeysStoreId");
+ return(-1);
+ }
+
+ ret = xmlSecKeysMngrAdoptKeysStore(mngr, keysStore);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrAdoptKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyStoreDestroy(keysStore);
+ return(-1);
+ }
+ }
+
+ ret = xmlSecGCryptKeysMngrInit(mngr);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptKeysMngrInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* TODO */
+ mngr->getKey = xmlSecKeysMngrGetKey;
+ return(0);
+}
+
+/**
+ * xmlSecGCryptAppDefaultKeysMngrAdoptKey:
+ * @mngr: the pointer to keys manager.
+ * @key: the pointer to key.
+ *
+ * Adds @key to the keys manager @mngr created with #xmlSecGCryptAppDefaultKeysMngrInit
+ * function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr, xmlSecKeyPtr key) {
+ xmlSecKeyStorePtr store;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ store = xmlSecKeysMngrGetKeysStore(mngr);
+ if(store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecSimpleKeysStoreAdoptKey(store, key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSimpleKeysStoreAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecGCryptAppDefaultKeysMngrLoad:
+ * @mngr: the pointer to keys manager.
+ * @uri: the uri.
+ *
+ * Loads XML keys file from @uri to the keys manager @mngr created
+ * with #xmlSecGCryptAppDefaultKeysMngrInit function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptAppDefaultKeysMngrLoad(xmlSecKeysMngrPtr mngr, const char* uri) {
+ xmlSecKeyStorePtr store;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(uri != NULL, -1);
+
+ store = xmlSecKeysMngrGetKeysStore(mngr);
+ if(store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecSimpleKeysStoreLoad(store, uri, mngr);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSimpleKeysStoreLoad",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "uri=%s", xmlSecErrorsSafeString(uri));
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecGCryptAppDefaultKeysMngrSave:
+ * @mngr: the pointer to keys manager.
+ * @filename: the destination filename.
+ * @type: the type of keys to save (public/private/symmetric).
+ *
+ * Saves keys from @mngr to XML keys file.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptAppDefaultKeysMngrSave(xmlSecKeysMngrPtr mngr, const char* filename, xmlSecKeyDataType type) {
+ xmlSecKeyStorePtr store;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(filename != NULL, -1);
+
+ store = xmlSecKeysMngrGetKeysStore(mngr);
+ if(store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecSimpleKeysStoreSave(store, filename, type);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSimpleKeysStoreSave",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecGCryptAppGetDefaultPwdCallback:
+ *
+ * Gets default password callback.
+ *
+ * Returns: default password callback.
+ */
+void*
+xmlSecGCryptAppGetDefaultPwdCallback(void) {
+ return(NULL);
+}
+
diff --git a/src/gcrypt/asn1.c b/src/gcrypt/asn1.c
new file mode 100644
index 00000000..b1388420
--- /dev/null
+++ b/src/gcrypt/asn1.c
@@ -0,0 +1,602 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <gcrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gcrypt/crypto.h>
+
+#include "asn1.h"
+
+/**************************************************************************
+ *
+ * ASN.1 parser is taken from GCrypt tests
+ *
+ *************************************************************************/
+
+/* ASN.1 classes. */
+enum
+{
+ UNIVERSAL = 0,
+ APPLICATION = 1,
+ ASNCONTEXT = 2,
+ PRIVATE = 3
+};
+
+
+/* ASN.1 tags. */
+enum
+{
+ TAG_NONE = 0,
+ TAG_BOOLEAN = 1,
+ TAG_INTEGER = 2,
+ TAG_BIT_STRING = 3,
+ TAG_OCTET_STRING = 4,
+ TAG_NULL = 5,
+ TAG_OBJECT_ID = 6,
+ TAG_OBJECT_DESCRIPTOR = 7,
+ TAG_EXTERNAL = 8,
+ TAG_REAL = 9,
+ TAG_ENUMERATED = 10,
+ TAG_EMBEDDED_PDV = 11,
+ TAG_UTF8_STRING = 12,
+ TAG_REALTIVE_OID = 13,
+ TAG_SEQUENCE = 16,
+ TAG_SET = 17,
+ TAG_NUMERIC_STRING = 18,
+ TAG_PRINTABLE_STRING = 19,
+ TAG_TELETEX_STRING = 20,
+ TAG_VIDEOTEX_STRING = 21,
+ TAG_IA5_STRING = 22,
+ TAG_UTC_TIME = 23,
+ TAG_GENERALIZED_TIME = 24,
+ TAG_GRAPHIC_STRING = 25,
+ TAG_VISIBLE_STRING = 26,
+ TAG_GENERAL_STRING = 27,
+ TAG_UNIVERSAL_STRING = 28,
+ TAG_CHARACTER_STRING = 29,
+ TAG_BMP_STRING = 30
+};
+
+/* ASN.1 Parser object. */
+struct tag_info
+{
+ int class; /* Object class. */
+ unsigned long tag; /* The tag of the object. */
+ unsigned long length; /* Length of the values. */
+ int nhdr; /* Length of the header (TL). */
+ unsigned int ndef:1; /* The object has an indefinite length. */
+ unsigned int cons:1; /* This is a constructed object. */
+};
+
+/* Parse the buffer at the address BUFFER which consists of the number
+ of octets as stored at BUFLEN. Return the tag and the length part
+ from the TLV triplet. Update BUFFER and BUFLEN on success. Checks
+ that the encoded length does not exhaust the length of the provided
+ buffer. */
+static int
+xmlSecGCryptAsn1ParseTag (xmlSecByte const **buffer, xmlSecSize *buflen, struct tag_info *ti)
+{
+ int c;
+ unsigned long tag;
+ const xmlSecByte *buf;
+ xmlSecSize length;
+
+ xmlSecAssert2(buffer != NULL, -1);
+ xmlSecAssert2((*buffer) != NULL, -1);
+ xmlSecAssert2(buflen != NULL, -1);
+ xmlSecAssert2(ti != NULL, -1);
+
+ /* initialize */
+ buf = *buffer;
+ length = *buflen;
+
+ ti->length = 0;
+ ti->ndef = 0;
+ ti->nhdr = 0;
+
+ /* Get the tag */
+ if (length <= 0) {
+ return(-1); /* Premature EOF. */
+ }
+ c = *buf++;
+ length--;
+ ti->nhdr++;
+
+ ti->class = (c & 0xc0) >> 6;
+ ti->cons = !!(c & 0x20);
+ tag = (c & 0x1f);
+
+ if (tag == 0x1f) {
+ tag = 0;
+ do {
+ tag <<= 7;
+ if (length <= 0) {
+ return(-1); /* Premature EOF. */
+ }
+ c = *buf++;
+ length--;
+ ti->nhdr++;
+ tag |= (c & 0x7f);
+ } while ( (c & 0x80) );
+ }
+ ti->tag = tag;
+
+ /* Get the length */
+ if(length <= 0) {
+ return -1; /* Premature EOF. */
+ }
+ c = *buf++;
+ length--;
+ ti->nhdr++;
+
+ if ( !(c & 0x80) ) {
+ ti->length = c;
+ } else if (c == 0x80) {
+ ti->ndef = 1;
+ } else if (c == 0xff) {
+ return -1; /* Forbidden length value. */
+ } else {
+ xmlSecSize len = 0;
+ int count = c & 0x7f;
+
+ for (; count; count--) {
+ len <<= 8;
+ if (length <= 0) {
+ return -1; /* Premature EOF. */
+ }
+ c = *buf++; length--;
+ ti->nhdr++;
+ len |= (c & 0xff);
+ }
+ ti->length = len;
+ }
+
+ if (ti->class == UNIVERSAL && !ti->tag) {
+ ti->length = 0;
+ }
+
+ if (ti->length > length) {
+ return(-1); /* Data larger than buffer. */
+ }
+
+ /* done */
+ *buffer = buf;
+ *buflen = length;
+ return(0);
+}
+
+static int
+xmlSecGCryptAsn1ParseIntegerSequence(xmlSecByte const **buffer, xmlSecSize *buflen,
+ gcry_mpi_t * params, int params_size) {
+ const xmlSecByte *buf;
+ xmlSecSize length;
+ struct tag_info ti;
+ gcry_error_t err;
+ int idx = 0;
+ int ret;
+
+ xmlSecAssert2(buffer != NULL, -1);
+ xmlSecAssert2((*buffer) != NULL, -1);
+ xmlSecAssert2(buflen != NULL, -1);
+ xmlSecAssert2(params != NULL, -1);
+ xmlSecAssert2(params_size > 0, -1);
+
+ /* initialize */
+ buf = *buffer;
+ length = *buflen;
+
+ /* read SEQUENCE */
+ memset(&ti, 0, sizeof(ti));
+ ret = xmlSecGCryptAsn1ParseTag (&buf, &length, &ti);
+ if((ret != 0) || (ti.tag != TAG_SEQUENCE) || ti.class || !ti.cons || ti.ndef) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAsn1ParseTag",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "TAG_SEQUENCE is expected: tag=%d",
+ (int)ti.tag);
+ return(-1);
+ }
+
+ /* read INTEGERs */
+ for (idx = 0; ((idx < params_size) && (length > 0)); idx++) {
+ memset(&ti, 0, sizeof(ti));
+ ret = xmlSecGCryptAsn1ParseTag (&buf, &length, &ti);
+ if((ret != 0) || (ti.tag != TAG_INTEGER) || ti.class || ti.cons || ti.ndef)
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAsn1ParseTag",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "TAG_INTEGER is expected - index=%d, tag=%d",
+ (int)idx, (int)ti.tag);
+ return(-1);
+ }
+
+ err = gcry_mpi_scan(&(params[idx]), GCRYMPI_FMT_USG, buf, ti.length, NULL);
+ if((err != GPG_ERR_NO_ERROR) || (params[idx] == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_mpi_scan",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+ buf += ti.length;
+ length -= ti.length;
+ }
+
+ /* did we parse everything? */
+ if(length > 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAsn1ParseTag",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "too many params - cur=%d, expected=%d",
+ (int)(idx - 1), (int)params_size);
+ return(-1);
+ }
+
+ /* done */
+ *buffer = buf;
+ *buflen = length;
+ return(idx);
+}
+
+xmlSecKeyDataPtr
+xmlSecGCryptParseDer(const xmlSecByte * der, xmlSecSize derlen,
+ enum xmlSecGCryptDerKeyType type) {
+ xmlSecKeyDataPtr key_data = NULL;
+ gcry_sexp_t s_pub_key = NULL;
+ gcry_sexp_t s_priv_key = NULL;
+ gcry_error_t err;
+ gcry_mpi_t keyparms[20];
+ int keyparms_num;
+ unsigned int idx;
+ int ret;
+
+ xmlSecAssert2(der != NULL, NULL);
+ xmlSecAssert2(derlen > 0, NULL);
+
+ /* Parse the ASN.1 structure. */
+ memset(&keyparms, 0, sizeof(keyparms));
+ ret = xmlSecGCryptAsn1ParseIntegerSequence(
+ &der, &derlen,
+ keyparms, sizeof(keyparms) / sizeof(keyparms[0])
+ );
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAsn1ParseIntegerSequence",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ keyparms_num = ret;
+
+ /* The value of the first integer should be 0. */
+ if ((keyparms_num < 1) || (gcry_mpi_cmp_ui(keyparms[0], 0) != 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAsn1ParseTag",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "num=%d",
+ (int)keyparms_num);
+ goto done;
+ }
+
+ /* do we need to guess the key type? not robust but the best we can do */
+ if(type == xmlSecGCryptDerKeyTypeAuto) {
+ switch(keyparms_num) {
+ case 3:
+ /* Public RSA */
+ type = xmlSecGCryptDerKeyTypePublicRsa;
+ case 5:
+ /* Public DSA */
+ type = xmlSecGCryptDerKeyTypePublicDsa;
+ case 6:
+ /* Private DSA */
+ type = xmlSecGCryptDerKeyTypePrivateDsa;
+ break;
+ case 9:
+ /* Private RSA */
+ type = xmlSecGCryptDerKeyTypePrivateRsa;
+ break;
+ default:
+ /* unknown */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "Unexpected number of parameters, unknown key type",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "keyparms_num=%d", (int)keyparms_num);
+ goto done;
+ }
+ }
+
+
+ switch(type) {
+#ifndef XMLSEC_NO_DSA
+ case xmlSecGCryptDerKeyTypePrivateDsa:
+ /* check we have enough params */
+ if(keyparms_num != 6) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "Private DSA key: 6 parameters exepcted",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "parms_num=%d", (int)keyparms_num);
+ goto done;
+ }
+
+ /* Convert from OpenSSL parameter ordering to the OpenPGP order. */
+ /* First check that x < y; if not swap x and y */
+ if (gcry_mpi_cmp (keyparms[4], keyparms[5]) > 0) {
+ gcry_mpi_swap (keyparms[4], keyparms[5]);
+ }
+
+ /* Build the S-expressions */
+ err = gcry_sexp_build (&s_priv_key, NULL,
+ "(private-key(dsa(p%m)(q%m)(g%m)(x%m)(y%m)))",
+ keyparms[1], keyparms[2], keyparms[3], keyparms[4], keyparms[5]
+ );
+ if((err != GPG_ERR_NO_ERROR) || (s_priv_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(private-key/dsa)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ err = gcry_sexp_build (&s_pub_key, NULL,
+ "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
+ keyparms[1], keyparms[2], keyparms[3], keyparms[5]
+ );
+ if((err != GPG_ERR_NO_ERROR) || (s_pub_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(public-key/dsa)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* construct key and key data */
+ key_data = xmlSecKeyDataCreate(xmlSecGCryptKeyDataDsaId);
+ if(key_data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecGCryptKeyDataDsaId");
+ goto done;
+ }
+
+ ret = xmlSecGCryptKeyDataDsaAdoptKeyPair(key_data, s_pub_key, s_priv_key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptKeyDataDsaAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecGCryptKeyDataDsaId");
+ xmlSecKeyDataDestroy(key_data);
+ key_data = NULL;
+ goto done;
+ }
+ s_pub_key = NULL; /* owned by key_data now */
+ s_priv_key = NULL; /* owned by key_data now */
+ break;
+
+ case xmlSecGCryptDerKeyTypePublicDsa:
+ /* check we have enough params */
+ if(keyparms_num != 5) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "Public DSA key: 5 parameters exepcted",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "parms_num=%d", (int)keyparms_num);
+ goto done;
+ }
+
+ /* Build the S-expression. */
+ err = gcry_sexp_build (&s_pub_key, NULL,
+ "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
+ keyparms[2], keyparms[3], keyparms[4], keyparms[1]
+ );
+ if((err != GPG_ERR_NO_ERROR) || (s_pub_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(public-key/dsa)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* construct key and key data */
+ key_data = xmlSecKeyDataCreate(xmlSecGCryptKeyDataDsaId);
+ if(key_data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecGCryptKeyDataDsaId");
+ goto done;
+ }
+
+ ret = xmlSecGCryptKeyDataDsaAdoptKeyPair(key_data, s_pub_key, NULL);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptKeyDataDsaAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecGCryptKeyDataDsaId");
+ xmlSecKeyDataDestroy(key_data);
+ key_data = NULL;
+ goto done;
+ }
+ s_pub_key = NULL; /* owned by key_data now */
+ break;
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_RSA
+ case xmlSecGCryptDerKeyTypePrivateRsa:
+ /* check we have enough params */
+ if(keyparms_num != 9) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "Private RSA key: 9 parameters exepcted",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "parms_num=%d", (int)keyparms_num);
+ goto done;
+ }
+
+ /* Convert from OpenSSL parameter ordering to the OpenPGP order. */
+ /* First check that p < q; if not swap p and q and recompute u. */
+ if (gcry_mpi_cmp (keyparms[4], keyparms[5]) > 0) {
+ gcry_mpi_swap (keyparms[4], keyparms[5]);
+ gcry_mpi_invm (keyparms[8], keyparms[4], keyparms[5]);
+ }
+
+ /* Build the S-expression. */
+ err = gcry_sexp_build (&s_priv_key, NULL,
+ "(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))",
+ keyparms[1], keyparms[2],
+ keyparms[3], keyparms[4],
+ keyparms[5], keyparms[8]
+ );
+ if((err != GPG_ERR_NO_ERROR) || (s_priv_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(private-key/rsa)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ err = gcry_sexp_build (&s_pub_key, NULL,
+ "(public-key(rsa(n%m)(e%m)))",
+ keyparms[1], keyparms[2]
+ );
+ if((err != GPG_ERR_NO_ERROR) || (s_pub_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(public-key/rsa)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* construct key and key data */
+ key_data = xmlSecKeyDataCreate(xmlSecGCryptKeyDataRsaId);
+ if(key_data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecGCryptKeyDataRsaId");
+ goto done;
+ }
+
+ ret = xmlSecGCryptKeyDataRsaAdoptKeyPair(key_data, s_pub_key, s_priv_key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptKeyDataRsaAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecGCryptKeyDataRsaId");
+ xmlSecKeyDataDestroy(key_data);
+ key_data = NULL;
+ goto done;
+ }
+ s_pub_key = NULL; /* owned by key_data now */
+ s_priv_key = NULL; /* owned by key_data now */
+ break;
+
+ case xmlSecGCryptDerKeyTypePublicRsa:
+ /* check we have enough params */
+ if(keyparms_num != 3) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "Public RSA key: 3 parameters exepcted",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "parms_num=%d", (int)keyparms_num);
+ goto done;
+ }
+
+ /* Build the S-expression. */
+ err = gcry_sexp_build (&s_pub_key, NULL,
+ "(public-key(rsa(n%m)(e%m)))",
+ keyparms[1], keyparms[2]
+ );
+ if((err != GPG_ERR_NO_ERROR) || (s_pub_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(public-key/rsa)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* construct key and key data */
+ key_data = xmlSecKeyDataCreate(xmlSecGCryptKeyDataRsaId);
+ if(key_data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecGCryptKeyDataRsaId");
+ goto done;
+ }
+
+ ret = xmlSecGCryptKeyDataRsaAdoptKeyPair(key_data, s_pub_key, NULL);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptKeyDataRsaAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecGCryptKeyDataRsaId");
+ xmlSecKeyDataDestroy(key_data);
+ key_data = NULL;
+ goto done;
+ }
+ s_pub_key = NULL; /* owned by key_data now */
+ break;
+#endif /* XMLSEC_NO_RSA */
+
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "Unsupported key type",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "type=%d", (int)type);
+ goto done;
+ break;
+ }
+
+done:
+ if(s_priv_key != NULL) {
+ gcry_sexp_release(s_priv_key);
+ }
+ if(s_pub_key != NULL) {
+ gcry_sexp_release(s_pub_key);
+ }
+ for (idx = 0; idx < sizeof(keyparms) / sizeof(keyparms[0]); idx++) {
+ if(keyparms[idx] != NULL) {
+ gcry_mpi_release (keyparms[idx]);
+ }
+ }
+
+ return(key_data);
+}
diff --git a/src/gcrypt/asn1.h b/src/gcrypt/asn1.h
new file mode 100644
index 00000000..d05b5305
--- /dev/null
+++ b/src/gcrypt/asn1.h
@@ -0,0 +1,39 @@
+/*
+ * XML Security Library
+ *
+ * gcrypt/asn1.h: internal header only used during the compilation
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_GCRYPT_ASN1_H__
+#define __XMLSEC_GCRYPT_ASN1_H__
+
+#ifndef XMLSEC_PRIVATE
+#error "gcrypt/asn1.h file contains private xmlsec-gcrypt definitions and should not be used outside xmlsec or xmlsec-<crypto> libraries"
+#endif /* XMLSEC_PRIVATE */
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+enum xmlSecGCryptDerKeyType {
+ xmlSecGCryptDerKeyTypeAuto = 0,
+ xmlSecGCryptDerKeyTypePublicDsa,
+ xmlSecGCryptDerKeyTypePublicRsa,
+ xmlSecGCryptDerKeyTypePrivateDsa,
+ xmlSecGCryptDerKeyTypePrivateRsa
+};
+
+xmlSecKeyDataPtr xmlSecGCryptParseDer (const xmlSecByte * der,
+ xmlSecSize derlen,
+ enum xmlSecGCryptDerKeyType type);
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+
+#endif /*__XMLSEC_GCRYPT_ASN1_H__ */
diff --git a/src/gcrypt/asymkeys.c b/src/gcrypt/asymkeys.c
new file mode 100644
index 00000000..8f0cec88
--- /dev/null
+++ b/src/gcrypt/asymkeys.c
@@ -0,0 +1,1920 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <gcrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gcrypt/crypto.h>
+
+/**************************************************************************
+ *
+ * Helpers
+ *
+ *************************************************************************/
+static gcry_sexp_t xmlSecGCryptAsymSExpDup (gcry_sexp_t sexp);
+
+
+/**************************************************************************
+ *
+ * Internal GCrypt asym key CTX
+ *
+ *************************************************************************/
+typedef struct _xmlSecGCryptAsymKeyDataCtx xmlSecGCryptAsymKeyDataCtx,
+ *xmlSecGCryptAsymKeyDataCtxPtr;
+struct _xmlSecGCryptAsymKeyDataCtx {
+ gcry_sexp_t pub_key;
+ gcry_sexp_t priv_key;
+};
+
+/******************************************************************************
+ *
+ * Asym key (dsa/rsa)
+ *
+ * xmlSecGCryptAsymKeyDataCtx is located after xmlSecTransform
+ *
+ *****************************************************************************/
+#define xmlSecGCryptAsymKeyDataSize \
+ (sizeof(xmlSecKeyData) + sizeof(xmlSecGCryptAsymKeyDataCtx))
+#define xmlSecGCryptAsymKeyDataGetCtx(data) \
+ ((xmlSecGCryptAsymKeyDataCtxPtr)(((xmlSecByte*)(data)) + sizeof(xmlSecKeyData)))
+
+static int xmlSecGCryptAsymKeyDataInitialize (xmlSecKeyDataPtr data);
+static int xmlSecGCryptAsymKeyDataDuplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecGCryptAsymKeyDataFinalize (xmlSecKeyDataPtr data);
+
+static int xmlSecGCryptAsymKeyDataAdoptKey (xmlSecKeyDataPtr data,
+ gcry_sexp_t key_pair);
+static int xmlSecGCryptAsymKeyDataAdoptKeyPair (xmlSecKeyDataPtr data,
+ gcry_sexp_t pub_key,
+ gcry_sexp_t priv_key);
+static gcry_sexp_t xmlSecGCryptAsymKeyDataGetPublicKey (xmlSecKeyDataPtr data);
+static gcry_sexp_t xmlSecGCryptAsymKeyDataGetPrivateKey (xmlSecKeyDataPtr data);
+static int xmlSecGCryptAsymKeyDataGenerate (xmlSecKeyDataPtr data,
+ const char * alg,
+ xmlSecSize key_size);
+static xmlSecKeyDataType xmlSecGCryptAsymKeyDataGetType (xmlSecKeyDataPtr data);
+static xmlSecSize xmlSecGCryptAsymKeyDataGetSize (xmlSecKeyDataPtr data);
+
+
+static int
+xmlSecGCryptAsymKeyDataInitialize(xmlSecKeyDataPtr data) {
+ xmlSecGCryptAsymKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGCryptAsymKeyDataSize), -1);
+
+ ctx = xmlSecGCryptAsymKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecGCryptAsymKeyDataCtx));
+
+ return(0);
+}
+
+static int
+xmlSecGCryptAsymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecGCryptAsymKeyDataCtxPtr ctxDst;
+ xmlSecGCryptAsymKeyDataCtxPtr ctxSrc;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(dst), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecGCryptAsymKeyDataSize), -1);
+ xmlSecAssert2(xmlSecKeyDataIsValid(src), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecGCryptAsymKeyDataSize), -1);
+
+ ctxDst = xmlSecGCryptAsymKeyDataGetCtx(dst);
+ xmlSecAssert2(ctxDst != NULL, -1);
+ xmlSecAssert2(ctxDst->pub_key == NULL, -1);
+ xmlSecAssert2(ctxDst->priv_key == NULL, -1);
+
+ ctxSrc = xmlSecGCryptAsymKeyDataGetCtx(src);
+ xmlSecAssert2(ctxSrc != NULL, -1);
+
+ if(ctxSrc->pub_key != NULL) {
+ ctxDst->pub_key = xmlSecGCryptAsymSExpDup(ctxSrc->pub_key);
+ if(ctxDst->pub_key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "xmlSecGCryptAsymSExpDup(pub_key)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ if(ctxSrc->priv_key != NULL) {
+ ctxDst->priv_key = xmlSecGCryptAsymSExpDup(ctxSrc->priv_key);
+ if(ctxDst->priv_key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "xmlSecGCryptAsymSExpDup(priv_key)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ return(0);
+}
+
+static void
+xmlSecGCryptAsymKeyDataFinalize(xmlSecKeyDataPtr data) {
+ xmlSecGCryptAsymKeyDataCtxPtr ctx;
+
+ xmlSecAssert(xmlSecKeyDataIsValid(data));
+ xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecGCryptAsymKeyDataSize));
+
+ ctx = xmlSecGCryptAsymKeyDataGetCtx(data);
+ xmlSecAssert(ctx != NULL);
+
+ if(ctx->pub_key != NULL) {
+ gcry_sexp_release(ctx->pub_key);
+ }
+ if(ctx->priv_key != NULL) {
+ gcry_sexp_release(ctx->priv_key);
+ }
+ memset(ctx, 0, sizeof(xmlSecGCryptAsymKeyDataCtx));
+}
+
+static int
+xmlSecGCryptAsymKeyDataAdoptKey(xmlSecKeyDataPtr data, gcry_sexp_t key_pair) {
+ xmlSecGCryptAsymKeyDataCtxPtr ctx;
+ gcry_sexp_t pub_key = NULL;
+ gcry_sexp_t priv_key = NULL;
+ int res = -1;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGCryptAsymKeyDataSize), -1);
+ xmlSecAssert2(key_pair != NULL, -1);
+
+ ctx = xmlSecGCryptAsymKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ /* split the key pair, public part should be always present, private might
+ not be present */
+ pub_key = gcry_sexp_find_token(key_pair, "public-key", 0);
+ if(pub_key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_find_token(public-key)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ priv_key = gcry_sexp_find_token(key_pair, "private-key", 0);
+
+ /* assign */
+ if(xmlSecGCryptAsymKeyDataAdoptKeyPair(data, pub_key, priv_key) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAsymKeyDataAdoptKeyPair",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ pub_key = NULL; /* data owns it now */
+ priv_key = NULL; /* data owns it now */
+
+ /* success */
+ res = 0;
+
+done:
+ if(pub_key != NULL) {
+ gcry_sexp_release(pub_key);
+ }
+
+ if(priv_key != NULL) {
+ gcry_sexp_release(priv_key);
+ }
+
+ /* done */
+ return(res);
+}
+
+static int
+xmlSecGCryptAsymKeyDataAdoptKeyPair(xmlSecKeyDataPtr data, gcry_sexp_t pub_key, gcry_sexp_t priv_key) {
+ xmlSecGCryptAsymKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGCryptAsymKeyDataSize), -1);
+ xmlSecAssert2(pub_key != NULL, -1); /* public key should present always */
+/*
+ aleksey - we don't set optional parameters for RSA keys (p, k, u) and
+ because of that we can't actually test the key
+
+ xmlSecAssert2(((priv_key == NULL) || (gcry_pk_testkey(priv_key) == GPG_ERR_NO_ERROR)), -1);
+*/
+
+ ctx = xmlSecGCryptAsymKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ /* release prev values and assign new ones */
+ if(ctx->pub_key != NULL) {
+ gcry_sexp_release(ctx->pub_key);
+ }
+ if(ctx->priv_key != NULL) {
+ gcry_sexp_release(ctx->priv_key);
+ }
+
+ ctx->pub_key = pub_key;
+ ctx->priv_key = priv_key;
+
+ /* done */
+ return(0);
+}
+
+static gcry_sexp_t
+xmlSecGCryptAsymKeyDataGetPublicKey(xmlSecKeyDataPtr data) {
+ xmlSecGCryptAsymKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), NULL);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGCryptAsymKeyDataSize), NULL);
+
+ ctx = xmlSecGCryptAsymKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, NULL);
+
+ return(ctx->pub_key);
+}
+
+static gcry_sexp_t
+xmlSecGCryptAsymKeyDataGetPrivateKey(xmlSecKeyDataPtr data) {
+ xmlSecGCryptAsymKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), NULL);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGCryptAsymKeyDataSize), NULL);
+
+ ctx = xmlSecGCryptAsymKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, NULL);
+
+ return(ctx->priv_key);
+}
+
+static int
+xmlSecGCryptAsymKeyDataGenerate(xmlSecKeyDataPtr data, const char * alg, xmlSecSize key_size) {
+ xmlSecGCryptAsymKeyDataCtxPtr ctx;
+ gcry_sexp_t key_spec = NULL;
+ gcry_sexp_t key_pair = NULL;
+ gcry_error_t err;
+ int ret;
+ int res = -1;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGCryptAsymKeyDataSize), -1);
+ xmlSecAssert2(alg != NULL, -1);
+ xmlSecAssert2(key_size > 0, -1);
+
+ ctx = xmlSecGCryptAsymKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ err = gcry_sexp_build(&key_spec, NULL,
+ "(genkey (%s (nbits %d)(transient-key)))",
+ alg, (int)key_size);
+ if((err != GPG_ERR_NO_ERROR) || (key_spec == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(genkey)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ err = gcry_pk_genkey(&key_pair, key_spec);
+ if((err != GPG_ERR_NO_ERROR) || (key_pair == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_pk_genkey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ ret = xmlSecGCryptAsymKeyDataAdoptKey(data, key_pair);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAsymKeyDataAdopt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ret=%d", (int)ret);
+ goto done;
+ }
+ key_pair = NULL; /* now owned by data */
+
+ /* success */
+ res = 0;
+
+done:
+ if(key_spec != NULL) {
+ gcry_sexp_release(key_spec);
+ }
+ if(key_pair != NULL) {
+ gcry_sexp_release(key_pair);
+ }
+
+ return(res);
+}
+
+static xmlSecKeyDataType
+xmlSecGCryptAsymKeyDataGetType(xmlSecKeyDataPtr data) {
+ xmlSecGCryptAsymKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), xmlSecKeyDataTypeUnknown);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGCryptAsymKeyDataSize), xmlSecKeyDataTypeUnknown);
+
+ ctx = xmlSecGCryptAsymKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, xmlSecKeyDataTypeUnknown);
+
+ if((ctx->priv_key != NULL) && (ctx->pub_key != NULL)) {
+ return (xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
+ } else if(ctx->pub_key != NULL) {
+ return (xmlSecKeyDataTypePublic);
+ }
+
+ return (xmlSecKeyDataTypeUnknown);
+}
+
+static xmlSecSize
+xmlSecGCryptAsymKeyDataGetSize(xmlSecKeyDataPtr data) {
+ xmlSecGCryptAsymKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), xmlSecKeyDataTypeUnknown);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecGCryptAsymKeyDataSize), xmlSecKeyDataTypeUnknown);
+
+ ctx = xmlSecGCryptAsymKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, 0);
+
+ /* use pub key since it is more often you have it than not */
+ return (ctx->pub_key != NULL) ? gcry_pk_get_nbits(ctx->pub_key) : 0;
+}
+
+/******************************************************************************
+ *
+ * helper functions
+ *
+ *****************************************************************************/
+static gcry_sexp_t
+xmlSecGCryptAsymSExpDup(gcry_sexp_t pKey) {
+ gcry_sexp_t res = NULL;
+ xmlSecByte *buf = NULL;
+ gcry_error_t err;
+ size_t size;
+
+ xmlSecAssert2(pKey != NULL, NULL);
+
+ size = gcry_sexp_sprint(pKey, GCRYSEXP_FMT_ADVANCED, NULL, 0);
+ if(size == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_sprint",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ buf = (xmlSecByte *)xmlMalloc(size);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)size);
+ goto done;
+ }
+
+ size = gcry_sexp_sprint(pKey, GCRYSEXP_FMT_ADVANCED, buf, size);
+ if(size == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_sprint",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", (int)size);
+ goto done;
+ }
+
+ err = gcry_sexp_new(&res, buf, size, 1);
+ if((err != GPG_ERR_NO_ERROR) || (res == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_new",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+done:
+ if(buf != NULL) {
+ xmlFree(buf);
+ }
+ return (res);
+}
+
+/**
+ * xmlSecGCryptNodeGetMpiValue:
+ * @cur: the poitner to an XML node.
+ *
+ * Converts the node content from CryptoBinary format
+ * (http://www.w3.org/TR/xmldsig-core/#sec-CryptoBinary)
+ * to a BIGNUM. If no BIGNUM buffer provided then a new
+ * BIGNUM is created (caller is responsible for freeing it).
+ *
+ * Returns: a pointer to MPI produced from CryptoBinary string
+ * or NULL if an error occurs.
+ */
+static gcry_mpi_t
+xmlSecGCryptNodeGetMpiValue(const xmlNodePtr cur) {
+ xmlSecBuffer buf;
+ gcry_mpi_t res = NULL;
+ gcry_error_t err;
+ int ret;
+
+ xmlSecAssert2(cur != NULL, NULL);
+
+ ret = xmlSecBufferInitialize(&buf, 128);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ ret = xmlSecBufferBase64NodeContentRead(&buf, cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferBase64NodeContentRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buf);
+ return(NULL);
+ }
+
+ err = gcry_mpi_scan(&res, GCRYMPI_FMT_USG,
+ xmlSecBufferGetData(&buf),
+ xmlSecBufferGetSize(&buf),
+ NULL);
+ if((err != GPG_ERR_NO_ERROR) || (res == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_mpi_scan",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ xmlSecBufferFinalize(&buf);
+ return(NULL);
+ }
+
+ /* done */
+ xmlSecBufferFinalize(&buf);
+ return(res);
+}
+
+/**
+ * xmlSecGCryptNodeSetMpiValue:
+ * @cur: the pointer to an XML node.
+ * @a: the mpi value
+ * @addLineBreaks: if the flag is equal to 1 then
+ * linebreaks will be added before and after
+ * new buffer content.
+ *
+ * Converts MPI to CryptoBinary string
+ * (http://www.w3.org/TR/xmldsig-core/#sec-CryptoBinary)
+ * and sets it as the content of the given node. If the
+ * addLineBreaks is set then line breaks are added
+ * before and after the CryptoBinary string.
+ *
+ * Returns: 0 on success or -1 otherwise.
+ */
+static int
+xmlSecGCryptNodeSetMpiValue(xmlNodePtr cur, const gcry_mpi_t a, int addLineBreaks) {
+ xmlSecBuffer buf;
+ gcry_error_t err;
+ size_t written = 0;
+ int ret;
+
+ xmlSecAssert2(a != NULL, -1);
+ xmlSecAssert2(cur != NULL, -1);
+
+ written = 0;
+ err = gcry_mpi_print(GCRYMPI_FMT_USG, NULL, 0, &written, a);
+ if((err != GPG_ERR_NO_ERROR) || (written == 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_mpi_print",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ ret = xmlSecBufferInitialize(&buf, written + 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", (int)written + 1);
+ return(-1);
+ }
+
+ written = 0;
+ err = gcry_mpi_print(GCRYMPI_FMT_USG,
+ xmlSecBufferGetData(&buf),
+ xmlSecBufferGetMaxSize(&buf),
+ &written, a);
+ if((err != GPG_ERR_NO_ERROR) || (written == 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_mpi_print",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+
+ ret = xmlSecBufferSetSize(&buf, written);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "written=%d", (int)written);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+
+ if(addLineBreaks) {
+ xmlNodeSetContent(cur, xmlSecStringCR);
+ } else {
+ xmlNodeSetContent(cur, xmlSecStringEmpty);
+ }
+
+ ret = xmlSecBufferBase64NodeContentWrite(&buf, cur, xmlSecBase64GetDefaultLineSize());
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferBase64NodeContentWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+
+ if(addLineBreaks) {
+ xmlNodeAddContent(cur, xmlSecStringCR);
+ }
+
+ xmlSecBufferFinalize(&buf);
+ return(0);
+}
+
+/**
+ * xmlSecGCryptNodeSetSExpTokValue:
+ * @cur: the pointer to an XML node.
+ * @sexp: the sexp
+ * @tok: the token
+ * @addLineBreaks: if the flag is equal to 1 then
+ * linebreaks will be added before and after
+ * new buffer content.
+ *
+ * Converts MPI to CryptoBinary string
+ * (http://www.w3.org/TR/xmldsig-core/#sec-CryptoBinary)
+ * and sets it as the content of the given node. If the
+ * addLineBreaks is set then line breaks are added
+ * before and after the CryptoBinary string.
+ *
+ * Returns: 0 on success or -1 otherwise.
+ */
+static int
+xmlSecGCryptNodeSetSExpTokValue(xmlNodePtr cur, const gcry_sexp_t sexp,
+ const char * tok, int addLineBreaks)
+{
+ gcry_sexp_t val = NULL;
+ gcry_mpi_t mpi = NULL;
+ int res = -1;
+
+ xmlSecAssert2(cur != NULL, -1);
+ xmlSecAssert2(sexp != NULL, -1);
+ xmlSecAssert2(tok != NULL, -1);
+
+ val = gcry_sexp_find_token(sexp, tok, 0);
+ if(val == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_find_token",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "tok=%s",
+ xmlSecErrorsSafeString(tok));
+ goto done;
+ }
+
+ mpi = gcry_sexp_nth_mpi(val, 1, GCRYMPI_FMT_USG);
+ if(mpi == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_nth_mpi",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "tok=%s",
+ xmlSecErrorsSafeString(tok));
+ goto done;
+ }
+
+ /* almost done */
+ res = xmlSecGCryptNodeSetMpiValue(cur, mpi, addLineBreaks);
+
+done:
+ if(mpi != NULL) {
+ gcry_mpi_release(mpi);
+ }
+ if(val != NULL) {
+ gcry_sexp_release(val);
+ }
+
+ return(res);
+}
+
+#ifndef XMLSEC_NO_DSA
+/**************************************************************************
+ *
+ * <dsig:DSAKeyValue> processing
+ *
+ *
+ * The DSAKeyValue Element (http://www.w3.org/TR/xmldsig-core/#sec-DSAKeyValue)
+ *
+ * DSA keys and the DSA signature algorithm are specified in [DSS].
+ * DSA public key values can have the following fields:
+ *
+ * * P - a prime modulus meeting the [DSS] requirements
+ * * Q - an integer in the range 2**159 < Q < 2**160 which is a prime
+ * divisor of P-1
+ * * G - an integer with certain properties with respect to P and Q
+ * * Y - G**X mod P (where X is part of the private key and not made
+ * public)
+ * * J - (P - 1) / Q
+ * * seed - a DSA prime generation seed
+ * * pgenCounter - a DSA prime generation counter
+ *
+ * Parameter J is available for inclusion solely for efficiency as it is
+ * calculatable from P and Q. Parameters seed and pgenCounter are used in the
+ * DSA prime number generation algorithm specified in [DSS]. As such, they are
+ * optional but must either both be present or both be absent. This prime
+ * generation algorithm is designed to provide assurance that a weak prime is
+ * not being used and it yields a P and Q value. Parameters P, Q, and G can be
+ * public and common to a group of users. They might be known from application
+ * context. As such, they are optional but P and Q must either both appear or
+ * both be absent. If all of P, Q, seed, and pgenCounter are present,
+ * implementations are not required to check if they are consistent and are
+ * free to use either P and Q or seed and pgenCounter. All parameters are
+ * encoded as base64 [MIME] values.
+ *
+ * Arbitrary-length integers (e.g. "bignums" such as RSA moduli) are
+ * represented in XML as octet strings as defined by the ds:CryptoBinary type.
+ *
+ * Schema Definition:
+ *
+ * <element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
+ * <complexType name="DSAKeyValueType">
+ * <sequence>
+ * <sequence minOccurs="0">
+ * <element name="P" type="ds:CryptoBinary"/>
+ * <element name="Q" type="ds:CryptoBinary"/>
+ * </sequence>
+ * <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
+ * <element name="Y" type="ds:CryptoBinary"/>
+ * <element name="J" type="ds:CryptoBinary" minOccurs="0"/>
+ * <sequence minOccurs="0">
+ * <element name="Seed" type="ds:CryptoBinary"/>
+ * <element name="PgenCounter" type="ds:CryptoBinary"/>
+ * </sequence>
+ * </sequence>
+ * </complexType>
+ *
+ * DTD Definition:
+ *
+ * <!ELEMENT DSAKeyValue ((P, Q)?, G?, Y, J?, (Seed, PgenCounter)?) >
+ * <!ELEMENT P (#PCDATA) >
+ * <!ELEMENT Q (#PCDATA) >
+ * <!ELEMENT G (#PCDATA) >
+ * <!ELEMENT Y (#PCDATA) >
+ * <!ELEMENT J (#PCDATA) >
+ * <!ELEMENT Seed (#PCDATA) >
+ * <!ELEMENT PgenCounter (#PCDATA) >
+ *
+ * ============================================================================
+ *
+ * To support reading/writing private keys an X element added (before Y).
+ * todo: The current implementation does not support Seed and PgenCounter!
+ * by this the P, Q and G are *required*!
+ *
+ *************************************************************************/
+static int xmlSecGCryptKeyDataDsaInitialize (xmlSecKeyDataPtr data);
+static int xmlSecGCryptKeyDataDsaDuplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecGCryptKeyDataDsaFinalize (xmlSecKeyDataPtr data);
+static int xmlSecGCryptKeyDataDsaXmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGCryptKeyDataDsaXmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGCryptKeyDataDsaGenerate (xmlSecKeyDataPtr data,
+ xmlSecSize sizeBits,
+ xmlSecKeyDataType type);
+
+static xmlSecKeyDataType xmlSecGCryptKeyDataDsaGetType (xmlSecKeyDataPtr data);
+static xmlSecSize xmlSecGCryptKeyDataDsaGetSize (xmlSecKeyDataPtr data);
+static void xmlSecGCryptKeyDataDsaDebugDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecGCryptKeyDataDsaDebugXmlDump (xmlSecKeyDataPtr data,
+ FILE* output);
+
+static xmlSecKeyDataKlass xmlSecGCryptKeyDataDsaKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecGCryptAsymKeyDataSize,
+
+ /* data */
+ xmlSecNameDSAKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefDSAKeyValue, /* const xmlChar* href; */
+ xmlSecNodeDSAKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecGCryptKeyDataDsaInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecGCryptKeyDataDsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecGCryptKeyDataDsaFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecGCryptKeyDataDsaGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecGCryptKeyDataDsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecGCryptKeyDataDsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecGCryptKeyDataDsaXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecGCryptKeyDataDsaXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecGCryptKeyDataDsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecGCryptKeyDataDsaDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptKeyDataDsaGetKlass:
+ *
+ * The DSA key data klass.
+ *
+ * Returns: pointer to DSA key data klass.
+ */
+xmlSecKeyDataId
+xmlSecGCryptKeyDataDsaGetKlass(void) {
+ return(&xmlSecGCryptKeyDataDsaKlass);
+}
+
+/**
+ * xmlSecGCryptKeyDataDsaAdoptKey:
+ * @data: the pointer to DSA key data.
+ * @dsa_key: the pointer to GCrypt DSA key.
+ *
+ * Sets the value of DSA key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptKeyDataDsaAdoptKey(xmlSecKeyDataPtr data, gcry_sexp_t dsa_key) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataDsaId), -1);
+ xmlSecAssert2(dsa_key != NULL, -1);
+
+ return xmlSecGCryptAsymKeyDataAdoptKey(data, dsa_key);
+}
+
+
+/**
+ * xmlSecGCryptKeyDataDsaAdoptKeyPair:
+ * @data: the pointer to DSA key data.
+ * @pub_key: the pointer to GCrypt DSA pub key.
+ * @priv_key: the pointer to GCrypt DSA priv key.
+ *
+ * Sets the value of DSA key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptKeyDataDsaAdoptKeyPair(xmlSecKeyDataPtr data, gcry_sexp_t pub_key, gcry_sexp_t priv_key) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataDsaId), -1);
+ xmlSecAssert2(pub_key != NULL, -1);
+
+ return xmlSecGCryptAsymKeyDataAdoptKeyPair(data, pub_key, priv_key);
+}
+
+/**
+ * xmlSecGCryptKeyDataDsaGetPublicKey:
+ * @data: the pointer to DSA key data.
+ *
+ * Gets the GCrypt DSA public key from DSA key data.
+ *
+ * Returns: pointer to GCrypt public DSA key or NULL if an error occurs.
+ */
+gcry_sexp_t
+xmlSecGCryptKeyDataDsaGetPublicKey(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataDsaId), NULL);
+ return xmlSecGCryptAsymKeyDataGetPublicKey(data);
+}
+
+/**
+ * xmlSecGCryptKeyDataDsaGetPrivateKey:
+ * @data: the pointer to DSA key data.
+ *
+ * Gets the GCrypt DSA private key from DSA key data.
+ *
+ * Returns: pointer to GCrypt private DSA key or NULL if an error occurs.
+ */
+gcry_sexp_t
+xmlSecGCryptKeyDataDsaGetPrivateKey(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataDsaId), NULL);
+ return xmlSecGCryptAsymKeyDataGetPrivateKey(data);
+}
+
+static int
+xmlSecGCryptKeyDataDsaInitialize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataDsaId), -1);
+
+ return(xmlSecGCryptAsymKeyDataInitialize(data));
+}
+
+static int
+xmlSecGCryptKeyDataDsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecGCryptKeyDataDsaId), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecGCryptKeyDataDsaId), -1);
+
+ return(xmlSecGCryptAsymKeyDataDuplicate(dst, src));
+}
+
+static void
+xmlSecGCryptKeyDataDsaFinalize(xmlSecKeyDataPtr data) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataDsaId));
+
+ xmlSecGCryptAsymKeyDataFinalize(data);
+}
+
+static int
+xmlSecGCryptKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataDsaId), -1);
+ xmlSecAssert2(sizeBits > 0, -1);
+
+ return xmlSecGCryptAsymKeyDataGenerate(data, "dsa", sizeBits);
+}
+
+static xmlSecKeyDataType
+xmlSecGCryptKeyDataDsaGetType(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataDsaId), xmlSecKeyDataTypeUnknown);
+
+ return xmlSecGCryptAsymKeyDataGetType(data);
+}
+
+static xmlSecSize
+xmlSecGCryptKeyDataDsaGetSize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataDsaId), 0);
+
+ return xmlSecGCryptAsymKeyDataGetSize(data);
+}
+
+static void
+xmlSecGCryptKeyDataDsaDebugDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataDsaId));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "=== dsa key: size = %d\n",
+ xmlSecGCryptKeyDataDsaGetSize(data));
+}
+
+static void
+xmlSecGCryptKeyDataDsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataDsaId));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "<DSAKeyValue size=\"%d\" />\n",
+ xmlSecGCryptKeyDataDsaGetSize(data));
+}
+
+static int
+xmlSecGCryptKeyDataDsaXmlRead(xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx)
+{
+ xmlNodePtr cur;
+ xmlSecKeyDataPtr data = NULL;
+ gcry_mpi_t p = NULL;
+ gcry_mpi_t q = NULL;
+ gcry_mpi_t g = NULL;
+ gcry_mpi_t x = NULL;
+ gcry_mpi_t y = NULL;
+ gcry_sexp_t pub_key = NULL;
+ gcry_sexp_t priv_key = NULL;
+ gcry_error_t err;
+ int res = -1;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecGCryptKeyDataDsaId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ if(xmlSecKeyGetValue(key) != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ cur = xmlSecGetNextElementNode(node->children);
+
+ /* first is P node. It is REQUIRED because we do not support Seed and PgenCounter*/
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAP, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ goto done;
+ }
+ p = xmlSecGCryptNodeGetMpiValue(cur);
+ if(p == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptNodeGetMpiValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ /* next is Q node. It is REQUIRED because we do not support Seed and PgenCounter*/
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAQ, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ goto done;
+ }
+ q = xmlSecGCryptNodeGetMpiValue(cur);
+ if(q == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptNodeGetMpiValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ /* next is G node. It is REQUIRED because we do not support Seed and PgenCounter*/
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAG, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ goto done;
+ }
+ g = xmlSecGCryptNodeGetMpiValue(cur);
+ if(g == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptNodeGetMpiValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAX, xmlSecNs))) {
+ /* next is X node. It is REQUIRED for private key but
+ * we are not sure exactly what do we read */
+ x = xmlSecGCryptNodeGetMpiValue(cur);
+ if(x == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptNodeGetMpiValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAX));
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* next is Y node. */
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAY, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ goto done;
+ }
+ y = xmlSecGCryptNodeGetMpiValue(cur);
+ if(y == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptNodeGetMpiValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ /* todo: add support for J */
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAJ, xmlSecDSigNs))) {
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* todo: add support for seed */
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSASeed, xmlSecDSigNs))) {
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* todo: add support for pgencounter */
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAPgenCounter, xmlSecDSigNs))) {
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+
+ /* construct pub/priv key pairs */
+ err = gcry_sexp_build(&pub_key, NULL,
+ "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
+ p, q, g, y);
+ if((err != GPG_ERR_NO_ERROR) || (pub_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "gcry_sexp_build(public)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+ if(x != NULL) {
+ err = gcry_sexp_build(&priv_key, NULL,
+ "(private-key(dsa(p%m)(q%m)(g%m)(x%m)(y%m)))",
+ p, q, g, x, y);
+ if((err != GPG_ERR_NO_ERROR) || (priv_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "gcry_sexp_build(private)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+ }
+
+ /* create key data */
+ data = xmlSecKeyDataCreate(id);
+ if(data == NULL ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ ret = xmlSecGCryptKeyDataDsaAdoptKeyPair(data, pub_key, priv_key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGCryptKeyDataDsaAdoptKeyPair",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ pub_key = NULL; /* pub_key is owned by data now */
+ priv_key = NULL; /* priv_key is owned by data now */
+
+ /* set key */
+ ret = xmlSecKeySetValue(key, data);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ data = NULL; /* data is owned by key now */
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(p != NULL) {
+ gcry_mpi_release(p);
+ }
+
+ if(q != NULL) {
+ gcry_mpi_release(q);
+ }
+
+ if(g != NULL) {
+ gcry_mpi_release(g);
+ }
+
+ if(x != NULL) {
+ gcry_mpi_release(x);
+ }
+
+ if(y != NULL) {
+ gcry_mpi_release(y);
+ }
+
+ if(pub_key != NULL) {
+ gcry_sexp_release(pub_key);
+ }
+
+ if(priv_key != NULL) {
+ gcry_sexp_release(priv_key);
+ }
+
+ if(data != NULL) {
+ xmlSecKeyDataDestroy(data);
+ }
+ return(res);
+}
+
+static int
+xmlSecGCryptKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr cur;
+ gcry_sexp_t pub_priv_key;
+ gcry_sexp_t dsa = NULL;
+ int private = 0;
+ int res = -1;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecGCryptKeyDataDsaId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecGCryptKeyDataDsaId), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
+ /* we can have only private key or public key */
+ return(0);
+ }
+
+ /* find the private or public key */
+ pub_priv_key = xmlSecGCryptKeyDataDsaGetPrivateKey(xmlSecKeyGetValue(key));
+ if(pub_priv_key == NULL) {
+ pub_priv_key = xmlSecGCryptKeyDataDsaGetPublicKey(xmlSecKeyGetValue(key));
+ if(pub_priv_key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptKeyDataDsaGetPublicKey()",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ } else {
+ private = 1;
+ }
+
+ dsa = gcry_sexp_find_token(pub_priv_key, "dsa", 0);
+ if(dsa == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "gcry_sexp_find_token(dsa)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* first is P node */
+ cur = xmlSecAddChild(node, xmlSecNodeDSAP, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ goto done;
+ }
+ ret = xmlSecGCryptNodeSetSExpTokValue(cur, dsa, "p", 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptNodeSetSExpTokValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ goto done;
+ }
+
+ /* next is Q node. */
+ cur = xmlSecAddChild(node, xmlSecNodeDSAQ, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ goto done;
+ }
+ ret = xmlSecGCryptNodeSetSExpTokValue(cur, dsa, "q", 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptNodeSetSExpTokValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ goto done;
+ }
+
+ /* next is G node. */
+ cur = xmlSecAddChild(node, xmlSecNodeDSAG, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ goto done;
+ }
+ ret = xmlSecGCryptNodeSetSExpTokValue(cur, dsa, "g", 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptNodeSetSExpTokValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ goto done;
+ }
+
+ /* next is X node: write it ONLY for private keys and ONLY if it is requested */
+ if(((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate) != 0) && (private != 0)) {
+ cur = xmlSecAddChild(node, xmlSecNodeDSAX, xmlSecNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAX));
+ goto done;
+ }
+ ret = xmlSecGCryptNodeSetSExpTokValue(cur, dsa, "x", 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptNodeSetSExpTokValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAX));
+ goto done;
+ }
+ }
+
+ /* next is Y node. */
+ cur = xmlSecAddChild(node, xmlSecNodeDSAY, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ goto done;
+ }
+ ret = xmlSecGCryptNodeSetSExpTokValue(cur, dsa, "y", 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptNodeSetSExpTokValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ goto done;
+ }
+
+ /* success */
+ res = 0;
+
+done:
+ if(dsa != NULL) {
+ gcry_sexp_release(dsa);
+ }
+
+ return(res);
+}
+
+#endif /* XMLSEC_NO_DSA */
+
+
+#ifndef XMLSEC_NO_RSA
+/**************************************************************************
+ *
+ * <dsig:RSAKeyValue> processing
+ *
+ * http://www.w3.org/TR/xmldsig-core/#sec-RSAKeyValue
+ * The RSAKeyValue Element
+ *
+ * RSA key values have two fields: Modulus and Exponent.
+ *
+ * <RSAKeyValue>
+ * <Modulus>xA7SEU+e0yQH5rm9kbCDN9o3aPIo7HbP7tX6WOocLZAtNfyxSZDU16ksL6W
+ * jubafOqNEpcwR3RdFsT7bCqnXPBe5ELh5u4VEy19MzxkXRgrMvavzyBpVRgBUwUlV
+ * 5foK5hhmbktQhyNdy/6LpQRhDUDsTvK+g9Ucj47es9AQJ3U=
+ * </Modulus>
+ * <Exponent>AQAB</Exponent>
+ * </RSAKeyValue>
+ *
+ * Arbitrary-length integers (e.g. "bignums" such as RSA moduli) are
+ * represented in XML as octet strings as defined by the ds:CryptoBinary type.
+ *
+ * Schema Definition:
+ *
+ * <element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
+ * <complexType name="RSAKeyValueType">
+ * <sequence>
+ * <element name="Modulus" type="ds:CryptoBinary"/>
+ * <element name="Exponent" type="ds:CryptoBinary"/>
+ * </sequence>
+ * </complexType>
+ *
+ * DTD Definition:
+ *
+ * <!ELEMENT RSAKeyValue (Modulus, Exponent) >
+ * <!ELEMENT Modulus (#PCDATA) >
+ * <!ELEMENT Exponent (#PCDATA) >
+ *
+ * ============================================================================
+ *
+ * To support reading/writing private keys an PrivateExponent element is added
+ * to the end
+ *
+ *************************************************************************/
+
+static int xmlSecGCryptKeyDataRsaInitialize (xmlSecKeyDataPtr data);
+static int xmlSecGCryptKeyDataRsaDuplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecGCryptKeyDataRsaFinalize (xmlSecKeyDataPtr data);
+static int xmlSecGCryptKeyDataRsaXmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGCryptKeyDataRsaXmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGCryptKeyDataRsaGenerate (xmlSecKeyDataPtr data,
+ xmlSecSize sizeBits,
+ xmlSecKeyDataType type);
+
+static xmlSecKeyDataType xmlSecGCryptKeyDataRsaGetType (xmlSecKeyDataPtr data);
+static xmlSecSize xmlSecGCryptKeyDataRsaGetSize (xmlSecKeyDataPtr data);
+static void xmlSecGCryptKeyDataRsaDebugDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecGCryptKeyDataRsaDebugXmlDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static xmlSecKeyDataKlass xmlSecGCryptKeyDataRsaKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecGCryptAsymKeyDataSize,
+
+ /* data */
+ xmlSecNameRSAKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefRSAKeyValue, /* const xmlChar* href; */
+ xmlSecNodeRSAKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecGCryptKeyDataRsaInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecGCryptKeyDataRsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecGCryptKeyDataRsaFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecGCryptKeyDataRsaGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecGCryptKeyDataRsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecGCryptKeyDataRsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecGCryptKeyDataRsaXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecGCryptKeyDataRsaXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecGCryptKeyDataRsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecGCryptKeyDataRsaDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptKeyDataRsaGetKlass:
+ *
+ * The GCrypt RSA key data klass.
+ *
+ * Returns: pointer to GCrypt RSA key data klass.
+ */
+xmlSecKeyDataId
+xmlSecGCryptKeyDataRsaGetKlass(void) {
+ return(&xmlSecGCryptKeyDataRsaKlass);
+}
+
+/**
+ * xmlSecGCryptKeyDataRsaAdoptKey:
+ * @data: the pointer to RSA key data.
+ * @rsa_key: the pointer to GCrypt RSA key.
+ *
+ * Sets the value of RSA key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptKeyDataRsaAdoptKey(xmlSecKeyDataPtr data, gcry_sexp_t rsa_key) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataRsaId), -1);
+ xmlSecAssert2(rsa_key != NULL, -1);
+
+ return xmlSecGCryptAsymKeyDataAdoptKey(data, rsa_key);
+}
+
+
+/**
+ * xmlSecGCryptKeyDataRsaAdoptKeyPair:
+ * @data: the pointer to RSA key data.
+ * @pub_key: the pointer to GCrypt RSA pub key.
+ * @priv_key: the pointer to GCrypt RSA priv key.
+ *
+ * Sets the value of RSA key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptKeyDataRsaAdoptKeyPair(xmlSecKeyDataPtr data, gcry_sexp_t pub_key, gcry_sexp_t priv_key) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataRsaId), -1);
+ xmlSecAssert2(pub_key != NULL, -1);
+
+ return xmlSecGCryptAsymKeyDataAdoptKeyPair(data, pub_key, priv_key);
+}
+
+/**
+ * xmlSecGCryptKeyDataRsaGetPublicKey:
+ * @data: the pointer to RSA key data.
+ *
+ * Gets the GCrypt RSA public key from RSA key data.
+ *
+ * Returns: pointer to GCrypt public RSA key or NULL if an error occurs.
+ */
+gcry_sexp_t
+xmlSecGCryptKeyDataRsaGetPublicKey(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataRsaId), NULL);
+ return xmlSecGCryptAsymKeyDataGetPublicKey(data);
+}
+
+/**
+ * xmlSecGCryptKeyDataRsaGetPrivateKey:
+ * @data: the pointer to RSA key data.
+ *
+ * Gets the GCrypt RSA private key from RSA key data.
+ *
+ * Returns: pointer to GCrypt private RSA key or NULL if an error occurs.
+ */
+gcry_sexp_t
+xmlSecGCryptKeyDataRsaGetPrivateKey(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataRsaId), NULL);
+ return xmlSecGCryptAsymKeyDataGetPrivateKey(data);
+}
+
+static int
+xmlSecGCryptKeyDataRsaInitialize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataRsaId), -1);
+
+ return(xmlSecGCryptAsymKeyDataInitialize(data));
+}
+
+static int
+xmlSecGCryptKeyDataRsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecGCryptKeyDataRsaId), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecGCryptKeyDataRsaId), -1);
+
+ return(xmlSecGCryptAsymKeyDataDuplicate(dst, src));
+}
+
+static void
+xmlSecGCryptKeyDataRsaFinalize(xmlSecKeyDataPtr data) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataRsaId));
+
+ xmlSecGCryptAsymKeyDataFinalize(data);
+}
+
+static int
+xmlSecGCryptKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataRsaId), -1);
+ xmlSecAssert2(sizeBits > 0, -1);
+
+ return xmlSecGCryptAsymKeyDataGenerate(data, "rsa", sizeBits);
+}
+
+static xmlSecKeyDataType
+xmlSecGCryptKeyDataRsaGetType(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataRsaId), xmlSecKeyDataTypeUnknown);
+
+ return xmlSecGCryptAsymKeyDataGetType(data);
+}
+
+static xmlSecSize
+xmlSecGCryptKeyDataRsaGetSize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataRsaId), 0);
+
+ return xmlSecGCryptAsymKeyDataGetSize(data);
+}
+
+static void
+xmlSecGCryptKeyDataRsaDebugDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataRsaId));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "=== rsa key: size = %d\n",
+ xmlSecGCryptKeyDataRsaGetSize(data));
+}
+
+static void
+xmlSecGCryptKeyDataRsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataRsaId));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "<RSAKeyValue size=\"%d\" />\n",
+ xmlSecGCryptKeyDataRsaGetSize(data));
+}
+
+static int
+xmlSecGCryptKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr cur;
+ xmlSecKeyDataPtr data = NULL;
+ gcry_mpi_t n = NULL;
+ gcry_mpi_t e = NULL;
+ gcry_mpi_t d = NULL;
+ gcry_sexp_t pub_key = NULL;
+ gcry_sexp_t priv_key = NULL;
+ gcry_error_t err;
+ int res = -1;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecGCryptKeyDataRsaId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ if(xmlSecKeyGetValue(key) != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA,
+ "key already has a value");
+ goto done;
+ }
+
+ cur = xmlSecGetNextElementNode(node->children);
+
+ /* first is Modulus node. It is REQUIRED */
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAModulus, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ goto done;
+ }
+ n = xmlSecGCryptNodeGetMpiValue(cur);
+ if(n == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptNodeGetMpiValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ /* next is Exponent node. It is REQUIRED */
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAExponent, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ goto done;
+ }
+ e = xmlSecGCryptNodeGetMpiValue(cur);
+ if(e == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptNodeGetMpiValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeRSAPrivateExponent, xmlSecNs))) {
+ /* next is PrivateExponent node. It is REQUIRED for private key */
+ d = xmlSecGCryptNodeGetMpiValue(cur);
+ if(d == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptNodeGetMpiValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAPrivateExponent));
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "no nodes expected");
+ goto done;
+ }
+
+ /* construct pub/priv key pairs */
+ err = gcry_sexp_build(&pub_key, NULL,
+ "(public-key(rsa(n%m)(e%m)))",
+ n, e);
+ if((err != GPG_ERR_NO_ERROR) || (pub_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "gcry_sexp_build(public)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+ if(d != NULL) {
+ err = gcry_sexp_build(&priv_key, NULL,
+ "(private-key(rsa(n%m)(e%m)(d%m)))",
+ n, e, d);
+ if((err != GPG_ERR_NO_ERROR) || (priv_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "gcry_sexp_build(private)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+ }
+
+
+ /* create key data */
+ data = xmlSecKeyDataCreate(id);
+ if(data == NULL ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ ret = xmlSecGCryptKeyDataRsaAdoptKeyPair(data, pub_key, priv_key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGCryptKeyDataRsaAdoptKeyPair",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ pub_key = NULL; /* pub_key is owned by data now */
+ priv_key = NULL; /* priv_key is owned by data now */
+
+ /* set key */
+ ret = xmlSecKeySetValue(key, data);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ data = NULL; /* data is owned by key now */
+
+
+ /* success */
+ res = 0;
+
+done:
+ /* cleanup */
+ if(n != NULL) {
+ gcry_mpi_release(n);
+ }
+
+ if(e != NULL) {
+ gcry_mpi_release(e);
+ }
+
+ if(d != NULL) {
+ gcry_mpi_release(d);
+ }
+
+ if(pub_key != NULL) {
+ gcry_sexp_release(pub_key);
+ }
+
+ if(priv_key != NULL) {
+ gcry_sexp_release(priv_key);
+ }
+
+ if(data != NULL) {
+ xmlSecKeyDataDestroy(data);
+ }
+ return(res);
+
+}
+
+static int
+xmlSecGCryptKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr cur;
+ gcry_sexp_t pub_priv_key;
+ gcry_sexp_t rsa = NULL;
+ int private = 0;
+ int res = -1;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecGCryptKeyDataRsaId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecGCryptKeyDataRsaId), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
+ /* we can have only private key or public key */
+ return(0);
+ }
+
+ /* find the private or public key */
+ pub_priv_key = xmlSecGCryptKeyDataRsaGetPrivateKey(xmlSecKeyGetValue(key));
+ if(pub_priv_key == NULL) {
+ pub_priv_key = xmlSecGCryptKeyDataRsaGetPublicKey(xmlSecKeyGetValue(key));
+ if(pub_priv_key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptKeyDataRsaGetPublicKey()",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ } else {
+ private = 1;
+ }
+
+ rsa = gcry_sexp_find_token(pub_priv_key, "rsa", 0);
+ if(rsa == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "gcry_sexp_find_token(rsa)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* first is Modulus node */
+ cur = xmlSecAddChild(node, xmlSecNodeRSAModulus, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ goto done;
+ }
+ ret = xmlSecGCryptNodeSetSExpTokValue(cur, rsa, "n", 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptNodeSetSExpTokValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ goto done;
+ }
+
+ /* next is Exponent node. */
+ cur = xmlSecAddChild(node, xmlSecNodeRSAExponent, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ goto done;
+ }
+ ret = xmlSecGCryptNodeSetSExpTokValue(cur, rsa, "e", 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptNodeSetSExpTokValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ goto done;
+ }
+
+ /* next is PrivateExponent node: write it ONLY for private keys and ONLY if it is requested */
+ if(((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate) != 0) && (private != 0)) {
+ cur = xmlSecAddChild(node, xmlSecNodeRSAPrivateExponent, xmlSecNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAPrivateExponent));
+ goto done;
+ }
+ ret = xmlSecGCryptNodeSetSExpTokValue(cur, rsa, "d", 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGCryptNodeSetSExpTokValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAPrivateExponent));
+ goto done;
+ }
+ }
+
+ /* success */
+ res = 0;
+
+done:
+ if(rsa != NULL) {
+ gcry_sexp_release(rsa);
+ }
+
+ return(res);
+}
+
+#endif /* XMLSEC_NO_RSA */
diff --git a/src/gcrypt/ciphers.c b/src/gcrypt/ciphers.c
new file mode 100644
index 00000000..6192b8b2
--- /dev/null
+++ b/src/gcrypt/ciphers.c
@@ -0,0 +1,855 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <gcrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gcrypt/crypto.h>
+
+/**************************************************************************
+ *
+ * Internal GCrypt Block cipher CTX
+ *
+ *****************************************************************************/
+typedef struct _xmlSecGCryptBlockCipherCtx xmlSecGCryptBlockCipherCtx,
+ *xmlSecGCryptBlockCipherCtxPtr;
+struct _xmlSecGCryptBlockCipherCtx {
+ int cipher;
+ int mode;
+ gcry_cipher_hd_t cipherCtx;
+ xmlSecKeyDataId keyId;
+ int keyInitialized;
+ int ctxInitialized;
+};
+
+static int xmlSecGCryptBlockCipherCtxInit (xmlSecGCryptBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecGCryptBlockCipherCtxUpdate (xmlSecGCryptBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecGCryptBlockCipherCtxFinal (xmlSecGCryptBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx);
+static int
+xmlSecGCryptBlockCipherCtxInit(xmlSecGCryptBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in, xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx) {
+ gcry_err_code_t err;
+ int blockLen;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->cipher != 0, -1);
+ xmlSecAssert2(ctx->cipherCtx != NULL, -1);
+ xmlSecAssert2(ctx->keyInitialized != 0, -1);
+ xmlSecAssert2(ctx->ctxInitialized == 0, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ /* iv len == block len */
+ blockLen = gcry_cipher_get_algo_blklen(ctx->cipher);
+ xmlSecAssert2(blockLen > 0, -1);
+
+ if(encrypt) {
+ xmlSecByte* iv;
+ xmlSecSize outSize;
+
+ /* allocate space for IV */
+ outSize = xmlSecBufferGetSize(out);
+ ret = xmlSecBufferSetSize(out, outSize + blockLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + blockLen);
+ return(-1);
+ }
+ iv = xmlSecBufferGetData(out) + outSize;
+
+ /* generate and use random iv */
+ gcry_randomize(iv, blockLen, GCRY_STRONG_RANDOM);
+ err = gcry_cipher_setiv(ctx->cipherCtx, iv, blockLen);
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "gcry_cipher_setiv",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+ } else {
+ /* if we don't have enough data, exit and hope that
+ * we'll have iv next time */
+ if(xmlSecBufferGetSize(in) < (xmlSecSize)blockLen) {
+ return(0);
+ }
+ xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1);
+
+ /* set iv */
+ err = gcry_cipher_setiv(ctx->cipherCtx, xmlSecBufferGetData(in), blockLen);
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "gcry_cipher_setiv",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ /* and remove from input */
+ ret = xmlSecBufferRemoveHead(in, blockLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", blockLen);
+ return(-1);
+ }
+ }
+
+ ctx->ctxInitialized = 1;
+ return(0);
+}
+
+static int
+xmlSecGCryptBlockCipherCtxUpdate(xmlSecGCryptBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in, xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecSize inSize, inBlocks, outSize;
+ int blockLen;
+ xmlSecByte* outBuf;
+ gcry_err_code_t err;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->cipher != 0, -1);
+ xmlSecAssert2(ctx->cipherCtx != NULL, -1);
+ xmlSecAssert2(ctx->ctxInitialized != 0, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ blockLen = gcry_cipher_get_algo_blklen(ctx->cipher);
+ xmlSecAssert2(blockLen > 0, -1);
+
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+
+ if(inSize < (xmlSecSize)blockLen) {
+ return(0);
+ }
+
+ if(encrypt) {
+ inBlocks = inSize / ((xmlSecSize)blockLen);
+ } else {
+ /* we want to have the last block in the input buffer
+ * for padding check */
+ inBlocks = (inSize - 1) / ((xmlSecSize)blockLen);
+ }
+ inSize = inBlocks * ((xmlSecSize)blockLen);
+
+ /* we write out the input size plus may be one block */
+ ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + inSize + blockLen);
+ return(-1);
+ }
+ outBuf = xmlSecBufferGetData(out) + outSize;
+
+ if(encrypt) {
+ err = gcry_cipher_encrypt(ctx->cipherCtx, outBuf, inSize + blockLen,
+ xmlSecBufferGetData(in), inSize);
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "gcry_cipher_encrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+ } else {
+ err = gcry_cipher_decrypt(ctx->cipherCtx, outBuf, inSize + blockLen,
+ xmlSecBufferGetData(in), inSize);
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "gcry_cipher_decrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+ }
+
+ /* set correct output buffer size */
+ ret = xmlSecBufferSetSize(out, outSize + inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + inSize);
+ return(-1);
+ }
+
+ /* remove the processed block from input */
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ return(0);
+}
+
+static int
+xmlSecGCryptBlockCipherCtxFinal(xmlSecGCryptBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecSize inSize, outSize;
+ int blockLen, outLen = 0;
+ xmlSecByte* inBuf;
+ xmlSecByte* outBuf;
+ gcry_err_code_t err;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->cipher != 0, -1);
+ xmlSecAssert2(ctx->cipherCtx != NULL, -1);
+ xmlSecAssert2(ctx->ctxInitialized != 0, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ blockLen = gcry_cipher_get_algo_blklen(ctx->cipher);
+ xmlSecAssert2(blockLen > 0, -1);
+
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+
+ if(encrypt != 0) {
+ xmlSecAssert2(inSize < (xmlSecSize)blockLen, -1);
+
+ /* create padding */
+ ret = xmlSecBufferSetMaxSize(in, blockLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", blockLen);
+ return(-1);
+ }
+ inBuf = xmlSecBufferGetData(in);
+
+ /* create random padding */
+ if((xmlSecSize)blockLen > (inSize + 1)) {
+ gcry_randomize(inBuf + inSize, blockLen - inSize - 1,
+ GCRY_STRONG_RANDOM); /* as usual, we are paranoid */
+ }
+ inBuf[blockLen - 1] = blockLen - inSize;
+ inSize = blockLen;
+ } else {
+ if(inSize != (xmlSecSize)blockLen) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "data=%d;block=%d", inSize, blockLen);
+ return(-1);
+ }
+ }
+
+ /* process last block */
+ ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + 2 * blockLen);
+ return(-1);
+ }
+ outBuf = xmlSecBufferGetData(out) + outSize;
+
+ if(encrypt) {
+ err = gcry_cipher_encrypt(ctx->cipherCtx, outBuf, inSize + blockLen,
+ xmlSecBufferGetData(in), inSize);
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "gcry_cipher_encrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+ } else {
+ err = gcry_cipher_decrypt(ctx->cipherCtx, outBuf, inSize + blockLen,
+ xmlSecBufferGetData(in), inSize);
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "gcry_cipher_decrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+ }
+
+ if(encrypt == 0) {
+ /* check padding */
+ if(inSize < outBuf[blockLen - 1]) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "padding=%d;buffer=%d",
+ outBuf[blockLen - 1], inSize);
+ return(-1);
+ }
+ outLen = inSize - outBuf[blockLen - 1];
+ } else {
+ outLen = inSize;
+ }
+
+ /* set correct output buffer size */
+ ret = xmlSecBufferSetSize(out, outSize + outLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + outLen);
+ return(-1);
+ }
+
+ /* remove the processed block from input */
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+
+ /* set correct output buffer size */
+ ret = xmlSecBufferSetSize(out, outSize + outLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + outLen);
+ return(-1);
+ }
+
+ /* remove the processed block from input */
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+ return(0);
+}
+
+
+/******************************************************************************
+ *
+ * Block Cipher transforms
+ *
+ * xmlSecGCryptBlockCipherCtx block is located after xmlSecTransform structure
+ *
+ *****************************************************************************/
+#define xmlSecGCryptBlockCipherSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecGCryptBlockCipherCtx))
+#define xmlSecGCryptBlockCipherGetCtx(transform) \
+ ((xmlSecGCryptBlockCipherCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecGCryptBlockCipherInitialize (xmlSecTransformPtr transform);
+static void xmlSecGCryptBlockCipherFinalize (xmlSecTransformPtr transform);
+static int xmlSecGCryptBlockCipherSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecGCryptBlockCipherSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecGCryptBlockCipherExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecGCryptBlockCipherCheckId (xmlSecTransformPtr transform);
+
+
+
+static int
+xmlSecGCryptBlockCipherCheckId(xmlSecTransformPtr transform) {
+#ifndef XMLSEC_NO_DES
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformDes3CbcId)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_AES
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformAes128CbcId) ||
+ xmlSecTransformCheckId(transform, xmlSecGCryptTransformAes192CbcId) ||
+ xmlSecTransformCheckId(transform, xmlSecGCryptTransformAes256CbcId)) {
+
+ return(1);
+ }
+#endif /* XMLSEC_NO_AES */
+
+ return(0);
+}
+
+static int
+xmlSecGCryptBlockCipherInitialize(xmlSecTransformPtr transform) {
+ xmlSecGCryptBlockCipherCtxPtr ctx;
+ gcry_error_t err;
+
+ xmlSecAssert2(xmlSecGCryptBlockCipherCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptBlockCipherSize), -1);
+
+ ctx = xmlSecGCryptBlockCipherGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecGCryptBlockCipherCtx));
+
+#ifndef XMLSEC_NO_DES
+ if(transform->id == xmlSecGCryptTransformDes3CbcId) {
+ ctx->cipher = GCRY_CIPHER_3DES;
+ ctx->mode = GCRY_CIPHER_MODE_CBC;
+ ctx->keyId = xmlSecGCryptKeyDataDesId;
+ } else
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_AES
+ if(transform->id == xmlSecGCryptTransformAes128CbcId) {
+ ctx->cipher = GCRY_CIPHER_AES128;
+ ctx->mode = GCRY_CIPHER_MODE_CBC;
+ ctx->keyId = xmlSecGCryptKeyDataAesId;
+ } else if(transform->id == xmlSecGCryptTransformAes192CbcId) {
+ ctx->cipher = GCRY_CIPHER_AES192;
+ ctx->mode = GCRY_CIPHER_MODE_CBC;
+ ctx->keyId = xmlSecGCryptKeyDataAesId;
+ } else if(transform->id == xmlSecGCryptTransformAes256CbcId) {
+ ctx->cipher = GCRY_CIPHER_AES256;
+ ctx->mode = GCRY_CIPHER_MODE_CBC;
+ ctx->keyId = xmlSecGCryptKeyDataAesId;
+ } else
+#endif /* XMLSEC_NO_AES */
+
+ if(1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ err = gcry_cipher_open(&ctx->cipherCtx, ctx->cipher, ctx->mode, GCRY_CIPHER_SECURE); /* we are paranoid */
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "gcry_cipher_open",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+ return(0);
+}
+
+static void
+xmlSecGCryptBlockCipherFinalize(xmlSecTransformPtr transform) {
+ xmlSecGCryptBlockCipherCtxPtr ctx;
+
+ xmlSecAssert(xmlSecGCryptBlockCipherCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGCryptBlockCipherSize));
+
+ ctx = xmlSecGCryptBlockCipherGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ if(ctx->cipherCtx != NULL) {
+ gcry_cipher_close(ctx->cipherCtx);
+ }
+
+ memset(ctx, 0, sizeof(xmlSecGCryptBlockCipherCtx));
+}
+
+static int
+xmlSecGCryptBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecGCryptBlockCipherCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecGCryptBlockCipherCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptBlockCipherSize), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ ctx = xmlSecGCryptBlockCipherGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->cipher != 0, -1);
+ xmlSecAssert2(ctx->keyId != NULL, -1);
+
+ keyReq->keyId = ctx->keyId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+ } else {
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+ }
+
+ keyReq->keyBitsSize = 8 * gcry_cipher_get_algo_keylen(ctx->cipher);
+ return(0);
+}
+
+static int
+xmlSecGCryptBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecGCryptBlockCipherCtxPtr ctx;
+ xmlSecBufferPtr buffer;
+ xmlSecSize keySize;
+ gcry_err_code_t err;
+
+ xmlSecAssert2(xmlSecGCryptBlockCipherCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptBlockCipherSize), -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ ctx = xmlSecGCryptBlockCipherGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->cipherCtx != NULL, -1);
+ xmlSecAssert2(ctx->cipher != 0, -1);
+ xmlSecAssert2(ctx->keyInitialized == 0, -1);
+ xmlSecAssert2(ctx->keyId != NULL, -1);
+ xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1);
+
+ keySize = gcry_cipher_get_algo_keylen(ctx->cipher);
+ xmlSecAssert2(keySize > 0, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
+ xmlSecAssert2(buffer != NULL, -1);
+
+ if(xmlSecBufferGetSize(buffer) < keySize) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "keySize=%d;expected=%d",
+ xmlSecBufferGetSize(buffer), keySize);
+ return(-1);
+ }
+
+ xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1);
+ err = gcry_cipher_setkey(ctx->cipherCtx, xmlSecBufferGetData(buffer), keySize);
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "gcry_cipher_setkey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ ctx->keyInitialized = 1;
+ return(0);
+}
+
+static int
+xmlSecGCryptBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecGCryptBlockCipherCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ int ret;
+
+ xmlSecAssert2(xmlSecGCryptBlockCipherCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptBlockCipherSize), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+
+ ctx = xmlSecGCryptBlockCipherGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if(transform->status == xmlSecTransformStatusWorking) {
+ if(ctx->ctxInitialized == 0) {
+ ret = xmlSecGCryptBlockCipherCtxInit(ctx, in, out,
+ (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
+ xmlSecTransformGetName(transform), transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecGCryptBlockCipherCtxInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ if((ctx->ctxInitialized == 0) && (last != 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "not enough data to initialize transform");
+ return(-1);
+ }
+ if(ctx->ctxInitialized != 0) {
+ ret = xmlSecGCryptBlockCipherCtxUpdate(ctx, in, out,
+ (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
+ xmlSecTransformGetName(transform), transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecGCryptBlockCipherCtxUpdate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ if(last) {
+ ret = xmlSecGCryptBlockCipherCtxFinal(ctx, in, out,
+ (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
+ xmlSecTransformGetName(transform), transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecGCryptBlockCipherCtxFinal",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
+ } else if(transform->status == xmlSecTransformStatusNone) {
+ /* the only way we can get here is if there is no enough data in the input */
+ xmlSecAssert2(last == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+
+ return(0);
+}
+
+
+#ifndef XMLSEC_NO_AES
+/*********************************************************************
+ *
+ * AES CBC cipher transforms
+ *
+ ********************************************************************/
+static xmlSecTransformKlass xmlSecGCryptAes128CbcKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameAes128Cbc, /* const xmlChar* name; */
+ xmlSecHrefAes128Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecGCryptBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecGCryptBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformAes128CbcGetKlass:
+ *
+ * AES 128 CBC encryption transform klass.
+ *
+ * Returns: pointer to AES 128 CBC encryption transform.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformAes128CbcGetKlass(void) {
+ return(&xmlSecGCryptAes128CbcKlass);
+}
+
+static xmlSecTransformKlass xmlSecGCryptAes192CbcKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameAes192Cbc, /* const xmlChar* name; */
+ xmlSecHrefAes192Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecGCryptBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecGCryptBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformAes192CbcGetKlass:
+ *
+ * AES 192 CBC encryption transform klass.
+ *
+ * Returns: pointer to AES 192 CBC encryption transform.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformAes192CbcGetKlass(void) {
+ return(&xmlSecGCryptAes192CbcKlass);
+}
+
+static xmlSecTransformKlass xmlSecGCryptAes256CbcKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameAes256Cbc, /* const xmlChar* name; */
+ xmlSecHrefAes256Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecGCryptBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecGCryptBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformAes256CbcGetKlass:
+ *
+ * AES 256 CBC encryption transform klass.
+ *
+ * Returns: pointer to AES 256 CBC encryption transform.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformAes256CbcGetKlass(void) {
+ return(&xmlSecGCryptAes256CbcKlass);
+}
+
+#endif /* XMLSEC_NO_AES */
+
+#ifndef XMLSEC_NO_DES
+static xmlSecTransformKlass xmlSecGCryptDes3CbcKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameDes3Cbc, /* const xmlChar* name; */
+ xmlSecHrefDes3Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecGCryptBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecGCryptBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformDes3CbcGetKlass:
+ *
+ * Triple DES CBC encryption transform klass.
+ *
+ * Returns: pointer to Triple DES encryption transform.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformDes3CbcGetKlass(void) {
+ return(&xmlSecGCryptDes3CbcKlass);
+}
+#endif /* XMLSEC_NO_DES */
+
diff --git a/src/gcrypt/crypto.c b/src/gcrypt/crypto.c
new file mode 100644
index 00000000..11def388
--- /dev/null
+++ b/src/gcrypt/crypto.c
@@ -0,0 +1,315 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <gcrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+#include <xmlsec/dl.h>
+#include <xmlsec/private.h>
+
+#include <xmlsec/gcrypt/app.h>
+#include <xmlsec/gcrypt/crypto.h>
+
+static xmlSecCryptoDLFunctionsPtr gXmlSecGCryptFunctions = NULL;
+
+/**
+ * xmlSecCryptoGetFunctions_gcrypt:
+ *
+ * Gets the pointer to xmlsec-gcrypt functions table.
+ *
+ * Returns: the xmlsec-gcrypt functions table or NULL if an error occurs.
+ */
+xmlSecCryptoDLFunctionsPtr
+xmlSecCryptoGetFunctions_gcrypt(void) {
+ static xmlSecCryptoDLFunctions functions;
+
+ if(gXmlSecGCryptFunctions != NULL) {
+ return(gXmlSecGCryptFunctions);
+ }
+
+ memset(&functions, 0, sizeof(functions));
+ gXmlSecGCryptFunctions = &functions;
+
+ /********************************************************************
+ *
+ * Crypto Init/shutdown
+ *
+ ********************************************************************/
+ gXmlSecGCryptFunctions->cryptoInit = xmlSecGCryptInit;
+ gXmlSecGCryptFunctions->cryptoShutdown = xmlSecGCryptShutdown;
+ gXmlSecGCryptFunctions->cryptoKeysMngrInit = xmlSecGCryptKeysMngrInit;
+
+ /********************************************************************
+ *
+ * Key data ids
+ *
+ ********************************************************************/
+#ifndef XMLSEC_NO_AES
+ gXmlSecGCryptFunctions->keyDataAesGetKlass = xmlSecGCryptKeyDataAesGetKlass;
+#endif /* XMLSEC_NO_AES */
+
+#ifndef XMLSEC_NO_DES
+ gXmlSecGCryptFunctions->keyDataDesGetKlass = xmlSecGCryptKeyDataDesGetKlass;
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_DSA
+ gXmlSecGCryptFunctions->keyDataDsaGetKlass = xmlSecGCryptKeyDataDsaGetKlass;
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_HMAC
+ gXmlSecGCryptFunctions->keyDataHmacGetKlass = xmlSecGCryptKeyDataHmacGetKlass;
+#endif /* XMLSEC_NO_HMAC */
+
+#ifndef XMLSEC_NO_RSA
+ gXmlSecGCryptFunctions->keyDataRsaGetKlass = xmlSecGCryptKeyDataRsaGetKlass;
+#endif /* XMLSEC_NO_RSA */
+
+
+ /********************************************************************
+ *
+ * Key data store ids
+ *
+ ********************************************************************/
+
+ /********************************************************************
+ *
+ * Crypto transforms ids
+ *
+ ********************************************************************/
+
+ /******************************* AES ********************************/
+#ifndef XMLSEC_NO_AES
+ gXmlSecGCryptFunctions->transformAes128CbcGetKlass = xmlSecGCryptTransformAes128CbcGetKlass;
+ gXmlSecGCryptFunctions->transformAes192CbcGetKlass = xmlSecGCryptTransformAes192CbcGetKlass;
+ gXmlSecGCryptFunctions->transformAes256CbcGetKlass = xmlSecGCryptTransformAes256CbcGetKlass;
+ gXmlSecGCryptFunctions->transformKWAes128GetKlass = xmlSecGCryptTransformKWAes128GetKlass;
+ gXmlSecGCryptFunctions->transformKWAes192GetKlass = xmlSecGCryptTransformKWAes192GetKlass;
+ gXmlSecGCryptFunctions->transformKWAes256GetKlass = xmlSecGCryptTransformKWAes256GetKlass;
+#endif /* XMLSEC_NO_AES */
+
+ /******************************* DES ********************************/
+#ifndef XMLSEC_NO_DES
+ gXmlSecGCryptFunctions->transformDes3CbcGetKlass = xmlSecGCryptTransformDes3CbcGetKlass;
+ gXmlSecGCryptFunctions->transformKWDes3GetKlass = xmlSecGCryptTransformKWDes3GetKlass;
+#endif /* XMLSEC_NO_DES */
+
+ /******************************* DSA ********************************/
+#ifndef XMLSEC_NO_DSA
+
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecGCryptFunctions->transformDsaSha1GetKlass = xmlSecGCryptTransformDsaSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#endif /* XMLSEC_NO_DSA */
+
+ /******************************* HMAC ********************************/
+#ifndef XMLSEC_NO_HMAC
+
+#ifndef XMLSEC_NO_MD5
+ gXmlSecGCryptFunctions->transformHmacMd5GetKlass = xmlSecGCryptTransformHmacMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ gXmlSecGCryptFunctions->transformHmacRipemd160GetKlass = xmlSecGCryptTransformHmacRipemd160GetKlass;
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecGCryptFunctions->transformHmacSha1GetKlass = xmlSecGCryptTransformHmacSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecGCryptFunctions->transformHmacSha256GetKlass = xmlSecGCryptTransformHmacSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecGCryptFunctions->transformHmacSha384GetKlass = xmlSecGCryptTransformHmacSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecGCryptFunctions->transformHmacSha512GetKlass = xmlSecGCryptTransformHmacSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_HMAC */
+
+ /******************************* MD5 ********************************/
+#ifndef XMLSEC_NO_MD5
+ gXmlSecGCryptFunctions->transformMd5GetKlass = xmlSecGCryptTransformMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+ /******************************* RIPEMD160 ********************************/
+#ifndef XMLSEC_NO_RIPEMD160
+ gXmlSecGCryptFunctions->transformRipemd160GetKlass = xmlSecGCryptTransformRipemd160GetKlass;
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+ /******************************* RSA ********************************/
+#ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_MD5
+ gXmlSecGCryptFunctions->transformRsaMd5GetKlass = xmlSecGCryptTransformRsaMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ gXmlSecGCryptFunctions->transformRsaRipemd160GetKlass = xmlSecGCryptTransformRsaRipemd160GetKlass;
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecGCryptFunctions->transformRsaSha1GetKlass = xmlSecGCryptTransformRsaSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecGCryptFunctions->transformRsaSha256GetKlass = xmlSecGCryptTransformRsaSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecGCryptFunctions->transformRsaSha384GetKlass = xmlSecGCryptTransformRsaSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecGCryptFunctions->transformRsaSha512GetKlass = xmlSecGCryptTransformRsaSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_RSA */
+
+ /******************************* SHA ********************************/
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecGCryptFunctions->transformSha1GetKlass = xmlSecGCryptTransformSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecGCryptFunctions->transformSha256GetKlass = xmlSecGCryptTransformSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecGCryptFunctions->transformSha384GetKlass = xmlSecGCryptTransformSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecGCryptFunctions->transformSha512GetKlass = xmlSecGCryptTransformSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+
+ /********************************************************************
+ *
+ * High level routines form xmlsec command line utility
+ *
+ ********************************************************************/
+ gXmlSecGCryptFunctions->cryptoAppInit = xmlSecGCryptAppInit;
+ gXmlSecGCryptFunctions->cryptoAppShutdown = xmlSecGCryptAppShutdown;
+ gXmlSecGCryptFunctions->cryptoAppDefaultKeysMngrInit = xmlSecGCryptAppDefaultKeysMngrInit;
+ gXmlSecGCryptFunctions->cryptoAppDefaultKeysMngrAdoptKey = xmlSecGCryptAppDefaultKeysMngrAdoptKey;
+ gXmlSecGCryptFunctions->cryptoAppDefaultKeysMngrLoad = xmlSecGCryptAppDefaultKeysMngrLoad;
+ gXmlSecGCryptFunctions->cryptoAppDefaultKeysMngrSave = xmlSecGCryptAppDefaultKeysMngrSave;
+#ifndef XMLSEC_NO_X509
+ gXmlSecGCryptFunctions->cryptoAppKeysMngrCertLoad = xmlSecGCryptAppKeysMngrCertLoad;
+ gXmlSecGCryptFunctions->cryptoAppPkcs12Load = xmlSecGCryptAppPkcs12Load;
+ gXmlSecGCryptFunctions->cryptoAppKeyCertLoad = xmlSecGCryptAppKeyCertLoad;
+#endif /* XMLSEC_NO_X509 */
+ gXmlSecGCryptFunctions->cryptoAppKeyLoad = xmlSecGCryptAppKeyLoad;
+ gXmlSecGCryptFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecGCryptAppGetDefaultPwdCallback();
+
+ return(gXmlSecGCryptFunctions);
+}
+
+
+/**
+ * xmlSecGCryptInit:
+ *
+ * XMLSec library specific crypto engine initialization.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptInit (void) {
+ /* Check loaded xmlsec library version */
+ if(xmlSecCheckVersionExact() != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCheckVersionExact",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* register our klasses */
+ if(xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(xmlSecCryptoGetFunctions_gcrypt()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecGCryptShutdown:
+ *
+ * XMLSec library specific crypto engine shutdown.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptShutdown(void) {
+ return(0);
+}
+
+/**
+ * xmlSecGCryptKeysMngrInit:
+ * @mngr: the pointer to keys manager.
+ *
+ * Adds GCrypt specific key data stores in keys manager.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptKeysMngrInit(xmlSecKeysMngrPtr mngr) {
+ xmlSecAssert2(mngr != NULL, -1);
+
+ /* TODO: add key data stores */
+ return(0);
+}
+
+/**
+ * xmlSecGCryptGenerateRandom:
+ * @buffer: the destination buffer.
+ * @size: the numer of bytes to generate.
+ *
+ * Generates @size random bytes and puts result in @buffer.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGCryptGenerateRandom(xmlSecBufferPtr buffer, xmlSecSize size) {
+ int ret;
+
+ xmlSecAssert2(buffer != NULL, -1);
+ xmlSecAssert2(size > 0, -1);
+
+ ret = xmlSecBufferSetSize(buffer, size);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", size);
+ return(-1);
+ }
+
+ /* get random data */
+ gcry_randomize(xmlSecBufferGetData(buffer), size, GCRY_STRONG_RANDOM);
+ return(0);
+}
diff --git a/src/gcrypt/digests.c b/src/gcrypt/digests.c
new file mode 100644
index 00000000..dcbe4c7f
--- /dev/null
+++ b/src/gcrypt/digests.c
@@ -0,0 +1,614 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <gcrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gcrypt/app.h>
+#include <xmlsec/gcrypt/crypto.h>
+
+/**************************************************************************
+ *
+ * Internal GCRYPT Digest CTX
+ *
+ *****************************************************************************/
+typedef struct _xmlSecGCryptDigestCtx xmlSecGCryptDigestCtx, *xmlSecGCryptDigestCtxPtr;
+struct _xmlSecGCryptDigestCtx {
+ int digest;
+ gcry_md_hd_t digestCtx;
+ xmlSecByte dgst[XMLSEC_GCRYPT_MAX_DIGEST_SIZE];
+ xmlSecSize dgstSize; /* dgst size in bytes */
+};
+
+/******************************************************************************
+ *
+ * Digest transforms
+ *
+ * xmlSecGCryptDigestCtx is located after xmlSecTransform
+ *
+ *****************************************************************************/
+#define xmlSecGCryptDigestSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecGCryptDigestCtx))
+#define xmlSecGCryptDigestGetCtx(transform) \
+ ((xmlSecGCryptDigestCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecGCryptDigestInitialize (xmlSecTransformPtr transform);
+static void xmlSecGCryptDigestFinalize (xmlSecTransformPtr transform);
+static int xmlSecGCryptDigestVerify (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecGCryptDigestExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecGCryptDigestCheckId (xmlSecTransformPtr transform);
+
+static int
+xmlSecGCryptDigestCheckId(xmlSecTransformPtr transform) {
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformSha1Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformSha256Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformSha384Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformSha512Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformMd5Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRipemd160Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+ /* not found */
+ {
+ return(0);
+ }
+
+ /* just in case */
+ return(0);
+}
+
+static int
+xmlSecGCryptDigestInitialize(xmlSecTransformPtr transform) {
+ xmlSecGCryptDigestCtxPtr ctx;
+ gcry_error_t err;
+
+ xmlSecAssert2(xmlSecGCryptDigestCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptDigestSize), -1);
+
+ ctx = xmlSecGCryptDigestGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ /* initialize context */
+ memset(ctx, 0, sizeof(xmlSecGCryptDigestCtx));
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformSha1Id)) {
+ ctx->digest = GCRY_MD_SHA1;
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformSha256Id)) {
+ ctx->digest = GCRY_MD_SHA256;
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformSha384Id)) {
+ ctx->digest = GCRY_MD_SHA384;
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformSha512Id)) {
+ ctx->digest = GCRY_MD_SHA512;
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformMd5Id)) {
+ ctx->digest = GCRY_MD_MD5;
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRipemd160Id)) {
+ ctx->digest = GCRY_MD_RMD160;
+ } else
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+ if(1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* create digest ctx */
+ err = gcry_md_open(&ctx->digestCtx, ctx->digest, GCRY_MD_FLAG_SECURE); /* we are paranoid */
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "gcry_md_open",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+ return(0);
+}
+
+static void
+xmlSecGCryptDigestFinalize(xmlSecTransformPtr transform) {
+ xmlSecGCryptDigestCtxPtr ctx;
+
+ xmlSecAssert(xmlSecGCryptDigestCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGCryptDigestSize));
+
+ ctx = xmlSecGCryptDigestGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ if(ctx->digestCtx != NULL) {
+ gcry_md_close(ctx->digestCtx);
+ }
+ memset(ctx, 0, sizeof(xmlSecGCryptDigestCtx));
+}
+
+static int
+xmlSecGCryptDigestVerify(xmlSecTransformPtr transform,
+ const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecGCryptDigestCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecGCryptDigestCheckId(transform), -1);
+ xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptDigestSize), -1);
+ xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecGCryptDigestGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->dgstSize > 0, -1);
+
+ if(dataSize != ctx->dgstSize) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "data and digest sizes are different (data=%d, dgst=%d)",
+ dataSize, ctx->dgstSize);
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ if(memcmp(ctx->dgst, data, dataSize) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "data and digest do not match");
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ transform->status = xmlSecTransformStatusOk;
+ return(0);
+}
+
+static int
+xmlSecGCryptDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecGCryptDigestCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ int ret;
+
+ xmlSecAssert2(xmlSecGCryptDigestCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptDigestSize), -1);
+
+ ctx = xmlSecGCryptDigestGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->digest != GCRY_MD_NONE, -1);
+ xmlSecAssert2(ctx->digestCtx != NULL, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if(transform->status == xmlSecTransformStatusWorking) {
+ xmlSecSize inSize;
+
+ inSize = xmlSecBufferGetSize(in);
+ if(inSize > 0) {
+ gcry_md_write(ctx->digestCtx, xmlSecBufferGetData(in), inSize);
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ }
+ if(last != 0) {
+ xmlSecByte* buf;
+
+ /* get the final digest */
+ gcry_md_final(ctx->digestCtx);
+ buf = gcry_md_read(ctx->digestCtx, ctx->digest);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "gcry_md_read",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* copy it to our internal buffer */
+ ctx->dgstSize = gcry_md_get_algo_dlen(ctx->digest);
+ xmlSecAssert2(ctx->dgstSize > 0, -1);
+ xmlSecAssert2(ctx->dgstSize <= sizeof(ctx->dgst), -1);
+ memcpy(ctx->dgst, buf, ctx->dgstSize);
+
+ /* and to the output if needed */
+ if(transform->operation == xmlSecTransformOperationSign) {
+ ret = xmlSecBufferAppend(out, ctx->dgst, ctx->dgstSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", ctx->dgstSize);
+ return(-1);
+ }
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+
+ return(0);
+}
+
+#ifndef XMLSEC_NO_SHA1
+/******************************************************************************
+ *
+ * SHA1 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptSha1Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptDigestSize, /* xmlSecSize objSize */
+
+ /* data */
+ xmlSecNameSha1, /* const xmlChar* name; */
+ xmlSecHrefSha1, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ /* methods */
+ xmlSecGCryptDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformSha1GetKlass:
+ *
+ * SHA-1 digest transform klass.
+ *
+ * Returns: pointer to SHA-1 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformSha1GetKlass(void) {
+ return(&xmlSecGCryptSha1Klass);
+}
+#endif /* XMLSEC_NO_SHA1 */
+
+
+#ifndef XMLSEC_NO_SHA256
+/******************************************************************************
+ *
+ * SHA256 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptSha256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptDigestSize, /* xmlSecSize objSize */
+
+ /* data */
+ xmlSecNameSha256, /* const xmlChar* name; */
+ xmlSecHrefSha256, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ /* methods */
+ xmlSecGCryptDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformSha256GetKlass:
+ *
+ * SHA256 digest transform klass.
+ *
+ * Returns: pointer to SHA256 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformSha256GetKlass(void) {
+ return(&xmlSecGCryptSha256Klass);
+}
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/******************************************************************************
+ *
+ * SHA384 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptSha384Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptDigestSize, /* xmlSecSize objSize */
+
+ /* data */
+ xmlSecNameSha384, /* const xmlChar* name; */
+ xmlSecHrefSha384, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ /* methods */
+ xmlSecGCryptDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformSha384GetKlass:
+ *
+ * SHA384 digest transform klass.
+ *
+ * Returns: pointer to SHA384 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformSha384GetKlass(void) {
+ return(&xmlSecGCryptSha384Klass);
+}
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/******************************************************************************
+ *
+ * SHA512 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptSha512Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptDigestSize, /* xmlSecSize objSize */
+
+ /* data */
+ xmlSecNameSha512, /* const xmlChar* name; */
+ xmlSecHrefSha512, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ /* methods */
+ xmlSecGCryptDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformSha512GetKlass:
+ *
+ * SHA512 digest transform klass.
+ *
+ * Returns: pointer to SHA512 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformSha512GetKlass(void) {
+ return(&xmlSecGCryptSha512Klass);
+}
+#endif /* XMLSEC_NO_SHA512 */
+
+#ifndef XMLSEC_NO_MD5
+/******************************************************************************
+ *
+ * MD5 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptMd5Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptDigestSize, /* xmlSecSize objSize */
+
+ /* data */
+ xmlSecNameMd5, /* const xmlChar* name; */
+ xmlSecHrefMd5, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ /* methods */
+ xmlSecGCryptDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformMd5GetKlass:
+ *
+ * MD5 digest transform klass.
+ *
+ * Returns: pointer to MD5 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformMd5GetKlass(void) {
+ return(&xmlSecGCryptMd5Klass);
+}
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+/******************************************************************************
+ *
+ * RIPEMD160 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptRipemd160Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptDigestSize, /* xmlSecSize objSize */
+
+ /* data */
+ xmlSecNameRipemd160, /* const xmlChar* name; */
+ xmlSecHrefRipemd160, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ /* methods */
+ xmlSecGCryptDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformRipemd160GetKlass:
+ *
+ * RIPEMD160 digest transform klass.
+ *
+ * Returns: pointer to RIPEMD160 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformRipemd160GetKlass(void) {
+ return(&xmlSecGCryptRipemd160Klass);
+}
+#endif /* XMLSEC_NO_RIPEMD160 */
diff --git a/src/gcrypt/globals.h b/src/gcrypt/globals.h
new file mode 100644
index 00000000..7bc03c1c
--- /dev/null
+++ b/src/gcrypt/globals.h
@@ -0,0 +1,30 @@
+/*
+ * XML Security Library
+ *
+ * globals.h: internal header only used during the compilation
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_GLOBALS_H__
+#define __XMLSEC_GLOBALS_H__
+
+/**
+ * Use autoconf defines if present.
+ */
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif /* HAVE_CONFIG_H */
+
+#define IN_XMLSEC_CRYPTO
+#define XMLSEC_PRIVATE
+
+
+#define XMLSEC_GCRYPT_MAX_DIGEST_SIZE 256
+#define XMLSEC_GCRYPT_REPORT_ERROR(err) \
+ "error code=%d; error message='%s'", \
+ (int)err, xmlSecErrorsSafeString(gcry_strerror((err)))
+
+#endif /* ! __XMLSEC_GLOBALS_H__ */
diff --git a/src/gcrypt/hmac.c b/src/gcrypt/hmac.c
new file mode 100644
index 00000000..192cb17b
--- /dev/null
+++ b/src/gcrypt/hmac.c
@@ -0,0 +1,823 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef XMLSEC_NO_HMAC
+#include "globals.h"
+
+#include <string.h>
+
+#include <gcrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gcrypt/app.h>
+#include <xmlsec/gcrypt/crypto.h>
+
+/* sizes in bits */
+#define XMLSEC_GCRYPT_MIN_HMAC_SIZE 80
+#define XMLSEC_GCRYPT_MAX_HMAC_SIZE (128 * 8)
+
+/**************************************************************************
+ *
+ * Configuration
+ *
+ *****************************************************************************/
+static int g_xmlsec_gcrypt_hmac_min_length = XMLSEC_GCRYPT_MIN_HMAC_SIZE;
+
+/**
+ * xmlSecGCryptHmacGetMinOutputLength:
+ *
+ * Gets the value of min HMAC length.
+ *
+ * Returns: the min HMAC output length
+ */
+int xmlSecGCryptHmacGetMinOutputLength(void)
+{
+ return g_xmlsec_gcrypt_hmac_min_length;
+}
+
+/**
+ * xmlSecGCryptHmacSetMinOutputLength:
+ * @min_length: the new min length
+ *
+ * Sets the min HMAC output length
+ */
+void xmlSecGCryptHmacSetMinOutputLength(int min_length)
+{
+ g_xmlsec_gcrypt_hmac_min_length = min_length;
+}
+
+/**************************************************************************
+ *
+ * Internal GCRYPT HMAC CTX
+ *
+ *****************************************************************************/
+typedef struct _xmlSecGCryptHmacCtx xmlSecGCryptHmacCtx, *xmlSecGCryptHmacCtxPtr;
+struct _xmlSecGCryptHmacCtx {
+ int digest;
+ gcry_md_hd_t digestCtx;
+ xmlSecByte dgst[XMLSEC_GCRYPT_MAX_HMAC_SIZE / 8];
+ xmlSecSize dgstSize; /* dgst size in bits */
+};
+
+/******************************************************************************
+ *
+ * HMAC transforms
+ *
+ * xmlSecGCryptHmacCtx is located after xmlSecTransform
+ *
+ *****************************************************************************/
+#define xmlSecGCryptHmacGetCtx(transform) \
+ ((xmlSecGCryptHmacCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+#define xmlSecGCryptHmacSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecGCryptHmacCtx))
+
+static int xmlSecGCryptHmacCheckId (xmlSecTransformPtr transform);
+static int xmlSecGCryptHmacInitialize (xmlSecTransformPtr transform);
+static void xmlSecGCryptHmacFinalize (xmlSecTransformPtr transform);
+static int xmlSecGCryptHmacNodeRead (xmlSecTransformPtr transform,
+ xmlNodePtr node,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecGCryptHmacSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecGCryptHmacSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecGCryptHmacVerify (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecGCryptHmacExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+
+static int
+xmlSecGCryptHmacCheckId(xmlSecTransformPtr transform) {
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformHmacSha1Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformHmacSha256Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformHmacSha384Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformHmacSha512Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformHmacRipemd160Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformHmacMd5Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+ /* not found */
+ {
+ return(0);
+ }
+
+ /* just in case */
+ return(0);
+}
+
+
+static int
+xmlSecGCryptHmacInitialize(xmlSecTransformPtr transform) {
+ xmlSecGCryptHmacCtxPtr ctx;
+ gcry_error_t err;
+
+ xmlSecAssert2(xmlSecGCryptHmacCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptHmacSize), -1);
+
+ ctx = xmlSecGCryptHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecGCryptHmacCtx));
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformHmacSha1Id)) {
+ ctx->digest = GCRY_MD_SHA1;
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformHmacSha256Id)) {
+ ctx->digest = GCRY_MD_SHA256;
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformHmacSha384Id)) {
+ ctx->digest = GCRY_MD_SHA384;
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformHmacSha512Id)) {
+ ctx->digest = GCRY_MD_SHA512;
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformHmacRipemd160Id)) {
+ ctx->digest = GCRY_MD_RMD160;
+ } else
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformHmacMd5Id)) {
+ ctx->digest = GCRY_MD_MD5;
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+ /* not found */
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* open context */
+ err = gcry_md_open(&ctx->digestCtx, ctx->digest, GCRY_MD_FLAG_HMAC | GCRY_MD_FLAG_SECURE); /* we are paranoid */
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "gcry_md_open",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ return(0);
+}
+
+static void
+xmlSecGCryptHmacFinalize(xmlSecTransformPtr transform) {
+ xmlSecGCryptHmacCtxPtr ctx;
+
+ xmlSecAssert(xmlSecGCryptHmacCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGCryptHmacSize));
+
+ ctx = xmlSecGCryptHmacGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ if(ctx->digestCtx != NULL) {
+ gcry_md_close(ctx->digestCtx);
+ }
+ memset(ctx, 0, sizeof(xmlSecGCryptHmacCtx));
+}
+
+/**
+ * xmlSecGCryptHmacNodeRead:
+ *
+ * HMAC (http://www.w3.org/TR/xmldsig-core/#sec-HMAC):
+ *
+ * The HMAC algorithm (RFC2104 [HMAC]) takes the truncation length in bits
+ * as a parameter; if the parameter is not specified then all the bits of the
+ * hash are output. An example of an HMAC SignatureMethod element:
+ * <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1">
+ * <HMACOutputLength>128</HMACOutputLength>
+ * </SignatureMethod>
+ *
+ * Schema Definition:
+ *
+ * <simpleType name="HMACOutputLengthType">
+ * <restriction base="integer"/>
+ * </simpleType>
+ *
+ * DTD:
+ *
+ * <!ELEMENT HMACOutputLength (#PCDATA)>
+ */
+static int
+xmlSecGCryptHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecGCryptHmacCtxPtr ctx;
+ xmlNodePtr cur;
+
+ xmlSecAssert2(xmlSecGCryptHmacCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptHmacSize), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecGCryptHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ cur = xmlSecGetNextElementNode(node->children);
+ if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHMACOutputLength, xmlSecDSigNs)) {
+ xmlChar *content;
+
+ content = xmlNodeGetContent(cur);
+ if(content != NULL) {
+ ctx->dgstSize = atoi((char*)content);
+ xmlFree(content);
+ }
+
+ /* Ensure that HMAC length is greater than min specified.
+ Otherwise, an attacker can set this length to 0 or very
+ small value
+ */
+ if((int)ctx->dgstSize < xmlSecGCryptHmacGetMinOutputLength()) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
+ "HMAC output length is too small");
+ return(-1);
+ }
+
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "no nodes expected");
+ return(-1);
+ }
+ return(0);
+}
+
+
+static int
+xmlSecGCryptHmacSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecGCryptHmacCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecGCryptHmacCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptHmacSize), -1);
+
+ ctx = xmlSecGCryptHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keyReq->keyId = xmlSecGCryptKeyDataHmacId;
+ keyReq->keyType= xmlSecKeyDataTypeSymmetric;
+ if(transform->operation == xmlSecTransformOperationSign) {
+ keyReq->keyUsage = xmlSecKeyUsageSign;
+ } else {
+ keyReq->keyUsage = xmlSecKeyUsageVerify;
+ }
+
+ return(0);
+}
+
+static int
+xmlSecGCryptHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecGCryptHmacCtxPtr ctx;
+ xmlSecKeyDataPtr value;
+ xmlSecBufferPtr buffer;
+ gcry_error_t err;
+
+ xmlSecAssert2(xmlSecGCryptHmacCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptHmacSize), -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ ctx = xmlSecGCryptHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->digestCtx != NULL, -1);
+
+ value = xmlSecKeyGetValue(key);
+ xmlSecAssert2(xmlSecKeyDataCheckId(value, xmlSecGCryptKeyDataHmacId), -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(value);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ if(xmlSecBufferGetSize(buffer) == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "key is empty");
+ return(-1);
+ }
+
+ err = gcry_md_setkey(ctx->digestCtx, xmlSecBufferGetData(buffer),
+ xmlSecBufferGetSize(buffer));
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "gcry_md_setkey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+ return(0);
+}
+
+static int
+xmlSecGCryptHmacVerify(xmlSecTransformPtr transform,
+ const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx) {
+ static xmlSecByte last_byte_masks[] =
+ { 0xFF, 0x80, 0xC0, 0xE0, 0xF0, 0xF8, 0xFC, 0xFE };
+
+ xmlSecGCryptHmacCtxPtr ctx;
+ xmlSecByte mask;
+
+ xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptHmacSize), -1);
+ xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
+ xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecGCryptHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->digestCtx != NULL, -1);
+ xmlSecAssert2(ctx->dgstSize > 0, -1);
+
+ /* compare the digest size in bytes */
+ if(dataSize != ((ctx->dgstSize + 7) / 8)){
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "data=%d;dgst=%d",
+ dataSize, ((ctx->dgstSize + 7) / 8));
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ /* we check the last byte separatelly */
+ xmlSecAssert2(dataSize > 0, -1);
+ mask = last_byte_masks[ctx->dgstSize % 8];
+ if((ctx->dgst[dataSize - 1] & mask) != (data[dataSize - 1] & mask)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_DATA_NOT_MATCH,
+ "data and digest do not match (last byte)");
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ /* now check the rest of the digest */
+ if((dataSize > 1) && (memcmp(ctx->dgst, data, dataSize - 1) != 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_DATA_NOT_MATCH,
+ "data and digest do not match");
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ transform->status = xmlSecTransformStatusOk;
+ return(0);
+}
+
+static int
+xmlSecGCryptHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecGCryptHmacCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ xmlSecByte* dgst;
+ xmlSecSize dgstSize;
+ int ret;
+
+ xmlSecAssert2(xmlSecGCryptHmacCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptHmacSize), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecGCryptHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->digestCtx != NULL, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if(transform->status == xmlSecTransformStatusWorking) {
+ xmlSecSize inSize;
+
+ inSize = xmlSecBufferGetSize(in);
+ if(inSize > 0) {
+ gcry_md_write(ctx->digestCtx, xmlSecBufferGetData(in), inSize);
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ }
+ if(last) {
+ /* get the final digest */
+ gcry_md_final(ctx->digestCtx);
+ dgst = gcry_md_read(ctx->digestCtx, ctx->digest);
+ if(dgst == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "gcry_md_read",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* copy it to our internal buffer */
+ dgstSize = gcry_md_get_algo_dlen(ctx->digest);
+ xmlSecAssert2(dgstSize > 0, -1);
+ xmlSecAssert2(dgstSize <= sizeof(ctx->dgst), -1);
+ memcpy(ctx->dgst, dgst, dgstSize);
+
+ /* check/set the result digest size */
+ if(ctx->dgstSize == 0) {
+ ctx->dgstSize = dgstSize * 8; /* no dgst size specified, use all we have */
+ } else if(ctx->dgstSize <= 8 * dgstSize) {
+ dgstSize = ((ctx->dgstSize + 7) / 8); /* we need to truncate result digest */
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "result-bits=%d;required-bits=%d",
+ 8 * dgstSize, ctx->dgstSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationSign) {
+ ret = xmlSecBufferAppend(out, ctx->dgst, dgstSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", dgstSize);
+ return(-1);
+ }
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "size=%d", transform->status);
+ return(-1);
+ }
+
+ return(0);
+}
+
+#ifndef XMLSEC_NO_SHA1
+/******************************************************************************
+ *
+ * HMAC SHA1
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptHmacSha1Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha1, /* const xmlChar* name; */
+ xmlSecHrefHmacSha1, /* const xmlChar *href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecGCryptHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecGCryptHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecGCryptHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformHmacSha1GetKlass:
+ *
+ * The HMAC-SHA1 transform klass.
+ *
+ * Returns: the HMAC-SHA1 transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformHmacSha1GetKlass(void) {
+ return(&xmlSecGCryptHmacSha1Klass);
+}
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+/******************************************************************************
+ *
+ * HMAC SHA256
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptHmacSha256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha256, /* const xmlChar* name; */
+ xmlSecHrefHmacSha256, /* const xmlChar *href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecGCryptHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecGCryptHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecGCryptHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformHmacSha256GetKlass:
+ *
+ * The HMAC-SHA256 transform klass.
+ *
+ * Returns: the HMAC-SHA256 transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformHmacSha256GetKlass(void) {
+ return(&xmlSecGCryptHmacSha256Klass);
+}
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/******************************************************************************
+ *
+ * HMAC SHA384
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptHmacSha384Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha384, /* const xmlChar* name; */
+ xmlSecHrefHmacSha384, /* const xmlChar *href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecGCryptHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecGCryptHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecGCryptHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformHmacSha384GetKlass:
+ *
+ * The HMAC-SHA384 transform klass.
+ *
+ * Returns: the HMAC-SHA384 transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformHmacSha384GetKlass(void) {
+ return(&xmlSecGCryptHmacSha384Klass);
+}
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/******************************************************************************
+ *
+ * HMAC SHA512
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptHmacSha512Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha512, /* const xmlChar* name; */
+ xmlSecHrefHmacSha512, /* const xmlChar *href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecGCryptHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecGCryptHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecGCryptHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformHmacSha512GetKlass:
+ *
+ * The HMAC-SHA512 transform klass.
+ *
+ * Returns: the HMAC-SHA512 transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformHmacSha512GetKlass(void) {
+ return(&xmlSecGCryptHmacSha512Klass);
+}
+#endif /* XMLSEC_NO_SHA512 */
+
+
+#ifndef XMLSEC_NO_RIPEMD160
+/******************************************************************************
+ *
+ * HMAC Ripemd160
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptHmacRipemd160Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacRipemd160, /* const xmlChar* name; */
+ xmlSecHrefHmacRipemd160, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecGCryptHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecGCryptHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecGCryptHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformHmacRipemd160GetKlass:
+ *
+ * The HMAC-RIPEMD160 transform klass.
+ *
+ * Returns: the HMAC-RIPEMD160 transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformHmacRipemd160GetKlass(void) {
+ return(&xmlSecGCryptHmacRipemd160Klass);
+}
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_MD5
+/******************************************************************************
+ *
+ * HMAC MD5
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptHmacMd5Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacMd5, /* const xmlChar* name; */
+ xmlSecHrefHmacMd5, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecGCryptHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecGCryptHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecGCryptHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformHmacMd5GetKlass:
+ *
+ * The HMAC-MD5 transform klass.
+ *
+ * Returns: the HMAC-MD5 transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformHmacMd5GetKlass(void) {
+ return(&xmlSecGCryptHmacMd5Klass);
+}
+#endif /* XMLSEC_NO_MD5 */
+
+
+#endif /* XMLSEC_NO_HMAC */
diff --git a/src/gcrypt/kw_aes.c b/src/gcrypt/kw_aes.c
new file mode 100644
index 00000000..38ac8956
--- /dev/null
+++ b/src/gcrypt/kw_aes.c
@@ -0,0 +1,593 @@
+/**
+ *
+ * XMLSec library
+ *
+ * AES Algorithm support
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef XMLSEC_NO_AES
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <gcrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gcrypt/crypto.h>
+
+#include "../kw_aes_des.h"
+
+
+/*********************************************************************
+ *
+ * AES KW implementation
+ *
+ *********************************************************************/
+static int xmlSecGCryptKWAesBlockEncrypt (const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize,
+ void * context);
+static int xmlSecGCryptKWAesBlockDecrypt (const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize,
+ void * context);
+static xmlSecKWAesKlass xmlSecGCryptKWAesKlass = {
+ /* callbacks */
+ xmlSecGCryptKWAesBlockEncrypt, /* xmlSecKWAesBlockEncryptMethod encrypt; */
+ xmlSecGCryptKWAesBlockDecrypt, /* xmlSecKWAesBlockDecryptMethod decrypt; */
+
+ /* for the future */
+ NULL, /* void* reserved0; */
+ NULL /* void* reserved1; */
+};
+
+
+/*********************************************************************
+ *
+ * AES KW transforms
+ *
+ ********************************************************************/
+typedef struct _xmlSecGCryptKWAesCtx xmlSecGCryptKWAesCtx,
+ *xmlSecGCryptKWAesCtxPtr;
+struct _xmlSecGCryptKWAesCtx {
+ int cipher;
+ int mode;
+ int flags;
+ xmlSecSize blockSize;
+ xmlSecSize keyExpectedSize;
+
+ xmlSecBuffer keyBuffer;
+};
+#define xmlSecGCryptKWAesSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecGCryptKWAesCtx))
+#define xmlSecGCryptKWAesGetCtx(transform) \
+ ((xmlSecGCryptKWAesCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+#define xmlSecGCryptKWAesCheckId(transform) \
+ (xmlSecTransformCheckId((transform), xmlSecGCryptTransformKWAes128Id) || \
+ xmlSecTransformCheckId((transform), xmlSecGCryptTransformKWAes192Id) || \
+ xmlSecTransformCheckId((transform), xmlSecGCryptTransformKWAes256Id))
+
+static int xmlSecGCryptKWAesInitialize (xmlSecTransformPtr transform);
+static void xmlSecGCryptKWAesFinalize (xmlSecTransformPtr transform);
+static int xmlSecGCryptKWAesSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecGCryptKWAesSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecGCryptKWAesExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+
+static int
+xmlSecGCryptKWAesInitialize(xmlSecTransformPtr transform) {
+ xmlSecGCryptKWAesCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecGCryptKWAesCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptKWAesSize), -1);
+
+ ctx = xmlSecGCryptKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformKWAes128Id)) {
+ ctx->cipher = GCRY_CIPHER_AES128;
+ ctx->keyExpectedSize = XMLSEC_KW_AES128_KEY_SIZE;
+ } else if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformKWAes192Id)) {
+ ctx->cipher = GCRY_CIPHER_AES192;
+ ctx->keyExpectedSize = XMLSEC_KW_AES192_KEY_SIZE;
+ } else if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformKWAes256Id)) {
+ ctx->cipher = GCRY_CIPHER_AES256;
+ ctx->keyExpectedSize = XMLSEC_KW_AES256_KEY_SIZE;
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ ctx->mode = GCRY_CIPHER_MODE_CBC;
+ ctx->flags = GCRY_CIPHER_SECURE; /* we are paranoid */
+ ctx->blockSize = gcry_cipher_get_algo_blklen(ctx->cipher);
+ xmlSecAssert2(ctx->blockSize > 0, -1);
+
+ ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecGCryptKWAesGetKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static void
+xmlSecGCryptKWAesFinalize(xmlSecTransformPtr transform) {
+ xmlSecGCryptKWAesCtxPtr ctx;
+
+ xmlSecAssert(xmlSecGCryptKWAesCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGCryptKWAesSize));
+
+ ctx = xmlSecGCryptKWAesGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ xmlSecBufferFinalize(&(ctx->keyBuffer));
+}
+
+static int
+xmlSecGCryptKWAesSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecGCryptKWAesCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecGCryptKWAesCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptKWAesSize), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ ctx = xmlSecGCryptKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keyReq->keyId = xmlSecGCryptKeyDataAesId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+ } else {
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+ }
+ keyReq->keyBitsSize = 8 * ctx->keyExpectedSize;
+
+ return(0);
+}
+
+static int
+xmlSecGCryptKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecGCryptKWAesCtxPtr ctx;
+ xmlSecBufferPtr buffer;
+ xmlSecSize keySize;
+ int ret;
+
+ xmlSecAssert2(xmlSecGCryptKWAesCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptKWAesSize), -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecGCryptKeyDataAesId), -1);
+
+ ctx = xmlSecGCryptKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
+ xmlSecAssert2(buffer != NULL, -1);
+
+ keySize = xmlSecBufferGetSize(buffer);
+ if(keySize < ctx->keyExpectedSize) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "key=%d;expected=%d",
+ keySize, ctx->keyExpectedSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferSetData(&(ctx->keyBuffer),
+ xmlSecBufferGetData(buffer),
+ ctx->keyExpectedSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "expected-size=%d",
+ ctx->keyExpectedSize);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecGCryptKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecGCryptKWAesCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ xmlSecSize inSize, outSize, keySize;
+ int ret;
+
+ xmlSecAssert2(xmlSecGCryptKWAesCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptKWAesSize), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecGCryptKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keySize = xmlSecBufferGetSize(&(ctx->keyBuffer));
+ xmlSecAssert2(keySize == ctx->keyExpectedSize, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+ xmlSecAssert2(outSize == 0, -1);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
+ /* just do nothing */
+ } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
+ if((inSize % 8) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "size=%d(not 8 bytes aligned)", inSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ /* the encoded key might be 8 bytes longer plus 8 bytes just in case */
+ outSize = inSize + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE +
+ XMLSEC_KW_AES_BLOCK_SIZE;
+ } else {
+ outSize = inSize + XMLSEC_KW_AES_BLOCK_SIZE;
+ }
+
+ ret = xmlSecBufferSetMaxSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "outSize=%d", outSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ ret = xmlSecKWAesEncode(&xmlSecGCryptKWAesKlass, ctx,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWAesEncode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outSize = ret;
+ } else {
+ ret = xmlSecKWAesDecode(&xmlSecGCryptKWAesKlass, ctx,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWAesEncode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outSize = ret;
+ }
+
+ ret = xmlSecBufferSetSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "outSize=%d", outSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "inSize%d", inSize);
+ return(-1);
+ }
+
+ transform->status = xmlSecTransformStatusFinished;
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+ return(0);
+}
+
+
+static xmlSecTransformKlass xmlSecGCryptKWAes128Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes128, /* const xmlChar* name; */
+ xmlSecHrefKWAes128, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecGCryptKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecGCryptKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformKWAes128GetKlass:
+ *
+ * The AES-128 kew wrapper transform klass.
+ *
+ * Returns: AES-128 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformKWAes128GetKlass(void) {
+ return(&xmlSecGCryptKWAes128Klass);
+}
+
+static xmlSecTransformKlass xmlSecGCryptKWAes192Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes192, /* const xmlChar* name; */
+ xmlSecHrefKWAes192, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecGCryptKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecGCryptKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+
+/**
+ * xmlSecGCryptTransformKWAes192GetKlass:
+ *
+ * The AES-192 kew wrapper transform klass.
+ *
+ * Returns: AES-192 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformKWAes192GetKlass(void) {
+ return(&xmlSecGCryptKWAes192Klass);
+}
+
+static xmlSecTransformKlass xmlSecGCryptKWAes256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes256, /* const xmlChar* name; */
+ xmlSecHrefKWAes256, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecGCryptKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecGCryptKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformKWAes256GetKlass:
+ *
+ * The AES-256 kew wrapper transform klass.
+ *
+ * Returns: AES-256 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformKWAes256GetKlass(void) {
+ return(&xmlSecGCryptKWAes256Klass);
+}
+
+/*********************************************************************
+ *
+ * AES KW implementation
+ *
+ *********************************************************************/
+static unsigned char g_zero_iv[XMLSEC_KW_AES_BLOCK_SIZE] =
+ { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
+static int
+xmlSecGCryptKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize,
+ void * context) {
+ xmlSecGCryptKWAesCtxPtr ctx = (xmlSecGCryptKWAesCtxPtr)context;
+ gcry_cipher_hd_t cipherCtx;
+ gcry_error_t err;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize >= ctx->blockSize, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= ctx->blockSize, -1);
+
+ err = gcry_cipher_open(&cipherCtx, ctx->cipher, ctx->mode, ctx->flags);
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_open",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ err = gcry_cipher_setkey(cipherCtx,
+ xmlSecBufferGetData(&ctx->keyBuffer),
+ xmlSecBufferGetSize(&ctx->keyBuffer));
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_setkey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ /* use zero IV and CBC mode to ensure we get result as-is */
+ err = gcry_cipher_setiv(cipherCtx, g_zero_iv, sizeof(g_zero_iv));
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_setiv",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ err = gcry_cipher_encrypt(cipherCtx, out, outSize, in, inSize);
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_encrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ gcry_cipher_close(cipherCtx);
+ return(-1);
+ }
+ gcry_cipher_close(cipherCtx);
+
+ return(ctx->blockSize);
+}
+
+static int
+xmlSecGCryptKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize,
+ void * context) {
+ xmlSecGCryptKWAesCtxPtr ctx = (xmlSecGCryptKWAesCtxPtr)context;
+ gcry_cipher_hd_t cipherCtx;
+ gcry_error_t err;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize >= ctx->blockSize, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= ctx->blockSize, -1);
+
+ err = gcry_cipher_open(&cipherCtx, ctx->cipher, ctx->mode, ctx->flags);
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_open",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ err = gcry_cipher_setkey(cipherCtx,
+ xmlSecBufferGetData(&ctx->keyBuffer),
+ xmlSecBufferGetSize(&ctx->keyBuffer));
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_setkey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ /* use zero IV and CBC mode to ensure we get result as-is */
+ err = gcry_cipher_setiv(cipherCtx, g_zero_iv, sizeof(g_zero_iv));
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_setiv",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ err = gcry_cipher_decrypt(cipherCtx, out, outSize, in, inSize);
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_decrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ gcry_cipher_close(cipherCtx);
+ return(-1);
+ }
+ gcry_cipher_close(cipherCtx);
+
+ return(ctx->blockSize);
+}
+
+#endif /* XMLSEC_NO_AES */
diff --git a/src/gcrypt/kw_des.c b/src/gcrypt/kw_des.c
new file mode 100644
index 00000000..b93eb9f5
--- /dev/null
+++ b/src/gcrypt/kw_des.c
@@ -0,0 +1,607 @@
+/**
+ *
+ * XMLSec library
+ *
+ * DES Algorithm support
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef XMLSEC_NO_DES
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <gcrypt.h>
+
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gcrypt/crypto.h>
+
+#include "../kw_aes_des.h"
+
+/*********************************************************************
+ *
+ * DES KW implementation
+ *
+ *********************************************************************/
+static int xmlSecGCryptKWDes3GenerateRandom (void * context,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+static int xmlSecGCryptKWDes3Sha1 (void * context,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+static int xmlSecGCryptKWDes3BlockEncrypt (void * context,
+ const xmlSecByte * iv,
+ xmlSecSize ivSize,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+static int xmlSecGCryptKWDes3BlockDecrypt (void * context,
+ const xmlSecByte * iv,
+ xmlSecSize ivSize,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+
+static xmlSecKWDes3Klass xmlSecGCryptKWDes3ImplKlass = {
+ /* callbacks */
+ xmlSecGCryptKWDes3GenerateRandom, /* xmlSecKWDes3GenerateRandomMethod generateRandom; */
+ xmlSecGCryptKWDes3Sha1, /* xmlSecKWDes3Sha1Method sha1; */
+ xmlSecGCryptKWDes3BlockEncrypt, /* xmlSecKWDes3BlockEncryptMethod encrypt; */
+ xmlSecGCryptKWDes3BlockDecrypt, /* xmlSecKWDes3BlockDecryptMethod decrypt; */
+
+ /* for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+static int xmlSecGCryptKWDes3Encrypt (const xmlSecByte *key,
+ xmlSecSize keySize,
+ const xmlSecByte *iv,
+ xmlSecSize ivSize,
+ const xmlSecByte *in,
+ xmlSecSize inSize,
+ xmlSecByte *out,
+ xmlSecSize outSize,
+ int enc);
+
+
+/*********************************************************************
+ *
+ * Triple DES Key Wrap transform
+ *
+ * key (xmlSecBuffer) is located after xmlSecTransform structure
+ *
+ ********************************************************************/
+typedef struct _xmlSecGCryptKWDes3Ctx xmlSecGCryptKWDes3Ctx,
+ *xmlSecGCryptKWDes3CtxPtr;
+struct _xmlSecGCryptKWDes3Ctx {
+ xmlSecBuffer keyBuffer;
+};
+#define xmlSecGCryptKWDes3Size \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecGCryptKWDes3Ctx))
+#define xmlSecGCryptKWDes3GetCtx(transform) \
+ ((xmlSecGCryptKWDes3CtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecGCryptKWDes3Initialize (xmlSecTransformPtr transform);
+static void xmlSecGCryptKWDes3Finalize (xmlSecTransformPtr transform);
+static int xmlSecGCryptKWDes3SetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecGCryptKWDes3SetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecGCryptKWDes3Execute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static xmlSecTransformKlass xmlSecGCryptKWDes3Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptKWDes3Size, /* xmlSecSize objSize */
+
+ xmlSecNameKWDes3, /* const xmlChar* name; */
+ xmlSecHrefKWDes3, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecGCryptKWDes3Initialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptKWDes3Finalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptKWDes3SetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecGCryptKWDes3SetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptKWDes3Execute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformKWDes3GetKlass:
+ *
+ * The Triple DES key wrapper transform klass.
+ *
+ * Returns: Triple DES key wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformKWDes3GetKlass(void) {
+ return(&xmlSecGCryptKWDes3Klass);
+}
+
+static int
+xmlSecGCryptKWDes3Initialize(xmlSecTransformPtr transform) {
+ xmlSecGCryptKWDes3CtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecGCryptTransformKWDes3Id), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptKWDes3Size), -1);
+
+ ctx = xmlSecGCryptKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static void
+xmlSecGCryptKWDes3Finalize(xmlSecTransformPtr transform) {
+ xmlSecGCryptKWDes3CtxPtr ctx;
+
+ xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecGCryptTransformKWDes3Id));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGCryptKWDes3Size));
+
+ ctx = xmlSecGCryptKWDes3GetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ xmlSecBufferFinalize(&(ctx->keyBuffer));
+}
+
+static int
+xmlSecGCryptKWDes3SetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecGCryptKWDes3CtxPtr ctx;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecGCryptTransformKWDes3Id), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptKWDes3Size), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ ctx = xmlSecGCryptKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keyReq->keyId = xmlSecGCryptKeyDataDesId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ keyReq->keyUsage= xmlSecKeyUsageEncrypt;
+ } else {
+ keyReq->keyUsage= xmlSecKeyUsageDecrypt;
+ }
+ keyReq->keyBitsSize = 8 * XMLSEC_KW_DES3_KEY_LENGTH;
+ return(0);
+}
+
+static int
+xmlSecGCryptKWDes3SetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecGCryptKWDes3CtxPtr ctx;
+ xmlSecBufferPtr buffer;
+ xmlSecSize keySize;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecGCryptTransformKWDes3Id), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptKWDes3Size), -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecGCryptKeyDataDesId), -1);
+
+ ctx = xmlSecGCryptKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
+ xmlSecAssert2(buffer != NULL, -1);
+
+ keySize = xmlSecBufferGetSize(buffer);
+ if(keySize < XMLSEC_KW_DES3_KEY_LENGTH) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "key length %d is not enough (%d expected)",
+ keySize, XMLSEC_KW_DES3_KEY_LENGTH);
+ return(-1);
+ }
+
+ ret = xmlSecBufferSetData(&(ctx->keyBuffer), xmlSecBufferGetData(buffer), XMLSEC_KW_DES3_KEY_LENGTH);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", XMLSEC_KW_DES3_KEY_LENGTH);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecGCryptKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecGCryptKWDes3CtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ xmlSecSize inSize, outSize, keySize;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecGCryptTransformKWDes3Id), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptKWDes3Size), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecGCryptKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keySize = xmlSecBufferGetSize(&(ctx->keyBuffer));
+ xmlSecAssert2(keySize == XMLSEC_KW_DES3_KEY_LENGTH, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+ xmlSecAssert2(outSize == 0, -1);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
+ /* just do nothing */
+ } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
+ if((inSize % XMLSEC_KW_DES3_BLOCK_LENGTH) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "%d bytes - not %d bytes aligned",
+ inSize, XMLSEC_KW_DES3_BLOCK_LENGTH);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ /* the encoded key might be 16 bytes longer plus one block just in case */
+ outSize = inSize + XMLSEC_KW_DES3_IV_LENGTH +
+ XMLSEC_KW_DES3_BLOCK_LENGTH +
+ XMLSEC_KW_DES3_BLOCK_LENGTH;
+ } else {
+ /* just in case, add a block */
+ outSize = inSize + XMLSEC_KW_DES3_BLOCK_LENGTH;
+ }
+
+ ret = xmlSecBufferSetMaxSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ ret = xmlSecKWDes3Encode(&xmlSecGCryptKWDes3ImplKlass, ctx,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWDes3Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "key=%d,in=%d,out=%d",
+ keySize, inSize, outSize);
+ return(-1);
+ }
+ outSize = ret;
+ } else {
+ ret = xmlSecKWDes3Decode(&xmlSecGCryptKWDes3ImplKlass, ctx,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWDes3Decode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "key=%d,in=%d,out=%d",
+ keySize, inSize, outSize);
+ return(-1);
+ }
+ outSize = ret;
+ }
+
+ ret = xmlSecBufferSetSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+ transform->status = xmlSecTransformStatusFinished;
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+ return(0);
+}
+
+/*********************************************************************
+ *
+ * DES KW implementation
+ *
+ *********************************************************************/
+static int
+xmlSecGCryptKWDes3Sha1(void * context,
+ const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecGCryptKWDes3CtxPtr ctx = (xmlSecGCryptKWDes3CtxPtr)context;
+ gcry_md_hd_t digestCtx;
+ unsigned char * res;
+ unsigned int len;
+ gcry_error_t err;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize > 0, -1);
+
+ len = gcry_md_get_algo_dlen(GCRY_MD_SHA1);
+ xmlSecAssert2(outSize >= len, -1);
+
+ err = gcry_md_open(&digestCtx, GCRY_MD_SHA1, GCRY_MD_FLAG_SECURE); /* we are paranoid */
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_md_open(GCRY_MD_SHA1)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ gcry_md_write(digestCtx, in, inSize);
+
+ err = gcry_md_final(digestCtx);
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_md_final",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ gcry_md_close(digestCtx);
+ return(-1);
+ }
+
+ res = gcry_md_read(digestCtx, GCRY_MD_SHA1);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_md_read(GCRY_MD_SHA1)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gcry_md_close(digestCtx);
+ return(-1);
+ }
+
+ /* done */
+ xmlSecAssert2(outSize >= len, -1);
+ memcpy(out, res, len);
+ gcry_md_close(digestCtx);
+ return(len);
+}
+
+static int
+xmlSecGCryptKWDes3GenerateRandom(void * context,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecGCryptKWDes3CtxPtr ctx = (xmlSecGCryptKWDes3CtxPtr)context;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize > 0, -1);
+
+ gcry_randomize(out, outSize, GCRY_STRONG_RANDOM);
+ return((int)outSize);
+}
+
+static int
+xmlSecGCryptKWDes3BlockEncrypt(void * context,
+ const xmlSecByte * iv, xmlSecSize ivSize,
+ const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecGCryptKWDes3CtxPtr ctx = (xmlSecGCryptKWDes3CtxPtr)context;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetData(&(ctx->keyBuffer)) != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetSize(&(ctx->keyBuffer)) >= XMLSEC_KW_DES3_KEY_LENGTH, -1);
+ xmlSecAssert2(iv != NULL, -1);
+ xmlSecAssert2(ivSize >= XMLSEC_KW_DES3_IV_LENGTH, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize, -1);
+
+ ret = xmlSecGCryptKWDes3Encrypt(xmlSecBufferGetData(&(ctx->keyBuffer)),
+ XMLSEC_KW_DES3_KEY_LENGTH,
+ iv, XMLSEC_KW_DES3_IV_LENGTH,
+ in, inSize,
+ out, outSize,
+ 1); /* encrypt */
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptKWDes3Encrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(ret);
+}
+
+static int
+xmlSecGCryptKWDes3BlockDecrypt(void * context,
+ const xmlSecByte * iv, xmlSecSize ivSize,
+ const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecGCryptKWDes3CtxPtr ctx = (xmlSecGCryptKWDes3CtxPtr)context;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetData(&(ctx->keyBuffer)) != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetSize(&(ctx->keyBuffer)) >= XMLSEC_KW_DES3_KEY_LENGTH, -1);
+ xmlSecAssert2(iv != NULL, -1);
+ xmlSecAssert2(ivSize >= XMLSEC_KW_DES3_IV_LENGTH, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize, -1);
+
+ ret = xmlSecGCryptKWDes3Encrypt(xmlSecBufferGetData(&(ctx->keyBuffer)),
+ XMLSEC_KW_DES3_KEY_LENGTH,
+ iv, XMLSEC_KW_DES3_IV_LENGTH,
+ in, inSize,
+ out, outSize,
+ 0); /* decrypt */
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptKWDes3Encrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(ret);
+}
+
+static int
+xmlSecGCryptKWDes3Encrypt(const xmlSecByte *key, xmlSecSize keySize,
+ const xmlSecByte *iv, xmlSecSize ivSize,
+ const xmlSecByte *in, xmlSecSize inSize,
+ xmlSecByte *out, xmlSecSize outSize,
+ int enc) {
+ size_t key_len = gcry_cipher_get_algo_keylen(GCRY_CIPHER_3DES);
+ size_t block_len = gcry_cipher_get_algo_blklen(GCRY_CIPHER_3DES);
+ gcry_cipher_hd_t cipherCtx;
+ gcry_error_t err;
+
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(keySize >= key_len, -1);
+ xmlSecAssert2(iv != NULL, -1);
+ xmlSecAssert2(ivSize >= block_len, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize, -1);
+
+ err = gcry_cipher_open(&cipherCtx, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC, GCRY_CIPHER_SECURE); /* we are paranoid */
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_open(GCRY_CIPHER_3DES)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ err = gcry_cipher_setkey(cipherCtx, key, keySize);
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_setkey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ err = gcry_cipher_setiv(cipherCtx, iv, ivSize);
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_setiv",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ if(enc) {
+ err = gcry_cipher_encrypt(cipherCtx, out, outSize, in, inSize);
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_encrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ gcry_cipher_close(cipherCtx);
+ return(-1);
+ }
+ } else {
+ err = gcry_cipher_decrypt(cipherCtx, out, outSize, in, inSize);
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_cipher_decrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ gcry_cipher_close(cipherCtx);
+ return(-1);
+ }
+ }
+
+ /* done */
+ gcry_cipher_close(cipherCtx);
+ return((int)inSize); /* out size == in size */
+}
+
+
+#endif /* XMLSEC_NO_DES */
+
diff --git a/src/gcrypt/signatures.c b/src/gcrypt/signatures.c
new file mode 100644
index 00000000..c49638e4
--- /dev/null
+++ b/src/gcrypt/signatures.c
@@ -0,0 +1,1490 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <gcrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gcrypt/crypto.h>
+
+
+/**************************************************************************
+ *
+ * Forward declarations for actual sign/verify implementations
+ *
+ *****************************************************************************/
+typedef int (*xmlSecGCryptPkSignMethod) (int digest,
+ xmlSecKeyDataPtr key_data,
+ const xmlSecByte* dgst,
+ xmlSecSize dgstSize,
+ xmlSecBufferPtr out);
+typedef int (*xmlSecGCryptPkVerifyMethod) (int digest,
+ xmlSecKeyDataPtr key_data,
+ const xmlSecByte* dgst,
+ xmlSecSize dgstSize,
+ const xmlSecByte* data,
+ xmlSecSize dataSize);
+
+#ifndef XMLSEC_NO_DSA
+static int xmlSecGCryptDsaPkSign (int digest,
+ xmlSecKeyDataPtr key_data,
+ const xmlSecByte* dgst,
+ xmlSecSize dgstSize,
+ xmlSecBufferPtr out);
+static int xmlSecGCryptDsaPkVerify (int digest,
+ xmlSecKeyDataPtr key_data,
+ const xmlSecByte* dgst,
+ xmlSecSize dgstSize,
+ const xmlSecByte* data,
+ xmlSecSize dataSize);
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_RSA
+static int xmlSecGCryptRsaPkcs1PkSign (int digest,
+ xmlSecKeyDataPtr key_data,
+ const xmlSecByte* dgst,
+ xmlSecSize dgstSize,
+ xmlSecBufferPtr out);
+static int xmlSecGCryptRsaPkcs1PkVerify (int digest,
+ xmlSecKeyDataPtr key_data,
+ const xmlSecByte* dgst,
+ xmlSecSize dgstSize,
+ const xmlSecByte* data,
+ xmlSecSize dataSize);
+#endif /* XMLSEC_NO_RSA */
+
+
+/**************************************************************************
+ *
+ * Internal GCrypt signatures ctx
+ *
+ *****************************************************************************/
+typedef struct _xmlSecGCryptPkSignatureCtx xmlSecGCryptPkSignatureCtx,
+ *xmlSecGCryptPkSignatureCtxPtr;
+
+
+struct _xmlSecGCryptPkSignatureCtx {
+ int digest;
+ xmlSecKeyDataId keyId;
+ xmlSecGCryptPkSignMethod sign;
+ xmlSecGCryptPkVerifyMethod verify;
+
+ gcry_md_hd_t digestCtx;
+ xmlSecKeyDataPtr key_data;
+
+ xmlSecByte dgst[XMLSEC_GCRYPT_MAX_DIGEST_SIZE];
+ xmlSecSize dgstSize; /* dgst size in bytes */
+};
+
+
+/******************************************************************************
+ *
+ * Pk Signature transforms
+ *
+ * xmlSecGCryptPkSignatureCtx is located after xmlSecTransform
+ *
+ *****************************************************************************/
+#define xmlSecGCryptPkSignatureSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecGCryptPkSignatureCtx))
+#define xmlSecGCryptPkSignatureGetCtx(transform) \
+ ((xmlSecGCryptPkSignatureCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecGCryptPkSignatureCheckId (xmlSecTransformPtr transform);
+static int xmlSecGCryptPkSignatureInitialize (xmlSecTransformPtr transform);
+static void xmlSecGCryptPkSignatureFinalize (xmlSecTransformPtr transform);
+static int xmlSecGCryptPkSignatureSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecGCryptPkSignatureSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecGCryptPkSignatureVerify (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecGCryptPkSignatureExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+
+static int
+xmlSecGCryptPkSignatureCheckId(xmlSecTransformPtr transform) {
+#ifndef XMLSEC_NO_DSA
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformDsaSha1Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaMd5Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaRipemd160Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaSha1Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaSha256Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaSha384Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaSha512Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_RSA */
+
+ {
+ return(0);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecGCryptPkSignatureInitialize(xmlSecTransformPtr transform) {
+ xmlSecGCryptPkSignatureCtxPtr ctx;
+ gcry_error_t err;
+
+ xmlSecAssert2(xmlSecGCryptPkSignatureCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptPkSignatureSize), -1);
+
+ ctx = xmlSecGCryptPkSignatureGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecGCryptPkSignatureCtx));
+
+#ifndef XMLSEC_NO_DSA
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformDsaSha1Id)) {
+ ctx->digest = GCRY_MD_SHA1;
+ ctx->keyId = xmlSecGCryptKeyDataDsaId;
+ ctx->sign = xmlSecGCryptDsaPkSign;
+ ctx->verify = xmlSecGCryptDsaPkVerify;
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaMd5Id)) {
+ ctx->digest = GCRY_MD_MD5;
+ ctx->keyId = xmlSecGCryptKeyDataRsaId;
+ ctx->sign = xmlSecGCryptRsaPkcs1PkSign;
+ ctx->verify = xmlSecGCryptRsaPkcs1PkVerify;
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaRipemd160Id)) {
+ ctx->digest = GCRY_MD_RMD160;
+ ctx->keyId = xmlSecGCryptKeyDataRsaId;
+ ctx->sign = xmlSecGCryptRsaPkcs1PkSign;
+ ctx->verify = xmlSecGCryptRsaPkcs1PkVerify;
+ } else
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaSha1Id)) {
+ ctx->digest = GCRY_MD_SHA1;
+ ctx->keyId = xmlSecGCryptKeyDataRsaId;
+ ctx->sign = xmlSecGCryptRsaPkcs1PkSign;
+ ctx->verify = xmlSecGCryptRsaPkcs1PkVerify;
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaSha256Id)) {
+ ctx->digest = GCRY_MD_SHA256;
+ ctx->keyId = xmlSecGCryptKeyDataRsaId;
+ ctx->sign = xmlSecGCryptRsaPkcs1PkSign;
+ ctx->verify = xmlSecGCryptRsaPkcs1PkVerify;
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaSha384Id)) {
+ ctx->digest = GCRY_MD_SHA384;
+ ctx->keyId = xmlSecGCryptKeyDataRsaId;
+ ctx->sign = xmlSecGCryptRsaPkcs1PkSign;
+ ctx->verify = xmlSecGCryptRsaPkcs1PkVerify;
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaSha512Id)) {
+ ctx->digest = GCRY_MD_SHA512;
+ ctx->keyId = xmlSecGCryptKeyDataRsaId;
+ ctx->sign = xmlSecGCryptRsaPkcs1PkSign;
+ ctx->verify = xmlSecGCryptRsaPkcs1PkVerify;
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_RSA */
+
+ if(1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* create digest ctx */
+ err = gcry_md_open(&ctx->digestCtx, ctx->digest, GCRY_MD_FLAG_SECURE); /* we are paranoid */
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "gcry_md_open",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ /* done */
+ return(0);
+}
+
+static void
+xmlSecGCryptPkSignatureFinalize(xmlSecTransformPtr transform) {
+ xmlSecGCryptPkSignatureCtxPtr ctx;
+
+ xmlSecAssert(xmlSecGCryptPkSignatureCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGCryptPkSignatureSize));
+
+ ctx = xmlSecGCryptPkSignatureGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ if(ctx->key_data != NULL) {
+ xmlSecKeyDataDestroy(ctx->key_data);
+ }
+ if(ctx->digestCtx != NULL) {
+ gcry_md_close(ctx->digestCtx);
+ }
+
+ memset(ctx, 0, sizeof(xmlSecGCryptPkSignatureCtx));
+}
+
+static int
+xmlSecGCryptPkSignatureSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecGCryptPkSignatureCtxPtr ctx;
+ xmlSecKeyDataPtr key_data;
+
+ xmlSecAssert2(xmlSecGCryptPkSignatureCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptPkSignatureSize), -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ ctx = xmlSecGCryptPkSignatureGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->keyId != NULL, -1);
+ xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1);
+
+ key_data = xmlSecKeyGetValue(key);
+ xmlSecAssert2(key_data != NULL, -1);
+
+ if(ctx->key_data != NULL) {
+ xmlSecKeyDataDestroy(ctx->key_data);
+ }
+
+ ctx->key_data = xmlSecKeyDataDuplicate(key_data);
+ if(ctx->key_data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKeyDataDuplicate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecGCryptPkSignatureSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecGCryptPkSignatureCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecGCryptPkSignatureCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptPkSignatureSize), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ ctx = xmlSecGCryptPkSignatureGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->keyId != NULL, -1);
+
+ keyReq->keyId = ctx->keyId;
+ if(transform->operation == xmlSecTransformOperationSign) {
+ keyReq->keyType = xmlSecKeyDataTypePrivate;
+ keyReq->keyUsage = xmlSecKeyUsageSign;
+ } else {
+ keyReq->keyType = xmlSecKeyDataTypePublic;
+ keyReq->keyUsage = xmlSecKeyUsageVerify;
+ }
+ return(0);
+}
+
+
+static int
+xmlSecGCryptPkSignatureVerify(xmlSecTransformPtr transform,
+ const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecGCryptPkSignatureCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecGCryptPkSignatureCheckId(transform), -1);
+ xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptPkSignatureSize), -1);
+ xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecGCryptPkSignatureGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->sign != NULL, -1);
+ xmlSecAssert2(ctx->verify != NULL, -1);
+ xmlSecAssert2(ctx->dgstSize > 0, -1);
+ xmlSecAssert2(ctx->key_data != NULL, -1);
+
+ ret = ctx->verify(ctx->digest, ctx->key_data, ctx->dgst, ctx->dgstSize, data, dataSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "ctx->verify",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* check result */
+ if(ret == 1) {
+ transform->status = xmlSecTransformStatusOk;
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "ctx->verify",
+ XMLSEC_ERRORS_R_DATA_NOT_MATCH,
+ "signature do not match");
+ transform->status = xmlSecTransformStatusFail;
+ }
+
+ /* done */
+ return(0);
+}
+
+static int
+xmlSecGCryptPkSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecGCryptPkSignatureCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ xmlSecSize inSize;
+ xmlSecSize outSize;
+ int ret;
+
+ xmlSecAssert2(xmlSecGCryptPkSignatureCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptPkSignatureSize), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecGCryptPkSignatureGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->sign != NULL, -1);
+ xmlSecAssert2(ctx->verify != NULL, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+
+ ctx = xmlSecGCryptPkSignatureGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->key_data != NULL, -1);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ /* do nothing, already initialized */
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if(transform->status == xmlSecTransformStatusWorking) {
+ xmlSecAssert2(outSize == 0, -1);
+
+ /* update the digest */
+ if(inSize > 0) {
+ gcry_md_write(ctx->digestCtx, xmlSecBufferGetData(in), inSize);
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ }
+
+ /* generate digest and signature */
+ if(last != 0) {
+ xmlSecByte* buf;
+
+ /* get the final digest */
+ gcry_md_final(ctx->digestCtx);
+ buf = gcry_md_read(ctx->digestCtx, ctx->digest);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "gcry_md_read",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* copy it to our internal buffer */
+ ctx->dgstSize = gcry_md_get_algo_dlen(ctx->digest);
+ xmlSecAssert2(ctx->dgstSize > 0, -1);
+ xmlSecAssert2(ctx->dgstSize <= sizeof(ctx->dgst), -1);
+ memcpy(ctx->dgst, buf, ctx->dgstSize);
+
+ xmlSecAssert2(outSize == 0, -1);
+ if(transform->operation == xmlSecTransformOperationSign) {
+ ret = ctx->sign(ctx->digest, ctx->key_data, ctx->dgst, ctx->dgstSize, out);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "ctx->sign",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ /* done */
+ transform->status = xmlSecTransformStatusFinished;
+ }
+ }
+
+ if((transform->status == xmlSecTransformStatusWorking) || (transform->status == xmlSecTransformStatusFinished)) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/*****************************************************************************
+ *
+ * Helper
+ *
+ ****************************************************************************/
+static int
+xmlSecGCryptAppendMpi(gcry_mpi_t a, xmlSecBufferPtr out, xmlSecSize min_size) {
+ xmlSecSize outSize;
+ size_t written;
+ gpg_error_t err;
+ int ret;
+
+ xmlSecAssert2(a != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+
+ /* current size */
+ outSize = xmlSecBufferGetSize(out);
+
+ /* figure out how much space we need */
+ written = 0;
+ err = gcry_mpi_print(GCRYMPI_FMT_USG, NULL, 0, &written, a);
+ if((err != GPG_ERR_NO_ERROR) || (written == 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_mpi_print",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ /* add zeros at the beggining (if needed) */
+ if((min_size > 0) && (written < min_size)) {
+ outSize += (min_size - written);
+ }
+
+ /* allocate space */
+ ret = xmlSecBufferSetMaxSize(out, outSize + written + 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", (int)(outSize + written + 1));
+ return(-1);
+ }
+ xmlSecAssert2(xmlSecBufferGetMaxSize(out) > outSize, -1);
+
+ /* add zeros at the beggining (if needed) */
+ if((min_size > 0) && (written < min_size)) {
+ xmlSecSize ii;
+ xmlSecByte * p = xmlSecBufferGetData(out);
+
+ for(ii = 0; ii < (min_size - written); ++ii) {
+ p[outSize - ii - 1] = 0;
+ }
+ }
+
+ /* write out */
+ written = 0;
+ err = gcry_mpi_print(GCRYMPI_FMT_USG,
+ xmlSecBufferGetData(out) + outSize,
+ xmlSecBufferGetMaxSize(out) - outSize,
+ &written, a);
+ if((err != GPG_ERR_NO_ERROR) || (written == 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_mpi_print",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ /* reset size */
+ ret = xmlSecBufferSetSize(out, outSize + written);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d",
+ (int)(outSize + written));
+ return(-1);
+ }
+
+ /* done */
+ return(0);
+}
+
+#ifndef XMLSEC_NO_DSA
+
+#ifndef XMLSEC_NO_SHA1
+/****************************************************************************
+ *
+ * DSA-SHA1 signature transform
+ *
+ * http://www.w3.org/TR/xmldsig-core/#sec-SignatureAlg:
+ *
+ * The output of the DSA algorithm consists of a pair of integers
+ * usually referred by the pair (r, s). The signature value consists of
+ * the base64 encoding of the concatenation of two octet-streams that
+ * respectively result from the octet-encoding of the values r and s in
+ * that order. Integer to octet-stream conversion must be done according
+ * to the I2OSP operation defined in the RFC 2437 [PKCS1] specification
+ * with a l parameter equal to 20. For example, the SignatureValue element
+ * for a DSA signature (r, s) with values specified in hexadecimal:
+ *
+ * r = 8BAC1AB6 6410435C B7181F95 B16AB97C 92B341C0
+ * s = 41E2345F 1F56DF24 58F426D1 55B4BA2D B6DCD8C8
+ *
+ * from the example in Appendix 5 of the DSS standard would be
+ *
+ * <SignatureValue>i6watmQQQ1y3GB+VsWq5fJKzQcBB4jRfH1bfJFj0JtFVtLotttzYyA==</SignatureValue>
+ *
+ ***************************************************************************/
+static int
+xmlSecGCryptDsaPkSign(int digest ATTRIBUTE_UNUSED, xmlSecKeyDataPtr key_data,
+ const xmlSecByte* dgst, xmlSecSize dgstSize,
+ xmlSecBufferPtr out) {
+ gcry_mpi_t m_hash = NULL;
+ gcry_sexp_t s_data = NULL;
+ gcry_sexp_t s_sig = NULL;
+ gcry_sexp_t s_r = NULL;
+ gcry_sexp_t s_s = NULL;
+ gcry_mpi_t m_r = NULL;
+ gcry_mpi_t m_s = NULL;
+ gcry_sexp_t s_tmp;
+ gpg_error_t err;
+ int ret;
+ int res = -1;
+
+ xmlSecAssert2(key_data != NULL, -1);
+ xmlSecAssert2(xmlSecGCryptKeyDataDsaGetPrivateKey(key_data) != NULL, -1);
+ xmlSecAssert2(dgst != NULL, -1);
+ xmlSecAssert2(dgstSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+
+ /* get the current digest, can't use "hash" :( */
+ err = gcry_mpi_scan(&m_hash, GCRYMPI_FMT_USG, dgst, dgstSize, NULL);
+ if((err != GPG_ERR_NO_ERROR) || (m_hash == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_mpi_scan(hash)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ err = gcry_sexp_build (&s_data, NULL,
+ "(data (flags raw)(value %m))",
+ m_hash);
+ if((err != GPG_ERR_NO_ERROR) || (s_data == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(data)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* create signature */
+ err = gcry_pk_sign(&s_sig, s_data, xmlSecGCryptKeyDataDsaGetPrivateKey(key_data));
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_pk_sign",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* find signature value */
+ s_tmp = gcry_sexp_find_token(s_sig, "sig-val", 0);
+ if(s_tmp == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_find_token(sig-val)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ gcry_sexp_release(s_sig);
+ s_sig = s_tmp;
+
+ s_tmp = gcry_sexp_find_token(s_sig, "dsa", 0);
+ if(s_tmp == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_find_token(rsa)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ gcry_sexp_release(s_sig);
+ s_sig = s_tmp;
+
+ /* r */
+ s_r = gcry_sexp_find_token(s_sig, "r", 0);
+ if(s_r == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_find_token(r)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ m_r = gcry_sexp_nth_mpi(s_r, 1, GCRYMPI_FMT_USG);
+ if(m_r == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_nth_mpi(r)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* s */
+ s_s = gcry_sexp_find_token(s_sig, "s", 0);
+ if(s_s == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_find_token(s)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ m_s = gcry_sexp_nth_mpi(s_s, 1, GCRYMPI_FMT_USG);
+ if(m_s == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_nth_mpi(s)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* write out: r + s */
+ ret = xmlSecGCryptAppendMpi(m_r, out, 20);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAppendMpi",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ xmlSecAssert2(xmlSecBufferGetSize(out) == 20, -1);
+ ret = xmlSecGCryptAppendMpi(m_s, out, 20);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAppendMpi",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ xmlSecAssert2(xmlSecBufferGetSize(out) == (20 + 20), -1);
+
+ /* done */
+ res = 0;
+
+done:
+ if(m_hash != NULL) {
+ gcry_mpi_release(m_hash);
+ }
+ if(m_r != NULL) {
+ gcry_mpi_release(m_r);
+ }
+ if(m_s != NULL) {
+ gcry_mpi_release(m_s);
+ }
+
+ if(s_data != NULL) {
+ gcry_sexp_release(s_data);
+ }
+ if(s_sig != NULL) {
+ gcry_sexp_release(s_sig);
+ }
+ if(s_r != NULL) {
+ gcry_sexp_release(s_r);
+ }
+ if(s_s != NULL) {
+ gcry_sexp_release(s_s);
+ }
+
+ return(res);
+}
+
+static int
+xmlSecGCryptDsaPkVerify(int digest ATTRIBUTE_UNUSED, xmlSecKeyDataPtr key_data,
+ const xmlSecByte* dgst, xmlSecSize dgstSize,
+ const xmlSecByte* data, xmlSecSize dataSize) {
+ gcry_mpi_t m_hash = NULL;
+ gcry_sexp_t s_data = NULL;
+ gcry_mpi_t m_sig_r = NULL;
+ gcry_mpi_t m_sig_s = NULL;
+ gcry_sexp_t s_sig = NULL;
+ gpg_error_t err;
+ int res = -1;
+
+ xmlSecAssert2(key_data != NULL, -1);
+ xmlSecAssert2(xmlSecGCryptKeyDataDsaGetPublicKey(key_data) != NULL, -1);
+ xmlSecAssert2(dgst != NULL, -1);
+ xmlSecAssert2(dgstSize > 0, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(dataSize == (20 + 20), -1);
+
+ /* get the current digest, can't use "hash" :( */
+ err = gcry_mpi_scan(&m_hash, GCRYMPI_FMT_USG, dgst, dgstSize, NULL);
+ if((err != GPG_ERR_NO_ERROR) || (m_hash == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_mpi_scan(hash)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ err = gcry_sexp_build (&s_data, NULL,
+ "(data (flags raw)(value %m))",
+ m_hash);
+ if((err != GPG_ERR_NO_ERROR) || (s_data == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(data)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* get the existing signature */
+ err = gcry_mpi_scan(&m_sig_r, GCRYMPI_FMT_USG, data, 20, NULL);
+ if((err != GPG_ERR_NO_ERROR) || (m_sig_r == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_mpi_scan(r)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+ err = gcry_mpi_scan(&m_sig_s, GCRYMPI_FMT_USG, data + 20, 20, NULL);
+ if((err != GPG_ERR_NO_ERROR) || (m_sig_s == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_mpi_scan(s)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ err = gcry_sexp_build (&s_sig, NULL,
+ "(sig-val(dsa(r %m)(s %m)))",
+ m_sig_r, m_sig_s);
+ if((err != GPG_ERR_NO_ERROR) || (s_sig == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(sig-val)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* verify signature */
+ err = gcry_pk_verify(s_sig, s_data, xmlSecGCryptKeyDataDsaGetPublicKey(key_data));
+ if(err == GPG_ERR_NO_ERROR) {
+ res = 1; /* good signature */
+ } else if(err == GPG_ERR_BAD_SIGNATURE) {
+ res = 0; /* bad signature */
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_pk_verify",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* done */
+done:
+ if(m_hash != NULL) {
+ gcry_mpi_release(m_hash);
+ }
+ if(m_sig_r != NULL) {
+ gcry_mpi_release(m_sig_r);
+ }
+ if(m_sig_s != NULL) {
+ gcry_mpi_release(m_sig_s);
+ }
+
+ if(s_data != NULL) {
+ gcry_sexp_release(s_data);
+ }
+ if(s_sig != NULL) {
+ gcry_sexp_release(s_sig);
+ }
+
+ return(res);
+}
+
+
+static xmlSecTransformKlass xmlSecGCryptDsaSha1Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptPkSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameDsaSha1, /* const xmlChar* name; */
+ xmlSecHrefDsaSha1, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecGCryptPkSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptPkSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptPkSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecGCryptPkSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptPkSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptPkSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformDsaSha1GetKlass:
+ *
+ * The DSA-SHA1 signature transform klass.
+ *
+ * Returns: DSA-SHA1 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformDsaSha1GetKlass(void) {
+ return(&xmlSecGCryptDsaSha1Klass);
+}
+
+#endif /* XMLSEC_NO_SHA1 */
+
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_RSA
+
+/****************************************************************************
+ *
+ * RSA-SHA1 signature transform
+ *
+ * http://www.w3.org/TR/xmldsig-core/#sec-SignatureAlg:
+ *
+ * The SignatureValue content for an RSA signature is the base64 [MIME]
+ * encoding of the octet string computed as per RFC 2437 [PKCS1,
+ * section 8.1.1: Signature generation for the RSASSA-PKCS1-v1_5 signature
+ * scheme]. As specified in the EMSA-PKCS1-V1_5-ENCODE function RFC 2437
+ * [PKCS1, section 9.2.1], the value input to the signature function MUST
+ * contain a pre-pended algorithm object identifier for the hash function,
+ * but the availability of an ASN.1 parser and recognition of OIDs is not
+ * required of a signature verifier. The PKCS#1 v1.5 representation appears
+ * as:
+ *
+ * CRYPT (PAD (ASN.1 (OID, DIGEST (data))))
+ *
+ * Note that the padded ASN.1 will be of the following form:
+ *
+ * 01 | FF* | 00 | prefix | hash
+ *
+ * where "|" is concatenation, "01", "FF", and "00" are fixed octets of
+ * the corresponding hexadecimal value, "hash" is the SHA1 digest of the
+ * data, and "prefix" is the ASN.1 BER SHA1 algorithm designator prefix
+ * required in PKCS1 [RFC 2437], that is,
+ *
+ * hex 30 21 30 09 06 05 2B 0E 03 02 1A 05 00 04 14
+ *
+ * This prefix is included to make it easier to use standard cryptographic
+ * libraries. The FF octet MUST be repeated the maximum number of times such
+ * that the value of the quantity being CRYPTed is one octet shorter than
+ * the RSA modulus.
+ *
+ ***************************************************************************/
+static int
+xmlSecGCryptRsaPkcs1PkSign(int digest, xmlSecKeyDataPtr key_data,
+ const xmlSecByte* dgst, xmlSecSize dgstSize,
+ xmlSecBufferPtr out) {
+ gcry_sexp_t s_data = NULL;
+ gcry_mpi_t m_sig = NULL;
+ gcry_sexp_t s_sig = NULL;
+ gcry_sexp_t s_tmp;
+ gpg_error_t err;
+ int ret;
+ int res = -1;
+
+ xmlSecAssert2(key_data != NULL, -1);
+ xmlSecAssert2(xmlSecGCryptKeyDataRsaGetPrivateKey(key_data) != NULL, -1);
+ xmlSecAssert2(dgst != NULL, -1);
+ xmlSecAssert2(dgstSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+
+ /* get the current digest */
+ err = gcry_sexp_build (&s_data, NULL,
+ "(data (flags pkcs1)(hash %s %b))",
+ gcry_md_algo_name(digest),
+ (int)dgstSize, dgst);
+ if((err != GPG_ERR_NO_ERROR) || (s_data == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(data)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* create signature */
+ err = gcry_pk_sign(&s_sig, s_data, xmlSecGCryptKeyDataRsaGetPrivateKey(key_data));
+ if(err != GPG_ERR_NO_ERROR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_pk_sign",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* find signature value */
+ s_tmp = gcry_sexp_find_token(s_sig, "sig-val", 0);
+ if(s_tmp == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_find_token(sig-val)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ gcry_sexp_release(s_sig);
+ s_sig = s_tmp;
+
+ s_tmp = gcry_sexp_find_token(s_sig, "rsa", 0);
+ if(s_tmp == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_find_token(rsa)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ gcry_sexp_release(s_sig);
+ s_sig = s_tmp;
+
+ s_tmp = gcry_sexp_find_token(s_sig, "s", 0);
+ if(s_tmp == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_find_token(s)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ gcry_sexp_release(s_sig);
+ s_sig = s_tmp;
+
+ m_sig = gcry_sexp_nth_mpi(s_sig, 1, GCRYMPI_FMT_USG);
+ if(m_sig == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_nth_mpi(1)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* write out */
+ ret = xmlSecGCryptAppendMpi(m_sig, out, 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptAppendMpi",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* done */
+ res = 0;
+
+done:
+ if(m_sig != NULL) {
+ gcry_mpi_release(m_sig);
+ }
+
+ if(s_data != NULL) {
+ gcry_sexp_release(s_data);
+ }
+ if(s_sig != NULL) {
+ gcry_sexp_release(s_sig);
+ }
+
+ return(res);
+}
+
+static int
+xmlSecGCryptRsaPkcs1PkVerify(int digest, xmlSecKeyDataPtr key_data,
+ const xmlSecByte* dgst, xmlSecSize dgstSize,
+ const xmlSecByte* data, xmlSecSize dataSize) {
+ gcry_sexp_t s_data = NULL;
+ gcry_mpi_t m_sig = NULL;
+ gcry_sexp_t s_sig = NULL;
+ gpg_error_t err;
+ int res = -1;
+
+ xmlSecAssert2(key_data != NULL, -1);
+ xmlSecAssert2(xmlSecGCryptKeyDataRsaGetPublicKey(key_data) != NULL, -1);
+ xmlSecAssert2(dgst != NULL, -1);
+ xmlSecAssert2(dgstSize > 0, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(dataSize > 0, -1);
+
+ /* get the current digest */
+ err = gcry_sexp_build (&s_data, NULL,
+ "(data (flags pkcs1)(hash %s %b))",
+ gcry_md_algo_name(digest),
+ (int)dgstSize, dgst);
+ if((err != GPG_ERR_NO_ERROR) || (s_data == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(data)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* get the existing signature */
+ err = gcry_mpi_scan(&m_sig, GCRYMPI_FMT_USG, data, dataSize, NULL);
+ if((err != GPG_ERR_NO_ERROR) || (m_sig == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_mpi_scan",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ err = gcry_sexp_build (&s_sig, NULL,
+ "(sig-val(rsa(s %m)))",
+ m_sig);
+ if((err != GPG_ERR_NO_ERROR) || (s_sig == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(sig-val)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* verify signature */
+ err = gcry_pk_verify(s_sig, s_data, xmlSecGCryptKeyDataRsaGetPublicKey(key_data));
+ if(err == GPG_ERR_NO_ERROR) {
+ res = 1; /* good signature */
+ } else if(err == GPG_ERR_BAD_SIGNATURE) {
+ res = 0; /* bad signature */
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_pk_verify",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GCRYPT_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* done */
+done:
+ if(m_sig != NULL) {
+ gcry_mpi_release(m_sig);
+ }
+
+ if(s_data != NULL) {
+ gcry_sexp_release(s_data);
+ }
+ if(s_sig != NULL) {
+ gcry_sexp_release(s_sig);
+ }
+
+ return(res);
+}
+
+
+#ifndef XMLSEC_NO_MD5
+/****************************************************************************
+ *
+ * RSA-MD5 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptRsaMd5Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptPkSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaMd5, /* const xmlChar* name; */
+ xmlSecHrefRsaMd5, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecGCryptPkSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptPkSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptPkSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecGCryptPkSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptPkSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptPkSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformRsaMd5GetKlass:
+ *
+ * The RSA-MD5 signature transform klass.
+ *
+ * Returns: RSA-MD5 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformRsaMd5GetKlass(void) {
+ return(&xmlSecGCryptRsaMd5Klass);
+}
+
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+/****************************************************************************
+ *
+ * RSA-RIPEMD160 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptRsaRipemd160Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptPkSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaRipemd160, /* const xmlChar* name; */
+ xmlSecHrefRsaRipemd160, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecGCryptPkSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptPkSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptPkSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecGCryptPkSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptPkSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptPkSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformRsaRipemd160GetKlass:
+ *
+ * The RSA-RIPEMD160 signature transform klass.
+ *
+ * Returns: RSA-RIPEMD160 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformRsaRipemd160GetKlass(void) {
+ return(&xmlSecGCryptRsaRipemd160Klass);
+}
+
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+/****************************************************************************
+ *
+ * RSA-SHA1 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptRsaSha1Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptPkSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha1, /* const xmlChar* name; */
+ xmlSecHrefRsaSha1, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecGCryptPkSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptPkSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptPkSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecGCryptPkSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptPkSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptPkSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformRsaSha1GetKlass:
+ *
+ * The RSA-SHA1 signature transform klass.
+ *
+ * Returns: RSA-SHA1 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformRsaSha1GetKlass(void) {
+ return(&xmlSecGCryptRsaSha1Klass);
+}
+
+#endif /* XMLSEC_NO_SHA1 */
+
+
+#ifndef XMLSEC_NO_SHA256
+/****************************************************************************
+ *
+ * RSA-SHA256 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptRsaSha256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptPkSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha256, /* const xmlChar* name; */
+ xmlSecHrefRsaSha256, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecGCryptPkSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptPkSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptPkSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecGCryptPkSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptPkSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptPkSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformRsaSha256GetKlass:
+ *
+ * The RSA-SHA256 signature transform klass.
+ *
+ * Returns: RSA-SHA256 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformRsaSha256GetKlass(void) {
+ return(&xmlSecGCryptRsaSha256Klass);
+}
+
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/****************************************************************************
+ *
+ * RSA-SHA384 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptRsaSha384Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptPkSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha384, /* const xmlChar* name; */
+ xmlSecHrefRsaSha384, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecGCryptPkSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptPkSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptPkSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecGCryptPkSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptPkSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptPkSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformRsaSha384GetKlass:
+ *
+ * The RSA-SHA384 signature transform klass.
+ *
+ * Returns: RSA-SHA384 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformRsaSha384GetKlass(void) {
+ return(&xmlSecGCryptRsaSha384Klass);
+}
+
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/****************************************************************************
+ *
+ * RSA-SHA512 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecGCryptRsaSha512Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGCryptPkSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha512, /* const xmlChar* name; */
+ xmlSecHrefRsaSha512, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecGCryptPkSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGCryptPkSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGCryptPkSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecGCryptPkSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGCryptPkSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGCryptPkSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptTransformRsaSha512GetKlass:
+ *
+ * The RSA-SHA512 signature transform klass.
+ *
+ * Returns: RSA-SHA512 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecGCryptTransformRsaSha512GetKlass(void) {
+ return(&xmlSecGCryptRsaSha512Klass);
+}
+
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_RSA */
+
+
+
diff --git a/src/gcrypt/symkeys.c b/src/gcrypt/symkeys.c
new file mode 100644
index 00000000..88272fe3
--- /dev/null
+++ b/src/gcrypt/symkeys.c
@@ -0,0 +1,441 @@
+/**
+ *
+ * XMLSec library
+ *
+ * DES Algorithm support
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gcrypt/crypto.h>
+
+
+/*****************************************************************************
+ *
+ * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary
+ *
+ ****************************************************************************/
+static int xmlSecGCryptSymKeyDataInitialize (xmlSecKeyDataPtr data);
+static int xmlSecGCryptSymKeyDataDuplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecGCryptSymKeyDataFinalize (xmlSecKeyDataPtr data);
+static int xmlSecGCryptSymKeyDataXmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGCryptSymKeyDataXmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGCryptSymKeyDataBinRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGCryptSymKeyDataBinWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlSecByte** buf,
+ xmlSecSize* bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGCryptSymKeyDataGenerate (xmlSecKeyDataPtr data,
+ xmlSecSize sizeBits,
+ xmlSecKeyDataType type);
+
+static xmlSecKeyDataType xmlSecGCryptSymKeyDataGetType (xmlSecKeyDataPtr data);
+static xmlSecSize xmlSecGCryptSymKeyDataGetSize (xmlSecKeyDataPtr data);
+static void xmlSecGCryptSymKeyDataDebugDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecGCryptSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static int xmlSecGCryptSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass);
+
+#define xmlSecGCryptSymKeyDataCheckId(data) \
+ (xmlSecKeyDataIsValid((data)) && \
+ xmlSecGCryptSymKeyDataKlassCheck((data)->id))
+
+static int
+xmlSecGCryptSymKeyDataInitialize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecGCryptSymKeyDataCheckId(data), -1);
+
+ return(xmlSecKeyDataBinaryValueInitialize(data));
+}
+
+static int
+xmlSecGCryptSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecAssert2(xmlSecGCryptSymKeyDataCheckId(dst), -1);
+ xmlSecAssert2(xmlSecGCryptSymKeyDataCheckId(src), -1);
+ xmlSecAssert2(dst->id == src->id, -1);
+
+ return(xmlSecKeyDataBinaryValueDuplicate(dst, src));
+}
+
+static void
+xmlSecGCryptSymKeyDataFinalize(xmlSecKeyDataPtr data) {
+ xmlSecAssert(xmlSecGCryptSymKeyDataCheckId(data));
+
+ xmlSecKeyDataBinaryValueFinalize(data);
+}
+
+static int
+xmlSecGCryptSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(xmlSecGCryptSymKeyDataKlassCheck(id), -1);
+
+ return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx));
+}
+
+static int
+xmlSecGCryptSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(xmlSecGCryptSymKeyDataKlassCheck(id), -1);
+
+ return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx));
+}
+
+static int
+xmlSecGCryptSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ const xmlSecByte* buf, xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(xmlSecGCryptSymKeyDataKlassCheck(id), -1);
+
+ return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx));
+}
+
+static int
+xmlSecGCryptSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlSecByte** buf, xmlSecSize* bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(xmlSecGCryptSymKeyDataKlassCheck(id), -1);
+
+ return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx));
+}
+
+static int
+xmlSecGCryptSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecGCryptSymKeyDataCheckId(data), -1);
+ xmlSecAssert2(sizeBits > 0, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ return(xmlSecGCryptGenerateRandom(buffer, (sizeBits + 7) / 8));
+}
+
+static xmlSecKeyDataType
+xmlSecGCryptSymKeyDataGetType(xmlSecKeyDataPtr data) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecGCryptSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown);
+
+ return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown);
+}
+
+static xmlSecSize
+xmlSecGCryptSymKeyDataGetSize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecGCryptSymKeyDataCheckId(data), 0);
+
+ return(xmlSecKeyDataBinaryValueGetSize(data));
+}
+
+static void
+xmlSecGCryptSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecGCryptSymKeyDataCheckId(data));
+
+ xmlSecKeyDataBinaryValueDebugDump(data, output);
+}
+
+static void
+xmlSecGCryptSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecGCryptSymKeyDataCheckId(data));
+
+ xmlSecKeyDataBinaryValueDebugXmlDump(data, output);
+}
+
+static int
+xmlSecGCryptSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) {
+#ifndef XMLSEC_NO_DES
+ if(klass == xmlSecGCryptKeyDataDesId) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_AES
+ if(klass == xmlSecGCryptKeyDataAesId) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_AES */
+
+#ifndef XMLSEC_NO_HMAC
+ if(klass == xmlSecGCryptKeyDataHmacId) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_HMAC */
+
+ return(0);
+}
+
+#ifndef XMLSEC_NO_AES
+/**************************************************************************
+ *
+ * <xmlsec:AESKeyValue> processing
+ *
+ *************************************************************************/
+static xmlSecKeyDataKlass xmlSecGCryptKeyDataAesKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecKeyDataBinarySize,
+
+ /* data */
+ xmlSecNameAESKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefAESKeyValue, /* const xmlChar* href; */
+ xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecGCryptSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecGCryptSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecGCryptSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecGCryptSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecGCryptSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecGCryptSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecGCryptSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecGCryptSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecGCryptSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ xmlSecGCryptSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecGCryptSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecGCryptSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptKeyDataAesGetKlass:
+ *
+ * The AES key data klass.
+ *
+ * Returns: AES key data klass.
+ */
+xmlSecKeyDataId
+xmlSecGCryptKeyDataAesGetKlass(void) {
+ return(&xmlSecGCryptKeyDataAesKlass);
+}
+
+/**
+ * xmlSecGCryptKeyDataAesSet:
+ * @data: the pointer to AES key data.
+ * @buf: the pointer to key value.
+ * @bufSize: the key value size (in bytes).
+ *
+ * Sets the value of AES key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecGCryptKeyDataAesSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataAesId), -1);
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(bufSize > 0, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ return(xmlSecBufferSetData(buffer, buf, bufSize));
+}
+#endif /* XMLSEC_NO_AES */
+
+#ifndef XMLSEC_NO_DES
+/**************************************************************************
+ *
+ * <xmlsec:DESKeyValue> processing
+ *
+ *************************************************************************/
+static xmlSecKeyDataKlass xmlSecGCryptKeyDataDesKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecKeyDataBinarySize,
+
+ /* data */
+ xmlSecNameDESKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefDESKeyValue, /* const xmlChar* href; */
+ xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecGCryptSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecGCryptSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecGCryptSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecGCryptSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecGCryptSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecGCryptSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecGCryptSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecGCryptSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecGCryptSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ xmlSecGCryptSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecGCryptSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecGCryptSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptKeyDataDesGetKlass:
+ *
+ * The DES key data klass.
+ *
+ * Returns: DES key data klass.
+ */
+xmlSecKeyDataId
+xmlSecGCryptKeyDataDesGetKlass(void) {
+ return(&xmlSecGCryptKeyDataDesKlass);
+}
+
+/**
+ * xmlSecGCryptKeyDataDesSet:
+ * @data: the pointer to DES key data.
+ * @buf: the pointer to key value.
+ * @bufSize: the key value size (in bytes).
+ *
+ * Sets the value of DES key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecGCryptKeyDataDesSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataDesId), -1);
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(bufSize > 0, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ return(xmlSecBufferSetData(buffer, buf, bufSize));
+}
+
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_HMAC
+/**************************************************************************
+ *
+ * <xmlsec:HMACKeyValue> processing
+ *
+ *************************************************************************/
+static xmlSecKeyDataKlass xmlSecGCryptKeyDataHmacKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecKeyDataBinarySize,
+
+ /* data */
+ xmlSecNameHMACKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefHMACKeyValue, /* const xmlChar* href; */
+ xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecGCryptSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecGCryptSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecGCryptSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecGCryptSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecGCryptSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecGCryptSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecGCryptSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecGCryptSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecGCryptSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ xmlSecGCryptSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecGCryptSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecGCryptSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGCryptKeyDataHmacGetKlass:
+ *
+ * The HMAC key data klass.
+ *
+ * Returns: HMAC key data klass.
+ */
+xmlSecKeyDataId
+xmlSecGCryptKeyDataHmacGetKlass(void) {
+ return(&xmlSecGCryptKeyDataHmacKlass);
+}
+
+/**
+ * xmlSecGCryptKeyDataHmacSet:
+ * @data: the pointer to HMAC key data.
+ * @buf: the pointer to key value.
+ * @bufSize: the key value size (in bytes).
+ *
+ * Sets the value of HMAC key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecGCryptKeyDataHmacSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGCryptKeyDataHmacId), -1);
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(bufSize > 0, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ return(xmlSecBufferSetData(buffer, buf, bufSize));
+}
+
+#endif /* XMLSEC_NO_HMAC */
+
diff --git a/src/globals.h b/src/globals.h
new file mode 100644
index 00000000..31a57d6b
--- /dev/null
+++ b/src/globals.h
@@ -0,0 +1,25 @@
+/*
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Internal header only used during the compilation,
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+
+#ifndef __XMLSEC_GLOBALS_H__
+#define __XMLSEC_GLOBALS_H__
+
+/**
+ * Use autoconf defines if present.
+ */
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif /* HAVE_CONFIG_H */
+
+#define IN_XMLSEC
+#define XMLSEC_PRIVATE
+
+#endif /* __XMLSEC_GLOBALS_H__ */
diff --git a/src/gnutls/Makefile.am b/src/gnutls/Makefile.am
new file mode 100644
index 00000000..84ce637a
--- /dev/null
+++ b/src/gnutls/Makefile.am
@@ -0,0 +1,58 @@
+NULL =
+
+EXTRA_DIST = \
+ README \
+ $(NULL)
+
+lib_LTLIBRARIES = \
+ libxmlsec1-gnutls.la \
+ $(NULL)
+
+libxmlsec1_gnutls_la_CPPFLAGS = \
+ -DPACKAGE=\"@PACKAGE@\" \
+ -I../../include \
+ -I$(top_srcdir)/include \
+ $(XMLSEC_DEFINES) \
+ $(GNUTLS_CFLAGS) \
+ $(LIBXSLT_CFLAGS) \
+ $(LIBXML_CFLAGS) \
+ $(NULL)
+
+libxmlsec1_gnutls_la_SOURCES =\
+ app.c \
+ ciphers.c \
+ crypto.c \
+ digests.c \
+ hmac.c \
+ kw_aes.c \
+ kw_des.c \
+ symkeys.c \
+ asymkeys.c \
+ signatures.c \
+ x509utils.h \
+ x509utils.c \
+ x509.c \
+ x509vfy.c \
+ globals.h \
+ $(NULL)
+
+if SHAREDLIB_HACK
+libxmlsec1_gnutls_la_SOURCES += ../strings.c
+endif
+
+# xmlsec-gnutls library requires xmlsec-gcrypt
+libxmlsec1_gnutls_la_LIBADD = \
+ $(GNUTLS_LIBS) \
+ $(LIBXSLT_LIBS) \
+ $(LIBXML_LIBS) \
+ ../libxmlsec1.la \
+ ../gcrypt/libxmlsec1-gcrypt.la \
+ $(NULL)
+
+libxmlsec1_gnutls_la_DEPENDENCIES = \
+ $(NULL)
+
+libxmlsec1_gnutls_la_LDFLAGS = \
+ @XMLSEC_CRYPTO_EXTRA_LDFLAGS@ \
+ -version-info @XMLSEC_VERSION_INFO@ \
+ $(NULL)
diff --git a/src/gnutls/Makefile.in b/src/gnutls/Makefile.in
new file mode 100644
index 00000000..93a57352
--- /dev/null
+++ b/src/gnutls/Makefile.in
@@ -0,0 +1,786 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@SHAREDLIB_HACK_TRUE@am__append_1 = ../strings.c
+subdir = src/gnutls
+DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(libdir)"
+LTLIBRARIES = $(lib_LTLIBRARIES)
+am__DEPENDENCIES_1 =
+am__libxmlsec1_gnutls_la_SOURCES_DIST = app.c ciphers.c crypto.c \
+ digests.c hmac.c kw_aes.c kw_des.c symkeys.c asymkeys.c \
+ signatures.c x509utils.h x509utils.c x509.c x509vfy.c \
+ globals.h ../strings.c
+am__objects_1 =
+@SHAREDLIB_HACK_TRUE@am__objects_2 = libxmlsec1_gnutls_la-strings.lo
+am_libxmlsec1_gnutls_la_OBJECTS = libxmlsec1_gnutls_la-app.lo \
+ libxmlsec1_gnutls_la-ciphers.lo libxmlsec1_gnutls_la-crypto.lo \
+ libxmlsec1_gnutls_la-digests.lo libxmlsec1_gnutls_la-hmac.lo \
+ libxmlsec1_gnutls_la-kw_aes.lo libxmlsec1_gnutls_la-kw_des.lo \
+ libxmlsec1_gnutls_la-symkeys.lo \
+ libxmlsec1_gnutls_la-asymkeys.lo \
+ libxmlsec1_gnutls_la-signatures.lo \
+ libxmlsec1_gnutls_la-x509utils.lo libxmlsec1_gnutls_la-x509.lo \
+ libxmlsec1_gnutls_la-x509vfy.lo $(am__objects_1) \
+ $(am__objects_2)
+libxmlsec1_gnutls_la_OBJECTS = $(am_libxmlsec1_gnutls_la_OBJECTS)
+libxmlsec1_gnutls_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libxmlsec1_gnutls_la_LDFLAGS) $(LDFLAGS) -o $@
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libxmlsec1_gnutls_la_SOURCES)
+DIST_SOURCES = $(am__libxmlsec1_gnutls_la_SOURCES_DIST)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CP = @CP@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GCRYPT_CFLAGS = @GCRYPT_CFLAGS@
+GCRYPT_CRYPTO_LIB = @GCRYPT_CRYPTO_LIB@
+GCRYPT_LIBS = @GCRYPT_LIBS@
+GCRYPT_MIN_VERSION = @GCRYPT_MIN_VERSION@
+GNUTLS_CFLAGS = @GNUTLS_CFLAGS@
+GNUTLS_CRYPTO_LIB = @GNUTLS_CRYPTO_LIB@
+GNUTLS_LIBS = @GNUTLS_LIBS@
+GNUTLS_MIN_VERSION = @GNUTLS_MIN_VERSION@
+GREP = @GREP@
+HELP2MAN = @HELP2MAN@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIBXML_CFLAGS = @LIBXML_CFLAGS@
+LIBXML_CONFIG = @LIBXML_CONFIG@
+LIBXML_LIBS = @LIBXML_LIBS@
+LIBXML_MIN_VERSION = @LIBXML_MIN_VERSION@
+LIBXSLT_CFLAGS = @LIBXSLT_CFLAGS@
+LIBXSLT_CONFIG = @LIBXSLT_CONFIG@
+LIBXSLT_LIBS = @LIBXSLT_LIBS@
+LIBXSLT_MIN_VERSION = @LIBXSLT_MIN_VERSION@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MAN2HTML = @MAN2HTML@
+MKDIR_P = @MKDIR_P@
+MOZILLA_MIN_VERSION = @MOZILLA_MIN_VERSION@
+MSCRYPTO_CFLAGS = @MSCRYPTO_CFLAGS@
+MSCRYPTO_CRYPTO_LIB = @MSCRYPTO_CRYPTO_LIB@
+MSCRYPTO_LIBS = @MSCRYPTO_LIBS@
+MV = @MV@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NSPR_MIN_VERSION = @NSPR_MIN_VERSION@
+NSPR_PACKAGE = @NSPR_PACKAGE@
+NSS_CFLAGS = @NSS_CFLAGS@
+NSS_CRYPTO_LIB = @NSS_CRYPTO_LIB@
+NSS_LIBS = @NSS_LIBS@
+NSS_MIN_VERSION = @NSS_MIN_VERSION@
+NSS_PACKAGE = @NSS_PACKAGE@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_CFLAGS = @OPENSSL_CFLAGS@
+OPENSSL_CRYPTO_LIB = @OPENSSL_CRYPTO_LIB@
+OPENSSL_LIBS = @OPENSSL_LIBS@
+OPENSSL_MIN_VERSION = @OPENSSL_MIN_VERSION@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKGCONFIG_PRESENT = @PKGCONFIG_PRESENT@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+RANLIB = @RANLIB@
+RM = @RM@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+TAR = @TAR@
+U = @U@
+VERSION = @VERSION@
+XMLSEC_APP_DEFINES = @XMLSEC_APP_DEFINES@
+XMLSEC_CFLAGS = @XMLSEC_CFLAGS@
+XMLSEC_CORE_CFLAGS = @XMLSEC_CORE_CFLAGS@
+XMLSEC_CORE_LIBS = @XMLSEC_CORE_LIBS@
+XMLSEC_CRYPTO = @XMLSEC_CRYPTO@
+XMLSEC_CRYPTO_CFLAGS = @XMLSEC_CRYPTO_CFLAGS@
+XMLSEC_CRYPTO_DISABLED_LIST = @XMLSEC_CRYPTO_DISABLED_LIST@
+XMLSEC_CRYPTO_EXTRA_LDFLAGS = @XMLSEC_CRYPTO_EXTRA_LDFLAGS@
+XMLSEC_CRYPTO_LIB = @XMLSEC_CRYPTO_LIB@
+XMLSEC_CRYPTO_LIBS = @XMLSEC_CRYPTO_LIBS@
+XMLSEC_CRYPTO_LIST = @XMLSEC_CRYPTO_LIST@
+XMLSEC_CRYPTO_PC_FILES_LIST = @XMLSEC_CRYPTO_PC_FILES_LIST@
+XMLSEC_DEFINES = @XMLSEC_DEFINES@
+XMLSEC_DL_INCLUDES = @XMLSEC_DL_INCLUDES@
+XMLSEC_DL_LIBS = @XMLSEC_DL_LIBS@
+XMLSEC_DOCDIR = @XMLSEC_DOCDIR@
+XMLSEC_EXTRA_LDFLAGS = @XMLSEC_EXTRA_LDFLAGS@
+XMLSEC_GCRYPT_CFLAGS = @XMLSEC_GCRYPT_CFLAGS@
+XMLSEC_GCRYPT_LIBS = @XMLSEC_GCRYPT_LIBS@
+XMLSEC_GNUTLS_CFLAGS = @XMLSEC_GNUTLS_CFLAGS@
+XMLSEC_GNUTLS_LIBS = @XMLSEC_GNUTLS_LIBS@
+XMLSEC_LIBDIR = @XMLSEC_LIBDIR@
+XMLSEC_LIBS = @XMLSEC_LIBS@
+XMLSEC_NO_AES = @XMLSEC_NO_AES@
+XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_DES = @XMLSEC_NO_DES@
+XMLSEC_NO_DSA = @XMLSEC_NO_DSA@
+XMLSEC_NO_GCRYPT = @XMLSEC_NO_GCRYPT@
+XMLSEC_NO_GNUTLS = @XMLSEC_NO_GNUTLS@
+XMLSEC_NO_GOST = @XMLSEC_NO_GOST@
+XMLSEC_NO_HMAC = @XMLSEC_NO_HMAC@
+XMLSEC_NO_LIBXSLT = @XMLSEC_NO_LIBXSLT@
+XMLSEC_NO_MD5 = @XMLSEC_NO_MD5@
+XMLSEC_NO_MSCRYPTO = @XMLSEC_NO_MSCRYPTO@
+XMLSEC_NO_NSS = @XMLSEC_NO_NSS@
+XMLSEC_NO_OPENSSL = @XMLSEC_NO_OPENSSL@
+XMLSEC_NO_RIPEMD160 = @XMLSEC_NO_RIPEMD160@
+XMLSEC_NO_RSA = @XMLSEC_NO_RSA@
+XMLSEC_NO_SHA1 = @XMLSEC_NO_SHA1@
+XMLSEC_NO_SHA224 = @XMLSEC_NO_SHA224@
+XMLSEC_NO_SHA256 = @XMLSEC_NO_SHA256@
+XMLSEC_NO_SHA384 = @XMLSEC_NO_SHA384@
+XMLSEC_NO_SHA512 = @XMLSEC_NO_SHA512@
+XMLSEC_NO_X509 = @XMLSEC_NO_X509@
+XMLSEC_NO_XKMS = @XMLSEC_NO_XKMS@
+XMLSEC_NO_XMLDSIG = @XMLSEC_NO_XMLDSIG@
+XMLSEC_NO_XMLENC = @XMLSEC_NO_XMLENC@
+XMLSEC_NSS_CFLAGS = @XMLSEC_NSS_CFLAGS@
+XMLSEC_NSS_LIBS = @XMLSEC_NSS_LIBS@
+XMLSEC_OPENSSL_CFLAGS = @XMLSEC_OPENSSL_CFLAGS@
+XMLSEC_OPENSSL_LIBS = @XMLSEC_OPENSSL_LIBS@
+XMLSEC_PACKAGE = @XMLSEC_PACKAGE@
+XMLSEC_STATIC_BINARIES = @XMLSEC_STATIC_BINARIES@
+XMLSEC_VERSION = @XMLSEC_VERSION@
+XMLSEC_VERSION_INFO = @XMLSEC_VERSION_INFO@
+XMLSEC_VERSION_MAJOR = @XMLSEC_VERSION_MAJOR@
+XMLSEC_VERSION_MINOR = @XMLSEC_VERSION_MINOR@
+XMLSEC_VERSION_SAFE = @XMLSEC_VERSION_SAFE@
+XMLSEC_VERSION_SUBMINOR = @XMLSEC_VERSION_SUBMINOR@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+NULL =
+EXTRA_DIST = \
+ README \
+ $(NULL)
+
+lib_LTLIBRARIES = \
+ libxmlsec1-gnutls.la \
+ $(NULL)
+
+libxmlsec1_gnutls_la_CPPFLAGS = \
+ -DPACKAGE=\"@PACKAGE@\" \
+ -I../../include \
+ -I$(top_srcdir)/include \
+ $(XMLSEC_DEFINES) \
+ $(GNUTLS_CFLAGS) \
+ $(LIBXSLT_CFLAGS) \
+ $(LIBXML_CFLAGS) \
+ $(NULL)
+
+libxmlsec1_gnutls_la_SOURCES = app.c ciphers.c crypto.c digests.c \
+ hmac.c kw_aes.c kw_des.c symkeys.c asymkeys.c signatures.c \
+ x509utils.h x509utils.c x509.c x509vfy.c globals.h $(NULL) \
+ $(am__append_1)
+
+# xmlsec-gnutls library requires xmlsec-gcrypt
+libxmlsec1_gnutls_la_LIBADD = \
+ $(GNUTLS_LIBS) \
+ $(LIBXSLT_LIBS) \
+ $(LIBXML_LIBS) \
+ ../libxmlsec1.la \
+ ../gcrypt/libxmlsec1-gcrypt.la \
+ $(NULL)
+
+libxmlsec1_gnutls_la_DEPENDENCIES = \
+ $(NULL)
+
+libxmlsec1_gnutls_la_LDFLAGS = \
+ @XMLSEC_CRYPTO_EXTRA_LDFLAGS@ \
+ -version-info @XMLSEC_VERSION_INFO@ \
+ $(NULL)
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/gnutls/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/gnutls/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
+ @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \
+ }
+
+uninstall-libLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \
+ done
+
+clean-libLTLIBRARIES:
+ -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libxmlsec1-gnutls.la: $(libxmlsec1_gnutls_la_OBJECTS) $(libxmlsec1_gnutls_la_DEPENDENCIES)
+ $(libxmlsec1_gnutls_la_LINK) -rpath $(libdir) $(libxmlsec1_gnutls_la_OBJECTS) $(libxmlsec1_gnutls_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-app.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-asymkeys.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-ciphers.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-crypto.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-digests.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-hmac.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-kw_aes.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-kw_des.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-signatures.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-strings.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-symkeys.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-x509.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-x509utils.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-x509vfy.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+libxmlsec1_gnutls_la-app.lo: app.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-app.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-app.Tpo -c -o libxmlsec1_gnutls_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-app.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-app.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='app.c' object='libxmlsec1_gnutls_la-app.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
+
+libxmlsec1_gnutls_la-ciphers.lo: ciphers.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-ciphers.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-ciphers.Tpo -c -o libxmlsec1_gnutls_la-ciphers.lo `test -f 'ciphers.c' || echo '$(srcdir)/'`ciphers.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-ciphers.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-ciphers.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ciphers.c' object='libxmlsec1_gnutls_la-ciphers.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-ciphers.lo `test -f 'ciphers.c' || echo '$(srcdir)/'`ciphers.c
+
+libxmlsec1_gnutls_la-crypto.lo: crypto.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-crypto.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-crypto.Tpo -c -o libxmlsec1_gnutls_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-crypto.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-crypto.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto.c' object='libxmlsec1_gnutls_la-crypto.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c
+
+libxmlsec1_gnutls_la-digests.lo: digests.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-digests.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-digests.Tpo -c -o libxmlsec1_gnutls_la-digests.lo `test -f 'digests.c' || echo '$(srcdir)/'`digests.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-digests.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-digests.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='digests.c' object='libxmlsec1_gnutls_la-digests.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-digests.lo `test -f 'digests.c' || echo '$(srcdir)/'`digests.c
+
+libxmlsec1_gnutls_la-hmac.lo: hmac.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-hmac.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-hmac.Tpo -c -o libxmlsec1_gnutls_la-hmac.lo `test -f 'hmac.c' || echo '$(srcdir)/'`hmac.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-hmac.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-hmac.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='hmac.c' object='libxmlsec1_gnutls_la-hmac.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-hmac.lo `test -f 'hmac.c' || echo '$(srcdir)/'`hmac.c
+
+libxmlsec1_gnutls_la-kw_aes.lo: kw_aes.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-kw_aes.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-kw_aes.Tpo -c -o libxmlsec1_gnutls_la-kw_aes.lo `test -f 'kw_aes.c' || echo '$(srcdir)/'`kw_aes.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-kw_aes.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-kw_aes.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kw_aes.c' object='libxmlsec1_gnutls_la-kw_aes.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-kw_aes.lo `test -f 'kw_aes.c' || echo '$(srcdir)/'`kw_aes.c
+
+libxmlsec1_gnutls_la-kw_des.lo: kw_des.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-kw_des.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-kw_des.Tpo -c -o libxmlsec1_gnutls_la-kw_des.lo `test -f 'kw_des.c' || echo '$(srcdir)/'`kw_des.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-kw_des.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-kw_des.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kw_des.c' object='libxmlsec1_gnutls_la-kw_des.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-kw_des.lo `test -f 'kw_des.c' || echo '$(srcdir)/'`kw_des.c
+
+libxmlsec1_gnutls_la-symkeys.lo: symkeys.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-symkeys.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-symkeys.Tpo -c -o libxmlsec1_gnutls_la-symkeys.lo `test -f 'symkeys.c' || echo '$(srcdir)/'`symkeys.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-symkeys.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-symkeys.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='symkeys.c' object='libxmlsec1_gnutls_la-symkeys.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-symkeys.lo `test -f 'symkeys.c' || echo '$(srcdir)/'`symkeys.c
+
+libxmlsec1_gnutls_la-asymkeys.lo: asymkeys.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-asymkeys.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-asymkeys.Tpo -c -o libxmlsec1_gnutls_la-asymkeys.lo `test -f 'asymkeys.c' || echo '$(srcdir)/'`asymkeys.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-asymkeys.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-asymkeys.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asymkeys.c' object='libxmlsec1_gnutls_la-asymkeys.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-asymkeys.lo `test -f 'asymkeys.c' || echo '$(srcdir)/'`asymkeys.c
+
+libxmlsec1_gnutls_la-signatures.lo: signatures.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-signatures.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-signatures.Tpo -c -o libxmlsec1_gnutls_la-signatures.lo `test -f 'signatures.c' || echo '$(srcdir)/'`signatures.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-signatures.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-signatures.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='signatures.c' object='libxmlsec1_gnutls_la-signatures.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-signatures.lo `test -f 'signatures.c' || echo '$(srcdir)/'`signatures.c
+
+libxmlsec1_gnutls_la-x509utils.lo: x509utils.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-x509utils.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-x509utils.Tpo -c -o libxmlsec1_gnutls_la-x509utils.lo `test -f 'x509utils.c' || echo '$(srcdir)/'`x509utils.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-x509utils.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-x509utils.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='x509utils.c' object='libxmlsec1_gnutls_la-x509utils.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-x509utils.lo `test -f 'x509utils.c' || echo '$(srcdir)/'`x509utils.c
+
+libxmlsec1_gnutls_la-x509.lo: x509.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-x509.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-x509.Tpo -c -o libxmlsec1_gnutls_la-x509.lo `test -f 'x509.c' || echo '$(srcdir)/'`x509.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-x509.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-x509.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='x509.c' object='libxmlsec1_gnutls_la-x509.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-x509.lo `test -f 'x509.c' || echo '$(srcdir)/'`x509.c
+
+libxmlsec1_gnutls_la-x509vfy.lo: x509vfy.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-x509vfy.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-x509vfy.Tpo -c -o libxmlsec1_gnutls_la-x509vfy.lo `test -f 'x509vfy.c' || echo '$(srcdir)/'`x509vfy.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-x509vfy.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-x509vfy.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='x509vfy.c' object='libxmlsec1_gnutls_la-x509vfy.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-x509vfy.lo `test -f 'x509vfy.c' || echo '$(srcdir)/'`x509vfy.c
+
+libxmlsec1_gnutls_la-strings.lo: ../strings.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-strings.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-strings.Tpo -c -o libxmlsec1_gnutls_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-strings.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-strings.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='../strings.c' object='libxmlsec1_gnutls_la-strings.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(libdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-libLTLIBRARIES
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-libLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libLTLIBRARIES clean-libtool ctags distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am \
+ install-libLTLIBRARIES install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-libLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/gnutls/README b/src/gnutls/README
new file mode 100644
index 00000000..404aa878
--- /dev/null
+++ b/src/gnutls/README
@@ -0,0 +1,6 @@
+The xmlsec-gnutls uses both libgcrypt and libgnutls because GnuTLS
+does not provide direct access to low-level crypto operations (digests,
+hmac, aes, des, etc.).
+
+
+
diff --git a/src/gnutls/app.c b/src/gnutls/app.c
new file mode 100644
index 00000000..856257f3
--- /dev/null
+++ b/src/gnutls/app.c
@@ -0,0 +1,998 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gnutls/app.h>
+#include <xmlsec/gnutls/crypto.h>
+#include <xmlsec/gnutls/x509.h>
+
+#include "x509utils.h"
+
+/**************************************************************************
+ *
+ * We use xmlsec-gcrypt for all the basic crypto ops
+ *
+ *****************************************************************************/
+#include <xmlsec/gcrypt/crypto.h>
+#include <xmlsec/gcrypt/app.h>
+
+static xmlSecKeyPtr xmlSecGnuTLSAppKeyFromCertLoad (const char *filename,
+ xmlSecKeyDataFormat format);
+static xmlSecKeyPtr xmlSecGnuTLSAppKeyFromCertLoadMemory (const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format);
+
+/**
+ * xmlSecGnuTLSAppInit:
+ * @config: the path to GnuTLS configuration (unused).
+ *
+ * General crypto engine initialization. This function is used
+ * by XMLSec command line utility and called before
+ * @xmlSecInit function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSAppInit(const char* config) {
+ int err;
+
+ err = gnutls_global_init();
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_global_init",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ return(xmlSecGCryptAppInit(config));
+}
+
+/**
+ * xmlSecGnuTLSAppShutdown:
+ *
+ * General crypto engine shutdown. This function is used
+ * by XMLSec command line utility and called after
+ * @xmlSecShutdown function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSAppShutdown(void) {
+ gnutls_global_deinit();
+
+ return(xmlSecGCryptAppShutdown());
+}
+
+/**
+ * xmlSecGnuTLSAppKeyLoad:
+ * @filename: the key filename.
+ * @format: the key file format.
+ * @pwd: the key file password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key from the a file.
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecGnuTLSAppKeyLoad(const char *filename, xmlSecKeyDataFormat format,
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx) {
+ xmlSecKeyPtr key;
+
+ xmlSecAssert2(filename != NULL, NULL);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
+
+ switch(format) {
+#ifndef XMLSEC_NO_X509
+ case xmlSecKeyDataFormatPkcs12:
+ key = xmlSecGnuTLSAppPkcs12Load(filename, pwd, pwdCallback, pwdCallbackCtx);
+ break;
+ case xmlSecKeyDataFormatCertPem:
+ case xmlSecKeyDataFormatCertDer:
+ key = xmlSecGnuTLSAppKeyFromCertLoad(filename, format);
+ break;
+#endif /* XMLSEC_NO_X509 */
+ default:
+ key = xmlSecGCryptAppKeyLoad(filename, format, pwd, pwdCallback, pwdCallbackCtx);
+ break;
+ }
+
+ return(key);
+}
+
+/**
+ * xmlSecGnuTLSAppKeyLoadMemory:
+ * @data: the binary key data.
+ * @dataSize: the size of binary key.
+ * @format: the key file format.
+ * @pwd: the key file password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key from the memory buffer.
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecGnuTLSAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecKeyDataFormat format, const char *pwd,
+ void* pwdCallback, void* pwdCallbackCtx) {
+ xmlSecKeyPtr key;
+
+ xmlSecAssert2(data != NULL, NULL);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
+
+ switch(format) {
+#ifndef XMLSEC_NO_X509
+ case xmlSecKeyDataFormatPkcs12:
+ key = xmlSecGnuTLSAppPkcs12LoadMemory(data, dataSize, pwd, pwdCallback, pwdCallbackCtx);
+ break;
+ case xmlSecKeyDataFormatCertPem:
+ case xmlSecKeyDataFormatCertDer:
+ key = xmlSecGnuTLSAppKeyFromCertLoadMemory(data, dataSize, format);
+ break;
+#endif /* XMLSEC_NO_X509 */
+ default:
+ key = xmlSecGCryptAppKeyLoadMemory(data, dataSize, format, pwd, pwdCallback, pwdCallbackCtx);
+ break;
+ }
+ return(key);
+}
+
+#ifndef XMLSEC_NO_X509
+/**
+ * xmlSecGnuTLSAppKeyCertLoad:
+ * @key: the pointer to key.
+ * @filename: the certificate filename.
+ * @format: the certificate file format.
+ *
+ * Reads the certificate from $@filename and adds it to key.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSAppKeyCertLoad(xmlSecKeyPtr key, const char* filename,
+ xmlSecKeyDataFormat format) {
+ xmlSecBuffer buffer;
+ int ret;
+
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(filename != NULL, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ ret = xmlSecBufferInitialize(&buffer, 4*1024);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecBufferReadFile(&buffer, filename);
+ if((ret < 0) || (xmlSecBufferGetData(&buffer) == NULL) || (xmlSecBufferGetSize(&buffer) <= 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferReadFile",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ xmlSecBufferFinalize(&buffer);
+ return(-1);
+ }
+
+ ret = xmlSecGnuTLSAppKeyCertLoadMemory(key,
+ xmlSecBufferGetData(&buffer),
+ xmlSecBufferGetSize(&buffer),
+ format);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSAppKeyCertLoadMemory",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ xmlSecBufferFinalize(&buffer);
+ return(-1);
+ }
+
+ /* cleanup */
+ xmlSecBufferFinalize(&buffer);
+ return(0);
+}
+
+/**
+ * xmlSecGnuTLSAppKeyCertLoadMemory:
+ * @key: the pointer to key.
+ * @data: the certificate binary data.
+ * @dataSize: the certificate binary data size.
+ * @format: the certificate file format.
+ *
+ * Reads the certificate from memory buffer and adds it to key.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSAppKeyCertLoadMemory(xmlSecKeyPtr key,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format) {
+ gnutls_x509_crt_t cert;
+ xmlSecKeyDataPtr keyData;
+ int ret;
+
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(dataSize > 0, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ keyData = xmlSecKeyEnsureData(key, xmlSecGnuTLSKeyDataX509Id);
+ if(keyData == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyEnsureData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ cert = xmlSecGnuTLSX509CertRead(data, dataSize, format);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecGnuTLSKeyDataX509AdoptCert(keyData, cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gnutls_x509_crt_deinit(cert);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecGnuTLSAppPkcs12Load:
+ * @filename: the PKCS12 key filename.
+ * @pwd: the PKCS12 file password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key and all associated certificates from the PKCS12 file.
+ * For uniformity, call xmlSecGnuTLSAppKeyLoad instead of this function. Pass
+ * in format=xmlSecKeyDataFormatPkcs12.
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecGnuTLSAppPkcs12Load(const char *filename,
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx) {
+ xmlSecKeyPtr key;
+ xmlSecBuffer buffer;
+ int ret;
+
+ xmlSecAssert2(filename != NULL, NULL);
+
+ ret = xmlSecBufferInitialize(&buffer, 4*1024);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ ret = xmlSecBufferReadFile(&buffer, filename);
+ if((ret < 0) || (xmlSecBufferGetData(&buffer) == NULL) || (xmlSecBufferGetSize(&buffer) <= 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferReadFile",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ xmlSecBufferFinalize(&buffer);
+ return(NULL);
+ }
+
+ key = xmlSecGnuTLSAppPkcs12LoadMemory(xmlSecBufferGetData(&buffer),
+ xmlSecBufferGetSize(&buffer),
+ pwd, pwdCallback, pwdCallbackCtx);
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSAppPkcs12LoadMemory",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ xmlSecBufferFinalize(&buffer);
+ return(NULL);
+ }
+
+ /* cleanup */
+ xmlSecBufferFinalize(&buffer);
+ return(key);
+}
+
+/**
+ * xmlSecGnuTLSAppPkcs12LoadMemory:
+ * @data: the PKCS12 binary data.
+ * @dataSize: the PKCS12 binary data size.
+ * @pwd: the PKCS12 file password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key and all associated certificates from the PKCS12 data in memory buffer.
+ * For uniformity, call xmlSecGnuTLSAppKeyLoadMemory instead of this function. Pass
+ * in format=xmlSecKeyDataFormatPkcs12.
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecGnuTLSAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize,
+ const char *pwd,
+ void* pwdCallback ATTRIBUTE_UNUSED,
+ void* pwdCallbackCtx ATTRIBUTE_UNUSED)
+{
+ xmlSecKeyPtr key = NULL;
+ xmlSecKeyPtr res = NULL;
+ xmlSecPtrList certsList;
+ xmlSecKeyDataPtr keyData = NULL;
+ xmlSecKeyDataPtr x509Data = NULL;
+ gnutls_x509_privkey_t priv_key = NULL;
+ gnutls_x509_crt_t key_cert = NULL;
+ xmlSecSize certsSize;
+ int ret;
+
+ xmlSecAssert2(data != NULL, NULL);
+ xmlSecAssert2(dataSize > 0, NULL);
+
+ /* prepare */
+ ret = xmlSecPtrListInitialize(&(certsList), xmlSecGnuTLSX509CrtListId);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "certsList");
+ return(NULL);
+ }
+
+ /* load pkcs12 */
+ ret = xmlSecGnuTLSPkcs12LoadMemory(data, dataSize, pwd, &priv_key, &key_cert, &certsList);
+ if((ret < 0) || (priv_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSPkcs12LoadMemory",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* create key */
+ key = xmlSecKeyCreate();
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* create key value data */
+ keyData = xmlSecGnuTLSCreateKeyDataAndAdoptPrivKey(priv_key);
+ if(keyData == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSCreateKeyDataAndAdoptPrivKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ priv_key = NULL; /* owned by keyData now */
+
+ ret = xmlSecKeySetValue(key, keyData);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+ keyData = NULL; /* owned by key now */
+
+
+ /* create x509 certs data */
+ certsSize = xmlSecPtrListGetSize(&certsList);
+ if((certsSize > 0) || (key_cert != NULL)) {
+ xmlSecSize ii;
+
+ x509Data = xmlSecKeyDataCreate(xmlSecGnuTLSKeyDataX509Id);
+ if(x509Data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate(xmlSecGnuTLSKeyDataX509Id)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* set key's cert */
+ if(key_cert != NULL) {
+ ret = xmlSecGnuTLSKeyDataX509AdoptKeyCert(x509Data, key_cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSKeyDataX509AdoptKeyCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ key_cert = NULL; /* owned by x509Data now */
+ }
+
+ /* copy all other certs */
+ for(ii = 0; ii < certsSize; ++ii) {
+ gnutls_x509_crt_t cert = xmlSecPtrListRemoveAndReturn(&certsList, ii);
+ if(cert == NULL) {
+ continue;
+ }
+
+ ret = xmlSecGnuTLSKeyDataX509AdoptCert(x509Data, cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gnutls_x509_crt_deinit(cert);
+ goto done;
+ }
+ }
+
+ /* set in the key */
+ ret = xmlSecKeyAdoptData(key, x509Data);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyAdoptData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+ x509Data = NULL; /* owned by key now */
+ }
+
+ /* success!!! */
+ res = key;
+ key = NULL;
+
+done:
+ if(key_cert != NULL) {
+ gnutls_x509_crt_deinit(key_cert);
+ }
+ if(priv_key != NULL) {
+ gnutls_x509_privkey_deinit(priv_key);
+ }
+ if(keyData != NULL) {
+ xmlSecKeyDataDestroy(keyData);
+ }
+ if(x509Data != NULL) {
+ xmlSecKeyDataDestroy(x509Data);
+ }
+ if(key != NULL) {
+ xmlSecKeyDestroy(key);
+ }
+ xmlSecPtrListFinalize(&certsList);
+ return(res);
+}
+
+static xmlSecKeyPtr
+xmlSecGnuTLSAppKeyFromCertLoad(const char *filename,
+ xmlSecKeyDataFormat format)
+{
+ xmlSecKeyPtr key;
+ xmlSecBuffer buffer;
+ int ret;
+
+ xmlSecAssert2(filename != NULL, NULL);
+
+ ret = xmlSecBufferInitialize(&buffer, 4*1024);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ ret = xmlSecBufferReadFile(&buffer, filename);
+ if((ret < 0) || (xmlSecBufferGetData(&buffer) == NULL) || (xmlSecBufferGetSize(&buffer) <= 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferReadFile",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ xmlSecBufferFinalize(&buffer);
+ return(NULL);
+ }
+
+ key = xmlSecGnuTLSAppKeyFromCertLoadMemory(
+ xmlSecBufferGetData(&buffer),
+ xmlSecBufferGetSize(&buffer),
+ format);
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSAppKeyFromCertLoadMemory",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ xmlSecBufferFinalize(&buffer);
+ return(NULL);
+ }
+
+ /* cleanup */
+ xmlSecBufferFinalize(&buffer);
+ return(key);
+}
+
+static xmlSecKeyPtr
+xmlSecGnuTLSAppKeyFromCertLoadMemory(const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format)
+{
+ xmlSecKeyPtr key = NULL;
+ xmlSecKeyDataPtr keyData = NULL;
+ xmlSecKeyDataPtr x509Data = NULL;
+ gnutls_x509_crt_t cert = NULL;
+ xmlSecKeyPtr res = NULL;
+ int ret;
+
+ xmlSecAssert2(data != NULL, NULL);
+ xmlSecAssert2(dataSize > 0, NULL);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
+
+ /* read cert */
+ cert = xmlSecGnuTLSX509CertRead(data, dataSize, format);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* create key */
+ key = xmlSecKeyCreate();
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* create key value data */
+ keyData = xmlSecGnuTLSX509CertGetKey(cert);
+ if(keyData == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertGetKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ ret = xmlSecKeySetValue(key, keyData);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+ keyData = NULL; /* owned by key now */
+
+ /* create x509 data */
+ x509Data = xmlSecKeyEnsureData(key, xmlSecGnuTLSKeyDataX509Id);
+ if(x509Data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyEnsureData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ ret = xmlSecGnuTLSKeyDataX509AdoptKeyCert(x509Data, cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSKeyDataX509AdoptKeyCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ cert = NULL; /* owned by x509Data now */
+
+ /* success */
+ res = key;
+ key = NULL;
+
+done:
+ if(cert != NULL) {
+ gnutls_x509_crt_deinit(cert);
+ }
+ if(keyData != NULL) {
+ xmlSecKeyDataDestroy(keyData);
+ }
+ if(key != NULL) {
+ xmlSecKeyDestroy(key);
+ }
+ return(res);
+}
+
+/**
+ * xmlSecGnuTLSAppKeysMngrCertLoad:
+ * @mngr: the keys manager.
+ * @filename: the certificate file.
+ * @format: the certificate file format.
+ * @type: the flag that indicates is the certificate in @filename
+ * trusted or not.
+ *
+ * Reads cert from @filename and adds to the list of trusted or known
+ * untrusted certs in @store.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr,
+ const char *filename,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type) {
+ xmlSecBuffer buffer;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(filename != NULL, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ ret = xmlSecBufferInitialize(&buffer, 4*1024);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecBufferReadFile(&buffer, filename);
+ if((ret < 0) || (xmlSecBufferGetData(&buffer) == NULL) || (xmlSecBufferGetSize(&buffer) <= 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferReadFile",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ xmlSecBufferFinalize(&buffer);
+ return(-1);
+ }
+
+ ret = xmlSecGnuTLSAppKeysMngrCertLoadMemory(mngr,
+ xmlSecBufferGetData(&buffer),
+ xmlSecBufferGetSize(&buffer),
+ format,
+ type);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSAppKeysMngrCertLoadMemory",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ xmlSecBufferFinalize(&buffer);
+ return(-1);
+ }
+
+ /* cleanup */
+ xmlSecBufferFinalize(&buffer);
+ return(0);
+}
+
+/**
+ * xmlSecGnuTLSAppKeysMngrCertLoadMemory:
+ * @mngr: the keys manager.
+ * @data: the certificate binary data.
+ * @dataSize: the certificate binary data size.
+ * @format: the certificate file format.
+ * @type: the flag that indicates is the certificate trusted or not.
+ *
+ * Reads cert from binary buffer @data and adds to the list of trusted or known
+ * untrusted certs in @store.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type) {
+ xmlSecKeyDataStorePtr x509Store;
+ gnutls_x509_crt_t cert;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(dataSize > 0, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecGnuTLSX509StoreId);
+ if(x509Store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecGnuTLSX509StoreId");
+ return(-1);
+ }
+
+ cert = xmlSecGnuTLSX509CertRead(data, dataSize, format);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecGnuTLSX509StoreAdoptCert(x509Store, cert, type);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509StoreAdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gnutls_x509_crt_deinit(cert);
+ return(-1);
+ }
+
+ return(0);
+}
+
+#endif /* XMLSEC_NO_X509 */
+
+/**
+ * xmlSecGnuTLSAppDefaultKeysMngrInit:
+ * @mngr: the pointer to keys manager.
+ *
+ * Initializes @mngr with simple keys store #xmlSecSimpleKeysStoreId
+ * and a default GnuTLS crypto key data stores.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) {
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+
+ /* create simple keys store if needed */
+ if(xmlSecKeysMngrGetKeysStore(mngr) == NULL) {
+ xmlSecKeyStorePtr keysStore;
+
+ keysStore = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
+ if(keysStore == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyStoreCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecSimpleKeysStoreId");
+ return(-1);
+ }
+
+ ret = xmlSecKeysMngrAdoptKeysStore(mngr, keysStore);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrAdoptKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyStoreDestroy(keysStore);
+ return(-1);
+ }
+ }
+
+ ret = xmlSecGnuTLSKeysMngrInit(mngr);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSKeysMngrInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* TODO */
+ mngr->getKey = xmlSecKeysMngrGetKey;
+ return(0);
+}
+
+/**
+ * xmlSecGnuTLSAppDefaultKeysMngrAdoptKey:
+ * @mngr: the pointer to keys manager.
+ * @key: the pointer to key.
+ *
+ * Adds @key to the keys manager @mngr created with #xmlSecGnuTLSAppDefaultKeysMngrInit
+ * function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr, xmlSecKeyPtr key) {
+ xmlSecKeyStorePtr store;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ store = xmlSecKeysMngrGetKeysStore(mngr);
+ if(store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecSimpleKeysStoreAdoptKey(store, key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSimpleKeysStoreAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecGnuTLSAppDefaultKeysMngrLoad:
+ * @mngr: the pointer to keys manager.
+ * @uri: the uri.
+ *
+ * Loads XML keys file from @uri to the keys manager @mngr created
+ * with #xmlSecGnuTLSAppDefaultKeysMngrInit function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSAppDefaultKeysMngrLoad(xmlSecKeysMngrPtr mngr, const char* uri) {
+ xmlSecKeyStorePtr store;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(uri != NULL, -1);
+
+ store = xmlSecKeysMngrGetKeysStore(mngr);
+ if(store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecSimpleKeysStoreLoad(store, uri, mngr);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSimpleKeysStoreLoad",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "uri=%s", xmlSecErrorsSafeString(uri));
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecGnuTLSAppDefaultKeysMngrSave:
+ * @mngr: the pointer to keys manager.
+ * @filename: the destination filename.
+ * @type: the type of keys to save (public/private/symmetric).
+ *
+ * Saves keys from @mngr to XML keys file.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSAppDefaultKeysMngrSave(xmlSecKeysMngrPtr mngr, const char* filename, xmlSecKeyDataType type) {
+ xmlSecKeyStorePtr store;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(filename != NULL, -1);
+
+ store = xmlSecKeysMngrGetKeysStore(mngr);
+ if(store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecSimpleKeysStoreSave(store, filename, type);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSimpleKeysStoreSave",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecGnuTLSAppGetDefaultPwdCallback:
+ *
+ * Gets default password callback.
+ *
+ * Returns: default password callback.
+ */
+void*
+xmlSecGnuTLSAppGetDefaultPwdCallback(void) {
+ return(NULL);
+}
+
diff --git a/src/gnutls/asymkeys.c b/src/gnutls/asymkeys.c
new file mode 100644
index 00000000..6ac68a78
--- /dev/null
+++ b/src/gnutls/asymkeys.c
@@ -0,0 +1,455 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gnutls/crypto.h>
+
+/**************************************************************************
+ *
+ * We use xmlsec-gcrypt for all the basic crypto ops
+ *
+ *****************************************************************************/
+#include <xmlsec/gcrypt/crypto.h>
+#include <gcrypt.h>
+
+static void xmlSecGnuTLSDestroyParams(gnutls_datum_t * params, xmlSecSize num) {
+ xmlSecSize ii;
+
+ xmlSecAssert(params != NULL);
+ for(ii = 0; ii < num; ++ii) {
+ gnutls_free(params[ii].data);
+ }
+}
+
+static void xmlSecGnuTLSDestroyMpis(gcry_mpi_t * mpis, xmlSecSize num) {
+ xmlSecSize ii;
+
+ xmlSecAssert(mpis != NULL);
+ for(ii = 0; ii < num; ++ii) {
+ gcry_mpi_release(mpis[ii]);
+ }
+}
+
+static int xmlSecGnuTLSConvertParamsToMpis(gnutls_datum_t * params, xmlSecSize paramsNum,
+ gcry_mpi_t * mpis, xmlSecSize mpisNum) {
+
+ xmlSecSize ii;
+ int rc;
+
+ xmlSecAssert2(params != NULL, -1);
+ xmlSecAssert2(mpis != NULL, -1);
+ xmlSecAssert2(paramsNum == mpisNum, -1);
+
+ for(ii = 0; ii < paramsNum; ++ii) {
+ rc = gcry_mpi_scan(&(mpis[ii]), GCRYMPI_FMT_USG, params[ii].data, params[ii].size, NULL);
+ if((rc != GPG_ERR_NO_ERROR) || (mpis[ii] == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_mpi_scan",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc));
+ xmlSecGnuTLSDestroyMpis(mpis, ii); /* destroy up to now */
+ return(-1);
+ }
+ }
+
+ /* done */
+ return(0);
+}
+
+#ifndef XMLSEC_NO_DSA
+
+/**
+ * xmlSecGnuTLSKeyDataDsaGetKlass:
+ *
+ * The DSA key data klass.
+ *
+ * Returns: pointer to DSA key data klass.
+ */
+xmlSecKeyDataId
+xmlSecGnuTLSKeyDataDsaGetKlass(void) {
+ return (xmlSecGCryptKeyDataDsaGetKlass());
+}
+
+/**
+ * xmlSecGnuTLSKeyDataDsaAdoptPrivateKey:
+ * @data: the pointer to DSA key data.
+ * @dsa_key: the pointer to GnuTLS DSA private key.
+ *
+ * Sets the value of DSA key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSKeyDataDsaAdoptPrivateKey(xmlSecKeyDataPtr data, gnutls_x509_privkey_t dsa_key) {
+ gnutls_datum_t params[5];
+ gcry_mpi_t mpis[5];
+ gcry_sexp_t priv_key = NULL;
+ gcry_sexp_t pub_key = NULL;
+ int rc;
+ int err;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataDsaId), -1);
+ xmlSecAssert2(dsa_key != NULL, -1);
+ xmlSecAssert2(gnutls_x509_privkey_get_pk_algorithm(dsa_key) == GNUTLS_PK_DSA, -1);
+
+ /* get raw values */
+ err = gnutls_x509_privkey_export_dsa_raw(dsa_key,
+ &(params[0]), &(params[1]), &(params[2]),
+ &(params[3]), &(params[4]));
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_privkey_export_dsa_raw",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ /* convert to mpis */
+ ret = xmlSecGnuTLSConvertParamsToMpis(
+ params, sizeof(params)/sizeof(params[0]),
+ mpis, sizeof(mpis)/sizeof(mpis[0]));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSConvertParamsToMpis",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecGnuTLSDestroyParams(params, sizeof(params)/sizeof(params[0]));
+ return(-1);
+ }
+ xmlSecGnuTLSDestroyParams(params, sizeof(params)/sizeof(params[0]));
+
+ /* build expressions */
+ rc = gcry_sexp_build(&(priv_key), NULL, "(private-key(dsa(p%m)(q%m)(g%m)(y%m)(x%m)))",
+ mpis[0], mpis[1], mpis[2], mpis[3], mpis[4]);
+ if((rc != GPG_ERR_NO_ERROR) || (priv_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(private/dsa)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc));
+ xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
+ return(-1);
+ }
+ rc = gcry_sexp_build(&(pub_key), NULL, "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
+ mpis[0], mpis[1], mpis[2], mpis[3]);
+ if((rc != GPG_ERR_NO_ERROR) || (pub_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(private/rsa)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc));
+ gcry_sexp_release(priv_key);
+ xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
+ return(-1);
+ }
+ xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
+
+ ret = xmlSecGCryptKeyDataDsaAdoptKeyPair(data, pub_key, priv_key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptKeyDataDsaAdoptKeyPair",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gcry_sexp_release(pub_key);
+ gcry_sexp_release(priv_key);
+ return(-1);
+ }
+
+ /* done, we "adopted" the key - destroy it! */
+ gnutls_x509_privkey_deinit(dsa_key);
+ return(0);
+}
+
+
+/**
+ * xmlSecGnuTLSKeyDataDsaAdoptPublicKey:
+ * @data: the pointer to DSA key data.
+ * @p: the pointer to p component of the DSA public key
+ * @q: the pointer to q component of the DSA public key
+ * @g: the pointer to g component of the DSA public key
+ * @y: the pointer to y component of the DSA public key
+ *
+ * Sets the value of DSA key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSKeyDataDsaAdoptPublicKey(xmlSecKeyDataPtr data,
+ gnutls_datum_t * p, gnutls_datum_t * q,
+ gnutls_datum_t * g, gnutls_datum_t * y) {
+ gnutls_datum_t params[4];
+ gcry_mpi_t mpis[4];
+ gcry_sexp_t pub_key = NULL;
+ int rc;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataDsaId), -1);
+ xmlSecAssert2(p != NULL, -1);
+ xmlSecAssert2(q != NULL, -1);
+ xmlSecAssert2(g != NULL, -1);
+ xmlSecAssert2(y != NULL, -1);
+
+ /* copy */
+ memcpy(&(params[0]), p, sizeof(*p));
+ memcpy(&(params[1]), q, sizeof(*q));
+ memcpy(&(params[2]), g, sizeof(*g));
+ memcpy(&(params[3]), y, sizeof(*y));
+
+ /* convert to mpis */
+ ret = xmlSecGnuTLSConvertParamsToMpis(
+ params, sizeof(params)/sizeof(params[0]),
+ mpis, sizeof(mpis)/sizeof(mpis[0]));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSConvertParamsToMpis",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ /* don't destroy params - we got them from outside !!! */
+ return(-1);
+ }
+ /* don't destroy params - we got them from outside !!! */
+
+ /* build expressions */
+ rc = gcry_sexp_build(&(pub_key), NULL, "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
+ mpis[0], mpis[1], mpis[2], mpis[3]);
+ if((rc != GPG_ERR_NO_ERROR) || (pub_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(private/rsa)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc));
+ xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
+ return(-1);
+ }
+ xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
+
+ ret = xmlSecGCryptKeyDataDsaAdoptKeyPair(data, pub_key, NULL);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptKeyDataDsaAdoptKeyPair",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gcry_sexp_release(pub_key);
+ return(-1);
+ }
+
+ /* done, we "adopted" the key - destroy it! */
+ gnutls_free(p->data);
+ gnutls_free(q->data);
+ gnutls_free(g->data);
+ gnutls_free(y->data);
+ return(0);
+}
+
+#endif /* XMLSEC_NO_DSA */
+
+
+#ifndef XMLSEC_NO_RSA
+
+/**
+ * xmlSecGnuTLSKeyDataRsaGetKlass:
+ *
+ * The GnuTLS RSA key data klass.
+ *
+ * Returns: pointer to GnuTLS RSA key data klass.
+ */
+xmlSecKeyDataId
+xmlSecGnuTLSKeyDataRsaGetKlass(void) {
+ return (xmlSecGCryptKeyDataRsaGetKlass());
+}
+
+/**
+ * xmlSecGnuTLSKeyDataRsaAdoptPrivateKey:
+ * @data: the pointer to RSA key data.
+ * @rsa_key: the pointer to GnuTLS RSA private key.
+ *
+ * Sets the value of RSA key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSKeyDataRsaAdoptPrivateKey(xmlSecKeyDataPtr data, gnutls_x509_privkey_t rsa_key) {
+ gnutls_datum_t params[6];
+ gcry_mpi_t mpis[6];
+ gcry_sexp_t priv_key = NULL;
+ gcry_sexp_t pub_key = NULL;
+ int rc;
+ int err;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataRsaId), -1);
+ xmlSecAssert2(rsa_key != NULL, -1);
+ xmlSecAssert2(gnutls_x509_privkey_get_pk_algorithm(rsa_key) == GNUTLS_PK_RSA, -1);
+
+ /* get raw values */
+ err = gnutls_x509_privkey_export_rsa_raw(rsa_key,
+ &(params[0]), &(params[1]), &(params[2]),
+ &(params[3]), &(params[4]), &(params[5]));
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_privkey_export_rsa_raw",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ return(-1);
+ }
+
+ /* convert to mpis */
+ ret = xmlSecGnuTLSConvertParamsToMpis(
+ params, sizeof(params)/sizeof(params[0]),
+ mpis, sizeof(mpis)/sizeof(mpis[0]));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSConvertParamsToMpis",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecGnuTLSDestroyParams(params, sizeof(params)/sizeof(params[0]));
+ return(-1);
+ }
+ xmlSecGnuTLSDestroyParams(params, sizeof(params)/sizeof(params[0]));
+
+ /* build expressions */
+ rc = gcry_sexp_build(&(priv_key), NULL, "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))",
+ mpis[0], mpis[1], mpis[2],
+ mpis[3], mpis[4], mpis[5]);
+ if((rc != GPG_ERR_NO_ERROR) || (priv_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(private/rsa)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc));
+ xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
+ return(-1);
+ }
+ rc = gcry_sexp_build(&(pub_key), NULL, "(public-key(rsa((n%m)(e%m))))",
+ mpis[0], mpis[1]);
+ if((rc != GPG_ERR_NO_ERROR) || (pub_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(private/rsa)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc));
+ gcry_sexp_release(priv_key);
+ xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
+ return(-1);
+ }
+ xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
+
+ ret = xmlSecGCryptKeyDataRsaAdoptKeyPair(data, pub_key, priv_key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptKeyDataRsaAdoptKeyPair",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gcry_sexp_release(pub_key);
+ gcry_sexp_release(priv_key);
+ return(-1);
+ }
+
+ /* done, we "adopted" the key - destroy it! */
+ gnutls_x509_privkey_deinit(rsa_key);
+ return(0);
+}
+
+
+/**
+ * xmlSecGnuTLSKeyDataRsaAdoptPublicKey:
+ * @data: the pointer to RSA key data.
+ * @m: the pointer to m component of the RSA public key
+ * @e: the pointer to e component of the RSA public key
+ *
+ * Sets the value of RSA key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSKeyDataRsaAdoptPublicKey(xmlSecKeyDataPtr data,
+ gnutls_datum_t * m, gnutls_datum_t * e) {
+ gnutls_datum_t params[2];
+ gcry_mpi_t mpis[2];
+ gcry_sexp_t pub_key = NULL;
+ int rc;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataRsaId), -1);
+ xmlSecAssert2(m != NULL, -1);
+ xmlSecAssert2(e != NULL, -1);
+
+ /* copy */
+ memcpy(&(params[0]), m, sizeof(*m));
+ memcpy(&(params[1]), e, sizeof(*e));
+
+ /* convert to mpis */
+ ret = xmlSecGnuTLSConvertParamsToMpis(
+ params, sizeof(params)/sizeof(params[0]),
+ mpis, sizeof(mpis)/sizeof(mpis[0]));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSConvertParamsToMpis",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ /* don't destroy params - we got them from outside !!! */
+ return(-1);
+ }
+ /* don't destroy params - we got them from outside !!! */
+
+ /* build expressions */
+ rc = gcry_sexp_build(&(pub_key), NULL, "(public-key(rsa((n%m)(e%m))))",
+ mpis[0], mpis[1]);
+ if((rc != GPG_ERR_NO_ERROR) || (pub_key == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gcry_sexp_build(private/rsa)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc));
+ xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
+ return(-1);
+ }
+ xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
+
+ ret = xmlSecGCryptKeyDataRsaAdoptKeyPair(data, pub_key, NULL);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGCryptKeyDataRsaAdoptKeyPair",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gcry_sexp_release(pub_key);
+ return(-1);
+ }
+
+ /* done, we "adopted" the key - destroy it! */
+ gnutls_free(m->data);
+ gnutls_free(e->data);
+ return(0);
+}
+#endif /* XMLSEC_NO_RSA */
diff --git a/src/gnutls/ciphers.c b/src/gnutls/ciphers.c
new file mode 100644
index 00000000..eacfede6
--- /dev/null
+++ b/src/gnutls/ciphers.c
@@ -0,0 +1,82 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gnutls/crypto.h>
+
+/**************************************************************************
+ *
+ * We use xmlsec-gcrypt for all the basic crypto ops
+ *
+ *****************************************************************************/
+#include <xmlsec/gcrypt/crypto.h>
+
+
+
+
+#ifndef XMLSEC_NO_AES
+
+/**
+ * xmlSecGnuTLSTransformAes128CbcGetKlass:
+ *
+ * AES 128 CBC encryption transform klass.
+ *
+ * Returns: pointer to AES 128 CBC encryption transform.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformAes128CbcGetKlass(void) {
+ return (xmlSecGCryptTransformAes128CbcGetKlass());
+}
+
+/**
+ * xmlSecGnuTLSTransformAes192CbcGetKlass:
+ *
+ * AES 192 CBC encryption transform klass.
+ *
+ * Returns: pointer to AES 192 CBC encryption transform.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformAes192CbcGetKlass(void) {
+ return (xmlSecGCryptTransformAes192CbcGetKlass());
+}
+
+/**
+ * xmlSecGnuTLSTransformAes256CbcGetKlass:
+ *
+ * AES 256 CBC encryption transform klass.
+ *
+ * Returns: pointer to AES 256 CBC encryption transform.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformAes256CbcGetKlass(void) {
+ return (xmlSecGCryptTransformAes256CbcGetKlass());
+}
+#endif /* XMLSEC_NO_AES */
+
+#ifndef XMLSEC_NO_DES
+/**
+ * xmlSecGnuTLSTransformDes3CbcGetKlass:
+ *
+ * Triple DES CBC encryption transform klass.
+ *
+ * Returns: pointer to Triple DES encryption transform.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformDes3CbcGetKlass(void) {
+ return (xmlSecGCryptTransformDes3CbcGetKlass());
+}
+#endif /* XMLSEC_NO_DES */
+
diff --git a/src/gnutls/crypto.c b/src/gnutls/crypto.c
new file mode 100644
index 00000000..83175e69
--- /dev/null
+++ b/src/gnutls/crypto.c
@@ -0,0 +1,351 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <gcrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+#include <xmlsec/dl.h>
+#include <xmlsec/private.h>
+
+#include <xmlsec/gnutls/app.h>
+#include <xmlsec/gnutls/crypto.h>
+#include <xmlsec/gnutls/x509.h>
+
+static xmlSecCryptoDLFunctionsPtr gXmlSecGnuTLSFunctions = NULL;
+
+/**
+ * xmlSecCryptoGetFunctions_gnutls:
+ *
+ * Gets the pointer to xmlsec-gnutls functions table.
+ *
+ * Returns: the xmlsec-gnutls functions table or NULL if an error occurs.
+ */
+xmlSecCryptoDLFunctionsPtr
+xmlSecCryptoGetFunctions_gnutls(void) {
+ static xmlSecCryptoDLFunctions functions;
+
+ if(gXmlSecGnuTLSFunctions != NULL) {
+ return(gXmlSecGnuTLSFunctions);
+ }
+
+ memset(&functions, 0, sizeof(functions));
+ gXmlSecGnuTLSFunctions = &functions;
+
+ /********************************************************************
+ *
+ * Crypto Init/shutdown
+ *
+ ********************************************************************/
+ gXmlSecGnuTLSFunctions->cryptoInit = xmlSecGnuTLSInit;
+ gXmlSecGnuTLSFunctions->cryptoShutdown = xmlSecGnuTLSShutdown;
+ gXmlSecGnuTLSFunctions->cryptoKeysMngrInit = xmlSecGnuTLSKeysMngrInit;
+
+ /********************************************************************
+ *
+ * Key data ids
+ *
+ ********************************************************************/
+#ifndef XMLSEC_NO_AES
+ gXmlSecGnuTLSFunctions->keyDataAesGetKlass = xmlSecGnuTLSKeyDataAesGetKlass;
+#endif /* XMLSEC_NO_AES */
+
+#ifndef XMLSEC_NO_DES
+ gXmlSecGnuTLSFunctions->keyDataDesGetKlass = xmlSecGnuTLSKeyDataDesGetKlass;
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_DSA
+ gXmlSecGnuTLSFunctions->keyDataDsaGetKlass = xmlSecGnuTLSKeyDataDsaGetKlass;
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_HMAC
+ gXmlSecGnuTLSFunctions->keyDataHmacGetKlass = xmlSecGnuTLSKeyDataHmacGetKlass;
+#endif /* XMLSEC_NO_HMAC */
+
+#ifndef XMLSEC_NO_RSA
+ gXmlSecGnuTLSFunctions->keyDataRsaGetKlass = xmlSecGnuTLSKeyDataRsaGetKlass;
+#endif /* XMLSEC_NO_RSA */
+
+#ifndef XMLSEC_NO_X509
+ gXmlSecGnuTLSFunctions->keyDataX509GetKlass = xmlSecGnuTLSKeyDataX509GetKlass;
+ gXmlSecGnuTLSFunctions->keyDataRawX509CertGetKlass = xmlSecGnuTLSKeyDataRawX509CertGetKlass;
+#endif /* XMLSEC_NO_X509 */
+
+ /********************************************************************
+ *
+ * Key data store ids
+ *
+ ********************************************************************/
+#ifndef XMLSEC_NO_X509
+ gXmlSecGnuTLSFunctions->x509StoreGetKlass = xmlSecGnuTLSX509StoreGetKlass;
+#endif /* XMLSEC_NO_X509 */
+
+ /********************************************************************
+ *
+ * Crypto transforms ids
+ *
+ ********************************************************************/
+
+ /******************************* AES ********************************/
+#ifndef XMLSEC_NO_AES
+ gXmlSecGnuTLSFunctions->transformAes128CbcGetKlass = xmlSecGnuTLSTransformAes128CbcGetKlass;
+ gXmlSecGnuTLSFunctions->transformAes192CbcGetKlass = xmlSecGnuTLSTransformAes192CbcGetKlass;
+ gXmlSecGnuTLSFunctions->transformAes256CbcGetKlass = xmlSecGnuTLSTransformAes256CbcGetKlass;
+ gXmlSecGnuTLSFunctions->transformKWAes128GetKlass = xmlSecGnuTLSTransformKWAes128GetKlass;
+ gXmlSecGnuTLSFunctions->transformKWAes192GetKlass = xmlSecGnuTLSTransformKWAes192GetKlass;
+ gXmlSecGnuTLSFunctions->transformKWAes256GetKlass = xmlSecGnuTLSTransformKWAes256GetKlass;
+#endif /* XMLSEC_NO_AES */
+
+ /******************************* DES ********************************/
+#ifndef XMLSEC_NO_DES
+ gXmlSecGnuTLSFunctions->transformDes3CbcGetKlass = xmlSecGnuTLSTransformDes3CbcGetKlass;
+ gXmlSecGnuTLSFunctions->transformKWDes3GetKlass = xmlSecGnuTLSTransformKWDes3GetKlass;
+#endif /* XMLSEC_NO_DES */
+
+ /******************************* DSA ********************************/
+#ifndef XMLSEC_NO_DSA
+
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecGnuTLSFunctions->transformDsaSha1GetKlass = xmlSecGnuTLSTransformDsaSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#endif /* XMLSEC_NO_DSA */
+
+ /******************************* HMAC ********************************/
+#ifndef XMLSEC_NO_HMAC
+
+#ifndef XMLSEC_NO_MD5
+ gXmlSecGnuTLSFunctions->transformHmacMd5GetKlass = xmlSecGnuTLSTransformHmacMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ gXmlSecGnuTLSFunctions->transformHmacRipemd160GetKlass = xmlSecGnuTLSTransformHmacRipemd160GetKlass;
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecGnuTLSFunctions->transformHmacSha1GetKlass = xmlSecGnuTLSTransformHmacSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecGnuTLSFunctions->transformHmacSha256GetKlass = xmlSecGnuTLSTransformHmacSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecGnuTLSFunctions->transformHmacSha384GetKlass = xmlSecGnuTLSTransformHmacSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecGnuTLSFunctions->transformHmacSha512GetKlass = xmlSecGnuTLSTransformHmacSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_HMAC */
+
+ /******************************* MD5 ********************************/
+#ifndef XMLSEC_NO_MD5
+ gXmlSecGnuTLSFunctions->transformMd5GetKlass = xmlSecGnuTLSTransformMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+ /******************************* RIPEMD160 ********************************/
+#ifndef XMLSEC_NO_RIPEMD160
+ gXmlSecGnuTLSFunctions->transformRipemd160GetKlass = xmlSecGnuTLSTransformRipemd160GetKlass;
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+ /******************************* RSA ********************************/
+#ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_MD5
+ gXmlSecGnuTLSFunctions->transformRsaMd5GetKlass = xmlSecGnuTLSTransformRsaMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ gXmlSecGnuTLSFunctions->transformRsaRipemd160GetKlass = xmlSecGnuTLSTransformRsaRipemd160GetKlass;
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecGnuTLSFunctions->transformRsaSha1GetKlass = xmlSecGnuTLSTransformRsaSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecGnuTLSFunctions->transformRsaSha256GetKlass = xmlSecGnuTLSTransformRsaSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecGnuTLSFunctions->transformRsaSha384GetKlass = xmlSecGnuTLSTransformRsaSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecGnuTLSFunctions->transformRsaSha512GetKlass = xmlSecGnuTLSTransformRsaSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_RSA */
+
+ /******************************* SHA ********************************/
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecGnuTLSFunctions->transformSha1GetKlass = xmlSecGnuTLSTransformSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecGnuTLSFunctions->transformSha256GetKlass = xmlSecGnuTLSTransformSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecGnuTLSFunctions->transformSha384GetKlass = xmlSecGnuTLSTransformSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecGnuTLSFunctions->transformSha512GetKlass = xmlSecGnuTLSTransformSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+
+ /********************************************************************
+ *
+ * High level routines form xmlsec command line utility
+ *
+ ********************************************************************/
+ gXmlSecGnuTLSFunctions->cryptoAppInit = xmlSecGnuTLSAppInit;
+ gXmlSecGnuTLSFunctions->cryptoAppShutdown = xmlSecGnuTLSAppShutdown;
+ gXmlSecGnuTLSFunctions->cryptoAppDefaultKeysMngrInit = xmlSecGnuTLSAppDefaultKeysMngrInit;
+ gXmlSecGnuTLSFunctions->cryptoAppDefaultKeysMngrAdoptKey = xmlSecGnuTLSAppDefaultKeysMngrAdoptKey;
+ gXmlSecGnuTLSFunctions->cryptoAppDefaultKeysMngrLoad = xmlSecGnuTLSAppDefaultKeysMngrLoad;
+ gXmlSecGnuTLSFunctions->cryptoAppDefaultKeysMngrSave = xmlSecGnuTLSAppDefaultKeysMngrSave;
+#ifndef XMLSEC_NO_X509
+ gXmlSecGnuTLSFunctions->cryptoAppKeysMngrCertLoad = xmlSecGnuTLSAppKeysMngrCertLoad;
+ gXmlSecGnuTLSFunctions->cryptoAppPkcs12Load = xmlSecGnuTLSAppPkcs12Load;
+ gXmlSecGnuTLSFunctions->cryptoAppKeyCertLoad = xmlSecGnuTLSAppKeyCertLoad;
+#endif /* XMLSEC_NO_X509 */
+ gXmlSecGnuTLSFunctions->cryptoAppKeyLoad = xmlSecGnuTLSAppKeyLoad;
+ gXmlSecGnuTLSFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecGnuTLSAppGetDefaultPwdCallback();
+
+ return(gXmlSecGnuTLSFunctions);
+}
+
+
+/**
+ * xmlSecGnuTLSInit:
+ *
+ * XMLSec library specific crypto engine initialization.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSInit (void) {
+ /* Check loaded xmlsec library version */
+ if(xmlSecCheckVersionExact() != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCheckVersionExact",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* register our klasses */
+ if(xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(xmlSecCryptoGetFunctions_gnutls()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecGnuTLSShutdown:
+ *
+ * XMLSec library specific crypto engine shutdown.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSShutdown(void) {
+ return(0);
+}
+
+/**
+ * xmlSecGnuTLSKeysMngrInit:
+ * @mngr: the pointer to keys manager.
+ *
+ * Adds GnuTLS specific key data stores in keys manager.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSKeysMngrInit(xmlSecKeysMngrPtr mngr) {
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+
+#ifndef XMLSEC_NO_X509
+ /* create x509 store if needed */
+ if(xmlSecKeysMngrGetDataStore(mngr, xmlSecGnuTLSX509StoreId) == NULL) {
+ xmlSecKeyDataStorePtr x509Store;
+
+ x509Store = xmlSecKeyDataStoreCreate(xmlSecGnuTLSX509StoreId);
+ if(x509Store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataStoreCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecGnuTLSX509StoreId");
+ return(-1);
+ }
+
+ ret = xmlSecKeysMngrAdoptDataStore(mngr, x509Store);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrAdoptDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataStoreDestroy(x509Store);
+ return(-1);
+ }
+ }
+#endif /* XMLSEC_NO_X509 */
+ return(0);
+}
+
+/**
+ * xmlSecGnuTLSGenerateRandom:
+ * @buffer: the destination buffer.
+ * @size: the numer of bytes to generate.
+ *
+ * Generates @size random bytes and puts result in @buffer.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecGnuTLSGenerateRandom(xmlSecBufferPtr buffer, xmlSecSize size) {
+ int ret;
+
+ xmlSecAssert2(buffer != NULL, -1);
+ xmlSecAssert2(size > 0, -1);
+
+ ret = xmlSecBufferSetSize(buffer, size);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", size);
+ return(-1);
+ }
+
+ /* get random data */
+ gcry_randomize(xmlSecBufferGetData(buffer), size, GCRY_STRONG_RANDOM);
+ return(0);
+}
diff --git a/src/gnutls/digests.c b/src/gnutls/digests.c
new file mode 100644
index 00000000..2df20706
--- /dev/null
+++ b/src/gnutls/digests.c
@@ -0,0 +1,112 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gnutls/app.h>
+#include <xmlsec/gnutls/crypto.h>
+
+/**************************************************************************
+ *
+ * We use xmlsec-gcrypt for all the basic crypto ops
+ *
+ *****************************************************************************/
+#include <xmlsec/gcrypt/crypto.h>
+
+#ifndef XMLSEC_NO_SHA1
+/**
+ * xmlSecGnuTLSTransformSha1GetKlass:
+ *
+ * SHA-1 digest transform klass.
+ *
+ * Returns: pointer to SHA-1 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformSha1GetKlass(void) {
+ return (xmlSecGCryptTransformSha1GetKlass());
+}
+#endif /* XMLSEC_NO_SHA1 */
+
+
+#ifndef XMLSEC_NO_SHA256
+/**
+ * xmlSecGnuTLSTransformSha256GetKlass:
+ *
+ * SHA256 digest transform klass.
+ *
+ * Returns: pointer to SHA256 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformSha256GetKlass(void) {
+ return (xmlSecGCryptTransformSha256GetKlass());
+}
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/**
+ * xmlSecGnuTLSTransformSha384GetKlass:
+ *
+ * SHA384 digest transform klass.
+ *
+ * Returns: pointer to SHA384 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformSha384GetKlass(void) {
+ return (xmlSecGCryptTransformSha384GetKlass());
+}
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/**
+ * xmlSecGnuTLSTransformSha512GetKlass:
+ *
+ * SHA512 digest transform klass.
+ *
+ * Returns: pointer to SHA512 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformSha512GetKlass(void) {
+ return (xmlSecGCryptTransformSha512GetKlass());
+}
+#endif /* XMLSEC_NO_SHA512 */
+
+#ifndef XMLSEC_NO_MD5
+
+/**
+ * xmlSecGnuTLSTransformMd5GetKlass:
+ *
+ * MD5 digest transform klass.
+ *
+ * Returns: pointer to MD5 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformMd5GetKlass(void) {
+ return (xmlSecGCryptTransformMd5GetKlass());
+}
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+/**
+ * xmlSecGnuTLSTransformRipemd160GetKlass:
+ *
+ * RIPEMD160 digest transform klass.
+ *
+ * Returns: pointer to RIPEMD160 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformRipemd160GetKlass(void) {
+ return (xmlSecGCryptTransformRipemd160GetKlass());
+}
+#endif /* XMLSEC_NO_RIPEMD160 */
diff --git a/src/gnutls/globals.h b/src/gnutls/globals.h
new file mode 100644
index 00000000..b49e2404
--- /dev/null
+++ b/src/gnutls/globals.h
@@ -0,0 +1,31 @@
+/*
+ * XML Security Library
+ *
+ * globals.h: internal header only used during the compilation
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_GLOBALS_H__
+#define __XMLSEC_GLOBALS_H__
+
+/**
+ * Use autoconf defines if present.
+ */
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif /* HAVE_CONFIG_H */
+
+#define IN_XMLSEC_CRYPTO
+#define XMLSEC_PRIVATE
+
+#define XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(err) \
+ "error code=%d; error message='%s'", \
+ (int)err, xmlSecErrorsSafeString(gcry_strerror((err)))
+#define XMLSEC_GNUTLS_REPORT_ERROR(err) \
+ "error code=%d; error message='%s'", \
+ (int)err, xmlSecErrorsSafeString(gnutls_strerror((err)))
+
+#endif /* ! __XMLSEC_GLOBALS_H__ */
diff --git a/src/gnutls/hmac.c b/src/gnutls/hmac.c
new file mode 100644
index 00000000..5d1acfc2
--- /dev/null
+++ b/src/gnutls/hmac.c
@@ -0,0 +1,141 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef XMLSEC_NO_HMAC
+#include "globals.h"
+
+#include <string.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gnutls/app.h>
+#include <xmlsec/gnutls/crypto.h>
+
+/**************************************************************************
+ *
+ * We use xmlsec-gcrypt for all the basic crypto ops
+ *
+ *****************************************************************************/
+#include <xmlsec/gcrypt/crypto.h>
+
+/**
+ * xmlSecGnuTLSHmacGetMinOutputLength:
+ *
+ * Gets the value of min HMAC length.
+ *
+ * Returns: the min HMAC output length
+ */
+int xmlSecGnuTLSHmacGetMinOutputLength(void)
+{
+ return xmlSecGCryptHmacGetMinOutputLength();
+}
+
+/**
+ * xmlSecGnuTLSHmacSetMinOutputLength:
+ * @min_length: the new min length
+ *
+ * Sets the min HMAC output length
+ */
+void xmlSecGnuTLSHmacSetMinOutputLength(int min_length)
+{
+ xmlSecGCryptHmacSetMinOutputLength(min_length);
+}
+
+
+
+#ifndef XMLSEC_NO_SHA1
+/**
+ * xmlSecGnuTLSTransformHmacSha1GetKlass:
+ *
+ * The HMAC-SHA1 transform klass.
+ *
+ * Returns: the HMAC-SHA1 transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformHmacSha1GetKlass(void) {
+ return (xmlSecGCryptTransformHmacSha1GetKlass());
+}
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+/**
+ * xmlSecGnuTLSTransformHmacSha256GetKlass:
+ *
+ * The HMAC-SHA256 transform klass.
+ *
+ * Returns: the HMAC-SHA256 transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformHmacSha256GetKlass(void) {
+ return (xmlSecGCryptTransformHmacSha256GetKlass());
+}
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/**
+ * xmlSecGnuTLSTransformHmacSha384GetKlass:
+ *
+ * The HMAC-SHA384 transform klass.
+ *
+ * Returns: the HMAC-SHA384 transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformHmacSha384GetKlass(void) {
+ return (xmlSecGCryptTransformHmacSha384GetKlass());
+}
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/**
+ * xmlSecGnuTLSTransformHmacSha512GetKlass:
+ *
+ * The HMAC-SHA512 transform klass.
+ *
+ * Returns: the HMAC-SHA512 transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformHmacSha512GetKlass(void) {
+ return (xmlSecGCryptTransformHmacSha512GetKlass());
+}
+#endif /* XMLSEC_NO_SHA512 */
+
+
+#ifndef XMLSEC_NO_RIPEMD160
+/**
+ * xmlSecGnuTLSTransformHmacRipemd160GetKlass:
+ *
+ * The HMAC-RIPEMD160 transform klass.
+ *
+ * Returns: the HMAC-RIPEMD160 transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformHmacRipemd160GetKlass(void) {
+ return (xmlSecGCryptTransformHmacRipemd160GetKlass());
+}
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_MD5
+/**
+ * xmlSecGnuTLSTransformHmacMd5GetKlass:
+ *
+ * The HMAC-MD5 transform klass.
+ *
+ * Returns: the HMAC-MD5 transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformHmacMd5GetKlass(void) {
+ return (xmlSecGCryptTransformHmacMd5GetKlass());
+}
+#endif /* XMLSEC_NO_MD5 */
+
+
+#endif /* XMLSEC_NO_HMAC */
diff --git a/src/gnutls/kw_aes.c b/src/gnutls/kw_aes.c
new file mode 100644
index 00000000..63f8a6be
--- /dev/null
+++ b/src/gnutls/kw_aes.c
@@ -0,0 +1,72 @@
+/**
+ *
+ * XMLSec library
+ *
+ * AES Algorithm support
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef XMLSEC_NO_AES
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gnutls/crypto.h>
+
+/**************************************************************************
+ *
+ * We use xmlsec-gcrypt for all the basic crypto ops
+ *
+ *****************************************************************************/
+#include <xmlsec/gcrypt/crypto.h>
+
+
+
+/**
+ * xmlSecGnuTLSTransformKWAes128GetKlass:
+ *
+ * The AES-128 kew wrapper transform klass.
+ *
+ * Returns: AES-128 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformKWAes128GetKlass(void) {
+ return(xmlSecGCryptTransformKWAes128GetKlass());
+}
+
+/**
+ * xmlSecGnuTLSTransformKWAes192GetKlass:
+ *
+ * The AES-192 kew wrapper transform klass.
+ *
+ * Returns: AES-192 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformKWAes192GetKlass(void) {
+ return(xmlSecGCryptTransformKWAes192GetKlass());
+}
+
+/**
+ * xmlSecGnuTLSTransformKWAes256GetKlass:
+ *
+ * The AES-256 kew wrapper transform klass.
+ *
+ * Returns: AES-256 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformKWAes256GetKlass(void) {
+ return(xmlSecGCryptTransformKWAes256GetKlass());
+}
+
+#endif /* XMLSEC_NO_AES */
diff --git a/src/gnutls/kw_des.c b/src/gnutls/kw_des.c
new file mode 100644
index 00000000..5d2a2e55
--- /dev/null
+++ b/src/gnutls/kw_des.c
@@ -0,0 +1,51 @@
+/**
+ *
+ * XMLSec library
+ *
+ * DES Algorithm support
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef XMLSEC_NO_DES
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <gcrypt.h>
+
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gnutls/crypto.h>
+
+/**************************************************************************
+ *
+ * We use xmlsec-gcrypt for all the basic crypto ops
+ *
+ *****************************************************************************/
+#include <xmlsec/gcrypt/crypto.h>
+
+
+/**
+ * xmlSecGnuTLSTransformKWDes3GetKlass:
+ *
+ * The Triple DES key wrapper transform klass.
+ *
+ * Returns: Triple DES key wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformKWDes3GetKlass(void) {
+ return(xmlSecGCryptTransformKWDes3GetKlass());
+}
+
+#endif /* XMLSEC_NO_DES */
+
diff --git a/src/gnutls/signatures.c b/src/gnutls/signatures.c
new file mode 100644
index 00000000..98d1f832
--- /dev/null
+++ b/src/gnutls/signatures.c
@@ -0,0 +1,148 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gnutls/crypto.h>
+
+/**************************************************************************
+ *
+ * We use xmlsec-gcrypt for all the basic crypto ops
+ *
+ *****************************************************************************/
+#include <xmlsec/gcrypt/crypto.h>
+#include <gcrypt.h>
+
+
+#ifndef XMLSEC_NO_DSA
+
+#ifndef XMLSEC_NO_SHA1
+
+/**
+ * xmlSecGnuTLSTransformDsaSha1GetKlass:
+ *
+ * The DSA-SHA1 signature transform klass.
+ *
+ * Returns: DSA-SHA1 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformDsaSha1GetKlass(void) {
+ return (xmlSecGCryptTransformDsaSha1GetKlass());
+}
+
+#endif /* XMLSEC_NO_SHA1 */
+
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_MD5
+
+/**
+ * xmlSecGnuTLSTransformRsaMd5GetKlass:
+ *
+ * The RSA-MD5 signature transform klass.
+ *
+ * Returns: RSA-MD5 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformRsaMd5GetKlass(void) {
+ return (xmlSecGCryptTransformRsaMd5GetKlass());
+}
+
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+
+/**
+ * xmlSecGnuTLSTransformRsaRipemd160GetKlass:
+ *
+ * The RSA-RIPEMD160 signature transform klass.
+ *
+ * Returns: RSA-RIPEMD160 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformRsaRipemd160GetKlass(void) {
+ return (xmlSecGCryptTransformRsaRipemd160GetKlass());
+}
+
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+/**
+ * xmlSecGnuTLSTransformRsaSha1GetKlass:
+ *
+ * The RSA-SHA1 signature transform klass.
+ *
+ * Returns: RSA-SHA1 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformRsaSha1GetKlass(void) {
+ return (xmlSecGCryptTransformRsaSha1GetKlass());
+}
+
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+
+/**
+ * xmlSecGnuTLSTransformRsaSha256GetKlass:
+ *
+ * The RSA-SHA256 signature transform klass.
+ *
+ * Returns: RSA-SHA256 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformRsaSha256GetKlass(void) {
+ return (xmlSecGCryptTransformRsaSha256GetKlass());
+}
+
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+
+/**
+ * xmlSecGnuTLSTransformRsaSha384GetKlass:
+ *
+ * The RSA-SHA384 signature transform klass.
+ *
+ * Returns: RSA-SHA384 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformRsaSha384GetKlass(void) {
+ return (xmlSecGCryptTransformRsaSha384GetKlass());
+}
+
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/**
+ * xmlSecGnuTLSTransformRsaSha512GetKlass:
+ *
+ * The RSA-SHA512 signature transform klass.
+ *
+ * Returns: RSA-SHA512 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecGnuTLSTransformRsaSha512GetKlass(void) {
+ return (xmlSecGCryptTransformRsaSha512GetKlass());
+}
+
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_RSA */
+
+
+
diff --git a/src/gnutls/symkeys.c b/src/gnutls/symkeys.c
new file mode 100644
index 00000000..b1521d62
--- /dev/null
+++ b/src/gnutls/symkeys.c
@@ -0,0 +1,125 @@
+/**
+ *
+ * XMLSec library
+ *
+ * DES Algorithm support
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gnutls/crypto.h>
+
+/**************************************************************************
+ *
+ * We use xmlsec-gcrypt for all the basic crypto ops
+ *
+ *****************************************************************************/
+#include <xmlsec/gcrypt/crypto.h>
+
+
+
+#ifndef XMLSEC_NO_AES
+/**
+ * xmlSecGnuTLSKeyDataAesGetKlass:
+ *
+ * The AES key data klass.
+ *
+ * Returns: AES key data klass.
+ */
+xmlSecKeyDataId
+xmlSecGnuTLSKeyDataAesGetKlass(void) {
+ return (xmlSecGCryptKeyDataAesGetKlass());
+}
+
+/**
+ * xmlSecGnuTLSKeyDataAesSet:
+ * @data: the pointer to AES key data.
+ * @buf: the pointer to key value.
+ * @bufSize: the key value size (in bytes).
+ *
+ * Sets the value of AES key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecGnuTLSKeyDataAesSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
+ return (xmlSecGCryptKeyDataAesSet(data, buf, bufSize));
+}
+#endif /* XMLSEC_NO_AES */
+
+#ifndef XMLSEC_NO_DES
+/**
+ * xmlSecGnuTLSKeyDataDesGetKlass:
+ *
+ * The DES key data klass.
+ *
+ * Returns: DES key data klass.
+ */
+xmlSecKeyDataId
+xmlSecGnuTLSKeyDataDesGetKlass(void) {
+ return (xmlSecGCryptKeyDataDesGetKlass());
+}
+
+/**
+ * xmlSecGnuTLSKeyDataDesSet:
+ * @data: the pointer to DES key data.
+ * @buf: the pointer to key value.
+ * @bufSize: the key value size (in bytes).
+ *
+ * Sets the value of DES key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecGnuTLSKeyDataDesSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
+ return (xmlSecGCryptKeyDataDesSet(data, buf, bufSize));
+}
+
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_HMAC
+
+/**
+ * xmlSecGnuTLSKeyDataHmacGetKlass:
+ *
+ * The HMAC key data klass.
+ *
+ * Returns: HMAC key data klass.
+ */
+xmlSecKeyDataId
+xmlSecGnuTLSKeyDataHmacGetKlass(void) {
+ return (xmlSecGCryptKeyDataHmacGetKlass());
+}
+
+/**
+ * xmlSecGnuTLSKeyDataHmacSet:
+ * @data: the pointer to HMAC key data.
+ * @buf: the pointer to key value.
+ * @bufSize: the key value size (in bytes).
+ *
+ * Sets the value of HMAC key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecGnuTLSKeyDataHmacSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
+ return (xmlSecGCryptKeyDataHmacSet(data, buf, bufSize));
+}
+
+#endif /* XMLSEC_NO_HMAC */
+
diff --git a/src/gnutls/x509.c b/src/gnutls/x509.c
new file mode 100644
index 00000000..52d46ab4
--- /dev/null
+++ b/src/gnutls/x509.c
@@ -0,0 +1,1960 @@
+/**
+ * XMLSec library
+ *
+ * X509 support
+ *
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#ifndef XMLSEC_NO_X509
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+#include <time.h>
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/x509.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/errors.h>
+#include <xmlsec/private.h>
+
+#include <xmlsec/gnutls/crypto.h>
+#include <xmlsec/gnutls/x509.h>
+
+#include "x509utils.h"
+
+/*************************************************************************
+ *
+ * X509 utility functions
+ *
+ ************************************************************************/
+static int xmlSecGnuTLSX509DataNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSX509CertificateNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSX509CertificateNodeWrite (gnutls_x509_crt_t cert,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSX509SubjectNameNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSX509SubjectNameNodeWrite (gnutls_x509_crt_t cert,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSX509IssuerSerialNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSX509IssuerSerialNodeWrite (gnutls_x509_crt_t cert,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSX509SKINodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSX509SKINodeWrite (gnutls_x509_crt_t cert,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSX509CRLNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSX509CRLNodeWrite (gnutls_x509_crl_t crl,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data,
+ xmlSecKeyPtr key,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+
+/*************************************************************************
+ *
+ * Internal GnuTLS X509 data CTX
+ *
+ ************************************************************************/
+typedef struct _xmlSecGnuTLSX509DataCtx xmlSecGnuTLSX509DataCtx,
+ *xmlSecGnuTLSX509DataCtxPtr;
+struct _xmlSecGnuTLSX509DataCtx {
+ gnutls_x509_crt_t keyCert;
+ xmlSecPtrList certsList;
+ xmlSecPtrList crlsList;
+};
+
+
+/**************************************************************************
+ *
+ * <dsig:X509Data> processing
+ *
+ *
+ * The X509Data Element (http://www.w3.org/TR/xmldsig-core/#sec-X509Data)
+ *
+ * An X509Data element within KeyInfo contains one or more identifiers of keys
+ * or X509 certificates (or certificates' identifiers or a revocation list).
+ * The content of X509Data is:
+ *
+ * 1. At least one element, from the following set of element types; any of these may appear together or more than once iff (if and only if) each instance describes or is related to the same certificate:
+ * 2.
+ * * The X509IssuerSerial element, which contains an X.509 issuer
+ * distinguished name/serial number pair that SHOULD be compliant
+ * with RFC2253 [LDAP-DN],
+ * * The X509SubjectName element, which contains an X.509 subject
+ * distinguished name that SHOULD be compliant with RFC2253 [LDAP-DN],
+ * * The X509SKI element, which contains the base64 encoded plain (i.e.
+ * non-DER-encoded) value of a X509 V.3 SubjectKeyIdentifier extension.
+ * * The X509Certificate element, which contains a base64-encoded [X509v3]
+ * certificate, and
+ * * Elements from an external namespace which accompanies/complements any
+ * of the elements above.
+ * * The X509CRL element, which contains a base64-encoded certificate
+ * revocation list (CRL) [X509v3].
+ *
+ * Any X509IssuerSerial, X509SKI, and X509SubjectName elements that appear
+ * MUST refer to the certificate or certificates containing the validation key.
+ * All such elements that refer to a particular individual certificate MUST be
+ * grouped inside a single X509Data element and if the certificate to which
+ * they refer appears, it MUST also be in that X509Data element.
+ *
+ * Any X509IssuerSerial, X509SKI, and X509SubjectName elements that relate to
+ * the same key but different certificates MUST be grouped within a single
+ * KeyInfo but MAY occur in multiple X509Data elements.
+ *
+ * All certificates appearing in an X509Data element MUST relate to the
+ * validation key by either containing it or being part of a certification
+ * chain that terminates in a certificate containing the validation key.
+ *
+ * No ordering is implied by the above constraints.
+ *
+ * Note, there is no direct provision for a PKCS#7 encoded "bag" of
+ * certificates or CRLs. However, a set of certificates and CRLs can occur
+ * within an X509Data element and multiple X509Data elements can occur in a
+ * KeyInfo. Whenever multiple certificates occur in an X509Data element, at
+ * least one such certificate must contain the public key which verifies the
+ * signature.
+ *
+ * Schema Definition
+ *
+ * <element name="X509Data" type="ds:X509DataType"/>
+ * <complexType name="X509DataType">
+ * <sequence maxOccurs="unbounded">
+ * <choice>
+ * <element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/>
+ * <element name="X509SKI" type="base64Binary"/>
+ * <element name="X509SubjectName" type="string"/>
+ * <element name="X509Certificate" type="base64Binary"/>
+ * <element name="X509CRL" type="base64Binary"/>
+ * <any namespace="##other" processContents="lax"/>
+ * </choice>
+ * </sequence>
+ * </complexType>
+ * <complexType name="X509IssuerSerialType">
+ * <sequence>
+ * <element name="X509IssuerName" type="string"/>
+ * <element name="X509SerialNumber" type="integer"/>
+ * </sequence>
+ * </complexType>
+ *
+ * DTD
+ *
+ * <!ELEMENT X509Data ((X509IssuerSerial | X509SKI | X509SubjectName |
+ * X509Certificate | X509CRL)+ %X509.ANY;)>
+ * <!ELEMENT X509IssuerSerial (X509IssuerName, X509SerialNumber) >
+ * <!ELEMENT X509IssuerName (#PCDATA) >
+ * <!ELEMENT X509SubjectName (#PCDATA) >
+ * <!ELEMENT X509SerialNumber (#PCDATA) >
+ * <!ELEMENT X509SKI (#PCDATA) >
+ * <!ELEMENT X509Certificate (#PCDATA) >
+ * <!ELEMENT X509CRL (#PCDATA) >
+ *
+ * -----------------------------------------------------------------------
+ *
+ * xmlSecGnuTLSX509DataCtx is located after xmlSecTransform
+ *
+ *************************************************************************/
+#define xmlSecGnuTLSX509DataSize \
+ (sizeof(xmlSecKeyData) + sizeof(xmlSecGnuTLSX509DataCtx))
+#define xmlSecGnuTLSX509DataGetCtx(data) \
+ ((xmlSecGnuTLSX509DataCtxPtr)(((xmlSecByte*)(data)) + sizeof(xmlSecKeyData)))
+
+static int xmlSecGnuTLSKeyDataX509Initialize (xmlSecKeyDataPtr data);
+static int xmlSecGnuTLSKeyDataX509Duplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecGnuTLSKeyDataX509Finalize (xmlSecKeyDataPtr data);
+static int xmlSecGnuTLSKeyDataX509XmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSKeyDataX509XmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static xmlSecKeyDataType xmlSecGnuTLSKeyDataX509GetType (xmlSecKeyDataPtr data);
+static const xmlChar* xmlSecGnuTLSKeyDataX509GetIdentifier (xmlSecKeyDataPtr data);
+
+static void xmlSecGnuTLSKeyDataX509DebugDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecGnuTLSKeyDataX509DebugXmlDump (xmlSecKeyDataPtr data,
+ FILE* output);
+
+
+
+static xmlSecKeyDataKlass xmlSecGnuTLSKeyDataX509Klass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecGnuTLSX509DataSize,
+
+ /* data */
+ xmlSecNameX509Data,
+ xmlSecKeyDataUsageKeyInfoNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefX509Data, /* const xmlChar* href; */
+ xmlSecNodeX509Data, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecGnuTLSKeyDataX509Initialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecGnuTLSKeyDataX509Duplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecGnuTLSKeyDataX509Finalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ NULL, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecGnuTLSKeyDataX509GetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
+ xmlSecGnuTLSKeyDataX509GetIdentifier, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecGnuTLSKeyDataX509XmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecGnuTLSKeyDataX509XmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecGnuTLSKeyDataX509DebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecGnuTLSKeyDataX509DebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSKeyDataX509GetKlass:
+ *
+ * The GnuTLS X509 key data klass (http://www.w3.org/TR/xmldsig-core/#sec-X509Data).
+ *
+ * Returns: the X509 data klass.
+ */
+xmlSecKeyDataId
+xmlSecGnuTLSKeyDataX509GetKlass(void) {
+ return(&xmlSecGnuTLSKeyDataX509Klass);
+}
+
+/**
+ * xmlSecGnuTLSKeyDataX509GetKeyCert:
+ * @data: the pointer to X509 key data.
+ *
+ * Gets the certificate from which the key was extracted.
+ *
+ * Returns: the key's certificate or NULL if key data was not used for key
+ * extraction or an error occurs.
+ */
+gnutls_x509_crt_t
+xmlSecGnuTLSKeyDataX509GetKeyCert(xmlSecKeyDataPtr data) {
+ xmlSecGnuTLSX509DataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), NULL);
+
+ ctx = xmlSecGnuTLSX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, NULL);
+
+ return(ctx->keyCert);
+}
+
+/**
+ * xmlSecGnuTLSKeyDataX509AdoptKeyCert:
+ * @data: the pointer to X509 key data.
+ * @cert: the pointer to GnuTLS X509 certificate.
+ *
+ * Sets the key's certificate in @data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecGnuTLSKeyDataX509AdoptKeyCert(xmlSecKeyDataPtr data, gnutls_x509_crt_t cert) {
+ xmlSecGnuTLSX509DataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), -1);
+ xmlSecAssert2(cert != NULL, -1);
+
+ ctx = xmlSecGnuTLSX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if(ctx->keyCert != NULL) {
+ gnutls_x509_crt_deinit(ctx->keyCert);
+ }
+ ctx->keyCert = cert;
+ return(0);
+}
+
+/**
+ * xmlSecGnuTLSKeyDataX509AdoptCert:
+ * @data: the pointer to X509 key data.
+ * @cert: the pointer to GnuTLS X509 certificate.
+ *
+ * Adds certificate to the X509 key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecGnuTLSKeyDataX509AdoptCert(xmlSecKeyDataPtr data, gnutls_x509_crt_t cert) {
+ xmlSecGnuTLSX509DataCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), -1);
+ xmlSecAssert2(cert != NULL, -1);
+
+ ctx = xmlSecGnuTLSX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ ret = xmlSecPtrListAdd(&(ctx->certsList), cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecGnuTLSKeyDataX509GetCert:
+ * @data: the pointer to X509 key data.
+ * @pos: the desired certificate position.
+ *
+ * Gets a certificate from X509 key data.
+ *
+ * Returns: the pointer to certificate or NULL if @pos is larger than the
+ * number of certificates in @data or an error occurs.
+ */
+gnutls_x509_crt_t
+xmlSecGnuTLSKeyDataX509GetCert(xmlSecKeyDataPtr data, xmlSecSize pos) {
+ xmlSecGnuTLSX509DataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), NULL);
+
+ ctx = xmlSecGnuTLSX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, NULL);
+
+ return(xmlSecPtrListGetItem(&(ctx->certsList), pos));
+}
+
+/**
+ * xmlSecGnuTLSKeyDataX509GetCertsSize:
+ * @data: the pointer to X509 key data.
+ *
+ * Gets the number of certificates in @data.
+ *
+ * Returns: te number of certificates in @data.
+ */
+xmlSecSize
+xmlSecGnuTLSKeyDataX509GetCertsSize(xmlSecKeyDataPtr data) {
+ xmlSecGnuTLSX509DataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), 0);
+
+ ctx = xmlSecGnuTLSX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, 0);
+
+ return(xmlSecPtrListGetSize(&(ctx->certsList)));
+}
+
+/**
+ * xmlSecGnuTLSKeyDataX509AdoptCrl:
+ * @data: the pointer to X509 key data.
+ * @crl: the pointer to GnuTLS X509 crl.
+ *
+ * Adds crl to the X509 key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecGnuTLSKeyDataX509AdoptCrl(xmlSecKeyDataPtr data, gnutls_x509_crl_t crl) {
+ xmlSecGnuTLSX509DataCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), -1);
+ xmlSecAssert2(crl != NULL, -1);
+
+ ctx = xmlSecGnuTLSX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ ret = xmlSecPtrListAdd(&(ctx->crlsList), crl);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecGnuTLSKeyDataX509GetCrl:
+ * @data: the pointer to X509 key data.
+ * @pos: the desired crl position.
+ *
+ * Gets a crl from X509 key data.
+ *
+ * Returns: the pointer to crl or NULL if @pos is larger than the
+ * number of crls in @data or an error occurs.
+ */
+gnutls_x509_crl_t
+xmlSecGnuTLSKeyDataX509GetCrl(xmlSecKeyDataPtr data, xmlSecSize pos) {
+ xmlSecGnuTLSX509DataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), NULL);
+
+ ctx = xmlSecGnuTLSX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, NULL);
+
+ return(xmlSecPtrListGetItem(&(ctx->crlsList), pos));
+}
+
+/**
+ * xmlSecGnuTLSKeyDataX509GetCrlsSize:
+ * @data: the pointer to X509 key data.
+ *
+ * Gets the number of crls in @data.
+ *
+ * Returns: te number of crls in @data.
+ */
+xmlSecSize
+xmlSecGnuTLSKeyDataX509GetCrlsSize(xmlSecKeyDataPtr data) {
+ xmlSecGnuTLSX509DataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), 0);
+
+ ctx = xmlSecGnuTLSX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, 0);
+
+ return(xmlSecPtrListGetSize(&(ctx->crlsList)));
+}
+
+
+static int
+xmlSecGnuTLSKeyDataX509Initialize(xmlSecKeyDataPtr data) {
+ xmlSecGnuTLSX509DataCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), -1);
+
+ ctx = xmlSecGnuTLSX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecGnuTLSX509DataCtx));
+
+ ret = xmlSecPtrListInitialize(&(ctx->certsList), xmlSecGnuTLSX509CrtListId);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecPtrListInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "certsList");
+ return(-1);
+ }
+
+ ret = xmlSecPtrListInitialize(&(ctx->crlsList), xmlSecGnuTLSX509CrlListId);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecPtrListInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "crlsList");
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecGnuTLSKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecGnuTLSX509DataCtxPtr ctxSrc;
+ xmlSecGnuTLSX509DataCtxPtr ctxDst;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecGnuTLSKeyDataX509Id), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecGnuTLSKeyDataX509Id), -1);
+
+ ctxSrc = xmlSecGnuTLSX509DataGetCtx(src);
+ xmlSecAssert2(ctxSrc != NULL, 0);
+ ctxDst = xmlSecGnuTLSX509DataGetCtx(dst);
+ xmlSecAssert2(ctxDst != NULL, 0);
+
+ /* copy key cert if exist */
+ if(ctxDst->keyCert != NULL) {
+ gnutls_x509_crt_deinit(ctxDst->keyCert);
+ ctxDst->keyCert = NULL;
+ }
+ if(ctxSrc->keyCert != NULL) {
+ ctxDst->keyCert = xmlSecGnuTLSX509CertDup(ctxSrc->keyCert);
+ if(ctxDst->keyCert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)),
+ "xmlSecGnuTLSX509CertDup",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ /* copy certsList if exists */
+ xmlSecPtrListEmpty(&(ctxDst->certsList));
+ ret = xmlSecPtrListCopy(&(ctxDst->certsList), &(ctxSrc->certsList));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)),
+ "xmlSecPtrListCopy",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "certsList");
+ return(-1);
+ }
+
+ /* copy crlsList if exists */
+ xmlSecPtrListEmpty(&(ctxDst->crlsList));
+ ret = xmlSecPtrListCopy(&(ctxDst->crlsList), &(ctxSrc->crlsList));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)),
+ "xmlSecPtrListCopy",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "crlsList");
+ return(-1);
+ }
+ /* done */
+ return(0);
+}
+
+static void
+xmlSecGnuTLSKeyDataX509Finalize(xmlSecKeyDataPtr data) {
+ xmlSecGnuTLSX509DataCtxPtr ctx;
+
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id));
+
+ ctx = xmlSecGnuTLSX509DataGetCtx(data);
+ xmlSecAssert(ctx != NULL);
+
+ xmlSecPtrListFinalize(&(ctx->crlsList));
+ xmlSecPtrListFinalize(&(ctx->certsList));
+ if(ctx->keyCert != NULL) {
+ gnutls_x509_crt_deinit(ctx->keyCert);
+ }
+ memset(ctx, 0, sizeof(xmlSecGnuTLSX509DataCtx));
+}
+
+static int
+xmlSecGnuTLSKeyDataX509XmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataPtr data;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecGnuTLSKeyDataX509Id, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ data = xmlSecKeyEnsureData(key, id);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyEnsureData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecGnuTLSX509DataNodeRead(data, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSX509DataNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS) == 0) {
+ ret = xmlSecGnuTLSKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSKeyDataX509VerifyAndExtractKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ return(0);
+}
+
+static int
+xmlSecGnuTLSKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataPtr data;
+ gnutls_x509_crt_t cert;
+ gnutls_x509_crl_t crl;
+ xmlSecSize size, pos;
+ int content;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecGnuTLSKeyDataX509Id, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx);
+ if (content < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecX509DataGetNodeContent",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "content=%d", content);
+ return(-1);
+ } else if(content == 0) {
+ /* by default we are writing certificates and crls */
+ content = XMLSEC_X509DATA_DEFAULT;
+ }
+
+ /* get x509 data */
+ data = xmlSecKeyGetData(key, id);
+ if(data == NULL) {
+ /* no x509 data in the key */
+ return(0);
+ }
+
+ /* write certs */
+ size = xmlSecGnuTLSKeyDataX509GetCertsSize(data);
+ for(pos = 0; pos < size; ++pos) {
+ cert = xmlSecGnuTLSKeyDataX509GetCert(data, pos);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSKeyDataX509GetCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+
+ if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) {
+ ret = xmlSecGnuTLSX509CertificateNodeWrite(cert, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSX509CertificateNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+
+ if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) {
+ ret = xmlSecGnuTLSX509SubjectNameNodeWrite(cert, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSX509SubjectNameNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+
+ if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) {
+ ret = xmlSecGnuTLSX509IssuerSerialNodeWrite(cert, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSX509IssuerSerialNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+
+ if((content & XMLSEC_X509DATA_SKI_NODE) != 0) {
+ ret = xmlSecGnuTLSX509SKINodeWrite(cert, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSX509SKINodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+ }
+
+ /* write crls if needed */
+ if((content & XMLSEC_X509DATA_CRL_NODE) != 0) {
+ size = xmlSecGnuTLSKeyDataX509GetCrlsSize(data);
+ for(pos = 0; pos < size; ++pos) {
+ crl = xmlSecGnuTLSKeyDataX509GetCrl(data, pos);
+ if(crl == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSKeyDataX509GetCrl",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+
+ ret = xmlSecGnuTLSX509CRLNodeWrite(crl, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSX509CRLNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+ }
+
+ /* done */
+ return(0);
+}
+
+
+static xmlSecKeyDataType
+xmlSecGnuTLSKeyDataX509GetType(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), xmlSecKeyDataTypeUnknown);
+
+ /* TODO: return verified/not verified status */
+ return(xmlSecKeyDataTypeUnknown);
+}
+
+static const xmlChar*
+xmlSecGnuTLSKeyDataX509GetIdentifier(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), NULL);
+
+ /* TODO */
+ return(NULL);
+}
+
+static void
+xmlSecGnuTLSKeyDataX509DebugDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecSize size, pos;
+
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "=== X509 Data:\n");
+
+ /* key cert */
+ {
+ gnutls_x509_crt_t cert;
+
+ cert = xmlSecGnuTLSKeyDataX509GetKeyCert(data);
+ if(cert != NULL) {
+ fprintf(output, "==== Key Certificate:\n");
+ xmlSecGnuTLSX509CertDebugDump(cert, output);
+ }
+ }
+
+ /* other certs */
+ size = xmlSecGnuTLSKeyDataX509GetCertsSize(data);
+ for(pos = 0; pos < size; ++pos) {
+ gnutls_x509_crt_t cert;
+
+ cert = xmlSecGnuTLSKeyDataX509GetCert(data, pos);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSKeyDataX509GetCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return;
+ }
+ fprintf(output, "==== Certificate:\n");
+ xmlSecGnuTLSX509CertDebugDump(cert, output);
+ }
+
+ /* crls */
+ size = xmlSecGnuTLSKeyDataX509GetCrlsSize(data);
+ for(pos = 0; pos < size; ++pos) {
+ gnutls_x509_crl_t crl;
+
+ crl = xmlSecGnuTLSKeyDataX509GetCrl(data, pos);
+ if(crl == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSKeyDataX509GetCrl",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return;
+ }
+ fprintf(output, "==== Crl:\n");
+ xmlSecGnuTLSX509CrlDebugDump(crl, output);
+ }
+}
+
+static void
+xmlSecGnuTLSKeyDataX509DebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecSize size, pos;
+
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "<X509Data>\n");
+
+ /* key cert */
+ {
+ gnutls_x509_crt_t cert;
+
+ cert = xmlSecGnuTLSKeyDataX509GetKeyCert(data);
+ if(cert != NULL) {
+ fprintf(output, "<KeyCertificate>\n");
+ xmlSecGnuTLSX509CertDebugXmlDump(cert, output);
+ fprintf(output, "</KeyCertificate>\n");
+ }
+ }
+
+ /* other certs */
+ size = xmlSecGnuTLSKeyDataX509GetCertsSize(data);
+ for(pos = 0; pos < size; ++pos) {
+ gnutls_x509_crt_t cert;
+
+ cert = xmlSecGnuTLSKeyDataX509GetCert(data, pos);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSKeyDataX509GetCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return;
+ }
+ fprintf(output, "<Certificate>\n");
+ xmlSecGnuTLSX509CertDebugXmlDump(cert, output);
+ fprintf(output, "</Certificate>\n");
+ }
+
+ /* other crls */
+ size = xmlSecGnuTLSKeyDataX509GetCrlsSize(data);
+ for(pos = 0; pos < size; ++pos) {
+ gnutls_x509_crl_t crl;
+
+ crl = xmlSecGnuTLSKeyDataX509GetCrl(data, pos);
+ if(crl == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSKeyDataX509GetCrl",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return;
+ }
+ fprintf(output, "<CRL>\n");
+ xmlSecGnuTLSX509CrlDebugXmlDump(crl, output);
+ fprintf(output, "</CRL>\n");
+ }
+
+ /* we don't print out crls */
+ fprintf(output, "</X509Data>\n");
+}
+
+static int
+xmlSecGnuTLSX509DataNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ for(cur = xmlSecGetNextElementNode(node->children);
+ cur != NULL;
+ cur = xmlSecGetNextElementNode(cur->next)) {
+
+ ret = 0;
+ if(xmlSecCheckNodeName(cur, xmlSecNodeX509Certificate, xmlSecDSigNs)) {
+ ret = xmlSecGnuTLSX509CertificateNodeRead(data, cur, keyInfoCtx);
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) {
+ ret = xmlSecGnuTLSX509SubjectNameNodeRead(data, cur, keyInfoCtx);
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) {
+ ret = xmlSecGnuTLSX509IssuerSerialNodeRead(data, cur, keyInfoCtx);
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) {
+ ret = xmlSecGnuTLSX509SKINodeRead(data, cur, keyInfoCtx);
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) {
+ ret = xmlSecGnuTLSX509CRLNodeRead(data, cur, keyInfoCtx);
+ } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD) != 0) {
+ /* laxi schema validation: ignore unknown nodes */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "read node failed");
+ return(-1);
+ }
+ }
+ return(0);
+}
+
+static int
+xmlSecGnuTLSX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlChar *content;
+ gnutls_x509_crt_t cert;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ content = xmlNodeGetContent(node);
+ if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
+ if(content != NULL) {
+ xmlFree(content);
+ }
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+ }
+
+ cert = xmlSecGnuTLSX509CertBase64DerRead(content);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSX509CertBase64DerRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(content);
+ return(-1);
+ }
+
+ ret = xmlSecGnuTLSKeyDataX509AdoptCert(data, cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gnutls_x509_crt_deinit(cert);
+ xmlFree(content);
+ return(-1);
+ }
+
+ xmlFree(content);
+ return(0);
+}
+
+static int
+xmlSecGnuTLSX509CertificateNodeWrite(gnutls_x509_crt_t cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlChar* buf;
+ xmlNodePtr cur;
+
+ xmlSecAssert2(cert != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ /* set base64 lines size from context */
+ buf = xmlSecGnuTLSX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertBase64DerWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
+ xmlFree(buf);
+ return(-1);
+ }
+
+ /* todo: add \n around base64 data - from context */
+ /* todo: add errors check */
+ xmlNodeSetContent(cur, xmlSecStringCR);
+ xmlNodeSetContent(cur, buf);
+ xmlFree(buf);
+ return(0);
+}
+
+
+
+#define XMLSEC_GNUTLS_IS_SPACE(ch) \
+ (((ch) == ' ') || ((ch) == '\r') || ((ch) == '\n'))
+
+static void
+xmlSecGnuTLSX509Trim(xmlChar * str) {
+ xmlChar * p, * q;
+
+ xmlSecAssert(str != NULL);
+
+ /* skip spaces from the beggining */
+ p = str;
+ while(XMLSEC_GNUTLS_IS_SPACE(*p) && ((*p) != '\0')) ++p;
+ if(p != str) {
+ for(q = str; ; ++q, ++p) {
+ (*q) = (*p);
+ if((*p) == '\0') {
+ break;
+ }
+ }
+ }
+
+ /* skip spaces from the end */
+ for(p = str; (*p) != '\0'; ++p);
+ while((p > str) && (XMLSEC_GNUTLS_IS_SPACE(*(p - 1)))) *(--p) = '\0';
+}
+
+static int
+xmlSecGnuTLSX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataStorePtr x509Store;
+ xmlChar* subject;
+ gnutls_x509_crt_t cert;
+ gnutls_x509_crt_t cert2;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyInfoCtx->keysMngr != NULL, -1);
+
+ x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecGnuTLSX509StoreId);
+ if(x509Store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ subject = xmlNodeGetContent(node);
+ if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) {
+ if(subject != NULL) {
+ xmlFree(subject);
+ }
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+ }
+
+ xmlSecGnuTLSX509Trim(subject);
+ cert = xmlSecGnuTLSX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx);
+ if(cert == NULL){
+
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_FOUND,
+ "subject=%s",
+ xmlSecErrorsSafeString(subject));
+ xmlFree(subject);
+ return(-1);
+ }
+
+ xmlFree(subject);
+ return(0);
+ }
+
+ cert2 = xmlSecGnuTLSX509CertDup(cert);
+ if(cert2 == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSX509CertDup",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+
+ xmlFree(subject);
+ return(-1);
+ }
+
+ ret = xmlSecGnuTLSKeyDataX509AdoptCert(data, cert2);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gnutls_x509_crt_deinit(cert2);
+ xmlFree(subject);
+ return(-1);
+ }
+
+ xmlFree(subject);
+ return(0);
+}
+
+static int
+xmlSecGnuTLSX509SubjectNameNodeWrite(gnutls_x509_crt_t cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
+ xmlChar* buf = NULL;
+ xmlNodePtr cur = NULL;
+
+ xmlSecAssert2(cert != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* add node */
+ cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SubjectName));
+ return(-1);
+ }
+
+ /* get subject */
+ buf = xmlSecGnuTLSX509CertGetSubjectDN(cert);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertGetSubjectDN",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* set value */
+ xmlSecNodeEncodeAndSetContent(cur, buf);
+
+ /* done */
+ xmlFree(buf);
+ return(0);
+}
+
+static int
+xmlSecGnuTLSX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataStorePtr x509Store;
+ xmlNodePtr cur;
+ xmlChar *issuerName;
+ xmlChar *issuerSerial;
+ gnutls_x509_crt_t cert;
+ gnutls_x509_crt_t cert2;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyInfoCtx->keysMngr != NULL, -1);
+
+ x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecGnuTLSX509StoreId);
+ if(x509Store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ cur = xmlSecGetNextElementNode(node->children);
+ if(cur == NULL) {
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+ return(0);
+ }
+
+ /* the first is required node X509IssuerName */
+ if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+ issuerName = xmlNodeGetContent(cur);
+ if(issuerName == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ /* next is required node X509SerialNumber */
+ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
+ xmlFree(issuerName);
+ return(-1);
+ }
+ issuerSerial = xmlNodeGetContent(cur);
+ if(issuerSerial == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ xmlFree(issuerName);
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(-1);
+ }
+
+ xmlSecGnuTLSX509Trim(issuerName);
+ xmlSecGnuTLSX509Trim(issuerSerial);
+ cert = xmlSecGnuTLSX509StoreFindCert(x509Store, NULL, issuerName, issuerSerial, NULL, keyInfoCtx);
+ if(cert == NULL){
+
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_FOUND,
+ "issuerName=%s;issuerSerial=%s",
+ xmlSecErrorsSafeString(issuerName),
+ xmlSecErrorsSafeString(issuerSerial));
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(-1);
+ }
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(0);
+ }
+
+ cert2 = xmlSecGnuTLSX509CertDup(cert);
+ if(cert2 == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSX509CertDup",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(-1);
+ }
+
+ ret = xmlSecGnuTLSKeyDataX509AdoptCert(data, cert2);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gnutls_x509_crt_deinit(cert2);
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(-1);
+ }
+
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(0);
+}
+
+static int
+xmlSecGnuTLSX509IssuerSerialNodeWrite(gnutls_x509_crt_t cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
+ xmlNodePtr cur;
+ xmlNodePtr issuerNameNode;
+ xmlNodePtr issuerNumberNode;
+ xmlChar* buf;
+
+ xmlSecAssert2(cert != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* create xml nodes */
+ cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial));
+ return(-1);
+ }
+
+ issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs);
+ if(issuerNameNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
+ return(-1);
+ }
+
+ issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs);
+ if(issuerNumberNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
+ return(-1);
+ }
+
+ /* write data */
+ buf = xmlSecGnuTLSX509CertGetIssuerDN(cert);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertGetIssuerDN",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ xmlSecNodeEncodeAndSetContent(issuerNameNode, buf);
+ xmlFree(buf);
+
+ buf = xmlSecGnuTLSX509CertGetIssuerSerial(cert);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertGetIssuerSerial",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ xmlSecNodeEncodeAndSetContent(issuerNumberNode, buf);
+ xmlFree(buf);
+
+ return(0);
+}
+
+
+static int
+xmlSecGnuTLSX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataStorePtr x509Store;
+ xmlChar* ski;
+ gnutls_x509_crt_t cert;
+ gnutls_x509_crt_t cert2;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyInfoCtx->keysMngr != NULL, -1);
+
+ x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecGnuTLSX509StoreId);
+ if(x509Store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ski = xmlNodeGetContent(node);
+ if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) {
+ if(ski != NULL) {
+ xmlFree(ski);
+ }
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SKI));
+ return(-1);
+ }
+ return(0);
+ }
+
+ xmlSecGnuTLSX509Trim(ski);
+ cert = xmlSecGnuTLSX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx);
+ if(cert == NULL){
+ xmlFree(ski);
+
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_FOUND,
+ "ski=%s",
+ xmlSecErrorsSafeString(ski));
+ return(-1);
+ }
+ return(0);
+ }
+
+ cert2 = xmlSecGnuTLSX509CertDup(cert);
+ if(cert2 == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSX509CertDup",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(ski);
+ return(-1);
+ }
+
+ ret = xmlSecGnuTLSKeyDataX509AdoptCert(data, cert2);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gnutls_x509_crt_deinit(cert2);
+ xmlFree(ski);
+ return(-1);
+ }
+
+ xmlFree(ski);
+ return(0);
+}
+
+static int
+xmlSecGnuTLSX509SKINodeWrite(gnutls_x509_crt_t cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
+ xmlChar *buf = NULL;
+ xmlNodePtr cur = NULL;
+
+ xmlSecAssert2(cert != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* add node */
+ cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "new_node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SKI));
+ return(-1);
+ }
+
+ /* write value */
+ buf = xmlSecGnuTLSX509CertGetSKI(cert);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertGetSKI",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ xmlSecNodeEncodeAndSetContent(cur, buf);
+ xmlFree(buf);
+
+ return(0);
+}
+
+static int
+xmlSecGnuTLSX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlChar *content;
+ gnutls_x509_crl_t crl;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ content = xmlNodeGetContent(node);
+ if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
+ if(content != NULL) {
+ xmlFree(content);
+ }
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+ }
+
+ crl = xmlSecGnuTLSX509CrlBase64DerRead(content);
+ if(crl == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSX509CrlBase64DerRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(content);
+ return(-1);
+ }
+
+ ret = xmlSecGnuTLSKeyDataX509AdoptCrl(data, crl);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSKeyDataX509AdoptCrl",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gnutls_x509_crl_deinit(crl);
+ xmlFree(content);
+ return(-1);
+ }
+
+ xmlFree(content);
+ return(0);
+}
+
+static int
+xmlSecGnuTLSX509CRLNodeWrite(gnutls_x509_crl_t crl, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlChar* buf = NULL;
+ xmlNodePtr cur = NULL;
+
+ xmlSecAssert2(crl != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ /* set base64 lines size from context */
+ buf = xmlSecGnuTLSX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CrlBase64DerWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "new_node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509CRL));
+ xmlFree(buf);
+ return(-1);
+ }
+ /* todo: add \n around base64 data - from context */
+ /* todo: add errors check */
+ xmlNodeSetContent(cur, xmlSecStringCR);
+ xmlNodeSetContent(cur, buf);
+ xmlFree(buf);
+
+ return(0);
+}
+
+
+static int
+xmlSecGnuTLSKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecGnuTLSX509DataCtxPtr ctx;
+ xmlSecKeyDataStorePtr x509Store;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyInfoCtx->keysMngr != NULL, -1);
+
+ ctx = xmlSecGnuTLSX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecGnuTLSX509StoreId);
+ if(x509Store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((ctx->keyCert == NULL) && (xmlSecPtrListGetSize(&(ctx->certsList)) > 0) && (xmlSecKeyGetValue(key) == NULL)) {
+ gnutls_x509_crt_t cert;
+
+ cert = xmlSecGnuTLSX509StoreVerify(x509Store, &(ctx->certsList), &(ctx->crlsList), keyInfoCtx);
+ if(cert != NULL) {
+ xmlSecKeyDataPtr keyValue;
+
+ ctx->keyCert = xmlSecGnuTLSX509CertDup(cert);
+ if(ctx->keyCert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSX509CertDup",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ keyValue = xmlSecGnuTLSX509CertGetKey(ctx->keyCert);
+ if(keyValue == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecGnuTLSX509CertGetKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* verify that the key matches our expectations */
+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeyReqMatchKeyValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(keyValue);
+ return(-1);
+ }
+
+ ret = xmlSecKeySetValue(key, keyValue);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(keyValue);
+ return(-1);
+ }
+
+ /* get expiration time */
+ key->notValidBefore = gnutls_x509_crt_get_activation_time(ctx->keyCert);
+ if(key->notValidBefore == (time_t)-1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "gnutls_x509_crt_get_activation_time",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ key->notValidAfter = gnutls_x509_crt_get_expiration_time(ctx->keyCert);
+ if(key->notValidAfter == (time_t)-1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "gnutls_x509_crt_get_expiration_time",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ return(0);
+}
+
+/**
+ * xmlSecGnuTLSX509CertGetKey:
+ * @cert: the certificate.
+ *
+ * Extracts public key from the @cert.
+ *
+ * Returns: public key value or NULL if an error occurs.
+ */
+xmlSecKeyDataPtr
+xmlSecGnuTLSX509CertGetKey(gnutls_x509_crt_t cert) {
+ xmlSecKeyDataPtr data;
+ int alg;
+ unsigned int bits;
+ int err;
+ int ret;
+
+ xmlSecAssert2(cert != NULL, NULL);
+
+ alg = gnutls_x509_crt_get_pk_algorithm(cert, &bits);
+ if(alg < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_get_pk_algorithm",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(alg));
+ return(NULL);
+ }
+
+ switch(alg) {
+#ifndef XMLSEC_NO_RSA
+ case GNUTLS_PK_RSA:
+ {
+ gnutls_datum_t m, e;
+
+ data = xmlSecKeyDataCreate(xmlSecGnuTLSKeyDataRsaId);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecGnuTLSKeyDataRsaId");
+ return(NULL);
+ }
+
+ err = gnutls_x509_crt_get_pk_rsa_raw(cert, &m, &e);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_get_pk_rsa_raw",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ return(NULL);
+ }
+
+ ret = xmlSecGnuTLSKeyDataRsaAdoptPublicKey(data, &m, &e);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSKeyDataRsaAdoptPublicKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gnutls_free(m.data);
+ gnutls_free(e.data);
+ return(NULL);
+ }
+ /* m and e are owned by data now */
+ }
+ break;
+#endif /* XMLSEC_NO_RSA */
+
+#ifndef XMLSEC_NO_DSA
+ case GNUTLS_PK_DSA:
+ {
+ gnutls_datum_t p, q, g, y;
+
+ data = xmlSecKeyDataCreate(xmlSecGnuTLSKeyDataDsaId);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecGnuTLSKeyDataDsaId");
+ return(NULL);
+ }
+
+ err = gnutls_x509_crt_get_pk_dsa_raw(cert, &p, &q, &g, &y);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_get_pk_dsa_raw",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ return(NULL);
+ }
+
+ ret = xmlSecGnuTLSKeyDataDsaAdoptPublicKey(data, &p, &q, &g, &y);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSKeyDataDsaAdoptPublicKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gnutls_free(p.data);
+ gnutls_free(q.data);
+ gnutls_free(g.data);
+ gnutls_free(y.data);
+ return(NULL);
+ }
+ /* p, q, g and y are owned by data now */
+ }
+ break;
+#endif /* XMLSEC_NO_DSA */
+
+ default:
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_get_pk_algorithm",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "Unsupported algorithm %d", (int)alg);
+ return(NULL);
+ }
+ }
+
+ /* data */
+ return(data);
+}
+
+
+/**************************************************************************
+ *
+ * Raw X509 Certificate processing
+ *
+ *
+ *************************************************************************/
+static int xmlSecGnuTLSKeyDataRawX509CertBinRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+
+static xmlSecKeyDataKlass xmlSecGnuTLSKeyDataRawX509CertKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ sizeof(xmlSecKeyData),
+
+ /* data */
+ xmlSecNameRawX509Cert,
+ xmlSecKeyDataUsageRetrievalMethodNodeBin,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefRawX509Cert, /* const xmlChar* href; */
+ NULL, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ NULL, /* xmlSecKeyDataInitializeMethod initialize; */
+ NULL, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ NULL, /* xmlSecKeyDataFinalizeMethod finalize; */
+ NULL, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ NULL, /* xmlSecKeyDataGetTypeMethod getType; */
+ NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecGnuTLSKeyDataRawX509CertBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ NULL, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ NULL, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSKeyDataRawX509CertGetKlass:
+ *
+ * The raw X509 certificates key data klass.
+ *
+ * Returns: raw X509 certificates key data klass.
+ */
+xmlSecKeyDataId
+xmlSecGnuTLSKeyDataRawX509CertGetKlass(void) {
+ return(&xmlSecGnuTLSKeyDataRawX509CertKlass);
+}
+
+static int
+xmlSecGnuTLSKeyDataRawX509CertBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ const xmlSecByte* buf, xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataPtr data;
+ gnutls_x509_crt_t cert;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecGnuTLSKeyDataRawX509CertId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(bufSize > 0, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ cert = xmlSecGnuTLSX509CertRead(buf, bufSize, xmlSecKeyDataFormatCertDer);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ data = xmlSecKeyEnsureData(key, xmlSecGnuTLSKeyDataX509Id);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyEnsureData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gnutls_x509_crt_deinit(cert);
+ return(-1);
+ }
+
+ ret = xmlSecGnuTLSKeyDataX509AdoptCert(data, cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ gnutls_x509_crt_deinit(cert);
+ return(-1);
+ }
+
+ ret = xmlSecGnuTLSKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecGnuTLSKeyDataX509VerifyAndExtractKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+#endif /* XMLSEC_NO_X509 */
diff --git a/src/gnutls/x509utils.c b/src/gnutls/x509utils.c
new file mode 100644
index 00000000..0dc70003
--- /dev/null
+++ b/src/gnutls/x509utils.c
@@ -0,0 +1,1687 @@
+/**
+ * XMLSec library
+ *
+ * X509 support
+ *
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#ifndef XMLSEC_NO_X509
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+#include <time.h>
+
+#include <libxml/tree.h>
+
+
+
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+#include <gnutls/pkcs12.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/x509.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/errors.h>
+#include <xmlsec/private.h>
+
+#include <xmlsec/gnutls/crypto.h>
+#include <xmlsec/gnutls/x509.h>
+
+#include "x509utils.h"
+
+
+/**************************************************************************
+ *
+ * X509 crt list
+ *
+ *****************************************************************************/
+static xmlSecPtr xmlSecGnuTLSX509CrtListDuplicateItem (xmlSecPtr ptr);
+static void xmlSecGnuTLSX509CrtListDestroyItem (xmlSecPtr ptr);
+static void xmlSecGnuTLSX509CrtListDebugDumpItem (xmlSecPtr ptr,
+ FILE* output);
+static void xmlSecGnuTLSX509CrtListDebugXmlDumpItem (xmlSecPtr ptr,
+ FILE* output);
+
+static xmlSecPtrListKlass xmlSecGnuTLSX509CrtListKlass = {
+ BAD_CAST "gnutls-x509-crt-list",
+ xmlSecGnuTLSX509CrtListDuplicateItem, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
+ xmlSecGnuTLSX509CrtListDestroyItem, /* xmlSecPtrDestroyItemMethod destroyItem; */
+ xmlSecGnuTLSX509CrtListDebugDumpItem, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
+ xmlSecGnuTLSX509CrtListDebugXmlDumpItem, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
+};
+
+xmlSecPtrListId
+xmlSecGnuTLSX509CrtListGetKlass(void) {
+ return(&xmlSecGnuTLSX509CrtListKlass);
+}
+
+static xmlSecPtr
+xmlSecGnuTLSX509CrtListDuplicateItem(xmlSecPtr ptr) {
+ xmlSecAssert2(ptr != NULL, NULL);
+
+ return xmlSecGnuTLSX509CertDup((gnutls_x509_crt_t)ptr);
+}
+
+static void
+xmlSecGnuTLSX509CrtListDestroyItem(xmlSecPtr ptr) {
+ xmlSecAssert(ptr != NULL);
+
+ gnutls_x509_crt_deinit((gnutls_x509_crt_t)ptr);
+}
+
+static void
+xmlSecGnuTLSX509CrtListDebugDumpItem(xmlSecPtr ptr, FILE* output) {
+ xmlSecAssert(ptr != NULL);
+ xmlSecAssert(output != NULL);
+
+ xmlSecGnuTLSX509CertDebugDump((gnutls_x509_crt_t)ptr, output);
+}
+
+
+static void
+xmlSecGnuTLSX509CrtListDebugXmlDumpItem(xmlSecPtr ptr, FILE* output) {
+ xmlSecAssert(ptr != NULL);
+ xmlSecAssert(output != NULL);
+
+ xmlSecGnuTLSX509CertDebugXmlDump((gnutls_x509_crt_t)ptr, output);
+}
+
+/**************************************************************************
+ *
+ * X509 crl list
+ *
+ *****************************************************************************/
+static xmlSecPtr xmlSecGnuTLSX509CrlListDuplicateItem (xmlSecPtr ptr);
+static void xmlSecGnuTLSX509CrlListDestroyItem (xmlSecPtr ptr);
+static void xmlSecGnuTLSX509CrlListDebugDumpItem (xmlSecPtr ptr,
+ FILE* output);
+static void xmlSecGnuTLSX509CrlListDebugXmlDumpItem (xmlSecPtr ptr,
+ FILE* output);
+
+static xmlSecPtrListKlass xmlSecGnuTLSX509CrlListKlass = {
+ BAD_CAST "gnutls-x509-crl-list",
+ xmlSecGnuTLSX509CrlListDuplicateItem, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
+ xmlSecGnuTLSX509CrlListDestroyItem, /* xmlSecPtrDestroyItemMethod destroyItem; */
+ xmlSecGnuTLSX509CrlListDebugDumpItem, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
+ xmlSecGnuTLSX509CrlListDebugXmlDumpItem, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
+};
+
+xmlSecPtrListId
+xmlSecGnuTLSX509CrlListGetKlass(void) {
+ return(&xmlSecGnuTLSX509CrlListKlass);
+}
+
+static xmlSecPtr
+xmlSecGnuTLSX509CrlListDuplicateItem(xmlSecPtr ptr) {
+ xmlSecAssert2(ptr != NULL, NULL);
+
+ return xmlSecGnuTLSX509CrlDup((gnutls_x509_crl_t)ptr);
+}
+
+static void
+xmlSecGnuTLSX509CrlListDestroyItem(xmlSecPtr ptr) {
+ xmlSecAssert(ptr != NULL);
+
+ gnutls_x509_crl_deinit((gnutls_x509_crl_t)ptr);
+}
+
+static void
+xmlSecGnuTLSX509CrlListDebugDumpItem(xmlSecPtr ptr, FILE* output) {
+ xmlSecAssert(ptr != NULL);
+ xmlSecAssert(output != NULL);
+
+ xmlSecGnuTLSX509CrlDebugDump((gnutls_x509_crl_t)ptr, output);
+}
+
+
+static void
+xmlSecGnuTLSX509CrlListDebugXmlDumpItem(xmlSecPtr ptr, FILE* output) {
+ xmlSecAssert(ptr != NULL);
+ xmlSecAssert(output != NULL);
+
+ xmlSecGnuTLSX509CrlDebugXmlDump((gnutls_x509_crl_t)ptr, output);
+}
+
+/*************************************************************************
+ *
+ * x509 certs utils/helpers
+ *
+ ************************************************************************/
+
+/* HACK: gnutls doesn't have cert duplicate function, so we simply
+ write cert out and then read it back */
+gnutls_x509_crt_t
+xmlSecGnuTLSX509CertDup(gnutls_x509_crt_t src) {
+ xmlChar * buf = NULL;
+ gnutls_x509_crt_t res = NULL;
+
+ xmlSecAssert2(src != NULL, NULL);
+
+ buf = xmlSecGnuTLSX509CertBase64DerWrite(src, 0);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertBase64DerWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (NULL);
+ }
+
+ res = xmlSecGnuTLSX509CertBase64DerRead(buf);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertBase64DerRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(buf);
+ return (NULL);
+ }
+
+ /* done */
+ xmlFree(buf);
+ return (res);
+}
+
+xmlChar *
+xmlSecGnuTLSX509CertGetSubjectDN(gnutls_x509_crt_t cert) {
+ char* buf = NULL;
+ size_t bufSize = 0;
+ int err;
+
+ xmlSecAssert2(cert != NULL, NULL);
+
+ /* get subject size */
+ err = gnutls_x509_crt_get_dn(cert, NULL, &bufSize);
+ if((err != GNUTLS_E_SHORT_MEMORY_BUFFER) || (bufSize <= 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_get_dn",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ return(NULL);
+ }
+
+ /* allocate buffer */
+ buf = (char *)xmlMalloc(bufSize + 1);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)bufSize);
+ return(NULL);
+ }
+
+ /* finally write it out */
+ err = gnutls_x509_crt_get_dn(cert, buf, &bufSize);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_get_dn",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ xmlFree(buf);
+ return(NULL);
+ }
+
+ /* done */
+ return(BAD_CAST buf);
+}
+
+xmlChar *
+xmlSecGnuTLSX509CertGetIssuerDN(gnutls_x509_crt_t cert) {
+ char* buf = NULL;
+ size_t bufSize = 0;
+ int err;
+
+ xmlSecAssert2(cert != NULL, NULL);
+
+ /* get issuer size */
+ err = gnutls_x509_crt_get_issuer_dn(cert, NULL, &bufSize);
+ if((err != GNUTLS_E_SHORT_MEMORY_BUFFER) || (bufSize <= 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_get_issuer_dn",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ return(NULL);
+ }
+
+ /* allocate buffer */
+ buf = (char *)xmlMalloc(bufSize + 1);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)bufSize);
+ return(NULL);
+ }
+
+ /* finally write it out */
+ err = gnutls_x509_crt_get_issuer_dn(cert, buf, &bufSize);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_get_issuer_dn",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ xmlFree(buf);
+ return(NULL);
+ }
+
+ /* done */
+ return(BAD_CAST buf);
+}
+
+xmlChar *
+xmlSecGnuTLSX509CertGetIssuerSerial(gnutls_x509_crt_t cert) {
+ xmlChar * res = NULL;
+ unsigned char* buf = NULL;
+ size_t bufSize = 0;
+ int err;
+
+ xmlSecAssert2(cert != NULL, NULL);
+
+ /* get issuer serial size */
+ err = gnutls_x509_crt_get_serial(cert, NULL, &bufSize);
+ if((err != GNUTLS_E_SHORT_MEMORY_BUFFER) || (bufSize <= 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_get_serial",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ return(NULL);
+ }
+
+ /* allocate buffer */
+ buf = (unsigned char *)xmlMalloc(bufSize + 1);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)bufSize);
+ return(NULL);
+ }
+
+ /* write it out */
+ err = gnutls_x509_crt_get_serial(cert, buf, &bufSize);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_get_serial",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ xmlFree(buf);
+ return(NULL);
+ }
+
+ /* convert to string */
+ res = xmlSecGnuTLSASN1IntegerWrite(buf, bufSize);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSASN1IntegerWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(buf);
+ return(NULL);
+ }
+
+ /* done */
+ xmlFree(buf);
+ return(res);
+}
+
+xmlChar *
+xmlSecGnuTLSX509CertGetSKI(gnutls_x509_crt_t cert) {
+ xmlChar * res = NULL;
+ xmlSecByte* buf = NULL;
+ size_t bufSize = 0;
+ unsigned int critical = 0;
+ int err;
+
+ xmlSecAssert2(cert != NULL, NULL);
+
+ /* get ski size */
+ err = gnutls_x509_crt_get_subject_key_id(cert, NULL, &bufSize, &critical);
+ if((err != GNUTLS_E_SHORT_MEMORY_BUFFER) || (bufSize <= 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_get_subject_key_id",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ return(NULL);
+ }
+
+ /* allocate buffer */
+ buf = (xmlSecByte *)xmlMalloc(bufSize + 1);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)bufSize);
+ return(NULL);
+ }
+
+ /* write it out */
+ err = gnutls_x509_crt_get_subject_key_id(cert, buf, &bufSize, &critical);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_get_subject_key_id",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ xmlFree(buf);
+ return(NULL);
+ }
+
+ /* convert to string */
+ res = xmlSecBase64Encode(buf, bufSize, 0);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(buf);
+ return(NULL);
+ }
+
+ /* done */
+ xmlFree(buf);
+ return(res);
+}
+
+
+gnutls_x509_crt_t
+xmlSecGnuTLSX509CertBase64DerRead(xmlChar* buf) {
+ int ret;
+
+ xmlSecAssert2(buf != NULL, NULL);
+
+ /* usual trick with base64 decoding "in-place" */
+ ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Decode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ return(xmlSecGnuTLSX509CertRead((const xmlSecByte*)buf, ret, xmlSecKeyDataFormatCertDer));
+}
+
+gnutls_x509_crt_t
+xmlSecGnuTLSX509CertRead(const xmlSecByte* buf, xmlSecSize size, xmlSecKeyDataFormat format) {
+ gnutls_x509_crt_t cert = NULL;
+ gnutls_x509_crt_fmt_t fmt;
+ gnutls_datum_t data;
+ int err;
+
+ xmlSecAssert2(buf != NULL, NULL);
+ xmlSecAssert2(size > 0, NULL);
+
+ /* figure out format */
+ switch(format) {
+ case xmlSecKeyDataFormatPem:
+ case xmlSecKeyDataFormatCertPem:
+ fmt = GNUTLS_X509_FMT_PEM;
+ break;
+ case xmlSecKeyDataFormatDer:
+ case xmlSecKeyDataFormatCertDer:
+ fmt = GNUTLS_X509_FMT_DER;
+ break;
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_FORMAT,
+ "format=%d", format);
+ return(NULL);
+ }
+
+ /* read cert */
+ err = gnutls_x509_crt_init(&cert);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_init",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ return(NULL);
+ }
+
+ data.data = (unsigned char*)buf;
+ data.size = size;
+ err = gnutls_x509_crt_import(cert, &data, fmt);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_import",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ gnutls_x509_crt_deinit(cert);
+ return(NULL);
+ }
+
+ return(cert);
+}
+
+xmlChar*
+xmlSecGnuTLSX509CertBase64DerWrite(gnutls_x509_crt_t cert, int base64LineWrap) {
+ xmlChar * res = NULL;
+ xmlSecByte* buf = NULL;
+ size_t bufSize = 0;
+ int err;
+
+ xmlSecAssert2(cert != NULL, NULL);
+
+ /* get size */
+ err = gnutls_x509_crt_export(cert, GNUTLS_X509_FMT_DER, NULL, &bufSize);
+ if((err != GNUTLS_E_SHORT_MEMORY_BUFFER) || (bufSize <= 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_export(GNUTLS_X509_FMT_DER)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ return(NULL);
+ }
+
+ /* allocate buffer */
+ buf = (xmlSecByte *)xmlMalloc(bufSize + 1);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)bufSize);
+ return(NULL);
+ }
+
+ /* write it out */
+ err = gnutls_x509_crt_export(cert, GNUTLS_X509_FMT_DER, buf, &bufSize);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_export(GNUTLS_X509_FMT_DER)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ xmlFree(buf);
+ return(NULL);
+ }
+
+ /* convert to string */
+ res = xmlSecBase64Encode(buf, bufSize, base64LineWrap);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(buf);
+ return(NULL);
+ }
+
+ /* done */
+ xmlFree(buf);
+ return(res);
+}
+
+void
+xmlSecGnuTLSX509CertDebugDump(gnutls_x509_crt_t cert, FILE* output) {
+ xmlChar * buf;
+
+ xmlSecAssert(cert != NULL);
+ xmlSecAssert(output != NULL);
+
+ buf = xmlSecGnuTLSX509CertGetSubjectDN(cert);
+ if(buf != NULL) {
+ fprintf(output, "==== Subject Name: %s\n", buf);
+ xmlFree(buf);
+ } else {
+ fprintf(output, "==== Subject Name: unknown\n");
+ }
+
+ buf = xmlSecGnuTLSX509CertGetIssuerDN(cert);
+ if(buf != NULL) {
+ fprintf(output, "==== Issuer Name: %s\n", buf);
+ xmlFree(buf);
+ } else {
+ fprintf(output, "==== Issuer Name: unknown\n");
+ }
+
+ buf = xmlSecGnuTLSX509CertGetIssuerSerial(cert);
+ if(buf != NULL) {
+ fprintf(output, "==== Issuer Serial: %s\n", buf);
+ xmlFree(buf);
+ } else {
+ fprintf(output, "==== Issuer Serial: unknown\n");
+ }
+}
+
+void
+xmlSecGnuTLSX509CertDebugXmlDump(gnutls_x509_crt_t cert, FILE* output) {
+ xmlChar * buf;
+
+ xmlSecAssert(cert != NULL);
+ xmlSecAssert(output != NULL);
+
+ buf = xmlSecGnuTLSX509CertGetSubjectDN(cert);
+ if(buf != NULL) {
+ fprintf(output, "<SubjectName>%s</SubjectName>\n", buf);
+ xmlFree(buf);
+ } else {
+ fprintf(output, "<SubjectName>unknown</SubjectName>\n");
+ }
+
+ buf = xmlSecGnuTLSX509CertGetIssuerDN(cert);
+ if(buf != NULL) {
+ fprintf(output, "<IssuerName>%s</IssuerName>\n", buf);
+ xmlFree(buf);
+ } else {
+ fprintf(output, "<IssuerName>unknown</IssuerName>\n");
+ }
+
+ buf = xmlSecGnuTLSX509CertGetIssuerSerial(cert);
+ if(buf != NULL) {
+ fprintf(output, "<SerialNumber>%s</SerialNumber>\n", buf);
+ xmlFree(buf);
+ } else {
+ fprintf(output, "<SerialNumber>unknown</SerialNumber>\n");
+ }
+}
+
+/*************************************************************************
+ *
+ * x509 crls utils/helpers
+ *
+ ************************************************************************/
+
+/* HACK: gnutls doesn't have crl duplicate function, so we simply
+ write crl out and then read it back */
+gnutls_x509_crl_t
+xmlSecGnuTLSX509CrlDup(gnutls_x509_crl_t src) {
+ xmlChar * buf = NULL;
+ gnutls_x509_crl_t res = NULL;
+
+ xmlSecAssert2(src != NULL, NULL);
+
+ buf = xmlSecGnuTLSX509CrlBase64DerWrite(src, 0);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CrlBase64DerWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (NULL);
+ }
+
+ res = xmlSecGnuTLSX509CrlBase64DerRead(buf);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CrlBase64DerRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(buf);
+ return (NULL);
+ }
+
+ /* done */
+ xmlFree(buf);
+ return (res);
+}
+
+xmlChar *
+xmlSecGnuTLSX509CrlGetIssuerDN(gnutls_x509_crl_t crl) {
+ char* buf = NULL;
+ size_t bufSize = 0;
+ int err;
+
+ xmlSecAssert2(crl != NULL, NULL);
+
+ /* get issuer size */
+ err = gnutls_x509_crl_get_issuer_dn(crl, NULL, &bufSize);
+ if((err != GNUTLS_E_SHORT_MEMORY_BUFFER) || (bufSize <= 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crl_get_issuer_dn",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ return(NULL);
+ }
+
+ /* allocate buffer */
+ buf = (char *)xmlMalloc(bufSize + 1);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)bufSize);
+ return(NULL);
+ }
+
+ /* finally write it out */
+ err = gnutls_x509_crl_get_issuer_dn(crl, buf, &bufSize);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crl_get_issuer_dn",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ xmlFree(buf);
+ return(NULL);
+ }
+
+ /* done */
+ return(BAD_CAST buf);
+}
+
+gnutls_x509_crl_t
+xmlSecGnuTLSX509CrlBase64DerRead(xmlChar* buf) {
+ int ret;
+
+ xmlSecAssert2(buf != NULL, NULL);
+
+ /* usual trick with base64 decoding "in-place" */
+ ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Decode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ return(xmlSecGnuTLSX509CrlRead((const xmlSecByte*)buf, ret, xmlSecKeyDataFormatCertDer));
+}
+
+gnutls_x509_crl_t
+xmlSecGnuTLSX509CrlRead(const xmlSecByte* buf, xmlSecSize size, xmlSecKeyDataFormat format) {
+ gnutls_x509_crl_t crl = NULL;
+ gnutls_x509_crt_fmt_t fmt;
+ gnutls_datum_t data;
+ int err;
+
+ xmlSecAssert2(buf != NULL, NULL);
+ xmlSecAssert2(size > 0, NULL);
+
+ /* figure out format */
+ switch(format) {
+ case xmlSecKeyDataFormatPem:
+ case xmlSecKeyDataFormatCertPem:
+ fmt = GNUTLS_X509_FMT_PEM;
+ break;
+ case xmlSecKeyDataFormatDer:
+ case xmlSecKeyDataFormatCertDer:
+ fmt = GNUTLS_X509_FMT_DER;
+ break;
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_FORMAT,
+ "format=%d", format);
+ return(NULL);
+ }
+
+ /* read crl */
+ err = gnutls_x509_crl_init(&crl);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crl_init",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ return(NULL);
+ }
+
+ data.data = (unsigned char*)buf;
+ data.size = size;
+ err = gnutls_x509_crl_import(crl, &data, fmt);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crl_import",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ gnutls_x509_crl_deinit(crl);
+ return(NULL);
+ }
+
+ return(crl);
+}
+
+xmlChar*
+xmlSecGnuTLSX509CrlBase64DerWrite(gnutls_x509_crl_t crl, int base64LineWrap) {
+ xmlChar * res = NULL;
+ xmlSecByte* buf = NULL;
+ size_t bufSize = 0;
+ int err;
+
+ xmlSecAssert2(crl != NULL, NULL);
+
+ /* get size */
+ err = gnutls_x509_crl_export(crl, GNUTLS_X509_FMT_DER, NULL, &bufSize);
+ if((err != GNUTLS_E_SHORT_MEMORY_BUFFER) || (bufSize <= 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crl_export(GNUTLS_X509_FMT_DER)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ return(NULL);
+ }
+
+ /* allocate buffer */
+ buf = (xmlSecByte *)xmlMalloc(bufSize + 1);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)bufSize);
+ return(NULL);
+ }
+
+ /* write it out */
+ err = gnutls_x509_crl_export(crl, GNUTLS_X509_FMT_DER, buf, &bufSize);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crl_export(GNUTLS_X509_FMT_DER)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ xmlFree(buf);
+ return(NULL);
+ }
+
+ /* convert to string */
+ res = xmlSecBase64Encode(buf, bufSize, base64LineWrap);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(buf);
+ return(NULL);
+ }
+
+ /* done */
+ xmlFree(buf);
+ return(res);
+}
+
+void
+xmlSecGnuTLSX509CrlDebugDump(gnutls_x509_crl_t crl, FILE* output) {
+ xmlChar * buf;
+
+ xmlSecAssert(crl != NULL);
+ xmlSecAssert(output != NULL);
+
+ buf = xmlSecGnuTLSX509CrlGetIssuerDN(crl);
+ if(buf != NULL) {
+ fprintf(output, "==== Issuer Name: %s\n", buf);
+ xmlFree(buf);
+ } else {
+ fprintf(output, "==== Issuer Name: unknown\n");
+ }
+}
+
+void
+xmlSecGnuTLSX509CrlDebugXmlDump(gnutls_x509_crl_t crl, FILE* output) {
+ xmlChar * buf;
+
+ xmlSecAssert(crl != NULL);
+ xmlSecAssert(output != NULL);
+
+ buf = xmlSecGnuTLSX509CrlGetIssuerDN(crl);
+ if(buf != NULL) {
+ fprintf(output, "<IssuerName>%s</IssuerName>\n", buf);
+ xmlFree(buf);
+ } else {
+ fprintf(output, "<IssuerName>unknown</IssuerName>\n");
+ }
+}
+
+/*************************************************************************
+ *
+ * Misc. utils/helpers
+ *
+ ************************************************************************/
+xmlChar*
+xmlSecGnuTLSASN1IntegerWrite(const unsigned char * data, size_t len) {
+ xmlChar *res = NULL;
+ int resLen = 64; /* not more than 64 chars */
+ unsigned long long int val = 0;
+ size_t ii = 0;
+ int shift = 0;
+
+ xmlSecAssert2(data != NULL, NULL);
+ xmlSecAssert2(len <= 9, NULL);
+
+ /* HACK : to be fixed after GnuTLS provides a way to read opaque ASN1 integer */
+ for(ii = len; ii > 0; --ii, shift += 8) {
+ val |= ((unsigned long long)data[ii - 1]) << shift;
+ }
+
+ res = (xmlChar*)xmlMalloc(resLen + 1);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)resLen);
+ return (NULL);
+ }
+
+ xmlSecStrPrintf(res, resLen, BAD_CAST "%llu", val);
+ return(res);
+}
+
+/*************************************************************************
+ *
+ * pkcs12 utils/helpers
+ *
+ ************************************************************************/
+int
+xmlSecGnuTLSPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize,
+ const char *pwd,
+ gnutls_x509_privkey_t * priv_key,
+ gnutls_x509_crt_t * key_cert,
+ xmlSecPtrListPtr certsList)
+{
+ gnutls_pkcs12_t pkcs12 = NULL;
+ gnutls_pkcs12_bag_t bag = NULL;
+ gnutls_x509_crt_t cert = NULL;
+ gnutls_datum_t datum;
+ xmlSecSize certsSize;
+ int res = -1;
+ int idx;
+ int err;
+ int ret;
+
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(dataSize > 0, -1);
+ xmlSecAssert2(priv_key != NULL, -1);
+ xmlSecAssert2((*priv_key) == NULL, -1);
+ xmlSecAssert2(key_cert!= NULL, -1);
+ xmlSecAssert2((*key_cert) == NULL, -1);
+ xmlSecAssert2(certsList != NULL, -1);
+
+ /* read pkcs12 in internal structure */
+ err = gnutls_pkcs12_init(&pkcs12);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_pkcs12_init",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ goto done;
+ }
+
+ datum.data = (unsigned char *)data;
+ datum.size = dataSize;
+ err = gnutls_pkcs12_import(pkcs12, &datum, GNUTLS_X509_FMT_DER, 0);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_pkcs12_import",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* verify */
+ err = gnutls_pkcs12_verify_mac(pkcs12, pwd);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_pkcs12_verify_mac",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* scan the pkcs structure and find the first private key */
+ for(idx = 0; ; ++idx) {
+ int bag_type;
+ int elements_in_bag;
+ int ii;
+
+ err = gnutls_pkcs12_bag_init(&bag);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_pkcs12_bag_init",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ goto done;
+ }
+
+ err = gnutls_pkcs12_get_bag(pkcs12, idx, bag);
+ if(err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
+ /* scanned the whole pkcs12, stop */
+ break;
+ } else if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_pkcs12_get_bag",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* check if we need to decrypt the bag */
+ bag_type = gnutls_pkcs12_bag_get_type(bag, 0);
+ if(bag_type < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_pkcs12_bag_get_type",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(bag_type));
+ goto done;
+ }
+ if(bag_type == GNUTLS_BAG_ENCRYPTED) {
+ err = gnutls_pkcs12_bag_decrypt(bag, pwd);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_pkcs12_bag_decrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ goto done;
+ }
+ }
+
+ /* scan elements in bag */
+ elements_in_bag = gnutls_pkcs12_bag_get_count(bag);
+ if(elements_in_bag < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_pkcs12_bag_get_count",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(bag_type));
+ goto done;
+ }
+ for(ii = 0; ii < elements_in_bag; ++ii) {
+ bag_type = gnutls_pkcs12_bag_get_type(bag, ii);
+ if(bag_type < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_pkcs12_bag_get_type",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(bag_type));
+ goto done;
+ }
+
+ err = gnutls_pkcs12_bag_get_data(bag, ii, &datum);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_pkcs12_bag_get_data",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ goto done;
+ }
+
+ switch(bag_type) {
+ case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY:
+ case GNUTLS_BAG_PKCS8_KEY:
+ /* we want only the first private key */
+ if((*priv_key) == NULL) {
+ err = gnutls_x509_privkey_init(priv_key);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_privkey_init",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ goto done;
+ }
+
+ err = gnutls_x509_privkey_import_pkcs8((*priv_key),
+ &datum, GNUTLS_X509_FMT_DER,
+ pwd,
+ (bag_type == GNUTLS_BAG_PKCS8_KEY) ? GNUTLS_PKCS_PLAIN : 0);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_privkey_import_pkcs8",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ goto done;
+ }
+ }
+ break;
+ case GNUTLS_BAG_CERTIFICATE:
+ err = gnutls_x509_crt_init(&cert);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_init",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ goto done;
+ }
+
+ err = gnutls_x509_crt_import(cert, &datum, GNUTLS_X509_FMT_DER);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_import",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ goto done;
+ }
+
+ ret = xmlSecPtrListAdd(certsList, cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListAdd(certsList)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ cert = NULL; /* owned by certsList now */
+ break;
+ default:
+ /* ignore unknown bag element */
+ break;
+ }
+ }
+
+ /* done with bag */
+ gnutls_pkcs12_bag_deinit(bag);
+ bag = NULL;
+ }
+
+ /* check we have private key */
+ if((*priv_key) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "Private key was not found in pkcs12 object");
+ goto done;
+ }
+
+ /* we will search for key cert using the key id */
+ certsSize = xmlSecPtrListGetSize(certsList);
+ if(certsSize > 0) {
+ size_t cert_id_size = 0;
+ size_t key_id_size = 0;
+ xmlSecByte cert_id[100];
+ xmlSecByte key_id[100];
+ xmlSecSize ii;
+
+ key_id_size = sizeof(key_id);
+ err = gnutls_x509_privkey_get_key_id((*priv_key), 0, key_id, &key_id_size);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_privkey_get_key_id",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ goto done;
+ }
+ for(ii = 0; ii < certsSize; ++ii) {
+ gnutls_x509_crt_t tmp;
+
+ tmp = xmlSecPtrListGetItem(certsList, ii);
+ if(tmp == NULL) {
+ continue;
+ }
+
+ cert_id_size = sizeof(cert_id);
+ err = gnutls_x509_crt_get_key_id(tmp, 0, cert_id, &cert_id_size);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_get_key_id",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ goto done;
+ }
+
+ /* if key ids match, then this is THE key cert!!! */
+ if((key_id_size == cert_id_size) && (memcmp(key_id, cert_id, key_id_size) == 0)) {
+ (*key_cert) = xmlSecGnuTLSX509CertDup(tmp);
+ if((*key_cert) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertDup",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ break;
+ }
+ }
+
+ /* check we have key cert */
+ if((*key_cert) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "Certificate for the private key was not found in pkcs12 object");
+ goto done;
+ }
+ }
+
+
+ /* success!!! */
+ res = 0;
+
+done:
+ if(cert != NULL) {
+ gnutls_x509_crt_deinit(cert);
+ }
+ if(bag != NULL) {
+ gnutls_pkcs12_bag_deinit(bag);
+ }
+ if(pkcs12 != NULL) {
+ gnutls_pkcs12_deinit(pkcs12);
+ }
+ return(res);
+}
+
+xmlSecKeyDataPtr
+xmlSecGnuTLSCreateKeyDataAndAdoptPrivKey(gnutls_x509_privkey_t priv_key) {
+ xmlSecKeyDataPtr res = NULL;
+ int key_alg;
+ int ret;
+
+ xmlSecAssert2(priv_key != NULL, NULL);
+
+ /* create key value data */
+ key_alg = gnutls_x509_privkey_get_pk_algorithm(priv_key);
+ if(key_alg < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_privkey_get_pk_algorithm",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(key_alg));
+ return (NULL);
+ }
+ switch(key_alg) {
+#ifndef XMLSEC_NO_RSA
+ case GNUTLS_PK_RSA:
+ res = xmlSecKeyDataCreate(xmlSecGnuTLSKeyDataRsaId);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecGnuTLSKeyDataRsaId");
+ return(NULL);
+ }
+
+ ret = xmlSecGnuTLSKeyDataRsaAdoptPrivateKey(res, priv_key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSKeyDataRsaAdoptPrivateKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecGnuTLSKeyDataRsaId");
+ xmlSecKeyDataDestroy(res);
+ return(NULL);
+ }
+ break;
+#endif /* XMLSEC_NO_RSA */
+
+#ifndef XMLSEC_NO_DSA
+ case GNUTLS_PK_DSA:
+ res = xmlSecKeyDataCreate(xmlSecGnuTLSKeyDataDsaId);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecGnuTLSKeyDataDsaId");
+ return(NULL);
+ }
+
+ ret = xmlSecGnuTLSKeyDataDsaAdoptPrivateKey(res, priv_key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSKeyDataDsaAdoptPrivateKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecGnuTLSKeyDataDsaId");
+ xmlSecKeyDataDestroy(res);
+ return(NULL);
+ }
+ break;
+#endif /* XMLSEC_NO_DSA */
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_privkey_get_pk_algorithm",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "Unsupported algorithm %d", (int)key_alg);
+ return(NULL);
+ }
+
+ /* done */
+ return(res);
+}
+
+/*************************************************************************
+ *
+ * LDAP DN parser
+ *
+ ************************************************************************/
+void
+xmlSecGnuTLSDnAttrsInitialize(xmlSecGnuTLSDnAttr * attrs, xmlSecSize attrsSize) {
+ xmlSecAssert(attrs != NULL);
+ xmlSecAssert(attrsSize > 0);
+
+ memset(attrs, 0, attrsSize * sizeof(xmlSecGnuTLSDnAttr));
+}
+
+void
+xmlSecGnuTLSDnAttrsDeinitialize(xmlSecGnuTLSDnAttr * attrs, xmlSecSize attrsSize) {
+ xmlSecSize ii;
+
+ xmlSecAssert(attrs != NULL);
+ xmlSecAssert(attrsSize > 0);
+
+ for(ii = 0; ii < attrsSize; ++ii) {
+ if(attrs[ii].key != NULL) {
+ xmlFree(attrs[ii].key);
+ }
+ if(attrs[ii].value != NULL) {
+ xmlFree(attrs[ii].value);
+ }
+ }
+ memset(attrs, 0, attrsSize * sizeof(xmlSecGnuTLSDnAttr));
+}
+
+const xmlSecGnuTLSDnAttr *
+xmlSecGnuTLSDnAttrrsFind(const xmlSecGnuTLSDnAttr * attrs,
+ xmlSecSize attrsSize,
+ const xmlChar * key)
+{
+ xmlSecSize ii;
+
+ xmlSecAssert2(attrs != NULL, NULL);
+ xmlSecAssert2(attrsSize > 0, NULL);
+ xmlSecAssert2(key != NULL, NULL);
+
+ for(ii = 0; ii < attrsSize; ++ii) {
+ /* simple case */
+ if(xmlStrcasecmp(key, attrs[ii].key) == 0) {
+ return(&(attrs[ii]));
+ }
+
+ /* special case for emailAddress (as usual) */
+ if((xmlStrcasecmp(key, BAD_CAST "emailAddress") == 0) &&
+ (xmlStrcasecmp(attrs[ii].key, BAD_CAST "email") == 0))
+ {
+ return(&(attrs[ii]));
+ }
+ if((xmlStrcasecmp(key, BAD_CAST "email") == 0) &&
+ (xmlStrcasecmp(attrs[ii].key, BAD_CAST "emailAddress") == 0))
+ {
+ return(&(attrs[ii]));
+ }
+ }
+
+ /* not found :( */
+ return(NULL);
+}
+
+int
+xmlSecGnuTLSDnAttrsEqual(const xmlSecGnuTLSDnAttr * ll, xmlSecSize llSize,
+ const xmlSecGnuTLSDnAttr * rr, xmlSecSize rrSize)
+{
+ xmlSecSize llNum = 0;
+ xmlSecSize rrNum = 0;
+ const xmlSecGnuTLSDnAttr * tmp;
+ xmlSecSize ii;
+
+ xmlSecAssert2(ll != NULL, -1);
+ xmlSecAssert2(llSize > 0, -1);
+ xmlSecAssert2(rr != NULL, -1);
+ xmlSecAssert2(rrSize > 0, -1);
+
+ /* compare number of non-nullattributes */
+ for(ii = 0; ii < llSize; ++ii) {
+ if(ll[ii].key != NULL) {
+ ++llNum;
+ }
+ }
+ for(ii = 0; ii < rrSize; ++ii) {
+ if(rr[ii].key != NULL) {
+ ++rrNum;
+ }
+ }
+ if(llNum != rrNum) {
+ return(0);
+ }
+
+ /* make sure that all ll attrs are equal to rr attrs */
+ for(ii = 0; ii < llSize; ++ii) {
+ if(ll[ii].key == NULL) {
+ continue;
+ }
+
+ tmp = xmlSecGnuTLSDnAttrrsFind(rr, rrSize, ll[ii].key);
+ if(tmp == NULL) {
+ return(0); /* attribute was not found */
+ }
+
+ if(!xmlStrEqual(ll[ii].value, tmp->value)) {
+ return(0); /* different values */
+ }
+ }
+
+ /* good!!! */
+ return(1);
+}
+
+/*
+Distinguished name syntax
+
+The formal syntax for a Distinguished Name (DN) is based on RFC 2253.
+The Backus Naur Form (BNF) syntax is defined as follows:
+
+ <name> ::= <name-component> ( <spaced-separator> )
+ | <name-component> <spaced-separator> <name>
+
+ <spaced-separator> ::= <optional-space>
+ <separator>
+ <optional-space>
+
+ <separator> ::= "," | ";"
+
+ <optional-space> ::= ( <CR> ) *( " " )
+
+ <name-component> ::= <attribute>
+ | <attribute> <optional-space> "+"
+ <optional-space> <name-component>
+
+ <attribute> ::= <string>
+ | <key> <optional-space> "=" <optional-space> <string>
+
+ <key> ::= 1*( <keychar> ) | "OID." <oid> | "oid." <oid>
+ <keychar> ::= letters, numbers, and space
+
+ <oid> ::= <digitstring> | <digitstring> "." <oid>
+ <digitstring> ::= 1*<digit>
+ <digit> ::= digits 0-9
+
+ <string> ::= *( <stringchar> | <pair> )
+ | '"' *( <stringchar> | <special> | <pair> ) '"'
+ | "#" <hex>
+
+
+ <special> ::= "," | "=" | <CR> | "+" | "<" | ">"
+ | "#" | ";"
+
+ <pair> ::= "\" ( <special> | "\" | '"')
+ <stringchar> ::= any character except <special> or "\" or '"'
+
+
+ <hex> ::= 2*<hexchar>
+ <hexchar> ::= 0-9, a-f, A-F
+
+A semicolon (;) character can be used to separate RDNs in a distinguished name,
+although the comma (,) character is the typical notation.
+
+White-space characters (spaces) might be present on either side of the comma or
+semicolon. The white-space characters are ignored, and the semicolon is replaced
+with a comma.
+
+In addition, space (' ' ASCII 32) characters may be present either before or
+after a '+' or '='. These space characters are ignored when parsing.
+*/
+enum xmlSecGnuTLSDnParseState {
+ xmlSecGnuTLSDnParseState_BeforeNameComponent = 0,
+ xmlSecGnuTLSDnParseState_Key,
+ xmlSecGnuTLSDnParseState_BeforeString,
+ xmlSecGnuTLSDnParseState_String,
+ xmlSecGnuTLSDnParseState_QuotedString,
+ xmlSecGnuTLSDnParseState_AfterQuotedString
+};
+
+#define XMLSEC_GNUTLS_IS_SPACE(ch) \
+ (((ch) == ' ') || ((ch) == '\n') || ((ch) == '\r'))
+
+int
+xmlSecGnuTLSDnAttrsParse(const xmlChar * dn,
+ xmlSecGnuTLSDnAttr * attrs, xmlSecSize attrsSize)
+{
+ xmlChar * tmp = NULL;
+ xmlChar * p;
+ xmlChar ch;
+ enum xmlSecGnuTLSDnParseState state;
+ int slash;
+ xmlSecSize pos;
+ int res = -1;
+
+ xmlSecAssert2(dn != NULL, -1);
+ xmlSecAssert2(attrs != NULL, -1);
+ xmlSecAssert2(attrsSize > 0, -1);
+
+ /* allocate buffer, we don't need more than string */
+ tmp = (xmlChar *)xmlMalloc(xmlStrlen(dn) + 1);
+ if(tmp == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)(xmlStrlen(dn) + 1));
+ goto done;
+ }
+
+ /* state machine */
+ state = xmlSecGnuTLSDnParseState_BeforeNameComponent;
+ slash = 0;
+ pos = 0;
+ p = tmp;
+ for(ch = (*dn); ; ch = *(++dn)) {
+ switch(state) {
+ case xmlSecGnuTLSDnParseState_BeforeNameComponent:
+ if(!XMLSEC_GNUTLS_IS_SPACE(ch)) {
+ *(p++) = ch; /* we are sure we have enough buffer */
+ state = xmlSecGnuTLSDnParseState_Key;
+ } else {
+ /* just skip space */
+ }
+ break;
+ case xmlSecGnuTLSDnParseState_Key:
+ /* we don't support
+ 1) <attribute><optional-space>"+"<optional-space><name-component>
+ 2) <attribute> ::= <string>
+ */
+ if(ch != '=') {
+ *(p++) = ch; /* we are sure we have enough buffer */
+ } else {
+ *(p) = '\0';
+ /* remove spaces back */
+ while((p > tmp) && (XMLSEC_GNUTLS_IS_SPACE(*(p - 1)))) {
+ *(--p) = '\0';
+ }
+
+ /* insert into the attrs */
+ if(pos >= attrsSize) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "Not enough space: size=%d", (int)attrsSize);
+ goto done;
+ }
+ attrs[pos].key = xmlStrdup(tmp);
+ if(attrs[pos].key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlStrdup",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)(xmlStrlen(tmp) + 1));
+ goto done;
+ }
+
+ state = xmlSecGnuTLSDnParseState_BeforeString;
+ p = tmp;
+ }
+ break;
+ case xmlSecGnuTLSDnParseState_BeforeString:
+ if(!XMLSEC_GNUTLS_IS_SPACE(ch)) {
+ if(ch != '\"') {
+ state = xmlSecGnuTLSDnParseState_String;
+ slash = 0;
+ --dn; /* small hack, so we can look at the same char
+ again with the correct state */
+ } else {
+ state = xmlSecGnuTLSDnParseState_QuotedString;
+ slash = 0;
+ }
+ } else {
+ /* just skip space */
+ }
+ break;
+ case xmlSecGnuTLSDnParseState_String:
+ if(slash == 1) {
+ *(p++) = ch; /* we are sure we have enough buffer */
+ slash = 0;
+ } else if(ch == '\\') {
+ slash = 1;
+ } else if((ch == ',') || (ch == ';') || (ch == '\0')) {
+ *(p) = '\0';
+ /* remove spaces back */
+ while((p > tmp) && (XMLSEC_GNUTLS_IS_SPACE(*(p - 1)))) {
+ *(--p) = '\0';
+ }
+
+ attrs[pos].value = xmlStrdup(tmp);
+ if(attrs[pos].value == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlStrdup",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)(xmlStrlen(tmp) + 1));
+ goto done;
+ }
+ state = xmlSecGnuTLSDnParseState_BeforeNameComponent;
+ ++pos;
+ p = tmp;
+ } else {
+ *(p++) = ch; /* we are sure we have enough buffer */
+ }
+ break;
+ case xmlSecGnuTLSDnParseState_QuotedString:
+ if(slash == 1) {
+ *(p++) = ch; /* we are sure we have enough buffer */
+ slash = 0;
+ } else if(ch == '\\') {
+ slash = 1;
+ } else if(ch == '\"') {
+ *(p) = '\0';
+ /* don't remove spaces for quoted string */
+
+ attrs[pos].value = xmlStrdup(tmp);
+ if(attrs[pos].value == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlStrdup",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)(xmlStrlen(tmp) + 1));
+ goto done;
+ }
+ state = xmlSecGnuTLSDnParseState_AfterQuotedString;
+ ++pos;
+ p = tmp;
+ } else {
+ *(p++) = ch; /* we are sure we have enough buffer */
+ }
+ break;
+ case xmlSecGnuTLSDnParseState_AfterQuotedString:
+ if(!XMLSEC_GNUTLS_IS_SPACE(ch)) {
+ if((ch == ',') || (ch == ';') || (ch == '\0')) {
+ state = xmlSecGnuTLSDnParseState_BeforeNameComponent;
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "Unexpected character %c (expected space or ',' or ';')",
+ ch);
+ goto done;
+ }
+ } else {
+ /* just skip space */
+ }
+ break;
+ }
+
+ if(ch == '\0') {
+ /* done */
+ break;
+ }
+ }
+
+ /* check end state */
+ if(state != xmlSecGnuTLSDnParseState_BeforeNameComponent) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "Unexpected state %d at the end of parsing",
+ (int)state);
+ goto done;
+ }
+
+ /* debug
+ {
+ xmlSecSize ii;
+ for(ii = 0; ii < attrsSize; ++ii) {
+ if(attrs[ii].key != NULL) {
+ printf("DEBUG: attrs - %s=>%s\n", attrs[ii].key, attrs[ii].value);
+ }
+ }
+ }
+ */
+
+ /* done */
+ res = 0;
+
+done:
+ if(tmp != NULL) {
+ xmlFree(tmp);
+ }
+ return(res);
+}
+
+
+#endif /* XMLSEC_NO_X509 */
+
+
+
diff --git a/src/gnutls/x509utils.h b/src/gnutls/x509utils.h
new file mode 100644
index 00000000..b939b248
--- /dev/null
+++ b/src/gnutls/x509utils.h
@@ -0,0 +1,143 @@
+/*
+ * XML Security Library
+ *
+ * THIS IS A PRIVATE XMLSEC HEADER FILE
+ * DON'T USE IT IN YOUR APPLICATION
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_GNUTLS_X509UTILS_H__
+#define __XMLSEC_GNUTLS_X509UTILS_H__
+
+#ifndef XMLSEC_PRIVATE
+#error "gnutls/x509utils.h file contains private xmlsec definitions and should not be used outside xmlsec or xmlsec-<crypto> libraries"
+#endif /* XMLSEC_PRIVATE */
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#ifndef XMLSEC_NO_X509
+
+/**************************************************************************
+ *
+ * X509 certs list
+ *
+ *****************************************************************************/
+#define xmlSecGnuTLSX509CrtListId \
+ xmlSecGnuTLSX509CrtListGetKlass()
+xmlSecPtrListId xmlSecGnuTLSX509CrtListGetKlass (void);
+
+/**************************************************************************
+ *
+ * X509 crls list
+ *
+ *****************************************************************************/
+#define xmlSecGnuTLSX509CrlListId \
+ xmlSecGnuTLSX509CrlListGetKlass()
+xmlSecPtrListId xmlSecGnuTLSX509CrlListGetKlass (void);
+
+/*************************************************************************
+ *
+ * x509 certs utils/helpers
+ *
+ ************************************************************************/
+gnutls_x509_crt_t xmlSecGnuTLSX509CertDup (gnutls_x509_crt_t src);
+xmlChar * xmlSecGnuTLSX509CertGetSubjectDN (gnutls_x509_crt_t cert);
+xmlChar * xmlSecGnuTLSX509CertGetIssuerDN (gnutls_x509_crt_t cert);
+xmlChar * xmlSecGnuTLSX509CertGetIssuerSerial (gnutls_x509_crt_t cert);
+xmlChar * xmlSecGnuTLSX509CertGetSKI (gnutls_x509_crt_t cert);
+gnutls_x509_crt_t xmlSecGnuTLSX509CertRead (const xmlSecByte* buf,
+ xmlSecSize size,
+ xmlSecKeyDataFormat format);
+gnutls_x509_crt_t xmlSecGnuTLSX509CertBase64DerRead (xmlChar* buf);
+xmlChar* xmlSecGnuTLSX509CertBase64DerWrite (gnutls_x509_crt_t cert,
+ int base64LineWrap);
+void xmlSecGnuTLSX509CertDebugDump (gnutls_x509_crt_t cert,
+ FILE* output);
+void xmlSecGnuTLSX509CertDebugXmlDump (gnutls_x509_crt_t cert,
+ FILE* output);
+
+/*************************************************************************
+ *
+ * x509 crls utils/helpers
+ *
+ ************************************************************************/
+gnutls_x509_crl_t xmlSecGnuTLSX509CrlDup (gnutls_x509_crl_t src);
+xmlChar * xmlSecGnuTLSX509CrLGetIssuerDN (gnutls_x509_crl_t crl);
+gnutls_x509_crl_t xmlSecGnuTLSX509CrlRead (const xmlSecByte* buf,
+ xmlSecSize size,
+ xmlSecKeyDataFormat format);
+gnutls_x509_crl_t xmlSecGnuTLSX509CrlBase64DerRead (xmlChar* buf);
+xmlChar* xmlSecGnuTLSX509CrlBase64DerWrite (gnutls_x509_crl_t crl,
+ int base64LineWrap);
+void xmlSecGnuTLSX509CrlDebugDump (gnutls_x509_crl_t crl,
+ FILE* output);
+void xmlSecGnuTLSX509CrlDebugXmlDump (gnutls_x509_crl_t crl,
+ FILE* output);
+
+/*************************************************************************
+ *
+ * Misc. utils/helpers
+ *
+ ************************************************************************/
+xmlChar* xmlSecGnuTLSASN1IntegerWrite (const unsigned char * data,
+ size_t len);
+
+
+
+/*************************************************************************
+ *
+ * pkcs12 utils/helpers
+ *
+ ************************************************************************/
+int xmlSecGnuTLSPkcs12LoadMemory (const xmlSecByte* data,
+ xmlSecSize dataSize,
+ const char *pwd,
+ gnutls_x509_privkey_t * priv_key,
+ gnutls_x509_crt_t * key_cert,
+ xmlSecPtrListPtr certsList);
+
+/*************************************************************************
+ *
+ * keydata utils/helpers
+ *
+ ************************************************************************/
+xmlSecKeyDataPtr xmlSecGnuTLSCreateKeyDataAndAdoptPrivKey(gnutls_x509_privkey_t priv_key);
+
+
+/*************************************************************************
+ *
+ * LDAP DN parser
+ *
+ ************************************************************************/
+typedef struct _xmlSecGnuTLSDnAttr {
+ xmlChar * key;
+ xmlChar * value;
+} xmlSecGnuTLSDnAttr;
+
+void xmlSecGnuTLSDnAttrsInitialize (xmlSecGnuTLSDnAttr * attrs,
+ xmlSecSize attrsSize);
+void xmlSecGnuTLSDnAttrsDeinitialize (xmlSecGnuTLSDnAttr * attrs,
+ xmlSecSize attrsSize);
+const xmlSecGnuTLSDnAttr * xmlSecGnuTLSDnAttrrsFind (const xmlSecGnuTLSDnAttr * attrs,
+ xmlSecSize attrsSize,
+ const xmlChar * key);
+int xmlSecGnuTLSDnAttrsEqual (const xmlSecGnuTLSDnAttr * ll,
+ xmlSecSize llSize,
+ const xmlSecGnuTLSDnAttr * rr,
+ xmlSecSize rrSize);
+int xmlSecGnuTLSDnAttrsParse (const xmlChar * dn,
+ xmlSecGnuTLSDnAttr * attrs,
+ xmlSecSize attrsSize);
+#endif /* XMLSEC_NO_X509 */
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+
+#endif /* ! __XMLSEC_GNUTLS_X509UTILS_H__ */
diff --git a/src/gnutls/x509vfy.c b/src/gnutls/x509vfy.c
new file mode 100644
index 00000000..fd15c5ac
--- /dev/null
+++ b/src/gnutls/x509vfy.c
@@ -0,0 +1,802 @@
+/**
+ * XMLSec library
+ *
+ * X509 support
+ *
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#ifndef XMLSEC_NO_X509
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/gnutls/crypto.h>
+#include <xmlsec/gnutls/x509.h>
+
+#include "x509utils.h"
+
+/**************************************************************************
+ *
+ * Internal GnuTLS X509 store CTX
+ *
+ *************************************************************************/
+typedef struct _xmlSecGnuTLSX509StoreCtx xmlSecGnuTLSX509StoreCtx,
+ *xmlSecGnuTLSX509StoreCtxPtr;
+struct _xmlSecGnuTLSX509StoreCtx {
+ xmlSecPtrList certsTrusted;
+ xmlSecPtrList certsUntrusted;
+};
+
+/****************************************************************************
+ *
+ * xmlSecGnuTLSKeyDataStoreX509Id:
+ *
+ * xmlSecGnuTLSX509StoreCtx is located after xmlSecTransform
+ *
+ ***************************************************************************/
+#define xmlSecGnuTLSX509StoreGetCtx(store) \
+ ((xmlSecGnuTLSX509StoreCtxPtr)(((xmlSecByte*)(store)) + \
+ sizeof(xmlSecKeyDataStoreKlass)))
+#define xmlSecGnuTLSX509StoreSize \
+ (sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecGnuTLSX509StoreCtx))
+
+static int xmlSecGnuTLSX509StoreInitialize (xmlSecKeyDataStorePtr store);
+static void xmlSecGnuTLSX509StoreFinalize (xmlSecKeyDataStorePtr store);
+
+static xmlSecKeyDataStoreKlass xmlSecGnuTLSX509StoreKlass = {
+ sizeof(xmlSecKeyDataStoreKlass),
+ xmlSecGnuTLSX509StoreSize,
+
+ /* data */
+ xmlSecNameX509Store, /* const xmlChar* name; */
+
+ /* constructors/destructor */
+ xmlSecGnuTLSX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */
+ xmlSecGnuTLSX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+static gnutls_x509_crt_t xmlSecGnuTLSX509FindCert (xmlSecPtrListPtr certs,
+ const xmlChar *subjectName,
+ const xmlChar *issuerName,
+ const xmlChar *issuerSerial,
+ const xmlChar *ski);
+static gnutls_x509_crt_t xmlSecGnuTLSX509FindSignedCert (xmlSecPtrListPtr certs,
+ gnutls_x509_crt_t cert);
+static gnutls_x509_crt_t xmlSecGnuTLSX509FindSignerCert (xmlSecPtrListPtr certs,
+ gnutls_x509_crt_t cert);
+
+
+/**
+ * xmlSecGnuTLSX509StoreGetKlass:
+ *
+ * The GnuTLS X509 certificates key data store klass.
+ *
+ * Returns: pointer to GnuTLS X509 certificates key data store klass.
+ */
+xmlSecKeyDataStoreId
+xmlSecGnuTLSX509StoreGetKlass(void) {
+ return(&xmlSecGnuTLSX509StoreKlass);
+}
+
+/**
+ * xmlSecGnuTLSX509StoreFindCert:
+ * @store: the pointer to X509 key data store klass.
+ * @subjectName: the desired certificate name.
+ * @issuerName: the desired certificate issuer name.
+ * @issuerSerial: the desired certificate issuer serial number.
+ * @ski: the desired certificate SKI.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ *
+ * Searches @store for a certificate that matches given criteria.
+ *
+ * Returns: pointer to found certificate or NULL if certificate is not found
+ * or an error occurs.
+ */
+gnutls_x509_crt_t
+xmlSecGnuTLSX509StoreFindCert(xmlSecKeyDataStorePtr store,
+ const xmlChar *subjectName,
+ const xmlChar *issuerName,
+ const xmlChar *issuerSerial,
+ const xmlChar *ski,
+ const xmlSecKeyInfoCtx* keyInfoCtx) {
+ xmlSecGnuTLSX509StoreCtxPtr ctx;
+ gnutls_x509_crt_t res = NULL;
+
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecGnuTLSX509StoreId), NULL);
+ xmlSecAssert2(keyInfoCtx != NULL, NULL);
+
+ ctx = xmlSecGnuTLSX509StoreGetCtx(store);
+ xmlSecAssert2(ctx != NULL, NULL);
+
+ if(res == NULL) {
+ res = xmlSecGnuTLSX509FindCert(&(ctx->certsTrusted), subjectName, issuerName, issuerSerial, ski);
+ }
+ if(res == NULL) {
+ res = xmlSecGnuTLSX509FindCert(&(ctx->certsUntrusted), subjectName, issuerName, issuerSerial, ski);
+ }
+ return(res);
+}
+
+static int
+xmlSecGnuTLSX509CheckTime(const gnutls_x509_crt_t * cert_list,
+ xmlSecSize cert_list_length,
+ time_t ts)
+{
+ time_t notValidBefore, notValidAfter;
+ xmlSecSize ii;
+
+ xmlSecAssert2(cert_list != NULL, -1);
+
+ for(ii = 0; ii < cert_list_length; ++ii) {
+ const gnutls_x509_crt_t cert = cert_list[ii];
+ if(cert == NULL) {
+ continue;
+ }
+
+ /* get expiration times */
+ notValidBefore = gnutls_x509_crt_get_activation_time(cert);
+ if(notValidBefore == (time_t)-1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_get_activation_time",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ notValidAfter = gnutls_x509_crt_get_expiration_time(cert);
+ if(notValidAfter == (time_t)-1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_get_expiration_time",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* check */
+ if(ts < notValidBefore) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_YET_VALID,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(0);
+ }
+ if(ts > notValidAfter) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_CERT_HAS_EXPIRED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(0);
+ }
+ }
+
+ /* GOOD! */
+ return(1);
+}
+
+/**
+ * xmlSecGnuTLSX509StoreVerify:
+ * @store: the pointer to X509 key data store klass.
+ * @certs: the untrusted certificates.
+ * @crls: the crls.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ *
+ * Verifies @certs list.
+ *
+ * Returns: pointer to the first verified certificate from @certs.
+ */
+gnutls_x509_crt_t
+xmlSecGnuTLSX509StoreVerify(xmlSecKeyDataStorePtr store,
+ xmlSecPtrListPtr certs,
+ xmlSecPtrListPtr crls,
+ const xmlSecKeyInfoCtx* keyInfoCtx) {
+ xmlSecGnuTLSX509StoreCtxPtr ctx;
+ gnutls_x509_crt_t res = NULL;
+ xmlSecSize certs_size = 0;
+ gnutls_x509_crt_t * cert_list = NULL;
+ xmlSecSize cert_list_length;
+ gnutls_x509_crl_t * crl_list = NULL;
+ xmlSecSize crl_list_length;
+ gnutls_x509_crt_t * ca_list = NULL;
+ xmlSecSize ca_list_length;
+ time_t verification_time;
+ unsigned int flags = 0;
+ xmlSecSize ii;
+ int ret;
+ int err;
+
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecGnuTLSX509StoreId), NULL);
+ xmlSecAssert2(certs != NULL, NULL);
+ xmlSecAssert2(crls != NULL, NULL);
+ xmlSecAssert2(keyInfoCtx != NULL, NULL);
+
+ certs_size = xmlSecPtrListGetSize(certs);
+ if(certs_size <= 0) {
+ /* nothing to do */
+ return(NULL);
+ }
+
+ ctx = xmlSecGnuTLSX509StoreGetCtx(store);
+ xmlSecAssert2(ctx != NULL, NULL);
+
+ /* Prepare */
+ cert_list_length = certs_size + xmlSecPtrListGetSize(&(ctx->certsUntrusted));
+ if(cert_list_length > 0) {
+ cert_list = (gnutls_x509_crt_t *)xmlMalloc(sizeof(gnutls_x509_crt_t) * cert_list_length);
+ if(cert_list == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)(sizeof(gnutls_x509_crt_t) * cert_list_length));
+ goto done;
+ }
+ }
+ crl_list_length = xmlSecPtrListGetSize(crls);
+ if(crl_list_length > 0) {
+ crl_list = (gnutls_x509_crl_t *)xmlMalloc(sizeof(gnutls_x509_crl_t) * crl_list_length);
+ if(crl_list == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)(sizeof(gnutls_x509_crl_t) * crl_list_length));
+ goto done;
+ }
+ for(ii = 0; ii < crl_list_length; ++ii) {
+ crl_list[ii] = xmlSecPtrListGetItem(crls, ii);
+ if(crl_list[ii] == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "xmlSecPtrListGetItem(crls)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ }
+ }
+
+ ca_list_length = xmlSecPtrListGetSize(&(ctx->certsTrusted));
+ if(ca_list_length > 0) {
+ ca_list = (gnutls_x509_crt_t *)xmlMalloc(sizeof(gnutls_x509_crt_t) * ca_list_length);
+ if(ca_list == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", (int)(sizeof(gnutls_x509_crt_t) * ca_list_length));
+ goto done;
+ }
+ for(ii = 0; ii < ca_list_length; ++ii) {
+ ca_list[ii] = xmlSecPtrListGetItem(&(ctx->certsTrusted), ii);
+ if(ca_list[ii] == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "xmlSecPtrListGetItem(certsTrusted)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ }
+ }
+
+ /* gnutls doesn't allow to specify "verification" timestamp so
+ we have to do it ourselves */
+ verification_time = (keyInfoCtx->certsVerificationTime > 0) ?
+ keyInfoCtx->certsVerificationTime :
+ time(0);
+ flags |= GNUTLS_VERIFY_DISABLE_TIME_CHECKS;
+
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_SKIP_STRICT_CHECKS) != 0) {
+ flags |= GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2;
+ flags |= GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5;
+ }
+
+ /* We are going to build all possible cert chains and try to verify them */
+ for(ii = 0; (ii < certs_size) && (res == NULL); ++ii) {
+ gnutls_x509_crt_t cert, cert2;
+ xmlSecSize cert_list_cur_length = 0;
+ unsigned int verify = 0;
+
+ cert = xmlSecPtrListGetItem(certs, ii);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "xmlSecPtrListGetItem(certs)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* check if we are the "leaf" node in the certs chain */
+ if(xmlSecGnuTLSX509FindSignedCert(certs, cert) != NULL) {
+ continue;
+ }
+
+ /* build the chain */
+ for(cert2 = cert, cert_list_cur_length = 0;
+ (cert2 != NULL) && (cert_list_cur_length < cert_list_length);
+ ++cert_list_cur_length)
+ {
+ gnutls_x509_crt_t tmp;
+
+ /* store */
+ cert_list[cert_list_cur_length] = cert2;
+
+ /* find next */
+ tmp = xmlSecGnuTLSX509FindSignerCert(certs, cert2);
+ if(tmp == NULL) {
+ tmp = xmlSecGnuTLSX509FindSignerCert(&(ctx->certsUntrusted), cert2);
+ }
+ cert2 = tmp;
+ }
+
+ /* try to verify */
+ err = gnutls_x509_crt_list_verify(
+ cert_list, (int)cert_list_cur_length, /* certs chain */
+ ca_list, (int)ca_list_length, /* trusted cas */
+ crl_list, (int)crl_list_length, /* crls */
+ flags, /* flags */
+ &verify);
+ if(err != GNUTLS_E_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_list_verify",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_GNUTLS_REPORT_ERROR(err));
+ /* don't stop, continue! */
+ continue;
+ } else if(verify != 0){
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_x509_crt_list_verify",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "Verification failed: verify=%u", verify);
+ /* don't stop, continue! */
+ continue;
+ }
+
+ /* gnutls doesn't allow to specify "verification" timestamp so
+ we have to do it ourselves */
+ ret = xmlSecGnuTLSX509CheckTime(cert_list, cert_list_cur_length, verification_time);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "Time verification failed");
+ /* don't stop, continue! */
+ continue;
+ }
+
+ /* DONE! */
+ res = cert;
+ }
+
+done:
+ /* cleanup */
+ if(ca_list != NULL) {
+ xmlFree(ca_list);
+ }
+ if(crl_list != NULL) {
+ xmlFree(crl_list);
+ }
+ if(cert_list != NULL) {
+ xmlFree(cert_list);
+ }
+
+ return(res);
+}
+
+/**
+ * xmlSecGnuTLSX509StoreAdoptCert:
+ * @store: the pointer to X509 key data store klass.
+ * @cert: the pointer to GnuTLS X509 certificate.
+ * @type: the certificate type (trusted/untrusted).
+ *
+ * Adds trusted (root) or untrusted certificate to the store.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecGnuTLSX509StoreAdoptCert(xmlSecKeyDataStorePtr store, gnutls_x509_crt_t cert, xmlSecKeyDataType type) {
+ xmlSecGnuTLSX509StoreCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecGnuTLSX509StoreId), -1);
+ xmlSecAssert2(cert != NULL, -1);
+
+ ctx = xmlSecGnuTLSX509StoreGetCtx(store);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if((type & xmlSecKeyDataTypeTrusted) != 0) {
+ ret = xmlSecPtrListAdd(&(ctx->certsTrusted), cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "xmlSecPtrListAdd(trusted)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else {
+ ret = xmlSecPtrListAdd(&(ctx->certsUntrusted), cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "xmlSecPtrListAdd(untrusted)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ /* done */
+ return(0);
+}
+
+static int
+xmlSecGnuTLSX509StoreInitialize(xmlSecKeyDataStorePtr store) {
+ xmlSecGnuTLSX509StoreCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecGnuTLSX509StoreId), -1);
+
+ ctx = xmlSecGnuTLSX509StoreGetCtx(store);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecGnuTLSX509StoreCtx));
+
+ ret = xmlSecPtrListInitialize(&(ctx->certsTrusted), xmlSecGnuTLSX509CrtListId);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "xmlSecPtrListInitialize(trusted)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecPtrListInitialize(&(ctx->certsUntrusted), xmlSecGnuTLSX509CrtListId);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "xmlSecPtrListInitialize(untrusted)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static void
+xmlSecGnuTLSX509StoreFinalize(xmlSecKeyDataStorePtr store) {
+ xmlSecGnuTLSX509StoreCtxPtr ctx;
+ xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecGnuTLSX509StoreId));
+
+ ctx = xmlSecGnuTLSX509StoreGetCtx(store);
+ xmlSecAssert(ctx != NULL);
+
+ xmlSecPtrListFinalize(&(ctx->certsTrusted));
+ xmlSecPtrListFinalize(&(ctx->certsUntrusted));
+
+ memset(ctx, 0, sizeof(xmlSecGnuTLSX509StoreCtx));
+}
+
+
+/*****************************************************************************
+ *
+ * Low-level x509 functions
+ *
+ *****************************************************************************/
+#define XMLSEC_GNUTLS_DN_ATTRS_SIZE 1024
+static int
+xmlSecGnuTLSX509DnsEqual(const xmlChar * ll, const xmlChar * rr) {
+ xmlSecGnuTLSDnAttr ll_attrs[XMLSEC_GNUTLS_DN_ATTRS_SIZE];
+ xmlSecGnuTLSDnAttr rr_attrs[XMLSEC_GNUTLS_DN_ATTRS_SIZE];
+ int ret;
+ int res = -1;
+
+ xmlSecAssert2(ll != NULL, -1);
+ xmlSecAssert2(rr != NULL, -1);
+
+ /* fast version first */
+ if(xmlStrEqual(ll, rr)) {
+ return(1);
+ }
+
+ /* prepare */
+ xmlSecGnuTLSDnAttrsInitialize(ll_attrs, XMLSEC_GNUTLS_DN_ATTRS_SIZE);
+ xmlSecGnuTLSDnAttrsInitialize(rr_attrs, XMLSEC_GNUTLS_DN_ATTRS_SIZE);
+
+ /* parse */
+ ret = xmlSecGnuTLSDnAttrsParse(ll, ll_attrs, XMLSEC_GNUTLS_DN_ATTRS_SIZE);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSDnAttrsParse(ll)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ ret = xmlSecGnuTLSDnAttrsParse(rr, rr_attrs, XMLSEC_GNUTLS_DN_ATTRS_SIZE);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSDnAttrsParse(rr)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* compare */
+ ret = xmlSecGnuTLSDnAttrsEqual(ll_attrs, XMLSEC_GNUTLS_DN_ATTRS_SIZE,
+ rr_attrs, XMLSEC_GNUTLS_DN_ATTRS_SIZE);
+ if(ret == 1) {
+ res = 1;
+ } else if(ret == 0) {
+ res = 0;
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSDnAttrsEqual",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+done:
+ xmlSecGnuTLSDnAttrsDeinitialize(ll_attrs, XMLSEC_GNUTLS_DN_ATTRS_SIZE);
+ xmlSecGnuTLSDnAttrsDeinitialize(rr_attrs, XMLSEC_GNUTLS_DN_ATTRS_SIZE);
+ return(res);
+}
+
+static gnutls_x509_crt_t
+xmlSecGnuTLSX509FindCert(xmlSecPtrListPtr certs,
+ const xmlChar *subjectName,
+ const xmlChar *issuerName,
+ const xmlChar *issuerSerial,
+ const xmlChar *ski) {
+ xmlSecSize ii, sz;
+
+ xmlSecAssert2(certs != NULL, NULL);
+
+ /* todo: this is not the fastest way to search certs */
+ sz = xmlSecPtrListGetSize(certs);
+ for(ii = 0; (ii < sz); ++ii) {
+ gnutls_x509_crt_t cert = xmlSecPtrListGetItem(certs, ii);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListGetItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%i", (int)ii);
+ return(NULL);
+ }
+
+ if(subjectName != NULL) {
+ xmlChar * tmp;
+
+ tmp = xmlSecGnuTLSX509CertGetSubjectDN(cert);
+ if(tmp == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertGetSubjectDN",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%i", (int)ii);
+ return(NULL);
+ }
+
+ if(xmlSecGnuTLSX509DnsEqual(subjectName, tmp) == 1) {
+ xmlFree(tmp);
+ return(cert);
+ }
+ xmlFree(tmp);
+ } else if((issuerName != NULL) && (issuerSerial != NULL)) {
+ xmlChar * tmp1;
+ xmlChar * tmp2;
+
+ tmp1 = xmlSecGnuTLSX509CertGetIssuerDN(cert);
+ if(tmp1 == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertGetIssuerDN",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%i", (int)ii);
+ return(NULL);
+ }
+
+ tmp2 = xmlSecGnuTLSX509CertGetIssuerSerial(cert);
+ if(tmp2 == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertGetIssuerSerial",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%i", (int)ii);
+ xmlFree(tmp1);
+ return(NULL);
+ }
+
+ if((xmlSecGnuTLSX509DnsEqual(issuerName, tmp1) == 1) && xmlStrEqual(issuerSerial, tmp2)) {
+ xmlFree(tmp1);
+ xmlFree(tmp2);
+ return(cert);
+ }
+ xmlFree(tmp1);
+ xmlFree(tmp2);
+ } else if(ski != NULL) {
+ xmlChar * tmp;
+
+ tmp = xmlSecGnuTLSX509CertGetSKI(cert);
+ if(tmp == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertGetSKI",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%i", (int)ii);
+ return(NULL);
+ }
+
+ if(xmlStrEqual(ski, tmp)) {
+ xmlFree(tmp);
+ return(cert);
+ }
+ xmlFree(tmp);
+ }
+ }
+
+ return(NULL);
+}
+
+/* signed cert has issuer dn equal to our's subject dn */
+static gnutls_x509_crt_t
+xmlSecGnuTLSX509FindSignedCert(xmlSecPtrListPtr certs, gnutls_x509_crt_t cert) {
+ gnutls_x509_crt_t res = NULL;
+ xmlChar * subject = NULL;
+ xmlSecSize ii, sz;
+
+ xmlSecAssert2(certs != NULL, NULL);
+ xmlSecAssert2(cert != NULL, NULL);
+
+ /* get subject */
+ subject = xmlSecGnuTLSX509CertGetSubjectDN(cert);
+ if(subject == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertGetSubjectDN",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* todo: this is not the fastest way to search certs */
+ sz = xmlSecPtrListGetSize(certs);
+ for(ii = 0; (ii < sz) && (res == NULL); ++ii) {
+ gnutls_x509_crt_t tmp;
+ xmlChar * issuer;
+
+ tmp = xmlSecPtrListGetItem(certs, ii);
+ if(tmp == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListGetItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%i", (int)ii);
+ goto done;
+ }
+
+ issuer = xmlSecGnuTLSX509CertGetIssuerDN(tmp);
+ if(issuer == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertGetIssuerDN",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%i", (int)ii);
+ goto done;
+ }
+
+ /* are we done? */
+ if(xmlSecGnuTLSX509DnsEqual(subject, issuer) == 1) {
+ res = tmp;
+ }
+ xmlFree(issuer);
+ }
+
+done:
+ if(subject != NULL) {
+ xmlFree(subject);
+ }
+ return(res);
+}
+
+/* signer cert has subject dn equal to our's issuer dn */
+static gnutls_x509_crt_t
+xmlSecGnuTLSX509FindSignerCert(xmlSecPtrListPtr certs, gnutls_x509_crt_t cert) {
+ gnutls_x509_crt_t res = NULL;
+ xmlChar * issuer = NULL;
+ xmlSecSize ii, sz;
+
+ xmlSecAssert2(certs != NULL, NULL);
+ xmlSecAssert2(cert != NULL, NULL);
+
+ /* get issuer */
+ issuer = xmlSecGnuTLSX509CertGetIssuerDN(cert);
+ if(issuer == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertGetIssuerDN",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* todo: this is not the fastest way to search certs */
+ sz = xmlSecPtrListGetSize(certs);
+ for(ii = 0; (ii < sz) && (res == NULL); ++ii) {
+ gnutls_x509_crt_t tmp;
+ xmlChar * subject;
+
+ tmp = xmlSecPtrListGetItem(certs, ii);
+ if(tmp == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListGetItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%i", (int)ii);
+ goto done;
+ }
+
+ subject = xmlSecGnuTLSX509CertGetSubjectDN(tmp);
+ if(subject == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSX509CertGetSubjectDN",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%i", (int)ii);
+ goto done;
+ }
+
+ /* are we done? */
+ if((xmlSecGnuTLSX509DnsEqual(issuer, subject) == 1)) {
+ res = tmp;
+ }
+ xmlFree(subject);
+ }
+
+done:
+ if(issuer != NULL) {
+ xmlFree(issuer);
+ }
+ return(res);
+}
+
+#endif /* XMLSEC_NO_X509 */
+
+
diff --git a/src/io.c b/src/io.c
new file mode 100644
index 00000000..42e91337
--- /dev/null
+++ b/src/io.c
@@ -0,0 +1,496 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Input uri transform and utility functions.
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+
+#include <libxml/uri.h>
+#include <libxml/tree.h>
+#include <libxml/xmlIO.h>
+
+#ifdef LIBXML_HTTP_ENABLED
+#include <libxml/nanohttp.h>
+#endif /* LIBXML_HTTP_ENABLED */
+
+#ifdef LIBXML_FTP_ENABLED
+#include <libxml/nanoftp.h>
+#endif /* LIBXML_FTP_ENABLED */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/io.h>
+#include <xmlsec/errors.h>
+
+/*******************************************************************
+ *
+ * Input I/O callback sets
+ *
+ ******************************************************************/
+typedef struct _xmlSecIOCallback {
+ xmlInputMatchCallback matchcallback;
+ xmlInputOpenCallback opencallback;
+ xmlInputReadCallback readcallback;
+ xmlInputCloseCallback closecallback;
+} xmlSecIOCallback, *xmlSecIOCallbackPtr;
+
+static xmlSecIOCallbackPtr xmlSecIOCallbackCreate (xmlInputMatchCallback matchFunc,
+ xmlInputOpenCallback openFunc,
+ xmlInputReadCallback readFunc,
+ xmlInputCloseCallback closeFunc);
+static void xmlSecIOCallbackDestroy (xmlSecIOCallbackPtr callbacks);
+
+static xmlSecIOCallbackPtr
+xmlSecIOCallbackCreate(xmlInputMatchCallback matchFunc, xmlInputOpenCallback openFunc,
+ xmlInputReadCallback readFunc, xmlInputCloseCallback closeFunc) {
+ xmlSecIOCallbackPtr callbacks;
+
+ xmlSecAssert2(matchFunc != NULL, NULL);
+
+ /* Allocate a new xmlSecIOCallback and fill the fields. */
+ callbacks = (xmlSecIOCallbackPtr)xmlMalloc(sizeof(xmlSecIOCallback));
+ if(callbacks == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "sizeof(xmlSecIOCallback)=%d",
+ sizeof(xmlSecIOCallback));
+ return(NULL);
+ }
+ memset(callbacks, 0, sizeof(xmlSecIOCallback));
+
+ callbacks->matchcallback = matchFunc;
+ callbacks->opencallback = openFunc;
+ callbacks->readcallback = readFunc;
+ callbacks->closecallback = closeFunc;
+
+ return(callbacks);
+}
+
+static void
+xmlSecIOCallbackDestroy(xmlSecIOCallbackPtr callbacks) {
+ xmlSecAssert(callbacks != NULL);
+
+ memset(callbacks, 0, sizeof(xmlSecIOCallback));
+ xmlFree(callbacks);
+}
+
+/*******************************************************************
+ *
+ * Input I/O callback list
+ *
+ ******************************************************************/
+static xmlSecPtrListKlass xmlSecIOCallbackPtrListKlass = {
+ BAD_CAST "io-callbacks-list",
+ NULL, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
+ (xmlSecPtrDestroyItemMethod)xmlSecIOCallbackDestroy,/* xmlSecPtrDestroyItemMethod destroyItem; */
+ NULL, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
+ NULL /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
+};
+
+#define xmlSecIOCallbackPtrListId xmlSecIOCallbackPtrListGetKlass ()
+static xmlSecPtrListId xmlSecIOCallbackPtrListGetKlass (void);
+static xmlSecIOCallbackPtr xmlSecIOCallbackPtrListFind (xmlSecPtrListPtr list,
+ const char* uri);
+
+/**
+ * xmlSecIOCallbackPtrListGetKlass:
+ *
+ * The keys list klass.
+ *
+ * Returns: keys list id.
+ */
+static xmlSecPtrListId
+xmlSecIOCallbackPtrListGetKlass(void) {
+ return(&xmlSecIOCallbackPtrListKlass);
+}
+
+static xmlSecIOCallbackPtr
+xmlSecIOCallbackPtrListFind(xmlSecPtrListPtr list, const char* uri) {
+ xmlSecIOCallbackPtr callbacks;
+ xmlSecSize i, size;
+
+ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecIOCallbackPtrListId), NULL);
+ xmlSecAssert2(uri != NULL, NULL);
+
+ size = xmlSecPtrListGetSize(list);
+ for(i = 0; i < size; ++i) {
+ callbacks = (xmlSecIOCallbackPtr)xmlSecPtrListGetItem(list, i);
+ xmlSecAssert2(callbacks != NULL, NULL);
+ xmlSecAssert2(callbacks->matchcallback != NULL, NULL);
+
+ if((callbacks->matchcallback(uri)) != 0) {
+ return(callbacks);
+ }
+ }
+ return(NULL);
+}
+
+static xmlSecPtrList xmlSecAllIOCallbacks;
+
+/**
+ * xmlSecIOInit:
+ *
+ * The IO initialization (called from #xmlSecInit function).
+ * Applications should not call this function directly.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecIOInit(void) {
+ int ret;
+
+ ret = xmlSecPtrListInitialize(&xmlSecAllIOCallbacks, xmlSecIOCallbackPtrListId);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListPtrInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+#ifdef LIBXML_HTTP_ENABLED
+ xmlNanoHTTPInit();
+#endif /* LIBXML_HTTP_ENABLED */
+
+#ifdef LIBXML_FTP_ENABLED
+ xmlNanoFTPInit();
+#endif /* LIBXML_FTP_ENABLED */
+
+ return(xmlSecIORegisterDefaultCallbacks());
+}
+
+/**
+ * xmlSecIOShutdown:
+ *
+ * The IO clenaup (called from #xmlSecShutdown function).
+ * Applications should not call this function directly.
+ */
+void
+xmlSecIOShutdown(void) {
+
+#ifdef LIBXML_HTTP_ENABLED
+ xmlNanoHTTPCleanup();
+#endif /* LIBXML_HTTP_ENABLED */
+
+#ifdef LIBXML_FTP_ENABLED
+ xmlNanoFTPCleanup();
+#endif /* LIBXML_FTP_ENABLED */
+
+ xmlSecPtrListFinalize(&xmlSecAllIOCallbacks);
+}
+
+/**
+ * xmlSecIOCleanupCallbacks:
+ *
+ * Clears the entire input callback table. this includes the
+ * compiled-in I/O.
+ */
+void
+xmlSecIOCleanupCallbacks(void) {
+ xmlSecPtrListEmpty(&xmlSecAllIOCallbacks);
+}
+
+/**
+ * xmlSecIORegisterCallbacks:
+ * @matchFunc: the protocol match callback.
+ * @openFunc: the open stream callback.
+ * @readFunc: the read from stream callback.
+ * @closeFunc: the close stream callback.
+ *
+ * Register a new set of I/O callback for handling parser input.
+ *
+ * Returns: the 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecIORegisterCallbacks(xmlInputMatchCallback matchFunc,
+ xmlInputOpenCallback openFunc, xmlInputReadCallback readFunc,
+ xmlInputCloseCallback closeFunc) {
+ xmlSecIOCallbackPtr callbacks;
+ int ret;
+
+ xmlSecAssert2(matchFunc != NULL, -1);
+
+ callbacks = xmlSecIOCallbackCreate(matchFunc, openFunc, readFunc, closeFunc);
+ if(callbacks == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecIOCallbackCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecPtrListAdd(&xmlSecAllIOCallbacks, callbacks);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecIOCallbackDestroy(callbacks);
+ return(-1);
+ }
+ return(0);
+}
+
+
+/**
+ * xmlSecIORegisterDefaultCallbacks:
+ *
+ * Registers the default compiled-in I/O handlers.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecIORegisterDefaultCallbacks(void) {
+ int ret;
+
+#ifdef LIBXML_HTTP_ENABLED
+ ret = xmlSecIORegisterCallbacks(xmlIOHTTPMatch, xmlIOHTTPOpen,
+ xmlIOHTTPRead, xmlIOHTTPClose);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecIORegisterCallbacks",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "http");
+ return(-1);
+ }
+#endif /* LIBXML_HTTP_ENABLED */
+
+#ifdef LIBXML_FTP_ENABLED
+ ret = xmlSecIORegisterCallbacks(xmlIOFTPMatch, xmlIOFTPOpen,
+ xmlIOFTPRead, xmlIOFTPClose);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecIORegisterCallbacks",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ftp");
+ return(-1);
+ }
+#endif /* LIBXML_FTP_ENABLED */
+
+ ret = xmlSecIORegisterCallbacks(xmlFileMatch, xmlFileOpen,
+ xmlFileRead, xmlFileClose);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecIORegisterCallbacks",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "file");
+ return(-1);
+ }
+
+ return(0);
+}
+
+
+
+
+/**************************************************************
+ *
+ * Input URI Transform
+ *
+ * xmlSecInputURICtx is located after xmlSecTransform
+ *
+ **************************************************************/
+typedef struct _xmlSecInputURICtx xmlSecInputURICtx,
+ *xmlSecInputURICtxPtr;
+struct _xmlSecInputURICtx {
+ xmlSecIOCallbackPtr clbks;
+ void* clbksCtx;
+};
+#define xmlSecTransformInputUriSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecInputURICtx))
+#define xmlSecTransformInputUriGetCtx(transform) \
+ ((xmlSecTransformCheckSize((transform), xmlSecTransformInputUriSize)) ? \
+ (xmlSecInputURICtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)) : \
+ (xmlSecInputURICtxPtr)NULL)
+
+static int xmlSecTransformInputURIInitialize (xmlSecTransformPtr transform);
+static void xmlSecTransformInputURIFinalize (xmlSecTransformPtr transform);
+static int xmlSecTransformInputURIPopBin (xmlSecTransformPtr transform,
+ xmlSecByte* data,
+ xmlSecSize maxDataSize,
+ xmlSecSize* dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+
+static xmlSecTransformKlass xmlSecTransformInputURIKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecTransformInputUriSize, /* xmlSecSize objSize */
+
+ BAD_CAST "input-uri", /* const xmlChar* name; */
+ NULL, /* const xmlChar* href; */
+ 0, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecTransformInputURIInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecTransformInputURIFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ NULL, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformInputURIPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ NULL, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecTransformInputURIGetKlass:
+ *
+ * The input uri transform klass. Reads binary data from an uri.
+ *
+ * Returns: input URI transform id.
+ */
+xmlSecTransformId
+xmlSecTransformInputURIGetKlass(void) {
+ return(&xmlSecTransformInputURIKlass);
+}
+
+/**
+ * xmlSecTransformInputURIOpen:
+ * @transform: the pointer to IO transform.
+ * @uri: the URL to open.
+ *
+ * Opens the given @uri for reading.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecTransformInputURIOpen(xmlSecTransformPtr transform, const xmlChar *uri) {
+ xmlSecInputURICtxPtr ctx;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformInputURIId), -1);
+ xmlSecAssert2(uri != NULL, -1);
+
+ ctx = xmlSecTransformInputUriGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->clbks == NULL, -1);
+ xmlSecAssert2(ctx->clbksCtx == NULL, -1);
+
+ /*
+ * Try to find one of the input accept method accepting that scheme
+ * Go in reverse to give precedence to user defined handlers.
+ * try with an unescaped version of the uri
+ */
+ if(ctx->clbks == NULL) {
+ char *unescaped;
+
+ unescaped = xmlURIUnescapeString((char*)uri, 0, NULL);
+ if (unescaped != NULL) {
+ ctx->clbks = xmlSecIOCallbackPtrListFind(&xmlSecAllIOCallbacks, unescaped);
+ if(ctx->clbks != NULL) {
+ ctx->clbksCtx = ctx->clbks->opencallback(unescaped);
+ }
+ xmlFree(unescaped);
+ }
+ }
+
+ /*
+ * If this failed try with a non-escaped uri this may be a strange
+ * filename
+ */
+ if (ctx->clbks == NULL) {
+ ctx->clbks = xmlSecIOCallbackPtrListFind(&xmlSecAllIOCallbacks, (char*)uri);
+ if(ctx->clbks != NULL) {
+ ctx->clbksCtx = ctx->clbks->opencallback((char*)uri);
+ }
+ }
+
+ if((ctx->clbks == NULL) || (ctx->clbksCtx == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "opencallback",
+ XMLSEC_ERRORS_R_IO_FAILED,
+ "uri=%s;errno=%d",
+ xmlSecErrorsSafeString(uri),
+ errno);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecTransformInputURIInitialize(xmlSecTransformPtr transform) {
+ xmlSecInputURICtxPtr ctx;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformInputURIId), -1);
+
+ ctx = xmlSecTransformInputUriGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecInputURICtx));
+ return(0);
+}
+
+static void
+xmlSecTransformInputURIFinalize(xmlSecTransformPtr transform) {
+ xmlSecInputURICtxPtr ctx;
+
+ xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecTransformInputURIId));
+
+ ctx = xmlSecTransformInputUriGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ if((ctx->clbksCtx != NULL) && (ctx->clbks != NULL) && (ctx->clbks->closecallback != NULL)) {
+ (ctx->clbks->closecallback)(ctx->clbksCtx);
+ }
+ memset(ctx, 0, sizeof(xmlSecInputURICtx));
+}
+
+static int
+xmlSecTransformInputURIPopBin(xmlSecTransformPtr transform, xmlSecByte* data,
+ xmlSecSize maxDataSize, xmlSecSize* dataSize,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecInputURICtxPtr ctx;
+
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformInputURIId), -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(dataSize != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecTransformInputUriGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if((ctx->clbksCtx != NULL) && (ctx->clbks != NULL) && (ctx->clbks->readcallback != NULL)) {
+ ret = (ctx->clbks->readcallback)(ctx->clbksCtx, (char*)data, (int)maxDataSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "readcallback",
+ XMLSEC_ERRORS_R_IO_FAILED,
+ "errno=%d", errno);
+ return(-1);
+ }
+ (*dataSize) = ret;
+ } else {
+ (*dataSize) = 0;
+ }
+ return(0);
+}
+
diff --git a/src/keyinfo.c b/src/keyinfo.c
new file mode 100644
index 00000000..00390fa7
--- /dev/null
+++ b/src/keyinfo.c
@@ -0,0 +1,1561 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * <dsig:KeyInfo/> element processing
+ * (http://www.w3.org/TR/xmlSec-core/#sec-KeyInfo:
+ *
+ * The KeyInfo Element
+ *
+ * KeyInfo is an optional element that enables the recipient(s) to obtain
+ * the key needed to validate the signature. KeyInfo may contain keys,
+ * names, certificates and other public key management information, such as
+ * in-band key distribution or key agreement data.
+ *
+ * Schema Definition:
+ *
+ * <element name="KeyInfo" type="ds:KeyInfoType"/>
+ * <complexType name="KeyInfoType" mixed="true">
+ * <choice maxOccurs="unbounded">
+ * <element ref="ds:KeyName"/>
+ * <element ref="ds:KeyValue"/>
+ * <element ref="ds:RetrievalMethod"/>
+ * <element ref="ds:X509Data"/>
+ * <element ref="ds:PGPData"/>
+ * <element ref="ds:SPKIData"/>
+ * <element ref="ds:MgmtData"/>
+ * <any processContents="lax" namespace="##other"/>
+ * <!-- (1,1) elements from (0,unbounded) namespaces -->
+ * </choice>
+ * <attribute name="Id" type="ID" use="optional"/>
+ * </complexType>
+ *
+ * DTD:
+ *
+ * <!ELEMENT KeyInfo (#PCDATA|KeyName|KeyValue|RetrievalMethod|
+ * X509Data|PGPData|SPKIData|MgmtData %KeyInfo.ANY;)* >
+ * <!ATTLIST KeyInfo Id ID #IMPLIED >
+ *
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/xmlenc.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/errors.h>
+
+
+/**************************************************************************
+ *
+ * High-level functions
+ *
+ *************************************************************************/
+/**
+ * xmlSecKeyInfoNodeRead:
+ * @keyInfoNode: the pointer to <dsig:KeyInfo/> node.
+ * @key: the pointer to result key object.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ *
+ * Parses the <dsig:KeyInfo/> element @keyInfoNode, extracts the key data
+ * and stores into @key.
+ *
+ * Returns: 0 on success or -1 if an error occurs.
+ */
+int
+xmlSecKeyInfoNodeRead(xmlNodePtr keyInfoNode, xmlSecKeyPtr key, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ const xmlChar* nodeName;
+ const xmlChar* nodeNs;
+ xmlSecKeyDataId dataId;
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(keyInfoNode != NULL, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyInfoCtx->mode == xmlSecKeyInfoModeRead, -1);
+
+ for(cur = xmlSecGetNextElementNode(keyInfoNode->children);
+ (cur != NULL) &&
+ (((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND) != 0) ||
+ (xmlSecKeyIsValid(key) == 0) ||
+ (xmlSecKeyMatch(key, NULL, &(keyInfoCtx->keyReq)) == 0));
+ cur = xmlSecGetNextElementNode(cur->next)) {
+
+ /* find data id */
+ nodeName = cur->name;
+ nodeNs = xmlSecGetNodeNsHref(cur);
+
+ /* use global list only if we don't have a local one */
+ if(xmlSecPtrListGetSize(&(keyInfoCtx->enabledKeyData)) > 0) {
+ dataId = xmlSecKeyDataIdListFindByNode(&(keyInfoCtx->enabledKeyData),
+ nodeName, nodeNs, xmlSecKeyDataUsageKeyInfoNodeRead);
+ } else {
+ dataId = xmlSecKeyDataIdListFindByNode(xmlSecKeyDataIdsGet(),
+ nodeName, nodeNs, xmlSecKeyDataUsageKeyInfoNodeRead);
+ }
+ if(dataId != xmlSecKeyDataIdUnknown) {
+ /* read data node */
+ ret = xmlSecKeyDataXmlRead(dataId, key, cur, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
+ "xmlSecKeyDataXmlRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+ } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_UNKNOWN_CHILD) != 0) {
+ /* there is a laxi schema validation but application may
+ * desire to disable unknown nodes*/
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecKeyInfoNodeWrite:
+ * @keyInfoNode: the pointer to <dsig:KeyInfo/> node.
+ * @key: the pointer to key object.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ *
+ * Writes the @key into the <dsig:KeyInfo/> element template @keyInfoNode.
+ *
+ * Returns: 0 on success or -1 if an error occurs.
+ */
+int
+xmlSecKeyInfoNodeWrite(xmlNodePtr keyInfoNode, xmlSecKeyPtr key, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ const xmlChar* nodeName;
+ const xmlChar* nodeNs;
+ xmlSecKeyDataId dataId;
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(keyInfoNode != NULL, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyInfoCtx->mode == xmlSecKeyInfoModeWrite, -1);
+
+ for(cur = xmlSecGetNextElementNode(keyInfoNode->children);
+ cur != NULL;
+ cur = xmlSecGetNextElementNode(cur->next)) {
+
+ /* find data id */
+ nodeName = cur->name;
+ nodeNs = xmlSecGetNodeNsHref(cur);
+
+ /* use global list only if we don't have a local one */
+ if(xmlSecPtrListGetSize(&(keyInfoCtx->enabledKeyData)) > 0) {
+ dataId = xmlSecKeyDataIdListFindByNode(&(keyInfoCtx->enabledKeyData),
+ nodeName, nodeNs,
+ xmlSecKeyDataUsageKeyInfoNodeWrite);
+ } else {
+ dataId = xmlSecKeyDataIdListFindByNode(xmlSecKeyDataIdsGet(),
+ nodeName, nodeNs,
+ xmlSecKeyDataUsageKeyInfoNodeWrite);
+ }
+ if(dataId != xmlSecKeyDataIdUnknown) {
+ ret = xmlSecKeyDataXmlWrite(dataId, key, cur, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
+ "xmlSecKeyDataXmlWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+ } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_UNKNOWN_CHILD) != 0) {
+ /* laxi schema validation but application can disable it*/
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ return(0);
+}
+
+/**************************************************************************
+ *
+ * KeyInfo context
+ *
+ *************************************************************************/
+/**
+ * xmlSecKeyInfoCtxCreate:
+ * @keysMngr: the pointer to keys manager (may be NULL).
+ *
+ * Allocates and initializes <dsig:KeyInfo/> element processing context.
+ * Caller is responsible for freeing it by calling #xmlSecKeyInfoCtxDestroy
+ * function.
+ *
+ * Returns: pointer to newly allocated object or NULL if an error occurs.
+ */
+xmlSecKeyInfoCtxPtr
+xmlSecKeyInfoCtxCreate(xmlSecKeysMngrPtr keysMngr) {
+ xmlSecKeyInfoCtxPtr keyInfoCtx;
+ int ret;
+
+ /* Allocate a new xmlSecKeyInfoCtx and fill the fields. */
+ keyInfoCtx = (xmlSecKeyInfoCtxPtr)xmlMalloc(sizeof(xmlSecKeyInfoCtx));
+ if(keyInfoCtx == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", sizeof(xmlSecKeyInfoCtx));
+ return(NULL);
+ }
+
+ ret = xmlSecKeyInfoCtxInitialize(keyInfoCtx, keysMngr);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyInfoCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyInfoCtxDestroy(keyInfoCtx);
+ return(NULL);
+ }
+
+ return(keyInfoCtx);
+}
+
+/**
+ * xmlSecKeyInfoCtxDestroy:
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ *
+ * Destroys @keyInfoCtx object created with #xmlSecKeyInfoCtxCreate function.
+ */
+void
+xmlSecKeyInfoCtxDestroy(xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert(keyInfoCtx != NULL);
+
+ xmlSecKeyInfoCtxFinalize(keyInfoCtx);
+ xmlFree(keyInfoCtx);
+}
+
+/**
+ * xmlSecKeyInfoCtxInitialize:
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ * @keysMngr: the pointer to keys manager (may be NULL).
+ *
+ * Initializes <dsig:KeyInfo/> element processing context. Caller is
+ * responsible for cleaning it up by #xmlSecKeyInfoCtxFinalize function.
+ *
+ * Returns: 0 on success and a negative value if an error occurs.
+ */
+int
+xmlSecKeyInfoCtxInitialize(xmlSecKeyInfoCtxPtr keyInfoCtx, xmlSecKeysMngrPtr keysMngr) {
+ int ret;
+
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ memset(keyInfoCtx, 0, sizeof(xmlSecKeyInfoCtx));
+ keyInfoCtx->keysMngr = keysMngr;
+ keyInfoCtx->base64LineSize = xmlSecBase64GetDefaultLineSize();
+ ret = xmlSecPtrListInitialize(&(keyInfoCtx->enabledKeyData), xmlSecKeyDataIdListId);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ keyInfoCtx->maxRetrievalMethodLevel = 1;
+ ret = xmlSecTransformCtxInitialize(&(keyInfoCtx->retrievalMethodCtx));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+#ifndef XMLSEC_NO_XMLENC
+ keyInfoCtx->maxEncryptedKeyLevel = 1;
+#endif /* XMLSEC_NO_XMLENC */
+
+#ifndef XMLSEC_NO_X509
+ keyInfoCtx->certsVerificationDepth= 9;
+#endif /* XMLSEC_NO_X509 */
+
+ ret = xmlSecKeyReqInitialize(&(keyInfoCtx->keyReq));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyReqInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecKeyInfoCtxFinalize:
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ *
+ * Cleans up the @keyInfoCtx initialized with #xmlSecKeyInfoCtxInitialize
+ * function.
+ */
+void
+xmlSecKeyInfoCtxFinalize(xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert(keyInfoCtx != NULL);
+
+ xmlSecPtrListFinalize(&(keyInfoCtx->enabledKeyData));
+ xmlSecTransformCtxFinalize(&(keyInfoCtx->retrievalMethodCtx));
+ xmlSecKeyReqFinalize(&(keyInfoCtx->keyReq));
+
+#ifndef XMLSEC_NO_XMLENC
+ if(keyInfoCtx->encCtx != NULL) {
+ xmlSecEncCtxDestroy(keyInfoCtx->encCtx);
+ }
+#endif /* XMLSEC_NO_XMLENC */
+
+ memset(keyInfoCtx, 0, sizeof(xmlSecKeyInfoCtx));
+}
+
+/**
+ * xmlSecKeyInfoCtxReset:
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ *
+ * Resets the @keyInfoCtx state. User settings are not changed.
+ */
+void
+xmlSecKeyInfoCtxReset(xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert(keyInfoCtx != NULL);
+
+ xmlSecTransformCtxReset(&(keyInfoCtx->retrievalMethodCtx));
+ keyInfoCtx->curRetrievalMethodLevel = 0;
+
+#ifndef XMLSEC_NO_XMLENC
+ if(keyInfoCtx->encCtx != NULL) {
+ xmlSecEncCtxReset(keyInfoCtx->encCtx);
+ }
+ keyInfoCtx->curEncryptedKeyLevel = 0;
+#endif /* XMLSEC_NO_XMLENC */
+
+ xmlSecKeyReqReset(&(keyInfoCtx->keyReq));
+}
+
+/**
+ * xmlSecKeyInfoCtxCreateEncCtx:
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ *
+ * Creates encryption context form processing <enc:EncryptedKey/> child
+ * of <dsig:KeyInfo/> element.
+ *
+ * Returns: 0 on success and a negative value if an error occurs.
+ */
+int
+xmlSecKeyInfoCtxCreateEncCtx(xmlSecKeyInfoCtxPtr keyInfoCtx) {
+#ifndef XMLSEC_NO_XMLENC
+ xmlSecEncCtxPtr tmp;
+ int ret;
+
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyInfoCtx->encCtx == NULL, -1);
+
+ /* we have to use tmp variable to avoid a recursive loop */
+ tmp = xmlSecEncCtxCreate(keyInfoCtx->keysMngr);
+ if(tmp == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecEncCtxCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ tmp->mode = xmlEncCtxModeEncryptedKey;
+
+ /* copy user preferences from our current ctx */
+ switch(keyInfoCtx->mode) {
+ case xmlSecKeyInfoModeRead:
+ ret = xmlSecKeyInfoCtxCopyUserPref(&(tmp->keyInfoReadCtx), keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyInfoCtxCopyUserPref",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecEncCtxDestroy(tmp);
+ return(-1);
+ }
+ break;
+ case xmlSecKeyInfoModeWrite:
+ ret = xmlSecKeyInfoCtxCopyUserPref(&(tmp->keyInfoWriteCtx), keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyInfoCtxCopyUserPref",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecEncCtxDestroy(tmp);
+ return(-1);
+ }
+ break;
+ }
+ keyInfoCtx->encCtx = tmp;
+
+ return(0);
+#else /* XMLSEC_NO_XMLENC */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xml encryption",
+ XMLSEC_ERRORS_R_DISABLED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+#endif /* XMLSEC_NO_XMLENC */
+}
+
+/**
+ * xmlSecKeyInfoCtxCopyUserPref:
+ * @dst: the pointer to destination context object.
+ * @src: the pointer to source context object.
+ *
+ * Copies user preferences from @src context to @dst context.
+ *
+ * Returns: 0 on success and a negative value if an error occurs.
+ */
+int
+xmlSecKeyInfoCtxCopyUserPref(xmlSecKeyInfoCtxPtr dst, xmlSecKeyInfoCtxPtr src) {
+ int ret;
+
+ xmlSecAssert2(dst != NULL, -1);
+ xmlSecAssert2(src != NULL, -1);
+
+ dst->userData = src->userData;
+ dst->flags = src->flags;
+ dst->flags2 = src->flags2;
+ dst->keysMngr = src->keysMngr;
+ dst->mode = src->mode;
+ dst->base64LineSize = src->base64LineSize;
+
+ ret = xmlSecPtrListCopy(&(dst->enabledKeyData), &(src->enabledKeyData));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListCopy",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "enabledKeyData");
+ return(-1);
+ }
+
+ /* <dsig:RetrievalMethod/> */
+ dst->maxRetrievalMethodLevel= src->maxRetrievalMethodLevel;
+ ret = xmlSecTransformCtxCopyUserPref(&(dst->retrievalMethodCtx),
+ &(src->retrievalMethodCtx));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxCopyUserPref",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "enabledKeyData");
+ return(-1);
+ }
+
+ /* <enc:EncryptedContext /> */
+#ifndef XMLSEC_NO_XMLENC
+ xmlSecAssert2(dst->encCtx == NULL, -1);
+ if(src->encCtx != NULL) {
+ dst->encCtx = xmlSecEncCtxCreate(dst->keysMngr);
+ if(dst->encCtx == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecEncCtxCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ dst->encCtx->mode = xmlEncCtxModeEncryptedKey;
+ ret = xmlSecEncCtxCopyUserPref(dst->encCtx, src->encCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecEncCtxCopyUserPref",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ dst->maxEncryptedKeyLevel = src->maxEncryptedKeyLevel;
+#endif /* XMLSEC_NO_XMLENC */
+
+ /* <dsig:X509Data /> */
+#ifndef XMLSEC_NO_X509
+ dst->certsVerificationTime = src->certsVerificationTime;
+ dst->certsVerificationDepth = src->certsVerificationDepth;
+#endif /* XMLSEC_NO_X509 */
+
+ return(0);
+}
+
+/**
+ * xmlSecKeyInfoCtxDebugDump:
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ * @output: the output file pointer.
+ *
+ * Prints user settings and current context state to @output.
+ */
+void
+xmlSecKeyInfoCtxDebugDump(xmlSecKeyInfoCtxPtr keyInfoCtx, FILE* output) {
+ xmlSecAssert(keyInfoCtx != NULL);
+ xmlSecAssert(output != NULL);
+
+ switch(keyInfoCtx->mode) {
+ case xmlSecKeyInfoModeRead:
+ fprintf(output, "= KEY INFO READ CONTEXT\n");
+ break;
+ case xmlSecKeyInfoModeWrite:
+ fprintf(output, "= KEY INFO WRITE CONTEXT\n");
+ break;
+ }
+
+ fprintf(output, "== flags: 0x%08x\n", keyInfoCtx->flags);
+ fprintf(output, "== flags2: 0x%08x\n", keyInfoCtx->flags2);
+ if(xmlSecPtrListGetSize(&(keyInfoCtx->enabledKeyData)) > 0) {
+ fprintf(output, "== enabled key data: ");
+ xmlSecKeyDataIdListDebugDump(&(keyInfoCtx->enabledKeyData), output);
+ } else {
+ fprintf(output, "== enabled key data: all\n");
+ }
+ fprintf(output, "== RetrievalMethod level (cur/max): %d/%d\n",
+ keyInfoCtx->curRetrievalMethodLevel,
+ keyInfoCtx->maxRetrievalMethodLevel);
+ xmlSecTransformCtxDebugDump(&(keyInfoCtx->retrievalMethodCtx), output);
+
+#ifndef XMLSEC_NO_XMLENC
+ fprintf(output, "== EncryptedKey level (cur/max): %d/%d\n",
+ keyInfoCtx->curEncryptedKeyLevel,
+ keyInfoCtx->maxEncryptedKeyLevel);
+ if(keyInfoCtx->encCtx != NULL) {
+ xmlSecEncCtxDebugDump(keyInfoCtx->encCtx, output);
+ }
+#endif /* XMLSEC_NO_XMLENC */
+
+ xmlSecKeyReqDebugDump(&(keyInfoCtx->keyReq), output);
+}
+
+/**
+ * xmlSecKeyInfoCtxDebugXmlDump:
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ * @output: the output file pointer.
+ *
+ * Prints user settings and current context state in XML format to @output.
+ */
+void
+xmlSecKeyInfoCtxDebugXmlDump(xmlSecKeyInfoCtxPtr keyInfoCtx, FILE* output) {
+ xmlSecAssert(keyInfoCtx != NULL);
+ xmlSecAssert(output != NULL);
+
+ switch(keyInfoCtx->mode) {
+ case xmlSecKeyInfoModeRead:
+ fprintf(output, "<KeyInfoReadContext>\n");
+ break;
+ case xmlSecKeyInfoModeWrite:
+ fprintf(output, "<KeyInfoWriteContext>\n");
+ break;
+ }
+
+ fprintf(output, "<Flags>%08x</Flags>\n", keyInfoCtx->flags);
+ fprintf(output, "<Flags2>%08x</Flags2>\n", keyInfoCtx->flags2);
+ if(xmlSecPtrListGetSize(&(keyInfoCtx->enabledKeyData)) > 0) {
+ fprintf(output, "<EnabledKeyData>\n");
+ xmlSecKeyDataIdListDebugXmlDump(&(keyInfoCtx->enabledKeyData), output);
+ fprintf(output, "</EnabledKeyData>\n");
+ } else {
+ fprintf(output, "<EnabledKeyData>all</EnabledKeyData>\n");
+ }
+
+ fprintf(output, "<RetrievalMethodLevel cur=\"%d\" max=\"%d\" />\n",
+ keyInfoCtx->curRetrievalMethodLevel,
+ keyInfoCtx->maxRetrievalMethodLevel);
+ xmlSecTransformCtxDebugXmlDump(&(keyInfoCtx->retrievalMethodCtx), output);
+
+#ifndef XMLSEC_NO_XMLENC
+ fprintf(output, "<EncryptedKeyLevel cur=\"%d\" max=\"%d\" />\n",
+ keyInfoCtx->curEncryptedKeyLevel,
+ keyInfoCtx->maxEncryptedKeyLevel);
+ if(keyInfoCtx->encCtx != NULL) {
+ xmlSecEncCtxDebugXmlDump(keyInfoCtx->encCtx, output);
+ }
+#endif /* XMLSEC_NO_XMLENC */
+
+ xmlSecKeyReqDebugXmlDump(&(keyInfoCtx->keyReq), output);
+ switch(keyInfoCtx->mode) {
+ case xmlSecKeyInfoModeRead:
+ fprintf(output, "</KeyInfoReadContext>\n");
+ break;
+ case xmlSecKeyInfoModeWrite:
+ fprintf(output, "</KeyInfoWriteContext>\n");
+ break;
+ }
+}
+
+/**************************************************************************
+ *
+ * <dsig:KeyName/> processing
+ *
+ *************************************************************************/
+static int xmlSecKeyDataNameXmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecKeyDataNameXmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+
+static xmlSecKeyDataKlass xmlSecKeyDataNameKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ sizeof(xmlSecKeyData),
+
+ /* data */
+ xmlSecNameKeyName,
+ xmlSecKeyDataUsageKeyInfoNode, /* xmlSecKeyDataUsage usage; */
+ NULL, /* const xmlChar* href; */
+ xmlSecNodeKeyName, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ NULL, /* xmlSecKeyDataInitializeMethod initialize; */
+ NULL, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ NULL, /* xmlSecKeyDataFinalizeMethod finalize; */
+ NULL, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ NULL, /* xmlSecKeyDataGetTypeMethod getType; */
+ NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecKeyDataNameXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecKeyDataNameXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ NULL, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ NULL, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecKeyDataNameGetKlass:
+ *
+ * The <dsig:KeyName/> element key data klass
+ * (http://www.w3.org/TR/xmldsig-core/#sec-KeyName):
+ *
+ * The KeyName element contains a string value (in which white space is
+ * significant) which may be used by the signer to communicate a key
+ * identifier to the recipient. Typically, KeyName contains an identifier
+ * related to the key pair used to sign the message, but it may contain
+ * other protocol-related information that indirectly identifies a key pair.
+ * (Common uses of KeyName include simple string names for keys, a key index,
+ * a distinguished name (DN), an email address, etc.)
+ *
+ * Returns: the <dsig:KeyName/> element processing key data klass.
+ */
+xmlSecKeyDataId
+xmlSecKeyDataNameGetKlass(void) {
+ return(&xmlSecKeyDataNameKlass);
+}
+
+static int
+xmlSecKeyDataNameXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ const xmlChar* oldName;
+ xmlChar* newName;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecKeyDataNameId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyInfoCtx->mode == xmlSecKeyInfoModeRead, -1);
+
+ oldName = xmlSecKeyGetName(key);
+ newName = xmlNodeGetContent(node);
+ if(newName == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ /* TODO: do we need to decode the name? */
+
+ /* compare name values */
+ if((oldName != NULL) && !xmlStrEqual(oldName, newName)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "key name is already specified",
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(newName);
+ return(-1);
+ }
+
+ /* try to find key in the manager */
+ if((xmlSecKeyGetValue(key) == NULL) && (keyInfoCtx->keysMngr != NULL)) {
+ xmlSecKeyPtr tmpKey;
+
+ tmpKey = xmlSecKeysMngrFindKey(keyInfoCtx->keysMngr, newName, keyInfoCtx);
+ if(tmpKey != NULL) {
+ /* erase any current information in the key */
+ xmlSecKeyEmpty(key);
+
+ /* TODO: since we will destroy tmpKey anyway, we can easily
+ * just re-assign key data values. It'll save use some memory
+ * malloc/free
+ */
+
+ /* and copy what we've found */
+ ret = xmlSecKeyCopy(key, tmpKey);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyCopy",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(tmpKey);
+ xmlFree(newName);
+ return(-1);
+ }
+ xmlSecKeyDestroy(tmpKey);
+ }
+ }
+
+ /* finally set key name if it is not there */
+ if(xmlSecKeyGetName(key) == NULL) {
+ xmlSecKeySetName(key, newName);
+ }
+ xmlFree(newName);
+ return(0);
+}
+
+static int
+xmlSecKeyDataNameXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ const xmlChar* name;
+
+ xmlSecAssert2(id == xmlSecKeyDataNameId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyInfoCtx->mode == xmlSecKeyInfoModeWrite, -1);
+
+ name = xmlSecKeyGetName(key);
+ if(name != NULL) {
+ xmlSecNodeEncodeAndSetContent(node, name);
+ }
+ return(0);
+}
+
+/**************************************************************************
+ *
+ * <dsig:KeyValue/> processing
+ *
+ *************************************************************************/
+static int xmlSecKeyDataValueXmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecKeyDataValueXmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+
+static xmlSecKeyDataKlass xmlSecKeyDataValueKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ sizeof(xmlSecKeyData),
+
+ /* data */
+ xmlSecNameKeyValue,
+ xmlSecKeyDataUsageKeyInfoNode, /* xmlSecKeyDataUsage usage; */
+ NULL, /* const xmlChar* href; */
+ xmlSecNodeKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ NULL, /* xmlSecKeyDataInitializeMethod initialize; */
+ NULL, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ NULL, /* xmlSecKeyDataFinalizeMethod finalize; */
+ NULL, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ NULL, /* xmlSecKeyDataGetTypeMethod getType; */
+ NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecKeyDataValueXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecKeyDataValueXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ NULL, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ NULL, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecKeyDataValueGetKlass:
+ *
+ * The <dsig:KeyValue/> element key data klass
+ * (http://www.w3.org/TR/xmldsig-core/#sec-KeyValue):
+ *
+ * The KeyValue element contains a single public key that may be useful in
+ * validating the signature.
+ *
+ * Returns: the <dsig:KeyValue/> element processing key data klass.
+ */
+xmlSecKeyDataId
+xmlSecKeyDataValueGetKlass(void) {
+ return(&xmlSecKeyDataValueKlass);
+}
+
+static int
+xmlSecKeyDataValueXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ const xmlChar* nodeName;
+ const xmlChar* nodeNs;
+ xmlSecKeyDataId dataId;
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecKeyDataValueId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyInfoCtx->mode == xmlSecKeyInfoModeRead, -1);
+
+ cur = xmlSecGetNextElementNode(node->children);
+ if(cur == NULL) {
+ /* just an empty node */
+ return(0);
+ }
+
+ /* find data id */
+ nodeName = cur->name;
+ nodeNs = xmlSecGetNodeNsHref(cur);
+
+ /* use global list only if we don't have a local one */
+ if(xmlSecPtrListGetSize(&(keyInfoCtx->enabledKeyData)) > 0) {
+ dataId = xmlSecKeyDataIdListFindByNode(&(keyInfoCtx->enabledKeyData),
+ nodeName, nodeNs, xmlSecKeyDataUsageKeyValueNodeRead);
+ } else {
+ dataId = xmlSecKeyDataIdListFindByNode(xmlSecKeyDataIdsGet(),
+ nodeName, nodeNs, xmlSecKeyDataUsageKeyValueNodeRead);
+ }
+ if(dataId != xmlSecKeyDataIdUnknown) {
+ /* read data node */
+ ret = xmlSecKeyDataXmlRead(dataId, key, cur, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataXmlRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+ } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_KEYVALUE_STOP_ON_UNKNOWN_CHILD) != 0) {
+ /* laxi schema validation but application can disable it */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* <dsig:KeyValue/> might have only one node */
+ cur = xmlSecGetNextElementNode(cur->next);
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecKeyDataValueXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ const xmlChar* nodeName;
+ const xmlChar* nodeNs;
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecKeyDataValueId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyInfoCtx->mode == xmlSecKeyInfoModeWrite, -1);
+
+ if(!xmlSecKeyDataIsValid(key->value) ||
+ !xmlSecKeyDataCheckUsage(key->value, xmlSecKeyDataUsageKeyValueNodeWrite)){
+ /* nothing to write */
+ return(0);
+ }
+ if((xmlSecPtrListGetSize(&(keyInfoCtx->enabledKeyData)) > 0) &&
+ (xmlSecKeyDataIdListFind(&(keyInfoCtx->enabledKeyData), id) != 1)) {
+
+ /* we are not enabled to write out key data with this id */
+ return(0);
+ }
+ if(xmlSecKeyReqMatchKey(&(keyInfoCtx->keyReq), key) != 1) {
+ /* we are not allowed to write out this key */
+ return(0);
+ }
+
+ nodeName = key->value->id->dataNodeName;
+ nodeNs = key->value->id->dataNodeNs;
+ xmlSecAssert2(nodeName != NULL, -1);
+
+ /* remove all existing key value */
+ xmlNodeSetContent(node, NULL);
+
+ /* create key node */
+ cur = xmlSecAddChild(node, nodeName, nodeNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
+ return(-1);
+ }
+
+ ret = xmlSecKeyDataXmlWrite(key->value->id, key, cur, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataXmlWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**************************************************************************
+ *
+ * <dsig:RetrievalMethod/> processing
+ *
+ *************************************************************************/
+static int xmlSecKeyDataRetrievalMethodXmlRead(xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecKeyDataRetrievalMethodXmlWrite(xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+
+
+
+static xmlSecKeyDataKlass xmlSecKeyDataRetrievalMethodKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ sizeof(xmlSecKeyData),
+
+ /* data */
+ xmlSecNameRetrievalMethod,
+ xmlSecKeyDataUsageKeyInfoNode, /* xmlSecKeyDataUsage usage; */
+ NULL, /* const xmlChar* href; */
+ xmlSecNodeRetrievalMethod, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ NULL, /* xmlSecKeyDataInitializeMethod initialize; */
+ NULL, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ NULL, /* xmlSecKeyDataFinalizeMethod finalize; */
+ NULL, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ NULL, /* xmlSecKeyDataGetTypeMethod getType; */
+ NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecKeyDataRetrievalMethodXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecKeyDataRetrievalMethodXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ NULL, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ NULL, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+static int xmlSecKeyDataRetrievalMethodReadXmlResult(xmlSecKeyDataId typeId,
+ xmlSecKeyPtr key,
+ const xmlChar* buffer,
+ xmlSecSize bufferSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+
+/**
+ * xmlSecKeyDataRetrievalMethodGetKlass:
+ *
+ * The <dsig:RetrievalMethod/> element key data klass
+ * (http://www.w3.org/TR/xmldsig-core/#sec-RetrievalMethod):
+ * A RetrievalMethod element within KeyInfo is used to convey a reference to
+ * KeyInfo information that is stored at another location. For example,
+ * several signatures in a document might use a key verified by an X.509v3
+ * certificate chain appearing once in the document or remotely outside the
+ * document; each signature's KeyInfo can reference this chain using a single
+ * RetrievalMethod element instead of including the entire chain with a
+ * sequence of X509Certificate elements.
+ *
+ * RetrievalMethod uses the same syntax and dereferencing behavior as
+ * Reference's URI and The Reference Processing Model.
+ *
+ * Returns: the <dsig:RetrievalMethod/> element processing key data klass.
+ */
+xmlSecKeyDataId
+xmlSecKeyDataRetrievalMethodGetKlass(void) {
+ return(&xmlSecKeyDataRetrievalMethodKlass);
+}
+
+static int
+xmlSecKeyDataRetrievalMethodXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataId dataId = xmlSecKeyDataIdUnknown;
+ xmlChar *retrType = NULL;
+ xmlChar *uri = NULL;
+ xmlNodePtr cur;
+ int res = -1;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecKeyDataRetrievalMethodId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(node->doc != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyInfoCtx->mode == xmlSecKeyInfoModeRead, -1);
+
+ /* check retrieval level */
+ if(keyInfoCtx->curRetrievalMethodLevel >= keyInfoCtx->maxRetrievalMethodLevel) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_MAX_RETRIEVALS_LEVEL,
+ "cur=%d;max=%d",
+ keyInfoCtx->curRetrievalMethodLevel,
+ keyInfoCtx->maxRetrievalMethodLevel);
+ goto done;
+ }
+ ++keyInfoCtx->curRetrievalMethodLevel;
+
+ retrType = xmlGetProp(node, xmlSecAttrType);
+ if(retrType != NULL) {
+ /* use global list only if we don't have a local one */
+ if(xmlSecPtrListGetSize(&(keyInfoCtx->enabledKeyData)) > 0) {
+ dataId = xmlSecKeyDataIdListFindByHref(&(keyInfoCtx->enabledKeyData),
+ retrType, xmlSecKeyDataUsageRetrievalMethodNode);
+ } else {
+ dataId = xmlSecKeyDataIdListFindByHref(xmlSecKeyDataIdsGet(),
+ retrType, xmlSecKeyDataUsageRetrievalMethodNode);
+ }
+ }
+
+ /* laxi schema validation but aplication can disable it */
+ if(dataId == xmlSecKeyDataIdUnknown) {
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_RETRMETHOD_STOP_ON_UNKNOWN_HREF) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecAttrType),
+ XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
+ "value=%s", xmlSecErrorsSafeString(retrType));
+ } else {
+ res = 0;
+ }
+ goto done;
+ }
+
+ /* destroy prev retrieval method context */
+ xmlSecTransformCtxReset(&(keyInfoCtx->retrievalMethodCtx));
+
+ /* set start URI and check that it is enabled */
+ uri = xmlGetProp(node, xmlSecAttrURI);
+ ret = xmlSecTransformCtxSetUri(&(keyInfoCtx->retrievalMethodCtx), uri, node);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecTransformCtxSetUri",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "uri=%s",
+ xmlSecErrorsSafeString(uri));
+ goto done;
+ }
+
+ /* the only one node is optional Transforms node */
+ cur = xmlSecGetNextElementNode(node->children);
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeTransforms, xmlSecDSigNs))) {
+ ret = xmlSecTransformCtxNodesListRead(&(keyInfoCtx->retrievalMethodCtx),
+ cur, xmlSecTransformUsageDSigTransform);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecTransformCtxNodesListRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* finally get transforms results */
+ ret = xmlSecTransformCtxExecute(&(keyInfoCtx->retrievalMethodCtx), node->doc);
+ if((ret < 0) ||
+ (keyInfoCtx->retrievalMethodCtx.result == NULL) ||
+ (xmlSecBufferGetData(keyInfoCtx->retrievalMethodCtx.result) == NULL)) {
+
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecTransformCtxExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+
+ /* assume that the data is in XML if we could not find id */
+ if((dataId == xmlSecKeyDataIdUnknown) ||
+ ((dataId->usage & xmlSecKeyDataUsageRetrievalMethodNodeXml) != 0)) {
+
+ ret = xmlSecKeyDataRetrievalMethodReadXmlResult(dataId, key,
+ xmlSecBufferGetData(keyInfoCtx->retrievalMethodCtx.result),
+ xmlSecBufferGetSize(keyInfoCtx->retrievalMethodCtx.result),
+ keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataRetrievalMethodReadXmlResult",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ } else {
+ ret = xmlSecKeyDataBinRead(dataId, key,
+ xmlSecBufferGetData(keyInfoCtx->retrievalMethodCtx.result),
+ xmlSecBufferGetSize(keyInfoCtx->retrievalMethodCtx.result),
+ keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataBinRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ }
+ --keyInfoCtx->curRetrievalMethodLevel;
+
+ res = 0;
+done:
+ if(uri != NULL) {
+ xmlFree(uri);
+ }
+ if(retrType != NULL) {
+ xmlFree(retrType);
+ }
+ return(res);
+}
+
+static int
+xmlSecKeyDataRetrievalMethodXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(id == xmlSecKeyDataRetrievalMethodId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyInfoCtx->mode == xmlSecKeyInfoModeWrite, -1);
+
+ /* just do nothing */
+ return(0);
+}
+
+static int
+xmlSecKeyDataRetrievalMethodReadXmlResult(xmlSecKeyDataId typeId, xmlSecKeyPtr key,
+ const xmlChar* buffer, xmlSecSize bufferSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlDocPtr doc;
+ xmlNodePtr cur;
+ const xmlChar* nodeName;
+ const xmlChar* nodeNs;
+ xmlSecKeyDataId dataId;
+ int ret;
+
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(buffer != NULL, -1);
+ xmlSecAssert2(bufferSize > 0, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyInfoCtx->mode == xmlSecKeyInfoModeRead, -1);
+
+ doc = xmlRecoverMemory((const char*)buffer, bufferSize);
+ if(doc == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(typeId)),
+ "xmlRecoverMemory",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ cur = xmlDocGetRootElement(doc);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(typeId)),
+ "xmlDocGetRootElement",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+
+ nodeName = cur->name;
+ nodeNs = xmlSecGetNodeNsHref(cur);
+
+ /* use global list only if we don't have a local one */
+ if(xmlSecPtrListGetSize(&(keyInfoCtx->enabledKeyData)) > 0) {
+ dataId = xmlSecKeyDataIdListFindByNode(&(keyInfoCtx->enabledKeyData),
+ nodeName, nodeNs, xmlSecKeyDataUsageRetrievalMethodNodeXml);
+ } else {
+ dataId = xmlSecKeyDataIdListFindByNode(xmlSecKeyDataIdsGet(),
+ nodeName, nodeNs, xmlSecKeyDataUsageRetrievalMethodNodeXml);
+ }
+ if(dataId == xmlSecKeyDataIdUnknown) {
+ xmlFreeDoc(doc);
+
+ /* laxi schema validation but application can disable it */
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_KEYVALUE_STOP_ON_UNKNOWN_CHILD) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(typeId)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+ } else if((typeId != xmlSecKeyDataIdUnknown) && (typeId != dataId) &&
+ ((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_RETRMETHOD_STOP_ON_MISMATCH_HREF) != 0)) {
+
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(typeId)),
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
+ XMLSEC_ERRORS_R_MAX_RETRIEVAL_TYPE_MISMATCH,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+
+ /* read data node */
+ ret = xmlSecKeyDataXmlRead(dataId, key, cur, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(typeId)),
+ "xmlSecKeyDataXmlRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+
+ xmlFreeDoc(doc);
+ return(0);
+}
+
+
+#ifndef XMLSEC_NO_XMLENC
+/**************************************************************************
+ *
+ * <enc:EncryptedKey/> processing
+ *
+ *************************************************************************/
+static int xmlSecKeyDataEncryptedKeyXmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecKeyDataEncryptedKeyXmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+
+
+
+static xmlSecKeyDataKlass xmlSecKeyDataEncryptedKeyKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ sizeof(xmlSecKeyData),
+
+ /* data */
+ xmlSecNameEncryptedKey,
+ xmlSecKeyDataUsageKeyInfoNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefEncryptedKey, /* const xmlChar* href; */
+ xmlSecNodeEncryptedKey, /* const xmlChar* dataNodeName; */
+ xmlSecEncNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ NULL, /* xmlSecKeyDataInitializeMethod initialize; */
+ NULL, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ NULL, /* xmlSecKeyDataFinalizeMethod finalize; */
+ NULL, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ NULL, /* xmlSecKeyDataGetTypeMethod getType; */
+ NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecKeyDataEncryptedKeyXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecKeyDataEncryptedKeyXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ NULL, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ NULL, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecKeyDataEncryptedKeyGetKlass:
+ *
+ * The <enc:EncryptedKey/> element key data klass
+ * (http://www.w3.org/TR/xmlenc-core/#sec-EncryptedKey):
+ *
+ * The EncryptedKey element is used to transport encryption keys from
+ * the originator to a known recipient(s). It may be used as a stand-alone
+ * XML document, be placed within an application document, or appear inside
+ * an EncryptedData element as a child of a ds:KeyInfo element. The key value
+ * is always encrypted to the recipient(s). When EncryptedKey is decrypted the
+ * resulting octets are made available to the EncryptionMethod algorithm
+ * without any additional processing.
+ *
+ * Returns: the <enc:EncryptedKey/> element processing key data klass.
+ */
+xmlSecKeyDataId
+xmlSecKeyDataEncryptedKeyGetKlass(void) {
+ return(&xmlSecKeyDataEncryptedKeyKlass);
+}
+
+static int
+xmlSecKeyDataEncryptedKeyXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecBufferPtr result;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecKeyDataEncryptedKeyId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyInfoCtx->mode == xmlSecKeyInfoModeRead, -1);
+
+ /* check the enc level */
+ if(keyInfoCtx->curEncryptedKeyLevel >= keyInfoCtx->maxEncryptedKeyLevel) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_MAX_ENCKEY_LEVEL,
+ "cur=%d;max=%d",
+ keyInfoCtx->curEncryptedKeyLevel,
+ keyInfoCtx->maxEncryptedKeyLevel);
+ return(-1);
+ }
+ ++keyInfoCtx->curEncryptedKeyLevel;
+
+ /* init Enc context */
+ if(keyInfoCtx->encCtx != NULL) {
+ xmlSecEncCtxReset(keyInfoCtx->encCtx);
+ } else {
+ ret = xmlSecKeyInfoCtxCreateEncCtx(keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyInfoCtxCreateEncCtx",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ xmlSecAssert2(keyInfoCtx->encCtx != NULL, -1);
+
+ result = xmlSecEncCtxDecryptToBuffer(keyInfoCtx->encCtx, node);
+ if((result == NULL) || (xmlSecBufferGetData(result) == NULL)) {
+ /* We might have multiple EncryptedKey elements, encrypted
+ * for different receipints but application can enforce
+ * correct enc key.
+ */
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_ENCKEY_DONT_STOP_ON_FAILED_DECRYPTION) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecEncCtxDecryptToBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+ }
+
+ ret = xmlSecKeyDataBinRead(keyInfoCtx->keyReq.keyId, key,
+ xmlSecBufferGetData(result),
+ xmlSecBufferGetSize(result),
+ keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataBinRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ --keyInfoCtx->curEncryptedKeyLevel;
+
+ return(0);
+}
+
+static int
+xmlSecKeyDataEncryptedKeyXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyInfoCtx keyInfoCtx2;
+ xmlSecByte *keyBuf = NULL;
+ xmlSecSize keySize = 0;
+ int res = -1;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecKeyDataEncryptedKeyId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(xmlSecKeyIsValid(key), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyInfoCtx->mode == xmlSecKeyInfoModeWrite, -1);
+
+ /* dump key to a binary buffer */
+ ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx2, NULL);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyInfoCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ ret = xmlSecKeyInfoCtxCopyUserPref(&keyInfoCtx2, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyInfoCtxCopyUserPref",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx2);
+ goto done;
+ }
+
+ keyInfoCtx2.keyReq.keyType = xmlSecKeyDataTypeAny;
+ ret = xmlSecKeyDataBinWrite(key->value->id, key, &keyBuf, &keySize, &keyInfoCtx2);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataBinWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx2);
+ goto done;
+ }
+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx2);
+
+ /* init Enc context */
+ if(keyInfoCtx->encCtx != NULL) {
+ xmlSecEncCtxReset(keyInfoCtx->encCtx);
+ } else {
+ ret = xmlSecKeyInfoCtxCreateEncCtx(keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyInfoCtxCreateEncCtx",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ }
+ xmlSecAssert2(keyInfoCtx->encCtx != NULL, -1);
+
+ ret = xmlSecEncCtxBinaryEncrypt(keyInfoCtx->encCtx, node, keyBuf, keySize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecEncCtxBinaryEncrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ res = 0;
+done:
+ if(keyBuf != NULL) {
+ memset(keyBuf, 0, keySize);
+ xmlFree(keyBuf); keyBuf = NULL;
+ }
+ return(res);
+}
+
+#endif /* XMLSEC_NO_XMLENC */
+
diff --git a/src/keys.c b/src/keys.c
new file mode 100644
index 00000000..1d2f7331
--- /dev/null
+++ b/src/keys.c
@@ -0,0 +1,1415 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Keys.
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/list.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/errors.h>
+
+/**************************************************************************
+ *
+ * xmlSecKeyUseWith
+ *
+ *************************************************************************/
+/**
+ * xmlSecKeyUseWithInitialize:
+ * @keyUseWith: the pointer to information about key application/user.
+ *
+ * Initializes @keyUseWith object.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecKeyUseWithInitialize(xmlSecKeyUseWithPtr keyUseWith) {
+ xmlSecAssert2(keyUseWith != NULL, -1);
+
+ memset(keyUseWith, 0, sizeof(xmlSecKeyUseWith));
+ return(0);
+}
+
+/**
+ * xmlSecKeyUseWithFinalize:
+ * @keyUseWith: the pointer to information about key application/user.
+ *
+ * Finalizes @keyUseWith object.
+ */
+void
+xmlSecKeyUseWithFinalize(xmlSecKeyUseWithPtr keyUseWith) {
+ xmlSecAssert(keyUseWith != NULL);
+
+ xmlSecKeyUseWithReset(keyUseWith);
+ memset(keyUseWith, 0, sizeof(xmlSecKeyUseWith));
+}
+
+/**
+ * xmlSecKeyUseWithReset:
+ * @keyUseWith: the pointer to information about key application/user.
+ *
+ * Resets the @keyUseWith to its state after initialization.
+ */
+void
+xmlSecKeyUseWithReset(xmlSecKeyUseWithPtr keyUseWith) {
+ xmlSecAssert(keyUseWith != NULL);
+
+ xmlSecKeyUseWithSet(keyUseWith, NULL, NULL);
+}
+
+/**
+ * xmlSecKeyUseWithCopy:
+ * @dst: the pointer to destination object.
+ * @src: the pointer to source object.
+ *
+ * Copies information from @dst to @src.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecKeyUseWithCopy(xmlSecKeyUseWithPtr dst, xmlSecKeyUseWithPtr src) {
+ xmlSecAssert2(dst != NULL, -1);
+ xmlSecAssert2(src != NULL, -1);
+
+ return(xmlSecKeyUseWithSet(dst, src->application, src->identifier));
+}
+
+/**
+ * xmlSecKeyUseWithCreate:
+ * @application: the application value.
+ * @identifier: the identifier value.
+ *
+ * Creates new xmlSecKeyUseWith object. The caller is responsible for destroying
+ * returned object with @xmlSecKeyUseWithDestroy function.
+ *
+ * Returns: pointer to newly created object or NULL if an error occurs.
+ */
+xmlSecKeyUseWithPtr
+xmlSecKeyUseWithCreate(const xmlChar* application, const xmlChar* identifier) {
+ xmlSecKeyUseWithPtr keyUseWith;
+ int ret;
+
+ /* Allocate a new xmlSecKeyUseWith and fill the fields. */
+ keyUseWith = (xmlSecKeyUseWithPtr)xmlMalloc(sizeof(xmlSecKeyUseWith));
+ if(keyUseWith == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "sizeof(xmlSecKeyUseWith)=%d",
+ sizeof(xmlSecKeyUseWith));
+ return(NULL);
+ }
+ memset(keyUseWith, 0, sizeof(xmlSecKeyUseWith));
+
+ ret = xmlSecKeyUseWithInitialize(keyUseWith);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyUseWithInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyUseWithDestroy(keyUseWith);
+ return(NULL);
+ }
+
+ ret = xmlSecKeyUseWithSet(keyUseWith, application, identifier);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyUseWithSet",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyUseWithDestroy(keyUseWith);
+ return(NULL);
+ }
+
+ return(keyUseWith);
+}
+
+/**
+ * xmlSecKeyUseWithDuplicate:
+ * @keyUseWith: the pointer to information about key application/user.
+ *
+ * Duplicates @keyUseWith object. The caller is responsible for destroying
+ * returned object with @xmlSecKeyUseWithDestroy function.
+ *
+ * Returns: pointer to newly created object or NULL if an error occurs.
+ */
+xmlSecKeyUseWithPtr
+xmlSecKeyUseWithDuplicate(xmlSecKeyUseWithPtr keyUseWith) {
+ int ret;
+
+ xmlSecKeyUseWithPtr newKeyUseWith;
+
+ xmlSecAssert2(keyUseWith != NULL, NULL);
+
+ newKeyUseWith = xmlSecKeyUseWithCreate(NULL, NULL);
+ if(newKeyUseWith == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyUseWithCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ ret = xmlSecKeyUseWithCopy(newKeyUseWith, keyUseWith);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyUseWithCopy",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyUseWithDestroy(keyUseWith);
+ return(NULL);
+ }
+
+ return(newKeyUseWith);
+}
+
+/**
+ * xmlSecKeyUseWithDestroy:
+ * @keyUseWith: the pointer to information about key application/user.
+ *
+ * Destroys @keyUseWith created with @xmlSecKeyUseWithCreate or @xmlSecKeyUseWithDuplicate
+ * functions.
+ */
+void
+xmlSecKeyUseWithDestroy(xmlSecKeyUseWithPtr keyUseWith) {
+ xmlSecAssert(keyUseWith != NULL);
+
+ xmlSecKeyUseWithFinalize(keyUseWith);
+ xmlFree(keyUseWith);
+}
+
+/**
+ * xmlSecKeyUseWithSet:
+ * @keyUseWith: the pointer to information about key application/user.
+ * @application: the new application value.
+ * @identifier: the new identifier value.
+ *
+ * Sets @application and @identifier in the @keyUseWith.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecKeyUseWithSet(xmlSecKeyUseWithPtr keyUseWith, const xmlChar* application, const xmlChar* identifier) {
+ xmlSecAssert2(keyUseWith != NULL, -1);
+
+ if(keyUseWith->application != NULL) {
+ xmlFree(keyUseWith->application);
+ keyUseWith->application = NULL;
+ }
+ if(keyUseWith->identifier != NULL) {
+ xmlFree(keyUseWith->identifier);
+ keyUseWith->identifier = NULL;
+ }
+
+ if(application != NULL) {
+ keyUseWith->application = xmlStrdup(application);
+ if(keyUseWith->application == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "xmlStrlen(application)=%d",
+ xmlStrlen(application));
+ return(-1);
+ }
+ }
+ if(identifier != NULL) {
+ keyUseWith->identifier = xmlStrdup(identifier);
+ if(keyUseWith->identifier == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "xmlStrlen(identifier)=%d",
+ xmlStrlen(identifier));
+ return(-1);
+ }
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecKeyUseWithDebugDump:
+ * @keyUseWith: the pointer to information about key application/user.
+ * @output: the pointer to output FILE.
+ *
+ * Prints xmlSecKeyUseWith debug information to a file @output.
+ */
+void
+xmlSecKeyUseWithDebugDump(xmlSecKeyUseWithPtr keyUseWith, FILE* output) {
+ xmlSecAssert(keyUseWith != NULL);
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "=== KeyUseWith: application=\"%s\",identifier=\"%s\"\n",
+ (keyUseWith->application) ? keyUseWith->application : BAD_CAST "",
+ (keyUseWith->identifier) ? keyUseWith->identifier : BAD_CAST "");
+}
+
+/**
+ * xmlSecKeyUseWithDebugXmlDump:
+ * @keyUseWith: the pointer to information about key application/user.
+ * @output: the pointer to output FILE.
+ *
+ * Prints xmlSecKeyUseWith debug information to a file @output in XML format.
+ */
+void
+xmlSecKeyUseWithDebugXmlDump(xmlSecKeyUseWithPtr keyUseWith, FILE* output) {
+ xmlSecAssert(keyUseWith != NULL);
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "<KeyUseWith>\n");
+
+ fprintf(output, "<Application>");
+ xmlSecPrintXmlString(output, keyUseWith->application);
+ fprintf(output, "</Application>");
+
+ fprintf(output, "<Identifier>");
+ xmlSecPrintXmlString(output, keyUseWith->identifier);
+ fprintf(output, "</Identifier>");
+
+ fprintf(output, "</KeyUseWith>\n");
+}
+
+/***********************************************************************
+ *
+ * KeyUseWith list
+ *
+ **********************************************************************/
+static xmlSecPtrListKlass xmlSecKeyUseWithPtrListKlass = {
+ BAD_CAST "key-use-with-list",
+ (xmlSecPtrDuplicateItemMethod)xmlSecKeyUseWithDuplicate, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
+ (xmlSecPtrDestroyItemMethod)xmlSecKeyUseWithDestroy, /* xmlSecPtrDestroyItemMethod destroyItem; */
+ (xmlSecPtrDebugDumpItemMethod)xmlSecKeyUseWithDebugDump, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
+ (xmlSecPtrDebugDumpItemMethod)xmlSecKeyUseWithDebugXmlDump, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
+};
+
+/**
+ * xmlSecKeyUseWithPtrListGetKlass:
+ *
+ * The key data list klass.
+ *
+ * Returns: pointer to the key data list klass.
+ */
+xmlSecPtrListId
+xmlSecKeyUseWithPtrListGetKlass(void) {
+ return(&xmlSecKeyUseWithPtrListKlass);
+}
+
+/**************************************************************************
+ *
+ * xmlSecKeyReq - what key are we looking for?
+ *
+ *************************************************************************/
+/**
+ * xmlSecKeyReqInitialize:
+ * @keyReq: the pointer to key requirements object.
+ *
+ * Initialize key requirements object. Caller is responsible for
+ * cleaning it with #xmlSecKeyReqFinalize function.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecKeyReqInitialize(xmlSecKeyReqPtr keyReq) {
+ int ret;
+
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ memset(keyReq, 0, sizeof(xmlSecKeyReq));
+
+ keyReq->keyUsage = xmlSecKeyUsageAny; /* by default you can do whatever you want with the key */
+ ret = xmlSecPtrListInitialize(&keyReq->keyUseWithList, xmlSecKeyUseWithPtrListId);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+
+ return(0);
+}
+
+/**
+ * xmlSecKeyReqFinalize:
+ * @keyReq: the pointer to key requirements object.
+ *
+ * Cleans the key requirements object initialized with #xmlSecKeyReqInitialize
+ * function.
+ */
+void
+xmlSecKeyReqFinalize(xmlSecKeyReqPtr keyReq) {
+ xmlSecAssert(keyReq != NULL);
+
+ xmlSecPtrListFinalize(&keyReq->keyUseWithList);
+ memset(keyReq, 0, sizeof(xmlSecKeyReq));
+}
+
+/**
+ * xmlSecKeyReqReset:
+ * @keyReq: the pointer to key requirements object.
+ *
+ * Resets key requirements object for new key search.
+ */
+void
+xmlSecKeyReqReset(xmlSecKeyReqPtr keyReq) {
+ xmlSecAssert(keyReq != NULL);
+
+ xmlSecPtrListEmpty(&keyReq->keyUseWithList);
+ keyReq->keyId = NULL;
+ keyReq->keyType = 0;
+ keyReq->keyUsage = xmlSecKeyUsageAny;
+ keyReq->keyBitsSize = 0;
+}
+
+/**
+ * xmlSecKeyReqCopy:
+ * @dst: the pointer to destination object.
+ * @src: the pointer to source object.
+ *
+ * Copies key requirements from @src object to @dst object.
+ *
+ * Returns: 0 on success and a negative value if an error occurs.
+ */
+int
+xmlSecKeyReqCopy(xmlSecKeyReqPtr dst, xmlSecKeyReqPtr src) {
+ int ret;
+
+ xmlSecAssert2(dst != NULL, -1);
+ xmlSecAssert2(src != NULL, -1);
+
+ dst->keyId = src->keyId;
+ dst->keyType = src->keyType;
+ dst->keyUsage = src->keyUsage;
+ dst->keyBitsSize = src->keyBitsSize;
+
+ ret = xmlSecPtrListCopy(&dst->keyUseWithList, &src->keyUseWithList);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListCopy",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecKeyReqMatchKey:
+ * @keyReq: the pointer to key requirements object.
+ * @key: the pointer to key.
+ *
+ * Checks whether @key matches key requirements @keyReq.
+ *
+ * Returns: 1 if key matches requirements, 0 if not and a negative value
+ * if an error occurs.
+ */
+int
+xmlSecKeyReqMatchKey(xmlSecKeyReqPtr keyReq, xmlSecKeyPtr key) {
+ xmlSecAssert2(keyReq != NULL, -1);
+ xmlSecAssert2(xmlSecKeyIsValid(key), -1);
+
+ if((keyReq->keyType != xmlSecKeyDataTypeUnknown) && ((xmlSecKeyGetType(key) & keyReq->keyType) == 0)) {
+ return(0);
+ }
+ if((keyReq->keyUsage != xmlSecKeyDataUsageUnknown) && ((keyReq->keyUsage & key->usage) == 0)) {
+ return(0);
+ }
+
+ return(xmlSecKeyReqMatchKeyValue(keyReq, xmlSecKeyGetValue(key)));
+}
+
+/**
+ * xmlSecKeyReqMatchKeyValue:
+ * @keyReq: the pointer to key requirements.
+ * @value: the pointer to key value.
+ *
+ * Checks whether @keyValue matches key requirements @keyReq.
+ *
+ * Returns: 1 if key value matches requirements, 0 if not and a negative value
+ * if an error occurs.
+ */
+int
+xmlSecKeyReqMatchKeyValue(xmlSecKeyReqPtr keyReq, xmlSecKeyDataPtr value) {
+ xmlSecAssert2(keyReq != NULL, -1);
+ xmlSecAssert2(value != NULL, -1);
+
+ if((keyReq->keyId != xmlSecKeyDataIdUnknown) &&
+ (!xmlSecKeyDataCheckId(value, keyReq->keyId))) {
+
+ return(0);
+ }
+ if((keyReq->keyBitsSize > 0) &&
+ (xmlSecKeyDataGetSize(value) > 0) &&
+ (xmlSecKeyDataGetSize(value) < keyReq->keyBitsSize)) {
+
+ return(0);
+ }
+ return(1);
+}
+
+/**
+ * xmlSecKeyReqDebugDump:
+ * @keyReq: the pointer to key requirements object.
+ * @output: the pointer to output FILE.
+ *
+ * Prints debug information about @keyReq into @output.
+ */
+void
+xmlSecKeyReqDebugDump(xmlSecKeyReqPtr keyReq, FILE* output) {
+ xmlSecAssert(keyReq != NULL);
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "=== KeyReq:\n");
+ fprintf(output, "==== keyId: %s\n",
+ (xmlSecKeyDataKlassGetName(keyReq->keyId)) ?
+ xmlSecKeyDataKlassGetName(keyReq->keyId) :
+ BAD_CAST "NULL");
+ fprintf(output, "==== keyType: 0x%08x\n", keyReq->keyType);
+ fprintf(output, "==== keyUsage: 0x%08x\n", keyReq->keyUsage);
+ fprintf(output, "==== keyBitsSize: %d\n", keyReq->keyBitsSize);
+ xmlSecPtrListDebugDump(&(keyReq->keyUseWithList), output);
+}
+
+/**
+ * xmlSecKeyReqDebugXmlDump:
+ * @keyReq: the pointer to key requirements object.
+ * @output: the pointer to output FILE.
+ *
+ * Prints debug information about @keyReq into @output in XML format.
+ */
+void
+xmlSecKeyReqDebugXmlDump(xmlSecKeyReqPtr keyReq, FILE* output) {
+ xmlSecAssert(keyReq != NULL);
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "<KeyReq>\n");
+
+ fprintf(output, "<KeyId>");
+ xmlSecPrintXmlString(output, xmlSecKeyDataKlassGetName(keyReq->keyId));
+ fprintf(output, "</KeyId>\n");
+
+ fprintf(output, "<KeyType>0x%08x</KeyType>\n", keyReq->keyType);
+ fprintf(output, "<KeyUsage>0x%08x</KeyUsage>\n", keyReq->keyUsage);
+ fprintf(output, "<KeyBitsSize>%d</KeyBitsSize>\n", keyReq->keyBitsSize);
+ xmlSecPtrListDebugXmlDump(&(keyReq->keyUseWithList), output);
+ fprintf(output, "</KeyReq>\n");
+}
+
+
+/**************************************************************************
+ *
+ * xmlSecKey
+ *
+ *************************************************************************/
+/**
+ * xmlSecKeyCreate:
+ *
+ * Allocates and initializes new key. Caller is responsible for
+ * freeing returned object with #xmlSecKeyDestroy function.
+ *
+ * Returns: the pointer to newly allocated @xmlSecKey structure
+ * or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecKeyCreate(void) {
+ xmlSecKeyPtr key;
+
+ /* Allocate a new xmlSecKey and fill the fields. */
+ key = (xmlSecKeyPtr)xmlMalloc(sizeof(xmlSecKey));
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "sizeof(xmlSecKey)=%d",
+ sizeof(xmlSecKey));
+ return(NULL);
+ }
+ memset(key, 0, sizeof(xmlSecKey));
+ key->usage = xmlSecKeyUsageAny;
+ return(key);
+}
+
+/**
+ * xmlSecKeyEmpty:
+ * @key: the pointer to key.
+ *
+ * Clears the @key data.
+ */
+void
+xmlSecKeyEmpty(xmlSecKeyPtr key) {
+ xmlSecAssert(key != NULL);
+
+ if(key->value != NULL) {
+ xmlSecKeyDataDestroy(key->value);
+ }
+ if(key->name != NULL) {
+ xmlFree(key->name);
+ }
+ if(key->dataList != NULL) {
+ xmlSecPtrListDestroy(key->dataList);
+ }
+
+ memset(key, 0, sizeof(xmlSecKey));
+}
+
+/**
+ * xmlSecKeyDestroy:
+ * @key: the pointer to key.
+ *
+ * Destroys the key created using #xmlSecKeyCreate function.
+ */
+void
+xmlSecKeyDestroy(xmlSecKeyPtr key) {
+ xmlSecAssert(key != NULL);
+
+ xmlSecKeyEmpty(key);
+ xmlFree(key);
+}
+
+/**
+ * xmlSecKeyCopy:
+ * @keyDst: the destination key.
+ * @keySrc: the source key.
+ *
+ * Copies key data from @keySrc to @keyDst.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecKeyCopy(xmlSecKeyPtr keyDst, xmlSecKeyPtr keySrc) {
+ xmlSecAssert2(keyDst != NULL, -1);
+ xmlSecAssert2(keySrc != NULL, -1);
+
+ /* empty destination */
+ xmlSecKeyEmpty(keyDst);
+
+ /* copy everything */
+ if(keySrc->name != NULL) {
+ keyDst->name = xmlStrdup(keySrc->name);
+ if(keyDst->name == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_STRDUP_FAILED,
+ "len=%d", xmlStrlen(keySrc->name));
+ return(-1);
+ }
+ }
+
+ if(keySrc->value != NULL) {
+ keyDst->value = xmlSecKeyDataDuplicate(keySrc->value);
+ if(keyDst->value == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataDuplicate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ if(keySrc->dataList != NULL) {
+ keyDst->dataList = xmlSecPtrListDuplicate(keySrc->dataList);
+ if(keyDst->dataList == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListDuplicate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ keyDst->usage = keySrc->usage;
+ keyDst->notValidBefore = keySrc->notValidBefore;
+ keyDst->notValidAfter = keySrc->notValidAfter;
+ return(0);
+}
+
+/**
+ * xmlSecKeyDuplicate:
+ * @key: the pointer to the #xmlSecKey structure.
+ *
+ * Creates a duplicate of the given @key.
+ *
+ * Returns: the pointer to newly allocated #xmlSecKey structure
+ * or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecKeyDuplicate(xmlSecKeyPtr key) {
+ xmlSecKeyPtr newKey;
+ int ret;
+
+ xmlSecAssert2(key != NULL, NULL);
+
+ newKey = xmlSecKeyCreate();
+ if(newKey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ ret = xmlSecKeyCopy(newKey, key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyCopy",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(newKey);
+ return(NULL);
+ }
+
+ return(newKey);
+}
+
+/**
+ * xmlSecKeyMatch:
+ * @key: the pointer to key.
+ * @name: the pointer to key name (may be NULL).
+ * @keyReq: the pointer to key requirements.
+ *
+ * Checks whether the @key matches the given criteria.
+ *
+ * Returns: 1 if the key satisfies the given criteria or 0 otherwise.
+ */
+int
+xmlSecKeyMatch(xmlSecKeyPtr key, const xmlChar *name, xmlSecKeyReqPtr keyReq) {
+ xmlSecAssert2(xmlSecKeyIsValid(key), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ if((name != NULL) && (!xmlStrEqual(xmlSecKeyGetName(key), name))) {
+ return(0);
+ }
+ return(xmlSecKeyReqMatchKey(keyReq, key));
+}
+
+/**
+ * xmlSecKeyGetType:
+ * @key: the pointer to key.
+ *
+ * Gets @key type.
+ *
+ * Returns: key type.
+ */
+xmlSecKeyDataType
+xmlSecKeyGetType(xmlSecKeyPtr key) {
+ xmlSecKeyDataPtr data;
+
+ xmlSecAssert2(key != NULL, xmlSecKeyDataTypeUnknown);
+
+ data = xmlSecKeyGetValue(key);
+ if(data == NULL) {
+ return(xmlSecKeyDataTypeUnknown);
+ }
+ return(xmlSecKeyDataGetType(data));
+}
+
+/**
+ * xmlSecKeyGetName:
+ * @key: the pointer to key.
+ *
+ * Gets key name (see also #xmlSecKeySetName function).
+ *
+ * Returns: key name.
+ */
+const xmlChar*
+xmlSecKeyGetName(xmlSecKeyPtr key) {
+ xmlSecAssert2(key != NULL, NULL);
+
+ return(key->name);
+}
+
+/**
+ * xmlSecKeySetName:
+ * @key: the pointer to key.
+ * @name: the new key name.
+ *
+ * Sets key name (see also #xmlSecKeyGetName function).
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecKeySetName(xmlSecKeyPtr key, const xmlChar* name) {
+ xmlSecAssert2(key != NULL, -1);
+
+ if(key->name != NULL) {
+ xmlFree(key->name);
+ key->name = NULL;
+ }
+
+ if(name != NULL) {
+ key->name = xmlStrdup(name);
+ if(key->name == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_STRDUP_FAILED,
+ "len=%d", xmlStrlen(name));
+ return(-1);
+ }
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecKeyGetValue:
+ * @key: the pointer to key.
+ *
+ * Gets key value (see also #xmlSecKeySetValue function).
+ *
+ * Returns: key value (crypto material).
+ */
+xmlSecKeyDataPtr
+xmlSecKeyGetValue(xmlSecKeyPtr key) {
+ xmlSecAssert2(key != NULL, NULL);
+
+ return(key->value);
+}
+
+/**
+ * xmlSecKeySetValue:
+ * @key: the pointer to key.
+ * @value: the new value.
+ *
+ * Sets key value (see also #xmlSecKeyGetValue function).
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecKeySetValue(xmlSecKeyPtr key, xmlSecKeyDataPtr value) {
+ xmlSecAssert2(key != NULL, -1);
+
+ if(key->value != NULL) {
+ xmlSecKeyDataDestroy(key->value);
+ key->value = NULL;
+ }
+ key->value = value;
+
+ return(0);
+}
+
+/**
+ * xmlSecKeyGetData:
+ * @key: the pointer to key.
+ * @dataId: the requested data klass.
+ *
+ * Gets key's data.
+ *
+ * Returns: additional data associated with the @key (see also
+ * #xmlSecKeyAdoptData function).
+ */
+xmlSecKeyDataPtr
+xmlSecKeyGetData(xmlSecKeyPtr key, xmlSecKeyDataId dataId) {
+
+ xmlSecAssert2(key != NULL, NULL);
+ xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, NULL);
+
+ /* special cases */
+ if(dataId == xmlSecKeyDataValueId) {
+ return(key->value);
+ } else if(key->dataList != NULL) {
+ xmlSecKeyDataPtr tmp;
+ xmlSecSize pos, size;
+
+ size = xmlSecPtrListGetSize(key->dataList);
+ for(pos = 0; pos < size; ++pos) {
+ tmp = (xmlSecKeyDataPtr)xmlSecPtrListGetItem(key->dataList, pos);
+ if((tmp != NULL) && (tmp->id == dataId)) {
+ return(tmp);
+ }
+ }
+ }
+ return(NULL);
+}
+
+/**
+ * xmlSecKeyEnsureData:
+ * @key: the pointer to key.
+ * @dataId: the requested data klass.
+ *
+ * If necessary, creates key data of @dataId klass and adds to @key.
+ *
+ * Returns: pointer to key data or NULL if an error occurs.
+ */
+xmlSecKeyDataPtr
+xmlSecKeyEnsureData(xmlSecKeyPtr key, xmlSecKeyDataId dataId) {
+ xmlSecKeyDataPtr data;
+ int ret;
+
+ xmlSecAssert2(key != NULL, NULL);
+ xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, NULL);
+
+ data = xmlSecKeyGetData(key, dataId);
+ if(data != NULL) {
+ return(data);
+ }
+
+ data = xmlSecKeyDataCreate(dataId);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "dataId=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)));
+ return(NULL);
+ }
+
+ ret = xmlSecKeyAdoptData(key, data);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyAdoptData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "dataId=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)));
+ xmlSecKeyDataDestroy(data);
+ return(NULL);
+ }
+
+ return(data);
+}
+
+/**
+ * xmlSecKeyAdoptData:
+ * @key: the pointer to key.
+ * @data: the pointer to key data.
+ *
+ * Adds @data to the @key. The @data object will be destroyed
+ * by @key.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecKeyAdoptData(xmlSecKeyPtr key, xmlSecKeyDataPtr data) {
+ xmlSecKeyDataPtr tmp;
+ xmlSecSize pos, size;
+
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
+
+ /* special cases */
+ if(data->id == xmlSecKeyDataValueId) {
+ if(key->value != NULL) {
+ xmlSecKeyDataDestroy(key->value);
+ }
+ key->value = data;
+ return(0);
+ }
+
+ if(key->dataList == NULL) {
+ key->dataList = xmlSecPtrListCreate(xmlSecKeyDataListId);
+ if(key->dataList == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+
+ size = xmlSecPtrListGetSize(key->dataList);
+ for(pos = 0; pos < size; ++pos) {
+ tmp = (xmlSecKeyDataPtr)xmlSecPtrListGetItem(key->dataList, pos);
+ if((tmp != NULL) && (tmp->id == data->id)) {
+ return(xmlSecPtrListSet(key->dataList, data, pos));
+ }
+ }
+
+ return(xmlSecPtrListAdd(key->dataList, data));
+}
+
+/**
+ * xmlSecKeyDebugDump:
+ * @key: the pointer to key.
+ * @output: the pointer to output FILE.
+ *
+ * Prints the information about the @key to the @output.
+ */
+void
+xmlSecKeyDebugDump(xmlSecKeyPtr key, FILE *output) {
+ xmlSecAssert(xmlSecKeyIsValid(key));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "== KEY\n");
+ fprintf(output, "=== method: %s\n",
+ (key->value->id->dataNodeName != NULL) ?
+ (char*)(key->value->id->dataNodeName) : "NULL");
+
+ fprintf(output, "=== key type: ");
+ if((xmlSecKeyGetType(key) & xmlSecKeyDataTypeSymmetric) != 0) {
+ fprintf(output, "Symmetric\n");
+ } else if((xmlSecKeyGetType(key) & xmlSecKeyDataTypePrivate) != 0) {
+ fprintf(output, "Private\n");
+ } else if((xmlSecKeyGetType(key) & xmlSecKeyDataTypePublic) != 0) {
+ fprintf(output, "Public\n");
+ } else {
+ fprintf(output, "Unknown\n");
+ }
+
+ if(key->name != NULL) {
+ fprintf(output, "=== key name: %s\n", key->name);
+ }
+ fprintf(output, "=== key usage: %d\n", key->usage);
+ if(key->notValidBefore < key->notValidAfter) {
+ fprintf(output, "=== key not valid before: %ld\n", (unsigned long)key->notValidBefore);
+ fprintf(output, "=== key not valid after: %ld\n", (unsigned long)key->notValidAfter);
+ }
+ if(key->value != NULL) {
+ xmlSecKeyDataDebugDump(key->value, output);
+ }
+ if(key->dataList != NULL) {
+ xmlSecPtrListDebugDump(key->dataList, output);
+ }
+}
+
+/**
+ * xmlSecKeyDebugXmlDump:
+ * @key: the pointer to key.
+ * @output: the pointer to output FILE.
+ *
+ * Prints the information about the @key to the @output in XML format.
+ */
+void
+xmlSecKeyDebugXmlDump(xmlSecKeyPtr key, FILE *output) {
+ xmlSecAssert(xmlSecKeyIsValid(key));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "<KeyInfo>\n");
+
+ fprintf(output, "<KeyMethod>");
+ xmlSecPrintXmlString(output, key->value->id->dataNodeName);
+ fprintf(output, "</KeyMethod>\n");
+
+ fprintf(output, "<KeyType>");
+ if((xmlSecKeyGetType(key) & xmlSecKeyDataTypeSymmetric) != 0) {
+ fprintf(output, "Symmetric\n");
+ } else if((xmlSecKeyGetType(key) & xmlSecKeyDataTypePrivate) != 0) {
+ fprintf(output, "Private\n");
+ } else if((xmlSecKeyGetType(key) & xmlSecKeyDataTypePublic) != 0) {
+ fprintf(output, "Public\n");
+ } else {
+ fprintf(output, "Unknown\n");
+ }
+ fprintf(output, "</KeyType>\n");
+
+ fprintf(output, "<KeyName>");
+ xmlSecPrintXmlString(output, key->name);
+ fprintf(output, "</KeyName>\n");
+
+ if(key->notValidBefore < key->notValidAfter) {
+ fprintf(output, "<KeyValidity notValidBefore=\"%ld\" notValidAfter=\"%ld\"/>\n",
+ (unsigned long)key->notValidBefore,
+ (unsigned long)key->notValidAfter);
+ }
+
+ if(key->value != NULL) {
+ xmlSecKeyDataDebugXmlDump(key->value, output);
+ }
+ if(key->dataList != NULL) {
+ xmlSecPtrListDebugXmlDump(key->dataList, output);
+ }
+
+ fprintf(output, "</KeyInfo>\n");
+}
+
+/**
+ * xmlSecKeyGenerate:
+ * @dataId: the requested key klass (rsa, dsa, aes, ...).
+ * @sizeBits: the new key size (in bits!).
+ * @type: the new key type (session, permanent, ...).
+ *
+ * Generates new key of requested klass @dataId and @type.
+ *
+ * Returns: pointer to newly created key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecKeyGenerate(xmlSecKeyDataId dataId, xmlSecSize sizeBits, xmlSecKeyDataType type) {
+ xmlSecKeyPtr key;
+ xmlSecKeyDataPtr data;
+ int ret;
+
+ xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, NULL);
+
+ data = xmlSecKeyDataCreate(dataId);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ ret = xmlSecKeyDataGenerate(data, sizeBits, type);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
+ "xmlSecKeyDataGenerate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d;type=%d", sizeBits, type);
+ xmlSecKeyDataDestroy(data);
+ return(NULL);
+ }
+
+ key = xmlSecKeyCreate();
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
+ "xmlSecKeyCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ return(NULL);
+ }
+
+ ret = xmlSecKeySetValue(key, data);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ xmlSecKeyDestroy(key);
+ return(NULL);
+ }
+
+ return(key);
+}
+
+/**
+ * xmlSecKeyGenerateByName:
+ * @name: the requested key klass name (rsa, dsa, aes, ...).
+ * @sizeBits: the new key size (in bits!).
+ * @type: the new key type (session, permanent, ...).
+ *
+ * Generates new key of requested @klass and @type.
+ *
+ * Returns: pointer to newly created key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecKeyGenerateByName(const xmlChar* name, xmlSecSize sizeBits, xmlSecKeyDataType type) {
+ xmlSecKeyDataId dataId;
+
+ xmlSecAssert2(name != NULL, NULL);
+
+ dataId = xmlSecKeyDataIdListFindByName(xmlSecKeyDataIdsGet(), name, xmlSecKeyDataUsageAny);
+ if(dataId == xmlSecKeyDataIdUnknown) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(name),
+ XMLSEC_ERRORS_R_KEY_DATA_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ return(xmlSecKeyGenerate(dataId, sizeBits, type));
+}
+
+/**
+ * xmlSecKeyReadBuffer:
+ * @dataId: the key value data klass.
+ * @buffer: the buffer that contains the binary data.
+ *
+ * Reads the key value of klass @dataId from a buffer.
+ *
+ * Returns: pointer to newly created key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecKeyReadBuffer(xmlSecKeyDataId dataId, xmlSecBuffer* buffer) {
+ xmlSecKeyInfoCtx keyInfoCtx;
+ xmlSecKeyPtr key;
+ int ret;
+
+ xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, NULL);
+ xmlSecAssert2(buffer != NULL, NULL);
+
+ /* create key data */
+ key = xmlSecKeyCreate();
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
+ "xmlSecKeyCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
+ "xmlSecKeyInfoCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(key);
+ return(NULL);
+ }
+
+ keyInfoCtx.keyReq.keyType = xmlSecKeyDataTypeAny;
+ ret = xmlSecKeyDataBinRead(dataId, key,
+ xmlSecBufferGetData(buffer),
+ xmlSecBufferGetSize(buffer),
+ &keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
+ "xmlSecKeyDataBinRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
+ xmlSecKeyDestroy(key);
+ return(NULL);
+ }
+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
+
+ return(key);
+}
+
+/**
+ * xmlSecKeyReadBinaryFile:
+ * @dataId: the key value data klass.
+ * @filename: the key binary filename.
+ *
+ * Reads the key value of klass @dataId from a binary file @filename.
+ *
+ * Returns: pointer to newly created key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecKeyReadBinaryFile(xmlSecKeyDataId dataId, const char* filename) {
+ xmlSecKeyPtr key;
+ xmlSecBuffer buffer;
+ int ret;
+
+ xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, NULL);
+ xmlSecAssert2(filename != NULL, NULL);
+
+ /* read file to buffer */
+ ret = xmlSecBufferInitialize(&buffer, 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ ret = xmlSecBufferReadFile(&buffer, filename);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
+ "xmlSecBufferReadFile",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ xmlSecBufferFinalize(&buffer);
+ return(NULL);
+ }
+
+ key = xmlSecKeyReadBuffer(dataId, &buffer);
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
+ "xmlSecKeyReadBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ xmlSecBufferFinalize(&buffer);
+ return(NULL);
+ }
+
+ xmlSecBufferFinalize(&buffer);
+ return (key);
+}
+
+/**
+ * xmlSecKeyReadMemory:
+ * @dataId: the key value data klass.
+ * @data: the memory containing the key
+ * @dataSize: the size of the memory block
+ *
+ * Reads the key value of klass @dataId from a memory block @data.
+ *
+ * Returns: pointer to newly created key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecKeyReadMemory(xmlSecKeyDataId dataId, const xmlSecByte* data, xmlSecSize dataSize) {
+ xmlSecBuffer buffer;
+ xmlSecKeyPtr key;
+ int ret;
+
+ xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, NULL);
+ xmlSecAssert2(data != NULL, NULL);
+ xmlSecAssert2(dataSize > 0, NULL);
+
+ /* read file to buffer */
+ ret = xmlSecBufferInitialize(&buffer, 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ if (xmlSecBufferAppend(&buffer, data, dataSize) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buffer);
+ return(NULL);
+ }
+
+ key = xmlSecKeyReadBuffer(dataId, &buffer);
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)),
+ "xmlSecKeyReadBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buffer);
+ return(NULL);
+ }
+
+ xmlSecBufferFinalize(&buffer);
+ return (key);
+}
+
+/**
+ * xmlSecKeysMngrGetKey:
+ * @keyInfoNode: the pointer to <dsig:KeyInfo/> node.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> node processing context.
+ *
+ * Reads the <dsig:KeyInfo/> node @keyInfoNode and extracts the key.
+ *
+ * Returns: the pointer to key or NULL if the key is not found or
+ * an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecKeysMngrGetKey(xmlNodePtr keyInfoNode, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyPtr key;
+ int ret;
+
+ xmlSecAssert2(keyInfoCtx != NULL, NULL);
+
+
+ /* first try to read data from <dsig:KeyInfo/> node */
+ key = xmlSecKeyCreate();
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ if(keyInfoNode != NULL) {
+ ret = xmlSecKeyInfoNodeRead(keyInfoNode, key, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyInfoNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(keyInfoNode)));
+ xmlSecKeyDestroy(key);
+ return(NULL);
+ }
+
+ if((xmlSecKeyGetValue(key) != NULL) &&
+ (xmlSecKeyMatch(key, NULL, &(keyInfoCtx->keyReq)) != 0)) {
+ return(key);
+ }
+ }
+ xmlSecKeyDestroy(key);
+
+ /* if we have keys manager, try it */
+ if(keyInfoCtx->keysMngr != NULL) {
+ key = xmlSecKeysMngrFindKey(keyInfoCtx->keysMngr, NULL, keyInfoCtx);
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrFindKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ if(xmlSecKeyGetValue(key) != NULL) {
+ return(key);
+ }
+ xmlSecKeyDestroy(key);
+ }
+
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_KEY_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+}
+
+/***********************************************************************
+ *
+ * Keys list
+ *
+ **********************************************************************/
+static xmlSecPtrListKlass xmlSecKeyPtrListKlass = {
+ BAD_CAST "keys-list",
+ (xmlSecPtrDuplicateItemMethod)xmlSecKeyDuplicate, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
+ (xmlSecPtrDestroyItemMethod)xmlSecKeyDestroy, /* xmlSecPtrDestroyItemMethod destroyItem; */
+ (xmlSecPtrDebugDumpItemMethod)xmlSecKeyDebugDump, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
+ (xmlSecPtrDebugDumpItemMethod)xmlSecKeyDebugXmlDump,/* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
+};
+
+/**
+ * xmlSecKeyPtrListGetKlass:
+ *
+ * The keys list klass.
+ *
+ * Returns: keys list id.
+ */
+xmlSecPtrListId
+xmlSecKeyPtrListGetKlass(void) {
+ return(&xmlSecKeyPtrListKlass);
+}
+
diff --git a/src/keysdata.c b/src/keysdata.c
new file mode 100644
index 00000000..de854ba6
--- /dev/null
+++ b/src/keysdata.c
@@ -0,0 +1,1387 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Key data.
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+
+#include "globals.h"
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/errors.h>
+
+
+/**************************************************************************
+ *
+ * Global xmlSecKeyDataIds list functions
+ *
+ *************************************************************************/
+static xmlSecPtrList xmlSecAllKeyDataIds;
+
+/**
+ * xmlSecKeyDataIdsGet:
+ *
+ * Gets global registered key data klasses list.
+ *
+ * Returns: the pointer to list of all registered key data klasses.
+ */
+xmlSecPtrListPtr
+xmlSecKeyDataIdsGet(void) {
+ return(&xmlSecAllKeyDataIds);
+}
+
+/**
+ * xmlSecKeyDataIdsInit:
+ *
+ * Initializes the key data klasses. This function is called from the
+ * #xmlSecInit function and the application should not call it directly.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecKeyDataIdsInit(void) {
+ int ret;
+
+ ret = xmlSecPtrListInitialize(xmlSecKeyDataIdsGet(), xmlSecKeyDataIdListId);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListPtrInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecKeyDataIdListId");
+ return(-1);
+ }
+
+ ret = xmlSecKeyDataIdsRegisterDefault();
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataIdsRegisterDefault",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecKeyDataIdsShutdown:
+ *
+ * Shuts down the keys data klasses. This function is called from the
+ * #xmlSecShutdown function and the application should not call it directly.
+ */
+void
+xmlSecKeyDataIdsShutdown(void) {
+ xmlSecPtrListFinalize(xmlSecKeyDataIdsGet());
+}
+
+/**
+ * xmlSecKeyDataIdsRegister:
+ * @id: the key data klass.
+ *
+ * Registers @id in the global list of key data klasses.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecKeyDataIdsRegister(xmlSecKeyDataId id) {
+ int ret;
+
+ xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
+
+ ret = xmlSecPtrListAdd(xmlSecKeyDataIdsGet(), (xmlSecPtr)id);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "dataId=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)));
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecKeyDataIdsRegisterDefault:
+ *
+ * Registers default (implemented by XML Security Library)
+ * key data klasses: <dsig:KeyName/> element processing klass,
+ * <dsig:KeyValue/> element processing klass, ...
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecKeyDataIdsRegisterDefault(void) {
+ if(xmlSecKeyDataIdsRegister(xmlSecKeyDataNameId) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecKeyDataNameId");
+ return(-1);
+ }
+
+ if(xmlSecKeyDataIdsRegister(xmlSecKeyDataValueId) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecKeyDataValueId");
+ return(-1);
+ }
+
+ if(xmlSecKeyDataIdsRegister(xmlSecKeyDataRetrievalMethodId) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecKeyDataRetrievalMethodId");
+ return(-1);
+ }
+
+#ifndef XMLSEC_NO_XMLENC
+ if(xmlSecKeyDataIdsRegister(xmlSecKeyDataEncryptedKeyId) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecKeyDataEncryptedKeyId");
+ return(-1);
+ }
+#endif /* XMLSEC_NO_XMLENC */
+
+ return(0);
+}
+
+/**************************************************************************
+ *
+ * xmlSecKeyData functions
+ *
+ *************************************************************************/
+/**
+ * xmlSecKeyDataCreate:
+ * @id: the data id.
+ *
+ * Allocates and initializes new key data of the specified type @id.
+ * Caller is responsible for destroying returned object with
+ * #xmlSecKeyDataDestroy function.
+ *
+ * Returns: the pointer to newly allocated key data structure
+ * or NULL if an error occurs.
+ */
+xmlSecKeyDataPtr
+xmlSecKeyDataCreate(xmlSecKeyDataId id) {
+ xmlSecKeyDataPtr data;
+ int ret;
+
+ xmlSecAssert2(id != NULL, NULL);
+ xmlSecAssert2(id->klassSize >= sizeof(xmlSecKeyDataKlass), NULL);
+ xmlSecAssert2(id->objSize >= sizeof(xmlSecKeyData), NULL);
+ xmlSecAssert2(id->name != NULL, NULL);
+
+ /* Allocate a new xmlSecKeyData and fill the fields. */
+ data = (xmlSecKeyDataPtr)xmlMalloc(id->objSize);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", id->objSize);
+ return(NULL);
+ }
+ memset(data, 0, id->objSize);
+ data->id = id;
+
+ if(id->initialize != NULL) {
+ ret = (id->initialize)(data);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "id->initialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ return(NULL);
+ }
+ }
+
+ return(data);
+}
+
+/**
+ * xmlSecKeyDataDuplicate:
+ * @data: the pointer to the key data.
+ *
+ * Creates a duplicate of the given @data. Caller is responsible for
+ * destroying returned object with #xmlSecKeyDataDestroy function.
+ *
+ * Returns: the pointer to newly allocated key data structure
+ * or NULL if an error occurs.
+ */
+xmlSecKeyDataPtr
+xmlSecKeyDataDuplicate(xmlSecKeyDataPtr data) {
+ xmlSecKeyDataPtr newData;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), NULL);
+ xmlSecAssert2(data->id->duplicate != NULL, NULL);
+
+ newData = xmlSecKeyDataCreate(data->id);
+ if(newData == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ ret = (data->id->duplicate)(newData, data);
+ if(newData == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "id->duplicate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(newData);
+ return(NULL);
+ }
+
+ return(newData);
+}
+
+/**
+ * xmlSecKeyDataDestroy:
+ * @data: the pointer to the key data.
+ *
+ * Destroys the data and frees all allocated memory.
+ */
+void
+xmlSecKeyDataDestroy(xmlSecKeyDataPtr data) {
+ xmlSecAssert(xmlSecKeyDataIsValid(data));
+ xmlSecAssert(data->id->objSize > 0);
+
+ if(data->id->finalize != NULL) {
+ (data->id->finalize)(data);
+ }
+ memset(data, 0, data->id->objSize);
+ xmlFree(data);
+}
+
+
+/**
+ * xmlSecKeyDataXmlRead:
+ * @id: the data klass.
+ * @key: the destination key.
+ * @node: the pointer to an XML node.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ *
+ * Reads the key data of klass @id from XML @node and adds them to @key.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(id != NULL, -1);
+ xmlSecAssert2(id->xmlRead != NULL, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ return((id->xmlRead)(id, key, node, keyInfoCtx));
+}
+
+/**
+ * xmlSecKeyDataXmlWrite:
+ * @id: the data klass.
+ * @key: the source key.
+ * @node: the pointer to an XML node.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ *
+ * Writes the key data of klass @id from @key to an XML @node.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(id != NULL, -1);
+ xmlSecAssert2(id->xmlWrite != NULL, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ return((id->xmlWrite)(id, key, node, keyInfoCtx));
+}
+
+/**
+ * xmlSecKeyDataBinRead:
+ * @id: the data klass.
+ * @key: the destination key.
+ * @buf: the input binary buffer.
+ * @bufSize: the input buffer size.
+ * @keyInfoCtx: the <dsig:KeyInfo/> node processing context.
+ *
+ * Reads the key data of klass @id from binary buffer @buf to @key.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ const xmlSecByte* buf, xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(id != NULL, -1);
+ xmlSecAssert2(id->binRead != NULL, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(buf != NULL, -1);
+
+ return((id->binRead)(id, key, buf, bufSize, keyInfoCtx));
+}
+
+/**
+ * xmlSecKeyDataBinWrite:
+ * @id: the data klass.
+ * @key: the source key.
+ * @buf: the output binary buffer.
+ * @bufSize: the output buffer size.
+ * @keyInfoCtx: the <dsig:KeyInfo/> node processing context.
+ *
+ * Writes the key data of klass @id from the @key to a binary buffer @buf.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlSecByte** buf, xmlSecSize* bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(id != NULL, -1);
+ xmlSecAssert2(id->binWrite != NULL, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(buf != NULL, -1);
+
+ return((id->binWrite)(id, key, buf, bufSize, keyInfoCtx));
+}
+
+/**
+ * xmlSecKeyDataGenerate:
+ * @data: the pointer to key data.
+ * @sizeBits: the desired key data size (in bits).
+ * @type: the desired key data type.
+ *
+ * Generates new key data of given size and type.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits,
+ xmlSecKeyDataType type) {
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
+ xmlSecAssert2(data->id->generate != NULL, -1);
+
+ /* write data */
+ ret = data->id->generate(data, sizeBits, type);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "id->generate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", sizeBits);
+ return(-1);
+ }
+ return(0);
+}
+
+/**
+ * xmlSecKeyDataGetType:
+ * @data: the pointer to key data.
+ *
+ * Gets key data type.
+ *
+ * Returns: key data type.
+ */
+xmlSecKeyDataType
+xmlSecKeyDataGetType(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), xmlSecKeyDataTypeUnknown);
+ xmlSecAssert2(data->id->getType != NULL, xmlSecKeyDataTypeUnknown);
+
+ return(data->id->getType(data));
+}
+
+/**
+ * xmlSecKeyDataGetSize:
+ * @data: the pointer to key data.
+ *
+ * Gets key data size.
+ *
+ * Returns: key data size (in bits).
+ */
+xmlSecSize
+xmlSecKeyDataGetSize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), 0);
+ xmlSecAssert2(data->id->getSize != NULL, 0);
+
+ return(data->id->getSize(data));
+}
+
+/**
+ * xmlSecKeyDataGetIdentifier:
+ * @data: the pointer to key data.
+ *
+ * Gets key data identifier string.
+ *
+ * Returns: key data id string.
+ */
+const xmlChar*
+xmlSecKeyDataGetIdentifier(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), NULL);
+ xmlSecAssert2(data->id->getIdentifier != NULL, NULL);
+
+ return(data->id->getIdentifier(data));
+}
+
+/**
+ * xmlSecKeyDataDebugDump:
+ * @data: the pointer to key data.
+ * @output: the pointer to output FILE.
+ *
+ * Prints key data debug info.
+ */
+void
+xmlSecKeyDataDebugDump(xmlSecKeyDataPtr data, FILE *output) {
+ xmlSecAssert(xmlSecKeyDataIsValid(data));
+ xmlSecAssert(data->id->debugDump != NULL);
+ xmlSecAssert(output != NULL);
+
+ data->id->debugDump(data, output);
+}
+
+/**
+ * xmlSecKeyDataDebugXmlDump:
+ * @data: the pointer to key data.
+ * @output: the pointer to output FILE.
+ *
+ * Prints key data debug info in XML format.
+ */
+void
+xmlSecKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE *output) {
+ xmlSecAssert(xmlSecKeyDataIsValid(data));
+ xmlSecAssert(data->id->debugXmlDump != NULL);
+ xmlSecAssert(output != NULL);
+
+ data->id->debugXmlDump(data, output);
+}
+
+/**************************************************************************
+ *
+ * xmlSecKeyDataBinary methods
+ *
+ * key (xmlSecBuffer) is located after xmlSecKeyData structure
+ *
+ *************************************************************************/
+/**
+ * xmlSecKeyDataBinaryValueInitialize:
+ * @data: the pointer to binary key data.
+ *
+ * Initializes key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecKeyDataBinaryValueInitialize(xmlSecKeyDataPtr data) {
+ xmlSecBufferPtr buffer;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecKeyDataBinarySize), -1);
+
+ /* initialize buffer */
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ ret = xmlSecBufferInitialize(buffer, 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecKeyDataBinaryValueDuplicate:
+ * @dst: the pointer to destination binary key data.
+ * @src: the pointer to source binary key data.
+ *
+ * Copies binary key data from @src to @dst.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecKeyDataBinaryValueDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecBufferPtr buffer;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(dst), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecKeyDataBinarySize), -1);
+ xmlSecAssert2(xmlSecKeyDataIsValid(src), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecKeyDataBinarySize), -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(src);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ /* copy data */
+ ret = xmlSecKeyDataBinaryValueSetBuffer(dst,
+ xmlSecBufferGetData(buffer),
+ xmlSecBufferGetSize(buffer));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "xmlSecKeyDataBinaryValueSetBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecKeyDataBinaryValueFinalize:
+ * @data: the pointer to binary key data.
+ *
+ * Cleans up binary key data.
+ */
+void
+xmlSecKeyDataBinaryValueFinalize(xmlSecKeyDataPtr data) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert(xmlSecKeyDataIsValid(data));
+ xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecKeyDataBinarySize));
+
+ /* initialize buffer */
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert(buffer != NULL);
+
+ xmlSecBufferFinalize(buffer);
+}
+
+/**
+ * xmlSecKeyDataBinaryValueXmlRead:
+ * @id: the data klass.
+ * @key: the pointer to destination key.
+ * @node: the pointer to an XML node.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ *
+ * Reads binary key data from @node to the key by base64 decoding the @node content.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecKeyDataBinaryValueXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlChar* str;
+ xmlSecSize len;
+ xmlSecKeyDataPtr data;
+ int ret;
+
+ xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ str = xmlNodeGetContent(node);
+ if(str == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* usual trick: decode into the same buffer */
+ ret = xmlSecBase64Decode(str, (xmlSecByte*)str, xmlStrlen(str));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBase64Decode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(str);
+ return(-1);
+ }
+ len = ret;
+
+ /* check do we have a key already */
+ data = xmlSecKeyGetValue(key);
+ if(data != NULL) {
+ xmlSecBufferPtr buffer;
+
+ if(!xmlSecKeyDataCheckId(data, id)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(str);
+ return(-1);
+ }
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ if((buffer != NULL) && ((xmlSecSize)xmlSecBufferGetSize(buffer) != len)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST,
+ "cur-data-size=%d;new-data-size=%d",
+ xmlSecBufferGetSize(buffer), len);
+ xmlFree(str);
+ return(-1);
+ }
+ if((buffer != NULL) && (len > 0) && (memcmp(xmlSecBufferGetData(buffer), str, len) != 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST,
+ "key already has a different value");
+ xmlFree(str);
+ return(-1);
+ }
+ if(buffer != NULL) {
+ /* we already have exactly the same key */
+ xmlFree(str);
+ return(0);
+ }
+
+ /* we have binary key value with empty buffer */
+ }
+
+
+ data = xmlSecKeyDataCreate(id);
+ if(data == NULL ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(str);
+ return(-1);
+ }
+
+ ret = xmlSecKeyDataBinaryValueSetBuffer(data, (xmlSecByte*)str, len);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataBinaryValueSetBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", len);
+ xmlSecKeyDataDestroy(data);
+ xmlFree(str);
+ return(-1);
+ }
+ xmlFree(str);
+
+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyReqMatchKeyValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ return(0);
+ }
+
+ ret = xmlSecKeySetValue(key, data);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecKeyDataBinaryValueXmlWrite:
+ * @id: the data klass.
+ * @key: the pointer to source key.
+ * @node: the pointer to an XML node.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ *
+ * Base64 encodes binary key data of klass @id from the @key and
+ * sets to the @node content.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecKeyDataBinaryValueXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecBufferPtr buffer;
+ xmlSecKeyDataPtr value;
+ xmlChar* str;
+
+ xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ if((xmlSecKeyDataTypeSymmetric & keyInfoCtx->keyReq.keyType) == 0) {
+ /* we can have only symmetric key */
+ return(0);
+ }
+
+ value = xmlSecKeyGetValue(key);
+ xmlSecAssert2(xmlSecKeyDataIsValid(value), -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(value);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ str = xmlSecBase64Encode(xmlSecBufferGetData(buffer),
+ xmlSecBufferGetSize(buffer),
+ keyInfoCtx->base64LineSize);
+ if(str == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBase64Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ xmlNodeSetContent(node, str);
+ xmlFree(str);
+ return(0);
+}
+
+/**
+ * xmlSecKeyDataBinaryValueBinRead:
+ * @id: the data klass.
+ * @key: the pointer to destination key.
+ * @buf: the source binary buffer.
+ * @bufSize: the source binary buffer size.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ *
+ * Reads binary key data of the klass @id from @buf to the @key.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecKeyDataBinaryValueBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ const xmlSecByte* buf, xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataPtr data;
+ int ret;
+
+ xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(bufSize > 0, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ /* check do we have a key already */
+ data = xmlSecKeyGetValue(key);
+ if(data != NULL) {
+ xmlSecBufferPtr buffer;
+
+ if(!xmlSecKeyDataCheckId(data, id)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ if((buffer != NULL) && ((xmlSecSize)xmlSecBufferGetSize(buffer) != bufSize)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST,
+ "cur-data-size=%d;new-data-size=%d",
+ xmlSecBufferGetSize(buffer), bufSize);
+ return(-1);
+ }
+ if((buffer != NULL) && (bufSize > 0) && (memcmp(xmlSecBufferGetData(buffer), buf, bufSize) != 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST,
+ "key already has a different value");
+ return(-1);
+ }
+ if(buffer != NULL) {
+ /* we already have exactly the same key */
+ return(0);
+ }
+
+ /* we have binary key value with empty buffer */
+ }
+
+ data = xmlSecKeyDataCreate(id);
+ if(data == NULL ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecKeyDataBinaryValueSetBuffer(data, buf, bufSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataBinaryValueSetBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", bufSize);
+ xmlSecKeyDataDestroy(data);
+ return(-1);
+ }
+
+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyReqMatchKeyValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ return(0);
+ }
+
+ ret = xmlSecKeySetValue(key, data);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecKeyDataBinaryValueBinWrite:
+ * @id: the data klass.
+ * @key: the pointer to source key.
+ * @buf: the destination binary buffer.
+ * @bufSize: the destination binary buffer size.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ *
+ * Writes binary key data of klass @id from the @key to @buf.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecKeyDataBinaryValueBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlSecByte** buf, xmlSecSize* bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataPtr value;
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(bufSize != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ if((xmlSecKeyDataTypeSymmetric & keyInfoCtx->keyReq.keyType) == 0) {
+ /* we can have only symmetric key */
+ return(0);
+ }
+
+ value = xmlSecKeyGetValue(key);
+ xmlSecAssert2(xmlSecKeyDataIsValid(value), -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(key->value);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ (*bufSize) = xmlSecBufferGetSize(buffer);
+ (*buf) = (xmlSecByte*) xmlMalloc((*bufSize));
+ if((*buf) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ memcpy((*buf), xmlSecBufferGetData(buffer), (*bufSize));
+ return(0);
+}
+
+/**
+ * xmlSecKeyDataBinaryValueDebugDump:
+ * @data: the pointer to binary key data.
+ * @output: the pointer to output FILE.
+ *
+ * Prints binary key data debug information to @output.
+ */
+void
+xmlSecKeyDataBinaryValueDebugDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert(xmlSecKeyDataIsValid(data));
+ xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecKeyDataBinarySize));
+ xmlSecAssert(data->id->dataNodeName != NULL);
+ xmlSecAssert(output != NULL);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert(buffer != NULL);
+
+ /* print only size, everything else is sensitive */
+ fprintf(output, "=== %s: size=%d\n", data->id->dataNodeName,
+ xmlSecKeyDataGetSize(data));
+}
+
+/**
+ * xmlSecKeyDataBinaryValueDebugXmlDump:
+ * @data: the pointer to binary key data.
+ * @output: the pointer to output FILE.
+ *
+ * Prints binary key data debug information to @output in XML format.
+ */
+void
+xmlSecKeyDataBinaryValueDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert(xmlSecKeyDataIsValid(data));
+ xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecKeyDataBinarySize));
+ xmlSecAssert(data->id->dataNodeName != NULL);
+ xmlSecAssert(output != NULL);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert(buffer != NULL);
+
+ /* print only size, everything else is sensitive */
+ fprintf(output, "<%s size=\"%d\" />\n", data->id->dataNodeName,
+ xmlSecKeyDataGetSize(data));
+}
+
+/**
+ * xmlSecKeyDataBinaryValueGetSize:
+ * @data: the pointer to binary key data.
+ *
+ * Gets the binary key data size.
+ *
+ * Returns: binary key data size in bits.
+ */
+xmlSecSize
+xmlSecKeyDataBinaryValueGetSize(xmlSecKeyDataPtr data) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), 0);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecKeyDataBinarySize), 0);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, 0);
+
+ /* return size in bits */
+ return(8 * xmlSecBufferGetSize(buffer));
+}
+
+/**
+ * xmlSecKeyDataBinaryValueGetBuffer:
+ * @data: the pointer to binary key data.
+ *
+ * Gets the binary key data buffer.
+ *
+ * Returns: pointer to binary key data buffer.
+ */
+xmlSecBufferPtr
+xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), NULL);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecKeyDataBinarySize), NULL);
+
+ /* key (xmlSecBuffer) is located after xmlSecKeyData structure */
+ return((xmlSecBufferPtr)(((xmlSecByte*)data) + sizeof(xmlSecKeyData)));
+}
+
+/**
+ * xmlSecKeyDataBinaryValueSetBuffer:
+ * @data: the pointer to binary key data.
+ * @buf: the pointer to binary buffer.
+ * @bufSize: the binary buffer size.
+ *
+ * Sets the value of @data to @buf.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecKeyDataBinaryValueSetBuffer(xmlSecKeyDataPtr data,
+ const xmlSecByte* buf, xmlSecSize bufSize) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecKeyDataBinarySize), -1);
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(bufSize > 0, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ return(xmlSecBufferSetData(buffer, buf, bufSize));
+}
+
+/***********************************************************************
+ *
+ * Keys Data list
+ *
+ **********************************************************************/
+static xmlSecPtrListKlass xmlSecKeyDataListKlass = {
+ BAD_CAST "key-data-list",
+ (xmlSecPtrDuplicateItemMethod)xmlSecKeyDataDuplicate, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
+ (xmlSecPtrDestroyItemMethod)xmlSecKeyDataDestroy, /* xmlSecPtrDestroyItemMethod destroyItem; */
+ (xmlSecPtrDebugDumpItemMethod)xmlSecKeyDataDebugDump, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
+ (xmlSecPtrDebugDumpItemMethod)xmlSecKeyDataDebugXmlDump, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
+};
+
+/**
+ * xmlSecKeyDataListGetKlass:
+ *
+ * The key data list klass.
+ *
+ * Returns: pointer to the key data list klass.
+ */
+xmlSecPtrListId
+xmlSecKeyDataListGetKlass(void) {
+ return(&xmlSecKeyDataListKlass);
+}
+
+
+/***********************************************************************
+ *
+ * Keys Data Ids list
+ *
+ **********************************************************************/
+static xmlSecPtrListKlass xmlSecKeyDataIdListKlass = {
+ BAD_CAST "key-data-ids-list",
+ NULL, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
+ NULL, /* xmlSecPtrDestroyItemMethod destroyItem; */
+ NULL, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
+ NULL, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
+};
+
+/**
+ * xmlSecKeyDataIdListGetKlass:
+ *
+ * The key data id list klass.
+ *
+ * Returns: pointer to the key data id list klass.
+ */
+xmlSecPtrListId
+xmlSecKeyDataIdListGetKlass(void) {
+ return(&xmlSecKeyDataIdListKlass);
+}
+
+/**
+ * xmlSecKeyDataIdListFind:
+ * @list: the pointer to key data ids list.
+ * @dataId: the key data klass.
+ *
+ * Lookups @dataId in @list.
+ *
+ * Returns: 1 if @dataId is found in the @list, 0 if not and a negative
+ * value if an error occurs.
+ */
+int
+xmlSecKeyDataIdListFind(xmlSecPtrListPtr list, xmlSecKeyDataId dataId) {
+ xmlSecSize i, size;
+
+ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyDataIdListId), 0);
+ xmlSecAssert2(dataId != NULL, 0);
+
+ size = xmlSecPtrListGetSize(list);
+ for(i = 0; i < size; ++i) {
+ if((xmlSecKeyDataId)xmlSecPtrListGetItem(list, i) == dataId) {
+ return(1);
+ }
+ }
+ return(0);
+}
+
+/**
+ * xmlSecKeyDataIdListFindByNode:
+ * @list: the pointer to key data ids list.
+ * @nodeName: the desired key data klass XML node name.
+ * @nodeNs: the desired key data klass XML node namespace.
+ * @usage: the desired key data usage.
+ *
+ * Lookups data klass in the list with given @nodeName, @nodeNs and
+ * @usage in the @list.
+ *
+ * Returns: key data klass is found and NULL otherwise.
+ */
+xmlSecKeyDataId
+xmlSecKeyDataIdListFindByNode(xmlSecPtrListPtr list, const xmlChar* nodeName,
+ const xmlChar* nodeNs, xmlSecKeyDataUsage usage) {
+ xmlSecKeyDataId dataId;
+ xmlSecSize i, size;
+
+ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyDataIdListId), xmlSecKeyDataIdUnknown);
+ xmlSecAssert2(nodeName != NULL, xmlSecKeyDataIdUnknown);
+
+ size = xmlSecPtrListGetSize(list);
+ for(i = 0; i < size; ++i) {
+ dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(list, i);
+ xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, xmlSecKeyDataIdUnknown);
+
+ if(((usage & dataId->usage) != 0) &&
+ xmlStrEqual(nodeName, dataId->dataNodeName) &&
+ xmlStrEqual(nodeNs, dataId->dataNodeNs)) {
+
+ return(dataId);
+ }
+ }
+ return(xmlSecKeyDataIdUnknown);
+}
+
+/**
+ * xmlSecKeyDataIdListFindByHref:
+ * @list: the pointer to key data ids list.
+ * @href: the desired key data klass href.
+ * @usage: the desired key data usage.
+ *
+ * Lookups data klass in the list with given @href and @usage in @list.
+ *
+ * Returns: key data klass is found and NULL otherwise.
+ */
+xmlSecKeyDataId
+xmlSecKeyDataIdListFindByHref(xmlSecPtrListPtr list, const xmlChar* href,
+ xmlSecKeyDataUsage usage) {
+ xmlSecKeyDataId dataId;
+ xmlSecSize i, size;
+
+ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyDataIdListId), xmlSecKeyDataIdUnknown);
+ xmlSecAssert2(href != NULL, xmlSecKeyDataIdUnknown);
+
+ size = xmlSecPtrListGetSize(list);
+ for(i = 0; i < size; ++i) {
+ dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(list, i);
+ xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, xmlSecKeyDataIdUnknown);
+
+ if(((usage & dataId->usage) != 0) && (dataId->href != NULL) &&
+ xmlStrEqual(href, dataId->href)) {
+
+ return(dataId);
+ }
+ }
+ return(xmlSecKeyDataIdUnknown);
+}
+
+/**
+ * xmlSecKeyDataIdListFindByName:
+ * @list: the pointer to key data ids list.
+ * @name: the desired key data klass name.
+ * @usage: the desired key data usage.
+ *
+ * Lookups data klass in the list with given @name and @usage in @list.
+ *
+ * Returns: key data klass is found and NULL otherwise.
+ */
+xmlSecKeyDataId
+xmlSecKeyDataIdListFindByName(xmlSecPtrListPtr list, const xmlChar* name,
+ xmlSecKeyDataUsage usage) {
+ xmlSecKeyDataId dataId;
+ xmlSecSize i, size;
+
+ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyDataIdListId), xmlSecKeyDataIdUnknown);
+ xmlSecAssert2(name != NULL, xmlSecKeyDataIdUnknown);
+
+ size = xmlSecPtrListGetSize(list);
+ for(i = 0; i < size; ++i) {
+ dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(list, i);
+ xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, xmlSecKeyDataIdUnknown);
+
+ if(((usage & dataId->usage) != 0) && (dataId->name != NULL) &&
+ xmlStrEqual(name, BAD_CAST dataId->name)) {
+
+ return(dataId);
+ }
+ }
+ return(xmlSecKeyDataIdUnknown);
+}
+
+/**
+ * xmlSecKeyDataIdListDebugDump:
+ * @list: the pointer to key data ids list.
+ * @output: the pointer to output FILE.
+ *
+ * Prints binary key data debug information to @output.
+ */
+void
+xmlSecKeyDataIdListDebugDump(xmlSecPtrListPtr list, FILE* output) {
+ xmlSecKeyDataId dataId;
+ xmlSecSize i, size;
+
+ xmlSecAssert(xmlSecPtrListCheckId(list, xmlSecKeyDataIdListId));
+ xmlSecAssert(output != NULL);
+
+ size = xmlSecPtrListGetSize(list);
+ for(i = 0; i < size; ++i) {
+ dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(list, i);
+ xmlSecAssert(dataId != NULL);
+ xmlSecAssert(dataId->name != NULL);
+
+ if(i > 0) {
+ fprintf(output, ",\"%s\"", dataId->name);
+ } else {
+ fprintf(output, "\"%s\"", dataId->name);
+ }
+ }
+ fprintf(output, "\n");
+}
+
+/**
+ * xmlSecKeyDataIdListDebugXmlDump:
+ * @list: the pointer to key data ids list.
+ * @output: the pointer to output FILE.
+ *
+ * Prints binary key data debug information to @output in XML format.
+ */
+void
+xmlSecKeyDataIdListDebugXmlDump(xmlSecPtrListPtr list, FILE* output) {
+ xmlSecKeyDataId dataId;
+ xmlSecSize i, size;
+
+ xmlSecAssert(xmlSecPtrListCheckId(list, xmlSecKeyDataIdListId));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "<KeyDataIdsList>\n");
+ size = xmlSecPtrListGetSize(list);
+ for(i = 0; i < size; ++i) {
+ dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(list, i);
+ xmlSecAssert(dataId != NULL);
+ xmlSecAssert(dataId->name != NULL);
+
+ fprintf(output, "<DataId name=\"");
+ xmlSecPrintXmlString(output, dataId->name);
+ fprintf(output, "\"/>");
+ }
+ fprintf(output, "</KeyDataIdsList>\n");
+}
+
+/**************************************************************************
+ *
+ * xmlSecKeyDataStore functions
+ *
+ *************************************************************************/
+/**
+ * xmlSecKeyDataStoreCreate:
+ * @id: the store id.
+ *
+ * Creates new key data store of the specified klass @id. Caller is responsible
+ * for freeing returned object with #xmlSecKeyDataStoreDestroy function.
+ *
+ * Returns: the pointer to newly allocated key data store structure
+ * or NULL if an error occurs.
+ */
+xmlSecKeyDataStorePtr
+xmlSecKeyDataStoreCreate(xmlSecKeyDataStoreId id) {
+ xmlSecKeyDataStorePtr store;
+ int ret;
+
+ xmlSecAssert2(id != NULL, NULL);
+ xmlSecAssert2(id->objSize > 0, NULL);
+
+ /* Allocate a new xmlSecKeyDataStore and fill the fields. */
+ store = (xmlSecKeyDataStorePtr)xmlMalloc(id->objSize);
+ if(store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", id->objSize);
+ return(NULL);
+ }
+ memset(store, 0, id->objSize);
+ store->id = id;
+
+ if(id->initialize != NULL) {
+ ret = (id->initialize)(store);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreKlassGetName(id)),
+ "id->initialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataStoreDestroy(store);
+ return(NULL);
+ }
+ }
+
+ return(store);
+}
+
+/**
+ * xmlSecKeyDataStoreDestroy:
+ * @store: the pointer to the key data store..
+ *
+ * Destroys the key data store created with #xmlSecKeyDataStoreCreate
+ * function.
+ */
+void
+xmlSecKeyDataStoreDestroy(xmlSecKeyDataStorePtr store) {
+ xmlSecAssert(xmlSecKeyDataStoreIsValid(store));
+ xmlSecAssert(store->id->objSize > 0);
+
+ if(store->id->finalize != NULL) {
+ (store->id->finalize)(store);
+ }
+ memset(store, 0, store->id->objSize);
+ xmlFree(store);
+}
+
+/***********************************************************************
+ *
+ * Keys Data Store list
+ *
+ **********************************************************************/
+static xmlSecPtrListKlass xmlSecKeyDataStorePtrListKlass = {
+ BAD_CAST "keys-data-store-list",
+ NULL, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
+ (xmlSecPtrDestroyItemMethod)xmlSecKeyDataStoreDestroy, /* xmlSecPtrDestroyItemMethod destroyItem; */
+ NULL, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
+ NULL, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
+};
+
+/**
+ * xmlSecKeyDataStorePtrListGetKlass:
+ *
+ * Key data stores list.
+ *
+ * Returns: key data stores list klass.
+ */
+xmlSecPtrListId
+xmlSecKeyDataStorePtrListGetKlass(void) {
+ return(&xmlSecKeyDataStorePtrListKlass);
+}
+
+
diff --git a/src/keysmngr.c b/src/keysmngr.c
new file mode 100644
index 00000000..31a03e97
--- /dev/null
+++ b/src/keysmngr.c
@@ -0,0 +1,745 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Keys Manager.
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+
+#include <libxml/tree.h>
+#include <libxml/parser.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/list.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/errors.h>
+
+/****************************************************************************
+ *
+ * Keys Manager
+ *
+ ***************************************************************************/
+/**
+ * xmlSecKeysMngrCreate:
+ *
+ * Creates new keys manager. Caller is responsible for freeing it with
+ * #xmlSecKeysMngrDestroy function.
+ *
+ * Returns: the pointer to newly allocated keys manager or NULL if
+ * an error occurs.
+ */
+xmlSecKeysMngrPtr
+xmlSecKeysMngrCreate(void) {
+ xmlSecKeysMngrPtr mngr;
+ int ret;
+
+ /* Allocate a new xmlSecKeysMngr and fill the fields. */
+ mngr = (xmlSecKeysMngrPtr)xmlMalloc(sizeof(xmlSecKeysMngr));
+ if(mngr == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "sizeof(xmlSecKeysMngr)=%d",
+ sizeof(xmlSecKeysMngr));
+ return(NULL);
+ }
+ memset(mngr, 0, sizeof(xmlSecKeysMngr));
+
+ ret = xmlSecPtrListInitialize(&(mngr->storesList), xmlSecKeyDataStorePtrListId);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecKeyDataStorePtrListId");
+ return(NULL);
+ }
+
+ return(mngr);
+}
+
+/**
+ * xmlSecKeysMngrDestroy:
+ * @mngr: the pointer to keys manager.
+ *
+ * Destroys keys manager created with #xmlSecKeysMngrCreate function.
+ */
+void
+xmlSecKeysMngrDestroy(xmlSecKeysMngrPtr mngr) {
+ xmlSecAssert(mngr != NULL);
+
+ /* destroy keys store */
+ if(mngr->keysStore != NULL) {
+ xmlSecKeyStoreDestroy(mngr->keysStore);
+ }
+
+ /* destroy other data stores */
+ xmlSecPtrListFinalize(&(mngr->storesList));
+
+ memset(mngr, 0, sizeof(xmlSecKeysMngr));
+ xmlFree(mngr);
+}
+
+/**
+ * xmlSecKeysMngrFindKey:
+ * @mngr: the pointer to keys manager.
+ * @name: the desired key name.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> node processing context.
+ *
+ * Lookups key in the keys manager keys store. The caller is responsible
+ * for destroying the returned key using #xmlSecKeyDestroy method.
+ *
+ * Returns: the pointer to a key or NULL if key is not found or an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecKeysMngrFindKey(xmlSecKeysMngrPtr mngr, const xmlChar* name, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyStorePtr store;
+
+ xmlSecAssert2(mngr != NULL, NULL);
+ xmlSecAssert2(keyInfoCtx != NULL, NULL);
+
+ store = xmlSecKeysMngrGetKeysStore(mngr);
+ if(store == NULL) {
+ /* no store. is it an error? */
+ return(NULL);
+ }
+
+ return(xmlSecKeyStoreFindKey(store, name, keyInfoCtx));
+}
+
+/**
+ * xmlSecKeysMngrAdoptKeysStore:
+ * @mngr: the pointer to keys manager.
+ * @store: the pointer to keys store.
+ *
+ * Adopts keys store in the keys manager @mngr.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecKeysMngrAdoptKeysStore(xmlSecKeysMngrPtr mngr, xmlSecKeyStorePtr store) {
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(xmlSecKeyStoreIsValid(store), -1);
+
+ if(mngr->keysStore != NULL) {
+ xmlSecKeyStoreDestroy(mngr->keysStore);
+ }
+ mngr->keysStore = store;
+
+ return(0);
+}
+
+/**
+ * xmlSecKeysMngrGetKeysStore:
+ * @mngr: the pointer to keys manager.
+ *
+ * Gets the keys store.
+ *
+ * Returns: the keys store in the keys manager @mngr or NULL if
+ * there is no store or an error occurs.
+ */
+xmlSecKeyStorePtr
+xmlSecKeysMngrGetKeysStore(xmlSecKeysMngrPtr mngr) {
+ xmlSecAssert2(mngr != NULL, NULL);
+
+ return(mngr->keysStore);
+}
+
+/**
+ * xmlSecKeysMngrAdoptDataStore:
+ * @mngr: the pointer to keys manager.
+ * @store: the pointer to data store.
+ *
+ * Adopts data store in the keys manager.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecKeysMngrAdoptDataStore(xmlSecKeysMngrPtr mngr, xmlSecKeyDataStorePtr store) {
+ xmlSecKeyDataStorePtr tmp;
+ xmlSecSize pos, size;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(xmlSecKeyDataStoreIsValid(store), -1);
+
+ size = xmlSecPtrListGetSize(&(mngr->storesList));
+ for(pos = 0; pos < size; ++pos) {
+ tmp = (xmlSecKeyDataStorePtr)xmlSecPtrListGetItem(&(mngr->storesList), pos);
+ if((tmp != NULL) && (tmp->id == store->id)) {
+ return(xmlSecPtrListSet(&(mngr->storesList), store, pos));
+ }
+ }
+
+ return(xmlSecPtrListAdd(&(mngr->storesList), store));
+}
+
+
+/**
+ * xmlSecKeysMngrGetDataStore:
+ * @mngr: the pointer to keys manager.
+ * @id: the desired data store klass.
+ *
+ * Lookups the data store of given klass @id in the keys manager.
+ *
+ * Returns: pointer to data store or NULL if it is not found or an error
+ * occurs.
+ */
+xmlSecKeyDataStorePtr
+xmlSecKeysMngrGetDataStore(xmlSecKeysMngrPtr mngr, xmlSecKeyDataStoreId id) {
+ xmlSecKeyDataStorePtr tmp;
+ xmlSecSize pos, size;
+
+ xmlSecAssert2(mngr != NULL, NULL);
+ xmlSecAssert2(id != xmlSecKeyDataStoreIdUnknown, NULL);
+
+ size = xmlSecPtrListGetSize(&(mngr->storesList));
+ for(pos = 0; pos < size; ++pos) {
+ tmp = (xmlSecKeyDataStorePtr)xmlSecPtrListGetItem(&(mngr->storesList), pos);
+ if((tmp != NULL) && (tmp->id == id)) {
+ return(tmp);
+ }
+ }
+
+ return(NULL);
+}
+
+/**************************************************************************
+ *
+ * xmlSecKeyStore functions
+ *
+ *************************************************************************/
+/**
+ * xmlSecKeyStoreCreate:
+ * @id: the key store klass.
+ *
+ * Creates new store of the specified klass @klass. Caller is responsible
+ * for freeing the returned store by calling #xmlSecKeyStoreDestroy function.
+ *
+ * Returns: the pointer to newly allocated keys store or NULL if an error occurs.
+ */
+xmlSecKeyStorePtr
+xmlSecKeyStoreCreate(xmlSecKeyStoreId id) {
+ xmlSecKeyStorePtr store;
+ int ret;
+
+ xmlSecAssert2(id != NULL, NULL);
+ xmlSecAssert2(id->objSize > 0, NULL);
+
+ /* Allocate a new xmlSecKeyStore and fill the fields. */
+ store = (xmlSecKeyStorePtr)xmlMalloc(id->objSize);
+ if(store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", id->objSize);
+ return(NULL);
+ }
+ memset(store, 0, id->objSize);
+ store->id = id;
+
+ if(id->initialize != NULL) {
+ ret = (id->initialize)(store);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreKlassGetName(id)),
+ "id->initialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyStoreDestroy(store);
+ return(NULL);
+ }
+ }
+
+ return(store);
+}
+
+/**
+ * xmlSecKeyStoreDestroy:
+ * @store: the pointer to keys store.
+ *
+ * Destroys the store created with #xmlSecKeyStoreCreate function.
+ */
+void
+xmlSecKeyStoreDestroy(xmlSecKeyStorePtr store) {
+ xmlSecAssert(xmlSecKeyStoreIsValid(store));
+ xmlSecAssert(store->id->objSize > 0);
+
+ if(store->id->finalize != NULL) {
+ (store->id->finalize)(store);
+ }
+ memset(store, 0, store->id->objSize);
+ xmlFree(store);
+}
+
+/**
+ * xmlSecKeyStoreFindKey:
+ * @store: the pointer to keys store.
+ * @name: the desired key name.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> node processing context.
+ *
+ * Lookups key in the store. The caller is responsible for destroying
+ * the returned key using #xmlSecKeyDestroy method.
+ *
+ * Returns: the pointer to a key or NULL if key is not found or an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecKeyStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(xmlSecKeyStoreIsValid(store), NULL);
+ xmlSecAssert2(store->id->findKey != NULL, NULL);
+ xmlSecAssert2(keyInfoCtx != NULL, NULL);
+
+ return(store->id->findKey(store, name, keyInfoCtx));
+}
+
+/****************************************************************************
+ *
+ * Simple Keys Store
+ *
+ * keys list (xmlSecPtrList) is located after xmlSecKeyStore
+ *
+ ***************************************************************************/
+#define xmlSecSimpleKeysStoreSize \
+ (sizeof(xmlSecKeyStore) + sizeof(xmlSecPtrList))
+#define xmlSecSimpleKeysStoreGetList(store) \
+ ((xmlSecKeyStoreCheckSize((store), xmlSecSimpleKeysStoreSize)) ? \
+ (xmlSecPtrListPtr)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \
+ (xmlSecPtrListPtr)NULL)
+
+static int xmlSecSimpleKeysStoreInitialize (xmlSecKeyStorePtr store);
+static void xmlSecSimpleKeysStoreFinalize (xmlSecKeyStorePtr store);
+static xmlSecKeyPtr xmlSecSimpleKeysStoreFindKey (xmlSecKeyStorePtr store,
+ const xmlChar* name,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+
+static xmlSecKeyStoreKlass xmlSecSimpleKeysStoreKlass = {
+ sizeof(xmlSecKeyStoreKlass),
+ xmlSecSimpleKeysStoreSize,
+
+ /* data */
+ BAD_CAST "simple-keys-store", /* const xmlChar* name; */
+
+ /* constructors/destructor */
+ xmlSecSimpleKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */
+ xmlSecSimpleKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */
+ xmlSecSimpleKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecSimpleKeysStoreGetKlass:
+ *
+ * The simple list based keys store klass.
+ *
+ * Returns: simple list based keys store klass.
+ */
+xmlSecKeyStoreId
+xmlSecSimpleKeysStoreGetKlass(void) {
+ return(&xmlSecSimpleKeysStoreKlass);
+}
+
+/**
+ * xmlSecSimpleKeysStoreAdoptKey:
+ * @store: the pointer to simple keys store.
+ * @key: the pointer to key.
+ *
+ * Adds @key to the @store.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecSimpleKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) {
+ xmlSecPtrListPtr list;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecSimpleKeysStoreId), -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ list = xmlSecSimpleKeysStoreGetList(store);
+ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1);
+
+ ret = xmlSecPtrListAdd(list, key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecSimpleKeysStoreLoad:
+ * @store: the pointer to simple keys store.
+ * @uri: the filename.
+ * @keysMngr: the pointer to associated keys manager.
+ *
+ * Reads keys from an XML file.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecSimpleKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri,
+ xmlSecKeysMngrPtr keysMngr) {
+ xmlDocPtr doc;
+ xmlNodePtr root;
+ xmlNodePtr cur;
+ xmlSecKeyPtr key;
+ xmlSecKeyInfoCtx keyInfoCtx;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecSimpleKeysStoreId), -1);
+ xmlSecAssert2(uri != NULL, -1);
+
+ doc = xmlParseFile(uri);
+ if(doc == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlParseFile",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "uri=%s",
+ xmlSecErrorsSafeString(uri));
+ return(-1);
+ }
+
+ root = xmlDocGetRootElement(doc);
+ if(!xmlSecCheckNodeName(root, BAD_CAST "Keys", xmlSecNs)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(root)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "expected-node=<xmlsec:Keys>");
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+
+ cur = xmlSecGetNextElementNode(root->children);
+ while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeKeyInfo, xmlSecDSigNs)) {
+ key = xmlSecKeyCreate();
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "expected-node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+
+ ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecKeyInfoCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(key);
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+
+ keyInfoCtx.mode = xmlSecKeyInfoModeRead;
+ keyInfoCtx.keysMngr = keysMngr;
+ keyInfoCtx.flags = XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND |
+ XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
+ keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown;
+ keyInfoCtx.keyReq.keyType = xmlSecKeyDataTypeAny;
+ keyInfoCtx.keyReq.keyUsage= xmlSecKeyDataUsageAny;
+
+ ret = xmlSecKeyInfoNodeRead(cur, key, &keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecKeyInfoNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
+ xmlSecKeyDestroy(key);
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
+
+ if(xmlSecKeyIsValid(key)) {
+ ret = xmlSecSimpleKeysStoreAdoptKey(store, key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecSimpleKeysStoreAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(key);
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+ } else {
+ /* we have an unknown key in our file, just ignore it */
+ xmlSecKeyDestroy(key);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+
+ xmlFreeDoc(doc);
+ return(0);
+
+}
+
+/**
+ * xmlSecSimpleKeysStoreSave:
+ * @store: the pointer to simple keys store.
+ * @filename: the filename.
+ * @type: the saved keys type (public, private, ...).
+ *
+ * Writes keys from @store to an XML file.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecSimpleKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) {
+ xmlSecKeyInfoCtx keyInfoCtx;
+ xmlSecPtrListPtr list;
+ xmlSecKeyPtr key;
+ xmlSecSize i, keysSize;
+ xmlDocPtr doc;
+ xmlNodePtr cur;
+ xmlSecKeyDataPtr data;
+ xmlSecPtrListPtr idsList;
+ xmlSecKeyDataId dataId;
+ xmlSecSize idsSize, j;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecSimpleKeysStoreId), -1);
+ xmlSecAssert2(filename != NULL, -1);
+
+ list = xmlSecSimpleKeysStoreGetList(store);
+ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1);
+
+ /* create doc */
+ doc = xmlSecCreateTree(BAD_CAST "Keys", xmlSecNs);
+ if(doc == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecCreateTree",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ idsList = xmlSecKeyDataIdsGet();
+ xmlSecAssert2(idsList != NULL, -1);
+
+ keysSize = xmlSecPtrListGetSize(list);
+ idsSize = xmlSecPtrListGetSize(idsList);
+ for(i = 0; i < keysSize; ++i) {
+ key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, i);
+ xmlSecAssert2(key != NULL, -1);
+
+ cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+
+ /* special data key name */
+ if(xmlSecKeyGetName(key) != NULL) {
+ if(xmlSecAddChild(cur, xmlSecNodeKeyName, xmlSecDSigNs) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeKeyName));
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+ }
+
+ /* create nodes for other keys data */
+ for(j = 0; j < idsSize; ++j) {
+ dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(idsList, j);
+ xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, -1);
+
+ if(dataId->dataNodeName == NULL) {
+ continue;
+ }
+
+ data = xmlSecKeyGetData(key, dataId);
+ if(data == NULL) {
+ continue;
+ }
+
+ if(xmlSecAddChild(cur, dataId->dataNodeName, dataId->dataNodeNs) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(dataId->dataNodeName));
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+ }
+
+ ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecKeyInfoCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+
+ keyInfoCtx.mode = xmlSecKeyInfoModeWrite;
+ keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown;
+ keyInfoCtx.keyReq.keyType = type;
+ keyInfoCtx.keyReq.keyUsage = xmlSecKeyDataUsageAny;
+
+ /* finally write key in the node */
+ ret = xmlSecKeyInfoNodeWrite(cur, key, &keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecKeyInfoNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
+ }
+
+ /* now write result */
+ ret = xmlSaveFormatFile(filename, doc, 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSaveFormatFile",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+
+ xmlFreeDoc(doc);
+ return(0);
+}
+
+/**
+ * xmlSecSimpleKeysStoreGetKeys:
+ * @store: the pointer to simple keys store.
+ *
+ * Gets list of keys from simple keys store.
+ *
+ * Returns: pointer to the list of keys stored in the keys store or NULL
+ * if an error occurs.
+ */
+xmlSecPtrListPtr
+xmlSecSimpleKeysStoreGetKeys(xmlSecKeyStorePtr store) {
+ xmlSecPtrListPtr list;
+
+ xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecSimpleKeysStoreId), NULL);
+
+ list = xmlSecSimpleKeysStoreGetList(store);
+ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), NULL);
+
+ return list;
+}
+
+static int
+xmlSecSimpleKeysStoreInitialize(xmlSecKeyStorePtr store) {
+ xmlSecPtrListPtr list;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecSimpleKeysStoreId), -1);
+
+ list = xmlSecSimpleKeysStoreGetList(store);
+ xmlSecAssert2(list != NULL, -1);
+
+ ret = xmlSecPtrListInitialize(list, xmlSecKeyPtrListId);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecPtrListInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecKeyPtrListId");
+ return(-1);
+ }
+
+ return(0);
+}
+
+static void
+xmlSecSimpleKeysStoreFinalize(xmlSecKeyStorePtr store) {
+ xmlSecPtrListPtr list;
+
+ xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecSimpleKeysStoreId));
+
+ list = xmlSecSimpleKeysStoreGetList(store);
+ xmlSecAssert(list != NULL);
+
+ xmlSecPtrListFinalize(list);
+}
+
+static xmlSecKeyPtr
+xmlSecSimpleKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecPtrListPtr list;
+ xmlSecKeyPtr key;
+ xmlSecSize pos, size;
+
+ xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecSimpleKeysStoreId), NULL);
+ xmlSecAssert2(keyInfoCtx != NULL, NULL);
+
+ list = xmlSecSimpleKeysStoreGetList(store);
+ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), NULL);
+
+ size = xmlSecPtrListGetSize(list);
+ for(pos = 0; pos < size; ++pos) {
+ key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, pos);
+ if((key != NULL) && (xmlSecKeyMatch(key, name, &(keyInfoCtx->keyReq)) == 1)) {
+ return(xmlSecKeyDuplicate(key));
+ }
+ }
+ return(NULL);
+}
+
diff --git a/src/kw_aes_des.c b/src/kw_aes_des.c
new file mode 100644
index 00000000..022e720a
--- /dev/null
+++ b/src/kw_aes_des.c
@@ -0,0 +1,493 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Implementation of AES/DES Key Transport algorithm
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/errors.h>
+
+#include "kw_aes_des.h"
+
+#ifndef XMLSEC_NO_DES
+
+static int xmlSecKWDes3BufferReverse (xmlSecByte *buf,
+ xmlSecSize size);
+
+/********************************************************************
+ *
+ * CMS Triple DES Key Wrap
+ *
+ * http://www.w3.org/TR/xmlenc-core/#sec-Alg-SymmetricKeyWrap
+ *
+ * The following algorithm wraps (encrypts) a key (the wrapped key, WK)
+ * under a TRIPLEDES key-encryption-key (KEK) as specified in [CMS-Algorithms]:
+ *
+ * 1. Represent the key being wrapped as an octet sequence. If it is a
+ * TRIPLEDES key, this is 24 octets (192 bits) with odd parity bit as
+ * the bottom bit of each octet.
+ * 2. Compute the CMS key checksum (section 5.6.1) call this CKS.
+ * 3. Let WKCKS = WK || CKS, where || is concatenation.
+ * 4. Generate 8 random octets [RANDOM] and call this IV.
+ * 5. Encrypt WKCKS in CBC mode using KEK as the key and IV as the
+ * initialization vector. Call the results TEMP1.
+ * 6. Left TEMP2 = IV || TEMP1.
+ * 7. Reverse the order of the octets in TEMP2 and call the result TEMP3.
+ * 8. Encrypt TEMP3 in CBC mode using the KEK and an initialization vector
+ * of 0x4adda22c79e82105. The resulting cipher text is the desired result.
+ * It is 40 octets long if a 168 bit key is being wrapped.
+ *
+ * The following algorithm unwraps (decrypts) a key as specified in
+ * [CMS-Algorithms]:
+ *
+ * 1. Check if the length of the cipher text is reasonable given the key type.
+ * It must be 40 bytes for a 168 bit key and either 32, 40, or 48 bytes for
+ * a 128, 192, or 256 bit key. If the length is not supported or inconsistent
+ * with the algorithm for which the key is intended, return error.
+ * 2. Decrypt the cipher text with TRIPLEDES in CBC mode using the KEK and
+ * an initialization vector (IV) of 0x4adda22c79e82105. Call the output TEMP3.
+ * 3. Reverse the order of the octets in TEMP3 and call the result TEMP2.
+ * 4. Decompose TEMP2 into IV, the first 8 octets, and TEMP1, the remaining
+ * octets.
+ * 5. Decrypt TEMP1 using TRIPLEDES in CBC mode using the KEK and the IV found
+ * in the previous step. Call the result WKCKS.
+ * 6. Decompose WKCKS. CKS is the last 8 octets and WK, the wrapped key, are
+ * those octets before the CKS.
+ * 7. Calculate a CMS key checksum (section 5.6.1) over the WK and compare
+ * with the CKS extracted in the above step. If they are not equal, return
+ * error.
+ * 8. WK is the wrapped key, now extracted for use in data decryption.
+ *
+ ********************************************************************/
+static xmlSecByte xmlSecKWDes3Iv[XMLSEC_KW_DES3_IV_LENGTH] = {
+ 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05
+};
+
+int
+xmlSecKWDes3Encode(xmlSecKWDes3Id kwDes3Id, void *context,
+ const xmlSecByte *in, xmlSecSize inSize,
+ xmlSecByte *out, xmlSecSize outSize) {
+ xmlSecByte sha1[XMLSEC_KW_DES3_SHA_DIGEST_LENGTH];
+ xmlSecByte iv[XMLSEC_KW_DES3_IV_LENGTH];
+ xmlSecSize s;
+ int ret;
+
+ xmlSecAssert2(xmlSecKWDes3CheckId(kwDes3Id), -1);
+ xmlSecAssert2(context != NULL, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize + XMLSEC_KW_DES3_BLOCK_LENGTH + XMLSEC_KW_DES3_IV_LENGTH, -1);
+
+ /* step 2: calculate sha1 and CMS */
+ ret = kwDes3Id->sha1(context, in, inSize, sha1, sizeof(sha1));
+ if((ret < 0) || (ret != sizeof(sha1))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "kwDes3Id->sha1",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+
+ /* step 3: construct WKCKS as WK || CKS */
+ memcpy(out, in, inSize);
+ memcpy(out + inSize, sha1, XMLSEC_KW_DES3_BLOCK_LENGTH);
+
+ /* step 4: generate random iv */
+ ret = kwDes3Id->generateRandom(context, iv, sizeof(iv));
+ if((ret < 0) || (ret != sizeof(iv))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "kwDes3Id->generateRandom",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+
+ /* step 5: first encryption, result is TEMP1 */
+ ret = kwDes3Id->encrypt(context,
+ iv, sizeof(iv),
+ out, inSize + XMLSEC_KW_DES3_BLOCK_LENGTH,
+ out, outSize);
+ if((ret < 0) || ((xmlSecSize)ret != inSize + XMLSEC_KW_DES3_BLOCK_LENGTH)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "kwDes3Id->encrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+
+ /* step 6: construct TEMP2=IV || TEMP1 */
+ memmove(out + XMLSEC_KW_DES3_IV_LENGTH, out, inSize + XMLSEC_KW_DES3_BLOCK_LENGTH);
+ memcpy(out, iv, XMLSEC_KW_DES3_IV_LENGTH);
+ s = inSize + XMLSEC_KW_DES3_BLOCK_LENGTH + XMLSEC_KW_DES3_IV_LENGTH;
+
+ /* step 7: reverse octets order, result is TEMP3 */
+ ret = xmlSecKWDes3BufferReverse(out, s);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKWDes3BufferReverse",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+
+ /* step 8: second encryption with static IV */
+ ret = kwDes3Id->encrypt(context,
+ xmlSecKWDes3Iv, sizeof(xmlSecKWDes3Iv),
+ out, s,
+ out, outSize);
+ if((ret < 0) || ((xmlSecSize)ret != s)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "kwDes3Id->encrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+
+ s = ret;
+ return(s);
+}
+
+int
+xmlSecKWDes3Decode(xmlSecKWDes3Id kwDes3Id, void *context,
+ const xmlSecByte *in, xmlSecSize inSize,
+ xmlSecByte *out, xmlSecSize outSize)
+{
+ xmlSecByte sha1[XMLSEC_KW_DES3_SHA_DIGEST_LENGTH];
+ xmlSecSize s;
+ int ret;
+
+ xmlSecAssert2(xmlSecKWDes3CheckId(kwDes3Id), -1);
+ xmlSecAssert2(context != NULL, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize, -1);
+
+
+ /* step 2: first decryption with static IV, result is TEMP3 */
+ ret = kwDes3Id->decrypt(context,
+ xmlSecKWDes3Iv, sizeof(xmlSecKWDes3Iv),
+ in, inSize,
+ out, outSize);
+ if((ret < 0) || (ret < XMLSEC_KW_DES3_IV_LENGTH)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "kwDes3Id->decrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+ s = ret;
+
+ /* step 3: reverse octets order in TEMP3, result is TEMP2 */
+ ret = xmlSecKWDes3BufferReverse(out, s);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKWDes3BufferReverse",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+
+ /* steps 4 and 5: get IV and decrypt second time, result is WKCKS */
+ ret = kwDes3Id->decrypt(context,
+ out, XMLSEC_KW_DES3_IV_LENGTH,
+ out + XMLSEC_KW_DES3_IV_LENGTH, s - XMLSEC_KW_DES3_IV_LENGTH,
+ out, outSize);
+ if((ret < 0) || (ret < XMLSEC_KW_DES3_BLOCK_LENGTH)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "kwDes3Id->decrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+ s = ret - XMLSEC_KW_DES3_BLOCK_LENGTH;
+
+ /* steps 6 and 7: calculate SHA1 and validate it */
+ ret = kwDes3Id->sha1(context,
+ out, s,
+ sha1, sizeof(sha1));
+ if((ret < 0) || (ret != sizeof(sha1))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "kwDes3Id->sha1",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+
+ /* check sha1 */
+ xmlSecAssert2(XMLSEC_KW_DES3_BLOCK_LENGTH <= sizeof(sha1), -1);
+ if(memcmp(sha1, out + s, XMLSEC_KW_DES3_BLOCK_LENGTH) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "SHA1 does not match");
+ return(-1);
+ }
+
+ /* done */
+ return(s);
+}
+
+static int
+xmlSecKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size)
+{
+ xmlSecByte * p;
+ xmlSecByte ch;
+
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(size > 0, -1);
+
+ for(p = buf + size - 1; p >= buf; ++buf, --p) {
+ ch = (*p);
+ (*p) = (*buf);
+ (*buf) = ch;
+ }
+ return (0);
+}
+
+#endif /* XMLSEC_NO_DES */
+
+
+
+#ifndef XMLSEC_NO_AES
+/********************************************************************
+ *
+ * KT AES
+ *
+ * http://www.w3.org/TR/xmlenc-core/#sec-Alg-SymmetricKeyWrap:
+ *
+ * Assume that the data to be wrapped consists of N 64-bit data blocks
+ * denoted P(1), P(2), P(3) ... P(N). The result of wrapping will be N+1
+ * 64-bit blocks denoted C(0), C(1), C(2), ... C(N). The key encrypting
+ * key is represented by K. Assume integers i, j, and t and intermediate
+ * 64-bit register A, 128-bit register B, and array of 64-bit quantities
+ * R(1) through R(N).
+ *
+ * "|" represents concatentation so x|y, where x and y and 64-bit quantities,
+ * is the 128-bit quantity with x in the most significant bits and y in the
+ * least significant bits. AES(K)enc(x) is the operation of AES encrypting
+ * the 128-bit quantity x under the key K. AES(K)dec(x) is the corresponding
+ * decryption opteration. XOR(x,y) is the bitwise exclusive or of x and y.
+ * MSB(x) and LSB(y) are the most significant 64 bits and least significant
+ * 64 bits of x and y respectively.
+ *
+ * If N is 1, a single AES operation is performed for wrap or unwrap.
+ * If N>1, then 6*N AES operations are performed for wrap or unwrap.
+ *
+ * The key wrap algorithm is as follows:
+ *
+ * 1. If N is 1:
+ * * B=AES(K)enc(0xA6A6A6A6A6A6A6A6|P(1))
+ * * C(0)=MSB(B)
+ * * C(1)=LSB(B)
+ * If N>1, perform the following steps:
+ * 2. Initialize variables:
+ * * Set A to 0xA6A6A6A6A6A6A6A6
+ * * Fori=1 to N,
+ * R(i)=P(i)
+ * 3. Calculate intermediate values:
+ * * Forj=0 to 5,
+ * o For i=1 to N,
+ * t= i + j*N
+ * B=AES(K)enc(A|R(i))
+ * A=XOR(t,MSB(B))
+ * R(i)=LSB(B)
+ * 4. Output the results:
+ * * Set C(0)=A
+ * * For i=1 to N,
+ * C(i)=R(i)
+ *
+ * The key unwrap algorithm is as follows:
+ *
+ * 1. If N is 1:
+ * * B=AES(K)dec(C(0)|C(1))
+ * * P(1)=LSB(B)
+ * * If MSB(B) is 0xA6A6A6A6A6A6A6A6, return success. Otherwise,
+ * return an integrity check failure error.
+ * If N>1, perform the following steps:
+ * 2. Initialize the variables:
+ * * A=C(0)
+ * * For i=1 to N,
+ * R(i)=C(i)
+ * 3. Calculate intermediate values:
+ * * For j=5 to 0,
+ * o For i=N to 1,
+ * t= i + j*N
+ * B=AES(K)dec(XOR(t,A)|R(i))
+ * A=MSB(B)
+ * R(i)=LSB(B)
+ * 4. Output the results:
+ * * For i=1 to N,
+ * P(i)=R(i)
+ * * If A is 0xA6A6A6A6A6A6A6A6, return success. Otherwise, return
+ * an integrity check failure error.
+ ********************************************************************/
+static const xmlSecByte xmlSecKWAesMagicBlock[XMLSEC_KW_AES_MAGIC_BLOCK_SIZE] = {
+ 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6
+};
+
+int
+xmlSecKWAesEncode(xmlSecKWAesId kwAesId, void *context,
+ const xmlSecByte *in, xmlSecSize inSize,
+ xmlSecByte *out, xmlSecSize outSize) {
+ xmlSecByte block[XMLSEC_KW_AES_BLOCK_SIZE];
+ xmlSecByte *p;
+ int N, i, j, t;
+ int ret;
+
+ xmlSecAssert2(kwAesId != NULL, -1);
+ xmlSecAssert2(kwAesId->encrypt != NULL, -1);
+ xmlSecAssert2(kwAesId->decrypt != NULL, -1);
+ xmlSecAssert2(context != NULL, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE, -1);
+
+ /* prepend magic block */
+ if(in != out) {
+ memcpy(out + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE, in, inSize);
+ } else {
+ memmove(out + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE, out, inSize);
+ }
+ memcpy(out, xmlSecKWAesMagicBlock, XMLSEC_KW_AES_MAGIC_BLOCK_SIZE);
+
+ N = (inSize / 8);
+ if(N == 1) {
+ ret = kwAesId->encrypt(out, inSize + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE, out, outSize, context);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "kwAesId->encrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else {
+ for(j = 0; j <= 5; ++j) {
+ for(i = 1; i <= N; ++i) {
+ t = i + (j * N);
+ p = out + i * 8;
+
+ memcpy(block, out, 8);
+ memcpy(block + 8, p, 8);
+
+ ret = kwAesId->encrypt(block, sizeof(block), block, sizeof(block), context);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "kwAesId->encrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ block[7] ^= t;
+ memcpy(out, block, 8);
+ memcpy(p, block + 8, 8);
+ }
+ }
+ }
+
+ return(inSize + 8);
+}
+
+int
+xmlSecKWAesDecode(xmlSecKWAesId kwAesId, void *context,
+ const xmlSecByte *in, xmlSecSize inSize,
+ xmlSecByte *out, xmlSecSize outSize) {
+ xmlSecByte block[XMLSEC_KW_AES_BLOCK_SIZE];
+ xmlSecByte *p;
+ int N, i, j, t;
+ int ret;
+
+ xmlSecAssert2(kwAesId != NULL, -1);
+ xmlSecAssert2(kwAesId->encrypt != NULL, -1);
+ xmlSecAssert2(kwAesId->decrypt != NULL, -1);
+ xmlSecAssert2(context != NULL, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize, -1);
+
+ /* copy input */
+ if(in != out) {
+ memcpy(out, in, inSize);
+ }
+
+ N = (inSize / 8) - 1;
+ if(N == 1) {
+ ret = kwAesId->decrypt(out, inSize, out, outSize, context);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "kwAesId->decrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else {
+ for(j = 5; j >= 0; --j) {
+ for(i = N; i > 0; --i) {
+ t = i + (j * N);
+ p = out + i * 8;
+
+ memcpy(block, out, 8);
+ memcpy(block + 8, p, 8);
+ block[7] ^= t;
+
+ ret = kwAesId->decrypt(block, sizeof(block), block, sizeof(block), context);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "kwAesId->decrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ memcpy(out, block, 8);
+ memcpy(p, block + 8, 8);
+ }
+ }
+ }
+ /* do not left data in memory */
+ memset(block, 0, sizeof(block));
+
+ /* check the output */
+ if(memcmp(xmlSecKWAesMagicBlock, out, XMLSEC_KW_AES_MAGIC_BLOCK_SIZE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "bad magic block");
+ return(-1);
+ }
+
+ /* get rid of magic block */
+ memmove(out, out + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE, inSize - XMLSEC_KW_AES_MAGIC_BLOCK_SIZE);
+ return(inSize - XMLSEC_KW_AES_MAGIC_BLOCK_SIZE);
+}
+
+#endif /* XMLSEC_NO_AES */
+
diff --git a/src/kw_aes_des.h b/src/kw_aes_des.h
new file mode 100644
index 00000000..46e85273
--- /dev/null
+++ b/src/kw_aes_des.h
@@ -0,0 +1,148 @@
+/**
+ * XMLSec library
+ *
+ * THIS IS A PRIVATE XMLSEC HEADER FILE
+ * DON'T USE IT IN YOUR APPLICATION
+ *
+ * Implementation of AES/DES Key Transport algorithm
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin, All rights reserved.
+ */
+#ifndef __XMLSEC_KT_AES_DES_H__
+#define __XMLSEC_KT_AES_DES_H__
+
+#ifndef XMLSEC_PRIVATE
+#error "private.h file contains private xmlsec definitions and should not be used outside xmlsec or xmlsec-<crypto> libraries"
+#endif /* XMLSEC_PRIVATE */
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+#ifndef XMLSEC_NO_DES
+/********************************************************************
+ *
+ * KT DES
+ *
+ ********************************************************************/
+#define XMLSEC_KW_DES3_KEY_LENGTH 24
+#define XMLSEC_KW_DES3_IV_LENGTH 8
+#define XMLSEC_KW_DES3_BLOCK_LENGTH 8
+#define XMLSEC_KW_DES3_SHA_DIGEST_LENGTH 20
+
+
+typedef int (*xmlSecKWDes3Sha1Method) (void * context,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+typedef int (*xmlSecKWDes3GenerateRandomMethod) (void * context,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+typedef int (*xmlSecKWDes3BlockEncryptMethod) (void * context,
+ const xmlSecByte * iv,
+ xmlSecSize ivSize,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+typedef int (*xmlSecKWDes3BlockDecryptMethod) (void * context,
+ const xmlSecByte * iv,
+ xmlSecSize ivSize,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+
+
+struct _xmlSecKWDes3Klass {
+ /* callbacks */
+ xmlSecKWDes3GenerateRandomMethod generateRandom;
+ xmlSecKWDes3Sha1Method sha1;
+ xmlSecKWDes3BlockEncryptMethod encrypt;
+ xmlSecKWDes3BlockDecryptMethod decrypt;
+
+ /* for the future */
+ void* reserved0;
+ void* reserved1;
+};
+typedef const struct _xmlSecKWDes3Klass xmlSecKWDes3Klass,
+ *xmlSecKWDes3Id;
+
+#define xmlSecKWDes3CheckId(id) \
+ ( \
+ ((id) != NULL) && \
+ ((id)->generateRandom != NULL) && \
+ ((id)->sha1 != NULL) && \
+ ((id)->encrypt != NULL) && \
+ ((id)->decrypt != NULL) \
+ )
+
+XMLSEC_EXPORT int
+xmlSecKWDes3Encode(xmlSecKWDes3Id kwDes3Id, void *context,
+ const xmlSecByte *in, xmlSecSize inSize,
+ xmlSecByte *out, xmlSecSize outSize);
+
+XMLSEC_EXPORT int
+xmlSecKWDes3Decode(xmlSecKWDes3Id kwDes3Id, void *context,
+ const xmlSecByte *in, xmlSecSize inSize,
+ xmlSecByte *out, xmlSecSize outSize);
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_AES
+/********************************************************************
+ *
+ * KT AES
+ *
+ ********************************************************************/
+#define XMLSEC_KW_AES_MAGIC_BLOCK_SIZE 8
+#define XMLSEC_KW_AES_BLOCK_SIZE 16
+#define XMLSEC_KW_AES128_KEY_SIZE 16
+#define XMLSEC_KW_AES192_KEY_SIZE 24
+#define XMLSEC_KW_AES256_KEY_SIZE 32
+
+typedef int (*xmlSecKWAesBlockEncryptMethod) (const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize,
+ void * context);
+typedef int (*xmlSecKWAesBlockDecryptMethod) (const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize,
+ void * context);
+
+
+struct _xmlSecKWAesKlass {
+ /* callbacks */
+ xmlSecKWAesBlockEncryptMethod encrypt;
+ xmlSecKWAesBlockDecryptMethod decrypt;
+
+ /* for the future */
+ void* reserved0;
+ void* reserved1;
+};
+typedef const struct _xmlSecKWAesKlass xmlSecKWAesKlass,
+ *xmlSecKWAesId;
+
+XMLSEC_EXPORT int
+xmlSecKWAesEncode(xmlSecKWAesId kwAesId, void *context,
+ const xmlSecByte *in, xmlSecSize inSize,
+ xmlSecByte *out, xmlSecSize outSize);
+
+XMLSEC_EXPORT int
+xmlSecKWAesDecode(xmlSecKWAesId kwAesId, void *context,
+ const xmlSecByte *in, xmlSecSize inSize,
+ xmlSecByte *out, xmlSecSize outSize);
+
+#endif /* XMLSEC_NO_AES */
+
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_KT_AES_DES_H__ */
diff --git a/src/list.c b/src/list.c
new file mode 100644
index 00000000..d1a00533
--- /dev/null
+++ b/src/list.c
@@ -0,0 +1,534 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * List of pointers.
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/list.h>
+#include <xmlsec/errors.h>
+
+
+static int xmlSecPtrListEnsureSize (xmlSecPtrListPtr list,
+ xmlSecSize size);
+
+static xmlSecAllocMode gAllocMode = xmlSecAllocModeDouble;
+static xmlSecSize gInitialSize = 64;
+
+/**
+ * xmlSecPtrListSetDefaultAllocMode:
+ * @defAllocMode: the new default memory allocation mode.
+ * @defInitialSize: the new default minimal initial size.
+ *
+ * Sets new default allocation mode and minimal initial list size.
+ */
+void
+xmlSecPtrListSetDefaultAllocMode(xmlSecAllocMode defAllocMode, xmlSecSize defInitialSize) {
+ xmlSecAssert(defInitialSize > 0);
+
+ gAllocMode = defAllocMode;
+ gInitialSize = defInitialSize;
+}
+
+/**
+ * xmlSecPtrListCreate:
+ * @id: the list klass.
+ *
+ * Creates new list object. Caller is responsible for freeing returned list
+ * by calling #xmlSecPtrListDestroy function.
+ *
+ * Returns: pointer to newly allocated list or NULL if an error occurs.
+ */
+xmlSecPtrListPtr
+xmlSecPtrListCreate(xmlSecPtrListId id) {
+ xmlSecPtrListPtr list;
+ int ret;
+
+ xmlSecAssert2(id != xmlSecPtrListIdUnknown, NULL);
+
+ /* Allocate a new xmlSecPtrList and fill the fields. */
+ list = (xmlSecPtrListPtr)xmlMalloc(sizeof(xmlSecPtrList));
+ if(list == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecPtrListKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "sizeof(xmlSecPtrList)=%d",
+ sizeof(xmlSecPtrList));
+ return(NULL);
+ }
+
+ ret = xmlSecPtrListInitialize(list, id);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecPtrListKlassGetName(id)),
+ "xmlSecPtrListInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(list);
+ return(NULL);
+ }
+
+ return(list);
+}
+
+/**
+ * xmlSecPtrListDestroy:
+ * @list: the pointer to list.
+ *
+ * Destroys @list created with #xmlSecPtrListCreate function.
+ */
+void
+xmlSecPtrListDestroy(xmlSecPtrListPtr list) {
+ xmlSecAssert(xmlSecPtrListIsValid(list));
+ xmlSecPtrListFinalize(list);
+ xmlFree(list);
+}
+
+/**
+ * xmlSecPtrListInitialize:
+ * @list: the pointer to list.
+ * @id: the list klass.
+ *
+ * Initializes the list of given klass. Caller is responsible
+ * for cleaning up by calling #xmlSecPtrListFinalize function.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecPtrListInitialize(xmlSecPtrListPtr list, xmlSecPtrListId id) {
+ xmlSecAssert2(id != xmlSecPtrListIdUnknown, -1);
+ xmlSecAssert2(list != NULL, -1);
+
+ memset(list, 0, sizeof(xmlSecPtrList));
+ list->id = id;
+ list->allocMode = gAllocMode;
+
+ return(0);
+}
+
+/**
+ * xmlSecPtrListFinalize:
+ * @list: the pointer to list.
+ *
+ * Cleans up the list initialized with #xmlSecPtrListInitialize
+ * function.
+ */
+void
+xmlSecPtrListFinalize(xmlSecPtrListPtr list) {
+ xmlSecAssert(xmlSecPtrListIsValid(list));
+
+ xmlSecPtrListEmpty(list);
+ memset(list, 0, sizeof(xmlSecPtrList));
+}
+
+/**
+ * xmlSecPtrListEmpty:
+ * @list: the pointer to list.
+ *
+ * Remove all items from @list (if any).
+ */
+void
+xmlSecPtrListEmpty(xmlSecPtrListPtr list) {
+ xmlSecAssert(xmlSecPtrListIsValid(list));
+
+ if(list->id->destroyItem != NULL) {
+ xmlSecSize pos;
+
+ for(pos = 0; pos < list->use; ++pos) {
+ xmlSecAssert(list->data != NULL);
+ if(list->data[pos] != NULL) {
+ list->id->destroyItem(list->data[pos]);
+ }
+ }
+ }
+ if(list->max > 0) {
+ xmlSecAssert(list->data != NULL);
+
+ memset(list->data, 0, sizeof(xmlSecPtr) * list->use);
+ xmlFree(list->data);
+ }
+ list->max = list->use = 0;
+ list->data = NULL;
+}
+
+/**
+ * xmlSecPtrListCopy:
+ * @dst: the pointer to destination list.
+ * @src: the pointer to source list.
+ *
+ * Copies @src list items to @dst list using #duplicateItem method
+ * of the list klass. If #duplicateItem method is NULL then
+ * we jsut copy pointers to items.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecPtrListCopy(xmlSecPtrListPtr dst, xmlSecPtrListPtr src) {
+ xmlSecSize i;
+ int ret;
+
+ xmlSecAssert2(xmlSecPtrListIsValid(dst), -1);
+ xmlSecAssert2(xmlSecPtrListIsValid(src), -1);
+ xmlSecAssert2(dst->id == src->id, -1);
+
+ /* allocate memory */
+ ret = xmlSecPtrListEnsureSize(dst, dst->use + src->use);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecPtrListGetName(src)),
+ "xmlSecPtrListEnsureSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", src->use);
+ return(-1);
+ }
+
+ /* copy one item after another */
+ for(i = 0; i < src->use; ++i, ++dst->use) {
+ xmlSecAssert2(src->data != NULL, -1);
+ xmlSecAssert2(dst->data != NULL, -1);
+
+ if((dst->id->duplicateItem != NULL) && (src->data[i] != NULL)) {
+ dst->data[dst->use] = dst->id->duplicateItem(src->data[i]);
+ if(dst->data[dst->use] == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecPtrListGetName(src)),
+ "duplicateItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else {
+ dst->data[dst->use] = src->data[i];
+ }
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecPtrListDuplicate:
+ * @list: the pointer to list.
+ *
+ * Creates a new copy of @list and all its items.
+ *
+ * Returns: pointer to newly allocated list or NULL if an error occurs.
+ */
+xmlSecPtrListPtr
+xmlSecPtrListDuplicate(xmlSecPtrListPtr list) {
+ xmlSecPtrListPtr newList;
+ int ret;
+
+ xmlSecAssert2(xmlSecPtrListIsValid(list), NULL);
+
+ newList = xmlSecPtrListCreate(list->id);
+ if(newList == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecPtrListGetName(list)),
+ "xmlSecPtrListCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ ret = xmlSecPtrListCopy(newList, list);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecPtrListGetName(list)),
+ "xmlSecPtrListCopy",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecPtrListDestroy(newList);
+ return(NULL);
+ }
+ return(newList);
+}
+
+/**
+ * xmlSecPtrListGetSize:
+ * @list: the pointer to list.
+ *
+ * Gets list size.
+ *
+ * Returns: the number of itmes in @list.
+ */
+xmlSecSize
+xmlSecPtrListGetSize(xmlSecPtrListPtr list) {
+ xmlSecAssert2(xmlSecPtrListIsValid(list), 0);
+
+ return(list->use);
+}
+
+/**
+ * xmlSecPtrListGetItem:
+ * @list: the pointer to list.
+ * @pos: the item position.
+ *
+ * Gets item from the list.
+ *
+ * Returns: the list item at position @pos or NULL if @pos is greater
+ * than the number of items in the list or an error occurs.
+ */
+xmlSecPtr
+xmlSecPtrListGetItem(xmlSecPtrListPtr list, xmlSecSize pos) {
+ xmlSecAssert2(xmlSecPtrListIsValid(list), NULL);
+ xmlSecAssert2(list->data != NULL, NULL);
+ xmlSecAssert2(pos < list->use, NULL);
+
+ return(list->data[pos]);
+}
+
+/**
+ * xmlSecPtrListAdd:
+ * @list: the pointer to list.
+ * @item: the item.
+ *
+ * Adds @item to the end of the @list.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecPtrListAdd(xmlSecPtrListPtr list, xmlSecPtr item) {
+ int ret;
+
+ xmlSecAssert2(xmlSecPtrListIsValid(list), -1);
+
+ ret = xmlSecPtrListEnsureSize(list, list->use + 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecPtrListGetName(list)),
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", list->use + 1);
+ return(-1);
+ }
+
+ list->data[list->use++] = item;
+ return(0);
+}
+
+/**
+ * xmlSecPtrListSet:
+ * @list: the pointer to list.
+ * @item: the item.
+ * @pos: the pos.
+ *
+ * Sets the value of list item at position @pos. The old value
+ * is destroyed.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecPtrListSet(xmlSecPtrListPtr list, xmlSecPtr item, xmlSecSize pos) {
+ xmlSecAssert2(xmlSecPtrListIsValid(list), -1);
+ xmlSecAssert2(list->data != NULL, -1);
+ xmlSecAssert2(pos < list->use, -1);
+
+ if((list->id->destroyItem != NULL) && (list->data[pos] != NULL)) {
+ list->id->destroyItem(list->data[pos]);
+ }
+ list->data[pos] = item;
+ return(0);
+}
+
+/**
+ * xmlSecPtrListRemove:
+ * @list: the pointer to list.
+ * @pos: the position.
+ *
+ * Destroys list item at the position @pos and sets it value to NULL.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecPtrListRemove(xmlSecPtrListPtr list, xmlSecSize pos) {
+ xmlSecAssert2(xmlSecPtrListIsValid(list), -1);
+ xmlSecAssert2(list->data != NULL, -1);
+ xmlSecAssert2(pos < list->use, -1);
+
+ if((list->id->destroyItem != NULL) && (list->data[pos] != NULL)) {
+ list->id->destroyItem(list->data[pos]);
+ }
+ list->data[pos] = NULL;
+ if(pos == list->use - 1) {
+ --list->use;
+ }
+ return(0);
+}
+
+/**
+ * xmlSecPtrListRemoveAndReturn:
+ * @list: the pointer to list.
+ * @pos: the position.
+ *
+ * Remove the list item at the position @pos and return it back.
+ *
+ * Returns: the pointer to the list item.
+ */
+xmlSecPtr
+xmlSecPtrListRemoveAndReturn(xmlSecPtrListPtr list, xmlSecSize pos) {
+ xmlSecPtr res;
+
+ xmlSecAssert2(xmlSecPtrListIsValid(list), NULL);
+ xmlSecAssert2(list->data != NULL, NULL);
+ xmlSecAssert2(pos < list->use, NULL);
+
+ res = list->data[pos];
+ list->data[pos] = NULL;
+ if(pos == list->use - 1) {
+ --list->use;
+ }
+ return(res);
+}
+
+
+/**
+ * xmlSecPtrListDebugDump:
+ * @list: the pointer to list.
+ * @output: the pointer to output FILE.
+ *
+ * Prints debug information about @list to the @output.
+ */
+void
+xmlSecPtrListDebugDump(xmlSecPtrListPtr list, FILE* output) {
+ xmlSecAssert(xmlSecPtrListIsValid(list));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "=== list size: %d\n", list->use);
+ if(list->id->debugDumpItem != NULL) {
+ xmlSecSize pos;
+
+ for(pos = 0; pos < list->use; ++pos) {
+ xmlSecAssert(list->data != NULL);
+ if(list->data[pos] != NULL) {
+ list->id->debugDumpItem(list->data[pos], output);
+ }
+ }
+ }
+}
+
+/**
+ * xmlSecPtrListDebugXmlDump:
+ * @list: the pointer to list.
+ * @output: the pointer to output FILE.
+ *
+ * Prints debug information about @list to the @output in XML format.
+ */
+void
+xmlSecPtrListDebugXmlDump(xmlSecPtrListPtr list, FILE* output) {
+ xmlSecAssert(xmlSecPtrListIsValid(list));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "<List size=\"%d\">\n", list->use);
+ if(list->id->debugXmlDumpItem != NULL) {
+ xmlSecSize pos;
+
+ for(pos = 0; pos < list->use; ++pos) {
+ xmlSecAssert(list->data != NULL);
+ if(list->data[pos] != NULL) {
+ list->id->debugXmlDumpItem(list->data[pos], output);
+ }
+ }
+ }
+ fprintf(output, "</List>\n");
+}
+
+static int
+xmlSecPtrListEnsureSize(xmlSecPtrListPtr list, xmlSecSize size) {
+ xmlSecPtr* newData;
+ xmlSecSize newSize = 0;
+
+ xmlSecAssert2(xmlSecPtrListIsValid(list), -1);
+
+ if(size < list->max) {
+ return(0);
+ }
+
+ switch(list->allocMode) {
+ case xmlSecAllocModeExact:
+ newSize = size + 8;
+ break;
+ case xmlSecAllocModeDouble:
+ newSize = 2 * size + 32;
+ break;
+ }
+
+ if(newSize < gInitialSize) {
+ newSize = gInitialSize;
+ }
+
+ if(list->data != NULL) {
+ newData = (xmlSecPtr*)xmlRealloc(list->data, sizeof(xmlSecPtr) * newSize);
+ } else {
+ newData = (xmlSecPtr*)xmlMalloc(sizeof(xmlSecPtr) * newSize);
+ }
+ if(newData == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecPtrListGetName(list)),
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "sizeof(xmlSecPtr)*%d=%d",
+ newSize, sizeof(xmlSecPtr) * newSize);
+ return(-1);
+ }
+
+ list->data = newData;
+ list->max = newSize;
+
+ return(0);
+}
+
+/***********************************************************************
+ *
+ * strings list
+ *
+ **********************************************************************/
+static xmlSecPtr xmlSecStringListDuplicateItem (xmlSecPtr ptr);
+static void xmlSecStringListDestroyItem (xmlSecPtr ptr);
+
+static xmlSecPtrListKlass xmlSecStringListKlass = {
+ BAD_CAST "strings-list",
+ xmlSecStringListDuplicateItem, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
+ xmlSecStringListDestroyItem, /* xmlSecPtrDestroyItemMethod destroyItem; */
+ NULL, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
+ NULL, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
+};
+
+/**
+ * xmlSecStringListGetKlass:
+ *
+ * The strins list class.
+ *
+ * Returns: strings list klass.
+ */
+xmlSecPtrListId
+xmlSecStringListGetKlass(void) {
+ return(&xmlSecStringListKlass);
+}
+
+static xmlSecPtr
+xmlSecStringListDuplicateItem(xmlSecPtr ptr) {
+ xmlSecAssert2(ptr != NULL, NULL);
+
+ return(xmlStrdup((xmlChar*)ptr));
+}
+
+static void
+xmlSecStringListDestroyItem(xmlSecPtr ptr) {
+ xmlSecAssert(ptr != NULL);
+
+ xmlFree(ptr);
+}
+
+
diff --git a/src/membuf.c b/src/membuf.c
new file mode 100644
index 00000000..eb78156c
--- /dev/null
+++ b/src/membuf.c
@@ -0,0 +1,209 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Memory buffer transform
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/buffer.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/membuf.h>
+#include <xmlsec/errors.h>
+
+
+/*****************************************************************************
+ *
+ * Memory Buffer Transform
+ *
+ * xmlSecBuffer is located after xmlSecTransform
+ *
+ ****************************************************************************/
+#define xmlSecTransformMemBufSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecBuffer))
+#define xmlSecTransformMemBufGetBuf(transform) \
+ ((xmlSecTransformCheckSize((transform), xmlSecTransformMemBufSize)) ? \
+ (xmlSecBufferPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)) : \
+ (xmlSecBufferPtr)NULL)
+
+static int xmlSecTransformMemBufInitialize (xmlSecTransformPtr transform);
+static void xmlSecTransformMemBufFinalize (xmlSecTransformPtr transform);
+static int xmlSecTransformMemBufExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static xmlSecTransformKlass xmlSecTransformMemBufKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecTransformMemBufSize, /* xmlSecSize objSize */
+
+ xmlSecNameMemBuf, /* const xmlChar* name; */
+ NULL, /* const xmlChar* href; */
+ 0, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecTransformMemBufInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecTransformMemBufFinalize, /* xmlSecTransformFianlizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecTransformMemBufExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecTransformMemBufGetKlass:
+ *
+ * The memory buffer transorm (used to store the data that go through it).
+ *
+ * Returns: memory buffer transform klass.
+ */
+xmlSecTransformId
+xmlSecTransformMemBufGetKlass(void) {
+ return(&xmlSecTransformMemBufKlass);
+}
+
+/**
+ * xmlSecTransformMemBufGetBuffer:
+ * @transform: the pointer to memory buffer transform.
+ *
+ * Gets the pointer to memory buffer transform buffer.
+ *
+ * Returns: pointer to the transform's #xmlSecBuffer.
+ */
+xmlSecBufferPtr
+xmlSecTransformMemBufGetBuffer(xmlSecTransformPtr transform) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformMemBufId), NULL);
+
+ buffer = xmlSecTransformMemBufGetBuf(transform);
+ xmlSecAssert2(buffer != NULL, NULL);
+
+ return(buffer);
+}
+
+static int
+xmlSecTransformMemBufInitialize(xmlSecTransformPtr transform) {
+ xmlSecBufferPtr buffer;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformMemBufId), -1);
+
+ buffer = xmlSecTransformMemBufGetBuf(transform);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ ret = xmlSecBufferInitialize(buffer, 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+static void
+xmlSecTransformMemBufFinalize(xmlSecTransformPtr transform) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecTransformMemBufId));
+
+ buffer = xmlSecTransformMemBufGetBuf(transform);
+ xmlSecAssert(buffer != NULL);
+
+ xmlSecBufferFinalize(xmlSecTransformMemBufGetBuf(transform));
+}
+
+static int
+xmlSecTransformMemBufExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecBufferPtr buffer;
+ xmlSecBufferPtr in, out;
+ xmlSecSize inSize;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformMemBufId), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ buffer = xmlSecTransformMemBufGetBuf(transform);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+ inSize = xmlSecBufferGetSize(in);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if(transform->status == xmlSecTransformStatusWorking) {
+ /* just copy everything from in to our buffer and out */
+ ret = xmlSecBufferAppend(buffer, xmlSecBufferGetData(in), inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferAppend(out, xmlSecBufferGetData(in), inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+ if(last != 0) {
+ transform->status = xmlSecTransformStatusFinished;
+ }
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(inSize == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+ return(0);
+}
+
diff --git a/src/mscrypto/Makefile.am b/src/mscrypto/Makefile.am
new file mode 100644
index 00000000..5cea654b
--- /dev/null
+++ b/src/mscrypto/Makefile.am
@@ -0,0 +1,62 @@
+NULL =
+
+EXTRA_DIST = \
+ mingw-crypt32.def \
+ README \
+ $(NULL)
+
+lib_LTLIBRARIES = \
+ libxmlsec1-mscrypto.la \
+ $(NULL)
+
+libxmlsec1_mscrypto_la_CPPFLAGS = \
+ -DPACKAGE=\"@PACKAGE@\" \
+ -I../../include \
+ -I$(top_srcdir)/include \
+ $(XMLSEC_DEFINES) \
+ $(MSCRYPTO_CFLAGS) \
+ $(LIBXSLT_CFLAGS) \
+ $(LIBXML_CFLAGS) \
+ $(NULL)
+
+libxmlsec1_mscrypto_la_SOURCES =\
+ globals.h \
+ private.h \
+ app.c \
+ certkeys.c \
+ ciphers.c \
+ crypto.c \
+ digests.c \
+ hmac.c \
+ keysstore.c \
+ kw_aes.c \
+ kw_des.c \
+ kt_rsa.c \
+ signatures.c \
+ symkeys.c \
+ x509.c \
+ x509vfy.c \
+ csp_calg.h \
+ csp_oid.h \
+ xmlsec-mingw.h \
+ $(NULL)
+
+if SHAREDLIB_HACK
+libxmlsec1_mscrypto_la_SOURCES += ../strings.c
+endif
+
+libxmlsec1_mscrypto_la_LIBADD = \
+ $(MSCRYPTO_LIBS) \
+ $(LIBXSLT_LIBS) \
+ $(LIBXML_LIBS) \
+ ../libxmlsec1.la \
+ $(NULL)
+
+libxmlsec1_mscrypto_la_DEPENDENCIES = \
+ mingw-crypt32.def \
+ $(NULL)
+
+libxmlsec1_mscrypto_la_LDFLAGS = \
+ @XMLSEC_CRYPTO_EXTRA_LDFLAGS@ \
+ -version-info @XMLSEC_VERSION_INFO@ \
+ $(NULL)
diff --git a/src/mscrypto/Makefile.in b/src/mscrypto/Makefile.in
new file mode 100644
index 00000000..72d22a3b
--- /dev/null
+++ b/src/mscrypto/Makefile.in
@@ -0,0 +1,799 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@SHAREDLIB_HACK_TRUE@am__append_1 = ../strings.c
+subdir = src/mscrypto
+DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(libdir)"
+LTLIBRARIES = $(lib_LTLIBRARIES)
+am__DEPENDENCIES_1 =
+am__libxmlsec1_mscrypto_la_SOURCES_DIST = globals.h private.h app.c \
+ certkeys.c ciphers.c crypto.c digests.c hmac.c keysstore.c \
+ kw_aes.c kw_des.c kt_rsa.c signatures.c symkeys.c x509.c \
+ x509vfy.c csp_calg.h csp_oid.h xmlsec-mingw.h ../strings.c
+am__objects_1 =
+@SHAREDLIB_HACK_TRUE@am__objects_2 = \
+@SHAREDLIB_HACK_TRUE@ libxmlsec1_mscrypto_la-strings.lo
+am_libxmlsec1_mscrypto_la_OBJECTS = libxmlsec1_mscrypto_la-app.lo \
+ libxmlsec1_mscrypto_la-certkeys.lo \
+ libxmlsec1_mscrypto_la-ciphers.lo \
+ libxmlsec1_mscrypto_la-crypto.lo \
+ libxmlsec1_mscrypto_la-digests.lo \
+ libxmlsec1_mscrypto_la-hmac.lo \
+ libxmlsec1_mscrypto_la-keysstore.lo \
+ libxmlsec1_mscrypto_la-kw_aes.lo \
+ libxmlsec1_mscrypto_la-kw_des.lo \
+ libxmlsec1_mscrypto_la-kt_rsa.lo \
+ libxmlsec1_mscrypto_la-signatures.lo \
+ libxmlsec1_mscrypto_la-symkeys.lo \
+ libxmlsec1_mscrypto_la-x509.lo \
+ libxmlsec1_mscrypto_la-x509vfy.lo $(am__objects_1) \
+ $(am__objects_2)
+libxmlsec1_mscrypto_la_OBJECTS = $(am_libxmlsec1_mscrypto_la_OBJECTS)
+libxmlsec1_mscrypto_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libxmlsec1_mscrypto_la_LDFLAGS) $(LDFLAGS) -o $@
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libxmlsec1_mscrypto_la_SOURCES)
+DIST_SOURCES = $(am__libxmlsec1_mscrypto_la_SOURCES_DIST)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CP = @CP@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GCRYPT_CFLAGS = @GCRYPT_CFLAGS@
+GCRYPT_CRYPTO_LIB = @GCRYPT_CRYPTO_LIB@
+GCRYPT_LIBS = @GCRYPT_LIBS@
+GCRYPT_MIN_VERSION = @GCRYPT_MIN_VERSION@
+GNUTLS_CFLAGS = @GNUTLS_CFLAGS@
+GNUTLS_CRYPTO_LIB = @GNUTLS_CRYPTO_LIB@
+GNUTLS_LIBS = @GNUTLS_LIBS@
+GNUTLS_MIN_VERSION = @GNUTLS_MIN_VERSION@
+GREP = @GREP@
+HELP2MAN = @HELP2MAN@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIBXML_CFLAGS = @LIBXML_CFLAGS@
+LIBXML_CONFIG = @LIBXML_CONFIG@
+LIBXML_LIBS = @LIBXML_LIBS@
+LIBXML_MIN_VERSION = @LIBXML_MIN_VERSION@
+LIBXSLT_CFLAGS = @LIBXSLT_CFLAGS@
+LIBXSLT_CONFIG = @LIBXSLT_CONFIG@
+LIBXSLT_LIBS = @LIBXSLT_LIBS@
+LIBXSLT_MIN_VERSION = @LIBXSLT_MIN_VERSION@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MAN2HTML = @MAN2HTML@
+MKDIR_P = @MKDIR_P@
+MOZILLA_MIN_VERSION = @MOZILLA_MIN_VERSION@
+MSCRYPTO_CFLAGS = @MSCRYPTO_CFLAGS@
+MSCRYPTO_CRYPTO_LIB = @MSCRYPTO_CRYPTO_LIB@
+MSCRYPTO_LIBS = @MSCRYPTO_LIBS@
+MV = @MV@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NSPR_MIN_VERSION = @NSPR_MIN_VERSION@
+NSPR_PACKAGE = @NSPR_PACKAGE@
+NSS_CFLAGS = @NSS_CFLAGS@
+NSS_CRYPTO_LIB = @NSS_CRYPTO_LIB@
+NSS_LIBS = @NSS_LIBS@
+NSS_MIN_VERSION = @NSS_MIN_VERSION@
+NSS_PACKAGE = @NSS_PACKAGE@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_CFLAGS = @OPENSSL_CFLAGS@
+OPENSSL_CRYPTO_LIB = @OPENSSL_CRYPTO_LIB@
+OPENSSL_LIBS = @OPENSSL_LIBS@
+OPENSSL_MIN_VERSION = @OPENSSL_MIN_VERSION@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKGCONFIG_PRESENT = @PKGCONFIG_PRESENT@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+RANLIB = @RANLIB@
+RM = @RM@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+TAR = @TAR@
+U = @U@
+VERSION = @VERSION@
+XMLSEC_APP_DEFINES = @XMLSEC_APP_DEFINES@
+XMLSEC_CFLAGS = @XMLSEC_CFLAGS@
+XMLSEC_CORE_CFLAGS = @XMLSEC_CORE_CFLAGS@
+XMLSEC_CORE_LIBS = @XMLSEC_CORE_LIBS@
+XMLSEC_CRYPTO = @XMLSEC_CRYPTO@
+XMLSEC_CRYPTO_CFLAGS = @XMLSEC_CRYPTO_CFLAGS@
+XMLSEC_CRYPTO_DISABLED_LIST = @XMLSEC_CRYPTO_DISABLED_LIST@
+XMLSEC_CRYPTO_EXTRA_LDFLAGS = @XMLSEC_CRYPTO_EXTRA_LDFLAGS@
+XMLSEC_CRYPTO_LIB = @XMLSEC_CRYPTO_LIB@
+XMLSEC_CRYPTO_LIBS = @XMLSEC_CRYPTO_LIBS@
+XMLSEC_CRYPTO_LIST = @XMLSEC_CRYPTO_LIST@
+XMLSEC_CRYPTO_PC_FILES_LIST = @XMLSEC_CRYPTO_PC_FILES_LIST@
+XMLSEC_DEFINES = @XMLSEC_DEFINES@
+XMLSEC_DL_INCLUDES = @XMLSEC_DL_INCLUDES@
+XMLSEC_DL_LIBS = @XMLSEC_DL_LIBS@
+XMLSEC_DOCDIR = @XMLSEC_DOCDIR@
+XMLSEC_EXTRA_LDFLAGS = @XMLSEC_EXTRA_LDFLAGS@
+XMLSEC_GCRYPT_CFLAGS = @XMLSEC_GCRYPT_CFLAGS@
+XMLSEC_GCRYPT_LIBS = @XMLSEC_GCRYPT_LIBS@
+XMLSEC_GNUTLS_CFLAGS = @XMLSEC_GNUTLS_CFLAGS@
+XMLSEC_GNUTLS_LIBS = @XMLSEC_GNUTLS_LIBS@
+XMLSEC_LIBDIR = @XMLSEC_LIBDIR@
+XMLSEC_LIBS = @XMLSEC_LIBS@
+XMLSEC_NO_AES = @XMLSEC_NO_AES@
+XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_DES = @XMLSEC_NO_DES@
+XMLSEC_NO_DSA = @XMLSEC_NO_DSA@
+XMLSEC_NO_GCRYPT = @XMLSEC_NO_GCRYPT@
+XMLSEC_NO_GNUTLS = @XMLSEC_NO_GNUTLS@
+XMLSEC_NO_GOST = @XMLSEC_NO_GOST@
+XMLSEC_NO_HMAC = @XMLSEC_NO_HMAC@
+XMLSEC_NO_LIBXSLT = @XMLSEC_NO_LIBXSLT@
+XMLSEC_NO_MD5 = @XMLSEC_NO_MD5@
+XMLSEC_NO_MSCRYPTO = @XMLSEC_NO_MSCRYPTO@
+XMLSEC_NO_NSS = @XMLSEC_NO_NSS@
+XMLSEC_NO_OPENSSL = @XMLSEC_NO_OPENSSL@
+XMLSEC_NO_RIPEMD160 = @XMLSEC_NO_RIPEMD160@
+XMLSEC_NO_RSA = @XMLSEC_NO_RSA@
+XMLSEC_NO_SHA1 = @XMLSEC_NO_SHA1@
+XMLSEC_NO_SHA224 = @XMLSEC_NO_SHA224@
+XMLSEC_NO_SHA256 = @XMLSEC_NO_SHA256@
+XMLSEC_NO_SHA384 = @XMLSEC_NO_SHA384@
+XMLSEC_NO_SHA512 = @XMLSEC_NO_SHA512@
+XMLSEC_NO_X509 = @XMLSEC_NO_X509@
+XMLSEC_NO_XKMS = @XMLSEC_NO_XKMS@
+XMLSEC_NO_XMLDSIG = @XMLSEC_NO_XMLDSIG@
+XMLSEC_NO_XMLENC = @XMLSEC_NO_XMLENC@
+XMLSEC_NSS_CFLAGS = @XMLSEC_NSS_CFLAGS@
+XMLSEC_NSS_LIBS = @XMLSEC_NSS_LIBS@
+XMLSEC_OPENSSL_CFLAGS = @XMLSEC_OPENSSL_CFLAGS@
+XMLSEC_OPENSSL_LIBS = @XMLSEC_OPENSSL_LIBS@
+XMLSEC_PACKAGE = @XMLSEC_PACKAGE@
+XMLSEC_STATIC_BINARIES = @XMLSEC_STATIC_BINARIES@
+XMLSEC_VERSION = @XMLSEC_VERSION@
+XMLSEC_VERSION_INFO = @XMLSEC_VERSION_INFO@
+XMLSEC_VERSION_MAJOR = @XMLSEC_VERSION_MAJOR@
+XMLSEC_VERSION_MINOR = @XMLSEC_VERSION_MINOR@
+XMLSEC_VERSION_SAFE = @XMLSEC_VERSION_SAFE@
+XMLSEC_VERSION_SUBMINOR = @XMLSEC_VERSION_SUBMINOR@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+NULL =
+EXTRA_DIST = \
+ mingw-crypt32.def \
+ README \
+ $(NULL)
+
+lib_LTLIBRARIES = \
+ libxmlsec1-mscrypto.la \
+ $(NULL)
+
+libxmlsec1_mscrypto_la_CPPFLAGS = \
+ -DPACKAGE=\"@PACKAGE@\" \
+ -I../../include \
+ -I$(top_srcdir)/include \
+ $(XMLSEC_DEFINES) \
+ $(MSCRYPTO_CFLAGS) \
+ $(LIBXSLT_CFLAGS) \
+ $(LIBXML_CFLAGS) \
+ $(NULL)
+
+libxmlsec1_mscrypto_la_SOURCES = globals.h private.h app.c certkeys.c \
+ ciphers.c crypto.c digests.c hmac.c keysstore.c kw_aes.c \
+ kw_des.c kt_rsa.c signatures.c symkeys.c x509.c x509vfy.c \
+ csp_calg.h csp_oid.h xmlsec-mingw.h $(NULL) $(am__append_1)
+libxmlsec1_mscrypto_la_LIBADD = \
+ $(MSCRYPTO_LIBS) \
+ $(LIBXSLT_LIBS) \
+ $(LIBXML_LIBS) \
+ ../libxmlsec1.la \
+ $(NULL)
+
+libxmlsec1_mscrypto_la_DEPENDENCIES = \
+ mingw-crypt32.def \
+ $(NULL)
+
+libxmlsec1_mscrypto_la_LDFLAGS = \
+ @XMLSEC_CRYPTO_EXTRA_LDFLAGS@ \
+ -version-info @XMLSEC_VERSION_INFO@ \
+ $(NULL)
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/mscrypto/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/mscrypto/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
+ @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \
+ }
+
+uninstall-libLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \
+ done
+
+clean-libLTLIBRARIES:
+ -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libxmlsec1-mscrypto.la: $(libxmlsec1_mscrypto_la_OBJECTS) $(libxmlsec1_mscrypto_la_DEPENDENCIES)
+ $(libxmlsec1_mscrypto_la_LINK) -rpath $(libdir) $(libxmlsec1_mscrypto_la_OBJECTS) $(libxmlsec1_mscrypto_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-app.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-certkeys.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-ciphers.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-crypto.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-digests.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-hmac.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-keysstore.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-kt_rsa.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-kw_aes.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-kw_des.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-signatures.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-strings.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-symkeys.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-x509.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_mscrypto_la-x509vfy.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+libxmlsec1_mscrypto_la-app.lo: app.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-app.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-app.Tpo -c -o libxmlsec1_mscrypto_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-app.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-app.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='app.c' object='libxmlsec1_mscrypto_la-app.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
+
+libxmlsec1_mscrypto_la-certkeys.lo: certkeys.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-certkeys.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-certkeys.Tpo -c -o libxmlsec1_mscrypto_la-certkeys.lo `test -f 'certkeys.c' || echo '$(srcdir)/'`certkeys.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-certkeys.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-certkeys.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='certkeys.c' object='libxmlsec1_mscrypto_la-certkeys.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-certkeys.lo `test -f 'certkeys.c' || echo '$(srcdir)/'`certkeys.c
+
+libxmlsec1_mscrypto_la-ciphers.lo: ciphers.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-ciphers.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-ciphers.Tpo -c -o libxmlsec1_mscrypto_la-ciphers.lo `test -f 'ciphers.c' || echo '$(srcdir)/'`ciphers.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-ciphers.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-ciphers.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ciphers.c' object='libxmlsec1_mscrypto_la-ciphers.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-ciphers.lo `test -f 'ciphers.c' || echo '$(srcdir)/'`ciphers.c
+
+libxmlsec1_mscrypto_la-crypto.lo: crypto.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-crypto.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-crypto.Tpo -c -o libxmlsec1_mscrypto_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-crypto.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-crypto.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto.c' object='libxmlsec1_mscrypto_la-crypto.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c
+
+libxmlsec1_mscrypto_la-digests.lo: digests.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-digests.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-digests.Tpo -c -o libxmlsec1_mscrypto_la-digests.lo `test -f 'digests.c' || echo '$(srcdir)/'`digests.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-digests.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-digests.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='digests.c' object='libxmlsec1_mscrypto_la-digests.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-digests.lo `test -f 'digests.c' || echo '$(srcdir)/'`digests.c
+
+libxmlsec1_mscrypto_la-hmac.lo: hmac.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-hmac.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-hmac.Tpo -c -o libxmlsec1_mscrypto_la-hmac.lo `test -f 'hmac.c' || echo '$(srcdir)/'`hmac.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-hmac.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-hmac.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='hmac.c' object='libxmlsec1_mscrypto_la-hmac.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-hmac.lo `test -f 'hmac.c' || echo '$(srcdir)/'`hmac.c
+
+libxmlsec1_mscrypto_la-keysstore.lo: keysstore.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-keysstore.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-keysstore.Tpo -c -o libxmlsec1_mscrypto_la-keysstore.lo `test -f 'keysstore.c' || echo '$(srcdir)/'`keysstore.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-keysstore.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-keysstore.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='keysstore.c' object='libxmlsec1_mscrypto_la-keysstore.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-keysstore.lo `test -f 'keysstore.c' || echo '$(srcdir)/'`keysstore.c
+
+libxmlsec1_mscrypto_la-kw_aes.lo: kw_aes.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-kw_aes.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-kw_aes.Tpo -c -o libxmlsec1_mscrypto_la-kw_aes.lo `test -f 'kw_aes.c' || echo '$(srcdir)/'`kw_aes.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-kw_aes.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-kw_aes.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kw_aes.c' object='libxmlsec1_mscrypto_la-kw_aes.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-kw_aes.lo `test -f 'kw_aes.c' || echo '$(srcdir)/'`kw_aes.c
+
+libxmlsec1_mscrypto_la-kw_des.lo: kw_des.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-kw_des.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-kw_des.Tpo -c -o libxmlsec1_mscrypto_la-kw_des.lo `test -f 'kw_des.c' || echo '$(srcdir)/'`kw_des.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-kw_des.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-kw_des.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kw_des.c' object='libxmlsec1_mscrypto_la-kw_des.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-kw_des.lo `test -f 'kw_des.c' || echo '$(srcdir)/'`kw_des.c
+
+libxmlsec1_mscrypto_la-kt_rsa.lo: kt_rsa.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-kt_rsa.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-kt_rsa.Tpo -c -o libxmlsec1_mscrypto_la-kt_rsa.lo `test -f 'kt_rsa.c' || echo '$(srcdir)/'`kt_rsa.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-kt_rsa.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-kt_rsa.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kt_rsa.c' object='libxmlsec1_mscrypto_la-kt_rsa.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-kt_rsa.lo `test -f 'kt_rsa.c' || echo '$(srcdir)/'`kt_rsa.c
+
+libxmlsec1_mscrypto_la-signatures.lo: signatures.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-signatures.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-signatures.Tpo -c -o libxmlsec1_mscrypto_la-signatures.lo `test -f 'signatures.c' || echo '$(srcdir)/'`signatures.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-signatures.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-signatures.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='signatures.c' object='libxmlsec1_mscrypto_la-signatures.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-signatures.lo `test -f 'signatures.c' || echo '$(srcdir)/'`signatures.c
+
+libxmlsec1_mscrypto_la-symkeys.lo: symkeys.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-symkeys.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-symkeys.Tpo -c -o libxmlsec1_mscrypto_la-symkeys.lo `test -f 'symkeys.c' || echo '$(srcdir)/'`symkeys.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-symkeys.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-symkeys.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='symkeys.c' object='libxmlsec1_mscrypto_la-symkeys.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-symkeys.lo `test -f 'symkeys.c' || echo '$(srcdir)/'`symkeys.c
+
+libxmlsec1_mscrypto_la-x509.lo: x509.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-x509.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-x509.Tpo -c -o libxmlsec1_mscrypto_la-x509.lo `test -f 'x509.c' || echo '$(srcdir)/'`x509.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-x509.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-x509.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='x509.c' object='libxmlsec1_mscrypto_la-x509.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-x509.lo `test -f 'x509.c' || echo '$(srcdir)/'`x509.c
+
+libxmlsec1_mscrypto_la-x509vfy.lo: x509vfy.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-x509vfy.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-x509vfy.Tpo -c -o libxmlsec1_mscrypto_la-x509vfy.lo `test -f 'x509vfy.c' || echo '$(srcdir)/'`x509vfy.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-x509vfy.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-x509vfy.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='x509vfy.c' object='libxmlsec1_mscrypto_la-x509vfy.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-x509vfy.lo `test -f 'x509vfy.c' || echo '$(srcdir)/'`x509vfy.c
+
+libxmlsec1_mscrypto_la-strings.lo: ../strings.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_mscrypto_la-strings.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_mscrypto_la-strings.Tpo -c -o libxmlsec1_mscrypto_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_mscrypto_la-strings.Tpo $(DEPDIR)/libxmlsec1_mscrypto_la-strings.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='../strings.c' object='libxmlsec1_mscrypto_la-strings.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_mscrypto_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_mscrypto_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(libdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-libLTLIBRARIES
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-libLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libLTLIBRARIES clean-libtool ctags distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am \
+ install-libLTLIBRARIES install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-libLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/mscrypto/README b/src/mscrypto/README
new file mode 100644
index 00000000..0b3f4b6b
--- /dev/null
+++ b/src/mscrypto/README
@@ -0,0 +1,39 @@
+WHAT VERSION OF WINDOWS?
+------------------------------------------------------------------------
+
+The xmlsec-mscrypto lib is developed on a windows XP machine with MS Visual
+Studio (6 and .NET). The MS Crypto API has been evolving a lot with the
+new releases of windows and internet explorer. MS CryptoAPI libraries
+are distributed with ie and with the windows OS. Full functionality will
+only be achieved on windows XP. AES is for example not supported on pre
+XP versions of Windows (workarounds for this are possible, I believe).
+Direct RSA de/encryption, used by xmlsec-mscrypto, is only possible from
+Win 2000 (possibly also with a newer version of ie, with strong encryption
+patch installed). It's very likely more of these issues are lying around, a
+nd until it is tested on older windows systems it is uncertain what will work.
+
+KEYS MANAGER with MS Certificate store support.
+------------------------------------------------------------------------
+
+The default xmlsec-mscrypto keys manager is based upon the simple keys
+store, found in the xmlsec core library. If keys are not found in the
+simple keys store, than MS Certificate store is used to lookup keys.
+The certificate store is only used on a READONLY base, so it is not possible
+to store keys via the keys store into the MS certificate store. There are enough
+other tools that can do that for you.
+
+When the xmlsec application is started, with the config parameter the name of
+the (system) keystore can be given. That keystore will be used for certificates
+and keys lookup. With the keyname now two types of values can be given:
+ - simple name (called friendly name with MS);
+ - full subject name (recommended) of the key's certificate.
+
+KNOWN ISSUES.
+------------------------------------------------------------------------
+1) Default keys manager don't use trusted certs in MS Crypto Store
+(http://bugzilla.gnome.org/show_bug.cgi?id=123668).
+
+2) The only supported file formats are PKCS#12 and DER certificates
+(http://bugzilla.gnome.org/show_bug.cgi?id=123675).
+
+
diff --git a/src/mscrypto/app.c b/src/mscrypto/app.c
new file mode 100644
index 00000000..92894d90
--- /dev/null
+++ b/src/mscrypto/app.c
@@ -0,0 +1,1289 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
+ * Copyright (C) 2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <windows.h>
+#include <wincrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/mscrypto/app.h>
+#include <xmlsec/mscrypto/crypto.h>
+#include <xmlsec/mscrypto/certkeys.h>
+#include <xmlsec/mscrypto/keysstore.h>
+#include <xmlsec/mscrypto/x509.h>
+#include "private.h"
+
+
+/* I don't see any other way then to use a global var to get the
+ * config info to the mscrypto keysstore :( WK
+ */
+static LPTSTR gXmlSecMSCryptoAppCertStoreName = NULL;
+
+/**
+ * xmlSecMSCryptoAppInit:
+ * @config: the name of another then the default ms certificate store.
+ *
+ * General crypto engine initialization. This function is used
+ * by XMLSec command line utility and called before
+ * @xmlSecInit function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecMSCryptoAppInit(const char* config) {
+ /* initialize MSCrypto crypto engine */
+
+ /* config parameter can contain *another* ms certs store name
+ * then the default (MY)
+ */
+ if (NULL != config && strlen(config) > 0) {
+ if (gXmlSecMSCryptoAppCertStoreName != NULL) {
+ /* This should not happen, initialize twice */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "config=%s, config already set",
+ xmlSecErrorsSafeString(config));
+ return (-1);
+ }
+
+#ifdef UNICODE
+ gXmlSecMSCryptoAppCertStoreName = xmlSecMSCryptoConvertLocaleToUnicode(config);
+ if (gXmlSecMSCryptoAppCertStoreName == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "xmlSecMSCryptoConvertLocaleToUnicode",
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "config=%s",
+ xmlSecErrorsSafeString(config));
+ return (-1);
+ }
+#else /* UNICODE */
+ gXmlSecMSCryptoAppCertStoreName = xmlStrdup(config);
+ if (gXmlSecMSCryptoAppCertStoreName == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "xmlStrdup",
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "config=%s",
+ xmlSecErrorsSafeString(config));
+ return (-1);
+ }
+#endif /* UNICODE */
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecMSCryptoAppShutdown:
+ *
+ * General crypto engine shutdown. This function is used
+ * by XMLSec command line utility and called after
+ * @xmlSecShutdown function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecMSCryptoAppShutdown(void) {
+ /* shutdown MSCrypto crypto engine */
+ if (NULL != gXmlSecMSCryptoAppCertStoreName) {
+ xmlFree(gXmlSecMSCryptoAppCertStoreName);
+ gXmlSecMSCryptoAppCertStoreName = NULL;
+ }
+ return(0);
+}
+
+/**
+ * xmlSecMSCryptoAppGetCertStoreName:
+ *
+ * Gets the MS Crypto certs store name set by @xmlSecMSCryptoAppInit function.
+ *
+ * Returns: the MS Crypto certs name used by xmlsec-mscrypto.
+ */
+LPCTSTR
+xmlSecMSCryptoAppGetCertStoreName(void) {
+ return(gXmlSecMSCryptoAppCertStoreName);
+}
+
+/*************************************************************************************
+ * Keys
+ *************************************************************************************/
+
+/**
+ * xmlSecMSCryptoAppKeyLoad:
+ * @filename: the key filename.
+ * @format: the key file format.
+ * @pwd: the key file password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key from the a file.
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecMSCryptoAppKeyLoad(const char *filename, xmlSecKeyDataFormat format,
+ const char *pwd, void* pwdCallback, void* pwdCallbackCtx) {
+ xmlSecBuffer buffer;
+ xmlSecKeyPtr key = NULL;
+ int ret;
+
+ xmlSecAssert2(filename != NULL, NULL);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
+
+ switch (format) {
+ case xmlSecKeyDataFormatPkcs12:
+ key = xmlSecMSCryptoAppPkcs12Load(filename, pwd, pwdCallback, pwdCallbackCtx);
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoAppPkcs12Load",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ break;
+ case xmlSecKeyDataFormatCertDer:
+ ret = xmlSecBufferInitialize(&buffer, 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ ret = xmlSecBufferReadFile(&buffer, filename);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferReadFile",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ xmlSecBufferFinalize(&buffer);
+ return (NULL);
+ }
+
+ key = xmlSecMSCryptoAppKeyLoadMemory(xmlSecBufferGetData(&buffer),
+ xmlSecBufferGetSize(&buffer), format,
+ pwd, pwdCallback, pwdCallbackCtx);
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoAppKeyLoadMemory",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buffer);
+ return(NULL);
+ }
+ xmlSecBufferFinalize(&buffer);
+ break;
+ default:
+ /* Any other format like PEM keys is currently not supported */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_FORMAT,
+ "format=%d", format);
+ return(NULL);
+ }
+
+ return(key);
+}
+
+/**
+ * xmlSecMSCryptoAppKeyLoadMemory:
+ * @data: the key binary data.
+ * @dataSize: the key data size.
+ * @format: the key format.
+ * @pwd: the key password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key from the a file.
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecMSCryptoAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize, xmlSecKeyDataFormat format,
+ const char *pwd, void* pwdCallback, void* pwdCallbackCtx) {
+ PCCERT_CONTEXT pCert = NULL;
+ PCCERT_CONTEXT tmpcert = NULL;
+ xmlSecKeyDataPtr x509Data = NULL;
+ xmlSecKeyDataPtr keyData = NULL;
+ xmlSecKeyPtr key = NULL;
+ xmlSecKeyPtr res = NULL;
+ int ret;
+
+ xmlSecAssert2(data != NULL, NULL);
+ xmlSecAssert2(dataSize > 0, NULL);
+ xmlSecAssert2(format == xmlSecKeyDataFormatCertDer, NULL);
+
+ pCert = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, data, dataSize);
+ if (NULL == pCert) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertCreateCertificateContext",
+ XMLSEC_ERRORS_R_IO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ x509Data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataX509Id);
+ if(x509Data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecMSCryptoKeyDataX509Id)));
+ goto done;
+ }
+
+ tmpcert = CertDuplicateCertificateContext(pCert);
+ if(tmpcert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertDuplicateCertificateContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+
+ ret = xmlSecMSCryptoKeyDataX509AdoptKeyCert(x509Data, tmpcert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoKeyDataX509AdoptKeyCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ CertFreeCertificateContext(tmpcert);
+ goto done;
+ }
+ tmpcert = NULL;
+
+ keyData = xmlSecMSCryptoCertAdopt(pCert, xmlSecKeyDataTypePublic);
+ if(keyData == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoCertAdopt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ pCert = NULL;
+
+ key = xmlSecKeyCreate();
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ ret = xmlSecKeySetValue(key, keyData);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+ keyData = NULL;
+
+ ret = xmlSecKeyAdoptData(key, x509Data);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyAdoptData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+ x509Data = NULL;
+
+ /* success */
+ res = key;
+ key = NULL;
+done:
+ if(pCert != NULL) {
+ CertFreeCertificateContext(pCert);
+ }
+ if(tmpcert != NULL) {
+ CertFreeCertificateContext(tmpcert);
+ }
+ if(x509Data != NULL) {
+ xmlSecKeyDataDestroy(x509Data);
+ }
+ if(keyData != NULL) {
+ xmlSecKeyDataDestroy(keyData);
+ }
+ if(key != NULL) {
+ xmlSecKeyDestroy(key);
+ }
+ return(res);
+}
+
+
+/**********************************************************************************
+ * X509 certificates
+ **********************************************************************************/
+
+#ifndef XMLSEC_NO_X509
+
+/**
+ * xmlSecMSCryptoAppKeyCertLoad:
+ * @key: the pointer to key.
+ * @filename: the certificate filename.
+ * @format: the certificate file format.
+ *
+ * Reads the certificate from $@filename and adds it to key.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+
+int
+xmlSecMSCryptoAppKeyCertLoad(xmlSecKeyPtr key, const char* filename,
+ xmlSecKeyDataFormat format) {
+ xmlSecBuffer buffer;
+ int ret;
+
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(filename != NULL, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ ret = xmlSecBufferInitialize(&buffer, 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecBufferReadFile(&buffer, filename);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferReadFile",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ xmlSecBufferFinalize(&buffer);
+ return (-1);
+ }
+
+ ret = xmlSecMSCryptoAppKeyCertLoadMemory(key, xmlSecBufferGetData(&buffer),
+ xmlSecBufferGetSize(&buffer), format);
+ if (ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoAppKeyCertLoadMemory",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buffer);
+ return(-1);
+ }
+
+ xmlSecBufferFinalize(&buffer);
+ return(0);
+}
+
+/**
+ * xmlSecMSCryptoAppKeyCertLoadMemory:
+ * @key: the pointer to key.
+ * @data: the binary certificate.
+ * @dataSize: size of certificate binary (data)
+ * @format: the certificate file format.
+ *
+ * Reads the certificate from $@data and adds it to key.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecMSCryptoAppKeyCertLoadMemory(xmlSecKeyPtr key, const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecKeyDataFormat format) {
+ PCCERT_CONTEXT pCert;
+ xmlSecKeyDataPtr kdata;
+ int ret;
+
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ kdata = xmlSecKeyEnsureData(key, xmlSecMSCryptoKeyDataX509Id);
+ if(kdata == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyEnsureData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecMSCryptoKeyDataX509Id)));
+ return(-1);
+ }
+
+ /* For now only DER certificates are supported */
+ /* adjust cert format */
+ switch(format) {
+ case xmlSecKeyDataFormatDer:
+ case xmlSecKeyDataFormatCertDer:
+ pCert = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, data, dataSize);
+ if (NULL == pCert) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertCreateCertificateContext",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "format=%d", format);
+ return(-1);
+ }
+
+ ret = xmlSecMSCryptoKeyDataX509AdoptCert(kdata, pCert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(kdata)));
+ CertFreeCertificateContext(pCert);
+ return(-1);
+ }
+ break;
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_FORMAT,
+ "format=%d", (int)format);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecMSCryptoAppPkcs12Load:
+ * @filename: the PKCS12 key filename.
+ * @pwd: the PKCS12 file password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key and all associated certificates from the PKCS12 file
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecMSCryptoAppPkcs12Load(const char *filename,
+ const char *pwd,
+ void* pwdCallback ATTRIBUTE_UNUSED,
+ void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
+ xmlSecBuffer buffer;
+ xmlSecKeyPtr key;
+ int ret;
+
+ xmlSecAssert2(filename != NULL, NULL);
+ xmlSecAssert2(pwd != NULL, NULL);
+
+ ret = xmlSecBufferInitialize(&buffer, 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ ret = xmlSecBufferReadFile(&buffer, filename);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferReadFile",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ xmlSecBufferFinalize(&buffer);
+ return (NULL);
+ }
+ if(xmlSecBufferGetData(&buffer) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buffer);
+ return(NULL);
+ }
+
+ key = xmlSecMSCryptoAppPkcs12LoadMemory(xmlSecBufferGetData(&buffer),
+ xmlSecBufferGetSize(&buffer), pwd,
+ pwdCallback, pwdCallbackCtx);
+ if (key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoAppPkcs12LoadMemory",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buffer);
+ return(NULL);
+ }
+
+ xmlSecBufferFinalize(&buffer);
+ return(key);
+}
+
+/**
+ * xmlSecMSCryptoAppPkcs12LoadMemory:
+ * @data: the binary PKCS12 key in data.
+ * @dataSize: size of binary pkcs12 data
+ * @pwd: the PKCS12 file password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key and all associated certificates from the PKCS12 binary
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecMSCryptoAppPkcs12LoadMemory(const xmlSecByte* data,
+ xmlSecSize dataSize,
+ const char *pwd,
+ void* pwdCallback ATTRIBUTE_UNUSED,
+ void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
+ CRYPT_DATA_BLOB pfx;
+ HCERTSTORE hCertStore = NULL;
+ PCCERT_CONTEXT tmpcert = NULL;
+ PCCERT_CONTEXT pCert = NULL;
+ WCHAR* wcPwd = NULL;
+ xmlSecKeyDataPtr x509Data = NULL;
+ xmlSecKeyDataPtr keyData = NULL;
+ xmlSecKeyPtr key = NULL;
+ int ret;
+
+ xmlSecAssert2(data != NULL, NULL);
+ xmlSecAssert2(dataSize > 1, NULL);
+ xmlSecAssert2(pwd != NULL, NULL);
+
+ memset(&pfx, 0, sizeof(pfx));
+ pfx.pbData = (BYTE *)data;
+ pfx.cbData = dataSize;
+
+ if(FALSE == PFXIsPFXBlob(&pfx)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PFXIsPFXBlob",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%ld",
+ pfx.cbData);
+ goto done;
+ }
+
+ wcPwd = xmlSecMSCryptoConvertLocaleToUnicode(pwd);
+ if (wcPwd == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoConvertLocaleToUnicode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "wcPwd");
+ goto done;
+ }
+
+ if (FALSE == PFXVerifyPassword(&pfx, wcPwd, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PFXVerifyPassword",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ hCertStore = PFXImportCertStore(&pfx, wcPwd, CRYPT_EXPORTABLE);
+ if (NULL == hCertStore) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PFXImportCertStore",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ x509Data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataX509Id);
+ if(x509Data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecMSCryptoKeyDataX509Id)));
+ goto done;
+ }
+
+ while (pCert = CertEnumCertificatesInStore(hCertStore, pCert)) {
+ DWORD dwData = 0;
+ DWORD dwDataLen = sizeof(DWORD);
+
+ /* Find the certificate that has the private key */
+ if((TRUE == CertGetCertificateContextProperty(pCert, CERT_KEY_SPEC_PROP_ID, &dwData, &dwDataLen)) && (dwData > 0)) {
+ tmpcert = CertDuplicateCertificateContext(pCert);
+ if(tmpcert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertDuplicateCertificateContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+
+ keyData = xmlSecMSCryptoCertAdopt(tmpcert, xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
+ if(keyData == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoCertAdopt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ tmpcert = NULL;
+
+ tmpcert = CertDuplicateCertificateContext(pCert);
+ if(tmpcert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertDuplicateCertificateContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+
+ ret = xmlSecMSCryptoKeyDataX509AdoptKeyCert(x509Data, tmpcert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoKeyDataX509AdoptKeyCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+ tmpcert = NULL;
+ }
+
+ /* load certificate in the x509 key data */
+ tmpcert = CertDuplicateCertificateContext(pCert);
+ if(tmpcert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertDuplicateCertificateContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+
+ ret = xmlSecMSCryptoKeyDataX509AdoptCert(x509Data, tmpcert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+ tmpcert = NULL;
+ }
+
+ if (keyData == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoAppPkcs12Load",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "private key not found in PKCS12 file");
+ goto done;
+ }
+
+ key = xmlSecKeyCreate();
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ ret = xmlSecKeySetValue(key, keyData);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ xmlSecKeyDestroy(key);
+ key = NULL;
+ goto done;
+ }
+ keyData = NULL;
+
+ ret = xmlSecKeyAdoptData(key, x509Data);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyAdoptData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ xmlSecKeyDestroy(key);
+ key = NULL;
+ goto done;
+ }
+ x509Data = NULL;
+
+done:
+ if(hCertStore != NULL) {
+ CertCloseStore(hCertStore, 0);
+ }
+ if(wcPwd != NULL) {
+ xmlFree(wcPwd);
+ }
+ if(x509Data != NULL) {
+ xmlSecKeyDataDestroy(x509Data);
+ }
+ if(keyData != NULL) {
+ xmlSecKeyDataDestroy(keyData);
+ }
+ if(tmpcert != NULL) {
+ CertFreeCertificateContext(tmpcert);
+ }
+ return(key);
+}
+
+/**
+ * xmlSecMSCryptoAppKeysMngrCertLoad:
+ * @mngr: the keys manager.
+ * @filename: the certificate file.
+ * @format: the certificate file format.
+ * @type: the flag that indicates is the certificate in @filename
+ * trusted or not.
+ *
+ * Reads cert from @filename and adds to the list of trusted or known
+ * untrusted certs in @store (not implemented yet).
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecMSCryptoAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+ xmlSecBuffer buffer;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(filename != NULL, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ ret = xmlSecBufferInitialize(&buffer, 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecBufferReadFile(&buffer, filename);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferReadFile",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ xmlSecBufferFinalize(&buffer);
+ return (-1);
+ }
+
+ ret = xmlSecMSCryptoAppKeysMngrCertLoadMemory(mngr, xmlSecBufferGetData(&buffer),
+ xmlSecBufferGetSize(&buffer), format, type);
+ if (ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoAppKeysMngrCertLoadMemory",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ xmlSecBufferFinalize(&buffer);
+ return(-1);
+ }
+
+ xmlSecBufferFinalize(&buffer);
+ return(ret);
+}
+
+/**
+ * xmlSecMSCryptoAppKeysMngrCertLoadMemory:
+ * @mngr: the keys manager.
+ * @data: the binary certificate.
+ * @dataSize: size of binary certificate (data)
+ * @format: the certificate file format.
+ * @type: the flag that indicates is the certificate in @filename
+ * trusted or not.
+ *
+ * Reads cert from @data and adds to the list of trusted or known
+ * untrusted certs in @store.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecMSCryptoAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr, const xmlSecByte* data,
+ xmlSecSize dataSize, xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+ xmlSecKeyDataStorePtr x509Store;
+ PCCERT_CONTEXT pCert = NULL;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(dataSize > 0, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCryptoX509StoreId);
+ if(x509Store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecMSCryptoX509StoreId");
+ return(-1);
+ }
+
+ switch (format) {
+ case xmlSecKeyDataFormatDer:
+ case xmlSecKeyDataFormatCertDer:
+ pCert = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+ data, dataSize);
+ if (NULL == pCert) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertCreateCertificateContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (-1);
+ }
+ break;
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_FORMAT,
+ "format=%d", format);
+ return(-1);
+ }
+
+ xmlSecAssert2(pCert != NULL, -1);
+ ret = xmlSecMSCryptoX509StoreAdoptCert(x509Store, pCert, type);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoX509StoreAdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CertFreeCertificateContext(pCert);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecMSCryptoAppDefaultKeysMngrAdoptKeyStore:
+ * @mngr: the keys manager.
+ * @keyStore: the pointer to keys store.
+ *
+ * Adds @keyStore to the list of key stores in the keys manager @mngr.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecMSCryptoAppDefaultKeysMngrAdoptKeyStore(xmlSecKeysMngrPtr mngr, HCERTSTORE keyStore)
+{
+ xmlSecKeyDataStorePtr x509Store ;
+
+ xmlSecAssert2( mngr != NULL, -1 ) ;
+ xmlSecAssert2( keyStore != NULL, -1 ) ;
+
+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId) ;
+ if( x509Store == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeysMngrGetDataStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1) ;
+ }
+
+ if( xmlSecMSCryptoX509StoreAdoptKeyStore( x509Store, keyStore ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
+ "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1) ;
+ }
+
+ return (0) ;
+}
+
+/**
+ * xmlSecMSCryptoAppDefaultKeysMngrAdoptTrustedStore:
+ * @mngr: the keys manager.
+ * @trustedStore: the pointer to certs store.
+ *
+ * Adds @trustedStore to the list of trusted cert stores in the keys manager @mngr.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecMSCryptoAppDefaultKeysMngrAdoptTrustedStore(xmlSecKeysMngrPtr mngr, HCERTSTORE trustedStore)
+{
+ xmlSecKeyDataStorePtr x509Store ;
+
+ xmlSecAssert2( mngr != NULL, -1 ) ;
+ xmlSecAssert2( trustedStore != NULL, -1 ) ;
+
+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
+ if( x509Store == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeysMngrGetDataStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1) ;
+ }
+
+ if( xmlSecMSCryptoX509StoreAdoptTrustedStore( x509Store, trustedStore ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
+ "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1) ;
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecMSCryptoAppDefaultKeysMngrAdoptUntrustedStore:
+ * @mngr: the keys manager.
+ * @untrustedStore: the pointer to certs store.
+ *
+ * Adds @trustedStore to the list of un-trusted cert stores in the keys manager @mngr.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecMSCryptoAppDefaultKeysMngrAdoptUntrustedStore(xmlSecKeysMngrPtr mngr, HCERTSTORE untrustedStore)
+{
+ xmlSecKeyDataStorePtr x509Store ;
+
+ xmlSecAssert2( mngr != NULL, -1 ) ;
+ xmlSecAssert2( untrustedStore != NULL, -1 ) ;
+
+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId);
+ if( x509Store == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeysMngrGetDataStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ if( xmlSecMSCryptoX509StoreAdoptUntrustedStore( x509Store, untrustedStore ) < 0) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
+ "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ return(0) ;
+}
+
+#endif /* XMLSEC_NO_X509 */
+
+/**
+ * xmlSecMSCryptoAppDefaultKeysMngrInit:
+ * @mngr: the pointer to keys manager.
+ *
+ * Initializes @mngr with simple keys store #xmlSecSimpleKeysStoreId
+ * and a default MSCrypto crypto key data stores.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecMSCryptoAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) {
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+
+ /* create MSCrypto keys store if needed */
+ if(xmlSecKeysMngrGetKeysStore(mngr) == NULL) {
+ xmlSecKeyStorePtr keysStore;
+
+ keysStore = xmlSecKeyStoreCreate(xmlSecMSCryptoKeysStoreId);
+ if(keysStore == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyStoreCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecMSCryptoKeysStoreId");
+ return(-1);
+ }
+
+ ret = xmlSecKeysMngrAdoptKeysStore(mngr, keysStore);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrAdoptKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyStoreDestroy(keysStore);
+ return(-1);
+ }
+ }
+
+ ret = xmlSecMSCryptoKeysMngrInit(mngr);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoKeysMngrInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ mngr->getKey = xmlSecKeysMngrGetKey;
+ return(0);
+}
+
+/**
+ * xmlSecMSCryptoAppDefaultKeysMngrAdoptKey:
+ * @mngr: the pointer to keys manager.
+ * @key: the pointer to key.
+ *
+ * Adds @key to the keys manager @mngr created with #xmlSecMSCryptoAppDefaultKeysMngrInit
+ * function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecMSCryptoAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr, xmlSecKeyPtr key) {
+ xmlSecKeyStorePtr store;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ store = xmlSecKeysMngrGetKeysStore(mngr);
+ if(store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecMSCryptoKeysStoreAdoptKey(store, key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoKeysStoreAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecMSCryptoAppDefaultKeysMngrLoad:
+ * @mngr: the pointer to keys manager.
+ * @uri: the uri.
+ *
+ * Loads XML keys file from @uri to the keys manager @mngr created
+ * with #xmlSecMSCryptoAppDefaultKeysMngrInit function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecMSCryptoAppDefaultKeysMngrLoad(xmlSecKeysMngrPtr mngr, const char* uri) {
+ xmlSecKeyStorePtr store;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(uri != NULL, -1);
+
+ store = xmlSecKeysMngrGetKeysStore(mngr);
+ if(store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecMSCryptoKeysStoreLoad(store, uri, mngr);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoKeysStoreLoad",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "uri=%s", xmlSecErrorsSafeString(uri));
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecMSCryptoAppDefaultKeysMngrSave:
+ * @mngr: the pointer to keys manager.
+ * @filename: the destination filename.
+ * @type: the type of keys to save (public/private/symmetric).
+ *
+ * Saves keys from @mngr to XML keys file.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecMSCryptoAppDefaultKeysMngrSave(xmlSecKeysMngrPtr mngr, const char* filename, xmlSecKeyDataType type) {
+ xmlSecKeyStorePtr store;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(filename != NULL, -1);
+
+ store = xmlSecKeysMngrGetKeysStore(mngr);
+ if(store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecMSCryptoKeysStoreSave(store, filename, type);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoKeysStoreSave",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename%s", xmlSecErrorsSafeString(filename));
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecMSCryptoAppDefaultKeysMngrPrivateKeyLoad:
+ * @mngr: the pointer to keys manager.
+ * @hKey: the key handle.
+ *
+ * Adds private key @hKey to the keys manager @mngr.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecMSCryptoAppDefaultKeysMngrPrivateKeyLoad(xmlSecKeysMngrPtr mngr, HCRYPTKEY hKey) {
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(hKey != 0, -1);
+
+ /* TODO */
+ return(0);
+}
+
+/**
+ * xmlSecMSCryptoAppDefaultKeysMngrPublicKeyLoad:
+ * @mngr: the pointer to keys manager.
+ * @hKey: the key handle.
+ *
+ * Adds public key @hKey to the keys manager @mngr.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecMSCryptoAppDefaultKeysMngrPublicKeyLoad(xmlSecKeysMngrPtr mngr, HCRYPTKEY hKey) {
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(hKey != 0, -1);
+
+ /* TODO */
+ return(0);
+}
+
+/**
+ * xmlSecMSCryptoAppDefaultKeysMngrSymKeyLoad:
+ * @mngr: the pointer to keys manager.
+ * @hKey: the key handle.
+ *
+ * Adds symmetric key @hKey to the keys manager @mngr.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecMSCryptoAppDefaultKeysMngrSymKeyLoad(xmlSecKeysMngrPtr mngr, HCRYPTKEY hKey) {
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(hKey != 0, -1);
+
+ /* TODO */
+ return(0);
+}
+
+/**
+ * xmlSecMSCryptoAppGetDefaultPwdCallback:
+ *
+ * Gets default password callback.
+ *
+ * Returns: default password callback.
+ */
+void*
+xmlSecMSCryptoAppGetDefaultPwdCallback(void) {
+ return(NULL);
+}
+
diff --git a/src/mscrypto/certkeys.c b/src/mscrypto/certkeys.c
new file mode 100644
index 00000000..90daa827
--- /dev/null
+++ b/src/mscrypto/certkeys.c
@@ -0,0 +1,2615 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
+ * Copyright (C) 2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <windows.h>
+#include <wincrypt.h>
+
+#ifndef XMLSEC_NO_GOST
+#include "csp_oid.h"
+#include "csp_calg.h"
+#endif
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+#include <xmlsec/bn.h>
+
+#include <xmlsec/mscrypto/certkeys.h>
+#include <xmlsec/mscrypto/crypto.h>
+#include <xmlsec/mscrypto/x509.h>
+#include "private.h"
+
+// GOST CSP don't support keys duplicating, so we use NT4 analogs for these...
+#ifndef XMLSEC_NO_GOST
+#ifndef XMLSEC_MSCRYPTO_NT4
+#define XMLSEC_MSCRYPTO_NT4
+#endif
+#endif
+
+
+/**************************************************************************
+ *
+ * Internal MSCrypto PCCERT_CONTEXT key CTX
+ *
+ *************************************************************************/
+typedef struct _xmlSecMSCryptoKeyDataCtx xmlSecMSCryptoKeyDataCtx,
+ *xmlSecMSCryptoKeyDataCtxPtr;
+
+#ifdef XMLSEC_MSCRYPTO_NT4
+/*-
+ * A wrapper of HCRYPTKEY, a reference countor is introduced, the function is
+ * the same as CryptDuplicateKey. Because the CryptDuplicateKey is not support
+ * by WINNT 4.0, the wrapper will enable the library work on WINNT 4.0
+ */
+struct _mscrypt_key {
+ HCRYPTKEY hKey ;
+ volatile LONG refcnt ;
+} ;
+
+/*-
+ * A wrapper of HCRYPTPROV, a reference countor is introduced, the function is
+ * the same as CryptContextAddRef. Because the CryptContextAddRef is not support
+ * by WINNT 4.0, the wrapper will enable the library work on WINNT 4.0
+ */
+struct _mscrypt_prov {
+ HCRYPTPROV hProv ;
+ BOOL fCallerFreeProv ;
+ volatile LONG refcnt ;
+} ;
+#endif /* XMLSEC_MSCRYPTO_NT4 */
+
+/*
+ * Since MSCrypto does not provide direct handles to private keys, we support
+ * only private keys linked to a certificate context. The certificate context
+ * also provides the public key. Only when no certificate context is used, and
+ * a public key from xml document is provided, we need HCRYPTKEY.... The focus
+ * now is however directed to certificates. Wouter
+ */
+struct _xmlSecMSCryptoKeyDataCtx {
+#ifndef XMLSEC_MSCRYPTO_NT4
+ HCRYPTPROV hProv;
+ BOOL fCallerFreeProv;
+ HCRYPTKEY hKey;
+#else /* XMLSEC_MSCRYPTO_NT4 */
+ struct _mscrypt_prov* p_prov ;
+ struct _mscrypt_key* p_key ;
+#endif /* XMLSEC_MSCRYPTO_NT4 */
+ PCCERT_CONTEXT pCert;
+ const xmlSecMSCryptoProviderInfo * providers;
+ DWORD dwKeySpec;
+ xmlSecKeyDataType type;
+};
+
+#ifndef XMLSEC_MSCRYPTO_NT4
+
+/******************************** Provider *****************************************/
+#define xmlSecMSCryptoKeyDataCtxGetProvider(ctx) (ctx)->hProv
+
+static void
+xmlSecMSCryptoKeyDataCtxCreateProvider(xmlSecMSCryptoKeyDataCtxPtr ctx) {
+ xmlSecAssert(ctx != NULL);
+
+ ctx->hProv = 0;
+ ctx->fCallerFreeProv = FALSE;
+}
+
+static void
+xmlSecMSCryptoKeyDataCtxDestroyProvider(xmlSecMSCryptoKeyDataCtxPtr ctx) {
+ xmlSecAssert(ctx != NULL);
+
+ if ((ctx->hProv != 0) && (ctx->fCallerFreeProv)) {
+ CryptReleaseContext(ctx->hProv, 0);
+ }
+ ctx->hProv = 0;
+ ctx->fCallerFreeProv = FALSE;
+}
+
+static void
+xmlSecMSCryptoKeyDataCtxSetProvider(xmlSecMSCryptoKeyDataCtxPtr ctx, HCRYPTPROV hProv, BOOL fCallerFreeProv)
+{
+ xmlSecAssert(ctx != NULL);
+
+ xmlSecMSCryptoKeyDataCtxDestroyProvider(ctx);
+ ctx->hProv = hProv;
+ ctx->fCallerFreeProv = fCallerFreeProv;
+}
+
+static int
+xmlSecMSCryptoKeyDataCtxDuplicateProvider(xmlSecMSCryptoKeyDataCtxPtr ctxDst, xmlSecMSCryptoKeyDataCtxPtr ctxSrc) {
+ xmlSecAssert2(ctxDst != NULL, -1);
+ xmlSecAssert2(ctxSrc != NULL, -1);
+
+ xmlSecMSCryptoKeyDataCtxDestroyProvider(ctxDst);
+
+ if(ctxSrc->hProv != 0) {
+ if(!CryptContextAddRef(ctxSrc->hProv, NULL, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptContextAddRef",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ctxDst->hProv = ctxSrc->hProv;
+ ctxDst->fCallerFreeProv = TRUE;
+ }
+ return(0);
+}
+
+
+/******************************** Key *****************************************/
+#define xmlSecMSCryptoKeyDataCtxGetKey(ctx) ((ctx)->hKey)
+
+static void
+xmlSecMSCryptoKeyDataCtxCreateKey(xmlSecMSCryptoKeyDataCtxPtr ctx) {
+ xmlSecAssert(ctx != NULL);
+
+ ctx->hKey = 0;
+}
+
+static void
+xmlSecMSCryptoKeyDataCtxDestroyKey(xmlSecMSCryptoKeyDataCtxPtr ctx) {
+ xmlSecAssert(ctx != NULL);
+
+ if (ctx->hKey != 0) {
+ CryptDestroyKey(ctx->hKey);
+ }
+ ctx->hKey = 0;
+}
+
+static void
+xmlSecMSCryptoKeyDataCtxSetKey(xmlSecMSCryptoKeyDataCtxPtr ctx, HCRYPTKEY hKey) {
+ xmlSecAssert(ctx != NULL);
+
+ xmlSecMSCryptoKeyDataCtxDestroyKey(ctx);
+ ctx->hKey = hKey;
+}
+
+static int
+xmlSecMSCryptoKeyDataCtxDuplicateKey(xmlSecMSCryptoKeyDataCtxPtr ctxDst, xmlSecMSCryptoKeyDataCtxPtr ctxSrc) {
+ xmlSecAssert2(ctxDst != NULL, -1);
+ xmlSecAssert2(ctxSrc != NULL, -1);
+
+ xmlSecMSCryptoKeyDataCtxDestroyKey(ctxDst);
+ if (ctxSrc->hKey != 0) {
+ if (!CryptDuplicateKey(ctxSrc->hKey, NULL, 0, &(ctxDst->hKey))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptDuplicateKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ return(0);
+}
+
+#else /* XMLSEC_MSCRYPTO_NT4 */
+
+/******************************** Provider *****************************************/
+#define xmlSecMSCryptoKeyDataCtxGetProvider(ctx) (((ctx)->p_prov) ? ((ctx)->p_prov->hProv) : 0)
+
+static void
+xmlSecMSCryptoKeyDataCtxCreateProvider(xmlSecMSCryptoKeyDataCtxPtr ctx) {
+ xmlSecAssert(ctx != NULL);
+
+ ctx->p_prov = (struct _mscrypt_prov*)xmlMalloc(sizeof(struct _mscrypt_prov));
+ if(ctx->p_prov == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE,
+ "mscrypt_create_prov" ,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE
+ );
+ }
+ memset(ctx->p_prov, 0, sizeof(struct _mscrypt_prov));
+}
+
+static void
+xmlSecMSCryptoKeyDataCtxDestroyProvider(xmlSecMSCryptoKeyDataCtxPtr ctx) {
+ xmlSecAssert(ctx != NULL);
+
+ if(ctx->p_prov != NULL) {
+ if(InterlockedDecrement(&(ctx->p_prov->refcnt)) <= 0) {
+ if((ctx->p_prov->hProv != 0) && (ctx->p_prov->fCallerFreeProv)) {
+ CryptReleaseContext(ctx->p_prov->hProv, 0) ;
+ }
+ memset(ctx->p_prov, 0, sizeof(struct _mscrypt_prov));
+ xmlFree(ctx->p_prov) ;
+ }
+ ctx->p_prov = NULL;
+ }
+}
+
+static void
+xmlSecMSCryptoKeyDataCtxSetProvider(xmlSecMSCryptoKeyDataCtxPtr ctx, HCRYPTPROV hProv, BOOL fCallerFreeProv)
+{
+ xmlSecAssert(ctx != NULL);
+
+ xmlSecMSCryptoKeyDataCtxDestroyProvider(ctx);
+
+ if((ctx->p_prov != NULL) && (ctx->p_prov->refcnt == 1)) {
+ if((ctx->p_prov->hProv != 0) && (ctx->p_prov->fCallerFreeProv)) {
+ CryptReleaseContext(ctx->p_prov->hProv, 0) ;
+ }
+ memset(ctx->p_prov, 0, sizeof(struct _mscrypt_prov));
+ } else {
+ xmlSecMSCryptoKeyDataCtxDestroyProvider(ctx);
+ xmlSecMSCryptoKeyDataCtxCreateProvider(ctx);
+ }
+
+ ctx->p_prov->hProv = hProv;
+ ctx->p_prov->fCallerFreeProv = fCallerFreeProv;
+ ctx->p_prov->refcnt = 1;
+}
+
+static int
+xmlSecMSCryptoKeyDataCtxDuplicateProvider(xmlSecMSCryptoKeyDataCtxPtr ctxDst, xmlSecMSCryptoKeyDataCtxPtr ctxSrc) {
+ xmlSecAssert2(ctxDst != NULL, -1);
+ xmlSecAssert2(ctxSrc != NULL, -1);
+
+ xmlSecMSCryptoKeyDataCtxDestroyProvider(ctxDst);
+
+ if (ctxSrc->p_prov != NULL) {
+ ctxDst->p_prov = ctxSrc->p_prov;
+ InterlockedIncrement(&(ctxDst->p_prov->refcnt));
+ }
+
+ return(0);
+}
+
+/******************************** Key *****************************************/
+#define xmlSecMSCryptoKeyDataCtxGetKey(ctx) (((ctx)->p_key) ? ((ctx)->p_key->hKey) : 0)
+
+static void
+xmlSecMSCryptoKeyDataCtxCreateKey(xmlSecMSCryptoKeyDataCtxPtr ctx) {
+ xmlSecAssert(ctx != NULL);
+
+ ctx->p_key = (struct _mscrypt_key*)xmlMalloc(sizeof(struct _mscrypt_key));
+ if(ctx->p_key == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE,
+ "mscrypt_create_key" ,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE
+ );
+ }
+ memset(ctx->p_key, 0, sizeof(struct _mscrypt_key));
+}
+
+static void
+xmlSecMSCryptoKeyDataCtxDestroyKey(xmlSecMSCryptoKeyDataCtxPtr ctx) {
+ xmlSecAssert(ctx != NULL);
+
+ if(ctx->p_key != NULL) {
+ if(InterlockedDecrement(&(ctx->p_key->refcnt)) <= 0) {
+ if(ctx->p_key->hKey != 0) {
+ CryptDestroyKey(ctx->p_key->hKey) ;
+ }
+ memset(ctx->p_key, 0, sizeof(struct _mscrypt_key));
+ xmlFree(ctx->p_key) ;
+ }
+ ctx->p_key = NULL;
+ }
+}
+
+static void
+xmlSecMSCryptoKeyDataCtxSetKey(xmlSecMSCryptoKeyDataCtxPtr ctx, HCRYPTKEY hKey) {
+ xmlSecAssert(ctx != NULL);
+
+ if((ctx->p_key != NULL) && (ctx->p_key->refcnt == 1)) {
+ if(ctx->p_key->hKey != 0) {
+ CryptDestroyKey(ctx->p_key->hKey) ;
+ }
+ memset(ctx->p_key, 0, sizeof(struct _mscrypt_key));
+ } else {
+ xmlSecMSCryptoKeyDataCtxDestroyKey(ctx);
+ xmlSecMSCryptoKeyDataCtxCreateKey(ctx);
+ }
+ ctx->p_key->hKey = hKey;
+ ctx->p_key->refcnt = 1;
+}
+
+static int
+xmlSecMSCryptoKeyDataCtxDuplicateKey(xmlSecMSCryptoKeyDataCtxPtr ctxDst, xmlSecMSCryptoKeyDataCtxPtr ctxSrc) {
+ xmlSecAssert2(ctxDst != NULL, -1);
+ xmlSecAssert2(ctxSrc != NULL, -1);
+
+ xmlSecMSCryptoKeyDataCtxDestroyKey(ctxDst);
+ if (ctxSrc->p_key != NULL) {
+ ctxDst->p_key = ctxSrc->p_key;
+ InterlockedIncrement(&(ctxDst->p_key->refcnt));
+ }
+
+ return(0);
+}
+
+#endif /* XMLSEC_MSCRYPTO_NT4 */
+
+/******************************** Cert *****************************************/
+#define xmlSecMSCryptoKeyDataCtxGetCert(ctx) ((ctx)->pCert)
+
+static void
+xmlSecMSCryptoKeyDataCtxCreateCert(xmlSecMSCryptoKeyDataCtxPtr ctx) {
+ xmlSecAssert(ctx != NULL);
+
+ ctx->pCert = NULL;
+}
+
+static void
+xmlSecMSCryptoKeyDataCtxDestroyCert(xmlSecMSCryptoKeyDataCtxPtr ctx) {
+ xmlSecAssert(ctx != NULL);
+
+ if(ctx->pCert != NULL) {
+ CertFreeCertificateContext(ctx->pCert);
+ }
+ ctx->pCert = NULL;
+}
+
+static void
+xmlSecMSCryptoKeyDataCtxSetCert(xmlSecMSCryptoKeyDataCtxPtr ctx, PCCERT_CONTEXT pCert) {
+ xmlSecAssert(ctx != NULL);
+
+ xmlSecMSCryptoKeyDataCtxDestroyCert(ctx);
+ ctx->pCert = pCert;
+}
+
+static int
+xmlSecMSCryptoKeyDataCtxDuplicateCert(xmlSecMSCryptoKeyDataCtxPtr ctxDst, xmlSecMSCryptoKeyDataCtxPtr ctxSrc) {
+ xmlSecAssert2(ctxDst != NULL, -1);
+ xmlSecAssert2(ctxSrc != NULL, -1);
+
+ xmlSecMSCryptoKeyDataCtxDestroyCert(ctxDst);
+ if(ctxSrc->pCert != NULL) {
+ ctxDst->pCert = xmlSecMSCryptoCertDup(ctxSrc->pCert);
+ if(ctxDst->pCert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoPCCDup",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ return(0);
+}
+
+/******************************************************************************
+ *
+ * xmlSecMSCryptoKeyDataCtx is located after xmlSecTransform
+ *
+ *****************************************************************************/
+#define xmlSecMSCryptoKeyDataSize \
+ (sizeof(xmlSecKeyData) + sizeof(xmlSecMSCryptoKeyDataCtx))
+#define xmlSecMSCryptoKeyDataGetCtx(data) \
+ ((xmlSecMSCryptoKeyDataCtxPtr)(((xmlSecByte*)(data)) + sizeof(xmlSecKeyData)))
+
+static int xmlSecMSCryptoKeyDataDuplicate (xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src);
+static void xmlSecMSCryptoKeyDataFinalize (xmlSecKeyDataPtr data);
+static int xmlSecMSCryptoKeyDataGetSize (xmlSecKeyDataPtr data);
+
+/**
+ * xmlSecMSCryptoKeyDataAdoptCert:
+ * @data: the pointer to MSCrypto pccert data.
+ * @pCert: the pointer to PCCERT key.
+ *
+ * Sets the value of key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+static int
+xmlSecMSCryptoKeyDataAdoptCert(xmlSecKeyDataPtr data, PCCERT_CONTEXT pCert, xmlSecKeyDataType type) {
+ xmlSecMSCryptoKeyDataCtxPtr ctx;
+ HCRYPTKEY hKey = 0;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecMSCryptoKeyDataSize), -1);
+ xmlSecAssert2(pCert != NULL, -1);
+ xmlSecAssert2(pCert->pCertInfo != NULL, -1);
+ xmlSecAssert2((type & (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) != 0, -1);
+
+ ctx = xmlSecMSCryptoKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ xmlSecMSCryptoKeyDataCtxDestroyProvider(ctx);
+ xmlSecMSCryptoKeyDataCtxDestroyKey(ctx);
+ xmlSecMSCryptoKeyDataCtxDestroyCert(ctx);
+
+ ctx->type = type;
+
+ /* Now we acquire a context for this key(pair). The context is needed
+ * for the real crypto stuff in MS Crypto.
+ */
+ if((type & xmlSecKeyDataTypePrivate) != 0){
+ HCRYPTPROV hProv = 0;
+ BOOL fCallerFreeProv = FALSE;
+
+ if (!CryptAcquireCertificatePrivateKey(pCert,
+ CRYPT_ACQUIRE_SILENT_FLAG | CRYPT_ACQUIRE_COMPARE_KEY_FLAG,
+ NULL,
+ &hProv,
+ &(ctx->dwKeySpec),
+ &fCallerFreeProv)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptAcquireCertificatePrivateKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ xmlSecMSCryptoKeyDataCtxSetProvider(ctx, hProv, fCallerFreeProv);
+ } else if((type & xmlSecKeyDataTypePublic) != 0){
+ HCRYPTPROV hProv;
+
+ hProv = xmlSecMSCryptoFindProvider(ctx->providers, NULL, CRYPT_VERIFYCONTEXT, FALSE);
+ if (hProv == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoFindProvider",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ xmlSecMSCryptoKeyDataCtxSetProvider(ctx, hProv, TRUE);
+ ctx->dwKeySpec = 0;
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "Unsupported keytype");
+ return(-1);
+ }
+
+ /* CryptImportPublicKeyInfo is only needed when a real key handle
+ * is needed. The key handle is needed for de/encrypting and for
+ * verifying of a signature, *not* for signing. We could call
+ * CryptImportPublicKeyInfo in xmlSecMSCryptoKeyDataGetKey instead
+ * so no unnessecary calls to CryptImportPublicKeyInfo are being
+ * made. WK
+ */
+ if(!CryptImportPublicKeyInfo(xmlSecMSCryptoKeyDataCtxGetProvider(ctx),
+ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+ &(pCert->pCertInfo->SubjectPublicKeyInfo),
+ &hKey)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptImportPublicKeyInfo",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ xmlSecMSCryptoKeyDataCtxSetKey(ctx, hKey);
+ xmlSecMSCryptoKeyDataCtxSetCert(ctx, pCert);
+ return(0);
+}
+
+static int
+xmlSecMSCryptoKeyDataAdoptKey(xmlSecKeyDataPtr data,
+ HCRYPTPROV hProv,
+ BOOL fCallerFreeProv,
+ HCRYPTKEY hKey,
+ DWORD dwKeySpec,
+ xmlSecKeyDataType type) {
+ xmlSecMSCryptoKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecMSCryptoKeyDataSize), -1);
+ xmlSecAssert2(hKey != 0, -1);
+ xmlSecAssert2(type & (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate), -1);
+
+ ctx = xmlSecMSCryptoKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ xmlSecMSCryptoKeyDataCtxSetProvider(ctx, hProv, fCallerFreeProv);
+ xmlSecMSCryptoKeyDataCtxSetKey(ctx, hKey);
+ xmlSecMSCryptoKeyDataCtxSetCert(ctx, NULL);
+
+ ctx->dwKeySpec = dwKeySpec;
+ ctx->type = type;
+
+ return(0);
+}
+
+/**
+ * xmlSecMSCryptoKeyDataGetKey:
+ * @data: the key data to retrieve certificate from.
+ * @type: type of key requested (public/private)
+ *
+ * Native MSCrypto key retrieval from xmlsec keydata. The
+ * returned HKEY must not be destroyed by the caller.
+ *
+ * Returns: HKEY on success or NULL otherwise.
+ */
+HCRYPTKEY
+xmlSecMSCryptoKeyDataGetKey(xmlSecKeyDataPtr data, xmlSecKeyDataType type) {
+ xmlSecMSCryptoKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), 0);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecMSCryptoKeyDataSize), 0);
+
+ ctx = xmlSecMSCryptoKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, 0);
+
+ return(xmlSecMSCryptoKeyDataCtxGetKey(ctx));
+}
+
+/**
+ * xmlSecMSCryptoKeyDataGetDecryptKey:
+ * @data: the key data pointer
+ *
+ * Native MSCrypto decrypt key retrieval from xmlsec keydata. The
+ * returned HKEY must not be destroyed by the caller.
+ *
+ * Returns: HKEY on success or NULL otherwise.
+ */
+HCRYPTKEY
+xmlSecMSCryptoKeyDataGetDecryptKey(xmlSecKeyDataPtr data) {
+ xmlSecMSCryptoKeyDataCtxPtr ctx;
+ HCRYPTKEY hKey;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), 0);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecMSCryptoKeyDataSize), 0);
+
+ ctx = xmlSecMSCryptoKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, 0);
+
+ if( !CryptGetUserKey(xmlSecMSCryptoKeyDataCtxGetProvider(ctx), AT_KEYEXCHANGE, &(hKey))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGetUserKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(0);
+ }
+ return (hKey);
+}
+
+/**
+ * xmlSecMSCryptoKeyDataGetCert:
+ * @data: the key data to retrieve certificate from.
+ *
+ * Native MSCrypto certificate retrieval from xmlsec keydata. The
+ * returned PCCERT_CONTEXT must not be released by the caller.
+ *
+ * Returns: PCCERT_CONTEXT on success or NULL otherwise.
+ */
+PCCERT_CONTEXT
+xmlSecMSCryptoKeyDataGetCert(xmlSecKeyDataPtr data) {
+ xmlSecMSCryptoKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), 0);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecMSCryptoKeyDataSize), 0);
+
+ ctx = xmlSecMSCryptoKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, 0);
+
+ return(xmlSecMSCryptoKeyDataCtxGetCert(ctx));
+}
+
+/**
+ * xmlSecMSCryptoKeyDataGetMSCryptoProvider:
+ * @data: the key data
+ *
+ * Gets crypto provider handle
+ *
+ * Returns: the crypto provider handler or 0 if there is an error.
+ */
+HCRYPTPROV
+xmlSecMSCryptoKeyDataGetMSCryptoProvider(xmlSecKeyDataPtr data) {
+ xmlSecMSCryptoKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), 0);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecMSCryptoKeyDataSize), 0);
+
+ ctx = xmlSecMSCryptoKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, 0);
+
+ return(xmlSecMSCryptoKeyDataCtxGetProvider(ctx));
+}
+
+/**
+ * xmlSecMSCryptoKeyDataGetMSCryptoKeySpec:
+ * @data: the key data
+ *
+ * Gets key spec info.
+ *
+ * Returns: the key spec info from key data
+ */
+DWORD
+xmlSecMSCryptoKeyDataGetMSCryptoKeySpec(xmlSecKeyDataPtr data) {
+ xmlSecMSCryptoKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), 0);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecMSCryptoKeyDataSize), 0);
+
+ ctx = xmlSecMSCryptoKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, 0);
+
+ return(ctx->dwKeySpec);
+}
+
+static int
+xmlSecMSCryptoKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecMSCryptoKeyDataCtxPtr ctxDst;
+ xmlSecMSCryptoKeyDataCtxPtr ctxSrc;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(dst), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecMSCryptoKeyDataSize), -1);
+ xmlSecAssert2(xmlSecKeyDataIsValid(src), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecMSCryptoKeyDataSize), -1);
+
+ ctxDst = xmlSecMSCryptoKeyDataGetCtx(dst);
+ xmlSecAssert2(ctxDst != NULL, -1);
+
+ ctxSrc = xmlSecMSCryptoKeyDataGetCtx(src);
+ xmlSecAssert2(ctxSrc != NULL, -1);
+
+ if(xmlSecMSCryptoKeyDataCtxDuplicateProvider(ctxDst, ctxSrc) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "xmlSecMSCryptoKeyDataCtxDuplicateProvider",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if(xmlSecMSCryptoKeyDataCtxDuplicateKey(ctxDst, ctxSrc) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "xmlSecMSCryptoKeyDataCtxDuplicateKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if(xmlSecMSCryptoKeyDataCtxDuplicateCert(ctxDst, ctxSrc) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "xmlSecMSCryptoKeyDataCtxDuplicateCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ctxDst->dwKeySpec = ctxSrc->dwKeySpec;
+ ctxDst->providers = ctxSrc->providers;
+ ctxDst->type = ctxSrc->type;
+
+ return(0);
+}
+
+static void
+xmlSecMSCryptoKeyDataInitialize(xmlSecKeyDataPtr data) {
+ xmlSecMSCryptoKeyDataCtxPtr ctx;
+
+ xmlSecAssert(xmlSecKeyDataIsValid(data));
+ xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecMSCryptoKeyDataSize));
+
+ ctx = xmlSecMSCryptoKeyDataGetCtx(data);
+ xmlSecAssert(ctx != NULL);
+
+ memset(ctx, 0, sizeof(xmlSecMSCryptoKeyDataCtx));
+
+ xmlSecMSCryptoKeyDataCtxCreateProvider(ctx);
+ xmlSecMSCryptoKeyDataCtxCreateKey(ctx);
+ xmlSecMSCryptoKeyDataCtxCreateCert(ctx);
+}
+
+static void
+xmlSecMSCryptoKeyDataFinalize(xmlSecKeyDataPtr data) {
+ xmlSecMSCryptoKeyDataCtxPtr ctx;
+
+ xmlSecAssert(xmlSecKeyDataIsValid(data));
+ xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecMSCryptoKeyDataSize));
+
+ ctx = xmlSecMSCryptoKeyDataGetCtx(data);
+ xmlSecAssert(ctx != NULL);
+
+ xmlSecMSCryptoKeyDataCtxDestroyKey(ctx);
+ xmlSecMSCryptoKeyDataCtxDestroyCert(ctx);
+ xmlSecMSCryptoKeyDataCtxDestroyProvider(ctx);
+
+ memset(ctx, 0, sizeof(xmlSecMSCryptoKeyDataCtx));
+}
+
+static int
+xmlSecMSCryptoKeyDataGetSize(xmlSecKeyDataPtr data) {
+ xmlSecMSCryptoKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), 0);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecMSCryptoKeyDataSize), 0);
+
+ ctx = xmlSecMSCryptoKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, 0);
+
+ if(xmlSecMSCryptoKeyDataCtxGetCert(ctx) != NULL) {
+ xmlSecAssert2(xmlSecMSCryptoKeyDataCtxGetCert(ctx)->pCertInfo != NULL, 0);
+ return (CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+ &(xmlSecMSCryptoKeyDataCtxGetCert(ctx)->pCertInfo->SubjectPublicKeyInfo)));
+ } else if (xmlSecMSCryptoKeyDataCtxGetKey(ctx) != 0) {
+ DWORD length = 0;
+ DWORD lenlen = sizeof(DWORD);
+
+ if (!CryptGetKeyParam(xmlSecMSCryptoKeyDataCtxGetKey(ctx), KP_KEYLEN, (BYTE *)&length, &lenlen, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertDuplicateCertificateContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(0);
+ }
+ return(length);
+ }
+
+ return (0);
+}
+
+static xmlSecKeyDataType
+xmlSecMSCryptoKeyDataGetType(xmlSecKeyDataPtr data) {
+ xmlSecMSCryptoKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), xmlSecKeyDataTypeUnknown);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecMSCryptoKeyDataSize), xmlSecKeyDataTypeUnknown);
+
+ ctx = xmlSecMSCryptoKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, xmlSecKeyDataTypeUnknown);
+
+ /* We could make a call to CryptFindCertificateKeyProvInfo here, to find out if
+ * we *really* have a private key or not. However if the certificate is not
+ * linked to a private key, the call takes an ridiculous amount of time.
+ * the way it is now is better I think. WK.
+ */
+ return(ctx->type);
+}
+
+/**
+ * xmlSecMSCryptoCertDup:
+ * @pCert: the pointer to cert.
+ *
+ * Duplicates the @pCert.
+ *
+ * Returns: pointer to newly created PCCERT_CONTEXT object or
+ * NULL if an error occurs.
+ */
+PCCERT_CONTEXT xmlSecMSCryptoCertDup(PCCERT_CONTEXT pCert) {
+ PCCERT_CONTEXT ret;
+
+ xmlSecAssert2(pCert != NULL, NULL);
+
+ ret = CertDuplicateCertificateContext(pCert);
+ if(ret == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertDuplicateCertificateContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ return(ret);
+}
+
+
+/**
+ * xmlSecMSCryptoCertAdopt:
+ * @pCert: the pointer to cert.
+ * @type: the expected key type.
+ *
+ * Creates key data value from the cert.
+ *
+ * Returns: pointer to newly created xmlsec key or NULL if an error occurs.
+ */
+xmlSecKeyDataPtr
+xmlSecMSCryptoCertAdopt(PCCERT_CONTEXT pCert, xmlSecKeyDataType type) {
+ xmlSecKeyDataPtr data = NULL;
+ int ret;
+
+ xmlSecAssert2(pCert != NULL, NULL);
+ xmlSecAssert2(pCert->pCertInfo != NULL, NULL);
+ xmlSecAssert2(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId != NULL, NULL);
+
+#ifndef XMLSEC_NO_RSA
+ if (!strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_RSA_RSA)) {
+ data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataRsaId);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecMSCryptoDataRsaId");
+ return(NULL);
+ }
+ }
+#endif /* XMLSEC_NO_RSA */
+
+#ifndef XMLSEC_NO_DSA
+ if (!strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_X957_DSA /*szOID_DSALG_SIGN*/)) {
+ data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataDsaId);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecMSCryptoKeyDataDsaId");
+ return(NULL);
+ }
+ }
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_GOST
+ if (!strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_MAGPRO_PUBKEY_SIGN_R3410_2001_CP) ||
+ !strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_MAGPRO_PUBKEY_SIGN_R3410_2001) ||
+ !strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_MAGPRO_PUBKEY_SIGN_R3410_94_CP)) {
+ data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataGost2001Id);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecMSCryptoKeyDataGost2001Id");
+ return(NULL);
+ }
+ }
+#endif /* XMLSEC_NO_GOST*/
+
+ if (NULL == data) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TYPE,
+ "PCCERT_CONTEXT key type %s not supported", pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId);
+ return(NULL);
+ }
+
+ xmlSecAssert2(data != NULL, NULL);
+
+ ret = xmlSecMSCryptoKeyDataAdoptCert(data, pCert, type);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoPCCDataAdoptPCC",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ return(NULL);
+ }
+ return(data);
+}
+
+
+#ifndef XMLSEC_NO_RSA
+/**************************************************************************
+ *
+ * <dsig:RSAKeyValue> processing
+ *
+ * http://www.w3.org/TR/xmldsig-core/#sec-RSAKeyValue
+ * The RSAKeyValue Element
+ *
+ * RSA key values have two fields: Modulus and Exponent.
+ *
+ * <RSAKeyValue>
+ * <Modulus>xA7SEU+e0yQH5rm9kbCDN9o3aPIo7HbP7tX6WOocLZAtNfyxSZDU16ksL6W
+ * jubafOqNEpcwR3RdFsT7bCqnXPBe5ELh5u4VEy19MzxkXRgrMvavzyBpVRgBUwUlV
+ * 5foK5hhmbktQhyNdy/6LpQRhDUDsTvK+g9Ucj47es9AQJ3U=
+ * </Modulus>
+ * <Exponent>AQAB</Exponent>
+ * </RSAKeyValue>
+ *
+ * Arbitrary-length integers (e.g. "bignums" such as RSA moduli) are
+ * represented in XML as octet strings as defined by the ds:CryptoBinary type.
+ *
+ * Schema Definition:
+ *
+ * <element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
+ * <complexType name="RSAKeyValueType">
+ * <sequence>
+ * <element name="Modulus" type="ds:CryptoBinary"/>
+ * <element name="Exponent" type="ds:CryptoBinary"/>
+ * </sequence>
+ * </complexType>
+ *
+ * DTD Definition:
+ *
+ * <!ELEMENT RSAKeyValue (Modulus, Exponent) >
+ * <!ELEMENT Modulus (#PCDATA) >
+ * <!ELEMENT Exponent (#PCDATA) >
+ *
+ * ============================================================================
+ *
+ *
+ *************************************************************************/
+
+static int xmlSecMSCryptoKeyDataRsaInitialize(xmlSecKeyDataPtr data);
+static int xmlSecMSCryptoKeyDataRsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src);
+static void xmlSecMSCryptoKeyDataRsaFinalize(xmlSecKeyDataPtr data);
+static int xmlSecMSCryptoKeyDataRsaXmlRead(xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoKeyDataRsaXmlWrite(xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoKeyDataRsaGenerate(xmlSecKeyDataPtr data,
+ xmlSecSize sizeBits,
+ xmlSecKeyDataType type);
+
+static xmlSecKeyDataType xmlSecMSCryptoKeyDataRsaGetType(xmlSecKeyDataPtr data);
+static xmlSecSize xmlSecMSCryptoKeyDataRsaGetSize(xmlSecKeyDataPtr data);
+static void xmlSecMSCryptoKeyDataRsaDebugDump(xmlSecKeyDataPtr data, FILE* output);
+static void xmlSecMSCryptoKeyDataRsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output);
+
+static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRsaKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecMSCryptoKeyDataSize,
+
+ /* data */
+ xmlSecNameRSAKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefRSAKeyValue, /* const xmlChar* href; */
+ xmlSecNodeRSAKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecMSCryptoKeyDataRsaInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecMSCryptoKeyDataRsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecMSCryptoKeyDataRsaFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecMSCryptoKeyDataRsaGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecMSCryptoKeyDataRsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecMSCryptoKeyDataRsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecMSCryptoKeyDataRsaXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecMSCryptoKeyDataRsaXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecMSCryptoKeyDataRsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecMSCryptoKeyDataRsaDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/* Ordered list of providers to search for algorithm implementation using
+ * xmlSecMSCryptoFindProvider() function
+ *
+ * MUST END with { NULL, 0 } !!!
+ */
+static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Rsa[] = {
+ { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV, PROV_RSA_AES},
+ { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_PROTOTYPE, PROV_RSA_AES },
+ { MS_STRONG_PROV, PROV_RSA_FULL },
+ { MS_ENHANCED_PROV, PROV_RSA_FULL },
+ { MS_DEF_PROV, PROV_RSA_FULL },
+ { NULL, 0 }
+};
+
+/**
+ * xmlSecMSCryptoKeyDataRsaGetKlass:
+ *
+ * The MSCrypto RSA CertKey data klass.
+ *
+ * Returns: pointer to MSCrypto RSA key data klass.
+ */
+xmlSecKeyDataId
+xmlSecMSCryptoKeyDataRsaGetKlass(void) {
+ return(&xmlSecMSCryptoKeyDataRsaKlass);
+}
+
+static int
+xmlSecMSCryptoKeyDataRsaInitialize(xmlSecKeyDataPtr data) {
+ xmlSecMSCryptoKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataRsaId), xmlSecKeyDataTypeUnknown);
+
+ xmlSecMSCryptoKeyDataInitialize(data);
+
+ ctx = xmlSecMSCryptoKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ ctx->providers = xmlSecMSCryptoProviderInfo_Rsa;
+ return(0);
+}
+
+static int
+xmlSecMSCryptoKeyDataRsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecMSCryptoKeyDataRsaId), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecMSCryptoKeyDataRsaId), -1);
+
+ return(xmlSecMSCryptoKeyDataDuplicate(dst, src));
+}
+
+static void
+xmlSecMSCryptoKeyDataRsaFinalize(xmlSecKeyDataPtr data) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataRsaId));
+
+ xmlSecMSCryptoKeyDataFinalize(data);
+}
+
+static int
+xmlSecMSCryptoKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecBn modulus, exponent;
+ xmlSecBuffer blob;
+ unsigned int blobBufferLen;
+ PUBLICKEYSTRUC* pubKeyStruc = NULL;
+ RSAPUBKEY* pubKey = NULL;
+ xmlSecByte* modulusBlob = NULL;
+ xmlSecKeyDataPtr data = NULL;
+ HCRYPTPROV hProv = 0;
+ HCRYPTKEY hKey = 0;
+ xmlNodePtr cur;
+ int res = -1;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecMSCryptoKeyDataRsaId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ if(xmlSecKeyGetValue(key) != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA,
+ "key already has a value");
+ return(-1);
+ }
+
+ /* initialize buffers */
+ ret = xmlSecBnInitialize(&modulus, 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBnInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "modulus");
+ return(-1);
+ }
+
+ ret = xmlSecBnInitialize(&exponent, 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBnInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "exponent");
+ xmlSecBnFinalize(&modulus);
+ return(-1);
+ }
+
+ ret = xmlSecBufferInitialize(&blob, 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "blob");
+ xmlSecBnFinalize(&modulus);
+ xmlSecBnFinalize(&exponent);
+ return(-1);
+ }
+
+ /* read xml */
+ cur = xmlSecGetNextElementNode(node->children);
+
+ /* first is Modulus node. It is REQUIRED because we do not support Seed and PgenCounter*/
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAModulus, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ goto done;
+ }
+
+ ret = xmlSecBnGetNodeValue(&modulus, cur, xmlSecBnBase64, 1);
+ if((ret < 0) || (xmlSecBnGetSize(&modulus) == 0)){
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnGetNodeValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ /* next is Exponent node. It is REQUIRED because we do not support Seed and PgenCounter*/
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAExponent, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ goto done;
+ }
+ ret = xmlSecBnGetNodeValue(&exponent, cur, xmlSecBnBase64, 1);
+ if((ret < 0) || (xmlSecBnGetSize(&exponent) == 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnGetNodeValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeRSAPrivateExponent, xmlSecNs))) {
+ /* next is X node. It is REQUIRED for private key but
+ * MSCrypto does not support it. We just ignore it */
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "no nodes expected");
+ goto done;
+ }
+
+ /* Now try to create the key */
+ blobBufferLen = sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY) + xmlSecBnGetSize(&modulus);
+ ret = xmlSecBufferSetSize(&blob, blobBufferLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", blobBufferLen);
+ goto done;
+ }
+
+ /* Set the PUBLICKEYSTRUC */
+ pubKeyStruc = (PUBLICKEYSTRUC *)xmlSecBufferGetData(&blob);
+ pubKeyStruc->bType = PUBLICKEYBLOB;
+ pubKeyStruc->bVersion = 0x02;
+ pubKeyStruc->reserved = 0;
+ pubKeyStruc->aiKeyAlg = CALG_RSA_KEYX | CALG_RSA_SIGN;
+
+ /* Set the public key header */
+ pubKey = (RSAPUBKEY*) (xmlSecBufferGetData(&blob) + sizeof(PUBLICKEYSTRUC));
+ pubKey->magic = 0x31415352; /* == RSA1 public */
+ pubKey->bitlen = xmlSecBnGetSize(&modulus) * 8; /* Number of bits in prime modulus */
+ pubKey->pubexp = 0;
+ if(sizeof(pubKey->pubexp) < xmlSecBnGetSize(&exponent)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "exponent size=%d",
+ xmlSecBnGetSize(&exponent));
+ goto done;
+ }
+ xmlSecAssert2(xmlSecBnGetData(&exponent) != NULL, -1);
+ memcpy(&(pubKey->pubexp), xmlSecBnGetData(&exponent), xmlSecBnGetSize(&exponent));
+
+ modulusBlob = (xmlSecByte*) (xmlSecBufferGetData(&blob) + sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY));
+ xmlSecAssert2(xmlSecBnGetData(&modulus) != NULL, -1);
+ memcpy(modulusBlob, xmlSecBnGetData(&modulus), xmlSecBnGetSize(&modulus));
+
+ /* Now that we have the blob, import */
+ hProv = xmlSecMSCryptoFindProvider(xmlSecMSCryptoProviderInfo_Rsa, NULL, CRYPT_VERIFYCONTEXT, TRUE);
+ if(hProv == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecMSCryptoFindProvider",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ if (!CryptImportKey(hProv, xmlSecBufferGetData(&blob), xmlSecBufferGetSize(&blob), 0, 0, &hKey)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "CryptImportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ data = xmlSecKeyDataCreate(id);
+ if(data == NULL ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, 0, xmlSecKeyDataTypePublic);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecMSCryptoKeyDataAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ hProv = 0;
+ hKey = 0;
+
+ ret = xmlSecKeySetValue(key, data);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ goto done;
+ }
+ data = NULL;
+
+ /* success */
+ res = 0;
+
+done:
+ if (hProv == 0) {
+ CryptReleaseContext(hProv, 0);
+ }
+ if (hKey != 0) {
+ CryptDestroyKey(hKey);
+ }
+ if (data != 0) {
+ xmlSecKeyDataDestroy(data);
+ }
+
+ xmlSecBnFinalize(&modulus);
+ xmlSecBnFinalize(&exponent);
+ xmlSecBufferFinalize(&blob);
+ return(res);
+}
+
+static int
+xmlSecMSCryptoKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecMSCryptoKeyDataCtxPtr ctx;
+ xmlSecBuffer buf;
+ DWORD dwBlobLen;
+ xmlSecByte* blob;
+ PUBLICKEYSTRUC* pubKeyStruc;
+ RSAPUBKEY *pubKey;
+ xmlSecSize modulusLen, exponentLen;
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecMSCryptoKeyDataRsaId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecMSCryptoKeyDataRsaId), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key));
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(xmlSecMSCryptoKeyDataCtxGetKey(ctx) != 0, -1);
+
+ if (!CryptExportKey(xmlSecMSCryptoKeyDataCtxGetKey(ctx), 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "CryptExportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecBufferInitialize(&buf, dwBlobLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%ld", dwBlobLen);
+ return(-1);
+ }
+
+ blob = xmlSecBufferGetData(&buf);
+ if (!CryptExportKey(xmlSecMSCryptoKeyDataCtxGetKey(ctx), 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "CryptExportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+ if (dwBlobLen < sizeof(PUBLICKEYSTRUC)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "blobLen=%ld", dwBlobLen);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+
+ /* check PUBLICKEYSTRUC */
+ pubKeyStruc = (PUBLICKEYSTRUC*)blob;
+ if(pubKeyStruc->bVersion != 0x02) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptExportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "pubKeyStruc->bVersion=%d", pubKeyStruc->bVersion);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+ if(pubKeyStruc->bType != PUBLICKEYBLOB) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptExportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "pubKeyStruc->bType=%d", (int)pubKeyStruc->bType);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+
+ /* check RSAPUBKEY */
+ pubKey = (RSAPUBKEY *)(blob + sizeof(PUBLICKEYSTRUC));
+ if(pubKey->magic != 0x31415352) { /* RSA public key magic */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptExportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "pubKey->magic=0x%08lx", pubKey->magic);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+ modulusLen = pubKey->bitlen / 8;
+
+ if (dwBlobLen < sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY) + modulusLen) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "blobLen=%ld; modulusLen=%d", dwBlobLen, modulusLen);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+ blob += sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY);
+
+ /* first is Modulus node */
+ cur = xmlSecAddChild(node, xmlSecNodeRSAModulus, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+
+ ret = xmlSecBnBlobSetNodeValue(blob, modulusLen, cur, xmlSecBnBase64, 1, 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBnBlobSetNodeValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+
+ /* next is Exponent node. */
+ cur = xmlSecAddChild(node, xmlSecNodeRSAExponent, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+
+ /* Remove leading zero's (from least significant end) */
+ blob = (xmlSecByte*)(&(pubKey->pubexp));
+ exponentLen = sizeof(pubKey->pubexp);
+ while (exponentLen > 0 && blob[exponentLen - 1] == 0) {
+ exponentLen--;
+ }
+
+ ret = xmlSecBnBlobSetNodeValue(blob, exponentLen, cur, xmlSecBnBase64, 1, 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBnBlobSetNodeValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+
+ /* next is PrivateExponent node: not supported in MSCrypto */
+
+ xmlSecBufferFinalize(&buf);
+ return(0);
+}
+
+static int
+xmlSecMSCryptoKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits,
+ xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+ xmlSecMSCryptoKeyDataCtxPtr ctx;
+ HCRYPTPROV hProv = 0;
+ HCRYPTKEY hKey = 0;
+ DWORD dwKeySpec;
+ DWORD dwSize;
+ int res = -1;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), xmlSecKeyDataTypeUnknown);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecMSCryptoKeyDataSize), xmlSecKeyDataTypeUnknown);
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataRsaId), -1);
+ xmlSecAssert2(sizeBits > 0, -1);
+
+ ctx = xmlSecMSCryptoKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ /* get provider */
+ hProv = xmlSecMSCryptoFindProvider(ctx->providers, NULL, CRYPT_VERIFYCONTEXT, TRUE);
+ if(hProv == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoFindProvider",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ dwKeySpec = AT_KEYEXCHANGE | AT_SIGNATURE;
+ dwSize = ((sizeBits << 16) | CRYPT_EXPORTABLE);
+ if (!CryptGenKey(hProv, CALG_RSA_SIGN, dwSize, &hKey)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "CryptGenKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, dwKeySpec,
+ xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoKeyDataAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ hProv = 0;
+ hKey = 0;
+
+ /* success */
+ res = 0;
+
+done:
+ if (hProv != 0) {
+ CryptReleaseContext(hProv, 0);
+ }
+
+ if (hKey != 0) {
+ CryptDestroyKey(hKey);
+ }
+
+ return(res);
+}
+
+static xmlSecKeyDataType
+xmlSecMSCryptoKeyDataRsaGetType(xmlSecKeyDataPtr data) {
+ return(xmlSecMSCryptoKeyDataGetType(data));
+}
+
+static xmlSecSize
+xmlSecMSCryptoKeyDataRsaGetSize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataRsaId), 0);
+
+ return (xmlSecMSCryptoKeyDataGetSize(data));
+}
+
+static void
+xmlSecMSCryptoKeyDataRsaDebugDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataRsaId));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "=== rsa key: size = %d\n",
+ xmlSecMSCryptoKeyDataRsaGetSize(data));
+}
+
+static void xmlSecMSCryptoKeyDataRsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataRsaId));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "<RSAKeyValue size=\"%d\" />\n",
+ xmlSecMSCryptoKeyDataRsaGetSize(data));
+}
+
+#endif /* XMLSEC_NO_RSA */
+
+#ifndef XMLSEC_NO_DSA
+/**************************************************************************
+ *
+ * <dsig:DSAKeyValue> processing
+ *
+ *
+ * The DSAKeyValue Element (http://www.w3.org/TR/xmldsig-core/#sec-DSAKeyValue)
+ *
+ * DSA keys and the DSA signature algorithm are specified in [DSS].
+ * DSA public key values can have the following fields:
+ *
+ * * P - a prime modulus meeting the [DSS] requirements
+ * * Q - an integer in the range 2**159 < Q < 2**160 which is a prime
+ * divisor of P-1
+ * * G - an integer with certain properties with respect to P and Q
+ * * Y - G**X mod P (where X is part of the private key and not made
+ * public)
+ * * J - (P - 1) / Q
+ * * seed - a DSA prime generation seed
+ * * pgenCounter - a DSA prime generation counter
+ *
+ * Parameter J is available for inclusion solely for efficiency as it is
+ * calculatable from P and Q. Parameters seed and pgenCounter are used in the
+ * DSA prime number generation algorithm specified in [DSS]. As such, they are
+ * optional but must either both be present or both be absent. This prime
+ * generation algorithm is designed to provide assurance that a weak prime is
+ * not being used and it yields a P and Q value. Parameters P, Q, and G can be
+ * public and common to a group of users. They might be known from application
+ * context. As such, they are optional but P and Q must either both appear or
+ * both be absent. If all of P, Q, seed, and pgenCounter are present,
+ * implementations are not required to check if they are consistent and are
+ * free to use either P and Q or seed and pgenCounter. All parameters are
+ * encoded as base64 [MIME] values.
+ *
+ * Arbitrary-length integers (e.g. "bignums" such as RSA moduli) are
+ * represented in XML as octet strings as defined by the ds:CryptoBinary type.
+ *
+ * Schema Definition:
+ *
+ * <element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
+ * <complexType name="DSAKeyValueType">
+ * <sequence>
+ * <sequence minOccurs="0">
+ * <element name="P" type="ds:CryptoBinary"/>
+ * <element name="Q" type="ds:CryptoBinary"/>
+ * </sequence>
+ * <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
+ * <element name="Y" type="ds:CryptoBinary"/>
+ * <element name="J" type="ds:CryptoBinary" minOccurs="0"/>
+ * <sequence minOccurs="0">
+ * <element name="Seed" type="ds:CryptoBinary"/>
+ * <element name="PgenCounter" type="ds:CryptoBinary"/>
+ * </sequence>
+ * </sequence>
+ * </complexType>
+ *
+ * DTD Definition:
+ *
+ * <!ELEMENT DSAKeyValue ((P, Q)?, G?, Y, J?, (Seed, PgenCounter)?) >
+ * <!ELEMENT P (#PCDATA) >
+ * <!ELEMENT Q (#PCDATA) >
+ * <!ELEMENT G (#PCDATA) >
+ * <!ELEMENT Y (#PCDATA) >
+ * <!ELEMENT J (#PCDATA) >
+ * <!ELEMENT Seed (#PCDATA) >
+ * <!ELEMENT PgenCounter (#PCDATA) >
+ *
+ * ============================================================================
+ *
+ * To support reading/writing private keys an X element added (before Y).
+ * todo: The current implementation does not support Seed and PgenCounter!
+ * by this the P, Q and G are *required*!
+ *
+ *************************************************************************/
+static int xmlSecMSCryptoKeyDataDsaInitialize(xmlSecKeyDataPtr data);
+static int xmlSecMSCryptoKeyDataDsaDuplicate(xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecMSCryptoKeyDataDsaFinalize(xmlSecKeyDataPtr data);
+static int xmlSecMSCryptoKeyDataDsaXmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoKeyDataDsaXmlWrite(xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoKeyDataDsaGenerate(xmlSecKeyDataPtr data,
+ xmlSecSize sizeBits,
+ xmlSecKeyDataType type);
+
+static xmlSecKeyDataType xmlSecMSCryptoKeyDataDsaGetType(xmlSecKeyDataPtr data);
+static xmlSecSize xmlSecMSCryptoKeyDataDsaGetSize(xmlSecKeyDataPtr data);
+static void xmlSecMSCryptoKeyDataDsaDebugDump(xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecMSCryptoKeyDataDsaDebugXmlDump(xmlSecKeyDataPtr data,
+ FILE* output);
+
+static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDsaKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecMSCryptoKeyDataSize,
+
+ /* data */
+ xmlSecNameDSAKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefDSAKeyValue, /* const xmlChar* href; */
+ xmlSecNodeDSAKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecMSCryptoKeyDataDsaInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecMSCryptoKeyDataDsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecMSCryptoKeyDataDsaFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecMSCryptoKeyDataDsaGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecMSCryptoKeyDataDsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecMSCryptoKeyDataDsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecMSCryptoKeyDataDsaXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecMSCryptoKeyDataDsaXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecMSCryptoKeyDataDsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecMSCryptoKeyDataDsaDebugXmlDump,/* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/* Ordered list of providers to search for algorithm implementation using
+ * xmlSecMSCryptoFindProvider() function
+ *
+ * MUST END with { NULL, 0 } !!!
+ */
+static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Dss[] = {
+ { MS_DEF_DSS_PROV, PROV_DSS },
+ { NULL, 0 }
+};
+
+
+/**
+ * xmlSecMSCryptoKeyDataDsaGetKlass:
+ *
+ * The DSA key data klass.
+ *
+ * Returns: pointer to DSA key data klass.
+ */
+xmlSecKeyDataId
+xmlSecMSCryptoKeyDataDsaGetKlass(void) {
+ return(&xmlSecMSCryptoKeyDataDsaKlass);
+}
+
+
+static int
+xmlSecMSCryptoKeyDataDsaInitialize(xmlSecKeyDataPtr data) {
+ xmlSecMSCryptoKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataDsaId), xmlSecKeyDataTypeUnknown);
+
+ xmlSecMSCryptoKeyDataInitialize(data);
+
+ ctx = xmlSecMSCryptoKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ ctx->providers = xmlSecMSCryptoProviderInfo_Dss;
+ return(0);
+}
+
+static int
+xmlSecMSCryptoKeyDataDsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecMSCryptoKeyDataDsaId), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecMSCryptoKeyDataDsaId), -1);
+
+ return(xmlSecMSCryptoKeyDataDuplicate(dst, src));
+}
+
+static void
+xmlSecMSCryptoKeyDataDsaFinalize(xmlSecKeyDataPtr data) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataDsaId));
+
+ xmlSecMSCryptoKeyDataFinalize(data);
+}
+
+static int
+xmlSecMSCryptoKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataPtr data = NULL;
+ xmlNodePtr cur;
+ xmlSecBn p, q, g, y;
+ xmlSecBuffer blob;
+ unsigned int blobBufferLen;
+ PUBLICKEYSTRUC *pubKeyStruc = NULL;
+ DSSPUBKEY *pubKey = NULL;
+ DSSSEED* seed = NULL;
+ BYTE *buf = NULL;
+ HCRYPTPROV hProv = 0;
+ HCRYPTKEY hKey = 0;
+ xmlSecSize i;
+ int res = -1;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecMSCryptoKeyDataDsaId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ if(xmlSecKeyGetValue(key) != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA,
+ "key already has a value");
+ return(-1);
+ }
+
+ /* initialize buffers */
+ ret = xmlSecBnInitialize(&p, 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBnInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "p");
+ return(-1);
+ }
+
+ ret = xmlSecBnInitialize(&q, 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBnInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "q");
+ xmlSecBnFinalize(&p);
+ return(-1);
+ }
+
+ ret = xmlSecBnInitialize(&g, 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBnInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "g");
+ xmlSecBnFinalize(&p);
+ xmlSecBnFinalize(&q);
+ return(-1);
+ }
+
+ ret = xmlSecBnInitialize(&y, 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBnInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "y");
+ xmlSecBnFinalize(&p);
+ xmlSecBnFinalize(&q);
+ xmlSecBnFinalize(&g);
+ return(-1);
+ }
+
+ ret = xmlSecBufferInitialize(&blob, 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "blob");
+ xmlSecBnFinalize(&p);
+ xmlSecBnFinalize(&q);
+ xmlSecBnFinalize(&g);
+ xmlSecBnFinalize(&y);
+ return(-1);
+ }
+
+ /* read xml */
+ cur = xmlSecGetNextElementNode(node->children);
+
+ /* first is P node. It is REQUIRED because we do not support Seed and PgenCounter*/
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAP, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ goto done;
+ }
+
+ ret = xmlSecBnGetNodeValue(&p, cur, xmlSecBnBase64, 1);
+ if((ret < 0) || (xmlSecBnGetSize(&p) == 0)){
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBnGetNodeValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ /* next is Q node. It is REQUIRED because we do not support Seed and PgenCounter*/
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAQ, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ goto done;
+ }
+ ret = xmlSecBnGetNodeValue(&q, cur, xmlSecBnBase64, 1);
+ if((ret < 0) || (xmlSecBnGetSize(&q) == 0)){
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBnGetNodeValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ /* next is G node. It is REQUIRED because we do not support Seed and PgenCounter*/
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAG, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ goto done;
+ }
+ ret = xmlSecBnGetNodeValue(&g, cur, xmlSecBnBase64, 1);
+ if((ret < 0) || (xmlSecBnGetSize(&q) == 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBnGetNodeValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAX, xmlSecNs))) {
+ /* next is X node. It is REQUIRED for private key but
+ * MSCrypto does not support it, we just ignore it */
+
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* next is Y node. */
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAY, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ goto done;
+ }
+ ret = xmlSecBnGetNodeValue(&y, cur, xmlSecBnBase64, 1);
+ if((ret < 0) || (xmlSecBnGetSize(&y) == 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBnGetNodeValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ /* todo: add support for J */
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAJ, xmlSecDSigNs))) {
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* todo: add support for seed */
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSASeed, xmlSecDSigNs))) {
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* todo: add support for pgencounter */
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAPgenCounter, xmlSecDSigNs))) {
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* we assume that sizeof(q) < 0x14, sizeof(g) <= sizeof(p) and sizeof(y) <= sizeof(p) */
+ blobBufferLen = sizeof(PUBLICKEYSTRUC) + sizeof(DSSPUBKEY) + 3 * xmlSecBnGetSize(&p) + 0x14 + sizeof(DSSSEED);
+ ret = xmlSecBufferSetSize(&blob, blobBufferLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", blobBufferLen);
+ goto done;
+ }
+
+ /* Set PUBLICKEYSTRUC */
+ pubKeyStruc = (PUBLICKEYSTRUC *)xmlSecBufferGetData(&blob);
+ pubKeyStruc->bType = PUBLICKEYBLOB;
+ pubKeyStruc->bVersion = 0x02;
+ pubKeyStruc->reserved = 0;
+ pubKeyStruc->aiKeyAlg = CALG_DSS_SIGN;
+
+ /* Set the public key header */
+ pubKey = (DSSPUBKEY *) (xmlSecBufferGetData(&blob) + sizeof(PUBLICKEYSTRUC));
+ pubKey->magic = 0x31535344; /* == DSS1 pub key */
+ pubKey->bitlen = xmlSecBnGetSize(&p) * 8; /* Number of bits in prime modulus */
+
+ /* copy the key data */
+ buf = (BYTE*) (xmlSecBufferGetData(&blob) + sizeof(PUBLICKEYSTRUC) + sizeof(DSSPUBKEY));
+
+ /* set p */
+ xmlSecAssert2(xmlSecBnGetData(&p) != NULL, -1);
+ memcpy(buf, xmlSecBnGetData(&p), xmlSecBnGetSize(&p));
+ buf += xmlSecBnGetSize(&p);
+
+ /* set q */
+ if(xmlSecBnGetSize(&q) > 0x14) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "q",
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "size=%d > 0x14", xmlSecBnGetSize(&q));
+ goto done;
+ }
+ xmlSecAssert2(xmlSecBnGetData(&q) != NULL, -1);
+ memcpy(buf, xmlSecBnGetData(&q), xmlSecBnGetSize(&q));
+ buf += xmlSecBnGetSize(&q);
+
+ /* Pad with zeros */
+ for(i = xmlSecBnGetSize(&q); i < 0x14; ++i) {
+ *(buf++) = 0;
+ }
+
+ /* set generator */
+ if(xmlSecBnGetSize(&g) > xmlSecBnGetSize(&p)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "g",
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "size=%d > %d",
+ xmlSecBnGetSize(&g),
+ xmlSecBnGetSize(&p));
+ goto done;
+ }
+ xmlSecAssert2(xmlSecBnGetData(&g) != NULL, -1);
+ memcpy(buf, xmlSecBnGetData(&g), xmlSecBnGetSize(&g));
+ buf += xmlSecBnGetSize(&g);
+ /* Pad with zeros */
+ for(i = xmlSecBnGetSize(&g); i < xmlSecBnGetSize(&p); ++i) {
+ *(buf++) = 0;
+ }
+
+ /* Public key */
+ if(xmlSecBnGetSize(&y) > xmlSecBnGetSize(&p)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "y",
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "size=%d > %d",
+ xmlSecBnGetSize(&y),
+ xmlSecBnGetSize(&p));
+ goto done;
+ }
+ xmlSecAssert2(xmlSecBnGetData(&y) != NULL, -1);
+ memcpy(buf, xmlSecBnGetData(&y), xmlSecBnGetSize(&y));
+ buf += xmlSecBnGetSize(&y);
+ /* Pad with zeros */
+ for(i = xmlSecBnGetSize(&y); i < xmlSecBnGetSize(&p); ++i) {
+ *(buf++) = 0;
+ }
+
+ /* Set seed to 0xFFFFFFFFF */
+ seed = (DSSSEED*)buf;
+ memset(seed, 0, sizeof(*seed));
+ seed->counter = 0xFFFFFFFF; /* SEED Counter set to 0xFFFFFFFF will cause seed to be ignored */
+
+ hProv = xmlSecMSCryptoFindProvider(xmlSecMSCryptoProviderInfo_Dss, NULL, CRYPT_VERIFYCONTEXT, TRUE);
+ if(hProv == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecMSCryptoFindProvider",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* import the key blob */
+ if (!CryptImportKey(hProv, xmlSecBufferGetData(&blob), xmlSecBufferGetSize(&blob), 0, 0, &hKey)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "CryptImportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ data = xmlSecKeyDataCreate(id);
+ if(data == NULL ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, 0, xmlSecKeyDataTypePublic);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoKeyDataAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ hProv = 0;
+ hKey = 0;
+
+ ret = xmlSecKeySetValue(key, data);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ data = NULL;
+
+ /* success */
+ res = 0;
+
+done:
+ if (hKey != 0) {
+ CryptDestroyKey(hKey);
+ }
+ if (hProv != 0) {
+ CryptReleaseContext(hProv, 0);
+ }
+ if (data != NULL) {
+ xmlSecKeyDataDestroy(data);
+ }
+
+ xmlSecBufferFinalize(&blob);
+ xmlSecBnFinalize(&p);
+ xmlSecBnFinalize(&q);
+ xmlSecBnFinalize(&g);
+ xmlSecBnFinalize(&y);
+
+ return(res);
+}
+
+static int
+xmlSecMSCryptoKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecMSCryptoKeyDataCtxPtr ctx;
+ xmlSecBuffer buf;
+ DWORD dwBlobLen;
+ xmlSecByte* blob;
+ PUBLICKEYSTRUC* pubKeyStruc;
+ DSSPUBKEY *pubKey;
+ xmlSecSize keyLen, len;
+ xmlNodePtr cur;
+ int ret;
+
+
+ xmlSecAssert2(id == xmlSecMSCryptoKeyDataDsaId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecMSCryptoKeyDataDsaId), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key));
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(xmlSecMSCryptoKeyDataCtxGetKey(ctx) != 0, -1);
+
+ if (!CryptExportKey(xmlSecMSCryptoKeyDataCtxGetKey(ctx), 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "CryptExportKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecBufferInitialize(&buf, dwBlobLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%ld", dwBlobLen);
+ return(-1);
+ }
+
+ blob = xmlSecBufferGetData(&buf);
+ if (!CryptExportKey(xmlSecMSCryptoKeyDataCtxGetKey(ctx), 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "CryptExportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+ if (dwBlobLen < sizeof(PUBLICKEYSTRUC)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "blobLen=%ld", dwBlobLen);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+
+ /* check PUBLICKEYSTRUC */
+ pubKeyStruc = (PUBLICKEYSTRUC*)blob;
+ if(pubKeyStruc->bVersion != 0x02) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptExportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "pubKeyStruc->bVersion=%d", pubKeyStruc->bVersion);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+ if(pubKeyStruc->bType != PUBLICKEYBLOB) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptExportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "pubKeyStruc->bType=%d", (int)pubKeyStruc->bType);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+
+ /* check DSSPUBKEY */
+ pubKey = (DSSPUBKEY*)(blob + sizeof(PUBLICKEYSTRUC));
+ if(pubKey->magic != 0x31535344) { /* DSS key magic */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptExportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "pubKey->magic=0x%08lx", pubKey->magic);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+ keyLen = pubKey->bitlen / 8;
+
+ /* we assume that sizeof(q) < 0x14, sizeof(g) <= sizeof(p) and sizeof(y) <= sizeof(p) */
+ if (dwBlobLen < sizeof(PUBLICKEYSTRUC) + sizeof(DSSPUBKEY) + 3 * keyLen + 0x14 + sizeof(DSSSEED)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "blobLen=%ld; keyLen=%d", dwBlobLen, keyLen);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+ blob += sizeof(PUBLICKEYSTRUC) + sizeof(DSSPUBKEY);
+
+ /* first is P node */
+ cur = xmlSecAddChild(node, xmlSecNodeDSAP, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+
+ ret = xmlSecBnBlobSetNodeValue(blob, keyLen, cur, xmlSecBnBase64, 1, 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBnBlobSetNodeValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+ blob += keyLen;
+
+ /* next is Q node. */
+ cur = xmlSecAddChild(node, xmlSecNodeDSAQ, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+
+ /* we think that the size of q is 0x14, skip trailing zeros */
+ for(len = 0x14; len > 0 && blob[len - 1] == 0; --len);
+
+ ret = xmlSecBnBlobSetNodeValue(blob, len, cur, xmlSecBnBase64, 1, 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBnBlobSetNodeValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+ blob += 0x14;
+
+ /* next is G node. */
+ cur = xmlSecAddChild(node, xmlSecNodeDSAG, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+
+ /* skip trailing zeros */
+ for(len = keyLen; len > 0 && blob[len - 1] == 0; --len);
+
+ ret = xmlSecBnBlobSetNodeValue(blob, len, cur, xmlSecBnBase64, 1, 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBnBlobSetNodeValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+ blob += keyLen;
+
+ /* next is X node: not supported in MSCrypto */
+
+ /* next is Y node. */
+ cur = xmlSecAddChild(node, xmlSecNodeDSAY, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+
+ /* skip trailing zeros */
+ for(len = keyLen; len > 0 && blob[len - 1] == 0; --len);
+
+ ret = xmlSecBnBlobSetNodeValue(blob, len, cur, xmlSecBnBase64, 1, 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecBnBlobSetNodeValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+ blob += keyLen;
+
+ xmlSecBufferFinalize(&buf);
+ return(0);
+}
+
+static int
+xmlSecMSCryptoKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+ xmlSecMSCryptoKeyDataCtxPtr ctx;
+ HCRYPTPROV hProv = 0;
+ HCRYPTKEY hKey = 0;
+ DWORD dwKeySpec;
+ DWORD dwSize;
+ int res = -1;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), xmlSecKeyDataTypeUnknown);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecMSCryptoKeyDataSize), xmlSecKeyDataTypeUnknown);
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataDsaId), -1);
+ xmlSecAssert2(sizeBits > 0, -1);
+
+ ctx = xmlSecMSCryptoKeyDataGetCtx(data);
+
+ hProv = xmlSecMSCryptoFindProvider(ctx->providers, NULL, CRYPT_VERIFYCONTEXT, TRUE);
+ if(hProv == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoFindProvider",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ dwKeySpec = AT_SIGNATURE;
+ dwSize = ((sizeBits << 16) | CRYPT_EXPORTABLE);
+ if (!CryptGenKey(hProv, CALG_DSS_SIGN, dwSize, &hKey)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "CryptGenKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, dwKeySpec,
+ xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoKeyDataAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ hProv = 0;
+ hKey = 0;
+
+ /* success */
+ res = 0;
+
+done:
+ if (hProv != 0) {
+ CryptReleaseContext(hProv, 0);
+ }
+
+ if (hKey != 0) {
+ CryptDestroyKey(hKey);
+ }
+
+ return(res);
+}
+
+static xmlSecKeyDataType
+xmlSecMSCryptoKeyDataDsaGetType(xmlSecKeyDataPtr data) {
+ return(xmlSecMSCryptoKeyDataGetType(data));
+}
+
+static xmlSecSize
+xmlSecMSCryptoKeyDataDsaGetSize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataDsaId), 0);
+
+ return xmlSecMSCryptoKeyDataGetSize(data);
+}
+
+static void
+xmlSecMSCryptoKeyDataDsaDebugDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataDsaId));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "=== dsa key: size = %d\n",
+ xmlSecMSCryptoKeyDataDsaGetSize(data));
+}
+
+static void
+xmlSecMSCryptoKeyDataDsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataDsaId));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "<DSAKeyValue size=\"%d\" />\n",
+ xmlSecMSCryptoKeyDataDsaGetSize(data));
+}
+
+#endif /* XMLSEC_NO_DSA */
+
+
+#ifndef XMLSEC_NO_GOST
+/**************************************************************************
+ *
+ * GOST2001 xml key representation processing. Contain errors.
+ *
+ *************************************************************************/
+static int xmlSecMSCryptoKeyDataGost2001Initialize(xmlSecKeyDataPtr data);
+static int xmlSecMSCryptoKeyDataGost2001Duplicate(xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecMSCryptoKeyDataGost2001Finalize(xmlSecKeyDataPtr data);
+static int xmlSecMSCryptoKeyDataGost2001XmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoKeyDataGost2001XmlWrite(xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoKeyDataGost2001Generate(xmlSecKeyDataPtr data,
+ xmlSecSize sizeBits,
+ xmlSecKeyDataType type);
+
+static xmlSecKeyDataType xmlSecMSCryptoKeyDataGost2001GetType(xmlSecKeyDataPtr data);
+static xmlSecSize xmlSecMSCryptoKeyDataGost2001GetSize(xmlSecKeyDataPtr data);
+static void xmlSecMSCryptoKeyDataGost2001DebugDump(xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecMSCryptoKeyDataGost2001DebugXmlDump(xmlSecKeyDataPtr data,
+ FILE* output);
+
+static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataGost2001Klass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecMSCryptoKeyDataSize,
+
+ /* data */
+ xmlSecNameGOST2001KeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefGOST2001KeyValue, /* const xmlChar* href; */
+ xmlSecNodeGOST2001KeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecMSCryptoKeyDataGost2001Initialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecMSCryptoKeyDataGost2001Duplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecMSCryptoKeyDataGost2001Finalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ NULL, /* xmlSecMSCryptoKeyDataGost2001Generate,*/ /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecMSCryptoKeyDataGost2001GetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecMSCryptoKeyDataGost2001GetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecMSCryptoKeyDataGost2001DebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecMSCryptoKeyDataGost2001DebugXmlDump,/* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/* Ordered list of providers to search for algorithm implementation using
+ * xmlSecMSCryptoFindProvider() function
+ *
+ * MUST END with { NULL, 0 } !!!
+ */
+static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Gost[] = {
+ { MAGPRO_CSP, PROV_MAGPRO_GOST },
+ { CRYPTOPRO_CSP, PROV_CRYPTOPRO_GOST },
+ { NULL, 0 }
+};
+
+/**
+ * xmlSecMSCryptoKeyDataGost2001GetKlass:
+ *
+ * The GOST2001 key data klass.
+ *
+ * Returns: pointer to GOST2001 key data klass.
+ */
+xmlSecKeyDataId
+xmlSecMSCryptoKeyDataGost2001GetKlass(void) {
+ return(&xmlSecMSCryptoKeyDataGost2001Klass);
+}
+
+
+static int
+xmlSecMSCryptoKeyDataGost2001Initialize(xmlSecKeyDataPtr data) {
+ xmlSecMSCryptoKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataGost2001Id), xmlSecKeyDataTypeUnknown);
+
+ xmlSecMSCryptoKeyDataInitialize(data);
+
+ ctx = xmlSecMSCryptoKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ ctx->providers = xmlSecMSCryptoProviderInfo_Gost;
+ return(0);
+}
+
+static int
+xmlSecMSCryptoKeyDataGost2001Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecMSCryptoKeyDataGost2001Id), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecMSCryptoKeyDataGost2001Id), -1);
+
+ return(xmlSecMSCryptoKeyDataDuplicate(dst, src));
+}
+
+static void
+xmlSecMSCryptoKeyDataGost2001Finalize(xmlSecKeyDataPtr data) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataGost2001Id));
+
+ xmlSecMSCryptoKeyDataFinalize(data);
+}
+
+static xmlSecKeyDataType
+xmlSecMSCryptoKeyDataGost2001GetType(xmlSecKeyDataPtr data) {
+ return(xmlSecMSCryptoKeyDataGetType(data));
+}
+
+static xmlSecSize
+xmlSecMSCryptoKeyDataGost2001GetSize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataGost2001Id), 0);
+
+ return xmlSecMSCryptoKeyDataGetSize(data);
+}
+
+static void
+xmlSecMSCryptoKeyDataGost2001DebugDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataGost2001Id));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "=== dsa key: size = %d\n",
+ xmlSecMSCryptoKeyDataGost2001GetSize(data));
+}
+
+static void
+xmlSecMSCryptoKeyDataGost2001DebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataGost2001Id));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "<GOST2001KeyValue size=\"%d\" />\n",
+ xmlSecMSCryptoKeyDataGost2001GetSize(data));
+}
+
+#endif /* XMLSEC_NO_GOST*/
diff --git a/src/mscrypto/ciphers.c b/src/mscrypto/ciphers.c
new file mode 100644
index 00000000..ea2edcd5
--- /dev/null
+++ b/src/mscrypto/ciphers.c
@@ -0,0 +1,937 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
+ * Copyright (C) 2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <windows.h>
+#include <wincrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/mscrypto/crypto.h>
+
+#include "private.h"
+
+
+/**************************************************************************
+ *
+ * Internal MSCrypto Block cipher CTX
+ *
+ *****************************************************************************/
+typedef struct _xmlSecMSCryptoBlockCipherCtx xmlSecMSCryptoBlockCipherCtx,
+ *xmlSecMSCryptoBlockCipherCtxPtr;
+struct _xmlSecMSCryptoBlockCipherCtx {
+ ALG_ID algorithmIdentifier;
+ const xmlSecMSCryptoProviderInfo * providers;
+ xmlSecKeyDataId keyId;
+ xmlSecSize keySize;
+
+ HCRYPTPROV cryptProvider;
+ HCRYPTKEY pubPrivKey;
+ HCRYPTKEY cryptKey;
+ int ctxInitialized;
+};
+/* function declarations */
+static int xmlSecMSCryptoBlockCipherCtxUpdate (xmlSecMSCryptoBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx);
+
+
+static int
+xmlSecMSCryptoBlockCipherCtxInit(xmlSecMSCryptoBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx) {
+ int blockLen;
+ int ret;
+ DWORD dwBlockLen, dwBlockLenLen;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->cryptKey != 0, -1);
+ xmlSecAssert2(ctx->ctxInitialized == 0, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ /* iv len == block len */
+ dwBlockLenLen = sizeof(DWORD);
+ if (!CryptGetKeyParam(ctx->cryptKey, KP_BLOCKLEN, (BYTE *)&dwBlockLen, &dwBlockLenLen, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "CryptGetKeyParam",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ blockLen = dwBlockLen / 8;
+ xmlSecAssert2(blockLen > 0, -1);
+ if(encrypt) {
+ unsigned char* iv;
+ size_t outSize;
+
+ /* allocate space for IV */
+ outSize = xmlSecBufferGetSize(out);
+ ret = xmlSecBufferSetSize(out, outSize + blockLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + blockLen);
+ return(-1);
+ }
+ iv = xmlSecBufferGetData(out) + outSize;
+
+ /* generate and use random iv */
+ if(!CryptGenRandom(ctx->cryptProvider, blockLen, iv)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "CryptGenRandom",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "len=%d", blockLen);
+ return(-1);
+ }
+
+ if(!CryptSetKeyParam(ctx->cryptKey, KP_IV, iv, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "CryptSetKeyParam",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else {
+ /* if we don't have enough data, exit and hope that
+ * we'll have iv next time */
+ if(xmlSecBufferGetSize(in) < (size_t)blockLen) {
+ return(0);
+ }
+ xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1);
+
+ /* set iv */
+ if (!CryptSetKeyParam(ctx->cryptKey, KP_IV, xmlSecBufferGetData(in), 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "CryptSetKeyParam",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* and remove from input */
+ ret = xmlSecBufferRemoveHead(in, blockLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", blockLen);
+ return(-1);
+
+ }
+ }
+
+ ctx->ctxInitialized = 1;
+ return(0);
+}
+
+static int
+xmlSecMSCryptoBlockCipherCtxUpdate(xmlSecMSCryptoBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in, xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx) {
+ size_t inSize, inBlocks, outSize;
+ int blockLen;
+ unsigned char* outBuf;
+ unsigned char* inBuf;
+ int ret;
+ DWORD dwBlockLen, dwBlockLenLen, dwCLen;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->ctxInitialized != 0, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ dwBlockLenLen = sizeof(DWORD);
+ if (!CryptGetKeyParam(ctx->cryptKey, KP_BLOCKLEN, (BYTE *)&dwBlockLen, &dwBlockLenLen, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "CryptSetKeyParam",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ blockLen = dwBlockLen / 8;
+ xmlSecAssert2(blockLen > 0, -1);
+
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+
+ if(inSize < (size_t)blockLen) {
+ return(0);
+ }
+
+ if(encrypt) {
+ inBlocks = inSize / ((size_t)blockLen);
+ } else {
+ /* we want to have the last block in the input buffer
+ * for padding check */
+ inBlocks = (inSize - 1) / ((size_t)blockLen);
+ }
+ inSize = inBlocks * ((size_t)blockLen);
+
+ /* we write out the input size plus may be one block */
+ ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + inSize + blockLen);
+ return(-1);
+ }
+ outBuf = xmlSecBufferGetData(out) + outSize;
+ inBuf = xmlSecBufferGetData(in);
+ xmlSecAssert2(inBuf != NULL, -1);
+
+ memcpy(outBuf, inBuf, inSize);
+ dwCLen = inSize;
+ if(encrypt) {
+ if(!CryptEncrypt(ctx->cryptKey, 0, FALSE, 0, outBuf, &dwCLen, inSize + blockLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "CryptEncrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else {
+ if (!CryptDecrypt(ctx->cryptKey, 0, FALSE, 0, outBuf, &dwCLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "CryptSetKeyDecrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ /* Check if we really have de/encrypted the numbers of bytes that we requested */
+ if (dwCLen != inSize) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "CryptEn/Decrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%ld", dwCLen);
+ return(-1);
+ }
+
+ /* set correct output buffer size */
+ ret = xmlSecBufferSetSize(out, outSize + inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + inSize);
+ return(-1);
+ }
+
+ /* remove the processed block from input */
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ return(0);
+}
+
+static int
+xmlSecMSCryptoBlockCipherCtxFinal(xmlSecMSCryptoBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx) {
+ size_t inSize, outSize;
+ int blockLen, outLen = 0;
+ unsigned char* inBuf;
+ unsigned char* outBuf;
+ int ret;
+ DWORD dwBlockLen, dwBlockLenLen, dwCLen;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->ctxInitialized != 0, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ dwBlockLenLen = sizeof(DWORD);
+ if (!CryptGetKeyParam(ctx->cryptKey, KP_BLOCKLEN, (BYTE *)&dwBlockLen, &dwBlockLenLen, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "CryptGetKeyParam",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ blockLen = dwBlockLen / 8;
+ xmlSecAssert2(blockLen > 0, -1);
+
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+
+ if(encrypt != 0) {
+ xmlSecAssert2(inSize < (size_t)blockLen, -1);
+
+ /* create padding */
+ ret = xmlSecBufferSetMaxSize(in, blockLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", blockLen);
+ return(-1);
+ }
+ inBuf = xmlSecBufferGetData(in);
+
+ /* create random padding */
+ if((size_t)blockLen > (inSize + 1)) {
+ if (!CryptGenRandom(ctx->cryptProvider, blockLen - inSize - 1, inBuf + inSize)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "CryptGenRandom",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ inBuf[blockLen - 1] = blockLen - inSize;
+ inSize = blockLen;
+ } else {
+ if(inSize != (size_t)blockLen) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "data=%d;block=%d", inSize, blockLen);
+ return(-1);
+ }
+ inBuf = xmlSecBufferGetData(in);
+ }
+
+ /* process last block */
+ ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + 2 * blockLen);
+ return(-1);
+ }
+ outBuf = xmlSecBufferGetData(out) + outSize;
+ memcpy(outBuf, inBuf, inSize);
+
+ dwCLen = inSize;
+ if(encrypt) {
+ /* Set process last block to false, since we handle padding ourselves, and MSCrypto padding
+ * can be skipped. I hope this will work .... */
+ if(!CryptEncrypt(ctx->cryptKey, 0, FALSE, 0, outBuf, &dwCLen, inSize + blockLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "CryptEncrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else {
+ if (!CryptDecrypt(ctx->cryptKey, 0, FALSE, 0, outBuf, &dwCLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "CryptDecrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ /* Check if we really have de/encrypted the numbers of bytes that we requested */
+ if (dwCLen != inSize) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "CryptEn/Decrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%ld", dwCLen);
+ return(-1);
+ }
+
+ if(encrypt == 0) {
+ /* check padding */
+ if(inSize < outBuf[blockLen - 1]) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "padding=%d;buffer=%d",
+ outBuf[blockLen - 1], inSize);
+ return(-1);
+ }
+ outLen = inSize - outBuf[blockLen - 1];
+ } else {
+ outLen = inSize;
+ }
+
+ /* set correct output buffer size */
+ ret = xmlSecBufferSetSize(out, outSize + outLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + outLen);
+ return(-1);
+ }
+
+ /* remove the processed block from input */
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/******************************************************************************
+ *
+ * Block Cipher transforms
+ *
+ * xmlSecMSCryptoBlockCipherCtx block is located after xmlSecTransform structure
+ *
+ *****************************************************************************/
+#define xmlSecMSCryptoBlockCipherSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecMSCryptoBlockCipherCtx))
+#define xmlSecMSCryptoBlockCipherGetCtx(transform) \
+ ((xmlSecMSCryptoBlockCipherCtxPtr)(((unsigned char*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecMSCryptoBlockCipherInitialize (xmlSecTransformPtr transform);
+static void xmlSecMSCryptoBlockCipherFinalize (xmlSecTransformPtr transform);
+static int xmlSecMSCryptoBlockCipherSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecMSCryptoBlockCipherSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecMSCryptoBlockCipherExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecMSCryptoBlockCipherCheckId (xmlSecTransformPtr transform);
+
+
+
+/* Ordered list of providers to search for algorithm implementation using
+ * xmlSecMSCryptoFindProvider() function
+ *
+ * MUST END with { NULL, 0 } !!!
+ */
+#ifndef XMLSEC_NO_DES
+static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Des[] = {
+ { MS_STRONG_PROV, PROV_RSA_FULL },
+ { MS_ENHANCED_PROV, PROV_RSA_FULL },
+ { NULL, 0 }
+};
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_AES
+static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Aes[] = {
+ { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV, PROV_RSA_AES},
+ { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_PROTOTYPE, PROV_RSA_AES },
+ { NULL, 0 }
+};
+#endif /* XMLSEC_NO_AES */
+
+static int
+xmlSecMSCryptoBlockCipherCheckId(xmlSecTransformPtr transform) {
+#ifndef XMLSEC_NO_DES
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformDes3CbcId)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_AES
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformAes128CbcId) ||
+ xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformAes192CbcId) ||
+ xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformAes256CbcId)) {
+
+ return(1);
+ }
+#endif /* XMLSEC_NO_AES */
+
+ return(0);
+}
+
+static int
+xmlSecMSCryptoBlockCipherInitialize(xmlSecTransformPtr transform) {
+ xmlSecMSCryptoBlockCipherCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecMSCryptoBlockCipherCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoBlockCipherSize), -1);
+
+ ctx = xmlSecMSCryptoBlockCipherGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecMSCryptoBlockCipherCtx));
+
+#ifndef XMLSEC_NO_DES
+ if(transform->id == xmlSecMSCryptoTransformDes3CbcId) {
+ ctx->algorithmIdentifier = CALG_3DES;
+ ctx->keyId = xmlSecMSCryptoKeyDataDesId;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Des;
+ ctx->keySize = 24;
+ } else
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_AES
+ if(transform->id == xmlSecMSCryptoTransformAes128CbcId) {
+ ctx->algorithmIdentifier = CALG_AES_128;
+ ctx->keyId = xmlSecMSCryptoKeyDataAesId;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Aes;
+ ctx->keySize = 16;
+ } else if(transform->id == xmlSecMSCryptoTransformAes192CbcId) {
+ ctx->algorithmIdentifier = CALG_AES_192;
+ ctx->keyId = xmlSecMSCryptoKeyDataAesId;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Aes;
+ ctx->keySize = 24;
+ } else if(transform->id == xmlSecMSCryptoTransformAes256CbcId) {
+ ctx->algorithmIdentifier = CALG_AES_256;
+ ctx->keyId = xmlSecMSCryptoKeyDataAesId;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Aes;
+ ctx->keySize = 32;
+ } else
+#endif /* XMLSEC_NO_AES */
+
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ctx->cryptProvider = xmlSecMSCryptoFindProvider(ctx->providers, NULL, CRYPT_VERIFYCONTEXT, TRUE);
+ if(ctx->cryptProvider == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoFindProvider",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+
+ return(-1);
+ }
+
+ /* Create dummy key to be able to import plain session keys */
+ if (!xmlSecMSCryptoCreatePrivateExponentOneKey(ctx->cryptProvider, &(ctx->pubPrivKey))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoCreatePrivateExponentOneKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+
+ return(-1);
+ }
+
+ ctx->ctxInitialized = 0;
+ return(0);
+}
+
+static void
+xmlSecMSCryptoBlockCipherFinalize(xmlSecTransformPtr transform) {
+ xmlSecMSCryptoBlockCipherCtxPtr ctx;
+
+ xmlSecAssert(xmlSecMSCryptoBlockCipherCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecMSCryptoBlockCipherSize));
+
+ ctx = xmlSecMSCryptoBlockCipherGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ if (ctx->cryptKey) {
+ CryptDestroyKey(ctx->cryptKey);
+ }
+ if (ctx->pubPrivKey) {
+ CryptDestroyKey(ctx->pubPrivKey);
+ }
+ if (ctx->cryptProvider) {
+ CryptReleaseContext(ctx->cryptProvider, 0);
+ }
+
+ memset(ctx, 0, sizeof(xmlSecMSCryptoBlockCipherCtx));
+}
+
+static int
+xmlSecMSCryptoBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecMSCryptoBlockCipherCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecMSCryptoBlockCipherCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoBlockCipherSize), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ ctx = xmlSecMSCryptoBlockCipherGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->cryptProvider != 0, -1);
+
+ keyReq->keyId = ctx->keyId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+ } else {
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+ }
+
+ keyReq->keyBitsSize = 8 * ctx->keySize;
+ return(0);
+}
+
+static int
+xmlSecMSCryptoBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecMSCryptoBlockCipherCtxPtr ctx;
+ xmlSecBufferPtr buffer;
+ BYTE* bufData;
+
+ xmlSecAssert2(xmlSecMSCryptoBlockCipherCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoBlockCipherSize), -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ ctx = xmlSecMSCryptoBlockCipherGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->cryptKey == 0, -1);
+ xmlSecAssert2(ctx->pubPrivKey != 0, -1);
+ xmlSecAssert2(ctx->keyId != NULL, -1);
+ xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1);
+ xmlSecAssert2(ctx->keySize > 0, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
+ xmlSecAssert2(buffer != NULL, -1);
+
+ if(xmlSecBufferGetSize(buffer) < ctx->keySize) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "keySize=%d;expected=%d",
+ xmlSecBufferGetSize(buffer), ctx->keySize);
+ return(-1);
+ }
+
+ bufData = xmlSecBufferGetData(buffer);
+ xmlSecAssert2(bufData != NULL, -1);
+
+ /* Import this key and get an HCRYPTKEY handle */
+ if (!xmlSecMSCryptoImportPlainSessionBlob(ctx->cryptProvider,
+ ctx->pubPrivKey,
+ ctx->algorithmIdentifier,
+ bufData,
+ ctx->keySize,
+ TRUE,
+ &(ctx->cryptKey))) {
+
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoImportPlainSessionBlob",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecMSCryptoBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecMSCryptoBlockCipherCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ int ret;
+
+ xmlSecAssert2(xmlSecMSCryptoBlockCipherCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoBlockCipherSize), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+
+ ctx = xmlSecMSCryptoBlockCipherGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if(transform->status == xmlSecTransformStatusWorking) {
+ if(ctx->ctxInitialized == 0) {
+ ret = xmlSecMSCryptoBlockCipherCtxInit(ctx,
+ in,
+ out,
+ (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
+ xmlSecTransformGetName(transform),
+ transformCtx);
+
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoBlockCipherCtxInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ if((ctx->ctxInitialized == 0) && (last != 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "not enough data to initialize transform");
+ return(-1);
+ }
+ if(ctx->ctxInitialized != 0) {
+ ret = xmlSecMSCryptoBlockCipherCtxUpdate(ctx, in, out,
+ (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
+ xmlSecTransformGetName(transform), transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoBlockCipherCtxUpdate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ if(last) {
+ ret = xmlSecMSCryptoBlockCipherCtxFinal(ctx, in, out,
+ (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
+ xmlSecTransformGetName(transform), transformCtx);
+
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoBlockCipherCtxFinal",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
+ } else if(transform->status == xmlSecTransformStatusNone) {
+ /* the only way we can get here is if there is no enough data in the input */
+ xmlSecAssert2(last == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+
+ return(0);
+}
+
+#ifndef XMLSEC_NO_AES
+/*********************************************************************
+ *
+ * AES CBC cipher transforms
+ *
+ ********************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoAes128CbcKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameAes128Cbc, /* const xmlChar* name; */
+ xmlSecHrefAes128Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecMSCryptoBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecMSCryptoBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformAes128CbcGetKlass:
+ *
+ * AES 128 CBC encryption transform klass.
+ *
+ * Returns: pointer to AES 128 CBC encryption transform.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformAes128CbcGetKlass(void) {
+ return(&xmlSecMSCryptoAes128CbcKlass);
+}
+
+static xmlSecTransformKlass xmlSecMSCryptoAes192CbcKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameAes192Cbc, /* const xmlChar* name; */
+ xmlSecHrefAes192Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecMSCryptoBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecMSCryptoBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformAes192CbcGetKlass:
+ *
+ * AES 192 CBC encryption transform klass.
+ *
+ * Returns: pointer to AES 192 CBC encryption transform.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformAes192CbcGetKlass(void) {
+ return(&xmlSecMSCryptoAes192CbcKlass);
+}
+
+static xmlSecTransformKlass xmlSecMSCryptoAes256CbcKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameAes256Cbc, /* const xmlChar* name; */
+ xmlSecHrefAes256Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecMSCryptoBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecMSCryptoBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformAes256CbcGetKlass:
+ *
+ * AES 256 CBC encryption transform klass.
+ *
+ * Returns: pointer to AES 256 CBC encryption transform.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformAes256CbcGetKlass(void) {
+ return(&xmlSecMSCryptoAes256CbcKlass);
+}
+
+#endif /* XMLSEC_NO_AES */
+
+
+#ifndef XMLSEC_NO_DES
+static xmlSecTransformKlass xmlSecMSCryptoDes3CbcKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* size_t klassSize */
+ xmlSecMSCryptoBlockCipherSize, /* size_t objSize */
+
+ xmlSecNameDes3Cbc, /* const xmlChar* name; */
+ xmlSecHrefDes3Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod,/* xmlSecAlgorithmUsage usage; */
+
+ xmlSecMSCryptoBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecMSCryptoBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformDes3CbcGetKlass:
+ *
+ * Triple DES CBC encryption transform klass.
+ *
+ * Returns: pointer to Triple DES encryption transform.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformDes3CbcGetKlass(void) {
+ return(&xmlSecMSCryptoDes3CbcKlass);
+}
+#endif /* XMLSEC_NO_DES */
diff --git a/src/mscrypto/crypto.c b/src/mscrypto/crypto.c
new file mode 100644
index 00000000..82ab101d
--- /dev/null
+++ b/src/mscrypto/crypto.c
@@ -0,0 +1,889 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
+ * Copyright (C) 2003 Aleksey Sanin <aleksey@aleksey.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD (http://www.cryptocom.ru).
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+#include <xmlsec/dl.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/private.h>
+
+#include <xmlsec/mscrypto/app.h>
+#include <xmlsec/mscrypto/crypto.h>
+#include <xmlsec/mscrypto/x509.h>
+#include "private.h"
+
+#if defined(__MINGW32__)
+/* NOTE mingw.org project don't define any xxx_s function and may
+ * be never will define them.
+ *
+ * In this file is save to use non _s function as into destination
+ * buffer program code copy empty string and the size of source buffer
+ * (XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE=4096) is enough for any
+ * encoding. Also program code don't check result of _s functions.
+ */
+
+static int
+strcpy_s(char *dest, size_t n, const char *src) {
+ strcpy(dest, src);
+ return(0);
+}
+
+static int
+wcscpy_s(wchar_t *dest, size_t n, const wchar_t *src) {
+ wcscpy(dest, src);
+ return(0);
+}
+#endif
+
+#define XMLSEC_CONTAINER_NAME_A "xmlsec-key-container"
+#define XMLSEC_CONTAINER_NAME_W L"xmlsec-key-container"
+#ifdef UNICODE
+#define XMLSEC_CONTAINER_NAME XMLSEC_CONTAINER_NAME_W
+#else
+#define XMLSEC_CONTAINER_NAME XMLSEC_CONTAINER_NAME_A
+#endif
+
+
+static xmlSecCryptoDLFunctionsPtr gXmlSecMSCryptoFunctions = NULL;
+
+/**
+ * xmlSecCryptoGetFunctions_mscrypto:
+ *
+ * Gets MSCrypto specific functions table.
+ *
+ * Returns: xmlsec-mscrypto functions table.
+ */
+xmlSecCryptoDLFunctionsPtr
+xmlSecCryptoGetFunctions_mscrypto(void) {
+ static xmlSecCryptoDLFunctions functions;
+
+ if(gXmlSecMSCryptoFunctions != NULL) {
+ return(gXmlSecMSCryptoFunctions);
+ }
+
+ memset(&functions, 0, sizeof(functions));
+ gXmlSecMSCryptoFunctions = &functions;
+
+ /********************************************************************
+ *
+ * Crypto Init/shutdown
+ *
+ ********************************************************************/
+ gXmlSecMSCryptoFunctions->cryptoInit = xmlSecMSCryptoInit;
+ gXmlSecMSCryptoFunctions->cryptoShutdown = xmlSecMSCryptoShutdown;
+ gXmlSecMSCryptoFunctions->cryptoKeysMngrInit = xmlSecMSCryptoKeysMngrInit;
+
+ /********************************************************************
+ *
+ * Key data ids
+ *
+ ********************************************************************/
+#ifndef XMLSEC_NO_DES
+ gXmlSecMSCryptoFunctions->keyDataDesGetKlass = xmlSecMSCryptoKeyDataDesGetKlass;
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_AES
+ gXmlSecMSCryptoFunctions->keyDataAesGetKlass = xmlSecMSCryptoKeyDataAesGetKlass;
+#endif /* XMLSEC_NO_AES */
+
+#ifndef XMLSEC_NO_RSA
+ gXmlSecMSCryptoFunctions->keyDataRsaGetKlass = xmlSecMSCryptoKeyDataRsaGetKlass;
+#endif /* XMLSEC_NO_RSA */
+
+#ifndef XMLSEC_NO_HMAC
+ gXmlSecMSCryptoFunctions->keyDataHmacGetKlass = xmlSecMSCryptoKeyDataHmacGetKlass;
+#endif /* XMLSEC_NO_HMAC */
+
+#ifndef XMLSEC_NO_DSA
+ gXmlSecMSCryptoFunctions->keyDataDsaGetKlass = xmlSecMSCryptoKeyDataDsaGetKlass;
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_GOST
+ gXmlSecMSCryptoFunctions->keyDataGost2001GetKlass = xmlSecMSCryptoKeyDataGost2001GetKlass;
+#endif /* XMLSEC_NO_GOST*/
+
+#ifndef XMLSEC_NO_X509
+ gXmlSecMSCryptoFunctions->keyDataX509GetKlass = xmlSecMSCryptoKeyDataX509GetKlass;
+ gXmlSecMSCryptoFunctions->keyDataRawX509CertGetKlass = xmlSecMSCryptoKeyDataRawX509CertGetKlass;
+#endif /* XMLSEC_NO_X509 */
+
+ /********************************************************************
+ *
+ * Key data store ids
+ *
+ ********************************************************************/
+#ifndef XMLSEC_NO_X509
+ gXmlSecMSCryptoFunctions->x509StoreGetKlass = xmlSecMSCryptoX509StoreGetKlass;
+#endif /* XMLSEC_NO_X509 */
+
+ /********************************************************************
+ *
+ * Crypto transforms ids
+ *
+ ********************************************************************/
+
+ /******************************* AES ********************************/
+#ifndef XMLSEC_NO_AES
+ gXmlSecMSCryptoFunctions->transformAes128CbcGetKlass = xmlSecMSCryptoTransformAes128CbcGetKlass;
+ gXmlSecMSCryptoFunctions->transformAes192CbcGetKlass = xmlSecMSCryptoTransformAes192CbcGetKlass;
+ gXmlSecMSCryptoFunctions->transformAes256CbcGetKlass = xmlSecMSCryptoTransformAes256CbcGetKlass;
+ gXmlSecMSCryptoFunctions->transformKWAes128GetKlass = xmlSecMSCryptoTransformKWAes128GetKlass;
+ gXmlSecMSCryptoFunctions->transformKWAes192GetKlass = xmlSecMSCryptoTransformKWAes192GetKlass;
+ gXmlSecMSCryptoFunctions->transformKWAes256GetKlass = xmlSecMSCryptoTransformKWAes256GetKlass;
+#endif /* XMLSEC_NO_AES */
+
+ /******************************* DES ********************************/
+#ifndef XMLSEC_NO_DES
+ gXmlSecMSCryptoFunctions->transformDes3CbcGetKlass = xmlSecMSCryptoTransformDes3CbcGetKlass;
+ gXmlSecMSCryptoFunctions->transformKWDes3GetKlass = xmlSecMSCryptoTransformKWDes3GetKlass;
+#endif /* XMLSEC_NO_DES */
+
+ /******************************* DSA ********************************/
+#ifndef XMLSEC_NO_DSA
+ gXmlSecMSCryptoFunctions->transformDsaSha1GetKlass = xmlSecMSCryptoTransformDsaSha1GetKlass;
+#endif /* XMLSEC_NO_DSA */
+
+ /******************************* GOST ********************************/
+#ifndef XMLSEC_NO_GOST
+ gXmlSecMSCryptoFunctions->transformGost2001GostR3411_94GetKlass = xmlSecMSCryptoTransformGost2001GostR3411_94GetKlass;
+#endif /* XMLSEC_NO_GOST */
+
+#ifndef XMLSEC_NO_GOST
+ gXmlSecMSCryptoFunctions->transformGostR3411_94GetKlass = xmlSecMSCryptoTransformGostR3411_94GetKlass;
+#endif /* XMLSEC_NO_GOST */
+
+ /******************************* HMAC ********************************/
+#ifndef XMLSEC_NO_HMAC
+
+#ifndef XMLSEC_NO_MD5
+ gXmlSecMSCryptoFunctions->transformHmacMd5GetKlass = xmlSecMSCryptoTransformHmacMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecMSCryptoFunctions->transformHmacSha1GetKlass = xmlSecMSCryptoTransformHmacSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecMSCryptoFunctions->transformHmacSha256GetKlass = xmlSecMSCryptoTransformHmacSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecMSCryptoFunctions->transformHmacSha384GetKlass = xmlSecMSCryptoTransformHmacSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecMSCryptoFunctions->transformHmacSha512GetKlass = xmlSecMSCryptoTransformHmacSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_HMAC */
+
+ /******************************* MD5 ********************************/
+#ifndef XMLSEC_NO_MD5
+ gXmlSecMSCryptoFunctions->transformMd5GetKlass = xmlSecMSCryptoTransformMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+ /******************************* RSA ********************************/
+#ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_MD5
+ gXmlSecMSCryptoFunctions->transformRsaMd5GetKlass = xmlSecMSCryptoTransformRsaMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecMSCryptoFunctions->transformRsaSha1GetKlass = xmlSecMSCryptoTransformRsaSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecMSCryptoFunctions->transformRsaSha256GetKlass = xmlSecMSCryptoTransformRsaSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecMSCryptoFunctions->transformRsaSha384GetKlass = xmlSecMSCryptoTransformRsaSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecMSCryptoFunctions->transformRsaSha512GetKlass = xmlSecMSCryptoTransformRsaSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+ gXmlSecMSCryptoFunctions->transformRsaPkcs1GetKlass = xmlSecMSCryptoTransformRsaPkcs1GetKlass;
+ gXmlSecMSCryptoFunctions->transformRsaOaepGetKlass = xmlSecMSCryptoTransformRsaOaepGetKlass;
+#endif /* XMLSEC_NO_RSA */
+
+ /******************************* SHA ********************************/
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecMSCryptoFunctions->transformSha1GetKlass = xmlSecMSCryptoTransformSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecMSCryptoFunctions->transformSha256GetKlass = xmlSecMSCryptoTransformSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecMSCryptoFunctions->transformSha384GetKlass = xmlSecMSCryptoTransformSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecMSCryptoFunctions->transformSha512GetKlass = xmlSecMSCryptoTransformSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+ /********************************************************************
+ *
+ * High level routines form xmlsec command line utility
+ *
+ ********************************************************************/
+ gXmlSecMSCryptoFunctions->cryptoAppInit = xmlSecMSCryptoAppInit;
+ gXmlSecMSCryptoFunctions->cryptoAppShutdown = xmlSecMSCryptoAppShutdown;
+ gXmlSecMSCryptoFunctions->cryptoAppDefaultKeysMngrInit = xmlSecMSCryptoAppDefaultKeysMngrInit;
+ gXmlSecMSCryptoFunctions->cryptoAppDefaultKeysMngrAdoptKey = xmlSecMSCryptoAppDefaultKeysMngrAdoptKey;
+ gXmlSecMSCryptoFunctions->cryptoAppDefaultKeysMngrLoad = xmlSecMSCryptoAppDefaultKeysMngrLoad;
+ gXmlSecMSCryptoFunctions->cryptoAppDefaultKeysMngrSave = xmlSecMSCryptoAppDefaultKeysMngrSave;
+#ifndef XMLSEC_NO_X509
+ gXmlSecMSCryptoFunctions->cryptoAppKeysMngrCertLoad = xmlSecMSCryptoAppKeysMngrCertLoad;
+ gXmlSecMSCryptoFunctions->cryptoAppKeysMngrCertLoadMemory = xmlSecMSCryptoAppKeysMngrCertLoadMemory;
+ gXmlSecMSCryptoFunctions->cryptoAppPkcs12Load = xmlSecMSCryptoAppPkcs12Load;
+ gXmlSecMSCryptoFunctions->cryptoAppPkcs12LoadMemory = xmlSecMSCryptoAppPkcs12LoadMemory;
+ gXmlSecMSCryptoFunctions->cryptoAppKeyCertLoad = xmlSecMSCryptoAppKeyCertLoad;
+ gXmlSecMSCryptoFunctions->cryptoAppKeyCertLoadMemory = xmlSecMSCryptoAppKeyCertLoadMemory;
+#endif /* XMLSEC_NO_X509 */
+ gXmlSecMSCryptoFunctions->cryptoAppKeyLoad = xmlSecMSCryptoAppKeyLoad;
+ gXmlSecMSCryptoFunctions->cryptoAppKeyLoadMemory = xmlSecMSCryptoAppKeyLoadMemory;
+ gXmlSecMSCryptoFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecMSCryptoAppGetDefaultPwdCallback();
+
+ return(gXmlSecMSCryptoFunctions);
+}
+
+/**
+ * xmlSecMSCryptoInit:
+ *
+ * XMLSec library specific crypto engine initialization.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecMSCryptoInit (void) {
+ /* Check loaded xmlsec library version */
+ if(xmlSecCheckVersionExact() != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCheckVersionExact",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* set default errors callback for xmlsec to us */
+ xmlSecErrorsSetCallback(xmlSecMSCryptoErrorsDefaultCallback);
+
+ /* register our klasses */
+ if(xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(xmlSecCryptoGetFunctions_mscrypto()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+/**
+ * xmlSecMSCryptoShutdown:
+ *
+ * XMLSec library specific crypto engine shutdown.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecMSCryptoShutdown(void) {
+ /* TODO: if necessary, do additional shutdown here */
+ return(0);
+}
+
+/**
+ * xmlSecMSCryptoKeysMngrInit:
+ * @mngr: the pointer to keys manager.
+ *
+ * Adds MSCrypto specific key data stores in keys manager.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecMSCryptoKeysMngrInit(xmlSecKeysMngrPtr mngr) {
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+
+#ifndef XMLSEC_NO_X509
+ /* create x509 store if needed */
+ if(xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCryptoX509StoreId) == NULL) {
+ xmlSecKeyDataStorePtr x509Store;
+
+ x509Store = xmlSecKeyDataStoreCreate(xmlSecMSCryptoX509StoreId);
+ if(x509Store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataStoreCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecMSCryptoX509StoreId");
+ return(-1);
+ }
+
+ ret = xmlSecKeysMngrAdoptDataStore(mngr, x509Store);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrAdoptDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataStoreDestroy(x509Store);
+ return(-1);
+ }
+ }
+#endif /* XMLSEC_NO_X509 */
+
+ return(0);
+}
+
+
+static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Random[] = {
+ { MS_STRONG_PROV, PROV_RSA_FULL },
+ { MS_ENHANCED_PROV, PROV_RSA_FULL },
+ { NULL, 0 }
+};
+
+/**
+ * xmlSecMSCryptoGenerateRandom:
+ * @buffer: the destination buffer.
+ * @size: the numer of bytes to generate.
+ *
+ * Generates @size random bytes and puts result in @buffer
+ * (not implemented yet).
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecMSCryptoGenerateRandom(xmlSecBufferPtr buffer, size_t size) {
+ HCRYPTPROV hProv = 0;
+ int ret;
+
+ xmlSecAssert2(buffer != NULL, -1);
+ xmlSecAssert2(size > 0, -1);
+
+ ret = xmlSecBufferSetSize(buffer, size);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", size);
+ return(-1);
+ }
+
+ hProv = xmlSecMSCryptoFindProvider(xmlSecMSCryptoProviderInfo_Random, NULL, CRYPT_VERIFYCONTEXT, FALSE);
+ if (0 == hProv) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoFindProvider",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ if (FALSE == CryptGenRandom(hProv, (DWORD)size, xmlSecBufferGetData(buffer))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGenRandom",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CryptReleaseContext(hProv,0);
+ return(-1);
+ }
+
+ CryptReleaseContext(hProv, 0);
+ return(0);
+}
+
+#define XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE 4096
+
+/**
+ * xmlSecMSCryptoErrorsDefaultCallback:
+ * @file: the error location file name (__FILE__ macro).
+ * @line: the error location line number (__LINE__ macro).
+ * @func: the error location function name (__FUNCTION__ macro).
+ * @errorObject: the error specific error object
+ * @errorSubject: the error specific error subject.
+ * @reason: the error code.
+ * @msg: the additional error message.
+ *
+ * The default errors reporting callback function.
+ */
+void
+xmlSecMSCryptoErrorsDefaultCallback(const char* file, int line, const char* func,
+ const char* errorObject, const char* errorSubject,
+ int reason, const char* msg) {
+ DWORD dwError;
+ TCHAR errorT[XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE];
+ WCHAR errorW[XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE];
+ CHAR errorUTF8[XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE];
+ xmlChar buf[XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE];
+ DWORD rc;
+ int ret;
+
+ dwError = GetLastError();
+ rc = FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM,
+ NULL,
+ dwError,
+ MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), /* Default language */
+ errorT,
+ XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE,
+ NULL);
+
+#ifdef UNICODE
+ if(rc <= 0) {
+ wcscpy_s(errorT, XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE, L"");
+ }
+ ret = WideCharToMultiByte(CP_UTF8, 0, errorT, -1, errorUTF8, XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE, NULL, NULL);
+ if(ret <= 0) {
+ strcpy_s(errorUTF8, XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE, "");
+ }
+#else /* UNICODE */
+ if(rc <= 0) {
+ strcpy_s(errorT, XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE, "");
+ }
+ ret = MultiByteToWideChar(CP_ACP, 0, errorT, -1, errorW, XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE);
+ if(ret <= 0) {
+ wcscpy_s(errorW, XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE, L"");
+ }
+ ret = WideCharToMultiByte(CP_UTF8, 0, errorW, -1, errorUTF8, XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE, NULL, NULL);
+ if(ret <= 0) {
+ strcpy_s(errorUTF8, XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE, "");
+ }
+#endif /* UNICODE */
+
+ if((msg != NULL) && ((*msg) != '\0')) {
+ xmlSecStrPrintf(buf, sizeof(buf), BAD_CAST "%s;last error=%d (0x%08x);last error msg=%s", msg, dwError, dwError, errorUTF8);
+ } else {
+ xmlSecStrPrintf(buf, sizeof(buf), BAD_CAST "last error=%d (0x%08x);last error msg=%s", dwError, dwError, errorUTF8);
+ }
+ xmlSecErrorsDefaultCallback(file, line, func,
+ errorObject, errorSubject,
+ reason, (char*)buf);
+}
+
+/**
+ * xmlSecMSCryptoConvertUtf8ToUnicode:
+ * @str: the string to convert.
+ *
+ * Converts input string from UTF8 to Unicode.
+ *
+ * Returns: a pointer to newly allocated string (must be freed with xmlFree) or NULL if an error occurs.
+ */
+LPWSTR
+xmlSecMSCryptoConvertUtf8ToUnicode(const xmlChar* str) {
+ LPWSTR res = NULL;
+ int len;
+ int ret;
+
+ xmlSecAssert2(str != NULL, NULL);
+
+ /* call MultiByteToWideChar first to get the buffer size */
+ ret = MultiByteToWideChar(CP_UTF8, 0, str, -1, NULL, 0);
+ if(ret <= 0) {
+ return(NULL);
+ }
+ len = ret + 1;
+
+ /* allocate buffer */
+ res = (LPWSTR)xmlMalloc(sizeof(WCHAR) * len);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", sizeof(WCHAR) * len);
+ return(NULL);
+ }
+
+ /* convert */
+ ret = MultiByteToWideChar(CP_UTF8, 0, str, -1, res, len);
+ if(ret <= 0) {
+ xmlFree(res);
+ return(NULL);
+ }
+
+ /* done */
+ return(res);
+}
+
+/**
+ * xmlSecMSCryptoConvertUnicodeToUtf8:
+ * @str: the string to convert.
+ *
+ * Converts input string from Unicode to UTF8.
+ *
+ * Returns: a pointer to newly allocated string (must be freed with xmlFree) or NULL if an error occurs.
+ */
+xmlChar*
+xmlSecMSCryptoConvertUnicodeToUtf8(LPCWSTR str) {
+ xmlChar * res = NULL;
+ int len;
+ int ret;
+
+ xmlSecAssert2(str != NULL, NULL);
+
+ /* call WideCharToMultiByte first to get the buffer size */
+ ret = WideCharToMultiByte(CP_UTF8, 0, str, -1, NULL, 0, NULL, NULL);
+ if(ret <= 0) {
+ return(NULL);
+ }
+ len = ret + 1;
+
+ /* allocate buffer */
+ res = (xmlChar*)xmlMalloc(sizeof(xmlChar) * len);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", sizeof(xmlChar) * len);
+ return(NULL);
+ }
+
+ /* convert */
+ ret = WideCharToMultiByte(CP_UTF8, 0, str, -1, res, len, NULL, NULL);
+ if(ret <= 0) {
+ xmlFree(res);
+ return(NULL);
+ }
+
+ /* done */
+ return(res);
+}
+
+/**
+ * xmlSecMSCryptoConvertLocaleToUnicode:
+ * @str: the string to convert.
+ *
+ * Converts input string from current system locale to Unicode.
+ *
+ * Returns: a pointer to newly allocated string (must be freed with xmlFree) or NULL if an error occurs.
+ */
+LPWSTR
+xmlSecMSCryptoConvertLocaleToUnicode(const char* str) {
+ LPWSTR res = NULL;
+ int len;
+ int ret;
+
+ xmlSecAssert2(str != NULL, NULL);
+
+ /* call MultiByteToWideChar first to get the buffer size */
+ ret = MultiByteToWideChar(CP_ACP, 0, str, -1, NULL, 0);
+ if(ret <= 0) {
+ return(NULL);
+ }
+ len = ret;
+
+ /* allocate buffer */
+ res = (LPWSTR)xmlMalloc(sizeof(WCHAR) * len);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ /* convert */
+ ret = MultiByteToWideChar(CP_ACP, 0, str, -1, res, len);
+ if(ret <= 0) {
+ xmlFree(res);
+ return(NULL);
+ }
+
+ /* done */
+ return(res);
+}
+
+/**
+ * xmlSecMSCryptoConvertLocaleToUtf8:
+ * @str: the string to convert.
+ *
+ * Converts input string from locale to UTF8.
+ *
+ * Returns: a pointer to newly allocated string (must be freed with xmlFree) or NULL if an error occurs.
+ */
+xmlChar*
+xmlSecMSCryptoConvertLocaleToUtf8(const char * str) {
+ LPWSTR strW = NULL;
+ xmlChar * res = NULL;
+ int len;
+ int ret;
+
+ xmlSecAssert2(str != NULL, NULL);
+
+ strW = xmlSecMSCryptoConvertLocaleToUnicode(str);
+ if(strW == NULL) {
+ return(NULL);
+ }
+
+ /* call WideCharToMultiByte first to get the buffer size */
+ ret = WideCharToMultiByte(CP_ACP, 0, strW, -1, NULL, 0, NULL, NULL);
+ if(ret <= 0) {
+ xmlFree(strW);
+ return(NULL);
+ }
+ len = ret + 1;
+
+ /* allocate buffer */
+ res = (xmlChar*)xmlMalloc(sizeof(xmlChar) * len);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", sizeof(xmlChar) * len);
+ xmlFree(strW);
+ return(NULL);
+ }
+
+ /* convert */
+ ret = WideCharToMultiByte(CP_ACP, 0, strW, -1, res, len, NULL, NULL);
+ if(ret <= 0) {
+ xmlFree(strW);
+ xmlFree(res);
+ return(NULL);
+ }
+
+ /* done */
+ xmlFree(strW);
+ return(res);
+}
+
+/**
+ * xmlSecMSCryptoConvertUtf8ToLocale:
+ * @str: the string to convert.
+ *
+ * Converts input string from UTF8 to locale.
+ *
+ * Returns: a pointer to newly allocated string (must be freed with xmlFree) or NULL if an error occurs.
+ */
+char *
+xmlSecMSCryptoConvertUtf8ToLocale(const xmlChar* str) {
+ LPWSTR strW = NULL;
+ char * res = NULL;
+ int len;
+ int ret;
+
+ xmlSecAssert2(str != NULL, NULL);
+
+ strW = xmlSecMSCryptoConvertUtf8ToUnicode(str);
+ if(strW == NULL) {
+ return(NULL);
+ }
+
+ /* call WideCharToMultiByte first to get the buffer size */
+ ret = WideCharToMultiByte(CP_ACP, 0, strW, -1, NULL, 0, NULL, NULL);
+ if(ret <= 0) {
+ xmlFree(strW);
+ return(NULL);
+ }
+ len = ret + 1;
+
+ /* allocate buffer */
+ res = (char*)xmlMalloc(sizeof(char) * len);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", sizeof(xmlChar) * len);
+ xmlFree(strW);
+ return(NULL);
+ }
+
+ /* convert */
+ ret = WideCharToMultiByte(CP_ACP, 0, strW, -1, res, len, NULL, NULL);
+ if(ret <= 0) {
+ xmlFree(strW);
+ xmlFree(res);
+ return(NULL);
+ }
+
+ /* done */
+ xmlFree(strW);
+ return(res);
+}
+
+/**
+ * xmlSecMSCryptoConvertTstrToUtf8:
+ * @str: the string to convert.
+ *
+ * Converts input string from TSTR (locale or Unicode) to UTF8.
+ *
+ * Returns: a pointer to newly allocated string (must be freed with xmlFree) or NULL if an error occurs.
+ */
+xmlChar*
+xmlSecMSCryptoConvertTstrToUtf8(LPCTSTR str) {
+#ifdef UNICODE
+ return xmlSecMSCryptoConvertUnicodeToUtf8(str);
+#else /* UNICODE */
+ return xmlSecMSCryptoConvertLocaleToUtf8(str);
+#endif /* UNICODE */
+}
+
+/**
+ * xmlSecMSCryptoConvertUtf8ToTstr:
+ * @str: the string to convert.
+ *
+ * Converts input string from UTF8 to TSTR (locale or Unicode).
+ *
+ * Returns: a pointer to newly allocated string (must be freed with xmlFree) or NULL if an error occurs.
+ */
+LPTSTR
+xmlSecMSCryptoConvertUtf8ToTstr(const xmlChar* str) {
+#ifdef UNICODE
+ return xmlSecMSCryptoConvertUtf8ToUnicode(str);
+#else /* UNICODE */
+ return xmlSecMSCryptoConvertUtf8ToLocale(str);
+#endif /* UNICODE */
+}
+
+/********************************************************************
+ *
+ * Crypto Providers
+ *
+ ********************************************************************/
+/**
+ * xmlSecMSCryptoFindProvider:
+ * @providers: the pointer to list of providers, last provider should have NULL for name.
+ * @pszContainer: the container name for CryptAcquireContext call
+ * @dwFlags: the flags for CryptAcquireContext call
+ * @bUseXmlSecContainer: the flag to indicate whether we should try to use XmlSec container if default fails
+ *
+ * Finds the first provider from the list
+ *
+ * Returns: provider handle on success or NULL for error.
+ */
+HCRYPTPROV
+xmlSecMSCryptoFindProvider(const xmlSecMSCryptoProviderInfo * providers,
+ LPCTSTR pszContainer,
+ DWORD dwFlags,
+ BOOL bUseXmlSecContainer)
+{
+ HCRYPTPROV res = 0;
+ DWORD dwLastError;
+ BOOL ret;
+ int ii;
+
+ xmlSecAssert2(providers != NULL, 0);
+
+ for(ii = 0; (res == 0) && (providers[ii].providerName != NULL) && (providers[ii].providerType != 0); ++ii) {
+ /* first try */
+ ret = CryptAcquireContext(&res,
+ pszContainer,
+ providers[ii].providerName,
+ providers[ii].providerType,
+ dwFlags);
+ if((ret == TRUE) && (res != 0)) {
+ return (res);
+ }
+
+ /* check errors */
+ dwLastError = GetLastError();
+ switch(dwLastError) {
+ case NTE_BAD_KEYSET:
+ /* This error can indicate that a newly installed provider
+ * does not have a usable key container yet. It needs to be
+ * created, and then we have to try again CryptAcquireContext.
+ * This is also referenced in
+ * http://www.microsoft.com/mind/0697/crypto.asp (inituser)
+ */
+ ret = CryptAcquireContext(&res,
+ pszContainer,
+ providers[ii].providerName,
+ providers[ii].providerType,
+ CRYPT_NEWKEYSET | dwFlags);
+ if((ret == TRUE) && (res != 0)) {
+ return (res);
+ }
+ break;
+
+ case NTE_EXISTS:
+ /* If we can, try our container */
+ if(bUseXmlSecContainer == TRUE) {
+ ret = CryptAcquireContext(&res,
+ XMLSEC_CONTAINER_NAME,
+ providers[ii].providerName,
+ providers[ii].providerType,
+ CRYPT_NEWKEYSET | dwFlags);
+ if((ret == TRUE) && (res != 0)) {
+ /* ALEKSEY TODO - NEED TO DELETE ALL THE TEMP CONTEXTS ON SHUTDOWN
+
+ CryptAcquireContext(&tmp, XMLSEC_CONTAINER_NAME,
+ providers[ii].providerName,
+ providers[ii].providerType,
+ CRYPT_DELETEKEYSET);
+
+ */
+ return (res);
+ }
+ }
+ break;
+
+ default:
+ /* ignore */
+ break;
+ }
+ }
+
+ return (0);
+}
+
+
+/********************************************************************
+ *
+ * Utils
+ *
+ ********************************************************************/
+int
+ConvertEndian(const xmlSecByte * src, xmlSecByte * dst, xmlSecSize size) {
+ xmlSecByte * p;
+
+ xmlSecAssert2(src != NULL, -1);
+ xmlSecAssert2(dst != NULL, -1);
+ xmlSecAssert2(size > 0, -1);
+
+ for(p = dst + size - 1; p >= dst; ++src, --p) {
+ (*p) = (*src);
+ }
+
+ return (0);
+}
+
+int
+ConvertEndianInPlace(xmlSecByte * buf, xmlSecSize size) {
+ xmlSecByte * p;
+ xmlSecByte ch;
+
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(size > 0, -1);
+
+ for(p = buf + size - 1; p >= buf; ++buf, --p) {
+ ch = (*p);
+ (*p) = (*buf);
+ (*buf) = ch;
+ }
+ return (0);
+}
+
+
diff --git a/src/mscrypto/csp_calg.h b/src/mscrypto/csp_calg.h
new file mode 100644
index 00000000..984fe347
--- /dev/null
+++ b/src/mscrypto/csp_calg.h
@@ -0,0 +1,105 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (c) 2005-2006 Cryptocom LTD (http://www.cryptocom.ru).
+ * All rights reserved.
+ */
+#ifndef CRYPTOCOM_CSP_CALG_H
+#define CRYPTOCOM_CSP_CALG_H
+
+#define ALG_TYPE_GR3410 (7 << 9)
+
+#define ALG_SID_MAGPRO_R3410_94 64
+#define ALG_SID_MAGPRO_R3410_94_EPHEM 65
+#define ALG_SID_MAGPRO_R3410_2001 66
+#define ALG_SID_MAGPRO_R3410_2001_EPHEM 67
+#define ALG_SID_MAGPRO_28147_89 68
+#define ALG_SID_GR3411 30
+#define ALG_SID_G28147 30
+
+#define ALG_SID_GR3410 30
+#define ALG_SID_DH_EX_SF 30
+#define ALG_SID_DH_EX_EPHEM 31
+#define ALG_SID_PRO_AGREEDKEY_DH 33
+#define ALG_SID_PRO_SIMMETRYKEY 34
+#define ALG_SID_GR3410EL 35
+#define ALG_SID_DH_EL_SF 36
+#define ALG_SID_DH_EL_EPHEM 37
+
+/*! \defgroup CALG_MAGPRO CALG_MAGPRO
+ * \brief The description of CALG_MAGPRO
+ *
+ * @{
+ */
+
+
+#define CALG_MAGPRO_SIGN_R3410_94 (ALG_CLASS_SIGNATURE | ALG_TYPE_GR3410 | ALG_SID_MAGPRO_R3410_94)
+
+#define CALG_MAGPRO_SIGN_R3410_2001 (ALG_CLASS_SIGNATURE | ALG_TYPE_GR3410 | ALG_SID_MAGPRO_R3410_2001)
+
+#define CALG_MAGPRO_DH_R3410_94 (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_MAGPRO_R3410_94)
+
+#define CALG_MAGPRO_DH_R3410_2001 (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_MAGPRO_R3410_2001)
+
+#define CALG_MAGPRO_DH_R3410_94_EPHEM (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_MAGPRO_R3410_94_EPHEM)
+
+#define CALG_MAGPRO_DH_R3410_2001_EPHEM (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_MAGPRO_R3410_2001_EPHEM)
+
+#define CALG_MAGPRO_HASH_R3411_94 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_GR3411)
+
+#define CALG_MAGPRO_HASH_28147_89 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MAGPRO_28147_89)
+
+#define CALG_MAGPRO_ENCR_28147_89 (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_G28147)
+
+#define CALG_GR3410 (ALG_CLASS_SIGNATURE | ALG_TYPE_GR3410 | ALG_SID_GR3410)
+
+#define CALG_GR3410EL (ALG_CLASS_SIGNATURE | ALG_TYPE_GR3410 | ALG_SID_GR3410EL)
+
+#define CALG_DH_EX_SF (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_DH_EX_SF)
+
+#define CALG_DH_EX_EPHEM (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_DH_EX_EPHEM)
+
+#define CALG_DH_EL_SF (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_DH_EL_SF)
+
+#define CALG_DH_EL_EPHEM (ALG_CLASS_KEY_EXCHANGE | ALG_TYPE_DH | ALG_SID_DH_EL_EPHEM)
+
+/*! @} */
+/*! \defgroup PROV_TYPE PROV_TYPE
+ * \brief The description of PROV_MAGPRO_GOST
+ *
+ * @{
+ */
+#define PROV_MAGPRO_GOST 501
+#define MAGPRO_CSP_A "MagPro CSP"
+#define MAGPRO_CSP_W L"MagPro CSP"
+#ifdef UNICODE
+#define MAGPRO_CSP MAGPRO_CSP_W
+#else
+#define MAGPRO_CSP MAGPRO_CSP_A
+#endif
+
+#define PROV_CRYPTOPRO_GOST 75
+#define CRYPTOPRO_CSP_A "CryptoPro CSP"
+#define CRYPTOPRO_CSP_W L"CryptoPro CSP"
+#ifdef UNICODE
+#define CRYPTOPRO_CSP CRYPTOPRO_CSP_W
+#else
+#define CRYPTOPRO_CSP CRYPTOPRO_CSP_A
+#endif
+
+/*! @} */
+/*! \defgroup PP_MAGPRO PP_MAGPRO
+ *
+ * @{
+ */
+
+#define PP_RNGTYPE 201
+#define PP_RNGSHARED 202
+#define PP_SETUP_UI 203
+
+/*! @} */
+
+#endif //CRYPTOCOM_CSP_CALG_H
diff --git a/src/mscrypto/csp_oid.h b/src/mscrypto/csp_oid.h
new file mode 100644
index 00000000..e5636741
--- /dev/null
+++ b/src/mscrypto/csp_oid.h
@@ -0,0 +1,114 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (c) 2005-2006 Cryptocom LTD (http://www.cryptocom.ru).
+ * All rights reserved.
+ */
+#ifndef CRYPTOCOM_OIDS_csp_H
+#define CRYPTOCOM_OIDS_csp_H
+/* Autogenerated from master.oid by oid2h.tcl */
+
+/*! \defgroup szOID_MAGPRO szOID_MAGPRO
+ * \brief The OIDs supported by MagPro CSP
+ *
+ * @{
+ */
+
+/*! GOST 34.10-94 Diffie-Hellman algorithm Cryptocom LTD */
+#define szOID_MAGPRO_DH_R3410_94 "1.2.643.2.9.1.3.1"
+
+/*! GOST 34.10-2001 Diffie-Hellman algorithm Cryptocom LTD */
+#define szOID_MAGPRO_DH_R3410_2001 "1.2.643.2.9.1.3.2"
+
+/* */
+#define szOID_MAGPRO_DH_R3410_94_EPHEM "1.2.643.2.9.1.3.1"
+
+/* */
+#define szOID_MAGPRO_DH_R3410_2001_EPHEM "1.2.643.2.9.1.3.2"
+
+/*! GOST 34.10/11-94 digital signature algorithm Cryptocom LTD with digest */
+#define szOID_MAGPRO_SIGN_R3410_94 "1.2.643.2.9.1.3.3"
+
+/*! GOST 34.10-2001 digital signature algorithm with digest */
+#define szOID_MAGPRO_SIGN_R3410_2001 "1.2.643.2.9.1.3.4"
+
+/*! GOST 28147-89 MAC algorithm Cryptocom LTD */
+#define szOID_MAGPRO_HASH_28147_89 "1.2.643.2.9.1.4.1"
+
+#define szOID_MAGPRO_PUBKEY_DH_R3410_94 "1.2.643.2.9.1.5.1"
+
+#define szOID_MAGPRO_PUBKEY_DH_R3410_2001 "1.2.643.2.9.1.5.2"
+
+/*! GOST 34.10/11-94 digital signature algorithm Cryptocom LTD */
+#define szOID_MAGPRO_PUBKEY_SIGN_R3410_94 "1.2.643.2.9.1.5.3"
+
+/*! GOST 34.10-2001 digital signature algorithm */
+#define szOID_MAGPRO_PUBKEY_SIGN_R3410_2001 "1.2.643.2.9.1.5.4"
+
+/*! GOST 28147-89 encryption parameters */
+#define szOID_MAGPRO_PARAM_ENCR_28147_89 "1.2.643.2.9.1.6.1"
+
+/*! GOST 34.10-2001 public key parameters */
+#define szOID_MAGPRO_PARAM_PK_CC_01 "1.2.643.2.9.1.8.1"
+
+/*! GOST 28147-89 symmetric cipher Cryptocom LTD */
+#define szOID_MAGPRO_ENCR_28147_89 "1.2.643.2.2.21"
+
+/*! GOST 34.10-2001 digital signature algorithm CryptoPro LTD */
+#define szOID_MAGPRO_SIGN_R3410_2001_CP "1.2.643.2.2.3"
+
+/*! GOST 34.10/11-94 digital signature algorithm CryptoPro LTD */
+#define szOID_MAGPRO_SIGN_R3410_94_CP "1.2.643.2.2.4"
+
+/*! GOST 34.11-94 digest algorithm Cryptocom LTD */
+#define szOID_MAGPRO_HASH_R3411_94 "1.2.643.2.2.9"
+
+/*! GOST 34.10-2001 digital signature algorithm CryptoPro LTD public key */
+#define szOID_MAGPRO_PUBKEY_SIGN_R3410_2001_CP "1.2.643.2.2.19"
+
+/*! GOST 34.10/11-94 digital signature algorithm CryptoPro LTD public key */
+#define szOID_MAGPRO_PUBKEY_SIGN_R3410_94_CP "1.2.643.2.2.20"
+
+/*! GostR3411-94-CryptoProParamSet */
+#define szOID_MAGPRO_PARAM_HASH_3411_94 "1.2.643.2.2.30.1"
+
+/*! GostR3410-94-CryptoPro-A-ParamSet */
+#define szOID_MAGPRO_PARAM_PK_CC_94 "1.2.643.2.2.32.2"
+
+
+#define szOID_CP_PARAM_R3411_94_DEF "1.2.643.2.2.30.1"
+#define szOID_CP_PARAM_R3411_94_1 "1.2.643.2.2.30.2"
+#define szOID_CP_PARAM_R3411_94_2 "1.2.643.2.2.30.3"
+#define szOID_CP_PARAM_R3411_94_3 "1.2.643.2.2.30.4"
+
+#define szOID_CP_PARAM_28147_89_DEF "1.2.643.2.2.31.1"
+#define szOID_CP_PARAM_28147_89_1 "1.2.643.2.2.31.2"
+#define szOID_CP_PARAM_28147_89_2 "1.2.643.2.2.31.3"
+#define szOID_CP_PARAM_28147_89_3 "1.2.643.2.2.31.4"
+#define szOID_CP_PARAM_28147_89_4 "1.2.643.2.2.31.5"
+#define szOID_CP_PARAM_28147_89_5 "1.2.643.2.2.31.6"
+#define szOID_CP_PARAM_28147_89_6 "1.2.643.2.2.31.7"
+
+/* OID for Signature 1024*/
+#define szOID_CP_PARAM_PK_R3410_94_DEF "1.2.643.2.2.32.2" /*VerbaO*/
+#define szOID_CP_PARAM_PK_R3410_94_S1 "1.2.643.2.2.32.3"
+#define szOID_CP_PARAM_PK_R3410_94_S2 "1.2.643.2.2.32.4"
+#define szOID_CP_PARAM_PK_R3410_94_S3 "1.2.643.2.2.32.5"
+/* OID for DH 1024*/
+#define szOID_CP_PARAM_PK_R3410_94_E1 "1.2.643.2.2.33.1"
+#define szOID_CP_PARAM_PK_R3410_94_E2 "1.2.643.2.2.33.2"
+#define szOID_CP_PARAM_PK_R3410_94_E3 "1.2.643.2.2.33.3"
+
+#define szOID_CP_PARAM_PK_R3410_2001_DEF "1.2.643.2.2.35.1"
+#define szOID_CP_PARAM_PK_R3410_2001_S0 "1.2.643.2.2.35.2"
+#define szOID_CP_PARAM_PK_R3410_2001_S1 "1.2.643.2.2.35.3"
+#define szOID_CP_PARAM_PK_R3410_2001_E0 "1.2.643.2.2.36.0"
+#define szOID_CP_PARAM_PK_R3410_2001_E1 "1.2.643.2.2.36.1"
+
+
+/*! @} */
+
+#endif
diff --git a/src/mscrypto/digests.c b/src/mscrypto/digests.c
new file mode 100644
index 00000000..9394afdc
--- /dev/null
+++ b/src/mscrypto/digests.c
@@ -0,0 +1,668 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
+ * Copyright (c) 2005-2006 Cryptocom LTD (http://www.cryptocom.ru).
+ */
+#include "globals.h"
+
+#include <string.h>
+#include <windows.h>
+#include <wincrypt.h>
+#ifndef XMLSEC_NO_GOST
+#include "csp_calg.h"
+#endif
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/mscrypto/crypto.h>
+#include "private.h"
+
+#define MSCRYPTO_MAX_HASH_SIZE 256
+
+typedef struct _xmlSecMSCryptoDigestCtx xmlSecMSCryptoDigestCtx, *xmlSecMSCryptoDigestCtxPtr;
+struct _xmlSecMSCryptoDigestCtx {
+ HCRYPTPROV provider;
+ ALG_ID alg_id;
+ const xmlSecMSCryptoProviderInfo * providers;
+ HCRYPTHASH mscHash;
+ unsigned char dgst[MSCRYPTO_MAX_HASH_SIZE];
+ size_t dgstSize; /* dgst size in bytes */
+};
+
+/******************************************************************************
+ *
+ * MSCrypto Digest transforms
+ *
+ * xmlSecMSCryptoDigestCtx is located after xmlSecTransform
+ *
+ *****************************************************************************/
+#define xmlSecMSCryptoDigestSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecMSCryptoDigestCtx))
+#define xmlSecMSCryptoDigestGetCtx(transform) \
+ ((xmlSecMSCryptoDigestCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+
+static int xmlSecMSCryptoDigestInitialize (xmlSecTransformPtr transform);
+static void xmlSecMSCryptoDigestFinalize (xmlSecTransformPtr transform);
+static int xmlSecMSCryptoDigestVerify (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecMSCryptoDigestExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecMSCryptoDigestCheckId (xmlSecTransformPtr transform);
+
+
+/* Ordered list of providers to search for algorithm implementation using
+ * xmlSecMSCryptoFindProvider() function
+ *
+ * MUST END with { NULL, 0 } !!!
+ */
+static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Sha1[] = {
+ { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV, PROV_RSA_AES},
+ { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_PROTOTYPE, PROV_RSA_AES },
+ { MS_STRONG_PROV, PROV_RSA_FULL },
+ { MS_ENHANCED_PROV, PROV_RSA_FULL },
+ { MS_DEF_PROV, PROV_RSA_FULL },
+ { NULL, 0 }
+};
+
+static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Sha2[] = {
+ { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV, PROV_RSA_AES},
+ { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_PROTOTYPE, PROV_RSA_AES },
+ { NULL, 0 }
+};
+
+static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Md5[] = {
+ { MS_STRONG_PROV, PROV_RSA_FULL },
+ { MS_ENHANCED_PROV, PROV_RSA_FULL },
+ { MS_DEF_PROV, PROV_RSA_FULL },
+ { NULL, 0 }
+};
+
+#ifndef XMLSEC_NO_GOST
+static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Gost[] = {
+ { MAGPRO_CSP, PROV_MAGPRO_GOST },
+ { CRYPTOPRO_CSP, PROV_CRYPTOPRO_GOST },
+ { NULL, 0 }
+};
+#endif /*ndef XMLSEC_NO_GOST*/
+
+static int
+xmlSecMSCryptoDigestCheckId(xmlSecTransformPtr transform) {
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformMd5Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformSha1Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformSha256Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformSha384Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformSha512Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA512 */
+
+#ifndef XMLSEC_NO_GOST
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGostR3411_94Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_GOST*/
+
+ return(0);
+}
+
+static int
+xmlSecMSCryptoDigestInitialize(xmlSecTransformPtr transform) {
+ xmlSecMSCryptoDigestCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecMSCryptoDigestCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoDigestSize), -1);
+
+ ctx = xmlSecMSCryptoDigestGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ /* initialize context */
+ memset(ctx, 0, sizeof(xmlSecMSCryptoDigestCtx));
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformMd5Id)) {
+ ctx->alg_id = CALG_MD5;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Md5;
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformSha1Id)) {
+ ctx->alg_id = CALG_SHA1;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Sha1;
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformSha256Id)) {
+ ctx->alg_id = CALG_SHA_256;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Sha2;
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformSha384Id)) {
+ ctx->alg_id = CALG_SHA_384;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Sha2;
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformSha512Id)) {
+ ctx->alg_id = CALG_SHA_512;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Sha2;
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#ifndef XMLSEC_NO_GOST
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGostR3411_94Id)) {
+ ctx->alg_id = CALG_MAGPRO_HASH_R3411_94;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Gost;
+ } else
+#endif /* XMLSEC_NO_GOST*/
+
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ctx->provider = xmlSecMSCryptoFindProvider(ctx->providers, NULL, CRYPT_VERIFYCONTEXT, TRUE);
+ if(ctx->provider == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoFindProvider",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static void xmlSecMSCryptoDigestFinalize(xmlSecTransformPtr transform) {
+ xmlSecMSCryptoDigestCtxPtr ctx;
+
+ xmlSecAssert(xmlSecMSCryptoDigestCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecMSCryptoDigestSize));
+
+ ctx = xmlSecMSCryptoDigestGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ if(ctx->mscHash != 0) {
+ CryptDestroyHash(ctx->mscHash);
+ }
+ if(ctx->provider != 0) {
+ CryptReleaseContext(ctx->provider, 0);
+ }
+
+ memset(ctx, 0, sizeof(xmlSecMSCryptoDigestCtx));
+}
+
+static int
+xmlSecMSCryptoDigestVerify(xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecMSCryptoDigestCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecMSCryptoDigestCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoDigestSize), -1);
+ xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
+ xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecMSCryptoDigestGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->dgstSize > 0, -1);
+
+ if(dataSize != ctx->dgstSize) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "data_size=%d;dgst_size=%d",
+ dataSize, ctx->dgstSize);
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ if(memcmp(ctx->dgst, data, ctx->dgstSize) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "data and digest do not match");
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ transform->status = xmlSecTransformStatusOk;
+ return(0);
+}
+
+static int
+xmlSecMSCryptoDigestExecute(xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecMSCryptoDigestCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ int ret;
+
+ xmlSecAssert2(xmlSecMSCryptoDigestCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoDigestSize), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ in = &(transform->inBuf);
+ xmlSecAssert2(in != NULL, -1);
+
+ out = &(transform->outBuf);
+ xmlSecAssert2(out != NULL, -1);
+
+ ctx = xmlSecMSCryptoDigestGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ ret = CryptCreateHash(ctx->provider,
+ ctx->alg_id,
+ 0,
+ 0,
+ &(ctx->mscHash));
+
+ if((ret == 0) || (ctx->mscHash == 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "CryptCreateHash",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if (transform->status == xmlSecTransformStatusWorking) {
+ xmlSecSize inSize;
+
+ inSize = xmlSecBufferGetSize(in);
+ if(inSize > 0) {
+ ret = CryptHashData(ctx->mscHash,
+ xmlSecBufferGetData(in),
+ inSize,
+ 0);
+
+ if(ret == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "CryptHashData",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ }
+ if(last) {
+ /* TODO: make a MSCrypto compatible assert here */
+ /* xmlSecAssert2((xmlSecSize)EVP_MD_size(ctx->digest) <= sizeof(ctx->dgst), -1); */
+ DWORD retLen;
+ retLen = MSCRYPTO_MAX_HASH_SIZE;
+
+ ret = CryptGetHashParam(ctx->mscHash,
+ HP_HASHVAL,
+ ctx->dgst,
+ &retLen,
+ 0);
+
+ if (ret == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "CryptGetHashParam(HP_HASHVAL)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", MSCRYPTO_MAX_HASH_SIZE);
+ return(-1);
+ }
+
+ ctx->dgstSize = (size_t)retLen;
+
+ xmlSecAssert2(ctx->dgstSize > 0, -1);
+
+ /* copy result to output */
+ if(transform->operation == xmlSecTransformOperationSign) {
+ ret = xmlSecBufferAppend(out, ctx->dgst, ctx->dgstSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", ctx->dgstSize);
+ return(-1);
+ }
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+
+ return(0);
+}
+
+
+#ifndef XMLSEC_NO_MD5
+/******************************************************************************
+ *
+ * MD5
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoMd5Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* size_t klassSize */
+ xmlSecMSCryptoDigestSize, /* size_t objSize */
+
+ xmlSecNameMd5, /* const xmlChar* name; */
+ xmlSecHrefMd5, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+ xmlSecMSCryptoDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformMd5GetKlass:
+ *
+ * SHA-1 digest transform klass.
+ *
+ * Returns: pointer to SHA-1 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformMd5GetKlass(void) {
+ return(&xmlSecMSCryptoMd5Klass);
+}
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_SHA1
+/******************************************************************************
+ *
+ * SHA1
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoSha1Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* size_t klassSize */
+ xmlSecMSCryptoDigestSize, /* size_t objSize */
+
+ xmlSecNameSha1, /* const xmlChar* name; */
+ xmlSecHrefSha1, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+ xmlSecMSCryptoDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformSha1GetKlass:
+ *
+ * SHA-1 digest transform klass.
+ *
+ * Returns: pointer to SHA-1 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformSha1GetKlass(void) {
+ return(&xmlSecMSCryptoSha1Klass);
+}
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+/******************************************************************************
+ *
+ * SHA256
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoSha256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* size_t klassSize */
+ xmlSecMSCryptoDigestSize, /* size_t objSize */
+
+ xmlSecNameSha256, /* const xmlChar* name; */
+ xmlSecHrefSha256, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+ xmlSecMSCryptoDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformSha256GetKlass:
+ *
+ * SHA-256 digest transform klass.
+ *
+ * Returns: pointer to SHA-256 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformSha256GetKlass(void) {
+ return(&xmlSecMSCryptoSha256Klass);
+}
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/******************************************************************************
+ *
+ * SHA384
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoSha384Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* size_t klassSize */
+ xmlSecMSCryptoDigestSize, /* size_t objSize */
+
+ xmlSecNameSha384, /* const xmlChar* name; */
+ xmlSecHrefSha384, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+ xmlSecMSCryptoDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformSha384GetKlass:
+ *
+ * SHA-384 digest transform klass.
+ *
+ * Returns: pointer to SHA-384 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformSha384GetKlass(void) {
+ return(&xmlSecMSCryptoSha384Klass);
+}
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/******************************************************************************
+ *
+ * SHA512
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoSha512Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* size_t klassSize */
+ xmlSecMSCryptoDigestSize, /* size_t objSize */
+
+ xmlSecNameSha512, /* const xmlChar* name; */
+ xmlSecHrefSha512, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+ xmlSecMSCryptoDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformSha512GetKlass:
+ *
+ * SHA-512 digest transform klass.
+ *
+ * Returns: pointer to SHA-512 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformSha512GetKlass(void) {
+ return(&xmlSecMSCryptoSha512Klass);
+}
+#endif /* XMLSEC_NO_SHA512 */
+
+#ifndef XMLSEC_NO_GOST
+/******************************************************************************
+ *
+ * GOSTR3411_94
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoGostR3411_94Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* size_t klassSize */
+ xmlSecMSCryptoDigestSize, /* size_t objSize */
+
+ xmlSecNameGostR3411_94, /* const xmlChar* name; */
+ xmlSecHrefGostR3411_94, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+ xmlSecMSCryptoDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformGostR3411_94GetKlass:
+ *
+ * GOSTR3411_94 digest transform klass.
+ *
+ * Returns: pointer to GOSTR3411_94 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformGostR3411_94GetKlass(void) {
+ return(&xmlSecMSCryptoGostR3411_94Klass);
+}
+#endif /* XMLSEC_NO_GOST*/
+
diff --git a/src/mscrypto/globals.h b/src/mscrypto/globals.h
new file mode 100644
index 00000000..2b88d5dd
--- /dev/null
+++ b/src/mscrypto/globals.h
@@ -0,0 +1,39 @@
+/*
+ * XML Security Library
+ *
+ * THIS IS A PRIVATE XMLSEC HEADER FILE
+ * DON'T USE IT IN YOUR APPLICATION
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
+ */
+#ifndef __XMLSEC_GLOBALS_H__
+#define __XMLSEC_GLOBALS_H__
+
+/**
+ * Use autoconf defines if present.
+ */
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif /* HAVE_CONFIG_H */
+
+#define IN_XMLSEC_CRYPTO
+#define XMLSEC_PRIVATE
+
+/* OpenSSL 0.9.6 and 0.9.7 do not have SHA 224/256/384/512 */
+#if defined(XMLSEC_OPENSSL_096) || defined(XMLSEC_OPENSSL_097)
+#define XMLSEC_NO_SHA224 1
+#define XMLSEC_NO_SHA256 1
+#define XMLSEC_NO_SHA384 1
+#define XMLSEC_NO_SHA512 1
+#endif /* defined(XMLSEC_OPENSSL_096) || defined(XMLSEC_OPENSSL_097) */
+
+/* OpenSSL 0.9.6 does not have AES */
+#if defined(XMLSEC_OPENSSL_096)
+#define XMLSEC_NO_AES 1
+#endif /* XMLSEC_OPENSSL_096 */
+
+
+#endif /* ! __XMLSEC_GLOBALS_H__ */
diff --git a/src/mscrypto/hmac.c b/src/mscrypto/hmac.c
new file mode 100644
index 00000000..e8709838
--- /dev/null
+++ b/src/mscrypto/hmac.c
@@ -0,0 +1,963 @@
+/**
+ *
+ * XMLSec library
+ *
+ * HMAC Algorithm support (http://www.w3.org/TR/xmldsig-core/#sec-HMAC):
+ * The HMAC algorithm (RFC2104 [HMAC]) takes the truncation length in bits
+ * as a parameter; if the parameter is not specified then all the bits of the
+ * hash are output. An example of an HMAC SignatureMethod element:
+ * <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1">
+ * <HMACOutputLength>128</HMACOutputLength>
+ * </SignatureMethod>
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef XMLSEC_NO_HMAC
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <windows.h>
+#include <wincrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/mscrypto/crypto.h>
+#include "private.h"
+
+/* sizes in bits */
+#define XMLSEC_MSCRYPTO_MIN_HMAC_SIZE 80
+#define XMLSEC_MSCRYPTO_MAX_HMAC_SIZE 256
+
+/**************************************************************************
+ *
+ * Configuration
+ *
+ *****************************************************************************/
+static int g_xmlsec_mscrypto_hmac_min_length = XMLSEC_MSCRYPTO_MIN_HMAC_SIZE;
+
+/**
+ * xmlSecMSCryptoHmacGetMinOutputLength:
+ *
+ * Gets the value of min HMAC length.
+ *
+ * Returns: the min HMAC output length
+ */
+int xmlSecMSCryptoHmacGetMinOutputLength(void)
+{
+ return g_xmlsec_mscrypto_hmac_min_length;
+}
+
+/**
+ * xmlSecMSCryptoHmacSetMinOutputLength:
+ * @min_length: the new min length
+ *
+ * Sets the min HMAC output length
+ */
+void xmlSecMSCryptoHmacSetMinOutputLength(int min_length)
+{
+ g_xmlsec_mscrypto_hmac_min_length = min_length;
+}
+
+/******************************************************************************
+ *
+ * Internal MSCrypto HMAC CTX
+ *
+ *****************************************************************************/
+typedef struct _xmlSecMSCryptoHmacCtx xmlSecMSCryptoHmacCtx, *xmlSecMSCryptoHmacCtxPtr;
+struct _xmlSecMSCryptoHmacCtx {
+ HCRYPTPROV provider;
+ HCRYPTKEY cryptKey;
+ HCRYPTKEY pubPrivKey;
+ ALG_ID alg_id;
+ const xmlSecMSCryptoProviderInfo * providers;
+ HCRYPTHASH mscHash;
+ unsigned char dgst[XMLSEC_MSCRYPTO_MAX_HMAC_SIZE];
+ size_t dgstSize; /* dgst size in bytes */
+ int ctxInitialized;
+};
+
+/******************************************************************************
+ *
+ * HMAC transforms
+ *
+ * xmlSecMSCryptoHmacCtx is located after xmlSecTransform
+ *
+ *****************************************************************************/
+#define xmlSecMSCryptoHmacGetCtx(transform) \
+ ((xmlSecMSCryptoHmacCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+#define xmlSecMSCryptoHmacSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecMSCryptoHmacCtx))
+
+static int xmlSecMSCryptoHmacCheckId (xmlSecTransformPtr transform);
+static int xmlSecMSCryptoHmacInitialize (xmlSecTransformPtr transform);
+static void xmlSecMSCryptoHmacFinalize (xmlSecTransformPtr transform);
+static int xmlSecMSCryptoHmacNodeRead (xmlSecTransformPtr transform,
+ xmlNodePtr node,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecMSCryptoHmacSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecMSCryptoHmacSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecMSCryptoHmacVerify (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecMSCryptoHmacExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+
+/* Ordered list of providers to search for algorithm implementation using
+ * xmlSecMSCryptoFindProvider() function
+ *
+ * MUST END with { NULL, 0 } !!!
+ */
+static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Hmac[] = {
+ { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV, PROV_RSA_AES},
+ { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_PROTOTYPE, PROV_RSA_AES },
+ { MS_STRONG_PROV, PROV_RSA_FULL },
+ { MS_ENHANCED_PROV, PROV_RSA_FULL },
+ { MS_DEF_PROV, PROV_RSA_FULL },
+ { NULL, 0 }
+};
+
+static int
+xmlSecMSCryptoHmacCheckId(xmlSecTransformPtr transform) {
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformHmacSha1Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformHmacSha256Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformHmacSha384Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformHmacSha512Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformHmacMd5Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+ /* not found */
+ {
+ return(0);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecMSCryptoHmacInitialize(xmlSecTransformPtr transform) {
+ xmlSecMSCryptoHmacCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecMSCryptoHmacCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoHmacSize), -1);
+
+ ctx = xmlSecMSCryptoHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ /* initialize context */
+ memset(ctx, 0, sizeof(xmlSecMSCryptoHmacCtx));
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformHmacSha1Id)) {
+ ctx->alg_id = CALG_SHA1;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Hmac;
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformHmacSha256Id)) {
+ ctx->alg_id = CALG_SHA_256;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Hmac;
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformHmacSha384Id)) {
+ ctx->alg_id = CALG_SHA_384;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Hmac;
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformHmacSha512Id)) {
+ ctx->alg_id = CALG_SHA_512;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Hmac;
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformHmacMd5Id)) {
+ ctx->alg_id = CALG_MD5;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Hmac;
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+ /* not found */
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ctx->provider = xmlSecMSCryptoFindProvider(ctx->providers, NULL, CRYPT_VERIFYCONTEXT, TRUE);
+ if(ctx->provider == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoFindProvider",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* Create dummy key to be able to import plain session keys */
+ if (!xmlSecMSCryptoCreatePrivateExponentOneKey(ctx->provider, &(ctx->pubPrivKey))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoCreatePrivateExponentOneKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+
+ return(-1);
+ }
+
+ return(0);
+}
+
+static void
+xmlSecMSCryptoHmacFinalize(xmlSecTransformPtr transform) {
+ xmlSecMSCryptoHmacCtxPtr ctx;
+
+ xmlSecAssert(xmlSecMSCryptoHmacCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecMSCryptoHmacSize));
+
+ ctx = xmlSecMSCryptoHmacGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ if(ctx->mscHash != 0) {
+ CryptDestroyHash(ctx->mscHash);
+ }
+ if (ctx->cryptKey) {
+ CryptDestroyKey(ctx->cryptKey);
+ }
+ if (ctx->pubPrivKey) {
+ CryptDestroyKey(ctx->pubPrivKey);
+ }
+ if(ctx->provider != 0) {
+ CryptReleaseContext(ctx->provider, 0);
+ }
+
+ memset(ctx, 0, sizeof(xmlSecMSCryptoHmacCtx));
+}
+
+static int
+xmlSecMSCryptoHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecMSCryptoHmacCtxPtr ctx;
+ xmlNodePtr cur;
+
+ xmlSecAssert2(xmlSecMSCryptoHmacCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoHmacSize), -1);
+ xmlSecAssert2(node!= NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecMSCryptoHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ cur = xmlSecGetNextElementNode(node->children);
+ if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHMACOutputLength, xmlSecDSigNs)) {
+ xmlChar *content;
+
+ content = xmlNodeGetContent(cur);
+ if(content != NULL) {
+ ctx->dgstSize = atoi((char*)content);
+ xmlFree(content);
+ }
+
+ /* Ensure that HMAC length is greater than min specified.
+ Otherwise, an attacker can set this length to 0 or very
+ small value
+ */
+ if((int)ctx->dgstSize < xmlSecMSCryptoHmacGetMinOutputLength()) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
+ "HMAC output length is too small");
+ return(-1);
+ }
+
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+static int
+xmlSecMSCryptoHmacSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecAssert2(xmlSecMSCryptoHmacCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoHmacSize), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ keyReq->keyId = xmlSecMSCryptoKeyDataHmacId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+ if(transform->operation == xmlSecTransformOperationSign) {
+ keyReq->keyUsage = xmlSecKeyUsageSign;
+ } else {
+ keyReq->keyUsage = xmlSecKeyUsageVerify;
+ }
+
+ return(0);
+}
+
+static int
+xmlSecMSCryptoHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecMSCryptoHmacCtxPtr ctx;
+ xmlSecKeyDataPtr value;
+ xmlSecBufferPtr buffer;
+ HMAC_INFO hmacInfo;
+ int ret;
+
+ xmlSecAssert2(xmlSecMSCryptoHmacCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoHmacSize), -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ ctx = xmlSecMSCryptoHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->ctxInitialized == 0, -1);
+ xmlSecAssert2(ctx->provider != 0, -1);
+ xmlSecAssert2(ctx->pubPrivKey != 0, -1);
+ xmlSecAssert2(ctx->cryptKey == 0, -1);
+ xmlSecAssert2(ctx->mscHash == 0, -1);
+
+ value = xmlSecKeyGetValue(key);
+ xmlSecAssert2(xmlSecKeyDataCheckId(value, xmlSecMSCryptoKeyDataHmacId), -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(value);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ if(xmlSecBufferGetSize(buffer) == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "keySize=0");
+ return(-1);
+ }
+
+ xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1);
+
+ /* Import this key and get an HCRYPTKEY handle.
+ *
+ * HACK!!! HACK!!! HACK!!!
+ *
+ * Using CALG_RC2 instead of CALG_HMAC for the key algorithm so we don't want to check key length
+ */
+ if (!xmlSecMSCryptoImportPlainSessionBlob(ctx->provider,
+ ctx->pubPrivKey,
+ CALG_RC2,
+ xmlSecBufferGetData(buffer),
+ xmlSecBufferGetSize(buffer),
+ FALSE,
+ &(ctx->cryptKey)
+ ) || (ctx->cryptKey == 0)) {
+
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoImportPlainSessionBlob",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* create hash */
+ ret = CryptCreateHash(ctx->provider,
+ CALG_HMAC,
+ ctx->cryptKey,
+ 0,
+ &(ctx->mscHash));
+ if((ret == 0) || (ctx->mscHash == 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "CryptCreateHash",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* set parameters */
+ memset(&hmacInfo, 0, sizeof(hmacInfo));
+ hmacInfo.HashAlgid = ctx->alg_id;
+ ret = CryptSetHashParam(ctx->mscHash, HP_HMAC_INFO, (BYTE*)&hmacInfo, 0);
+ if(ret == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "CryptSetHashParam",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* done */
+ ctx->ctxInitialized = 1;
+ return(0);
+}
+
+static int
+xmlSecMSCryptoHmacVerify(xmlSecTransformPtr transform,
+ const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx) {
+ static xmlSecByte last_byte_masks[] =
+ { 0xFF, 0x80, 0xC0, 0xE0, 0xF0, 0xF8, 0xFC, 0xFE };
+
+ xmlSecMSCryptoHmacCtxPtr ctx;
+ xmlSecByte mask;
+
+ xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoHmacSize), -1);
+ xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
+ xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecMSCryptoHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->dgstSize > 0, -1);
+
+ /* compare the digest size in bytes */
+ if(dataSize != ((ctx->dgstSize + 7) / 8)){
+ /* NO COMMIT */
+ xmlChar* a;
+ mask = last_byte_masks[ctx->dgstSize % 8];
+ ctx->dgst[dataSize - 1] &= mask;
+ a = xmlSecBase64Encode(ctx->dgst, (ctx->dgstSize + 7) / 8, -1);
+ fprintf(stderr, "%s\n", a);
+ xmlFree(a);
+
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "data=%d;dgst=%d",
+ dataSize, ((ctx->dgstSize + 7) / 8));
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ /* we check the last byte separatelly */
+ xmlSecAssert2(dataSize > 0, -1);
+ mask = last_byte_masks[ctx->dgstSize % 8];
+ if((ctx->dgst[dataSize - 1] & mask) != (data[dataSize - 1] & mask)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_DATA_NOT_MATCH,
+ "data and digest do not match (last byte)");
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ /* now check the rest of the digest */
+ if((dataSize > 1) && (memcmp(ctx->dgst, data, dataSize - 1) != 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_DATA_NOT_MATCH,
+ "data and digest do not match");
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ transform->status = xmlSecTransformStatusOk;
+ return(0);
+}
+
+static int
+xmlSecMSCryptoHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecMSCryptoHmacCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoHmacSize), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+
+ ctx = xmlSecMSCryptoHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->ctxInitialized != 0, -1);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ /* we should be already initialized when we set key */
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if(transform->status == xmlSecTransformStatusWorking) {
+ xmlSecSize inSize;
+
+ inSize = xmlSecBufferGetSize(in);
+ if(inSize > 0) {
+ ret = CryptHashData(ctx->mscHash,
+ xmlSecBufferGetData(in),
+ inSize,
+ 0);
+
+ if(ret == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "CryptHashData",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ }
+
+ if(last) {
+ /* TODO: make a MSCrypto compatible assert here */
+ /* xmlSecAssert2((xmlSecSize)EVP_MD_size(ctx->digest) <= sizeof(ctx->dgst), -1); */
+ DWORD retLen;
+ retLen = XMLSEC_MSCRYPTO_MAX_HMAC_SIZE;
+
+ ret = CryptGetHashParam(ctx->mscHash,
+ HP_HASHVAL,
+ ctx->dgst,
+ &retLen,
+ 0);
+
+ if (ret == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "CryptGetHashParam",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ xmlSecAssert2(retLen > 0, -1);
+
+ /* check/set the result digest size */
+ if(ctx->dgstSize == 0) {
+ ctx->dgstSize = retLen * 8; /* no dgst size specified, use all we have */
+ } else if(ctx->dgstSize <= 8 * retLen) {
+ retLen = ((ctx->dgstSize + 7) / 8); /* we need to truncate result digest */
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "result-bits=%d;required-bits=%d",
+ 8 * retLen, ctx->dgstSize);
+ return(-1);
+ }
+
+ /* copy result to output */
+ if(transform->operation == xmlSecTransformOperationSign) {
+ ret = xmlSecBufferAppend(out, ctx->dgst, retLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", ctx->dgstSize);
+ return(-1);
+ }
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+
+ return(0);
+}
+
+#ifndef XMLSEC_NO_MD5
+/******************************************************************************
+ *
+ * HMAC MD5
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoHmacMd5Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacMd5, /* const xmlChar* name; */
+ xmlSecHrefHmacMd5, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecMSCryptoHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecMSCryptoHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecMSCryptoHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformHmacMd5GetKlass:
+ *
+ * The HMAC-MD5 transform klass.
+ *
+ * Returns: the HMAC-MD5 transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformHmacMd5GetKlass(void) {
+ return(&xmlSecMSCryptoHmacMd5Klass);
+}
+
+#endif /* XMLSEC_NO_MD5 */
+
+
+#ifndef XMLSEC_NO_RIPEMD160
+/******************************************************************************
+ *
+ * HMAC RIPEMD160
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoHmacRipemd160Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacRipemd160, /* const xmlChar* name; */
+ xmlSecHrefHmacRipemd160, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecMSCryptoHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecMSCryptoHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecMSCryptoHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformHmacRipemd160GetKlass:
+ *
+ * The HMAC-RIPEMD160 transform klass.
+ *
+ * Returns: the HMAC-RIPEMD160 transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformHmacRipemd160GetKlass(void) {
+ return(&xmlSecMSCryptoHmacRipemd160Klass);
+}
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+/******************************************************************************
+ *
+ * HMAC SHA1
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoHmacSha1Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha1, /* const xmlChar* name; */
+ xmlSecHrefHmacSha1, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecMSCryptoHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecMSCryptoHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecMSCryptoHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformHmacSha1GetKlass:
+ *
+ * The HMAC-SHA1 transform klass.
+ *
+ * Returns: the HMAC-SHA1 transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformHmacSha1GetKlass(void) {
+ return(&xmlSecMSCryptoHmacSha1Klass);
+}
+
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+/******************************************************************************
+ *
+ * HMAC SHA224
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoHmacSha224Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha224, /* const xmlChar* name; */
+ xmlSecHrefHmacSha224, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecMSCryptoHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecMSCryptoHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecMSCryptoHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformHmacSha224GetKlass:
+ *
+ * The HMAC-SHA224 transform klass.
+ *
+ * Returns: the HMAC-SHA224 transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformHmacSha224GetKlass(void) {
+ return(&xmlSecMSCryptoHmacSha224Klass);
+}
+
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+/******************************************************************************
+ *
+ * HMAC SHA256
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoHmacSha256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha256, /* const xmlChar* name; */
+ xmlSecHrefHmacSha256, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecMSCryptoHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecMSCryptoHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecMSCryptoHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformHmacSha256GetKlass:
+ *
+ * The HMAC-SHA256 transform klass.
+ *
+ * Returns: the HMAC-SHA256 transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformHmacSha256GetKlass(void) {
+ return(&xmlSecMSCryptoHmacSha256Klass);
+}
+
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/******************************************************************************
+ *
+ * HMAC SHA384
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoHmacSha384Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha384, /* const xmlChar* name; */
+ xmlSecHrefHmacSha384, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecMSCryptoHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecMSCryptoHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecMSCryptoHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformHmacSha384GetKlass:
+ *
+ * The HMAC-SHA384 transform klass.
+ *
+ * Returns: the HMAC-SHA384 transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformHmacSha384GetKlass(void) {
+ return(&xmlSecMSCryptoHmacSha384Klass);
+}
+
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/******************************************************************************
+ *
+ * HMAC SHA512
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoHmacSha512Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha512, /* const xmlChar* name; */
+ xmlSecHrefHmacSha512, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecMSCryptoHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecMSCryptoHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecMSCryptoHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformHmacSha512GetKlass:
+ *
+ * The HMAC-SHA512 transform klass.
+ *
+ * Returns: the HMAC-SHA512 transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformHmacSha512GetKlass(void) {
+ return(&xmlSecMSCryptoHmacSha512Klass);
+}
+
+#endif /* XMLSEC_NO_SHA512 */
+
+
+#endif /* XMLSEC_NO_HMAC */
+
diff --git a/src/mscrypto/keysstore.c b/src/mscrypto/keysstore.c
new file mode 100644
index 00000000..33f0cd27
--- /dev/null
+++ b/src/mscrypto/keysstore.c
@@ -0,0 +1,620 @@
+/**
+ * XMLSec library
+ *
+ * MSCrypto keys store that uses Simple Keys Store under the hood. Uses the
+ * MS Certificate store as a backing store for the finding keys, but the
+ * MS Certificate store not written to by the keys store.
+ * So, if store->findkey is done and the key is not found in the simple
+ * keys store, the MS Certificate store is looked up.
+ * Thus, the MS Certificate store can be used to pre-load keys and becomes
+ * an alternate source of keys for xmlsec
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for precise wording.
+ *
+ * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
+ * Copyright (C) 2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <windows.h>
+#include <wincrypt.h>
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/buffer.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/errors.h>
+#include <xmlsec/xmltree.h>
+
+#include <xmlsec/keysmngr.h>
+
+#include <xmlsec/mscrypto/app.h>
+#include <xmlsec/mscrypto/crypto.h>
+#include <xmlsec/mscrypto/keysstore.h>
+#include <xmlsec/mscrypto/x509.h>
+#include <xmlsec/mscrypto/certkeys.h>
+#include "private.h"
+
+#define XMLSEC_MSCRYPTO_APP_DEFAULT_CERT_STORE_NAME_A "MY"
+#define XMLSEC_MSCRYPTO_APP_DEFAULT_CERT_STORE_NAME_W L"MY"
+#ifdef UNICODE
+#define XMLSEC_MSCRYPTO_APP_DEFAULT_CERT_STORE_NAME XMLSEC_MSCRYPTO_APP_DEFAULT_CERT_STORE_NAME_W
+#else /* UNICODE */
+#define XMLSEC_MSCRYPTO_APP_DEFAULT_CERT_STORE_NAME XMLSEC_MSCRYPTO_APP_DEFAULT_CERT_STORE_NAME_A
+#endif /* UNICODE */
+
+/****************************************************************************
+ *
+ * MSCrypto Keys Store. Uses Simple Keys Store under the hood
+ *
+ * Simple Keys Store ptr is located after xmlSecKeyStore
+ *
+ ***************************************************************************/
+#define xmlSecMSCryptoKeysStoreSize \
+ (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr))
+
+#define xmlSecMSCryptoKeysStoreGetSS(store) \
+ ((xmlSecKeyStoreCheckSize((store), xmlSecMSCryptoKeysStoreSize)) ? \
+ (xmlSecKeyStorePtr*)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \
+ (xmlSecKeyStorePtr*)NULL)
+
+static int xmlSecMSCryptoKeysStoreInitialize (xmlSecKeyStorePtr store);
+static void xmlSecMSCryptoKeysStoreFinalize (xmlSecKeyStorePtr store);
+static xmlSecKeyPtr xmlSecMSCryptoKeysStoreFindKey (xmlSecKeyStorePtr store,
+ const xmlChar* name,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+
+static xmlSecKeyStoreKlass xmlSecMSCryptoKeysStoreKlass = {
+ sizeof(xmlSecKeyStoreKlass),
+ xmlSecMSCryptoKeysStoreSize,
+
+ /* data */
+ BAD_CAST "MSCrypto-keys-store", /* const xmlChar* name; */
+
+ /* constructors/destructor */
+ xmlSecMSCryptoKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */
+ xmlSecMSCryptoKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */
+ xmlSecMSCryptoKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoKeysStoreGetKlass:
+ *
+ * The MSCrypto list based keys store klass.
+ *
+ * Returns: MSCrypto list based keys store klass.
+ */
+xmlSecKeyStoreId
+xmlSecMSCryptoKeysStoreGetKlass(void) {
+ return(&xmlSecMSCryptoKeysStoreKlass);
+}
+
+/**
+ * xmlSecMSCryptoKeysStoreAdoptKey:
+ * @store: the pointer to MSCrypto keys store.
+ * @key: the pointer to key.
+ *
+ * Adds @key to the @store.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecMSCryptoKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) {
+ xmlSecKeyStorePtr *ss;
+
+ xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecMSCryptoKeysStoreId), -1);
+ xmlSecAssert2((key != NULL), -1);
+
+ ss = xmlSecMSCryptoKeysStoreGetSS(store);
+ xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
+ (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
+
+ return (xmlSecSimpleKeysStoreAdoptKey(*ss, key));
+}
+
+/**
+ * xmlSecMSCryptoKeysStoreLoad:
+ * @store: the pointer to MSCrypto keys store.
+ * @uri: the filename.
+ * @keysMngr: the pointer to associated keys manager.
+ *
+ * Reads keys from an XML file.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecMSCryptoKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri,
+ xmlSecKeysMngrPtr keysMngr) {
+ xmlDocPtr doc;
+ xmlNodePtr root;
+ xmlNodePtr cur;
+ xmlSecKeyPtr key;
+ xmlSecKeyInfoCtx keyInfoCtx;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecMSCryptoKeysStoreId), -1);
+ xmlSecAssert2((uri != NULL), -1);
+
+ doc = xmlParseFile(uri);
+ if(doc == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlParseFile",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "uri=%s",
+ xmlSecErrorsSafeString(uri));
+ return(-1);
+ }
+
+ root = xmlDocGetRootElement(doc);
+ if(!xmlSecCheckNodeName(root, BAD_CAST "Keys", xmlSecNs)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(root)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "expected-node=<xmlsec:Keys>");
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+
+ cur = xmlSecGetNextElementNode(root->children);
+ while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeKeyInfo, xmlSecDSigNs)) {
+ key = xmlSecKeyCreate();
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "expected-node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+
+ ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecKeyInfoCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(key);
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+
+ keyInfoCtx.mode = xmlSecKeyInfoModeRead;
+ keyInfoCtx.keysMngr = keysMngr;
+ keyInfoCtx.flags = XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND |
+ XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
+ keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown;
+ keyInfoCtx.keyReq.keyType = xmlSecKeyDataTypeAny;
+ keyInfoCtx.keyReq.keyUsage= xmlSecKeyDataUsageAny;
+
+ ret = xmlSecKeyInfoNodeRead(cur, key, &keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecKeyInfoNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
+ xmlSecKeyDestroy(key);
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
+
+ if(xmlSecKeyIsValid(key)) {
+ ret = xmlSecMSCryptoKeysStoreAdoptKey(store, key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecMSCryptoKeysStoreAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(key);
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+ } else {
+ /* we have an unknown key in our file, just ignore it */
+ xmlSecKeyDestroy(key);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+
+ xmlFreeDoc(doc);
+ return(0);
+}
+
+/**
+ * xmlSecMSCryptoKeysStoreSave:
+ * @store: the pointer to MSCrypto keys store.
+ * @filename: the filename.
+ * @type: the saved keys type (public, private, ...).
+ *
+ * Writes keys from @store to an XML file.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecMSCryptoKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) {
+ xmlSecKeyStorePtr *ss;
+
+ xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecMSCryptoKeysStoreId), -1);
+ xmlSecAssert2((filename != NULL), -1);
+
+ ss = xmlSecMSCryptoKeysStoreGetSS(store);
+ xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
+ (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
+
+ return (xmlSecSimpleKeysStoreSave(*ss, filename, type));
+}
+
+static int
+xmlSecMSCryptoKeysStoreInitialize(xmlSecKeyStorePtr store) {
+ xmlSecKeyStorePtr *ss;
+
+ xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecMSCryptoKeysStoreId), -1);
+
+ ss = xmlSecMSCryptoKeysStoreGetSS(store);
+ xmlSecAssert2((*ss == NULL), -1);
+
+ *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
+ if(*ss == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecKeyStoreCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecSimpleKeysStoreId");
+ return(-1);
+ }
+
+ return(0);
+}
+
+static void
+xmlSecMSCryptoKeysStoreFinalize(xmlSecKeyStorePtr store) {
+ xmlSecKeyStorePtr *ss;
+
+ xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecMSCryptoKeysStoreId));
+
+ ss = xmlSecMSCryptoKeysStoreGetSS(store);
+ xmlSecAssert((ss != NULL) && (*ss != NULL));
+
+ xmlSecKeyStoreDestroy(*ss);
+}
+
+static PCCERT_CONTEXT
+xmlSecMSCryptoKeysStoreFindCert(xmlSecKeyStorePtr store, const xmlChar* name,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ LPCTSTR storeName;
+ HCERTSTORE hStoreHandle = NULL;
+ PCCERT_CONTEXT pCertContext = NULL;
+ LPTSTR wcName = NULL;
+
+ xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecMSCryptoKeysStoreId), NULL);
+ xmlSecAssert2(name != NULL, NULL);
+ xmlSecAssert2(keyInfoCtx != NULL, NULL);
+
+ storeName = xmlSecMSCryptoAppGetCertStoreName();
+ if(storeName == NULL) {
+ storeName = XMLSEC_MSCRYPTO_APP_DEFAULT_CERT_STORE_NAME;
+ }
+
+ hStoreHandle = CertOpenSystemStore(0, storeName);
+ if (NULL == hStoreHandle) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertOpenSystemStore",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "storeName=%s",
+ xmlSecErrorsSafeString(storeName));
+ return(NULL);
+ }
+
+ /* convert name to unicode */
+ wcName = xmlSecMSCryptoConvertUtf8ToTstr(name);
+ if(wcName == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecMSCryptoConvertUtf8ToUnicode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "wcName");
+ CertCloseStore(hStoreHandle, 0);
+ return(NULL);
+ }
+
+ /* first attempt: try to find the cert with a full blown subject dn */
+ if(NULL == pCertContext) {
+ pCertContext = xmlSecMSCryptoX509FindCertBySubject(
+ hStoreHandle,
+ wcName,
+ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING);
+ }
+
+ /*
+ * Try ro find certificate with name="Friendly Name"
+ */
+ if (NULL == pCertContext) {
+ DWORD dwPropSize;
+ PBYTE pbFriendlyName;
+ PCCERT_CONTEXT pCertCtxIter = NULL;
+
+
+ while (pCertCtxIter = CertEnumCertificatesInStore(hStoreHandle, pCertCtxIter)) {
+ if (TRUE != CertGetCertificateContextProperty(pCertCtxIter,
+ CERT_FRIENDLY_NAME_PROP_ID,
+ NULL,
+ &dwPropSize)) {
+ continue;
+ }
+
+ pbFriendlyName = xmlMalloc(dwPropSize);
+ if(pbFriendlyName == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(wcName);
+ CertCloseStore(hStoreHandle, 0);
+ return(NULL);
+ }
+
+ if (TRUE != CertGetCertificateContextProperty(pCertCtxIter,
+ CERT_FRIENDLY_NAME_PROP_ID,
+ pbFriendlyName,
+ &dwPropSize)) {
+ xmlFree(pbFriendlyName);
+ continue;
+ }
+
+ /* Compare FriendlyName to name */
+ if (!lstrcmp(wcName, (LPCTSTR)pbFriendlyName)) {
+ pCertContext = pCertCtxIter;
+ xmlFree(pbFriendlyName);
+ break;
+ }
+ xmlFree(pbFriendlyName);
+ }
+ }
+
+ /* We don't give up easily, now try to find cert with part of the name
+ */
+ if (NULL == pCertContext) {
+ pCertContext = CertFindCertificateInStore(
+ hStoreHandle,
+ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+ 0,
+ CERT_FIND_SUBJECT_STR,
+ wcName,
+ NULL);
+ }
+
+
+ /* We could do the following here:
+ * It would be nice if we could locate the cert with issuer name and
+ * serial number, the given keyname can be something like this:
+ * 'serial=1234567;issuer=CN=ikke, C=NL'
+ * to be implemented by the first person who reads this, and thinks it's
+ * a good idea :) WK
+ */
+
+ /* OK, I give up, I'm gone :( */
+
+ /* aleksey todo: is it a right idea to close store if we have a handle to
+ * a cert in this store? */
+ xmlFree(wcName);
+ CertCloseStore(hStoreHandle, 0);
+ return(pCertContext);
+}
+
+
+static xmlSecKeyPtr
+xmlSecMSCryptoKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyStorePtr* ss;
+ xmlSecKeyPtr key = NULL;
+ xmlSecKeyReqPtr keyReq = NULL;
+ PCCERT_CONTEXT pCertContext = NULL;
+ PCCERT_CONTEXT pCertContext2 = NULL;
+ xmlSecKeyDataPtr data = NULL;
+ xmlSecKeyDataPtr x509Data = NULL;
+ xmlSecKeyPtr res = NULL;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecMSCryptoKeysStoreId), NULL);
+ xmlSecAssert2(keyInfoCtx != NULL, NULL);
+
+ ss = xmlSecMSCryptoKeysStoreGetSS(store);
+ xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL);
+
+ /* first try to find key in the simple keys store */
+ key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx);
+ if (key != NULL) {
+ return (key);
+ }
+
+ /* Next try to find the key in the MS Certificate store, and construct an xmlSecKey.
+ * we must have a name to lookup keys in the certificate store.
+ */
+ if (name == NULL) {
+ goto done;
+ }
+
+ /* what type of key are we looking for?
+ * WK: For now, we'll look only for public/private keys using the
+ * name as a cert nickname. Then the name is regarded as the subject
+ * dn of the certificate to be searched for.
+ */
+ keyReq = &(keyInfoCtx->keyReq);
+ if (keyReq->keyType & (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) {
+ pCertContext = xmlSecMSCryptoKeysStoreFindCert(store, name, keyInfoCtx);
+ if(pCertContext == NULL) {
+ goto done;
+ }
+
+ /* set cert in x509 data */
+ x509Data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataX509Id);
+ if(x509Data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+
+ pCertContext2 = CertDuplicateCertificateContext(pCertContext);
+ if (NULL == pCertContext2) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertDuplicateCertificateContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+
+ ret = xmlSecMSCryptoKeyDataX509AdoptCert(x509Data, pCertContext2);
+ if (ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+ pCertContext2 = NULL;
+
+ pCertContext2 = CertDuplicateCertificateContext(pCertContext);
+ if (NULL == pCertContext2) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertDuplicateCertificateContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+
+ ret = xmlSecMSCryptoKeyDataX509AdoptKeyCert(x509Data, pCertContext2);
+ if (ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoKeyDataX509AdoptKeyCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+ pCertContext2 = NULL;
+
+ /* set cert in key data */
+ data = xmlSecMSCryptoCertAdopt(pCertContext, keyReq->keyType);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoCertAdopt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ pCertContext = NULL;
+
+ /* create key and add key data and x509 data to it */
+ key = xmlSecKeyCreate();
+ if (key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ ret = xmlSecKeySetValue(key, data);
+ if (ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
+ goto done;
+ }
+ data = NULL;
+
+ ret = xmlSecKeyAdoptData(key, x509Data);
+ if (ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyAdoptData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+ x509Data = NULL;
+
+ /* Set the name of the key to the given name */
+ ret = xmlSecKeySetName(key, name);
+ if (ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecKeySetName",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* now that we have a key, make sure it is valid and let the simple
+ * store adopt it */
+ if (xmlSecKeyIsValid(key)) {
+ res = key;
+ key = NULL;
+ }
+ }
+
+done:
+ if (NULL != pCertContext) {
+ CertFreeCertificateContext(pCertContext);
+ }
+ if (NULL != pCertContext2) {
+ CertFreeCertificateContext(pCertContext2);
+ }
+ if (data != NULL) {
+ xmlSecKeyDataDestroy(data);
+ }
+ if (x509Data != NULL) {
+ xmlSecKeyDataDestroy(x509Data);
+ }
+ if (key != NULL) {
+ xmlSecKeyDestroy(key);
+ }
+
+ return (res);
+}
diff --git a/src/mscrypto/kt_rsa.c b/src/mscrypto/kt_rsa.c
new file mode 100644
index 00000000..9b4908fa
--- /dev/null
+++ b/src/mscrypto/kt_rsa.c
@@ -0,0 +1,631 @@
+/**
+ *
+ * XMLSec library
+ *
+ * RSA Algorithms support
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
+ */
+#include "globals.h"
+
+#ifndef XMLSEC_NO_RSA
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/buffer.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/strings.h>
+#include <xmlsec/errors.h>
+#include <xmlsec/keyinfo.h>
+
+#include <xmlsec/mscrypto/crypto.h>
+#include <xmlsec/mscrypto/certkeys.h>
+#include "private.h"
+
+/**************************************************************************
+ *
+ * Internal MSCRYPTO RSA PKCS1 CTX
+ *
+ *************************************************************************/
+typedef struct _xmlSecMSCryptoRsaPkcs1OaepCtx xmlSecMSCryptoRsaPkcs1OaepCtx,
+ *xmlSecMSCryptoRsaPkcs1OaepCtxPtr;
+struct _xmlSecMSCryptoRsaPkcs1OaepCtx {
+ DWORD dwFlags;
+ xmlSecKeyDataPtr data;
+ xmlSecBuffer oaepParams;
+};
+
+/*********************************************************************
+ *
+ * RSA PKCS1 key transport transform
+ *
+ * xmlSecMSCryptoRsaPkcs1OaepCtx is located after xmlSecTransform
+ *
+ ********************************************************************/
+#define xmlSecMSCryptoRsaPkcs1OaepCtx \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecMSCryptoRsaPkcs1OaepCtx))
+#define xmlSecMSCryptoRsaPkcs1OaepGetCtx(transform) \
+ ((xmlSecMSCryptoRsaPkcs1OaepCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecMSCryptoRsaPkcs1OaepCheckId (xmlSecTransformPtr transform);
+static int xmlSecMSCryptoRsaPkcs1OaepInitialize (xmlSecTransformPtr transform);
+static void xmlSecMSCryptoRsaPkcs1OaepFinalize (xmlSecTransformPtr transform);
+static int xmlSecMSCryptoRsaPkcs1OaepSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecMSCryptoRsaPkcs1OaepSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecMSCryptoRsaPkcs1OaepExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecMSCryptoRsaPkcs1OaepProcess (xmlSecTransformPtr transform,
+ xmlSecTransformCtxPtr transformCtx);
+
+
+static int
+xmlSecMSCryptoRsaPkcs1OaepCheckId(xmlSecTransformPtr transform) {
+
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaPkcs1Id)) {
+ return(1);
+ } else
+
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaOaepId)) {
+ return(1);
+ } else
+
+ /* not found */
+ {
+ return(0);
+ }
+
+ /* just in case */
+ return(0);
+}
+
+static int
+xmlSecMSCryptoRsaPkcs1OaepInitialize(xmlSecTransformPtr transform) {
+ xmlSecMSCryptoRsaPkcs1OaepCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecMSCryptoRsaPkcs1OaepCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1OaepCtx), -1);
+
+ ctx = xmlSecMSCryptoRsaPkcs1OaepGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ /* initialize */
+ memset(ctx, 0, sizeof(xmlSecMSCryptoRsaPkcs1OaepCtx));
+
+ ret = xmlSecBufferInitialize(&(ctx->oaepParams), 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaPkcs1Id)) {
+ ctx->dwFlags = 0;
+ } else
+
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaOaepId)) {
+ ctx->dwFlags = CRYPT_OAEP;
+ } else
+
+ /* not found */
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* done */
+ return(0);
+}
+
+static void
+xmlSecMSCryptoRsaPkcs1OaepFinalize(xmlSecTransformPtr transform) {
+ xmlSecMSCryptoRsaPkcs1OaepCtxPtr ctx;
+
+ xmlSecAssert(xmlSecMSCryptoRsaPkcs1OaepCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1OaepCtx));
+
+ ctx = xmlSecMSCryptoRsaPkcs1OaepGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ if (ctx->data != NULL) {
+ xmlSecKeyDataDestroy(ctx->data);
+ ctx->data = NULL;
+ }
+
+ xmlSecBufferFinalize(&(ctx->oaepParams));
+ memset(ctx, 0, sizeof(xmlSecMSCryptoRsaPkcs1OaepCtx));
+}
+
+static int
+xmlSecMSCryptoRsaPkcs1OaepSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecMSCryptoRsaPkcs1OaepCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecMSCryptoRsaPkcs1OaepCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1OaepCtx), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ ctx = xmlSecMSCryptoRsaPkcs1OaepGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keyReq->keyId = xmlSecMSCryptoKeyDataRsaId;
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ keyReq->keyType = xmlSecKeyDataTypePublic;
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+ } else {
+ keyReq->keyType = xmlSecKeyDataTypePrivate;
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+ }
+ return(0);
+}
+
+static int
+xmlSecMSCryptoRsaPkcs1OaepSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecMSCryptoRsaPkcs1OaepCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecMSCryptoRsaPkcs1OaepCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1OaepCtx), -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecMSCryptoKeyDataRsaId), -1);
+
+ ctx = xmlSecMSCryptoRsaPkcs1OaepGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->data == NULL, -1);
+
+ ctx->data = xmlSecKeyDataDuplicate(xmlSecKeyGetValue(key));
+ if(ctx->data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKeyDataDuplicate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecMSCryptoRsaPkcs1OaepExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecMSCryptoRsaPkcs1OaepCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecMSCryptoRsaPkcs1OaepCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1OaepCtx), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecMSCryptoRsaPkcs1OaepGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
+ /* just do nothing */
+ } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
+ ret = xmlSecMSCryptoRsaPkcs1OaepProcess(transform, transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoRsaPkcs1OaepProcess",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+ return(0);
+}
+
+static int
+xmlSecMSCryptoRsaPkcs1OaepProcess(xmlSecTransformPtr transform, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecMSCryptoRsaPkcs1OaepCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ xmlSecSize inSize, outSize;
+ xmlSecSize keySize;
+ int ret;
+ HCRYPTKEY hKey = 0;
+ DWORD dwInLen;
+ DWORD dwBufLen;
+ DWORD dwOutLen;
+ xmlSecByte * outBuf;
+ xmlSecByte * inBuf;
+ int i;
+
+ xmlSecAssert2(xmlSecMSCryptoRsaPkcs1OaepCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1OaepCtx), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecMSCryptoRsaPkcs1OaepGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->data != NULL, -1);
+
+ keySize = xmlSecKeyDataGetSize(ctx->data) / 8;
+ xmlSecAssert2(keySize > 0, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+ xmlSecAssert2(outSize == 0, -1);
+
+ /* the encoded size is equal to the keys size so we could not
+ * process more than that */
+ if((transform->operation == xmlSecTransformOperationEncrypt) && (inSize >= keySize)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "%d when expected less than %d", inSize, keySize);
+ return(-1);
+ } else if((transform->operation == xmlSecTransformOperationDecrypt) && (inSize != keySize)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "%d when expected %d", inSize, keySize);
+ return(-1);
+ }
+
+ outSize = keySize;
+ ret = xmlSecBufferSetMaxSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ if(inSize > outSize) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "inSize=%d;outSize=%d",
+ inSize, outSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferSetData(out, xmlSecBufferGetData(in), inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+ dwInLen = inSize;
+ dwBufLen = outSize;
+ if (0 == (hKey = xmlSecMSCryptoKeyDataGetKey(ctx->data, xmlSecKeyDataTypePublic))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoKeyDataGetKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (-1);
+ }
+
+ outBuf = xmlSecBufferGetData(out);
+ xmlSecAssert2(outBuf != NULL, -1);
+
+ /* set OAEP parameter for the key
+ *
+ * aleksey: I don't understand how this would work in multi-threaded
+ * environment or when key can be re-used multiple times
+ */
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaOaepId) && xmlSecBufferGetSize(&(ctx->oaepParams)) > 0) {
+ CRYPT_DATA_BLOB oaepParams;
+
+ memset(&oaepParams, 0, sizeof(oaepParams));
+ oaepParams.pbData = xmlSecBufferGetData(&(ctx->oaepParams));
+ oaepParams.cbData = xmlSecBufferGetSize(&(ctx->oaepParams));
+
+ if (!CryptSetKeyParam(hKey, KP_OAEP_PARAMS, (const BYTE*)&oaepParams, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptSetKeyParam",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (-1);
+ }
+ }
+
+ /* encrypt */
+ if (!CryptEncrypt(hKey, 0, TRUE, ctx->dwFlags, outBuf, &dwInLen, dwBufLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptEncrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (-1);
+ }
+
+ /* The output of CryptEncrypt is in little-endian format, so we have to convert to
+ * big-endian first.
+ */
+ ConvertEndianInPlace(outBuf, outSize);
+ } else {
+ dwOutLen = inSize;
+
+ /* The input of CryptDecrypt is expected to be little-endian,
+ * so we have to convert from big-endian to little endian.
+ */
+ inBuf = xmlSecBufferGetData(in);
+ outBuf = xmlSecBufferGetData(out);
+ ConvertEndian(inBuf, outBuf, inSize);
+
+ if (0 == (hKey = xmlSecMSCryptoKeyDataGetDecryptKey(ctx->data))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoKeyDataGetKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (-1);
+ }
+
+ /* set OAEP parameter for the key
+ *
+ * aleksey: I don't understand how this would work in multi-threaded
+ * environment or when key can be re-used multiple times
+ */
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaOaepId) && xmlSecBufferGetSize(&(ctx->oaepParams)) > 0) {
+ CRYPT_DATA_BLOB oaepParams;
+
+ memset(&oaepParams, 0, sizeof(oaepParams));
+ oaepParams.pbData = xmlSecBufferGetData(&(ctx->oaepParams));
+ oaepParams.cbData = xmlSecBufferGetSize(&(ctx->oaepParams));
+
+ if (!CryptSetKeyParam(hKey, KP_OAEP_PARAMS, (const BYTE*)&oaepParams, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptSetKeyParam",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (-1);
+ }
+ }
+
+ /* decrypt */
+ if (!CryptDecrypt(hKey, 0, TRUE, ctx->dwFlags, outBuf, &dwOutLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "CryptDecrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ outSize = dwOutLen;
+ }
+
+ ret = xmlSecBufferSetSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+ return(0);
+}
+
+
+/**********************************************************************
+ *
+ * RSA/PKCS1 transform
+ *
+ **********************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoRsaPkcs1Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoRsaPkcs1OaepCtx, /* xmlSecSize objSize */
+
+ xmlSecNameRsaPkcs1, /* const xmlChar* name; */
+ xmlSecHrefRsaPkcs1, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecMSCryptoRsaPkcs1OaepInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoRsaPkcs1OaepFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoRsaPkcs1OaepSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecMSCryptoRsaPkcs1OaepSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoRsaPkcs1OaepExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+
+/**
+ * xmlSecMSCryptoTransformRsaPkcs1GetKlass:
+ *
+ * The RSA-PKCS1 key transport transform klass.
+ *
+ * Returns: RSA-PKCS1 key transport transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformRsaPkcs1GetKlass(void) {
+ return(&xmlSecMSCryptoRsaPkcs1Klass);
+}
+
+
+
+/**********************************************************************
+ *
+ * RSA/OAEP transform
+ *
+ **********************************************************************/
+static int xmlSecMSCryptoRsaOaepNodeRead (xmlSecTransformPtr transform,
+ xmlNodePtr node,
+ xmlSecTransformCtxPtr transformCtx);
+
+static xmlSecTransformKlass xmlSecMSCryptoRsaOaepKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoRsaPkcs1OaepCtx, /* xmlSecSize objSize */
+
+ xmlSecNameRsaOaep, /* const xmlChar* name; */
+ xmlSecHrefRsaOaep, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecMSCryptoRsaPkcs1OaepInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoRsaPkcs1OaepFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecMSCryptoRsaOaepNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoRsaPkcs1OaepSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecMSCryptoRsaPkcs1OaepSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoRsaPkcs1OaepExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+
+/**
+ * xmlSecMSCryptoTransformRsaOaepGetKlass:
+ *
+ * The RSA-OAEP key transport transform klass.
+ *
+ * Returns: RSA-OAEP key transport transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformRsaOaepGetKlass(void) {
+ return(&xmlSecMSCryptoRsaOaepKlass);
+}
+
+static int
+xmlSecMSCryptoRsaOaepNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecMSCryptoRsaPkcs1OaepCtxPtr ctx;
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(xmlSecMSCryptoRsaPkcs1OaepCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1OaepCtx), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecMSCryptoRsaPkcs1OaepGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetSize(&(ctx->oaepParams)) == 0, -1);
+
+ cur = xmlSecGetNextElementNode(node->children);
+ while(cur != NULL) {
+ if(xmlSecCheckNodeName(cur, xmlSecNodeRsaOAEPparams, xmlSecEncNs)) {
+ ret = xmlSecBufferBase64NodeContentRead(&(ctx->oaepParams), cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferBase64NodeContentRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeDigestMethod, xmlSecDSigNs)) {
+ xmlChar* algorithm;
+
+ /* Algorithm attribute is required */
+ algorithm = xmlGetProp(cur, xmlSecAttrAlgorithm);
+ if(algorithm == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecAttrAlgorithm),
+ XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+
+ /* for now we support only sha1 */
+ if(xmlStrcmp(algorithm, xmlSecHrefSha1) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(algorithm),
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ "digest algorithm is not supported for rsa/oaep");
+ xmlFree(algorithm);
+ return(-1);
+ }
+ xmlFree(algorithm);
+ } else {
+ /* not found */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* next node */
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ return(0);
+}
+
+#endif /* XMLSEC_NO_RSA */
+
diff --git a/src/mscrypto/kw_aes.c b/src/mscrypto/kw_aes.c
new file mode 100644
index 00000000..14e96d5a
--- /dev/null
+++ b/src/mscrypto/kw_aes.c
@@ -0,0 +1,662 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
+ * Copyright (C) 2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <windows.h>
+#include <wincrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/mscrypto/crypto.h>
+
+#include "../kw_aes_des.h"
+#include "private.h"
+
+
+#ifndef XMLSEC_NO_AES
+
+/*********************************************************************
+ *
+ * AES KW implementation
+ *
+ *********************************************************************/
+static int xmlSecMSCryptoKWAesBlockEncrypt (const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize,
+ void * cb_ctx);
+static int xmlSecMSCryptoKWAesBlockDecrypt (const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize,
+ void * cb_ctx);
+
+/* klass for KW AES operation */
+static xmlSecKWAesKlass xmlSecMSCryptoKWAesKlass = {
+ /* callbacks */
+ xmlSecMSCryptoKWAesBlockEncrypt, /* xmlSecKWAesBlockEncryptMethod encrypt; */
+ xmlSecMSCryptoKWAesBlockDecrypt, /* xmlSecKWAesBlockDecryptMethod decrypt; */
+
+ /* for the future */
+ NULL, /* void* reserved0; */
+ NULL /* void* reserved1; */
+};
+
+/**************************************************************************
+ *
+ * Internal MSCrypto KW AES cipher CTX
+ *
+ *****************************************************************************/
+typedef struct _xmlSecMSCryptoKWAesCtx xmlSecMSCryptoKWAesCtx,
+ *xmlSecMSCryptoKWAesCtxPtr;
+struct _xmlSecMSCryptoKWAesCtx {
+ ALG_ID algorithmIdentifier;
+ const xmlSecMSCryptoProviderInfo * providers;
+ xmlSecKeyDataId keyId;
+ xmlSecSize keySize;
+
+ HCRYPTPROV cryptProvider;
+ HCRYPTKEY pubPrivKey;
+ xmlSecBuffer keyBuffer;
+};
+
+/******************************************************************************
+ *
+ * KW AES transforms
+ *
+ * xmlSecMSCryptoKWAesCtx block is located after xmlSecTransform structure
+ *
+ *****************************************************************************/
+#define xmlSecMSCryptoKWAesSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecMSCryptoKWAesCtx))
+#define xmlSecMSCryptoKWAesGetCtx(transform) \
+ ((xmlSecMSCryptoKWAesCtxPtr)(((unsigned char*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecMSCryptoKWAesInitialize (xmlSecTransformPtr transform);
+static void xmlSecMSCryptoKWAesFinalize (xmlSecTransformPtr transform);
+static int xmlSecMSCryptoKWAesSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecMSCryptoKWAesSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecMSCryptoKWAesExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecMSCryptoKWAesCheckId (xmlSecTransformPtr transform);
+
+
+
+
+/* Ordered list of providers to search for algorithm implementation using
+ * xmlSecMSCryptoFindProvider() function
+ *
+ * MUST END with { NULL, 0 } !!!
+ */
+static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Aes[] = {
+ { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV, PROV_RSA_AES},
+ { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_PROTOTYPE, PROV_RSA_AES },
+ { NULL, 0 }
+};
+
+static int
+xmlSecMSCryptoKWAesCheckId(xmlSecTransformPtr transform) {
+
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformKWAes128Id) ||
+ xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformKWAes192Id) ||
+ xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformKWAes256Id)) {
+
+ return(1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecMSCryptoKWAesInitialize(xmlSecTransformPtr transform) {
+ xmlSecMSCryptoKWAesCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecMSCryptoKWAesCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWAesSize), -1);
+
+ ctx = xmlSecMSCryptoKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecMSCryptoKWAesCtx));
+
+ if(transform->id == xmlSecMSCryptoTransformKWAes128Id) {
+ ctx->algorithmIdentifier = CALG_AES_128;
+ ctx->keyId = xmlSecMSCryptoKeyDataAesId;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Aes;
+ ctx->keySize = XMLSEC_KW_AES128_KEY_SIZE;
+ } else if(transform->id == xmlSecMSCryptoTransformKWAes192Id) {
+ ctx->algorithmIdentifier = CALG_AES_192;
+ ctx->keyId = xmlSecMSCryptoKeyDataAesId;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Aes;
+ ctx->keySize = XMLSEC_KW_AES192_KEY_SIZE;
+ } else if(transform->id == xmlSecMSCryptoTransformKWAes256Id) {
+ ctx->algorithmIdentifier = CALG_AES_256;
+ ctx->keyId = xmlSecMSCryptoKeyDataAesId;
+ ctx->providers = xmlSecMSCryptoProviderInfo_Aes;
+ ctx->keySize = XMLSEC_KW_AES256_KEY_SIZE;
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecBufferInitialize(&ctx->keyBuffer, 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* find provider */
+ ctx->cryptProvider = xmlSecMSCryptoFindProvider(ctx->providers, NULL, CRYPT_VERIFYCONTEXT, TRUE);
+ if(ctx->cryptProvider == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoFindProvider",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+
+ return(-1);
+ }
+
+ /* Create dummy key to be able to import plain session keys */
+ if (!xmlSecMSCryptoCreatePrivateExponentOneKey(ctx->cryptProvider, &(ctx->pubPrivKey))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoCreatePrivateExponentOneKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+
+ return(-1);
+ }
+
+ return(0);
+}
+
+static void
+xmlSecMSCryptoKWAesFinalize(xmlSecTransformPtr transform) {
+ xmlSecMSCryptoKWAesCtxPtr ctx;
+
+ xmlSecAssert(xmlSecMSCryptoKWAesCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWAesSize));
+
+ ctx = xmlSecMSCryptoKWAesGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ if (ctx->pubPrivKey) {
+ CryptDestroyKey(ctx->pubPrivKey);
+ }
+ if (ctx->cryptProvider) {
+ CryptReleaseContext(ctx->cryptProvider, 0);
+ }
+
+ xmlSecBufferFinalize(&ctx->keyBuffer);
+
+ memset(ctx, 0, sizeof(xmlSecMSCryptoKWAesCtx));
+}
+
+static int
+xmlSecMSCryptoKWAesSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecMSCryptoKWAesCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecMSCryptoKWAesCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWAesSize), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ ctx = xmlSecMSCryptoKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->cryptProvider != 0, -1);
+
+ keyReq->keyId = ctx->keyId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+ } else {
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+ }
+
+ keyReq->keyBitsSize = 8 * ctx->keySize;
+ return(0);
+}
+
+
+
+static int
+xmlSecMSCryptoKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecMSCryptoKWAesCtxPtr ctx;
+ xmlSecBufferPtr buffer;
+ xmlSecSize keySize;
+ int ret;
+
+ xmlSecAssert2(xmlSecMSCryptoKWAesCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWAesSize), -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecMSCryptoKeyDataAesId), -1);
+
+ ctx = xmlSecMSCryptoKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
+ xmlSecAssert2(buffer != NULL, -1);
+
+ keySize = xmlSecBufferGetSize(buffer);
+ if(keySize < ctx->keySize) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "key=%d;expected=%d",
+ keySize, ctx->keySize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferSetData(&(ctx->keyBuffer),
+ xmlSecBufferGetData(buffer),
+ ctx->keySize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "expected-size=%d",
+ ctx->keySize);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecMSCryptoKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecMSCryptoKWAesCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ xmlSecSize inSize, outSize;
+ int ret;
+
+ xmlSecAssert2(xmlSecMSCryptoKWAesCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWAesSize), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecMSCryptoKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+ xmlSecAssert2(outSize == 0, -1);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
+ /* just do nothing */
+ } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
+ if((inSize % 8) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "size=%d(not 8 bytes aligned)", inSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ /* the encoded key might be 8 bytes longer plus 8 bytes just in case */
+ outSize = inSize + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE +
+ XMLSEC_KW_AES_BLOCK_SIZE;
+ } else {
+ outSize = inSize + XMLSEC_KW_AES_BLOCK_SIZE;
+ }
+
+ ret = xmlSecBufferSetMaxSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "outSize=%d", outSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ ret = xmlSecKWAesEncode(&xmlSecMSCryptoKWAesKlass, ctx,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWAesEncode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outSize = ret;
+ } else {
+ ret = xmlSecKWAesDecode(&xmlSecMSCryptoKWAesKlass, ctx,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWAesEncode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outSize = ret;
+ }
+
+ ret = xmlSecBufferSetSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "outSize=%d", outSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "inSize%d", inSize);
+ return(-1);
+ }
+
+ transform->status = xmlSecTransformStatusFinished;
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+ return(0);
+}
+
+
+/*********************************************************************
+ *
+ * AES KW implementation
+ *
+ ********************************************************************/
+static int
+xmlSecMSCryptoKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize,
+ void * context) {
+ xmlSecMSCryptoKWAesCtxPtr ctx = (xmlSecMSCryptoKWAesCtxPtr)context;
+ HCRYPTKEY cryptKey = 0;
+ DWORD dwCLen;
+
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize >= XMLSEC_KW_AES_BLOCK_SIZE, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize, -1);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->pubPrivKey != 0, -1);
+ xmlSecAssert2(xmlSecBufferGetSize(&ctx->keyBuffer) == ctx->keySize, -1);
+
+ /* Import this key and get an HCRYPTKEY handle, we do it again and again
+ to ensure we don't go into CBC mode */
+ if (!xmlSecMSCryptoImportPlainSessionBlob(ctx->cryptProvider,
+ ctx->pubPrivKey,
+ ctx->algorithmIdentifier,
+ xmlSecBufferGetData(&ctx->keyBuffer),
+ xmlSecBufferGetSize(&ctx->keyBuffer),
+ TRUE,
+ &cryptKey)) {
+
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoImportPlainSessionBlob",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ xmlSecAssert2(cryptKey != 0, -1);
+
+ /* Set process last block to false, since we handle padding ourselves, and MSCrypto padding
+ * can be skipped. I hope this will work .... */
+ if(out != in) {
+ memcpy(out, in, inSize);
+ }
+ dwCLen = inSize;
+ if(!CryptEncrypt(cryptKey, 0, FALSE, 0, out, &dwCLen, outSize)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptEncrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CryptDestroyKey(cryptKey);
+ return(-1);
+ }
+
+ /* cleanup */
+ CryptDestroyKey(cryptKey);
+ return(dwCLen);
+}
+
+static int
+xmlSecMSCryptoKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize,
+ void * context) {
+ xmlSecMSCryptoKWAesCtxPtr ctx = (xmlSecMSCryptoKWAesCtxPtr)context;
+ HCRYPTKEY cryptKey = 0;
+ DWORD dwCLen;
+
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize >= XMLSEC_KW_AES_BLOCK_SIZE, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize, -1);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->pubPrivKey != 0, -1);
+ xmlSecAssert2(xmlSecBufferGetSize(&ctx->keyBuffer) == ctx->keySize, -1);
+
+ /* Import this key and get an HCRYPTKEY handle, we do it again and again
+ to ensure we don't go into CBC mode */
+ if (!xmlSecMSCryptoImportPlainSessionBlob(ctx->cryptProvider,
+ ctx->pubPrivKey,
+ ctx->algorithmIdentifier,
+ xmlSecBufferGetData(&ctx->keyBuffer),
+ xmlSecBufferGetSize(&ctx->keyBuffer),
+ TRUE,
+ &cryptKey)) {
+
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoImportPlainSessionBlob",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ xmlSecAssert2(cryptKey != 0, -1);
+
+ /* Set process last block to false, since we handle padding ourselves, and MSCrypto padding
+ * can be skipped. I hope this will work .... */
+ if(out != in) {
+ memcpy(out, in, inSize);
+ }
+ dwCLen = inSize;
+ if(!CryptDecrypt(cryptKey, 0, FALSE, 0, out, &dwCLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptEncrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CryptDestroyKey(cryptKey);
+ return(-1);
+ }
+
+ /* cleanup */
+ CryptDestroyKey(cryptKey);
+ return(dwCLen);
+}
+
+/*********************************************************************
+ *
+ * AES KW cipher transforms
+ *
+ ********************************************************************/
+
+/*
+ * The AES-128 kew wrapper transform klass.
+ */
+static xmlSecTransformKlass xmlSecMSCryptoKWAes128Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes128, /* const xmlChar* name; */
+ xmlSecHrefKWAes128, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecMSCryptoKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecMSCryptoKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformKWAes128GetKlass:
+ *
+ * The AES-128 kew wrapper transform klass.
+ *
+ * Returns: AES-128 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformKWAes128GetKlass(void) {
+ return(&xmlSecMSCryptoKWAes128Klass);
+}
+
+
+/*
+ * The AES-192 kew wrapper transform klass.
+ */
+static xmlSecTransformKlass xmlSecMSCryptoKWAes192Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes192, /* const xmlChar* name; */
+ xmlSecHrefKWAes192, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecMSCryptoKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecMSCryptoKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformKWAes192GetKlass:
+ *
+ * The AES-192 kew wrapper transform klass.
+ *
+ * Returns: AES-192 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformKWAes192GetKlass(void) {
+ return(&xmlSecMSCryptoKWAes192Klass);
+}
+
+/*
+ * The AES-256 kew wrapper transform klass.
+ */
+static xmlSecTransformKlass xmlSecMSCryptoKWAes256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes256, /* const xmlChar* name; */
+ xmlSecHrefKWAes256, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecMSCryptoKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecMSCryptoKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformKWAes256GetKlass:
+ *
+ * The AES-256 kew wrapper transform klass.
+ *
+ * Returns: AES-256 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformKWAes256GetKlass(void) {
+ return(&xmlSecMSCryptoKWAes256Klass);
+}
+
+#endif /* XMLSEC_NO_AES */
diff --git a/src/mscrypto/kw_des.c b/src/mscrypto/kw_des.c
new file mode 100644
index 00000000..6ef356d4
--- /dev/null
+++ b/src/mscrypto/kw_des.c
@@ -0,0 +1,730 @@
+/**
+ *
+ * XMLSec library
+ *
+ * DES Algorithm support
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef XMLSEC_NO_DES
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <windows.h>
+#include <wincrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/mscrypto/crypto.h>
+
+#include "../kw_aes_des.h"
+#include "private.h"
+
+
+/*********************************************************************
+ *
+ * DES KW implementation
+ *
+ *********************************************************************/
+static int xmlSecMSCryptoKWDes3GenerateRandom (void * context,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+static int xmlSecMSCryptoKWDes3Sha1 (void * context,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+static int xmlSecMSCryptoKWDes3BlockEncrypt (void * context,
+ const xmlSecByte * iv,
+ xmlSecSize ivSize,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+static int xmlSecMSCryptoKWDes3BlockDecrypt (void * context,
+ const xmlSecByte * iv,
+ xmlSecSize ivSize,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+
+static xmlSecKWDes3Klass xmlSecMSCryptoKWDes3ImplKlass = {
+ /* callbacks */
+ xmlSecMSCryptoKWDes3GenerateRandom, /* xmlSecKWDes3GenerateRandomMethod generateRandom; */
+ xmlSecMSCryptoKWDes3Sha1, /* xmlSecKWDes3Sha1Method sha1; */
+ xmlSecMSCryptoKWDes3BlockEncrypt, /* xmlSecKWDes3BlockEncryptMethod encrypt; */
+ xmlSecMSCryptoKWDes3BlockDecrypt, /* xmlSecKWDes3BlockDecryptMethod decrypt; */
+
+ /* for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/*********************************************************************
+ *
+ * Triple DES Key Wrap transform
+ *
+ * key (xmlSecBuffer) is located after xmlSecTransform structure
+ *
+ ********************************************************************/
+typedef struct _xmlSecMSCryptoKWDes3Ctx xmlSecMSCryptoKWDes3Ctx,
+ *xmlSecMSCryptoKWDes3CtxPtr;
+struct _xmlSecMSCryptoKWDes3Ctx {
+ ALG_ID desAlgorithmIdentifier;
+ const xmlSecMSCryptoProviderInfo * desProviders;
+ ALG_ID sha1AlgorithmIdentifier;
+ const xmlSecMSCryptoProviderInfo * sha1Providers;
+ xmlSecKeyDataId keyId;
+ xmlSecSize keySize;
+
+ HCRYPTPROV desCryptProvider;
+ HCRYPTPROV sha1CryptProvider;
+ HCRYPTKEY pubPrivKey;
+ xmlSecBuffer keyBuffer;
+};
+#define xmlSecMSCryptoKWDes3Size \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecMSCryptoKWDes3Ctx))
+#define xmlSecMSCryptoKWDes3GetCtx(transform) \
+ ((xmlSecMSCryptoKWDes3CtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecMSCryptoKWDes3Initialize (xmlSecTransformPtr transform);
+static void xmlSecMSCryptoKWDes3Finalize (xmlSecTransformPtr transform);
+static int xmlSecMSCryptoKWDes3SetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecMSCryptoKWDes3SetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecMSCryptoKWDes3Execute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static xmlSecTransformKlass xmlSecMSCryptoKWDes3Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoKWDes3Size, /* xmlSecSize objSize */
+
+ xmlSecNameKWDes3, /* const xmlChar* name; */
+ xmlSecHrefKWDes3, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecMSCryptoKWDes3Initialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoKWDes3Finalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoKWDes3SetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecMSCryptoKWDes3SetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoKWDes3Execute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformKWDes3GetKlass:
+ *
+ * The Triple DES key wrapper transform klass.
+ *
+ * Returns: Triple DES key wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformKWDes3GetKlass(void) {
+ return(&xmlSecMSCryptoKWDes3Klass);
+}
+
+/* Ordered list of providers to search for algorithm implementation using
+ * xmlSecMSCryptoFindProvider() function
+ *
+ * MUST END with { NULL, 0 } !!!
+ */
+static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Des[] = {
+ { MS_STRONG_PROV, PROV_RSA_FULL },
+ { MS_ENHANCED_PROV, PROV_RSA_FULL },
+ { NULL, 0 }
+};
+static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Sha1[] = {
+ { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV, PROV_RSA_AES},
+ { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_PROTOTYPE, PROV_RSA_AES },
+ { MS_STRONG_PROV, PROV_RSA_FULL },
+ { MS_ENHANCED_PROV, PROV_RSA_FULL },
+ { MS_DEF_PROV, PROV_RSA_FULL },
+ { NULL, 0 }
+};
+
+
+static int
+xmlSecMSCryptoKWDes3Initialize(xmlSecTransformPtr transform) {
+ xmlSecMSCryptoKWDes3CtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformKWDes3Id), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWDes3Size), -1);
+
+ ctx = xmlSecMSCryptoKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecMSCryptoKWDes3Ctx));
+
+ if(transform->id == xmlSecMSCryptoTransformKWDes3Id) {
+ ctx->desAlgorithmIdentifier = CALG_3DES;
+ ctx->desProviders = xmlSecMSCryptoProviderInfo_Des;
+ ctx->sha1AlgorithmIdentifier = CALG_SHA1;
+ ctx->sha1Providers = xmlSecMSCryptoProviderInfo_Sha1;
+ ctx->keyId = xmlSecMSCryptoKeyDataDesId;
+ ctx->keySize = XMLSEC_KW_DES3_KEY_LENGTH;
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* find providers */
+ ctx->desCryptProvider = xmlSecMSCryptoFindProvider(ctx->desProviders, NULL, CRYPT_VERIFYCONTEXT, TRUE);
+ if(ctx->desCryptProvider == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoFindProvider(des)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+
+ return(-1);
+ }
+
+ ctx->sha1CryptProvider = xmlSecMSCryptoFindProvider(ctx->sha1Providers, NULL, CRYPT_VERIFYCONTEXT, TRUE);
+ if(ctx->sha1CryptProvider == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoFindProvider(sha1)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+
+ return(-1);
+ }
+
+ /* Create dummy key to be able to import plain session keys */
+ if (!xmlSecMSCryptoCreatePrivateExponentOneKey(ctx->desCryptProvider, &(ctx->pubPrivKey))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoCreatePrivateExponentOneKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+
+ return(-1);
+ }
+
+ return(0);
+}
+
+static void
+xmlSecMSCryptoKWDes3Finalize(xmlSecTransformPtr transform) {
+ xmlSecMSCryptoKWDes3CtxPtr ctx;
+
+ xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformKWDes3Id));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWDes3Size));
+
+ ctx = xmlSecMSCryptoKWDes3GetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ if (ctx->pubPrivKey) {
+ CryptDestroyKey(ctx->pubPrivKey);
+ }
+ if (ctx->desCryptProvider) {
+ CryptReleaseContext(ctx->desCryptProvider, 0);
+ }
+ if (ctx->sha1CryptProvider) {
+ CryptReleaseContext(ctx->sha1CryptProvider, 0);
+ }
+
+ xmlSecBufferFinalize(&ctx->keyBuffer);
+
+ memset(ctx, 0, sizeof(xmlSecMSCryptoKWDes3Ctx));
+}
+
+static int
+xmlSecMSCryptoKWDes3SetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecMSCryptoKWDes3CtxPtr ctx;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformKWDes3Id), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWDes3Size), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ ctx = xmlSecMSCryptoKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keyReq->keyId = xmlSecMSCryptoKeyDataDesId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ keyReq->keyUsage= xmlSecKeyUsageEncrypt;
+ } else {
+ keyReq->keyUsage= xmlSecKeyUsageDecrypt;
+ }
+ keyReq->keyBitsSize = 8 * XMLSEC_KW_DES3_KEY_LENGTH;
+ return(0);
+}
+
+static int
+xmlSecMSCryptoKWDes3SetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecMSCryptoKWDes3CtxPtr ctx;
+ xmlSecBufferPtr buffer;
+ xmlSecSize keySize;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformKWDes3Id), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWDes3Size), -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecMSCryptoKeyDataDesId), -1);
+
+ ctx = xmlSecMSCryptoKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
+ xmlSecAssert2(buffer != NULL, -1);
+
+ keySize = xmlSecBufferGetSize(buffer);
+ if(keySize < XMLSEC_KW_DES3_KEY_LENGTH) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "key length %d is not enough (%d expected)",
+ keySize, XMLSEC_KW_DES3_KEY_LENGTH);
+ return(-1);
+ }
+
+ ret = xmlSecBufferSetData(&(ctx->keyBuffer), xmlSecBufferGetData(buffer), XMLSEC_KW_DES3_KEY_LENGTH);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", XMLSEC_KW_DES3_KEY_LENGTH);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecMSCryptoKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecMSCryptoKWDes3CtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ xmlSecSize inSize, outSize, keySize;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformKWDes3Id), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWDes3Size), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecMSCryptoKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keySize = xmlSecBufferGetSize(&(ctx->keyBuffer));
+ xmlSecAssert2(keySize == XMLSEC_KW_DES3_KEY_LENGTH, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+ xmlSecAssert2(outSize == 0, -1);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
+ /* just do nothing */
+ } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
+ if((inSize % XMLSEC_KW_DES3_BLOCK_LENGTH) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "%d bytes - not %d bytes aligned",
+ inSize, XMLSEC_KW_DES3_BLOCK_LENGTH);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ /* the encoded key might be 16 bytes longer plus one block just in case */
+ outSize = inSize + XMLSEC_KW_DES3_IV_LENGTH +
+ XMLSEC_KW_DES3_BLOCK_LENGTH +
+ XMLSEC_KW_DES3_BLOCK_LENGTH;
+ } else {
+ /* just in case, add a block */
+ outSize = inSize + XMLSEC_KW_DES3_BLOCK_LENGTH;
+ }
+
+ ret = xmlSecBufferSetMaxSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ ret = xmlSecKWDes3Encode(&xmlSecMSCryptoKWDes3ImplKlass, ctx,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWDes3Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "key=%d,in=%d,out=%d",
+ keySize, inSize, outSize);
+ return(-1);
+ }
+ outSize = ret;
+ } else {
+ ret = xmlSecKWDes3Decode(&xmlSecMSCryptoKWDes3ImplKlass, ctx,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWDes3Decode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "key=%d,in=%d,out=%d",
+ keySize, inSize, outSize);
+ return(-1);
+ }
+ outSize = ret;
+ }
+
+ ret = xmlSecBufferSetSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+ transform->status = xmlSecTransformStatusFinished;
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+ return(0);
+}
+
+/*********************************************************************
+ *
+ * DES KW implementation
+ *
+ *********************************************************************/
+static int
+xmlSecMSCryptoKWDes3Sha1(void * context,
+ const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecMSCryptoKWDes3CtxPtr ctx = (xmlSecMSCryptoKWDes3CtxPtr)context;
+ HCRYPTHASH mscHash = 0;
+ DWORD retLen;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->sha1CryptProvider != 0, -1);
+ xmlSecAssert2(ctx->sha1AlgorithmIdentifier != 0, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize > 0, -1);
+
+ /* create */
+ ret = CryptCreateHash(ctx->sha1CryptProvider,
+ ctx->sha1AlgorithmIdentifier,
+ 0,
+ 0,
+ &mscHash);
+ if((ret == 0) || (mscHash == 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptCreateHash",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* hash */
+ ret = CryptHashData(mscHash,
+ in,
+ inSize,
+ 0);
+ if(ret == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptHashData",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", inSize);
+ CryptDestroyHash(mscHash);
+ return(-1);
+ }
+
+ /* get results */
+ retLen = outSize;
+ ret = CryptGetHashParam(mscHash,
+ HP_HASHVAL,
+ out,
+ &retLen,
+ 0);
+ if (ret == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGetHashParam(HP_HASHVAL)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ CryptDestroyHash(mscHash);
+ return(-1);
+ }
+
+ /* done */
+ CryptDestroyHash(mscHash);
+ return(retLen);
+}
+
+static int
+xmlSecMSCryptoKWDes3GenerateRandom(void * context,
+ xmlSecByte * out, xmlSecSize outSize)
+{
+ xmlSecMSCryptoKWDes3CtxPtr ctx = (xmlSecMSCryptoKWDes3CtxPtr)context;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->desCryptProvider != 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize > 0, -1);
+
+ if(!CryptGenRandom(ctx->desCryptProvider, outSize, out)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGenRandom",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "len=%d", outSize);
+ return(-1);
+ }
+
+ return((int)outSize);
+}
+
+static int
+xmlSecMSCryptoKWDes3BlockEncrypt(void * context,
+ const xmlSecByte * iv, xmlSecSize ivSize,
+ const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecMSCryptoKWDes3CtxPtr ctx = (xmlSecMSCryptoKWDes3CtxPtr)context;
+ DWORD dwBlockLen, dwBlockLenLen, dwCLen;
+ HCRYPTKEY cryptKey = 0;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetData(&(ctx->keyBuffer)) != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetSize(&(ctx->keyBuffer)) >= XMLSEC_KW_DES3_KEY_LENGTH, -1);
+ xmlSecAssert2(iv != NULL, -1);
+ xmlSecAssert2(ivSize >= XMLSEC_KW_DES3_IV_LENGTH, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize, -1);
+
+ /* Import this key and get an HCRYPTKEY handle, we do it again and again
+ to ensure we don't go into CBC mode */
+ if (!xmlSecMSCryptoImportPlainSessionBlob(ctx->desCryptProvider,
+ ctx->pubPrivKey,
+ ctx->desAlgorithmIdentifier,
+ xmlSecBufferGetData(&ctx->keyBuffer),
+ xmlSecBufferGetSize(&ctx->keyBuffer),
+ TRUE,
+ &cryptKey)) {
+
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoImportPlainSessionBlob",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ xmlSecAssert2(cryptKey != 0, -1);
+
+ /* iv len == block len */
+ dwBlockLenLen = sizeof(DWORD);
+ if (!CryptGetKeyParam(cryptKey, KP_BLOCKLEN, (BYTE *)&dwBlockLen, &dwBlockLenLen, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGetKeyParam",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CryptDestroyKey(cryptKey);
+ return(-1);
+ }
+
+ /* set IV */
+ if((ivSize < dwBlockLen / 8) || (!CryptSetKeyParam(cryptKey, KP_IV, iv, 0))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptSetKeyParam",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ivSize=%d, dwBlockLen=%d",
+ ivSize, dwBlockLen / 8);
+ CryptDestroyKey(cryptKey);
+ return(-1);
+ }
+
+ /* Set process last block to false, since we handle padding ourselves, and MSCrypto padding
+ * can be skipped. I hope this will work .... */
+ if(out != in) {
+ memcpy(out, in, inSize);
+ }
+ dwCLen = inSize;
+ if(!CryptEncrypt(cryptKey, 0, FALSE, 0, out, &dwCLen, outSize)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptEncrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CryptDestroyKey(cryptKey);
+ return(-1);
+ }
+
+ /* cleanup */
+ CryptDestroyKey(cryptKey);
+ return(dwCLen);
+}
+
+static int
+xmlSecMSCryptoKWDes3BlockDecrypt(void * context,
+ const xmlSecByte * iv, xmlSecSize ivSize,
+ const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecMSCryptoKWDes3CtxPtr ctx = (xmlSecMSCryptoKWDes3CtxPtr)context;
+ DWORD dwBlockLen, dwBlockLenLen, dwCLen;
+ HCRYPTKEY cryptKey = 0;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetData(&(ctx->keyBuffer)) != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetSize(&(ctx->keyBuffer)) >= XMLSEC_KW_DES3_KEY_LENGTH, -1);
+ xmlSecAssert2(iv != NULL, -1);
+ xmlSecAssert2(ivSize >= XMLSEC_KW_DES3_IV_LENGTH, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize, -1);
+
+ /* Import this key and get an HCRYPTKEY handle, we do it again and again
+ to ensure we don't go into CBC mode */
+ if (!xmlSecMSCryptoImportPlainSessionBlob(ctx->desCryptProvider,
+ ctx->pubPrivKey,
+ ctx->desAlgorithmIdentifier,
+ xmlSecBufferGetData(&ctx->keyBuffer),
+ xmlSecBufferGetSize(&ctx->keyBuffer),
+ TRUE,
+ &cryptKey)) {
+
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoImportPlainSessionBlob",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ xmlSecAssert2(cryptKey != 0, -1);
+
+ /* iv len == block len */
+ dwBlockLenLen = sizeof(DWORD);
+ if (!CryptGetKeyParam(cryptKey, KP_BLOCKLEN, (BYTE *)&dwBlockLen, &dwBlockLenLen, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGetKeyParam",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CryptDestroyKey(cryptKey);
+ return(-1);
+ }
+
+ /* set IV */
+ if((ivSize < dwBlockLen / 8) || (!CryptSetKeyParam(cryptKey, KP_IV, iv, 0))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptSetKeyParam",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ivSize=%d, dwBlockLen=%d",
+ ivSize, dwBlockLen / 8);
+ CryptDestroyKey(cryptKey);
+ return(-1);
+ }
+
+ /* Set process last block to false, since we handle padding ourselves, and MSCrypto padding
+ * can be skipped. I hope this will work .... */
+ if(out != in) {
+ memcpy(out, in, inSize);
+ }
+ dwCLen = inSize;
+ if(!CryptDecrypt(cryptKey, 0, FALSE, 0, out, &dwCLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptEncrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CryptDestroyKey(cryptKey);
+ return(-1);
+ }
+
+ /* cleanup */
+ CryptDestroyKey(cryptKey);
+ return(dwCLen);
+}
+
+
+#endif /* XMLSEC_NO_DES */
+
diff --git a/src/mscrypto/mingw-crypt32.def b/src/mscrypto/mingw-crypt32.def
new file mode 100644
index 00000000..4ba99b2f
--- /dev/null
+++ b/src/mscrypto/mingw-crypt32.def
@@ -0,0 +1,36 @@
+IMPORTS
+ CertAddCertificateContextToStore@16 = crypt32.CertAddCertificateContextToStore
+ CertAddCRLContextToStore@16 = crypt32.CertAddCRLContextToStore
+ CertAddStoreToCollection@16 = crypt32.CertAddStoreToCollection
+ CertCloseStore@8 = crypt32.CertCloseStore
+ CertCompareCertificateName@12 = crypt32.CertCompareCertificateName
+ CertCreateCertificateContext@12 = crypt32.CertCreateCertificateContext
+ CertCreateCRLContext@12 = crypt32.CertCreateCRLContext
+ CertDuplicateCertificateContext@4 = crypt32.CertDuplicateCertificateContext
+ CertDuplicateCRLContext@4 = crypt32.CertDuplicateCRLContext
+ CertEnumCertificatesInStore@8 = crypt32.CertEnumCertificatesInStore
+ CertEnumCRLsInStore@8 = crypt32.CertEnumCRLsInStore
+ CertFindCertificateInCRL@20 = crypt32.CertFindCertificateInCRL
+ CertFindCertificateInStore@24 = crypt32.CertFindCertificateInStore
+ CertFindExtension@12 = crypt32.CertFindExtension
+ CertFreeCertificateChain@4 = crypt32.CertFreeCertificateChain
+ CertFreeCertificateContext@4 = crypt32.CertFreeCertificateContext
+ CertFreeCRLContext@4 = crypt32.CertFreeCRLContext
+ CertGetCertificateChain@32 = crypt32.CertGetCertificateChain
+ CertGetCertificateContextProperty@16 = crypt32.CertGetCertificateContextProperty
+ CertGetNameStringA@24 = crypt32.CertGetNameStringA
+ CertGetNameStringW@24 = crypt32.CertGetNameStringW
+ CertGetPublicKeyLength@8 = crypt32.CertGetPublicKeyLength
+ CertNameToStrA@20 = crypt32.CertNameToStrA
+ CertNameToStrW@20 = crypt32.CertNameToStrW
+ CertOpenStore@20 = crypt32.CertOpenStore
+ CertOpenSystemStoreA@8 = crypt32.CertOpenSystemStoreA
+ CertOpenSystemStoreW@8 = crypt32.CertOpenSystemStoreW
+ CertStrToNameA@28 = crypt32.CertStrToNameA
+ CertStrToNameW@28 = crypt32.CertStrToNameW
+ CertVerifySubjectCertificateContext@12 = crypt32.CertVerifySubjectCertificateContext
+ CryptAcquireCertificatePrivateKey@24 = crypt32.CryptAcquireCertificatePrivateKey
+ CryptImportPublicKeyInfo@16 = crypt32.CryptImportPublicKeyInfo
+ PFXImportCertStore@12 = crypt32.PFXImportCertStore
+ PFXIsPFXBlob@4 = crypt32.PFXIsPFXBlob
+ PFXVerifyPassword@12 = crypt32.PFXVerifyPassword
diff --git a/src/mscrypto/private.h b/src/mscrypto/private.h
new file mode 100644
index 00000000..11479bff
--- /dev/null
+++ b/src/mscrypto/private.h
@@ -0,0 +1,130 @@
+/**
+ * XMLSec library
+ *
+ * THIS IS A PRIVATE XMLSEC HEADER FILE
+ * DON'T USE IT IN YOUR APPLICATION
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2010 Aleksey Sanin, All rights reserved.
+ */
+#ifndef __XMLSEC_MSCRYPTO_PRIVATE_H__
+#define __XMLSEC_MSCRYPTO_PRIVATE_H__
+
+#ifndef XMLSEC_PRIVATE
+#error "private.h file contains private xmlsec definitions and should not be used outside xmlsec or xmlsec-<crypto> libraries"
+#endif /* XMLSEC_PRIVATE */
+
+#if defined(__MINGW32__)
+# include "xmlsec-mingw.h"
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif /* __cplusplus */
+
+/********************************************************************
+ *
+ * Utils
+ *
+ ********************************************************************/
+int ConvertEndian (const xmlSecByte * src,
+ xmlSecByte * dst,
+ xmlSecSize size);
+int ConvertEndianInPlace (xmlSecByte * buf,
+ xmlSecSize size);
+
+/********************************************************************
+ *
+ * Crypto Providers
+ *
+ ********************************************************************/
+
+/* We need to redefine both to ensure that we can pick the right one at runtime (instead of compile time) */
+#define XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_PROTOTYPE_A "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)"
+#define XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_PROTOTYPE_W L"Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)"
+#ifdef UNICODE
+#define XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_PROTOTYPE XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_PROTOTYPE_W
+#else
+#define XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_PROTOTYPE XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_PROTOTYPE_A
+#endif
+
+#define XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_A "Microsoft Enhanced RSA and AES Cryptographic Provider"
+#define XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_W L"Microsoft Enhanced RSA and AES Cryptographic Provider"
+#ifdef UNICODE
+#define XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_W
+#else
+#define XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_A
+#endif
+
+/**
+ * xmlSecMSCryptoProviderInfo:
+ *
+ * Contains information for looking up provider from MS Crypto.
+ */
+typedef struct _xmlSecMSCryptoProviderInfo {
+ LPCTSTR providerName;
+ DWORD providerType;
+} xmlSecMSCryptoProviderInfo;
+
+HCRYPTPROV xmlSecMSCryptoFindProvider (const xmlSecMSCryptoProviderInfo * providers,
+ LPCTSTR pszContainer,
+ DWORD dwFlags,
+ BOOL bUseXmlSecContainer);
+
+
+/******************************************************************************
+ *
+ * SymKey Util functions
+ *
+ * Low level helper routines for importing plain text keys in MS HKEY handle,
+ * since MSCrypto API does not support import of plain text (session) keys
+ * just like that. These functions are based upon MS kb article #228786
+ * and "Base Provider Key BLOBs" article for priv key blob format.
+ *
+ ******************************************************************************/
+BOOL xmlSecMSCryptoCreatePrivateExponentOneKey (HCRYPTPROV hProv,
+ HCRYPTKEY *hPrivateKey);
+
+BOOL xmlSecMSCryptoImportPlainSessionBlob (HCRYPTPROV hProv,
+ HCRYPTKEY hPrivateKey,
+ ALG_ID dwAlgId,
+ LPBYTE pbKeyMaterial,
+ DWORD dwKeyMaterial,
+ BOOL bCheckKeyLength,
+ HCRYPTKEY *hSessionKey);
+
+/******************************************************************************
+ *
+ * X509 Util functions
+ *
+ ******************************************************************************/
+#ifndef XMLSEC_NO_X509
+PCCERT_CONTEXT xmlSecMSCryptoX509FindCertBySubject (HCERTSTORE store,
+ const LPTSTR wcSubject,
+ DWORD dwCertEncodingType);
+
+PCCERT_CONTEXT xmlSecMSCryptoX509StoreFindCert (xmlSecKeyDataStorePtr store,
+ xmlChar *subjectName,
+ xmlChar *issuerName,
+ xmlChar *issuerSerial,
+ xmlChar *ski,
+ xmlSecKeyInfoCtx* keyInfoCtx);
+
+xmlChar * xmlSecMSCryptoX509GetNameString (PCCERT_CONTEXT pCertContext,
+ DWORD dwType,
+ DWORD dwFlags,
+ void *pvTypePara);
+
+PCCERT_CONTEXT xmlSecMSCryptoX509StoreVerify (xmlSecKeyDataStorePtr store,
+ HCERTSTORE certs,
+ xmlSecKeyInfoCtx* keyInfoCtx);
+
+#endif /* XMLSEC_NO_X509 */
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif /* __XMLSEC_MSCRYPTO_PRIVATE_H__ */
diff --git a/src/mscrypto/signatures.c b/src/mscrypto/signatures.c
new file mode 100644
index 00000000..2c51f09a
--- /dev/null
+++ b/src/mscrypto/signatures.c
@@ -0,0 +1,960 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
+ * Copyright (C) 2003 Aleksey Sanin <aleksey@aleksey.com>
+ * Copyright (c) 2005-2006 Cryptocom LTD (http://www.cryptocom.ru).
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <windows.h>
+#include <wincrypt.h>
+#ifndef XMLSEC_NO_GOST
+#include "csp_calg.h"
+#endif
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/mscrypto/crypto.h>
+#include <xmlsec/mscrypto/symbols.h>
+#include <xmlsec/mscrypto/certkeys.h>
+#include <xmlsec/mscrypto/x509.h>
+#include "private.h"
+
+
+/**************************************************************************
+ *
+ * Internal MSCrypto signatures ctx
+ *
+ *****************************************************************************/
+typedef struct _xmlSecMSCryptoSignatureCtx xmlSecMSCryptoSignatureCtx,
+ *xmlSecMSCryptoSignatureCtxPtr;
+struct _xmlSecMSCryptoSignatureCtx {
+ xmlSecKeyDataPtr data;
+ ALG_ID alg_id;
+ HCRYPTHASH mscHash;
+ ALG_ID digestAlgId;
+ xmlSecKeyDataId keyId;
+};
+
+/******************************************************************************
+ *
+ * Signature transforms
+ *
+ * xmlSecMSCryptoSignatureCtx is located after xmlSecTransform
+ *
+ *****************************************************************************/
+#define xmlSecMSCryptoSignatureSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecMSCryptoSignatureCtx))
+#define xmlSecMSCryptoSignatureGetCtx(transform) \
+ ((xmlSecMSCryptoSignatureCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecMSCryptoSignatureCheckId (xmlSecTransformPtr transform);
+static int xmlSecMSCryptoSignatureInitialize (xmlSecTransformPtr transform);
+static void xmlSecMSCryptoSignatureFinalize (xmlSecTransformPtr transform);
+static int xmlSecMSCryptoSignatureSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecMSCryptoSignatureSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecMSCryptoSignatureVerify (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecMSCryptoSignatureExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+
+
+static int xmlSecMSCryptoSignatureCheckId(xmlSecTransformPtr transform) {
+
+#ifndef XMLSEC_NO_DSA
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformDsaSha1Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaMd5Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha1Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha256Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha384Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha512Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_RSA */
+
+#ifndef XMLSEC_NO_GOST
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGost2001GostR3411_94Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_GOST*/
+
+
+ /* not found */
+ {
+ return(0);
+ }
+
+ return(0);
+}
+
+static int xmlSecMSCryptoSignatureInitialize(xmlSecTransformPtr transform) {
+ xmlSecMSCryptoSignatureCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecMSCryptoSignatureCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoSignatureSize), -1);
+
+ ctx = xmlSecMSCryptoSignatureGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecMSCryptoSignatureCtx));
+
+
+#ifndef XMLSEC_NO_DSA
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformDsaSha1Id)) {
+ ctx->digestAlgId = CALG_SHA1;
+ ctx->keyId = xmlSecMSCryptoKeyDataDsaId;
+ } else
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaMd5Id)) {
+ ctx->digestAlgId = CALG_MD5;
+ ctx->keyId = xmlSecMSCryptoKeyDataRsaId;
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha1Id)) {
+ ctx->digestAlgId = CALG_SHA1;
+ ctx->keyId = xmlSecMSCryptoKeyDataRsaId;
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha256Id)) {
+ ctx->digestAlgId = CALG_SHA_256;
+ ctx->keyId = xmlSecMSCryptoKeyDataRsaId;
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha384Id)) {
+ ctx->digestAlgId = CALG_SHA_384;
+ ctx->keyId = xmlSecMSCryptoKeyDataRsaId;
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha512Id)) {
+ ctx->digestAlgId = CALG_SHA_512;
+ ctx->keyId = xmlSecMSCryptoKeyDataRsaId;
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_RSA */
+
+#ifndef XMLSEC_NO_GOST
+ if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGost2001GostR3411_94Id)) {
+ ctx->digestAlgId = CALG_MAGPRO_HASH_R3411_94;
+ ctx->keyId = xmlSecMSCryptoKeyDataGost2001Id;
+ } else
+#endif /* XMLSEC_NO_GOST*/
+
+ /* not found */
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static void xmlSecMSCryptoSignatureFinalize(xmlSecTransformPtr transform) {
+ xmlSecMSCryptoSignatureCtxPtr ctx;
+
+ xmlSecAssert(xmlSecMSCryptoSignatureCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecMSCryptoSignatureSize));
+
+ ctx = xmlSecMSCryptoSignatureGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ if (ctx->mscHash) {
+ CryptDestroyHash(ctx->mscHash);
+ }
+
+ if (ctx->data != NULL) {
+ xmlSecKeyDataDestroy(ctx->data);
+ ctx->data = NULL;
+ }
+
+ memset(ctx, 0, sizeof(xmlSecMSCryptoSignatureCtx));
+}
+
+static int xmlSecMSCryptoSignatureSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecMSCryptoSignatureCtxPtr ctx;
+ xmlSecKeyDataPtr value;
+
+ xmlSecAssert2(xmlSecMSCryptoSignatureCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoSignatureSize), -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ ctx = xmlSecMSCryptoSignatureGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->digestAlgId != 0, -1);
+ xmlSecAssert2(ctx->keyId != NULL, -1);
+ xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1);
+
+ value = xmlSecKeyGetValue(key);
+ xmlSecAssert2(value != NULL, -1);
+
+ ctx->data = xmlSecKeyDataDuplicate(value);
+ if(ctx->data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKeyDataDuplicate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int xmlSecMSCryptoSignatureSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecMSCryptoSignatureCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecMSCryptoSignatureCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoSignatureSize), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ ctx = xmlSecMSCryptoSignatureGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->keyId != NULL, -1);
+
+ keyReq->keyId = ctx->keyId;
+ if(transform->operation == xmlSecTransformOperationSign) {
+ keyReq->keyType = xmlSecKeyDataTypePrivate;
+ keyReq->keyUsage = xmlSecKeyUsageSign;
+ } else {
+ keyReq->keyType = xmlSecKeyDataTypePublic;
+ keyReq->keyUsage = xmlSecKeyUsageVerify;
+ }
+ return(0);
+}
+
+static int xmlSecMSCryptoSignatureVerify(xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecMSCryptoSignatureCtxPtr ctx;
+ xmlSecBuffer tmp;
+ xmlSecByte *tmpBuf;
+ HCRYPTKEY hKey;
+ DWORD dwError;
+ int ret;
+
+ xmlSecAssert2(xmlSecMSCryptoSignatureCheckId(transform), -1);
+ xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoSignatureSize), -1);
+ xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(dataSize > 0, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecMSCryptoSignatureGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ ret = xmlSecBufferInitialize(&tmp, dataSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "dataSize=%d", dataSize);
+ return(-1);
+ }
+
+ tmpBuf = xmlSecBufferGetData(&tmp);
+ xmlSecAssert2(tmpBuf != NULL, -1);
+
+ /* Reverse the sig - Windows stores integers as octet streams in little endian
+ * order. The I2OSP algorithm used by XMLDSig to store integers is big endian */
+#ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_MD5
+ if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaMd5Id)) {
+ ConvertEndian(data, tmpBuf, dataSize);
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_SHA1
+ if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha1Id)) {
+ ConvertEndian(data, tmpBuf, dataSize);
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha256Id)) {
+ ConvertEndian(data, tmpBuf, dataSize);
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha384Id)) {
+ ConvertEndian(data, tmpBuf, dataSize);
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha512Id)) {
+ ConvertEndian(data, tmpBuf, dataSize);
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_RSA */
+
+#ifndef XMLSEC_NO_DSA
+ if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformDsaSha1Id) && (dataSize == 40)) {
+ ConvertEndian(data, tmpBuf, 20);
+ ConvertEndian(data + 20, tmpBuf + 20, 20);
+ } else
+#endif /*endif XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_GOST
+ if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGost2001GostR3411_94Id)) {
+ ConvertEndian(data, tmpBuf, dataSize);
+ } else
+#endif /* XMLSEC_NO_GOST*/
+
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "Invalid algo");
+ xmlSecBufferFinalize(&tmp);
+ return(-1);
+ }
+
+ hKey = xmlSecMSCryptoKeyDataGetKey(ctx->data, xmlSecKeyDataTypePublic);
+ if (hKey == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoKeyDataGetKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&tmp);
+ return(-1);
+ }
+ if (!CryptVerifySignature(ctx->mscHash,
+ tmpBuf,
+ dataSize,
+ hKey,
+ NULL,
+ 0)) {
+ dwError = GetLastError();
+ if (NTE_BAD_SIGNATURE == dwError) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "CryptVerifySignature",
+ XMLSEC_ERRORS_R_DATA_NOT_MATCH,
+ "signature do not match");
+ transform->status = xmlSecTransformStatusFail;
+ xmlSecBufferFinalize(&tmp);
+ return(0);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "CryptVerifySignature",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&tmp);
+ return (-1);
+ }
+ }
+ xmlSecBufferFinalize(&tmp);
+ transform->status = xmlSecTransformStatusOk;
+ return(0);
+}
+
+
+
+static int
+xmlSecMSCryptoSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecMSCryptoSignatureCtxPtr ctx;
+ HCRYPTPROV hProv;
+ DWORD dwKeySpec;
+ xmlSecBufferPtr in, out;
+ xmlSecSize inSize, outSize;
+ int ret;
+ DWORD dwSigLen;
+ BYTE *tmpBuf, *outBuf;
+
+ xmlSecAssert2(xmlSecMSCryptoSignatureCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoSignatureSize), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecMSCryptoSignatureGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+
+ ctx = xmlSecMSCryptoSignatureGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->digestAlgId != 0, -1);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ xmlSecAssert2(outSize == 0, -1);
+
+ if (0 == (hProv = xmlSecMSCryptoKeyDataGetMSCryptoProvider(ctx->data))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecMSCryptoKeyDataGetMSCryptoProvider",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (-1);
+ }
+
+ if (!CryptCreateHash(hProv, ctx->digestAlgId, 0, 0, &(ctx->mscHash))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptCreateHash",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if((transform->status == xmlSecTransformStatusWorking) && (inSize > 0)) {
+ xmlSecAssert2(outSize == 0, -1);
+
+ if (!CryptHashData(ctx->mscHash, xmlSecBufferGetData(in), inSize, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptHashData",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
+ xmlSecBuffer tmp;
+
+ xmlSecAssert2(outSize == 0, -1);
+
+ if(transform->operation == xmlSecTransformOperationSign) {
+ dwKeySpec = xmlSecMSCryptoKeyDataGetMSCryptoKeySpec(ctx->data);
+ if (!CryptSignHash(ctx->mscHash, dwKeySpec, NULL, 0, NULL, &dwSigLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptSignHash",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outSize = (xmlSecSize)dwSigLen;
+
+ ret = xmlSecBufferInitialize(&tmp, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
+ }
+ tmpBuf = xmlSecBufferGetData(&tmp);
+ xmlSecAssert2(tmpBuf != NULL, -1);
+
+ if (!CryptSignHash(ctx->mscHash, dwKeySpec, NULL, 0, tmpBuf, &dwSigLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptSignHash",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&tmp);
+ return(-1);
+ }
+ outSize = (xmlSecSize)dwSigLen;
+
+ ret = xmlSecBufferSetSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ xmlSecBufferFinalize(&tmp);
+ return(-1);
+ }
+ outBuf = xmlSecBufferGetData(out);
+ xmlSecAssert2(outBuf != NULL, -1);
+
+ /* Reverse the sig - Windows stores integers as octet streams in little endian
+ * order. The I2OSP algorithm used by XMLDSig to store integers is big endian */
+#ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_MD5
+ if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaMd5Id)) {
+ ConvertEndian(tmpBuf, outBuf, outSize);
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_SHA1
+ if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha1Id)) {
+ ConvertEndian(tmpBuf, outBuf, outSize);
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha256Id)) {
+ ConvertEndian(tmpBuf, outBuf, outSize);
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha384Id)) {
+ ConvertEndian(tmpBuf, outBuf, outSize);
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaSha512Id)) {
+ ConvertEndian(tmpBuf, outBuf, outSize);
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_RSA*/
+
+#ifndef XMLSEC_NO_DSA
+ if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformDsaSha1Id) && (outSize == 40)) {
+ ConvertEndian(tmpBuf, outBuf, 20);
+ ConvertEndian(tmpBuf + 20, outBuf + 20, 20);
+ } else
+#endif /* XMLSEC_NO_DSA*/
+
+#ifndef XMLSEC_NO_GOST
+ if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGost2001GostR3411_94Id)) {
+ ConvertEndian(tmpBuf, outBuf, outSize);
+ } else
+#endif /* XMLSEC_NO_GOST*/
+
+ {
+ /* We shouldn't get at this place */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "Invalid algo");
+ xmlSecBufferFinalize(&tmp);
+ return(-1);
+ }
+ xmlSecBufferFinalize(&tmp);
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
+
+ if((transform->status == xmlSecTransformStatusWorking) || (transform->status == xmlSecTransformStatusFinished)) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+
+ return(0);
+}
+
+
+#ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_MD5
+/****************************************************************************
+ *
+ * RSA-MD5 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoRsaMd5Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaMd5, /* const xmlChar* name; */
+ xmlSecHrefRsaMd5, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecMSCryptoSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecMSCryptoSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformRsaMd5GetKlass:
+ *
+ * The RSA-MD5 signature transform klass.
+ *
+ * Returns: RSA-MD5 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformRsaMd5GetKlass(void) {
+ return(&xmlSecMSCryptoRsaMd5Klass);
+}
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_SHA1
+/****************************************************************************
+ *
+ * RSA-SHA1 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoRsaSha1Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha1, /* const xmlChar* name; */
+ xmlSecHrefRsaSha1, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecMSCryptoSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecMSCryptoSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformRsaSha1GetKlass:
+ *
+ * The RSA-SHA1 signature transform klass.
+ *
+ * Returns: RSA-SHA1 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformRsaSha1GetKlass(void) {
+ return(&xmlSecMSCryptoRsaSha1Klass);
+}
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+/****************************************************************************
+ *
+ * RSA-SHA256 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoRsaSha256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha256, /* const xmlChar* name; */
+ xmlSecHrefRsaSha256, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecMSCryptoSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecMSCryptoSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformRsaSha256GetKlass:
+ *
+ * The RSA-SHA256 signature transform klass.
+ *
+ * Returns: RSA-SHA256 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformRsaSha256GetKlass(void) {
+ return(&xmlSecMSCryptoRsaSha256Klass);
+}
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/****************************************************************************
+ *
+ * RSA-SHA384 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoRsaSha384Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha384, /* const xmlChar* name; */
+ xmlSecHrefRsaSha384, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecMSCryptoSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecMSCryptoSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformRsaSha384GetKlass:
+ *
+ * The RSA-SHA384 signature transform klass.
+ *
+ * Returns: RSA-SHA384 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformRsaSha384GetKlass(void) {
+ return(&xmlSecMSCryptoRsaSha384Klass);
+}
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/****************************************************************************
+ *
+ * RSA-SHA2512 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecMSCryptoRsaSha512Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha512, /* const xmlChar* name; */
+ xmlSecHrefRsaSha512, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecMSCryptoSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecMSCryptoSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformRsaSha512GetKlass:
+ *
+ * The RSA-SHA512 signature transform klass.
+ *
+ * Returns: RSA-SHA512 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformRsaSha512GetKlass(void) {
+ return(&xmlSecMSCryptoRsaSha512Klass);
+}
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_RSA */
+
+#ifndef XMLSEC_NO_DSA
+/****************************************************************************
+ *
+ * DSA-SHA1 signature transform
+ *
+ ***************************************************************************/
+
+static xmlSecTransformKlass xmlSecMSCryptoDsaSha1Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameDsaSha1, /* const xmlChar* name; */
+ xmlSecHrefDsaSha1, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecMSCryptoSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecMSCryptoSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformDsaSha1GetKlass:
+ *
+ * The DSA-SHA1 signature transform klass.
+ *
+ * Returns: DSA-SHA1 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformDsaSha1GetKlass(void) {
+ return(&xmlSecMSCryptoDsaSha1Klass);
+}
+
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_GOST
+/****************************************************************************
+ *
+ * GOST2001-GOSTR3411_94 signature transform
+ *
+ ***************************************************************************/
+
+static xmlSecTransformKlass xmlSecMSCryptoGost2001GostR3411_94Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameGost2001GostR3411_94, /* const xmlChar* name; */
+ xmlSecHrefGost2001GostR3411_94, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecMSCryptoSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecMSCryptoSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecMSCryptoSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecMSCryptoSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecMSCryptoSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecMSCryptoSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoTransformGost2001GostR3411_94GetKlass:
+ *
+ * The GOST2001-GOSTR3411_94 signature transform klass.
+ *
+ * Returns: GOST2001-GOSTR3411_94 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecMSCryptoTransformGost2001GostR3411_94GetKlass(void) {
+ return(&xmlSecMSCryptoGost2001GostR3411_94Klass);
+}
+
+#endif /* XMLSEC_NO_GOST*/
+
diff --git a/src/mscrypto/symkeys.c b/src/mscrypto/symkeys.c
new file mode 100644
index 00000000..658a6d49
--- /dev/null
+++ b/src/mscrypto/symkeys.c
@@ -0,0 +1,824 @@
+/**
+ *
+ * XMLSec library
+ *
+ * DES Algorithm support
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <windows.h>
+#include <wincrypt.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/mscrypto/crypto.h>
+#include "private.h"
+
+/*****************************************************************************
+ *
+ * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary
+ *
+ ****************************************************************************/
+static int xmlSecMSCryptoSymKeyDataInitialize (xmlSecKeyDataPtr data);
+static int xmlSecMSCryptoSymKeyDataDuplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecMSCryptoSymKeyDataFinalize (xmlSecKeyDataPtr data);
+static int xmlSecMSCryptoSymKeyDataXmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoSymKeyDataXmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoSymKeyDataBinRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ const unsigned char* buf,
+ xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoSymKeyDataBinWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ unsigned char** buf,
+ xmlSecSize* bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoSymKeyDataGenerate (xmlSecKeyDataPtr data,
+ xmlSecSize sizeBits,
+ xmlSecKeyDataType type);
+
+static xmlSecKeyDataType xmlSecMSCryptoSymKeyDataGetType(xmlSecKeyDataPtr data);
+static xmlSecSize xmlSecMSCryptoSymKeyDataGetSize (xmlSecKeyDataPtr data);
+static void xmlSecMSCryptoSymKeyDataDebugDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecMSCryptoSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static int xmlSecMSCryptoSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass);
+
+/*
+ * GENERIC HELPER FUNCTIONS
+ */
+
+#define xmlSecMSCryptoSymKeyDataCheckId(data) \
+ (xmlSecKeyDataIsValid((data)) && \
+ xmlSecMSCryptoSymKeyDataKlassCheck((data)->id))
+
+static int
+xmlSecMSCryptoSymKeyDataInitialize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecMSCryptoSymKeyDataCheckId(data), -1);
+
+ return(xmlSecKeyDataBinaryValueInitialize(data));
+}
+
+static int
+xmlSecMSCryptoSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecAssert2(xmlSecMSCryptoSymKeyDataCheckId(dst), -1);
+ xmlSecAssert2(xmlSecMSCryptoSymKeyDataCheckId(src), -1);
+ xmlSecAssert2(dst->id == src->id, -1);
+
+ return(xmlSecKeyDataBinaryValueDuplicate(dst, src));
+}
+
+static void
+xmlSecMSCryptoSymKeyDataFinalize(xmlSecKeyDataPtr data) {
+ xmlSecAssert(xmlSecMSCryptoSymKeyDataCheckId(data));
+
+ xmlSecKeyDataBinaryValueFinalize(data);
+}
+
+static int
+xmlSecMSCryptoSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(xmlSecMSCryptoSymKeyDataKlassCheck(id), -1);
+
+ return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx));
+}
+
+static int
+xmlSecMSCryptoSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(xmlSecMSCryptoSymKeyDataKlassCheck(id), -1);
+
+ return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx));
+}
+
+static int
+xmlSecMSCryptoSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ const unsigned char* buf, xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(xmlSecMSCryptoSymKeyDataKlassCheck(id), -1);
+
+ return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx));
+}
+
+static int
+xmlSecMSCryptoSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ unsigned char** buf, xmlSecSize* bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(xmlSecMSCryptoSymKeyDataKlassCheck(id), -1);
+
+ return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx));
+}
+
+static int
+xmlSecMSCryptoSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecMSCryptoSymKeyDataCheckId(data), -1);
+ xmlSecAssert2(sizeBits > 0, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ return(xmlSecMSCryptoGenerateRandom(buffer, (sizeBits + 7) / 8));
+}
+
+static xmlSecKeyDataType
+xmlSecMSCryptoSymKeyDataGetType(xmlSecKeyDataPtr data) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecMSCryptoSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown);
+
+ return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown);
+}
+
+static xmlSecSize
+xmlSecMSCryptoSymKeyDataGetSize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecMSCryptoSymKeyDataCheckId(data), 0);
+
+ return(xmlSecKeyDataBinaryValueGetSize(data));
+}
+
+static void
+xmlSecMSCryptoSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecMSCryptoSymKeyDataCheckId(data));
+
+ xmlSecKeyDataBinaryValueDebugDump(data, output);
+}
+
+static void
+xmlSecMSCryptoSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecMSCryptoSymKeyDataCheckId(data));
+
+ xmlSecKeyDataBinaryValueDebugXmlDump(data, output);
+}
+
+static int
+xmlSecMSCryptoSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) {
+
+#ifndef XMLSEC_NO_DES
+ if(klass == xmlSecMSCryptoKeyDataDesId) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_AES
+ if(klass == xmlSecMSCryptoKeyDataAesId) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_AES */
+
+#ifndef XMLSEC_NO_HMAC
+ if(klass == xmlSecMSCryptoKeyDataHmacId) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_HMAC */
+
+ {
+ return(0);
+ }
+
+ return(0);
+}
+
+
+/******************************************************************************
+ *
+ * Utils
+ *
+ * Low level helper routines for importing plain text keys in MS HKEY handle,
+ * since MSCrypto API does not support import of plain text (session) keys
+ * just like that. These functions are based upon MS kb article #228786
+ * and "Base Provider Key BLOBs" article for priv key blob format.
+ *
+ ******************************************************************************/
+BOOL
+xmlSecMSCryptoCreatePrivateExponentOneKey(HCRYPTPROV hProv, HCRYPTKEY *hPrivateKey)
+{
+ HCRYPTKEY hKey = 0;
+ LPBYTE keyBlob = NULL;
+ DWORD keyBlobLen;
+ PUBLICKEYSTRUC* pubKeyStruc;
+ RSAPUBKEY* rsaPubKey;
+ DWORD bitLen;
+ BYTE *ptr;
+ int n;
+ BOOL res = FALSE;
+
+ xmlSecAssert2(hProv != 0, FALSE);
+ xmlSecAssert2(hPrivateKey != NULL, FALSE);
+
+ /* just in case */
+ *hPrivateKey = 0;
+
+ /* Generate the private key */
+ if(!CryptGenKey(hProv, AT_KEYEXCHANGE, CRYPT_EXPORTABLE, &hKey)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGenKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* Export the private key, we'll convert it to a private exponent of one key */
+ if(!CryptExportKey(hKey, 0, PRIVATEKEYBLOB, 0, NULL, &keyBlobLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptExportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ keyBlob = (LPBYTE)xmlMalloc(sizeof(BYTE) * keyBlobLen);
+ if(keyBlob == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ if(!CryptExportKey(hKey, 0, PRIVATEKEYBLOB, 0, keyBlob, &keyBlobLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptExportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ CryptDestroyKey(hKey);
+ hKey = 0;
+
+ /* Get the bit length of the key */
+ if(keyBlobLen < sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptExportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "len=%ld", keyBlobLen);
+ goto done;
+ }
+ pubKeyStruc = (PUBLICKEYSTRUC*)keyBlob;
+ if(pubKeyStruc->bVersion != 0x02) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptExportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "pubKeyStruc->bVersion=%d", pubKeyStruc->bVersion);
+ goto done;
+ }
+ if(pubKeyStruc->bType != PRIVATEKEYBLOB) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptExportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "pubKeyStruc->bType=%d", (int)pubKeyStruc->bType);
+ goto done;
+ }
+
+ /* aleksey: don't ask me why it is RSAPUBKEY, just don't ask */
+ rsaPubKey = (RSAPUBKEY*)(keyBlob + sizeof(PUBLICKEYSTRUC));
+
+ /* check that we have RSA private key */
+ if(rsaPubKey->magic != 0x32415352) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptExportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "rsaPubKey->magic=0x%08lx", rsaPubKey->magic);
+ goto done;
+ }
+ bitLen = rsaPubKey->bitlen;
+
+ /* Modify the Exponent in Key BLOB format Key BLOB format is documented in SDK */
+ rsaPubKey->pubexp = 1;
+
+ /* Private-key BLOBs, type PRIVATEKEYBLOB, are used to store private keys outside a CSP.
+ * Base provider private-key BLOBs have the following format:
+ *
+ * PUBLICKEYSTRUC publickeystruc ;
+ * RSAPUBKEY rsapubkey;
+ * BYTE modulus[rsapubkey.bitlen/8]; 1/8
+ * BYTE prime1[rsapubkey.bitlen/16]; 1/16
+ * BYTE prime2[rsapubkey.bitlen/16]; 1/16
+ * BYTE exponent1[rsapubkey.bitlen/16]; 1/16
+ * BYTE exponent2[rsapubkey.bitlen/16]; 1/16
+ * BYTE coefficient[rsapubkey.bitlen/16]; 1/16
+ * BYTE privateExponent[rsapubkey.bitlen/8]; 1/8
+ */
+ if(keyBlobLen < sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY) + bitLen / 2 + bitLen / 16) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptExportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "len=%ld", keyBlobLen);
+ goto done;
+ }
+ ptr = (BYTE*)(keyBlob + sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY));
+
+ /* Skip modulus, prime1, prime2 */
+ ptr += bitLen / 8;
+ ptr += bitLen / 16;
+ ptr += bitLen / 16;
+
+ /* Convert exponent1 to 1 */
+ for (n = 0; n < (bitLen / 16); n++) {
+ if (n == 0) ptr[n] = 1;
+ else ptr[n] = 0;
+ }
+ ptr += bitLen / 16;
+
+ /* Convert exponent2 to 1 */
+ for (n = 0; n < (bitLen / 16); n++) {
+ if (n == 0) ptr[n] = 1;
+ else ptr[n] = 0;
+ }
+ ptr += bitLen / 16;
+
+ /* Skip coefficient */
+ ptr += bitLen / 16;
+
+ /* Convert privateExponent to 1 */
+ for (n = 0; n < (bitLen / 16); n++) {
+ if (n == 0) ptr[n] = 1;
+ else ptr[n] = 0;
+ }
+
+ /* Import the exponent-of-one private key. */
+ if (!CryptImportKey(hProv, keyBlob, keyBlobLen, 0, 0, &hKey)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptImportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ (*hPrivateKey) = hKey;
+ hKey = 0;
+ res = TRUE;
+
+done:
+ if(keyBlob != NULL) {
+ xmlFree(keyBlob);
+ }
+ if (hKey != 0) {
+ CryptDestroyKey(hKey);
+ }
+
+ return res;
+}
+
+BOOL
+xmlSecMSCryptoImportPlainSessionBlob(HCRYPTPROV hProv, HCRYPTKEY hPrivateKey,
+ ALG_ID dwAlgId, LPBYTE pbKeyMaterial,
+ DWORD dwKeyMaterial, BOOL bCheckKeyLength,
+ HCRYPTKEY *hSessionKey) {
+ ALG_ID dwPrivKeyAlg;
+ LPBYTE keyBlob = NULL;
+ DWORD keyBlobLen, rndBlobSize, dwSize, n;
+ PUBLICKEYSTRUC* pubKeyStruc;
+ ALG_ID* algId;
+ DWORD dwPublicKeySize;
+ DWORD dwProvSessionKeySize = 0;
+ LPBYTE pbPtr;
+ DWORD dwFlags;
+ PROV_ENUMALGS_EX ProvEnum;
+ HCRYPTKEY hTempKey = 0;
+ BOOL fFound;
+ BOOL res = FALSE;
+
+ xmlSecAssert2(hProv != 0, FALSE);
+ xmlSecAssert2(hPrivateKey != 0, FALSE);
+ xmlSecAssert2(pbKeyMaterial != NULL, FALSE);
+ xmlSecAssert2(dwKeyMaterial > 0, FALSE);
+ xmlSecAssert2(hSessionKey != NULL, FALSE);
+
+ /* Double check to see if this provider supports this algorithm and key size */
+ fFound = FALSE;
+ dwFlags = CRYPT_FIRST;
+ dwSize = sizeof(ProvEnum);
+ while(CryptGetProvParam(hProv, PP_ENUMALGS_EX, (LPBYTE)&ProvEnum, &dwSize, dwFlags)) {
+ if (ProvEnum.aiAlgid == dwAlgId) {
+ fFound = TRUE;
+ break;
+ }
+ dwSize = sizeof(ProvEnum);
+ dwFlags = 0;
+ }
+ if(!fFound) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGetProvParam",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "algId=%d is not supported", dwAlgId);
+ goto done;
+ }
+
+ if(bCheckKeyLength) {
+ /* We have to get the key size(including padding) from an HCRYPTKEY handle.
+ * PP_ENUMALGS_EX contains the key size without the padding so we can't use it.
+ */
+ if(!CryptGenKey(hProv, dwAlgId, 0, &hTempKey)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGenKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "algId=%d", dwAlgId);
+ goto done;
+ }
+
+ dwSize = sizeof(DWORD);
+ if(!CryptGetKeyParam(hTempKey, KP_KEYLEN, (LPBYTE)&dwProvSessionKeySize, &dwSize, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGetKeyParam(KP_KEYLEN)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "algId=%d", dwAlgId);
+ goto done;
+ }
+ CryptDestroyKey(hTempKey);
+ hTempKey = 0;
+
+ /* yell if key is too big */
+ if ((dwKeyMaterial * 8) > dwProvSessionKeySize) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "dwKeyMaterial=%ld;dwProvSessionKeySize=%ld",
+ dwKeyMaterial, dwProvSessionKeySize);
+ goto done;
+ }
+ } else {
+ dwProvSessionKeySize = dwKeyMaterial * 8;
+ }
+
+ /* Get private key's algorithm */
+ dwSize = sizeof(ALG_ID);
+ if(!CryptGetKeyParam(hPrivateKey, KP_ALGID, (LPBYTE)&dwPrivKeyAlg, &dwSize, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGetKeyParam(KP_ALGID)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "algId=%d", dwAlgId);
+ goto done;
+ }
+
+ /* Get private key's length in bits */
+ dwSize = sizeof(DWORD);
+ if(!CryptGetKeyParam(hPrivateKey, KP_KEYLEN, (LPBYTE)&dwPublicKeySize, &dwSize, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGetKeyParam(KP_KEYLEN)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "algId=%d", dwAlgId);
+ goto done;
+ }
+
+ /* 3 is for the first reserved byte after the key material and the 2 reserved bytes at the end. */
+ if(dwPublicKeySize / 8 < dwKeyMaterial + 3) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "dwKeyMaterial=%ld;dwPublicKeySize=%ld",
+ dwKeyMaterial, dwPublicKeySize);
+ goto done;
+ }
+ rndBlobSize = dwPublicKeySize / 8 - (dwKeyMaterial + 3);
+
+ /* Simple key BLOBs, type SIMPLEBLOB, are used to store and transport session keys outside a CSP.
+ * Base provider simple-key BLOBs are always encrypted with a key exchange public key. The pbData
+ * member of the SIMPLEBLOB is a sequence of bytes in the following format:
+ *
+ * PUBLICKEYSTRUC publickeystruc ;
+ * ALG_ID algid;
+ * BYTE encryptedkey[rsapubkey.bitlen/8];
+ */
+
+ /* calculate Simple blob's length */
+ keyBlobLen = sizeof(PUBLICKEYSTRUC) + sizeof(ALG_ID) + (dwPublicKeySize / 8);
+
+ /* allocate simple blob buffer */
+ keyBlob = (LPBYTE)xmlMalloc(sizeof(BYTE) * keyBlobLen);
+ if(keyBlob == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ memset(keyBlob, 0, keyBlobLen);
+
+ /* initialize PUBLICKEYSTRUC */
+ pubKeyStruc = (PUBLICKEYSTRUC*)(keyBlob);
+ pubKeyStruc->bType = SIMPLEBLOB;
+ pubKeyStruc->bVersion = 0x02;
+ pubKeyStruc->reserved = 0;
+ pubKeyStruc->aiKeyAlg = dwAlgId;
+
+ /* Copy private key algorithm to buffer */
+ algId = (ALG_ID*)(keyBlob + sizeof(PUBLICKEYSTRUC));
+ (*algId) = dwPrivKeyAlg;
+
+ /* Place the key material in reverse order */
+ pbPtr = (BYTE*)(keyBlob + sizeof(PUBLICKEYSTRUC) + sizeof(ALG_ID));
+ for (n = 0; n < dwKeyMaterial; n++) {
+ pbPtr[n] = pbKeyMaterial[dwKeyMaterial - n - 1];
+ }
+ pbPtr += dwKeyMaterial;
+
+ /* skip reserved byte */
+ pbPtr += 1;
+
+ /* Generate random data for the rest of the buffer */
+ if((rndBlobSize > 0) && !CryptGenRandom(hProv, rndBlobSize, pbPtr)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptGenRandom",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "rndBlobSize=%ld", rndBlobSize);
+ goto done;
+ }
+ /* aleksey: why are we doing this? */
+ for (n = 0; n < rndBlobSize; n++) {
+ if (pbPtr[n] == 0) pbPtr[n] = 1;
+ }
+
+ /* set magic number at the end */
+ keyBlob[keyBlobLen - 2] = 2;
+
+ if(!CryptImportKey(hProv, keyBlob , keyBlobLen, hPrivateKey, CRYPT_EXPORTABLE, hSessionKey)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CryptImportKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "algId=%d", dwAlgId);
+ goto done;
+ }
+
+ /* success */
+ res = TRUE;
+
+done:
+ if(hTempKey != 0) {
+ CryptDestroyKey(hTempKey);
+ }
+ if(keyBlob != NULL) {
+ xmlFree(keyBlob);
+ }
+ return(res);
+}
+
+#ifndef XMLSEC_NO_AES
+/**************************************************************************
+ *
+ * <xmlsec:AESKeyValue> processing
+ *
+ *************************************************************************/
+static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataAesKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecKeyDataBinarySize,
+
+ /* data */
+ xmlSecNameAESKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefAESKeyValue, /* const xmlChar* href; */
+ xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecMSCryptoSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecMSCryptoSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecMSCryptoSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecMSCryptoSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecMSCryptoSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecMSCryptoSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecMSCryptoSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecMSCryptoSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecMSCryptoSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ xmlSecMSCryptoSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecMSCryptoSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecMSCryptoSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoKeyDataAesGetKlass:
+ *
+ * The AES key data klass.
+ *
+ * Returns: AES key data klass.
+ */
+xmlSecKeyDataId
+xmlSecMSCryptoKeyDataAesGetKlass(void) {
+ return(&xmlSecMSCryptoKeyDataAesKlass);
+}
+
+/**
+ * xmlSecMSCryptoKeyDataAesSet:
+ * @data: the pointer to AES key data.
+ * @buf: the pointer to key value.
+ * @bufSize: the key value size (in bytes).
+ *
+ * Sets the value of AES key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecMSCryptoKeyDataAesSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataAesId), -1);
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(bufSize > 0, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ return(xmlSecBufferSetData(buffer, buf, bufSize));
+}
+#endif /* XMLSEC_NO_AES */
+
+#ifndef XMLSEC_NO_DES
+/**************************************************************************
+ *
+ * <xmlsec:DESKeyValue> processing
+ *
+ *************************************************************************/
+static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDesKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecKeyDataBinarySize,
+
+ /* data */
+ xmlSecNameDESKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefDESKeyValue, /* const xmlChar* href; */
+ xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecMSCryptoSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecMSCryptoSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecMSCryptoSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecMSCryptoSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecMSCryptoSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecMSCryptoSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecMSCryptoSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecMSCryptoSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecMSCryptoSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ xmlSecMSCryptoSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecMSCryptoSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecMSCryptoSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoKeyDataDesGetKlass:
+ *
+ * The DES key data klass.
+ *
+ * Returns: DES key data klass.
+ */
+xmlSecKeyDataId
+xmlSecMSCryptoKeyDataDesGetKlass(void) {
+ return(&xmlSecMSCryptoKeyDataDesKlass);
+}
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_HMAC
+/**************************************************************************
+ *
+ * <xmlsec:HMACKeyValue> processing
+ *
+ *************************************************************************/
+static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataHmacKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecKeyDataBinarySize,
+
+ /* data */
+ xmlSecNameHMACKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefHMACKeyValue, /* const xmlChar* href; */
+ xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecMSCryptoSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecMSCryptoSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecMSCryptoSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecMSCryptoSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecMSCryptoSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecMSCryptoSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecMSCryptoSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecMSCryptoSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecMSCryptoSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ xmlSecMSCryptoSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecMSCryptoSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecMSCryptoSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoKeyDataHmacGetKlass:
+ *
+ * The HMAC key data klass.
+ *
+ * Returns: HMAC key data klass.
+ */
+xmlSecKeyDataId
+xmlSecMSCryptoKeyDataHmacGetKlass(void) {
+ return(&xmlSecMSCryptoKeyDataHmacKlass);
+}
+
+/**
+ * xmlSecMSCryptoKeyDataHmacSet:
+ * @data: the pointer to HMAC key data.
+ * @buf: the pointer to key value.
+ * @bufSize: the key value size (in bytes).
+ *
+ * Sets the value of HMAC key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecMSCryptoKeyDataHmacSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataHmacId), -1);
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(bufSize > 0, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ return(xmlSecBufferSetData(buffer, buf, bufSize));
+}
+
+
+#endif /* XMLSEC_NO_HMAC */
+
+
+
diff --git a/src/mscrypto/x509.c b/src/mscrypto/x509.c
new file mode 100644
index 00000000..5ae025f6
--- /dev/null
+++ b/src/mscrypto/x509.c
@@ -0,0 +1,2281 @@
+/**
+ * XMLSec library
+ *
+ * X509 support
+ *
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
+ * Copyright (C) 2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+
+#include "globals.h"
+
+#ifndef XMLSEC_NO_X509
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+#include <time.h>
+
+#include <windows.h>
+#include <wincrypt.h>
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/x509.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/bn.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/mscrypto/crypto.h>
+#include <xmlsec/mscrypto/x509.h>
+#include <xmlsec/mscrypto/certkeys.h>
+#include "private.h"
+
+
+/*************************************************************************
+ *
+ * X509 utility functions
+ *
+ ************************************************************************/
+static int xmlSecMSCryptoX509DataNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoX509CertificateNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoX509CertificateNodeWrite (PCCERT_CONTEXT cert,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoX509SubjectNameNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoX509SubjectNameNodeWrite (PCCERT_CONTEXT cert,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoX509IssuerSerialNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoX509IssuerSerialNodeWrite (PCCERT_CONTEXT cert,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoX509SKINodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoX509SKINodeWrite (PCCERT_CONTEXT cert,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoX509CRLNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoX509CRLNodeWrite (PCCRL_CONTEXT crl,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data,
+ xmlSecKeyPtr key,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+
+static PCCERT_CONTEXT xmlSecMSCryptoX509CertDerRead (const xmlSecByte* buf,
+ xmlSecSize size);
+static PCCERT_CONTEXT xmlSecMSCryptoX509CertBase64DerRead (xmlChar* buf);
+static xmlChar* xmlSecMSCryptoX509CertBase64DerWrite (PCCERT_CONTEXT cert,
+ int base64LineWrap);
+static PCCRL_CONTEXT xmlSecMSCryptoX509CrlDerRead (xmlSecByte* buf,
+ xmlSecSize size,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static PCCRL_CONTEXT xmlSecMSCryptoX509CrlBase64DerRead (xmlChar* buf,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static xmlChar* xmlSecMSCryptoX509CrlBase64DerWrite (PCCRL_CONTEXT crl,
+ int base64LineWrap);
+static xmlChar* xmlSecMSCryptoX509NameWrite(PCERT_NAME_BLOB nm);
+static int xmlSecMSCryptoASN1IntegerWrite (xmlNodePtr node,
+ PCRYPT_INTEGER_BLOB num);
+static xmlChar* xmlSecMSCryptoX509SKIWrite (PCCERT_CONTEXT cert);
+static void xmlSecMSCryptoX509CertDebugDump (PCCERT_CONTEXT cert,
+ FILE* output);
+static void xmlSecMSCryptoX509CertDebugXmlDump (PCCERT_CONTEXT cert,
+ FILE* output);
+static int xmlSecMSCryptoX509CertGetTime (FILETIME t,
+ time_t* res);
+
+/*************************************************************************
+ *
+ * Internal MSCrypto X509 data CTX
+ *
+ ************************************************************************/
+typedef struct _xmlSecMSCryptoX509DataCtx xmlSecMSCryptoX509DataCtx,
+ *xmlSecMSCryptoX509DataCtxPtr;
+
+struct _xmlSecMSCryptoX509DataCtx {
+ PCCERT_CONTEXT keyCert;
+
+ HCERTSTORE hMemStore;
+ unsigned int numCerts;
+ unsigned int numCrls;
+};
+
+/**************************************************************************
+ *
+ * <dsig:X509Data> processing
+ *
+ *
+ * The X509Data Element (http://www.w3.org/TR/xmldsig-core/#sec-X509Data)
+ *
+ * An X509Data element within KeyInfo contains one or more identifiers of keys
+ * or X509 certificates (or certificates' identifiers or a revocation list).
+ * The content of X509Data is:
+ *
+ * 1. At least one element, from the following set of element types; any of these may appear together or more than once iff (if and only if) each instance describes or is related to the same certificate:
+ * 2.
+ * * The X509IssuerSerial element, which contains an X.509 issuer
+ * distinguished name/serial number pair that SHOULD be compliant
+ * with RFC2253 [LDAP-DN],
+ * * The X509SubjectName element, which contains an X.509 subject
+ * distinguished name that SHOULD be compliant with RFC2253 [LDAP-DN],
+ * * The X509SKI element, which contains the base64 encoded plain (i.e.
+ * non-DER-encoded) value of a X509 V.3 SubjectKeyIdentifier extension.
+ * * The X509Certificate element, which contains a base64-encoded [X509v3]
+ * certificate, and
+ * * Elements from an external namespace which accompanies/complements any
+ * of the elements above.
+ * * The X509CRL element, which contains a base64-encoded certificate
+ * revocation list (CRL) [X509v3].
+ *
+ * Any X509IssuerSerial, X509SKI, and X509SubjectName elements that appear
+ * MUST refer to the certificate or certificates containing the validation key.
+ * All such elements that refer to a particular individual certificate MUST be
+ * grouped inside a single X509Data element and if the certificate to which
+ * they refer appears, it MUST also be in that X509Data element.
+ *
+ * Any X509IssuerSerial, X509SKI, and X509SubjectName elements that relate to
+ * the same key but different certificates MUST be grouped within a single
+ * KeyInfo but MAY occur in multiple X509Data elements.
+ *
+ * All certificates appearing in an X509Data element MUST relate to the
+ * validation key by either containing it or being part of a certification
+ * chain that terminates in a certificate containing the validation key.
+ *
+ * No ordering is implied by the above constraints.
+ *
+ * Note, there is no direct provision for a PKCS#7 encoded "bag" of
+ * certificates or CRLs. However, a set of certificates and CRLs can occur
+ * within an X509Data element and multiple X509Data elements can occur in a
+ * KeyInfo. Whenever multiple certificates occur in an X509Data element, at
+ * least one such certificate must contain the public key which verifies the
+ * signature.
+ *
+ * Schema Definition
+ *
+ * <element name="X509Data" type="ds:X509DataType"/>
+ * <complexType name="X509DataType">
+ * <sequence maxOccurs="unbounded">
+ * <choice>
+ * <element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/>
+ * <element name="X509SKI" type="base64Binary"/>
+ * <element name="X509SubjectName" type="string"/>
+ * <element name="X509Certificate" type="base64Binary"/>
+ * <element name="X509CRL" type="base64Binary"/>
+ * <any namespace="##other" processContents="lax"/>
+ * </choice>
+ * </sequence>
+ * </complexType>
+ * <complexType name="X509IssuerSerialType">
+ * <sequence>
+ * <element name="X509IssuerName" type="string"/>
+ * <element name="X509SerialNumber" type="integer"/>
+ * </sequence>
+ * </complexType>
+ *
+ * DTD
+ *
+ * <!ELEMENT X509Data ((X509IssuerSerial | X509SKI | X509SubjectName |
+ * X509Certificate | X509CRL)+ %X509.ANY;)>
+ * <!ELEMENT X509IssuerSerial (X509IssuerName, X509SerialNumber) >
+ * <!ELEMENT X509IssuerName (#PCDATA) >
+ * <!ELEMENT X509SubjectName (#PCDATA) >
+ * <!ELEMENT X509SerialNumber (#PCDATA) >
+ * <!ELEMENT X509SKI (#PCDATA) >
+ * <!ELEMENT X509Certificate (#PCDATA) >
+ * <!ELEMENT X509CRL (#PCDATA) >
+ *
+ * -----------------------------------------------------------------------
+ *
+ * xmlSecMSCryptoX509DataCtx is located after xmlSecTransform
+ *
+ *************************************************************************/
+#define xmlSecMSCryptoX509DataSize \
+ (sizeof(xmlSecKeyData) + sizeof(xmlSecMSCryptoX509DataCtx))
+#define xmlSecMSCryptoX509DataGetCtx(data) \
+ ((xmlSecMSCryptoX509DataCtxPtr)(((xmlSecByte*)(data)) + sizeof(xmlSecKeyData)))
+
+static int xmlSecMSCryptoKeyDataX509Initialize (xmlSecKeyDataPtr data);
+static int xmlSecMSCryptoKeyDataX509Duplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecMSCryptoKeyDataX509Finalize (xmlSecKeyDataPtr data);
+static int xmlSecMSCryptoKeyDataX509XmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecMSCryptoKeyDataX509XmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static xmlSecKeyDataType xmlSecMSCryptoKeyDataX509GetType (xmlSecKeyDataPtr data);
+static const xmlChar* xmlSecMSCryptoKeyDataX509GetIdentifier (xmlSecKeyDataPtr data);
+
+static void xmlSecMSCryptoKeyDataX509DebugDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecMSCryptoKeyDataX509DebugXmlDump (xmlSecKeyDataPtr data,
+ FILE* output);
+
+
+
+static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataX509Klass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecMSCryptoX509DataSize,
+
+ /* data */
+ xmlSecNameX509Data,
+ xmlSecKeyDataUsageKeyInfoNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefX509Data, /* const xmlChar* href; */
+ xmlSecNodeX509Data, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecMSCryptoKeyDataX509Initialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecMSCryptoKeyDataX509Duplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecMSCryptoKeyDataX509Finalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ NULL, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecMSCryptoKeyDataX509GetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
+ xmlSecMSCryptoKeyDataX509GetIdentifier, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecMSCryptoKeyDataX509XmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecMSCryptoKeyDataX509XmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecMSCryptoKeyDataX509DebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecMSCryptoKeyDataX509DebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoKeyDataX509GetKlass:
+ *
+ * The MSCrypto X509 key data klass (http://www.w3.org/TR/xmldsig-core/#sec-X509Data).
+ *
+ * Returns: the X509 data klass.
+ */
+xmlSecKeyDataId
+xmlSecMSCryptoKeyDataX509GetKlass(void) {
+ return(&xmlSecMSCryptoKeyDataX509Klass);
+}
+
+/**
+ * xmlSecMSCryptoKeyDataX509GetKeyCert:
+ * @data: the pointer to X509 key data.
+ *
+ * Gets the certificate from which the key was extracted.
+ *
+ * Returns: the key's certificate or NULL if key data was not used for key
+ * extraction or an error occurs.
+ */
+PCCERT_CONTEXT
+xmlSecMSCryptoKeyDataX509GetKeyCert(xmlSecKeyDataPtr data) {
+ xmlSecMSCryptoX509DataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), NULL);
+
+ ctx = xmlSecMSCryptoX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, NULL);
+
+ return(ctx->keyCert);
+}
+
+/**
+ * xmlSecMSCryptoKeyDataX509AdoptKeyCert:
+ * @data: the pointer to X509 key data.
+ * @cert: the pointer to MSCRYPTO X509 certificate.
+ *
+ * Sets the key's certificate in @data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecMSCryptoKeyDataX509AdoptKeyCert(xmlSecKeyDataPtr data, PCCERT_CONTEXT cert) {
+ xmlSecMSCryptoX509DataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), -1);
+ xmlSecAssert2(cert != NULL, -1);
+
+ ctx = xmlSecMSCryptoX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if(ctx->keyCert != NULL) {
+ CertFreeCertificateContext(ctx->keyCert);
+ ctx->keyCert = 0;
+ }
+ ctx->keyCert = cert;
+
+ return(0);
+}
+
+/**
+ * xmlSecMSCryptoKeyDataX509AdoptCert:
+ * @data: the pointer to X509 key data.
+ * @cert: the pointer to MSCRYPTO X509 certificate.
+ *
+ * Adds certificate to the X509 key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecMSCryptoKeyDataX509AdoptCert(xmlSecKeyDataPtr data, PCCERT_CONTEXT cert) {
+ xmlSecMSCryptoX509DataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), -1);
+ xmlSecAssert2(cert != NULL, -1);
+
+ ctx = xmlSecMSCryptoX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->hMemStore != 0, -1);
+
+ if (!CertAddCertificateContextToStore(ctx->hMemStore, cert, CERT_STORE_ADD_ALWAYS, NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "CertAddCertificateContextToStore",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ CertFreeCertificateContext(cert);
+ ctx->numCerts++;
+
+ return(0);
+}
+
+/**
+ * xmlSecMSCryptoKeyDataX509GetCert:
+ * @data: the pointer to X509 key data.
+ * @pos: the desired certificate position.
+ *
+ * Gets a certificate from X509 key data.
+ *
+ * Returns: the pointer to certificate or NULL if @pos is larger than the
+ * number of certificates in @data or an error occurs.
+ */
+PCCERT_CONTEXT
+xmlSecMSCryptoKeyDataX509GetCert(xmlSecKeyDataPtr data, xmlSecSize pos) {
+ xmlSecMSCryptoX509DataCtxPtr ctx;
+ PCCERT_CONTEXT pCert = NULL;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), NULL);
+
+ ctx = xmlSecMSCryptoX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, NULL);
+ xmlSecAssert2(ctx->hMemStore != 0, NULL);
+ xmlSecAssert2(ctx->numCerts > pos, NULL);
+
+ while ((pCert = CertEnumCertificatesInStore(ctx->hMemStore, pCert)) && (pos > 0)) {
+ pos--;
+ }
+
+ return(pCert);
+}
+
+/**
+ * xmlSecMSCryptoKeyDataX509GetCertsSize:
+ * @data: the pointer to X509 key data.
+ *
+ * Gets the number of certificates in @data.
+ *
+ * Returns: te number of certificates in @data.
+ */
+xmlSecSize
+xmlSecMSCryptoKeyDataX509GetCertsSize(xmlSecKeyDataPtr data) {
+ xmlSecMSCryptoX509DataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), 0);
+
+ ctx = xmlSecMSCryptoX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, 0);
+
+ return(ctx->numCerts);
+}
+
+/**
+ * xmlSecMSCryptoKeyDataX509AdoptCrl:
+ * @data: the pointer to X509 key data.
+ * @crl: the pointer to MSCrypto X509 CRL.
+ *
+ * Adds CRL to the X509 key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecMSCryptoKeyDataX509AdoptCrl(xmlSecKeyDataPtr data, PCCRL_CONTEXT crl) {
+ xmlSecMSCryptoX509DataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), -1);
+ xmlSecAssert2(crl != 0, -1);
+
+ ctx = xmlSecMSCryptoX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->hMemStore != 0, -1);
+
+ if (!CertAddCRLContextToStore(ctx->hMemStore, crl, CERT_STORE_ADD_ALWAYS, NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "CertAddCRLContextToStore",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ ctx->numCrls++;
+
+ return(0);
+}
+
+/**
+ * xmlSecMSCryptoKeyDataX509GetCrl:
+ * @data: the pointer to X509 key data.
+ * @pos: the desired CRL position.
+ *
+ * Gets a CRL from X509 key data.
+ *
+ * Returns: the pointer to CRL or NULL if @pos is larger than the
+ * number of CRLs in @data or an error occurs.
+ */
+PCCRL_CONTEXT
+xmlSecMSCryptoKeyDataX509GetCrl(xmlSecKeyDataPtr data, xmlSecSize pos) {
+ xmlSecMSCryptoX509DataCtxPtr ctx;
+ PCCRL_CONTEXT pCRL = NULL;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), NULL);
+ ctx = xmlSecMSCryptoX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, NULL);
+ xmlSecAssert2(ctx->hMemStore != 0, NULL);
+ xmlSecAssert2(ctx->numCrls > pos, NULL);
+
+ while ((pCRL = CertEnumCRLsInStore(ctx->hMemStore, pCRL)) && (pos > 0)) {
+ pos--;
+ }
+
+ return(pCRL);
+}
+
+/**
+ * xmlSecMSCryptoKeyDataX509GetCrlsSize:
+ * @data: the pointer to X509 key data.
+ *
+ * Gets the number of CRLs in @data.
+ *
+ * Returns: te number of CRLs in @data.
+ */
+xmlSecSize
+xmlSecMSCryptoKeyDataX509GetCrlsSize(xmlSecKeyDataPtr data) {
+ xmlSecMSCryptoX509DataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), 0);
+
+ ctx = xmlSecMSCryptoX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, 0);
+
+ return(ctx->numCrls);
+}
+
+static int
+xmlSecMSCryptoKeyDataX509Initialize(xmlSecKeyDataPtr data) {
+ xmlSecMSCryptoX509DataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), -1);
+
+ ctx = xmlSecMSCryptoX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecMSCryptoX509DataCtx));
+
+ ctx->hMemStore = CertOpenStore(CERT_STORE_PROV_MEMORY,
+ 0,
+ 0,
+ CERT_STORE_CREATE_NEW_FLAG,
+ NULL);
+ if (ctx->hMemStore == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "CertOpenStore",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecMSCryptoKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ PCCERT_CONTEXT certSrc, certDst;
+ PCCRL_CONTEXT crlSrc, crlDst;
+ xmlSecSize size, pos;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecMSCryptoKeyDataX509Id), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecMSCryptoKeyDataX509Id), -1);
+
+ /* copy certsList */
+ size = xmlSecMSCryptoKeyDataX509GetCertsSize(src);
+ for(pos = 0; pos < size; ++pos) {
+ /* TBD: function below does linear scan, eliminate loop within
+ * loop
+ */
+ certSrc = xmlSecMSCryptoKeyDataX509GetCert(src, pos);
+ if(certSrc == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)),
+ "xmlSecMSCryptoKeyDataX509GetCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+
+ certDst = CertDuplicateCertificateContext(certSrc);
+ if(certDst == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "CertDuplicateCertificateContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecMSCryptoKeyDataX509AdoptCert(dst, certDst);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "xmlSecMSCryptoKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CertFreeCertificateContext(certDst);
+ return(-1);
+ }
+ }
+
+ /* copy crls */
+ size = xmlSecMSCryptoKeyDataX509GetCrlsSize(src);
+ for(pos = 0; pos < size; ++pos) {
+ crlSrc = xmlSecMSCryptoKeyDataX509GetCrl(src, pos);
+ if(crlSrc == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)),
+ "xmlSecMSCryptoKeyDataX509GetCrl",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+
+ crlDst = CertDuplicateCRLContext(crlSrc);
+ if(crlDst == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "CertDuplicateCRLContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecMSCryptoKeyDataX509AdoptCrl(dst, crlDst);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "xmlSecMSCryptoKeyDataX509AdoptCrl",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CertFreeCRLContext(crlDst);
+ return(-1);
+ }
+ }
+
+ /* copy key cert if exist */
+ certSrc = xmlSecMSCryptoKeyDataX509GetKeyCert(src);
+ if(certSrc != NULL) {
+ certDst = CertDuplicateCertificateContext(certSrc);
+ if(certDst == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "CertDuplicateCertificateContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ ret = xmlSecMSCryptoKeyDataX509AdoptKeyCert(dst, certDst);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "xmlSecMSCryptoKeyDataX509AdoptKeyCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CertFreeCertificateContext(certDst);
+ return(-1);
+ }
+ }
+ return(0);
+}
+
+static void
+xmlSecMSCryptoKeyDataX509Finalize(xmlSecKeyDataPtr data) {
+ xmlSecMSCryptoX509DataCtxPtr ctx;
+
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id));
+
+ ctx = xmlSecMSCryptoX509DataGetCtx(data);
+ xmlSecAssert(ctx != NULL);
+
+ if(ctx->keyCert != NULL) {
+ CertFreeCertificateContext(ctx->keyCert);
+ ctx->keyCert = NULL;
+ }
+
+ if (ctx->hMemStore != 0) {
+ if (!CertCloseStore(ctx->hMemStore, CERT_CLOSE_STORE_FORCE_FLAG)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertCloseStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return;
+ }
+ }
+
+ memset(ctx, 0, sizeof(xmlSecMSCryptoX509DataCtx));
+}
+
+static int
+xmlSecMSCryptoKeyDataX509XmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataPtr data;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecMSCryptoKeyDataX509Id, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ data = xmlSecKeyEnsureData(key, id);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyEnsureData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecMSCryptoX509DataNodeRead(data, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecMSCryptoX509DataNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS) == 0) {
+ ret = xmlSecMSCryptoKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecMSCryptoKeyDataX509VerifyAndExtractKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ return(0);
+}
+
+static int
+xmlSecMSCryptoKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataPtr data;
+ PCCERT_CONTEXT cert;
+ PCCRL_CONTEXT crl;
+ xmlSecSize size, pos;
+ int content = 0;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecMSCryptoKeyDataX509Id, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx);
+ if (content < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecX509DataGetNodeContent",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "content=%d", content);
+ return(-1);
+ } else if(content == 0) {
+ /* by default we are writing certificates and crls */
+ content = XMLSEC_X509DATA_DEFAULT;
+ }
+
+ /* get x509 data */
+ data = xmlSecKeyGetData(key, id);
+ if(data == NULL) {
+ /* no x509 data in the key */
+ return(0);
+ }
+
+ /* write certs */
+ size = xmlSecMSCryptoKeyDataX509GetCertsSize(data);
+ for(pos = 0; pos < size; ++pos) {
+ cert = xmlSecMSCryptoKeyDataX509GetCert(data, pos);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecMSCryptoKeyDataX509GetCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+
+ if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) {
+ ret = xmlSecMSCryptoX509CertificateNodeWrite(cert, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecMSCryptoX509CertificateNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+
+ if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) {
+ ret = xmlSecMSCryptoX509SubjectNameNodeWrite(cert, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecMSCryptoX509SubjectNameNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+
+ if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) {
+ ret = xmlSecMSCryptoX509IssuerSerialNodeWrite(cert, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecMSCryptoX509IssuerSerialNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+
+ if((content & XMLSEC_X509DATA_SKI_NODE) != 0) {
+ ret = xmlSecMSCryptoX509SKINodeWrite(cert, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecMSCryptoX509SKINodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+ }
+
+ /* write crls if needed */
+ if((content & XMLSEC_X509DATA_CRL_NODE) != 0) {
+ size = xmlSecMSCryptoKeyDataX509GetCrlsSize(data);
+ for(pos = 0; pos < size; ++pos) {
+ crl = xmlSecMSCryptoKeyDataX509GetCrl(data, pos);
+ if(crl == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecMSCryptoKeyDataX509GetCrl",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+
+ ret = xmlSecMSCryptoX509CRLNodeWrite(crl, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecMSCryptoX509CRLNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+ }
+
+ return(0);
+}
+
+static xmlSecKeyDataType
+xmlSecMSCryptoKeyDataX509GetType(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), xmlSecKeyDataTypeUnknown);
+
+ /* TODO: return verified/not verified status */
+ return(xmlSecKeyDataTypeUnknown);
+}
+
+static const xmlChar*
+xmlSecMSCryptoKeyDataX509GetIdentifier(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), NULL);
+
+ /* TODO */
+ return(NULL);
+}
+
+static void
+xmlSecMSCryptoKeyDataX509DebugDump(xmlSecKeyDataPtr data, FILE* output) {
+ PCCERT_CONTEXT cert;
+ xmlSecSize size, pos;
+
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "=== X509 Data:\n");
+ cert = xmlSecMSCryptoKeyDataX509GetKeyCert(data);
+ if(cert != NULL) {
+ fprintf(output, "==== Key Certificate:\n");
+ xmlSecMSCryptoX509CertDebugDump(cert, output);
+ }
+
+ size = xmlSecMSCryptoKeyDataX509GetCertsSize(data);
+ for(pos = 0; pos < size; ++pos) {
+ cert = xmlSecMSCryptoKeyDataX509GetCert(data, pos);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoKeyDataX509GetCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return;
+ }
+ fprintf(output, "==== Certificate:\n");
+ xmlSecMSCryptoX509CertDebugDump(cert, output);
+ }
+
+ /* we don't print out crls */
+}
+
+static void
+xmlSecMSCryptoKeyDataX509DebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+ PCCERT_CONTEXT cert;
+ xmlSecSize size, pos;
+
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "<X509Data>\n");
+ cert = xmlSecMSCryptoKeyDataX509GetKeyCert(data);
+ if(cert != NULL) {
+ fprintf(output, "<KeyCertificate>\n");
+ xmlSecMSCryptoX509CertDebugXmlDump(cert, output);
+ fprintf(output, "</KeyCertificate>\n");
+ }
+
+ size = xmlSecMSCryptoKeyDataX509GetCertsSize(data);
+ for(pos = 0; pos < size; ++pos) {
+ cert = xmlSecMSCryptoKeyDataX509GetCert(data, pos);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoKeyDataX509GetCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return;
+ }
+ fprintf(output, "<Certificate>\n");
+ xmlSecMSCryptoX509CertDebugXmlDump(cert, output);
+ fprintf(output, "</Certificate>\n");
+ }
+
+ /* we don't print out crls */
+ fprintf(output, "</X509Data>\n");
+}
+
+static int
+xmlSecMSCryptoX509DataNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ for(cur = xmlSecGetNextElementNode(node->children);
+ cur != NULL;
+ cur = xmlSecGetNextElementNode(cur->next)) {
+
+ ret = 0;
+ if(xmlSecCheckNodeName(cur, xmlSecNodeX509Certificate, xmlSecDSigNs)) {
+ ret = xmlSecMSCryptoX509CertificateNodeRead(data, cur, keyInfoCtx);
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) {
+ ret = xmlSecMSCryptoX509SubjectNameNodeRead(data, cur, keyInfoCtx);
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) {
+ ret = xmlSecMSCryptoX509IssuerSerialNodeRead(data, cur, keyInfoCtx);
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) {
+ ret = xmlSecMSCryptoX509SKINodeRead(data, cur, keyInfoCtx);
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) {
+ ret = xmlSecMSCryptoX509CRLNodeRead(data, cur, keyInfoCtx);
+ } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD) != 0) {
+ /* laxi schema validation: ignore unknown nodes */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "read node failed");
+ return(-1);
+ }
+ }
+ return(0);
+}
+
+static int
+xmlSecMSCryptoX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlChar *content;
+ PCCERT_CONTEXT cert;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ content = xmlNodeGetContent(node);
+ if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
+ if(content != NULL) {
+ xmlFree(content);
+ }
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+ }
+
+ cert = xmlSecMSCryptoX509CertBase64DerRead(content);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoX509CertBase64DerRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(content);
+ return(-1);
+ }
+
+ ret = xmlSecMSCryptoKeyDataX509AdoptCert(data, cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CertFreeCertificateContext(cert);
+ xmlFree(content);
+ return(-1);
+ }
+
+ xmlFree(content);
+ return(0);
+}
+
+static int
+xmlSecMSCryptoX509CertificateNodeWrite(PCCERT_CONTEXT cert, xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlChar* buf;
+ xmlNodePtr cur;
+
+ xmlSecAssert2(cert != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ /* set base64 lines size from context */
+ buf = xmlSecMSCryptoX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoX509CertBase64DerWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
+ xmlFree(buf);
+ return(-1);
+ }
+
+ /* todo: add \n around base64 data - from context */
+ /* todo: add errors check */
+ xmlNodeSetContent(cur, xmlSecStringCR);
+ xmlNodeSetContent(cur, buf);
+ xmlFree(buf);
+ return(0);
+}
+
+static int
+xmlSecMSCryptoX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataStorePtr x509Store;
+ xmlChar* subject;
+ PCCERT_CONTEXT cert;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyInfoCtx->keysMngr != NULL, -1);
+
+ x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecMSCryptoX509StoreId);
+ if(x509Store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ subject = xmlNodeGetContent(node);
+ if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) {
+ if(subject != NULL) {
+ xmlFree(subject);
+ }
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+ }
+
+ cert = xmlSecMSCryptoX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx);
+ if(cert == NULL){
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_FOUND,
+ "subject=%s",
+ xmlSecErrorsSafeString(subject));
+ xmlFree(subject);
+ return(-1);
+ }
+ xmlFree(subject);
+ return(0);
+ }
+
+ ret = xmlSecMSCryptoKeyDataX509AdoptCert(data, cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CertFreeCertificateContext(cert);
+ xmlFree(subject);
+ return(-1);
+ }
+
+ xmlFree(subject);
+ return(0);
+}
+
+static int
+xmlSecMSCryptoX509SubjectNameNodeWrite(PCCERT_CONTEXT cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
+ xmlChar* buf = NULL;
+ xmlNodePtr cur = NULL;
+
+ xmlSecAssert2(cert != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ buf = xmlSecMSCryptoX509NameWrite(&(cert->pCertInfo->Subject));
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoX509NameWrite(&(cert->pCertInfo->Subject))",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SubjectName));
+ xmlFree(buf);
+ return(-1);
+ }
+ xmlSecNodeEncodeAndSetContent(cur, buf);
+ xmlFree(buf);
+ return(0);
+}
+
+static int
+xmlSecMSCryptoX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataStorePtr x509Store;
+ xmlNodePtr cur;
+ xmlChar *issuerName;
+ xmlChar *issuerSerial;
+ PCCERT_CONTEXT cert;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyInfoCtx->keysMngr != NULL, -1);
+
+ x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecMSCryptoX509StoreId);
+ if(x509Store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ cur = xmlSecGetNextElementNode(node->children);
+ if(cur == NULL) {
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+ return(0);
+ }
+
+ /* the first is required node X509IssuerName */
+ if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+ issuerName = xmlNodeGetContent(cur);
+ if(issuerName == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ /* next is required node X509SerialNumber */
+ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
+ xmlFree(issuerName);
+ return(-1);
+ }
+ issuerSerial = xmlNodeGetContent(cur);
+ if(issuerSerial == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ xmlFree(issuerName);
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(-1);
+ }
+
+ cert = xmlSecMSCryptoX509StoreFindCert(x509Store, NULL, issuerName, issuerSerial, NULL, keyInfoCtx);
+ if(cert == NULL){
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_FOUND,
+ "issuerName=%s;issuerSerial=%s",
+ xmlSecErrorsSafeString(issuerName),
+ xmlSecErrorsSafeString(issuerSerial));
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(-1);
+ }
+
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(0);
+ }
+
+ ret = xmlSecMSCryptoKeyDataX509AdoptCert(data, cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CertFreeCertificateContext(cert);
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(-1);
+ }
+
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(0);
+}
+
+static int
+xmlSecMSCryptoX509IssuerSerialNodeWrite(PCCERT_CONTEXT cert,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
+ xmlNodePtr cur;
+ xmlNodePtr issuerNameNode;
+ xmlNodePtr issuerNumberNode;
+ xmlChar* buf;
+ int ret;
+
+ xmlSecAssert2(cert != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* create xml nodes */
+ cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial));
+ return(-1);
+ }
+
+ issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs);
+ if(issuerNameNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
+ return(-1);
+ }
+
+ issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs);
+ if(issuerNumberNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
+ return(-1);
+ }
+
+ /* write data */
+ buf = xmlSecMSCryptoX509NameWrite(&(cert->pCertInfo->Issuer));
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoX509NameWrite(&(cert->pCertInfo->Issuer))",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ xmlSecNodeEncodeAndSetContent(issuerNameNode, buf);
+ xmlFree(buf);
+
+ ret = xmlSecMSCryptoASN1IntegerWrite(issuerNumberNode, &(cert->pCertInfo->SerialNumber));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoASN1IntegerWrite(&(cert->serialNumber))",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+static int
+xmlSecMSCryptoX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataStorePtr x509Store;
+ xmlChar* ski;
+ PCCERT_CONTEXT cert;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyInfoCtx->keysMngr != NULL, -1);
+
+ x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecMSCryptoX509StoreId);
+ if(x509Store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ski = xmlNodeGetContent(node);
+ if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) {
+ if(ski != NULL) {
+ xmlFree(ski);
+ }
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SKI));
+ return(-1);
+ }
+ return(0);
+ }
+
+ cert = xmlSecMSCryptoX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx);
+ if(cert == NULL){
+ xmlFree(ski);
+
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_FOUND,
+ "ski=%s",
+ xmlSecErrorsSafeString(ski));
+ return(-1);
+ }
+ return(0);
+ }
+
+ ret = xmlSecMSCryptoKeyDataX509AdoptCert(data, cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CertFreeCertificateContext(cert);
+ xmlFree(ski);
+ return(-1);
+ }
+
+ xmlFree(ski);
+ return(0);
+}
+
+static int
+xmlSecMSCryptoX509SKINodeWrite(PCCERT_CONTEXT cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
+ xmlChar *buf = NULL;
+ xmlNodePtr cur = NULL;
+
+ xmlSecAssert2(cert != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ buf = xmlSecMSCryptoX509SKIWrite(cert);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoX509SKIWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "new_node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SKI));
+ xmlFree(buf);
+ return(-1);
+ }
+ xmlSecNodeEncodeAndSetContent(cur, buf);
+ xmlFree(buf);
+
+ return(0);
+}
+
+static int
+xmlSecMSCryptoX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlChar *content;
+ PCCRL_CONTEXT crl;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ content = xmlNodeGetContent(node);
+ if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
+ if(content != NULL) {
+ xmlFree(content);
+ }
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+ }
+
+ crl = xmlSecMSCryptoX509CrlBase64DerRead(content, keyInfoCtx);
+ if(crl == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoX509CrlBase64DerRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(content);
+ return(-1);
+ }
+
+ if (0 != xmlSecMSCryptoKeyDataX509AdoptCrl(data, crl)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoKeyDataX509AdoptCrl",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(content);
+ CertFreeCRLContext(crl);
+ return(-1);
+ }
+
+ xmlFree(content);
+ return(0);
+}
+
+static int
+xmlSecMSCryptoX509CRLNodeWrite(PCCRL_CONTEXT crl, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlChar* buf = NULL;
+ xmlNodePtr cur = NULL;
+
+ xmlSecAssert2(crl != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ /* set base64 lines size from context */
+ buf = xmlSecMSCryptoX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoX509CrlBase64DerWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "new_node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509CRL));
+ xmlFree(buf);
+ return(-1);
+ }
+ /* todo: add \n around base64 data - from context */
+ /* todo: add errors check */
+ xmlNodeSetContent(cur, xmlSecStringCR);
+ xmlNodeSetContent(cur, buf);
+ xmlFree(buf);
+
+ return(0);
+}
+
+
+static int
+xmlSecMSCryptoKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecMSCryptoX509DataCtxPtr ctx;
+ xmlSecKeyDataStorePtr x509Store;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataX509Id), -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyInfoCtx->keysMngr != NULL, -1);
+
+ ctx = xmlSecMSCryptoX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->hMemStore != 0, -1);
+
+ x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecMSCryptoX509StoreId);
+ if(x509Store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((ctx->keyCert == NULL) && (xmlSecKeyGetValue(key) == NULL)) {
+ PCCERT_CONTEXT cert;
+
+ cert = xmlSecMSCryptoX509StoreVerify(x509Store, ctx->hMemStore, keyInfoCtx);
+ if(cert != NULL) {
+ xmlSecKeyDataPtr keyValue = NULL;
+ PCCERT_CONTEXT pCert = NULL;
+
+ ctx->keyCert = CertDuplicateCertificateContext(cert);
+ if(ctx->keyCert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "CertDuplicateCertificateContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* search key according to KeyReq */
+ pCert = CertDuplicateCertificateContext( ctx->keyCert ) ;
+ if( pCert == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "CertDuplicateCertificateContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+
+ return(-1);
+ }
+
+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
+ keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePrivate ) ;
+ if(keyValue == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoCertAdopt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CertFreeCertificateContext( pCert ) ;
+ return(-1);
+ }
+ pCert = NULL ;
+ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
+ keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePublic ) ;
+ if(keyValue == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoCertAdopt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CertFreeCertificateContext( pCert ) ;
+ return(-1);
+ }
+ pCert = NULL ;
+ }
+
+ /* verify that the key matches our expectations */
+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeyReqMatchKeyValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(keyValue);
+ return(-1);
+ }
+
+ ret = xmlSecKeySetValue(key, keyValue);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(keyValue);
+ return(-1);
+ }
+
+ ret = xmlSecMSCryptoX509CertGetTime(ctx->keyCert->pCertInfo->NotBefore, &(key->notValidBefore));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoX509CertGetTime",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "notValidBefore");
+ return(-1);
+ }
+
+ ret = xmlSecMSCryptoX509CertGetTime(ctx->keyCert->pCertInfo->NotAfter, &(key->notValidAfter));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecMSCryptoX509CertGetTime",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "notValidAfter");
+ return(-1);
+ }
+ } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ return(0);
+}
+
+static int
+xmlSecMSCryptoX509CertGetTime(FILETIME t, time_t* res) {
+ LONGLONG result;
+
+ xmlSecAssert2(res != NULL, -1);
+
+ result = t.dwHighDateTime;
+ result = (result) << 32;
+ result |= t.dwLowDateTime;
+ result /= 10000; /* Convert from 100 nano-sec periods to seconds. */
+#if defined(__MINGW32__)
+ result -= 11644473600000ULL; /* Convert from Windows epoch to Unix epoch */
+#else
+ result -= 11644473600000; /* Convert from Windows epoch to Unix epoch */
+#endif
+
+ (*res) = (time_t)result;
+
+ return(0);
+}
+
+static PCCERT_CONTEXT
+xmlSecMSCryptoX509CertBase64DerRead(xmlChar* buf) {
+ int ret;
+
+ xmlSecAssert2(buf != NULL, NULL);
+
+ /* usual trick with base64 decoding "in-place" */
+ ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Decode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ return(xmlSecMSCryptoX509CertDerRead((xmlSecByte*)buf, ret));
+}
+
+
+static PCCERT_CONTEXT
+xmlSecMSCryptoX509CertDerRead(const xmlSecByte* buf, xmlSecSize size) {
+ PCCERT_CONTEXT cert;
+
+ xmlSecAssert2(buf != NULL, NULL);
+ xmlSecAssert2(size > 0, NULL);
+
+ cert = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, buf, size);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertCreateCertificateContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ return(cert);
+}
+
+static xmlChar*
+xmlSecMSCryptoX509CertBase64DerWrite(PCCERT_CONTEXT cert, int base64LineWrap) {
+ xmlChar *res = NULL;
+ xmlSecByte *p = NULL;
+ long size;
+
+ xmlSecAssert2(cert != NULL, NULL);
+
+ p = cert->pbCertEncoded;
+ size = cert->cbCertEncoded;
+ if((size <= 0) || (p == NULL)){
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cert->pbCertEncoded",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ res = xmlSecBase64Encode(p, size, base64LineWrap);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ return(res);
+}
+
+static PCCRL_CONTEXT
+xmlSecMSCryptoX509CrlBase64DerRead(xmlChar* buf,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ int ret;
+
+ xmlSecAssert2(buf != NULL, NULL);
+
+ /* usual trick with base64 decoding "in-place" */
+ ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Decode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ return(xmlSecMSCryptoX509CrlDerRead((xmlSecByte*)buf, ret, keyInfoCtx));
+}
+
+
+static PCCRL_CONTEXT
+xmlSecMSCryptoX509CrlDerRead(xmlSecByte* buf, xmlSecSize size,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ PCCRL_CONTEXT crl = NULL;
+
+ xmlSecAssert2(buf != NULL, NULL);
+ xmlSecAssert2(keyInfoCtx != NULL, NULL);
+ xmlSecAssert2(size > 0, NULL);
+
+ crl = CertCreateCRLContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, buf, size);
+
+ if(crl == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertCreateCRLContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ return(crl);
+ }
+
+static xmlChar*
+xmlSecMSCryptoX509CrlBase64DerWrite(PCCRL_CONTEXT crl, int base64LineWrap) {
+ xmlChar *res = NULL;
+ xmlSecByte *p = NULL;
+ long size;
+
+ xmlSecAssert2(crl != NULL, NULL);
+
+ p = crl->pbCrlEncoded;
+ size = crl->cbCrlEncoded;
+ if((size <= 0) || (p == NULL)){
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "crl->pbCrlEncoded",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ res = xmlSecBase64Encode(p, size, base64LineWrap);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ return(res);
+}
+
+static xmlChar*
+xmlSecMSCryptoX509NameWrite(PCERT_NAME_BLOB nm) {
+ LPTSTR resT = NULL;
+ xmlChar *res = NULL;
+ DWORD csz;
+
+
+ xmlSecAssert2(nm->pbData != NULL, NULL);
+ xmlSecAssert2(nm->cbData > 0, NULL);
+
+ csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, NULL, 0);
+ if(csz <= 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertNameToStr",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ resT = (LPTSTR)xmlMalloc(sizeof(TCHAR) * (csz + 1));
+ if (NULL == resT) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", sizeof(WCHAR) * (csz + 1));
+ return (NULL);
+ }
+
+ csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, resT, csz + 1);
+ if (csz <= 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertNameToStr",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(resT);
+ return(NULL);
+ }
+
+ res = xmlSecMSCryptoConvertTstrToUtf8(resT);
+ if (NULL == res) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoConvertTstrToUtf8",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(resT);
+ return(NULL);
+ }
+
+ return(res);
+}
+
+
+
+static int
+xmlSecMSCryptoASN1IntegerWrite(xmlNodePtr node, PCRYPT_INTEGER_BLOB num) {
+ xmlSecBn bn;
+ int ret;
+
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(num != NULL, -1);
+
+ ret = xmlSecBnInitialize(&bn, num->cbData + 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%ld", num->cbData + 1);
+ return(-1);
+ }
+
+ ret = xmlSecBnSetData(&bn, num->pbData, num->cbData);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnSetData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBnFinalize(&bn);
+ return(-1);
+ }
+
+ /* I have no clue why at a sudden a swap is needed to
+ * convert from lsb... This code is purely based upon
+ * trial and error :( WK
+ */
+ ret = xmlSecBnSetNodeValue(&bn, node, xmlSecBnDec, 1, 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnSetNodeValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBnFinalize(&bn);
+ return(-1);
+ }
+
+ xmlSecBnFinalize(&bn);
+ return(0);
+}
+
+static xmlChar*
+xmlSecMSCryptoX509SKIWrite(PCCERT_CONTEXT cert) {
+ xmlChar *res = NULL;
+ DWORD dwSize;
+ BYTE *bSKI = NULL;
+ PCERT_EXTENSION pCertExt;
+
+ xmlSecAssert2(cert != NULL, NULL);
+
+ /* First check if the SKI extension actually exists, otherwise we get a SHA1 hash o fthe key/cert */
+ pCertExt = CertFindExtension(szOID_SUBJECT_KEY_IDENTIFIER, cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension);
+ if (pCertExt == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertFindExtension",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (NULL);
+ }
+
+ if (!CertGetCertificateContextProperty(cert, CERT_KEY_IDENTIFIER_PROP_ID, NULL, &dwSize) || dwSize < 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertGetCertificateContextProperty",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (NULL);
+ }
+ bSKI = xmlMalloc(dwSize);
+ if (NULL == bSKI) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (NULL);
+ }
+
+ if (!CertGetCertificateContextProperty(cert, CERT_KEY_IDENTIFIER_PROP_ID, bSKI, &dwSize)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertGetCertificateContextProperty",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(bSKI);
+ return (NULL);
+ }
+
+ if (NULL == bSKI) {
+ return(NULL);
+ }
+
+ res = xmlSecBase64Encode(bSKI, dwSize, 0);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(bSKI);
+ return(NULL);
+ }
+ xmlFree(bSKI);
+
+ return(res);
+}
+
+
+static void
+xmlSecMSCryptoX509CertDebugDump(PCCERT_CONTEXT cert, FILE* output) {
+ PCRYPT_INTEGER_BLOB sn;
+ unsigned int i;
+ xmlChar * subject = NULL;
+ xmlChar * issuer = NULL;
+
+ xmlSecAssert(cert != NULL);
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "=== X509 Certificate\n");
+
+ /* subject */
+ subject = xmlSecMSCryptoX509GetNameString(cert, CERT_NAME_RDN_TYPE, 0, NULL);
+ if(subject == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "xmlSecMSCryptoX509GetNameString",
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "subject");
+ goto done;
+ }
+ fprintf(output, "==== Subject Name: %s\n", subject);
+
+ /* issuer */
+ issuer = xmlSecMSCryptoX509GetNameString(cert, CERT_NAME_RDN_TYPE, CERT_NAME_ISSUER_FLAG, NULL);
+ if(issuer == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "xmlSecMSCryptoX509GetNameString",
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "issuer");
+ goto done;
+ }
+ fprintf(output, "==== Issuer Name: %s\n", issuer);
+
+ /* serial number */
+ sn = &(cert->pCertInfo->SerialNumber);
+ for (i = 0; i < sn->cbData; i++) {
+ if (i != sn->cbData - 1) {
+ fprintf(output, "%02x:", sn->pbData[i]);
+ } else {
+ fprintf(output, "%02x", sn->pbData[i]);
+ }
+ }
+ fprintf(output, "\n");
+
+done:
+ if (subject) xmlFree(subject);
+ if (issuer) xmlFree(issuer);
+}
+
+
+static void
+xmlSecMSCryptoX509CertDebugXmlDump(PCCERT_CONTEXT cert, FILE* output) {
+ PCRYPT_INTEGER_BLOB sn;
+ unsigned int i;
+ xmlChar * subject = NULL;
+ xmlChar * issuer = NULL;
+
+ xmlSecAssert(cert != NULL);
+ xmlSecAssert(output != NULL);
+
+ /* subject */
+ subject = xmlSecMSCryptoX509GetNameString(cert, CERT_NAME_RDN_TYPE, 0, NULL);
+ if(subject == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "xmlSecMSCryptoX509GetNameString",
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "subject");
+ goto done;
+ }
+ fprintf(output, "<SubjectName>");
+ xmlSecPrintXmlString(output, BAD_CAST subject);
+ fprintf(output, "</SubjectName>\n");
+
+ /* issuer */
+ issuer = xmlSecMSCryptoX509GetNameString(cert, CERT_NAME_RDN_TYPE, CERT_NAME_ISSUER_FLAG, NULL);
+ if(issuer == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "xmlSecMSCryptoX509GetNameString",
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "issuer");
+ goto done;
+ }
+ fprintf(output, "<IssuerName>");
+ xmlSecPrintXmlString(output, BAD_CAST issuer);
+ fprintf(output, "</IssuerName>\n");
+
+ /* serial */
+ fprintf(output, "<SerialNumber>");
+ sn = &(cert->pCertInfo->SerialNumber);
+ for (i = 0; i < sn->cbData; i++) {
+ if (i != sn->cbData - 1) {
+ fprintf(output, "%02x:", sn->pbData[i]);
+ } else {
+ fprintf(output, "%02x", sn->pbData[i]);
+ }
+ }
+ fprintf(output, "</SerialNumber>\n");
+
+done:
+ xmlFree(subject);
+ xmlFree(issuer);
+}
+
+
+/**************************************************************************
+ *
+ * Raw X509 Certificate processing
+ *
+ *
+ *************************************************************************/
+static int xmlSecMSCryptoKeyDataRawX509CertBinRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+
+static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRawX509CertKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ sizeof(xmlSecKeyData),
+
+ /* data */
+ xmlSecNameRawX509Cert,
+ xmlSecKeyDataUsageRetrievalMethodNodeBin,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefRawX509Cert, /* const xmlChar* href; */
+ NULL, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ NULL, /* xmlSecKeyDataInitializeMethod initialize; */
+ NULL, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ NULL, /* xmlSecKeyDataFinalizeMethod finalize; */
+ NULL, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ NULL, /* xmlSecKeyDataGetTypeMethod getType; */
+ NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecMSCryptoKeyDataRawX509CertBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ NULL, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ NULL, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecMSCryptoKeyDataRawX509CertGetKlass:
+ *
+ * The raw X509 certificates key data klass.
+ *
+ * Returns: raw X509 certificates key data klass.
+ */
+xmlSecKeyDataId
+xmlSecMSCryptoKeyDataRawX509CertGetKlass(void) {
+ return(&xmlSecMSCryptoKeyDataRawX509CertKlass);
+}
+
+static int
+xmlSecMSCryptoKeyDataRawX509CertBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ const xmlSecByte* buf, xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataPtr data;
+ PCCERT_CONTEXT cert;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecMSCryptoKeyDataRawX509CertId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(bufSize > 0, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ cert = xmlSecMSCryptoX509CertDerRead(buf, bufSize);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoX509CertDerRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ data = xmlSecKeyEnsureData(key, xmlSecMSCryptoKeyDataX509Id);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyEnsureData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CertFreeCertificateContext(cert);
+ return(-1);
+ }
+
+ ret = xmlSecMSCryptoKeyDataX509AdoptCert(data, cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecMSCryptoKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CertFreeCertificateContext(cert);
+ return(-1);
+ }
+
+ ret = xmlSecMSCryptoKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecMSCryptoKeyDataX509VerifyAndExtractKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+#endif /* XMLSEC_NO_X509 */
diff --git a/src/mscrypto/x509vfy.c b/src/mscrypto/x509vfy.c
new file mode 100644
index 00000000..cf317877
--- /dev/null
+++ b/src/mscrypto/x509vfy.c
@@ -0,0 +1,1406 @@
+/**
+ * XMLSec library
+ *
+ * X509 support
+ *
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2003 Cordys R&D BV, All rights reserved.
+ * Copyright (C) 2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#ifndef XMLSEC_NO_X509
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/bn.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/mscrypto/crypto.h>
+#include <xmlsec/mscrypto/x509.h>
+#include "private.h"
+
+/**************************************************************************
+ *
+ * Internal MSCRYPTO X509 store CTX
+ *
+ *************************************************************************/
+typedef struct _xmlSecMSCryptoX509StoreCtx xmlSecMSCryptoX509StoreCtx,
+ *xmlSecMSCryptoX509StoreCtxPtr;
+struct _xmlSecMSCryptoX509StoreCtx {
+ HCERTSTORE trusted;
+ HCERTSTORE untrusted;
+ int dont_use_system_trusted_certs;
+};
+
+/****************************************************************************
+ *
+ * xmlSecMSCryptoKeyDataStoreX509Id:
+ *
+ * xmlSecMSCryptoX509StoreCtx is located after xmlSecTransform
+ *
+ ***************************************************************************/
+#define xmlSecMSCryptoX509StoreGetCtx(store) \
+ ((xmlSecMSCryptoX509StoreCtxPtr)(((xmlSecByte*)(store)) + \
+ sizeof(xmlSecKeyDataStoreKlass)))
+#define xmlSecMSCryptoX509StoreSize \
+ (sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecMSCryptoX509StoreCtx))
+
+static int xmlSecMSCryptoX509StoreInitialize (xmlSecKeyDataStorePtr store);
+static void xmlSecMSCryptoX509StoreFinalize (xmlSecKeyDataStorePtr store);
+
+static xmlSecKeyDataStoreKlass xmlSecMSCryptoX509StoreKlass = {
+ sizeof(xmlSecKeyDataStoreKlass),
+ xmlSecMSCryptoX509StoreSize,
+
+ /* data */
+ xmlSecNameX509Store, /* const xmlChar* name; */
+
+ /* constructors/destructor */
+ xmlSecMSCryptoX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */
+ xmlSecMSCryptoX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+static PCCERT_CONTEXT xmlSecMSCryptoX509FindCert(HCERTSTORE store,
+ const xmlChar *subjectName,
+ const xmlChar *issuerName,
+ const xmlChar *issuerSerial,
+ const xmlChar *ski);
+
+
+/**
+ * xmlSecMSCryptoX509StoreGetKlass:
+ *
+ * The MSCrypto X509 certificates key data store klass.
+ *
+ * Returns: pointer to MSCrypto X509 certificates key data store klass.
+ */
+xmlSecKeyDataStoreId
+xmlSecMSCryptoX509StoreGetKlass(void) {
+ return(&xmlSecMSCryptoX509StoreKlass);
+}
+
+/**
+ * xmlSecMSCryptoX509StoreFindCert:
+ * @store: the pointer to X509 key data store klass.
+ * @subjectName: the desired certificate name.
+ * @issuerName: the desired certificate issuer name.
+ * @issuerSerial: the desired certificate issuer serial number.
+ * @ski: the desired certificate SKI.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ *
+ * Searches @store for a certificate that matches given criteria.
+ *
+ * Returns: pointer to found certificate or NULL if certificate is not found
+ * or an error occurs.
+ */
+PCCERT_CONTEXT
+xmlSecMSCryptoX509StoreFindCert(xmlSecKeyDataStorePtr store, xmlChar *subjectName,
+ xmlChar *issuerName, xmlChar *issuerSerial,
+ xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) {
+ xmlSecMSCryptoX509StoreCtxPtr ctx;
+ PCCERT_CONTEXT pCert = NULL;
+
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), NULL);
+ xmlSecAssert2(keyInfoCtx != NULL, NULL);
+
+ ctx = xmlSecMSCryptoX509StoreGetCtx(store);
+ xmlSecAssert2(ctx != NULL, NULL);
+
+ /* search untrusted certs store */
+ if((ctx->untrusted != NULL) && (pCert == NULL)) {
+ pCert = xmlSecMSCryptoX509FindCert(ctx->untrusted, subjectName, issuerName, issuerSerial, ski);
+ }
+
+ /* search untrusted certs store */
+ if((ctx->trusted != NULL) && (pCert == NULL)) {
+ pCert = xmlSecMSCryptoX509FindCert(ctx->trusted, subjectName, issuerName, issuerSerial, ski);
+ }
+
+ return pCert;
+}
+
+
+static void
+xmlSecMSCryptoUnixTimeToFileTime(time_t t, LPFILETIME pft) {
+ /* Note that LONGLONG is a 64-bit value */
+ LONGLONG ll;
+
+ xmlSecAssert(pft != NULL);
+
+#if defined( __MINGW32__)
+ ll = Int32x32To64(t, 10000000) + 116444736000000000ULL;
+#else
+ ll = Int32x32To64(t, 10000000) + 116444736000000000;
+#endif
+ pft->dwLowDateTime = (DWORD)ll;
+ pft->dwHighDateTime = ll >> 32;
+}
+
+static BOOL
+xmlSecMSCrypoVerifyCertTime(PCCERT_CONTEXT pCert, LPFILETIME pft) {
+ xmlSecAssert2(pCert != NULL, FALSE);
+ xmlSecAssert2(pCert->pCertInfo != NULL, FALSE);
+ xmlSecAssert2(pft != NULL, FALSE);
+
+ if(1 == CompareFileTime(&(pCert->pCertInfo->NotBefore), pft)) {
+ return (FALSE);
+ }
+ if(-1 == CompareFileTime(&(pCert->pCertInfo->NotAfter), pft)) {
+ return (FALSE);
+ }
+
+ return (TRUE);
+}
+
+static BOOL
+xmlSecMSCryptoCheckRevocation(HCERTSTORE hStore, PCCERT_CONTEXT pCert) {
+ PCCRL_CONTEXT pCrl = NULL;
+ PCRL_ENTRY pCrlEntry = NULL;
+
+ xmlSecAssert2(pCert != NULL, FALSE);
+ xmlSecAssert2(hStore != NULL, FALSE);
+
+ while((pCrl = CertEnumCRLsInStore(hStore, pCrl)) != NULL) {
+ if (CertFindCertificateInCRL(pCert, pCrl, 0, NULL, &pCrlEntry) && (pCrlEntry != NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertFindCertificateInCRL",
+ XMLSEC_ERRORS_R_CERT_VERIFY_FAILED,
+ "cert found in crl list");
+ return(FALSE);
+ }
+ }
+
+ return(TRUE);
+}
+
+static void
+xmlSecMSCryptoX509StoreCertError(xmlSecKeyDataStorePtr store, PCCERT_CONTEXT cert, DWORD flags) {
+ xmlChar * subject = NULL;
+ DWORD dwSize;
+
+ xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId));
+ xmlSecAssert(cert != NULL);
+ xmlSecAssert(flags != 0);
+
+ /* get certs subject */
+ subject = xmlSecMSCryptoX509GetNameString(cert, CERT_NAME_RDN_TYPE, 0, NULL);
+ if(subject == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "xmlSecMSCryptoX509GetNameString",
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return;
+ }
+
+ /* print error */
+ if (flags & CERT_STORE_SIGNATURE_FLAG) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ xmlSecErrorsSafeString(subject),
+ XMLSEC_ERRORS_R_CERT_VERIFY_FAILED,
+ "signature");
+ } else if (flags & CERT_STORE_TIME_VALIDITY_FLAG) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ xmlSecErrorsSafeString(subject),
+ XMLSEC_ERRORS_R_CERT_HAS_EXPIRED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ } else if (flags & CERT_STORE_REVOCATION_FLAG) {
+ if (flags & CERT_STORE_NO_CRL_FLAG) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ xmlSecErrorsSafeString(subject),
+ XMLSEC_ERRORS_R_CERT_REVOKED,
+ "no crl");
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ xmlSecErrorsSafeString(subject),
+ XMLSEC_ERRORS_R_CERT_REVOKED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ }
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ xmlSecErrorsSafeString(subject),
+ XMLSEC_ERRORS_R_CERT_VERIFY_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ }
+
+ xmlFree(subject);
+}
+
+/**
+ * xmlSecBuildChainUsingWinapi:
+ * @cert: the certificate we check
+ * @pfTime: pointer to FILETIME that we are interested in
+ * @store_untrusted: untrusted certificates added via API
+ * @store_doc: untrusted certificates/CRLs extracted from a document
+ *
+ * Builds certificates chain using Windows API.
+ *
+ * Returns: TRUE on success or FALSE otherwise.
+ */
+static BOOL
+xmlSecBuildChainUsingWinapi (PCCERT_CONTEXT cert, LPFILETIME pfTime,
+ HCERTSTORE store_untrusted, HCERTSTORE store_doc)
+{
+ PCCERT_CHAIN_CONTEXT pChainContext = NULL;
+ CERT_CHAIN_PARA chainPara;
+ BOOL rc = FALSE;
+ HCERTSTORE store_add = NULL;
+
+ /* Initialize data structures. */
+
+ memset(&chainPara, 0, sizeof(CERT_CHAIN_PARA));
+ chainPara.cbSize = sizeof(CERT_CHAIN_PARA);
+
+ /* Create additional store for CertGetCertificateChain() */
+ store_add = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0, 0, NULL);
+ if (!store_add) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "chain additional collection store",
+ "CertOpenStore",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto end;
+ }
+ if (!CertAddStoreToCollection(store_add, store_doc, 0, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "adding document store",
+ "CertAddStoreToCollection",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto end;
+ }
+ if (!CertAddStoreToCollection(store_add, store_untrusted, 0, 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "adding untrusted store",
+ "CertAddStoreToCollection",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto end;
+ }
+
+ /* Build a chain using CertGetCertificateChain
+ and the certificate retrieved. */
+ if(!CertGetCertificateChain(
+ NULL, /* use the default chain engine */
+ cert,
+ pfTime,
+ store_add,
+ &chainPara,
+ CERT_CHAIN_REVOCATION_CHECK_CHAIN,
+ NULL,
+ &pChainContext))
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "building certificate chain, checking root",
+ "CertGetCertificateChain",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto end;
+ }
+ if (pChainContext->TrustStatus.dwErrorStatus == CERT_TRUST_REVOCATION_STATUS_UNKNOWN) {
+ CertFreeCertificateChain(pChainContext); pChainContext = NULL;
+ if(!CertGetCertificateChain(
+ NULL, /* use the default chain engine */
+ cert,
+ pfTime,
+ store_add,
+ &chainPara,
+ CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT,
+ NULL,
+ &pChainContext))
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "building certificate chain, excluding root",
+ "CertGetCertificateChain",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto end;
+ }
+ }
+
+ if (pChainContext->TrustStatus.dwErrorStatus == CERT_TRUST_NO_ERROR)
+ rc = TRUE;
+
+end:
+ if (pChainContext) CertFreeCertificateChain(pChainContext);
+ if (store_add) CertCloseStore(store_add, 0);
+ return (rc);
+}
+
+/**
+ * xmlSecMSCryptoBuildCertChainManually:
+ * @cert: the certificate we check
+ * @pfTime: pointer to FILETIME that we are interested in
+ * @store_trusted: trusted certificates added via API
+ * @store_untrusted: untrusted certificates added via API
+ * @certs: untrusted certificates/CRLs extracted from a document
+ * @store: pointer to store klass passed to error functions
+ *
+ * Builds certificates chain manually.
+ *
+ * Returns: TRUE on success or FALSE otherwise.
+ */
+static BOOL
+xmlSecMSCryptoBuildCertChainManually (PCCERT_CONTEXT cert, LPFILETIME pfTime,
+ HCERTSTORE store_trusted, HCERTSTORE store_untrusted, HCERTSTORE certs,
+ xmlSecKeyDataStorePtr store) {
+ PCCERT_CONTEXT issuerCert = NULL;
+ DWORD flags;
+
+ if (!xmlSecMSCrypoVerifyCertTime(cert, pfTime)) {
+ xmlSecMSCryptoX509StoreCertError(store, cert, CERT_STORE_TIME_VALIDITY_FLAG);
+ return(FALSE);
+ }
+
+ if (!xmlSecMSCryptoCheckRevocation(certs, cert)) {
+ return(FALSE);
+ }
+
+ /*
+ * Try to find the cert in the trusted cert store. We will trust
+ * the certificate in the trusted store.
+ */
+ issuerCert = CertFindCertificateInStore(store_trusted,
+ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+ 0,
+ CERT_FIND_SUBJECT_NAME,
+ &(cert->pCertInfo->Subject),
+ NULL);
+ if( issuerCert != NULL) {
+ /* We have found the trusted cert, so return true */
+ /* todo: do we want to verify the trusted cert's revocation? we must, I think */
+ CertFreeCertificateContext( issuerCert ) ;
+ return( TRUE ) ;
+ }
+
+ /* Check whether the certificate is self signed certificate */
+ if(CertCompareCertificateName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &(cert->pCertInfo->Subject), &(cert->pCertInfo->Issuer))) {
+ return(FALSE);
+ }
+
+ /* try to find issuer cert in the trusted cert in the store */
+ issuerCert = CertFindCertificateInStore(store_trusted,
+ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+ 0,
+ CERT_FIND_SUBJECT_NAME,
+ &(cert->pCertInfo->Issuer),
+ NULL);
+ if(issuerCert != NULL) {
+ flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG;
+ if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) {
+ xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
+ CertFreeCertificateContext(issuerCert);
+ return(FALSE);
+ }
+ /* todo: do we want to verify the trusted cert? we must check
+ * revocation, I think */
+ CertFreeCertificateContext(issuerCert);
+ return(TRUE);
+ }
+
+ /* try the untrusted certs in the chain */
+ issuerCert = CertFindCertificateInStore(certs,
+ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+ 0,
+ CERT_FIND_SUBJECT_NAME,
+ &(cert->pCertInfo->Issuer),
+ NULL);
+ if(issuerCert != NULL) {
+ flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG;
+ if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) {
+ xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
+ CertFreeCertificateContext(issuerCert);
+ return(FALSE);
+ }
+ if(!xmlSecMSCryptoBuildCertChainManually(issuerCert, pfTime, store_trusted, store_untrusted, certs, store)) {
+ xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
+ CertFreeCertificateContext(issuerCert);
+ return(FALSE);
+ }
+ CertFreeCertificateContext(issuerCert);
+ return(TRUE);
+ }
+
+ /* try the untrusted certs in the store */
+ issuerCert = CertFindCertificateInStore(store_untrusted,
+ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+ 0,
+ CERT_FIND_SUBJECT_NAME,
+ &(cert->pCertInfo->Issuer),
+ NULL);
+ if(issuerCert != NULL) {
+ flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG;
+ if(!CertVerifySubjectCertificateContext(cert, issuerCert, &flags)) {
+ xmlSecMSCryptoX509StoreCertError(store, issuerCert, flags);
+ CertFreeCertificateContext(issuerCert);
+ return(FALSE);
+ }
+ if(!xmlSecMSCryptoBuildCertChainManually(issuerCert, pfTime, store_trusted, store_untrusted, certs, store)) {
+ CertFreeCertificateContext(issuerCert);
+ return(FALSE);
+ }
+ CertFreeCertificateContext(issuerCert);
+ return(TRUE);
+ }
+
+ return(FALSE);
+}
+
+static BOOL
+xmlSecMSCryptoX509StoreConstructCertsChain(xmlSecKeyDataStorePtr store, PCCERT_CONTEXT cert, HCERTSTORE certs,
+ xmlSecKeyInfoCtx* keyInfoCtx) {
+ xmlSecMSCryptoX509StoreCtxPtr ctx;
+ PCCERT_CONTEXT tempCert = NULL;
+ FILETIME fTime;
+ BOOL res = FALSE;
+
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), FALSE);
+ xmlSecAssert2(cert != NULL, FALSE);
+ xmlSecAssert2(cert->pCertInfo != NULL, FALSE);
+ xmlSecAssert2(certs != NULL, FALSE);
+ xmlSecAssert2(keyInfoCtx != NULL, FALSE);
+
+ ctx = xmlSecMSCryptoX509StoreGetCtx(store);
+ xmlSecAssert2(ctx != NULL, FALSE);
+ xmlSecAssert2(ctx->trusted != NULL, FALSE);
+ xmlSecAssert2(ctx->untrusted != NULL, FALSE);
+
+ if(keyInfoCtx->certsVerificationTime > 0) {
+ /* convert the time to FILETIME */
+ xmlSecMSCryptoUnixTimeToFileTime(keyInfoCtx->certsVerificationTime, &fTime);
+ } else {
+ /* Defaults to current time */
+ GetSystemTimeAsFileTime(&fTime);
+ }
+
+ /* try the certificates in the keys manager */
+ if(!res) {
+ tempCert = CertEnumCertificatesInStore(ctx->trusted, NULL);
+ if(tempCert) {
+ CertFreeCertificateContext(tempCert);
+ res = xmlSecMSCryptoBuildCertChainManually(cert, &fTime, ctx->trusted, ctx->untrusted, certs, store);
+ }
+ }
+
+ /* try the certificates in the system */
+ if(!res && !ctx->dont_use_system_trusted_certs) {
+ res = xmlSecBuildChainUsingWinapi(cert, &fTime, ctx->untrusted, certs);
+ }
+
+ /* done */
+ return res;
+}
+
+/**
+ * xmlSecMSCryptoX509StoreVerify:
+ * @store: the pointer to X509 certificate context store klass.
+ * @certs: the untrusted certificates stack.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ *
+ * Verifies @certs list.
+ *
+ * Returns: pointer to the first verified certificate from @certs.
+ */
+PCCERT_CONTEXT
+xmlSecMSCryptoX509StoreVerify(xmlSecKeyDataStorePtr store, HCERTSTORE certs,
+ xmlSecKeyInfoCtx* keyInfoCtx) {
+ PCCERT_CONTEXT cert = NULL;
+
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), NULL);
+ xmlSecAssert2(certs != NULL, NULL);
+ xmlSecAssert2(keyInfoCtx != NULL, NULL);
+
+ while((cert = CertEnumCertificatesInStore(certs, cert)) != NULL){
+ PCCERT_CONTEXT nextCert = NULL;
+ unsigned char selected = 1;
+
+ xmlSecAssert2(cert->pCertInfo != NULL, NULL);
+
+ /* if cert is the issuer of any other cert in the list, then it is
+ * to be skipped except a case of a celf-signed cert*/
+ do {
+ nextCert = CertFindCertificateInStore(certs,
+ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+ 0,
+ CERT_FIND_ISSUER_NAME,
+ &(cert->pCertInfo->Subject),
+ nextCert);
+ if((nextCert != NULL) && !CertCompareCertificateName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+ &(nextCert->pCertInfo->Subject), &(nextCert->pCertInfo->Issuer))) {
+ selected = 0;
+ }
+ } while((selected == 1) && (nextCert != NULL));
+ if(nextCert != NULL) {
+ CertFreeCertificateContext(nextCert);
+ }
+
+ if((selected == 1) && xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) {
+ return(cert);
+ }
+ }
+
+ return (NULL);
+}
+
+/**
+ * xmlSecMSCryptoX509StoreAdoptCert:
+ * @store: the pointer to X509 key data store klass.
+ * @cert: the pointer to PCCERT_CONTEXT X509 certificate.
+ * @type: the certificate type (trusted/untrusted).
+ *
+ * Adds trusted (root) or untrusted certificate to the store.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecMSCryptoX509StoreAdoptCert(xmlSecKeyDataStorePtr store, PCCERT_CONTEXT pCert, xmlSecKeyDataType type) {
+ xmlSecMSCryptoX509StoreCtxPtr ctx;
+ HCERTSTORE certStore;
+
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1);
+ xmlSecAssert2(pCert != NULL, -1);
+
+ ctx = xmlSecMSCryptoX509StoreGetCtx(store);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->trusted != NULL, -1);
+ xmlSecAssert2(ctx->untrusted != NULL, -1);
+
+ if(type == xmlSecKeyDataTypeTrusted) {
+ certStore = ctx->trusted;
+ } else if(type == xmlSecKeyDataTypeNone) {
+ certStore = ctx->untrusted;
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TYPE,
+ "type=%d", type);
+ return(-1);
+ }
+
+ /* TODO: The context to be added here is not duplicated first,
+ * hopefully this will not lead to errors when closing teh store
+ * and freeing the mem for all the context in the store.
+ */
+ xmlSecAssert2(certStore != NULL, -1);
+ if (!CertAddCertificateContextToStore(certStore, pCert, CERT_STORE_ADD_ALWAYS, NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "CertAddCertificateContextToStore",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+
+/**
+ * xmlSecMSCryptoX509StoreAdoptKeyStore:
+ * @store: the pointer to X509 key data store klass.
+ * @keyStore: the pointer to keys store.
+ *
+ * Adds @keyStore to the list of key stores.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecMSCryptoX509StoreAdoptKeyStore (xmlSecKeyDataStorePtr store, HCERTSTORE keyStore) {
+ xmlSecMSCryptoX509StoreCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1);
+ xmlSecAssert2( keyStore != NULL, -1);
+
+ ctx = xmlSecMSCryptoX509StoreGetCtx(store);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->trusted != NULL, -1);
+
+ if(!CertAddStoreToCollection ( ctx->trusted , keyStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 2)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "CertAddStoreToCollection",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecMSCryptoX509StoreAdoptTrustedStore:
+ * @store: the pointer to X509 key data store klass.
+ * @trustedStore: the pointer to certs store.
+ *
+ * Adds @trustedStore to the list of trusted certs stores.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecMSCryptoX509StoreAdoptTrustedStore (xmlSecKeyDataStorePtr store, HCERTSTORE trustedStore) {
+ xmlSecMSCryptoX509StoreCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1);
+ xmlSecAssert2( trustedStore != NULL, -1);
+
+ ctx = xmlSecMSCryptoX509StoreGetCtx(store);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->trusted != NULL, -1);
+
+ if( !CertAddStoreToCollection ( ctx->trusted , trustedStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 3 ) ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "CertAddStoreToCollection",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecMSCryptoX509StoreAdoptUntrustedStore:
+ * @store: the pointer to X509 key data store klass.
+ * @untrustedStore: the pointer to certs store.
+ *
+ * Adds @trustedStore to the list of un-trusted certs stores.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecMSCryptoX509StoreAdoptUntrustedStore (xmlSecKeyDataStorePtr store, HCERTSTORE untrustedStore) {
+ xmlSecMSCryptoX509StoreCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1);
+ xmlSecAssert2( untrustedStore != NULL, -1);
+
+ ctx = xmlSecMSCryptoX509StoreGetCtx(store);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->untrusted != NULL, -1);
+
+ if( !CertAddStoreToCollection ( ctx->untrusted , untrustedStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 2 ) ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "CertAddStoreToCollection",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecMSCryptoX509StoreEnableSystemTrustedCerts:
+ * @store: the pointer to X509 key data store klass.
+ * @val: the enable/disable flag
+ *
+ * Enables/disables the system trusted certs.
+ */
+void
+xmlSecMSCryptoX509StoreEnableSystemTrustedCerts (xmlSecKeyDataStorePtr store, int val) {
+ xmlSecMSCryptoX509StoreCtxPtr ctx;
+
+ xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId));
+
+ ctx = xmlSecMSCryptoX509StoreGetCtx(store);
+ xmlSecAssert(ctx != NULL);
+ xmlSecAssert(ctx->untrusted != NULL);
+
+ /* it is other way around to make default value 0 mimic old behaiviour */
+ ctx->dont_use_system_trusted_certs = !val;
+}
+
+static int
+xmlSecMSCryptoX509StoreInitialize(xmlSecKeyDataStorePtr store) {
+ xmlSecMSCryptoX509StoreCtxPtr ctx;
+ HCERTSTORE hTrustedMemStore ;
+ HCERTSTORE hUntrustedMemStore ;
+
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId), -1);
+
+ ctx = xmlSecMSCryptoX509StoreGetCtx(store);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecMSCryptoX509StoreCtx));
+
+ /* create trusted certs store collection */
+ ctx->trusted = CertOpenStore(CERT_STORE_PROV_COLLECTION,
+ 0,
+ 0,
+ 0,
+ NULL);
+ if(ctx->trusted == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "CertOpenStore",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* create trusted certs store */
+ hTrustedMemStore = CertOpenStore(CERT_STORE_PROV_MEMORY,
+ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+ 0,
+ CERT_STORE_CREATE_NEW_FLAG,
+ NULL);
+ if(hTrustedMemStore == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "CertOpenStore",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG);
+ ctx->trusted = NULL ;
+ return(-1);
+ }
+
+ /* add the memory trusted certs store to trusted certs store collection */
+ if( !CertAddStoreToCollection( ctx->trusted, hTrustedMemStore, CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 1 ) ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "CertAddStoreToCollection",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG);
+ CertCloseStore(hTrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG);
+ ctx->trusted = NULL ;
+ return(-1);
+ }
+ CertCloseStore(hTrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG);
+
+ /* create untrusted certs store collection */
+ ctx->untrusted = CertOpenStore(CERT_STORE_PROV_COLLECTION,
+ 0,
+ 0,
+ 0,
+ NULL);
+ if(ctx->untrusted == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "CertOpenStore",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG);
+ ctx->trusted = NULL ;
+ return(-1);
+ }
+
+ /* create untrusted certs store */
+ hUntrustedMemStore = CertOpenStore(CERT_STORE_PROV_MEMORY,
+ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
+ 0,
+ CERT_STORE_CREATE_NEW_FLAG,
+ NULL);
+ if(hUntrustedMemStore == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "CertOpenStore",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG);
+ CertCloseStore(ctx->untrusted, CERT_CLOSE_STORE_FORCE_FLAG);
+ ctx->trusted = NULL ;
+ ctx->untrusted = NULL ;
+ return(-1);
+ }
+
+ /* add the memory trusted certs store to untrusted certs store collection */
+ if( !CertAddStoreToCollection( ctx->untrusted, hUntrustedMemStore, CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 1 ) ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "CertAddStoreToCollection",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CertCloseStore(ctx->untrusted, CERT_CLOSE_STORE_FORCE_FLAG);
+ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG);
+ CertCloseStore(hUntrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG);
+ ctx->trusted = NULL ;
+ ctx->untrusted = NULL ;
+ return(-1);
+ }
+ CertCloseStore(hUntrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG);
+
+ return(0);
+}
+
+static void
+xmlSecMSCryptoX509StoreFinalize(xmlSecKeyDataStorePtr store) {
+ xmlSecMSCryptoX509StoreCtxPtr ctx;
+ xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId));
+
+ ctx = xmlSecMSCryptoX509StoreGetCtx(store);
+ xmlSecAssert(ctx != NULL);
+
+ if (ctx->trusted) {
+ CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG);
+ }
+ if (ctx->untrusted) {
+ CertCloseStore(ctx->untrusted, CERT_CLOSE_STORE_FORCE_FLAG);
+ }
+
+ memset(ctx, 0, sizeof(xmlSecMSCryptoX509StoreCtx));
+}
+
+
+/*****************************************************************************
+ *
+ * Low-level x509 functions
+ *
+ *****************************************************************************/
+/**
+ * xmlSecMSCryptoCertStrToName:
+ * @dwCertEncodingType: the encoding used.
+ * @pszX500: the string to convert.
+ * @dwStrType: the string type.
+ * @len: the result len.
+ *
+ * Converts input string to name by calling @CertStrToName function.
+ *
+ * Returns: a pointer to newly allocated string or NULL if an error occurs.
+ */
+static BYTE*
+xmlSecMSCryptoCertStrToName(DWORD dwCertEncodingType, LPTSTR pszX500, DWORD dwStrType, DWORD* len) {
+ BYTE* str = NULL;
+ LPCTSTR ppszError = NULL;
+
+ xmlSecAssert2(pszX500 != NULL, NULL);
+ xmlSecAssert2(len != NULL, NULL);
+
+ if (!CertStrToName(dwCertEncodingType, pszX500, dwStrType,
+ NULL, NULL, len, &ppszError)) {
+ /* this might not be an error, string might just not exist */
+ DWORD dw = GetLastError();
+ return(NULL);
+ }
+
+ str = (BYTE *)xmlMalloc(sizeof(TCHAR) * ((*len) + 1));
+ if(str == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "len=%ld", (*len));
+ return(NULL);
+ }
+ memset(str, 0, (*len) + 1);
+
+ if (!CertStrToName(dwCertEncodingType, pszX500, dwStrType,
+ NULL, str, len, NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CertStrToName",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(str);
+ return(NULL);
+ }
+
+ return(str);
+}
+
+
+/**
+ * xmlSecMSCryptoX509FindCertBySubject:
+ * @store: the pointer to certs store
+ * @wcSubject: the cert subject (Unicode)
+ * @dwCertEncodingType: the cert encoding type
+ *
+ * Searches for a cert with given @subject in the @store
+ *
+ * Returns: cert handle on success or NULL otherwise
+ */
+PCCERT_CONTEXT
+xmlSecMSCryptoX509FindCertBySubject(HCERTSTORE store, const LPTSTR wcSubject, DWORD dwCertEncodingType) {
+ PCCERT_CONTEXT res = NULL;
+ CERT_NAME_BLOB cnb;
+ BYTE* bdata;
+ DWORD len;
+
+ xmlSecAssert2(store != NULL, NULL);
+ xmlSecAssert2(wcSubject != NULL, NULL);
+
+ /* CASE 1: UTF8, DN */
+ if (NULL == res) {
+ bdata = xmlSecMSCryptoCertStrToName(dwCertEncodingType,
+ wcSubject,
+ CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG | CERT_OID_NAME_STR,
+ &len);
+ if(bdata != NULL) {
+ cnb.cbData = len;
+ cnb.pbData = bdata;
+
+ res = CertFindCertificateInStore(store,
+ dwCertEncodingType,
+ 0,
+ CERT_FIND_SUBJECT_NAME,
+ &cnb,
+ NULL);
+ xmlFree(bdata);
+ }
+ }
+
+ /* CASE 2: UTF8, REVERSE DN */
+ if (NULL == res) {
+ bdata = xmlSecMSCryptoCertStrToName(dwCertEncodingType,
+ wcSubject,
+ CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG | CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG,
+ &len);
+ if(bdata != NULL) {
+ cnb.cbData = len;
+ cnb.pbData = bdata;
+
+ res = CertFindCertificateInStore(store,
+ dwCertEncodingType,
+ 0,
+ CERT_FIND_SUBJECT_NAME,
+ &cnb,
+ NULL);
+ xmlFree(bdata);
+ }
+ }
+
+ /* CASE 3: UNICODE, DN */
+ if (NULL == res) {
+ bdata = xmlSecMSCryptoCertStrToName(dwCertEncodingType,
+ wcSubject,
+ CERT_OID_NAME_STR,
+ &len);
+ if(bdata != NULL) {
+ cnb.cbData = len;
+ cnb.pbData = bdata;
+
+ res = CertFindCertificateInStore(store,
+ dwCertEncodingType,
+ 0,
+ CERT_FIND_SUBJECT_NAME,
+ &cnb,
+ NULL);
+ xmlFree(bdata);
+ }
+ }
+
+ /* CASE 4: UNICODE, REVERSE DN */
+ if (NULL == res) {
+ bdata = xmlSecMSCryptoCertStrToName(dwCertEncodingType,
+ wcSubject,
+ CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG,
+ &len);
+ if(bdata != NULL) {
+ cnb.cbData = len;
+ cnb.pbData = bdata;
+
+ res = CertFindCertificateInStore(store,
+ dwCertEncodingType,
+ 0,
+ CERT_FIND_SUBJECT_NAME,
+ &cnb,
+ NULL);
+ xmlFree(bdata);
+ }
+ }
+
+
+ /* done */
+ return (res);
+}
+
+/**
+ * xmlSecMSCryptoX509FindCertByIssuer:
+ * @store: the pointer to certs store
+ * @wcIssuer: the cert issuer (Unicode)
+ * @issuerSerialBn: the cert issuer serial
+ * @dwCertEncodingType: the cert encoding type
+ *
+ * Searches for a cert with given @subject in the @store
+ *
+ * Returns: cert handle on success or NULL otherwise
+ */
+static PCCERT_CONTEXT
+xmlSecMSCryptoX509FindCertByIssuer(HCERTSTORE store, const LPTSTR wcIssuer,
+ xmlSecBnPtr issuerSerialBn, DWORD dwCertEncodingType) {
+
+ PCCERT_CONTEXT res = NULL;
+ CERT_INFO certInfo;
+ BYTE* bdata;
+ DWORD len;
+
+
+ xmlSecAssert2(store != NULL, NULL);
+ xmlSecAssert2(wcIssuer != NULL, NULL);
+ xmlSecAssert2(issuerSerialBn != NULL, NULL);
+
+ certInfo.SerialNumber.cbData = xmlSecBnGetSize(issuerSerialBn);
+ certInfo.SerialNumber.pbData = xmlSecBnGetData(issuerSerialBn);
+
+
+ /* CASE 1: UTF8, DN */
+ if (NULL == res) {
+ bdata = xmlSecMSCryptoCertStrToName(dwCertEncodingType,
+ wcIssuer,
+ CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG | CERT_OID_NAME_STR,
+ &len);
+ if(bdata != NULL) {
+ certInfo.Issuer.cbData = len;
+ certInfo.Issuer.pbData = bdata;
+
+ res = CertFindCertificateInStore(store,
+ dwCertEncodingType,
+ 0,
+ CERT_FIND_SUBJECT_CERT,
+ &certInfo,
+ NULL);
+ xmlFree(bdata);
+ }
+ }
+
+ /* CASE 2: UTF8, REVERSE DN */
+ if (NULL == res) {
+ bdata = xmlSecMSCryptoCertStrToName(dwCertEncodingType,
+ wcIssuer,
+ CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG | CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG,
+ &len);
+ if(bdata != NULL) {
+ certInfo.Issuer.cbData = len;
+ certInfo.Issuer.pbData = bdata;
+
+ res = CertFindCertificateInStore(store,
+ dwCertEncodingType,
+ 0,
+ CERT_FIND_SUBJECT_CERT,
+ &certInfo,
+ NULL);
+ xmlFree(bdata);
+ }
+ }
+
+ /* CASE 3: UNICODE, DN */
+ if (NULL == res) {
+ bdata = xmlSecMSCryptoCertStrToName(dwCertEncodingType,
+ wcIssuer,
+ CERT_OID_NAME_STR,
+ &len);
+ if(bdata != NULL) {
+ certInfo.Issuer.cbData = len;
+ certInfo.Issuer.pbData = bdata;
+
+ res = CertFindCertificateInStore(store,
+ dwCertEncodingType,
+ 0,
+ CERT_FIND_SUBJECT_CERT,
+ &certInfo,
+ NULL);
+ xmlFree(bdata);
+ }
+ }
+
+ /* CASE 4: UNICODE, REVERSE DN */
+ if (NULL == res) {
+ bdata = xmlSecMSCryptoCertStrToName(dwCertEncodingType,
+ wcIssuer,
+ CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG,
+ &len);
+ if(bdata != NULL) {
+ certInfo.Issuer.cbData = len;
+ certInfo.Issuer.pbData = bdata;
+
+ res = CertFindCertificateInStore(store,
+ dwCertEncodingType,
+ 0,
+ CERT_FIND_SUBJECT_CERT,
+ &certInfo,
+ NULL);
+ xmlFree(bdata);
+ }
+ }
+
+
+ /* done */
+ return (res);
+}
+
+static LPTSTR
+xmlSecMSCryptoX509GetCertName(const xmlChar * name) {
+ xmlChar *name2 = NULL;
+ xmlChar *p = NULL;
+ LPTSTR res = NULL;
+
+ xmlSecAssert2(name != 0, NULL);
+
+ /* MSCrypto doesn't support "emailAddress" attribute (see NSS as well).
+ * This code is not bullet proof and may produce incorrect results if someone has
+ * "emailAddress=" string in one of the fields, but it is best I can suggest to fix
+ * this problem.
+ */
+ name2 = xmlStrdup(name);
+ if(name2 == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "xmlStrlen(name)=%d",
+ xmlStrlen(name));
+ return(NULL);
+ }
+ while( (p = (xmlChar*)xmlStrstr(name2, BAD_CAST "emailAddress=")) != NULL) {
+ memcpy(p, " E=", 13);
+ }
+
+ /* get name */
+ res = xmlSecMSCryptoConvertUtf8ToTstr(name2);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoConvertUtf8ToTstr",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ /* done */
+ return(res);
+}
+
+static PCCERT_CONTEXT
+xmlSecMSCryptoX509FindCert(HCERTSTORE store,
+ const xmlChar *subjectName,
+ const xmlChar *issuerName,
+ const xmlChar *issuerSerial,
+ const xmlChar *ski) {
+ PCCERT_CONTEXT pCert = NULL;
+ int ret;
+
+ xmlSecAssert2(store != 0, NULL);
+
+ if((pCert == NULL) && (NULL != subjectName)) {
+ LPTSTR wcSubjectName = NULL;
+
+ /* get unicode subject name */
+ wcSubjectName = xmlSecMSCryptoX509GetCertName(subjectName);
+ if(wcSubjectName == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoX509GetCertName",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "wcSubjectName");
+ return(NULL);
+ }
+
+ /* search */
+ pCert = xmlSecMSCryptoX509FindCertBySubject(store,
+ wcSubjectName,
+ PKCS_7_ASN_ENCODING | X509_ASN_ENCODING);
+
+
+ /* cleanup */
+ xmlFree(wcSubjectName);
+ }
+
+ if((pCert == NULL) && (NULL != issuerName) && (NULL != issuerSerial)) {
+ xmlSecBn issuerSerialBn;
+ LPTSTR wcIssuerName = NULL;
+
+ /* get serial number */
+ ret = xmlSecBnInitialize(&issuerSerialBn, 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ ret = xmlSecBnFromDecString(&issuerSerialBn, issuerSerial);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBnFinalize(&issuerSerialBn);
+ return(NULL);
+ }
+
+ /* I have no clue why at a sudden a swap is needed to
+ * convert from lsb... This code is purely based upon
+ * trial and error :( WK
+ */
+ ret = xmlSecBnReverse(&issuerSerialBn);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBnReverse",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBnFinalize(&issuerSerialBn);
+ return(NULL);
+ }
+
+ /* get issuer name */
+ wcIssuerName = xmlSecMSCryptoX509GetCertName(issuerName);
+ if(wcIssuerName == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecMSCryptoX509GetCertName",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "wcIssuerName");
+ xmlSecBnFinalize(&issuerSerialBn);
+ return(NULL);
+ }
+
+ /* search */
+ pCert = xmlSecMSCryptoX509FindCertByIssuer(store,
+ wcIssuerName,
+ &issuerSerialBn,
+ X509_ASN_ENCODING | PKCS_7_ASN_ENCODING);
+
+ xmlFree(wcIssuerName);
+
+ /* cleanup */
+ xmlSecBnFinalize(&issuerSerialBn);
+ }
+
+ if((pCert == NULL) && (ski != NULL)) {
+ CRYPT_HASH_BLOB blob;
+ xmlChar* binSki;
+ int binSkiLen;
+
+ binSki = xmlStrdup(ski);
+ if(binSki == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlStrdup",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (NULL);
+ }
+
+ /* trick: base64 decode "in place" */
+ binSkiLen = xmlSecBase64Decode(binSki, (xmlSecByte*)binSki, xmlStrlen(binSki));
+ if(binSkiLen < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Decode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ski=%s",
+ xmlSecErrorsSafeString(ski));
+ xmlFree(binSki);
+ return(NULL);
+ }
+
+ blob.pbData = binSki;
+ blob.cbData = binSkiLen;
+ pCert = CertFindCertificateInStore(store,
+ PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
+ 0,
+ CERT_FIND_KEY_IDENTIFIER,
+ &blob,
+ NULL);
+ xmlFree(binSki);
+ }
+
+ return(pCert);
+}
+
+
+/**
+ * xmlSecMSCryptoX509GetNameString:
+ * @pCertContext: the pointer to cert
+ * @dwType: the type (see CertGetNameString description in MSDN)
+ * @dwFlags: the flags (see CertGetNameString description in MSDN)
+ * @pvTypePara: the type parameter (see CertGetNameString description in MSDN)
+ *
+ * Gets the name string for certificate (see CertGetNameString description in MSDN).
+ *
+ * Returns: name string (should be freed with xmlFree) or NULL if failed.
+ */
+xmlChar *
+xmlSecMSCryptoX509GetNameString(PCCERT_CONTEXT pCertContext, DWORD dwType, DWORD dwFlags, void *pvTypePara) {
+ LPTSTR name = NULL;
+ xmlChar * res = NULL;
+ DWORD dwSize;
+
+ xmlSecAssert2(pCertContext != NULL, NULL);
+
+ /* get size first */
+ dwSize = CertGetNameString(pCertContext, dwType, dwFlags, pvTypePara, NULL, 0);
+ if(dwSize <= 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "CertGetNameString",
+ NULL,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (NULL);
+ }
+
+ /* allocate buffer */
+ name = (LPTSTR)xmlMalloc(sizeof(TCHAR) * (dwSize + 1));
+ if(name == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (NULL);
+ }
+
+ /* actually get the name */
+ dwSize = CertGetNameString(pCertContext, dwType, dwFlags, pvTypePara, name, dwSize);
+ if(dwSize <= 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "CertGetNameString",
+ NULL,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(name);
+ return (NULL);
+ }
+
+ res = xmlSecMSCryptoConvertTstrToUtf8(name);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ "xmlSecMSCryptoConvertTstrToUtf8",
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(name);
+ return (NULL);
+ }
+ /* done */
+ xmlFree(name);
+ return (res);
+}
+
+#endif /* XMLSEC_NO_X509 */
+
+
diff --git a/src/mscrypto/xmlsec-mingw.h b/src/mscrypto/xmlsec-mingw.h
new file mode 100644
index 00000000..ef5d2ae4
--- /dev/null
+++ b/src/mscrypto/xmlsec-mingw.h
@@ -0,0 +1,210 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2007,2010 Roumen Petrov.
+ */
+
+#ifndef __XMLSEC_MSCRYPTO_XMLSEC_MINGW_H__
+#define __XMLSEC_MSCRYPTO_XMLSEC_MINGW_H__
+
+#ifndef XMLSEC_PRIVATE
+#error "xmlsec-mingw.h file contains private xmlsec definitions for mingw build and should not be used outside xmlsec or xmlsec-<crypto> libraries"
+#endif /* XMLSEC_PRIVATE */
+
+
+/*defines*/
+
+#ifndef ALG_SID_HMAC
+# define ALG_SID_HMAC 9
+#endif
+
+#ifndef ALG_SID_SHA_256
+# define ALG_SID_SHA_256 12
+#endif
+
+#ifndef ALG_SID_SHA_384
+# define ALG_SID_SHA_384 13
+#endif
+
+#ifndef ALG_SID_SHA_512
+# define ALG_SID_SHA_512 14
+#endif
+
+#ifndef CALG_HMAC
+# define CALG_HMAC (ALG_CLASS_HASH|ALG_TYPE_ANY|ALG_SID_HMAC)
+#endif
+
+#ifndef CALG_SHA_256
+# define CALG_SHA_256 (ALG_CLASS_HASH|ALG_TYPE_ANY|ALG_SID_SHA_256)
+#endif
+
+#ifndef CALG_SHA_384
+# define CALG_SHA_384 (ALG_CLASS_HASH|ALG_TYPE_ANY|ALG_SID_SHA_384)
+#endif
+
+#ifndef CALG_SHA_512
+# define CALG_SHA_512 (ALG_CLASS_HASH|ALG_TYPE_ANY|ALG_SID_SHA_512)
+#endif
+
+
+#ifndef KP_OAEP_PARAMS
+# define KP_OAEP_PARAMS 36
+#endif
+
+
+#ifndef CERT_CLOSE_STORE_FORCE_FLAG
+# define CERT_CLOSE_STORE_FORCE_FLAG 1
+#endif
+
+#ifndef CERT_CLOSE_STORE_CHECK_FLAG
+# define CERT_CLOSE_STORE_CHECK_FLAG 2
+#endif
+
+
+#ifndef CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG
+# define CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG 1
+#endif
+
+
+#ifndef CERT_STORE_ADD_ALWAYS
+# define CERT_STORE_ADD_ALWAYS 4
+#endif
+
+#ifndef CERT_STORE_CREATE_NEW_FLAG
+# define CERT_STORE_CREATE_NEW_FLAG (2<<12)
+#endif
+
+#ifndef CERT_STORE_SIGNATURE_FLAG
+# define CERT_STORE_SIGNATURE_FLAG 1
+#endif
+
+#ifndef CERT_STORE_TIME_VALIDITY_FLAG
+# define CERT_STORE_TIME_VALIDITY_FLAG 2
+#endif
+
+#ifndef CERT_STORE_REVOCATION_FLAG
+# define CERT_STORE_REVOCATION_FLAG 4
+#endif
+
+#ifndef CERT_STORE_NO_CRL_FLAG
+# define CERT_STORE_NO_CRL_FLAG (1<<16)
+#endif
+
+
+#ifndef CERT_STORE_PROV_COLLECTION
+# define CERT_STORE_PROV_COLLECTION ((LPCSTR) 11)
+#endif
+
+#ifndef CERT_STORE_PROV_MEMORY
+# define CERT_STORE_PROV_MEMORY ((LPCSTR) 2)
+#endif
+
+
+#ifndef CERT_KEY_SPEC_PROP_ID
+# define CERT_KEY_SPEC_PROP_ID 6
+#endif
+
+#ifndef CERT_FRIENDLY_NAME_PROP_ID
+# define CERT_FRIENDLY_NAME_PROP_ID 11
+#endif
+
+#ifndef CERT_KEY_IDENTIFIER_PROP_ID
+# define CERT_KEY_IDENTIFIER_PROP_ID 20
+#endif
+
+
+#ifndef CERT_NAME_ISSUER_FLAG
+# define CERT_NAME_ISSUER_FLAG 1
+#endif
+
+#ifndef CERT_NAME_RDN_TYPE
+# define CERT_NAME_RDN_TYPE 2
+#endif
+
+#ifndef CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG
+# define CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG (4<<16)
+#endif
+
+
+#ifndef CERT_CHAIN_REVOCATION_CHECK_CHAIN
+# define CERT_CHAIN_REVOCATION_CHECK_CHAIN (2<<28)
+#endif
+
+#ifndef CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT
+# define CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (4<<28)
+#endif
+
+
+#ifndef szOID_SUBJECT_KEY_IDENTIFIER
+# define szOID_SUBJECT_KEY_IDENTIFIER "2.5.29.14"
+#endif
+
+
+#ifndef CRYPT_ACQUIRE_COMPARE_KEY_FLAG
+# define CRYPT_ACQUIRE_COMPARE_KEY_FLAG 4
+#endif
+
+
+/*structures/types*/
+typedef struct _PUBKEY {
+ DWORD magic;
+ DWORD bitlen;
+} DSSPUBKEY;
+
+typedef struct _DSSSEED {
+ DWORD counter;
+ BYTE seed[20];
+} DSSSEED;
+
+
+typedef struct _PROV_ENUMALGS_EX {
+ ALG_ID aiAlgid;
+ DWORD dwDefaultLen;
+ DWORD dwMinLen;
+ DWORD dwMaxLen;
+ DWORD dwProtocols;
+ DWORD dwNameLen;
+ CHAR szName[20];
+ DWORD dwLongNameLen;
+ CHAR szLongName[40];
+} PROV_ENUMALGS_EX;
+
+
+/*methods(functions)*/
+DWORD WINAPI CertGetPublicKeyLength(DWORD,PCERT_PUBLIC_KEY_INFO);
+
+BOOL WINAPI CertStrToNameA(DWORD,LPCSTR,DWORD,void*,BYTE*,DWORD*,LPCSTR*);
+BOOL WINAPI CertStrToNameW(DWORD,LPCWSTR,DWORD,void*,BYTE*,DWORD*,LPCWSTR*);
+#ifdef UNICODE
+#define CertStrToName CertStrToNameW
+#else
+#define CertStrToName CertStrToNameA
+#endif
+
+
+BOOL WINAPI CertCompareCertificateName(DWORD,PCERT_NAME_BLOB,PCERT_NAME_BLOB);
+
+BOOL WINAPI CertAddStoreToCollection(HCERTSTORE,HCERTSTORE,DWORD,DWORD);
+
+PCCERT_CONTEXT WINAPI CertCreateCertificateContext(DWORD,const BYTE*,DWORD);
+BOOL WINAPI CertGetCertificateContextProperty(PCCERT_CONTEXT,DWORD,void*,DWORD*);
+BOOL WINAPI CertVerifySubjectCertificateContext(PCCERT_CONTEXT,PCCERT_CONTEXT,DWORD*);
+
+BOOL WINAPI CertAddCRLContextToStore(HCERTSTORE,PCCRL_CONTEXT,DWORD,PCCRL_CONTEXT*);
+PCCRL_CONTEXT WINAPI CertDuplicateCRLContext(PCCRL_CONTEXT);
+BOOL WINAPI CertFreeCRLContext(PCCRL_CONTEXT);
+
+BOOL WINAPI CertFindCertificateInCRL(PCCERT_CONTEXT,PCCRL_CONTEXT,DWORD,void*,PCRL_ENTRY*);
+PCCRL_CONTEXT WINAPI CertEnumCRLsInStore(HCERTSTORE,PCCRL_CONTEXT);
+
+PCCRL_CONTEXT WINAPI CertCreateCRLContext(DWORD,const BYTE*,DWORD);
+
+BOOL WINAPI CryptAcquireCertificatePrivateKey(PCCERT_CONTEXT,DWORD,void*,HCRYPTPROV*,DWORD*,BOOL*);
+BOOL WINAPI CryptDuplicateKey(HCRYPTKEY,DWORD*,DWORD,HCRYPTKEY*);
+BOOL WINAPI CryptImportPublicKeyInfo(HCRYPTPROV,DWORD,PCERT_PUBLIC_KEY_INFO,HCRYPTKEY*);
+
+
+#endif /*ndef __XMLSEC_MSCRYPTO_XMLSEC_MINGW_H__*/
diff --git a/src/nodeset.c b/src/nodeset.c
new file mode 100644
index 00000000..04ae8105
--- /dev/null
+++ b/src/nodeset.c
@@ -0,0 +1,610 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Enchanced nodes set
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <libxml/tree.h>
+#include <libxml/xpath.h>
+#include <libxml/xpathInternals.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/nodeset.h>
+#include <xmlsec/errors.h>
+
+#define xmlSecGetParent(node) \
+ (((node)->type != XML_NAMESPACE_DECL) ? \
+ (node)->parent : \
+ (xmlNodePtr)((xmlNsPtr)(node))->next)
+
+static int xmlSecNodeSetOneContains (xmlSecNodeSetPtr nset,
+ xmlNodePtr node,
+ xmlNodePtr parent);
+static int xmlSecNodeSetWalkRecursive (xmlSecNodeSetPtr nset,
+ xmlSecNodeSetWalkCallback walkFunc,
+ void* data,
+ xmlNodePtr cur,
+ xmlNodePtr parent);
+
+/**
+ * xmlSecNodeSetCreate:
+ * @doc: the pointer to parent XML document.
+ * @nodes: the list of nodes.
+ * @type: the nodes set type.
+ *
+ * Creates new nodes set. Caller is responsible for freeing returned object
+ * by calling #xmlSecNodeSetDestroy function.
+ *
+ * Returns: pointer to newly allocated node set or NULL if an error occurs.
+ */
+xmlSecNodeSetPtr
+xmlSecNodeSetCreate(xmlDocPtr doc, xmlNodeSetPtr nodes, xmlSecNodeSetType type) {
+ xmlSecNodeSetPtr nset;
+
+ nset = (xmlSecNodeSetPtr)xmlMalloc(sizeof(xmlSecNodeSet));
+ if(nset == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "sizeof(xmlSecNodeSet)=%d",
+ sizeof(xmlSecNodeSet));
+ return(NULL);
+ }
+ memset(nset, 0, sizeof(xmlSecNodeSet));
+
+ nset->doc = doc;
+ nset->nodes = nodes;
+ nset->type = type;
+ nset->next = nset->prev = nset;
+ return(nset);
+}
+
+/**
+ * xmlSecNodeSetDestroy:
+ * @nset: the pointer to node set.
+ *
+ * Destroys the nodes set created with #xmlSecNodeSetCreate function.
+ */
+void
+xmlSecNodeSetDestroy(xmlSecNodeSetPtr nset) {
+ xmlSecNodeSetPtr tmp;
+ xmlDocPtr destroyDoc = NULL;
+
+ xmlSecAssert(nset != NULL);
+
+ while((tmp = nset) != NULL) {
+ if((nset->next != NULL) && (nset->next != nset)) {
+ nset->next->prev = nset->prev;
+ nset->prev->next = nset->next;
+ nset = nset->next;
+ } else {
+ nset = NULL;
+ }
+
+ if(tmp->nodes != NULL) {
+ xmlXPathFreeNodeSet(tmp->nodes);
+ }
+ if(tmp->children != NULL) {
+ xmlSecNodeSetDestroy(tmp->children);
+ }
+ if((tmp->doc != NULL) && (tmp->destroyDoc != 0)) {
+ /* all nodesets should belong to the same doc */
+ xmlSecAssert((destroyDoc == NULL) || (tmp->doc == destroyDoc));
+ destroyDoc = tmp->doc; /* can't destroy here because other node sets can refer to it */
+ }
+ memset(tmp, 0, sizeof(xmlSecNodeSet));
+ xmlFree(tmp);
+ }
+
+ /* finally, destroy the doc if needed */
+ if(destroyDoc != NULL) {
+ xmlFreeDoc(destroyDoc);
+ }
+}
+
+/**
+ * xmlSecNodeSetDocDestroy:
+ * @nset: the pointer to node set.
+ *
+ * Instructs node set to destroy nodes parent doc when node set is destroyed.
+ */
+void
+xmlSecNodeSetDocDestroy(xmlSecNodeSetPtr nset) {
+ xmlSecAssert(nset != NULL);
+
+ nset->destroyDoc = 1;
+}
+
+static int
+xmlSecNodeSetOneContains(xmlSecNodeSetPtr nset, xmlNodePtr node, xmlNodePtr parent) {
+ int in_nodes_set = 1;
+
+ xmlSecAssert2(nset != NULL, 0);
+ xmlSecAssert2(node != NULL, 0);
+
+ /* special cases: */
+ switch(nset->type) {
+ case xmlSecNodeSetTreeWithoutComments:
+ case xmlSecNodeSetTreeWithoutCommentsInvert:
+ if(node->type == XML_COMMENT_NODE) {
+ return(0);
+ }
+ break;
+ case xmlSecNodeSetList:
+ return(xmlSecNodeSetContains(nset->children, node, parent));
+ default:
+ break;
+ }
+
+ if(nset->nodes != NULL) {
+ if(node->type != XML_NAMESPACE_DECL) {
+ in_nodes_set = xmlXPathNodeSetContains(nset->nodes, node);
+ } else {
+ xmlNs ns;
+
+ memcpy(&ns, node, sizeof(ns));
+
+ /* this is a libxml hack! check xpath.c for details */
+ if((parent != NULL) && (parent->type == XML_ATTRIBUTE_NODE)) {
+ ns.next = (xmlNsPtr)parent->parent;
+ } else {
+ ns.next = (xmlNsPtr)parent;
+ }
+
+ /*
+ * If the input is an XPath node-set, then the node-set must explicitly
+ * contain every node to be rendered to the canonical form.
+ */
+ in_nodes_set = (xmlXPathNodeSetContains(nset->nodes, (xmlNodePtr)&ns));
+ }
+ }
+
+ switch(nset->type) {
+ case xmlSecNodeSetNormal:
+ return(in_nodes_set);
+ case xmlSecNodeSetInvert:
+ return(!in_nodes_set);
+ case xmlSecNodeSetTree:
+ case xmlSecNodeSetTreeWithoutComments:
+ if(in_nodes_set) {
+ return(1);
+ }
+ if((parent != NULL) && (parent->type == XML_ELEMENT_NODE)) {
+ return(xmlSecNodeSetOneContains(nset, parent, parent->parent));
+ }
+ return(0);
+ case xmlSecNodeSetTreeInvert:
+ case xmlSecNodeSetTreeWithoutCommentsInvert:
+ if(in_nodes_set) {
+ return(0);
+ }
+ if((parent != NULL) && (parent->type == XML_ELEMENT_NODE)) {
+ return(xmlSecNodeSetOneContains(nset, parent, parent->parent));
+ }
+ return(1);
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TYPE,
+ "type=%d", nset->type);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecNodeSetContains:
+ * @nset: the pointer to node set.
+ * @node: the pointer to XML node to check.
+ * @parent: the pointer to @node parent node.
+ *
+ * Checks whether the @node is in the nodes set or not.
+ *
+ * Returns: 1 if the @node is in the nodes set @nset, 0 if it is not
+ * and a negative value if an error occurs.
+ */
+int
+xmlSecNodeSetContains(xmlSecNodeSetPtr nset, xmlNodePtr node, xmlNodePtr parent) {
+ int status = 1;
+ xmlSecNodeSetPtr cur;
+
+ xmlSecAssert2(node != NULL, 0);
+
+ /* special cases: */
+ if(nset == NULL) {
+ return(1);
+ }
+
+ status = 1;
+ cur = nset;
+ do {
+ switch(cur->op) {
+ case xmlSecNodeSetIntersection:
+ if(status && !xmlSecNodeSetOneContains(cur, node, parent)) {
+ status = 0;
+ }
+ break;
+ case xmlSecNodeSetSubtraction:
+ if(status && xmlSecNodeSetOneContains(cur, node, parent)) {
+ status = 0;
+ }
+ break;
+ case xmlSecNodeSetUnion:
+ if(!status && xmlSecNodeSetOneContains(cur, node, parent)) {
+ status = 1;
+ }
+ break;
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_OPERATION,
+ "operation=%d", cur->op);
+ return(-1);
+ }
+ cur = cur->next;
+ } while(cur != nset);
+
+ return(status);
+}
+
+/**
+ * xmlSecNodeSetAdd:
+ * @nset: the pointer to currrent nodes set (or NULL).
+ * @newNSet: the pointer to new nodes set.
+ * @op: the operation type.
+ *
+ * Adds @newNSet to the @nset using operation @op.
+ *
+ * Returns: the pointer to combined nodes set or NULL if an error
+ * occurs.
+ */
+xmlSecNodeSetPtr
+xmlSecNodeSetAdd(xmlSecNodeSetPtr nset, xmlSecNodeSetPtr newNSet,
+ xmlSecNodeSetOp op) {
+ xmlSecAssert2(newNSet != NULL, NULL);
+ xmlSecAssert2(newNSet->next == newNSet, NULL);
+
+ newNSet->op = op;
+ if(nset == NULL) {
+ return(newNSet);
+ }
+
+ /* all nodesets should belong to the same doc */
+ xmlSecAssert2(nset->doc == newNSet->doc, NULL);
+
+ newNSet->next = nset;
+ newNSet->prev = nset->prev;
+ nset->prev->next = newNSet;
+ nset->prev = newNSet;
+ return(nset);
+}
+
+/**
+ * xmlSecNodeSetAddList:
+ * @nset: the pointer to currrent nodes set (or NULL).
+ * @newNSet: the pointer to new nodes set.
+ * @op: the operation type.
+ *
+ * Adds @newNSet to the @nset as child using operation @op.
+ *
+ * Returns: the pointer to combined nodes set or NULL if an error
+ * occurs.
+ */
+xmlSecNodeSetPtr
+xmlSecNodeSetAddList(xmlSecNodeSetPtr nset, xmlSecNodeSetPtr newNSet, xmlSecNodeSetOp op) {
+ xmlSecNodeSetPtr tmp1, tmp2;
+
+ xmlSecAssert2(newNSet != NULL, NULL);
+
+ tmp1 = xmlSecNodeSetCreate(newNSet->doc, NULL, xmlSecNodeSetList);
+ if(tmp1 == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNodeSetCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ tmp1->children = newNSet;
+
+ tmp2 = xmlSecNodeSetAdd(nset, tmp1, op);
+ if(tmp2 == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNodeSetAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecNodeSetDestroy(tmp1);
+ return(NULL);
+ }
+ return(tmp2);
+}
+
+
+/**
+ * xmlSecNodeSetWalk:
+ * @nset: the pointer to node set.
+ * @walkFunc: the callback functions.
+ * @data: the application specific data passed to the @walkFunc.
+ *
+ * Calls the function @walkFunc once per each node in the nodes set @nset.
+ * If the @walkFunc returns a negative value, then the walk procedure
+ * is interrupted.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecNodeSetWalk(xmlSecNodeSetPtr nset, xmlSecNodeSetWalkCallback walkFunc, void* data) {
+ xmlNodePtr cur;
+ int ret = 0;
+
+ xmlSecAssert2(nset != NULL, -1);
+ xmlSecAssert2(nset->doc != NULL, -1);
+ xmlSecAssert2(walkFunc != NULL, -1);
+
+ /* special cases */
+ if(nset->nodes != NULL) {
+ int i;
+
+ switch(nset->type) {
+ case xmlSecNodeSetNormal:
+ case xmlSecNodeSetTree:
+ case xmlSecNodeSetTreeWithoutComments:
+ for(i = 0; (ret >= 0) && (i < nset->nodes->nodeNr); ++i) {
+ ret = xmlSecNodeSetWalkRecursive(nset, walkFunc, data,
+ nset->nodes->nodeTab[i],
+ xmlSecGetParent(nset->nodes->nodeTab[i]));
+ }
+ return(ret);
+ default:
+ break;
+ }
+ }
+
+ for(cur = nset->doc->children; (cur != NULL) && (ret >= 0); cur = cur->next) {
+ ret = xmlSecNodeSetWalkRecursive(nset, walkFunc, data, cur, xmlSecGetParent(cur));
+ }
+ return(ret);
+}
+
+static int
+xmlSecNodeSetWalkRecursive(xmlSecNodeSetPtr nset, xmlSecNodeSetWalkCallback walkFunc,
+ void* data, xmlNodePtr cur, xmlNodePtr parent) {
+ int ret;
+
+ xmlSecAssert2(nset != NULL, -1);
+ xmlSecAssert2(cur != NULL, -1);
+ xmlSecAssert2(walkFunc != NULL, -1);
+
+ /* the node itself */
+ if(xmlSecNodeSetContains(nset, cur, parent)) {
+ ret = walkFunc(nset, cur, parent, data);
+
+ if(ret < 0) {
+ return(ret);
+ }
+ }
+
+ /* element node has attributes, namespaces */
+ if(cur->type == XML_ELEMENT_NODE) {
+ xmlAttrPtr attr;
+ xmlNodePtr node;
+ xmlNsPtr ns, tmp;
+
+ attr = (xmlAttrPtr)cur->properties;
+ while(attr != NULL) {
+ if(xmlSecNodeSetContains(nset, (xmlNodePtr)attr, cur)) {
+ ret = walkFunc(nset, (xmlNodePtr)attr, cur, data);
+ if(ret < 0) {
+ return(ret);
+ }
+ }
+ attr = attr->next;
+ }
+
+ node = cur;
+ while(node != NULL) {
+ ns = node->nsDef;
+ while(ns != NULL) {
+ tmp = xmlSearchNs(nset->doc, cur, ns->prefix);
+ if((tmp == ns) && xmlSecNodeSetContains(nset, (xmlNodePtr)ns, cur)) {
+ ret = walkFunc(nset, (xmlNodePtr)ns, cur, data);
+ if(ret < 0) {
+ return(ret);
+ }
+ }
+ ns = ns->next;
+ }
+ node = node->parent;
+ }
+ }
+
+ /* element and document nodes have children */
+ if((cur->type == XML_ELEMENT_NODE) || (cur->type == XML_DOCUMENT_NODE)) {
+ xmlNodePtr node;
+
+ node = cur->children;
+ while(node != NULL) {
+ ret = xmlSecNodeSetWalkRecursive(nset, walkFunc, data, node, cur);
+ if(ret < 0) {
+ return(ret);
+ }
+ node = node->next;
+ }
+ }
+ return(0);
+}
+
+/**
+ * xmlSecNodeSetGetChildren:
+ * @doc: the pointer to an XML document.
+ * @parent: the pointer to parent XML node or NULL if we want to include all document nodes.
+ * @withComments: the flag include comments or not.
+ * @invert: the "invert" flag.
+ *
+ * Creates a new nodes set that contains:
+ * - if @withComments is not 0 and @invert is 0:
+ * all nodes in the @parent subtree;
+ * - if @withComments is 0 and @invert is 0:
+ * all nodes in the @parent subtree except comment nodes;
+ * - if @withComments is not 0 and @invert not is 0:
+ * all nodes in the @doc except nodes in the @parent subtree;
+ * - if @withComments is 0 and @invert is 0:
+ * all nodes in the @doc except nodes in the @parent subtree
+ * and comment nodes.
+ *
+ * Returns: pointer to the newly created #xmlSecNodeSet structure
+ * or NULL if an error occurs.
+ */
+xmlSecNodeSetPtr
+xmlSecNodeSetGetChildren(xmlDocPtr doc, const xmlNodePtr parent, int withComments, int invert) {
+ xmlNodeSetPtr nodes;
+ xmlSecNodeSetType type;
+
+ xmlSecAssert2(doc != NULL, NULL);
+
+ nodes = xmlXPathNodeSetCreate(parent);
+ if(nodes == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlXPathNodeSetCreate",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ /* if parent is NULL then we add all the doc children */
+ if(parent == NULL) {
+ xmlNodePtr cur;
+ for(cur = doc->children; cur != NULL; cur = cur->next) {
+ if(withComments || (cur->type != XML_COMMENT_NODE)) {
+ xmlXPathNodeSetAdd(nodes, cur);
+ }
+ }
+ }
+
+ if(withComments && invert) {
+ type = xmlSecNodeSetTreeInvert;
+ } else if(withComments && !invert) {
+ type = xmlSecNodeSetTree;
+ } else if(!withComments && invert) {
+ type = xmlSecNodeSetTreeWithoutCommentsInvert;
+ } else { /* if(!withComments && !invert) */
+ type = xmlSecNodeSetTreeWithoutComments;
+ }
+
+ return(xmlSecNodeSetCreate(doc, nodes, type));
+}
+
+static int
+xmlSecNodeSetDumpTextNodesWalkCallback(xmlSecNodeSetPtr nset, xmlNodePtr cur,
+ xmlNodePtr parent ATTRIBUTE_UNUSED,
+ void* data) {
+ xmlSecAssert2(nset != NULL, -1);
+ xmlSecAssert2(cur != NULL, -1);
+ xmlSecAssert2(data != NULL, -1);
+
+ if(cur->type == XML_TEXT_NODE) {
+ xmlOutputBufferWriteString((xmlOutputBufferPtr)data,
+ (char*)(cur->content));
+ }
+ return(0);
+}
+
+/**
+ * xmlSecNodeSetDumpTextNodes:
+ * @nset: the pointer to node set.
+ * @out: the output buffer.
+ *
+ * Dumps content of all the text nodes from @nset to @out.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecNodeSetDumpTextNodes(xmlSecNodeSetPtr nset, xmlOutputBufferPtr out) {
+ xmlSecAssert2(nset != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+
+ return(xmlSecNodeSetWalk(nset, xmlSecNodeSetDumpTextNodesWalkCallback, out));
+}
+
+/**
+ * xmlSecNodeSetDebugDump:
+ * @nset: the pointer to node set.
+ * @output: the pointer to output FILE.
+ *
+ * Prints information about @nset to the @output.
+ */
+void
+xmlSecNodeSetDebugDump(xmlSecNodeSetPtr nset, FILE *output) {
+ int i, l;
+ xmlNodePtr cur;
+
+ xmlSecAssert(nset != NULL);
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "== Nodes set ");
+ switch(nset->type) {
+ case xmlSecNodeSetNormal:
+ fprintf(output, "(xmlSecNodeSetNormal)\n");
+ break;
+ case xmlSecNodeSetInvert:
+ fprintf(output, "(xmlSecNodeSetInvert)\n");
+ break;
+ case xmlSecNodeSetTree:
+ fprintf(output, "(xmlSecNodeSetTree)\n");
+ break;
+ case xmlSecNodeSetTreeWithoutComments:
+ fprintf(output, "(xmlSecNodeSetTreeWithoutComments)\n");
+ break;
+ case xmlSecNodeSetTreeInvert:
+ fprintf(output, "(xmlSecNodeSetTreeInvert)\n");
+ break;
+ case xmlSecNodeSetTreeWithoutCommentsInvert:
+ fprintf(output, "(xmlSecNodeSetTreeWithoutCommentsInvert)\n");
+ break;
+ case xmlSecNodeSetList:
+ fprintf(output, "(xmlSecNodeSetList)\n");
+ fprintf(output, ">>>\n");
+ xmlSecNodeSetDebugDump(nset->children, output);
+ fprintf(output, "<<<\n");
+ return;
+ default:
+ fprintf(output, "(unknown=%d)\n", nset->type);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TYPE,
+ "type=%d", nset->type);
+ }
+
+ l = xmlXPathNodeSetGetLength(nset->nodes);
+ for(i = 0; i < l; ++i) {
+ cur = xmlXPathNodeSetItem(nset->nodes, i);
+ if(cur->type != XML_NAMESPACE_DECL) {
+ fprintf(output, "%d: %s\n", cur->type,
+ (cur->name) ? cur->name : BAD_CAST "null");
+ } else {
+ xmlNsPtr ns = (xmlNsPtr)cur;
+ fprintf(output, "%d: %s=%s (%s:%s)\n", cur->type,
+ (ns->prefix) ? ns->prefix : BAD_CAST "null",
+ (ns->href) ? ns->href : BAD_CAST "null",
+ (((xmlNodePtr)ns->next)->ns &&
+ ((xmlNodePtr)ns->next)->ns->prefix) ?
+ ((xmlNodePtr)ns->next)->ns->prefix : BAD_CAST "null",
+ ((xmlNodePtr)ns->next)->name);
+ }
+ }
+}
diff --git a/src/nss/Makefile.am b/src/nss/Makefile.am
new file mode 100644
index 00000000..8cd85863
--- /dev/null
+++ b/src/nss/Makefile.am
@@ -0,0 +1,57 @@
+NULL =
+
+EXTRA_DIST = \
+ README \
+ $(NULL)
+
+lib_LTLIBRARIES = \
+ libxmlsec1-nss.la \
+ $(NULL)
+
+libxmlsec1_nss_la_CPPFLAGS = \
+ -DPACKAGE=\"@PACKAGE@\" \
+ -I../../include \
+ -I$(top_srcdir)/include \
+ $(XMLSEC_DEFINES) \
+ $(NSS_CFLAGS) \
+ $(LIBXSLT_CFLAGS) \
+ $(LIBXML_CFLAGS) \
+ $(NULL)
+
+libxmlsec1_nss_la_SOURCES =\
+ app.c \
+ bignum.c \
+ ciphers.c \
+ crypto.c \
+ digests.c \
+ hmac.c \
+ pkikeys.c \
+ signatures.c \
+ symkeys.c \
+ x509.c \
+ x509vfy.c \
+ keysstore.c \
+ keytrans.c \
+ kw_des.c \
+ kw_aes.c \
+ globals.h \
+ $(NULL)
+
+if SHAREDLIB_HACK
+libxmlsec1_nss_la_SOURCES += ../strings.c
+endif
+
+libxmlsec1_nss_la_LIBADD = \
+ $(NSS_LIBS) \
+ $(LIBXSLT_LIBS) \
+ $(LIBXML_LIBS) \
+ ../libxmlsec1.la \
+ $(NULL)
+
+libxmlsec1_nss_la_DEPENDENCIES = \
+ $(NULL)
+
+libxmlsec1_nss_la_LDFLAGS = \
+ @XMLSEC_CRYPTO_EXTRA_LDFLAGS@ \
+ -version-info @XMLSEC_VERSION_INFO@ \
+ $(NULL)
diff --git a/src/nss/Makefile.in b/src/nss/Makefile.in
new file mode 100644
index 00000000..46c8c927
--- /dev/null
+++ b/src/nss/Makefile.in
@@ -0,0 +1,798 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@SHAREDLIB_HACK_TRUE@am__append_1 = ../strings.c
+subdir = src/nss
+DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(libdir)"
+LTLIBRARIES = $(lib_LTLIBRARIES)
+am__DEPENDENCIES_1 =
+am__libxmlsec1_nss_la_SOURCES_DIST = app.c bignum.c ciphers.c crypto.c \
+ digests.c hmac.c pkikeys.c signatures.c symkeys.c x509.c \
+ x509vfy.c keysstore.c keytrans.c kw_des.c kw_aes.c globals.h \
+ ../strings.c
+am__objects_1 =
+@SHAREDLIB_HACK_TRUE@am__objects_2 = libxmlsec1_nss_la-strings.lo
+am_libxmlsec1_nss_la_OBJECTS = libxmlsec1_nss_la-app.lo \
+ libxmlsec1_nss_la-bignum.lo libxmlsec1_nss_la-ciphers.lo \
+ libxmlsec1_nss_la-crypto.lo libxmlsec1_nss_la-digests.lo \
+ libxmlsec1_nss_la-hmac.lo libxmlsec1_nss_la-pkikeys.lo \
+ libxmlsec1_nss_la-signatures.lo libxmlsec1_nss_la-symkeys.lo \
+ libxmlsec1_nss_la-x509.lo libxmlsec1_nss_la-x509vfy.lo \
+ libxmlsec1_nss_la-keysstore.lo libxmlsec1_nss_la-keytrans.lo \
+ libxmlsec1_nss_la-kw_des.lo libxmlsec1_nss_la-kw_aes.lo \
+ $(am__objects_1) $(am__objects_2)
+libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS)
+libxmlsec1_nss_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libxmlsec1_nss_la_LDFLAGS) $(LDFLAGS) -o $@
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libxmlsec1_nss_la_SOURCES)
+DIST_SOURCES = $(am__libxmlsec1_nss_la_SOURCES_DIST)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CP = @CP@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GCRYPT_CFLAGS = @GCRYPT_CFLAGS@
+GCRYPT_CRYPTO_LIB = @GCRYPT_CRYPTO_LIB@
+GCRYPT_LIBS = @GCRYPT_LIBS@
+GCRYPT_MIN_VERSION = @GCRYPT_MIN_VERSION@
+GNUTLS_CFLAGS = @GNUTLS_CFLAGS@
+GNUTLS_CRYPTO_LIB = @GNUTLS_CRYPTO_LIB@
+GNUTLS_LIBS = @GNUTLS_LIBS@
+GNUTLS_MIN_VERSION = @GNUTLS_MIN_VERSION@
+GREP = @GREP@
+HELP2MAN = @HELP2MAN@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIBXML_CFLAGS = @LIBXML_CFLAGS@
+LIBXML_CONFIG = @LIBXML_CONFIG@
+LIBXML_LIBS = @LIBXML_LIBS@
+LIBXML_MIN_VERSION = @LIBXML_MIN_VERSION@
+LIBXSLT_CFLAGS = @LIBXSLT_CFLAGS@
+LIBXSLT_CONFIG = @LIBXSLT_CONFIG@
+LIBXSLT_LIBS = @LIBXSLT_LIBS@
+LIBXSLT_MIN_VERSION = @LIBXSLT_MIN_VERSION@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MAN2HTML = @MAN2HTML@
+MKDIR_P = @MKDIR_P@
+MOZILLA_MIN_VERSION = @MOZILLA_MIN_VERSION@
+MSCRYPTO_CFLAGS = @MSCRYPTO_CFLAGS@
+MSCRYPTO_CRYPTO_LIB = @MSCRYPTO_CRYPTO_LIB@
+MSCRYPTO_LIBS = @MSCRYPTO_LIBS@
+MV = @MV@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NSPR_MIN_VERSION = @NSPR_MIN_VERSION@
+NSPR_PACKAGE = @NSPR_PACKAGE@
+NSS_CFLAGS = @NSS_CFLAGS@
+NSS_CRYPTO_LIB = @NSS_CRYPTO_LIB@
+NSS_LIBS = @NSS_LIBS@
+NSS_MIN_VERSION = @NSS_MIN_VERSION@
+NSS_PACKAGE = @NSS_PACKAGE@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_CFLAGS = @OPENSSL_CFLAGS@
+OPENSSL_CRYPTO_LIB = @OPENSSL_CRYPTO_LIB@
+OPENSSL_LIBS = @OPENSSL_LIBS@
+OPENSSL_MIN_VERSION = @OPENSSL_MIN_VERSION@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKGCONFIG_PRESENT = @PKGCONFIG_PRESENT@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+RANLIB = @RANLIB@
+RM = @RM@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+TAR = @TAR@
+U = @U@
+VERSION = @VERSION@
+XMLSEC_APP_DEFINES = @XMLSEC_APP_DEFINES@
+XMLSEC_CFLAGS = @XMLSEC_CFLAGS@
+XMLSEC_CORE_CFLAGS = @XMLSEC_CORE_CFLAGS@
+XMLSEC_CORE_LIBS = @XMLSEC_CORE_LIBS@
+XMLSEC_CRYPTO = @XMLSEC_CRYPTO@
+XMLSEC_CRYPTO_CFLAGS = @XMLSEC_CRYPTO_CFLAGS@
+XMLSEC_CRYPTO_DISABLED_LIST = @XMLSEC_CRYPTO_DISABLED_LIST@
+XMLSEC_CRYPTO_EXTRA_LDFLAGS = @XMLSEC_CRYPTO_EXTRA_LDFLAGS@
+XMLSEC_CRYPTO_LIB = @XMLSEC_CRYPTO_LIB@
+XMLSEC_CRYPTO_LIBS = @XMLSEC_CRYPTO_LIBS@
+XMLSEC_CRYPTO_LIST = @XMLSEC_CRYPTO_LIST@
+XMLSEC_CRYPTO_PC_FILES_LIST = @XMLSEC_CRYPTO_PC_FILES_LIST@
+XMLSEC_DEFINES = @XMLSEC_DEFINES@
+XMLSEC_DL_INCLUDES = @XMLSEC_DL_INCLUDES@
+XMLSEC_DL_LIBS = @XMLSEC_DL_LIBS@
+XMLSEC_DOCDIR = @XMLSEC_DOCDIR@
+XMLSEC_EXTRA_LDFLAGS = @XMLSEC_EXTRA_LDFLAGS@
+XMLSEC_GCRYPT_CFLAGS = @XMLSEC_GCRYPT_CFLAGS@
+XMLSEC_GCRYPT_LIBS = @XMLSEC_GCRYPT_LIBS@
+XMLSEC_GNUTLS_CFLAGS = @XMLSEC_GNUTLS_CFLAGS@
+XMLSEC_GNUTLS_LIBS = @XMLSEC_GNUTLS_LIBS@
+XMLSEC_LIBDIR = @XMLSEC_LIBDIR@
+XMLSEC_LIBS = @XMLSEC_LIBS@
+XMLSEC_NO_AES = @XMLSEC_NO_AES@
+XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_DES = @XMLSEC_NO_DES@
+XMLSEC_NO_DSA = @XMLSEC_NO_DSA@
+XMLSEC_NO_GCRYPT = @XMLSEC_NO_GCRYPT@
+XMLSEC_NO_GNUTLS = @XMLSEC_NO_GNUTLS@
+XMLSEC_NO_GOST = @XMLSEC_NO_GOST@
+XMLSEC_NO_HMAC = @XMLSEC_NO_HMAC@
+XMLSEC_NO_LIBXSLT = @XMLSEC_NO_LIBXSLT@
+XMLSEC_NO_MD5 = @XMLSEC_NO_MD5@
+XMLSEC_NO_MSCRYPTO = @XMLSEC_NO_MSCRYPTO@
+XMLSEC_NO_NSS = @XMLSEC_NO_NSS@
+XMLSEC_NO_OPENSSL = @XMLSEC_NO_OPENSSL@
+XMLSEC_NO_RIPEMD160 = @XMLSEC_NO_RIPEMD160@
+XMLSEC_NO_RSA = @XMLSEC_NO_RSA@
+XMLSEC_NO_SHA1 = @XMLSEC_NO_SHA1@
+XMLSEC_NO_SHA224 = @XMLSEC_NO_SHA224@
+XMLSEC_NO_SHA256 = @XMLSEC_NO_SHA256@
+XMLSEC_NO_SHA384 = @XMLSEC_NO_SHA384@
+XMLSEC_NO_SHA512 = @XMLSEC_NO_SHA512@
+XMLSEC_NO_X509 = @XMLSEC_NO_X509@
+XMLSEC_NO_XKMS = @XMLSEC_NO_XKMS@
+XMLSEC_NO_XMLDSIG = @XMLSEC_NO_XMLDSIG@
+XMLSEC_NO_XMLENC = @XMLSEC_NO_XMLENC@
+XMLSEC_NSS_CFLAGS = @XMLSEC_NSS_CFLAGS@
+XMLSEC_NSS_LIBS = @XMLSEC_NSS_LIBS@
+XMLSEC_OPENSSL_CFLAGS = @XMLSEC_OPENSSL_CFLAGS@
+XMLSEC_OPENSSL_LIBS = @XMLSEC_OPENSSL_LIBS@
+XMLSEC_PACKAGE = @XMLSEC_PACKAGE@
+XMLSEC_STATIC_BINARIES = @XMLSEC_STATIC_BINARIES@
+XMLSEC_VERSION = @XMLSEC_VERSION@
+XMLSEC_VERSION_INFO = @XMLSEC_VERSION_INFO@
+XMLSEC_VERSION_MAJOR = @XMLSEC_VERSION_MAJOR@
+XMLSEC_VERSION_MINOR = @XMLSEC_VERSION_MINOR@
+XMLSEC_VERSION_SAFE = @XMLSEC_VERSION_SAFE@
+XMLSEC_VERSION_SUBMINOR = @XMLSEC_VERSION_SUBMINOR@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+NULL =
+EXTRA_DIST = \
+ README \
+ $(NULL)
+
+lib_LTLIBRARIES = \
+ libxmlsec1-nss.la \
+ $(NULL)
+
+libxmlsec1_nss_la_CPPFLAGS = \
+ -DPACKAGE=\"@PACKAGE@\" \
+ -I../../include \
+ -I$(top_srcdir)/include \
+ $(XMLSEC_DEFINES) \
+ $(NSS_CFLAGS) \
+ $(LIBXSLT_CFLAGS) \
+ $(LIBXML_CFLAGS) \
+ $(NULL)
+
+libxmlsec1_nss_la_SOURCES = app.c bignum.c ciphers.c crypto.c \
+ digests.c hmac.c pkikeys.c signatures.c symkeys.c x509.c \
+ x509vfy.c keysstore.c keytrans.c kw_des.c kw_aes.c globals.h \
+ $(NULL) $(am__append_1)
+libxmlsec1_nss_la_LIBADD = \
+ $(NSS_LIBS) \
+ $(LIBXSLT_LIBS) \
+ $(LIBXML_LIBS) \
+ ../libxmlsec1.la \
+ $(NULL)
+
+libxmlsec1_nss_la_DEPENDENCIES = \
+ $(NULL)
+
+libxmlsec1_nss_la_LDFLAGS = \
+ @XMLSEC_CRYPTO_EXTRA_LDFLAGS@ \
+ -version-info @XMLSEC_VERSION_INFO@ \
+ $(NULL)
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/nss/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/nss/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
+ @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \
+ }
+
+uninstall-libLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \
+ done
+
+clean-libLTLIBRARIES:
+ -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libxmlsec1-nss.la: $(libxmlsec1_nss_la_OBJECTS) $(libxmlsec1_nss_la_DEPENDENCIES)
+ $(libxmlsec1_nss_la_LINK) -rpath $(libdir) $(libxmlsec1_nss_la_OBJECTS) $(libxmlsec1_nss_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-app.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-bignum.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-ciphers.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-crypto.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-digests.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-hmac.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-keysstore.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-keytrans.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-kw_aes.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-kw_des.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-pkikeys.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-signatures.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-strings.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-symkeys.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-x509.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-x509vfy.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+libxmlsec1_nss_la-app.lo: app.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-app.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-app.Tpo -c -o libxmlsec1_nss_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-app.Tpo $(DEPDIR)/libxmlsec1_nss_la-app.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='app.c' object='libxmlsec1_nss_la-app.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
+
+libxmlsec1_nss_la-bignum.lo: bignum.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-bignum.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo -c -o libxmlsec1_nss_la-bignum.lo `test -f 'bignum.c' || echo '$(srcdir)/'`bignum.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo $(DEPDIR)/libxmlsec1_nss_la-bignum.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bignum.c' object='libxmlsec1_nss_la-bignum.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-bignum.lo `test -f 'bignum.c' || echo '$(srcdir)/'`bignum.c
+
+libxmlsec1_nss_la-ciphers.lo: ciphers.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-ciphers.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-ciphers.Tpo -c -o libxmlsec1_nss_la-ciphers.lo `test -f 'ciphers.c' || echo '$(srcdir)/'`ciphers.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-ciphers.Tpo $(DEPDIR)/libxmlsec1_nss_la-ciphers.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ciphers.c' object='libxmlsec1_nss_la-ciphers.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-ciphers.lo `test -f 'ciphers.c' || echo '$(srcdir)/'`ciphers.c
+
+libxmlsec1_nss_la-crypto.lo: crypto.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-crypto.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-crypto.Tpo -c -o libxmlsec1_nss_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-crypto.Tpo $(DEPDIR)/libxmlsec1_nss_la-crypto.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto.c' object='libxmlsec1_nss_la-crypto.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c
+
+libxmlsec1_nss_la-digests.lo: digests.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-digests.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-digests.Tpo -c -o libxmlsec1_nss_la-digests.lo `test -f 'digests.c' || echo '$(srcdir)/'`digests.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-digests.Tpo $(DEPDIR)/libxmlsec1_nss_la-digests.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='digests.c' object='libxmlsec1_nss_la-digests.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-digests.lo `test -f 'digests.c' || echo '$(srcdir)/'`digests.c
+
+libxmlsec1_nss_la-hmac.lo: hmac.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-hmac.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-hmac.Tpo -c -o libxmlsec1_nss_la-hmac.lo `test -f 'hmac.c' || echo '$(srcdir)/'`hmac.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-hmac.Tpo $(DEPDIR)/libxmlsec1_nss_la-hmac.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='hmac.c' object='libxmlsec1_nss_la-hmac.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-hmac.lo `test -f 'hmac.c' || echo '$(srcdir)/'`hmac.c
+
+libxmlsec1_nss_la-pkikeys.lo: pkikeys.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-pkikeys.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-pkikeys.Tpo -c -o libxmlsec1_nss_la-pkikeys.lo `test -f 'pkikeys.c' || echo '$(srcdir)/'`pkikeys.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-pkikeys.Tpo $(DEPDIR)/libxmlsec1_nss_la-pkikeys.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='pkikeys.c' object='libxmlsec1_nss_la-pkikeys.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-pkikeys.lo `test -f 'pkikeys.c' || echo '$(srcdir)/'`pkikeys.c
+
+libxmlsec1_nss_la-signatures.lo: signatures.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-signatures.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-signatures.Tpo -c -o libxmlsec1_nss_la-signatures.lo `test -f 'signatures.c' || echo '$(srcdir)/'`signatures.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-signatures.Tpo $(DEPDIR)/libxmlsec1_nss_la-signatures.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='signatures.c' object='libxmlsec1_nss_la-signatures.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-signatures.lo `test -f 'signatures.c' || echo '$(srcdir)/'`signatures.c
+
+libxmlsec1_nss_la-symkeys.lo: symkeys.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-symkeys.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-symkeys.Tpo -c -o libxmlsec1_nss_la-symkeys.lo `test -f 'symkeys.c' || echo '$(srcdir)/'`symkeys.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-symkeys.Tpo $(DEPDIR)/libxmlsec1_nss_la-symkeys.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='symkeys.c' object='libxmlsec1_nss_la-symkeys.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-symkeys.lo `test -f 'symkeys.c' || echo '$(srcdir)/'`symkeys.c
+
+libxmlsec1_nss_la-x509.lo: x509.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-x509.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-x509.Tpo -c -o libxmlsec1_nss_la-x509.lo `test -f 'x509.c' || echo '$(srcdir)/'`x509.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-x509.Tpo $(DEPDIR)/libxmlsec1_nss_la-x509.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='x509.c' object='libxmlsec1_nss_la-x509.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-x509.lo `test -f 'x509.c' || echo '$(srcdir)/'`x509.c
+
+libxmlsec1_nss_la-x509vfy.lo: x509vfy.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-x509vfy.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-x509vfy.Tpo -c -o libxmlsec1_nss_la-x509vfy.lo `test -f 'x509vfy.c' || echo '$(srcdir)/'`x509vfy.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-x509vfy.Tpo $(DEPDIR)/libxmlsec1_nss_la-x509vfy.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='x509vfy.c' object='libxmlsec1_nss_la-x509vfy.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-x509vfy.lo `test -f 'x509vfy.c' || echo '$(srcdir)/'`x509vfy.c
+
+libxmlsec1_nss_la-keysstore.lo: keysstore.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-keysstore.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-keysstore.Tpo -c -o libxmlsec1_nss_la-keysstore.lo `test -f 'keysstore.c' || echo '$(srcdir)/'`keysstore.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-keysstore.Tpo $(DEPDIR)/libxmlsec1_nss_la-keysstore.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='keysstore.c' object='libxmlsec1_nss_la-keysstore.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-keysstore.lo `test -f 'keysstore.c' || echo '$(srcdir)/'`keysstore.c
+
+libxmlsec1_nss_la-keytrans.lo: keytrans.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-keytrans.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-keytrans.Tpo -c -o libxmlsec1_nss_la-keytrans.lo `test -f 'keytrans.c' || echo '$(srcdir)/'`keytrans.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-keytrans.Tpo $(DEPDIR)/libxmlsec1_nss_la-keytrans.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='keytrans.c' object='libxmlsec1_nss_la-keytrans.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-keytrans.lo `test -f 'keytrans.c' || echo '$(srcdir)/'`keytrans.c
+
+libxmlsec1_nss_la-kw_des.lo: kw_des.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-kw_des.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-kw_des.Tpo -c -o libxmlsec1_nss_la-kw_des.lo `test -f 'kw_des.c' || echo '$(srcdir)/'`kw_des.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-kw_des.Tpo $(DEPDIR)/libxmlsec1_nss_la-kw_des.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kw_des.c' object='libxmlsec1_nss_la-kw_des.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-kw_des.lo `test -f 'kw_des.c' || echo '$(srcdir)/'`kw_des.c
+
+libxmlsec1_nss_la-kw_aes.lo: kw_aes.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-kw_aes.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-kw_aes.Tpo -c -o libxmlsec1_nss_la-kw_aes.lo `test -f 'kw_aes.c' || echo '$(srcdir)/'`kw_aes.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-kw_aes.Tpo $(DEPDIR)/libxmlsec1_nss_la-kw_aes.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kw_aes.c' object='libxmlsec1_nss_la-kw_aes.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-kw_aes.lo `test -f 'kw_aes.c' || echo '$(srcdir)/'`kw_aes.c
+
+libxmlsec1_nss_la-strings.lo: ../strings.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-strings.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-strings.Tpo -c -o libxmlsec1_nss_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-strings.Tpo $(DEPDIR)/libxmlsec1_nss_la-strings.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='../strings.c' object='libxmlsec1_nss_la-strings.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(libdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-libLTLIBRARIES
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-libLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libLTLIBRARIES clean-libtool ctags distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am \
+ install-libLTLIBRARIES install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-libLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/nss/README b/src/nss/README
new file mode 100644
index 00000000..65a0f45e
--- /dev/null
+++ b/src/nss/README
@@ -0,0 +1,128 @@
+WHAT VERSION OF NSS?
+------------------------------------------------------------------------
+NSS 3.9 or greater and NSPR 4.4.1 or greater are required.
+
+KEYS MANAGER
+------------------------------------------------------------------------
+
+xmlsec-nss key manager uses a custom Keys Store, and a custom X509 Store.
+The custom Keys Store and the X509 Store use the NSS database as the underlying
+store for public/private keys, Certs and CRLs.
+
+The NSS Keys store uses the Simple Keys Store on top of the NSS repository.
+The reason for this is that XMLSEC's generic adoptkey/getKey functions use a
+XMLSEC key object that contains more attributes than the raw NSS key object,
+and the getkey function may use a combination of one or more of these attributes
+(name, type, usage, Id) to find a key. There is no straightforward 1-1 mapping
+between XMLSEC's adoptkey/getkey and NSS's APIs.
+
+For example, the store may be asked to adopt a symmetric key, and later asked
+to find it just by name. Or the store may be asked to adopt a private key
+just by its type, and later asked to find it just by type. The key returned
+by getKey is expected to contain all the attributes that were present at the
+time of adoptkey - NSS store does not provide a way to store app-specific
+attributes.
+
+When a key is adopted by the NSS Keys Store, it is simply saved in the
+Simple Keys Store. It is not saved into the NSS database. The only
+way to load keys into the NSS database is with a load operation through
+the XMLSEC API or via an administrator operation.
+
+When a getKey is done on the NSS Keys Store, it first checks the Simple
+Keys Store. If the key is found there, it is returned. If not, the key
+is searched in the NSS database. If found, the key is stored in the
+Simple Keys Store before it is returned.
+
+
+Thus, the various sources for keys/certs/crls for an XMLSEC-NSS application
+are:
+- elements in XML documents
+- PKCS12 and DER files
+- NSS Database
+
+
+KNOWN ISSUES
+------------------------------------------------------------------------
+1) NSS needs to provide a way to convert a DER integer string to an ASCII
+decimal string. Once NSS is fixed, the function xmlSecNssASN1IntegerWrite
+in src/nss/x509.c needs to be implemented.
+ NSS bug: http://bugzilla.mozilla.org/show_bug.cgi?id=212864
+ xmlsec bug: http://bugzilla.gnome.org/show_bug.cgi?id=118633
+
+2) RSA Encryption/Decryption using PKCS#1 v1.5 padding not currently exposed
+in NSS. This causes some tests to fail.
+
+ NSS bug: http://bugzilla.mozilla.org/show_bug.cgi?id=214236
+ xmlsec bug: http://bugzilla.gnome.org/show_bug.cgi?id=118628
+
+3) RSA-OAEP is not yet implemented in NSS. This is the only REQUIRED algorithm
+that is missing from xmlsec-nss.
+
+ NSS bug: http://bugzilla.mozilla.org/show_bug.cgi?id=158747
+ xmlsec bug: http://bugzilla.gnome.org/show_bug.cgi?id=118629
+
+4) CERT_FindCertByNameString does not work in all cases
+
+ NSS bug: http://bugzilla.mozilla.org/show_bug.cgi?id=210709
+ xmlsec bug: http://bugzilla.gnome.org/show_bug.cgi?id=118631
+
+5) CERT_FindCertBySubjectKeyID does not work in all cases
+
+ NSS bug: http://bugzilla.mozilla.org/show_bug.cgi?id=211051
+ xmlsec bug: http://bugzilla.gnome.org/show_bug.cgi?id=118632
+
+6) Finding a cert by Issuer & Serial Number needs the ability to
+convert an ASCII decimal string to a DER integer string. Filed
+an RFE against NSS. Once fixed, xmlSecNumToItem in x509vfy.c
+needs to be changed to use the new function(s) provided
+
+ NSS bug: http://bugzilla.mozilla.org/show_bug.cgi?id=212864
+ xmlsec bug: http://bugzilla.gnome.org/show_bug.cgi?id=118633
+
+7) RIPEMD160 Digest and RIPEMD160 HMAC is not supported by NSS
+
+ xmlsec bug: http://bugzilla.gnome.org/show_bug.cgi?id=118634
+
+8) AES Key wrap algorithm is implemented in NSS but not exposed due to
+some bug src/nss/kw_aes.c uses a workaround which should be removed
+when the bug is fixed
+
+ NSS bug: http://bugzilla.mozilla.org/show_bug.cgi?id=213795
+ xmlsec bug: http://bugzilla.gnome.org/show_bug.cgi?id=118635
+
+9) Not all file formats are supported
+
+- xmlSecNssAppKeyLoad(): This function loads a PKI key from a file.
+ The following formats are supported:
+ . xmlSecKeyDataFormatDer: This expects the private key to be in
+ PrivateKeyInfo format. Note that the DER files containing
+ private keys in the xmlsec test suite aren't in that format
+ . xmlsecKeyDataFormatPkcs12
+
+ The following formats are not supported:
+ . xmlSecKeyDataFormatPkcs8Pem
+ . xmlSecKeyDataFormatPkcs8Der
+
+
+- xmlSecNssAppCertLoad(): This function loads a cert from a file.
+ The following formats are supported:
+ xmlSecKeyDataFormatDer
+
+ The following formats are not supported:
+ xmlSecKeyDataFormatPem
+
+10) "Trusted" vs "Untrusted" certificates:
+The distinction between "trusted" and "untrusted" certificates in
+xmlsec-openssl is maintained because the OPENSSL application (and
+not the OPENSSL library) has to maintain a cert store and verify
+certificates. With NSS, no such distinction is necessary in the
+application.
+
+Aleksey: Not sure that I understand this point but thats what Tej wrote.
+
+11) NSS doesn't support emailAddress in the cert subject. There is a hack
+that needs to be removed in xmlSecNssX509FindCert function (x509vfy.c):
+
+https://bugzilla.mozilla.org/show_bug.cgi?id=561689
+
+12) CRLs from xml document support is not working at all.
diff --git a/src/nss/app.c b/src/nss/app.c
new file mode 100644
index 00000000..dabe36d1
--- /dev/null
+++ b/src/nss/app.c
@@ -0,0 +1,1598 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ * Copyright (c) 2003 America Online, Inc. All rights reserved.
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <nspr.h>
+#include <nss.h>
+#include <pk11func.h>
+#include <cert.h>
+#include <keyhi.h>
+#include <pkcs12.h>
+#include <p12plcy.h>
+/*
+#include <ssl.h>
+*/
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/nss/app.h>
+#include <xmlsec/nss/crypto.h>
+#include <xmlsec/nss/x509.h>
+#include <xmlsec/nss/pkikeys.h>
+#include <xmlsec/nss/keysstore.h>
+
+/* workaround - NSS exports this but doesn't declare it */
+extern CERTCertificate * __CERT_NewTempCertificate (CERTCertDBHandle *handle,
+ SECItem *derCert,
+ char *nickname,
+ PRBool isperm,
+ PRBool copyDER);
+static int xmlSecNssAppCreateSECItem (SECItem *contents,
+ const xmlSecByte* data,
+ xmlSecSize dataSize);
+static int xmlSecNssAppReadSECItem (SECItem *contents,
+ const char *fn);
+static PRBool xmlSecNssAppAscii2UCS2Conv (PRBool toUnicode,
+ unsigned char *inBuf,
+ unsigned int inBufLen,
+ unsigned char *outBuf,
+ unsigned int maxOutBufLen,
+ unsigned int *outBufLen,
+ PRBool swapBytes);
+static SECItem *xmlSecNssAppNicknameCollisionCallback (SECItem *old_nick,
+ PRBool *cancel,
+ void *wincx);
+static xmlSecKeyPtr xmlSecNssAppDerKeyLoadSECItem (SECItem* secItem);
+
+/**
+ * xmlSecNssAppInit:
+ * @config: the path to NSS database files.
+ *
+ * General crypto engine initialization. This function is used
+ * by XMLSec command line utility and called before
+ * @xmlSecInit function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecNssAppInit(const char* config) {
+ SECStatus rv;
+
+ if(config) {
+ rv = NSS_InitReadWrite(config);
+ if(rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "NSS_InitReadWrite",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "config=%s",
+ xmlSecErrorsSafeString(config));
+ return(-1);
+ }
+ } else {
+ rv = NSS_NoDB_Init(NULL);
+ if(rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "NSS_NoDB_Init",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ /* configure PKCS11 */
+ PK11_ConfigurePKCS11("manufacturesID", "libraryDescription",
+ "tokenDescription", "privateTokenDescription",
+ "slotDescription", "privateSlotDescription",
+ "fipsSlotDescription", "fipsPrivateSlotDescription",
+ 0, 0);
+
+ /* setup for PKCS12 */
+ PORT_SetUCS2_ASCIIConversionFunction(xmlSecNssAppAscii2UCS2Conv);
+ SEC_PKCS12EnableCipher(PKCS12_RC4_40, 1);
+ SEC_PKCS12EnableCipher(PKCS12_RC4_128, 1);
+ SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_40, 1);
+ SEC_PKCS12EnableCipher(PKCS12_RC2_CBC_128, 1);
+ SEC_PKCS12EnableCipher(PKCS12_DES_56, 1);
+ SEC_PKCS12EnableCipher(PKCS12_DES_EDE3_168, 1);
+ SEC_PKCS12SetPreferredCipher(PKCS12_DES_EDE3_168, 1);
+
+ return(0);
+}
+
+/**
+ * xmlSecNssAppShutdown:
+ *
+ * General crypto engine shutdown. This function is used
+ * by XMLSec command line utility and called after
+ * @xmlSecShutdown function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecNssAppShutdown(void) {
+ SECStatus rv;
+/*
+ SSL_ClearSessionCache();
+*/
+ PK11_LogoutAll();
+ rv = NSS_Shutdown();
+ if(rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "NSS_Shutdown",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+
+static int
+xmlSecNssAppCreateSECItem(SECItem *contents, const xmlSecByte* data, xmlSecSize dataSize) {
+ xmlSecAssert2(contents != NULL, -1);
+ xmlSecAssert2(data != NULL, -1);
+
+ contents->data = 0;
+ if (!SECITEM_AllocItem(NULL, contents, dataSize)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "SECITEM_AllocItem",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if(dataSize > 0) {
+ xmlSecAssert2(contents->data != NULL, -1);
+ memcpy(contents->data, data, dataSize);
+ }
+
+ return (0);
+}
+
+static int
+xmlSecNssAppReadSECItem(SECItem *contents, const char *fn) {
+ PRFileInfo info;
+ PRFileDesc *file = NULL;
+ PRInt32 numBytes;
+ PRStatus prStatus;
+ int ret = -1;
+
+ xmlSecAssert2(contents != NULL, -1);
+ xmlSecAssert2(fn != NULL, -1);
+
+ file = PR_Open(fn, PR_RDONLY, 00660);
+ if (file == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PR_Open",
+ XMLSEC_ERRORS_R_IO_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(fn));
+ goto done;
+ }
+
+ prStatus = PR_GetOpenFileInfo(file, &info);
+ if (prStatus != PR_SUCCESS) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PR_GetOpenFileInfo",
+ XMLSEC_ERRORS_R_IO_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(fn));
+ goto done;
+ }
+
+ contents->data = 0;
+ if (!SECITEM_AllocItem(NULL, contents, info.size)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "SECITEM_AllocItem",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ numBytes = PR_Read(file, contents->data, info.size);
+ if (numBytes != info.size) {
+ SECITEM_FreeItem(contents, PR_FALSE);
+ goto done;
+ }
+
+ ret = 0;
+done:
+ if (file) {
+ PR_Close(file);
+ }
+
+ return (ret);
+}
+
+static PRBool
+xmlSecNssAppAscii2UCS2Conv(PRBool toUnicode,
+ unsigned char *inBuf,
+ unsigned int inBufLen,
+ unsigned char *outBuf,
+ unsigned int maxOutBufLen,
+ unsigned int *outBufLen,
+ PRBool swapBytes ATTRIBUTE_UNUSED)
+{
+ SECItem it;
+
+ if (toUnicode == PR_FALSE) {
+ return (PR_FALSE);
+ }
+
+ memset(&it, 0, sizeof(it));
+ it.data = inBuf;
+ it.len = inBufLen;
+
+ return(PORT_UCS2_UTF8Conversion(toUnicode, it.data, it.len,
+ outBuf, maxOutBufLen, outBufLen));
+}
+
+static SECItem *
+xmlSecNssAppNicknameCollisionCallback(SECItem *old_nick ATTRIBUTE_UNUSED,
+ PRBool *cancel,
+ void *wincx ATTRIBUTE_UNUSED)
+{
+ if (cancel == NULL) {
+ return (NULL);
+ }
+
+ /* XXX not handled yet */
+ *cancel = PR_TRUE;
+ return (NULL);
+}
+
+/**
+ * xmlSecNssAppKeyLoad:
+ * @filename: the key filename.
+ * @format: the key file format.
+ * @pwd: the key file password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key from a file
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecNssAppKeyLoad(const char *filename, xmlSecKeyDataFormat format,
+ const char *pwd, void* pwdCallback, void* pwdCallbackCtx) {
+ SECItem secItem;
+ xmlSecKeyPtr res;
+ int ret;
+
+ xmlSecAssert2(filename != NULL, NULL);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
+
+ /* read the file contents */
+ memset(&secItem, 0, sizeof(secItem));
+ ret = xmlSecNssAppReadSECItem(&secItem, filename);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppReadSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ res = xmlSecNssAppKeyLoadSECItem(&secItem, format, pwd, pwdCallback, pwdCallbackCtx);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppKeyLoadSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ SECITEM_FreeItem(&secItem, PR_FALSE);
+ return(NULL);
+ }
+
+ SECITEM_FreeItem(&secItem, PR_FALSE);
+ return(res);
+}
+
+/**
+ * xmlSecNssAppKeyLoadMemory:
+ * @data: the key binary data.
+ * @dataSize: the key binary data size.
+ * @format: the key data format.
+ * @pwd: the key data2 password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key from a binary @data.
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecNssAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize, xmlSecKeyDataFormat format,
+ const char *pwd, void* pwdCallback, void* pwdCallbackCtx) {
+ SECItem secItem;
+ xmlSecKeyPtr res;
+ int ret;
+
+ xmlSecAssert2(data != NULL, NULL);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
+
+ memset(&secItem, 0, sizeof(secItem));
+ ret = xmlSecNssAppCreateSECItem(&secItem, data, dataSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppCreateSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ res = xmlSecNssAppKeyLoadSECItem(&secItem, format, pwd, pwdCallback, pwdCallbackCtx);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppKeyLoadSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ SECITEM_FreeItem(&secItem, PR_FALSE);
+ return(NULL);
+ }
+
+ SECITEM_FreeItem(&secItem, PR_FALSE);
+ return(res);
+}
+
+/**
+ * xmlSecNssAppKeyLoadSECItem:
+ * @secItem: the pointer to sec item.
+ * @format: the key format.
+ * @pwd: the key password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key from a file
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecNssAppKeyLoadSECItem(SECItem* secItem, xmlSecKeyDataFormat format,
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx) {
+ xmlSecKeyPtr key = NULL;
+
+ xmlSecAssert2(secItem != NULL, NULL);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
+
+ switch(format) {
+#ifndef XMLSEC_NO_X509
+ case xmlSecKeyDataFormatPkcs12:
+ key = xmlSecNssAppPkcs12LoadSECItem(secItem, pwd, pwdCallback, pwdCallbackCtx);
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppPkcs12LoadSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ break;
+ case xmlSecKeyDataFormatCertDer:
+ key = xmlSecNssAppKeyFromCertLoadSECItem(secItem, format);
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppKeyFromCertLoadSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ break;
+#endif /* XMLSEC_NO_X509 */
+ case xmlSecKeyDataFormatDer:
+ key = xmlSecNssAppDerKeyLoadSECItem(secItem);
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppDerKeyLoadSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ break;
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppKeyLoad",
+ XMLSEC_ERRORS_R_INVALID_FORMAT,
+ "format=%d", format);
+ return(NULL);
+ }
+
+ return(key);
+}
+
+static xmlSecKeyPtr
+xmlSecNssAppDerKeyLoadSECItem(SECItem* secItem) {
+ xmlSecKeyPtr key = NULL;
+ xmlSecKeyPtr retval = NULL;
+ xmlSecKeyDataPtr data = NULL;
+ int ret;
+ SECKEYPublicKey *pubkey = NULL;
+ SECKEYPrivateKey *privkey = NULL;
+ CERTSubjectPublicKeyInfo *spki = NULL;
+ SECItem nickname;
+ PK11SlotInfo *slot = NULL;
+ SECStatus status;
+
+ xmlSecAssert2(secItem != NULL, NULL);
+
+ /* we're importing a key about which we know nothing yet, just use the
+ * internal slot
+ */
+ slot = xmlSecNssGetInternalKeySlot();
+ if (slot == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssGetInternalKeySlot",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ nickname.len = 0;
+ nickname.data = NULL;
+
+
+ /* TRY PRIVATE KEY FIRST
+ * Note: This expects the key to be in PrivateKeyInfo format. The
+ * DER files created from PEM via openssl utilities aren't in that
+ * format
+ */
+ status = PK11_ImportDERPrivateKeyInfoAndReturnKey(slot, secItem,
+ &nickname, NULL, PR_FALSE,
+ PR_TRUE, KU_ALL, &privkey, NULL);
+ if (status != SECSuccess) {
+ /* TRY PUBLIC KEY */
+ spki = SECKEY_DecodeDERSubjectPublicKeyInfo(secItem);
+ if (spki == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "SECKEY_DecodeDERSubjectPublicKeyInfo",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ }
+
+ pubkey = SECKEY_ExtractPublicKey(spki);
+ if (pubkey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "SECKEY_ExtractPublicKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ }
+
+ data = xmlSecNssPKIAdoptKey(privkey, pubkey);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssPKIAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ privkey = NULL;
+ pubkey = NULL;
+
+ key = xmlSecKeyCreate();
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ ret = xmlSecKeySetValue(key, data);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
+ goto done;
+ }
+ retval = key;
+ key = NULL;
+ data = NULL;
+
+
+done:
+ if(slot != NULL) {
+ PK11_FreeSlot(slot);
+ }
+ if(privkey != NULL) {
+ SECKEY_DestroyPrivateKey(privkey);
+ }
+ if(pubkey != NULL) {
+ SECKEY_DestroyPublicKey(pubkey);
+ }
+ if(key != NULL) {
+ xmlSecKeyDestroy(key);
+ }
+ if(data != NULL) {
+ xmlSecKeyDataDestroy(data);
+ }
+ if(spki != NULL) {
+ SECKEY_DestroySubjectPublicKeyInfo(spki);
+ }
+ return (retval);
+}
+
+#ifndef XMLSEC_NO_X509
+/**
+ * xmlSecNssAppKeyCertLoad:
+ * @key: the pointer to key.
+ * @filename: the certificate filename.
+ * @format: the certificate file format.
+ *
+ * Reads the certificate from $@filename and adds it to key
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecNssAppKeyCertLoad(xmlSecKeyPtr key, const char* filename, xmlSecKeyDataFormat format) {
+ SECItem secItem;
+ int ret;
+
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(filename != NULL, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ /* read the file contents */
+ memset(&secItem, 0, sizeof(secItem));
+ ret = xmlSecNssAppReadSECItem(&secItem, filename);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppReadSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecNssAppKeyCertLoadSECItem(key, &secItem, format);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppKeyCertLoadSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ SECITEM_FreeItem(&secItem, PR_FALSE);
+ return(-1);
+ }
+
+ SECITEM_FreeItem(&secItem, PR_FALSE);
+ return(0);
+}
+
+/**
+ * xmlSecNssAppKeyCertLoadMemory:
+ * @key: the pointer to key.
+ * @data: the key binary data.
+ * @dataSize: the key binary data size.
+ * @format: the certificate format.
+ *
+ * Reads the certificate from @data and adds it to key
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecNssAppKeyCertLoadMemory(xmlSecKeyPtr key, const xmlSecByte* data, xmlSecSize dataSize, xmlSecKeyDataFormat format) {
+ SECItem secItem;
+ int ret;
+
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ /* read the file contents */
+ memset(&secItem, 0, sizeof(secItem));
+ ret = xmlSecNssAppCreateSECItem(&secItem, data, dataSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppCreateSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecNssAppKeyCertLoadSECItem(key, &secItem, format);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppKeyCertLoadSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ SECITEM_FreeItem(&secItem, PR_FALSE);
+ return(-1);
+ }
+
+ SECITEM_FreeItem(&secItem, PR_FALSE);
+ return(0);
+}
+
+/**
+ * xmlSecNssAppKeyCertLoadSECItem:
+ * @key: the pointer to key.
+ * @secItem: the pointer to SECItem.
+ * @format: the certificate format.
+ *
+ * Reads the certificate from @secItem and adds it to key
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecNssAppKeyCertLoadSECItem(xmlSecKeyPtr key, SECItem* secItem, xmlSecKeyDataFormat format) {
+ CERTCertificate *cert=NULL;
+ xmlSecKeyDataPtr data;
+ int ret;
+
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(secItem != NULL, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ data = xmlSecKeyEnsureData(key, xmlSecNssKeyDataX509Id);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyEnsureData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id)));
+ return(-1);
+ }
+
+ switch(format) {
+ case xmlSecKeyDataFormatPkcs8Der:
+ case xmlSecKeyDataFormatDer:
+ cert = __CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
+ secItem, NULL, PR_FALSE, PR_TRUE);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "__CERT_NewTempCertificate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "format=%d", format);
+ return(-1);
+ }
+ break;
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_FORMAT,
+ "format=%d", format);
+ return(-1);
+ }
+
+ xmlSecAssert2(cert != NULL, -1);
+ ret = xmlSecNssKeyDataX509AdoptCert(data, cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
+ CERT_DestroyCertificate(cert);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecNssAppPkcs12Load:
+ * @filename: the PKCS12 key filename.
+ * @pwd: the PKCS12 file password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key and all associated certificates from the PKCS12 file.
+ * For uniformity, call xmlSecNssAppKeyLoad instead of this function. Pass
+ * in format=xmlSecKeyDataFormatPkcs12.
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecNssAppPkcs12Load(const char *filename, const char *pwd,
+ void *pwdCallback ATTRIBUTE_UNUSED,
+ void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
+ SECItem secItem;
+ xmlSecKeyPtr res;
+ int ret;
+
+ xmlSecAssert2(filename != NULL, NULL);
+
+ /* read the file contents */
+ memset(&secItem, 0, sizeof(secItem));
+ ret = xmlSecNssAppReadSECItem(&secItem, filename);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppReadSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ res = xmlSecNssAppPkcs12LoadSECItem(&secItem, pwd, pwdCallback, pwdCallbackCtx);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppPkcs12LoadSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ SECITEM_FreeItem(&secItem, PR_FALSE);
+ return(NULL);
+ }
+
+ SECITEM_FreeItem(&secItem, PR_FALSE);
+ return(res);
+}
+
+/**
+ * xmlSecNssAppPkcs12LoadMemory:
+ * @data: the key binary data.
+ * @dataSize: the key binary data size.
+ * @pwd: the PKCS12 password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key and all associated certificates from the PKCS12 binary data.
+ * For uniformity, call xmlSecNssAppKeyLoad instead of this function. Pass
+ * in format=xmlSecKeyDataFormatPkcs12.
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecNssAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize, const char *pwd,
+ void *pwdCallback ATTRIBUTE_UNUSED,
+ void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
+ SECItem secItem;
+ xmlSecKeyPtr res;
+ int ret;
+
+ xmlSecAssert2(data != NULL, NULL);
+
+ memset(&secItem, 0, sizeof(secItem));
+ ret = xmlSecNssAppCreateSECItem(&secItem, data, dataSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppCreateSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ res = xmlSecNssAppPkcs12LoadSECItem(&secItem, pwd, pwdCallback, pwdCallbackCtx);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppPkcs12LoadSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ SECITEM_FreeItem(&secItem, PR_FALSE);
+ return(NULL);
+ }
+
+ SECITEM_FreeItem(&secItem, PR_FALSE);
+ return(res);
+}
+
+
+/**
+ * xmlSecNssAppPkcs12LoadSECItem:
+ * @secItem: the @SECItem object.
+ * @pwd: the PKCS12 file password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key and all associated certificates from the PKCS12 SECItem.
+ * For uniformity, call xmlSecNssAppKeyLoad instead of this function. Pass
+ * in format=xmlSecKeyDataFormatPkcs12.
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecNssAppPkcs12LoadSECItem(SECItem* secItem, const char *pwd,
+ void *pwdCallback ATTRIBUTE_UNUSED,
+ void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
+ xmlSecKeyPtr key = NULL;
+ xmlSecKeyDataPtr data = NULL;
+ xmlSecKeyDataPtr x509Data = NULL;
+ int ret;
+ PK11SlotInfo *slot = NULL;
+ SECItem pwditem;
+ SECItem uc2_pwditem;
+ SECStatus rv;
+ SECKEYPrivateKey *privkey = NULL;
+ SECKEYPublicKey *pubkey = NULL;
+ CERTCertList *certlist = NULL;
+ CERTCertListNode *head = NULL;
+ CERTCertificate *cert = NULL;
+ CERTCertificate *tmpcert = NULL;
+ SEC_PKCS12DecoderContext *p12ctx = NULL;
+
+
+ xmlSecAssert2((secItem != NULL), NULL);
+
+ if (pwd == NULL) {
+ pwd = "";
+ }
+ memset(&uc2_pwditem, 0, sizeof(uc2_pwditem));
+
+ /* we're importing a key about which we know nothing yet, just use the
+ * internal slot. We have no criteria to choose a slot.
+ */
+ slot = xmlSecNssGetInternalKeySlot();
+ if (slot == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssGetInternalKeySlot",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ pwditem.data = (unsigned char *)pwd;
+ pwditem.len = strlen(pwd)+1;
+ if (!SECITEM_AllocItem(NULL, &uc2_pwditem, 2*pwditem.len)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "SECITEM_AllocItem",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ if (PORT_UCS2_ASCIIConversion(PR_TRUE, pwditem.data, pwditem.len,
+ uc2_pwditem.data, 2*pwditem.len,
+ &(uc2_pwditem.len), 0) == PR_FALSE) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PORT_UCS2_ASCIIConversion",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ p12ctx = SEC_PKCS12DecoderStart(&uc2_pwditem, slot, NULL,
+ NULL, NULL, NULL, NULL, NULL);
+ if (p12ctx == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "SEC_PKCS12DecoderStart",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ rv = SEC_PKCS12DecoderUpdate(p12ctx, secItem->data, secItem->len);
+ if (rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "SEC_PKCS12DecoderUpdate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ rv = SEC_PKCS12DecoderVerify(p12ctx);
+ if (rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "SEC_PKCS12DecoderVerify",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ rv = SEC_PKCS12DecoderValidateBags(p12ctx, xmlSecNssAppNicknameCollisionCallback);
+ if (rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "SEC_PKCS12DecoderValidateBags",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ rv = SEC_PKCS12DecoderImportBags(p12ctx);
+ if (rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "SEC_PKCS12DecoderImportBags",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ certlist = SEC_PKCS12DecoderGetCerts(p12ctx);
+ if (certlist == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "SEC_PKCS12DecoderGetCerts",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id);
+ if(x509Data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id)));
+ goto done;
+ }
+
+ for (head = CERT_LIST_HEAD(certlist);
+ !CERT_LIST_END(head, certlist);
+ head = CERT_LIST_NEXT(head)) {
+ cert = head->cert;
+ privkey = PK11_FindKeyByAnyCert(cert, NULL);
+
+ if (privkey != NULL) {
+ if (data != NULL) {
+ /* we already found a private key.
+ * assume the first private key we find is THE ONE
+ */
+ SECKEY_DestroyPrivateKey(privkey);
+ privkey = NULL;
+ } else {
+ pubkey = CERT_ExtractPublicKey(cert);
+ if (pubkey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CERT_ExtractPublicKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ data = xmlSecNssPKIAdoptKey(privkey, pubkey);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssPKIAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ pubkey = NULL;
+ privkey = NULL;
+
+ tmpcert = CERT_DupCertificate(cert);
+ if(tmpcert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CERT_DupCertificate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+
+ ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, tmpcert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKeyDataX509AdoptKeyCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ CERT_DestroyCertificate(tmpcert);
+ goto done;
+ }
+
+ }
+ }
+
+ tmpcert = CERT_DupCertificate(cert);
+ if(tmpcert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CERT_DupCertificate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+ ret = xmlSecNssKeyDataX509AdoptCert(x509Data, tmpcert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ CERT_DestroyCertificate(tmpcert);
+ goto done;
+ }
+
+ } /* end for loop */
+
+ if (data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppPkcs12Load",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "private key not found in PKCS12 file");
+ goto done;
+ }
+
+ key = xmlSecKeyCreate();
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ ret = xmlSecKeySetValue(key, data);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ xmlSecKeyDestroy(key);
+ key = NULL;
+ goto done;
+ }
+ data = NULL;
+
+ ret = xmlSecKeyAdoptData(key, x509Data);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyAdoptData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ xmlSecKeyDestroy(key);
+ key = NULL;
+ goto done;
+ }
+ x509Data = NULL;
+
+done:
+ if (p12ctx) {
+ SEC_PKCS12DecoderFinish(p12ctx);
+ }
+ SECITEM_FreeItem(&uc2_pwditem, PR_FALSE);
+ if (slot) {
+ PK11_FreeSlot(slot);
+ }
+ if (certlist) {
+ CERT_DestroyCertList(certlist);
+ }
+ if(x509Data != NULL) {
+ xmlSecKeyDataDestroy(x509Data);
+ }
+ if(data != NULL) {
+ xmlSecKeyDataDestroy(data);
+ }
+ if (privkey) {
+ SECKEY_DestroyPrivateKey(privkey);
+ }
+ if (pubkey) {
+ SECKEY_DestroyPublicKey(pubkey);
+ }
+
+ return(key);
+}
+
+/**
+ * xmlSecNssAppKeyFromCertLoadSECItem:
+ * @secItem: the @SECItem object.
+ * @format: the cert format.
+ *
+ * Loads public key from cert.
+ *
+ * Returns: pointer to key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecNssAppKeyFromCertLoadSECItem(SECItem* secItem, xmlSecKeyDataFormat format) {
+ xmlSecKeyPtr key;
+ xmlSecKeyDataPtr keyData;
+ xmlSecKeyDataPtr certData;
+ CERTCertificate *cert=NULL;
+ int ret;
+
+ xmlSecAssert2(secItem != NULL, NULL);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
+
+ /* load cert */
+ switch(format) {
+ case xmlSecKeyDataFormatCertDer:
+ cert = __CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
+ secItem, NULL, PR_FALSE, PR_TRUE);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "__CERT_NewTempCertificate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "format=%d", format);
+ return(NULL);
+ }
+ break;
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_FORMAT,
+ "format=%d", format);
+ return(NULL);
+ }
+
+ /* get key value */
+ keyData = xmlSecNssX509CertGetKey(cert);
+ if(keyData == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssX509CertGetKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CERT_DestroyCertificate(cert);
+ return(NULL);
+ }
+
+ /* create key */
+ key = xmlSecKeyCreate();
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(keyData);
+ CERT_DestroyCertificate(cert);
+ return(NULL);
+ }
+
+ /* set key value */
+ ret = xmlSecKeySetValue(key, keyData);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(key);
+ xmlSecKeyDataDestroy(keyData);
+ CERT_DestroyCertificate(cert);
+ return(NULL);
+ }
+
+ /* create cert data */
+ certData = xmlSecKeyEnsureData(key, xmlSecNssKeyDataX509Id);
+ if(certData == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyEnsureData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(key);
+ CERT_DestroyCertificate(cert);
+ return(NULL);
+ }
+
+ /* put cert in the cert data */
+ ret = xmlSecNssKeyDataX509AdoptCert(certData, cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(key);
+ CERT_DestroyCertificate(cert);
+ return(NULL);
+ }
+
+ return(key);
+}
+
+
+/**
+ * xmlSecNssAppKeysMngrCertLoad:
+ * @mngr: the pointer to keys manager.
+ * @filename: the certificate file.
+ * @format: the certificate file format (PEM or DER).
+ * @type: the certificate type (trusted/untrusted).
+ *
+ * Reads cert from @filename and adds to the list of trusted or known
+ * untrusted certs in @store
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecNssAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type) {
+ SECItem secItem;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(filename != NULL, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ /* read the file contents */
+ memset(&secItem, 0, sizeof(secItem));
+ ret = xmlSecNssAppReadSECItem(&secItem, filename);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppReadSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecNssAppKeysMngrCertLoadSECItem(mngr, &secItem, format, type);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppKeysMngrCertLoadSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ SECITEM_FreeItem(&secItem, PR_FALSE);
+ return(-1);
+ }
+
+ SECITEM_FreeItem(&secItem, PR_FALSE);
+ return(0);
+}
+
+/**
+ * xmlSecNssAppKeysMngrCertLoadMemory:
+ * @mngr: the pointer to keys manager.
+ * @data: the key binary data.
+ * @dataSize: the key binary data size.
+ * @format: the certificate format (PEM or DER).
+ * @type: the certificate type (trusted/untrusted).
+ *
+ * Reads cert from @data and adds to the list of trusted or known
+ * untrusted certs in @store
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecNssAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr, const xmlSecByte* data,
+ xmlSecSize dataSize, xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type) {
+ SECItem secItem;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ memset(&secItem, 0, sizeof(secItem));
+ ret = xmlSecNssAppCreateSECItem(&secItem, data, dataSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppCreateSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecNssAppKeysMngrCertLoadSECItem(mngr, &secItem, format, type);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAppKeysMngrCertLoadSECItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ SECITEM_FreeItem(&secItem, PR_FALSE);
+ return(-1);
+ }
+
+ SECITEM_FreeItem(&secItem, PR_FALSE);
+ return(0);
+}
+
+/**
+ * xmlSecNssAppKeysMngrCertLoadSECItem:
+ * @mngr: the pointer to keys manager.
+ * @secItem: the pointer to SECItem.
+ * @format: the certificate format (PEM or DER).
+ * @type: the certificate type (trusted/untrusted).
+ *
+ * Reads cert from @secItem and adds to the list of trusted or known
+ * untrusted certs in @store
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecNssAppKeysMngrCertLoadSECItem(xmlSecKeysMngrPtr mngr, SECItem* secItem,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type) {
+ xmlSecKeyDataStorePtr x509Store;
+ CERTCertificate* cert;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(secItem != NULL, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecNssX509StoreId);
+ if(x509Store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecNssX509StoreId");
+ return(-1);
+ }
+
+ switch(format) {
+ case xmlSecKeyDataFormatDer:
+ cert = __CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
+ secItem, NULL, PR_FALSE, PR_TRUE);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "__CERT_NewTempCertificate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "format=%d", format);
+ return(-1);
+ }
+ break;
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_FORMAT,
+ "format=%d", format);
+ return(-1);
+ }
+
+ ret = xmlSecNssX509StoreAdoptCert(x509Store, cert, type);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssX509StoreAdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CERT_DestroyCertificate(cert);
+ return(-1);
+ }
+
+ return(0);
+}
+
+#endif /* XMLSEC_NO_X509 */
+
+/**
+ * xmlSecNssAppDefaultKeysMngrInit:
+ * @mngr: the pointer to keys manager.
+ *
+ * Initializes @mngr with NSS keys store #xmlSecNssKeysStoreId
+ * and a default NSS crypto key data stores.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecNssAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) {
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+
+ /* create NSS keys store if needed */
+ if(xmlSecKeysMngrGetKeysStore(mngr) == NULL) {
+ xmlSecKeyStorePtr keysStore;
+
+ keysStore = xmlSecKeyStoreCreate(xmlSecNssKeysStoreId);
+ if(keysStore == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyStoreCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecNssKeysStoreId");
+ return(-1);
+ }
+
+ ret = xmlSecKeysMngrAdoptKeysStore(mngr, keysStore);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrAdoptKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyStoreDestroy(keysStore);
+ return(-1);
+ }
+ }
+
+ ret = xmlSecNssKeysMngrInit(mngr);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKeysMngrInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ mngr->getKey = xmlSecKeysMngrGetKey;
+ return(0);
+}
+
+/**
+ * xmlSecNssAppDefaultKeysMngrAdoptKey:
+ * @mngr: the pointer to keys manager.
+ * @key: the pointer to key.
+ *
+ * Adds @key to the keys manager @mngr created with #xmlSecNssAppDefaultKeysMngrInit
+ * function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecNssAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr, xmlSecKeyPtr key) {
+ xmlSecKeyStorePtr store;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ store = xmlSecKeysMngrGetKeysStore(mngr);
+ if(store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecNssKeysStoreAdoptKey(store, key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKeysStoreAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecNssAppDefaultKeysMngrLoad:
+ * @mngr: the pointer to keys manager.
+ * @uri: the uri.
+ *
+ * Loads XML keys file from @uri to the keys manager @mngr created
+ * with #xmlSecNssAppDefaultKeysMngrInit function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecNssAppDefaultKeysMngrLoad(xmlSecKeysMngrPtr mngr, const char* uri) {
+ xmlSecKeyStorePtr store;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(uri != NULL, -1);
+
+ store = xmlSecKeysMngrGetKeysStore(mngr);
+ if(store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecNssKeysStoreLoad(store, uri, mngr);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKeysStoreLoad",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "uri=%s", xmlSecErrorsSafeString(uri));
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecNssAppDefaultKeysMngrSave:
+ * @mngr: the pointer to keys manager.
+ * @filename: the destination filename.
+ * @type: the type of keys to save (public/private/symmetric).
+ *
+ * Saves keys from @mngr to XML keys file.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecNssAppDefaultKeysMngrSave(xmlSecKeysMngrPtr mngr, const char* filename, xmlSecKeyDataType type) {
+ xmlSecKeyStorePtr store;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(filename != NULL, -1);
+
+ store = xmlSecKeysMngrGetKeysStore(mngr);
+ if(store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecNssKeysStoreSave(store, filename, type);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKeysStoreSave",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename%s", xmlSecErrorsSafeString(filename));
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecNssAppGetDefaultPwdCallback:
+ *
+ * Gets default password callback.
+ *
+ * Returns: default password callback.
+ */
+void*
+xmlSecNssAppGetDefaultPwdCallback(void) {
+ return(NULL);
+}
+
diff --git a/src/nss/bignum.c b/src/nss/bignum.c
new file mode 100644
index 00000000..261155e6
--- /dev/null
+++ b/src/nss/bignum.c
@@ -0,0 +1,163 @@
+/**
+ * XMLSec library
+ *
+ * Reading/writing bignum values
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for precise wording.
+ *
+ * Copyright (c) 2003 America Online, Inc. All rights reserved.
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <nss.h>
+#include <secitem.h>
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/buffer.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/nss/crypto.h>
+#include <xmlsec/nss/bignum.h>
+
+/**
+ * xmlSecNssNodeGetBigNumValue:
+ * @arena: the arena from which to allocate memory
+ * @cur: the poitner to an XML node.
+ * @a: a SECItem object to hold the BigNum value
+ *
+ * Converts the node content from CryptoBinary format
+ * (http://www.w3.org/TR/xmldsig-core/#sec-CryptoBinary)
+ * to a SECItem. If no SECItem object provided then a new
+ * one is created (caller is responsible for freeing it).
+ *
+ * Returns: a pointer to SECItem produced from CryptoBinary string
+ * or NULL if an error occurs.
+ */
+SECItem *
+xmlSecNssNodeGetBigNumValue(PRArenaPool *arena, const xmlNodePtr cur,
+ SECItem *a) {
+ xmlSecBuffer buf;
+ int ret;
+ SECItem *rv;
+ int len;
+
+ xmlSecAssert2(arena != NULL, NULL);
+ xmlSecAssert2(cur != NULL, NULL);
+
+ ret = xmlSecBufferInitialize(&buf, 128);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ ret = xmlSecBufferBase64NodeContentRead(&buf, cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferBase64NodeContentRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buf);
+ return(NULL);
+ }
+
+ len = xmlSecBufferGetSize(&buf);
+
+ if (a == NULL) {
+ rv = SECITEM_AllocItem(arena, NULL, len);
+ } else {
+ rv = a;
+ xmlSecAssert2(rv->data == NULL, NULL);
+ rv->len = len;
+ rv->data = PORT_ArenaZAlloc(arena, len);
+ }
+
+ PORT_Memcpy(rv->data, xmlSecBufferGetData(&buf), len);
+
+ xmlSecBufferFinalize(&buf);
+ return(rv);
+}
+
+/**
+ * xmlSecNssNodeSetBigNumValue:
+ * @cur: the pointer to an XML node.
+ * @a: a SECItem containing the BigNum value.
+ * @addLineBreaks: if the flag is equal to 1 then
+ * linebreaks will be added before and after
+ * new buffer content.
+ *
+ * Converts SECItem to CryptoBinary string
+ * (http://www.w3.org/TR/xmldsig-core/#sec-CryptoBinary)
+ * and sets it as the content of the given node. If the
+ * addLineBreaks is set then line breaks are added
+ * before and after the CryptoBinary string.
+ *
+ * Returns: 0 on success or -1 otherwise.
+ */
+int
+xmlSecNssNodeSetBigNumValue(xmlNodePtr cur, const SECItem *a, int addLineBreaks) {
+ xmlSecBuffer buf;
+ int ret;
+
+ xmlSecAssert2(a != NULL, -1);
+ xmlSecAssert2(cur != NULL, -1);
+
+ ret = xmlSecBufferInitialize(&buf, a->len + 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", a->len + 1);
+ return(-1);
+ }
+
+ PORT_Memcpy(xmlSecBufferGetData(&buf), a->data, a->len);
+
+ ret = xmlSecBufferSetSize(&buf, a->len);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", a->len);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+
+ if(addLineBreaks) {
+ xmlNodeSetContent(cur, xmlSecStringCR);
+ } else {
+ xmlNodeSetContent(cur, xmlSecStringEmpty);
+ }
+
+ ret = xmlSecBufferBase64NodeContentWrite(&buf, cur, xmlSecBase64GetDefaultLineSize());
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferBase64NodeContentWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+
+ if(addLineBreaks) {
+ xmlNodeAddContent(cur, xmlSecStringCR);
+ }
+
+ xmlSecBufferFinalize(&buf);
+ return(0);
+}
+
diff --git a/src/nss/ciphers.c b/src/nss/ciphers.c
new file mode 100644
index 00000000..54bd2af2
--- /dev/null
+++ b/src/nss/ciphers.c
@@ -0,0 +1,838 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ * Copyright (c) 2003 America Online, Inc. All rights reserved.
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <nspr.h>
+#include <nss.h>
+#include <secoid.h>
+#include <pk11func.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/nss/crypto.h>
+
+#define XMLSEC_NSS_MAX_KEY_SIZE 32
+#define XMLSEC_NSS_MAX_IV_SIZE 32
+#define XMLSEC_NSS_MAX_BLOCK_SIZE 32
+
+/**************************************************************************
+ *
+ * Internal Nss Block cipher CTX
+ *
+ *****************************************************************************/
+typedef struct _xmlSecNssBlockCipherCtx xmlSecNssBlockCipherCtx,
+ *xmlSecNssBlockCipherCtxPtr;
+struct _xmlSecNssBlockCipherCtx {
+ CK_MECHANISM_TYPE cipher;
+ PK11Context* cipherCtx;
+ xmlSecKeyDataId keyId;
+ int keyInitialized;
+ int ctxInitialized;
+ xmlSecByte key[XMLSEC_NSS_MAX_KEY_SIZE];
+ xmlSecSize keySize;
+ xmlSecByte iv[XMLSEC_NSS_MAX_IV_SIZE];
+ xmlSecSize ivSize;
+};
+static int xmlSecNssBlockCipherCtxInit (xmlSecNssBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecNssBlockCipherCtxUpdate (xmlSecNssBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecNssBlockCipherCtxFinal (xmlSecNssBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx);
+static int
+xmlSecNssBlockCipherCtxInit(xmlSecNssBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in, xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx) {
+ SECItem keyItem;
+ SECItem ivItem;
+ PK11SlotInfo* slot;
+ PK11SymKey* symKey;
+ int ivLen;
+ SECStatus rv;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->cipher != 0, -1);
+ xmlSecAssert2(ctx->cipherCtx == NULL, -1);
+ xmlSecAssert2(ctx->keyInitialized != 0, -1);
+ xmlSecAssert2(ctx->ctxInitialized == 0, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ivLen = PK11_GetIVLength(ctx->cipher);
+ xmlSecAssert2(ivLen > 0, -1);
+ xmlSecAssert2((xmlSecSize)ivLen <= sizeof(ctx->iv), -1);
+
+ if(encrypt) {
+ /* generate random iv */
+ rv = PK11_GenerateRandom(ctx->iv, ivLen);
+ if(rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "PK11_GenerateRandom",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", ivLen);
+ return(-1);
+ }
+
+ /* write iv to the output */
+ ret = xmlSecBufferAppend(out, ctx->iv, ivLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", ivLen);
+ return(-1);
+ }
+
+ } else {
+ /* if we don't have enough data, exit and hope that
+ * we'll have iv next time */
+ if(xmlSecBufferGetSize(in) < (xmlSecSize)ivLen) {
+ return(0);
+ }
+
+ /* copy iv to our buffer*/
+ xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1);
+ memcpy(ctx->iv, xmlSecBufferGetData(in), ivLen);
+
+ /* and remove from input */
+ ret = xmlSecBufferRemoveHead(in, ivLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", ivLen);
+ return(-1);
+ }
+ }
+
+ memset(&keyItem, 0, sizeof(keyItem));
+ keyItem.data = ctx->key;
+ keyItem.len = ctx->keySize;
+ memset(&ivItem, 0, sizeof(ivItem));
+ ivItem.data = ctx->iv;
+ ivItem.len = ctx->ivSize;
+
+ slot = PK11_GetBestSlot(ctx->cipher, NULL);
+ if(slot == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "PK11_GetBestSlot",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginDerive,
+ CKA_SIGN, &keyItem, NULL);
+ if(symKey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "PK11_ImportSymKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ PK11_FreeSlot(slot);
+ return(-1);
+ }
+
+ ctx->cipherCtx = PK11_CreateContextBySymKey(ctx->cipher,
+ (encrypt) ? CKA_ENCRYPT : CKA_DECRYPT,
+ symKey, &ivItem);
+ if(ctx->cipherCtx == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "PK11_CreateContextBySymKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ PK11_FreeSymKey(symKey);
+ PK11_FreeSlot(slot);
+ return(-1);
+ }
+
+ ctx->ctxInitialized = 1;
+ PK11_FreeSymKey(symKey);
+ PK11_FreeSlot(slot);
+ return(0);
+}
+
+static int
+xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in, xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecSize inSize, inBlocks, outSize;
+ int blockLen;
+ int outLen = 0;
+ xmlSecByte* outBuf;
+ SECStatus rv;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->cipher != 0, -1);
+ xmlSecAssert2(ctx->cipherCtx != NULL, -1);
+ xmlSecAssert2(ctx->ctxInitialized != 0, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ blockLen = PK11_GetBlockSize(ctx->cipher, NULL);
+ xmlSecAssert2(blockLen > 0, -1);
+
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+
+ if(inSize < (xmlSecSize)blockLen) {
+ return(0);
+ }
+
+ if(encrypt) {
+ inBlocks = inSize / ((xmlSecSize)blockLen);
+ } else {
+ /* we want to have the last block in the input buffer
+ * for padding check */
+ inBlocks = (inSize - 1) / ((xmlSecSize)blockLen);
+ }
+ inSize = inBlocks * ((xmlSecSize)blockLen);
+
+ /* we write out the input size plus may be one block */
+ ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + inSize + blockLen);
+ return(-1);
+ }
+ outBuf = xmlSecBufferGetData(out) + outSize;
+
+ rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, inSize + blockLen,
+ xmlSecBufferGetData(in), inSize);
+ if(rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "PK11_CipherOp",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ xmlSecAssert2((xmlSecSize)outLen == inSize, -1);
+
+ /* set correct output buffer size */
+ ret = xmlSecBufferSetSize(out, outSize + outLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + outLen);
+ return(-1);
+ }
+
+ /* remove the processed block from input */
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ return(0);
+}
+
+static int
+xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecSize inSize, outSize;
+ int blockLen, outLen = 0;
+ xmlSecByte* inBuf;
+ xmlSecByte* outBuf;
+ SECStatus rv;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->cipher != 0, -1);
+ xmlSecAssert2(ctx->cipherCtx != NULL, -1);
+ xmlSecAssert2(ctx->ctxInitialized != 0, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ blockLen = PK11_GetBlockSize(ctx->cipher, NULL);
+ xmlSecAssert2(blockLen > 0, -1);
+
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+
+ if(encrypt != 0) {
+ xmlSecAssert2(inSize < (xmlSecSize)blockLen, -1);
+
+ /* create padding */
+ ret = xmlSecBufferSetMaxSize(in, blockLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", blockLen);
+ return(-1);
+ }
+ inBuf = xmlSecBufferGetData(in);
+
+ /* generate random padding */
+ if((xmlSecSize)blockLen > (inSize + 1)) {
+ rv = PK11_GenerateRandom(inBuf + inSize, blockLen - inSize - 1);
+ if(rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "PK11_GenerateRandom",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", blockLen - inSize - 1);
+ return(-1);
+ }
+ }
+ inBuf[blockLen - 1] = blockLen - inSize;
+ inSize = blockLen;
+ } else {
+ if(inSize != (xmlSecSize)blockLen) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "data=%d;block=%d", inSize, blockLen);
+ return(-1);
+ }
+ }
+
+ /* process last block */
+ ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + 2 * blockLen);
+ return(-1);
+ }
+ outBuf = xmlSecBufferGetData(out) + outSize;
+
+ rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, 2 * blockLen,
+ xmlSecBufferGetData(in), inSize);
+ if(rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "PK11_CipherOp",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ xmlSecAssert2((xmlSecSize)outLen == inSize, -1);
+
+ if(encrypt == 0) {
+ /* check padding */
+ if(outLen < outBuf[blockLen - 1]) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "padding=%d;buffer=%d",
+ outBuf[blockLen - 1], outLen);
+ return(-1);
+ }
+ outLen -= outBuf[blockLen - 1];
+ }
+
+ /* set correct output buffer size */
+ ret = xmlSecBufferSetSize(out, outSize + outLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + outLen);
+ return(-1);
+ }
+
+ /* remove the processed block from input */
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+ return(0);
+}
+
+
+/******************************************************************************
+ *
+ * EVP Block Cipher transforms
+ *
+ * xmlSecNssBlockCipherCtx block is located after xmlSecTransform structure
+ *
+ *****************************************************************************/
+#define xmlSecNssBlockCipherSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecNssBlockCipherCtx))
+#define xmlSecNssBlockCipherGetCtx(transform) \
+ ((xmlSecNssBlockCipherCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecNssBlockCipherInitialize (xmlSecTransformPtr transform);
+static void xmlSecNssBlockCipherFinalize (xmlSecTransformPtr transform);
+static int xmlSecNssBlockCipherSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecNssBlockCipherSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecNssBlockCipherExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecNssBlockCipherCheckId (xmlSecTransformPtr transform);
+
+
+
+static int
+xmlSecNssBlockCipherCheckId(xmlSecTransformPtr transform) {
+#ifndef XMLSEC_NO_DES
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformDes3CbcId)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_AES
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformAes128CbcId) ||
+ xmlSecTransformCheckId(transform, xmlSecNssTransformAes192CbcId) ||
+ xmlSecTransformCheckId(transform, xmlSecNssTransformAes256CbcId)) {
+
+ return(1);
+ }
+#endif /* XMLSEC_NO_AES */
+
+ return(0);
+}
+
+static int
+xmlSecNssBlockCipherInitialize(xmlSecTransformPtr transform) {
+ xmlSecNssBlockCipherCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
+
+ ctx = xmlSecNssBlockCipherGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx));
+
+#ifndef XMLSEC_NO_DES
+ if(transform->id == xmlSecNssTransformDes3CbcId) {
+ ctx->cipher = CKM_DES3_CBC;
+ ctx->keyId = xmlSecNssKeyDataDesId;
+ ctx->keySize = 24;
+ } else
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_AES
+ if(transform->id == xmlSecNssTransformAes128CbcId) {
+ ctx->cipher = CKM_AES_CBC;
+ ctx->keyId = xmlSecNssKeyDataAesId;
+ ctx->keySize = 16;
+ } else if(transform->id == xmlSecNssTransformAes192CbcId) {
+ ctx->cipher = CKM_AES_CBC;
+ ctx->keyId = xmlSecNssKeyDataAesId;
+ ctx->keySize = 24;
+ } else if(transform->id == xmlSecNssTransformAes256CbcId) {
+ ctx->cipher = CKM_AES_CBC;
+ ctx->keyId = xmlSecNssKeyDataAesId;
+ ctx->keySize = 32;
+ } else
+#endif /* XMLSEC_NO_AES */
+
+ if(1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static void
+xmlSecNssBlockCipherFinalize(xmlSecTransformPtr transform) {
+ xmlSecNssBlockCipherCtxPtr ctx;
+
+ xmlSecAssert(xmlSecNssBlockCipherCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize));
+
+ ctx = xmlSecNssBlockCipherGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ if(ctx->cipherCtx != NULL) {
+ PK11_DestroyContext(ctx->cipherCtx, PR_TRUE);
+ }
+
+ memset(ctx, 0, sizeof(xmlSecNssBlockCipherCtx));
+}
+
+static int
+xmlSecNssBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecNssBlockCipherCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ ctx = xmlSecNssBlockCipherGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->keyId != NULL, -1);
+
+ keyReq->keyId = ctx->keyId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+ } else {
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+ }
+ keyReq->keyBitsSize = 8 * ctx->keySize;
+ return(0);
+}
+
+static int
+xmlSecNssBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecNssBlockCipherCtxPtr ctx;
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ ctx = xmlSecNssBlockCipherGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->cipher != 0, -1);
+ xmlSecAssert2(ctx->keyInitialized == 0, -1);
+ xmlSecAssert2(ctx->keyId != NULL, -1);
+ xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1);
+
+ xmlSecAssert2(ctx->keySize > 0, -1);
+ xmlSecAssert2(ctx->keySize <= sizeof(ctx->key), -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
+ xmlSecAssert2(buffer != NULL, -1);
+
+ if(xmlSecBufferGetSize(buffer) < ctx->keySize) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "keySize=%d;expected=%d",
+ xmlSecBufferGetSize(buffer), ctx->keySize);
+ return(-1);
+ }
+
+ xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1);
+ memcpy(ctx->key, xmlSecBufferGetData(buffer), ctx->keySize);
+
+ ctx->keyInitialized = 1;
+ return(0);
+}
+
+static int
+xmlSecNssBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecNssBlockCipherCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ int ret;
+
+ xmlSecAssert2(xmlSecNssBlockCipherCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssBlockCipherSize), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+
+ ctx = xmlSecNssBlockCipherGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if(transform->status == xmlSecTransformStatusWorking) {
+ if(ctx->ctxInitialized == 0) {
+ ret = xmlSecNssBlockCipherCtxInit(ctx, in, out,
+ (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
+ xmlSecTransformGetName(transform), transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecNssBlockCipherCtxInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ if((ctx->ctxInitialized == 0) && (last != 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "not enough data to initialize transform");
+ return(-1);
+ }
+
+ if(ctx->ctxInitialized != 0) {
+ ret = xmlSecNssBlockCipherCtxUpdate(ctx, in, out,
+ (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
+ xmlSecTransformGetName(transform), transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecNssBlockCipherCtxUpdate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ if(last) {
+ ret = xmlSecNssBlockCipherCtxFinal(ctx, in, out,
+ (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
+ xmlSecTransformGetName(transform), transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecNssBlockCipherCtxFinal",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
+ } else if(transform->status == xmlSecTransformStatusNone) {
+ /* the only way we can get here is if there is no enough data in the input */
+ xmlSecAssert2(last == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+
+ return(0);
+}
+
+
+#ifndef XMLSEC_NO_AES
+/*********************************************************************
+ *
+ * AES CBC cipher transforms
+ *
+ ********************************************************************/
+static xmlSecTransformKlass xmlSecNssAes128CbcKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameAes128Cbc, /* const xmlChar* name; */
+ xmlSecHrefAes128Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformAes128CbcGetKlass:
+ *
+ * AES 128 CBC encryption transform klass.
+ *
+ * Returns: pointer to AES 128 CBC encryption transform.
+ */
+xmlSecTransformId
+xmlSecNssTransformAes128CbcGetKlass(void) {
+ return(&xmlSecNssAes128CbcKlass);
+}
+
+static xmlSecTransformKlass xmlSecNssAes192CbcKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameAes192Cbc, /* const xmlChar* name; */
+ xmlSecHrefAes192Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformAes192CbcGetKlass:
+ *
+ * AES 192 CBC encryption transform klass.
+ *
+ * Returns: pointer to AES 192 CBC encryption transform.
+ */
+xmlSecTransformId
+xmlSecNssTransformAes192CbcGetKlass(void) {
+ return(&xmlSecNssAes192CbcKlass);
+}
+
+static xmlSecTransformKlass xmlSecNssAes256CbcKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameAes256Cbc, /* const xmlChar* name; */
+ xmlSecHrefAes256Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformAes256CbcGetKlass:
+ *
+ * AES 256 CBC encryption transform klass.
+ *
+ * Returns: pointer to AES 256 CBC encryption transform.
+ */
+xmlSecTransformId
+xmlSecNssTransformAes256CbcGetKlass(void) {
+ return(&xmlSecNssAes256CbcKlass);
+}
+
+#endif /* XMLSEC_NO_AES */
+
+#ifndef XMLSEC_NO_DES
+static xmlSecTransformKlass xmlSecNssDes3CbcKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameDes3Cbc, /* const xmlChar* name; */
+ xmlSecHrefDes3Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecNssBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecNssBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformDes3CbcGetKlass:
+ *
+ * Triple DES CBC encryption transform klass.
+ *
+ * Returns: pointer to Triple DES encryption transform.
+ */
+xmlSecTransformId
+xmlSecNssTransformDes3CbcGetKlass(void) {
+ return(&xmlSecNssDes3CbcKlass);
+}
+#endif /* XMLSEC_NO_DES */
+
diff --git a/src/nss/crypto.c b/src/nss/crypto.c
new file mode 100644
index 00000000..7137f1c4
--- /dev/null
+++ b/src/nss/crypto.c
@@ -0,0 +1,444 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ * Copyright (c) 2003 America Online, Inc. All rights reserved.
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <nss.h>
+#include <pk11func.h>
+#include <prinit.h>
+
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+#include <xmlsec/dl.h>
+#include <xmlsec/private.h>
+#include <xmlsec/xmltree.h>
+
+#include <xmlsec/nss/app.h>
+#include <xmlsec/nss/crypto.h>
+#include <xmlsec/nss/x509.h>
+
+static xmlSecCryptoDLFunctionsPtr gXmlSecNssFunctions = NULL;
+
+/**
+ * xmlSecCryptoGetFunctions_nss:
+ *
+ * Gets the pointer to xmlsec-nss functions table.
+ *
+ * Returns: the xmlsec-nss functions table or NULL if an error occurs.
+ */
+xmlSecCryptoDLFunctionsPtr
+xmlSecCryptoGetFunctions_nss(void) {
+ static xmlSecCryptoDLFunctions functions;
+
+ if(gXmlSecNssFunctions != NULL) {
+ return(gXmlSecNssFunctions);
+ }
+
+ memset(&functions, 0, sizeof(functions));
+ gXmlSecNssFunctions = &functions;
+
+ /********************************************************************
+ *
+ * Crypto Init/shutdown
+ *
+ ********************************************************************/
+ gXmlSecNssFunctions->cryptoInit = xmlSecNssInit;
+ gXmlSecNssFunctions->cryptoShutdown = xmlSecNssShutdown;
+ gXmlSecNssFunctions->cryptoKeysMngrInit = xmlSecNssKeysMngrInit;
+
+ /********************************************************************
+ *
+ * Key data ids
+ *
+ ********************************************************************/
+#ifndef XMLSEC_NO_AES
+ gXmlSecNssFunctions->keyDataAesGetKlass = xmlSecNssKeyDataAesGetKlass;
+#endif /* XMLSEC_NO_AES */
+
+#ifndef XMLSEC_NO_DES
+ gXmlSecNssFunctions->keyDataDesGetKlass = xmlSecNssKeyDataDesGetKlass;
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_DSA
+ gXmlSecNssFunctions->keyDataDsaGetKlass = xmlSecNssKeyDataDsaGetKlass;
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_HMAC
+ gXmlSecNssFunctions->keyDataHmacGetKlass = xmlSecNssKeyDataHmacGetKlass;
+#endif /* XMLSEC_NO_HMAC */
+
+#ifndef XMLSEC_NO_RSA
+ gXmlSecNssFunctions->keyDataRsaGetKlass = xmlSecNssKeyDataRsaGetKlass;
+#endif /* XMLSEC_NO_RSA */
+
+#ifndef XMLSEC_NO_X509
+ gXmlSecNssFunctions->keyDataX509GetKlass = xmlSecNssKeyDataX509GetKlass;
+ gXmlSecNssFunctions->keyDataRawX509CertGetKlass = xmlSecNssKeyDataRawX509CertGetKlass;
+#endif /* XMLSEC_NO_X509 */
+
+ /********************************************************************
+ *
+ * Key data store ids
+ *
+ ********************************************************************/
+#ifndef XMLSEC_NO_X509
+ gXmlSecNssFunctions->x509StoreGetKlass = xmlSecNssX509StoreGetKlass;
+#endif /* XMLSEC_NO_X509 */
+
+ /********************************************************************
+ *
+ * Crypto transforms ids
+ *
+ ********************************************************************/
+
+ /******************************* AES ********************************/
+#ifndef XMLSEC_NO_AES
+ gXmlSecNssFunctions->transformAes128CbcGetKlass = xmlSecNssTransformAes128CbcGetKlass;
+ gXmlSecNssFunctions->transformAes192CbcGetKlass = xmlSecNssTransformAes192CbcGetKlass;
+ gXmlSecNssFunctions->transformAes256CbcGetKlass = xmlSecNssTransformAes256CbcGetKlass;
+ gXmlSecNssFunctions->transformKWAes128GetKlass = xmlSecNssTransformKWAes128GetKlass;
+ gXmlSecNssFunctions->transformKWAes192GetKlass = xmlSecNssTransformKWAes192GetKlass;
+ gXmlSecNssFunctions->transformKWAes256GetKlass = xmlSecNssTransformKWAes256GetKlass;
+#endif /* XMLSEC_NO_AES */
+
+ /******************************* DES ********************************/
+#ifndef XMLSEC_NO_DES
+ gXmlSecNssFunctions->transformDes3CbcGetKlass = xmlSecNssTransformDes3CbcGetKlass;
+ gXmlSecNssFunctions->transformKWDes3GetKlass = xmlSecNssTransformKWDes3GetKlass;
+#endif /* XMLSEC_NO_DES */
+
+ /******************************* DSA ********************************/
+#ifndef XMLSEC_NO_DSA
+ gXmlSecNssFunctions->transformDsaSha1GetKlass = xmlSecNssTransformDsaSha1GetKlass;
+#endif /* XMLSEC_NO_DSA */
+
+ /******************************* HMAC ********************************/
+#ifndef XMLSEC_NO_HMAC
+
+#ifndef XMLSEC_NO_MD5
+ gXmlSecNssFunctions->transformHmacMd5GetKlass = xmlSecNssTransformHmacMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ gXmlSecNssFunctions->transformHmacRipemd160GetKlass = xmlSecNssTransformHmacRipemd160GetKlass;
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecNssFunctions->transformHmacSha1GetKlass = xmlSecNssTransformHmacSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecNssFunctions->transformHmacSha256GetKlass = xmlSecNssTransformHmacSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecNssFunctions->transformHmacSha384GetKlass = xmlSecNssTransformHmacSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecNssFunctions->transformHmacSha512GetKlass = xmlSecNssTransformHmacSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_HMAC */
+
+ /******************************* RSA ********************************/
+#ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_MD5
+ gXmlSecNssFunctions->transformRsaMd5GetKlass = xmlSecNssTransformRsaMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecNssFunctions->transformRsaSha1GetKlass = xmlSecNssTransformRsaSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecNssFunctions->transformRsaSha256GetKlass = xmlSecNssTransformRsaSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecNssFunctions->transformRsaSha384GetKlass = xmlSecNssTransformRsaSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecNssFunctions->transformRsaSha512GetKlass = xmlSecNssTransformRsaSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+ gXmlSecNssFunctions->transformRsaPkcs1GetKlass = xmlSecNssTransformRsaPkcs1GetKlass;
+
+/* aleksey, April 2010: NSS 3.12.6 has CKM_RSA_PKCS_OAEP algorithm but
+ it doesn't implement the SHA1 OAEP PKCS we need
+
+ https://bugzilla.mozilla.org/show_bug.cgi?id=158747
+*/
+#ifdef XMLSEC_NSS_RSA_OAEP_TODO
+ gXmlSecNssFunctions->transformRsaOaepGetKlass = xmlSecNssTransformRsaOaepGetKlass;
+#endif /* XMLSEC_NSS_RSA_OAEP_TODO */
+
+#endif /* XMLSEC_NO_RSA */
+
+ /******************************* SHA ********************************/
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecNssFunctions->transformSha1GetKlass = xmlSecNssTransformSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecNssFunctions->transformSha256GetKlass = xmlSecNssTransformSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecNssFunctions->transformSha384GetKlass = xmlSecNssTransformSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecNssFunctions->transformSha512GetKlass = xmlSecNssTransformSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+ /******************************* MD5 ********************************/
+#ifndef XMLSEC_NO_MD5
+ gXmlSecNssFunctions->transformMd5GetKlass = xmlSecNssTransformMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+
+ /********************************************************************
+ *
+ * High level routines form xmlsec command line utility
+ *
+ ********************************************************************/
+ gXmlSecNssFunctions->cryptoAppInit = xmlSecNssAppInit;
+ gXmlSecNssFunctions->cryptoAppShutdown = xmlSecNssAppShutdown;
+ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrInit = xmlSecNssAppDefaultKeysMngrInit;
+ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrAdoptKey = xmlSecNssAppDefaultKeysMngrAdoptKey;
+ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrLoad = xmlSecNssAppDefaultKeysMngrLoad;
+ gXmlSecNssFunctions->cryptoAppDefaultKeysMngrSave = xmlSecNssAppDefaultKeysMngrSave;
+#ifndef XMLSEC_NO_X509
+ gXmlSecNssFunctions->cryptoAppKeysMngrCertLoad = xmlSecNssAppKeysMngrCertLoad;
+ gXmlSecNssFunctions->cryptoAppKeysMngrCertLoadMemory= xmlSecNssAppKeysMngrCertLoadMemory;
+ gXmlSecNssFunctions->cryptoAppPkcs12Load = xmlSecNssAppPkcs12Load;
+ gXmlSecNssFunctions->cryptoAppPkcs12LoadMemory = xmlSecNssAppPkcs12LoadMemory;
+ gXmlSecNssFunctions->cryptoAppKeyCertLoad = xmlSecNssAppKeyCertLoad;
+ gXmlSecNssFunctions->cryptoAppKeyCertLoadMemory = xmlSecNssAppKeyCertLoadMemory;
+#endif /* XMLSEC_NO_X509 */
+ gXmlSecNssFunctions->cryptoAppKeyLoad = xmlSecNssAppKeyLoad;
+ gXmlSecNssFunctions->cryptoAppKeyLoadMemory = xmlSecNssAppKeyLoadMemory;
+ gXmlSecNssFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecNssAppGetDefaultPwdCallback();
+
+ return(gXmlSecNssFunctions);
+}
+
+/**
+ * xmlSecNssInit:
+ *
+ * XMLSec library specific crypto engine initialization.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecNssInit (void) {
+ /* Check loaded xmlsec library version */
+ if(xmlSecCheckVersionExact() != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCheckVersionExact",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* set default errors callback for xmlsec to us */
+ xmlSecErrorsSetCallback(xmlSecNssErrorsDefaultCallback);
+
+ /* register our klasses */
+ if(xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(xmlSecCryptoGetFunctions_nss()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecNssShutdown:
+ *
+ * XMLSec library specific crypto engine shutdown.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecNssShutdown(void) {
+ return(0);
+}
+
+/**
+ * xmlSecNssKeysMngrInit:
+ * @mngr: the pointer to keys manager.
+ *
+ * Adds NSS specific key data stores in keys manager.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecNssKeysMngrInit(xmlSecKeysMngrPtr mngr) {
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+
+#ifndef XMLSEC_NO_X509
+ /* create x509 store if needed */
+ if(xmlSecKeysMngrGetDataStore(mngr, xmlSecNssX509StoreId) == NULL) {
+ xmlSecKeyDataStorePtr x509Store;
+
+ x509Store = xmlSecKeyDataStoreCreate(xmlSecNssX509StoreId);
+ if(x509Store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataStoreCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecNssX509StoreId");
+ return(-1);
+ }
+
+ ret = xmlSecKeysMngrAdoptDataStore(mngr, x509Store);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrAdoptDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataStoreDestroy(x509Store);
+ return(-1);
+ }
+ }
+#endif /* XMLSEC_NO_X509 */
+
+ return(0);
+}
+
+/**
+ * xmlSecNssGetInternalKeySlot:
+ *
+ * Gets internal NSS key slot.
+ *
+ * Returns: internal key slot and initializes it if needed.
+ */
+PK11SlotInfo *
+xmlSecNssGetInternalKeySlot()
+{
+ PK11SlotInfo *slot = NULL;
+ SECStatus rv;
+
+ slot = PK11_GetInternalKeySlot();
+ if (slot == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_GetInternalKeySlot",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return NULL;
+ }
+
+ if (PK11_NeedUserInit(slot)) {
+ rv = PK11_InitPin(slot, NULL, NULL);
+ if (rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_Authenticate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return NULL;
+ }
+ }
+
+ if(PK11_IsLoggedIn(slot, NULL) != PR_TRUE) {
+ rv = PK11_Authenticate(slot, PR_TRUE, NULL);
+ if (rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_Authenticate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return NULL;
+ }
+ }
+
+ return(slot);
+}
+
+/**
+ * xmlSecNssGenerateRandom:
+ * @buffer: the destination buffer.
+ * @size: the numer of bytes to generate.
+ *
+ * Generates @size random bytes and puts result in @buffer.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecNssGenerateRandom(xmlSecBufferPtr buffer, xmlSecSize size) {
+ SECStatus rv;
+ int ret;
+
+ xmlSecAssert2(buffer != NULL, -1);
+ xmlSecAssert2(size > 0, -1);
+
+ ret = xmlSecBufferSetSize(buffer, size);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", size);
+ return(-1);
+ }
+
+ /* get random data */
+ rv = PK11_GenerateRandom((xmlSecByte*)xmlSecBufferGetData(buffer), size);
+ if(rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_GenerateRandom",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", size);
+ return(-1);
+ }
+ return(0);
+}
+
+/**
+ * xmlSecNssErrorsDefaultCallback:
+ * @file: the error location file name (__FILE__ macro).
+ * @line: the error location line number (__LINE__ macro).
+ * @func: the error location function name (__FUNCTION__ macro).
+ * @errorObject: the error specific error object
+ * @errorSubject: the error specific error subject.
+ * @reason: the error code.
+ * @msg: the additional error message.
+ *
+ * The default errors reporting callback function.
+ */
+void
+xmlSecNssErrorsDefaultCallback(const char* file, int line, const char* func,
+ const char* errorObject, const char* errorSubject,
+ int reason, const char* msg) {
+ xmlChar buf[500];
+ int err;
+
+ err = PORT_GetError();
+ xmlSecStrPrintf(buf, sizeof(buf), BAD_CAST "%s;last nss error=%d (0x%08X)", msg, err, err);
+ xmlSecErrorsDefaultCallback(file, line, func,
+ errorObject, errorSubject,
+ reason, (char*)buf);
+}
diff --git a/src/nss/digests.c b/src/nss/digests.c
new file mode 100644
index 00000000..8063b443
--- /dev/null
+++ b/src/nss/digests.c
@@ -0,0 +1,576 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ * Copyright (c) 2003 America Online, Inc. All rights reserved.
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <nspr.h>
+#include <nss.h>
+#include <secoid.h>
+#include <pk11func.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/nss/app.h>
+#include <xmlsec/nss/crypto.h>
+
+#define XMLSEC_NSS_MAX_DIGEST_SIZE 64
+
+/**************************************************************************
+ *
+ * Internal NSS Digest CTX
+ *
+ *****************************************************************************/
+typedef struct _xmlSecNssDigestCtx xmlSecNssDigestCtx, *xmlSecNssDigestCtxPtr;
+struct _xmlSecNssDigestCtx {
+ SECOidData* digest;
+ PK11Context* digestCtx;
+ xmlSecByte dgst[XMLSEC_NSS_MAX_DIGEST_SIZE];
+ xmlSecSize dgstSize; /* dgst size in bytes */
+};
+
+/******************************************************************************
+ *
+ * Digest transforms
+ *
+ * xmlSecNssDigestCtx is located after xmlSecTransform
+ *
+ *****************************************************************************/
+#define xmlSecNssDigestSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecNssDigestCtx))
+#define xmlSecNssDigestGetCtx(transform) \
+ ((xmlSecNssDigestCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecNssDigestCheckId (xmlSecTransformPtr transform);
+static int xmlSecNssDigestInitialize (xmlSecTransformPtr transform);
+static void xmlSecNssDigestFinalize (xmlSecTransformPtr transform);
+static int xmlSecNssDigestVerify (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecNssDigestExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+
+static int
+xmlSecNssDigestCheckId(xmlSecTransformPtr transform) {
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformMd5Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha1Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha256Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha384Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha512Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA512 */
+
+ return(0);
+}
+
+static int
+xmlSecNssDigestInitialize(xmlSecTransformPtr transform) {
+ xmlSecNssDigestCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecNssDigestCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssDigestSize), -1);
+
+ ctx = xmlSecNssDigestGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ /* initialize context */
+ memset(ctx, 0, sizeof(xmlSecNssDigestCtx));
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformMd5Id)) {
+ ctx->digest = SECOID_FindOIDByTag(SEC_OID_MD5);
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha1Id)) {
+ ctx->digest = SECOID_FindOIDByTag(SEC_OID_SHA1);
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha256Id)) {
+ ctx->digest = SECOID_FindOIDByTag(SEC_OID_SHA256);
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha384Id)) {
+ ctx->digest = SECOID_FindOIDByTag(SEC_OID_SHA384);
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha512Id)) {
+ ctx->digest = SECOID_FindOIDByTag(SEC_OID_SHA512);
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+ if(1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if(ctx->digest == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "SECOID_FindOIDByTag",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+
+ ctx->digestCtx = PK11_CreateDigestContext(ctx->digest->offset);
+ if(ctx->digestCtx == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_CreateDigestContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+
+ return(0);
+}
+
+static void
+xmlSecNssDigestFinalize(xmlSecTransformPtr transform) {
+ xmlSecNssDigestCtxPtr ctx;
+
+ xmlSecAssert(xmlSecNssDigestCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssDigestSize));
+
+ ctx = xmlSecNssDigestGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ if(ctx->digestCtx != NULL) {
+ PK11_DestroyContext(ctx->digestCtx, PR_TRUE);
+ }
+ memset(ctx, 0, sizeof(xmlSecNssDigestCtx));
+}
+
+static int
+xmlSecNssDigestVerify(xmlSecTransformPtr transform,
+ const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecNssDigestCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecNssDigestCheckId(transform), -1);
+ xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssDigestSize), -1);
+ xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecNssDigestGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->dgstSize > 0, -1);
+
+ if(dataSize != ctx->dgstSize) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "data and digest sizes are different (data=%d, dgst=%d)",
+ dataSize, ctx->dgstSize);
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ if(memcmp(ctx->dgst, data, dataSize) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "data and digest do not match");
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ transform->status = xmlSecTransformStatusOk;
+ return(0);
+}
+
+static int
+xmlSecNssDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecNssDigestCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ SECStatus rv;
+ int ret;
+
+ xmlSecAssert2(xmlSecNssDigestCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssDigestSize), -1);
+
+ ctx = xmlSecNssDigestGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->digestCtx != NULL, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ rv = PK11_DigestBegin(ctx->digestCtx);
+ if(rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_DigestBegin",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if(transform->status == xmlSecTransformStatusWorking) {
+ xmlSecSize inSize;
+
+ inSize = xmlSecBufferGetSize(in);
+ if(inSize > 0) {
+ rv = PK11_DigestOp(ctx->digestCtx, xmlSecBufferGetData(in), inSize);
+ if (rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_DigestOp",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ }
+ if(last) {
+ unsigned int dgstSize;
+
+ rv = PK11_DigestFinal(ctx->digestCtx, ctx->dgst, &dgstSize, sizeof(ctx->dgst));
+ if(rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_DigestFinal",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ xmlSecAssert2(dgstSize > 0, -1);
+ ctx->dgstSize = XMLSEC_SIZE_BAD_CAST(dgstSize);
+
+ if(transform->operation == xmlSecTransformOperationSign) {
+ ret = xmlSecBufferAppend(out, ctx->dgst, ctx->dgstSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", ctx->dgstSize);
+ return(-1);
+ }
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+
+ return(0);
+}
+
+#ifndef XMLSEC_NO_MD5
+/******************************************************************************
+ *
+ * Md5 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecNssMd5Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssDigestSize, /* xmlSecSize objSize */
+
+ /* data */
+ xmlSecNameMd5, /* const xmlChar* name; */
+ xmlSecHrefMd5, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ /* methods */
+ xmlSecNssDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecNssDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformMd5GetKlass:
+ *
+ * MD5 digest transform klass.
+ *
+ * Returns: pointer to MD5 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformMd5GetKlass(void) {
+ return(&xmlSecNssMd5Klass);
+}
+#endif /* XMLSEC_NO_MD5 */
+
+
+#ifndef XMLSEC_NO_SHA1
+/******************************************************************************
+ *
+ * SHA1 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecNssSha1Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssDigestSize, /* xmlSecSize objSize */
+
+ /* data */
+ xmlSecNameSha1, /* const xmlChar* name; */
+ xmlSecHrefSha1, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ /* methods */
+ xmlSecNssDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecNssDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformSha1GetKlass:
+ *
+ * SHA-1 digest transform klass.
+ *
+ * Returns: pointer to SHA-1 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformSha1GetKlass(void) {
+ return(&xmlSecNssSha1Klass);
+}
+#endif /* XMLSEC_NO_SHA1 */
+
+
+#ifndef XMLSEC_NO_SHA256
+/******************************************************************************
+ *
+ * SHA256 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecNssSha256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssDigestSize, /* xmlSecSize objSize */
+
+ /* data */
+ xmlSecNameSha256, /* const xmlChar* name; */
+ xmlSecHrefSha256, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ /* methods */
+ xmlSecNssDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecNssDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformSha256GetKlass:
+ *
+ * SHA256 digest transform klass.
+ *
+ * Returns: pointer to SHA256 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformSha256GetKlass(void) {
+ return(&xmlSecNssSha256Klass);
+}
+#endif /* XMLSEC_NO_SHA256 */
+
+
+#ifndef XMLSEC_NO_SHA384
+/******************************************************************************
+ *
+ * SHA384 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecNssSha384Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssDigestSize, /* xmlSecSize objSize */
+
+ /* data */
+ xmlSecNameSha384, /* const xmlChar* name; */
+ xmlSecHrefSha384, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ /* methods */
+ xmlSecNssDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecNssDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformSha384GetKlass:
+ *
+ * SHA384 digest transform klass.
+ *
+ * Returns: pointer to SHA384 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformSha384GetKlass(void) {
+ return(&xmlSecNssSha384Klass);
+}
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/******************************************************************************
+ *
+ * SHA512 Digest transforms
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecNssSha512Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssDigestSize, /* xmlSecSize objSize */
+
+ /* data */
+ xmlSecNameSha512, /* const xmlChar* name; */
+ xmlSecHrefSha512, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ /* methods */
+ xmlSecNssDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecNssDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformSha512GetKlass:
+ *
+ * SHA512 digest transform klass.
+ *
+ * Returns: pointer to SHA512 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformSha512GetKlass(void) {
+ return(&xmlSecNssSha512Klass);
+}
+#endif /* XMLSEC_NO_SHA512 */
+
diff --git a/src/nss/globals.h b/src/nss/globals.h
new file mode 100644
index 00000000..770b6dba
--- /dev/null
+++ b/src/nss/globals.h
@@ -0,0 +1,24 @@
+/*
+ * XML Security Library
+ *
+ * globals.h: internal header only used during the compilation
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_GLOBALS_H__
+#define __XMLSEC_GLOBALS_H__
+
+/**
+ * Use autoconf defines if present.
+ */
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif /* HAVE_CONFIG_H */
+
+#define IN_XMLSEC_CRYPTO
+#define XMLSEC_PRIVATE
+
+#endif /* ! __XMLSEC_GLOBALS_H__ */
diff --git a/src/nss/hmac.c b/src/nss/hmac.c
new file mode 100644
index 00000000..ae7e67ef
--- /dev/null
+++ b/src/nss/hmac.c
@@ -0,0 +1,855 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ * Copyright (c) 2003 America Online, Inc. All rights reserved.
+ */
+#ifndef XMLSEC_NO_HMAC
+#include "globals.h"
+
+#include <string.h>
+
+#include <nspr.h>
+#include <nss.h>
+#include <secoid.h>
+#include <pk11func.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/nss/app.h>
+#include <xmlsec/nss/crypto.h>
+
+/* sizes in bits */
+#define XMLSEC_NSS_MIN_HMAC_SIZE 80
+#define XMLSEC_NSS_MAX_HMAC_SIZE (128 * 8)
+
+/**************************************************************************
+ *
+ * Configuration
+ *
+ *****************************************************************************/
+static int g_xmlsec_nss_hmac_min_length = XMLSEC_NSS_MIN_HMAC_SIZE;
+
+/**
+ * xmlSecNssHmacGetMinOutputLength:
+ *
+ * Gets the value of min HMAC length.
+ *
+ * Returns: the min HMAC output length
+ */
+int xmlSecNssHmacGetMinOutputLength(void)
+{
+ return g_xmlsec_nss_hmac_min_length;
+}
+
+/**
+ * xmlSecNssHmacSetMinOutputLength:
+ * @min_length: the new min length
+ *
+ * Sets the min HMAC output length
+ */
+void xmlSecNssHmacSetMinOutputLength(int min_length)
+{
+ g_xmlsec_nss_hmac_min_length = min_length;
+}
+
+/**************************************************************************
+ *
+ * Internal NSS HMAC CTX
+ *
+ *****************************************************************************/
+typedef struct _xmlSecNssHmacCtx xmlSecNssHmacCtx, *xmlSecNssHmacCtxPtr;
+struct _xmlSecNssHmacCtx {
+ CK_MECHANISM_TYPE digestType;
+ PK11Context* digestCtx;
+ xmlSecByte dgst[XMLSEC_NSS_MAX_HMAC_SIZE / 8];
+ xmlSecSize dgstSize; /* dgst size in bits */
+};
+
+/******************************************************************************
+ *
+ * HMAC transforms
+ *
+ * xmlSecNssHmacCtx is located after xmlSecTransform
+ *
+ *****************************************************************************/
+#define xmlSecNssHmacGetCtx(transform) \
+ ((xmlSecNssHmacCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+#define xmlSecNssHmacSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecNssHmacCtx))
+
+static int xmlSecNssHmacCheckId (xmlSecTransformPtr transform);
+static int xmlSecNssHmacInitialize (xmlSecTransformPtr transform);
+static void xmlSecNssHmacFinalize (xmlSecTransformPtr transform);
+static int xmlSecNssHmacNodeRead (xmlSecTransformPtr transform,
+ xmlNodePtr node,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecNssHmacSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecNssHmacSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecNssHmacVerify (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecNssHmacExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+
+
+static int
+xmlSecNssHmacCheckId(xmlSecTransformPtr transform) {
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacMd5Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacRipemd160Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacSha1Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacSha256Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacSha384Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacSha512Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA512 */
+
+ /* not found */
+ return(0);
+}
+
+static int
+xmlSecNssHmacInitialize(xmlSecTransformPtr transform) {
+ xmlSecNssHmacCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecNssHmacCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssHmacSize), -1);
+
+ ctx = xmlSecNssHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ memset(ctx, 0, sizeof(xmlSecNssHmacCtx));
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacMd5Id)) {
+ ctx->digestType = CKM_MD5_HMAC;
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacRipemd160Id)) {
+ ctx->digestType = CKM_RIPEMD160_HMAC;
+ } else
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacSha1Id)) {
+ ctx->digestType = CKM_SHA_1_HMAC;
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacSha256Id)) {
+ ctx->digestType = CKM_SHA256_HMAC;
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacSha384Id)) {
+ ctx->digestType = CKM_SHA384_HMAC;
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacSha512Id)) {
+ ctx->digestType = CKM_SHA512_HMAC;
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+ /* not found */
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+static void
+xmlSecNssHmacFinalize(xmlSecTransformPtr transform) {
+ xmlSecNssHmacCtxPtr ctx;
+
+ xmlSecAssert(xmlSecNssHmacCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssHmacSize));
+
+ ctx = xmlSecNssHmacGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ if(ctx->digestCtx != NULL) {
+ PK11_DestroyContext(ctx->digestCtx, PR_TRUE);
+ }
+ memset(ctx, 0, sizeof(xmlSecNssHmacCtx));
+}
+
+/**
+ * xmlSecNssHmacNodeRead:
+ *
+ * HMAC (http://www.w3.org/TR/xmldsig-core/#sec-HMAC):
+ *
+ * The HMAC algorithm (RFC2104 [HMAC]) takes the truncation length in bits
+ * as a parameter; if the parameter is not specified then all the bits of the
+ * hash are output. An example of an HMAC SignatureMethod element:
+ * <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1">
+ * <HMACOutputLength>128</HMACOutputLength>
+ * </SignatureMethod>
+ *
+ * Schema Definition:
+ *
+ * <simpleType name="HMACOutputLengthType">
+ * <restriction base="integer"/>
+ * </simpleType>
+ *
+ * DTD:
+ *
+ * <!ELEMENT HMACOutputLength (#PCDATA)>
+ */
+static int
+xmlSecNssHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecNssHmacCtxPtr ctx;
+ xmlNodePtr cur;
+
+ xmlSecAssert2(xmlSecNssHmacCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssHmacSize), -1);
+ xmlSecAssert2(node!= NULL, -1);
+ xmlSecAssert2(transformCtx!= NULL, -1);
+
+ ctx = xmlSecNssHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ cur = xmlSecGetNextElementNode(node->children);
+ if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHMACOutputLength, xmlSecDSigNs)) {
+ xmlChar *content;
+
+ content = xmlNodeGetContent(cur);
+ if(content != NULL) {
+ ctx->dgstSize = atoi((char*)content);
+ xmlFree(content);
+ }
+
+ /* Ensure that HMAC length is greater than min specified.
+ Otherwise, an attacker can set this length to 0 or very
+ small value
+ */
+ if((int)ctx->dgstSize < xmlSecNssHmacGetMinOutputLength()) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
+ "HMAC output length is too small");
+ return(-1);
+ }
+
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "no nodes expected");
+ return(-1);
+ }
+ return(0);
+}
+
+
+static int
+xmlSecNssHmacSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecNssHmacCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecNssHmacCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssHmacSize), -1);
+
+ ctx = xmlSecNssHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keyReq->keyId = xmlSecNssKeyDataHmacId;
+ keyReq->keyType= xmlSecKeyDataTypeSymmetric;
+ if(transform->operation == xmlSecTransformOperationSign) {
+ keyReq->keyUsage = xmlSecKeyUsageSign;
+ } else {
+ keyReq->keyUsage = xmlSecKeyUsageVerify;
+ }
+
+ return(0);
+}
+
+static int
+xmlSecNssHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecNssHmacCtxPtr ctx;
+ xmlSecKeyDataPtr value;
+ xmlSecBufferPtr buffer;
+ SECItem keyItem;
+ SECItem ignore;
+ PK11SlotInfo* slot;
+ PK11SymKey* symKey;
+
+ xmlSecAssert2(xmlSecNssHmacCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssHmacSize), -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ ctx = xmlSecNssHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->digestType != 0, -1);
+ xmlSecAssert2(ctx->digestCtx == NULL, -1);
+
+ value = xmlSecKeyGetValue(key);
+ xmlSecAssert2(xmlSecKeyDataCheckId(value, xmlSecNssKeyDataHmacId), -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(value);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ if(xmlSecBufferGetSize(buffer) == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "key is empty");
+ return(-1);
+ }
+
+ memset(&ignore, 0, sizeof(ignore));
+ memset(&keyItem, 0, sizeof(keyItem));
+ keyItem.data = xmlSecBufferGetData(buffer);
+ keyItem.len = xmlSecBufferGetSize(buffer);
+
+ slot = PK11_GetBestSlot(ctx->digestType, NULL);
+ if(slot == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_GetBestSlot",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ symKey = PK11_ImportSymKey(slot, ctx->digestType, PK11_OriginDerive,
+ CKA_SIGN, &keyItem, NULL);
+ if(symKey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_ImportSymKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ PK11_FreeSlot(slot);
+ return(-1);
+ }
+
+ ctx->digestCtx = PK11_CreateContextBySymKey(ctx->digestType, CKA_SIGN, symKey, &ignore);
+ if(ctx->digestCtx == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_CreateContextBySymKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ PK11_FreeSymKey(symKey);
+ PK11_FreeSlot(slot);
+ return(-1);
+ }
+
+ PK11_FreeSymKey(symKey);
+ PK11_FreeSlot(slot);
+ return(0);
+}
+
+static int
+xmlSecNssHmacVerify(xmlSecTransformPtr transform,
+ const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx) {
+ static xmlSecByte last_byte_masks[] =
+ { 0xFF, 0x80, 0xC0, 0xE0, 0xF0, 0xF8, 0xFC, 0xFE };
+
+ xmlSecNssHmacCtxPtr ctx;
+ xmlSecByte mask;
+
+ xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
+ xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssHmacSize), -1);
+ xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecNssHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->digestCtx != NULL, -1);
+ xmlSecAssert2(ctx->dgstSize > 0, -1);
+
+ /* compare the digest size in bytes */
+ if(dataSize != ((ctx->dgstSize + 7) / 8)){
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "data=%d;dgst=%d",
+ dataSize, ((ctx->dgstSize + 7) / 8));
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ /* we check the last byte separatelly */
+ xmlSecAssert2(dataSize > 0, -1);
+ mask = last_byte_masks[ctx->dgstSize % 8];
+ if((ctx->dgst[dataSize - 1] & mask) != (data[dataSize - 1] & mask)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_DATA_NOT_MATCH,
+ "data and digest do not match (last byte)");
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ /* now check the rest of the digest */
+ if((dataSize > 1) && (memcmp(ctx->dgst, data, dataSize - 1) != 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_DATA_NOT_MATCH,
+ "data and digest do not match");
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ transform->status = xmlSecTransformStatusOk;
+ return(0);
+}
+
+static int
+xmlSecNssHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecNssHmacCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ SECStatus rv;
+ int ret;
+
+ xmlSecAssert2(xmlSecNssHmacCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssHmacSize), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecNssHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->digestCtx != NULL, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ rv = PK11_DigestBegin(ctx->digestCtx);
+ if(rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_DigestBegin",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if(transform->status == xmlSecTransformStatusWorking) {
+ xmlSecSize inSize;
+
+ inSize = xmlSecBufferGetSize(in);
+ if(inSize > 0) {
+ rv = PK11_DigestOp(ctx->digestCtx, xmlSecBufferGetData(in), inSize);
+ if (rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_DigestOp",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ }
+ if(last) {
+ unsigned int dgstSize;
+
+ rv = PK11_DigestFinal(ctx->digestCtx, ctx->dgst, &dgstSize, sizeof(ctx->dgst));
+ if(rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "PK11_DigestFinal",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ xmlSecAssert2(dgstSize > 0, -1);
+
+ /* check/set the result digest size */
+ if(ctx->dgstSize == 0) {
+ ctx->dgstSize = XMLSEC_SIZE_BAD_CAST(dgstSize * 8); /* no dgst size specified, use all we have */
+ } else if(ctx->dgstSize <= XMLSEC_SIZE_BAD_CAST(8 * dgstSize)) {
+ dgstSize = ((ctx->dgstSize + 7) / 8); /* we need to truncate result digest */
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "result-bits=%d;required-bits=%d",
+ 8 * dgstSize, ctx->dgstSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationSign) {
+ ret = xmlSecBufferAppend(out, ctx->dgst, dgstSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", dgstSize);
+ return(-1);
+ }
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "size=%d", transform->status);
+ return(-1);
+ }
+
+ return(0);
+}
+
+
+#ifndef XMLSEC_NO_RIPEMD160
+/******************************************************************************
+ *
+ * HMAC Ripemd160
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecNssHmacRipemd160Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacRipemd160, /* const xmlChar* name; */
+ xmlSecHrefHmacRipemd160, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecNssHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecNssHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecNssHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecNssHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformHmacRipemd160GetKlass:
+ *
+ * The HMAC-RIPEMD160 transform klass.
+ *
+ * Returns: the HMAC-RIPEMD160 transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformHmacRipemd160GetKlass(void) {
+ return(&xmlSecNssHmacRipemd160Klass);
+}
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_MD5
+/******************************************************************************
+ *
+ * HMAC MD5
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecNssHmacMd5Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacMd5, /* const xmlChar* name; */
+ xmlSecHrefHmacMd5, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecNssHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecNssHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecNssHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecNssHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformHmacMd5GetKlass:
+ *
+ * The HMAC-MD5 transform klass.
+ *
+ * Returns: the HMAC-MD5 transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformHmacMd5GetKlass(void) {
+ return(&xmlSecNssHmacMd5Klass);
+}
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_SHA1
+/******************************************************************************
+ *
+ * HMAC SHA1
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecNssHmacSha1Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha1, /* const xmlChar* name; */
+ xmlSecHrefHmacSha1, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecNssHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecNssHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecNssHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecNssHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformHmacSha1GetKlass:
+ *
+ * The HMAC-SHA1 transform klass.
+ *
+ * Returns: the HMAC-SHA1 transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformHmacSha1GetKlass(void) {
+ return(&xmlSecNssHmacSha1Klass);
+}
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+/******************************************************************************
+ *
+ * HMAC SHA256
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecNssHmacSha256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha256, /* const xmlChar* name; */
+ xmlSecHrefHmacSha256, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecNssHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecNssHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecNssHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecNssHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformHmacSha256GetKlass:
+ *
+ * The HMAC-SHA256 transform klass.
+ *
+ * Returns: the HMAC-SHA256 transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformHmacSha256GetKlass(void) {
+ return(&xmlSecNssHmacSha256Klass);
+}
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/******************************************************************************
+ *
+ * HMAC SHA384
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecNssHmacSha384Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha384, /* const xmlChar* name; */
+ xmlSecHrefHmacSha384, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecNssHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecNssHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecNssHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecNssHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformHmacSha384GetKlass:
+ *
+ * The HMAC-SHA384 transform klass.
+ *
+ * Returns: the HMAC-SHA384 transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformHmacSha384GetKlass(void) {
+ return(&xmlSecNssHmacSha384Klass);
+}
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/******************************************************************************
+ *
+ * HMAC SHA512
+ *
+ ******************************************************************************/
+static xmlSecTransformKlass xmlSecNssHmacSha512Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha512, /* const xmlChar* name; */
+ xmlSecHrefHmacSha512, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecNssHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecNssHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecNssHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecNssHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformHmacSha512GetKlass:
+ *
+ * The HMAC-SHA512 transform klass.
+ *
+ * Returns: the HMAC-SHA512 transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformHmacSha512GetKlass(void) {
+ return(&xmlSecNssHmacSha512Klass);
+}
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_HMAC */
+
+
diff --git a/src/nss/keysstore.c b/src/nss/keysstore.c
new file mode 100644
index 00000000..f07e44be
--- /dev/null
+++ b/src/nss/keysstore.c
@@ -0,0 +1,485 @@
+/**
+ * XMLSec library
+ *
+ * Nss keys store that uses Simple Keys Store under the hood. Uses the
+ * Nss DB as a backing store for the finding keys, but the NSS DB is
+ * not written to by the keys store.
+ * So, if store->findkey is done and the key is not found in the simple
+ * keys store, the NSS DB is looked up.
+ * If store is called to adopt a key, that key is not written to the NSS
+ * DB.
+ * Thus, the NSS DB can be used to pre-load keys and becomes an alternate
+ * source of keys for xmlsec
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for precise wording.
+ *
+ * Copyright (c) 2003 America Online, Inc. All rights reserved.
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <nss.h>
+#include <cert.h>
+#include <pk11func.h>
+#include <keyhi.h>
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/buffer.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/errors.h>
+#include <xmlsec/xmltree.h>
+
+#include <xmlsec/keysmngr.h>
+
+#include <xmlsec/nss/crypto.h>
+#include <xmlsec/nss/keysstore.h>
+#include <xmlsec/nss/x509.h>
+#include <xmlsec/nss/pkikeys.h>
+
+/****************************************************************************
+ *
+ * Nss Keys Store. Uses Simple Keys Store under the hood
+ *
+ * Simple Keys Store ptr is located after xmlSecKeyStore
+ *
+ ***************************************************************************/
+#define xmlSecNssKeysStoreSize \
+ (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr))
+
+#define xmlSecNssKeysStoreGetSS(store) \
+ ((xmlSecKeyStoreCheckSize((store), xmlSecNssKeysStoreSize)) ? \
+ (xmlSecKeyStorePtr*)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \
+ (xmlSecKeyStorePtr*)NULL)
+
+static int xmlSecNssKeysStoreInitialize (xmlSecKeyStorePtr store);
+static void xmlSecNssKeysStoreFinalize (xmlSecKeyStorePtr store);
+static xmlSecKeyPtr xmlSecNssKeysStoreFindKey (xmlSecKeyStorePtr store,
+ const xmlChar* name,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+
+static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
+ sizeof(xmlSecKeyStoreKlass),
+ xmlSecNssKeysStoreSize,
+
+ /* data */
+ BAD_CAST "NSS-keys-store", /* const xmlChar* name; */
+
+ /* constructors/destructor */
+ xmlSecNssKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */
+ xmlSecNssKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */
+ xmlSecNssKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssKeysStoreGetKlass:
+ *
+ * The Nss list based keys store klass.
+ *
+ * Returns: Nss list based keys store klass.
+ */
+xmlSecKeyStoreId
+xmlSecNssKeysStoreGetKlass(void) {
+ return(&xmlSecNssKeysStoreKlass);
+}
+
+/**
+ * xmlSecNssKeysStoreAdoptKey:
+ * @store: the pointer to Nss keys store.
+ * @key: the pointer to key.
+ *
+ * Adds @key to the @store.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecNssKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) {
+ xmlSecKeyStorePtr *ss;
+
+ xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
+ xmlSecAssert2((key != NULL), -1);
+
+ ss = xmlSecNssKeysStoreGetSS(store);
+ xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
+ (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
+
+ return (xmlSecSimpleKeysStoreAdoptKey(*ss, key));
+}
+
+/**
+ * xmlSecNssKeysStoreLoad:
+ * @store: the pointer to Nss keys store.
+ * @uri: the filename.
+ * @keysMngr: the pointer to associated keys manager.
+ *
+ * Reads keys from an XML file.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecNssKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri,
+ xmlSecKeysMngrPtr keysMngr) {
+ xmlDocPtr doc;
+ xmlNodePtr root;
+ xmlNodePtr cur;
+ xmlSecKeyPtr key;
+ xmlSecKeyInfoCtx keyInfoCtx;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
+ xmlSecAssert2((uri != NULL), -1);
+
+ doc = xmlParseFile(uri);
+ if(doc == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlParseFile",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "uri=%s",
+ xmlSecErrorsSafeString(uri));
+ return(-1);
+ }
+
+ root = xmlDocGetRootElement(doc);
+ if(!xmlSecCheckNodeName(root, BAD_CAST "Keys", xmlSecNs)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(root)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "expected-node=<xmlsec:Keys>");
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+
+ cur = xmlSecGetNextElementNode(root->children);
+ while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeKeyInfo, xmlSecDSigNs)) {
+ key = xmlSecKeyCreate();
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "expected-node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+
+ ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecKeyInfoCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(key);
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+
+ keyInfoCtx.mode = xmlSecKeyInfoModeRead;
+ keyInfoCtx.keysMngr = keysMngr;
+ keyInfoCtx.flags = XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND |
+ XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS;
+ keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown;
+ keyInfoCtx.keyReq.keyType = xmlSecKeyDataTypeAny;
+ keyInfoCtx.keyReq.keyUsage= xmlSecKeyDataUsageAny;
+
+ ret = xmlSecKeyInfoNodeRead(cur, key, &keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecKeyInfoNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
+ xmlSecKeyDestroy(key);
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
+
+ if(xmlSecKeyIsValid(key)) {
+ ret = xmlSecNssKeysStoreAdoptKey(store, key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecNssKeysStoreAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(key);
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+ } else {
+ /* we have an unknown key in our file, just ignore it */
+ xmlSecKeyDestroy(key);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+
+ xmlFreeDoc(doc);
+ return(0);
+}
+
+/**
+ * xmlSecNssKeysStoreSave:
+ * @store: the pointer to Nss keys store.
+ * @filename: the filename.
+ * @type: the saved keys type (public, private, ...).
+ *
+ * Writes keys from @store to an XML file.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) {
+ xmlSecKeyStorePtr *ss;
+
+ xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
+ xmlSecAssert2((filename != NULL), -1);
+
+ ss = xmlSecNssKeysStoreGetSS(store);
+ xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
+ (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
+
+ return (xmlSecSimpleKeysStoreSave(*ss, filename, type));
+}
+
+static int
+xmlSecNssKeysStoreInitialize(xmlSecKeyStorePtr store) {
+ xmlSecKeyStorePtr *ss;
+
+ xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
+
+ ss = xmlSecNssKeysStoreGetSS(store);
+ xmlSecAssert2((*ss == NULL), -1);
+
+ *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
+ if(*ss == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
+ "xmlSecKeyStoreCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecSimpleKeysStoreId");
+ return(-1);
+ }
+
+ return(0);
+}
+
+static void
+xmlSecNssKeysStoreFinalize(xmlSecKeyStorePtr store) {
+ xmlSecKeyStorePtr *ss;
+
+ xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId));
+
+ ss = xmlSecNssKeysStoreGetSS(store);
+ xmlSecAssert((ss != NULL) && (*ss != NULL));
+
+ xmlSecKeyStoreDestroy(*ss);
+}
+
+static xmlSecKeyPtr
+xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyStorePtr* ss;
+ xmlSecKeyPtr key = NULL;
+ xmlSecKeyPtr retval = NULL;
+ xmlSecKeyReqPtr keyReq = NULL;
+ CERTCertificate *cert = NULL;
+ SECKEYPublicKey *pubkey = NULL;
+ SECKEYPrivateKey *privkey = NULL;
+ xmlSecKeyDataPtr data = NULL;
+ xmlSecKeyDataPtr x509Data = NULL;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), NULL);
+ xmlSecAssert2(keyInfoCtx != NULL, NULL);
+
+ ss = xmlSecNssKeysStoreGetSS(store);
+ xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL);
+
+ key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx);
+ if (key != NULL) {
+ return (key);
+ }
+
+ /* Try to find the key in the NSS DB, and construct an xmlSecKey.
+ * we must have a name to lookup keys in NSS DB.
+ */
+ if (name == NULL) {
+ goto done;
+ }
+
+ /* what type of key are we looking for?
+ * TBD: For now, we'll look only for public/private keys using the
+ * name as a cert nickname. Later on, we can attempt to find
+ * symmetric keys using PK11_FindFixedKey
+ */
+ keyReq = &(keyInfoCtx->keyReq);
+ if (keyReq->keyType &
+ (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) {
+ cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name);
+ if (cert == NULL) {
+ goto done;
+ }
+
+ if (keyReq->keyType & xmlSecKeyDataTypePublic) {
+ pubkey = CERT_ExtractPublicKey(cert);
+ if (pubkey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CERT_ExtractPublicKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ }
+
+ if (keyReq->keyType & xmlSecKeyDataTypePrivate) {
+ privkey = PK11_FindKeyByAnyCert(cert, NULL);
+ if (privkey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_FindKeyByAnyCert",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ }
+
+ data = xmlSecNssPKIAdoptKey(privkey, pubkey);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssPKIAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ privkey = NULL;
+ pubkey = NULL;
+
+ key = xmlSecKeyCreate();
+ if (key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (NULL);
+ }
+
+ x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id);
+ if(x509Data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id)));
+ goto done;
+ }
+
+ ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert);
+ if (ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKeyDataX509AdoptKeyCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+ cert = CERT_DupCertificate(cert);
+ if (cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CERT_DupCertificate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+
+ ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert);
+ if (ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+ cert = NULL;
+
+ ret = xmlSecKeySetValue(key, data);
+ if (ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
+ goto done;
+ }
+ data = NULL;
+
+ ret = xmlSecKeyAdoptData(key, x509Data);
+ if (ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyAdoptData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+ x509Data = NULL;
+
+ retval = key;
+ key = NULL;
+ }
+
+done:
+ if (cert != NULL) {
+ CERT_DestroyCertificate(cert);
+ }
+ if (pubkey != NULL) {
+ SECKEY_DestroyPublicKey(pubkey);
+ }
+ if (privkey != NULL) {
+ SECKEY_DestroyPrivateKey(privkey);
+ }
+ if (data != NULL) {
+ xmlSecKeyDataDestroy(data);
+ }
+ if (x509Data != NULL) {
+ xmlSecKeyDataDestroy(x509Data);
+ }
+ if (key != NULL) {
+ xmlSecKeyDestroy(key);
+ }
+
+ return (retval);
+}
diff --git a/src/nss/keytrans.c b/src/nss/keytrans.c
new file mode 100644
index 00000000..d84593b9
--- /dev/null
+++ b/src/nss/keytrans.c
@@ -0,0 +1,753 @@
+/**
+ *
+ * XMLSec library
+ *
+ * AES Algorithm support
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright .................................
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <nss.h>
+#include <pk11func.h>
+#include <keyhi.h>
+#include <key.h>
+#include <hasht.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/nss/crypto.h>
+#include <xmlsec/nss/pkikeys.h>
+
+/*********************************************************************
+ *
+ * Key transport transforms
+ *
+ ********************************************************************/
+typedef struct _xmlSecNssKeyTransportCtx xmlSecNssKeyTransportCtx;
+typedef struct _xmlSecNssKeyTransportCtx* xmlSecNssKeyTransportCtxPtr;
+
+#define xmlSecNssKeyTransportSize \
+ ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyTransportCtx ) )
+#define xmlSecNssKeyTransportGetCtx( transform ) \
+ ( ( xmlSecNssKeyTransportCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) )
+
+struct _xmlSecNssKeyTransportCtx {
+ CK_MECHANISM_TYPE cipher ;
+ SECKEYPublicKey* pubkey ;
+ SECKEYPrivateKey* prikey ;
+ xmlSecKeyDataId keyId ;
+ xmlSecBufferPtr material ; /* to be encrypted/decrypted material */
+} ;
+
+static int xmlSecNssKeyTransportInitialize (xmlSecTransformPtr transform);
+static void xmlSecNssKeyTransportFinalize (xmlSecTransformPtr transform);
+static int xmlSecNssKeyTransportSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecNssKeyTransportSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecNssKeyTransportExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+
+static int
+xmlSecNssKeyTransportCheckId(xmlSecTransformPtr transform) {
+
+#ifndef XMLSEC_NO_RSA
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaPkcs1Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_RSA */
+
+/* aleksey, April 2010: NSS 3.12.6 has CKM_RSA_PKCS_OAEP algorithm but
+ it doesn't implement the SHA1 OAEP PKCS we need
+
+ https://bugzilla.mozilla.org/show_bug.cgi?id=158747
+*/
+#ifdef XMLSEC_NSS_RSA_OAEP_TODO
+#ifndef XMLSEC_NO_RSA
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaOaepId)) {
+ return (1);
+ }
+#endif /* XMLSEC_NO_RSA */
+#endif /* XMLSEC_NSS_RSA_OAEP_TODO */
+
+ /* not found */
+ return(0);
+}
+
+static int
+xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform) {
+ xmlSecNssKeyTransportCtxPtr context ;
+ xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1);
+
+ context = xmlSecNssKeyTransportGetCtx( transform ) ;
+ xmlSecAssert2( context != NULL , -1 ) ;
+
+ /* initialize context */
+ memset(context, 0, sizeof(xmlSecNssKeyTransportCtx));
+
+#ifndef XMLSEC_NO_RSA
+ if(transform->id == xmlSecNssTransformRsaPkcs1Id) {
+ context->cipher = CKM_RSA_PKCS;
+ context->keyId = xmlSecNssKeyDataRsaId;
+ } else
+#endif /* XMLSEC_NO_RSA */
+
+/* aleksey, April 2010: NSS 3.12.6 has CKM_RSA_PKCS_OAEP algorithm but
+ it doesn't implement the SHA1 OAEP PKCS we need
+
+ https://bugzilla.mozilla.org/show_bug.cgi?id=158747
+*/
+#ifdef XMLSEC_NSS_RSA_OAEP_TODO
+#ifndef XMLSEC_NO_RSA
+ if(transform->id == xmlSecNssTransformRsaOaepId) {
+ context->cipher = CKM_RSA_PKCS_OAEP;
+ context->keyId = xmlSecNssKeyDataRsaId;
+ } else
+#endif /* XMLSEC_NO_RSA */
+#endif /* XMLSEC_NSS_RSA_OAEP_TODO */
+
+ /* not found */
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ return(0);
+}
+
+static void
+xmlSecNssKeyTransportFinalize(xmlSecTransformPtr transform) {
+ xmlSecNssKeyTransportCtxPtr context ;
+
+ xmlSecAssert(xmlSecNssKeyTransportCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize));
+
+ context = xmlSecNssKeyTransportGetCtx( transform ) ;
+ xmlSecAssert( context != NULL ) ;
+
+ if( context->pubkey != NULL ) {
+ SECKEY_DestroyPublicKey( context->pubkey ) ;
+ context->pubkey = NULL ;
+ }
+
+ if( context->prikey != NULL ) {
+ SECKEY_DestroyPrivateKey( context->prikey ) ;
+ context->prikey = NULL ;
+ }
+
+ if( context->material != NULL ) {
+ xmlSecBufferDestroy(context->material);
+ context->material = NULL ;
+ }
+}
+
+static int
+xmlSecNssKeyTransportSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecNssKeyTransportCtxPtr context ;
+
+ xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ context = xmlSecNssKeyTransportGetCtx( transform ) ;
+ xmlSecAssert2( context != NULL , -1 ) ;
+
+ keyReq->keyId = context->keyId;
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+ keyReq->keyType = xmlSecKeyDataTypePublic;
+ } else {
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+ keyReq->keyType = xmlSecKeyDataTypePrivate;
+ }
+
+ return(0);
+}
+
+static int
+xmlSecNssKeyTransportSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecNssKeyTransportCtxPtr context = NULL ;
+ xmlSecKeyDataPtr keyData = NULL ;
+ SECKEYPublicKey* pubkey = NULL ;
+ SECKEYPrivateKey* prikey = NULL ;
+
+ xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ context = xmlSecNssKeyTransportGetCtx( transform ) ;
+ if( (context == NULL) || (context->keyId == NULL) || (context->pubkey != NULL) ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ "xmlSecNssKeyTransportGetCtx" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+ xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ;
+
+ keyData = xmlSecKeyGetValue( key ) ;
+ if( keyData == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) ,
+ "xmlSecKeyGetValue" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ if( ( pubkey = xmlSecNssPKIKeyDataGetPubKey( keyData ) ) == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
+ "xmlSecNssPKIKeyDataGetPubKey" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ context->pubkey = pubkey ;
+ } else {
+ if( ( prikey = xmlSecNssPKIKeyDataGetPrivKey( keyData ) ) == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
+ "xmlSecNssPKIKeyDataGetPrivKey" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ context->prikey = prikey ;
+ }
+
+ return(0) ;
+}
+
+static int
+xmlSecNssKeyTransportCtxInit(
+ xmlSecNssKeyTransportCtxPtr ctx ,
+ xmlSecBufferPtr in ,
+ xmlSecBufferPtr out ,
+ int encrypt ,
+ xmlSecTransformCtxPtr transformCtx
+) {
+ int blockSize ;
+
+ xmlSecAssert2( ctx != NULL , -1 ) ;
+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
+ xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ;
+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
+ xmlSecAssert2( in != NULL , -1 ) ;
+ xmlSecAssert2( out != NULL , -1 ) ;
+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
+
+ if( ctx->material != NULL ) {
+ xmlSecBufferDestroy( ctx->material ) ;
+ ctx->material = NULL ;
+ }
+
+ if( ctx->pubkey != NULL ) {
+ blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ;
+ } else if( ctx->prikey != NULL ) {
+ blockSize = PK11_SignatureLen( ctx->prikey ) ;
+ } else {
+ blockSize = -1 ;
+ }
+
+ if( blockSize < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ ctx->material = xmlSecBufferCreate( blockSize ) ;
+ if( ctx->material == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferCreate" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ /* read raw key material into context */
+ if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferSetData" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferRemoveHead" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecNssKeyTransportCtxUpdate(
+ xmlSecNssKeyTransportCtxPtr ctx ,
+ xmlSecBufferPtr in ,
+ xmlSecBufferPtr out ,
+ int encrypt ,
+ xmlSecTransformCtxPtr transformCtx
+) {
+ xmlSecAssert2( ctx != NULL , -1 ) ;
+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
+ xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ;
+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
+ xmlSecAssert2( ctx->material != NULL , -1 ) ;
+ xmlSecAssert2( in != NULL , -1 ) ;
+ xmlSecAssert2( out != NULL , -1 ) ;
+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
+
+ /* read raw key material and append into context */
+ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferAppend" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferRemoveHead" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecNssKeyTransportCtxFinal(xmlSecNssKeyTransportCtxPtr ctx, xmlSecBufferPtr in, xmlSecBufferPtr out,
+ int encrypt, xmlSecTransformCtxPtr transformCtx) {
+ PK11SymKey* symKey ;
+ PK11SlotInfo* slot ;
+ SECItem oriskv ;
+ int blockSize ;
+ xmlSecBufferPtr result ;
+
+ xmlSecAssert2( ctx != NULL , -1 ) ;
+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
+ xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ;
+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
+ xmlSecAssert2( ctx->material != NULL , -1 ) ;
+ xmlSecAssert2( in != NULL , -1 ) ;
+ xmlSecAssert2( out != NULL , -1 ) ;
+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
+
+ /* read raw key material and append into context */
+ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferAppend" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferRemoveHead" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ /* Now we get all of the key materail */
+ /* from now on we will wrap or unwrap the key */
+ if( ctx->pubkey != NULL ) {
+ blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ;
+ } else if( ctx->prikey != NULL ) {
+ blockSize = PK11_SignatureLen( ctx->prikey ) ;
+ } else {
+ blockSize = -1 ;
+ }
+
+ if( blockSize < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_GetBlockSize" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ result = xmlSecBufferCreate( blockSize * 2 ) ;
+ if( result == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL,
+ "xmlSecBufferCreate" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE) ;
+ return(-1);
+ }
+
+ oriskv.type = siBuffer ;
+ oriskv.data = xmlSecBufferGetData( ctx->material ) ;
+ oriskv.len = xmlSecBufferGetSize( ctx->material ) ;
+
+ if( encrypt != 0 ) {
+ CK_OBJECT_HANDLE id ;
+ SECItem wrpskv ;
+
+ /* Create template symmetric key from material */
+ slot = ctx->pubkey->pkcs11Slot;
+ if( slot == NULL ) {
+ slot = PK11_GetBestSlot( ctx->cipher, NULL ) ;
+ if( slot == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssSlotGet" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecBufferDestroy(result);
+ return(-1);
+ }
+
+ id = PK11_ImportPublicKey( slot, ctx->pubkey, PR_FALSE ) ;
+ if( id == CK_INVALID_HANDLE ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_ImportPublicKey" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecBufferDestroy(result);
+ PK11_FreeSlot( slot ) ;
+ return(-1);
+ }
+ }
+
+ /* pay attention to mechanism */
+ symKey = PK11_ImportSymKey( slot, ctx->cipher, PK11_OriginUnwrap, CKA_WRAP, &oriskv, NULL ) ;
+ if( symKey == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_ImportSymKey" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecBufferDestroy(result);
+ PK11_FreeSlot( slot ) ;
+ return(-1);
+ }
+
+ wrpskv.type = siBuffer ;
+ wrpskv.data = xmlSecBufferGetData( result ) ;
+ wrpskv.len = xmlSecBufferGetMaxSize( result ) ;
+
+ if( PK11_PubWrapSymKey( ctx->cipher, ctx->pubkey, symKey, &wrpskv ) != SECSuccess ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_PubWrapSymKey" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ PK11_FreeSymKey( symKey ) ;
+ xmlSecBufferDestroy(result);
+ PK11_FreeSlot( slot ) ;
+ return(-1);
+ }
+
+ if( xmlSecBufferSetSize( result , wrpskv.len ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferSetSize" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ PK11_FreeSymKey( symKey ) ;
+ xmlSecBufferDestroy(result);
+ PK11_FreeSlot( slot ) ;
+ return(-1);
+ }
+ PK11_FreeSymKey( symKey ) ;
+ PK11_FreeSlot( slot ) ;
+ } else {
+ SECItem* keyItem ;
+
+ /* pay attention to mechanism */
+ symKey = PK11_PubUnwrapSymKey( ctx->prikey, &oriskv, ctx->cipher, CKA_UNWRAP, 0 );
+ if( symKey == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_PubUnwrapSymKey" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecBufferDestroy(result);
+ return(-1);
+ }
+
+ /* Extract raw data from symmetric key */
+ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_ExtractKeyValue" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ PK11_FreeSymKey( symKey ) ;
+ xmlSecBufferDestroy(result);
+ return(-1);
+ }
+
+ keyItem = PK11_GetKeyData( symKey );
+ if( keyItem == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_GetKeyData" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ PK11_FreeSymKey( symKey ) ;
+ xmlSecBufferDestroy(result);
+ return(-1);
+ }
+
+ if( xmlSecBufferSetData( result, keyItem->data, keyItem->len ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_PubUnwrapSymKey" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ PK11_FreeSymKey( symKey ) ;
+ xmlSecBufferDestroy(result);
+ return(-1);
+ }
+ PK11_FreeSymKey( symKey ) ;
+ }
+
+ /* Write output */
+ if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferAppend" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecBufferDestroy(result);
+ return(-1);
+ }
+ xmlSecBufferDestroy(result);
+
+ return(0);
+}
+
+static int
+xmlSecNssKeyTransportExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecNssKeyTransportCtxPtr context = NULL ;
+ xmlSecBufferPtr inBuf, outBuf ;
+ int operation ;
+ int rtv ;
+
+ xmlSecAssert2( xmlSecNssKeyTransportCheckId( transform ), -1 ) ;
+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyTransportSize ), -1 ) ;
+ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
+
+ context = xmlSecNssKeyTransportGetCtx( transform ) ;
+ if( context == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ "xmlSecNssKeyTransportGetCtx" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ inBuf = &( transform->inBuf ) ;
+ outBuf = &( transform->outBuf ) ;
+
+ if( transform->status == xmlSecTransformStatusNone ) {
+ transform->status = xmlSecTransformStatusWorking ;
+ }
+
+ operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ;
+ if( transform->status == xmlSecTransformStatusWorking ) {
+ if( context->material == NULL ) {
+ rtv = xmlSecNssKeyTransportCtxInit( context, inBuf , outBuf , operation , transformCtx ) ;
+ if( rtv < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ "xmlSecNssKeyTransportCtxInit" ,
+ XMLSEC_ERRORS_R_INVALID_STATUS ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+ }
+
+ if( (context->material == NULL) && (last != 0) ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ NULL ,
+ XMLSEC_ERRORS_R_INVALID_STATUS ,
+ "No enough data to intialize transform" ) ;
+ return(-1);
+ }
+
+ if( context->material != NULL ) {
+ rtv = xmlSecNssKeyTransportCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ;
+ if( rtv < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ "xmlSecNssKeyTransportCtxUpdate" ,
+ XMLSEC_ERRORS_R_INVALID_STATUS ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+ }
+
+ if( last ) {
+ rtv = xmlSecNssKeyTransportCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ;
+ if( rtv < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ "xmlSecNssKeyTransportCtxFinal" ,
+ XMLSEC_ERRORS_R_INVALID_STATUS ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+ transform->status = xmlSecTransformStatusFinished ;
+ }
+ } else if( transform->status == xmlSecTransformStatusFinished ) {
+ if( xmlSecBufferGetSize( inBuf ) != 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ NULL ,
+ XMLSEC_ERRORS_R_INVALID_STATUS ,
+ "status=%d", transform->status ) ;
+ return(-1);
+ }
+ } else {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ NULL ,
+ XMLSEC_ERRORS_R_INVALID_STATUS ,
+ "status=%d", transform->status ) ;
+ return(-1);
+ }
+
+ return(0);
+}
+
+
+#ifndef XMLSEC_NO_RSA
+static xmlSecTransformKlass xmlSecNssRsaPkcs1Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssKeyTransportSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaPkcs1, /* const xmlChar* name; */
+ xmlSecHrefRsaPkcs1, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecNssKeyTransportInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssKeyTransportFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssKeyTransportSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecNssKeyTransportSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssKeyTransportExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformRsaPkcs1GetKlass:
+ *
+ * The RSA-PKCS1 key transport transform klass.
+ *
+ * Returns: RSA-PKCS1 key transport transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformRsaPkcs1GetKlass(void) {
+ return(&xmlSecNssRsaPkcs1Klass);
+}
+#endif /* XMLSEC_NO_RSA */
+
+/* aleksey, April 2010: NSS 3.12.6 has CKM_RSA_PKCS_OAEP algorithm but
+ it doesn't implement the SHA1 OAEP PKCS we need
+
+ https://bugzilla.mozilla.org/show_bug.cgi?id=158747
+*/
+#ifdef XMLSEC_NSS_RSA_OAEP_TODO
+#ifndef XMLSEC_NO_RSA
+static xmlSecTransformKlass xmlSecNssRsaOaepKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssKeyTransportSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaOaep, /* const xmlChar* name; */
+ xmlSecHrefRsaOaep, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecNssKeyTransportInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssKeyTransportFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssKeyTransportSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecNssKeyTransportSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssKeyTransportExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformRsaOaepGetKlass:
+ *
+ * The RSA-PKCS1 key transport transform klass.
+ *
+ * Returns: RSA-PKCS1 key transport transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformRsaOaepGetKlass(void) {
+ return(&xmlSecNssRsaOaepKlass);
+}
+#endif /* XMLSEC_NO_RSA */
+#endif /* XMLSEC_NSS_RSA_OAEP_TODO */
+
diff --git a/src/nss/kw_aes.c b/src/nss/kw_aes.c
new file mode 100644
index 00000000..0438e306
--- /dev/null
+++ b/src/nss/kw_aes.c
@@ -0,0 +1,681 @@
+/**
+ *
+ * XMLSec library
+ *
+ * AES Algorithm support
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (c) 2003 America Online, Inc. All rights reserved.
+ * Copyright (C) 2010 Aleksey Sanin, All rights reserved.
+ */
+#ifndef XMLSEC_NO_AES
+
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <nss.h>
+#include <pk11func.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/nss/crypto.h>
+
+#include "../kw_aes_des.h"
+
+/*
+ * NSS needs to implement AES KW internally and then the code
+ * needs to change to use the direct implementation instead.
+ *
+ * Follow the NSS bug system for more details on the fix
+ * http://bugzilla.mozilla.org/show_bug.cgi?id=213795
+ */
+/*********************************************************************
+ *
+ * AES KW implementation
+ *
+ *********************************************************************/
+static int xmlSecNSSKWAesBlockEncrypt (const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize,
+ void * context);
+static int xmlSecNSSKWAesBlockDecrypt (const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize,
+ void * context);
+static xmlSecKWAesKlass xmlSecNssKWAesKlass = {
+ /* callbacks */
+ xmlSecNSSKWAesBlockEncrypt, /* xmlSecKWAesBlockEncryptMethod encrypt; */
+ xmlSecNSSKWAesBlockDecrypt, /* xmlSecKWAesBlockDecryptMethod decrypt; */
+
+ /* for the future */
+ NULL, /* void* reserved0; */
+ NULL /* void* reserved1; */
+};
+
+
+
+
+static PK11SymKey* xmlSecNssMakeAesKey (const xmlSecByte *key,
+ xmlSecSize keySize,
+ int enc);
+static int xmlSecNssAesOp (PK11SymKey *aeskey,
+ const xmlSecByte *in,
+ xmlSecByte *out,
+ int enc);
+
+
+/*********************************************************************
+ *
+ * AES KW transforms
+ *
+ ********************************************************************/
+typedef struct _xmlSecNssKWAesCtx xmlSecNssKWAesCtx,
+ *xmlSecNssKWAesCtxPtr;
+struct _xmlSecNssKWAesCtx {
+ xmlSecBuffer keyBuffer;
+ xmlSecSize keyExpectedSize;
+};
+#define xmlSecNssKWAesSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecNssKWAesCtx))
+#define xmlSecNssKWAesGetCtx(transform) \
+ ((xmlSecNssKWAesCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+#define xmlSecNssKWAesCheckId(transform) \
+ (xmlSecTransformCheckId((transform), xmlSecNssTransformKWAes128Id) || \
+ xmlSecTransformCheckId((transform), xmlSecNssTransformKWAes192Id) || \
+ xmlSecTransformCheckId((transform), xmlSecNssTransformKWAes256Id))
+
+
+static int xmlSecNssKWAesInitialize (xmlSecTransformPtr transform);
+static void xmlSecNssKWAesFinalize (xmlSecTransformPtr transform);
+static int xmlSecNssKWAesSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecNssKWAesSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecNssKWAesExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+
+static xmlSecTransformKlass xmlSecNssKWAes128Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes128, /* const xmlChar* name; */
+ xmlSecHrefKWAes128, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecNssKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecNssKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformKWAes128GetKlass:
+ *
+ * The AES-128 key wrapper transform klass.
+ *
+ * Returns: AES-128 key wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformKWAes128GetKlass(void) {
+ return(&xmlSecNssKWAes128Klass);
+}
+
+static xmlSecTransformKlass xmlSecNssKWAes192Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes192, /* const xmlChar* name; */
+ xmlSecHrefKWAes192, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecNssKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecNssKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformKWAes192GetKlass:
+ *
+ * The AES-192 key wrapper transform klass.
+ *
+ * Returns: AES-192 key wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformKWAes192GetKlass(void) {
+ return(&xmlSecNssKWAes192Klass);
+}
+
+static xmlSecTransformKlass xmlSecNssKWAes256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes256, /* const xmlChar* name; */
+ xmlSecHrefKWAes256, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecNssKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecNssKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformKWAes256GetKlass:
+ *
+ * The AES-256 key wrapper transform klass.
+ *
+ * Returns: AES-256 key wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformKWAes256GetKlass(void) {
+ return(&xmlSecNssKWAes256Klass);
+}
+
+static int
+xmlSecNssKWAesInitialize(xmlSecTransformPtr transform) {
+ xmlSecNssKWAesCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecNssKWAesCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKWAesSize), -1);
+
+ ctx = xmlSecNssKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) {
+ ctx->keyExpectedSize = XMLSEC_KW_AES128_KEY_SIZE;
+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) {
+ ctx->keyExpectedSize = XMLSEC_KW_AES192_KEY_SIZE;
+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
+ ctx->keyExpectedSize = XMLSEC_KW_AES256_KEY_SIZE;
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static void
+xmlSecNssKWAesFinalize(xmlSecTransformPtr transform) {
+ xmlSecNssKWAesCtxPtr ctx;
+
+ xmlSecAssert(xmlSecNssKWAesCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKWAesSize));
+
+ ctx = xmlSecNssKWAesGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ xmlSecBufferFinalize(&(ctx->keyBuffer));
+}
+
+static int
+xmlSecNssKWAesSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecNssKWAesCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecNssKWAesCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKWAesSize), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ ctx = xmlSecNssKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keyReq->keyId = xmlSecNssKeyDataAesId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+ } else {
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+ }
+ keyReq->keyBitsSize = 8 * ctx->keyExpectedSize;
+
+ return(0);
+}
+
+static int
+xmlSecNssKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecNssKWAesCtxPtr ctx;
+ xmlSecBufferPtr buffer;
+ xmlSecSize keySize;
+ int ret;
+
+ xmlSecAssert2(xmlSecNssKWAesCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKWAesSize), -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecNssKeyDataAesId), -1);
+
+ ctx = xmlSecNssKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
+ xmlSecAssert2(buffer != NULL, -1);
+
+ keySize = xmlSecBufferGetSize(buffer);
+ if(keySize < ctx->keyExpectedSize) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "key=%d;expected=%d",
+ keySize, ctx->keyExpectedSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferSetData(&(ctx->keyBuffer),
+ xmlSecBufferGetData(buffer),
+ ctx->keyExpectedSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "expected-size=%d",
+ ctx->keyExpectedSize);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecNssKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecNssKWAesCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ xmlSecSize inSize, outSize, keySize;
+ int ret;
+
+ xmlSecAssert2(xmlSecNssKWAesCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKWAesSize), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecNssKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keySize = xmlSecBufferGetSize(&(ctx->keyBuffer));
+ xmlSecAssert2(keySize == ctx->keyExpectedSize, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+ xmlSecAssert2(outSize == 0, -1);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
+ /* just do nothing */
+ } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
+ if((inSize % 8) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "size=%d(not 8 bytes aligned)", inSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ /* the encoded key might be 8 bytes longer plus 8 bytes just in case */
+ outSize = inSize + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE +
+ XMLSEC_KW_AES_BLOCK_SIZE;
+ } else {
+ outSize = inSize + XMLSEC_KW_AES_BLOCK_SIZE;
+ }
+
+ ret = xmlSecBufferSetMaxSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "outSize=%d", outSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ PK11SymKey *aeskey = NULL;
+
+ /* create key */
+ aeskey = xmlSecNssMakeAesKey(xmlSecBufferGetData(&(ctx->keyBuffer)), keySize, 1); /* encrypt */
+ if(aeskey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssMakeAesKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+
+ /* encrypt */
+ ret = xmlSecKWAesEncode(&xmlSecNssKWAesKlass, aeskey,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWAesEncode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ PK11_FreeSymKey(aeskey);
+ return(-1);
+ }
+
+ outSize = ret;
+ PK11_FreeSymKey(aeskey);
+ } else {
+ PK11SymKey *aeskey = NULL;
+
+ /* create key */
+ aeskey = xmlSecNssMakeAesKey(xmlSecBufferGetData(&(ctx->keyBuffer)), keySize, 0); /* decrypt */
+ if(aeskey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssMakeAesKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* decrypt */
+ ret = xmlSecKWAesDecode(&xmlSecNssKWAesKlass, aeskey,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWAesDecode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ PK11_FreeSymKey(aeskey);
+ return(-1);
+ }
+
+ outSize = ret;
+ PK11_FreeSymKey(aeskey);
+ }
+
+ ret = xmlSecBufferSetSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "outSize=%d", outSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "inSize%d", inSize);
+ return(-1);
+ }
+
+ transform->status = xmlSecTransformStatusFinished;
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+ return(0);
+}
+
+/*********************************************************************
+ *
+ * AES KW implementation
+ *
+ *********************************************************************/
+static int
+xmlSecNSSKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize,
+ void * context) {
+ PK11SymKey *aeskey = (PK11SymKey *)context;
+ int ret;
+
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize >= XMLSEC_KW_AES_BLOCK_SIZE, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= XMLSEC_KW_AES_BLOCK_SIZE, -1);
+ xmlSecAssert2(aeskey != NULL, -1);
+
+ /* one block */
+ ret = xmlSecNssAesOp(aeskey, in, out, 1); /* encrypt */
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAesOp",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(XMLSEC_KW_AES_BLOCK_SIZE);
+}
+
+static int
+xmlSecNSSKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize,
+ void * context) {
+ PK11SymKey *aeskey = (PK11SymKey *)context;
+ int ret;
+
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize >= XMLSEC_KW_AES_BLOCK_SIZE, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= XMLSEC_KW_AES_BLOCK_SIZE, -1);
+ xmlSecAssert2(aeskey != NULL, -1);
+
+ /* one block */
+ ret = xmlSecNssAesOp(aeskey, in, out, 0); /* decrypt */
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssAesOp",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(XMLSEC_KW_AES_BLOCK_SIZE);
+}
+
+static PK11SymKey *
+xmlSecNssMakeAesKey(const xmlSecByte *key, xmlSecSize keySize, int enc) {
+ CK_MECHANISM_TYPE cipherMech;
+ PK11SlotInfo* slot = NULL;
+ PK11SymKey* aeskey = NULL;
+ SECItem keyItem;
+
+ xmlSecAssert2(key != NULL, NULL);
+ xmlSecAssert2(keySize > 0, NULL);
+
+ cipherMech = CKM_AES_ECB;
+ slot = PK11_GetBestSlot(cipherMech, NULL);
+ if (slot == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_GetBestSlot",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ keyItem.data = (unsigned char *)key;
+ keyItem.len = keySize;
+ aeskey = PK11_ImportSymKey(slot, cipherMech, PK11_OriginUnwrap,
+ enc ? CKA_ENCRYPT : CKA_DECRYPT, &keyItem, NULL);
+ if (aeskey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_ImportSymKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+done:
+ if (slot) {
+ PK11_FreeSlot(slot);
+ }
+
+ return(aeskey);
+}
+
+/* encrypt a block (XMLSEC_KW_AES_BLOCK_SIZE), in and out can overlap */
+static int
+xmlSecNssAesOp(PK11SymKey *aeskey, const xmlSecByte *in, xmlSecByte *out, int enc) {
+
+ CK_MECHANISM_TYPE cipherMech;
+ SECItem* SecParam = NULL;
+ PK11Context* EncContext = NULL;
+ SECStatus rv;
+ int tmp1_outlen;
+ unsigned int tmp2_outlen;
+ int ret = -1;
+
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+
+ cipherMech = CKM_AES_ECB;
+ SecParam = PK11_ParamFromIV(cipherMech, NULL);
+ if (SecParam == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_ParamFromIV",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ EncContext = PK11_CreateContextBySymKey(cipherMech,
+ enc ? CKA_ENCRYPT : CKA_DECRYPT,
+ aeskey, SecParam);
+ if (EncContext == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_CreateContextBySymKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ tmp1_outlen = tmp2_outlen = 0;
+ rv = PK11_CipherOp(EncContext, out, &tmp1_outlen,
+ XMLSEC_KW_AES_BLOCK_SIZE, (unsigned char *)in,
+ XMLSEC_KW_AES_BLOCK_SIZE);
+ if (rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_CipherOp",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ rv = PK11_DigestFinal(EncContext, out+tmp1_outlen,
+ &tmp2_outlen, XMLSEC_KW_AES_BLOCK_SIZE-tmp1_outlen);
+ if (rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_DigestFinal",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* done - success! */
+ ret = 0;
+
+done:
+ if (SecParam) {
+ SECITEM_FreeItem(SecParam, PR_TRUE);
+ }
+ if (EncContext) {
+ PK11_DestroyContext(EncContext, PR_TRUE);
+ }
+
+ return (ret);
+}
+
+
+#endif /* XMLSEC_NO_AES */
diff --git a/src/nss/kw_des.c b/src/nss/kw_des.c
new file mode 100644
index 00000000..e75f69c9
--- /dev/null
+++ b/src/nss/kw_des.c
@@ -0,0 +1,663 @@
+/**
+ *
+ * XMLSec library
+ *
+ * DES KW Algorithm support
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (c) 2003 America Online, Inc. All rights reserved.
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef XMLSEC_NO_DES
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <nss.h>
+#include <pk11func.h>
+#include <hasht.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/nss/crypto.h>
+
+#include "../kw_aes_des.h"
+
+/*********************************************************************
+ *
+ * DES KW implementation
+ *
+ *********************************************************************/
+static int xmlSecNssKWDes3GenerateRandom (void * context,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+static int xmlSecNssKWDes3Sha1 (void * context,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+static int xmlSecNssKWDes3BlockEncrypt (void * context,
+ const xmlSecByte * iv,
+ xmlSecSize ivSize,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+static int xmlSecNssKWDes3BlockDecrypt (void * context,
+ const xmlSecByte * iv,
+ xmlSecSize ivSize,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+
+static xmlSecKWDes3Klass xmlSecNssKWDes3ImplKlass = {
+ /* callbacks */
+ xmlSecNssKWDes3GenerateRandom, /* xmlSecKWDes3GenerateRandomMethod generateRandom; */
+ xmlSecNssKWDes3Sha1, /* xmlSecKWDes3Sha1Method sha1; */
+ xmlSecNssKWDes3BlockEncrypt, /* xmlSecKWDes3BlockEncryptMethod encrypt; */
+ xmlSecNssKWDes3BlockDecrypt, /* xmlSecKWDes3BlockDecryptMethod decrypt; */
+
+ /* for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+static int xmlSecNssKWDes3Encrypt (const xmlSecByte *key,
+ xmlSecSize keySize,
+ const xmlSecByte *iv,
+ xmlSecSize ivSize,
+ const xmlSecByte *in,
+ xmlSecSize inSize,
+ xmlSecByte *out,
+ xmlSecSize outSize,
+ int enc);
+
+
+/*********************************************************************
+ *
+ * Triple DES Key Wrap transform
+ *
+ * key (xmlSecBuffer) is located after xmlSecTransform structure
+ *
+ ********************************************************************/
+typedef struct _xmlSecNssKWDes3Ctx xmlSecNssKWDes3Ctx,
+ *xmlSecNssKWDes3CtxPtr;
+struct _xmlSecNssKWDes3Ctx {
+ xmlSecBuffer keyBuffer;
+};
+#define xmlSecNssKWDes3Size \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecNssKWDes3Ctx))
+#define xmlSecNssKWDes3GetCtx(transform) \
+ ((xmlSecNssKWDes3CtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecNssKWDes3Initialize (xmlSecTransformPtr transform);
+static void xmlSecNssKWDes3Finalize (xmlSecTransformPtr transform);
+static int xmlSecNssKWDes3SetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecNssKWDes3SetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecNssKWDes3Execute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static xmlSecTransformKlass xmlSecNssKWDes3Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssKWDes3Size, /* xmlSecSize objSize */
+
+ xmlSecNameKWDes3, /* const xmlChar* name; */
+ xmlSecHrefKWDes3, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecNssKWDes3Initialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssKWDes3Finalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssKWDes3SetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecNssKWDes3SetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssKWDes3Execute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformKWDes3GetKlass:
+ *
+ * The Triple DES key wrapper transform klass.
+ *
+ * Returns: Triple DES key wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformKWDes3GetKlass(void) {
+ return(&xmlSecNssKWDes3Klass);
+}
+
+static int
+xmlSecNssKWDes3Initialize(xmlSecTransformPtr transform) {
+ xmlSecNssKWDes3CtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecNssTransformKWDes3Id), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKWDes3Size), -1);
+
+ ctx = xmlSecNssKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static void
+xmlSecNssKWDes3Finalize(xmlSecTransformPtr transform) {
+ xmlSecNssKWDes3CtxPtr ctx;
+
+ xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecNssTransformKWDes3Id));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKWDes3Size));
+
+ ctx = xmlSecNssKWDes3GetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ xmlSecBufferFinalize(&(ctx->keyBuffer));
+}
+
+static int
+xmlSecNssKWDes3SetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecNssKWDes3CtxPtr ctx;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecNssTransformKWDes3Id), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKWDes3Size), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ ctx = xmlSecNssKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keyReq->keyId = xmlSecNssKeyDataDesId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ keyReq->keyUsage= xmlSecKeyUsageEncrypt;
+ } else {
+ keyReq->keyUsage= xmlSecKeyUsageDecrypt;
+ }
+ keyReq->keyBitsSize = 8 * XMLSEC_KW_DES3_KEY_LENGTH;
+ return(0);
+}
+
+static int
+xmlSecNssKWDes3SetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecNssKWDes3CtxPtr ctx;
+ xmlSecBufferPtr buffer;
+ xmlSecSize keySize;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecNssTransformKWDes3Id), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKWDes3Size), -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecNssKeyDataDesId), -1);
+
+ ctx = xmlSecNssKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
+ xmlSecAssert2(buffer != NULL, -1);
+
+ keySize = xmlSecBufferGetSize(buffer);
+ if(keySize < XMLSEC_KW_DES3_KEY_LENGTH) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "key length %d is not enough (%d expected)",
+ keySize, XMLSEC_KW_DES3_KEY_LENGTH);
+ return(-1);
+ }
+
+ ret = xmlSecBufferSetData(&(ctx->keyBuffer), xmlSecBufferGetData(buffer), XMLSEC_KW_DES3_KEY_LENGTH);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", XMLSEC_KW_DES3_KEY_LENGTH);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecNssKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecNssKWDes3CtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ xmlSecSize inSize, outSize, keySize;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecNssTransformKWDes3Id), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKWDes3Size), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecNssKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keySize = xmlSecBufferGetSize(&(ctx->keyBuffer));
+ xmlSecAssert2(keySize == XMLSEC_KW_DES3_KEY_LENGTH, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+ xmlSecAssert2(outSize == 0, -1);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
+ /* just do nothing */
+ } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
+ if((inSize % XMLSEC_KW_DES3_BLOCK_LENGTH) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "%d bytes - not %d bytes aligned",
+ inSize, XMLSEC_KW_DES3_BLOCK_LENGTH);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ /* the encoded key might be 16 bytes longer plus one block just in case */
+ outSize = inSize + XMLSEC_KW_DES3_IV_LENGTH +
+ XMLSEC_KW_DES3_BLOCK_LENGTH +
+ XMLSEC_KW_DES3_BLOCK_LENGTH;
+ } else {
+ /* just in case, add a block */
+ outSize = inSize + XMLSEC_KW_DES3_BLOCK_LENGTH;
+ }
+
+ ret = xmlSecBufferSetMaxSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ ret = xmlSecKWDes3Encode(&xmlSecNssKWDes3ImplKlass, ctx,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWDes3Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "key=%d,in=%d,out=%d",
+ keySize, inSize, outSize);
+ return(-1);
+ }
+ outSize = ret;
+ } else {
+ ret = xmlSecKWDes3Decode(&xmlSecNssKWDes3ImplKlass, ctx,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWDes3Decode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "key=%d,in=%d,out=%d",
+ keySize, inSize, outSize);
+ return(-1);
+ }
+ outSize = ret;
+ }
+
+ ret = xmlSecBufferSetSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+ transform->status = xmlSecTransformStatusFinished;
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+ return(0);
+}
+
+/*********************************************************************
+ *
+ * DES KW implementation
+ *
+ *********************************************************************/
+static int
+xmlSecNssKWDes3Sha1(void * context,
+ const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecNssKWDes3CtxPtr ctx = (xmlSecNssKWDes3CtxPtr)context;
+ PK11Context *pk11ctx = NULL;
+ unsigned int outLen = 0;
+ SECStatus status;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= SHA1_LENGTH, -1);
+
+ /* Create a pk11ctx for hashing (digesting) */
+ pk11ctx = PK11_CreateDigestContext(SEC_OID_SHA1);
+ if (pk11ctx == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_CreateDigestContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ status = PK11_DigestBegin(pk11ctx);
+ if (status != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_DigestBegin",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ PK11_DestroyContext(pk11ctx, PR_TRUE);
+ return(-1);
+ }
+
+ status = PK11_DigestOp(pk11ctx, in, inSize);
+ if (status != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_DigestOp",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ PK11_DestroyContext(pk11ctx, PR_TRUE);
+ return(-1);
+ }
+
+ status = PK11_DigestFinal(pk11ctx, out, &outLen, outSize);
+ if (status != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_DigestFinal",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ PK11_DestroyContext(pk11ctx, PR_TRUE);
+ return(-1);
+ }
+
+ /* done */
+ PK11_DestroyContext(pk11ctx, PR_TRUE);
+ xmlSecAssert2(outLen == SHA1_LENGTH, -1);
+ return(outLen);
+}
+
+static int
+xmlSecNssKWDes3GenerateRandom(void * context,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecNssKWDes3CtxPtr ctx = (xmlSecNssKWDes3CtxPtr)context;
+ SECStatus status;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize > 0, -1);
+
+ status = PK11_GenerateRandom(out, outSize);
+ if(status != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_GenerateRandom",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return((int)outSize);
+}
+
+static int
+xmlSecNssKWDes3BlockEncrypt(void * context,
+ const xmlSecByte * iv, xmlSecSize ivSize,
+ const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecNssKWDes3CtxPtr ctx = (xmlSecNssKWDes3CtxPtr)context;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetData(&(ctx->keyBuffer)) != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetSize(&(ctx->keyBuffer)) >= XMLSEC_KW_DES3_KEY_LENGTH, -1);
+ xmlSecAssert2(iv != NULL, -1);
+ xmlSecAssert2(ivSize >= XMLSEC_KW_DES3_IV_LENGTH, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize, -1);
+
+ ret = xmlSecNssKWDes3Encrypt(xmlSecBufferGetData(&(ctx->keyBuffer)), XMLSEC_KW_DES3_KEY_LENGTH,
+ iv, XMLSEC_KW_DES3_IV_LENGTH,
+ in, inSize,
+ out, outSize,
+ 1); /* encrypt */
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKWDes3Encrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(ret);
+}
+
+static int
+xmlSecNssKWDes3BlockDecrypt(void * context,
+ const xmlSecByte * iv, xmlSecSize ivSize,
+ const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecNssKWDes3CtxPtr ctx = (xmlSecNssKWDes3CtxPtr)context;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetData(&(ctx->keyBuffer)) != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetSize(&(ctx->keyBuffer)) >= XMLSEC_KW_DES3_KEY_LENGTH, -1);
+ xmlSecAssert2(iv != NULL, -1);
+ xmlSecAssert2(ivSize >= XMLSEC_KW_DES3_IV_LENGTH, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize, -1);
+
+ ret = xmlSecNssKWDes3Encrypt(xmlSecBufferGetData(&(ctx->keyBuffer)), XMLSEC_KW_DES3_KEY_LENGTH,
+ iv, XMLSEC_KW_DES3_IV_LENGTH,
+ in, inSize,
+ out, outSize,
+ 0); /* decrypt */
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKWDes3Encrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(ret);
+}
+
+
+
+static int
+xmlSecNssKWDes3Encrypt(const xmlSecByte *key, xmlSecSize keySize,
+ const xmlSecByte *iv, xmlSecSize ivSize,
+ const xmlSecByte *in, xmlSecSize inSize,
+ xmlSecByte *out, xmlSecSize outSize,
+ int enc) {
+ CK_MECHANISM_TYPE cipherMech;
+ PK11SlotInfo* slot = NULL;
+ PK11SymKey* symKey = NULL;
+ SECItem* param = NULL;
+ PK11Context* pk11ctx = NULL;
+ SECItem keyItem, ivItem;
+ SECStatus status;
+ int result_len = -1;
+ int tmp1_outlen;
+ unsigned int tmp2_outlen;
+
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(keySize == XMLSEC_KW_DES3_KEY_LENGTH, -1);
+ xmlSecAssert2(iv != NULL, -1);
+ xmlSecAssert2(ivSize == XMLSEC_KW_DES3_IV_LENGTH, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize, -1);
+
+ cipherMech = CKM_DES3_CBC;
+ slot = PK11_GetBestSlot(cipherMech, NULL);
+ if (slot == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_GetBestSlot",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ keyItem.data = (unsigned char *)key;
+ keyItem.len = keySize;
+ symKey = PK11_ImportSymKey(slot, cipherMech, PK11_OriginUnwrap,
+ enc ? CKA_ENCRYPT : CKA_DECRYPT, &keyItem, NULL);
+ if (symKey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_ImportSymKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ ivItem.data = (unsigned char *)iv;
+ ivItem.len = ivSize;
+
+ param = PK11_ParamFromIV(cipherMech, &ivItem);
+ if (param == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_ParamFromIV",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ pk11ctx = PK11_CreateContextBySymKey(cipherMech,
+ enc ? CKA_ENCRYPT : CKA_DECRYPT,
+ symKey, param);
+ if (pk11ctx == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_CreateContextBySymKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ tmp1_outlen = tmp2_outlen = 0;
+ status = PK11_CipherOp(pk11ctx, out, &tmp1_outlen, outSize,
+ (unsigned char *)in, inSize);
+ if (status != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_CipherOp",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ status = PK11_DigestFinal(pk11ctx, out+tmp1_outlen,
+ &tmp2_outlen, outSize-tmp1_outlen);
+ if (status != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_DigestFinal",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ result_len = tmp1_outlen + tmp2_outlen;
+
+done:
+ if (slot) {
+ PK11_FreeSlot(slot);
+ }
+ if (symKey) {
+ PK11_FreeSymKey(symKey);
+ }
+ if (param) {
+ SECITEM_FreeItem(param, PR_TRUE);
+ }
+ if (pk11ctx) {
+ PK11_DestroyContext(pk11ctx, PR_TRUE);
+ }
+
+ return(result_len);
+}
+
+
+#endif /* XMLSEC_NO_DES */
+
diff --git a/src/nss/pkikeys.c b/src/nss/pkikeys.c
new file mode 100644
index 00000000..ae9e29b4
--- /dev/null
+++ b/src/nss/pkikeys.c
@@ -0,0 +1,1554 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (c) 2003 America Online, Inc. All rights reserved.
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <pk11func.h>
+#include <keyhi.h>
+#include <pk11pqg.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/nss/crypto.h>
+#include <xmlsec/nss/bignum.h>
+#include <xmlsec/nss/pkikeys.h>
+
+/**************************************************************************
+ *
+ * Internal NSS PKI key CTX
+ *
+ *************************************************************************/
+typedef struct _xmlSecNssPKIKeyDataCtx xmlSecNssPKIKeyDataCtx,
+ *xmlSecNssPKIKeyDataCtxPtr;
+struct _xmlSecNssPKIKeyDataCtx {
+ SECKEYPublicKey *pubkey;
+ SECKEYPrivateKey *privkey;
+};
+
+/******************************************************************************
+ *
+ * PKI key (dsa/rsa)
+ *
+ * xmlSecNssPKIKeyDataCtx is located after xmlSecTransform
+ *
+ *****************************************************************************/
+#define xmlSecNssPKIKeyDataSize \
+ (sizeof(xmlSecKeyData) + sizeof(xmlSecNssPKIKeyDataCtx))
+#define xmlSecNssPKIKeyDataGetCtx(data) \
+ ((xmlSecNssPKIKeyDataCtxPtr)(((xmlSecByte*)(data)) + sizeof(xmlSecKeyData)))
+
+
+static int xmlSecNssPKIKeyDataInitialize (xmlSecKeyDataPtr data);
+static void xmlSecNssPKIKeyDataFinalize (xmlSecKeyDataPtr data);
+
+
+static void xmlSecNSSPKIKeyDataCtxFree (xmlSecNssPKIKeyDataCtxPtr ctx);
+static int xmlSecNSSPKIKeyDataCtxDup (xmlSecNssPKIKeyDataCtxPtr ctxDst,
+ xmlSecNssPKIKeyDataCtxPtr ctxSrc);
+static int xmlSecNssPKIKeyDataAdoptKey (xmlSecKeyDataPtr data,
+ SECKEYPrivateKey *privkey,
+ SECKEYPublicKey *pubkey);
+
+
+static int
+xmlSecNssPKIKeyDataInitialize(xmlSecKeyDataPtr data) {
+ xmlSecNssPKIKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssPKIKeyDataSize), -1);
+
+ ctx = xmlSecNssPKIKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecNssPKIKeyDataCtx));
+
+ return(0);
+}
+
+
+static void
+xmlSecNssPKIKeyDataFinalize(xmlSecKeyDataPtr data) {
+ xmlSecNssPKIKeyDataCtxPtr ctx;
+
+ xmlSecAssert(xmlSecKeyDataIsValid(data));
+ xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecNssPKIKeyDataSize));
+
+ ctx = xmlSecNssPKIKeyDataGetCtx(data);
+ xmlSecAssert(ctx != NULL);
+
+ xmlSecNSSPKIKeyDataCtxFree(ctx);
+ memset(ctx, 0, sizeof(xmlSecNssPKIKeyDataCtx));
+}
+
+
+static void
+xmlSecNSSPKIKeyDataCtxFree(xmlSecNssPKIKeyDataCtxPtr ctx)
+{
+ xmlSecAssert(ctx != NULL);
+ if (ctx->privkey != NULL) {
+ SECKEY_DestroyPrivateKey(ctx->privkey);
+ ctx->privkey = NULL;
+ }
+
+ if (ctx->pubkey)
+ {
+ SECKEY_DestroyPublicKey(ctx->pubkey);
+ ctx->pubkey = NULL;
+ }
+
+}
+
+static int
+xmlSecNSSPKIKeyDataCtxDup(xmlSecNssPKIKeyDataCtxPtr ctxDst,
+ xmlSecNssPKIKeyDataCtxPtr ctxSrc)
+{
+ xmlSecNSSPKIKeyDataCtxFree(ctxDst);
+ if (ctxSrc->privkey != NULL) {
+ ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey);
+ if(ctxDst->privkey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "SECKEY_CopyPrivateKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ }
+
+ if (ctxSrc->pubkey != NULL) {
+ ctxDst->pubkey = SECKEY_CopyPublicKey(ctxSrc->pubkey);
+ if(ctxDst->pubkey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "SECKEY_CopyPublicKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ }
+ return (0);
+}
+
+static int
+xmlSecNssPKIKeyDataAdoptKey(xmlSecKeyDataPtr data,
+ SECKEYPrivateKey *privkey,
+ SECKEYPublicKey *pubkey)
+{
+ xmlSecNssPKIKeyDataCtxPtr ctx;
+ KeyType pubType = nullKey ;
+ KeyType priType = nullKey ;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssPKIKeyDataSize), -1);
+
+ if( privkey != NULL ) {
+ priType = SECKEY_GetPrivateKeyType( privkey ) ;
+ }
+
+ if( pubkey != NULL ) {
+ pubType = SECKEY_GetPublicKeyType( pubkey ) ;
+ }
+
+ if( priType != nullKey && pubType != nullKey ) {
+ if( pubType != priType ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ "different type of private and public key" ) ;
+ return -1 ;
+ }
+ }
+
+ ctx = xmlSecNssPKIKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if (ctx->privkey) {
+ SECKEY_DestroyPrivateKey(ctx->privkey);
+ }
+ ctx->privkey = privkey;
+
+ if (ctx->pubkey) {
+ SECKEY_DestroyPublicKey(ctx->pubkey);
+ }
+ ctx->pubkey = pubkey;
+
+ return(0);
+}
+
+/**
+ * xmlSecNssPKIAdoptKey:
+ * @privkey: the NSS Private Key handle
+ * @pubkey: the NSS Public Key handle
+ *
+ * Build a KeyData object from the given Private Key and Public
+ * Key handles.
+ *
+ * Returns: pointer to KeyData object or NULL if an error occurs.
+ */
+xmlSecKeyDataPtr
+xmlSecNssPKIAdoptKey(SECKEYPrivateKey *privkey,
+ SECKEYPublicKey *pubkey)
+{
+ xmlSecKeyDataPtr data = NULL;
+ int ret;
+ KeyType pubType = nullKey ;
+ KeyType priType = nullKey ;
+
+ if( privkey != NULL ) {
+ priType = SECKEY_GetPrivateKeyType( privkey ) ;
+ }
+
+ if( pubkey != NULL ) {
+ pubType = SECKEY_GetPublicKeyType( pubkey ) ;
+ }
+
+ if( priType != nullKey && pubType != nullKey ) {
+ if( pubType != priType ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ "different type of private and public key" ) ;
+ return( NULL ) ;
+ }
+ }
+
+ pubType = priType != nullKey ? priType : pubType ;
+ switch(pubType) {
+#ifndef XMLSEC_NO_RSA
+ case rsaKey:
+ data = xmlSecKeyDataCreate(xmlSecNssKeyDataRsaId);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecNssKeyDataRsaId");
+ return(NULL);
+ }
+ break;
+#endif /* XMLSEC_NO_RSA */
+#ifndef XMLSEC_NO_DSA
+ case dsaKey:
+ data = xmlSecKeyDataCreate(xmlSecNssKeyDataDsaId);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecNssKeyDataDsaId");
+ return(NULL);
+ }
+ break;
+#endif /* XMLSEC_NO_DSA */
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TYPE,
+ "PKI key type %d not supported", pubType);
+ return(NULL);
+ }
+
+ xmlSecAssert2(data != NULL, NULL);
+ ret = xmlSecNssPKIKeyDataAdoptKey(data, privkey, pubkey);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssPKIKeyDataAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ return(NULL);
+ }
+ return(data);
+}
+
+/**
+ * xmlSecNssPKIKeyDataGetPubKey:
+ * @data: the pointer to NSS Key data.
+ *
+ * Gets the Public Key from the key data.
+ *
+ * Returns: pointer to SECKEYPublicKey or NULL if an error occurs.
+ * Caller is responsible for freeing the key when done
+ */
+SECKEYPublicKey *
+xmlSecNssPKIKeyDataGetPubKey(xmlSecKeyDataPtr data) {
+ xmlSecNssPKIKeyDataCtxPtr ctx;
+ SECKEYPublicKey *ret;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), NULL);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssPKIKeyDataSize), NULL);
+
+ ctx = xmlSecNssPKIKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, NULL);
+ xmlSecAssert2(ctx->pubkey != NULL, NULL);
+
+ ret = SECKEY_CopyPublicKey(ctx->pubkey);
+ return(ret);
+}
+
+/**
+ * xmlSecNssPKIKeyDataGetPrivKey:
+ * @data: the pointer to NSS Key data.
+ *
+ * Gets the Private Key from the key data.
+ *
+ * Returns: pointer to SECKEYPrivateKey or NULL if an error occurs.
+ * Caller is responsible for freeing the key when done
+ */
+SECKEYPrivateKey*
+xmlSecNssPKIKeyDataGetPrivKey(xmlSecKeyDataPtr data) {
+ xmlSecNssPKIKeyDataCtxPtr ctx;
+ SECKEYPrivateKey* ret;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), NULL);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssPKIKeyDataSize), NULL);
+
+ ctx = xmlSecNssPKIKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, NULL);
+ xmlSecAssert2(ctx->privkey != NULL, NULL);
+
+ ret = SECKEY_CopyPrivateKey(ctx->privkey);
+ return(ret);
+}
+
+/**
+ * xmlSecNssPKIKeyDataGetKeyType:
+ * @data: the pointer to NSS Key data.
+ *
+ * Gets the Key Type from the key data.
+ *
+ * Returns: Key Type
+ */
+KeyType
+xmlSecNssPKIKeyDataGetKeyType(xmlSecKeyDataPtr data) {
+ xmlSecNssPKIKeyDataCtxPtr ctx;
+ KeyType kt;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), nullKey);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssPKIKeyDataSize), nullKey);
+
+ ctx = xmlSecNssPKIKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, nullKey);
+
+ if (ctx->pubkey != NULL) {
+ kt = SECKEY_GetPublicKeyType(ctx->pubkey);
+ } else {
+ kt = SECKEY_GetPrivateKeyType(ctx->privkey);
+ }
+ return(kt);
+}
+
+/**
+ * xmlSecNssPKIKeyDataDuplicate
+ * @dst: the pointer to NSS Key data to copy to.
+ * @src: the pointer to NSS Key data to copy from.
+ *
+ * Duplicates the keydata from src to dst
+ *
+ * Returns: -1 on error, 0 on success
+ */
+int
+xmlSecNssPKIKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecNssPKIKeyDataCtxPtr ctxDst;
+ xmlSecNssPKIKeyDataCtxPtr ctxSrc;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(dst), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecNssPKIKeyDataSize), -1);
+ xmlSecAssert2(xmlSecKeyDataIsValid(src), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecNssPKIKeyDataSize), -1);
+
+ ctxDst = xmlSecNssPKIKeyDataGetCtx(dst);
+ xmlSecAssert2(ctxDst != NULL, -1);
+
+ ctxSrc = xmlSecNssPKIKeyDataGetCtx(src);
+ xmlSecAssert2(ctxSrc != NULL, -1);
+
+ if (xmlSecNSSPKIKeyDataCtxDup(ctxDst, ctxSrc) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "xmlSecNssPKIKeydataCtxDup",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+#ifndef XMLSEC_NO_DSA
+/**************************************************************************
+ *
+ * <dsig:DSAKeyValue> processing
+ *
+ *
+ * The DSAKeyValue Element (http://www.w3.org/TR/xmldsig-core/#sec-DSAKeyValue)
+ *
+ * DSA keys and the DSA signature algorithm are specified in [DSS].
+ * DSA public key values can have the following fields:
+ *
+ * * P - a prime modulus meeting the [DSS] requirements
+ * * Q - an integer in the range 2**159 < Q < 2**160 which is a prime
+ * divisor of P-1
+ * * G - an integer with certain properties with respect to P and Q
+ * * Y - G**X mod P (where X is part of the private key and not made
+ * public)
+ * * J - (P - 1) / Q
+ * * seed - a DSA prime generation seed
+ * * pgenCounter - a DSA prime generation counter
+ *
+ * Parameter J is available for inclusion solely for efficiency as it is
+ * calculatable from P and Q. Parameters seed and pgenCounter are used in the
+ * DSA prime number generation algorithm specified in [DSS]. As such, they are
+ * optional but must either both be present or both be absent. This prime
+ * generation algorithm is designed to provide assurance that a weak prime is
+ * not being used and it yields a P and Q value. Parameters P, Q, and G can be
+ * public and common to a group of users. They might be known from application
+ * context. As such, they are optional but P and Q must either both appear or
+ * both be absent. If all of P, Q, seed, and pgenCounter are present,
+ * implementations are not required to check if they are consistent and are
+ * free to use either P and Q or seed and pgenCounter. All parameters are
+ * encoded as base64 [MIME] values.
+ *
+ * Arbitrary-length integers (e.g. "bignums" such as RSA moduli) are
+ * represented in XML as octet strings as defined by the ds:CryptoBinary type.
+ *
+ * Schema Definition:
+ *
+ * <element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
+ * <complexType name="DSAKeyValueType">
+ * <sequence>
+ * <sequence minOccurs="0">
+ * <element name="P" type="ds:CryptoBinary"/>
+ * <element name="Q" type="ds:CryptoBinary"/>
+ * </sequence>
+ * <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
+ * <element name="Y" type="ds:CryptoBinary"/>
+ * <element name="J" type="ds:CryptoBinary" minOccurs="0"/>
+ * <sequence minOccurs="0">
+ * <element name="Seed" type="ds:CryptoBinary"/>
+ * <element name="PgenCounter" type="ds:CryptoBinary"/>
+ * </sequence>
+ * </sequence>
+ * </complexType>
+ *
+ * DTD Definition:
+ *
+ * <!ELEMENT DSAKeyValue ((P, Q)?, G?, Y, J?, (Seed, PgenCounter)?) >
+ * <!ELEMENT P (#PCDATA) >
+ * <!ELEMENT Q (#PCDATA) >
+ * <!ELEMENT G (#PCDATA) >
+ * <!ELEMENT Y (#PCDATA) >
+ * <!ELEMENT J (#PCDATA) >
+ * <!ELEMENT Seed (#PCDATA) >
+ * <!ELEMENT PgenCounter (#PCDATA) >
+ *
+ * ============================================================================
+ *
+ * To support reading/writing private keys an X element added (before Y).
+ * todo: The current implementation does not support Seed and PgenCounter!
+ * by this the P, Q and G are *required*!
+ *
+ *************************************************************************/
+static int xmlSecNssKeyDataDsaInitialize (xmlSecKeyDataPtr data);
+static int xmlSecNssKeyDataDsaDuplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecNssKeyDataDsaFinalize (xmlSecKeyDataPtr data);
+static int xmlSecNssKeyDataDsaXmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssKeyDataDsaXmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssKeyDataDsaGenerate (xmlSecKeyDataPtr data,
+ xmlSecSize sizeBits,
+ xmlSecKeyDataType type);
+
+static xmlSecKeyDataType xmlSecNssKeyDataDsaGetType (xmlSecKeyDataPtr data);
+static xmlSecSize xmlSecNssKeyDataDsaGetSize (xmlSecKeyDataPtr data);
+static void xmlSecNssKeyDataDsaDebugDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecNssKeyDataDsaDebugXmlDump (xmlSecKeyDataPtr data,
+ FILE* output);
+
+static xmlSecKeyDataKlass xmlSecNssKeyDataDsaKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecNssPKIKeyDataSize,
+
+ /* data */
+ xmlSecNameDSAKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefDSAKeyValue, /* const xmlChar* href; */
+ xmlSecNodeDSAKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecNssKeyDataDsaInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecNssKeyDataDsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecNssKeyDataDsaFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecNssKeyDataDsaGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecNssKeyDataDsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecNssKeyDataDsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecNssKeyDataDsaXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecNssKeyDataDsaXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecNssKeyDataDsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecNssKeyDataDsaDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssKeyDataDsaGetKlass:
+ *
+ * The DSA key data klass.
+ *
+ * Returns: pointer to DSA key data klass.
+ */
+xmlSecKeyDataId
+xmlSecNssKeyDataDsaGetKlass(void) {
+ return(&xmlSecNssKeyDataDsaKlass);
+}
+
+
+static int
+xmlSecNssKeyDataDsaInitialize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), -1);
+
+ return(xmlSecNssPKIKeyDataInitialize(data));
+}
+
+static int
+xmlSecNssKeyDataDsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecNssKeyDataDsaId), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecNssKeyDataDsaId), -1);
+
+ return(xmlSecNssPKIKeyDataDuplicate(dst, src));
+}
+
+static void
+xmlSecNssKeyDataDsaFinalize(xmlSecKeyDataPtr data) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId));
+
+ xmlSecNssPKIKeyDataFinalize(data);
+}
+
+static int
+xmlSecNssKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataPtr data = NULL;
+ xmlNodePtr cur;
+ int ret;
+ PK11SlotInfo *slot = NULL;
+ CK_OBJECT_HANDLE handle;
+ SECKEYPublicKey *pubkey=NULL;
+ PRArenaPool *arena = NULL;
+
+
+ xmlSecAssert2(id == xmlSecNssKeyDataDsaId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ if(xmlSecKeyGetValue(key) != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ ret = -1;
+ goto done;
+ }
+
+ slot = PK11_GetBestSlot(CKM_DSA, NULL);
+ if(slot == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "PK11_GetBestSlot",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ ret = -1;
+ goto done;
+ }
+
+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ if(arena == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "PORT_NewArena",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ ret = -1;
+ goto done;
+ }
+
+ pubkey = (SECKEYPublicKey *)PORT_ArenaZAlloc(arena,
+ sizeof(SECKEYPublicKey));
+ if(pubkey == NULL ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "PORT_ArenaZAlloc",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ PORT_FreeArena(arena, PR_FALSE);
+ ret = -1;
+ goto done;
+ }
+ pubkey->arena = arena;
+ pubkey->u.dsa.params.arena = arena;
+ pubkey->keyType = dsaKey;
+
+ cur = xmlSecGetNextElementNode(node->children);
+
+ /* first is P node. It is REQUIRED because we do not support Seed and PgenCounter*/
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAP, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ ret = -1;
+ goto done;
+ }
+ if(xmlSecNssNodeGetBigNumValue(arena, cur, &(pubkey->u.dsa.params.prime)) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssNodeGetBigNumValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ ret = -1;
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ /* next is Q node. It is REQUIRED because we do not support Seed and PgenCounter*/
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAQ, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ ret = -1;
+ goto done;
+ }
+ if(xmlSecNssNodeGetBigNumValue(arena, cur, &(pubkey->u.dsa.params.subPrime)) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssNodeGetBigNumValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ ret = -1;
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ /* next is G node. It is REQUIRED because we do not support Seed and PgenCounter*/
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAG, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ ret = -1;
+ goto done;
+ }
+ if(xmlSecNssNodeGetBigNumValue(arena, cur, &(pubkey->u.dsa.params.base)) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssNodeGetBigNumValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ ret = -1;
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAX, xmlSecNs))) {
+ /* next is X node. It is REQUIRED for private key but
+ * NSS does not support it, we just ignore it */
+
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* next is Y node. */
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAY, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ ret = -1;
+ goto done;
+ }
+ if(xmlSecNssNodeGetBigNumValue(arena, cur, &(pubkey->u.dsa.publicValue)) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssNodeGetBigNumValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ ret = -1;
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ /* todo: add support for J */
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAJ, xmlSecDSigNs))) {
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* todo: add support for seed */
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSASeed, xmlSecDSigNs))) {
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* todo: add support for pgencounter */
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAPgenCounter, xmlSecDSigNs))) {
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ ret = -1;
+ goto done;
+ }
+
+ handle = PK11_ImportPublicKey(slot, pubkey, PR_FALSE);
+
+ data = xmlSecKeyDataCreate(id);
+ if(data == NULL ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ ret = -1;
+ goto done;
+ }
+
+ ret = xmlSecNssPKIKeyDataAdoptKey(data, NULL, pubkey);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecNssPKIKeyDataAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ pubkey = NULL;
+
+ ret = xmlSecKeySetValue(key, data);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ data = NULL;
+
+ ret = 0;
+
+done:
+ if (slot != NULL) {
+ PK11_FreeSlot(slot);
+ }
+ if (ret != 0) {
+ if (pubkey != NULL) {
+ SECKEY_DestroyPublicKey(pubkey);
+ }
+ if (data != NULL) {
+ xmlSecKeyDataDestroy(data);
+ }
+ }
+ return(ret);
+}
+
+static int
+xmlSecNssKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecNssPKIKeyDataCtxPtr ctx;
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecNssKeyDataDsaId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecNssKeyDataDsaId), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
+
+ if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
+ /* we can have only private key or public key */
+ return(0);
+ }
+
+ /* first is P node */
+ cur = xmlSecAddChild(node, xmlSecNodeDSAP, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ return(-1);
+ }
+ ret = xmlSecNssNodeSetBigNumValue(cur, &(ctx->pubkey->u.dsa.params.prime), 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssNodeSetBigNumValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ return(-1);
+ }
+
+ /* next is Q node. */
+ cur = xmlSecAddChild(node, xmlSecNodeDSAQ, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ return(-1);
+ }
+ ret = xmlSecNssNodeSetBigNumValue(cur, &(ctx->pubkey->u.dsa.params.subPrime), 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssNodeSetBigNumValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ return(-1);
+ }
+
+ /* next is G node. */
+ cur = xmlSecAddChild(node, xmlSecNodeDSAG, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ return(-1);
+ }
+ ret = xmlSecNssNodeSetBigNumValue(cur, &(ctx->pubkey->u.dsa.params.base), 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssNodeSetBigNumValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ return(-1);
+ }
+
+ /* next is X node: not supported in NSS */
+
+ /* next is Y node. */
+ cur = xmlSecAddChild(node, xmlSecNodeDSAY, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ return(-1);
+ }
+ ret = xmlSecNssNodeSetBigNumValue(cur, &(ctx->pubkey->u.dsa.publicValue), 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssNodeSetBigNumValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecNssKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+ PQGParams *pqgParams = NULL;
+ PQGVerify *pqgVerify = NULL;
+ SECStatus rv;
+ SECStatus res;
+ PK11SlotInfo *slot = NULL;
+ SECKEYPrivateKey *privkey = NULL;
+ SECKEYPublicKey *pubkey = NULL;
+ int ret = -1;
+ int j;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), -1);
+ xmlSecAssert2(sizeBits > 0, -1);
+
+ j = PQG_PBITS_TO_INDEX(sizeBits);
+ rv = PK11_PQG_ParamGen(j, &pqgParams, &pqgVerify);
+ if (rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "PK11_PQG_ParamGen",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", sizeBits);
+ goto done;
+ }
+
+ rv = PK11_PQG_VerifyParams(pqgParams, pqgVerify, &res);
+ if (rv != SECSuccess || res != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "PK11_PQG_VerifyParams",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", sizeBits);
+ goto done;
+ }
+
+ slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL);
+ PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
+ privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams,
+ &pubkey, PR_FALSE, PR_TRUE, NULL);
+
+ if((privkey == NULL) || (pubkey == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "PK11_GenerateKeyPair",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+
+ goto done;
+ }
+
+ ret = xmlSecNssPKIKeyDataAdoptKey(data, privkey, pubkey);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecNssPKIKeyDataAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ ret = 0;
+
+done:
+ if (slot != NULL) {
+ PK11_FreeSlot(slot);
+ }
+ if (pqgParams != NULL) {
+ PK11_PQG_DestroyParams(pqgParams);
+ }
+ if (pqgVerify != NULL) {
+ PK11_PQG_DestroyVerify(pqgVerify);
+ }
+ if (ret == 0) {
+ return (0);
+ }
+ if (pubkey != NULL) {
+ SECKEY_DestroyPublicKey(pubkey);
+ }
+ if (privkey != NULL) {
+ SECKEY_DestroyPrivateKey(privkey);
+ }
+ return(-1);
+}
+
+static xmlSecKeyDataType
+xmlSecNssKeyDataDsaGetType(xmlSecKeyDataPtr data) {
+ xmlSecNssPKIKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown);
+ ctx = xmlSecNssPKIKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
+ if (ctx->privkey != NULL) {
+ return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
+ } else {
+ return(xmlSecKeyDataTypePublic);
+ }
+
+ return(xmlSecKeyDataTypeUnknown);
+}
+
+static xmlSecSize
+xmlSecNssKeyDataDsaGetSize(xmlSecKeyDataPtr data) {
+ xmlSecNssPKIKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0);
+ ctx = xmlSecNssPKIKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
+
+ return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
+}
+
+static void
+xmlSecNssKeyDataDsaDebugDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "=== dsa key: size = %d\n",
+ xmlSecNssKeyDataDsaGetSize(data));
+}
+
+static void
+xmlSecNssKeyDataDsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "<DSAKeyValue size=\"%d\" />\n",
+ xmlSecNssKeyDataDsaGetSize(data));
+}
+
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_RSA
+/**************************************************************************
+ *
+ * <dsig:RSAKeyValue> processing
+ *
+ * http://www.w3.org/TR/xmldsig-core/#sec-RSAKeyValue
+ * The RSAKeyValue Element
+ *
+ * RSA key values have two fields: Modulus and Exponent.
+ *
+ * <RSAKeyValue>
+ * <Modulus>xA7SEU+e0yQH5rm9kbCDN9o3aPIo7HbP7tX6WOocLZAtNfyxSZDU16ksL6W
+ * jubafOqNEpcwR3RdFsT7bCqnXPBe5ELh5u4VEy19MzxkXRgrMvavzyBpVRgBUwUlV
+ * 5foK5hhmbktQhyNdy/6LpQRhDUDsTvK+g9Ucj47es9AQJ3U=
+ * </Modulus>
+ * <Exponent>AQAB</Exponent>
+ * </RSAKeyValue>
+ *
+ * Arbitrary-length integers (e.g. "bignums" such as RSA moduli) are
+ * represented in XML as octet strings as defined by the ds:CryptoBinary type.
+ *
+ * Schema Definition:
+ *
+ * <element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
+ * <complexType name="RSAKeyValueType">
+ * <sequence>
+ * <element name="Modulus" type="ds:CryptoBinary"/>
+ * <element name="Exponent" type="ds:CryptoBinary"/>
+ * </sequence>
+ * </complexType>
+ *
+ * DTD Definition:
+ *
+ * <!ELEMENT RSAKeyValue (Modulus, Exponent) >
+ * <!ELEMENT Modulus (#PCDATA) >
+ * <!ELEMENT Exponent (#PCDATA) >
+ *
+ * ============================================================================
+ *
+ * To support reading/writing private keys an PrivateExponent element is added
+ * to the end
+ *
+ *************************************************************************/
+
+static int xmlSecNssKeyDataRsaInitialize (xmlSecKeyDataPtr data);
+static int xmlSecNssKeyDataRsaDuplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecNssKeyDataRsaFinalize (xmlSecKeyDataPtr data);
+static int xmlSecNssKeyDataRsaXmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssKeyDataRsaXmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssKeyDataRsaGenerate (xmlSecKeyDataPtr data,
+ xmlSecSize sizeBits,
+ xmlSecKeyDataType type);
+
+static xmlSecKeyDataType xmlSecNssKeyDataRsaGetType (xmlSecKeyDataPtr data);
+static xmlSecSize xmlSecNssKeyDataRsaGetSize (xmlSecKeyDataPtr data);
+static void xmlSecNssKeyDataRsaDebugDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecNssKeyDataRsaDebugXmlDump (xmlSecKeyDataPtr data,
+ FILE* output);
+
+static xmlSecKeyDataKlass xmlSecNssKeyDataRsaKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecNssPKIKeyDataSize,
+
+ /* data */
+ xmlSecNameRSAKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefRSAKeyValue, /* const xmlChar* href; */
+ xmlSecNodeRSAKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecNssKeyDataRsaInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecNssKeyDataRsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecNssKeyDataRsaFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecNssKeyDataRsaGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecNssKeyDataRsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecNssKeyDataRsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecNssKeyDataRsaXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecNssKeyDataRsaXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecNssKeyDataRsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecNssKeyDataRsaDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssKeyDataRsaGetKlass:
+ *
+ * The RSA key data klass.
+ *
+ * Returns: pointer to RSA key data klass.
+ */
+xmlSecKeyDataId
+xmlSecNssKeyDataRsaGetKlass(void) {
+ return(&xmlSecNssKeyDataRsaKlass);
+}
+
+static int
+xmlSecNssKeyDataRsaInitialize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataRsaId), -1);
+
+ return(xmlSecNssPKIKeyDataInitialize(data));
+}
+
+static int
+xmlSecNssKeyDataRsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecNssKeyDataRsaId), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecNssKeyDataRsaId), -1);
+
+ return(xmlSecNssPKIKeyDataDuplicate(dst, src));
+}
+
+static void
+xmlSecNssKeyDataRsaFinalize(xmlSecKeyDataPtr data) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataRsaId));
+
+ xmlSecNssPKIKeyDataFinalize(data);
+}
+
+static int
+xmlSecNssKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataPtr data = NULL;
+ xmlNodePtr cur;
+ int ret;
+ PK11SlotInfo *slot = NULL;
+ SECKEYPublicKey *pubkey=NULL;
+ PRArenaPool *arena = NULL;
+
+ xmlSecAssert2(id == xmlSecNssKeyDataRsaId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ if(xmlSecKeyGetValue(key) != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA,
+ "key already has a value");
+ ret = -1;
+ goto done;
+ }
+
+ slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL);
+ if(slot == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "PK11_GetBestSlot",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ ret = -1;
+ goto done;
+ }
+
+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ if(arena == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "PORT_NewArena",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ ret = -1;
+ goto done;
+ }
+
+ pubkey = (SECKEYPublicKey *)PORT_ArenaZAlloc(arena,
+ sizeof(SECKEYPublicKey));
+ if(pubkey == NULL ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "PORT_ArenaZAlloc",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ PORT_FreeArena(arena, PR_FALSE);
+ ret = -1;
+ goto done;
+ }
+ pubkey->arena = arena;
+ pubkey->keyType = rsaKey;
+
+ cur = xmlSecGetNextElementNode(node->children);
+
+ /* first is Modulus node. It is REQUIRED because we do not support Seed and PgenCounter*/
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAModulus, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ ret = -1;
+ goto done;
+ }
+ if(xmlSecNssNodeGetBigNumValue(arena, cur, &(pubkey->u.rsa.modulus)) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssNodeGetBigNumValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ ret = -1;
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ /* next is Exponent node. It is REQUIRED because we do not support Seed and PgenCounter*/
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAExponent, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ ret = -1;
+ goto done;
+ }
+ if(xmlSecNssNodeGetBigNumValue(arena, cur, &(pubkey->u.rsa.publicExponent)) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssNodeGetBigNumValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ ret = -1;
+ goto done;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeRSAPrivateExponent, xmlSecNs))) {
+ /* next is X node. It is REQUIRED for private key but
+ * NSS does not support it. We just ignore it */
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "no nodes expected");
+ ret = -1;
+ goto done;
+ }
+
+ data = xmlSecKeyDataCreate(id);
+ if(data == NULL ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ ret = -1;
+ goto done;
+ }
+
+ ret = xmlSecNssPKIKeyDataAdoptKey(data, NULL, pubkey);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssPKIKeyDataAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ goto done;
+ }
+ pubkey = NULL;
+
+ ret = xmlSecKeySetValue(key, data);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ goto done;
+ }
+ data = NULL;
+
+ ret = 0;
+
+done:
+ if (slot != 0) {
+ PK11_FreeSlot(slot);
+ }
+ if (ret != 0) {
+ if (pubkey != 0) {
+ SECKEY_DestroyPublicKey(pubkey);
+ }
+ if (data != 0) {
+ xmlSecKeyDataDestroy(data);
+ }
+ }
+ return(ret);
+}
+
+static int
+xmlSecNssKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecNssPKIKeyDataCtxPtr ctx;
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecNssKeyDataRsaId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecNssKeyDataRsaId), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
+
+
+ if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
+ /* we can have only private key or public key */
+ return(0);
+ }
+
+ /* first is Modulus node */
+ cur = xmlSecAddChild(node, xmlSecNodeRSAModulus, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ return(-1);
+ }
+ ret = xmlSecNssNodeSetBigNumValue(cur, &(ctx->pubkey->u.rsa.modulus), 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssNodeSetBigNumValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ return(-1);
+ }
+
+ /* next is Exponent node. */
+ cur = xmlSecAddChild(node, xmlSecNodeRSAExponent, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ return(-1);
+ }
+ ret = xmlSecNssNodeSetBigNumValue(cur, &(ctx->pubkey->u.rsa.publicExponent), 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssNodeSetBigNumValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ return(-1);
+ }
+
+ /* next is PrivateExponent node: not supported in NSS */
+
+ return(0);
+}
+
+static int
+xmlSecNssKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+ PK11RSAGenParams params;
+ PK11SlotInfo *slot = NULL;
+ SECKEYPrivateKey *privkey = NULL;
+ SECKEYPublicKey *pubkey = NULL;
+ int ret = -1;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataRsaId), -1);
+ xmlSecAssert2(sizeBits > 0, -1);
+
+ params.keySizeInBits = sizeBits;
+ params.pe = 65537;
+
+ slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, NULL);
+ PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
+ privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &params,
+ &pubkey, PR_FALSE, PR_TRUE, NULL);
+
+ if(privkey == NULL || pubkey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "PK11_GenerateKeyPair",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+
+ goto done;
+ }
+
+ ret = xmlSecNssPKIKeyDataAdoptKey(data, privkey, pubkey);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecNssPKIKeyDataAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ ret = 0;
+
+done:
+ if (slot != NULL) {
+ PK11_FreeSlot(slot);
+ }
+ if (ret == 0) {
+ return (0);
+ }
+
+ if (pubkey != NULL) {
+ SECKEY_DestroyPublicKey(pubkey);
+ }
+ if (privkey != NULL) {
+ SECKEY_DestroyPrivateKey(privkey);
+ }
+ return(-1);
+}
+
+static xmlSecKeyDataType
+xmlSecNssKeyDataRsaGetType(xmlSecKeyDataPtr data) {
+ xmlSecNssPKIKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataRsaId), xmlSecKeyDataTypeUnknown);
+
+ ctx = xmlSecNssPKIKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->pubkey == NULL || SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
+ if (ctx->privkey != NULL) {
+ return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
+ } else {
+ return(xmlSecKeyDataTypePublic);
+ }
+
+ return(xmlSecKeyDataTypeUnknown);
+}
+
+static xmlSecSize
+xmlSecNssKeyDataRsaGetSize(xmlSecKeyDataPtr data) {
+ xmlSecNssPKIKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataRsaId), 0);
+
+ ctx = xmlSecNssPKIKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
+
+ return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
+}
+
+static void
+xmlSecNssKeyDataRsaDebugDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataRsaId));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "=== rsa key: size = %d\n",
+ xmlSecNssKeyDataRsaGetSize(data));
+}
+
+static void
+xmlSecNssKeyDataRsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataRsaId));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "<RSAKeyValue size=\"%d\" />\n",
+ xmlSecNssKeyDataRsaGetSize(data));
+}
+
+#endif /* XMLSEC_NO_RSA */
+
+
+
diff --git a/src/nss/signatures.c b/src/nss/signatures.c
new file mode 100644
index 00000000..4f54170e
--- /dev/null
+++ b/src/nss/signatures.c
@@ -0,0 +1,841 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (c) 2003 America Online, Inc. All rights reserved.
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <cryptohi.h>
+#include <keyhi.h>
+#include <secerr.h>
+#include <prmem.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/nss/crypto.h>
+#include <xmlsec/nss/pkikeys.h>
+
+
+/**************************************************************************
+ *
+ * Internal NSS signatures ctx
+ *
+ *****************************************************************************/
+typedef struct _xmlSecNssSignatureCtx xmlSecNssSignatureCtx,
+ *xmlSecNssSignatureCtxPtr;
+struct _xmlSecNssSignatureCtx {
+ xmlSecKeyDataId keyId;
+ SECOidTag alg;
+
+ union {
+ struct {
+ SGNContext *sigctx;
+ SECKEYPrivateKey *privkey;
+ } sig;
+
+ struct {
+ VFYContext *vfyctx;
+ SECKEYPublicKey *pubkey;
+ } vfy;
+ } u;
+};
+
+/******************************************************************************
+ *
+ * Signature transforms
+ *
+ * xmlSecNssSignatureCtx is located after xmlSecTransform
+ *
+ *****************************************************************************/
+#define xmlSecNssSignatureSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecNssSignatureCtx))
+#define xmlSecNssSignatureGetCtx(transform) \
+ ((xmlSecNssSignatureCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecNssSignatureCheckId (xmlSecTransformPtr transform);
+static int xmlSecNssSignatureInitialize (xmlSecTransformPtr transform);
+static void xmlSecNssSignatureFinalize (xmlSecTransformPtr transform);
+static int xmlSecNssSignatureSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecNssSignatureSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecNssSignatureVerify (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecNssSignatureExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+
+static int
+xmlSecNssSignatureCheckId(xmlSecTransformPtr transform) {
+#ifndef XMLSEC_NO_DSA
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformDsaSha1Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaMd5Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaSha1Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaSha256Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaSha384Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaSha512Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_RSA */
+
+ return(0);
+}
+
+static int
+xmlSecNssSignatureInitialize(xmlSecTransformPtr transform) {
+ xmlSecNssSignatureCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecNssSignatureCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssSignatureSize), -1);
+ ctx = xmlSecNssSignatureGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecNssSignatureCtx));
+
+#ifndef XMLSEC_NO_DSA
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformDsaSha1Id)) {
+ ctx->keyId = xmlSecNssKeyDataDsaId;
+ /* This creates a signature which is ASN1 encoded */
+ ctx->alg = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST;
+ } else
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaMd5Id)) {
+ ctx->keyId = xmlSecNssKeyDataRsaId;
+ ctx->alg = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION;
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaSha1Id)) {
+ ctx->keyId = xmlSecNssKeyDataRsaId;
+ ctx->alg = SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION;
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaSha256Id)) {
+ ctx->keyId = xmlSecNssKeyDataRsaId;
+ ctx->alg = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION;
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaSha384Id)) {
+ ctx->keyId = xmlSecNssKeyDataRsaId;
+ ctx->alg = SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION;
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaSha512Id)) {
+ ctx->keyId = xmlSecNssKeyDataRsaId;
+ ctx->alg = SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION;
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_RSA */
+
+ if(1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static void
+xmlSecNssSignatureFinalize(xmlSecTransformPtr transform) {
+ xmlSecNssSignatureCtxPtr ctx;
+
+ xmlSecAssert(xmlSecNssSignatureCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssSignatureSize));
+ xmlSecAssert((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify));
+
+ ctx = xmlSecNssSignatureGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ if (transform->operation == xmlSecTransformOperationSign) {
+ SGN_DestroyContext(ctx->u.sig.sigctx, PR_TRUE);
+ if (ctx->u.sig.privkey) {
+ SECKEY_DestroyPrivateKey(ctx->u.sig.privkey);
+ }
+ } else {
+ VFY_DestroyContext(ctx->u.vfy.vfyctx, PR_TRUE);
+ if (ctx->u.vfy.pubkey) {
+ SECKEY_DestroyPublicKey(ctx->u.vfy.pubkey);
+ }
+ }
+
+ memset(ctx, 0, sizeof(xmlSecNssSignatureCtx));
+}
+
+static int
+xmlSecNssSignatureSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecNssSignatureCtxPtr ctx;
+ xmlSecKeyDataPtr value;
+
+ xmlSecAssert2(xmlSecNssSignatureCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssSignatureSize), -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ ctx = xmlSecNssSignatureGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->keyId != NULL, -1);
+ xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1);
+
+ value = xmlSecKeyGetValue(key);
+ xmlSecAssert2(value != NULL, -1);
+
+ if (transform->operation == xmlSecTransformOperationSign) {
+ if (ctx->u.sig.privkey)
+ SECKEY_DestroyPrivateKey(ctx->u.sig.privkey);
+ ctx->u.sig.privkey = xmlSecNssPKIKeyDataGetPrivKey(value);
+ if(ctx->u.sig.privkey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecNssPKIKeyDataGetPrivKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ctx->u.sig.sigctx = SGN_NewContext(ctx->alg, ctx->u.sig.privkey);
+ if (ctx->u.sig.sigctx == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "SGN_NewContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ } else {
+ if (ctx->u.vfy.pubkey)
+ SECKEY_DestroyPublicKey(ctx->u.vfy.pubkey);
+ ctx->u.vfy.pubkey = xmlSecNssPKIKeyDataGetPubKey(value);
+ if(ctx->u.vfy.pubkey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecNssPKIKeyDataGetPubKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ctx->u.vfy.vfyctx = VFY_CreateContext(ctx->u.vfy.pubkey, NULL,
+ ctx->alg, NULL);
+ if (ctx->u.vfy.vfyctx == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "VFY_CreateContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ }
+
+ return(0);
+}
+
+static int
+xmlSecNssSignatureSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecNssSignatureCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecNssSignatureCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssSignatureSize), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ ctx = xmlSecNssSignatureGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->keyId != NULL, -1);
+
+ keyReq->keyId = ctx->keyId;
+ if(transform->operation == xmlSecTransformOperationSign) {
+ keyReq->keyType = xmlSecKeyDataTypePrivate;
+ keyReq->keyUsage = xmlSecKeyUsageSign;
+ } else {
+ keyReq->keyType = xmlSecKeyDataTypePublic;
+ keyReq->keyUsage = xmlSecKeyUsageVerify;
+ }
+ return(0);
+}
+
+
+static int
+xmlSecNssSignatureVerify(xmlSecTransformPtr transform,
+ const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecNssSignatureCtxPtr ctx;
+ SECStatus status;
+ SECItem signature;
+
+ xmlSecAssert2(xmlSecNssSignatureCheckId(transform), -1);
+ xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssSignatureSize), -1);
+ xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecNssSignatureGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ signature.data = (unsigned char *)data;
+ signature.len = dataSize;
+
+ if(ctx->alg == SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST) {
+ /* This creates a signature which is ASN1 encoded */
+ SECItem signatureDer;
+ SECStatus statusDer;
+
+ statusDer = DSAU_EncodeDerSig(&signatureDer, &signature);
+ if(statusDer != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "DSAU_EncodeDerSig",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d",
+ PORT_GetError());
+ return(-1);
+ }
+ status = VFY_EndWithSignature(ctx->u.vfy.vfyctx, &signatureDer);
+ SECITEM_FreeItem(&signatureDer, PR_FALSE);
+ } else {
+ status = VFY_EndWithSignature(ctx->u.vfy.vfyctx, &signature);
+ }
+
+ if (status != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "VFY_EndWithSignature",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d",
+ PORT_GetError());
+
+ if (PORT_GetError() == SEC_ERROR_PKCS7_BAD_SIGNATURE) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "VFY_EndWithSignature",
+ XMLSEC_ERRORS_R_DATA_NOT_MATCH,
+ "signature does not verify");
+ transform->status = xmlSecTransformStatusFail;
+ }
+ return(-1);
+ }
+
+ transform->status = xmlSecTransformStatusOk;
+ return(0);
+}
+
+static int
+xmlSecNssSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecNssSignatureCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ xmlSecSize inSize, outSize;
+ SECStatus status;
+ SECItem signature;
+ int ret;
+
+ xmlSecAssert2(xmlSecNssSignatureCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssSignatureSize), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecNssSignatureGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+
+ ctx = xmlSecNssSignatureGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ if(transform->operation == xmlSecTransformOperationSign) {
+ xmlSecAssert2(ctx->u.sig.sigctx != NULL, -1);
+ xmlSecAssert2(ctx->u.sig.privkey != NULL, -1);
+ } else {
+ xmlSecAssert2(ctx->u.vfy.vfyctx != NULL, -1);
+ xmlSecAssert2(ctx->u.vfy.pubkey != NULL, -1);
+ }
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ xmlSecAssert2(outSize == 0, -1);
+
+ if(transform->operation == xmlSecTransformOperationSign) {
+ status = SGN_Begin(ctx->u.sig.sigctx);
+ if(status != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "SGN_Begin",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ } else {
+ status = VFY_Begin(ctx->u.vfy.vfyctx);
+ if(status != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "VFY_Begin",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ }
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if((transform->status == xmlSecTransformStatusWorking) && (inSize > 0)) {
+ xmlSecAssert2(outSize == 0, -1);
+
+ if(transform->operation == xmlSecTransformOperationSign) {
+ status = SGN_Update(ctx->u.sig.sigctx, xmlSecBufferGetData(in), inSize);
+ if(status != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "SGN_Update",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ } else {
+ status = VFY_Update(ctx->u.vfy.vfyctx, xmlSecBufferGetData(in), inSize);
+ if(status != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "VFY_Update",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
+ xmlSecAssert2(outSize == 0, -1);
+ if(transform->operation == xmlSecTransformOperationSign) {
+ memset(&signature, 0, sizeof(signature));
+ status = SGN_End(ctx->u.sig.sigctx, &signature);
+ if(status != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "SGN_End",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+
+ if(ctx->alg == SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST) {
+ /* This creates a signature which is ASN1 encoded */
+ SECItem * signatureClr;
+
+ signatureClr = DSAU_DecodeDerSig(&signature);
+ if(signatureClr == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "DSAU_EncodeDerSig",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d",
+ PORT_GetError());
+ SECITEM_FreeItem(&signature, PR_FALSE);
+ return(-1);
+ }
+
+ ret = xmlSecBufferSetData(out, signatureClr->data, signatureClr->len);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d",
+ signatureClr->len);
+ SECITEM_FreeItem(&signature, PR_FALSE);
+ return(-1);
+ }
+
+ SECITEM_FreeItem(signatureClr, PR_TRUE);
+ } else {
+ /* This signature is used as-is */
+ ret = xmlSecBufferSetData(out, signature.data, signature.len);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d",
+ signature.len);
+ SECITEM_FreeItem(&signature, PR_FALSE);
+ return(-1);
+ }
+ }
+
+ /* cleanup */
+ SECITEM_FreeItem(&signature, PR_FALSE);
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
+
+
+ if((transform->status == xmlSecTransformStatusWorking) || (transform->status == xmlSecTransformStatusFinished)) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+
+ return(0);
+}
+
+#ifndef XMLSEC_NO_DSA
+/****************************************************************************
+ *
+ * DSA-SHA1 signature transform
+ *
+ ***************************************************************************/
+
+static xmlSecTransformKlass xmlSecNssDsaSha1Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameDsaSha1, /* const xmlChar* name; */
+ xmlSecHrefDsaSha1, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformDsaSha1GetKlass:
+ *
+ * The DSA-SHA1 signature transform klass.
+ *
+ * Returns: DSA-SHA1 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformDsaSha1GetKlass(void) {
+ return(&xmlSecNssDsaSha1Klass);
+}
+
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_MD5
+/****************************************************************************
+ *
+ * RSA-MD5 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecNssRsaMd5Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaMd5, /* const xmlChar* name; */
+ xmlSecHrefRsaMd5, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformRsaMd5GetKlass:
+ *
+ * The RSA-MD5 signature transform klass.
+ *
+ * Returns: RSA-MD5 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformRsaMd5GetKlass(void) {
+ return(&xmlSecNssRsaMd5Klass);
+}
+
+#endif /* XMLSEC_NO_MD5 */
+
+
+#ifndef XMLSEC_NO_SHA1
+/****************************************************************************
+ *
+ * RSA-SHA1 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecNssRsaSha1Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha1, /* const xmlChar* name; */
+ xmlSecHrefRsaSha1, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformRsaSha1GetKlass:
+ *
+ * The RSA-SHA1 signature transform klass.
+ *
+ * Returns: RSA-SHA1 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformRsaSha1GetKlass(void) {
+ return(&xmlSecNssRsaSha1Klass);
+}
+
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA256
+/****************************************************************************
+ *
+ * RSA-SHA256 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecNssRsaSha256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha256, /* const xmlChar* name; */
+ xmlSecHrefRsaSha256, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformRsaSha256GetKlass:
+ *
+ * The RSA-SHA256 signature transform klass.
+ *
+ * Returns: RSA-SHA256 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformRsaSha256GetKlass(void) {
+ return(&xmlSecNssRsaSha256Klass);
+}
+
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/****************************************************************************
+ *
+ * RSA-SHA384 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecNssRsaSha384Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha384, /* const xmlChar* name; */
+ xmlSecHrefRsaSha384, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformRsaSha384GetKlass:
+ *
+ * The RSA-SHA384 signature transform klass.
+ *
+ * Returns: RSA-SHA384 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformRsaSha384GetKlass(void) {
+ return(&xmlSecNssRsaSha384Klass);
+}
+
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/****************************************************************************
+ *
+ * RSA-SHA512 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecNssRsaSha512Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha512, /* const xmlChar* name; */
+ xmlSecHrefRsaSha512, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformRsaSha512GetKlass:
+ *
+ * The RSA-SHA512 signature transform klass.
+ *
+ * Returns: RSA-SHA512 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformRsaSha512GetKlass(void) {
+ return(&xmlSecNssRsaSha512Klass);
+}
+
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_RSA */
+
+
diff --git a/src/nss/symkeys.c b/src/nss/symkeys.c
new file mode 100644
index 00000000..3da7a694
--- /dev/null
+++ b/src/nss/symkeys.c
@@ -0,0 +1,440 @@
+/**
+ *
+ * XMLSec library
+ *
+ * DES Algorithm support
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/nss/crypto.h>
+
+/*****************************************************************************
+ *
+ * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary
+ *
+ ****************************************************************************/
+static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data);
+static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecNssSymKeyDataFinalize (xmlSecKeyDataPtr data);
+static int xmlSecNssSymKeyDataXmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssSymKeyDataXmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssSymKeyDataBinRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssSymKeyDataBinWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlSecByte** buf,
+ xmlSecSize* bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssSymKeyDataGenerate (xmlSecKeyDataPtr data,
+ xmlSecSize sizeBits,
+ xmlSecKeyDataType type);
+
+static xmlSecKeyDataType xmlSecNssSymKeyDataGetType (xmlSecKeyDataPtr data);
+static xmlSecSize xmlSecNssSymKeyDataGetSize (xmlSecKeyDataPtr data);
+static void xmlSecNssSymKeyDataDebugDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecNssSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static int xmlSecNssSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass);
+
+#define xmlSecNssSymKeyDataCheckId(data) \
+ (xmlSecKeyDataIsValid((data)) && \
+ xmlSecNssSymKeyDataKlassCheck((data)->id))
+
+static int
+xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
+
+ return(xmlSecKeyDataBinaryValueInitialize(data));
+}
+
+static int
+xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1);
+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1);
+ xmlSecAssert2(dst->id == src->id, -1);
+
+ return(xmlSecKeyDataBinaryValueDuplicate(dst, src));
+}
+
+static void
+xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) {
+ xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
+
+ xmlSecKeyDataBinaryValueFinalize(data);
+}
+
+static int
+xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
+
+ return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx));
+}
+
+static int
+xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
+
+ return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx));
+}
+
+static int
+xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ const xmlSecByte* buf, xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
+
+ return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx));
+}
+
+static int
+xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlSecByte** buf, xmlSecSize* bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
+
+ return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx));
+}
+
+static int
+xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
+ xmlSecAssert2(sizeBits > 0, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ return(xmlSecNssGenerateRandom(buffer, (sizeBits + 7) / 8));
+}
+
+static xmlSecKeyDataType
+xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown);
+
+ return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown);
+}
+
+static xmlSecSize
+xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), 0);
+
+ return(xmlSecKeyDataBinaryValueGetSize(data));
+}
+
+static void
+xmlSecNssSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
+
+ xmlSecKeyDataBinaryValueDebugDump(data, output);
+}
+
+static void
+xmlSecNssSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
+
+ xmlSecKeyDataBinaryValueDebugXmlDump(data, output);
+}
+
+static int
+xmlSecNssSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) {
+#ifndef XMLSEC_NO_DES
+ if(klass == xmlSecNssKeyDataDesId) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_AES
+ if(klass == xmlSecNssKeyDataAesId) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_AES */
+
+#ifndef XMLSEC_NO_HMAC
+ if(klass == xmlSecNssKeyDataHmacId) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_HMAC */
+
+ return(0);
+}
+
+#ifndef XMLSEC_NO_AES
+/**************************************************************************
+ *
+ * <xmlsec:AESKeyValue> processing
+ *
+ *************************************************************************/
+static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecKeyDataBinarySize,
+
+ /* data */
+ xmlSecNameAESKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefAESKeyValue, /* const xmlChar* href; */
+ xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssKeyDataAesGetKlass:
+ *
+ * The AES key data klass.
+ *
+ * Returns: AES key data klass.
+ */
+xmlSecKeyDataId
+xmlSecNssKeyDataAesGetKlass(void) {
+ return(&xmlSecNssKeyDataAesKlass);
+}
+
+/**
+ * xmlSecNssKeyDataAesSet:
+ * @data: the pointer to AES key data.
+ * @buf: the pointer to key value.
+ * @bufSize: the key value size (in bytes).
+ *
+ * Sets the value of AES key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecNssKeyDataAesSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataAesId), -1);
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(bufSize > 0, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ return(xmlSecBufferSetData(buffer, buf, bufSize));
+}
+#endif /* XMLSEC_NO_AES */
+
+#ifndef XMLSEC_NO_DES
+/**************************************************************************
+ *
+ * <xmlsec:DESKeyValue> processing
+ *
+ *************************************************************************/
+static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecKeyDataBinarySize,
+
+ /* data */
+ xmlSecNameDESKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefDESKeyValue, /* const xmlChar* href; */
+ xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssKeyDataDesGetKlass:
+ *
+ * The DES key data klass.
+ *
+ * Returns: DES key data klass.
+ */
+xmlSecKeyDataId
+xmlSecNssKeyDataDesGetKlass(void) {
+ return(&xmlSecNssKeyDataDesKlass);
+}
+
+/**
+ * xmlSecNssKeyDataDesSet:
+ * @data: the pointer to DES key data.
+ * @buf: the pointer to key value.
+ * @bufSize: the key value size (in bytes).
+ *
+ * Sets the value of DES key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecNssKeyDataDesSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId), -1);
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(bufSize > 0, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ return(xmlSecBufferSetData(buffer, buf, bufSize));
+}
+
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_HMAC
+/**************************************************************************
+ *
+ * <xmlsec:HMACKeyValue> processing
+ *
+ *************************************************************************/
+static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecKeyDataBinarySize,
+
+ /* data */
+ xmlSecNameHMACKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefHMACKeyValue, /* const xmlChar* href; */
+ xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecNssSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecNssSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecNssSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecNssSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecNssSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecNssSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecNssSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecNssSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecNssSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ xmlSecNssSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecNssSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecNssSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssKeyDataHmacGetKlass:
+ *
+ * The HMAC key data klass.
+ *
+ * Returns: HMAC key data klass.
+ */
+xmlSecKeyDataId
+xmlSecNssKeyDataHmacGetKlass(void) {
+ return(&xmlSecNssKeyDataHmacKlass);
+}
+
+/**
+ * xmlSecNssKeyDataHmacSet:
+ * @data: the pointer to HMAC key data.
+ * @buf: the pointer to key value.
+ * @bufSize: the key value size (in bytes).
+ *
+ * Sets the value of HMAC key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecNssKeyDataHmacSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataHmacId), -1);
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(bufSize > 0, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ return(xmlSecBufferSetData(buffer, buf, bufSize));
+}
+
+#endif /* XMLSEC_NO_HMAC */
+
diff --git a/src/nss/x509.c b/src/nss/x509.c
new file mode 100644
index 00000000..887c77cf
--- /dev/null
+++ b/src/nss/x509.c
@@ -0,0 +1,2223 @@
+/**
+ * XMLSec library
+ *
+ * X509 support
+ *
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (c) 2003 America Online, Inc. All rights reserved.
+ */
+#include "globals.h"
+
+#ifndef XMLSEC_NO_X509
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+#include <time.h>
+
+#include <prmem.h>
+#include <pratom.h>
+#include <keyhi.h>
+#include <cert.h>
+#include <certdb.h>
+#include <pk11func.h>
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/x509.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/nss/crypto.h>
+#include <xmlsec/nss/x509.h>
+#include <xmlsec/nss/pkikeys.h>
+
+
+/* workaround - NSS exports this but doesn't declare it */
+extern CERTCertificate * __CERT_NewTempCertificate(CERTCertDBHandle *handle,
+ SECItem *derCert,
+ char *nickname,
+ PRBool isperm,
+ PRBool copyDER);
+
+/*************************************************************************
+ *
+ * X509 utility functions
+ *
+ ************************************************************************/
+static int xmlSecNssX509DataNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssX509CertificateNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssX509CertificateNodeWrite (CERTCertificate* cert,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssX509SubjectNameNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssX509SubjectNameNodeWrite (CERTCertificate* cert,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssX509IssuerSerialNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssX509IssuerSerialNodeWrite (CERTCertificate* cert,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssX509SKINodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssX509SKINodeWrite (CERTCertificate* cert,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssX509CRLNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssX509CRLNodeWrite (CERTSignedCrl* crl,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data,
+ xmlSecKeyPtr key,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+
+static CERTCertificate* xmlSecNssX509CertDerRead (const xmlSecByte* buf,
+ xmlSecSize size);
+static CERTCertificate* xmlSecNssX509CertBase64DerRead (xmlChar* buf);
+static xmlChar* xmlSecNssX509CertBase64DerWrite (CERTCertificate* cert,
+ int base64LineWrap);
+static CERTSignedCrl* xmlSecNssX509CrlDerRead (xmlSecByte* buf,
+ xmlSecSize size,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static CERTSignedCrl* xmlSecNssX509CrlBase64DerRead (xmlChar* buf,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static xmlChar* xmlSecNssX509CrlBase64DerWrite (CERTSignedCrl* crl,
+ int base64LineWrap);
+static xmlChar* xmlSecNssX509NameWrite (CERTName* nm);
+static xmlChar* xmlSecNssASN1IntegerWrite (SECItem *num);
+static xmlChar* xmlSecNssX509SKIWrite (CERTCertificate* cert);
+static void xmlSecNssX509CertDebugDump (CERTCertificate* cert,
+ FILE* output);
+static void xmlSecNssX509CertDebugXmlDump (CERTCertificate* cert,
+ FILE* output);
+static int xmlSecNssX509CertGetTime (PRTime* t,
+ time_t* res);
+
+/*************************************************************************
+ *
+ * Internal NSS X509 data CTX
+ *
+ ************************************************************************/
+typedef struct _xmlSecNssX509DataCtx xmlSecNssX509DataCtx,
+ *xmlSecNssX509DataCtxPtr;
+typedef struct _xmlSecNssX509CrlNode xmlSecNssX509CrlNode,
+ *xmlSecNssX509CrlNodePtr;
+struct _xmlSecNssX509CrlNode {
+ xmlSecNssX509CrlNodePtr next;
+ CERTSignedCrl *crl;
+};
+
+struct _xmlSecNssX509DataCtx {
+ CERTCertificate* keyCert;
+
+ CERTCertList* certsList;
+ unsigned int numCerts;
+
+ xmlSecNssX509CrlNodePtr crlsList;
+ unsigned int numCrls;
+};
+
+/**************************************************************************
+ *
+ * <dsig:X509Data> processing
+ *
+ *
+ * The X509Data Element (http://www.w3.org/TR/xmldsig-core/#sec-X509Data)
+ *
+ * An X509Data element within KeyInfo contains one or more identifiers of keys
+ * or X509 certificates (or certificates' identifiers or a revocation list).
+ * The content of X509Data is:
+ *
+ * 1. At least one element, from the following set of element types; any of these may appear together or more than once iff (if and only if) each instance describes or is related to the same certificate:
+ * 2.
+ * * The X509IssuerSerial element, which contains an X.509 issuer
+ * distinguished name/serial number pair that SHOULD be compliant
+ * with RFC2253 [LDAP-DN],
+ * * The X509SubjectName element, which contains an X.509 subject
+ * distinguished name that SHOULD be compliant with RFC2253 [LDAP-DN],
+ * * The X509SKI element, which contains the base64 encoded plain (i.e.
+ * non-DER-encoded) value of a X509 V.3 SubjectKeyIdentifier extension.
+ * * The X509Certificate element, which contains a base64-encoded [X509v3]
+ * certificate, and
+ * * Elements from an external namespace which accompanies/complements any
+ * of the elements above.
+ * * The X509CRL element, which contains a base64-encoded certificate
+ * revocation list (CRL) [X509v3].
+ *
+ * Any X509IssuerSerial, X509SKI, and X509SubjectName elements that appear
+ * MUST refer to the certificate or certificates containing the validation key.
+ * All such elements that refer to a particular individual certificate MUST be
+ * grouped inside a single X509Data element and if the certificate to which
+ * they refer appears, it MUST also be in that X509Data element.
+ *
+ * Any X509IssuerSerial, X509SKI, and X509SubjectName elements that relate to
+ * the same key but different certificates MUST be grouped within a single
+ * KeyInfo but MAY occur in multiple X509Data elements.
+ *
+ * All certificates appearing in an X509Data element MUST relate to the
+ * validation key by either containing it or being part of a certification
+ * chain that terminates in a certificate containing the validation key.
+ *
+ * No ordering is implied by the above constraints.
+ *
+ * Note, there is no direct provision for a PKCS#7 encoded "bag" of
+ * certificates or CRLs. However, a set of certificates and CRLs can occur
+ * within an X509Data element and multiple X509Data elements can occur in a
+ * KeyInfo. Whenever multiple certificates occur in an X509Data element, at
+ * least one such certificate must contain the public key which verifies the
+ * signature.
+ *
+ * Schema Definition
+ *
+ * <element name="X509Data" type="ds:X509DataType"/>
+ * <complexType name="X509DataType">
+ * <sequence maxOccurs="unbounded">
+ * <choice>
+ * <element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/>
+ * <element name="X509SKI" type="base64Binary"/>
+ * <element name="X509SubjectName" type="string"/>
+ * <element name="X509Certificate" type="base64Binary"/>
+ * <element name="X509CRL" type="base64Binary"/>
+ * <any namespace="##other" processContents="lax"/>
+ * </choice>
+ * </sequence>
+ * </complexType>
+ * <complexType name="X509IssuerSerialType">
+ * <sequence>
+ * <element name="X509IssuerName" type="string"/>
+ * <element name="X509SerialNumber" type="integer"/>
+ * </sequence>
+ * </complexType>
+ *
+ * DTD
+ *
+ * <!ELEMENT X509Data ((X509IssuerSerial | X509SKI | X509SubjectName |
+ * X509Certificate | X509CRL)+ %X509.ANY;)>
+ * <!ELEMENT X509IssuerSerial (X509IssuerName, X509SerialNumber) >
+ * <!ELEMENT X509IssuerName (#PCDATA) >
+ * <!ELEMENT X509SubjectName (#PCDATA) >
+ * <!ELEMENT X509SerialNumber (#PCDATA) >
+ * <!ELEMENT X509SKI (#PCDATA) >
+ * <!ELEMENT X509Certificate (#PCDATA) >
+ * <!ELEMENT X509CRL (#PCDATA) >
+ *
+ * -----------------------------------------------------------------------
+ *
+ * xmlSecNssX509DataCtx is located after xmlSecTransform
+ *
+ *************************************************************************/
+#define xmlSecNssX509DataSize \
+ (sizeof(xmlSecKeyData) + sizeof(xmlSecNssX509DataCtx))
+#define xmlSecNssX509DataGetCtx(data) \
+ ((xmlSecNssX509DataCtxPtr)(((xmlSecByte*)(data)) + sizeof(xmlSecKeyData)))
+
+static int xmlSecNssKeyDataX509Initialize (xmlSecKeyDataPtr data);
+static int xmlSecNssKeyDataX509Duplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecNssKeyDataX509Finalize (xmlSecKeyDataPtr data);
+static int xmlSecNssKeyDataX509XmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecNssKeyDataX509XmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static xmlSecKeyDataType xmlSecNssKeyDataX509GetType (xmlSecKeyDataPtr data);
+static const xmlChar* xmlSecNssKeyDataX509GetIdentifier (xmlSecKeyDataPtr data);
+
+static void xmlSecNssKeyDataX509DebugDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecNssKeyDataX509DebugXmlDump(xmlSecKeyDataPtr data,
+ FILE* output);
+
+
+
+static xmlSecKeyDataKlass xmlSecNssKeyDataX509Klass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecNssX509DataSize,
+
+ /* data */
+ xmlSecNameX509Data,
+ xmlSecKeyDataUsageKeyInfoNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefX509Data, /* const xmlChar* href; */
+ xmlSecNodeX509Data, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecNssKeyDataX509Initialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecNssKeyDataX509Duplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecNssKeyDataX509Finalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ NULL, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecNssKeyDataX509GetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
+ xmlSecNssKeyDataX509GetIdentifier, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecNssKeyDataX509XmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecNssKeyDataX509XmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecNssKeyDataX509DebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecNssKeyDataX509DebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssKeyDataX509GetKlass:
+ *
+ * The NSS X509 key data klass (http://www.w3.org/TR/xmldsig-core/#sec-X509Data).
+ *
+ * Returns: the X509 data klass.
+ */
+xmlSecKeyDataId
+xmlSecNssKeyDataX509GetKlass(void) {
+ return(&xmlSecNssKeyDataX509Klass);
+}
+
+/**
+ * xmlSecNssKeyDataX509GetKeyCert:
+ * @data: the pointer to X509 key data.
+ *
+ * Gets the certificate from which the key was extracted.
+ *
+ * Returns: the key's certificate or NULL if key data was not used for key
+ * extraction or an error occurs.
+ */
+CERTCertificate*
+xmlSecNssKeyDataX509GetKeyCert(xmlSecKeyDataPtr data) {
+ xmlSecNssX509DataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), NULL);
+
+ ctx = xmlSecNssX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, NULL);
+
+ return(ctx->keyCert);
+}
+
+/**
+ * xmlSecNssKeyDataX509AdoptKeyCert:
+ * @data: the pointer to X509 key data.
+ * @cert: the pointer to NSS X509 certificate.
+ *
+ * Sets the key's certificate in @data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecNssKeyDataX509AdoptKeyCert(xmlSecKeyDataPtr data, CERTCertificate* cert) {
+ xmlSecNssX509DataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1);
+ xmlSecAssert2(cert != NULL, -1);
+
+ ctx = xmlSecNssX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if(ctx->keyCert != NULL) {
+ CERT_DestroyCertificate(ctx->keyCert);
+ }
+ ctx->keyCert = cert;
+ return(0);
+}
+
+/**
+ * xmlSecNssKeyDataX509AdoptCert:
+ * @data: the pointer to X509 key data.
+ * @cert: the pointer to NSS X509 certificate.
+ *
+ * Adds certificate to the X509 key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecNssKeyDataX509AdoptCert(xmlSecKeyDataPtr data, CERTCertificate* cert) {
+ xmlSecNssX509DataCtxPtr ctx;
+ SECStatus ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1);
+ xmlSecAssert2(cert != NULL, -1);
+
+ ctx = xmlSecNssX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if(ctx->certsList == NULL) {
+ ctx->certsList = CERT_NewCertList();
+ if(ctx->certsList == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "CERT_NewCertList",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ }
+
+ ret = CERT_AddCertToListTail(ctx->certsList, cert);
+ if(ret != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "CERT_AddCertToListTail",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ ctx->numCerts++;
+
+ return(0);
+}
+
+/**
+ * xmlSecNssKeyDataX509GetCert:
+ * @data: the pointer to X509 key data.
+ * @pos: the desired certificate position.
+ *
+ * Gets a certificate from X509 key data.
+ *
+ * Returns: the pointer to certificate or NULL if @pos is larger than the
+ * number of certificates in @data or an error occurs.
+ */
+CERTCertificate*
+xmlSecNssKeyDataX509GetCert(xmlSecKeyDataPtr data, xmlSecSize pos) {
+ xmlSecNssX509DataCtxPtr ctx;
+ CERTCertListNode* head;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), NULL);
+
+ ctx = xmlSecNssX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, NULL);
+ xmlSecAssert2(ctx->certsList != NULL, NULL);
+ xmlSecAssert2(pos < ctx->numCerts, NULL);
+
+ head = CERT_LIST_HEAD(ctx->certsList);
+ while (pos > 0)
+ {
+ head = CERT_LIST_NEXT(head);
+ pos--;
+ }
+
+ return (head->cert);
+}
+
+/**
+ * xmlSecNssKeyDataX509GetCertsSize:
+ * @data: the pointer to X509 key data.
+ *
+ * Gets the number of certificates in @data.
+ *
+ * Returns: te number of certificates in @data.
+ */
+xmlSecSize
+xmlSecNssKeyDataX509GetCertsSize(xmlSecKeyDataPtr data) {
+ xmlSecNssX509DataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), 0);
+
+ ctx = xmlSecNssX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, 0);
+
+ return(ctx->numCerts);
+}
+
+/**
+ * xmlSecNssKeyDataX509AdoptCrl:
+ * @data: the pointer to X509 key data.
+ * @crl: the pointer to NSS X509 CRL.
+ *
+ * Adds CRL to the X509 key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecNssKeyDataX509AdoptCrl(xmlSecKeyDataPtr data, CERTSignedCrl* crl) {
+ xmlSecNssX509DataCtxPtr ctx;
+ xmlSecNssX509CrlNodePtr crlnode;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1);
+ xmlSecAssert2(crl != NULL, -1);
+
+ ctx = xmlSecNssX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ crlnode = (xmlSecNssX509CrlNodePtr)PR_Malloc(sizeof(xmlSecNssX509CrlNode));
+
+ if(crlnode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "PR_Malloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ memset(crlnode, 0, sizeof(xmlSecNssX509CrlNode));
+ crlnode->next = ctx->crlsList;
+ crlnode->crl = crl;
+ ctx->crlsList = crlnode;
+ ctx->numCrls++;
+
+ return(0);
+}
+
+/**
+ * xmlSecNssKeyDataX509GetCrl:
+ * @data: the pointer to X509 key data.
+ * @pos: the desired CRL position.
+ *
+ * Gets a CRL from X509 key data.
+ *
+ * Returns: the pointer to CRL or NULL if @pos is larger than the
+ * number of CRLs in @data or an error occurs.
+ */
+CERTSignedCrl *
+xmlSecNssKeyDataX509GetCrl(xmlSecKeyDataPtr data, xmlSecSize pos) {
+ xmlSecNssX509DataCtxPtr ctx;
+ xmlSecNssX509CrlNodePtr head;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), NULL);
+ ctx = xmlSecNssX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, NULL);
+
+ xmlSecAssert2(ctx->crlsList != NULL, NULL);
+ xmlSecAssert2(pos < ctx->numCrls, NULL);
+
+ head = ctx->crlsList;
+ while (pos > 0)
+ {
+ head = head->next;
+ pos--;
+ }
+
+ return (head->crl);
+}
+
+/**
+ * xmlSecNssKeyDataX509GetCrlsSize:
+ * @data: the pointer to X509 key data.
+ *
+ * Gets the number of CRLs in @data.
+ *
+ * Returns: te number of CRLs in @data.
+ */
+xmlSecSize
+xmlSecNssKeyDataX509GetCrlsSize(xmlSecKeyDataPtr data) {
+ xmlSecNssX509DataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), 0);
+
+ ctx = xmlSecNssX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, 0);
+
+ return(ctx->numCrls);
+}
+
+static int
+xmlSecNssKeyDataX509Initialize(xmlSecKeyDataPtr data) {
+ xmlSecNssX509DataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1);
+
+ ctx = xmlSecNssX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecNssX509DataCtx));
+ return(0);
+}
+
+static int
+xmlSecNssKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ CERTCertificate* certSrc;
+ CERTCertificate* certDst;
+ CERTSignedCrl* crlSrc;
+ CERTSignedCrl* crlDst;
+ xmlSecSize size, pos;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecNssKeyDataX509Id), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecNssKeyDataX509Id), -1);
+
+ /* copy certsList */
+ size = xmlSecNssKeyDataX509GetCertsSize(src);
+ for(pos = 0; pos < size; ++pos) {
+ /* TBD: function below does linear scan, eliminate loop within
+ * loop
+ */
+ certSrc = xmlSecNssKeyDataX509GetCert(src, pos);
+ if(certSrc == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)),
+ "xmlSecNssKeyDataX509GetCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+
+ certDst = CERT_DupCertificate(certSrc);
+ if(certDst == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "CERT_DupCertificate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+
+ ret = xmlSecNssKeyDataX509AdoptCert(dst, certDst);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "xmlSecNssKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CERT_DestroyCertificate(certDst);
+ return(-1);
+ }
+ }
+
+ /* copy crls */
+ size = xmlSecNssKeyDataX509GetCrlsSize(src);
+ for(pos = 0; pos < size; ++pos) {
+ crlSrc = xmlSecNssKeyDataX509GetCrl(src, pos);
+ if(crlSrc == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)),
+ "xmlSecNssKeyDataX509GetCrl",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+
+ crlDst = SEC_DupCrl(crlSrc);
+ if(crlDst == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "SEC_DupCrl",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+
+ ret = xmlSecNssKeyDataX509AdoptCrl(dst, crlDst);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "xmlSecNssKeyDataX509AdoptCrl",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ SEC_DestroyCrl(crlDst);
+ return(-1);
+ }
+ }
+
+ /* copy key cert if exist */
+ certSrc = xmlSecNssKeyDataX509GetKeyCert(src);
+ if(certSrc != NULL) {
+ certDst = CERT_DupCertificate(certSrc);
+ if(certDst == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "CERT_DupCertificate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ ret = xmlSecNssKeyDataX509AdoptKeyCert(dst, certDst);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "xmlSecNssKeyDataX509AdoptKeyCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CERT_DestroyCertificate(certDst);
+ return(-1);
+ }
+ }
+ return(0);
+}
+
+static void
+xmlSecNssKeyDataX509Finalize(xmlSecKeyDataPtr data) {
+ xmlSecNssX509DataCtxPtr ctx;
+
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id));
+
+ ctx = xmlSecNssX509DataGetCtx(data);
+ xmlSecAssert(ctx != NULL);
+
+ if(ctx->certsList != NULL) {
+ CERT_DestroyCertList(ctx->certsList);
+ }
+
+ if(ctx->crlsList != NULL) {
+ xmlSecNssX509CrlNodePtr head;
+ xmlSecNssX509CrlNodePtr tmp;
+
+ head = ctx->crlsList;
+ while (head)
+ {
+ tmp = head->next;
+ SEC_DestroyCrl(head->crl);
+ PR_Free(head);
+ head = tmp;
+ }
+ }
+
+ if(ctx->keyCert != NULL) {
+ CERT_DestroyCertificate(ctx->keyCert);
+ }
+
+ memset(ctx, 0, sizeof(xmlSecNssX509DataCtx));
+}
+
+static int
+xmlSecNssKeyDataX509XmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataPtr data;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ data = xmlSecKeyEnsureData(key, id);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyEnsureData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecNssX509DataNodeRead(data, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssX509DataNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS) == 0) {
+ ret = xmlSecNssKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssKeyDataX509VerifyAndExtractKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ return(0);
+}
+
+static int
+xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataPtr data;
+ CERTCertificate* cert;
+ CERTSignedCrl* crl;
+ xmlSecSize size, pos;
+ int content = 0;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx);
+ if (content < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecX509DataGetNodeContent",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "content=%d", content);
+ return(-1);
+ } else if(content == 0) {
+ /* by default we are writing certificates and crls */
+ content = XMLSEC_X509DATA_DEFAULT;
+ }
+
+ /* get x509 data */
+ data = xmlSecKeyGetData(key, id);
+ if(data == NULL) {
+ /* no x509 data in the key */
+ return(0);
+ }
+
+ /* write certs */
+ size = xmlSecNssKeyDataX509GetCertsSize(data);
+ for(pos = 0; pos < size; ++pos) {
+ cert = xmlSecNssKeyDataX509GetCert(data, pos);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssKeyDataX509GetCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+
+ if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) {
+ ret = xmlSecNssX509CertificateNodeWrite(cert, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssX509CertificateNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+
+ if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) {
+ ret = xmlSecNssX509SubjectNameNodeWrite(cert, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssX509SubjectNameNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+
+ if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) {
+ ret = xmlSecNssX509IssuerSerialNodeWrite(cert, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssX509IssuerSerialNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+
+ if((content & XMLSEC_X509DATA_SKI_NODE) != 0) {
+ ret = xmlSecNssX509SKINodeWrite(cert, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssX509SKINodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+ }
+
+ /* write crls if needed */
+ if((content & XMLSEC_X509DATA_CRL_NODE) != 0) {
+ size = xmlSecNssKeyDataX509GetCrlsSize(data);
+ for(pos = 0; pos < size; ++pos) {
+ crl = xmlSecNssKeyDataX509GetCrl(data, pos);
+ if(crl == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssKeyDataX509GetCrl",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+
+ ret = xmlSecNssX509CRLNodeWrite(crl, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssX509CRLNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+ }
+
+ return(0);
+}
+
+static xmlSecKeyDataType
+xmlSecNssKeyDataX509GetType(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), xmlSecKeyDataTypeUnknown);
+
+ /* TODO: return verified/not verified status */
+ return(xmlSecKeyDataTypeUnknown);
+}
+
+static const xmlChar*
+xmlSecNssKeyDataX509GetIdentifier(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), NULL);
+
+ /* TODO */
+ return(NULL);
+}
+
+static void
+xmlSecNssKeyDataX509DebugDump(xmlSecKeyDataPtr data, FILE* output) {
+ CERTCertificate* cert;
+ xmlSecSize size, pos;
+
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "=== X509 Data:\n");
+ cert = xmlSecNssKeyDataX509GetKeyCert(data);
+ if(cert != NULL) {
+ fprintf(output, "==== Key Certificate:\n");
+ xmlSecNssX509CertDebugDump(cert, output);
+ }
+
+ size = xmlSecNssKeyDataX509GetCertsSize(data);
+ for(pos = 0; pos < size; ++pos) {
+ cert = xmlSecNssKeyDataX509GetCert(data, pos);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecNssKeyDataX509GetCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return;
+ }
+ fprintf(output, "==== Certificate:\n");
+ xmlSecNssX509CertDebugDump(cert, output);
+ }
+
+ /* we don't print out crls */
+}
+
+static void
+xmlSecNssKeyDataX509DebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+ CERTCertificate* cert;
+ xmlSecSize size, pos;
+
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "<X509Data>\n");
+ cert = xmlSecNssKeyDataX509GetKeyCert(data);
+ if(cert != NULL) {
+ fprintf(output, "<KeyCertificate>\n");
+ xmlSecNssX509CertDebugXmlDump(cert, output);
+ fprintf(output, "</KeyCertificate>\n");
+ }
+
+ size = xmlSecNssKeyDataX509GetCertsSize(data);
+ for(pos = 0; pos < size; ++pos) {
+ cert = xmlSecNssKeyDataX509GetCert(data, pos);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecNssKeyDataX509GetCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return;
+ }
+ fprintf(output, "<Certificate>\n");
+ xmlSecNssX509CertDebugXmlDump(cert, output);
+ fprintf(output, "</Certificate>\n");
+ }
+
+ /* we don't print out crls */
+ fprintf(output, "</X509Data>\n");
+}
+
+static int
+xmlSecNssX509DataNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ for(cur = xmlSecGetNextElementNode(node->children);
+ cur != NULL;
+ cur = xmlSecGetNextElementNode(cur->next)) {
+
+ ret = 0;
+ if(xmlSecCheckNodeName(cur, xmlSecNodeX509Certificate, xmlSecDSigNs)) {
+ ret = xmlSecNssX509CertificateNodeRead(data, cur, keyInfoCtx);
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) {
+ ret = xmlSecNssX509SubjectNameNodeRead(data, cur, keyInfoCtx);
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) {
+ ret = xmlSecNssX509IssuerSerialNodeRead(data, cur, keyInfoCtx);
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) {
+ ret = xmlSecNssX509SKINodeRead(data, cur, keyInfoCtx);
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) {
+ ret = xmlSecNssX509CRLNodeRead(data, cur, keyInfoCtx);
+ } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD) != 0) {
+ /* laxi schema validation: ignore unknown nodes */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "read node failed");
+ return(-1);
+ }
+ }
+ return(0);
+}
+
+static int
+xmlSecNssX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlChar *content;
+ CERTCertificate* cert;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ content = xmlNodeGetContent(node);
+ if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
+ if(content != NULL) {
+ xmlFree(content);
+ }
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+ }
+
+ cert = xmlSecNssX509CertBase64DerRead(content);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecNssX509CertBase64DerRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(content);
+ return(-1);
+ }
+
+ ret = xmlSecNssKeyDataX509AdoptCert(data, cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecNssKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CERT_DestroyCertificate(cert);
+ xmlFree(content);
+ return(-1);
+ }
+
+ xmlFree(content);
+ return(0);
+}
+
+static int
+xmlSecNssX509CertificateNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlChar* buf;
+ xmlNodePtr cur;
+
+ xmlSecAssert2(cert != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ /* set base64 lines size from context */
+ buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssX509CertBase64DerWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
+ xmlFree(buf);
+ return(-1);
+ }
+
+ /* todo: add \n around base64 data - from context */
+ /* todo: add errors check */
+ xmlNodeSetContent(cur, xmlSecStringCR);
+ xmlNodeSetContent(cur, buf);
+ xmlFree(buf);
+ return(0);
+}
+
+static int
+xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataStorePtr x509Store;
+ xmlChar* subject;
+ CERTCertificate* cert;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyInfoCtx->keysMngr != NULL, -1);
+
+ x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecNssX509StoreId);
+ if(x509Store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ subject = xmlNodeGetContent(node);
+ if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) {
+ if(subject != NULL) {
+ xmlFree(subject);
+ }
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+ }
+
+ cert = xmlSecNssX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx);
+ if(cert == NULL){
+
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_FOUND,
+ "subject=%s",
+ xmlSecErrorsSafeString(subject));
+ xmlFree(subject);
+ return(-1);
+ }
+
+ xmlFree(subject);
+ return(0);
+ }
+
+ ret = xmlSecNssKeyDataX509AdoptCert(data, cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecNssKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CERT_DestroyCertificate(cert);
+ xmlFree(subject);
+ return(-1);
+ }
+
+ xmlFree(subject);
+ return(0);
+}
+
+static int
+xmlSecNssX509SubjectNameNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
+ xmlChar* buf = NULL;
+ xmlNodePtr cur = NULL;
+
+ xmlSecAssert2(cert != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ buf = xmlSecNssX509NameWrite(&(cert->subject));
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssX509NameWrite(&(cert->subject))",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SubjectName));
+ xmlFree(buf);
+ return(-1);
+ }
+ xmlSecNodeEncodeAndSetContent(cur, buf);
+ xmlFree(buf);
+ return(0);
+}
+
+static int
+xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataStorePtr x509Store;
+ xmlNodePtr cur;
+ xmlChar *issuerName;
+ xmlChar *issuerSerial;
+ CERTCertificate* cert;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyInfoCtx->keysMngr != NULL, -1);
+
+ x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecNssX509StoreId);
+ if(x509Store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ cur = xmlSecGetNextElementNode(node->children);
+ if(cur == NULL) {
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+ return(0);
+ }
+
+ /* the first is required node X509IssuerName */
+ if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+ issuerName = xmlNodeGetContent(cur);
+ if(issuerName == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ /* next is required node X509SerialNumber */
+ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
+ xmlFree(issuerName);
+ return(-1);
+ }
+ issuerSerial = xmlNodeGetContent(cur);
+ if(issuerSerial == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ xmlFree(issuerName);
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(-1);
+ }
+
+ cert = xmlSecNssX509StoreFindCert(x509Store, NULL, issuerName, issuerSerial, NULL, keyInfoCtx);
+ if(cert == NULL){
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_FOUND,
+ "issuerName=%s;issuerSerial=%s",
+ xmlSecErrorsSafeString(issuerName),
+ xmlSecErrorsSafeString(issuerSerial));
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(-1);
+ }
+
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(0);
+ }
+
+ ret = xmlSecNssKeyDataX509AdoptCert(data, cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecNssKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CERT_DestroyCertificate(cert);
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(-1);
+ }
+
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(0);
+}
+
+static int
+xmlSecNssX509IssuerSerialNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
+ xmlNodePtr cur;
+ xmlNodePtr issuerNameNode;
+ xmlNodePtr issuerNumberNode;
+ xmlChar* buf;
+
+ xmlSecAssert2(cert != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* create xml nodes */
+ cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial));
+ return(-1);
+ }
+
+ issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs);
+ if(issuerNameNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
+ return(-1);
+ }
+
+ issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs);
+ if(issuerNumberNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
+ return(-1);
+ }
+
+ /* write data */
+ buf = xmlSecNssX509NameWrite(&(cert->issuer));
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssX509NameWrite(&(cert->issuer))",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ xmlSecNodeEncodeAndSetContent(issuerNameNode, buf);
+ xmlFree(buf);
+
+ buf = xmlSecNssASN1IntegerWrite(&(cert->serialNumber));
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssASN1IntegerWrite(&(cert->serialNumber))",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ xmlNodeSetContent(issuerNumberNode, buf);
+ xmlFree(buf);
+
+ return(0);
+}
+
+static int
+xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataStorePtr x509Store;
+ xmlChar* ski;
+ CERTCertificate* cert;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyInfoCtx->keysMngr != NULL, -1);
+
+ x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecNssX509StoreId);
+ if(x509Store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ski = xmlNodeGetContent(node);
+ if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) {
+ if(ski != NULL) {
+ xmlFree(ski);
+ }
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SKI));
+ return(-1);
+ }
+ return(0);
+ }
+
+ cert = xmlSecNssX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx);
+ if(cert == NULL){
+ xmlFree(ski);
+
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_FOUND,
+ "ski=%s",
+ xmlSecErrorsSafeString(ski));
+ return(-1);
+ }
+ return(0);
+ }
+
+ ret = xmlSecNssKeyDataX509AdoptCert(data, cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecNssKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CERT_DestroyCertificate(cert);
+ xmlFree(ski);
+ return(-1);
+ }
+
+ xmlFree(ski);
+ return(0);
+}
+
+static int
+xmlSecNssX509SKINodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
+ xmlChar *buf = NULL;
+ xmlNodePtr cur = NULL;
+
+ xmlSecAssert2(cert != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ buf = xmlSecNssX509SKIWrite(cert);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssX509SKIWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "new_node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SKI));
+ xmlFree(buf);
+ return(-1);
+ }
+ xmlSecNodeEncodeAndSetContent(cur, buf);
+ xmlFree(buf);
+
+ return(0);
+}
+
+static int
+xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlChar *content;
+ CERTSignedCrl* crl;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ content = xmlNodeGetContent(node);
+ if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
+ if(content != NULL) {
+ xmlFree(content);
+ }
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+ }
+
+ crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx);
+ if(crl == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecNssX509CrlBase64DerRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(content);
+ return(-1);
+ }
+
+ SEC_DestroyCrl(crl);
+ xmlFree(content);
+ return(0);
+}
+
+static int
+xmlSecNssX509CRLNodeWrite(CERTSignedCrl* crl, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlChar* buf = NULL;
+ xmlNodePtr cur = NULL;
+
+ xmlSecAssert2(crl != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ /* set base64 lines size from context */
+ buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssX509CrlBase64DerWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "new_node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509CRL));
+ xmlFree(buf);
+ return(-1);
+ }
+ /* todo: add \n around base64 data - from context */
+ /* todo: add errors check */
+ xmlNodeSetContent(cur, xmlSecStringCR);
+ xmlNodeSetContent(cur, buf);
+ xmlFree(buf);
+
+ return(0);
+}
+
+
+static int
+xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecNssX509DataCtxPtr ctx;
+ xmlSecKeyDataStorePtr x509Store;
+ int ret;
+ SECStatus status;
+ PRTime notBefore, notAfter;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyInfoCtx->keysMngr != NULL, -1);
+
+ ctx = xmlSecNssX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecNssX509StoreId);
+ if(x509Store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((ctx->keyCert == NULL) && (ctx->certsList != NULL) && (xmlSecKeyGetValue(key) == NULL)) {
+ CERTCertificate* cert;
+
+ cert = xmlSecNssX509StoreVerify(x509Store, ctx->certsList, keyInfoCtx);
+ if(cert != NULL) {
+ xmlSecKeyDataPtr keyValue;
+
+ ctx->keyCert = CERT_DupCertificate(cert);
+ if(ctx->keyCert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "CERT_DupCertificate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ keyValue = xmlSecNssX509CertGetKey(ctx->keyCert);
+ if(keyValue == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecNssX509CertGetKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* verify that the key matches our expectations */
+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeyReqMatchKeyValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(keyValue);
+ return(-1);
+ }
+
+ ret = xmlSecKeySetValue(key, keyValue);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(keyValue);
+ return(-1);
+ }
+
+ status = CERT_GetCertTimes(ctx->keyCert, &notBefore, &notAfter);
+ if (status == SECSuccess) {
+ ret = xmlSecNssX509CertGetTime(&notBefore, &(key->notValidBefore));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecNssX509CertGetTime",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "notValidBefore");
+ return(-1);
+ }
+ ret = xmlSecNssX509CertGetTime(&notAfter, &(key->notValidAfter));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecNssX509CertGetTime",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "notValidAfter");
+ return(-1);
+ }
+ } else {
+ key->notValidBefore = key->notValidAfter = 0;
+ }
+ } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ return(0);
+}
+
+static int
+xmlSecNssX509CertGetTime(PRTime* t, time_t* res) {
+
+ PRTime tmp64_1, tmp64_2;
+ PRUint32 tmp32 = 1000000;
+
+ xmlSecAssert2(t != NULL, -1);
+ xmlSecAssert2(res != NULL, -1);
+
+ /* PRTime is time in microseconds since epoch. Divide by 1000000 to
+ * convert to seconds, then convert to an unsigned 32 bit number
+ */
+ (*res) = 0;
+ LL_UI2L(tmp64_1, tmp32);
+ LL_DIV(tmp64_2, *t, tmp64_1);
+ LL_L2UI(tmp32, tmp64_2);
+
+ (*res) = (time_t)(tmp32);
+
+ return(0);
+}
+
+/**
+ * xmlSecNssX509CertGetKey:
+ * @cert: the certificate.
+ *
+ * Extracts public key from the @cert.
+ *
+ * Returns: public key value or NULL if an error occurs.
+ */
+xmlSecKeyDataPtr
+xmlSecNssX509CertGetKey(CERTCertificate* cert) {
+ xmlSecKeyDataPtr data;
+ SECKEYPublicKey *pubkey = NULL;
+
+ xmlSecAssert2(cert != NULL, NULL);
+
+ pubkey = CERT_ExtractPublicKey(cert);
+ if(pubkey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CERT_ExtractPublicKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(NULL);
+ }
+
+ data = xmlSecNssPKIAdoptKey(NULL, pubkey);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssPKIAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ SECKEY_DestroyPublicKey(pubkey);
+ return(NULL);
+ }
+
+ return(data);
+}
+
+static CERTCertificate*
+xmlSecNssX509CertBase64DerRead(xmlChar* buf) {
+ int ret;
+
+ xmlSecAssert2(buf != NULL, NULL);
+
+ /* usual trick with base64 decoding "in-place" */
+ ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Decode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ return(xmlSecNssX509CertDerRead((xmlSecByte*)buf, ret));
+}
+
+
+static CERTCertificate*
+xmlSecNssX509CertDerRead(const xmlSecByte* buf, xmlSecSize size) {
+ CERTCertificate *cert;
+ SECItem derCert;
+
+ xmlSecAssert2(buf != NULL, NULL);
+ xmlSecAssert2(size > 0, NULL);
+
+ derCert.data = (unsigned char *)buf;
+ derCert.len = size;
+
+ /* decode cert and import to temporary cert db */
+ cert = __CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &derCert,
+ NULL, PR_FALSE, PR_TRUE);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "__CERT_NewTempCertificate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(NULL);
+ }
+
+
+ return(cert);
+}
+
+static xmlChar*
+xmlSecNssX509CertBase64DerWrite(CERTCertificate* cert, int base64LineWrap) {
+ xmlChar *res = NULL;
+ xmlSecByte *p = NULL;
+ long size;
+
+ xmlSecAssert2(cert != NULL, NULL);
+
+ p = cert->derCert.data;
+ size = cert->derCert.len;
+ if((size <= 0) || (p == NULL)){
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "cert->derCert",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(NULL);
+ }
+
+ res = xmlSecBase64Encode(p, size, base64LineWrap);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ return(res);
+}
+
+static CERTSignedCrl*
+xmlSecNssX509CrlBase64DerRead(xmlChar* buf,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ int ret;
+
+ xmlSecAssert2(buf != NULL, NULL);
+
+ /* usual trick with base64 decoding "in-place" */
+ ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Decode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ return(xmlSecNssX509CrlDerRead((xmlSecByte*)buf, ret, keyInfoCtx));
+}
+
+
+static CERTSignedCrl*
+xmlSecNssX509CrlDerRead(xmlSecByte* buf, xmlSecSize size,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ CERTSignedCrl *crl = NULL;
+ SECItem derCrl;
+ PK11SlotInfo *slot = NULL;
+ PRInt32 importOptions = CRL_IMPORT_DEFAULT_OPTIONS;
+
+ xmlSecAssert2(buf != NULL, NULL);
+ xmlSecAssert2(keyInfoCtx != NULL, NULL);
+ xmlSecAssert2(size > 0, NULL);
+
+ derCrl.data = buf;
+ derCrl.len = size;
+
+ /* we're importing a CRL, it is ok to use the internal slot.
+ * crlutil does it :)
+ */
+ slot = xmlSecNssGetInternalKeySlot();
+ if (slot == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssGetInternalKeySlot",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return NULL;
+ }
+
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_SKIP_STRICT_CHECKS) != 0)
+ importOptions |= CRL_IMPORT_BYPASS_CHECKS;
+
+ crl = PK11_ImportCRL(slot, &derCrl, NULL, SEC_CRL_TYPE, NULL,
+ importOptions, NULL, CRL_DECODE_DEFAULT_OPTIONS);
+
+ if(crl == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_ImportCRL",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ PK11_FreeSlot(slot);
+ return(NULL);
+ }
+
+ PK11_FreeSlot(slot);
+ return(crl);
+}
+
+static xmlChar*
+xmlSecNssX509CrlBase64DerWrite(CERTSignedCrl* crl, int base64LineWrap) {
+ xmlChar *res = NULL;
+ xmlSecByte *p = NULL;
+ long size;
+
+ xmlSecAssert2(crl != NULL && crl->derCrl != NULL, NULL);
+
+ p = crl->derCrl->data;
+ size = crl->derCrl->len;
+ if((size <= 0) || (p == NULL)){
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "crl->derCrl",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(NULL);
+ }
+
+ res = xmlSecBase64Encode(p, size, base64LineWrap);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ return(res);
+}
+
+static xmlChar*
+xmlSecNssX509NameWrite(CERTName* nm) {
+ xmlChar *res = NULL;
+ char *str;
+
+ xmlSecAssert2(nm != NULL, NULL);
+
+ str = CERT_NameToAscii(nm);
+ if (str == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CERT_NameToAscii",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ res = xmlStrdup(BAD_CAST str);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlStrdup",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ PORT_Free(str);
+ return(NULL);
+ }
+ PORT_Free(str);
+ return(res);
+}
+
+static xmlChar*
+xmlSecNssASN1IntegerWrite(SECItem *num) {
+ xmlChar *res = NULL;
+ int resLen = 64; /* not more than 64 chars */
+ PRUint64 val = 0;
+ unsigned int ii = 0;
+ int shift = 0;
+
+ xmlSecAssert2(num != NULL, NULL);
+ xmlSecAssert2(num->type == siBuffer, NULL);
+ xmlSecAssert2(num->len <= 9, NULL);
+ xmlSecAssert2(num->data != NULL, NULL);
+
+ /* HACK : to be fixed after
+ * NSS bug http://bugzilla.mozilla.org/show_bug.cgi?id=212864 is fixed
+ */
+ for(ii = num->len; ii > 0; --ii, shift += 8) {
+ val |= ((PRUint64)num->data[ii - 1]) << shift;
+ }
+
+ res = (xmlChar*)xmlMalloc(resLen + 1);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlStrdup",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return (NULL);
+ }
+
+ PR_snprintf((char*)res, resLen, "%llu", val);
+ return(res);
+}
+
+static xmlChar*
+xmlSecNssX509SKIWrite(CERTCertificate* cert) {
+ xmlChar *res = NULL;
+ SECItem ski;
+ SECStatus rv;
+
+ xmlSecAssert2(cert != NULL, NULL);
+
+ memset(&ski, 0, sizeof(ski));
+
+ rv = CERT_FindSubjectKeyIDExtension(cert, &ski);
+ if (rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CERT_FindSubjectKeyIDExtension",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ SECITEM_FreeItem(&ski, PR_FALSE);
+ return(NULL);
+ }
+
+ res = xmlSecBase64Encode(ski.data, ski.len, 0);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ SECITEM_FreeItem(&ski, PR_FALSE);
+ return(NULL);
+ }
+ SECITEM_FreeItem(&ski, PR_FALSE);
+
+ return(res);
+}
+
+
+static void
+xmlSecNssX509CertDebugDump(CERTCertificate* cert, FILE* output) {
+ SECItem *sn;
+ unsigned int i;
+
+ xmlSecAssert(cert != NULL);
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "==== Subject Name: %s\n", cert->subjectName);
+ fprintf(output, "==== Issuer Name: %s\n", cert->issuerName);
+ sn = &cert->serialNumber;
+
+ for (i = 0; i < sn->len; i++) {
+ if (i != sn->len - 1) {
+ fprintf(output, "%02x:", sn->data[i]);
+ } else {
+ fprintf(output, "%02x", sn->data[i]);
+ }
+ }
+ fprintf(output, "\n");
+}
+
+
+static void
+xmlSecNssX509CertDebugXmlDump(CERTCertificate* cert, FILE* output) {
+ SECItem *sn;
+ unsigned int i;
+
+ xmlSecAssert(cert != NULL);
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "<SubjectName>");
+ xmlSecPrintXmlString(output, BAD_CAST cert->subjectName);
+ fprintf(output, "</SubjectName>\n");
+
+ fprintf(output, "<IssuerName>");
+ xmlSecPrintXmlString(output, BAD_CAST cert->issuerName);
+ fprintf(output, "</IssuerName>\n");
+
+ fprintf(output, "<SerialNumber>");
+ sn = &cert->serialNumber;
+ for (i = 0; i < sn->len; i++) {
+ if (i != sn->len - 1) {
+ fprintf(output, "%02x:", sn->data[i]);
+ } else {
+ fprintf(output, "%02x", sn->data[i]);
+ }
+ }
+ fprintf(output, "</SerialNumber>\n");
+}
+
+
+/**************************************************************************
+ *
+ * Raw X509 Certificate processing
+ *
+ *
+ *************************************************************************/
+static int xmlSecNssKeyDataRawX509CertBinRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+
+static xmlSecKeyDataKlass xmlSecNssKeyDataRawX509CertKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ sizeof(xmlSecKeyData),
+
+ /* data */
+ xmlSecNameRawX509Cert,
+ xmlSecKeyDataUsageRetrievalMethodNodeBin,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefRawX509Cert, /* const xmlChar* href; */
+ NULL, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ NULL, /* xmlSecKeyDataInitializeMethod initialize; */
+ NULL, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ NULL, /* xmlSecKeyDataFinalizeMethod finalize; */
+ NULL, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ NULL, /* xmlSecKeyDataGetTypeMethod getType; */
+ NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecNssKeyDataRawX509CertBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ NULL, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ NULL, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssKeyDataRawX509CertGetKlass:
+ *
+ * The raw X509 certificates key data klass.
+ *
+ * Returns: raw X509 certificates key data klass.
+ */
+xmlSecKeyDataId
+xmlSecNssKeyDataRawX509CertGetKlass(void) {
+ return(&xmlSecNssKeyDataRawX509CertKlass);
+}
+
+static int
+xmlSecNssKeyDataRawX509CertBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ const xmlSecByte* buf, xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataPtr data;
+ CERTCertificate* cert;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecNssKeyDataRawX509CertId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(bufSize > 0, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ cert = xmlSecNssX509CertDerRead(buf, bufSize);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssX509CertDerRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ data = xmlSecKeyEnsureData(key, xmlSecNssKeyDataX509Id);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyEnsureData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CERT_DestroyCertificate(cert);
+ return(-1);
+ }
+
+ ret = xmlSecNssKeyDataX509AdoptCert(data, cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ CERT_DestroyCertificate(cert);
+ return(-1);
+ }
+
+ ret = xmlSecNssKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecNssKeyDataX509VerifyAndExtractKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+#endif /* XMLSEC_NO_X509 */
diff --git a/src/nss/x509vfy.c b/src/nss/x509vfy.c
new file mode 100644
index 00000000..fdb866fe
--- /dev/null
+++ b/src/nss/x509vfy.c
@@ -0,0 +1,808 @@
+/**
+ * XMLSec library
+ *
+ * X509 support
+ *
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (c) 2003 America Online, Inc. All rights reserved.
+ */
+#include "globals.h"
+
+#ifndef XMLSEC_NO_X509
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+
+#include <cert.h>
+#include <secerr.h>
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/nss/crypto.h>
+#include <xmlsec/nss/x509.h>
+
+/**************************************************************************
+ *
+ * Internal NSS X509 store CTX
+ *
+ *************************************************************************/
+typedef struct _xmlSecNssX509StoreCtx xmlSecNssX509StoreCtx,
+ *xmlSecNssX509StoreCtxPtr;
+struct _xmlSecNssX509StoreCtx {
+ /* Two uses:
+ *
+ * 1) Just keeping a reference to destroy later.
+ *
+ * 2) NSS doesn't update it's cache correctly when new certs are added
+ * https://bugzilla.mozilla.org/show_bug.cgi?id=211051
+ * we use this list to perform search ourselves.
+ */
+
+ CERTCertList* certsList; /* just keeping a reference to destroy later */
+};
+
+/****************************************************************************
+ *
+ * xmlSecNssKeyDataStoreX509Id:
+ *
+ * xmlSecNssX509StoreCtx is located after xmlSecTransform
+ *
+ ***************************************************************************/
+#define xmlSecNssX509StoreGetCtx(store) \
+ ((xmlSecNssX509StoreCtxPtr)(((xmlSecByte*)(store)) + \
+ sizeof(xmlSecKeyDataStoreKlass)))
+#define xmlSecNssX509StoreSize \
+ (sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecNssX509StoreCtx))
+
+static int xmlSecNssX509StoreInitialize (xmlSecKeyDataStorePtr store);
+static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store);
+static int xmlSecNssX509NameStringRead (xmlSecByte **str,
+ int *strLen,
+ xmlSecByte *res,
+ int resLen,
+ xmlSecByte delim,
+ int ingoreTrailingSpaces);
+static xmlSecByte * xmlSecNssX509NameRead (xmlSecByte *str,
+ int len);
+
+static int xmlSecNssNumToItem (SECItem *it,
+ PRUint64 num);
+
+
+static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = {
+ sizeof(xmlSecKeyDataStoreKlass),
+ xmlSecNssX509StoreSize,
+
+ /* data */
+ xmlSecNameX509Store, /* const xmlChar* name; */
+
+ /* constructors/destructor */
+ xmlSecNssX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */
+ xmlSecNssX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+static CERTCertificate* xmlSecNssX509FindCert(CERTCertList* certsList,
+ const xmlChar *subjectName,
+ const xmlChar *issuerName,
+ const xmlChar *issuerSerial,
+ xmlChar *ski);
+
+
+/**
+ * xmlSecNssX509StoreGetKlass:
+ *
+ * The NSS X509 certificates key data store klass.
+ *
+ * Returns: pointer to NSS X509 certificates key data store klass.
+ */
+xmlSecKeyDataStoreId
+xmlSecNssX509StoreGetKlass(void) {
+ return(&xmlSecNssX509StoreKlass);
+}
+
+/**
+ * xmlSecNssX509StoreFindCert:
+ * @store: the pointer to X509 key data store klass.
+ * @subjectName: the desired certificate name.
+ * @issuerName: the desired certificate issuer name.
+ * @issuerSerial: the desired certificate issuer serial number.
+ * @ski: the desired certificate SKI.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ *
+ * Searches @store for a certificate that matches given criteria.
+ *
+ * Returns: pointer to found certificate or NULL if certificate is not found
+ * or an error occurs.
+ */
+CERTCertificate *
+xmlSecNssX509StoreFindCert(xmlSecKeyDataStorePtr store, xmlChar *subjectName,
+ xmlChar *issuerName, xmlChar *issuerSerial,
+ xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) {
+ xmlSecNssX509StoreCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL);
+ xmlSecAssert2(keyInfoCtx != NULL, NULL);
+
+ ctx = xmlSecNssX509StoreGetCtx(store);
+ xmlSecAssert2(ctx != NULL, NULL);
+
+ return xmlSecNssX509FindCert(ctx->certsList, subjectName, issuerName, issuerSerial, ski);
+}
+
+/**
+ * xmlSecNssX509StoreVerify:
+ * @store: the pointer to X509 key data store klass.
+ * @certs: the untrusted certificates stack.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ *
+ * Verifies @certs list.
+ *
+ * Returns: pointer to the first verified certificate from @certs.
+ */
+CERTCertificate *
+xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs,
+ xmlSecKeyInfoCtx* keyInfoCtx) {
+ xmlSecNssX509StoreCtxPtr ctx;
+ CERTCertListNode* head;
+ CERTCertificate* cert = NULL;
+ CERTCertListNode* head1;
+ CERTCertificate* cert1 = NULL;
+ SECStatus status = SECFailure;
+ int64 timeboundary;
+ int64 tmp1, tmp2;
+
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL);
+ xmlSecAssert2(certs != NULL, NULL);
+ xmlSecAssert2(keyInfoCtx != NULL, NULL);
+
+ ctx = xmlSecNssX509StoreGetCtx(store);
+ xmlSecAssert2(ctx != NULL, NULL);
+
+ for (head = CERT_LIST_HEAD(certs);
+ !CERT_LIST_END(head, certs);
+ head = CERT_LIST_NEXT(head)) {
+ cert = head->cert;
+ if(keyInfoCtx->certsVerificationTime > 0) {
+ /* convert the time since epoch in seconds to microseconds */
+ LL_UI2L(timeboundary, keyInfoCtx->certsVerificationTime);
+ tmp1 = (int64)PR_USEC_PER_SEC;
+ tmp2 = timeboundary;
+ LL_MUL(timeboundary, tmp1, tmp2);
+ } else {
+ timeboundary = PR_Now();
+ }
+
+ /* if cert is the issuer of any other cert in the list, then it is
+ * to be skipped */
+ for (head1 = CERT_LIST_HEAD(certs);
+ !CERT_LIST_END(head1, certs);
+ head1 = CERT_LIST_NEXT(head1)) {
+
+ cert1 = head1->cert;
+ if (cert1 == cert) {
+ continue;
+ }
+
+ if (SECITEM_CompareItem(&cert1->derIssuer, &cert->derSubject)
+ == SECEqual) {
+ break;
+ }
+ }
+
+ if (!CERT_LIST_END(head1, certs)) {
+ continue;
+ }
+
+ status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(),
+ cert, PR_FALSE,
+ (SECCertificateUsage)0,
+ timeboundary , NULL, NULL, NULL);
+ if (status == SECSuccess) {
+ break;
+ }
+ }
+
+ if (status == SECSuccess) {
+ return (cert);
+ }
+
+ switch(PORT_GetError()) {
+ case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
+ case SEC_ERROR_CA_CERT_INVALID:
+ case SEC_ERROR_UNKNOWN_SIGNER:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_ISSUER_FAILED,
+ "cert with subject name %s could not be verified because the issuer's cert is expired/invalid or not found",
+ cert->subjectName);
+ break;
+ case SEC_ERROR_EXPIRED_CERTIFICATE:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_HAS_EXPIRED,
+ "cert with subject name %s has expired",
+ cert->subjectName);
+ break;
+ case SEC_ERROR_REVOKED_CERTIFICATE:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_REVOKED,
+ "cert with subject name %s has been revoked",
+ cert->subjectName);
+ break;
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_VERIFY_FAILED,
+ "cert with subject name %s could not be verified, errcode %d",
+ cert->subjectName,
+ PORT_GetError());
+ break;
+ }
+
+ return (NULL);
+}
+
+/**
+ * xmlSecNssX509StoreAdoptCert:
+ * @store: the pointer to X509 key data store klass.
+ * @cert: the pointer to NSS X509 certificate.
+ * @type: the certificate type (trusted/untrusted).
+ *
+ * Adds trusted (root) or untrusted certificate to the store.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecNssX509StoreAdoptCert(xmlSecKeyDataStorePtr store, CERTCertificate* cert, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+ xmlSecNssX509StoreCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1);
+ xmlSecAssert2(cert != NULL, -1);
+
+ ctx = xmlSecNssX509StoreGetCtx(store);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if(ctx->certsList == NULL) {
+ ctx->certsList = CERT_NewCertList();
+ if(ctx->certsList == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "CERT_NewCertList",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+ }
+
+ ret = CERT_AddCertToListTail(ctx->certsList, cert);
+ if(ret != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "CERT_AddCertToListTail",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecNssX509StoreInitialize(xmlSecKeyDataStorePtr store) {
+ xmlSecNssX509StoreCtxPtr ctx;
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), -1);
+
+ ctx = xmlSecNssX509StoreGetCtx(store);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx));
+
+ return(0);
+}
+
+static void
+xmlSecNssX509StoreFinalize(xmlSecKeyDataStorePtr store) {
+ xmlSecNssX509StoreCtxPtr ctx;
+ xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId));
+
+ ctx = xmlSecNssX509StoreGetCtx(store);
+ xmlSecAssert(ctx != NULL);
+
+ if (ctx->certsList) {
+ CERT_DestroyCertList(ctx->certsList);
+ ctx->certsList = NULL;
+ }
+
+ memset(ctx, 0, sizeof(xmlSecNssX509StoreCtx));
+}
+
+
+/*****************************************************************************
+ *
+ * Low-level x509 functions
+ *
+ *****************************************************************************/
+static CERTName *
+xmlSecNssGetCertName(const xmlChar * name) {
+ xmlChar *tmp, *name2;
+ xmlChar *p;
+ CERTName *res;
+
+ xmlSecAssert2(name != NULL, NULL);
+
+ /* nss doesn't support emailAddress (see https://bugzilla.mozilla.org/show_bug.cgi?id=561689)
+ * This code is not bullet proof and may produce incorrect results if someone has
+ * "emailAddress=" string in one of the fields, but it is best I can suggest to fix
+ * this problem.
+ */
+ name2 = xmlStrdup(name);
+ if(name2 == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "xmlStrlen(name)=%d",
+ xmlStrlen(name));
+ return(NULL);
+ }
+ while( (p = (xmlChar*)xmlStrstr(name2, BAD_CAST "emailAddress=")) != NULL) {
+ memcpy(p, " E=", 13);
+ }
+
+ tmp = xmlSecNssX509NameRead(name2, xmlStrlen(name2));
+ if(tmp == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssX509NameRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name2=\"%s\"",
+ xmlSecErrorsSafeString(name2));
+ xmlFree(name2);
+ return(NULL);
+ }
+
+ res = CERT_AsciiToName((char*)tmp);
+ if (name == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CERT_AsciiToName",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ascii=\"%s\", error code=%d",
+ xmlSecErrorsSafeString((char*)tmp),
+ PORT_GetError());
+ PORT_Free(tmp);
+ xmlFree(name2);
+ return(NULL);
+ }
+
+ PORT_Free(tmp);
+ return(res);
+}
+
+static CERTCertificate*
+xmlSecNssX509FindCert(CERTCertList* certsList, const xmlChar *subjectName,
+ const xmlChar *issuerName, const xmlChar *issuerSerial,
+ xmlChar *ski) {
+ CERTCertificate *cert = NULL;
+ CERTName *name = NULL;
+ SECItem *nameitem = NULL;
+ CERTCertListNode* head;
+ SECItem tmpitem;
+ SECStatus status;
+ PRArenaPool *arena = NULL;
+ int rv;
+
+ if ((cert == NULL) && (subjectName != NULL)) {
+ name = xmlSecNssGetCertName(subjectName);
+ if (name == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssGetCertName",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "subject=%s",
+ xmlSecErrorsSafeString(subjectName));
+ goto done;
+ }
+
+ if(arena == NULL) {
+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ if (arena == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PORT_NewArena",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ }
+
+ nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name,
+ SEC_ASN1_GET(CERT_NameTemplate));
+ if (nameitem == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "SEC_ASN1EncodeItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "error code=%d", PORT_GetError());
+ goto done;
+ }
+
+ cert = CERT_FindCertByName(CERT_GetDefaultCertDB(), nameitem);
+ }
+
+ if((cert == NULL) && (issuerName != NULL) && (issuerSerial != NULL)) {
+ CERTIssuerAndSN issuerAndSN;
+ PRUint64 issuerSN = 0;
+
+ name = xmlSecNssGetCertName(issuerName);
+ if (name == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssGetCertName",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "issuer=%s",
+ xmlSecErrorsSafeString(issuerName));
+ goto done;
+ }
+
+ if(arena == NULL) {
+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ if (arena == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PORT_NewArena",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ }
+
+ nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name,
+ SEC_ASN1_GET(CERT_NameTemplate));
+ if (nameitem == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "SEC_ASN1EncodeItem",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ goto done;
+ }
+
+ memset(&issuerAndSN, 0, sizeof(issuerAndSN));
+
+ issuerAndSN.derIssuer.data = nameitem->data;
+ issuerAndSN.derIssuer.len = nameitem->len;
+
+ /* TBD: serial num can be arbitrarily long */
+ if(PR_sscanf((char *)issuerSerial, "%llu", &issuerSN) != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PR_sscanf",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "error code=%d", PR_GetError());
+ SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE);
+ goto done;
+ }
+
+ rv = xmlSecNssNumToItem(&issuerAndSN.serialNumber, issuerSN);
+ if(rv <= 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssNumToItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "error code=%d", PR_GetError());
+ SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE);
+ goto done;
+ }
+
+ cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), &issuerAndSN);
+ SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE);
+ }
+
+ if((cert == NULL) && (ski != NULL)) {
+ SECItem subjKeyID;
+ int len;
+
+ len = xmlSecBase64Decode(ski, (xmlSecByte*)ski, xmlStrlen(ski));
+ if(len < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Decode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ski=%s",
+ xmlSecErrorsSafeString(ski));
+ goto done;
+ }
+
+ memset(&subjKeyID, 0, sizeof(subjKeyID));
+ subjKeyID.data = ski;
+ subjKeyID.len = len;
+ cert = CERT_FindCertBySubjectKeyID(CERT_GetDefaultCertDB(),
+ &subjKeyID);
+
+ /* try to search in our list - NSS doesn't update it's cache correctly
+ * when new certs are added https://bugzilla.mozilla.org/show_bug.cgi?id=211051
+ */
+ if((cert == NULL) && (certsList != NULL)) {
+
+ for(head = CERT_LIST_HEAD(certsList);
+ (cert == NULL) && !CERT_LIST_END(head, certsList) &&
+ (head != NULL) && (head->cert != NULL);
+ head = CERT_LIST_NEXT(head)
+ ) {
+
+ memset(&tmpitem, 0, sizeof(tmpitem));
+ status = CERT_FindSubjectKeyIDExtension(head->cert, &tmpitem);
+ if (status != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CERT_FindSubjectKeyIDExtension",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ski");
+ SECITEM_FreeItem(&tmpitem, PR_FALSE);
+ goto done;
+ }
+
+ if((tmpitem.len == subjKeyID.len) &&
+ (memcmp(tmpitem.data, subjKeyID.data, subjKeyID.len) == 0)
+ ) {
+ cert = CERT_DupCertificate(head->cert);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CERT_DupCertificate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code=%d", PORT_GetError());
+ SECITEM_FreeItem(&tmpitem, PR_FALSE);
+ goto done;
+ }
+ }
+ SECITEM_FreeItem(&tmpitem, PR_FALSE);
+ }
+ }
+ }
+
+done:
+ if (arena != NULL) {
+ PORT_FreeArena(arena, PR_FALSE);
+ }
+ if (name != NULL) {
+ CERT_DestroyName(name);
+ }
+
+ return(cert);
+}
+
+static xmlSecByte *
+xmlSecNssX509NameRead(xmlSecByte *str, int len) {
+ xmlSecByte name[256];
+ xmlSecByte value[256];
+ xmlSecByte *retval = NULL;
+ xmlSecByte *p = NULL;
+ int nameLen, valueLen;
+
+ xmlSecAssert2(str != NULL, NULL);
+
+ /* return string should be no longer than input string */
+ retval = (xmlSecByte *)PORT_Alloc(len+1);
+ if(retval == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PORT_Alloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ p = retval;
+
+ while(len > 0) {
+ /* skip spaces after comma or semicolon */
+ while((len > 0) && isspace(*str)) {
+ ++str; --len;
+ }
+
+ nameLen = xmlSecNssX509NameStringRead(&str, &len, name, sizeof(name), '=', 0);
+ if(nameLen < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssX509NameStringRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ memcpy(p, name, nameLen);
+ p+=nameLen;
+ *p++='=';
+ if(len > 0) {
+ ++str; --len;
+ if((*str) == '\"') {
+ valueLen = xmlSecNssX509NameStringRead(&str, &len,
+ value, sizeof(value), '"', 1);
+ if(valueLen < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssX509NameStringRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ /* skip spaces before comma or semicolon */
+ while((len > 0) && isspace(*str)) {
+ ++str; --len;
+ }
+ if((len > 0) && ((*str) != ',')) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "comma is expected");
+ goto done;
+ }
+ if(len > 0) {
+ ++str; --len;
+ }
+ *p++='\"';
+ memcpy(p, value, valueLen);
+ p+=valueLen;
+ *p++='\"';
+ } else if((*str) == '#') {
+ /* TODO: read octect values */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "reading octect values is not implemented yet");
+ goto done;
+ } else {
+ valueLen = xmlSecNssX509NameStringRead(&str, &len,
+ value, sizeof(value), ',', 1);
+ if(valueLen < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssX509NameStringRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ memcpy(p, value, valueLen);
+ p+=valueLen;
+ if (len > 0)
+ *p++=',';
+ }
+ } else {
+ valueLen = 0;
+ }
+ if(len > 0) {
+ ++str; --len;
+ }
+ }
+
+ *p = 0;
+ return(retval);
+
+done:
+ PORT_Free(retval);
+ return (NULL);
+}
+
+static int
+xmlSecNssX509NameStringRead(xmlSecByte **str, int *strLen,
+ xmlSecByte *res, int resLen,
+ xmlSecByte delim, int ingoreTrailingSpaces) {
+ xmlSecByte *p, *q, *nonSpace;
+
+ xmlSecAssert2(str != NULL, -1);
+ xmlSecAssert2(strLen != NULL, -1);
+ xmlSecAssert2(res != NULL, -1);
+
+ p = (*str);
+ nonSpace = q = res;
+ while(((p - (*str)) < (*strLen)) && ((*p) != delim) && ((q - res) < resLen)) {
+ if((*p) != '\\') {
+ if(ingoreTrailingSpaces && !isspace(*p)) {
+ nonSpace = q;
+ }
+ *(q++) = *(p++);
+ } else {
+ ++p;
+ nonSpace = q;
+ if(xmlSecIsHex((*p))) {
+ if((p - (*str) + 1) >= (*strLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "two hex digits expected");
+ return(-1);
+ }
+ *(q++) = xmlSecGetHex(p[0]) * 16 + xmlSecGetHex(p[1]);
+ p += 2;
+ } else {
+ if(((++p) - (*str)) >= (*strLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "escaped symbol missed");
+ return(-1);
+ }
+ *(q++) = *(p++);
+ }
+ }
+ }
+ if(((p - (*str)) < (*strLen)) && ((*p) != delim)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "buffer is too small");
+ return(-1);
+ }
+ (*strLen) -= (p - (*str));
+ (*str) = p;
+ return((ingoreTrailingSpaces) ? nonSpace - res + 1 : q - res);
+}
+
+/* code lifted from NSS */
+static int
+xmlSecNssNumToItem(SECItem *it, PRUint64 ui)
+{
+ unsigned char bb[9];
+ unsigned int zeros_len;
+
+ xmlSecAssert2(it != NULL, -1);
+
+ bb[0] = 0; /* important: we should have 0 at the beginning! */
+ bb[1] = (unsigned char) (ui >> 56);
+ bb[2] = (unsigned char) (ui >> 48);
+ bb[3] = (unsigned char) (ui >> 40);
+ bb[4] = (unsigned char) (ui >> 32);
+ bb[5] = (unsigned char) (ui >> 24);
+ bb[6] = (unsigned char) (ui >> 16);
+ bb[7] = (unsigned char) (ui >> 8);
+ bb[8] = (unsigned char) (ui);
+
+ /*
+ ** Small integers are encoded in a single byte. Larger integers
+ ** require progressively more space. Start from 1 because byte at
+ ** position 0 is zero
+ */
+ for(zeros_len = 1; (zeros_len < sizeof(bb)) && (bb[zeros_len] == 0); ++zeros_len);
+
+ it->len = sizeof(bb) - (zeros_len - 1);
+ it->data = (unsigned char *)PORT_Alloc(it->len);
+ if (it->data == NULL) {
+ it->len = 0;
+ return (-1);
+ }
+
+ PORT_Memcpy(it->data, bb + (zeros_len - 1), it->len);
+ return(it->len);
+}
+#endif /* XMLSEC_NO_X509 */
+
+
diff --git a/src/openssl/Makefile.am b/src/openssl/Makefile.am
new file mode 100644
index 00000000..23c225a1
--- /dev/null
+++ b/src/openssl/Makefile.am
@@ -0,0 +1,56 @@
+NULL =
+
+EXTRA_DIST = \
+ README \
+ $(NULL)
+
+lib_LTLIBRARIES = \
+ libxmlsec1-openssl.la \
+ $(NULL)
+
+libxmlsec1_openssl_la_CPPFLAGS = \
+ -DPACKAGE=\"@PACKAGE@\" \
+ -I../../include \
+ -I$(top_srcdir)/include \
+ $(XMLSEC_DEFINES) \
+ $(OPENSSL_CFLAGS) \
+ $(LIBXSLT_CFLAGS) \
+ $(LIBXML_CFLAGS) \
+ $(NULL)
+
+libxmlsec1_openssl_la_SOURCES =\
+ app.c \
+ bn.c \
+ ciphers.c \
+ crypto.c \
+ digests.c \
+ evp.c \
+ hmac.c \
+ kw_aes.c \
+ kw_des.c \
+ kt_rsa.c \
+ signatures.c \
+ symkeys.c \
+ x509.c \
+ x509vfy.c \
+ globals.h \
+ $(NULL)
+
+if SHAREDLIB_HACK
+libxmlsec1_openssl_la_SOURCES += ../strings.c
+endif
+
+libxmlsec1_openssl_la_LIBADD = \
+ $(OPENSSL_LIBS) \
+ $(LIBXSLT_LIBS) \
+ $(LIBXML_LIBS) \
+ ../libxmlsec1.la \
+ $(NULL)
+
+libxmlsec1_openssl_la_DEPENDENCIES = \
+ $(NULL)
+
+libxmlsec1_openssl_la_LDFLAGS = \
+ @XMLSEC_CRYPTO_EXTRA_LDFLAGS@ \
+ -version-info @XMLSEC_VERSION_INFO@ \
+ $(NULL)
diff --git a/src/openssl/Makefile.in b/src/openssl/Makefile.in
new file mode 100644
index 00000000..8f6bb8f8
--- /dev/null
+++ b/src/openssl/Makefile.in
@@ -0,0 +1,790 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+@SHAREDLIB_HACK_TRUE@am__append_1 = ../strings.c
+subdir = src/openssl
+DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
+ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+ $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+ $(top_srcdir)/configure.in
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+ $(ACLOCAL_M4)
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+ *) f=$$p;; \
+ esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+ for p in $$list; do echo "$$p $$p"; done | \
+ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+ if (++n[$$2] == $(am__install_max)) \
+ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+ END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(libdir)"
+LTLIBRARIES = $(lib_LTLIBRARIES)
+am__DEPENDENCIES_1 =
+am__libxmlsec1_openssl_la_SOURCES_DIST = app.c bn.c ciphers.c crypto.c \
+ digests.c evp.c hmac.c kw_aes.c kw_des.c kt_rsa.c signatures.c \
+ symkeys.c x509.c x509vfy.c globals.h ../strings.c
+am__objects_1 =
+@SHAREDLIB_HACK_TRUE@am__objects_2 = libxmlsec1_openssl_la-strings.lo
+am_libxmlsec1_openssl_la_OBJECTS = libxmlsec1_openssl_la-app.lo \
+ libxmlsec1_openssl_la-bn.lo libxmlsec1_openssl_la-ciphers.lo \
+ libxmlsec1_openssl_la-crypto.lo \
+ libxmlsec1_openssl_la-digests.lo libxmlsec1_openssl_la-evp.lo \
+ libxmlsec1_openssl_la-hmac.lo libxmlsec1_openssl_la-kw_aes.lo \
+ libxmlsec1_openssl_la-kw_des.lo \
+ libxmlsec1_openssl_la-kt_rsa.lo \
+ libxmlsec1_openssl_la-signatures.lo \
+ libxmlsec1_openssl_la-symkeys.lo libxmlsec1_openssl_la-x509.lo \
+ libxmlsec1_openssl_la-x509vfy.lo $(am__objects_1) \
+ $(am__objects_2)
+libxmlsec1_openssl_la_OBJECTS = $(am_libxmlsec1_openssl_la_OBJECTS)
+libxmlsec1_openssl_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+ $(libxmlsec1_openssl_la_LDFLAGS) $(LDFLAGS) -o $@
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libxmlsec1_openssl_la_SOURCES)
+DIST_SOURCES = $(am__libxmlsec1_openssl_la_SOURCES_DIST)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CP = @CP@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GCRYPT_CFLAGS = @GCRYPT_CFLAGS@
+GCRYPT_CRYPTO_LIB = @GCRYPT_CRYPTO_LIB@
+GCRYPT_LIBS = @GCRYPT_LIBS@
+GCRYPT_MIN_VERSION = @GCRYPT_MIN_VERSION@
+GNUTLS_CFLAGS = @GNUTLS_CFLAGS@
+GNUTLS_CRYPTO_LIB = @GNUTLS_CRYPTO_LIB@
+GNUTLS_LIBS = @GNUTLS_LIBS@
+GNUTLS_MIN_VERSION = @GNUTLS_MIN_VERSION@
+GREP = @GREP@
+HELP2MAN = @HELP2MAN@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBTOOL = @LIBTOOL@
+LIBXML_CFLAGS = @LIBXML_CFLAGS@
+LIBXML_CONFIG = @LIBXML_CONFIG@
+LIBXML_LIBS = @LIBXML_LIBS@
+LIBXML_MIN_VERSION = @LIBXML_MIN_VERSION@
+LIBXSLT_CFLAGS = @LIBXSLT_CFLAGS@
+LIBXSLT_CONFIG = @LIBXSLT_CONFIG@
+LIBXSLT_LIBS = @LIBXSLT_LIBS@
+LIBXSLT_MIN_VERSION = @LIBXSLT_MIN_VERSION@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MAN2HTML = @MAN2HTML@
+MKDIR_P = @MKDIR_P@
+MOZILLA_MIN_VERSION = @MOZILLA_MIN_VERSION@
+MSCRYPTO_CFLAGS = @MSCRYPTO_CFLAGS@
+MSCRYPTO_CRYPTO_LIB = @MSCRYPTO_CRYPTO_LIB@
+MSCRYPTO_LIBS = @MSCRYPTO_LIBS@
+MV = @MV@
+NM = @NM@
+NMEDIT = @NMEDIT@
+NSPR_MIN_VERSION = @NSPR_MIN_VERSION@
+NSPR_PACKAGE = @NSPR_PACKAGE@
+NSS_CFLAGS = @NSS_CFLAGS@
+NSS_CRYPTO_LIB = @NSS_CRYPTO_LIB@
+NSS_LIBS = @NSS_LIBS@
+NSS_MIN_VERSION = @NSS_MIN_VERSION@
+NSS_PACKAGE = @NSS_PACKAGE@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OPENSSL_CFLAGS = @OPENSSL_CFLAGS@
+OPENSSL_CRYPTO_LIB = @OPENSSL_CRYPTO_LIB@
+OPENSSL_LIBS = @OPENSSL_LIBS@
+OPENSSL_MIN_VERSION = @OPENSSL_MIN_VERSION@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKGCONFIG_PRESENT = @PKGCONFIG_PRESENT@
+PKG_CONFIG = @PKG_CONFIG@
+PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
+PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+RANLIB = @RANLIB@
+RM = @RM@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+TAR = @TAR@
+U = @U@
+VERSION = @VERSION@
+XMLSEC_APP_DEFINES = @XMLSEC_APP_DEFINES@
+XMLSEC_CFLAGS = @XMLSEC_CFLAGS@
+XMLSEC_CORE_CFLAGS = @XMLSEC_CORE_CFLAGS@
+XMLSEC_CORE_LIBS = @XMLSEC_CORE_LIBS@
+XMLSEC_CRYPTO = @XMLSEC_CRYPTO@
+XMLSEC_CRYPTO_CFLAGS = @XMLSEC_CRYPTO_CFLAGS@
+XMLSEC_CRYPTO_DISABLED_LIST = @XMLSEC_CRYPTO_DISABLED_LIST@
+XMLSEC_CRYPTO_EXTRA_LDFLAGS = @XMLSEC_CRYPTO_EXTRA_LDFLAGS@
+XMLSEC_CRYPTO_LIB = @XMLSEC_CRYPTO_LIB@
+XMLSEC_CRYPTO_LIBS = @XMLSEC_CRYPTO_LIBS@
+XMLSEC_CRYPTO_LIST = @XMLSEC_CRYPTO_LIST@
+XMLSEC_CRYPTO_PC_FILES_LIST = @XMLSEC_CRYPTO_PC_FILES_LIST@
+XMLSEC_DEFINES = @XMLSEC_DEFINES@
+XMLSEC_DL_INCLUDES = @XMLSEC_DL_INCLUDES@
+XMLSEC_DL_LIBS = @XMLSEC_DL_LIBS@
+XMLSEC_DOCDIR = @XMLSEC_DOCDIR@
+XMLSEC_EXTRA_LDFLAGS = @XMLSEC_EXTRA_LDFLAGS@
+XMLSEC_GCRYPT_CFLAGS = @XMLSEC_GCRYPT_CFLAGS@
+XMLSEC_GCRYPT_LIBS = @XMLSEC_GCRYPT_LIBS@
+XMLSEC_GNUTLS_CFLAGS = @XMLSEC_GNUTLS_CFLAGS@
+XMLSEC_GNUTLS_LIBS = @XMLSEC_GNUTLS_LIBS@
+XMLSEC_LIBDIR = @XMLSEC_LIBDIR@
+XMLSEC_LIBS = @XMLSEC_LIBS@
+XMLSEC_NO_AES = @XMLSEC_NO_AES@
+XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_CRYPTO_DYNAMIC_LOADING@
+XMLSEC_NO_DES = @XMLSEC_NO_DES@
+XMLSEC_NO_DSA = @XMLSEC_NO_DSA@
+XMLSEC_NO_GCRYPT = @XMLSEC_NO_GCRYPT@
+XMLSEC_NO_GNUTLS = @XMLSEC_NO_GNUTLS@
+XMLSEC_NO_GOST = @XMLSEC_NO_GOST@
+XMLSEC_NO_HMAC = @XMLSEC_NO_HMAC@
+XMLSEC_NO_LIBXSLT = @XMLSEC_NO_LIBXSLT@
+XMLSEC_NO_MD5 = @XMLSEC_NO_MD5@
+XMLSEC_NO_MSCRYPTO = @XMLSEC_NO_MSCRYPTO@
+XMLSEC_NO_NSS = @XMLSEC_NO_NSS@
+XMLSEC_NO_OPENSSL = @XMLSEC_NO_OPENSSL@
+XMLSEC_NO_RIPEMD160 = @XMLSEC_NO_RIPEMD160@
+XMLSEC_NO_RSA = @XMLSEC_NO_RSA@
+XMLSEC_NO_SHA1 = @XMLSEC_NO_SHA1@
+XMLSEC_NO_SHA224 = @XMLSEC_NO_SHA224@
+XMLSEC_NO_SHA256 = @XMLSEC_NO_SHA256@
+XMLSEC_NO_SHA384 = @XMLSEC_NO_SHA384@
+XMLSEC_NO_SHA512 = @XMLSEC_NO_SHA512@
+XMLSEC_NO_X509 = @XMLSEC_NO_X509@
+XMLSEC_NO_XKMS = @XMLSEC_NO_XKMS@
+XMLSEC_NO_XMLDSIG = @XMLSEC_NO_XMLDSIG@
+XMLSEC_NO_XMLENC = @XMLSEC_NO_XMLENC@
+XMLSEC_NSS_CFLAGS = @XMLSEC_NSS_CFLAGS@
+XMLSEC_NSS_LIBS = @XMLSEC_NSS_LIBS@
+XMLSEC_OPENSSL_CFLAGS = @XMLSEC_OPENSSL_CFLAGS@
+XMLSEC_OPENSSL_LIBS = @XMLSEC_OPENSSL_LIBS@
+XMLSEC_PACKAGE = @XMLSEC_PACKAGE@
+XMLSEC_STATIC_BINARIES = @XMLSEC_STATIC_BINARIES@
+XMLSEC_VERSION = @XMLSEC_VERSION@
+XMLSEC_VERSION_INFO = @XMLSEC_VERSION_INFO@
+XMLSEC_VERSION_MAJOR = @XMLSEC_VERSION_MAJOR@
+XMLSEC_VERSION_MINOR = @XMLSEC_VERSION_MINOR@
+XMLSEC_VERSION_SAFE = @XMLSEC_VERSION_SAFE@
+XMLSEC_VERSION_SUBMINOR = @XMLSEC_VERSION_SUBMINOR@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+docdir = @docdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+install_sh = @install_sh@
+libdir = @libdir@
+libexecdir = @libexecdir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+sbindir = @sbindir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+NULL =
+EXTRA_DIST = \
+ README \
+ $(NULL)
+
+lib_LTLIBRARIES = \
+ libxmlsec1-openssl.la \
+ $(NULL)
+
+libxmlsec1_openssl_la_CPPFLAGS = \
+ -DPACKAGE=\"@PACKAGE@\" \
+ -I../../include \
+ -I$(top_srcdir)/include \
+ $(XMLSEC_DEFINES) \
+ $(OPENSSL_CFLAGS) \
+ $(LIBXSLT_CFLAGS) \
+ $(LIBXML_CFLAGS) \
+ $(NULL)
+
+libxmlsec1_openssl_la_SOURCES = app.c bn.c ciphers.c crypto.c \
+ digests.c evp.c hmac.c kw_aes.c kw_des.c kt_rsa.c signatures.c \
+ symkeys.c x509.c x509vfy.c globals.h $(NULL) $(am__append_1)
+libxmlsec1_openssl_la_LIBADD = \
+ $(OPENSSL_LIBS) \
+ $(LIBXSLT_LIBS) \
+ $(LIBXML_LIBS) \
+ ../libxmlsec1.la \
+ $(NULL)
+
+libxmlsec1_openssl_la_DEPENDENCIES = \
+ $(NULL)
+
+libxmlsec1_openssl_la_LDFLAGS = \
+ @XMLSEC_CRYPTO_EXTRA_LDFLAGS@ \
+ -version-info @XMLSEC_VERSION_INFO@ \
+ $(NULL)
+
+all: all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .lo .o .obj
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
+ @for dep in $?; do \
+ case '$(am__configure_deps)' in \
+ *$$dep*) \
+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+ && { if test -f $@; then exit 0; else break; fi; }; \
+ exit 1;; \
+ esac; \
+ done; \
+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/openssl/Makefile'; \
+ $(am__cd) $(top_srcdir) && \
+ $(AUTOMAKE) --gnu src/openssl/Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+ @case '$?' in \
+ *config.status*) \
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
+ *) \
+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
+ esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
+$(am__aclocal_m4_deps):
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+ @$(NORMAL_INSTALL)
+ test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
+ @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+ list2=; for p in $$list; do \
+ if test -f $$p; then \
+ list2="$$list2 $$p"; \
+ else :; fi; \
+ done; \
+ test -z "$$list2" || { \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \
+ }
+
+uninstall-libLTLIBRARIES:
+ @$(NORMAL_UNINSTALL)
+ @list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+ for p in $$list; do \
+ $(am__strip_dir) \
+ echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \
+ $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \
+ done
+
+clean-libLTLIBRARIES:
+ -test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+ test "$$dir" != "$$p" || dir=.; \
+ echo "rm -f \"$${dir}/so_locations\""; \
+ rm -f "$${dir}/so_locations"; \
+ done
+libxmlsec1-openssl.la: $(libxmlsec1_openssl_la_OBJECTS) $(libxmlsec1_openssl_la_DEPENDENCIES)
+ $(libxmlsec1_openssl_la_LINK) -rpath $(libdir) $(libxmlsec1_openssl_la_OBJECTS) $(libxmlsec1_openssl_la_LIBADD) $(LIBS)
+
+mostlyclean-compile:
+ -rm -f *.$(OBJEXT)
+
+distclean-compile:
+ -rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_openssl_la-app.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_openssl_la-bn.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_openssl_la-ciphers.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_openssl_la-crypto.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_openssl_la-digests.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_openssl_la-evp.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_openssl_la-hmac.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_openssl_la-kt_rsa.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_openssl_la-kw_aes.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_openssl_la-kw_des.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_openssl_la-signatures.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_openssl_la-strings.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_openssl_la-symkeys.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_openssl_la-x509.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_openssl_la-x509vfy.Plo@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c $<
+
+.c.obj:
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
+
+libxmlsec1_openssl_la-app.lo: app.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-app.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-app.Tpo -c -o libxmlsec1_openssl_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-app.Tpo $(DEPDIR)/libxmlsec1_openssl_la-app.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='app.c' object='libxmlsec1_openssl_la-app.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
+
+libxmlsec1_openssl_la-bn.lo: bn.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-bn.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-bn.Tpo -c -o libxmlsec1_openssl_la-bn.lo `test -f 'bn.c' || echo '$(srcdir)/'`bn.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-bn.Tpo $(DEPDIR)/libxmlsec1_openssl_la-bn.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='bn.c' object='libxmlsec1_openssl_la-bn.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-bn.lo `test -f 'bn.c' || echo '$(srcdir)/'`bn.c
+
+libxmlsec1_openssl_la-ciphers.lo: ciphers.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-ciphers.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-ciphers.Tpo -c -o libxmlsec1_openssl_la-ciphers.lo `test -f 'ciphers.c' || echo '$(srcdir)/'`ciphers.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-ciphers.Tpo $(DEPDIR)/libxmlsec1_openssl_la-ciphers.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='ciphers.c' object='libxmlsec1_openssl_la-ciphers.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-ciphers.lo `test -f 'ciphers.c' || echo '$(srcdir)/'`ciphers.c
+
+libxmlsec1_openssl_la-crypto.lo: crypto.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-crypto.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-crypto.Tpo -c -o libxmlsec1_openssl_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-crypto.Tpo $(DEPDIR)/libxmlsec1_openssl_la-crypto.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto.c' object='libxmlsec1_openssl_la-crypto.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-crypto.lo `test -f 'crypto.c' || echo '$(srcdir)/'`crypto.c
+
+libxmlsec1_openssl_la-digests.lo: digests.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-digests.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-digests.Tpo -c -o libxmlsec1_openssl_la-digests.lo `test -f 'digests.c' || echo '$(srcdir)/'`digests.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-digests.Tpo $(DEPDIR)/libxmlsec1_openssl_la-digests.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='digests.c' object='libxmlsec1_openssl_la-digests.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-digests.lo `test -f 'digests.c' || echo '$(srcdir)/'`digests.c
+
+libxmlsec1_openssl_la-evp.lo: evp.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-evp.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-evp.Tpo -c -o libxmlsec1_openssl_la-evp.lo `test -f 'evp.c' || echo '$(srcdir)/'`evp.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-evp.Tpo $(DEPDIR)/libxmlsec1_openssl_la-evp.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='evp.c' object='libxmlsec1_openssl_la-evp.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-evp.lo `test -f 'evp.c' || echo '$(srcdir)/'`evp.c
+
+libxmlsec1_openssl_la-hmac.lo: hmac.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-hmac.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-hmac.Tpo -c -o libxmlsec1_openssl_la-hmac.lo `test -f 'hmac.c' || echo '$(srcdir)/'`hmac.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-hmac.Tpo $(DEPDIR)/libxmlsec1_openssl_la-hmac.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='hmac.c' object='libxmlsec1_openssl_la-hmac.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-hmac.lo `test -f 'hmac.c' || echo '$(srcdir)/'`hmac.c
+
+libxmlsec1_openssl_la-kw_aes.lo: kw_aes.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-kw_aes.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-kw_aes.Tpo -c -o libxmlsec1_openssl_la-kw_aes.lo `test -f 'kw_aes.c' || echo '$(srcdir)/'`kw_aes.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-kw_aes.Tpo $(DEPDIR)/libxmlsec1_openssl_la-kw_aes.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kw_aes.c' object='libxmlsec1_openssl_la-kw_aes.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-kw_aes.lo `test -f 'kw_aes.c' || echo '$(srcdir)/'`kw_aes.c
+
+libxmlsec1_openssl_la-kw_des.lo: kw_des.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-kw_des.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-kw_des.Tpo -c -o libxmlsec1_openssl_la-kw_des.lo `test -f 'kw_des.c' || echo '$(srcdir)/'`kw_des.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-kw_des.Tpo $(DEPDIR)/libxmlsec1_openssl_la-kw_des.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kw_des.c' object='libxmlsec1_openssl_la-kw_des.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-kw_des.lo `test -f 'kw_des.c' || echo '$(srcdir)/'`kw_des.c
+
+libxmlsec1_openssl_la-kt_rsa.lo: kt_rsa.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-kt_rsa.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-kt_rsa.Tpo -c -o libxmlsec1_openssl_la-kt_rsa.lo `test -f 'kt_rsa.c' || echo '$(srcdir)/'`kt_rsa.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-kt_rsa.Tpo $(DEPDIR)/libxmlsec1_openssl_la-kt_rsa.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kt_rsa.c' object='libxmlsec1_openssl_la-kt_rsa.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-kt_rsa.lo `test -f 'kt_rsa.c' || echo '$(srcdir)/'`kt_rsa.c
+
+libxmlsec1_openssl_la-signatures.lo: signatures.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-signatures.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-signatures.Tpo -c -o libxmlsec1_openssl_la-signatures.lo `test -f 'signatures.c' || echo '$(srcdir)/'`signatures.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-signatures.Tpo $(DEPDIR)/libxmlsec1_openssl_la-signatures.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='signatures.c' object='libxmlsec1_openssl_la-signatures.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-signatures.lo `test -f 'signatures.c' || echo '$(srcdir)/'`signatures.c
+
+libxmlsec1_openssl_la-symkeys.lo: symkeys.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-symkeys.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-symkeys.Tpo -c -o libxmlsec1_openssl_la-symkeys.lo `test -f 'symkeys.c' || echo '$(srcdir)/'`symkeys.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-symkeys.Tpo $(DEPDIR)/libxmlsec1_openssl_la-symkeys.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='symkeys.c' object='libxmlsec1_openssl_la-symkeys.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-symkeys.lo `test -f 'symkeys.c' || echo '$(srcdir)/'`symkeys.c
+
+libxmlsec1_openssl_la-x509.lo: x509.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-x509.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-x509.Tpo -c -o libxmlsec1_openssl_la-x509.lo `test -f 'x509.c' || echo '$(srcdir)/'`x509.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-x509.Tpo $(DEPDIR)/libxmlsec1_openssl_la-x509.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='x509.c' object='libxmlsec1_openssl_la-x509.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-x509.lo `test -f 'x509.c' || echo '$(srcdir)/'`x509.c
+
+libxmlsec1_openssl_la-x509vfy.lo: x509vfy.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-x509vfy.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-x509vfy.Tpo -c -o libxmlsec1_openssl_la-x509vfy.lo `test -f 'x509vfy.c' || echo '$(srcdir)/'`x509vfy.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-x509vfy.Tpo $(DEPDIR)/libxmlsec1_openssl_la-x509vfy.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='x509vfy.c' object='libxmlsec1_openssl_la-x509vfy.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-x509vfy.lo `test -f 'x509vfy.c' || echo '$(srcdir)/'`x509vfy.c
+
+libxmlsec1_openssl_la-strings.lo: ../strings.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_openssl_la-strings.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_openssl_la-strings.Tpo -c -o libxmlsec1_openssl_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c
+@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_openssl_la-strings.Tpo $(DEPDIR)/libxmlsec1_openssl_la-strings.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='../strings.c' object='libxmlsec1_openssl_la-strings.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_openssl_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_openssl_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c
+
+mostlyclean-libtool:
+ -rm -f *.lo
+
+clean-libtool:
+ -rm -rf .libs _libs
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ mkid -fID $$unique
+tags: TAGS
+
+TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ set x; \
+ here=`pwd`; \
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ shift; \
+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+ test -n "$$unique" || unique=$$empty_fix; \
+ if test $$# -gt 0; then \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ "$$@" $$unique; \
+ else \
+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+ $$unique; \
+ fi; \
+ fi
+ctags: CTAGS
+CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \
+ $(TAGS_FILES) $(LISP)
+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+ unique=`for i in $$list; do \
+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+ done | \
+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+ END { if (nonempty) { for (i in files) print i; }; }'`; \
+ test -z "$(CTAGS_ARGS)$$unique" \
+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+ $$unique
+
+GTAGS:
+ here=`$(am__cd) $(top_builddir) && pwd` \
+ && $(am__cd) $(top_srcdir) \
+ && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+ if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+ if test -d "$(distdir)/$$file"; then \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+ fi; \
+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+ else \
+ test -f "$(distdir)/$$file" \
+ || cp -p $$d/$$file "$(distdir)/$$file" \
+ || exit 1; \
+ fi; \
+ done
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES)
+installdirs:
+ for dir in "$(DESTDIR)$(libdir)"; do \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+ done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+ `test -z '$(STRIP)' || \
+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+
+maintainer-clean-generic:
+ @echo "This command is intended for maintainers to use"
+ @echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
+ mostlyclean-am
+
+distclean: distclean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+ distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am:
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-libLTLIBRARIES
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+ -rm -rf ./$(DEPDIR)
+ -rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+ mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-libLTLIBRARIES
+
+.MAKE: install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
+ clean-libLTLIBRARIES clean-libtool ctags distclean \
+ distclean-compile distclean-generic distclean-libtool \
+ distclean-tags distdir dvi dvi-am html html-am info info-am \
+ install install-am install-data install-data-am install-dvi \
+ install-dvi-am install-exec install-exec-am install-html \
+ install-html-am install-info install-info-am \
+ install-libLTLIBRARIES install-man install-pdf install-pdf-am \
+ install-ps install-ps-am install-strip installcheck \
+ installcheck-am installdirs maintainer-clean \
+ maintainer-clean-generic mostlyclean mostlyclean-compile \
+ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+ tags uninstall uninstall-am uninstall-libLTLIBRARIES
+
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/src/openssl/README b/src/openssl/README
new file mode 100644
index 00000000..0f1c625d
--- /dev/null
+++ b/src/openssl/README
@@ -0,0 +1,17 @@
+WHAT VERSION OF OPENSSL?
+------------------------------------------------------------------------
+OpenSSL 0.9.6 is supported but some functionality requires 0.9.7 or greater.
+
+KEYS MANAGER
+------------------------------------------------------------------------
+
+OpenSSL does not have a keys or certificates storage implementation. The
+default xmlsec-openssl key manager uses a simple keys store from xmlsec
+core library based on plain keys list. Trusted/untrusted certificates
+are stored in STACK_OF(X509) structures.
+
+KNOWN ISSUES.
+------------------------------------------------------------------------
+1) One day we might decide to drop OpenSSL 0.9.6 supprot and remove all
+these ifdef's to simplify the code.
+
diff --git a/src/openssl/app.c b/src/openssl/app.c
new file mode 100644
index 00000000..4f8f79e6
--- /dev/null
+++ b/src/openssl/app.c
@@ -0,0 +1,1628 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+#include <libxml/tree.h>
+
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs12.h>
+#include <openssl/conf.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/private.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/openssl/app.h>
+#include <xmlsec/openssl/crypto.h>
+#include <xmlsec/openssl/evp.h>
+#include <xmlsec/openssl/x509.h>
+
+static int xmlSecOpenSSLAppLoadRANDFile (const char *file);
+static int xmlSecOpenSSLAppSaveRANDFile (const char *file);
+static int xmlSecOpenSSLDefaultPasswordCallback (char *buf,
+ int bufsiz,
+ int verify,
+ void *userdata);
+static int xmlSecOpenSSLDummyPasswordCallback (char *buf,
+ int bufsize,
+ int verify,
+ void *userdata);
+
+/* conversion from ptr to func "the right way" */
+XMLSEC_PTR_TO_FUNC_IMPL(pem_password_cb)
+
+
+/**
+ * xmlSecOpenSSLAppInit:
+ * @config: the path to certs.
+ *
+ * General crypto engine initialization. This function is used
+ * by XMLSec command line utility and called before
+ * @xmlSecInit function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecOpenSSLAppInit(const char* config) {
+ ERR_load_crypto_strings();
+ OPENSSL_config(NULL);
+ OpenSSL_add_all_algorithms();
+
+ if((RAND_status() != 1) && (xmlSecOpenSSLAppLoadRANDFile(NULL) != 1)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLAppLoadRANDFile",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((config != NULL) && (xmlSecOpenSSLSetDefaultTrustedCertsFolder(BAD_CAST config) < 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLSetDefaultTrustedCertsFolder",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecOpenSSLAppShutdown:
+ *
+ * General crypto engine shutdown. This function is used
+ * by XMLSec command line utility and called after
+ * @xmlSecShutdown function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecOpenSSLAppShutdown(void) {
+ xmlSecOpenSSLAppSaveRANDFile(NULL);
+ RAND_cleanup();
+ EVP_cleanup();
+
+#ifndef XMLSEC_NO_X509
+ X509_TRUST_cleanup();
+#endif /* XMLSEC_NO_X509 */
+
+#ifndef XMLSEC_OPENSSL_096
+ CRYPTO_cleanup_all_ex_data();
+#endif /* XMLSEC_OPENSSL_096 */
+
+ /* finally cleanup errors */
+ ERR_remove_state(0);
+ ERR_free_strings();
+
+ return(0);
+}
+
+/**
+ * xmlSecOpenSSLAppKeyLoad:
+ * @filename: the key filename.
+ * @format: the key file format.
+ * @pwd: the key file password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key from the a file.
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecOpenSSLAppKeyLoad(const char *filename, xmlSecKeyDataFormat format,
+ const char *pwd, void* pwdCallback,
+ void* pwdCallbackCtx) {
+ BIO* bio;
+ xmlSecKeyPtr key;
+
+ xmlSecAssert2(filename != NULL, NULL);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
+
+ bio = BIO_new_file(filename, "rb");
+ if(bio == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BIO_new_file",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "filename=%s;errno=%d",
+ xmlSecErrorsSafeString(filename),
+ errno);
+ return(NULL);
+ }
+
+ key = xmlSecOpenSSLAppKeyLoadBIO (bio, format, pwd, pwdCallback, pwdCallbackCtx);
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLAppKeyLoadBIO",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s;errno=%d",
+ xmlSecErrorsSafeString(filename),
+ errno);
+ BIO_free(bio);
+ return(NULL);
+ }
+
+ BIO_free(bio);
+ return(key);
+}
+
+/**
+ * xmlSecOpenSSLAppKeyLoadMemory:
+ * @data: the binary key data.
+ * @dataSize: the size of binary key.
+ * @format: the key file format.
+ * @pwd: the key file password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key from the memory buffer.
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecOpenSSLAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecKeyDataFormat format, const char *pwd,
+ void* pwdCallback, void* pwdCallbackCtx) {
+ BIO* bio;
+ xmlSecKeyPtr key;
+
+ xmlSecAssert2(data != NULL, NULL);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
+
+ /* this would be a read only BIO, cast from const is ok */
+ bio = BIO_new_mem_buf((void*)data, dataSize);
+ if(bio == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BIO_new_mem_buf",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "errno=%d",
+ errno);
+ return(NULL);
+ }
+
+ key = xmlSecOpenSSLAppKeyLoadBIO (bio, format, pwd, pwdCallback, pwdCallbackCtx);
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLAppKeyLoadBIO",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ BIO_free(bio);
+ return(NULL);
+ }
+
+ BIO_free(bio);
+ return(key);
+}
+
+
+/**
+ * xmlSecOpenSSLAppKeyLoadBIO:
+ * @bio: the key BIO.
+ * @format: the key file format.
+ * @pwd: the key file password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key from the an OpenSSL BIO object.
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecOpenSSLAppKeyLoadBIO(BIO* bio, xmlSecKeyDataFormat format,
+ const char *pwd, void* pwdCallback,
+ void* pwdCallbackCtx) {
+
+ xmlSecKeyPtr key = NULL;
+ xmlSecKeyDataPtr data;
+ EVP_PKEY* pKey = NULL;
+ int ret;
+
+ xmlSecAssert2(bio != NULL, NULL);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
+
+ switch(format) {
+ case xmlSecKeyDataFormatPem:
+ /* try to read private key first */
+ if(pwd != NULL) {
+ pKey = PEM_read_bio_PrivateKey(bio, NULL,
+ xmlSecOpenSSLDummyPasswordCallback,
+ (void*)pwd);
+ } else {
+ pKey = PEM_read_bio_PrivateKey(bio, NULL,
+ XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback),
+ pwdCallbackCtx);
+ }
+ if(pKey == NULL) {
+ /* go to start of the file and try to read public key */
+ BIO_reset(bio);
+ pKey = PEM_read_bio_PUBKEY(bio, NULL,
+ XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback),
+ pwdCallbackCtx);
+ if(pKey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PEM_read_bio_PrivateKey and PEM_read_bio_PUBKEY",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ }
+ break;
+ case xmlSecKeyDataFormatDer:
+ /* try to read private key first */
+ pKey = d2i_PrivateKey_bio(bio, NULL);
+ if(pKey == NULL) {
+ /* go to start of the file and try to read public key */
+ BIO_reset(bio);
+ pKey = d2i_PUBKEY_bio(bio, NULL);
+ if(pKey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "d2i_PrivateKey_bio and d2i_PUBKEY_bio",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ }
+ break;
+ case xmlSecKeyDataFormatPkcs8Pem:
+ /* try to read private key first */
+ pKey = PEM_read_bio_PrivateKey(bio, NULL,
+ XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback),
+ pwdCallbackCtx);
+ if(pKey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PEM_read_bio_PrivateKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ break;
+ case xmlSecKeyDataFormatPkcs8Der:
+ /* try to read private key first */
+ pKey = d2i_PKCS8PrivateKey_bio(bio, NULL,
+ XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback),
+ pwdCallbackCtx);
+ if(pKey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "d2i_PrivateKey_bio and d2i_PUBKEY_bio",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ break;
+#ifndef XMLSEC_NO_X509
+ case xmlSecKeyDataFormatPkcs12:
+ key = xmlSecOpenSSLAppPkcs12LoadBIO(bio, pwd, pwdCallback, pwdCallbackCtx);
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLAppPkcs12LoadBIO",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ return(key);
+
+ case xmlSecKeyDataFormatCertPem:
+ case xmlSecKeyDataFormatCertDer:
+ key = xmlSecOpenSSLAppKeyFromCertLoadBIO(bio, format);
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLAppKeyFromCertLoadBIO",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ return(key);
+#endif /* XMLSEC_NO_X509 */
+
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_FORMAT,
+ "format=%d", format);
+ return(NULL);
+ }
+
+ data = xmlSecOpenSSLEvpKeyAdopt(pKey);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLEvpKeyAdopt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ EVP_PKEY_free(pKey);
+ return(NULL);
+ }
+
+ key = xmlSecKeyCreate();
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ return(NULL);
+ }
+
+ ret = xmlSecKeySetValue(key, data);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
+ xmlSecKeyDestroy(key);
+ xmlSecKeyDataDestroy(data);
+ return(NULL);
+ }
+
+ return(key);
+}
+
+
+#ifndef XMLSEC_NO_X509
+static X509* xmlSecOpenSSLAppCertLoadBIO (BIO* bio,
+ xmlSecKeyDataFormat format);
+/**
+ * xmlSecOpenSSLAppKeyCertLoad:
+ * @key: the pointer to key.
+ * @filename: the certificate filename.
+ * @format: the certificate file format.
+ *
+ * Reads the certificate from $@filename and adds it to key.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecOpenSSLAppKeyCertLoad(xmlSecKeyPtr key, const char* filename, xmlSecKeyDataFormat format) {
+ BIO* bio;
+ int ret;
+
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(filename != NULL, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ bio = BIO_new_file(filename, "rb");
+ if(bio == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BIO_new_file",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "filename=%s;errno=%d",
+ xmlSecErrorsSafeString(filename),
+ errno);
+ return(-1);
+ }
+
+ ret = xmlSecOpenSSLAppKeyCertLoadBIO (key, bio, format);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLAppKeyCertLoadBIO",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s;errno=%d",
+ xmlSecErrorsSafeString(filename),
+ errno);
+ BIO_free(bio);
+ return(-1);
+ }
+
+ BIO_free(bio);
+ return(0);
+}
+
+/**
+ * xmlSecOpenSSLAppKeyCertLoadMemory:
+ * @key: the pointer to key.
+ * @data: the certificate binary data.
+ * @dataSize: the certificate binary data size.
+ * @format: the certificate file format.
+ *
+ * Reads the certificate from memory buffer and adds it to key.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecOpenSSLAppKeyCertLoadMemory(xmlSecKeyPtr key, const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecKeyDataFormat format) {
+ BIO* bio;
+ int ret;
+
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ /* this would be a read only BIO, cast from const is ok */
+ bio = BIO_new_mem_buf((void*)data, dataSize);
+ if(bio == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BIO_new_mem_buf",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "errno=%d",
+ errno);
+ return(-1);
+ }
+
+ ret = xmlSecOpenSSLAppKeyCertLoadBIO (key, bio, format);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLAppKeyCertLoadBIO",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ BIO_free(bio);
+ return(-1);
+ }
+
+ BIO_free(bio);
+ return(0);
+}
+
+/**
+ * xmlSecOpenSSLAppKeyCertLoadBIO:
+ * @key: the pointer to key.
+ * @bio: the certificate bio.
+ * @format: the certificate file format.
+ *
+ * Reads the certificate from memory buffer and adds it to key.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecOpenSSLAppKeyCertLoadBIO(xmlSecKeyPtr key, BIO* bio, xmlSecKeyDataFormat format) {
+
+ xmlSecKeyDataFormat certFormat;
+ xmlSecKeyDataPtr data;
+ X509 *cert;
+ int ret;
+
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(bio != NULL, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ data = xmlSecKeyEnsureData(key, xmlSecOpenSSLKeyDataX509Id);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyEnsureData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecOpenSSLKeyDataX509Id)));
+ return(-1);
+ }
+
+ /* adjust cert format */
+ switch(format) {
+ case xmlSecKeyDataFormatPkcs8Pem:
+ certFormat = xmlSecKeyDataFormatPem;
+ break;
+ case xmlSecKeyDataFormatPkcs8Der:
+ certFormat = xmlSecKeyDataFormatDer;
+ break;
+ default:
+ certFormat = format;
+ }
+
+ cert = xmlSecOpenSSLAppCertLoadBIO(bio, certFormat);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLAppCertLoad",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecOpenSSLKeyDataX509AdoptCert(data, cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
+ X509_free(cert);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecOpenSSLAppPkcs12Load:
+ * @filename: the PKCS12 key filename.
+ * @pwd: the PKCS12 file password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key and all associated certificates from the PKCS12 file.
+ * For uniformity, call xmlSecOpenSSLAppKeyLoad instead of this function. Pass
+ * in format=xmlSecKeyDataFormatPkcs12.
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecOpenSSLAppPkcs12Load(const char *filename, const char *pwd,
+ void* pwdCallback, void* pwdCallbackCtx) {
+ BIO* bio;
+ xmlSecKeyPtr key;
+
+ xmlSecAssert2(filename != NULL, NULL);
+
+ bio = BIO_new_file(filename, "rb");
+ if(bio == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BIO_new_file",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "filename=%s;errno=%d",
+ xmlSecErrorsSafeString(filename),
+ errno);
+ return(NULL);
+ }
+
+ key = xmlSecOpenSSLAppPkcs12LoadBIO (bio, pwd, pwdCallback, pwdCallbackCtx);
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLAppPkcs12LoadBIO",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s;errno=%d",
+ xmlSecErrorsSafeString(filename),
+ errno);
+ BIO_free(bio);
+ return(NULL);
+ }
+
+ BIO_free(bio);
+ return(key);
+}
+
+/**
+ * xmlSecOpenSSLAppPkcs12LoadMemory:
+ * @data: the PKCS12 binary data.
+ * @dataSize: the PKCS12 binary data size.
+ * @pwd: the PKCS12 file password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key and all associated certificates from the PKCS12 data in memory buffer.
+ * For uniformity, call xmlSecOpenSSLAppKeyLoad instead of this function. Pass
+ * in format=xmlSecKeyDataFormatPkcs12.
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecOpenSSLAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize,
+ const char *pwd, void* pwdCallback,
+ void* pwdCallbackCtx) {
+ BIO* bio;
+ xmlSecKeyPtr key;
+
+ xmlSecAssert2(data != NULL, NULL);
+
+ /* this would be a read only BIO, cast from const is ok */
+ bio = BIO_new_mem_buf((void*)data, dataSize);
+ if(bio == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BIO_new_mem_buf",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "errno=%d",
+ errno);
+ return(NULL);
+ }
+
+ key = xmlSecOpenSSLAppPkcs12LoadBIO (bio, pwd, pwdCallback, pwdCallbackCtx);
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLAppPkcs12LoadBIO",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ BIO_free(bio);
+ return(NULL);
+ }
+
+ BIO_free(bio);
+ return(key);
+}
+
+/**
+ * xmlSecOpenSSLAppPkcs12LoadBIO:
+ * @bio: the PKCS12 key bio.
+ * @pwd: the PKCS12 file password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key and all associated certificates from the PKCS12 data in an OpenSSL BIO object.
+ * For uniformity, call xmlSecOpenSSLAppKeyLoad instead of this function. Pass
+ * in format=xmlSecKeyDataFormatPkcs12.
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecOpenSSLAppPkcs12LoadBIO(BIO* bio, const char *pwd,
+ void* pwdCallback ATTRIBUTE_UNUSED,
+ void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
+
+ PKCS12 *p12 = NULL;
+ EVP_PKEY *pKey = NULL;
+ STACK_OF(X509) *chain = NULL;
+ xmlSecKeyPtr key = NULL;
+ xmlSecKeyDataPtr data = NULL;
+ xmlSecKeyDataPtr x509Data = NULL;
+ X509 *cert = NULL;
+ X509 *tmpcert = NULL;
+ int i;
+ int has_cert;
+ int ret;
+
+ xmlSecAssert2(bio != NULL, NULL);
+
+ p12 = d2i_PKCS12_bio(bio, NULL);
+ if(p12 == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "d2i_PKCS12_fp",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ ret = PKCS12_verify_mac(p12, pwd, (pwd != NULL) ? strlen(pwd) : 0);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PKCS12_verify_mac",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ ret = PKCS12_parse(p12, pwd, &pKey, &cert, &chain);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PKCS12_parse",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ data = xmlSecOpenSSLEvpKeyAdopt(pKey);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLEvpKeyAdopt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ EVP_PKEY_free(pKey);
+ goto done;
+ }
+
+ x509Data = xmlSecKeyDataCreate(xmlSecOpenSSLKeyDataX509Id);
+ if(x509Data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecOpenSSLKeyDataX509Id)));
+ goto done;
+ }
+
+ /* starting from openssl 1.0.0 the PKCS12_parse() call will not create certs
+ chain object if there is no certificates in the pkcs12 file and it will be null
+ */
+ if(chain == NULL) {
+ chain = sk_X509_new_null();
+ if(chain == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "sk_X509_new_null",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ }
+
+ /*
+ The documentation states (http://www.openssl.org/docs/crypto/PKCS12_parse.html):
+
+ If successful the private key will be written to "*pkey", the
+ corresponding certificate to "*cert" and any additional certificates
+ to "*ca".
+
+ In reality, the function sometime returns in the "ca" the certificates
+ including the one it is already returned in "cert".
+ */
+ has_cert = 0;
+ for(i = 0; i < sk_X509_num(chain); ++i) {
+ xmlSecAssert2(sk_X509_value(chain, i), NULL);
+
+ if(X509_cmp(sk_X509_value(chain, i), cert) == 0) {
+ has_cert = 1;
+ break;
+ }
+ }
+
+ if(has_cert == 0) {
+ tmpcert = X509_dup(cert);
+ if(tmpcert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "X509_dup",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+
+ ret = sk_X509_push(chain, tmpcert);
+ if(ret < 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "sk_X509_push",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ X509_free(tmpcert);
+ goto done;
+ }
+ }
+
+ ret = xmlSecOpenSSLKeyDataX509AdoptKeyCert(x509Data, cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLKeyDataX509AdoptKeyCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+ cert = NULL;
+
+ for(i = 0; i < sk_X509_num(chain); ++i) {
+ xmlSecAssert2(sk_X509_value(chain, i), NULL);
+
+ tmpcert = X509_dup(sk_X509_value(chain, i));
+ if(tmpcert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "X509_dup",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ X509_free(tmpcert);
+ goto done;
+ }
+
+ ret = xmlSecOpenSSLKeyDataX509AdoptCert(x509Data, tmpcert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ goto done;
+ }
+ }
+
+ key = xmlSecKeyCreate();
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ ret = xmlSecKeySetValue(key, data);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ xmlSecKeyDestroy(key);
+ key = NULL;
+ goto done;
+ }
+ data = NULL;
+
+ ret = xmlSecKeyAdoptData(key, x509Data);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyAdoptData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "data=%s",
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
+ xmlSecKeyDestroy(key);
+ key = NULL;
+ goto done;
+ }
+ x509Data = NULL;
+
+done:
+ if(x509Data != NULL) {
+ xmlSecKeyDataDestroy(x509Data);
+ }
+ if(data != NULL) {
+ xmlSecKeyDataDestroy(data);
+ }
+ if(chain != NULL) {
+ sk_X509_pop_free(chain, X509_free);
+ }
+ if(cert != NULL) {
+ X509_free(cert);
+ }
+ if(p12 != NULL) {
+ PKCS12_free(p12);
+ }
+ return(key);
+}
+
+/**
+ * xmlSecOpenSSLAppKeyFromCertLoadBIO:
+ * @bio: the BIO.
+ * @format: the cert format.
+ *
+ * Loads public key from cert.
+ *
+ * Returns: pointer to key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecOpenSSLAppKeyFromCertLoadBIO(BIO* bio, xmlSecKeyDataFormat format) {
+ xmlSecKeyPtr key;
+ xmlSecKeyDataPtr keyData;
+ xmlSecKeyDataPtr certData;
+ X509 *cert;
+ int ret;
+
+ xmlSecAssert2(bio != NULL, NULL);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
+
+ /* load cert */
+ cert = xmlSecOpenSSLAppCertLoadBIO(bio, format);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLAppCertLoadBIO",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ /* get key value */
+ keyData = xmlSecOpenSSLX509CertGetKey(cert);
+ if(keyData == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLX509CertGetKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ X509_free(cert);
+ return(NULL);
+ }
+
+ /* create key */
+ key = xmlSecKeyCreate();
+ if(key == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(keyData);
+ X509_free(cert);
+ return(NULL);
+ }
+
+ /* set key value */
+ ret = xmlSecKeySetValue(key, keyData);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(key);
+ xmlSecKeyDataDestroy(keyData);
+ X509_free(cert);
+ return(NULL);
+ }
+
+ /* create cert data */
+ certData = xmlSecKeyEnsureData(key, xmlSecOpenSSLKeyDataX509Id);
+ if(certData == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyEnsureData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(key);
+ X509_free(cert);
+ return(NULL);
+ }
+
+ /* put cert in the cert data */
+ ret = xmlSecOpenSSLKeyDataX509AdoptCert(certData, cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(key);
+ X509_free(cert);
+ return(NULL);
+ }
+
+ return(key);
+}
+
+
+/**
+ * xmlSecOpenSSLAppKeysMngrCertLoad:
+ * @mngr: the keys manager.
+ * @filename: the certificate file.
+ * @format: the certificate file format.
+ * @type: the flag that indicates is the certificate in @filename
+ * trusted or not.
+ *
+ * Reads cert from @filename and adds to the list of trusted or known
+ * untrusted certs in @store.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecOpenSSLAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename,
+ xmlSecKeyDataFormat format, xmlSecKeyDataType type) {
+ BIO* bio;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(filename != NULL, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ bio = BIO_new_file(filename, "rb");
+ if(bio == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BIO_new_file",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "filename=%s;errno=%d",
+ xmlSecErrorsSafeString(filename),
+ errno);
+ return(-1);
+ }
+
+ ret = xmlSecOpenSSLAppKeysMngrCertLoadBIO(mngr, bio, format, type);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLAppKeysMngrCertLoadBIO",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s;errno=%d",
+ xmlSecErrorsSafeString(filename),
+ errno);
+ BIO_free(bio);
+ return(-1);
+ }
+
+ BIO_free(bio);
+ return(0);
+}
+
+/**
+ * xmlSecOpenSSLAppKeysMngrCertLoadMemory:
+ * @mngr: the keys manager.
+ * @data: the certificate binary data.
+ * @dataSize: the certificate binary data size.
+ * @format: the certificate file format.
+ * @type: the flag that indicates is the certificate trusted or not.
+ *
+ * Reads cert from binary buffer @data and adds to the list of trusted or known
+ * untrusted certs in @store.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecOpenSSLAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr, const xmlSecByte* data,
+ xmlSecSize dataSize, xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type) {
+ BIO* bio;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ /* this would be a read only BIO, cast from const is ok */
+ bio = BIO_new_mem_buf((void*)data, dataSize);
+ if(bio == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BIO_new_mem_buf",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "errno=%d",
+ errno);
+ return(-1);
+ }
+
+ ret = xmlSecOpenSSLAppKeysMngrCertLoadBIO(mngr, bio, format, type);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLAppKeysMngrCertLoadBIO",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ BIO_free(bio);
+ return(-1);
+ }
+
+ BIO_free(bio);
+ return(0);
+}
+
+/**
+ * xmlSecOpenSSLAppKeysMngrCertLoadBIO:
+ * @mngr: the keys manager.
+ * @bio: the certificate BIO.
+ * @format: the certificate file format.
+ * @type: the flag that indicates is the certificate trusted or not.
+ *
+ * Reads cert from an OpenSSL BIO object and adds to the list of trusted or known
+ * untrusted certs in @store.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecOpenSSLAppKeysMngrCertLoadBIO(xmlSecKeysMngrPtr mngr, BIO* bio,
+ xmlSecKeyDataFormat format, xmlSecKeyDataType type) {
+ xmlSecKeyDataStorePtr x509Store;
+ X509* cert;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(bio != NULL, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecOpenSSLX509StoreId);
+ if(x509Store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecOpenSSLX509StoreId");
+ return(-1);
+ }
+
+ cert = xmlSecOpenSSLAppCertLoadBIO(bio, format);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLAppCertLoadBIO",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecOpenSSLX509StoreAdoptCert(x509Store, cert, type);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLX509StoreAdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ X509_free(cert);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecOpenSSLAppKeysMngrAddCertsPath:
+ * @mngr: the keys manager.
+ * @path: the path to trusted certificates.
+ *
+ * Reads cert from @path and adds to the list of trusted certificates.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecOpenSSLAppKeysMngrAddCertsPath(xmlSecKeysMngrPtr mngr, const char *path) {
+ xmlSecKeyDataStorePtr x509Store;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(path != NULL, -1);
+
+ x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecOpenSSLX509StoreId);
+ if(x509Store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecOpenSSLX509StoreId");
+ return(-1);
+ }
+
+ ret = xmlSecOpenSSLX509StoreAddCertsPath(x509Store, path);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLX509StoreAddCertsPath",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "path=%s", xmlSecErrorsSafeString(path));
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecOpenSSLAppKeysMngrAddCertsFile:
+ * @mngr: the keys manager.
+ * @file: the file containing trusted certificates.
+ *
+ * Reads certs from @file and adds to the list of trusted certificates.
+ * It is possible for @file to contain multiple certs.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecOpenSSLAppKeysMngrAddCertsFile(xmlSecKeysMngrPtr mngr, const char *file) {
+ xmlSecKeyDataStorePtr x509Store;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(file != NULL, -1);
+
+ x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecOpenSSLX509StoreId);
+ if(x509Store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecOpenSSLX509StoreId");
+ return(-1);
+ }
+
+ ret = xmlSecOpenSSLX509StoreAddCertsFile(x509Store, file);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLX509StoreAddCertsFile",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "file=%s", xmlSecErrorsSafeString(file));
+ return(-1);
+ }
+
+ return(0);
+}
+
+static X509*
+xmlSecOpenSSLAppCertLoadBIO(BIO* bio, xmlSecKeyDataFormat format) {
+ X509 *cert;
+
+ xmlSecAssert2(bio != NULL, NULL);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
+
+ switch(format) {
+ case xmlSecKeyDataFormatPem:
+ case xmlSecKeyDataFormatCertPem:
+ cert = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PEM_read_bio_X509_AUX",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ break;
+ case xmlSecKeyDataFormatDer:
+ case xmlSecKeyDataFormatCertDer:
+ cert = d2i_X509_bio(bio, NULL);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "d2i_X509_bio",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ break;
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_FORMAT,
+ "format=%d", format);
+ return(NULL);
+ }
+
+ return(cert);
+}
+
+#endif /* XMLSEC_NO_X509 */
+
+/**
+ * xmlSecOpenSSLAppDefaultKeysMngrInit:
+ * @mngr: the pointer to keys manager.
+ *
+ * Initializes @mngr with simple keys store #xmlSecSimpleKeysStoreId
+ * and a default OpenSSL crypto key data stores.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecOpenSSLAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) {
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+
+ /* create simple keys store if needed */
+ if(xmlSecKeysMngrGetKeysStore(mngr) == NULL) {
+ xmlSecKeyStorePtr keysStore;
+
+ keysStore = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
+ if(keysStore == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyStoreCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecSimpleKeysStoreId");
+ return(-1);
+ }
+
+ ret = xmlSecKeysMngrAdoptKeysStore(mngr, keysStore);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrAdoptKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyStoreDestroy(keysStore);
+ return(-1);
+ }
+ }
+
+ ret = xmlSecOpenSSLKeysMngrInit(mngr);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLKeysMngrInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* TODO */
+ mngr->getKey = xmlSecKeysMngrGetKey;
+ return(0);
+}
+
+/**
+ * xmlSecOpenSSLAppDefaultKeysMngrAdoptKey:
+ * @mngr: the pointer to keys manager.
+ * @key: the pointer to key.
+ *
+ * Adds @key to the keys manager @mngr created with #xmlSecOpenSSLAppDefaultKeysMngrInit
+ * function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecOpenSSLAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr, xmlSecKeyPtr key) {
+ xmlSecKeyStorePtr store;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ store = xmlSecKeysMngrGetKeysStore(mngr);
+ if(store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecSimpleKeysStoreAdoptKey(store, key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSimpleKeysStoreAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecOpenSSLAppDefaultKeysMngrLoad:
+ * @mngr: the pointer to keys manager.
+ * @uri: the uri.
+ *
+ * Loads XML keys file from @uri to the keys manager @mngr created
+ * with #xmlSecOpenSSLAppDefaultKeysMngrInit function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecOpenSSLAppDefaultKeysMngrLoad(xmlSecKeysMngrPtr mngr, const char* uri) {
+ xmlSecKeyStorePtr store;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(uri != NULL, -1);
+
+ store = xmlSecKeysMngrGetKeysStore(mngr);
+ if(store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecSimpleKeysStoreLoad(store, uri, mngr);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSimpleKeysStoreLoad",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "uri=%s", xmlSecErrorsSafeString(uri));
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecOpenSSLAppDefaultKeysMngrSave:
+ * @mngr: the pointer to keys manager.
+ * @filename: the destination filename.
+ * @type: the type of keys to save (public/private/symmetric).
+ *
+ * Saves keys from @mngr to XML keys file.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecOpenSSLAppDefaultKeysMngrSave(xmlSecKeysMngrPtr mngr, const char* filename,
+ xmlSecKeyDataType type) {
+ xmlSecKeyStorePtr store;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(filename != NULL, -1);
+
+ store = xmlSecKeysMngrGetKeysStore(mngr);
+ if(store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecSimpleKeysStoreSave(store, filename, type);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSimpleKeysStoreSave",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename%s", xmlSecErrorsSafeString(filename));
+ return(-1);
+ }
+
+ return(0);
+}
+
+
+/*
+ * Random numbers initialization from openssl (apps/app_rand.c)
+ */
+static int seeded = 0;
+static int egdsocket = 0;
+
+static int
+xmlSecOpenSSLAppLoadRANDFile(const char *file) {
+ char buffer[1024];
+
+ if(file == NULL) {
+ file = RAND_file_name(buffer, sizeof(buffer));
+ }else if(RAND_egd(file) > 0) {
+ /* we try if the given filename is an EGD socket.
+ * if it is, we don't write anything back to the file. */
+ egdsocket = 1;
+ return 1;
+ }
+
+ if((file == NULL) || !RAND_load_file(file, -1)) {
+ if(RAND_status() == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "RAND_load_file",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "file=%s", xmlSecErrorsSafeString(file));
+ return 0;
+ }
+ }
+ seeded = 1;
+ return 1;
+}
+
+static int
+xmlSecOpenSSLAppSaveRANDFile(const char *file) {
+ char buffer[1024];
+
+ if(egdsocket || !seeded) {
+ /* If we did not manage to read the seed file,
+ * we should not write a low-entropy seed file back --
+ * it would suppress a crucial warning the next time
+ * we want to use it. */
+ return 0;
+ }
+
+ if(file == NULL) {
+ file = RAND_file_name(buffer, sizeof(buffer));
+ }
+ if((file == NULL) || !RAND_write_file(file)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "RAND_write_file",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "file=%s",
+ xmlSecErrorsSafeString(file));
+ return 0;
+ }
+
+ return 1;
+}
+
+/**
+ * xmlSecOpenSSLAppGetDefaultPwdCallback:
+ *
+ * Gets default password callback.
+ *
+ * Returns: default password callback.
+ */
+void*
+xmlSecOpenSSLAppGetDefaultPwdCallback(void) {
+ return XMLSEC_FUNC_TO_PTR(pem_password_cb, xmlSecOpenSSLDefaultPasswordCallback);
+}
+
+static int
+xmlSecOpenSSLDefaultPasswordCallback(char *buf, int bufsize, int verify, void *userdata) {
+ char* filename = (char*)userdata;
+ char* buf2;
+ xmlChar prompt[2048];
+ int i, ret;
+
+ xmlSecAssert2(buf != NULL, -1);
+
+ /* try 3 times */
+ for(i = 0; i < 3; i++) {
+ if(filename != NULL) {
+ xmlSecStrPrintf(prompt, sizeof(prompt), BAD_CAST "Enter password for \"%s\" file: ", filename);
+ } else {
+ xmlSecStrPrintf(prompt, sizeof(prompt), BAD_CAST "Enter password: ");
+ }
+ ret = EVP_read_pw_string(buf, bufsize, (char*)prompt, 0);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "EVP_read_pw_string",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* if we don't need to verify password then we are done */
+ if(verify == 0) {
+ return(strlen(buf));
+ }
+
+ if(filename != NULL) {
+ xmlSecStrPrintf(prompt, sizeof(prompt), BAD_CAST "Enter password for \"%s\" file again: ", filename);
+ } else {
+ xmlSecStrPrintf(prompt, sizeof(prompt), BAD_CAST "Enter password again: ");
+ }
+
+ buf2 = (char*)xmlMalloc(bufsize);
+ if(buf2 == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", bufsize);
+ return(-1);
+ }
+ ret = EVP_read_pw_string(buf2, bufsize, (char*)prompt, 0);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "EVP_read_pw_string",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ memset(buf2, 0, bufsize);
+ xmlFree(buf2);
+ return(-1);
+ }
+
+ /* check if passwords match */
+ if(strcmp(buf, buf2) == 0) {
+ memset(buf2, 0, bufsize);
+ xmlFree(buf2);
+ return(strlen(buf));
+ }
+
+ /* try again */
+ memset(buf2, 0, bufsize);
+ xmlFree(buf2);
+ }
+
+ return(-1);
+}
+
+static int
+xmlSecOpenSSLDummyPasswordCallback(char *buf, int bufsize,
+ int verify ATTRIBUTE_UNUSED,
+ void *userdata) {
+ char* password = (char*)userdata;
+
+ if((password == NULL) || ((int)strlen(password) + 1 > bufsize)) {
+ return(-1);
+ }
+
+ strcpy(buf, password);
+ return (strlen(buf));
+}
+
diff --git a/src/openssl/bn.c b/src/openssl/bn.c
new file mode 100644
index 00000000..dfeae6ea
--- /dev/null
+++ b/src/openssl/bn.c
@@ -0,0 +1,163 @@
+/**
+ * XMLSec library
+ *
+ * Reading/writing BIGNUM values
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/buffer.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/openssl/crypto.h>
+#include <xmlsec/openssl/bn.h>
+
+/**
+ * xmlSecOpenSSLNodeGetBNValue:
+ * @cur: the poitner to an XML node.
+ * @a: the BIGNUM buffer.
+ *
+ * Converts the node content from CryptoBinary format
+ * (http://www.w3.org/TR/xmldsig-core/#sec-CryptoBinary)
+ * to a BIGNUM. If no BIGNUM buffer provided then a new
+ * BIGNUM is created (caller is responsible for freeing it).
+ *
+ * Returns: a pointer to BIGNUM produced from CryptoBinary string
+ * or NULL if an error occurs.
+ */
+BIGNUM*
+xmlSecOpenSSLNodeGetBNValue(const xmlNodePtr cur, BIGNUM **a) {
+ xmlSecBuffer buf;
+ int ret;
+
+ xmlSecAssert2(cur != NULL, NULL);
+
+ ret = xmlSecBufferInitialize(&buf, 128);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ ret = xmlSecBufferBase64NodeContentRead(&buf, cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferBase64NodeContentRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buf);
+ return(NULL);
+ }
+
+ (*a) = BN_bin2bn(xmlSecBufferGetData(&buf), xmlSecBufferGetSize(&buf), (*a));
+ if( (*a) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BN_bin2bn",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buf);
+ return(NULL);
+ }
+ xmlSecBufferFinalize(&buf);
+ return(*a);
+}
+
+/**
+ * xmlSecOpenSSLNodeSetBNValue:
+ * @cur: the pointer to an XML node.
+ * @a: the BIGNUM.
+ * @addLineBreaks: if the flag is equal to 1 then
+ * linebreaks will be added before and after
+ * new buffer content.
+ *
+ * Converts BIGNUM to CryptoBinary string
+ * (http://www.w3.org/TR/xmldsig-core/#sec-CryptoBinary)
+ * and sets it as the content of the given node. If the
+ * addLineBreaks is set then line breaks are added
+ * before and after the CryptoBinary string.
+ *
+ * Returns: 0 on success or -1 otherwise.
+ */
+int
+xmlSecOpenSSLNodeSetBNValue(xmlNodePtr cur, const BIGNUM *a, int addLineBreaks) {
+ xmlSecBuffer buf;
+ xmlSecSize size;
+ int ret;
+
+ xmlSecAssert2(a != NULL, -1);
+ xmlSecAssert2(cur != NULL, -1);
+
+ ret = xmlSecBufferInitialize(&buf, BN_num_bytes(a) + 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", BN_num_bytes(a) + 1);
+ return(-1);
+ }
+
+ ret = BN_bn2bin(a, xmlSecBufferGetData(&buf));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BN_bn2bin",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+ size = ret;
+
+ ret = xmlSecBufferSetSize(&buf, size);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", size);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+
+ if(addLineBreaks) {
+ xmlNodeSetContent(cur, xmlSecStringCR);
+ } else {
+ xmlNodeSetContent(cur, xmlSecStringEmpty);
+ }
+
+ ret = xmlSecBufferBase64NodeContentWrite(&buf, cur, xmlSecBase64GetDefaultLineSize());
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferBase64NodeContentWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buf);
+ return(-1);
+ }
+
+ if(addLineBreaks) {
+ xmlNodeAddContent(cur, xmlSecStringCR);
+ }
+
+ xmlSecBufferFinalize(&buf);
+ return(0);
+}
+
diff --git a/src/openssl/ciphers.c b/src/openssl/ciphers.c
new file mode 100644
index 00000000..1b600625
--- /dev/null
+++ b/src/openssl/ciphers.c
@@ -0,0 +1,856 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/openssl/crypto.h>
+#include <xmlsec/openssl/evp.h>
+
+/* this is not defined in OpenSSL 0.9.6 */
+#ifndef EVP_MAX_BLOCK_LENGTH
+#define EVP_MAX_BLOCK_LENGTH 32
+#endif /* EVP_MAX_BLOCK_LENGTH */
+
+/**************************************************************************
+ *
+ * Internal OpenSSL Block cipher CTX
+ *
+ *****************************************************************************/
+typedef struct _xmlSecOpenSSLEvpBlockCipherCtx xmlSecOpenSSLEvpBlockCipherCtx,
+ *xmlSecOpenSSLEvpBlockCipherCtxPtr;
+struct _xmlSecOpenSSLEvpBlockCipherCtx {
+ const EVP_CIPHER* cipher;
+ xmlSecKeyDataId keyId;
+ EVP_CIPHER_CTX cipherCtx;
+ int keyInitialized;
+ int ctxInitialized;
+ xmlSecByte key[EVP_MAX_KEY_LENGTH];
+ xmlSecByte iv[EVP_MAX_IV_LENGTH];
+ xmlSecByte pad[EVP_MAX_BLOCK_LENGTH];
+};
+static int xmlSecOpenSSLEvpBlockCipherCtxInit (xmlSecOpenSSLEvpBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecOpenSSLEvpBlockCipherCtxUpdate (xmlSecOpenSSLEvpBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecOpenSSLEvpBlockCipherCtxFinal (xmlSecOpenSSLEvpBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr out,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx);
+static int
+xmlSecOpenSSLEvpBlockCipherCtxInit(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in, xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx) {
+ int ivLen;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->cipher != NULL, -1);
+ xmlSecAssert2(ctx->keyInitialized != 0, -1);
+ xmlSecAssert2(ctx->ctxInitialized == 0, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ivLen = EVP_CIPHER_iv_length(ctx->cipher);
+ xmlSecAssert2(ivLen > 0, -1);
+ xmlSecAssert2((xmlSecSize)ivLen <= sizeof(ctx->iv), -1);
+
+ if(encrypt) {
+ /* generate random iv */
+ ret = RAND_bytes(ctx->iv, ivLen);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "RAND_bytes",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", ivLen);
+ return(-1);
+ }
+
+ /* write iv to the output */
+ ret = xmlSecBufferAppend(out, ctx->iv, ivLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", ivLen);
+ return(-1);
+ }
+
+ } else {
+ /* if we don't have enough data, exit and hope that
+ * we'll have iv next time */
+ if(xmlSecBufferGetSize(in) < (xmlSecSize)ivLen) {
+ return(0);
+ }
+
+ /* copy iv to our buffer*/
+ xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1);
+ memcpy(ctx->iv, xmlSecBufferGetData(in), ivLen);
+
+ /* and remove from input */
+ ret = xmlSecBufferRemoveHead(in, ivLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", ivLen);
+ return(-1);
+ }
+ }
+
+ /* set iv */
+ ret = EVP_CipherInit(&(ctx->cipherCtx), ctx->cipher, ctx->key, ctx->iv, encrypt);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "EVP_CipherInit",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ctx->ctxInitialized = 1;
+
+ /*
+ * The padding used in XML Enc does not follow RFC 1423
+ * and is not supported by OpenSSL. In the case of OpenSSL 0.9.7
+ * it is possible to disable padding and do it by yourself
+ * For OpenSSL 0.9.6 you have interop problems
+ */
+#ifndef XMLSEC_OPENSSL_096
+ EVP_CIPHER_CTX_set_padding(&(ctx->cipherCtx), 0);
+#endif /* XMLSEC_OPENSSL_096 */
+ return(0);
+}
+
+static int
+xmlSecOpenSSLEvpBlockCipherCtxUpdate(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in, xmlSecBufferPtr out,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx) {
+ int blockLen, fixLength = 0, outLen = 0;
+ xmlSecSize inSize, outSize;
+ xmlSecByte* outBuf;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->keyInitialized != 0, -1);
+ xmlSecAssert2(ctx->ctxInitialized != 0, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ blockLen = EVP_CIPHER_block_size(ctx->cipher);
+ xmlSecAssert2(blockLen > 0, -1);
+
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+
+ if(inSize == 0) {
+ /* wait for more data */
+ return(0);
+ }
+
+ /* OpenSSL docs: The amount of data written depends on the block
+ * alignment of the encrypted data: as a result the amount of data
+ * written may be anything from zero bytes to (inl + cipher_block_size - 1).
+ */
+ ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + inSize + blockLen);
+ return(-1);
+ }
+ outBuf = xmlSecBufferGetData(out) + outSize;
+
+ /*
+ * The padding used in XML Enc does not follow RFC 1423
+ * and is not supported by OpenSSL. In the case of OpenSSL 0.9.7
+ * it is possible to disable padding and do it by yourself
+ * For OpenSSL 0.9.6 you have interop problems.
+ *
+ * The logic below is copied from EVP_DecryptUpdate() function.
+ * This is a hack but it's the only way I can provide binary
+ * compatibility with previous versions of xmlsec.
+ * This needs to be fixed in the next XMLSEC API refresh.
+ */
+#ifndef XMLSEC_OPENSSL_096
+ if(!ctx->cipherCtx.encrypt) {
+ if(ctx->cipherCtx.final_used) {
+ memcpy(outBuf, ctx->cipherCtx.final, blockLen);
+ outBuf += blockLen;
+ fixLength = 1;
+ } else {
+ fixLength = 0;
+ }
+ }
+#endif /* XMLSEC_OPENSSL_096 */
+
+ /* encrypt/decrypt */
+ ret = EVP_CipherUpdate(&(ctx->cipherCtx), outBuf, &outLen, xmlSecBufferGetData(in), inSize);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "EVP_CipherUpdate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+#ifndef XMLSEC_OPENSSL_096
+ if(!ctx->cipherCtx.encrypt) {
+ /*
+ * The logic below is copied from EVP_DecryptUpdate() function.
+ * This is a hack but it's the only way I can provide binary
+ * compatibility with previous versions of xmlsec.
+ * This needs to be fixed in the next XMLSEC API refresh.
+ */
+ if (blockLen > 1 && !ctx->cipherCtx.buf_len) {
+ outLen -= blockLen;
+ ctx->cipherCtx.final_used = 1;
+ memcpy(ctx->cipherCtx.final, &outBuf[outLen], blockLen);
+ } else {
+ ctx->cipherCtx.final_used = 0;
+ }
+ if (fixLength) {
+ outLen += blockLen;
+ }
+ }
+#endif /* XMLSEC_OPENSSL_096 */
+
+ /* set correct output buffer size */
+ ret = xmlSecBufferSetSize(out, outSize + outLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + outLen);
+ return(-1);
+ }
+
+ /* remove the processed block from input */
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ return(0);
+}
+
+static int
+xmlSecOpenSSLEvpBlockCipherCtxFinal(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr out,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx) {
+ int blockLen, outLen = 0, outLen2 = 0;
+ xmlSecSize outSize;
+ xmlSecByte* outBuf;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->keyInitialized != 0, -1);
+ xmlSecAssert2(ctx->ctxInitialized != 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ blockLen = EVP_CIPHER_block_size(ctx->cipher);
+ xmlSecAssert2(blockLen > 0, -1);
+
+ outSize = xmlSecBufferGetSize(out);
+
+ /* OpenSSL docs: The encrypted final data is written to out which should
+ * have sufficient space for one cipher block. We might have to write
+ * one more block with padding
+ */
+ ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + 2 * blockLen);
+ return(-1);
+ }
+ outBuf = xmlSecBufferGetData(out) + outSize;
+
+ /*
+ * The padding used in XML Enc does not follow RFC 1423
+ * and is not supported by OpenSSL. In the case of OpenSSL 0.9.7
+ * it is possible to disable padding and do it by yourself
+ * For OpenSSL 0.9.6 you have interop problems.
+ *
+ * The logic below is copied from EVP_DecryptFinal() function.
+ * This is a hack but it's the only way I can provide binary
+ * compatibility with previous versions of xmlsec.
+ * This needs to be fixed in the next XMLSEC API refresh.
+ */
+#ifndef XMLSEC_OPENSSL_096
+ if(ctx->cipherCtx.encrypt) {
+ int padLen;
+
+ xmlSecAssert2(blockLen <= EVP_MAX_BLOCK_LENGTH, -1);
+
+ padLen = blockLen - ctx->cipherCtx.buf_len;
+ xmlSecAssert2(padLen > 0, -1);
+
+ /* generate random padding */
+ if(padLen > 1) {
+ ret = RAND_bytes(ctx->pad, padLen - 1);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "RAND_bytes",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", padLen - 1);
+ return(-1);
+ }
+ }
+ ctx->pad[padLen - 1] = padLen;
+
+ /* write padding */
+ ret = EVP_CipherUpdate(&(ctx->cipherCtx), outBuf, &outLen, ctx->pad, padLen);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "EVP_CipherUpdate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outBuf += outLen;
+ }
+#endif /* XMLSEC_OPENSSL_096 */
+
+ /* finalize transform */
+ ret = EVP_CipherFinal(&(ctx->cipherCtx), outBuf, &outLen2);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "EVP_CipherFinal",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /*
+ * The padding used in XML Enc does not follow RFC 1423
+ * and is not supported by OpenSSL. In the case of OpenSSL 0.9.7
+ * it is possible to disable padding and do it by yourself
+ * For OpenSSL 0.9.6 you have interop problems.
+ *
+ * The logic below is copied from EVP_DecryptFinal() function.
+ * This is a hack but it's the only way I can provide binary
+ * compatibility with previous versions of xmlsec.
+ * This needs to be fixed in the next XMLSEC API refresh.
+ */
+#ifndef XMLSEC_OPENSSL_096
+ if(!ctx->cipherCtx.encrypt) {
+ /* we instructed openssl to do not use padding so there
+ * should be no final block
+ */
+ xmlSecAssert2(outLen2 == 0, -1);
+ xmlSecAssert2(ctx->cipherCtx.buf_len == 0, -1);
+ xmlSecAssert2(ctx->cipherCtx.final_used, -1);
+
+ if(blockLen > 1) {
+ outLen2 = blockLen - ctx->cipherCtx.final[blockLen - 1];
+ if(outLen2 > 0) {
+ memcpy(outBuf, ctx->cipherCtx.final, outLen2);
+ } else if(outLen2 < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "padding=%d;buffer=%d",
+ ctx->cipherCtx.final[blockLen - 1], blockLen);
+ return(-1);
+ }
+ }
+ }
+#endif /* XMLSEC_OPENSSL_096 */
+
+ /* set correct output buffer size */
+ ret = xmlSecBufferSetSize(out, outSize + outLen + outLen2);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + outLen + outLen2);
+ return(-1);
+ }
+
+ return(0);
+}
+
+
+/******************************************************************************
+ *
+ * EVP Block Cipher transforms
+ *
+ * xmlSecOpenSSLEvpBlockCipherCtx block is located after xmlSecTransform structure
+ *
+ *****************************************************************************/
+#define xmlSecOpenSSLEvpBlockCipherSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecOpenSSLEvpBlockCipherCtx))
+#define xmlSecOpenSSLEvpBlockCipherGetCtx(transform) \
+ ((xmlSecOpenSSLEvpBlockCipherCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecOpenSSLEvpBlockCipherInitialize (xmlSecTransformPtr transform);
+static void xmlSecOpenSSLEvpBlockCipherFinalize (xmlSecTransformPtr transform);
+static int xmlSecOpenSSLEvpBlockCipherSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecOpenSSLEvpBlockCipherSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecOpenSSLEvpBlockCipherExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecOpenSSLEvpBlockCipherCheckId (xmlSecTransformPtr transform);
+
+
+
+static int
+xmlSecOpenSSLEvpBlockCipherCheckId(xmlSecTransformPtr transform) {
+#ifndef XMLSEC_NO_DES
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformDes3CbcId)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_AES
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformAes128CbcId) ||
+ xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformAes192CbcId) ||
+ xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformAes256CbcId)) {
+
+ return(1);
+ }
+#endif /* XMLSEC_NO_AES */
+
+ return(0);
+}
+
+static int
+xmlSecOpenSSLEvpBlockCipherInitialize(xmlSecTransformPtr transform) {
+ xmlSecOpenSSLEvpBlockCipherCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecOpenSSLEvpBlockCipherCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpBlockCipherSize), -1);
+
+ ctx = xmlSecOpenSSLEvpBlockCipherGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecOpenSSLEvpBlockCipherCtx));
+
+#ifndef XMLSEC_NO_DES
+ if(transform->id == xmlSecOpenSSLTransformDes3CbcId) {
+ ctx->cipher = EVP_des_ede3_cbc();
+ ctx->keyId = xmlSecOpenSSLKeyDataDesId;
+ } else
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_AES
+ if(transform->id == xmlSecOpenSSLTransformAes128CbcId) {
+ ctx->cipher = EVP_aes_128_cbc();
+ ctx->keyId = xmlSecOpenSSLKeyDataAesId;
+ } else if(transform->id == xmlSecOpenSSLTransformAes192CbcId) {
+ ctx->cipher = EVP_aes_192_cbc();
+ ctx->keyId = xmlSecOpenSSLKeyDataAesId;
+ } else if(transform->id == xmlSecOpenSSLTransformAes256CbcId) {
+ ctx->cipher = EVP_aes_256_cbc();
+ ctx->keyId = xmlSecOpenSSLKeyDataAesId;
+ } else
+#endif /* XMLSEC_NO_AES */
+
+ if(1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ EVP_CIPHER_CTX_init(&(ctx->cipherCtx));
+ return(0);
+}
+
+static void
+xmlSecOpenSSLEvpBlockCipherFinalize(xmlSecTransformPtr transform) {
+ xmlSecOpenSSLEvpBlockCipherCtxPtr ctx;
+
+ xmlSecAssert(xmlSecOpenSSLEvpBlockCipherCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpBlockCipherSize));
+
+ ctx = xmlSecOpenSSLEvpBlockCipherGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ EVP_CIPHER_CTX_cleanup(&(ctx->cipherCtx));
+ memset(ctx, 0, sizeof(xmlSecOpenSSLEvpBlockCipherCtx));
+}
+
+static int
+xmlSecOpenSSLEvpBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecOpenSSLEvpBlockCipherCtxPtr ctx;
+ int cipherKeyLen;
+
+ xmlSecAssert2(xmlSecOpenSSLEvpBlockCipherCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpBlockCipherSize), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ ctx = xmlSecOpenSSLEvpBlockCipherGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->cipher != NULL, -1);
+ xmlSecAssert2(ctx->keyId != NULL, -1);
+
+ keyReq->keyId = ctx->keyId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+ } else {
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+ }
+
+ cipherKeyLen = EVP_CIPHER_key_length(ctx->cipher);
+ xmlSecAssert2(cipherKeyLen > 0, -1);
+
+ keyReq->keyBitsSize = (xmlSecSize)(8 * cipherKeyLen);
+ return(0);
+}
+
+static int
+xmlSecOpenSSLEvpBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecOpenSSLEvpBlockCipherCtxPtr ctx;
+ xmlSecBufferPtr buffer;
+ int cipherKeyLen;
+
+ xmlSecAssert2(xmlSecOpenSSLEvpBlockCipherCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpBlockCipherSize), -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ ctx = xmlSecOpenSSLEvpBlockCipherGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->cipher != NULL, -1);
+ xmlSecAssert2(ctx->keyInitialized == 0, -1);
+ xmlSecAssert2(ctx->keyId != NULL, -1);
+ xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1);
+
+ cipherKeyLen = EVP_CIPHER_key_length(ctx->cipher);
+ xmlSecAssert2(cipherKeyLen > 0, -1);
+ xmlSecAssert2((xmlSecSize)cipherKeyLen <= sizeof(ctx->key), -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
+ xmlSecAssert2(buffer != NULL, -1);
+
+ if(xmlSecBufferGetSize(buffer) < (xmlSecSize)cipherKeyLen) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "keySize=%d;expected=%d",
+ xmlSecBufferGetSize(buffer), cipherKeyLen);
+ return(-1);
+ }
+
+ xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1);
+ memcpy(ctx->key, xmlSecBufferGetData(buffer), cipherKeyLen);
+
+ ctx->keyInitialized = 1;
+ return(0);
+}
+
+static int
+xmlSecOpenSSLEvpBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecOpenSSLEvpBlockCipherCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ int ret;
+
+ xmlSecAssert2(xmlSecOpenSSLEvpBlockCipherCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpBlockCipherSize), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+
+ ctx = xmlSecOpenSSLEvpBlockCipherGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if(transform->status == xmlSecTransformStatusWorking) {
+ if(ctx->ctxInitialized == 0) {
+ ret = xmlSecOpenSSLEvpBlockCipherCtxInit(ctx, in, out,
+ (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
+ xmlSecTransformGetName(transform), transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecOpenSSLEvpBlockCipherCtxInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ if((ctx->ctxInitialized == 0) && (last != 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "not enough data to initialize transform");
+ return(-1);
+ }
+
+ if(ctx->ctxInitialized != 0) {
+ ret = xmlSecOpenSSLEvpBlockCipherCtxUpdate(ctx, in, out,
+ xmlSecTransformGetName(transform),
+ transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecOpenSSLEvpBlockCipherCtxUpdate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ if(last != 0) {
+ /* by now there should be no input */
+ xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
+ ret = xmlSecOpenSSLEvpBlockCipherCtxFinal(ctx, out,
+ xmlSecTransformGetName(transform),
+ transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecOpenSSLEvpBlockCipherCtxFinal",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
+ } else if(transform->status == xmlSecTransformStatusNone) {
+ /* the only way we can get here is if there is no enough data in the input */
+ xmlSecAssert2(last == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+
+ return(0);
+}
+
+
+#ifndef XMLSEC_NO_AES
+/*********************************************************************
+ *
+ * AES CBC cipher transforms
+ *
+ ********************************************************************/
+static xmlSecTransformKlass xmlSecOpenSSLAes128CbcKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameAes128Cbc, /* const xmlChar* name; */
+ xmlSecHrefAes128Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecOpenSSLEvpBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecOpenSSLEvpBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformAes128CbcGetKlass:
+ *
+ * AES 128 CBC encryption transform klass.
+ *
+ * Returns: pointer to AES 128 CBC encryption transform.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformAes128CbcGetKlass(void) {
+ return(&xmlSecOpenSSLAes128CbcKlass);
+}
+
+static xmlSecTransformKlass xmlSecOpenSSLAes192CbcKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameAes192Cbc, /* const xmlChar* name; */
+ xmlSecHrefAes192Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecOpenSSLEvpBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecOpenSSLEvpBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformAes192CbcGetKlass:
+ *
+ * AES 192 CBC encryption transform klass.
+ *
+ * Returns: pointer to AES 192 CBC encryption transform.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformAes192CbcGetKlass(void) {
+ return(&xmlSecOpenSSLAes192CbcKlass);
+}
+
+static xmlSecTransformKlass xmlSecOpenSSLAes256CbcKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameAes256Cbc, /* const xmlChar* name; */
+ xmlSecHrefAes256Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecOpenSSLEvpBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecOpenSSLEvpBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformAes256CbcGetKlass:
+ *
+ * AES 256 CBC encryption transform klass.
+ *
+ * Returns: pointer to AES 256 CBC encryption transform.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformAes256CbcGetKlass(void) {
+ return(&xmlSecOpenSSLAes256CbcKlass);
+}
+
+#endif /* XMLSEC_NO_AES */
+
+#ifndef XMLSEC_NO_DES
+static xmlSecTransformKlass xmlSecOpenSSLDes3CbcKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameDes3Cbc, /* const xmlChar* name; */
+ xmlSecHrefDes3Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecOpenSSLEvpBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecOpenSSLEvpBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformDes3CbcGetKlass:
+ *
+ * Triple DES CBC encryption transform klass.
+ *
+ * Returns: pointer to Triple DES encryption transform.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformDes3CbcGetKlass(void) {
+ return(&xmlSecOpenSSLDes3CbcKlass);
+}
+#endif /* XMLSEC_NO_DES */
+
diff --git a/src/openssl/crypto.c b/src/openssl/crypto.c
new file mode 100644
index 00000000..aac8d09f
--- /dev/null
+++ b/src/openssl/crypto.c
@@ -0,0 +1,491 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+#include <xmlsec/dl.h>
+#include <xmlsec/private.h>
+
+#include <xmlsec/openssl/app.h>
+#include <xmlsec/openssl/crypto.h>
+#include <xmlsec/openssl/x509.h>
+
+static int xmlSecOpenSSLErrorsInit (void);
+
+static xmlSecCryptoDLFunctionsPtr gXmlSecOpenSSLFunctions = NULL;
+static xmlChar* gXmlSecOpenSSLTrustedCertsFolder = NULL;
+
+/**
+ * xmlSecCryptoGetFunctions_openssl:
+ *
+ * Gets the pointer to xmlsec-openssl functions table.
+ *
+ * Returns: the xmlsec-openssl functions table or NULL if an error occurs.
+ */
+xmlSecCryptoDLFunctionsPtr
+xmlSecCryptoGetFunctions_openssl(void) {
+ static xmlSecCryptoDLFunctions functions;
+
+ if(gXmlSecOpenSSLFunctions != NULL) {
+ return(gXmlSecOpenSSLFunctions);
+ }
+
+ memset(&functions, 0, sizeof(functions));
+ gXmlSecOpenSSLFunctions = &functions;
+
+ /********************************************************************
+ *
+ * Crypto Init/shutdown
+ *
+ ********************************************************************/
+ gXmlSecOpenSSLFunctions->cryptoInit = xmlSecOpenSSLInit;
+ gXmlSecOpenSSLFunctions->cryptoShutdown = xmlSecOpenSSLShutdown;
+ gXmlSecOpenSSLFunctions->cryptoKeysMngrInit = xmlSecOpenSSLKeysMngrInit;
+
+ /********************************************************************
+ *
+ * Key data ids
+ *
+ ********************************************************************/
+#ifndef XMLSEC_NO_AES
+ gXmlSecOpenSSLFunctions->keyDataAesGetKlass = xmlSecOpenSSLKeyDataAesGetKlass;
+#endif /* XMLSEC_NO_AES */
+
+#ifndef XMLSEC_NO_DES
+ gXmlSecOpenSSLFunctions->keyDataDesGetKlass = xmlSecOpenSSLKeyDataDesGetKlass;
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_DSA
+ gXmlSecOpenSSLFunctions->keyDataDsaGetKlass = xmlSecOpenSSLKeyDataDsaGetKlass;
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_HMAC
+ gXmlSecOpenSSLFunctions->keyDataHmacGetKlass = xmlSecOpenSSLKeyDataHmacGetKlass;
+#endif /* XMLSEC_NO_HMAC */
+
+#ifndef XMLSEC_NO_RSA
+ gXmlSecOpenSSLFunctions->keyDataRsaGetKlass = xmlSecOpenSSLKeyDataRsaGetKlass;
+#endif /* XMLSEC_NO_RSA */
+
+#ifndef XMLSEC_NO_X509
+ gXmlSecOpenSSLFunctions->keyDataX509GetKlass = xmlSecOpenSSLKeyDataX509GetKlass;
+ gXmlSecOpenSSLFunctions->keyDataRawX509CertGetKlass = xmlSecOpenSSLKeyDataRawX509CertGetKlass;
+#endif /* XMLSEC_NO_X509 */
+
+ /********************************************************************
+ *
+ * Key data store ids
+ *
+ ********************************************************************/
+#ifndef XMLSEC_NO_X509
+ gXmlSecOpenSSLFunctions->x509StoreGetKlass = xmlSecOpenSSLX509StoreGetKlass;
+#endif /* XMLSEC_NO_X509 */
+
+ /********************************************************************
+ *
+ * Crypto transforms ids
+ *
+ ********************************************************************/
+
+ /******************************* AES ********************************/
+#ifndef XMLSEC_NO_AES
+ gXmlSecOpenSSLFunctions->transformAes128CbcGetKlass = xmlSecOpenSSLTransformAes128CbcGetKlass;
+ gXmlSecOpenSSLFunctions->transformAes192CbcGetKlass = xmlSecOpenSSLTransformAes192CbcGetKlass;
+ gXmlSecOpenSSLFunctions->transformAes256CbcGetKlass = xmlSecOpenSSLTransformAes256CbcGetKlass;
+ gXmlSecOpenSSLFunctions->transformKWAes128GetKlass = xmlSecOpenSSLTransformKWAes128GetKlass;
+ gXmlSecOpenSSLFunctions->transformKWAes192GetKlass = xmlSecOpenSSLTransformKWAes192GetKlass;
+ gXmlSecOpenSSLFunctions->transformKWAes256GetKlass = xmlSecOpenSSLTransformKWAes256GetKlass;
+#endif /* XMLSEC_NO_AES */
+
+ /******************************* DES ********************************/
+#ifndef XMLSEC_NO_DES
+ gXmlSecOpenSSLFunctions->transformDes3CbcGetKlass = xmlSecOpenSSLTransformDes3CbcGetKlass;
+ gXmlSecOpenSSLFunctions->transformKWDes3GetKlass = xmlSecOpenSSLTransformKWDes3GetKlass;
+#endif /* XMLSEC_NO_DES */
+
+ /******************************* DSA ********************************/
+#ifndef XMLSEC_NO_DSA
+
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecOpenSSLFunctions->transformDsaSha1GetKlass = xmlSecOpenSSLTransformDsaSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#endif /* XMLSEC_NO_DSA */
+
+ /******************************* HMAC ********************************/
+#ifndef XMLSEC_NO_HMAC
+
+#ifndef XMLSEC_NO_MD5
+ gXmlSecOpenSSLFunctions->transformHmacMd5GetKlass = xmlSecOpenSSLTransformHmacMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ gXmlSecOpenSSLFunctions->transformHmacRipemd160GetKlass = xmlSecOpenSSLTransformHmacRipemd160GetKlass;
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecOpenSSLFunctions->transformHmacSha1GetKlass = xmlSecOpenSSLTransformHmacSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+ gXmlSecOpenSSLFunctions->transformHmacSha224GetKlass = xmlSecOpenSSLTransformHmacSha224GetKlass;
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecOpenSSLFunctions->transformHmacSha256GetKlass = xmlSecOpenSSLTransformHmacSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecOpenSSLFunctions->transformHmacSha384GetKlass = xmlSecOpenSSLTransformHmacSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecOpenSSLFunctions->transformHmacSha512GetKlass = xmlSecOpenSSLTransformHmacSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_HMAC */
+
+ /******************************* MD5 ********************************/
+#ifndef XMLSEC_NO_MD5
+ gXmlSecOpenSSLFunctions->transformMd5GetKlass = xmlSecOpenSSLTransformMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+ /******************************* RIPEMD160 ********************************/
+#ifndef XMLSEC_NO_RIPEMD160
+ gXmlSecOpenSSLFunctions->transformRipemd160GetKlass = xmlSecOpenSSLTransformRipemd160GetKlass;
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+ /******************************* RSA ********************************/
+#ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_MD5
+ gXmlSecOpenSSLFunctions->transformRsaMd5GetKlass = xmlSecOpenSSLTransformRsaMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ gXmlSecOpenSSLFunctions->transformRsaRipemd160GetKlass = xmlSecOpenSSLTransformRsaRipemd160GetKlass;
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecOpenSSLFunctions->transformRsaSha1GetKlass = xmlSecOpenSSLTransformRsaSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+ gXmlSecOpenSSLFunctions->transformRsaSha224GetKlass = xmlSecOpenSSLTransformRsaSha224GetKlass;
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecOpenSSLFunctions->transformRsaSha256GetKlass = xmlSecOpenSSLTransformRsaSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecOpenSSLFunctions->transformRsaSha384GetKlass = xmlSecOpenSSLTransformRsaSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecOpenSSLFunctions->transformRsaSha512GetKlass = xmlSecOpenSSLTransformRsaSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+ gXmlSecOpenSSLFunctions->transformRsaPkcs1GetKlass = xmlSecOpenSSLTransformRsaPkcs1GetKlass;
+ gXmlSecOpenSSLFunctions->transformRsaOaepGetKlass = xmlSecOpenSSLTransformRsaOaepGetKlass;
+#endif /* XMLSEC_NO_RSA */
+
+ /******************************* SHA ********************************/
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecOpenSSLFunctions->transformSha1GetKlass = xmlSecOpenSSLTransformSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+ gXmlSecOpenSSLFunctions->transformSha224GetKlass = xmlSecOpenSSLTransformSha224GetKlass;
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+ gXmlSecOpenSSLFunctions->transformSha256GetKlass = xmlSecOpenSSLTransformSha256GetKlass;
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ gXmlSecOpenSSLFunctions->transformSha384GetKlass = xmlSecOpenSSLTransformSha384GetKlass;
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ gXmlSecOpenSSLFunctions->transformSha512GetKlass = xmlSecOpenSSLTransformSha512GetKlass;
+#endif /* XMLSEC_NO_SHA512 */
+
+ /********************************************************************
+ *
+ * High level routines form xmlsec command line utility
+ *
+ ********************************************************************/
+ gXmlSecOpenSSLFunctions->cryptoAppInit = xmlSecOpenSSLAppInit;
+ gXmlSecOpenSSLFunctions->cryptoAppShutdown = xmlSecOpenSSLAppShutdown;
+ gXmlSecOpenSSLFunctions->cryptoAppDefaultKeysMngrInit = xmlSecOpenSSLAppDefaultKeysMngrInit;
+ gXmlSecOpenSSLFunctions->cryptoAppDefaultKeysMngrAdoptKey = xmlSecOpenSSLAppDefaultKeysMngrAdoptKey;
+ gXmlSecOpenSSLFunctions->cryptoAppDefaultKeysMngrLoad = xmlSecOpenSSLAppDefaultKeysMngrLoad;
+ gXmlSecOpenSSLFunctions->cryptoAppDefaultKeysMngrSave = xmlSecOpenSSLAppDefaultKeysMngrSave;
+#ifndef XMLSEC_NO_X509
+ gXmlSecOpenSSLFunctions->cryptoAppKeysMngrCertLoad = xmlSecOpenSSLAppKeysMngrCertLoad;
+ gXmlSecOpenSSLFunctions->cryptoAppKeysMngrCertLoadMemory = xmlSecOpenSSLAppKeysMngrCertLoadMemory;
+ gXmlSecOpenSSLFunctions->cryptoAppPkcs12Load = xmlSecOpenSSLAppPkcs12Load;
+ gXmlSecOpenSSLFunctions->cryptoAppPkcs12LoadMemory = xmlSecOpenSSLAppPkcs12LoadMemory;
+ gXmlSecOpenSSLFunctions->cryptoAppKeyCertLoad = xmlSecOpenSSLAppKeyCertLoad;
+ gXmlSecOpenSSLFunctions->cryptoAppKeyCertLoadMemory = xmlSecOpenSSLAppKeyCertLoadMemory;
+#endif /* XMLSEC_NO_X509 */
+ gXmlSecOpenSSLFunctions->cryptoAppKeyLoad = xmlSecOpenSSLAppKeyLoad;
+ gXmlSecOpenSSLFunctions->cryptoAppKeyLoadMemory = xmlSecOpenSSLAppKeyLoadMemory;
+ gXmlSecOpenSSLFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecOpenSSLAppGetDefaultPwdCallback();
+
+ return(gXmlSecOpenSSLFunctions);
+}
+
+/**
+ * xmlSecOpenSSLInit:
+ *
+ * XMLSec library specific crypto engine initialization.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecOpenSSLInit (void) {
+ /* Check loaded xmlsec library version */
+ if(xmlSecCheckVersionExact() != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCheckVersionExact",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if(xmlSecOpenSSLErrorsInit() < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLErrorsInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* register our klasses */
+ if(xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(xmlSecCryptoGetFunctions_openssl()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecOpenSSLShutdown:
+ *
+ * XMLSec library specific crypto engine shutdown.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecOpenSSLShutdown(void) {
+ xmlSecOpenSSLSetDefaultTrustedCertsFolder(NULL);
+ return(0);
+}
+
+/**
+ * xmlSecOpenSSLKeysMngrInit:
+ * @mngr: the pointer to keys manager.
+ *
+ * Adds OpenSSL specific key data stores in keys manager.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecOpenSSLKeysMngrInit(xmlSecKeysMngrPtr mngr) {
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+
+#ifndef XMLSEC_NO_X509
+ /* create x509 store if needed */
+ if(xmlSecKeysMngrGetDataStore(mngr, xmlSecOpenSSLX509StoreId) == NULL) {
+ xmlSecKeyDataStorePtr x509Store;
+
+ x509Store = xmlSecKeyDataStoreCreate(xmlSecOpenSSLX509StoreId);
+ if(x509Store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataStoreCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecOpenSSLX509StoreId");
+ return(-1);
+ }
+
+ ret = xmlSecKeysMngrAdoptDataStore(mngr, x509Store);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrAdoptDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataStoreDestroy(x509Store);
+ return(-1);
+ }
+ }
+#endif /* XMLSEC_NO_X509 */
+ return(0);
+}
+
+/**
+ * xmlSecOpenSSLGenerateRandom:
+ * @buffer: the destination buffer.
+ * @size: the numer of bytes to generate.
+ *
+ * Generates @size random bytes and puts result in @buffer.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecOpenSSLGenerateRandom(xmlSecBufferPtr buffer, xmlSecSize size) {
+ int ret;
+
+ xmlSecAssert2(buffer != NULL, -1);
+ xmlSecAssert2(size > 0, -1);
+
+ ret = xmlSecBufferSetSize(buffer, size);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", size);
+ return(-1);
+ }
+
+ /* get random data */
+ ret = RAND_bytes((xmlSecByte*)xmlSecBufferGetData(buffer), size);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "RAND_bytes",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", size);
+ return(-1);
+ }
+ return(0);
+}
+
+/**
+ * xmlSecOpenSSLErrorsDefaultCallback:
+ * @file: the error location file name (__FILE__ macro).
+ * @line: the error location line number (__LINE__ macro).
+ * @func: the error location function name (__FUNCTION__ macro).
+ * @errorObject: the error specific error object
+ * @errorSubject: the error specific error subject.
+ * @reason: the error code.
+ * @msg: the additional error message.
+ *
+ * The default OpenSSL errors reporting callback function.
+ */
+void
+xmlSecOpenSSLErrorsDefaultCallback(const char* file, int line, const char* func,
+ const char* errorObject, const char* errorSubject,
+ int reason, const char* msg) {
+
+ ERR_put_error(XMLSEC_OPENSSL_ERRORS_LIB,
+ XMLSEC_OPENSSL_ERRORS_FUNCTION,
+ reason, file, line);
+ xmlSecErrorsDefaultCallback(file, line, func,
+ errorObject, errorSubject,
+ reason, msg);
+}
+
+static int
+xmlSecOpenSSLErrorsInit(void) {
+ static ERR_STRING_DATA xmlSecOpenSSLStrReasons[XMLSEC_ERRORS_MAX_NUMBER + 1];
+ static ERR_STRING_DATA xmlSecOpenSSLStrLib[]= {
+ { ERR_PACK(XMLSEC_OPENSSL_ERRORS_LIB,0,0), "xmlsec routines"},
+ { 0, NULL}
+ };
+ static ERR_STRING_DATA xmlSecOpenSSLStrDefReason[]= {
+ { XMLSEC_OPENSSL_ERRORS_LIB, "xmlsec lib"},
+ { 0, NULL}
+ };
+ xmlSecSize pos;
+
+ /* initialize reasons array */
+ memset(xmlSecOpenSSLStrReasons, 0, sizeof(xmlSecOpenSSLStrReasons));
+ for(pos = 0; (pos < XMLSEC_ERRORS_MAX_NUMBER) && (xmlSecErrorsGetMsg(pos) != NULL); ++pos) {
+ xmlSecOpenSSLStrReasons[pos].error = xmlSecErrorsGetCode(pos);
+ xmlSecOpenSSLStrReasons[pos].string = xmlSecErrorsGetMsg(pos);
+ }
+
+ /* finally load xmlsec strings in OpenSSL */
+ ERR_load_strings(XMLSEC_OPENSSL_ERRORS_LIB, xmlSecOpenSSLStrLib); /* define xmlsec lib name */
+ ERR_load_strings(XMLSEC_OPENSSL_ERRORS_LIB, xmlSecOpenSSLStrDefReason); /* define default reason */
+ ERR_load_strings(XMLSEC_OPENSSL_ERRORS_LIB, xmlSecOpenSSLStrReasons);
+
+ /* and set default errors callback for xmlsec to us */
+ xmlSecErrorsSetCallback(xmlSecOpenSSLErrorsDefaultCallback);
+
+ return(0);
+}
+
+/**
+ * xmlSecOpenSSLSetDefaultTrustedCertsFolder:
+ * @path: the default trusted certs path.
+ *
+ * Sets the default trusted certs folder.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecOpenSSLSetDefaultTrustedCertsFolder(const xmlChar* path) {
+ if(gXmlSecOpenSSLTrustedCertsFolder != NULL) {
+ xmlFree(gXmlSecOpenSSLTrustedCertsFolder);
+ gXmlSecOpenSSLTrustedCertsFolder = NULL;
+ }
+
+ if(path != NULL) {
+ gXmlSecOpenSSLTrustedCertsFolder = xmlStrdup(BAD_CAST path);
+ if(gXmlSecOpenSSLTrustedCertsFolder == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlStrdup",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecOpenSSLGetDefaultTrustedCertsFolder:
+ *
+ * Gets the default trusted certs folder.
+ *
+ * Returns: the default trusted cert folder.
+ */
+const xmlChar*
+xmlSecOpenSSLGetDefaultTrustedCertsFolder(void) {
+ return(gXmlSecOpenSSLTrustedCertsFolder);
+}
+
+
+
diff --git a/src/openssl/digests.c b/src/openssl/digests.c
new file mode 100644
index 00000000..2dc32369
--- /dev/null
+++ b/src/openssl/digests.c
@@ -0,0 +1,682 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <openssl/evp.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/openssl/crypto.h>
+#include <xmlsec/openssl/evp.h>
+
+/**************************************************************************
+ *
+ * Internal OpenSSL Digest CTX
+ *
+ *****************************************************************************/
+typedef struct _xmlSecOpenSSLDigestCtx xmlSecOpenSSLDigestCtx, *xmlSecOpenSSLDigestCtxPtr;
+struct _xmlSecOpenSSLDigestCtx {
+ const EVP_MD* digest;
+ EVP_MD_CTX digestCtx;
+ xmlSecByte dgst[EVP_MAX_MD_SIZE];
+ xmlSecSize dgstSize; /* dgst size in bytes */
+};
+
+/******************************************************************************
+ *
+ * EVP Digest transforms
+ *
+ * xmlSecOpenSSLDigestCtx is located after xmlSecTransform
+ *
+ *****************************************************************************/
+#define xmlSecOpenSSLEvpDigestSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecOpenSSLDigestCtx))
+#define xmlSecOpenSSLEvpDigestGetCtx(transform) \
+ ((xmlSecOpenSSLDigestCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+
+static int xmlSecOpenSSLEvpDigestInitialize (xmlSecTransformPtr transform);
+static void xmlSecOpenSSLEvpDigestFinalize (xmlSecTransformPtr transform);
+static int xmlSecOpenSSLEvpDigestVerify (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecOpenSSLEvpDigestExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecOpenSSLEvpDigestCheckId (xmlSecTransformPtr transform);
+
+static int
+xmlSecOpenSSLEvpDigestCheckId(xmlSecTransformPtr transform) {
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformMd5Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRipemd160Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformSha1Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformSha224Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformSha256Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformSha384Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformSha512Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+
+ {
+ return(0);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecOpenSSLEvpDigestInitialize(xmlSecTransformPtr transform) {
+ xmlSecOpenSSLDigestCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecOpenSSLEvpDigestCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpDigestSize), -1);
+
+ ctx = xmlSecOpenSSLEvpDigestGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ /* initialize context */
+ memset(ctx, 0, sizeof(xmlSecOpenSSLDigestCtx));
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformMd5Id)) {
+ ctx->digest = EVP_md5();
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRipemd160Id)) {
+ ctx->digest = EVP_ripemd160();
+ } else
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformSha1Id)) {
+ ctx->digest = EVP_sha1();
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformSha224Id)) {
+ ctx->digest = EVP_sha224();
+ } else
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformSha256Id)) {
+ ctx->digest = EVP_sha256();
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformSha384Id)) {
+ ctx->digest = EVP_sha384();
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformSha512Id)) {
+ ctx->digest = EVP_sha512();
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+#ifndef XMLSEC_OPENSSL_096
+ EVP_MD_CTX_init(&(ctx->digestCtx));
+#endif /* XMLSEC_OPENSSL_096 */
+
+ return(0);
+}
+
+static void
+xmlSecOpenSSLEvpDigestFinalize(xmlSecTransformPtr transform) {
+ xmlSecOpenSSLDigestCtxPtr ctx;
+
+ xmlSecAssert(xmlSecOpenSSLEvpDigestCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpDigestSize));
+
+ ctx = xmlSecOpenSSLEvpDigestGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+#ifndef XMLSEC_OPENSSL_096
+ EVP_MD_CTX_cleanup(&(ctx->digestCtx));
+#endif /* XMLSEC_OPENSSL_096 */
+ memset(ctx, 0, sizeof(xmlSecOpenSSLDigestCtx));
+}
+
+static int
+xmlSecOpenSSLEvpDigestVerify(xmlSecTransformPtr transform,
+ const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecOpenSSLDigestCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecOpenSSLEvpDigestCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpDigestSize), -1);
+ xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
+ xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecOpenSSLEvpDigestGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->dgstSize > 0, -1);
+
+ if(dataSize != ctx->dgstSize) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "data_size=%d;dgst_size=%d",
+ dataSize, ctx->dgstSize);
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ if(memcmp(ctx->dgst, data, ctx->dgstSize) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "data and digest do not match");
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ transform->status = xmlSecTransformStatusOk;
+ return(0);
+}
+
+static int
+xmlSecOpenSSLEvpDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecOpenSSLDigestCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ int ret;
+
+ xmlSecAssert2(xmlSecOpenSSLEvpDigestCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpDigestSize), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ in = &(transform->inBuf);
+ xmlSecAssert2(in != NULL, -1);
+
+ out = &(transform->outBuf);
+ xmlSecAssert2(out != NULL, -1);
+
+ ctx = xmlSecOpenSSLEvpDigestGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->digest != NULL, -1);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+#ifndef XMLSEC_OPENSSL_096
+ ret = EVP_DigestInit(&(ctx->digestCtx), ctx->digest);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "EVP_DigestInit",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+#else /* XMLSEC_OPENSSL_096 */
+ EVP_DigestInit(&(ctx->digestCtx), ctx->digest);
+#endif /* XMLSEC_OPENSSL_096 */
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if(transform->status == xmlSecTransformStatusWorking) {
+ xmlSecSize inSize;
+
+ inSize = xmlSecBufferGetSize(in);
+ if(inSize > 0) {
+#ifndef XMLSEC_OPENSSL_096
+ ret = EVP_DigestUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "EVP_DigestUpdate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+#else /* XMLSEC_OPENSSL_096 */
+ EVP_DigestUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize);
+#endif /* XMLSEC_OPENSSL_096 */
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ }
+ if(last) {
+ unsigned int dgstSize;
+
+ xmlSecAssert2((xmlSecSize)EVP_MD_size(ctx->digest) <= sizeof(ctx->dgst), -1);
+
+#ifndef XMLSEC_OPENSSL_096
+ ret = EVP_DigestFinal(&(ctx->digestCtx), ctx->dgst, &dgstSize);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "EVP_DigestFinal",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+#else /* XMLSEC_OPENSSL_096 */
+ EVP_DigestFinal(&(ctx->digestCtx), ctx->dgst, &dgstSize);
+#endif /* XMLSEC_OPENSSL_096 */
+ xmlSecAssert2(dgstSize > 0, -1);
+ ctx->dgstSize = XMLSEC_SIZE_BAD_CAST(dgstSize);
+
+ /* copy result to output */
+ if(transform->operation == xmlSecTransformOperationSign) {
+ ret = xmlSecBufferAppend(out, ctx->dgst, ctx->dgstSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", ctx->dgstSize);
+ return(-1);
+ }
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+
+ return(0);
+}
+
+
+#ifndef XMLSEC_NO_MD5
+/******************************************************************************
+ *
+ * MD5
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecOpenSSLMd5Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpDigestSize, /* xmlSecSize objSize */
+
+ xmlSecNameMd5, /* const xmlChar* name; */
+ xmlSecHrefMd5, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformMd5GetKlass:
+ *
+ * MD5 digest transform klass.
+ *
+ * Returns: pointer to MD5 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformMd5GetKlass(void) {
+ return(&xmlSecOpenSSLMd5Klass);
+}
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+/******************************************************************************
+ *
+ * RIPEMD160
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecOpenSSLRipemd160Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpDigestSize, /* xmlSecSize objSize */
+
+ xmlSecNameRipemd160, /* const xmlChar* name; */
+ xmlSecHrefRipemd160, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformRipemd160GetKlass:
+ *
+ * RIPEMD-160 digest transform klass.
+ *
+ * Returns: pointer to RIPEMD-160 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformRipemd160GetKlass(void) {
+ return(&xmlSecOpenSSLRipemd160Klass);
+}
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+
+#ifndef XMLSEC_NO_SHA1
+/******************************************************************************
+ *
+ * SHA1
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecOpenSSLSha1Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpDigestSize, /* xmlSecSize objSize */
+
+ xmlSecNameSha1, /* const xmlChar* name; */
+ xmlSecHrefSha1, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformSha1GetKlass:
+ *
+ * SHA-1 digest transform klass.
+ *
+ * Returns: pointer to SHA-1 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformSha1GetKlass(void) {
+ return(&xmlSecOpenSSLSha1Klass);
+}
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+/******************************************************************************
+ *
+ * SHA224
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecOpenSSLSha224Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpDigestSize, /* xmlSecSize objSize */
+
+ xmlSecNameSha224, /* const xmlChar* name; */
+ xmlSecHrefSha224, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformSha224GetKlass:
+ *
+ * SHA-224 digest transform klass.
+ *
+ * Returns: pointer to SHA-224 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformSha224GetKlass(void) {
+ return(&xmlSecOpenSSLSha224Klass);
+}
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+/******************************************************************************
+ *
+ * SHA256
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecOpenSSLSha256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpDigestSize, /* xmlSecSize objSize */
+
+ xmlSecNameSha256, /* const xmlChar* name; */
+ xmlSecHrefSha256, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformSha256GetKlass:
+ *
+ * SHA-256 digest transform klass.
+ *
+ * Returns: pointer to SHA-256 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformSha256GetKlass(void) {
+ return(&xmlSecOpenSSLSha256Klass);
+}
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/******************************************************************************
+ *
+ * SHA384
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecOpenSSLSha384Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpDigestSize, /* xmlSecSize objSize */
+
+ xmlSecNameSha384, /* const xmlChar* name; */
+ xmlSecHrefSha384, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformSha384GetKlass:
+ *
+ * SHA-384 digest transform klass.
+ *
+ * Returns: pointer to SHA-384 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformSha384GetKlass(void) {
+ return(&xmlSecOpenSSLSha384Klass);
+}
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/******************************************************************************
+ *
+ * SHA512
+ *
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecOpenSSLSha512Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpDigestSize, /* xmlSecSize objSize */
+
+ xmlSecNameSha512, /* const xmlChar* name; */
+ xmlSecHrefSha512, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformSha512GetKlass:
+ *
+ * SHA-512 digest transform klass.
+ *
+ * Returns: pointer to SHA-512 digest transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformSha512GetKlass(void) {
+ return(&xmlSecOpenSSLSha512Klass);
+}
+#endif /* XMLSEC_NO_SHA512 */
+
diff --git a/src/openssl/evp.c b/src/openssl/evp.c
new file mode 100644
index 00000000..e48defd3
--- /dev/null
+++ b/src/openssl/evp.c
@@ -0,0 +1,1559 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/openssl/crypto.h>
+#include <xmlsec/openssl/bn.h>
+#include <xmlsec/openssl/evp.h>
+
+/**************************************************************************
+ *
+ * Internal OpenSSL EVP key CTX
+ *
+ *************************************************************************/
+typedef struct _xmlSecOpenSSLEvpKeyDataCtx xmlSecOpenSSLEvpKeyDataCtx,
+ *xmlSecOpenSSLEvpKeyDataCtxPtr;
+struct _xmlSecOpenSSLEvpKeyDataCtx {
+ EVP_PKEY* pKey;
+};
+
+/******************************************************************************
+ *
+ * EVP key (dsa/rsa)
+ *
+ * xmlSecOpenSSLEvpKeyDataCtx is located after xmlSecTransform
+ *
+ *****************************************************************************/
+#define xmlSecOpenSSLEvpKeyDataSize \
+ (sizeof(xmlSecKeyData) + sizeof(xmlSecOpenSSLEvpKeyDataCtx))
+#define xmlSecOpenSSLEvpKeyDataGetCtx(data) \
+ ((xmlSecOpenSSLEvpKeyDataCtxPtr)(((xmlSecByte*)(data)) + sizeof(xmlSecKeyData)))
+
+static int xmlSecOpenSSLEvpKeyDataInitialize (xmlSecKeyDataPtr data);
+static int xmlSecOpenSSLEvpKeyDataDuplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecOpenSSLEvpKeyDataFinalize (xmlSecKeyDataPtr data);
+
+/**
+ * xmlSecOpenSSLEvpKeyDataAdoptEvp:
+ * @data: the pointer to OpenSSL EVP key data.
+ * @pKey: the pointer to EVP key.
+ *
+ * Sets the value of key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecOpenSSLEvpKeyDataAdoptEvp(xmlSecKeyDataPtr data, EVP_PKEY* pKey) {
+ xmlSecOpenSSLEvpKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecOpenSSLEvpKeyDataSize), -1);
+ xmlSecAssert2(pKey != NULL, -1);
+
+ ctx = xmlSecOpenSSLEvpKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if(ctx->pKey != NULL) {
+ EVP_PKEY_free(ctx->pKey);
+ }
+ ctx->pKey = pKey;
+ return(0);
+}
+
+/**
+ * xmlSecOpenSSLEvpKeyDataGetEvp:
+ * @data: the pointer to OpenSSL EVP data.
+ *
+ * Gets the EVP_PKEY from the key data.
+ *
+ * Returns: pointer to EVP_PKEY or NULL if an error occurs.
+ */
+EVP_PKEY*
+xmlSecOpenSSLEvpKeyDataGetEvp(xmlSecKeyDataPtr data) {
+ xmlSecOpenSSLEvpKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), NULL);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecOpenSSLEvpKeyDataSize), NULL);
+
+ ctx = xmlSecOpenSSLEvpKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, NULL);
+
+ return(ctx->pKey);
+}
+
+static int
+xmlSecOpenSSLEvpKeyDataInitialize(xmlSecKeyDataPtr data) {
+ xmlSecOpenSSLEvpKeyDataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(data), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecOpenSSLEvpKeyDataSize), -1);
+
+ ctx = xmlSecOpenSSLEvpKeyDataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecOpenSSLEvpKeyDataCtx));
+
+ return(0);
+}
+
+static int
+xmlSecOpenSSLEvpKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecOpenSSLEvpKeyDataCtxPtr ctxDst;
+ xmlSecOpenSSLEvpKeyDataCtxPtr ctxSrc;
+
+ xmlSecAssert2(xmlSecKeyDataIsValid(dst), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecOpenSSLEvpKeyDataSize), -1);
+ xmlSecAssert2(xmlSecKeyDataIsValid(src), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecOpenSSLEvpKeyDataSize), -1);
+
+ ctxDst = xmlSecOpenSSLEvpKeyDataGetCtx(dst);
+ xmlSecAssert2(ctxDst != NULL, -1);
+ xmlSecAssert2(ctxDst->pKey == NULL, -1);
+
+ ctxSrc = xmlSecOpenSSLEvpKeyDataGetCtx(src);
+ xmlSecAssert2(ctxSrc != NULL, -1);
+
+ if(ctxSrc->pKey != NULL) {
+ ctxDst->pKey = xmlSecOpenSSLEvpKeyDup(ctxSrc->pKey);
+ if(ctxDst->pKey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "xmlSecOpenSSLEvpKeyDup",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ return(0);
+}
+
+static void
+xmlSecOpenSSLEvpKeyDataFinalize(xmlSecKeyDataPtr data) {
+ xmlSecOpenSSLEvpKeyDataCtxPtr ctx;
+
+ xmlSecAssert(xmlSecKeyDataIsValid(data));
+ xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecOpenSSLEvpKeyDataSize));
+
+ ctx = xmlSecOpenSSLEvpKeyDataGetCtx(data);
+ xmlSecAssert(ctx != NULL);
+
+ if(ctx->pKey != NULL) {
+ EVP_PKEY_free(ctx->pKey);
+ }
+ memset(ctx, 0, sizeof(xmlSecOpenSSLEvpKeyDataCtx));
+}
+
+/******************************************************************************
+ *
+ * EVP helper functions
+ *
+ *****************************************************************************/
+/**
+ * xmlSecOpenSSLEvpKeyDup:
+ * @pKey: the pointer to EVP_PKEY.
+ *
+ * Duplicates @pKey.
+ *
+ * Returns: pointer to newly created EVP_PKEY object or NULL if an error occurs.
+ */
+EVP_PKEY*
+xmlSecOpenSSLEvpKeyDup(EVP_PKEY* pKey) {
+ int ret;
+
+ xmlSecAssert2(pKey != NULL, NULL);
+
+ ret = CRYPTO_add(&pKey->references,1,CRYPTO_LOCK_EVP_PKEY);
+ if(ret <= 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CRYPTO_add",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ return(pKey);
+}
+
+/**
+ * xmlSecOpenSSLEvpKeyAdopt:
+ * @pKey: the pointer to EVP_PKEY.
+ *
+ * Creates xmlsec key object from OpenSSL key object.
+ *
+ * Returns: pointer to newly created xmlsec key or NULL if an error occurs.
+ */
+xmlSecKeyDataPtr
+xmlSecOpenSSLEvpKeyAdopt(EVP_PKEY *pKey) {
+ xmlSecKeyDataPtr data = NULL;
+ int ret;
+
+ xmlSecAssert2(pKey != NULL, NULL);
+
+ switch(pKey->type) {
+#ifndef XMLSEC_NO_RSA
+ case EVP_PKEY_RSA:
+ data = xmlSecKeyDataCreate(xmlSecOpenSSLKeyDataRsaId);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecOpenSSLKeyDataRsaId");
+ return(NULL);
+ }
+ break;
+#endif /* XMLSEC_NO_RSA */
+#ifndef XMLSEC_NO_DSA
+ case EVP_PKEY_DSA:
+ data = xmlSecKeyDataCreate(xmlSecOpenSSLKeyDataDsaId);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecOpenSSLKeyDataDsaId");
+ return(NULL);
+ }
+ break;
+#endif /* XMLSEC_NO_DSA */
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TYPE,
+ "evp key type %d not supported", pKey->type);
+ return(NULL);
+ }
+
+ xmlSecAssert2(data != NULL, NULL);
+ ret = xmlSecOpenSSLEvpKeyDataAdoptEvp(data, pKey);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLEvpKeyDataAdoptEvp",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ return(NULL);
+ }
+ return(data);
+}
+
+#ifndef XMLSEC_NO_DSA
+/**************************************************************************
+ *
+ * <dsig:DSAKeyValue> processing
+ *
+ *
+ * The DSAKeyValue Element (http://www.w3.org/TR/xmldsig-core/#sec-DSAKeyValue)
+ *
+ * DSA keys and the DSA signature algorithm are specified in [DSS].
+ * DSA public key values can have the following fields:
+ *
+ * * P - a prime modulus meeting the [DSS] requirements
+ * * Q - an integer in the range 2**159 < Q < 2**160 which is a prime
+ * divisor of P-1
+ * * G - an integer with certain properties with respect to P and Q
+ * * Y - G**X mod P (where X is part of the private key and not made
+ * public)
+ * * J - (P - 1) / Q
+ * * seed - a DSA prime generation seed
+ * * pgenCounter - a DSA prime generation counter
+ *
+ * Parameter J is available for inclusion solely for efficiency as it is
+ * calculatable from P and Q. Parameters seed and pgenCounter are used in the
+ * DSA prime number generation algorithm specified in [DSS]. As such, they are
+ * optional but must either both be present or both be absent. This prime
+ * generation algorithm is designed to provide assurance that a weak prime is
+ * not being used and it yields a P and Q value. Parameters P, Q, and G can be
+ * public and common to a group of users. They might be known from application
+ * context. As such, they are optional but P and Q must either both appear or
+ * both be absent. If all of P, Q, seed, and pgenCounter are present,
+ * implementations are not required to check if they are consistent and are
+ * free to use either P and Q or seed and pgenCounter. All parameters are
+ * encoded as base64 [MIME] values.
+ *
+ * Arbitrary-length integers (e.g. "bignums" such as RSA moduli) are
+ * represented in XML as octet strings as defined by the ds:CryptoBinary type.
+ *
+ * Schema Definition:
+ *
+ * <element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
+ * <complexType name="DSAKeyValueType">
+ * <sequence>
+ * <sequence minOccurs="0">
+ * <element name="P" type="ds:CryptoBinary"/>
+ * <element name="Q" type="ds:CryptoBinary"/>
+ * </sequence>
+ * <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
+ * <element name="Y" type="ds:CryptoBinary"/>
+ * <element name="J" type="ds:CryptoBinary" minOccurs="0"/>
+ * <sequence minOccurs="0">
+ * <element name="Seed" type="ds:CryptoBinary"/>
+ * <element name="PgenCounter" type="ds:CryptoBinary"/>
+ * </sequence>
+ * </sequence>
+ * </complexType>
+ *
+ * DTD Definition:
+ *
+ * <!ELEMENT DSAKeyValue ((P, Q)?, G?, Y, J?, (Seed, PgenCounter)?) >
+ * <!ELEMENT P (#PCDATA) >
+ * <!ELEMENT Q (#PCDATA) >
+ * <!ELEMENT G (#PCDATA) >
+ * <!ELEMENT Y (#PCDATA) >
+ * <!ELEMENT J (#PCDATA) >
+ * <!ELEMENT Seed (#PCDATA) >
+ * <!ELEMENT PgenCounter (#PCDATA) >
+ *
+ * ============================================================================
+ *
+ * To support reading/writing private keys an X element added (before Y).
+ * todo: The current implementation does not support Seed and PgenCounter!
+ * by this the P, Q and G are *required*!
+ *
+ *************************************************************************/
+static int xmlSecOpenSSLKeyDataDsaInitialize (xmlSecKeyDataPtr data);
+static int xmlSecOpenSSLKeyDataDsaDuplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecOpenSSLKeyDataDsaFinalize (xmlSecKeyDataPtr data);
+static int xmlSecOpenSSLKeyDataDsaXmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLKeyDataDsaXmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLKeyDataDsaGenerate (xmlSecKeyDataPtr data,
+ xmlSecSize sizeBits,
+ xmlSecKeyDataType type);
+
+static xmlSecKeyDataType xmlSecOpenSSLKeyDataDsaGetType (xmlSecKeyDataPtr data);
+static xmlSecSize xmlSecOpenSSLKeyDataDsaGetSize (xmlSecKeyDataPtr data);
+static void xmlSecOpenSSLKeyDataDsaDebugDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecOpenSSLKeyDataDsaDebugXmlDump (xmlSecKeyDataPtr data,
+ FILE* output);
+
+static xmlSecKeyDataKlass xmlSecOpenSSLKeyDataDsaKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecOpenSSLEvpKeyDataSize,
+
+ /* data */
+ xmlSecNameDSAKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefDSAKeyValue, /* const xmlChar* href; */
+ xmlSecNodeDSAKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecOpenSSLKeyDataDsaInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecOpenSSLKeyDataDsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecOpenSSLKeyDataDsaFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecOpenSSLKeyDataDsaGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecOpenSSLKeyDataDsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecOpenSSLKeyDataDsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecOpenSSLKeyDataDsaXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecOpenSSLKeyDataDsaXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecOpenSSLKeyDataDsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecOpenSSLKeyDataDsaDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLKeyDataDsaGetKlass:
+ *
+ * The DSA key data klass.
+ *
+ * Returns: pointer to DSA key data klass.
+ */
+xmlSecKeyDataId
+xmlSecOpenSSLKeyDataDsaGetKlass(void) {
+ return(&xmlSecOpenSSLKeyDataDsaKlass);
+}
+
+/**
+ * xmlSecOpenSSLKeyDataDsaAdoptDsa:
+ * @data: the pointer to DSA key data.
+ * @dsa: the pointer to OpenSSL DSA key.
+ *
+ * Sets the value of DSA key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecOpenSSLKeyDataDsaAdoptDsa(xmlSecKeyDataPtr data, DSA* dsa) {
+ EVP_PKEY* pKey = NULL;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataDsaId), -1);
+
+ /* construct new EVP_PKEY */
+ if(dsa != NULL) {
+ pKey = EVP_PKEY_new();
+ if(pKey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "EVP_PKEY_new",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = EVP_PKEY_assign_DSA(pKey, dsa);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "EVP_PKEY_assign_DSA",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ ret = xmlSecOpenSSLKeyDataDsaAdoptEvp(data, pKey);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLKeyDataDsaAdoptEvp",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ if(pKey != NULL) {
+ EVP_PKEY_free(pKey);
+ }
+ return(-1);
+ }
+ return(0);
+}
+
+/**
+ * xmlSecOpenSSLKeyDataDsaGetDsa:
+ * @data: the pointer to DSA key data.
+ *
+ * Gets the OpenSSL DSA key from DSA key data.
+ *
+ * Returns: pointer to OpenSSL DSA key or NULL if an error occurs.
+ */
+DSA*
+xmlSecOpenSSLKeyDataDsaGetDsa(xmlSecKeyDataPtr data) {
+ EVP_PKEY* pKey;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataDsaId), NULL);
+
+ pKey = xmlSecOpenSSLKeyDataDsaGetEvp(data);
+ xmlSecAssert2((pKey == NULL) || (pKey->type == EVP_PKEY_DSA), NULL);
+
+ return((pKey != NULL) ? pKey->pkey.dsa : (DSA*)NULL);
+}
+
+/**
+ * xmlSecOpenSSLKeyDataDsaAdoptEvp:
+ * @data: the pointer to DSA key data.
+ * @pKey: the pointer to OpenSSL EVP key.
+ *
+ * Sets the DSA key data value to OpenSSL EVP key.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecOpenSSLKeyDataDsaAdoptEvp(xmlSecKeyDataPtr data, EVP_PKEY* pKey) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataDsaId), -1);
+ xmlSecAssert2(pKey != NULL, -1);
+ xmlSecAssert2(pKey->type == EVP_PKEY_DSA, -1);
+
+ return(xmlSecOpenSSLEvpKeyDataAdoptEvp(data, pKey));
+}
+
+/**
+ * xmlSecOpenSSLKeyDataDsaGetEvp:
+ * @data: the pointer to DSA key data.
+ *
+ * Gets the OpenSSL EVP key from DSA key data.
+ *
+ * Returns: pointer to OpenSSL EVP key or NULL if an error occurs.
+ */
+EVP_PKEY*
+xmlSecOpenSSLKeyDataDsaGetEvp(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataDsaId), NULL);
+
+ return(xmlSecOpenSSLEvpKeyDataGetEvp(data));
+}
+
+static int
+xmlSecOpenSSLKeyDataDsaInitialize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataDsaId), -1);
+
+ return(xmlSecOpenSSLEvpKeyDataInitialize(data));
+}
+
+static int
+xmlSecOpenSSLKeyDataDsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecOpenSSLKeyDataDsaId), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecOpenSSLKeyDataDsaId), -1);
+
+ return(xmlSecOpenSSLEvpKeyDataDuplicate(dst, src));
+}
+
+static void
+xmlSecOpenSSLKeyDataDsaFinalize(xmlSecKeyDataPtr data) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataDsaId));
+
+ xmlSecOpenSSLEvpKeyDataFinalize(data);
+}
+
+static int
+xmlSecOpenSSLKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataPtr data;
+ xmlNodePtr cur;
+ DSA *dsa;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecOpenSSLKeyDataDsaId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ if(xmlSecKeyGetValue(key) != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ dsa = DSA_new();
+ if(dsa == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "DSA_new",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ cur = xmlSecGetNextElementNode(node->children);
+
+ /* first is P node. It is REQUIRED because we do not support Seed and PgenCounter*/
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAP, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ DSA_free(dsa);
+ return(-1);
+ }
+ if(xmlSecOpenSSLNodeGetBNValue(cur, &(dsa->p)) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLNodeGetBNValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ DSA_free(dsa);
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ /* next is Q node. It is REQUIRED because we do not support Seed and PgenCounter*/
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAQ, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ DSA_free(dsa);
+ return(-1);
+ }
+ if(xmlSecOpenSSLNodeGetBNValue(cur, &(dsa->q)) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLNodeGetBNValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ DSA_free(dsa);
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ /* next is G node. It is REQUIRED because we do not support Seed and PgenCounter*/
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAG, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ DSA_free(dsa);
+ return(-1);
+ }
+ if(xmlSecOpenSSLNodeGetBNValue(cur, &(dsa->g)) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLNodeGetBNValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ DSA_free(dsa);
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAX, xmlSecNs))) {
+ /* next is X node. It is REQUIRED for private key but
+ * we are not sure exactly what do we read */
+ if(xmlSecOpenSSLNodeGetBNValue(cur, &(dsa->priv_key)) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLNodeGetBNValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAX));
+ DSA_free(dsa);
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* next is Y node. */
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAY, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ DSA_free(dsa);
+ return(-1);
+ }
+ if(xmlSecOpenSSLNodeGetBNValue(cur, &(dsa->pub_key)) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLNodeGetBNValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ DSA_free(dsa);
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ /* todo: add support for J */
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAJ, xmlSecDSigNs))) {
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* todo: add support for seed */
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSASeed, xmlSecDSigNs))) {
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* todo: add support for pgencounter */
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAPgenCounter, xmlSecDSigNs))) {
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ DSA_free(dsa);
+ return(-1);
+ }
+
+ data = xmlSecKeyDataCreate(id);
+ if(data == NULL ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ DSA_free(dsa);
+ return(-1);
+ }
+
+ ret = xmlSecOpenSSLKeyDataDsaAdoptDsa(data, dsa);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLKeyDataDsaAdoptDsa",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ DSA_free(dsa);
+ return(-1);
+ }
+
+ ret = xmlSecKeySetValue(key, data);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecOpenSSLKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr cur;
+ DSA* dsa;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecOpenSSLKeyDataDsaId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecOpenSSLKeyDataDsaId), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ dsa = xmlSecOpenSSLKeyDataDsaGetDsa(xmlSecKeyGetValue(key));
+ xmlSecAssert2(dsa != NULL, -1);
+
+ if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
+ /* we can have only private key or public key */
+ return(0);
+ }
+
+ /* first is P node */
+ xmlSecAssert2(dsa->p != NULL, -1);
+ cur = xmlSecAddChild(node, xmlSecNodeDSAP, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ return(-1);
+ }
+ ret = xmlSecOpenSSLNodeSetBNValue(cur, dsa->p, 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLNodeSetBNValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAP));
+ return(-1);
+ }
+
+ /* next is Q node. */
+ xmlSecAssert2(dsa->q != NULL, -1);
+ cur = xmlSecAddChild(node, xmlSecNodeDSAQ, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ return(-1);
+ }
+ ret = xmlSecOpenSSLNodeSetBNValue(cur, dsa->q, 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLNodeSetBNValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAQ));
+ return(-1);
+ }
+
+ /* next is G node. */
+ xmlSecAssert2(dsa->g != NULL, -1);
+ cur = xmlSecAddChild(node, xmlSecNodeDSAG, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ return(-1);
+ }
+ ret = xmlSecOpenSSLNodeSetBNValue(cur, dsa->g, 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLNodeSetBNValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAG));
+ return(-1);
+ }
+
+ /* next is X node: write it ONLY for private keys and ONLY if it is requested */
+ if(((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate) != 0) && (dsa->priv_key != NULL)) {
+ cur = xmlSecAddChild(node, xmlSecNodeDSAX, xmlSecNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAX));
+ return(-1);
+ }
+ ret = xmlSecOpenSSLNodeSetBNValue(cur, dsa->priv_key, 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLNodeSetBNValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAX));
+ return(-1);
+ }
+ }
+
+ /* next is Y node. */
+ xmlSecAssert2(dsa->pub_key != NULL, -1);
+ cur = xmlSecAddChild(node, xmlSecNodeDSAY, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ return(-1);
+ }
+ ret = xmlSecOpenSSLNodeSetBNValue(cur, dsa->pub_key, 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLNodeSetBNValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDSAY));
+ return(-1);
+ }
+ return(0);
+}
+
+static int
+xmlSecOpenSSLKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+ DSA* dsa;
+ int counter_ret;
+ unsigned long h_ret;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataDsaId), -1);
+ xmlSecAssert2(sizeBits > 0, -1);
+
+ dsa = DSA_generate_parameters(sizeBits, NULL, 0, &counter_ret, &h_ret, NULL, NULL);
+ if(dsa == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "DSA_generate_parameters",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", sizeBits);
+ return(-1);
+ }
+
+ ret = DSA_generate_key(dsa);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "DSA_generate_key",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ DSA_free(dsa);
+ return(-1);
+ }
+
+ ret = xmlSecOpenSSLKeyDataDsaAdoptDsa(data, dsa);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLKeyDataDsaAdoptDsa",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ DSA_free(dsa);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static xmlSecKeyDataType
+xmlSecOpenSSLKeyDataDsaGetType(xmlSecKeyDataPtr data) {
+ DSA* dsa;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataDsaId), xmlSecKeyDataTypeUnknown);
+
+ dsa = xmlSecOpenSSLKeyDataDsaGetDsa(data);
+ if((dsa != NULL) && (dsa->p != NULL) && (dsa->q != NULL) &&
+ (dsa->g != NULL) && (dsa->pub_key != NULL)) {
+
+ if(dsa->priv_key != NULL) {
+ return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
+ } else if(dsa->engine != NULL) {
+ /*
+ * !!! HACK !!! Also see RSA key
+ * We assume here that engine *always* has private key.
+ * This might be incorrect but it seems that there is no
+ * way to ask engine if given key is private or not.
+ */
+ return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
+ } else {
+ return(xmlSecKeyDataTypePublic);
+ }
+ }
+
+ return(xmlSecKeyDataTypeUnknown);
+}
+
+static xmlSecSize
+xmlSecOpenSSLKeyDataDsaGetSize(xmlSecKeyDataPtr data) {
+ DSA* dsa;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataDsaId), 0);
+
+ dsa = xmlSecOpenSSLKeyDataDsaGetDsa(data);
+ if((dsa != NULL) && (dsa->p != NULL)) {
+ return(BN_num_bits(dsa->p));
+ }
+ return(0);
+}
+
+static void
+xmlSecOpenSSLKeyDataDsaDebugDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataDsaId));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "=== dsa key: size = %d\n",
+ xmlSecOpenSSLKeyDataDsaGetSize(data));
+}
+
+static void
+xmlSecOpenSSLKeyDataDsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataDsaId));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "<DSAKeyValue size=\"%d\" />\n",
+ xmlSecOpenSSLKeyDataDsaGetSize(data));
+}
+
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_RSA
+/**************************************************************************
+ *
+ * <dsig:RSAKeyValue> processing
+ *
+ * http://www.w3.org/TR/xmldsig-core/#sec-RSAKeyValue
+ * The RSAKeyValue Element
+ *
+ * RSA key values have two fields: Modulus and Exponent.
+ *
+ * <RSAKeyValue>
+ * <Modulus>xA7SEU+e0yQH5rm9kbCDN9o3aPIo7HbP7tX6WOocLZAtNfyxSZDU16ksL6W
+ * jubafOqNEpcwR3RdFsT7bCqnXPBe5ELh5u4VEy19MzxkXRgrMvavzyBpVRgBUwUlV
+ * 5foK5hhmbktQhyNdy/6LpQRhDUDsTvK+g9Ucj47es9AQJ3U=
+ * </Modulus>
+ * <Exponent>AQAB</Exponent>
+ * </RSAKeyValue>
+ *
+ * Arbitrary-length integers (e.g. "bignums" such as RSA moduli) are
+ * represented in XML as octet strings as defined by the ds:CryptoBinary type.
+ *
+ * Schema Definition:
+ *
+ * <element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
+ * <complexType name="RSAKeyValueType">
+ * <sequence>
+ * <element name="Modulus" type="ds:CryptoBinary"/>
+ * <element name="Exponent" type="ds:CryptoBinary"/>
+ * </sequence>
+ * </complexType>
+ *
+ * DTD Definition:
+ *
+ * <!ELEMENT RSAKeyValue (Modulus, Exponent) >
+ * <!ELEMENT Modulus (#PCDATA) >
+ * <!ELEMENT Exponent (#PCDATA) >
+ *
+ * ============================================================================
+ *
+ * To support reading/writing private keys an PrivateExponent element is added
+ * to the end
+ *
+ *************************************************************************/
+
+static int xmlSecOpenSSLKeyDataRsaInitialize (xmlSecKeyDataPtr data);
+static int xmlSecOpenSSLKeyDataRsaDuplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecOpenSSLKeyDataRsaFinalize (xmlSecKeyDataPtr data);
+static int xmlSecOpenSSLKeyDataRsaXmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLKeyDataRsaXmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLKeyDataRsaGenerate (xmlSecKeyDataPtr data,
+ xmlSecSize sizeBits,
+ xmlSecKeyDataType type);
+
+static xmlSecKeyDataType xmlSecOpenSSLKeyDataRsaGetType (xmlSecKeyDataPtr data);
+static xmlSecSize xmlSecOpenSSLKeyDataRsaGetSize (xmlSecKeyDataPtr data);
+static void xmlSecOpenSSLKeyDataRsaDebugDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecOpenSSLKeyDataRsaDebugXmlDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static xmlSecKeyDataKlass xmlSecOpenSSLKeyDataRsaKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecOpenSSLEvpKeyDataSize,
+
+ /* data */
+ xmlSecNameRSAKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefRSAKeyValue, /* const xmlChar* href; */
+ xmlSecNodeRSAKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecOpenSSLKeyDataRsaInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecOpenSSLKeyDataRsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecOpenSSLKeyDataRsaFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecOpenSSLKeyDataRsaGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecOpenSSLKeyDataRsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecOpenSSLKeyDataRsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecOpenSSLKeyDataRsaXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecOpenSSLKeyDataRsaXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecOpenSSLKeyDataRsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecOpenSSLKeyDataRsaDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLKeyDataRsaGetKlass:
+ *
+ * The OpenSSL RSA key data klass.
+ *
+ * Returns: pointer to OpenSSL RSA key data klass.
+ */
+xmlSecKeyDataId
+xmlSecOpenSSLKeyDataRsaGetKlass(void) {
+ return(&xmlSecOpenSSLKeyDataRsaKlass);
+}
+
+/**
+ * xmlSecOpenSSLKeyDataRsaAdoptRsa:
+ * @data: the pointer to RSA key data.
+ * @rsa: the pointer to OpenSSL RSA key.
+ *
+ * Sets the value of RSA key data.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecOpenSSLKeyDataRsaAdoptRsa(xmlSecKeyDataPtr data, RSA* rsa) {
+ EVP_PKEY* pKey = NULL;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataRsaId), -1);
+
+ /* construct new EVP_PKEY */
+ if(rsa != NULL) {
+ pKey = EVP_PKEY_new();
+ if(pKey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "EVP_PKEY_new",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = EVP_PKEY_assign_RSA(pKey, rsa);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "EVP_PKEY_assign_RSA",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ ret = xmlSecOpenSSLKeyDataRsaAdoptEvp(data, pKey);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLKeyDataRsaAdoptEvp",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ if(pKey != NULL) {
+ EVP_PKEY_free(pKey);
+ }
+ return(-1);
+ }
+ return(0);
+}
+
+/**
+ * xmlSecOpenSSLKeyDataRsaGetRsa:
+ * @data: the pointer to RSA key data.
+ *
+ * Gets the OpenSSL RSA key from RSA key data.
+ *
+ * Returns: pointer to OpenSSL RSA key or NULL if an error occurs.
+ */
+RSA*
+xmlSecOpenSSLKeyDataRsaGetRsa(xmlSecKeyDataPtr data) {
+ EVP_PKEY* pKey;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataRsaId), NULL);
+
+ pKey = xmlSecOpenSSLKeyDataRsaGetEvp(data);
+ xmlSecAssert2((pKey == NULL) || (pKey->type == EVP_PKEY_RSA), NULL);
+
+ return((pKey != NULL) ? pKey->pkey.rsa : (RSA*)NULL);
+}
+
+/**
+ * xmlSecOpenSSLKeyDataRsaAdoptEvp:
+ * @data: the pointer to RSA key data.
+ * @pKey: the pointer to OpenSSL EVP key.
+ *
+ * Sets the RSA key data value to OpenSSL EVP key.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecOpenSSLKeyDataRsaAdoptEvp(xmlSecKeyDataPtr data, EVP_PKEY* pKey) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataRsaId), -1);
+ xmlSecAssert2(pKey != NULL, -1);
+ xmlSecAssert2(pKey->type == EVP_PKEY_RSA, -1);
+
+ return(xmlSecOpenSSLEvpKeyDataAdoptEvp(data, pKey));
+}
+
+/**
+ * xmlSecOpenSSLKeyDataRsaGetEvp:
+ * @data: the pointer to RSA key data.
+ *
+ * Gets the OpenSSL EVP key from RSA key data.
+ *
+ * Returns: pointer to OpenSSL EVP key or NULL if an error occurs.
+ */
+EVP_PKEY*
+xmlSecOpenSSLKeyDataRsaGetEvp(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataRsaId), NULL);
+
+ return(xmlSecOpenSSLEvpKeyDataGetEvp(data));
+}
+
+static int
+xmlSecOpenSSLKeyDataRsaInitialize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataRsaId), -1);
+
+ return(xmlSecOpenSSLEvpKeyDataInitialize(data));
+}
+
+static int
+xmlSecOpenSSLKeyDataRsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecOpenSSLKeyDataRsaId), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecOpenSSLKeyDataRsaId), -1);
+
+ return(xmlSecOpenSSLEvpKeyDataDuplicate(dst, src));
+}
+
+static void
+xmlSecOpenSSLKeyDataRsaFinalize(xmlSecKeyDataPtr data) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataRsaId));
+
+ xmlSecOpenSSLEvpKeyDataFinalize(data);
+}
+
+static int
+xmlSecOpenSSLKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataPtr data;
+ xmlNodePtr cur;
+ RSA *rsa;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecOpenSSLKeyDataRsaId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ if(xmlSecKeyGetValue(key) != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA,
+ "key already has a value");
+ return(-1);
+ }
+
+ rsa = RSA_new();
+ if(rsa == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "RSA_new",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ cur = xmlSecGetNextElementNode(node->children);
+
+ /* first is Modulus node. It is REQUIRED because we do not support Seed and PgenCounter*/
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAModulus, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ RSA_free(rsa);
+ return(-1);
+ }
+ if(xmlSecOpenSSLNodeGetBNValue(cur, &(rsa->n)) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLNodeGetBNValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ RSA_free(rsa);
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ /* next is Exponent node. It is REQUIRED because we do not support Seed and PgenCounter*/
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAExponent, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ RSA_free(rsa);
+ return(-1);
+ }
+ if(xmlSecOpenSSLNodeGetBNValue(cur, &(rsa->e)) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLNodeGetBNValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ RSA_free(rsa);
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeRSAPrivateExponent, xmlSecNs))) {
+ /* next is X node. It is REQUIRED for private key but
+ * we are not sure exactly what do we read */
+ if(xmlSecOpenSSLNodeGetBNValue(cur, &(rsa->d)) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLNodeGetBNValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAPrivateExponent));
+ RSA_free(rsa);
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "no nodes expected");
+ RSA_free(rsa);
+ return(-1);
+ }
+
+ data = xmlSecKeyDataCreate(id);
+ if(data == NULL ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ RSA_free(rsa);
+ return(-1);
+ }
+
+ ret = xmlSecOpenSSLKeyDataRsaAdoptRsa(data, rsa);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLKeyDataRsaAdoptRsa",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ RSA_free(rsa);
+ return(-1);
+ }
+
+ ret = xmlSecKeySetValue(key, data);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(data);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecOpenSSLKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr cur;
+ RSA* rsa;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecOpenSSLKeyDataRsaId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecOpenSSLKeyDataRsaId), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ rsa = xmlSecOpenSSLKeyDataRsaGetRsa(xmlSecKeyGetValue(key));
+ xmlSecAssert2(rsa != NULL, -1);
+
+ if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
+ /* we can have only private key or public key */
+ return(0);
+ }
+
+ /* first is Modulus node */
+ cur = xmlSecAddChild(node, xmlSecNodeRSAModulus, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ return(-1);
+ }
+ ret = xmlSecOpenSSLNodeSetBNValue(cur, rsa->n, 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLNodeSetBNValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAModulus));
+ return(-1);
+ }
+
+ /* next is Exponent node. */
+ cur = xmlSecAddChild(node, xmlSecNodeRSAExponent, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ return(-1);
+ }
+ ret = xmlSecOpenSSLNodeSetBNValue(cur, rsa->e, 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLNodeSetBNValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAExponent));
+ return(-1);
+ }
+
+ /* next is PrivateExponent node: write it ONLY for private keys and ONLY if it is requested */
+ if(((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate) != 0) && (rsa->d != NULL)) {
+ cur = xmlSecAddChild(node, xmlSecNodeRSAPrivateExponent, xmlSecNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAPrivateExponent));
+ return(-1);
+ }
+ ret = xmlSecOpenSSLNodeSetBNValue(cur, rsa->d, 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLNodeSetBNValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRSAPrivateExponent));
+ return(-1);
+ }
+ }
+
+ return(0);
+}
+
+static int
+xmlSecOpenSSLKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+ RSA* rsa;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataRsaId), -1);
+ xmlSecAssert2(sizeBits > 0, -1);
+
+ rsa = RSA_generate_key(sizeBits, 3, NULL, NULL);
+ if(rsa == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "RSA_generate_key",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "sizeBits=%d", sizeBits);
+ return(-1);
+ }
+
+ ret = xmlSecOpenSSLKeyDataRsaAdoptRsa(data, rsa);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLKeyDataRsaAdoptRsa",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ RSA_free(rsa);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static xmlSecKeyDataType
+xmlSecOpenSSLKeyDataRsaGetType(xmlSecKeyDataPtr data) {
+ RSA* rsa;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataRsaId), xmlSecKeyDataTypeUnknown);
+
+ rsa = xmlSecOpenSSLKeyDataRsaGetRsa(data);
+ if((rsa != NULL) && (rsa->n != NULL) && (rsa->e != NULL)) {
+ if(rsa->d != NULL) {
+ return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
+ } else if(rsa->engine != NULL) {
+ /*
+ * !!! HACK !!! Also see DSA key
+ * We assume here that engine *always* has private key.
+ * This might be incorrect but it seems that there is no
+ * way to ask engine if given key is private or not.
+ */
+ return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
+ } else {
+ return(xmlSecKeyDataTypePublic);
+ }
+ }
+
+ return(xmlSecKeyDataTypeUnknown);
+}
+
+static xmlSecSize
+xmlSecOpenSSLKeyDataRsaGetSize(xmlSecKeyDataPtr data) {
+ RSA* rsa;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataRsaId), 0);
+
+ rsa = xmlSecOpenSSLKeyDataRsaGetRsa(data);
+ if((rsa != NULL) && (rsa->n != NULL)) {
+ return(BN_num_bits(rsa->n));
+ }
+ return(0);
+}
+
+static void
+xmlSecOpenSSLKeyDataRsaDebugDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataRsaId));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "=== rsa key: size = %d\n",
+ xmlSecOpenSSLKeyDataRsaGetSize(data));
+}
+
+static void
+xmlSecOpenSSLKeyDataRsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataRsaId));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "<RSAKeyValue size=\"%d\" />\n",
+ xmlSecOpenSSLKeyDataRsaGetSize(data));
+}
+
+#endif /* XMLSEC_NO_RSA */
+
+
+
diff --git a/src/openssl/globals.h b/src/openssl/globals.h
new file mode 100644
index 00000000..770b6dba
--- /dev/null
+++ b/src/openssl/globals.h
@@ -0,0 +1,24 @@
+/*
+ * XML Security Library
+ *
+ * globals.h: internal header only used during the compilation
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_GLOBALS_H__
+#define __XMLSEC_GLOBALS_H__
+
+/**
+ * Use autoconf defines if present.
+ */
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif /* HAVE_CONFIG_H */
+
+#define IN_XMLSEC_CRYPTO
+#define XMLSEC_PRIVATE
+
+#endif /* ! __XMLSEC_GLOBALS_H__ */
diff --git a/src/openssl/hmac.c b/src/openssl/hmac.c
new file mode 100644
index 00000000..bad1ac03
--- /dev/null
+++ b/src/openssl/hmac.c
@@ -0,0 +1,857 @@
+/**
+ *
+ * XMLSec library
+ *
+ * HMAC Algorithm support (http://www.w3.org/TR/xmldsig-core/#sec-HMAC):
+ * The HMAC algorithm (RFC2104 [HMAC]) takes the truncation length in bits
+ * as a parameter; if the parameter is not specified then all the bits of the
+ * hash are output. An example of an HMAC SignatureMethod element:
+ * <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1">
+ * <HMACOutputLength>128</HMACOutputLength>
+ * </SignatureMethod>
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef XMLSEC_NO_HMAC
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/hmac.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/openssl/crypto.h>
+
+/* sizes in bits */
+#define XMLSEC_OPENSSL_MIN_HMAC_SIZE 80
+#define XMLSEC_OPENSSL_MAX_HMAC_SIZE (EVP_MAX_MD_SIZE * 8)
+
+/**************************************************************************
+ *
+ * Configuration
+ *
+ *****************************************************************************/
+static int g_xmlsec_openssl_hmac_min_length = XMLSEC_OPENSSL_MIN_HMAC_SIZE;
+
+/**
+ * xmlSecOpenSSLHmacGetMinOutputLength:
+ *
+ * Gets the value of min HMAC length.
+ *
+ * Returns: the min HMAC output length
+ */
+int xmlSecOpenSSLHmacGetMinOutputLength(void)
+{
+ return g_xmlsec_openssl_hmac_min_length;
+}
+
+/**
+ * xmlSecOpenSSLHmacSetMinOutputLength:
+ * @min_length: the new min length
+ *
+ * Sets the min HMAC output length
+ */
+void xmlSecOpenSSLHmacSetMinOutputLength(int min_length)
+{
+ g_xmlsec_openssl_hmac_min_length = min_length;
+}
+
+/**************************************************************************
+ *
+ * Internal OpenSSL HMAC CTX
+ *
+ *****************************************************************************/
+typedef struct _xmlSecOpenSSLHmacCtx xmlSecOpenSSLHmacCtx, *xmlSecOpenSSLHmacCtxPtr;
+struct _xmlSecOpenSSLHmacCtx {
+ const EVP_MD* hmacDgst;
+ HMAC_CTX hmacCtx;
+ int ctxInitialized;
+ xmlSecByte dgst[XMLSEC_OPENSSL_MAX_HMAC_SIZE];
+ xmlSecSize dgstSize; /* dgst size in bits */
+};
+
+/**************************************************************************
+ *
+ * HMAC transforms
+ *
+ * xmlSecOpenSSLHmacCtx is located after xmlSecTransform
+ *
+ *****************************************************************************/
+#define xmlSecOpenSSLHmacGetCtx(transform) \
+ ((xmlSecOpenSSLHmacCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+#define xmlSecOpenSSLHmacSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecOpenSSLHmacCtx))
+
+static int xmlSecOpenSSLHmacCheckId (xmlSecTransformPtr transform);
+static int xmlSecOpenSSLHmacInitialize (xmlSecTransformPtr transform);
+static void xmlSecOpenSSLHmacFinalize (xmlSecTransformPtr transform);
+static int xmlSecOpenSSLHmacNodeRead (xmlSecTransformPtr transform,
+ xmlNodePtr node,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecOpenSSLHmacSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecOpenSSLHmacSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecOpenSSLHmacVerify (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecOpenSSLHmacExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+
+
+static int
+xmlSecOpenSSLHmacCheckId(xmlSecTransformPtr transform) {
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacSha1Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacSha224Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacSha256Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacSha384Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacSha512Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacRipemd160Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacMd5Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+ /* not found */
+ {
+ return(0);
+ }
+
+ /* just in case */
+ return(0);
+}
+
+
+
+static int
+xmlSecOpenSSLHmacInitialize(xmlSecTransformPtr transform) {
+ xmlSecOpenSSLHmacCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecOpenSSLHmacCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize), -1);
+
+ ctx = xmlSecOpenSSLHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ /* initialize context */
+ memset(ctx, 0, sizeof(xmlSecOpenSSLHmacCtx));
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacSha1Id)) {
+ ctx->hmacDgst = EVP_sha1();
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacSha224Id)) {
+ ctx->hmacDgst = EVP_sha224();
+ } else
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacSha256Id)) {
+ ctx->hmacDgst = EVP_sha256();
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacSha384Id)) {
+ ctx->hmacDgst = EVP_sha384();
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacSha512Id)) {
+ ctx->hmacDgst = EVP_sha512();
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacRipemd160Id)) {
+ ctx->hmacDgst = EVP_ripemd160();
+ } else
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacMd5Id)) {
+ ctx->hmacDgst = EVP_md5();
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+#ifndef XMLSEC_OPENSSL_096
+ HMAC_CTX_init(&(ctx->hmacCtx));
+#endif /* XMLSEC_OPENSSL_096 */
+ return(0);
+}
+
+static void
+xmlSecOpenSSLHmacFinalize(xmlSecTransformPtr transform) {
+ xmlSecOpenSSLHmacCtxPtr ctx;
+
+ xmlSecAssert(xmlSecOpenSSLHmacCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize));
+
+ ctx = xmlSecOpenSSLHmacGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+#ifndef XMLSEC_OPENSSL_096
+ HMAC_CTX_cleanup(&(ctx->hmacCtx));
+#endif /* XMLSEC_OPENSSL_096 */
+ memset(ctx, 0, sizeof(xmlSecOpenSSLHmacCtx));
+}
+
+static int
+xmlSecOpenSSLHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecOpenSSLHmacCtxPtr ctx;
+ xmlNodePtr cur;
+
+ xmlSecAssert2(xmlSecOpenSSLHmacCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize), -1);
+ xmlSecAssert2(node!= NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecOpenSSLHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ cur = xmlSecGetNextElementNode(node->children);
+ if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHMACOutputLength, xmlSecDSigNs)) {
+ xmlChar *content;
+
+ content = xmlNodeGetContent(cur);
+ if(content != NULL) {
+ ctx->dgstSize = atoi((char*)content);
+ xmlFree(content);
+ }
+
+ /* Ensure that HMAC length is greater than min specified.
+ Otherwise, an attacker can set this length to 0 or very
+ small value
+ */
+ if((int)ctx->dgstSize < xmlSecOpenSSLHmacGetMinOutputLength()) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
+ "HMAC output length is too small");
+ return(-1);
+ }
+
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+static int
+xmlSecOpenSSLHmacSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecAssert2(xmlSecOpenSSLHmacCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ keyReq->keyId = xmlSecOpenSSLKeyDataHmacId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+ if(transform->operation == xmlSecTransformOperationSign) {
+ keyReq->keyUsage = xmlSecKeyUsageSign;
+ } else {
+ keyReq->keyUsage = xmlSecKeyUsageVerify;
+ }
+
+ return(0);
+}
+
+static int
+xmlSecOpenSSLHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecOpenSSLHmacCtxPtr ctx;
+ xmlSecKeyDataPtr value;
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecOpenSSLHmacCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize), -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ ctx = xmlSecOpenSSLHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->hmacDgst != NULL, -1);
+ xmlSecAssert2(ctx->ctxInitialized == 0, -1);
+
+ value = xmlSecKeyGetValue(key);
+ xmlSecAssert2(xmlSecKeyDataCheckId(value, xmlSecOpenSSLKeyDataHmacId), -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(value);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ if(xmlSecBufferGetSize(buffer) == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "keySize=0");
+ return(-1);
+ }
+
+ xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1);
+ HMAC_Init(&(ctx->hmacCtx),
+ xmlSecBufferGetData(buffer),
+ xmlSecBufferGetSize(buffer),
+ ctx->hmacDgst);
+ ctx->ctxInitialized = 1;
+ return(0);
+}
+
+static int
+xmlSecOpenSSLHmacVerify(xmlSecTransformPtr transform,
+ const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx) {
+ static xmlSecByte last_byte_masks[] =
+ { 0xFF, 0x80, 0xC0, 0xE0, 0xF0, 0xF8, 0xFC, 0xFE };
+
+ xmlSecOpenSSLHmacCtxPtr ctx;
+ xmlSecByte mask;
+
+ xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize), -1);
+ xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
+ xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecOpenSSLHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->dgstSize > 0, -1);
+
+ /* compare the digest size in bytes */
+ if(dataSize != ((ctx->dgstSize + 7) / 8)){
+ /* NO COMMIT */
+ xmlChar* a;
+ mask = last_byte_masks[ctx->dgstSize % 8];
+ ctx->dgst[dataSize - 1] &= mask;
+ a = xmlSecBase64Encode(ctx->dgst, (ctx->dgstSize + 7) / 8, -1);
+ fprintf(stderr, "%s\n", a);
+ xmlFree(a);
+
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "data=%d;dgst=%d",
+ dataSize, ((ctx->dgstSize + 7) / 8));
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ /* we check the last byte separatelly */
+ xmlSecAssert2(dataSize > 0, -1);
+ mask = last_byte_masks[ctx->dgstSize % 8];
+ if((ctx->dgst[dataSize - 1] & mask) != (data[dataSize - 1] & mask)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_DATA_NOT_MATCH,
+ "data and digest do not match (last byte)");
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ /* now check the rest of the digest */
+ if((dataSize > 1) && (memcmp(ctx->dgst, data, dataSize - 1) != 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_DATA_NOT_MATCH,
+ "data and digest do not match");
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ transform->status = xmlSecTransformStatusOk;
+ return(0);
+}
+
+static int
+xmlSecOpenSSLHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecOpenSSLHmacCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+
+ ctx = xmlSecOpenSSLHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->ctxInitialized != 0, -1);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ /* we should be already initialized when we set key */
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if(transform->status == xmlSecTransformStatusWorking) {
+ xmlSecSize inSize;
+
+ inSize = xmlSecBufferGetSize(in);
+ if(inSize > 0) {
+ HMAC_Update(&(ctx->hmacCtx), xmlSecBufferGetData(in), inSize);
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ }
+
+ if(last) {
+ unsigned int dgstSize;
+
+ HMAC_Final(&(ctx->hmacCtx), ctx->dgst, &dgstSize);
+ xmlSecAssert2(dgstSize > 0, -1);
+
+ /* check/set the result digest size */
+ if(ctx->dgstSize == 0) {
+ ctx->dgstSize = XMLSEC_SIZE_BAD_CAST(dgstSize * 8); /* no dgst size specified, use all we have */
+ } else if(ctx->dgstSize <= XMLSEC_SIZE_BAD_CAST(8 * dgstSize)) {
+ dgstSize = ((ctx->dgstSize + 7) / 8); /* we need to truncate result digest */
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "result-bits=%d;required-bits=%d",
+ 8 * dgstSize, ctx->dgstSize);
+ return(-1);
+ }
+
+ /* finally write result to output */
+ if(transform->operation == xmlSecTransformOperationSign) {
+ ret = xmlSecBufferAppend(out, ctx->dgst, dgstSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", dgstSize);
+ return(-1);
+ }
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+
+ return(0);
+}
+
+#ifndef XMLSEC_NO_MD5
+
+/********************************************************************
+ *
+ * HMAC MD5
+ *
+ ********************************************************************/
+static xmlSecTransformKlass xmlSecOpenSSLHmacMd5Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacMd5, /* const xmlChar* name; */
+ xmlSecHrefHmacMd5, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecOpenSSLHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformHmacMd5GetKlass:
+ *
+ * The HMAC-MD5 transform klass.
+ *
+ * Returns: the HMAC-MD5 transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformHmacMd5GetKlass(void) {
+ return(&xmlSecOpenSSLHmacMd5Klass);
+}
+
+#endif /* XMLSEC_NO_MD5 */
+
+
+#ifndef XMLSEC_NO_RIPEMD160
+/********************************************************************
+ *
+ * HMAC RIPEMD160
+ *
+ ********************************************************************/
+static xmlSecTransformKlass xmlSecOpenSSLHmacRipemd160Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacRipemd160, /* const xmlChar* name; */
+ xmlSecHrefHmacRipemd160, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecOpenSSLHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformHmacRipemd160GetKlass:
+ *
+ * The HMAC-RIPEMD160 transform klass.
+ *
+ * Returns: the HMAC-RIPEMD160 transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformHmacRipemd160GetKlass(void) {
+ return(&xmlSecOpenSSLHmacRipemd160Klass);
+}
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+/********************************************************************
+ *
+ * HMAC SHA1
+ *
+ ********************************************************************/
+static xmlSecTransformKlass xmlSecOpenSSLHmacSha1Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha1, /* const xmlChar* name; */
+ xmlSecHrefHmacSha1, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecOpenSSLHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformHmacSha1GetKlass:
+ *
+ * The HMAC-SHA1 transform klass.
+ *
+ * Returns: the HMAC-SHA1 transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformHmacSha1GetKlass(void) {
+ return(&xmlSecOpenSSLHmacSha1Klass);
+}
+
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+/********************************************************************
+ *
+ * HMAC SHA224
+ *
+ ********************************************************************/
+static xmlSecTransformKlass xmlSecOpenSSLHmacSha224Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha224, /* const xmlChar* name; */
+ xmlSecHrefHmacSha224, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecOpenSSLHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformHmacSha224GetKlass:
+ *
+ * The HMAC-SHA224 transform klass.
+ *
+ * Returns: the HMAC-SHA224 transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformHmacSha224GetKlass(void) {
+ return(&xmlSecOpenSSLHmacSha224Klass);
+}
+
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+/********************************************************************
+ *
+ * HMAC SHA256
+ *
+ ********************************************************************/
+static xmlSecTransformKlass xmlSecOpenSSLHmacSha256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha256, /* const xmlChar* name; */
+ xmlSecHrefHmacSha256, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecOpenSSLHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformHmacSha256GetKlass:
+ *
+ * The HMAC-SHA256 transform klass.
+ *
+ * Returns: the HMAC-SHA256 transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformHmacSha256GetKlass(void) {
+ return(&xmlSecOpenSSLHmacSha256Klass);
+}
+
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/********************************************************************
+ *
+ * HMAC SHA384
+ *
+ ********************************************************************/
+static xmlSecTransformKlass xmlSecOpenSSLHmacSha384Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha384, /* const xmlChar* name; */
+ xmlSecHrefHmacSha384, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecOpenSSLHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformHmacSha384GetKlass:
+ *
+ * The HMAC-SHA384 transform klass.
+ *
+ * Returns: the HMAC-SHA384 transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformHmacSha384GetKlass(void) {
+ return(&xmlSecOpenSSLHmacSha384Klass);
+}
+
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/********************************************************************
+ *
+ * HMAC SHA512
+ *
+ ********************************************************************/
+static xmlSecTransformKlass xmlSecOpenSSLHmacSha512Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha512, /* const xmlChar* name; */
+ xmlSecHrefHmacSha512, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecOpenSSLHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformHmacSha512GetKlass:
+ *
+ * The HMAC-SHA512 transform klass.
+ *
+ * Returns: the HMAC-SHA512 transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformHmacSha512GetKlass(void) {
+ return(&xmlSecOpenSSLHmacSha512Klass);
+}
+
+#endif /* XMLSEC_NO_SHA512 */
+
+
+#endif /* XMLSEC_NO_HMAC */
+
diff --git a/src/openssl/kt_rsa.c b/src/openssl/kt_rsa.c
new file mode 100644
index 00000000..1cf1aba1
--- /dev/null
+++ b/src/openssl/kt_rsa.c
@@ -0,0 +1,876 @@
+/**
+ *
+ * XMLSec library
+ *
+ * RSA Algorithms support
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#ifndef XMLSEC_NO_RSA
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/sha.h>
+#include <openssl/objects.h>
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/buffer.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/strings.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/openssl/crypto.h>
+#include <xmlsec/openssl/evp.h>
+#include <xmlsec/openssl/bn.h>
+
+/**************************************************************************
+ *
+ * Internal OpenSSL RSA PKCS1 CTX
+ *
+ *************************************************************************/
+typedef struct _xmlSecOpenSSLRsaPkcs1Ctx xmlSecOpenSSLRsaPkcs1Ctx,
+ *xmlSecOpenSSLRsaPkcs1CtxPtr;
+struct _xmlSecOpenSSLRsaPkcs1Ctx {
+ EVP_PKEY* pKey;
+};
+
+/*********************************************************************
+ *
+ * RSA PKCS1 key transport transform
+ *
+ * xmlSecOpenSSLRsaPkcs1Ctx is located after xmlSecTransform
+ *
+ ********************************************************************/
+#define xmlSecOpenSSLRsaPkcs1Size \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecOpenSSLRsaPkcs1Ctx))
+#define xmlSecOpenSSLRsaPkcs1GetCtx(transform) \
+ ((xmlSecOpenSSLRsaPkcs1CtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecOpenSSLRsaPkcs1Initialize (xmlSecTransformPtr transform);
+static void xmlSecOpenSSLRsaPkcs1Finalize (xmlSecTransformPtr transform);
+static int xmlSecOpenSSLRsaPkcs1SetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecOpenSSLRsaPkcs1SetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecOpenSSLRsaPkcs1Execute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecOpenSSLRsaPkcs1Process (xmlSecTransformPtr transform,
+ xmlSecTransformCtxPtr transformCtx);
+
+static xmlSecTransformKlass xmlSecOpenSSLRsaPkcs1Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLRsaPkcs1Size, /* xmlSecSize objSize */
+
+ xmlSecNameRsaPkcs1, /* const xmlChar* name; */
+ xmlSecHrefRsaPkcs1, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecOpenSSLRsaPkcs1Initialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLRsaPkcs1Finalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLRsaPkcs1SetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecOpenSSLRsaPkcs1SetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLRsaPkcs1Execute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformRsaPkcs1GetKlass:
+ *
+ * The RSA-PKCS1 key transport transform klass.
+ *
+ * Returns: RSA-PKCS1 key transport transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformRsaPkcs1GetKlass(void) {
+ return(&xmlSecOpenSSLRsaPkcs1Klass);
+}
+
+static int
+xmlSecOpenSSLRsaPkcs1Initialize(xmlSecTransformPtr transform) {
+ xmlSecOpenSSLRsaPkcs1CtxPtr ctx;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaPkcs1Id), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaPkcs1Size), -1);
+
+ ctx = xmlSecOpenSSLRsaPkcs1GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecOpenSSLRsaPkcs1Ctx));
+ return(0);
+}
+
+static void
+xmlSecOpenSSLRsaPkcs1Finalize(xmlSecTransformPtr transform) {
+ xmlSecOpenSSLRsaPkcs1CtxPtr ctx;
+
+ xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaPkcs1Id));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaPkcs1Size));
+
+ ctx = xmlSecOpenSSLRsaPkcs1GetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ if(ctx->pKey != NULL) {
+ EVP_PKEY_free(ctx->pKey);
+ }
+ memset(ctx, 0, sizeof(xmlSecOpenSSLRsaPkcs1Ctx));
+}
+
+static int
+xmlSecOpenSSLRsaPkcs1SetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecOpenSSLRsaPkcs1CtxPtr ctx;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaPkcs1Id), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaPkcs1Size), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ ctx = xmlSecOpenSSLRsaPkcs1GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keyReq->keyId = xmlSecOpenSSLKeyDataRsaId;
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ keyReq->keyType = xmlSecKeyDataTypePublic;
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+ } else {
+ keyReq->keyType = xmlSecKeyDataTypePrivate;
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+ }
+ return(0);
+}
+
+static int
+xmlSecOpenSSLRsaPkcs1SetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecOpenSSLRsaPkcs1CtxPtr ctx;
+ EVP_PKEY* pKey;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaPkcs1Id), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaPkcs1Size), -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecOpenSSLKeyDataRsaId), -1);
+
+ ctx = xmlSecOpenSSLRsaPkcs1GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->pKey == NULL, -1);
+
+ pKey = xmlSecOpenSSLKeyDataRsaGetEvp(xmlSecKeyGetValue(key));
+ if(pKey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecOpenSSLKeyDataRsaGetEvp",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ xmlSecAssert2(pKey->type == EVP_PKEY_RSA, -1);
+ xmlSecAssert2(pKey->pkey.rsa != NULL, -1);
+
+ ctx->pKey = xmlSecOpenSSLEvpKeyDup(pKey);
+ if(ctx->pKey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecOpenSSLEvpKeyDup",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecOpenSSLRsaPkcs1Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecOpenSSLRsaPkcs1CtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaPkcs1Id), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaPkcs1Size), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecOpenSSLRsaPkcs1GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->pKey != NULL, -1);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
+ /* just do nothing */
+ } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
+ ret = xmlSecOpenSSLRsaPkcs1Process(transform, transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecOpenSSLRsaPkcs1Process",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+ return(0);
+}
+
+static int
+xmlSecOpenSSLRsaPkcs1Process(xmlSecTransformPtr transform, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecOpenSSLRsaPkcs1CtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ xmlSecSize inSize, outSize;
+ xmlSecSize keySize;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaPkcs1Id), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaPkcs1Size), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecOpenSSLRsaPkcs1GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->pKey != NULL, -1);
+ xmlSecAssert2(ctx->pKey->type == EVP_PKEY_RSA, -1);
+ xmlSecAssert2(ctx->pKey->pkey.rsa != NULL, -1);
+
+ keySize = RSA_size(ctx->pKey->pkey.rsa);
+ xmlSecAssert2(keySize > 0, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+ xmlSecAssert2(outSize == 0, -1);
+
+ /* the encoded size is equal to the keys size so we could not
+ * process more than that */
+ if((transform->operation == xmlSecTransformOperationEncrypt) && (inSize >= keySize)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "%d when expected less than %d", inSize, keySize);
+ return(-1);
+ } else if((transform->operation == xmlSecTransformOperationDecrypt) && (inSize != keySize)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "%d when expected %d", inSize, keySize);
+ return(-1);
+ }
+
+ outSize = keySize;
+ ret = xmlSecBufferSetMaxSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ ret = RSA_public_encrypt(inSize, xmlSecBufferGetData(in),
+ xmlSecBufferGetData(out),
+ ctx->pKey->pkey.rsa, RSA_PKCS1_PADDING);
+ if(ret <= 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "RSA_public_encrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ outSize = ret;
+ } else {
+ ret = RSA_private_decrypt(inSize, xmlSecBufferGetData(in),
+ xmlSecBufferGetData(out),
+ ctx->pKey->pkey.rsa, RSA_PKCS1_PADDING);
+ if(ret <= 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "RSA_private_decrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ outSize = ret;
+ }
+
+ ret = xmlSecBufferSetSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**************************************************************************
+ *
+ * Internal OpenSSL RSA OAEP CTX
+ *
+ *************************************************************************/
+typedef struct _xmlSecOpenSSLRsaOaepCtx xmlSecOpenSSLRsaOaepCtx,
+ *xmlSecOpenSSLRsaOaepCtxPtr;
+struct _xmlSecOpenSSLRsaOaepCtx {
+ EVP_PKEY* pKey;
+ xmlSecBuffer oaepParams;
+};
+
+/*********************************************************************
+ *
+ * RSA OAEP key transport transform
+ *
+ * xmlSecOpenSSLRsaOaepCtx is located after xmlSecTransform
+ *
+ ********************************************************************/
+#define xmlSecOpenSSLRsaOaepSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecOpenSSLRsaOaepCtx))
+#define xmlSecOpenSSLRsaOaepGetCtx(transform) \
+ ((xmlSecOpenSSLRsaOaepCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecOpenSSLRsaOaepInitialize (xmlSecTransformPtr transform);
+static void xmlSecOpenSSLRsaOaepFinalize (xmlSecTransformPtr transform);
+static int xmlSecOpenSSLRsaOaepNodeRead (xmlSecTransformPtr transform,
+ xmlNodePtr node,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecOpenSSLRsaOaepSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecOpenSSLRsaOaepSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecOpenSSLRsaOaepExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecOpenSSLRsaOaepProcess (xmlSecTransformPtr transform,
+ xmlSecTransformCtxPtr transformCtx);
+
+static xmlSecTransformKlass xmlSecOpenSSLRsaOaepKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLRsaOaepSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaOaep, /* const xmlChar* name; */
+ xmlSecHrefRsaOaep, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecOpenSSLRsaOaepInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLRsaOaepFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecOpenSSLRsaOaepNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLRsaOaepSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecOpenSSLRsaOaepSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLRsaOaepExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformRsaOaepGetKlass:
+ *
+ * The RSA-OAEP key transport transform klass.
+ *
+ * Returns: RSA-OAEP key transport transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformRsaOaepGetKlass(void) {
+ return(&xmlSecOpenSSLRsaOaepKlass);
+}
+
+static int
+xmlSecOpenSSLRsaOaepInitialize(xmlSecTransformPtr transform) {
+ xmlSecOpenSSLRsaOaepCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaOaepSize), -1);
+
+ ctx = xmlSecOpenSSLRsaOaepGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecOpenSSLRsaOaepCtx));
+
+ ret = xmlSecBufferInitialize(&(ctx->oaepParams), 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+static void
+xmlSecOpenSSLRsaOaepFinalize(xmlSecTransformPtr transform) {
+ xmlSecOpenSSLRsaOaepCtxPtr ctx;
+
+ xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaOaepSize));
+
+ ctx = xmlSecOpenSSLRsaOaepGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ if(ctx->pKey != NULL) {
+ EVP_PKEY_free(ctx->pKey);
+ }
+ xmlSecBufferFinalize(&(ctx->oaepParams));
+ memset(ctx, 0, sizeof(xmlSecOpenSSLRsaOaepCtx));
+}
+
+static int
+xmlSecOpenSSLRsaOaepNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecOpenSSLRsaOaepCtxPtr ctx;
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaOaepSize), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecOpenSSLRsaOaepGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetSize(&(ctx->oaepParams)) == 0, -1);
+
+ cur = xmlSecGetNextElementNode(node->children);
+ while(cur != NULL) {
+ if(xmlSecCheckNodeName(cur, xmlSecNodeRsaOAEPparams, xmlSecEncNs)) {
+ ret = xmlSecBufferBase64NodeContentRead(&(ctx->oaepParams), cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferBase64NodeContentRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeDigestMethod, xmlSecDSigNs)) {
+ xmlChar* algorithm;
+
+ /* Algorithm attribute is required */
+ algorithm = xmlGetProp(cur, xmlSecAttrAlgorithm);
+ if(algorithm == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecAttrAlgorithm),
+ XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+
+ /* for now we support only sha1 */
+ if(xmlStrcmp(algorithm, xmlSecHrefSha1) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(algorithm),
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ "digest algorithm is not supported for rsa/oaep");
+ xmlFree(algorithm);
+ return(-1);
+ }
+ xmlFree(algorithm);
+ } else {
+ /* not found */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* next node */
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecOpenSSLRsaOaepSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecOpenSSLRsaOaepCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaOaepSize), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ ctx = xmlSecOpenSSLRsaOaepGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keyReq->keyId = xmlSecOpenSSLKeyDataRsaId;
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ keyReq->keyType = xmlSecKeyDataTypePublic;
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+ } else {
+ keyReq->keyType = xmlSecKeyDataTypePrivate;
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+ }
+
+ return(0);
+}
+
+static int
+xmlSecOpenSSLRsaOaepSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecOpenSSLRsaOaepCtxPtr ctx;
+ EVP_PKEY* pKey;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaOaepSize), -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecOpenSSLKeyDataRsaId), -1);
+
+ ctx = xmlSecOpenSSLRsaOaepGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->pKey == NULL, -1);
+
+ pKey = xmlSecOpenSSLKeyDataRsaGetEvp(xmlSecKeyGetValue(key));
+ if(pKey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecOpenSSLKeyDataRsaGetEvp",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ xmlSecAssert2(pKey->type == EVP_PKEY_RSA, -1);
+ xmlSecAssert2(pKey->pkey.rsa != NULL, -1);
+
+ ctx->pKey = xmlSecOpenSSLEvpKeyDup(pKey);
+ if(ctx->pKey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecOpenSSLEvpKeyDup",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecOpenSSLRsaOaepExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecOpenSSLRsaOaepCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaOaepSize), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecOpenSSLRsaOaepGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->pKey != NULL, -1);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
+ /* just do nothing */
+ } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
+ ret = xmlSecOpenSSLRsaOaepProcess(transform, transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecOpenSSLRsaOaepProcess",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+ return(0);
+}
+
+static int
+xmlSecOpenSSLRsaOaepProcess(xmlSecTransformPtr transform, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecOpenSSLRsaOaepCtxPtr ctx;
+ xmlSecSize paramsSize;
+ xmlSecBufferPtr in, out;
+ xmlSecSize inSize, outSize;
+ xmlSecSize keySize;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaOaepSize), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecOpenSSLRsaOaepGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->pKey != NULL, -1);
+ xmlSecAssert2(ctx->pKey->type == EVP_PKEY_RSA, -1);
+ xmlSecAssert2(ctx->pKey->pkey.rsa != NULL, -1);
+
+ keySize = RSA_size(ctx->pKey->pkey.rsa);
+ xmlSecAssert2(keySize > 0, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+ xmlSecAssert2(outSize == 0, -1);
+
+ /* the encoded size is equal to the keys size so we could not
+ * process more than that */
+ if((transform->operation == xmlSecTransformOperationEncrypt) && (inSize >= keySize)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "%d when expected less than %d", inSize, keySize);
+ return(-1);
+ } else if((transform->operation == xmlSecTransformOperationDecrypt) && (inSize != keySize)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "%d when expected %d", inSize, keySize);
+ return(-1);
+ }
+
+ outSize = keySize;
+ ret = xmlSecBufferSetMaxSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
+ }
+
+ paramsSize = xmlSecBufferGetSize(&(ctx->oaepParams));
+ if((transform->operation == xmlSecTransformOperationEncrypt) && (paramsSize == 0)) {
+ /* encode w/o OAEPParams --> simple */
+ ret = RSA_public_encrypt(inSize, xmlSecBufferGetData(in),
+ xmlSecBufferGetData(out),
+ ctx->pKey->pkey.rsa, RSA_PKCS1_OAEP_PADDING);
+ if(ret <= 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "RSA_public_encrypt(RSA_PKCS1_OAEP_PADDING)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outSize = ret;
+ } else if((transform->operation == xmlSecTransformOperationEncrypt) && (paramsSize > 0)) {
+ xmlSecAssert2(xmlSecBufferGetData(&(ctx->oaepParams)) != NULL, -1);
+
+ /* add space for padding */
+ ret = xmlSecBufferSetMaxSize(in, keySize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", keySize);
+ return(-1);
+ }
+
+ /* add padding */
+ ret = RSA_padding_add_PKCS1_OAEP(xmlSecBufferGetData(in), keySize,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(&(ctx->oaepParams)),
+ paramsSize);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "RSA_padding_add_PKCS1_OAEP",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ inSize = keySize;
+
+ /* encode with OAEPParams */
+ ret = RSA_public_encrypt(inSize, xmlSecBufferGetData(in),
+ xmlSecBufferGetData(out),
+ ctx->pKey->pkey.rsa, RSA_NO_PADDING);
+ if(ret <= 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "RSA_public_encrypt(RSA_NO_PADDING)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outSize = ret;
+ } else if((transform->operation == xmlSecTransformOperationDecrypt) && (paramsSize == 0)) {
+ ret = RSA_private_decrypt(inSize, xmlSecBufferGetData(in),
+ xmlSecBufferGetData(out),
+ ctx->pKey->pkey.rsa, RSA_PKCS1_OAEP_PADDING);
+ if(ret <= 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "RSA_private_decrypt(RSA_PKCS1_OAEP_PADDING)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outSize = ret;
+ } else if((transform->operation == xmlSecTransformOperationDecrypt) && (paramsSize != 0)) {
+ BIGNUM bn;
+
+ ret = RSA_private_decrypt(inSize, xmlSecBufferGetData(in),
+ xmlSecBufferGetData(out),
+ ctx->pKey->pkey.rsa, RSA_NO_PADDING);
+ if(ret <= 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "RSA_private_decrypt(RSA_NO_PADDING)",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outSize = ret;
+
+ /*
+ * the private decrypt w/o padding adds '0's at the begginning.
+ * it's not clear for me can I simply skip all '0's from the
+ * beggining so I have to do decode it back to BIGNUM and dump
+ * buffer again
+ */
+ BN_init(&bn);
+ if(BN_bin2bn(xmlSecBufferGetData(out), outSize, &bn) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "BN_bin2bn",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", outSize);
+ BN_clear_free(&bn);
+ return(-1);
+ }
+
+ ret = BN_bn2bin(&bn, xmlSecBufferGetData(out));
+ if(ret <= 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "BN_bn2bin",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ BN_clear_free(&bn);
+ return(-1);
+ }
+ BN_clear_free(&bn);
+ outSize = ret;
+
+ ret = RSA_padding_check_PKCS1_OAEP(xmlSecBufferGetData(out), outSize,
+ xmlSecBufferGetData(out), outSize,
+ keySize,
+ xmlSecBufferGetData(&(ctx->oaepParams)),
+ paramsSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "RSA_padding_check_PKCS1_OAEP",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outSize = ret;
+ } else {
+ xmlSecAssert2("we could not be here" == NULL, -1);
+ return(-1);
+ }
+
+ ret = xmlSecBufferSetSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+ return(0);
+}
+
+#endif /* XMLSEC_NO_RSA */
+
diff --git a/src/openssl/kw_aes.c b/src/openssl/kw_aes.c
new file mode 100644
index 00000000..573fb985
--- /dev/null
+++ b/src/openssl/kw_aes.c
@@ -0,0 +1,513 @@
+/**
+ *
+ * XMLSec library
+ *
+ * AES Algorithm support
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef XMLSEC_NO_AES
+#ifndef XMLSEC_OPENSSL_096
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/aes.h>
+#include <openssl/rand.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/openssl/crypto.h>
+
+#include "../kw_aes_des.h"
+
+
+/*********************************************************************
+ *
+ * AES KW implementation
+ *
+ *********************************************************************/
+static int xmlSecOpenSSLKWAesBlockEncrypt (const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize,
+ void * context);
+static int xmlSecOpenSSLKWAesBlockDecrypt (const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize,
+ void * context);
+static xmlSecKWAesKlass xmlSecOpenSSLKWAesKlass = {
+ /* callbacks */
+ xmlSecOpenSSLKWAesBlockEncrypt, /* xmlSecKWAesBlockEncryptMethod encrypt; */
+ xmlSecOpenSSLKWAesBlockDecrypt, /* xmlSecKWAesBlockDecryptMethod decrypt; */
+
+ /* for the future */
+ NULL, /* void* reserved0; */
+ NULL /* void* reserved1; */
+};
+
+
+/*********************************************************************
+ *
+ * AES KW transforms
+ *
+ ********************************************************************/
+typedef struct _xmlSecOpenSSLKWAesCtx xmlSecOpenSSLKWAesCtx,
+ *xmlSecOpenSSLKWAesCtxPtr;
+struct _xmlSecOpenSSLKWAesCtx {
+ xmlSecBuffer keyBuffer;
+ xmlSecSize keyExpectedSize;
+};
+#define xmlSecOpenSSLKWAesSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecOpenSSLKWAesCtx))
+#define xmlSecOpenSSLKWAesGetCtx(transform) \
+ ((xmlSecOpenSSLKWAesCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+#define xmlSecOpenSSLKWAesCheckId(transform) \
+ (xmlSecTransformCheckId((transform), xmlSecOpenSSLTransformKWAes128Id) || \
+ xmlSecTransformCheckId((transform), xmlSecOpenSSLTransformKWAes192Id) || \
+ xmlSecTransformCheckId((transform), xmlSecOpenSSLTransformKWAes256Id))
+
+static int xmlSecOpenSSLKWAesInitialize (xmlSecTransformPtr transform);
+static void xmlSecOpenSSLKWAesFinalize (xmlSecTransformPtr transform);
+static int xmlSecOpenSSLKWAesSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecOpenSSLKWAesSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecOpenSSLKWAesExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+
+static int
+xmlSecOpenSSLKWAesInitialize(xmlSecTransformPtr transform) {
+ xmlSecOpenSSLKWAesCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecOpenSSLKWAesCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLKWAesSize), -1);
+
+ ctx = xmlSecOpenSSLKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformKWAes128Id)) {
+ ctx->keyExpectedSize = XMLSEC_KW_AES128_KEY_SIZE;
+ } else if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformKWAes192Id)) {
+ ctx->keyExpectedSize = XMLSEC_KW_AES192_KEY_SIZE;
+ } else if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformKWAes256Id)) {
+ ctx->keyExpectedSize = XMLSEC_KW_AES256_KEY_SIZE;
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecOpenSSLKWAesGetKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static void
+xmlSecOpenSSLKWAesFinalize(xmlSecTransformPtr transform) {
+ xmlSecOpenSSLKWAesCtxPtr ctx;
+
+ xmlSecAssert(xmlSecOpenSSLKWAesCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecOpenSSLKWAesSize));
+
+ ctx = xmlSecOpenSSLKWAesGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ xmlSecBufferFinalize(&(ctx->keyBuffer));
+}
+
+static int
+xmlSecOpenSSLKWAesSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecOpenSSLKWAesCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecOpenSSLKWAesCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLKWAesSize), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ ctx = xmlSecOpenSSLKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keyReq->keyId = xmlSecOpenSSLKeyDataAesId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+ } else {
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+ }
+ keyReq->keyBitsSize = 8 * ctx->keyExpectedSize;
+
+ return(0);
+}
+
+static int
+xmlSecOpenSSLKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecOpenSSLKWAesCtxPtr ctx;
+ xmlSecBufferPtr buffer;
+ xmlSecSize keySize;
+ int ret;
+
+ xmlSecAssert2(xmlSecOpenSSLKWAesCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLKWAesSize), -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecOpenSSLKeyDataAesId), -1);
+
+ ctx = xmlSecOpenSSLKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
+ xmlSecAssert2(buffer != NULL, -1);
+
+ keySize = xmlSecBufferGetSize(buffer);
+ if(keySize < ctx->keyExpectedSize) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "key=%d;expected=%d",
+ keySize, ctx->keyExpectedSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferSetData(&(ctx->keyBuffer),
+ xmlSecBufferGetData(buffer),
+ ctx->keyExpectedSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "expected-size=%d",
+ ctx->keyExpectedSize);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecOpenSSLKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecOpenSSLKWAesCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ xmlSecSize inSize, outSize, keySize;
+ AES_KEY aesKey;
+ int ret;
+
+ xmlSecAssert2(xmlSecOpenSSLKWAesCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLKWAesSize), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecOpenSSLKWAesGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keySize = xmlSecBufferGetSize(&(ctx->keyBuffer));
+ xmlSecAssert2(keySize == ctx->keyExpectedSize, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+ xmlSecAssert2(outSize == 0, -1);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
+ /* just do nothing */
+ } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
+ if((inSize % 8) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "size=%d(not 8 bytes aligned)", inSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ /* the encoded key might be 8 bytes longer plus 8 bytes just in case */
+ outSize = inSize + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE +
+ XMLSEC_KW_AES_BLOCK_SIZE;
+ } else {
+ outSize = inSize + XMLSEC_KW_AES_BLOCK_SIZE;
+ }
+
+ ret = xmlSecBufferSetMaxSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "outSize=%d", outSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ /* prepare key */
+ ret = AES_set_encrypt_key(xmlSecBufferGetData(&(ctx->keyBuffer)),
+ 8 * keySize,
+ &aesKey);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "AES_set_decrypt_key",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecKWAesEncode(&xmlSecOpenSSLKWAesKlass, &aesKey,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWAesEncode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outSize = ret;
+ } else {
+ /* prepare key */
+ ret = AES_set_decrypt_key(xmlSecBufferGetData(&(ctx->keyBuffer)),
+ 8 * keySize,
+ &aesKey);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "AES_set_decrypt_key",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecKWAesDecode(&xmlSecOpenSSLKWAesKlass, &aesKey,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWAesEncode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ outSize = ret;
+ }
+
+ ret = xmlSecBufferSetSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "outSize=%d", outSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "inSize%d", inSize);
+ return(-1);
+ }
+
+ transform->status = xmlSecTransformStatusFinished;
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+ return(0);
+}
+
+static xmlSecTransformKlass xmlSecOpenSSLKWAes128Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes128, /* const xmlChar* name; */
+ xmlSecHrefKWAes128, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecOpenSSLKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecOpenSSLKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformKWAes128GetKlass:
+ *
+ * The AES-128 kew wrapper transform klass.
+ *
+ * Returns: AES-128 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformKWAes128GetKlass(void) {
+ return(&xmlSecOpenSSLKWAes128Klass);
+}
+
+static xmlSecTransformKlass xmlSecOpenSSLKWAes192Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes192, /* const xmlChar* name; */
+ xmlSecHrefKWAes192, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecOpenSSLKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecOpenSSLKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+
+/**
+ * xmlSecOpenSSLTransformKWAes192GetKlass:
+ *
+ * The AES-192 kew wrapper transform klass.
+ *
+ * Returns: AES-192 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformKWAes192GetKlass(void) {
+ return(&xmlSecOpenSSLKWAes192Klass);
+}
+
+static xmlSecTransformKlass xmlSecOpenSSLKWAes256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLKWAesSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes256, /* const xmlChar* name; */
+ xmlSecHrefKWAes256, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecOpenSSLKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecOpenSSLKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLKWAesExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformKWAes256GetKlass:
+ *
+ * The AES-256 kew wrapper transform klass.
+ *
+ * Returns: AES-256 kew wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformKWAes256GetKlass(void) {
+ return(&xmlSecOpenSSLKWAes256Klass);
+}
+
+/*********************************************************************
+ *
+ * AES KW implementation
+ *
+ *********************************************************************/
+static int
+xmlSecOpenSSLKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize,
+ void * context) {
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize >= AES_BLOCK_SIZE, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= AES_BLOCK_SIZE, -1);
+ xmlSecAssert2(context != NULL, -1);
+
+ AES_encrypt(in, out, (AES_KEY*)context);
+ return(AES_BLOCK_SIZE);
+}
+
+static int
+xmlSecOpenSSLKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize,
+ void * context) {
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize >= AES_BLOCK_SIZE, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= AES_BLOCK_SIZE, -1);
+ xmlSecAssert2(context != NULL, -1);
+
+ AES_decrypt(in, out, (AES_KEY*)context);
+ return(AES_BLOCK_SIZE);
+}
+
+
+#endif /* XMLSEC_OPENSSL_096 */
+#endif /* XMLSEC_NO_AES */
diff --git a/src/openssl/kw_des.c b/src/openssl/kw_des.c
new file mode 100644
index 00000000..9d55e107
--- /dev/null
+++ b/src/openssl/kw_des.c
@@ -0,0 +1,563 @@
+/**
+ *
+ * XMLSec library
+ *
+ * DES Algorithm support
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2010 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef XMLSEC_NO_DES
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/des.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/openssl/crypto.h>
+
+#include "../kw_aes_des.h"
+
+/*********************************************************************
+ *
+ * DES KW implementation
+ *
+ *********************************************************************/
+static int xmlSecOpenSSLKWDes3GenerateRandom (void * context,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+static int xmlSecOpenSSLKWDes3Sha1 (void * context,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+static int xmlSecOpenSSLKWDes3BlockEncrypt (void * context,
+ const xmlSecByte * iv,
+ xmlSecSize ivSize,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+static int xmlSecOpenSSLKWDes3BlockDecrypt (void * context,
+ const xmlSecByte * iv,
+ xmlSecSize ivSize,
+ const xmlSecByte * in,
+ xmlSecSize inSize,
+ xmlSecByte * out,
+ xmlSecSize outSize);
+
+static xmlSecKWDes3Klass xmlSecOpenSSLKWDes3ImplKlass = {
+ /* callbacks */
+ xmlSecOpenSSLKWDes3GenerateRandom, /* xmlSecKWDes3GenerateRandomMethod generateRandom; */
+ xmlSecOpenSSLKWDes3Sha1, /* xmlSecKWDes3Sha1Method sha1; */
+ xmlSecOpenSSLKWDes3BlockEncrypt, /* xmlSecKWDes3BlockEncryptMethod encrypt; */
+ xmlSecOpenSSLKWDes3BlockDecrypt, /* xmlSecKWDes3BlockDecryptMethod decrypt; */
+
+ /* for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+static int xmlSecOpenSSLKWDes3Encrypt (const xmlSecByte *key,
+ xmlSecSize keySize,
+ const xmlSecByte *iv,
+ xmlSecSize ivSize,
+ const xmlSecByte *in,
+ xmlSecSize inSize,
+ xmlSecByte *out,
+ xmlSecSize outSize,
+ int enc);
+
+
+/*********************************************************************
+ *
+ * Triple DES Key Wrap transform
+ *
+ * key (xmlSecBuffer) is located after xmlSecTransform structure
+ *
+ ********************************************************************/
+typedef struct _xmlSecOpenSSLKWDes3Ctx xmlSecOpenSSLKWDes3Ctx,
+ *xmlSecOpenSSLKWDes3CtxPtr;
+struct _xmlSecOpenSSLKWDes3Ctx {
+ xmlSecBuffer keyBuffer;
+};
+#define xmlSecOpenSSLKWDes3Size \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecOpenSSLKWDes3Ctx))
+#define xmlSecOpenSSLKWDes3GetCtx(transform) \
+ ((xmlSecOpenSSLKWDes3CtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecOpenSSLKWDes3Initialize (xmlSecTransformPtr transform);
+static void xmlSecOpenSSLKWDes3Finalize (xmlSecTransformPtr transform);
+static int xmlSecOpenSSLKWDes3SetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecOpenSSLKWDes3SetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecOpenSSLKWDes3Execute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static xmlSecTransformKlass xmlSecOpenSSLKWDes3Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLKWDes3Size, /* xmlSecSize objSize */
+
+ xmlSecNameKWDes3, /* const xmlChar* name; */
+ xmlSecHrefKWDes3, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecOpenSSLKWDes3Initialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLKWDes3Finalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLKWDes3SetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecOpenSSLKWDes3SetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLKWDes3Execute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformKWDes3GetKlass:
+ *
+ * The Triple DES key wrapper transform klass.
+ *
+ * Returns: Triple DES key wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformKWDes3GetKlass(void) {
+ return(&xmlSecOpenSSLKWDes3Klass);
+}
+
+static int
+xmlSecOpenSSLKWDes3Initialize(xmlSecTransformPtr transform) {
+ xmlSecOpenSSLKWDes3CtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformKWDes3Id), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLKWDes3Size), -1);
+
+ ctx = xmlSecOpenSSLKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static void
+xmlSecOpenSSLKWDes3Finalize(xmlSecTransformPtr transform) {
+ xmlSecOpenSSLKWDes3CtxPtr ctx;
+
+ xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformKWDes3Id));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecOpenSSLKWDes3Size));
+
+ ctx = xmlSecOpenSSLKWDes3GetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ xmlSecBufferFinalize(&(ctx->keyBuffer));
+}
+
+static int
+xmlSecOpenSSLKWDes3SetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecOpenSSLKWDes3CtxPtr ctx;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformKWDes3Id), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLKWDes3Size), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ ctx = xmlSecOpenSSLKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keyReq->keyId = xmlSecOpenSSLKeyDataDesId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ keyReq->keyUsage= xmlSecKeyUsageEncrypt;
+ } else {
+ keyReq->keyUsage= xmlSecKeyUsageDecrypt;
+ }
+ keyReq->keyBitsSize = 8 * XMLSEC_KW_DES3_KEY_LENGTH;
+ return(0);
+}
+
+static int
+xmlSecOpenSSLKWDes3SetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecOpenSSLKWDes3CtxPtr ctx;
+ xmlSecBufferPtr buffer;
+ xmlSecSize keySize;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformKWDes3Id), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLKWDes3Size), -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecOpenSSLKeyDataDesId), -1);
+
+ ctx = xmlSecOpenSSLKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
+ xmlSecAssert2(buffer != NULL, -1);
+
+ keySize = xmlSecBufferGetSize(buffer);
+ if(keySize < XMLSEC_KW_DES3_KEY_LENGTH) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "key length %d is not enough (%d expected)",
+ keySize, XMLSEC_KW_DES3_KEY_LENGTH);
+ return(-1);
+ }
+
+ ret = xmlSecBufferSetData(&(ctx->keyBuffer), xmlSecBufferGetData(buffer), XMLSEC_KW_DES3_KEY_LENGTH);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", XMLSEC_KW_DES3_KEY_LENGTH);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecOpenSSLKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecOpenSSLKWDes3CtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ xmlSecSize inSize, outSize, keySize;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformKWDes3Id), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLKWDes3Size), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecOpenSSLKWDes3GetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keySize = xmlSecBufferGetSize(&(ctx->keyBuffer));
+ xmlSecAssert2(keySize == XMLSEC_KW_DES3_KEY_LENGTH, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+ xmlSecAssert2(outSize == 0, -1);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
+ /* just do nothing */
+ } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
+ if((inSize % XMLSEC_KW_DES3_BLOCK_LENGTH) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "%d bytes - not %d bytes aligned",
+ inSize, XMLSEC_KW_DES3_BLOCK_LENGTH);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ /* the encoded key might be 16 bytes longer plus one block just in case */
+ outSize = inSize + XMLSEC_KW_DES3_IV_LENGTH +
+ XMLSEC_KW_DES3_BLOCK_LENGTH +
+ XMLSEC_KW_DES3_BLOCK_LENGTH;
+ } else {
+ /* just in case, add a block */
+ outSize = inSize + XMLSEC_KW_DES3_BLOCK_LENGTH;
+ }
+
+ ret = xmlSecBufferSetMaxSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ ret = xmlSecKWDes3Encode(&xmlSecOpenSSLKWDes3ImplKlass, ctx,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWDes3Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "key=%d,in=%d,out=%d",
+ keySize, inSize, outSize);
+ return(-1);
+ }
+ outSize = ret;
+ } else {
+ ret = xmlSecKWDes3Decode(&xmlSecOpenSSLKWDes3ImplKlass, ctx,
+ xmlSecBufferGetData(in), inSize,
+ xmlSecBufferGetData(out), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecKWDes3Decode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "key=%d,in=%d,out=%d",
+ keySize, inSize, outSize);
+ return(-1);
+ }
+ outSize = ret;
+ }
+
+ ret = xmlSecBufferSetSize(out, outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+ transform->status = xmlSecTransformStatusFinished;
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/*********************************************************************
+ *
+ * DES KW implementation
+ *
+ *********************************************************************/
+static int
+xmlSecOpenSSLKWDes3Sha1(void * context,
+ const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecOpenSSLKWDes3CtxPtr ctx = (xmlSecOpenSSLKWDes3CtxPtr)context;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= SHA_DIGEST_LENGTH, -1);
+
+ if(SHA1(in, inSize, out) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "SHA1",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(SHA_DIGEST_LENGTH);
+}
+
+static int
+xmlSecOpenSSLKWDes3GenerateRandom(void * context,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecOpenSSLKWDes3CtxPtr ctx = (xmlSecOpenSSLKWDes3CtxPtr)context;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize > 0, -1);
+
+ ret = RAND_bytes(out, outSize);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "RAND_bytes",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+
+ return((int)outSize);
+}
+
+static int
+xmlSecOpenSSLKWDes3BlockEncrypt(void * context,
+ const xmlSecByte * iv, xmlSecSize ivSize,
+ const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecOpenSSLKWDes3CtxPtr ctx = (xmlSecOpenSSLKWDes3CtxPtr)context;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetData(&(ctx->keyBuffer)) != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetSize(&(ctx->keyBuffer)) >= XMLSEC_KW_DES3_KEY_LENGTH, -1);
+ xmlSecAssert2(iv != NULL, -1);
+ xmlSecAssert2(ivSize >= XMLSEC_KW_DES3_IV_LENGTH, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize, -1);
+
+ ret = xmlSecOpenSSLKWDes3Encrypt(xmlSecBufferGetData(&(ctx->keyBuffer)), XMLSEC_KW_DES3_KEY_LENGTH,
+ iv, XMLSEC_KW_DES3_IV_LENGTH,
+ in, inSize,
+ out, outSize,
+ 1); /* encrypt */
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLKWDes3Encrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(ret);
+}
+
+static int
+xmlSecOpenSSLKWDes3BlockDecrypt(void * context,
+ const xmlSecByte * iv, xmlSecSize ivSize,
+ const xmlSecByte * in, xmlSecSize inSize,
+ xmlSecByte * out, xmlSecSize outSize) {
+ xmlSecOpenSSLKWDes3CtxPtr ctx = (xmlSecOpenSSLKWDes3CtxPtr)context;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetData(&(ctx->keyBuffer)) != NULL, -1);
+ xmlSecAssert2(xmlSecBufferGetSize(&(ctx->keyBuffer)) >= XMLSEC_KW_DES3_KEY_LENGTH, -1);
+ xmlSecAssert2(iv != NULL, -1);
+ xmlSecAssert2(ivSize >= XMLSEC_KW_DES3_IV_LENGTH, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize, -1);
+
+ ret = xmlSecOpenSSLKWDes3Encrypt(xmlSecBufferGetData(&(ctx->keyBuffer)), XMLSEC_KW_DES3_KEY_LENGTH,
+ iv, XMLSEC_KW_DES3_IV_LENGTH,
+ in, inSize,
+ out, outSize,
+ 0); /* decrypt */
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLKWDes3Encrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(ret);
+}
+
+
+
+static int
+xmlSecOpenSSLKWDes3Encrypt(const xmlSecByte *key, xmlSecSize keySize,
+ const xmlSecByte *iv, xmlSecSize ivSize,
+ const xmlSecByte *in, xmlSecSize inSize,
+ xmlSecByte *out, xmlSecSize outSize,
+ int enc) {
+ EVP_CIPHER_CTX cipherCtx;
+ int updateLen;
+ int finalLen;
+ int ret;
+
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(keySize == (xmlSecSize)EVP_CIPHER_key_length(EVP_des_ede3_cbc()), -1);
+ xmlSecAssert2(iv != NULL, -1);
+ xmlSecAssert2(ivSize == (xmlSecSize)EVP_CIPHER_iv_length(EVP_des_ede3_cbc()), -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize, -1);
+
+ EVP_CIPHER_CTX_init(&cipherCtx);
+ ret = EVP_CipherInit(&cipherCtx, EVP_des_ede3_cbc(), key, iv, enc);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "EVP_CipherInit",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+#ifndef XMLSEC_OPENSSL_096
+ EVP_CIPHER_CTX_set_padding(&cipherCtx, 0);
+#endif /* XMLSEC_OPENSSL_096 */
+
+ ret = EVP_CipherUpdate(&cipherCtx, out, &updateLen, in, inSize);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "EVP_CipherUpdate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = EVP_CipherFinal(&cipherCtx, out + updateLen, &finalLen);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "EVP_CipherFinal",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ EVP_CIPHER_CTX_cleanup(&cipherCtx);
+
+ return(updateLen + finalLen);
+}
+
+
+#endif /* XMLSEC_NO_DES */
+
diff --git a/src/openssl/signatures.c b/src/openssl/signatures.c
new file mode 100644
index 00000000..38f42b34
--- /dev/null
+++ b/src/openssl/signatures.c
@@ -0,0 +1,1065 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/openssl/crypto.h>
+#include <xmlsec/openssl/evp.h>
+
+#ifndef XMLSEC_NO_DSA
+#define XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE 40
+static const EVP_MD *xmlSecOpenSSLDsaSha1Evp (void);
+#endif /* XMLSEC_NO_DSA */
+
+
+/**************************************************************************
+ *
+ * Internal OpenSSL evp signatures ctx
+ *
+ *****************************************************************************/
+typedef struct _xmlSecOpenSSLEvpSignatureCtx xmlSecOpenSSLEvpSignatureCtx,
+ *xmlSecOpenSSLEvpSignatureCtxPtr;
+struct _xmlSecOpenSSLEvpSignatureCtx {
+ const EVP_MD* digest;
+ EVP_MD_CTX digestCtx;
+ xmlSecKeyDataId keyId;
+ EVP_PKEY* pKey;
+};
+
+/******************************************************************************
+ *
+ * EVP Signature transforms
+ *
+ * xmlSecOpenSSLEvpSignatureCtx is located after xmlSecTransform
+ *
+ *****************************************************************************/
+#define xmlSecOpenSSLEvpSignatureSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecOpenSSLEvpSignatureCtx))
+#define xmlSecOpenSSLEvpSignatureGetCtx(transform) \
+ ((xmlSecOpenSSLEvpSignatureCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecOpenSSLEvpSignatureCheckId (xmlSecTransformPtr transform);
+static int xmlSecOpenSSLEvpSignatureInitialize (xmlSecTransformPtr transform);
+static void xmlSecOpenSSLEvpSignatureFinalize (xmlSecTransformPtr transform);
+static int xmlSecOpenSSLEvpSignatureSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecOpenSSLEvpSignatureSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecOpenSSLEvpSignatureVerify (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecOpenSSLEvpSignatureExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+
+static int
+xmlSecOpenSSLEvpSignatureCheckId(xmlSecTransformPtr transform) {
+#ifndef XMLSEC_NO_DSA
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformDsaSha1Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaMd5Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaRipemd160Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha1Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha224Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha256Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha384Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha512Id)) {
+ return(1);
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_RSA */
+
+ {
+ return(0);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecOpenSSLEvpSignatureInitialize(xmlSecTransformPtr transform) {
+ xmlSecOpenSSLEvpSignatureCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecOpenSSLEvpSignatureCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpSignatureSize), -1);
+
+ ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecOpenSSLEvpSignatureCtx));
+
+#ifndef XMLSEC_NO_DSA
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformDsaSha1Id)) {
+ ctx->digest = xmlSecOpenSSLDsaSha1Evp();
+ ctx->keyId = xmlSecOpenSSLKeyDataDsaId;
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_MD5
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaMd5Id)) {
+ ctx->digest = EVP_md5();
+ ctx->keyId = xmlSecOpenSSLKeyDataRsaId;
+ } else
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaRipemd160Id)) {
+ ctx->digest = EVP_ripemd160();
+ ctx->keyId = xmlSecOpenSSLKeyDataRsaId;
+ } else
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha1Id)) {
+ ctx->digest = EVP_sha1();
+ ctx->keyId = xmlSecOpenSSLKeyDataRsaId;
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha224Id)) {
+ ctx->digest = EVP_sha224();
+ ctx->keyId = xmlSecOpenSSLKeyDataRsaId;
+ } else
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha256Id)) {
+ ctx->digest = EVP_sha256();
+ ctx->keyId = xmlSecOpenSSLKeyDataRsaId;
+ } else
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha384Id)) {
+ ctx->digest = EVP_sha384();
+ ctx->keyId = xmlSecOpenSSLKeyDataRsaId;
+ } else
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+ if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaSha512Id)) {
+ ctx->digest = EVP_sha512();
+ ctx->keyId = xmlSecOpenSSLKeyDataRsaId;
+ } else
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_RSA */
+
+ if(1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+#ifndef XMLSEC_OPENSSL_096
+ EVP_MD_CTX_init(&(ctx->digestCtx));
+#endif /* XMLSEC_OPENSSL_096 */
+ return(0);
+}
+
+static void
+xmlSecOpenSSLEvpSignatureFinalize(xmlSecTransformPtr transform) {
+ xmlSecOpenSSLEvpSignatureCtxPtr ctx;
+
+ xmlSecAssert(xmlSecOpenSSLEvpSignatureCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpSignatureSize));
+
+ ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ if(ctx->pKey != NULL) {
+ EVP_PKEY_free(ctx->pKey);
+ }
+
+#ifndef XMLSEC_OPENSSL_096
+ EVP_MD_CTX_cleanup(&(ctx->digestCtx));
+#endif /* XMLSEC_OPENSSL_096 */
+ memset(ctx, 0, sizeof(xmlSecOpenSSLEvpSignatureCtx));
+}
+
+static int
+xmlSecOpenSSLEvpSignatureSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecOpenSSLEvpSignatureCtxPtr ctx;
+ xmlSecKeyDataPtr value;
+ EVP_PKEY* pKey;
+
+ xmlSecAssert2(xmlSecOpenSSLEvpSignatureCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpSignatureSize), -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->digest != NULL, -1);
+ xmlSecAssert2(ctx->keyId != NULL, -1);
+ xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1);
+
+ value = xmlSecKeyGetValue(key);
+ xmlSecAssert2(value != NULL, -1);
+
+ pKey = xmlSecOpenSSLEvpKeyDataGetEvp(value);
+ if(pKey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecOpenSSLEvpKeyDataGetEvp",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if(ctx->pKey != NULL) {
+ EVP_PKEY_free(ctx->pKey);
+ }
+
+ ctx->pKey = xmlSecOpenSSLEvpKeyDup(pKey);
+ if(ctx->pKey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecOpenSSLEvpKeyDup",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecOpenSSLEvpSignatureSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecOpenSSLEvpSignatureCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecOpenSSLEvpSignatureCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpSignatureSize), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->keyId != NULL, -1);
+
+ keyReq->keyId = ctx->keyId;
+ if(transform->operation == xmlSecTransformOperationSign) {
+ keyReq->keyType = xmlSecKeyDataTypePrivate;
+ keyReq->keyUsage = xmlSecKeyUsageSign;
+ } else {
+ keyReq->keyType = xmlSecKeyDataTypePublic;
+ keyReq->keyUsage = xmlSecKeyUsageVerify;
+ }
+ return(0);
+}
+
+
+static int
+xmlSecOpenSSLEvpSignatureVerify(xmlSecTransformPtr transform,
+ const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecOpenSSLEvpSignatureCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecOpenSSLEvpSignatureCheckId(transform), -1);
+ xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpSignatureSize), -1);
+ xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ ret = EVP_VerifyFinal(&(ctx->digestCtx), (xmlSecByte*)data, dataSize, ctx->pKey);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "EVP_VerifyFinal",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ } else if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "EVP_VerifyFinal",
+ XMLSEC_ERRORS_R_DATA_NOT_MATCH,
+ "signature do not match");
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ transform->status = xmlSecTransformStatusOk;
+ return(0);
+}
+
+static int
+xmlSecOpenSSLEvpSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecOpenSSLEvpSignatureCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ xmlSecSize inSize;
+ xmlSecSize outSize;
+ int ret;
+
+ xmlSecAssert2(xmlSecOpenSSLEvpSignatureCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpSignatureSize), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+
+ ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->digest != NULL, -1);
+ xmlSecAssert2(ctx->pKey != NULL, -1);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ xmlSecAssert2(outSize == 0, -1);
+
+ if(transform->operation == xmlSecTransformOperationSign) {
+#ifndef XMLSEC_OPENSSL_096
+ ret = EVP_SignInit(&(ctx->digestCtx), ctx->digest);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "EVP_SignInit",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+#else /* XMLSEC_OPENSSL_096 */
+ EVP_SignInit(&(ctx->digestCtx), ctx->digest);
+#endif /* XMLSEC_OPENSSL_096 */
+ } else {
+#ifndef XMLSEC_OPENSSL_096
+ ret = EVP_VerifyInit(&(ctx->digestCtx), ctx->digest);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "EVP_VerifyInit",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+#else /* XMLSEC_OPENSSL_096 */
+ EVP_VerifyInit(&(ctx->digestCtx), ctx->digest);
+#endif /* XMLSEC_OPENSSL_096 */
+ }
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if((transform->status == xmlSecTransformStatusWorking) && (inSize > 0)) {
+ xmlSecAssert2(outSize == 0, -1);
+
+ if(transform->operation == xmlSecTransformOperationSign) {
+#ifndef XMLSEC_OPENSSL_096
+ ret = EVP_SignUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "EVP_SignUpdate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+#else /* XMLSEC_OPENSSL_096 */
+ EVP_SignUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize);
+#endif /* XMLSEC_OPENSSL_096 */
+ } else {
+#ifndef XMLSEC_OPENSSL_096
+ ret = EVP_VerifyUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "EVP_VerifyUpdate",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+#else /* XMLSEC_OPENSSL_096 */
+ EVP_VerifyUpdate(&(ctx->digestCtx), xmlSecBufferGetData(in), inSize);
+#endif /* XMLSEC_OPENSSL_096 */
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
+ xmlSecAssert2(outSize == 0, -1);
+ if(transform->operation == xmlSecTransformOperationSign) {
+ unsigned int signSize;
+
+ /* this is a hack: for rsa signatures
+ * we get size from EVP_PKEY_size(),
+ * for dsa signature we use a fixed constant */
+ signSize = EVP_PKEY_size(ctx->pKey);
+#ifndef XMLSEC_NO_DSA
+ if(signSize < XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE) {
+ signSize = XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE;
+ }
+#endif /* XMLSEC_NO_DSA */
+
+ ret = xmlSecBufferSetMaxSize(out, signSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%u", signSize);
+ return(-1);
+ }
+
+ ret = EVP_SignFinal(&(ctx->digestCtx), xmlSecBufferGetData(out), &signSize, ctx->pKey);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "EVP_SignFinal",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecBufferSetSize(out, signSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%u", signSize);
+ return(-1);
+ }
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
+
+ if((transform->status == xmlSecTransformStatusWorking) || (transform->status == xmlSecTransformStatusFinished)) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+
+ return(0);
+}
+
+#ifndef XMLSEC_NO_DSA
+
+#ifndef XMLSEC_NO_SHA1
+/****************************************************************************
+ *
+ * DSA-SHA1 signature transform
+ *
+ ***************************************************************************/
+
+static xmlSecTransformKlass xmlSecOpenSSLDsaSha1Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameDsaSha1, /* const xmlChar* name; */
+ xmlSecHrefDsaSha1, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformDsaSha1GetKlass:
+ *
+ * The DSA-SHA1 signature transform klass.
+ *
+ * Returns: DSA-SHA1 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformDsaSha1GetKlass(void) {
+ return(&xmlSecOpenSSLDsaSha1Klass);
+}
+
+/****************************************************************************
+ *
+ * DSA-SHA1 EVP
+ *
+ * XMLDSig specifies dsa signature packing not supported by OpenSSL so
+ * we created our own EVP_MD.
+ *
+ * http://www.w3.org/TR/xmldsig-core/#sec-SignatureAlg:
+ *
+ * The output of the DSA algorithm consists of a pair of integers
+ * usually referred by the pair (r, s). The signature value consists of
+ * the base64 encoding of the concatenation of two octet-streams that
+ * respectively result from the octet-encoding of the values r and s in
+ * that order. Integer to octet-stream conversion must be done according
+ * to the I2OSP operation defined in the RFC 2437 [PKCS1] specification
+ * with a l parameter equal to 20. For example, the SignatureValue element
+ * for a DSA signature (r, s) with values specified in hexadecimal:
+ *
+ * r = 8BAC1AB6 6410435C B7181F95 B16AB97C 92B341C0
+ * s = 41E2345F 1F56DF24 58F426D1 55B4BA2D B6DCD8C8
+ *
+ * from the example in Appendix 5 of the DSS standard would be
+ *
+ * <SignatureValue>i6watmQQQ1y3GB+VsWq5fJKzQcBB4jRfH1bfJFj0JtFVtLotttzYyA==</SignatureValue>
+ *
+ ***************************************************************************/
+#ifndef XMLSEC_OPENSSL_096
+static int
+xmlSecOpenSSLDsaSha1EvpInit(EVP_MD_CTX *ctx)
+{
+ return SHA1_Init(ctx->md_data);
+}
+
+static int
+xmlSecOpenSSLDsaSha1EvpUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+ return SHA1_Update(ctx->md_data,data,count);
+}
+
+static int
+xmlSecOpenSSLDsaSha1EvpFinal(EVP_MD_CTX *ctx, unsigned char *md)
+{
+ return SHA1_Final(md,ctx->md_data);
+}
+#endif /* XMLSEC_OPENSSL_096 */
+
+static int
+xmlSecOpenSSLDsaSha1EvpSign(int type ATTRIBUTE_UNUSED,
+ const unsigned char *dgst, unsigned int dlen,
+ unsigned char *sig, unsigned int *siglen, void *dsa) {
+ DSA_SIG *s;
+ int rSize, sSize;
+
+ s = DSA_do_sign(dgst, dlen, dsa);
+ if(s == NULL) {
+ *siglen=0;
+ return(0);
+ }
+
+ rSize = BN_num_bytes(s->r);
+ sSize = BN_num_bytes(s->s);
+ if((rSize > (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2)) ||
+ (sSize > (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2))) {
+
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "size(r)=%d or size(s)=%d > %d",
+ rSize, sSize, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2);
+ DSA_SIG_free(s);
+ return(0);
+ }
+
+ memset(sig, 0, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE);
+ BN_bn2bin(s->r, sig + (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2) - rSize);
+ BN_bn2bin(s->s, sig + XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE - sSize);
+ *siglen = XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE;
+
+ DSA_SIG_free(s);
+ return(1);
+}
+
+static int
+xmlSecOpenSSLDsaSha1EvpVerify(int type ATTRIBUTE_UNUSED,
+ const unsigned char *dgst, unsigned int dgst_len,
+ const unsigned char *sigbuf, unsigned int siglen,
+ void *dsa) {
+ DSA_SIG *s;
+ int ret = -1;
+
+ s = DSA_SIG_new();
+ if (s == NULL) {
+ return(ret);
+ }
+
+ if(siglen != XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "invalid length %d (%d expected)",
+ siglen, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE);
+ goto err;
+ }
+
+ s->r = BN_bin2bn(sigbuf, XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2, NULL);
+ s->s = BN_bin2bn(sigbuf + (XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2),
+ XMLSEC_OPENSSL_DSA_SIGNATURE_SIZE / 2, NULL);
+ if((s->r == NULL) || (s->s == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BN_bin2bn",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto err;
+ }
+
+ ret = DSA_do_verify(dgst, dgst_len, s, dsa);
+
+err:
+ DSA_SIG_free(s);
+ return(ret);
+}
+
+static const EVP_MD xmlSecOpenSSLDsaMdEvp = {
+ NID_dsaWithSHA,
+ NID_dsaWithSHA,
+ SHA_DIGEST_LENGTH,
+#ifndef XMLSEC_OPENSSL_096
+ 0,
+ xmlSecOpenSSLDsaSha1EvpInit,
+ xmlSecOpenSSLDsaSha1EvpUpdate,
+ xmlSecOpenSSLDsaSha1EvpFinal,
+ NULL,
+ NULL,
+#else /* XMLSEC_OPENSSL_096 */
+ SHA1_Init,
+ SHA1_Update,
+ SHA1_Final,
+#endif /* XMLSEC_OPENSSL_096 */
+ xmlSecOpenSSLDsaSha1EvpSign,
+ xmlSecOpenSSLDsaSha1EvpVerify,
+ {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3,EVP_PKEY_DSA4,0},
+ SHA_CBLOCK,
+ sizeof(EVP_MD *)+sizeof(SHA_CTX),
+};
+
+static const EVP_MD *xmlSecOpenSSLDsaSha1Evp(void)
+{
+ return(&xmlSecOpenSSLDsaMdEvp);
+}
+#endif /* XMLSEC_NO_SHA1 */
+
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_RSA
+
+#ifndef XMLSEC_NO_MD5
+/****************************************************************************
+ *
+ * RSA-MD5 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecOpenSSLRsaMd5Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaMd5, /* const xmlChar* name; */
+ xmlSecHrefRsaMd5, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformRsaMd5GetKlass:
+ *
+ * The RSA-MD5 signature transform klass.
+ *
+ * Returns: RSA-MD5 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformRsaMd5GetKlass(void) {
+ return(&xmlSecOpenSSLRsaMd5Klass);
+}
+
+#endif /* XMLSEC_NO_MD5 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+/****************************************************************************
+ *
+ * RSA-RIPEMD160 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecOpenSSLRsaRipemd160Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaRipemd160, /* const xmlChar* name; */
+ xmlSecHrefRsaRipemd160, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformRsaRipemd160GetKlass:
+ *
+ * The RSA-RIPEMD160 signature transform klass.
+ *
+ * Returns: RSA-RIPEMD160 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformRsaRipemd160GetKlass(void) {
+ return(&xmlSecOpenSSLRsaRipemd160Klass);
+}
+
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_SHA1
+/****************************************************************************
+ *
+ * RSA-SHA1 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecOpenSSLRsaSha1Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha1, /* const xmlChar* name; */
+ xmlSecHrefRsaSha1, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformRsaSha1GetKlass:
+ *
+ * The RSA-SHA1 signature transform klass.
+ *
+ * Returns: RSA-SHA1 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformRsaSha1GetKlass(void) {
+ return(&xmlSecOpenSSLRsaSha1Klass);
+}
+
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_SHA224
+/****************************************************************************
+ *
+ * RSA-SHA224 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecOpenSSLRsaSha224Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha224, /* const xmlChar* name; */
+ xmlSecHrefRsaSha224, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformRsaSha224GetKlass:
+ *
+ * The RSA-SHA224 signature transform klass.
+ *
+ * Returns: RSA-SHA224 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformRsaSha224GetKlass(void) {
+ return(&xmlSecOpenSSLRsaSha224Klass);
+}
+
+#endif /* XMLSEC_NO_SHA224 */
+
+#ifndef XMLSEC_NO_SHA256
+/****************************************************************************
+ *
+ * RSA-SHA256 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecOpenSSLRsaSha256Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha256, /* const xmlChar* name; */
+ xmlSecHrefRsaSha256, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformRsaSha256GetKlass:
+ *
+ * The RSA-SHA256 signature transform klass.
+ *
+ * Returns: RSA-SHA256 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformRsaSha256GetKlass(void) {
+ return(&xmlSecOpenSSLRsaSha256Klass);
+}
+
+#endif /* XMLSEC_NO_SHA256 */
+
+#ifndef XMLSEC_NO_SHA384
+/****************************************************************************
+ *
+ * RSA-SHA384 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecOpenSSLRsaSha384Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha384, /* const xmlChar* name; */
+ xmlSecHrefRsaSha384, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformRsaSha384GetKlass:
+ *
+ * The RSA-SHA384 signature transform klass.
+ *
+ * Returns: RSA-SHA384 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformRsaSha384GetKlass(void) {
+ return(&xmlSecOpenSSLRsaSha384Klass);
+}
+
+#endif /* XMLSEC_NO_SHA384 */
+
+#ifndef XMLSEC_NO_SHA512
+/****************************************************************************
+ *
+ * RSA-SHA512 signature transform
+ *
+ ***************************************************************************/
+static xmlSecTransformKlass xmlSecOpenSSLRsaSha512Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecOpenSSLEvpSignatureSize, /* xmlSecSize objSize */
+
+ xmlSecNameRsaSha512, /* const xmlChar* name; */
+ xmlSecHrefRsaSha512, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecOpenSSLEvpSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecOpenSSLEvpSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecOpenSSLEvpSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecOpenSSLEvpSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecOpenSSLEvpSignatureVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecOpenSSLEvpSignatureExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLTransformRsaSha512GetKlass:
+ *
+ * The RSA-SHA512 signature transform klass.
+ *
+ * Returns: RSA-SHA512 signature transform klass.
+ */
+xmlSecTransformId
+xmlSecOpenSSLTransformRsaSha512GetKlass(void) {
+ return(&xmlSecOpenSSLRsaSha512Klass);
+}
+
+#endif /* XMLSEC_NO_SHA512 */
+
+#endif /* XMLSEC_NO_RSA */
+
+
+
diff --git a/src/openssl/symkeys.c b/src/openssl/symkeys.c
new file mode 100644
index 00000000..6195ed6d
--- /dev/null
+++ b/src/openssl/symkeys.c
@@ -0,0 +1,447 @@
+/**
+ *
+ * XMLSec library
+ *
+ * DES Algorithm support
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/rand.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/openssl/crypto.h>
+
+/*****************************************************************************
+ *
+ * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary
+ *
+ ****************************************************************************/
+static int xmlSecOpenSSLSymKeyDataInitialize (xmlSecKeyDataPtr data);
+static int xmlSecOpenSSLSymKeyDataDuplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecOpenSSLSymKeyDataFinalize (xmlSecKeyDataPtr data);
+static int xmlSecOpenSSLSymKeyDataXmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLSymKeyDataXmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLSymKeyDataBinRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLSymKeyDataBinWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlSecByte** buf,
+ xmlSecSize* bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLSymKeyDataGenerate (xmlSecKeyDataPtr data,
+ xmlSecSize sizeBits,
+ xmlSecKeyDataType type);
+
+static xmlSecKeyDataType xmlSecOpenSSLSymKeyDataGetType (xmlSecKeyDataPtr data);
+static xmlSecSize xmlSecOpenSSLSymKeyDataGetSize (xmlSecKeyDataPtr data);
+static void xmlSecOpenSSLSymKeyDataDebugDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecOpenSSLSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static int xmlSecOpenSSLSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass);
+
+#define xmlSecOpenSSLSymKeyDataCheckId(data) \
+ (xmlSecKeyDataIsValid((data)) && \
+ xmlSecOpenSSLSymKeyDataKlassCheck((data)->id))
+
+static int
+xmlSecOpenSSLSymKeyDataInitialize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecOpenSSLSymKeyDataCheckId(data), -1);
+
+ return(xmlSecKeyDataBinaryValueInitialize(data));
+}
+
+static int
+xmlSecOpenSSLSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecAssert2(xmlSecOpenSSLSymKeyDataCheckId(dst), -1);
+ xmlSecAssert2(xmlSecOpenSSLSymKeyDataCheckId(src), -1);
+ xmlSecAssert2(dst->id == src->id, -1);
+
+ return(xmlSecKeyDataBinaryValueDuplicate(dst, src));
+}
+
+static void
+xmlSecOpenSSLSymKeyDataFinalize(xmlSecKeyDataPtr data) {
+ xmlSecAssert(xmlSecOpenSSLSymKeyDataCheckId(data));
+
+ xmlSecKeyDataBinaryValueFinalize(data);
+}
+
+static int
+xmlSecOpenSSLSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(xmlSecOpenSSLSymKeyDataKlassCheck(id), -1);
+
+ return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx));
+}
+
+static int
+xmlSecOpenSSLSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(xmlSecOpenSSLSymKeyDataKlassCheck(id), -1);
+
+ return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx));
+}
+
+static int
+xmlSecOpenSSLSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ const xmlSecByte* buf, xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(xmlSecOpenSSLSymKeyDataKlassCheck(id), -1);
+
+ return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx));
+}
+
+static int
+xmlSecOpenSSLSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlSecByte** buf, xmlSecSize* bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(xmlSecOpenSSLSymKeyDataKlassCheck(id), -1);
+
+ return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx));
+}
+
+static int
+xmlSecOpenSSLSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecOpenSSLSymKeyDataCheckId(data), -1);
+ xmlSecAssert2(sizeBits > 0, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ return(xmlSecOpenSSLGenerateRandom(buffer, (sizeBits + 7) / 8));
+}
+
+static xmlSecKeyDataType
+xmlSecOpenSSLSymKeyDataGetType(xmlSecKeyDataPtr data) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecOpenSSLSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown);
+
+ return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown);
+}
+
+static xmlSecSize
+xmlSecOpenSSLSymKeyDataGetSize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecOpenSSLSymKeyDataCheckId(data), 0);
+
+ return(xmlSecKeyDataBinaryValueGetSize(data));
+}
+
+static void
+xmlSecOpenSSLSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecOpenSSLSymKeyDataCheckId(data));
+
+ xmlSecKeyDataBinaryValueDebugDump(data, output);
+}
+
+static void
+xmlSecOpenSSLSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecOpenSSLSymKeyDataCheckId(data));
+
+ xmlSecKeyDataBinaryValueDebugXmlDump(data, output);
+}
+
+static int
+xmlSecOpenSSLSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) {
+#ifndef XMLSEC_NO_DES
+ if(klass == xmlSecOpenSSLKeyDataDesId) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_AES
+#ifndef XMLSEC_OPENSSL_096
+ if(klass == xmlSecOpenSSLKeyDataAesId) {
+ return(1);
+ }
+#endif /* XMLSEC_OPENSSL_096 */
+#endif /* XMLSEC_NO_AES */
+
+#ifndef XMLSEC_NO_HMAC
+ if(klass == xmlSecOpenSSLKeyDataHmacId) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_HMAC */
+
+ return(0);
+}
+
+#ifndef XMLSEC_NO_AES
+#ifndef XMLSEC_OPENSSL_096
+/**************************************************************************
+ *
+ * <xmlsec:AESKeyValue> processing
+ *
+ *************************************************************************/
+static xmlSecKeyDataKlass xmlSecOpenSSLKeyDataAesKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecKeyDataBinarySize,
+
+ /* data */
+ xmlSecNameAESKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefAESKeyValue, /* const xmlChar* href; */
+ xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecOpenSSLSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecOpenSSLSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecOpenSSLSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecOpenSSLSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecOpenSSLSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecOpenSSLSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecOpenSSLSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecOpenSSLSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecOpenSSLSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ xmlSecOpenSSLSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecOpenSSLSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecOpenSSLSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLKeyDataAesGetKlass:
+ *
+ * The AES key data klass.
+ *
+ * Returns: AES key data klass.
+ */
+xmlSecKeyDataId
+xmlSecOpenSSLKeyDataAesGetKlass(void) {
+ return(&xmlSecOpenSSLKeyDataAesKlass);
+}
+
+/**
+ * xmlSecOpenSSLKeyDataAesSet:
+ * @data: the pointer to AES key data.
+ * @buf: the pointer to key value.
+ * @bufSize: the key value size (in bytes).
+ *
+ * Sets the value of AES key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecOpenSSLKeyDataAesSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataAesId), -1);
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(bufSize > 0, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ return(xmlSecBufferSetData(buffer, buf, bufSize));
+}
+
+#endif /* XMLSEC_OPENSSL_096 */
+#endif /* XMLSEC_NO_AES */
+
+#ifndef XMLSEC_NO_DES
+/**************************************************************************
+ *
+ * <xmlsec:DESKeyValue> processing
+ *
+ *************************************************************************/
+static xmlSecKeyDataKlass xmlSecOpenSSLKeyDataDesKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecKeyDataBinarySize,
+
+ /* data */
+ xmlSecNameDESKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefDESKeyValue, /* const xmlChar* href; */
+ xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecOpenSSLSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecOpenSSLSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecOpenSSLSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecOpenSSLSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecOpenSSLSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecOpenSSLSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecOpenSSLSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecOpenSSLSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecOpenSSLSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ xmlSecOpenSSLSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecOpenSSLSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecOpenSSLSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLKeyDataDesGetKlass:
+ *
+ * The DES key data klass.
+ *
+ * Returns: DES key data klass.
+ */
+xmlSecKeyDataId
+xmlSecOpenSSLKeyDataDesGetKlass(void) {
+ return(&xmlSecOpenSSLKeyDataDesKlass);
+}
+
+/**
+ * xmlSecOpenSSLKeyDataDesSet:
+ * @data: the pointer to DES key data.
+ * @buf: the pointer to key value.
+ * @bufSize: the key value size (in bytes).
+ *
+ * Sets the value of DES key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecOpenSSLKeyDataDesSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataDesId), -1);
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(bufSize > 0, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ return(xmlSecBufferSetData(buffer, buf, bufSize));
+}
+
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_HMAC
+/**************************************************************************
+ *
+ * <xmlsec:HMACKeyValue> processing
+ *
+ *************************************************************************/
+static xmlSecKeyDataKlass xmlSecOpenSSLKeyDataHmacKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecKeyDataBinarySize,
+
+ /* data */
+ xmlSecNameHMACKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefHMACKeyValue, /* const xmlChar* href; */
+ xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecOpenSSLSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecOpenSSLSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecOpenSSLSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecOpenSSLSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecOpenSSLSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecOpenSSLSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecOpenSSLSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecOpenSSLSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecOpenSSLSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ xmlSecOpenSSLSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecOpenSSLSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecOpenSSLSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLKeyDataHmacGetKlass:
+ *
+ * The HMAC key data klass.
+ *
+ * Returns: HMAC key data klass.
+ */
+xmlSecKeyDataId
+xmlSecOpenSSLKeyDataHmacGetKlass(void) {
+ return(&xmlSecOpenSSLKeyDataHmacKlass);
+}
+
+/**
+ * xmlSecOpenSSLKeyDataHmacSet:
+ * @data: the pointer to HMAC key data.
+ * @buf: the pointer to key value.
+ * @bufSize: the key value size (in bytes).
+ *
+ * Sets the value of HMAC key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecOpenSSLKeyDataHmacSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataHmacId), -1);
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(bufSize > 0, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ return(xmlSecBufferSetData(buffer, buf, bufSize));
+}
+
+#endif /* XMLSEC_NO_HMAC */
+
diff --git a/src/openssl/x509.c b/src/openssl/x509.c
new file mode 100644
index 00000000..459a312d
--- /dev/null
+++ b/src/openssl/x509.c
@@ -0,0 +1,2414 @@
+/**
+ * XMLSec library
+ *
+ * X509 support
+ *
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#ifndef XMLSEC_NO_X509
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+#include <time.h>
+
+#include <libxml/tree.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509_vfy.h>
+#include <openssl/x509v3.h>
+#include <openssl/asn1.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/x509.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/openssl/crypto.h>
+#include <xmlsec/openssl/evp.h>
+#include <xmlsec/openssl/x509.h>
+
+/*************************************************************************
+ *
+ * X509 utility functions
+ *
+ ************************************************************************/
+static int xmlSecOpenSSLX509DataNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLX509CertificateNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLX509CertificateNodeWrite (X509* cert,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLX509SubjectNameNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLX509SubjectNameNodeWrite (X509* cert,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLX509IssuerSerialNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLX509IssuerSerialNodeWrite (X509* cert,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLX509SKINodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLX509SKINodeWrite (X509* cert,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLX509CRLNodeRead (xmlSecKeyDataPtr data,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLX509CRLNodeWrite (X509_CRL* crl,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data,
+ xmlSecKeyPtr key,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static X509* xmlSecOpenSSLX509CertDerRead (const xmlSecByte* buf,
+ xmlSecSize size);
+static X509* xmlSecOpenSSLX509CertBase64DerRead (xmlChar* buf);
+static xmlChar* xmlSecOpenSSLX509CertBase64DerWrite (X509* cert,
+ int base64LineWrap);
+static X509_CRL* xmlSecOpenSSLX509CrlDerRead (xmlSecByte* buf,
+ xmlSecSize size);
+static X509_CRL* xmlSecOpenSSLX509CrlBase64DerRead (xmlChar* buf);
+static xmlChar* xmlSecOpenSSLX509CrlBase64DerWrite (X509_CRL* crl,
+ int base64LineWrap);
+static xmlChar* xmlSecOpenSSLX509NameWrite (X509_NAME* nm);
+static xmlChar* xmlSecOpenSSLASN1IntegerWrite (ASN1_INTEGER *asni);
+static xmlChar* xmlSecOpenSSLX509SKIWrite (X509* cert);
+static void xmlSecOpenSSLX509CertDebugDump (X509* cert,
+ FILE* output);
+static void xmlSecOpenSSLX509CertDebugXmlDump (X509* cert,
+ FILE* output);
+static int xmlSecOpenSSLX509CertGetTime (ASN1_TIME* t,
+ time_t* res);
+
+/*************************************************************************
+ *
+ * Internal OpenSSL X509 data CTX
+ *
+ ************************************************************************/
+typedef struct _xmlSecOpenSSLX509DataCtx xmlSecOpenSSLX509DataCtx,
+ *xmlSecOpenSSLX509DataCtxPtr;
+struct _xmlSecOpenSSLX509DataCtx {
+ X509* keyCert;
+ STACK_OF(X509)* certsList;
+ STACK_OF(X509_CRL)* crlsList;
+};
+
+/**************************************************************************
+ *
+ * <dsig:X509Data> processing
+ *
+ *
+ * The X509Data Element (http://www.w3.org/TR/xmldsig-core/#sec-X509Data)
+ *
+ * An X509Data element within KeyInfo contains one or more identifiers of keys
+ * or X509 certificates (or certificates' identifiers or a revocation list).
+ * The content of X509Data is:
+ *
+ * 1. At least one element, from the following set of element types; any of these may appear together or more than once iff (if and only if) each instance describes or is related to the same certificate:
+ * 2.
+ * * The X509IssuerSerial element, which contains an X.509 issuer
+ * distinguished name/serial number pair that SHOULD be compliant
+ * with RFC2253 [LDAP-DN],
+ * * The X509SubjectName element, which contains an X.509 subject
+ * distinguished name that SHOULD be compliant with RFC2253 [LDAP-DN],
+ * * The X509SKI element, which contains the base64 encoded plain (i.e.
+ * non-DER-encoded) value of a X509 V.3 SubjectKeyIdentifier extension.
+ * * The X509Certificate element, which contains a base64-encoded [X509v3]
+ * certificate, and
+ * * Elements from an external namespace which accompanies/complements any
+ * of the elements above.
+ * * The X509CRL element, which contains a base64-encoded certificate
+ * revocation list (CRL) [X509v3].
+ *
+ * Any X509IssuerSerial, X509SKI, and X509SubjectName elements that appear
+ * MUST refer to the certificate or certificates containing the validation key.
+ * All such elements that refer to a particular individual certificate MUST be
+ * grouped inside a single X509Data element and if the certificate to which
+ * they refer appears, it MUST also be in that X509Data element.
+ *
+ * Any X509IssuerSerial, X509SKI, and X509SubjectName elements that relate to
+ * the same key but different certificates MUST be grouped within a single
+ * KeyInfo but MAY occur in multiple X509Data elements.
+ *
+ * All certificates appearing in an X509Data element MUST relate to the
+ * validation key by either containing it or being part of a certification
+ * chain that terminates in a certificate containing the validation key.
+ *
+ * No ordering is implied by the above constraints.
+ *
+ * Note, there is no direct provision for a PKCS#7 encoded "bag" of
+ * certificates or CRLs. However, a set of certificates and CRLs can occur
+ * within an X509Data element and multiple X509Data elements can occur in a
+ * KeyInfo. Whenever multiple certificates occur in an X509Data element, at
+ * least one such certificate must contain the public key which verifies the
+ * signature.
+ *
+ * Schema Definition
+ *
+ * <element name="X509Data" type="ds:X509DataType"/>
+ * <complexType name="X509DataType">
+ * <sequence maxOccurs="unbounded">
+ * <choice>
+ * <element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/>
+ * <element name="X509SKI" type="base64Binary"/>
+ * <element name="X509SubjectName" type="string"/>
+ * <element name="X509Certificate" type="base64Binary"/>
+ * <element name="X509CRL" type="base64Binary"/>
+ * <any namespace="##other" processContents="lax"/>
+ * </choice>
+ * </sequence>
+ * </complexType>
+ * <complexType name="X509IssuerSerialType">
+ * <sequence>
+ * <element name="X509IssuerName" type="string"/>
+ * <element name="X509SerialNumber" type="integer"/>
+ * </sequence>
+ * </complexType>
+ *
+ * DTD
+ *
+ * <!ELEMENT X509Data ((X509IssuerSerial | X509SKI | X509SubjectName |
+ * X509Certificate | X509CRL)+ %X509.ANY;)>
+ * <!ELEMENT X509IssuerSerial (X509IssuerName, X509SerialNumber) >
+ * <!ELEMENT X509IssuerName (#PCDATA) >
+ * <!ELEMENT X509SubjectName (#PCDATA) >
+ * <!ELEMENT X509SerialNumber (#PCDATA) >
+ * <!ELEMENT X509SKI (#PCDATA) >
+ * <!ELEMENT X509Certificate (#PCDATA) >
+ * <!ELEMENT X509CRL (#PCDATA) >
+ *
+ * -----------------------------------------------------------------------
+ *
+ * xmlSecOpenSSLX509DataCtx is located after xmlSecTransform
+ *
+ *************************************************************************/
+#define xmlSecOpenSSLX509DataSize \
+ (sizeof(xmlSecKeyData) + sizeof(xmlSecOpenSSLX509DataCtx))
+#define xmlSecOpenSSLX509DataGetCtx(data) \
+ ((xmlSecOpenSSLX509DataCtxPtr)(((xmlSecByte*)(data)) + sizeof(xmlSecKeyData)))
+
+static int xmlSecOpenSSLKeyDataX509Initialize (xmlSecKeyDataPtr data);
+static int xmlSecOpenSSLKeyDataX509Duplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecOpenSSLKeyDataX509Finalize (xmlSecKeyDataPtr data);
+static int xmlSecOpenSSLKeyDataX509XmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecOpenSSLKeyDataX509XmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static xmlSecKeyDataType xmlSecOpenSSLKeyDataX509GetType (xmlSecKeyDataPtr data);
+static const xmlChar* xmlSecOpenSSLKeyDataX509GetIdentifier (xmlSecKeyDataPtr data);
+
+static void xmlSecOpenSSLKeyDataX509DebugDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecOpenSSLKeyDataX509DebugXmlDump (xmlSecKeyDataPtr data,
+ FILE* output);
+
+
+
+static xmlSecKeyDataKlass xmlSecOpenSSLKeyDataX509Klass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecOpenSSLX509DataSize,
+
+ /* data */
+ xmlSecNameX509Data,
+ xmlSecKeyDataUsageKeyInfoNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefX509Data, /* const xmlChar* href; */
+ xmlSecNodeX509Data, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecOpenSSLKeyDataX509Initialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecOpenSSLKeyDataX509Duplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecOpenSSLKeyDataX509Finalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ NULL, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecOpenSSLKeyDataX509GetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
+ xmlSecOpenSSLKeyDataX509GetIdentifier, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecOpenSSLKeyDataX509XmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecOpenSSLKeyDataX509XmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ NULL, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecOpenSSLKeyDataX509DebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecOpenSSLKeyDataX509DebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLKeyDataX509GetKlass:
+ *
+ * The OpenSSL X509 key data klass (http://www.w3.org/TR/xmldsig-core/#sec-X509Data).
+ *
+ * Returns: the X509 data klass.
+ */
+xmlSecKeyDataId
+xmlSecOpenSSLKeyDataX509GetKlass(void) {
+ return(&xmlSecOpenSSLKeyDataX509Klass);
+}
+
+/**
+ * xmlSecOpenSSLKeyDataX509GetKeyCert:
+ * @data: the pointer to X509 key data.
+ *
+ * Gets the certificate from which the key was extracted.
+ *
+ * Returns: the key's certificate or NULL if key data was not used for key
+ * extraction or an error occurs.
+ */
+X509*
+xmlSecOpenSSLKeyDataX509GetKeyCert(xmlSecKeyDataPtr data) {
+ xmlSecOpenSSLX509DataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), NULL);
+
+ ctx = xmlSecOpenSSLX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, NULL);
+
+ return(ctx->keyCert);
+}
+
+/**
+ * xmlSecOpenSSLKeyDataX509AdoptKeyCert:
+ * @data: the pointer to X509 key data.
+ * @cert: the pointer to OpenSSL X509 certificate.
+ *
+ * Sets the key's certificate in @data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecOpenSSLKeyDataX509AdoptKeyCert(xmlSecKeyDataPtr data, X509* cert) {
+ xmlSecOpenSSLX509DataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), -1);
+ xmlSecAssert2(cert != NULL, -1);
+
+ ctx = xmlSecOpenSSLX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if(ctx->keyCert != NULL) {
+ X509_free(ctx->keyCert);
+ }
+ ctx->keyCert = cert;
+ return(0);
+}
+
+/**
+ * xmlSecOpenSSLKeyDataX509AdoptCert:
+ * @data: the pointer to X509 key data.
+ * @cert: the pointer to OpenSSL X509 certificate.
+ *
+ * Adds certificate to the X509 key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecOpenSSLKeyDataX509AdoptCert(xmlSecKeyDataPtr data, X509* cert) {
+ xmlSecOpenSSLX509DataCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), -1);
+ xmlSecAssert2(cert != NULL, -1);
+
+ ctx = xmlSecOpenSSLX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if(ctx->certsList == NULL) {
+ ctx->certsList = sk_X509_new_null();
+ if(ctx->certsList == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "sk_X509_new_null",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ ret = sk_X509_push(ctx->certsList, cert);
+ if(ret < 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "sk_X509_push",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecOpenSSLKeyDataX509GetCert:
+ * @data: the pointer to X509 key data.
+ * @pos: the desired certificate position.
+ *
+ * Gets a certificate from X509 key data.
+ *
+ * Returns: the pointer to certificate or NULL if @pos is larger than the
+ * number of certificates in @data or an error occurs.
+ */
+X509*
+xmlSecOpenSSLKeyDataX509GetCert(xmlSecKeyDataPtr data, xmlSecSize pos) {
+ xmlSecOpenSSLX509DataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), NULL);
+
+ ctx = xmlSecOpenSSLX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, NULL);
+ xmlSecAssert2(ctx->certsList != NULL, NULL);
+ xmlSecAssert2((int)pos < sk_X509_num(ctx->certsList), NULL);
+
+ return(sk_X509_value(ctx->certsList, pos));
+}
+
+/**
+ * xmlSecOpenSSLKeyDataX509GetCertsSize:
+ * @data: the pointer to X509 key data.
+ *
+ * Gets the number of certificates in @data.
+ *
+ * Returns: te number of certificates in @data.
+ */
+xmlSecSize
+xmlSecOpenSSLKeyDataX509GetCertsSize(xmlSecKeyDataPtr data) {
+ xmlSecOpenSSLX509DataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), 0);
+
+ ctx = xmlSecOpenSSLX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, 0);
+
+ return((ctx->certsList != NULL) ? sk_X509_num(ctx->certsList) : 0);
+}
+
+/**
+ * xmlSecOpenSSLKeyDataX509AdoptCrl:
+ * @data: the pointer to X509 key data.
+ * @crl: the pointer to OpenSSL X509 CRL.
+ *
+ * Adds CRL to the X509 key data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecOpenSSLKeyDataX509AdoptCrl(xmlSecKeyDataPtr data, X509_CRL* crl) {
+ xmlSecOpenSSLX509DataCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), -1);
+ xmlSecAssert2(crl != NULL, -1);
+
+ ctx = xmlSecOpenSSLX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if(ctx->crlsList == NULL) {
+ ctx->crlsList = sk_X509_CRL_new_null();
+ if(ctx->crlsList == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "sk_X509_CRL_new_null",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ ret = sk_X509_CRL_push(ctx->crlsList, crl);
+ if(ret < 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "sk_X509_CRL_push",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecOpenSSLKeyDataX509GetCrl:
+ * @data: the pointer to X509 key data.
+ * @pos: the desired CRL position.
+ *
+ * Gets a CRL from X509 key data.
+ *
+ * Returns: the pointer to CRL or NULL if @pos is larger than the
+ * number of CRLs in @data or an error occurs.
+ */
+X509_CRL*
+xmlSecOpenSSLKeyDataX509GetCrl(xmlSecKeyDataPtr data, xmlSecSize pos) {
+ xmlSecOpenSSLX509DataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), NULL);
+
+ ctx = xmlSecOpenSSLX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, NULL);
+
+ xmlSecAssert2(ctx->crlsList != NULL, NULL);
+ xmlSecAssert2((int)pos < sk_X509_CRL_num(ctx->crlsList), NULL);
+
+ return(sk_X509_CRL_value(ctx->crlsList, pos));
+}
+
+/**
+ * xmlSecOpenSSLKeyDataX509GetCrlsSize:
+ * @data: the pointer to X509 key data.
+ *
+ * Gets the number of CRLs in @data.
+ *
+ * Returns: te number of CRLs in @data.
+ */
+xmlSecSize
+xmlSecOpenSSLKeyDataX509GetCrlsSize(xmlSecKeyDataPtr data) {
+ xmlSecOpenSSLX509DataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), 0);
+
+ ctx = xmlSecOpenSSLX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, 0);
+
+ return((ctx->crlsList != NULL) ? sk_X509_CRL_num(ctx->crlsList) : 0);
+}
+
+static int
+xmlSecOpenSSLKeyDataX509Initialize(xmlSecKeyDataPtr data) {
+ xmlSecOpenSSLX509DataCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), -1);
+
+ ctx = xmlSecOpenSSLX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecOpenSSLX509DataCtx));
+ return(0);
+}
+
+static int
+xmlSecOpenSSLKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ X509* certSrc;
+ X509* certDst;
+ X509_CRL* crlSrc;
+ X509_CRL* crlDst;
+ xmlSecSize size, pos;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecOpenSSLKeyDataX509Id), -1);
+ xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecOpenSSLKeyDataX509Id), -1);
+
+ /* copy certsList */
+ size = xmlSecOpenSSLKeyDataX509GetCertsSize(src);
+ for(pos = 0; pos < size; ++pos) {
+ certSrc = xmlSecOpenSSLKeyDataX509GetCert(src, pos);
+ if(certSrc == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)),
+ "xmlSecOpenSSLKeyDataX509GetCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+
+ certDst = X509_dup(certSrc);
+ if(certDst == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "X509_dup",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecOpenSSLKeyDataX509AdoptCert(dst, certDst);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "xmlSecOpenSSLKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ X509_free(certDst);
+ return(-1);
+ }
+ }
+
+ /* copy crls */
+ size = xmlSecOpenSSLKeyDataX509GetCrlsSize(src);
+ for(pos = 0; pos < size; ++pos) {
+ crlSrc = xmlSecOpenSSLKeyDataX509GetCrl(src, pos);
+ if(crlSrc == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)),
+ "xmlSecOpenSSLKeyDataX509GetCrl",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+
+ crlDst = X509_CRL_dup(crlSrc);
+ if(crlDst == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "X509_CRL_dup",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecOpenSSLKeyDataX509AdoptCrl(dst, crlDst);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "xmlSecOpenSSLKeyDataX509AdoptCrl",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ X509_CRL_free(crlDst);
+ return(-1);
+ }
+ }
+
+ /* copy key cert if exist */
+ certSrc = xmlSecOpenSSLKeyDataX509GetKeyCert(src);
+ if(certSrc != NULL) {
+ certDst = X509_dup(certSrc);
+ if(certDst == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "X509_dup",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ ret = xmlSecOpenSSLKeyDataX509AdoptKeyCert(dst, certDst);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)),
+ "xmlSecOpenSSLKeyDataX509AdoptKeyCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ X509_free(certDst);
+ return(-1);
+ }
+ }
+ return(0);
+}
+
+static void
+xmlSecOpenSSLKeyDataX509Finalize(xmlSecKeyDataPtr data) {
+ xmlSecOpenSSLX509DataCtxPtr ctx;
+
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id));
+
+ ctx = xmlSecOpenSSLX509DataGetCtx(data);
+ xmlSecAssert(ctx != NULL);
+
+ if(ctx->certsList != NULL) {
+ sk_X509_pop_free(ctx->certsList, X509_free);
+ }
+ if(ctx->crlsList != NULL) {
+ sk_X509_CRL_pop_free(ctx->crlsList, X509_CRL_free);
+ }
+ if(ctx->keyCert != NULL) {
+ X509_free(ctx->keyCert);
+ }
+ memset(ctx, 0, sizeof(xmlSecOpenSSLX509DataCtx));
+}
+
+static int
+xmlSecOpenSSLKeyDataX509XmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataPtr data;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecOpenSSLKeyDataX509Id, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ data = xmlSecKeyEnsureData(key, id);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyEnsureData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecOpenSSLX509DataNodeRead(data, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLX509DataNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS) == 0) {
+ ret = xmlSecOpenSSLKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLKeyDataX509VerifyAndExtractKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ return(0);
+}
+
+static int
+xmlSecOpenSSLKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataPtr data;
+ X509* cert;
+ X509_CRL* crl;
+ xmlSecSize size, pos;
+ int content;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecOpenSSLKeyDataX509Id, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx);
+ if (content < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecX509DataGetNodeContent",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "content=%d", content);
+ return(-1);
+ } else if(content == 0) {
+ /* by default we are writing certificates and crls */
+ content = XMLSEC_X509DATA_DEFAULT;
+ }
+
+ /* get x509 data */
+ data = xmlSecKeyGetData(key, id);
+ if(data == NULL) {
+ /* no x509 data in the key */
+ return(0);
+ }
+
+ /* write certs */
+ size = xmlSecOpenSSLKeyDataX509GetCertsSize(data);
+ for(pos = 0; pos < size; ++pos) {
+ cert = xmlSecOpenSSLKeyDataX509GetCert(data, pos);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLKeyDataX509GetCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+
+ if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) {
+ ret = xmlSecOpenSSLX509CertificateNodeWrite(cert, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLX509CertificateNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+
+ if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) {
+ ret = xmlSecOpenSSLX509SubjectNameNodeWrite(cert, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLX509SubjectNameNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+
+ if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) {
+ ret = xmlSecOpenSSLX509IssuerSerialNodeWrite(cert, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLX509IssuerSerialNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+
+ if((content & XMLSEC_X509DATA_SKI_NODE) != 0) {
+ ret = xmlSecOpenSSLX509SKINodeWrite(cert, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLX509SKINodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+ }
+
+ /* write crls if needed */
+ if((content & XMLSEC_X509DATA_CRL_NODE) != 0) {
+ size = xmlSecOpenSSLKeyDataX509GetCrlsSize(data);
+ for(pos = 0; pos < size; ++pos) {
+ crl = xmlSecOpenSSLKeyDataX509GetCrl(data, pos);
+ if(crl == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLKeyDataX509GetCrl",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+
+ ret = xmlSecOpenSSLX509CRLNodeWrite(crl, node, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLX509CRLNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return(-1);
+ }
+ }
+ }
+
+ return(0);
+}
+
+
+static xmlSecKeyDataType
+xmlSecOpenSSLKeyDataX509GetType(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), xmlSecKeyDataTypeUnknown);
+
+ /* TODO: return verified/not verified status */
+ return(xmlSecKeyDataTypeUnknown);
+}
+
+static const xmlChar*
+xmlSecOpenSSLKeyDataX509GetIdentifier(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), NULL);
+
+ /* TODO */
+ return(NULL);
+}
+
+static void
+xmlSecOpenSSLKeyDataX509DebugDump(xmlSecKeyDataPtr data, FILE* output) {
+ X509* cert;
+ xmlSecSize size, pos;
+
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "=== X509 Data:\n");
+ cert = xmlSecOpenSSLKeyDataX509GetKeyCert(data);
+ if(cert != NULL) {
+ fprintf(output, "==== Key Certificate:\n");
+ xmlSecOpenSSLX509CertDebugDump(cert, output);
+ }
+
+ size = xmlSecOpenSSLKeyDataX509GetCertsSize(data);
+ for(pos = 0; pos < size; ++pos) {
+ cert = xmlSecOpenSSLKeyDataX509GetCert(data, pos);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLKeyDataX509GetCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return;
+ }
+ fprintf(output, "==== Certificate:\n");
+ xmlSecOpenSSLX509CertDebugDump(cert, output);
+ }
+
+ /* we don't print out crls */
+}
+
+static void
+xmlSecOpenSSLKeyDataX509DebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+ X509* cert;
+ xmlSecSize size, pos;
+
+ xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "<X509Data>\n");
+ cert = xmlSecOpenSSLKeyDataX509GetKeyCert(data);
+ if(cert != NULL) {
+ fprintf(output, "<KeyCertificate>\n");
+ xmlSecOpenSSLX509CertDebugXmlDump(cert, output);
+ fprintf(output, "</KeyCertificate>\n");
+ }
+
+ size = xmlSecOpenSSLKeyDataX509GetCertsSize(data);
+ for(pos = 0; pos < size; ++pos) {
+ cert = xmlSecOpenSSLKeyDataX509GetCert(data, pos);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLKeyDataX509GetCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ return;
+ }
+ fprintf(output, "<Certificate>\n");
+ xmlSecOpenSSLX509CertDebugXmlDump(cert, output);
+ fprintf(output, "</Certificate>\n");
+ }
+
+ /* we don't print out crls */
+ fprintf(output, "</X509Data>\n");
+}
+
+static int
+xmlSecOpenSSLX509DataNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ for(cur = xmlSecGetNextElementNode(node->children);
+ cur != NULL;
+ cur = xmlSecGetNextElementNode(cur->next)) {
+
+ ret = 0;
+ if(xmlSecCheckNodeName(cur, xmlSecNodeX509Certificate, xmlSecDSigNs)) {
+ ret = xmlSecOpenSSLX509CertificateNodeRead(data, cur, keyInfoCtx);
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) {
+ ret = xmlSecOpenSSLX509SubjectNameNodeRead(data, cur, keyInfoCtx);
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) {
+ ret = xmlSecOpenSSLX509IssuerSerialNodeRead(data, cur, keyInfoCtx);
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) {
+ ret = xmlSecOpenSSLX509SKINodeRead(data, cur, keyInfoCtx);
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) {
+ ret = xmlSecOpenSSLX509CRLNodeRead(data, cur, keyInfoCtx);
+ } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD) != 0) {
+ /* laxi schema validation: ignore unknown nodes */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "read node failed");
+ return(-1);
+ }
+ }
+ return(0);
+}
+
+static int
+xmlSecOpenSSLX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlChar *content;
+ X509* cert;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ content = xmlNodeGetContent(node);
+ if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
+ if(content != NULL) {
+ xmlFree(content);
+ }
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+ }
+
+ cert = xmlSecOpenSSLX509CertBase64DerRead(content);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLX509CertBase64DerRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(content);
+ return(-1);
+ }
+
+ ret = xmlSecOpenSSLKeyDataX509AdoptCert(data, cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ X509_free(cert);
+ xmlFree(content);
+ return(-1);
+ }
+
+ xmlFree(content);
+ return(0);
+}
+
+static int
+xmlSecOpenSSLX509CertificateNodeWrite(X509* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlChar* buf;
+ xmlNodePtr cur;
+
+ xmlSecAssert2(cert != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ /* set base64 lines size from context */
+ buf = xmlSecOpenSSLX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLX509CertBase64DerWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
+ xmlFree(buf);
+ return(-1);
+ }
+
+ /* todo: add \n around base64 data - from context */
+ /* todo: add errors check */
+ xmlNodeSetContent(cur, xmlSecStringCR);
+ xmlNodeSetContent(cur, buf);
+ xmlFree(buf);
+ return(0);
+}
+
+static int
+xmlSecOpenSSLX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataStorePtr x509Store;
+ xmlChar* subject;
+ X509* cert;
+ X509* cert2;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyInfoCtx->keysMngr != NULL, -1);
+
+ x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecOpenSSLX509StoreId);
+ if(x509Store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ subject = xmlNodeGetContent(node);
+ if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) {
+ if(subject != NULL) {
+ xmlFree(subject);
+ }
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+ }
+
+ cert = xmlSecOpenSSLX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx);
+ if(cert == NULL){
+
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_FOUND,
+ "subject=%s",
+ xmlSecErrorsSafeString(subject));
+ xmlFree(subject);
+ return(-1);
+ }
+
+ xmlFree(subject);
+ return(0);
+ }
+
+ cert2 = X509_dup(cert);
+ if(cert2 == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "X509_dup",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+
+ xmlFree(subject);
+ return(-1);
+ }
+
+ ret = xmlSecOpenSSLKeyDataX509AdoptCert(data, cert2);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ X509_free(cert2);
+ xmlFree(subject);
+ return(-1);
+ }
+
+ xmlFree(subject);
+ return(0);
+}
+
+static int
+xmlSecOpenSSLX509SubjectNameNodeWrite(X509* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
+ xmlChar* buf = NULL;
+ xmlNodePtr cur = NULL;
+
+ xmlSecAssert2(cert != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ buf = xmlSecOpenSSLX509NameWrite(X509_get_subject_name(cert));
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLX509NameWrite(X509_get_subject_name)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SubjectName));
+ xmlFree(buf);
+ return(-1);
+ }
+ xmlSecNodeEncodeAndSetContent(cur, buf);
+ xmlFree(buf);
+ return(0);
+}
+
+static int
+xmlSecOpenSSLX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataStorePtr x509Store;
+ xmlNodePtr cur;
+ xmlChar *issuerName;
+ xmlChar *issuerSerial;
+ X509* cert;
+ X509* cert2;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyInfoCtx->keysMngr != NULL, -1);
+
+ x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecOpenSSLX509StoreId);
+ if(x509Store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ cur = xmlSecGetNextElementNode(node->children);
+ if(cur == NULL) {
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+ return(0);
+ }
+
+ /* the first is required node X509IssuerName */
+ if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+ issuerName = xmlNodeGetContent(cur);
+ if(issuerName == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ /* next is required node X509SerialNumber */
+ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
+ xmlFree(issuerName);
+ return(-1);
+ }
+ issuerSerial = xmlNodeGetContent(cur);
+ if(issuerSerial == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ xmlFree(issuerName);
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(-1);
+ }
+
+ cert = xmlSecOpenSSLX509StoreFindCert(x509Store, NULL, issuerName, issuerSerial, NULL, keyInfoCtx);
+ if(cert == NULL){
+
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_FOUND,
+ "issuerName=%s;issuerSerial=%s",
+ xmlSecErrorsSafeString(issuerName),
+ xmlSecErrorsSafeString(issuerSerial));
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(-1);
+ }
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(0);
+ }
+
+ cert2 = X509_dup(cert);
+ if(cert2 == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "X509_dup",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(-1);
+ }
+
+ ret = xmlSecOpenSSLKeyDataX509AdoptCert(data, cert2);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ X509_free(cert2);
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(-1);
+ }
+
+ xmlFree(issuerSerial);
+ xmlFree(issuerName);
+ return(0);
+}
+
+static int
+xmlSecOpenSSLX509IssuerSerialNodeWrite(X509* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
+ xmlNodePtr cur;
+ xmlNodePtr issuerNameNode;
+ xmlNodePtr issuerNumberNode;
+ xmlChar* buf;
+
+ xmlSecAssert2(cert != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* create xml nodes */
+ cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial));
+ return(-1);
+ }
+
+ issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs);
+ if(issuerNameNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
+ return(-1);
+ }
+
+ issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs);
+ if(issuerNumberNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
+ return(-1);
+ }
+
+ /* write data */
+ buf = xmlSecOpenSSLX509NameWrite(X509_get_issuer_name(cert));
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLX509NameWrite(X509_get_issuer_name)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ xmlSecNodeEncodeAndSetContent(issuerNameNode, buf);
+ xmlFree(buf);
+
+ buf = xmlSecOpenSSLASN1IntegerWrite(X509_get_serialNumber(cert));
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLASN1IntegerWrite(X509_get_serialNumber)",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ xmlSecNodeEncodeAndSetContent(issuerNumberNode, buf);
+ xmlFree(buf);
+
+ return(0);
+}
+
+
+static int
+xmlSecOpenSSLX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataStorePtr x509Store;
+ xmlChar* ski;
+ X509* cert;
+ X509* cert2;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyInfoCtx->keysMngr != NULL, -1);
+
+ x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecOpenSSLX509StoreId);
+ if(x509Store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ski = xmlNodeGetContent(node);
+ if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) {
+ if(ski != NULL) {
+ xmlFree(ski);
+ }
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SKI));
+ return(-1);
+ }
+ return(0);
+ }
+
+ cert = xmlSecOpenSSLX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx);
+ if(cert == NULL){
+ xmlFree(ski);
+
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_FOUND,
+ "ski=%s",
+ xmlSecErrorsSafeString(ski));
+ return(-1);
+ }
+ return(0);
+ }
+
+ cert2 = X509_dup(cert);
+ if(cert2 == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "X509_dup",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(ski);
+ return(-1);
+ }
+
+ ret = xmlSecOpenSSLKeyDataX509AdoptCert(data, cert2);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ X509_free(cert2);
+ xmlFree(ski);
+ return(-1);
+ }
+
+ xmlFree(ski);
+ return(0);
+}
+
+static int
+xmlSecOpenSSLX509SKINodeWrite(X509* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
+ xmlChar *buf = NULL;
+ xmlNodePtr cur = NULL;
+
+ xmlSecAssert2(cert != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ buf = xmlSecOpenSSLX509SKIWrite(cert);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLX509SKIWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "new_node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SKI));
+ xmlFree(buf);
+ return(-1);
+ }
+ xmlSecNodeEncodeAndSetContent(cur, buf);
+ xmlFree(buf);
+
+ return(0);
+}
+
+static int
+xmlSecOpenSSLX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlChar *content;
+ X509_CRL* crl;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ content = xmlNodeGetContent(node);
+ if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
+ if(content != NULL) {
+ xmlFree(content);
+ }
+ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+ }
+
+ crl = xmlSecOpenSSLX509CrlBase64DerRead(content);
+ if(crl == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLX509CrlBase64DerRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(content);
+ return(-1);
+ }
+
+ ret = xmlSecOpenSSLKeyDataX509AdoptCrl(data, crl);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLKeyDataX509AdoptCrl",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ X509_CRL_free(crl);
+ xmlFree(content);
+ return(-1);
+ }
+
+ xmlFree(content);
+ return(0);
+}
+
+static int
+xmlSecOpenSSLX509CRLNodeWrite(X509_CRL* crl, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlChar* buf = NULL;
+ xmlNodePtr cur = NULL;
+
+ xmlSecAssert2(crl != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ /* set base64 lines size from context */
+ buf = xmlSecOpenSSLX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLX509CrlBase64DerWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "new_node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509CRL));
+ xmlFree(buf);
+ return(-1);
+ }
+ /* todo: add \n around base64 data - from context */
+ /* todo: add errors check */
+ xmlNodeSetContent(cur, xmlSecStringCR);
+ xmlNodeSetContent(cur, buf);
+ xmlFree(buf);
+
+ return(0);
+}
+
+static int
+xmlSecOpenSSLKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecOpenSSLX509DataCtxPtr ctx;
+ xmlSecKeyDataStorePtr x509Store;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataX509Id), -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyInfoCtx->keysMngr != NULL, -1);
+
+ ctx = xmlSecOpenSSLX509DataGetCtx(data);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecOpenSSLX509StoreId);
+ if(x509Store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeysMngrGetDataStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((ctx->keyCert == NULL) && (ctx->certsList != NULL) && (xmlSecKeyGetValue(key) == NULL)) {
+ X509* cert;
+
+ cert = xmlSecOpenSSLX509StoreVerify(x509Store, ctx->certsList, ctx->crlsList, keyInfoCtx);
+ if(cert != NULL) {
+ xmlSecKeyDataPtr keyValue;
+
+ ctx->keyCert = X509_dup(cert);
+ if(ctx->keyCert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "X509_dup",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ keyValue = xmlSecOpenSSLX509CertGetKey(ctx->keyCert);
+ if(keyValue == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLX509CertGetKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* verify that the key matches our expectations */
+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeyReqMatchKeyValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(keyValue);
+ return(-1);
+ }
+
+ ret = xmlSecKeySetValue(key, keyValue);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeySetValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(keyValue);
+ return(-1);
+ }
+
+ if((X509_get_notBefore(ctx->keyCert) != NULL) && (X509_get_notAfter(ctx->keyCert) != NULL)) {
+ ret = xmlSecOpenSSLX509CertGetTime(X509_get_notBefore(ctx->keyCert), &(key->notValidBefore));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLX509CertGetTime",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "notValidBefore");
+ return(-1);
+ }
+ ret = xmlSecOpenSSLX509CertGetTime(X509_get_notAfter(ctx->keyCert), &(key->notValidAfter));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecOpenSSLX509CertGetTime",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "notValidAfter");
+ return(-1);
+ }
+ } else {
+ key->notValidBefore = key->notValidAfter = 0;
+ }
+ } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ return(0);
+}
+
+#ifdef HAVE_TIMEGM
+extern time_t timegm (struct tm *tm);
+#else /* HAVE_TIMEGM */
+#ifdef WIN32
+#define timegm(tm) (mktime(tm) - _timezone)
+#else /* WIN32 */
+/* Absolutely not the best way but it's the only ANSI compatible way I know.
+ * If you system has a native struct tm --> GMT time_t conversion function
+ * (like timegm) use it instead.
+ */
+static time_t
+my_timegm(struct tm *t) {
+ time_t tl, tb;
+ struct tm *tg;
+
+ tl = mktime (t);
+ if(tl == -1) {
+ t->tm_hour--;
+ tl = mktime (t);
+ if (tl == -1) {
+ return -1;
+ }
+ tl += 3600;
+ }
+ tg = gmtime (&tl);
+ tg->tm_isdst = 0;
+ tb = mktime (tg);
+ if (tb == -1) {
+ tg->tm_hour--;
+ tb = mktime (tg);
+ if (tb == -1) {
+ return -1;
+ }
+ tb += 3600;
+ }
+ return (tl - (tb - tl));
+}
+
+#define timegm(tm) my_timegm(tm)
+#endif /* WIN32 */
+#endif /* HAVE_TIMEGM */
+
+static int
+xmlSecOpenSSLX509CertGetTime(ASN1_TIME* t, time_t* res) {
+ struct tm tm;
+ int offset;
+
+ xmlSecAssert2(t != NULL, -1);
+ xmlSecAssert2(res != NULL, -1);
+
+ (*res) = 0;
+#ifndef XMLSEC_OPENSSL_096
+ if(!ASN1_TIME_check(t)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "ASN1_TIME_check",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+#endif /* XMLSEC_OPENSSL_096 */
+
+ memset(&tm, 0, sizeof(tm));
+
+#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
+ if(t->type == V_ASN1_UTCTIME) {
+ xmlSecAssert2(t->length > 12, -1);
+
+
+ /* this code is copied from OpenSSL asn1/a_utctm.c file */
+ tm.tm_year = g2(t->data);
+ if(tm.tm_year < 50) {
+ tm.tm_year += 100;
+ }
+ tm.tm_mon = g2(t->data + 2) - 1;
+ tm.tm_mday = g2(t->data + 4);
+ tm.tm_hour = g2(t->data + 6);
+ tm.tm_min = g2(t->data + 8);
+ tm.tm_sec = g2(t->data + 10);
+ if(t->data[12] == 'Z') {
+ offset = 0;
+ } else {
+ xmlSecAssert2(t->length > 16, -1);
+
+ offset = g2(t->data + 13) * 60 + g2(t->data + 15);
+ if(t->data[12] == '-') {
+ offset = -offset;
+ }
+ }
+ tm.tm_isdst = -1;
+ } else {
+ xmlSecAssert2(t->length > 14, -1);
+
+ tm.tm_year = g2(t->data) * 100 + g2(t->data + 2);
+ tm.tm_mon = g2(t->data + 4) - 1;
+ tm.tm_mday = g2(t->data + 6);
+ tm.tm_hour = g2(t->data + 8);
+ tm.tm_min = g2(t->data + 10);
+ tm.tm_sec = g2(t->data + 12);
+ if(t->data[14] == 'Z') {
+ offset = 0;
+ } else {
+ xmlSecAssert2(t->length > 18, -1);
+
+ offset = g2(t->data + 15) * 60 + g2(t->data + 17);
+ if(t->data[14] == '-') {
+ offset = -offset;
+ }
+ }
+ tm.tm_isdst = -1;
+ }
+#undef g2
+ (*res) = timegm(&tm) - offset * 60;
+ return(0);
+}
+
+/**
+ * xmlSecOpenSSLX509CertGetKey:
+ * @cert: the certificate.
+ *
+ * Extracts public key from the @cert.
+ *
+ * Returns: public key value or NULL if an error occurs.
+ */
+xmlSecKeyDataPtr
+xmlSecOpenSSLX509CertGetKey(X509* cert) {
+ xmlSecKeyDataPtr data;
+ EVP_PKEY *pKey = NULL;
+
+ xmlSecAssert2(cert != NULL, NULL);
+
+ pKey = X509_get_pubkey(cert);
+ if(pKey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "X509_get_pubkey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ data = xmlSecOpenSSLEvpKeyAdopt(pKey);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLEvpKeyAdopt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ EVP_PKEY_free(pKey);
+ return(NULL);
+ }
+
+ return(data);
+}
+
+static X509*
+xmlSecOpenSSLX509CertBase64DerRead(xmlChar* buf) {
+ int ret;
+
+ xmlSecAssert2(buf != NULL, NULL);
+
+ /* usual trick with base64 decoding "in-place" */
+ ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Decode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ return(xmlSecOpenSSLX509CertDerRead((xmlSecByte*)buf, ret));
+}
+
+static X509*
+xmlSecOpenSSLX509CertDerRead(const xmlSecByte* buf, xmlSecSize size) {
+ X509 *cert = NULL;
+ BIO *mem = NULL;
+ int ret;
+
+ xmlSecAssert2(buf != NULL, NULL);
+ xmlSecAssert2(size > 0, NULL);
+
+ mem = BIO_new(BIO_s_mem());
+ if(mem == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BIO_new",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "BIO_s_mem");
+ return(NULL);
+ }
+
+ ret = BIO_write(mem, buf, size);
+ if(ret <= 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BIO_write",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", size);
+ BIO_free_all(mem);
+ return(NULL);
+ }
+
+ cert = d2i_X509_bio(mem, NULL);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "d2i_X509_bio",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ BIO_free_all(mem);
+ return(NULL);
+ }
+
+ BIO_free_all(mem);
+ return(cert);
+}
+
+static xmlChar*
+xmlSecOpenSSLX509CertBase64DerWrite(X509* cert, int base64LineWrap) {
+ xmlChar *res = NULL;
+ BIO *mem = NULL;
+ xmlSecByte *p = NULL;
+ long size;
+
+ xmlSecAssert2(cert != NULL, NULL);
+
+ mem = BIO_new(BIO_s_mem());
+ if(mem == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BIO_new",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "BIO_s_mem");
+ return(NULL);
+ }
+
+ /* todo: add error checks */
+ i2d_X509_bio(mem, cert);
+ BIO_flush(mem);
+
+ size = BIO_get_mem_data(mem, &p);
+ if((size <= 0) || (p == NULL)){
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BIO_get_mem_data",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ BIO_free_all(mem);
+ return(NULL);
+ }
+
+ res = xmlSecBase64Encode(p, size, base64LineWrap);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ BIO_free_all(mem);
+ return(NULL);
+ }
+
+ BIO_free_all(mem);
+ return(res);
+}
+
+static X509_CRL*
+xmlSecOpenSSLX509CrlBase64DerRead(xmlChar* buf) {
+ int ret;
+
+ xmlSecAssert2(buf != NULL, NULL);
+
+ /* usual trick with base64 decoding "in-place" */
+ ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Decode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ return(xmlSecOpenSSLX509CrlDerRead((xmlSecByte*)buf, ret));
+}
+
+static X509_CRL*
+xmlSecOpenSSLX509CrlDerRead(xmlSecByte* buf, xmlSecSize size) {
+ X509_CRL *crl = NULL;
+ BIO *mem = NULL;
+ int ret;
+
+ xmlSecAssert2(buf != NULL, NULL);
+ xmlSecAssert2(size > 0, NULL);
+
+ mem = BIO_new(BIO_s_mem());
+ if(mem == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BIO_new",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "BIO_s_mem");
+ return(NULL);
+ }
+
+ ret = BIO_write(mem, buf, size);
+ if(ret <= 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BIO_write",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "size=%d", size);
+ BIO_free_all(mem);
+ return(NULL);
+ }
+
+ crl = d2i_X509_CRL_bio(mem, NULL);
+ if(crl == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "d2i_X509_CRL_bio",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ BIO_free_all(mem);
+ return(NULL);
+ }
+
+ BIO_free_all(mem);
+ return(crl);
+}
+
+static xmlChar*
+xmlSecOpenSSLX509CrlBase64DerWrite(X509_CRL* crl, int base64LineWrap) {
+ xmlChar *res = NULL;
+ BIO *mem = NULL;
+ xmlSecByte *p = NULL;
+ long size;
+
+ xmlSecAssert2(crl != NULL, NULL);
+
+ mem = BIO_new(BIO_s_mem());
+ if(mem == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BIO_new",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "BIO_s_mem");
+ return(NULL);
+ }
+
+ /* todo: add error checks */
+ i2d_X509_CRL_bio(mem, crl);
+ BIO_flush(mem);
+
+ size = BIO_get_mem_data(mem, &p);
+ if((size <= 0) || (p == NULL)){
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BIO_get_mem_data",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ BIO_free_all(mem);
+ return(NULL);
+ }
+
+ res = xmlSecBase64Encode(p, size, base64LineWrap);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ BIO_free_all(mem);
+ return(NULL);
+ }
+
+ BIO_free_all(mem);
+ return(res);
+}
+
+static xmlChar*
+xmlSecOpenSSLX509NameWrite(X509_NAME* nm) {
+ xmlChar *res = NULL;
+ BIO *mem = NULL;
+ long size;
+
+ xmlSecAssert2(nm != NULL, NULL);
+
+ mem = BIO_new(BIO_s_mem());
+ if(mem == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BIO_new",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "BIO_s_mem");
+ return(NULL);
+ }
+
+ if (X509_NAME_print_ex(mem, nm, 0, XN_FLAG_RFC2253) <=0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "X509_NAME_print_ex",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ BIO_free_all(mem);
+ return(NULL);
+ }
+
+ BIO_flush(mem); /* should call flush ? */
+
+ size = BIO_pending(mem);
+ res = xmlMalloc(size + 1);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ BIO_free_all(mem);
+ return(NULL);
+ }
+
+ size = BIO_read(mem, res, size);
+ res[size] = '\0';
+
+ BIO_free_all(mem);
+ return(res);
+}
+
+static xmlChar*
+xmlSecOpenSSLASN1IntegerWrite(ASN1_INTEGER *asni) {
+ xmlChar *res = NULL;
+ BIGNUM *bn;
+ char *p;
+
+ xmlSecAssert2(asni != NULL, NULL);
+
+ bn = ASN1_INTEGER_to_BN(asni, NULL);
+ if(bn == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "ASN1_INTEGER_to_BN",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ p = BN_bn2dec(bn);
+ if (p == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BN_bn2dec",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ BN_free(bn);
+ return(NULL);
+ }
+ BN_free(bn);
+ bn = NULL;
+
+ /* OpenSSL and LibXML2 can have different memory callbacks, i.e.
+ when data is allocated in OpenSSL should be freed with OpenSSL
+ method, not with LibXML2 method.
+ */
+ res = xmlCharStrdup(p);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlCharStrdup",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ OPENSSL_free(p);
+ return(NULL);
+ }
+ OPENSSL_free(p);
+ p = NULL;
+ return(res);
+}
+
+static xmlChar*
+xmlSecOpenSSLX509SKIWrite(X509* cert) {
+ xmlChar *res = NULL;
+ int index;
+ X509_EXTENSION *ext;
+ ASN1_OCTET_STRING *keyId;
+
+ xmlSecAssert2(cert != NULL, NULL);
+
+ index = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
+ if (index < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "Certificate without SubjectKeyIdentifier extension",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ ext = X509_get_ext(cert, index);
+ if (ext == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "X509_get_ext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ keyId = X509V3_EXT_d2i(ext);
+ if (keyId == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "X509V3_EXT_d2i",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ M_ASN1_OCTET_STRING_free(keyId);
+ return(NULL);
+ }
+
+ res = xmlSecBase64Encode(M_ASN1_STRING_data(keyId), M_ASN1_STRING_length(keyId), 0);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ M_ASN1_OCTET_STRING_free(keyId);
+ return(NULL);
+ }
+ M_ASN1_OCTET_STRING_free(keyId);
+
+ return(res);
+}
+
+static void
+xmlSecOpenSSLX509CertDebugDump(X509* cert, FILE* output) {
+ char buf[1024];
+ BIGNUM *bn = NULL;
+
+ xmlSecAssert(cert != NULL);
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "==== Subject Name: %s\n",
+ X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf)));
+ fprintf(output, "==== Issuer Name: %s\n",
+ X509_NAME_oneline(X509_get_issuer_name(cert), buf, sizeof(buf)));
+ fprintf(output, "==== Issuer Serial: ");
+ bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(cert),NULL);
+ if(bn != NULL) {
+ BN_print_fp(output, bn);
+ BN_free(bn);
+ fprintf(output, "\n");
+ } else {
+ fprintf(output, "unknown\n");
+ }
+}
+
+
+static void
+xmlSecOpenSSLX509CertDebugXmlDump(X509* cert, FILE* output) {
+ char buf[1024];
+ BIGNUM *bn = NULL;
+
+ xmlSecAssert(cert != NULL);
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "<SubjectName>");
+ xmlSecPrintXmlString(output,
+ BAD_CAST X509_NAME_oneline(X509_get_subject_name(cert), buf, sizeof(buf))
+ );
+ fprintf(output, "</SubjectName>\n");
+
+
+ fprintf(output, "<IssuerName>");
+ xmlSecPrintXmlString(output,
+ BAD_CAST X509_NAME_oneline(X509_get_issuer_name(cert), buf, sizeof(buf)));
+ fprintf(output, "</IssuerName>\n");
+
+ fprintf(output, "<SerialNumber>");
+ bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(cert),NULL);
+ if(bn != NULL) {
+ BN_print_fp(output, bn);
+ BN_free(bn);
+ }
+ fprintf(output, "</SerialNumber>\n");
+}
+
+
+/**************************************************************************
+ *
+ * Raw X509 Certificate processing
+ *
+ *
+ *************************************************************************/
+static int xmlSecOpenSSLKeyDataRawX509CertBinRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+
+static xmlSecKeyDataKlass xmlSecOpenSSLKeyDataRawX509CertKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ sizeof(xmlSecKeyData),
+
+ /* data */
+ xmlSecNameRawX509Cert,
+ xmlSecKeyDataUsageRetrievalMethodNodeBin,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefRawX509Cert, /* const xmlChar* href; */
+ NULL, /* const xmlChar* dataNodeName; */
+ xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ NULL, /* xmlSecKeyDataInitializeMethod initialize; */
+ NULL, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ NULL, /* xmlSecKeyDataFinalizeMethod finalize; */
+ NULL, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ NULL, /* xmlSecKeyDataGetTypeMethod getType; */
+ NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecOpenSSLKeyDataRawX509CertBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ NULL, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ NULL, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecOpenSSLKeyDataRawX509CertGetKlass:
+ *
+ * The raw X509 certificates key data klass.
+ *
+ * Returns: raw X509 certificates key data klass.
+ */
+xmlSecKeyDataId
+xmlSecOpenSSLKeyDataRawX509CertGetKlass(void) {
+ return(&xmlSecOpenSSLKeyDataRawX509CertKlass);
+}
+
+static int
+xmlSecOpenSSLKeyDataRawX509CertBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ const xmlSecByte* buf, xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataPtr data;
+ X509* cert;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecOpenSSLKeyDataRawX509CertId, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(bufSize > 0, -1);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ cert = xmlSecOpenSSLX509CertDerRead(buf, bufSize);
+ if(cert == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLX509CertDerRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ data = xmlSecKeyEnsureData(key, xmlSecOpenSSLKeyDataX509Id);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyEnsureData",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ X509_free(cert);
+ return(-1);
+ }
+
+ ret = xmlSecOpenSSLKeyDataX509AdoptCert(data, cert);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLKeyDataX509AdoptCert",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ X509_free(cert);
+ return(-1);
+ }
+
+ ret = xmlSecOpenSSLKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecOpenSSLKeyDataX509VerifyAndExtractKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+#endif /* XMLSEC_NO_X509 */
diff --git a/src/openssl/x509vfy.c b/src/openssl/x509vfy.c
new file mode 100644
index 00000000..fe51da4e
--- /dev/null
+++ b/src/openssl/x509vfy.c
@@ -0,0 +1,1284 @@
+/**
+ * XMLSec library
+ *
+ * X509 support
+ *
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#ifndef XMLSEC_NO_X509
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+
+#include <libxml/tree.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509_vfy.h>
+#include <openssl/x509v3.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/openssl/crypto.h>
+#include <xmlsec/openssl/evp.h>
+#include <xmlsec/openssl/x509.h>
+
+/**************************************************************************
+ *
+ * Internal OpenSSL X509 store CTX
+ *
+ *************************************************************************/
+typedef struct _xmlSecOpenSSLX509StoreCtx xmlSecOpenSSLX509StoreCtx,
+ *xmlSecOpenSSLX509StoreCtxPtr;
+struct _xmlSecOpenSSLX509StoreCtx {
+ X509_STORE* xst;
+ STACK_OF(X509)* untrusted;
+ STACK_OF(X509_CRL)* crls;
+
+#if !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097)
+ X509_VERIFY_PARAM * vpm;
+#endif /* !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) */
+};
+
+/****************************************************************************
+ *
+ * xmlSecOpenSSLKeyDataStoreX509Id:
+ *
+ * xmlSecOpenSSLX509StoreCtx is located after xmlSecTransform
+ *
+ ***************************************************************************/
+#define xmlSecOpenSSLX509StoreGetCtx(store) \
+ ((xmlSecOpenSSLX509StoreCtxPtr)(((xmlSecByte*)(store)) + \
+ sizeof(xmlSecKeyDataStoreKlass)))
+#define xmlSecOpenSSLX509StoreSize \
+ (sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecOpenSSLX509StoreCtx))
+
+static int xmlSecOpenSSLX509StoreInitialize (xmlSecKeyDataStorePtr store);
+static void xmlSecOpenSSLX509StoreFinalize (xmlSecKeyDataStorePtr store);
+
+static xmlSecKeyDataStoreKlass xmlSecOpenSSLX509StoreKlass = {
+ sizeof(xmlSecKeyDataStoreKlass),
+ xmlSecOpenSSLX509StoreSize,
+
+ /* data */
+ xmlSecNameX509Store, /* const xmlChar* name; */
+
+ /* constructors/destructor */
+ xmlSecOpenSSLX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */
+ xmlSecOpenSSLX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+static int xmlSecOpenSSLX509VerifyCRL (X509_STORE* xst,
+ X509_CRL *crl );
+static X509* xmlSecOpenSSLX509FindCert (STACK_OF(X509) *certs,
+ xmlChar *subjectName,
+ xmlChar *issuerName,
+ xmlChar *issuerSerial,
+ xmlChar *ski);
+static X509* xmlSecOpenSSLX509FindNextChainCert (STACK_OF(X509) *chain,
+ X509 *cert);
+static int xmlSecOpenSSLX509VerifyCertAgainstCrls (STACK_OF(X509_CRL) *crls,
+ X509* cert);
+static X509_NAME* xmlSecOpenSSLX509NameRead (xmlSecByte *str,
+ int len);
+static int xmlSecOpenSSLX509NameStringRead (xmlSecByte **str,
+ int *strLen,
+ xmlSecByte *res,
+ int resLen,
+ xmlSecByte delim,
+ int ingoreTrailingSpaces);
+static int xmlSecOpenSSLX509NamesCompare (X509_NAME *a,
+ X509_NAME *b);
+static int xmlSecOpenSSLX509_NAME_cmp (const X509_NAME * a,
+ const X509_NAME * b);
+static int xmlSecOpenSSLX509_NAME_ENTRY_cmp (const X509_NAME_ENTRY * const *a,
+ const X509_NAME_ENTRY * const *b);
+
+/**
+ * xmlSecOpenSSLX509StoreGetKlass:
+ *
+ * The OpenSSL X509 certificates key data store klass.
+ *
+ * Returns: pointer to OpenSSL X509 certificates key data store klass.
+ */
+xmlSecKeyDataStoreId
+xmlSecOpenSSLX509StoreGetKlass(void) {
+ return(&xmlSecOpenSSLX509StoreKlass);
+}
+
+/**
+ * xmlSecOpenSSLX509StoreFindCert:
+ * @store: the pointer to X509 key data store klass.
+ * @subjectName: the desired certificate name.
+ * @issuerName: the desired certificate issuer name.
+ * @issuerSerial: the desired certificate issuer serial number.
+ * @ski: the desired certificate SKI.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ *
+ * Searches @store for a certificate that matches given criteria.
+ *
+ * Returns: pointer to found certificate or NULL if certificate is not found
+ * or an error occurs.
+ */
+X509*
+xmlSecOpenSSLX509StoreFindCert(xmlSecKeyDataStorePtr store, xmlChar *subjectName,
+ xmlChar *issuerName, xmlChar *issuerSerial,
+ xmlChar *ski, xmlSecKeyInfoCtx* keyInfoCtx) {
+ xmlSecOpenSSLX509StoreCtxPtr ctx;
+ X509* res = NULL;
+
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecOpenSSLX509StoreId), NULL);
+ xmlSecAssert2(keyInfoCtx != NULL, NULL);
+
+ ctx = xmlSecOpenSSLX509StoreGetCtx(store);
+ xmlSecAssert2(ctx != NULL, NULL);
+
+ if((res == NULL) && (ctx->untrusted != NULL)) {
+ res = xmlSecOpenSSLX509FindCert(ctx->untrusted, subjectName, issuerName, issuerSerial, ski);
+ }
+ return(res);
+}
+
+/**
+ * xmlSecOpenSSLX509StoreVerify:
+ * @store: the pointer to X509 key data store klass.
+ * @certs: the untrusted certificates stack.
+ * @crls: the crls stack.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
+ *
+ * Verifies @certs list.
+ *
+ * Returns: pointer to the first verified certificate from @certs.
+ */
+X509*
+xmlSecOpenSSLX509StoreVerify(xmlSecKeyDataStorePtr store, XMLSEC_STACK_OF_X509* certs,
+ XMLSEC_STACK_OF_X509_CRL* crls, xmlSecKeyInfoCtx* keyInfoCtx) {
+ xmlSecOpenSSLX509StoreCtxPtr ctx;
+ STACK_OF(X509)* certs2 = NULL;
+ STACK_OF(X509_CRL)* crls2 = NULL;
+ X509 * res = NULL;
+ X509 * cert;
+ X509 * err_cert = NULL;
+ char buf[256];
+ int err = 0, depth;
+ int i;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecOpenSSLX509StoreId), NULL);
+ xmlSecAssert2(certs != NULL, NULL);
+ xmlSecAssert2(keyInfoCtx != NULL, NULL);
+
+ ctx = xmlSecOpenSSLX509StoreGetCtx(store);
+ xmlSecAssert2(ctx != NULL, NULL);
+ xmlSecAssert2(ctx->xst != NULL, NULL);
+
+ /* dup certs */
+ certs2 = sk_X509_dup(certs);
+ if(certs2 == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "sk_X509_dup",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* add untrusted certs from the store */
+ if(ctx->untrusted != NULL) {
+ for(i = 0; i < sk_X509_num(ctx->untrusted); ++i) {
+ ret = sk_X509_push(certs2, sk_X509_value(ctx->untrusted, i));
+ if(ret < 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "sk_X509_push",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ }
+ }
+
+ /* dup crls but remove all non-verified */
+ if(crls != NULL) {
+ crls2 = sk_X509_CRL_dup(crls);
+ if(crls2 == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "sk_X509_CRL_dup",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ for(i = 0; i < sk_X509_CRL_num(crls2); ) {
+ ret = xmlSecOpenSSLX509VerifyCRL(ctx->xst, sk_X509_CRL_value(crls2, i));
+ if(ret == 1) {
+ ++i;
+ } else if(ret == 0) {
+ (void)sk_X509_CRL_delete(crls2, i);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "xmlSecOpenSSLX509VerifyCRL",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ }
+ }
+
+ /* remove all revoked certs */
+ for(i = 0; i < sk_X509_num(certs2);) {
+ cert = sk_X509_value(certs2, i);
+
+ if(crls2 != NULL) {
+ ret = xmlSecOpenSSLX509VerifyCertAgainstCrls(crls2, cert);
+ if(ret == 0) {
+ (void)sk_X509_delete(certs2, i);
+ continue;
+ } else if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "xmlSecOpenSSLX509VerifyCertAgainstCrls",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ }
+
+ if(ctx->crls != NULL) {
+ ret = xmlSecOpenSSLX509VerifyCertAgainstCrls(ctx->crls, cert);
+ if(ret == 0) {
+ (void)sk_X509_delete(certs2, i);
+ continue;
+ } else if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "xmlSecOpenSSLX509VerifyCertAgainstCrls",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ }
+ ++i;
+ }
+
+ /* get one cert after another and try to verify */
+ for(i = 0; i < sk_X509_num(certs2); ++i) {
+ cert = sk_X509_value(certs2, i);
+ if(xmlSecOpenSSLX509FindNextChainCert(certs2, cert) == NULL) {
+ X509_STORE_CTX xsc;
+
+#if !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097)
+ X509_VERIFY_PARAM * vpm = NULL;
+ unsigned long vpm_flags = 0;
+
+ vpm = X509_VERIFY_PARAM_new();
+ if(vpm == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "X509_VERIFY_PARAM_new",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ vpm_flags = vpm->flags;
+/*
+ vpm_flags &= (~X509_V_FLAG_X509_STRICT);
+*/
+ vpm_flags &= (~X509_V_FLAG_CRL_CHECK);
+
+ X509_VERIFY_PARAM_set_depth(vpm, 9);
+ X509_VERIFY_PARAM_set_flags(vpm, vpm_flags);
+#endif /* !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) */
+
+
+ X509_STORE_CTX_init (&xsc, ctx->xst, cert, certs2);
+
+ if(keyInfoCtx->certsVerificationTime > 0) {
+#if !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097)
+ vpm_flags |= X509_V_FLAG_USE_CHECK_TIME;
+ X509_VERIFY_PARAM_set_time(vpm, keyInfoCtx->certsVerificationTime);
+#endif /* !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) */
+ X509_STORE_CTX_set_time(&xsc, 0, keyInfoCtx->certsVerificationTime);
+ }
+
+#if !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097)
+ X509_STORE_CTX_set0_param(&xsc, vpm);
+#endif /* !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) */
+
+
+ ret = X509_verify_cert(&xsc);
+ err_cert = X509_STORE_CTX_get_current_cert(&xsc);
+ err = X509_STORE_CTX_get_error(&xsc);
+ depth = X509_STORE_CTX_get_error_depth(&xsc);
+
+ X509_STORE_CTX_cleanup (&xsc);
+
+ if(ret == 1) {
+ res = cert;
+ goto done;
+ } else if(ret < 0) {
+ const char* err_msg;
+
+ buf[0] = '\0';
+ X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof buf);
+ err_msg = X509_verify_cert_error_string(err);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "X509_verify_cert",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "subj=%s;err=%d;msg=%s",
+ xmlSecErrorsSafeString(buf),
+ err,
+ xmlSecErrorsSafeString(err_msg));
+ goto done;
+ } else if(ret == 0) {
+ const char* err_msg;
+
+ buf[0] = '\0';
+ X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof buf);
+ err_msg = X509_verify_cert_error_string(err);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "X509_verify_cert",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "subj=%s;err=%d;msg=%s",
+ xmlSecErrorsSafeString(buf),
+ err,
+ xmlSecErrorsSafeString(err_msg));
+ }
+ }
+ }
+
+ /* if we came here then we found nothing. do we have any error? */
+ if((err != 0) && (err_cert != NULL)) {
+ const char* err_msg;
+
+ err_msg = X509_verify_cert_error_string(err);
+ switch (err) {
+ case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+ X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, sizeof buf);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_ISSUER_FAILED,
+ "err=%d;msg=%s;issuer=%s",
+ err,
+ xmlSecErrorsSafeString(err_msg),
+ xmlSecErrorsSafeString(buf));
+ break;
+ case X509_V_ERR_CERT_NOT_YET_VALID:
+ case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_NOT_YET_VALID,
+ "err=%d;msg=%s", err,
+ xmlSecErrorsSafeString(err_msg));
+ break;
+ case X509_V_ERR_CERT_HAS_EXPIRED:
+ case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_HAS_EXPIRED,
+ "err=%d;msg=%s", err,
+ xmlSecErrorsSafeString(err_msg));
+ break;
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ NULL,
+ XMLSEC_ERRORS_R_CERT_VERIFY_FAILED,
+ "err=%d;msg=%s", err,
+ xmlSecErrorsSafeString(err_msg));
+ }
+ }
+
+done:
+ if(certs2 != NULL) {
+ sk_X509_free(certs2);
+ }
+ if(crls2 != NULL) {
+ sk_X509_CRL_free(crls2);
+ }
+ return(res);
+}
+
+/**
+ * xmlSecOpenSSLX509StoreAdoptCert:
+ * @store: the pointer to X509 key data store klass.
+ * @cert: the pointer to OpenSSL X509 certificate.
+ * @type: the certificate type (trusted/untrusted).
+ *
+ * Adds trusted (root) or untrusted certificate to the store.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecOpenSSLX509StoreAdoptCert(xmlSecKeyDataStorePtr store, X509* cert, xmlSecKeyDataType type) {
+ xmlSecOpenSSLX509StoreCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecOpenSSLX509StoreId), -1);
+ xmlSecAssert2(cert != NULL, -1);
+
+ ctx = xmlSecOpenSSLX509StoreGetCtx(store);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if((type & xmlSecKeyDataTypeTrusted) != 0) {
+ xmlSecAssert2(ctx->xst != NULL, -1);
+
+ ret = X509_STORE_add_cert(ctx->xst, cert);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "X509_STORE_add_cert",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ /* add cert increments the reference */
+ X509_free(cert);
+ } else {
+ xmlSecAssert2(ctx->untrusted != NULL, -1);
+
+ ret = sk_X509_push(ctx->untrusted, cert);
+ if(ret < 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "sk_X509_push",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ return(0);
+}
+
+/**
+ * xmlSecOpenSSLX509StoreAdoptCrl:
+ * @store: the pointer to X509 key data store klass.
+ * @crl: the pointer to OpenSSL X509_CRL.
+ *
+ * Adds X509 CRL to the store.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecOpenSSLX509StoreAdoptCrl(xmlSecKeyDataStorePtr store, X509_CRL* crl) {
+ xmlSecOpenSSLX509StoreCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecOpenSSLX509StoreId), -1);
+ xmlSecAssert2(crl != NULL, -1);
+
+ ctx = xmlSecOpenSSLX509StoreGetCtx(store);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->crls != NULL, -1);
+
+ ret = sk_X509_CRL_push(ctx->crls, crl);
+ if(ret < 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "sk_X509_CRL_push",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return (0);
+}
+
+/**
+ * xmlSecOpenSSLX509StoreAddCertsPath:
+ * @store: the pointer to OpenSSL x509 store.
+ * @path: the path to the certs dir.
+ *
+ * Adds all certs in the @path to the list of trusted certs
+ * in @store.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecOpenSSLX509StoreAddCertsPath(xmlSecKeyDataStorePtr store, const char *path) {
+ xmlSecOpenSSLX509StoreCtxPtr ctx;
+ X509_LOOKUP *lookup = NULL;
+
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecOpenSSLX509StoreId), -1);
+ xmlSecAssert2(path != NULL, -1);
+
+ ctx = xmlSecOpenSSLX509StoreGetCtx(store);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->xst != NULL, -1);
+
+ lookup = X509_STORE_add_lookup(ctx->xst, X509_LOOKUP_hash_dir());
+ if(lookup == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "X509_STORE_add_lookup",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ if(!X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_PEM)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "X509_LOOKUP_add_dir",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "path='%s'",
+ xmlSecErrorsSafeString(path)
+ );
+ return(-1);
+ }
+ return(0);
+}
+
+/**
+ * xmlSecOpenSSLX509StoreAddCertsFile:
+ * @store: the pointer to OpenSSL x509 store.
+ * @file: the certs file.
+ *
+ * Adds all certs in @file to the list of trusted certs
+ * in @store. It is possible for @file to contain multiple certs.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecOpenSSLX509StoreAddCertsFile(xmlSecKeyDataStorePtr store, const char *file) {
+ xmlSecOpenSSLX509StoreCtxPtr ctx;
+ X509_LOOKUP *lookup = NULL;
+
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecOpenSSLX509StoreId), -1);
+ xmlSecAssert2(file != NULL, -1);
+
+ ctx = xmlSecOpenSSLX509StoreGetCtx(store);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->xst != NULL, -1);
+
+ lookup = X509_STORE_add_lookup(ctx->xst, X509_LOOKUP_file());
+ if(lookup == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "X509_STORE_add_lookup",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ if(!X509_LOOKUP_load_file(lookup, file, X509_FILETYPE_PEM)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "X509_LOOKUP_load_file",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "file='%s'",
+ xmlSecErrorsSafeString(file)
+ );
+ return(-1);
+ }
+ return(0);
+}
+
+static int
+xmlSecOpenSSLX509StoreInitialize(xmlSecKeyDataStorePtr store) {
+ const xmlChar* path;
+ X509_LOOKUP *lookup = NULL;
+
+ xmlSecOpenSSLX509StoreCtxPtr ctx;
+ xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecOpenSSLX509StoreId), -1);
+
+ ctx = xmlSecOpenSSLX509StoreGetCtx(store);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecOpenSSLX509StoreCtx));
+
+ ctx->xst = X509_STORE_new();
+ if(ctx->xst == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "X509_STORE_new",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if(!X509_STORE_set_default_paths(ctx->xst)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "X509_STORE_set_default_paths",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+
+ lookup = X509_STORE_add_lookup(ctx->xst, X509_LOOKUP_hash_dir());
+ if(lookup == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "X509_STORE_add_lookup",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ path = xmlSecOpenSSLGetDefaultTrustedCertsFolder();
+ if(path != NULL) {
+ if(!X509_LOOKUP_add_dir(lookup, (char*)path, X509_FILETYPE_PEM)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "X509_LOOKUP_add_dir",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "path='%s'",
+ xmlSecErrorsSafeString(path)
+ );
+ return(-1);
+ }
+ } else {
+ if(!X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "X509_LOOKUP_add_dir",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE
+ );
+ return(-1);
+ }
+ }
+
+ ctx->untrusted = sk_X509_new_null();
+ if(ctx->untrusted == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "sk_X509_new_null",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ctx->crls = sk_X509_CRL_new_null();
+ if(ctx->crls == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "sk_X509_CRL_new_null",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+#if !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097)
+ ctx->vpm = X509_VERIFY_PARAM_new();
+ if(ctx->vpm == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
+ "X509_VERIFY_PARAM_new",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ X509_VERIFY_PARAM_set_depth(ctx->vpm, 9); /* the default cert verification path in openssl */
+ X509_STORE_set1_param(ctx->xst, ctx->vpm);
+
+#else /* !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) */
+ ctx->xst->depth = 9; /* the default cert verification path in openssl */
+#endif /* !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) */
+
+ return(0);
+}
+
+static void
+xmlSecOpenSSLX509StoreFinalize(xmlSecKeyDataStorePtr store) {
+ xmlSecOpenSSLX509StoreCtxPtr ctx;
+ xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecOpenSSLX509StoreId));
+
+ ctx = xmlSecOpenSSLX509StoreGetCtx(store);
+ xmlSecAssert(ctx != NULL);
+
+
+ if(ctx->xst != NULL) {
+ X509_STORE_free(ctx->xst);
+ }
+ if(ctx->untrusted != NULL) {
+ sk_X509_pop_free(ctx->untrusted, X509_free);
+ }
+ if(ctx->crls != NULL) {
+ sk_X509_CRL_pop_free(ctx->crls, X509_CRL_free);
+ }
+#if !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097)
+ if(ctx->vpm != NULL) {
+ X509_VERIFY_PARAM_free(ctx->vpm);
+ }
+#endif /* !defined(XMLSEC_OPENSSL_096) && !defined(XMLSEC_OPENSSL_097) */
+
+ memset(ctx, 0, sizeof(xmlSecOpenSSLX509StoreCtx));
+}
+
+
+/*****************************************************************************
+ *
+ * Low-level x509 functions
+ *
+ *****************************************************************************/
+static int
+xmlSecOpenSSLX509VerifyCRL(X509_STORE* xst, X509_CRL *crl ) {
+ X509_STORE_CTX xsc;
+ X509_OBJECT xobj;
+ EVP_PKEY *pkey;
+ int ret;
+
+ xmlSecAssert2(xst != NULL, -1);
+ xmlSecAssert2(crl != NULL, -1);
+
+ X509_STORE_CTX_init(&xsc, xst, NULL, NULL);
+ ret = X509_STORE_get_by_subject(&xsc, X509_LU_X509,
+ X509_CRL_get_issuer(crl), &xobj);
+ if(ret <= 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "X509_STORE_get_by_subject",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ pkey = X509_get_pubkey(xobj.data.x509);
+ X509_OBJECT_free_contents(&xobj);
+ if(pkey == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "X509_get_pubkey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ ret = X509_CRL_verify(crl, pkey);
+ EVP_PKEY_free(pkey);
+ if(ret != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "X509_CRL_verify",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ }
+ X509_STORE_CTX_cleanup (&xsc);
+ return((ret == 1) ? 1 : 0);
+}
+
+static X509*
+xmlSecOpenSSLX509FindCert(STACK_OF(X509) *certs, xmlChar *subjectName,
+ xmlChar *issuerName, xmlChar *issuerSerial,
+ xmlChar *ski) {
+ X509 *cert = NULL;
+ int i;
+
+ xmlSecAssert2(certs != NULL, NULL);
+
+ /* todo: may be this is not the fastest way to search certs */
+ if(subjectName != NULL) {
+ X509_NAME *nm;
+ X509_NAME *subj;
+
+ nm = xmlSecOpenSSLX509NameRead(subjectName, xmlStrlen(subjectName));
+ if(nm == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLX509NameRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "subject=%s",
+ xmlSecErrorsSafeString(subjectName));
+ return(NULL);
+ }
+
+ for(i = 0; i < sk_X509_num(certs); ++i) {
+ cert = sk_X509_value(certs, i);
+ subj = X509_get_subject_name(cert);
+ if(xmlSecOpenSSLX509NamesCompare(nm, subj) == 0) {
+ X509_NAME_free(nm);
+ return(cert);
+ }
+ }
+ X509_NAME_free(nm);
+ } else if((issuerName != NULL) && (issuerSerial != NULL)) {
+ X509_NAME *nm;
+ X509_NAME *issuer;
+ BIGNUM *bn;
+ ASN1_INTEGER *serial;
+
+ nm = xmlSecOpenSSLX509NameRead(issuerName, xmlStrlen(issuerName));
+ if(nm == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLX509NameRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "issuer=%s",
+ xmlSecErrorsSafeString(issuerName));
+ return(NULL);
+ }
+
+ bn = BN_new();
+ if(bn == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BN_new",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ X509_NAME_free(nm);
+ return(NULL);
+ }
+ if(BN_dec2bn(&bn, (char*)issuerSerial) == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BN_dec2bn",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ BN_free(bn);
+ X509_NAME_free(nm);
+ return(NULL);
+ }
+
+ serial = BN_to_ASN1_INTEGER(bn, NULL);
+ if(serial == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "BN_to_ASN1_INTEGER",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ BN_free(bn);
+ X509_NAME_free(nm);
+ return(NULL);
+ }
+ BN_free(bn);
+
+
+ for(i = 0; i < sk_X509_num(certs); ++i) {
+ cert = sk_X509_value(certs, i);
+ if(ASN1_INTEGER_cmp(X509_get_serialNumber(cert), serial) != 0) {
+ continue;
+ }
+ issuer = X509_get_issuer_name(cert);
+ if(xmlSecOpenSSLX509NamesCompare(nm, issuer) == 0) {
+ ASN1_INTEGER_free(serial);
+ X509_NAME_free(nm);
+ return(cert);
+ }
+ }
+
+ X509_NAME_free(nm);
+ ASN1_INTEGER_free(serial);
+ } else if(ski != NULL) {
+ int len;
+ int index;
+ X509_EXTENSION *ext;
+ ASN1_OCTET_STRING *keyId;
+
+ /* our usual trick with base64 decode */
+ len = xmlSecBase64Decode(ski, (xmlSecByte*)ski, xmlStrlen(ski));
+ if(len < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Decode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ski=%s",
+ xmlSecErrorsSafeString(ski));
+ return(NULL);
+ }
+ for(i = 0; i < sk_X509_num(certs); ++i) {
+ cert = sk_X509_value(certs, i);
+ index = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
+ if((index >= 0) && (ext = X509_get_ext(cert, index))) {
+ keyId = X509V3_EXT_d2i(ext);
+ if((keyId != NULL) && (keyId->length == len) &&
+ (memcmp(keyId->data, ski, len) == 0)) {
+ M_ASN1_OCTET_STRING_free(keyId);
+ return(cert);
+ }
+ M_ASN1_OCTET_STRING_free(keyId);
+ }
+ }
+ }
+
+ return(NULL);
+}
+
+static X509*
+xmlSecOpenSSLX509FindNextChainCert(STACK_OF(X509) *chain, X509 *cert) {
+ unsigned long certSubjHash;
+ int i;
+
+ xmlSecAssert2(chain != NULL, NULL);
+ xmlSecAssert2(cert != NULL, NULL);
+
+ certSubjHash = X509_subject_name_hash(cert);
+ for(i = 0; i < sk_X509_num(chain); ++i) {
+ if((sk_X509_value(chain, i) != cert) &&
+ (X509_issuer_name_hash(sk_X509_value(chain, i)) == certSubjHash)) {
+
+ return(sk_X509_value(chain, i));
+ }
+ }
+ return(NULL);
+}
+
+static int
+xmlSecOpenSSLX509VerifyCertAgainstCrls(STACK_OF(X509_CRL) *crls, X509* cert) {
+ X509_NAME *issuer;
+ X509_CRL *crl = NULL;
+ X509_REVOKED *revoked;
+ int i, n;
+ int ret;
+
+ xmlSecAssert2(crls != NULL, -1);
+ xmlSecAssert2(cert != NULL, -1);
+
+ /*
+ * Try to retrieve a CRL corresponding to the issuer of
+ * the current certificate
+ */
+ n = sk_X509_CRL_num(crls);
+ for(i = 0; i < n; i++) {
+ crl = sk_X509_CRL_value(crls, i);
+ if(crl == NULL) {
+ continue;
+ }
+
+ issuer = X509_CRL_get_issuer(crl);
+ if(xmlSecOpenSSLX509NamesCompare(X509_CRL_get_issuer(crl), issuer) == 0) {
+ break;
+ }
+ }
+ if((i >= n) || (crl == NULL)){
+ /* no crls for this issuer */
+ return(1);
+ }
+
+ /*
+ * Check date of CRL to make sure it's not expired
+ */
+ ret = X509_cmp_current_time(X509_CRL_get_nextUpdate(crl));
+ if (ret == 0) {
+ /* crl expired */
+ return(1);
+ }
+
+ /*
+ * Check if the current certificate is revoked by this CRL
+ */
+ n = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
+ for (i = 0; i < n; i++) {
+ revoked = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
+ if (ASN1_INTEGER_cmp(revoked->serialNumber, X509_get_serialNumber(cert)) == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_CERT_REVOKED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(0);
+ }
+ }
+ return(1);
+}
+
+static X509_NAME *
+xmlSecOpenSSLX509NameRead(xmlSecByte *str, int len) {
+ xmlSecByte name[256];
+ xmlSecByte value[256];
+ int nameLen, valueLen;
+ X509_NAME *nm;
+ int type = MBSTRING_ASC;
+
+ xmlSecAssert2(str != NULL, NULL);
+
+ nm = X509_NAME_new();
+ if(nm == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "X509_NAME_new",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ while(len > 0) {
+ /* skip spaces after comma or semicolon */
+ while((len > 0) && isspace(*str)) {
+ ++str; --len;
+ }
+
+ nameLen = xmlSecOpenSSLX509NameStringRead(&str, &len, name, sizeof(name), '=', 0);
+ if(nameLen < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLX509NameStringRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ X509_NAME_free(nm);
+ return(NULL);
+ }
+ name[nameLen] = '\0';
+ if(len > 0) {
+ ++str; --len;
+ if((*str) == '\"') {
+ ++str; --len;
+ valueLen = xmlSecOpenSSLX509NameStringRead(&str, &len,
+ value, sizeof(value), '"', 1);
+ if(valueLen < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLX509NameStringRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ X509_NAME_free(nm);
+ return(NULL);
+ }
+
+ /* skip quote */
+ if((len <= 0) || ((*str) != '\"')) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "quote is expected:%s",
+ xmlSecErrorsSafeString(str));
+ X509_NAME_free(nm);
+ return(NULL);
+ }
+ ++str; --len;
+
+ /* skip spaces before comma or semicolon */
+ while((len > 0) && isspace(*str)) {
+ ++str; --len;
+ }
+ if((len > 0) && ((*str) != ',')) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "comma is expected:%s",
+ xmlSecErrorsSafeString(str));
+ X509_NAME_free(nm);
+ return(NULL);
+ }
+ if(len > 0) {
+ ++str; --len;
+ }
+ type = MBSTRING_ASC;
+ } else if((*str) == '#') {
+ /* TODO: read octect values */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "reading octect values is not implemented yet");
+ X509_NAME_free(nm);
+ return(NULL);
+ } else {
+ valueLen = xmlSecOpenSSLX509NameStringRead(&str, &len,
+ value, sizeof(value), ',', 1);
+ if(valueLen < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecOpenSSLX509NameStringRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ X509_NAME_free(nm);
+ return(NULL);
+ }
+ type = MBSTRING_ASC;
+ }
+ } else {
+ valueLen = 0;
+ }
+ value[valueLen] = '\0';
+ if(len > 0) {
+ ++str; --len;
+ }
+ X509_NAME_add_entry_by_txt(nm, (char*)name, type, value, valueLen, -1, 0);
+ }
+
+ return(nm);
+}
+
+static int
+xmlSecOpenSSLX509NameStringRead(xmlSecByte **str, int *strLen,
+ xmlSecByte *res, int resLen,
+ xmlSecByte delim, int ingoreTrailingSpaces) {
+ xmlSecByte *p, *q, *nonSpace;
+
+ xmlSecAssert2(str != NULL, -1);
+ xmlSecAssert2(strLen != NULL, -1);
+ xmlSecAssert2(res != NULL, -1);
+
+ p = (*str);
+ nonSpace = q = res;
+ while(((p - (*str)) < (*strLen)) && ((*p) != delim) && ((q - res) < resLen)) {
+ if((*p) != '\\') {
+ if(ingoreTrailingSpaces && !isspace(*p)) nonSpace = q;
+ *(q++) = *(p++);
+ } else {
+ ++p;
+ nonSpace = q;
+ if(xmlSecIsHex((*p))) {
+ if((p - (*str) + 1) >= (*strLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "two hex digits expected");
+ return(-1);
+ }
+ *(q++) = xmlSecGetHex(p[0]) * 16 + xmlSecGetHex(p[1]);
+ p += 2;
+ } else {
+ if(((++p) - (*str)) >= (*strLen)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "escaped symbol missed");
+ return(-1);
+ }
+ *(q++) = *(p++);
+ }
+ }
+ }
+ if(((p - (*str)) < (*strLen)) && ((*p) != delim)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "buffer is too small");
+ return(-1);
+ }
+ (*strLen) -= (p - (*str));
+ (*str) = p;
+ return((ingoreTrailingSpaces) ? nonSpace - res + 1 : q - res);
+}
+
+static
+int xmlSecOpenSSLX509_NAME_cmp(const X509_NAME * a, const X509_NAME * b) {
+ int i,ret;
+ const X509_NAME_ENTRY *na,*nb;
+
+ xmlSecAssert2(a != NULL, -1);
+ xmlSecAssert2(b != NULL, 1);
+
+ if (sk_X509_NAME_ENTRY_num(a->entries) != sk_X509_NAME_ENTRY_num(b->entries)) {
+ return sk_X509_NAME_ENTRY_num(a->entries) - sk_X509_NAME_ENTRY_num(b->entries);
+ }
+
+ for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--) {
+ na=sk_X509_NAME_ENTRY_value(a->entries,i);
+ nb=sk_X509_NAME_ENTRY_value(b->entries,i);
+
+ ret = xmlSecOpenSSLX509_NAME_ENTRY_cmp(&na, &nb);
+ if(ret != 0) {
+ return(ret);
+ }
+ }
+
+ return(0);
+}
+
+
+/**
+ * xmlSecOpenSSLX509NamesCompare:
+ *
+ * We have to sort X509_NAME entries to get correct results.
+ * This is ugly but OpenSSL does not support it
+ */
+static int
+xmlSecOpenSSLX509NamesCompare(X509_NAME *a, X509_NAME *b) {
+ X509_NAME *a1 = NULL;
+ X509_NAME *b1 = NULL;
+ int ret;
+
+ xmlSecAssert2(a != NULL, -1);
+ xmlSecAssert2(b != NULL, 1);
+
+ a1 = X509_NAME_dup(a);
+ if(a1 == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "X509_NAME_dup",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ b1 = X509_NAME_dup(b);
+ if(b1 == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "X509_NAME_dup",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(1);
+ }
+
+ /* sort both */
+ (void)sk_X509_NAME_ENTRY_set_cmp_func(a1->entries, xmlSecOpenSSLX509_NAME_ENTRY_cmp);
+ sk_X509_NAME_ENTRY_sort(a1->entries);
+ (void)sk_X509_NAME_ENTRY_set_cmp_func(b1->entries, xmlSecOpenSSLX509_NAME_ENTRY_cmp);
+ sk_X509_NAME_ENTRY_sort(b1->entries);
+
+ /* actually compare */
+ ret = xmlSecOpenSSLX509_NAME_cmp(a1, b1);
+
+ /* cleanup */
+ X509_NAME_free(a1);
+ X509_NAME_free(b1);
+ return(ret);
+}
+
+static int
+xmlSecOpenSSLX509_NAME_ENTRY_cmp(const X509_NAME_ENTRY * const *a, const X509_NAME_ENTRY * const *b) {
+ int ret;
+
+ xmlSecAssert2(a != NULL, -1);
+ xmlSecAssert2(b != NULL, 1);
+ xmlSecAssert2((*a) != NULL, -1);
+ xmlSecAssert2((*b) != NULL, 1);
+
+ /* first compare values */
+ if(((*a)->value == NULL) && ((*b)->value != NULL)) {
+ return(-1);
+ } else if(((*a)->value != NULL) && ((*b)->value == NULL)) {
+ return(1);
+ } else if(((*a)->value == NULL) && ((*b)->value == NULL)) {
+ return(0);
+ }
+
+ ret = (*a)->value->length - (*b)->value->length;
+ if(ret != 0) {
+ return(ret);
+ }
+
+ ret = memcmp((*a)->value->data, (*b)->value->data, (*a)->value->length);
+ if(ret != 0) {
+ return(ret);
+ }
+
+ /* next compare names */
+ return(OBJ_cmp((*a)->object, (*b)->object));
+}
+
+
+#endif /* XMLSEC_NO_X509 */
+
+
diff --git a/src/parser.c b/src/parser.c
new file mode 100644
index 00000000..fdb99c51
--- /dev/null
+++ b/src/parser.c
@@ -0,0 +1,571 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * XML Parser transform and utility functions.
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <libxml/tree.h>
+#include <libxml/parser.h>
+#include <libxml/parserInternals.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/parser.h>
+#include <xmlsec/errors.h>
+
+/**************************************************************************
+ *
+ * Internal parser
+ *
+ *****************************************************************************/
+typedef struct _xmlSecParserCtx xmlSecParserCtx,
+ *xmlSecParserCtxPtr;
+struct _xmlSecParserCtx {
+ xmlParserCtxtPtr parserCtx;
+};
+
+/**************************************************************************
+ *
+ * XML Parser transform
+ *
+ * xmlSecParserCtx is located after xmlSecTransform
+ *
+ ***************************************************************************/
+#define xmlSecParserSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecParserCtx))
+#define xmlSecParserGetCtx(transform) \
+ ((xmlSecTransformCheckSize((transform), xmlSecParserSize)) ? \
+ ((xmlSecParserCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform))) : \
+ (xmlSecParserCtxPtr)NULL)
+
+static int xmlSecParserInitialize (xmlSecTransformPtr transform);
+static void xmlSecParserFinalize (xmlSecTransformPtr transform);
+static int xmlSecParserPushBin (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ int final,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecParserPopXml (xmlSecTransformPtr transform,
+ xmlSecNodeSetPtr* nodes,
+ xmlSecTransformCtxPtr transformCtx);
+
+static xmlSecTransformKlass xmlSecParserKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecParserSize, /* xmlSecSize objSize */
+
+ BAD_CAST "xml-parser", /* const xmlChar* name; */
+ NULL, /* const xmlChar* href; */
+ xmlSecTransformUsageDSigTransform, /* xmlSecTransformUsage usage; */
+
+ xmlSecParserInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecParserFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecParserPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ NULL, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ xmlSecParserPopXml, /* xmlSecTransformPopXmlMethod popXml; */
+ NULL, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecTransformXmlParserGetKlass:
+ *
+ * The XML parser transform.
+ *
+ * Returns: XML parser transform klass.
+ */
+xmlSecTransformId
+xmlSecTransformXmlParserGetKlass(void) {
+ return(&xmlSecParserKlass);
+}
+
+static int
+xmlSecParserInitialize(xmlSecTransformPtr transform) {
+ xmlSecParserCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXmlParserId), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecParserSize), -1);
+
+ ctx = xmlSecParserGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ /* initialize context */
+ memset(ctx, 0, sizeof(xmlSecParserCtx));
+ return(0);
+}
+
+static void
+xmlSecParserFinalize(xmlSecTransformPtr transform) {
+ xmlSecParserCtxPtr ctx;
+
+ xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecTransformXmlParserId));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecParserSize));
+
+ ctx = xmlSecParserGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ if(ctx->parserCtx != NULL) {
+ xmlFreeParserCtxt(ctx->parserCtx);
+ }
+ memset(ctx, 0, sizeof(xmlSecParserCtx));
+}
+
+static int
+xmlSecParserPushBin(xmlSecTransformPtr transform, const xmlSecByte* data,
+ xmlSecSize dataSize, int final, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecParserCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXmlParserId), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecParserGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ /* check/update current transform status */
+ if(transform->status == xmlSecTransformStatusNone) {
+ xmlSecAssert2(ctx->parserCtx == NULL, -1);
+
+ ctx->parserCtx = xmlCreatePushParserCtxt(NULL, NULL, NULL, 0, NULL);
+ if(ctx->parserCtx == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlCreatePushParserCtxt",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* required for c14n! */
+ ctx->parserCtx->loadsubset = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ ctx->parserCtx->replaceEntities = 1;
+
+ transform->status = xmlSecTransformStatusWorking;
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ return(0);
+ } else if(transform->status != xmlSecTransformStatusWorking) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+ xmlSecAssert2(transform->status == xmlSecTransformStatusWorking, -1);
+ xmlSecAssert2(ctx->parserCtx != NULL, -1);
+
+ /* push data to the input buffer */
+ if((data != NULL) && (dataSize > 0)) {
+ ret = xmlParseChunk(ctx->parserCtx, (const char*)data, dataSize, 0);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlParseChunk",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "size=%d", dataSize);
+ return(-1);
+ }
+ }
+
+ /* finish parsing and push to next in the chain */
+ if(final != 0) {
+ ret = xmlParseChunk(ctx->parserCtx, NULL, 0, 1);
+ if((ret != 0) || (ctx->parserCtx->myDoc == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlParseChunk",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* todo: check that document is well formed? */
+ transform->outNodes = xmlSecNodeSetCreate(ctx->parserCtx->myDoc,
+ NULL, xmlSecNodeSetTree);
+ if(transform->outNodes == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecNodeSetCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFreeDoc(ctx->parserCtx->myDoc);
+ ctx->parserCtx->myDoc = NULL;
+ return(-1);
+ }
+ xmlSecNodeSetDocDestroy(transform->outNodes); /* this node set "owns" the doc pointer */
+ ctx->parserCtx->myDoc = NULL;
+
+ /* push result to the next transform (if exist) */
+ if(transform->next != NULL) {
+ ret = xmlSecTransformPushXml(transform->next, transform->outNodes, transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecTransformPushXml",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ transform->status = xmlSecTransformStatusFinished;
+ }
+
+ return(0);
+}
+
+static int
+xmlSecParserPopXml(xmlSecTransformPtr transform, xmlSecNodeSetPtr* nodes,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecParserCtxPtr ctx;
+ xmlParserInputBufferPtr buf;
+ xmlParserInputPtr input;
+ xmlParserCtxtPtr ctxt;
+ xmlDocPtr doc;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXmlParserId), -1);
+ xmlSecAssert2(nodes != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecParserGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ /* check/update current transform status */
+ switch(transform->status) {
+ case xmlSecTransformStatusNone:
+ transform->status = xmlSecTransformStatusWorking;
+ break;
+ case xmlSecTransformStatusWorking:
+ /* just do nothing */
+ break;
+ case xmlSecTransformStatusFinished:
+ (*nodes) = NULL;
+ return(0);
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+ xmlSecAssert2(transform->status == xmlSecTransformStatusWorking, -1);
+
+ /* prepare parser context */
+ if(transform->prev == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ "prev transform is null");
+ return(-1);
+ }
+
+ buf = xmlSecTransformCreateInputBuffer(transform->prev, transformCtx);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecTransformCreateInputBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ctxt = xmlNewParserCtxt();
+ if (ctxt == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlNewParserCtxt",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFreeParserInputBuffer(buf);
+ return(-1);
+ }
+
+ input = xmlNewIOInputStream(ctxt, buf, XML_CHAR_ENCODING_NONE);
+ if(input == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlNewParserCtxt",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFreeParserCtxt(ctxt);
+ xmlFreeParserInputBuffer(buf);
+ return(-1);
+ }
+
+ ret = inputPush(ctxt, input);
+ if(input == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "inputPush",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFreeInputStream(input);
+ xmlFreeParserCtxt(ctxt);
+ return(-1);
+ }
+
+ /* required for c14n! */
+ ctxt->loadsubset = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ ctxt->replaceEntities = 1;
+
+ /* finaly do the parsing */
+ ret = xmlParseDocument(ctxt);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlParseDocument",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ if(ctxt->myDoc != NULL) {
+ xmlFreeDoc(ctxt->myDoc);
+ ctxt->myDoc = NULL;
+ }
+ xmlFreeParserCtxt(ctxt);
+ return(-1);
+ }
+
+ /* remember the result and free parsing context */
+ doc = ctxt->myDoc;
+ ctxt->myDoc = NULL;
+ xmlFreeParserCtxt(ctxt);
+
+ /* return result to the caller */
+ (*nodes) = xmlSecNodeSetCreate(doc, NULL, xmlSecNodeSetTree);
+ if((*nodes) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecNodeSetCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFreeDoc(doc);
+ return(-1);
+ }
+ xmlSecNodeSetDocDestroy((*nodes)); /* this node set "owns" the doc pointer */
+ transform->status = xmlSecTransformStatusFinished;
+ return(0);
+}
+
+/**************************************************************************
+ *
+ * XML Parser functions
+ *
+ *************************************************************************/
+typedef struct _xmlSecExtMemoryParserCtx {
+ const xmlSecByte *prefix;
+ xmlSecSize prefixSize;
+ const xmlSecByte *buffer;
+ xmlSecSize bufferSize;
+ const xmlSecByte *postfix;
+ xmlSecSize postfixSize;
+} xmlSecExtMemoryParserCtx, *xmlSecExtMemoryParserCtxPtr;
+
+/**
+ * xmlSecParseFile:
+ * @filename: the filename.
+ *
+ * Loads XML Doc from file @filename. We need a special version because of
+ * c14n issue. The code is copied from xmlSAXParseFileWithData() function.
+ *
+ * Returns: pointer to the loaded XML document or NULL if an error occurs.
+ */
+xmlDocPtr
+xmlSecParseFile(const char *filename) {
+ xmlDocPtr ret;
+ xmlParserCtxtPtr ctxt;
+ char *directory = NULL;
+
+ xmlSecAssert2(filename != NULL, NULL);
+
+ xmlInitParser();
+ ctxt = xmlCreateFileParserCtxt(filename);
+ if (ctxt == NULL) {
+ return(NULL);
+ }
+
+ /* todo: set directories from current doc? */
+ if ((ctxt->directory == NULL) && (directory == NULL))
+ directory = xmlParserGetDirectory(filename);
+ if ((ctxt->directory == NULL) && (directory != NULL))
+ ctxt->directory = (char *) xmlStrdup((xmlChar *) directory);
+
+ /* required for c14n! */
+ ctxt->loadsubset = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ ctxt->replaceEntities = 1;
+
+ xmlParseDocument(ctxt);
+
+ if(ctxt->wellFormed) {
+ ret = ctxt->myDoc;
+ } else {
+ ret = NULL;
+ xmlFreeDoc(ctxt->myDoc);
+ ctxt->myDoc = NULL;
+ }
+ xmlFreeParserCtxt(ctxt);
+ return(ret);
+
+}
+
+/**
+ * xmlSecParseMemoryExt:
+ * @prefix: the first part of the input.
+ * @prefixSize: the size of the first part of the input.
+ * @buffer: the second part of the input.
+ * @bufferSize: the size of the second part of the input.
+ * @postfix: the third part of the input.
+ * @postfixSize: the size of the third part of the input.
+ *
+ * Loads XML Doc from 3 chunks of memory: @prefix, @buffer and @postfix.
+ *
+ * Returns: pointer to the loaded XML document or NULL if an error occurs.
+ */
+xmlDocPtr
+xmlSecParseMemoryExt(const xmlSecByte *prefix, xmlSecSize prefixSize,
+ const xmlSecByte *buffer, xmlSecSize bufferSize,
+ const xmlSecByte *postfix, xmlSecSize postfixSize) {
+ xmlParserCtxtPtr ctxt = NULL;
+ xmlDocPtr doc = NULL;
+ int ret;
+
+ /* create context */
+ ctxt = xmlCreatePushParserCtxt(NULL, NULL, NULL, 0, NULL);
+ if(ctxt == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlCreatePushParserCtxt",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* required for c14n! */
+ ctxt->loadsubset = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ ctxt->replaceEntities = 1;
+
+ /* prefix */
+ if((prefix != NULL) && (prefixSize > 0)) {
+ ret = xmlParseChunk(ctxt, (const char*)prefix, prefixSize, 0);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlParseChunk",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "prefixSize=%d", prefixSize);
+ goto done;
+ }
+ }
+
+ /* buffer */
+ if((buffer != NULL) && (bufferSize > 0)) {
+ ret = xmlParseChunk(ctxt, (const char*)buffer, bufferSize, 0);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlParseChunk",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "bufferSize=%d", bufferSize);
+ goto done;
+ }
+ }
+
+ /* postfix */
+ if((postfix != NULL) && (postfixSize > 0)) {
+ ret = xmlParseChunk(ctxt, (const char*)postfix, postfixSize, 0);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlParseChunk",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "postfixSize=%d", postfixSize);
+ goto done;
+ }
+ }
+
+ /* finishing */
+ ret = xmlParseChunk(ctxt, NULL, 0, 1);
+ if((ret != 0) || (ctxt->myDoc == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlParseChunk",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+ doc = ctxt->myDoc;
+
+done:
+ if(ctxt != NULL) {
+ xmlFreeParserCtxt(ctxt);
+ }
+ return(doc);
+}
+
+
+/**
+ * xmlSecParseMemory:
+ * @buffer: the input buffer.
+ * @size: the input buffer size.
+ * @recovery: the flag.
+ *
+ * Loads XML Doc from memory. We need a special version because of
+ * c14n issue. The code is copied from xmlSAXParseMemory() function.
+ *
+ * Returns: pointer to the loaded XML document or NULL if an error occurs.
+ */
+xmlDocPtr
+xmlSecParseMemory(const xmlSecByte *buffer, xmlSecSize size, int recovery) {
+ xmlDocPtr ret;
+ xmlParserCtxtPtr ctxt;
+
+ xmlSecAssert2(buffer != NULL, NULL);
+
+ ctxt = xmlCreateMemoryParserCtxt((char*)buffer, size);
+ if (ctxt == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlCreateMemoryParserCtxt",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ /* required for c14n! */
+ ctxt->loadsubset = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ ctxt->replaceEntities = 1;
+
+ xmlParseDocument(ctxt);
+
+ if((ctxt->wellFormed) || recovery) {
+ ret = ctxt->myDoc;
+ } else {
+ ret = NULL;
+ xmlFreeDoc(ctxt->myDoc);
+ ctxt->myDoc = NULL;
+ }
+ xmlFreeParserCtxt(ctxt);
+ return(ret);
+}
+
diff --git a/src/skeleton/Makefile.am b/src/skeleton/Makefile.am
new file mode 100644
index 00000000..2f54f9de
--- /dev/null
+++ b/src/skeleton/Makefile.am
@@ -0,0 +1,45 @@
+NULL =
+
+EXTRA_DIST = \
+ README \
+ $(NULL)
+
+lib_LTLIBRARIES = \
+ libxmlsec1-skeleton.la \
+ $(NULL)
+
+libxmlsec1_skeleton_la_CPPFLAGS = \
+ -DPACKAGE=\"@PACKAGE@\" \
+ -I../../include \
+ -I$(top_srcdir)/include \
+ $(XMLSEC_DEFINES) \
+ $(XMLSEC_SKELETON_DEFINES) \
+ $(SKELETON_CFLAGS) \
+ $(LIBXSLT_CFLAGS) \
+ $(LIBXML_CFLAGS) \
+ $(NULL)
+
+libxmlsec1_skeleton_la_SOURCES =\
+ app.c \
+ crypto.c \
+ globals.h \
+ $(NULL)
+
+if SHAREDLIB_HACK
+libxmlsec1_skeleton_la_SOURCES += ../strings.c
+endif
+
+libxmlsec1_skeleton_la_LIBADD = \
+ $(SKELETON_LIBS) \
+ $(LIBXSLT_LIBS) \
+ $(LIBXML_LIBS) \
+ ../libxmlsec1.la \
+ $(NULL)
+
+libxmlsec1_skeleton_la_DEPENDENCIES = \
+ $(NULL)
+
+libxmlsec1_skeleton_la_LDFLAGS = \
+ @XMLSEC_CRYPTO_EXTRA_LDFLAGS@ \
+ -version-info @XMLSEC_VERSION_INFO@ \
+ $(NULL)
diff --git a/src/skeleton/README b/src/skeleton/README
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/src/skeleton/README
diff --git a/src/skeleton/app.c b/src/skeleton/app.c
new file mode 100644
index 00000000..15ba3cf7
--- /dev/null
+++ b/src/skeleton/app.c
@@ -0,0 +1,499 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+/* TODO: aadd Skeleton include files */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/skeleton/app.h>
+#include <xmlsec/skeleton/crypto.h>
+
+/**
+ * xmlSecSkeletonAppInit:
+ * @config: the path to Skeleton configuration (unused).
+ *
+ * General crypto engine initialization. This function is used
+ * by XMLSec command line utility and called before
+ * @xmlSecInit function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecSkeletonAppInit(const char* config ATTRIBUTE_UNUSED) {
+ /* TODO: initialize Skeleton crypto engine */
+ return(0);
+}
+
+/**
+ * xmlSecSkeletonAppShutdown:
+ *
+ * General crypto engine shutdown. This function is used
+ * by XMLSec command line utility and called after
+ * @xmlSecShutdown function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecSkeletonAppShutdown(void) {
+ /* TODO: shutdown Skeleton crypto engine */
+
+ return(0);
+}
+
+/**
+ * xmlSecSkeletonAppKeyLoad:
+ * @filename: the key filename.
+ * @format: the key file format.
+ * @pwd: the key file password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key from the a file (not implemented yet).
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecSkeletonAppKeyLoad(const char *filename, xmlSecKeyDataFormat format,
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx) {
+ xmlSecAssert2(filename != NULL, NULL);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
+
+ /* TODO: load key */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSkeletonAppKeyLoad",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+}
+
+/**
+ * xmlSecSkeletonAppKeyLoadMemory:
+ * @data: the key binary data.
+ * @dataSize: the key binary data size.
+ * @format: the key data format.
+ * @pwd: the key data2 password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key from a binary @data.
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecSkeletonAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize, xmlSecKeyDataFormat format,
+ const char *pwd, void* pwdCallback, void* pwdCallbackCtx) {
+ xmlSecAssert2(data != NULL, NULL);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
+
+ /* TODO: load key */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSkeletonAppKeyLoad",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+}
+
+
+#ifndef XMLSEC_NO_X509
+/**
+ * xmlSecSkeletonAppKeyCertLoad:
+ * @key: the pointer to key.
+ * @filename: the certificate filename.
+ * @format: the certificate file format.
+ *
+ * Reads the certificate from $@filename and adds it to key
+ * (not implemented yet).
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecSkeletonAppKeyCertLoad(xmlSecKeyPtr key, const char* filename,
+ xmlSecKeyDataFormat format) {
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(filename != NULL, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ /* TODO */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSkeletonAppKeyCertLoad",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+}
+
+/**
+ * xmlSecSkeletonAppKeyCertLoadMemory:
+ * @key: the pointer to key.
+ * @data: the certificate binary data.
+ * @dataSize: the certificate binary data size.
+ * @format: the certificate file format.
+ *
+ * Reads the certificate from memory buffer and adds it to key.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecSkeletonAppKeyCertLoadMemory(xmlSecKeyPtr key, const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecKeyDataFormat format) {
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ /* TODO */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSkeletonAppKeyCertLoadMemory",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+}
+
+/**
+ * xmlSecSkeletonAppPkcs12Load:
+ * @filename: the PKCS12 key filename.
+ * @pwd: the PKCS12 file password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key and all associated certificates from the PKCS12 file
+ * (not implemented yet).
+ * For uniformity, call xmlSecSkeletonAppKeyLoad instead of this function. Pass
+ * in format=xmlSecKeyDataFormatPkcs12.
+ *
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecSkeletonAppPkcs12Load(const char *filename,
+ const char *pwd ATTRIBUTE_UNUSED,
+ void* pwdCallback ATTRIBUTE_UNUSED,
+ void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
+ xmlSecAssert2(filename != NULL, NULL);
+
+ /* TODO: load pkcs12 file */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSkeletonAppPkcs12Load",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+}
+
+/**
+ * xmlSecSkeletonAppPkcs12LoadMemory:
+ * @data: the key binary data.
+ * @dataSize: the key binary data size.
+ * @pwd: the PKCS12 password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
+ *
+ * Reads key and all associated certificates from the PKCS12 binary data.
+ * For uniformity, call xmlSecSkeletonAppKeyLoad instead of this function. Pass
+ * in format=xmlSecKeyDataFormatPkcs12.
+ *
+ * Returns: pointer to the key or NULL if an error occurs.
+ */
+xmlSecKeyPtr
+xmlSecSkeletonAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize, const char *pwd,
+ void *pwdCallback ATTRIBUTE_UNUSED,
+ void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
+ xmlSecAssert2(data != NULL, NULL);
+
+ /* TODO: load pkcs12 file */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSkeletonAppPkcs12Load",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+}
+
+
+
+/**
+ * xmlSecSkeletonAppKeysMngrCertLoad:
+ * @mngr: the keys manager.
+ * @filename: the certificate file.
+ * @format: the certificate file format.
+ * @type: the flag that indicates is the certificate in @filename
+ * trusted or not.
+ *
+ * Reads cert from @filename and adds to the list of trusted or known
+ * untrusted certs in @store (not implemented yet).
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecSkeletonAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(filename != NULL, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ /* TODO: load cert and add to keys manager */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSkeletonAppKeysMngrCertLoad",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+}
+
+/**
+ * xmlSecSkeletonAppKeysMngrCertLoadMemory:
+ * @mngr: the pointer to keys manager.
+ * @data: the key binary data.
+ * @dataSize: the key binary data size.
+ * @format: the certificate format (PEM or DER).
+ * @type: the certificate type (trusted/untrusted).
+ *
+ * Reads cert from @data and adds to the list of trusted or known
+ * untrusted certs in @store
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecSkeletonAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr, const xmlSecByte* data,
+ xmlSecSize dataSize, xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type) {
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
+
+ /* TODO: load cert and add to keys manager */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSkeletonAppKeysMngrCertLoad",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+}
+
+#endif /* XMLSEC_NO_X509 */
+
+/**
+ * xmlSecSkeletonAppDefaultKeysMngrInit:
+ * @mngr: the pointer to keys manager.
+ *
+ * Initializes @mngr with simple keys store #xmlSecSimpleKeysStoreId
+ * and a default Skeleton crypto key data stores.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecSkeletonAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) {
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+
+ /* TODO: if Skeleton crypto engine has another default
+ * keys storage then use it!
+ */
+
+ /* create simple keys store if needed */
+ if(xmlSecKeysMngrGetKeysStore(mngr) == NULL) {
+ xmlSecKeyStorePtr keysStore;
+
+ keysStore = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
+ if(keysStore == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyStoreCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecSimpleKeysStoreId");
+ return(-1);
+ }
+
+ ret = xmlSecKeysMngrAdoptKeysStore(mngr, keysStore);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrAdoptKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyStoreDestroy(keysStore);
+ return(-1);
+ }
+ }
+
+ ret = xmlSecSkeletonKeysMngrInit(mngr);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSkeletonKeysMngrInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ mngr->getKey = xmlSecKeysMngrGetKey;
+ return(0);
+}
+
+/**
+ * xmlSecSkeletonAppDefaultKeysMngrAdoptKey:
+ * @mngr: the pointer to keys manager.
+ * @key: the pointer to key.
+ *
+ * Adds @key to the keys manager @mngr created with #xmlSecSkeletonAppDefaultKeysMngrInit
+ * function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecSkeletonAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr, xmlSecKeyPtr key) {
+ xmlSecKeyStorePtr store;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ /* TODO: if Skeleton crypto engine has another default
+ * keys storage then use it!
+ */
+
+ store = xmlSecKeysMngrGetKeysStore(mngr);
+ if(store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecSimpleKeysStoreAdoptKey(store, key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSimpleKeysStoreAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecSkeletonAppDefaultKeysMngrLoad:
+ * @mngr: the pointer to keys manager.
+ * @uri: the uri.
+ *
+ * Loads XML keys file from @uri to the keys manager @mngr created
+ * with #xmlSecSkeletonAppDefaultKeysMngrInit function.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecSkeletonAppDefaultKeysMngrLoad(xmlSecKeysMngrPtr mngr, const char* uri) {
+ xmlSecKeyStorePtr store;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(uri != NULL, -1);
+
+ /* TODO: if Skeleton crypto engine has another default
+ * keys storage then use it!
+ */
+
+ store = xmlSecKeysMngrGetKeysStore(mngr);
+ if(store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecSimpleKeysStoreLoad(store, uri, mngr);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSimpleKeysStoreLoad",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "uri=%s", xmlSecErrorsSafeString(uri));
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecSkeletonAppDefaultKeysMngrSave:
+ * @mngr: the pointer to keys manager.
+ * @filename: the destination filename.
+ * @type: the type of keys to save (public/private/symmetric).
+ *
+ * Saves keys from @mngr to XML keys file.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecSkeletonAppDefaultKeysMngrSave(xmlSecKeysMngrPtr mngr, const char* filename, xmlSecKeyDataType type) {
+ xmlSecKeyStorePtr store;
+ int ret;
+
+ xmlSecAssert2(mngr != NULL, -1);
+ xmlSecAssert2(filename != NULL, -1);
+
+ /* TODO: if Skeleton crypto engine has another default
+ * keys storage then use it!
+ */
+
+ store = xmlSecKeysMngrGetKeysStore(mngr);
+ if(store == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecSimpleKeysStoreSave(store, filename, type);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSimpleKeysStoreSave",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecSkeletonAppGetDefaultPwdCallback:
+ *
+ * Gets default password callback.
+ *
+ * Returns: default password callback.
+ */
+void*
+xmlSecSkeletonAppGetDefaultPwdCallback(void) {
+ /* TODO */
+ return(NULL);
+}
+
diff --git a/src/skeleton/crypto.c b/src/skeleton/crypto.c
new file mode 100644
index 00000000..f52d4ac0
--- /dev/null
+++ b/src/skeleton/crypto.c
@@ -0,0 +1,260 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <string.h>
+
+/* TODO: add Skeleton include files */
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+#include <xmlsec/dl.h>
+#include <xmlsec/private.h>
+
+#include <xmlsec/skeleton/app.h>
+#include <xmlsec/skeleton/crypto.h>
+
+static xmlSecCryptoDLFunctionsPtr gXmlSecSkeletonFunctions = NULL;
+
+/**
+ * xmlSecCryptoGetFunctions_skeleton:
+ *
+ * Gets the pointer to xmlsec-skeleton functions table.
+ *
+ * Returns: the xmlsec-skeleton functions table or NULL if an error occurs.
+ */
+xmlSecCryptoDLFunctionsPtr
+xmlSecCryptoGetFunctions_skeleton(void) {
+ static xmlSecCryptoDLFunctions functions;
+
+ if(gXmlSecSkeletonFunctions != NULL) {
+ return(gXmlSecSkeletonFunctions);
+ }
+
+ memset(&functions, 0, sizeof(functions));
+ gXmlSecSkeletonFunctions = &functions;
+
+ /********************************************************************
+ *
+ * Crypto Init/shutdown
+ *
+ ********************************************************************/
+ gXmlSecSkeletonFunctions->cryptoInit = xmlSecSkeletonInit;
+ gXmlSecSkeletonFunctions->cryptoShutdown = xmlSecSkeletonShutdown;
+ gXmlSecSkeletonFunctions->cryptoKeysMngrInit = xmlSecSkeletonKeysMngrInit;
+
+ /********************************************************************
+ *
+ * Key data ids
+ *
+ ********************************************************************/
+#ifndef XMLSEC_NO_AES
+ gXmlSecSkeletonFunctions->keyDataAesGetKlass = xmlSecSkeletonKeyDataAesGetKlass;
+#endif /* XMLSEC_NO_AES */
+
+#ifndef XMLSEC_NO_DES
+ gXmlSecSkeletonFunctions->keyDataDesGetKlass = xmlSecSkeletonKeyDataDesGetKlass;
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_DSA
+ gXmlSecSkeletonFunctions->keyDataDsaGetKlass = xmlSecSkeletonKeyDataDsaGetKlass;
+#endif /* XMLSEC_NO_DSA */
+
+#ifndef XMLSEC_NO_GOST
+ gXmlSecSkeletonFunctions->keyDataGost2001GetKlass = xmlSecSkeletonKeyDataGost2001GetKlass;
+#endif /* XMLSEC_NO_GOST */
+
+#ifndef XMLSEC_NO_HMAC
+ gXmlSecSkeletonFunctions->keyDataHmacGetKlass = xmlSecSkeletonKeyDataHmacGetKlass;
+#endif /* XMLSEC_NO_HMAC */
+
+#ifndef XMLSEC_NO_RSA
+ gXmlSecSkeletonFunctions->keyDataRsaGetKlass = xmlSecSkeletonKeyDataRsaGetKlass;
+#endif /* XMLSEC_NO_RSA */
+
+#ifndef XMLSEC_NO_X509
+ gXmlSecSkeletonFunctions->keyDataX509GetKlass = xmlSecSkeletonKeyDataX509GetKlass;
+ gXmlSecSkeletonFunctions->keyDataRawX509CertGetKlass = xmlSecSkeletonKeyDataRawX509CertGetKlass;
+#endif /* XMLSEC_NO_X509 */
+
+ /********************************************************************
+ *
+ * Key data store ids
+ *
+ ********************************************************************/
+#ifndef XMLSEC_NO_X509
+ gXmlSecSkeletonFunctions->x509StoreGetKlass = xmlSecSkeletonX509StoreGetKlass;
+#endif /* XMLSEC_NO_X509 */
+
+ /********************************************************************
+ *
+ * Crypto transforms ids
+ *
+ ********************************************************************/
+
+ /******************************* AES ********************************/
+#ifndef XMLSEC_NO_AES
+ gXmlSecSkeletonFunctions->transformAes128CbcGetKlass = xmlSecSkeletonTransformAes128CbcGetKlass;
+ gXmlSecSkeletonFunctions->transformAes192CbcGetKlass = xmlSecSkeletonTransformAes192CbcGetKlass;
+ gXmlSecSkeletonFunctions->transformAes256CbcGetKlass = xmlSecSkeletonTransformAes256CbcGetKlass;
+ gXmlSecSkeletonFunctions->transformKWAes128GetKlass = xmlSecSkeletonTransformKWAes128GetKlass;
+ gXmlSecSkeletonFunctions->transformKWAes192GetKlass = xmlSecSkeletonTransformKWAes192GetKlass;
+ gXmlSecSkeletonFunctions->transformKWAes256GetKlass = xmlSecSkeletonTransformKWAes256GetKlass;
+#endif /* XMLSEC_NO_AES */
+
+ /******************************* DES ********************************/
+#ifndef XMLSEC_NO_DES
+ gXmlSecSkeletonFunctions->transformDes3CbcGetKlass = xmlSecSkeletonTransformDes3CbcGetKlass;
+ gXmlSecSkeletonFunctions->transformKWDes3GetKlass = xmlSecSkeletonTransformKWDes3GetKlass;
+#endif /* XMLSEC_NO_DES */
+
+ /******************************* DSA ********************************/
+#ifndef XMLSEC_NO_DSA
+
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecSkeletonFunctions->transformDsaSha1GetKlass = xmlSecSkeletonTransformDsaSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#endif /* XMLSEC_NO_DSA */
+
+ /******************************* GOST ********************************/
+#ifndef XMLSEC_NO_GOST
+ gXmlSecSkeletonFunctions->transformGost2001GostR3411_94GetKlass = xmlSecSkeletonTransformGost2001GostR3411_94GetKlass;
+#endif /* XMLSEC_GOST */
+
+#ifndef XMLSEC_NO_GOST
+ gXmlSecSkeletonFunctions->transformGostR3411_94GetKlass = xmlSecSkeletonTransformGostR3411_94GetKlass;
+#endif /* XMLSEC_NO_GOST */
+
+ /******************************* HMAC ********************************/
+#ifndef XMLSEC_NO_HMAC
+
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecSkeletonFunctions->transformHmacSha1GetKlass = xmlSecSkeletonTransformHmacSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+#ifndef XMLSEC_NO_RIPEMD160
+ gXmlSecSkeletonFunctions->transformHmacRipemd160GetKlass = xmlSecSkeletonTransformHmacRipemd160GetKlass;
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+#ifndef XMLSEC_NO_MD5
+ gXmlSecSkeletonFunctions->transformHmacMd5GetKlass = xmlSecSkeletonTransformHmacMd5GetKlass;
+#endif /* XMLSEC_NO_MD5 */
+
+#endif /* XMLSEC_NO_HMAC */
+
+ /******************************* RIPEMD160 ********************************/
+#ifndef XMLSEC_NO_RIPEMD160
+ gXmlSecSkeletonFunctions->transformRipemd160GetKlass = xmlSecSkeletonTransformRipemd160GetKlass;
+#endif /* XMLSEC_NO_RIPEMD160 */
+
+ /******************************* RSA ********************************/
+#ifndef XMLSEC_NO_RSA
+ gXmlSecSkeletonFunctions->transformRsaSha1GetKlass = xmlSecSkeletonTransformRsaSha1GetKlass;
+ gXmlSecSkeletonFunctions->transformRsaPkcs1GetKlass = xmlSecSkeletonTransformRsaPkcs1GetKlass;
+ gXmlSecSkeletonFunctions->transformRsaOaepGetKlass = xmlSecSkeletonTransformRsaOaepGetKlass;
+#endif /* XMLSEC_NO_RSA */
+
+ /******************************* SHA1 ********************************/
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecSkeletonFunctions->transformSha1GetKlass = xmlSecSkeletonTransformSha1GetKlass;
+#endif /* XMLSEC_NO_SHA1 */
+
+ /********************************************************************
+ *
+ * High level routines form xmlsec command line utility
+ *
+ ********************************************************************/
+ gXmlSecSkeletonFunctions->cryptoAppInit = xmlSecSkeletonAppInit;
+ gXmlSecSkeletonFunctions->cryptoAppShutdown = xmlSecSkeletonAppShutdown;
+ gXmlSecSkeletonFunctions->cryptoAppDefaultKeysMngrInit = xmlSecSkeletonAppDefaultKeysMngrInit;
+ gXmlSecSkeletonFunctions->cryptoAppDefaultKeysMngrAdoptKey = xmlSecSkeletonAppDefaultKeysMngrAdoptKey;
+ gXmlSecSkeletonFunctions->cryptoAppDefaultKeysMngrLoad = xmlSecSkeletonAppDefaultKeysMngrLoad;
+ gXmlSecSkeletonFunctions->cryptoAppDefaultKeysMngrSave = xmlSecSkeletonAppDefaultKeysMngrSave;
+#ifndef XMLSEC_NO_X509
+ gXmlSecSkeletonFunctions->cryptoAppKeysMngrCertLoad = xmlSecSkeletonAppKeysMngrCertLoad;
+ gXmlSecSkeletonFunctions->cryptoAppKeysMngrCertLoadMemory = xmlSecSkeletonAppKeysMngrCertLoadMemory;
+ gXmlSecSkeletonFunctions->cryptoAppPkcs12Load = xmlSecSkeletonAppPkcs12Load;
+ gXmlSecSkeletonFunctions->cryptoAppPkcs12LoadMemory = xmlSecSkeletonAppPkcs12LoadMemory;
+ gXmlSecSkeletonFunctions->cryptoAppKeyCertLoad = xmlSecSkeletonAppKeyCertLoad;
+ gXmlSecSkeletonFunctions->cryptoAppKeyCertLoadMemory = xmlSecSkeletonAppKeyCertLoadMemory;
+#endif /* XMLSEC_NO_X509 */
+ gXmlSecSkeletonFunctions->cryptoAppKeyLoad = xmlSecSkeletonAppKeyLoad;
+ gXmlSecSkeletonFunctions->cryptoAppKeyLoadMemory = xmlSecSkeletonAppKeyLoadMemory;
+ gXmlSecSkeletonFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecSkeletonAppGetDefaultPwdCallback();
+
+ return(gXmlSecSkeletonFunctions);
+}
+
+
+/**
+ * xmlSecSkeletonInit:
+ *
+ * XMLSec library specific crypto engine initialization.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecSkeletonInit (void) {
+ /* Check loaded xmlsec library version */
+ if(xmlSecCheckVersionExact() != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCheckVersionExact",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* register our klasses */
+ if(xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(xmlSecCryptoGetFunctions_skeleton()) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+
+ /* TODO: if necessary do, additional initialization here */
+}
+
+/**
+ * xmlSecSkeletonShutdown:
+ *
+ * XMLSec library specific crypto engine shutdown.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecSkeletonShutdown(void) {
+ /* TODO: if necessary, do additional shutdown here */
+ return(0);
+}
+
+/**
+ * xmlSecSkeletonKeysMngrInit:
+ * @mngr: the pointer to keys manager.
+ *
+ * Adds Skeleton specific key data stores in keys manager.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecSkeletonKeysMngrInit(xmlSecKeysMngrPtr mngr) {
+ xmlSecAssert2(mngr != NULL, -1);
+
+ /* TODO: add key data stores */
+ return(0);
+}
+
+
diff --git a/src/skeleton/globals.h b/src/skeleton/globals.h
new file mode 100644
index 00000000..770b6dba
--- /dev/null
+++ b/src/skeleton/globals.h
@@ -0,0 +1,24 @@
+/*
+ * XML Security Library
+ *
+ * globals.h: internal header only used during the compilation
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#ifndef __XMLSEC_GLOBALS_H__
+#define __XMLSEC_GLOBALS_H__
+
+/**
+ * Use autoconf defines if present.
+ */
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif /* HAVE_CONFIG_H */
+
+#define IN_XMLSEC_CRYPTO
+#define XMLSEC_PRIVATE
+
+#endif /* ! __XMLSEC_GLOBALS_H__ */
diff --git a/src/soap.c b/src/soap.c
new file mode 100644
index 00000000..3757e1ad
--- /dev/null
+++ b/src/soap.c
@@ -0,0 +1,1322 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Simple SOAP messages parsing/creation.
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#ifndef XMLSEC_NO_SOAP
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/soap.h>
+#include <xmlsec/errors.h>
+
+/***********************************************************************
+ *
+ * SOAP 1.1
+ *
+ **********************************************************************/
+/**
+ * xmlSecSoap11CreateEnvelope:
+ * @doc: the parent doc (might be NULL).
+ *
+ * Creates a new SOAP Envelope node. Caller is responsible for
+ * adding the returned node to the XML document.
+ *
+ * XML Schema (http://schemas.xmlsoap.org/soap/envelope/):
+ *
+ * <xs:element name="Envelope" type="tns:Envelope"/>
+ * <xs:complexType name="Envelope">
+ * <xs:sequence>
+ * <xs:element ref="tns:Header" minOccurs="0"/>
+ * <xs:element ref="tns:Body" minOccurs="1"/>
+ * <xs:any namespace="##other" minOccurs="0"
+ * maxOccurs="unbounded" processContents="lax"/>
+ * </xs:sequence>
+ * <xs:anyAttribute namespace="##other" processContents="lax"/>
+ * </xs:complexType>
+ *
+ * Returns: pointer to newly created <soap:Envelope> node or NULL
+ * if an error occurs.
+ */
+xmlNodePtr
+xmlSecSoap11CreateEnvelope(xmlDocPtr doc) {
+ xmlNodePtr envNode;
+ xmlNodePtr bodyNode;
+ xmlNsPtr ns;
+
+ /* create Envelope node */
+ envNode = xmlNewDocNode(doc, NULL, xmlSecNodeEnvelope, NULL);
+ if(envNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewDocNode",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeEnvelope));
+ return(NULL);
+ }
+
+ ns = xmlNewNs(envNode, xmlSecSoap11Ns, NULL) ;
+ if(ns == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewNs",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "ns=%s",
+ xmlSecErrorsSafeString(xmlSecSoap11Ns));
+ xmlFreeNode(envNode);
+ return(NULL);
+ }
+ xmlSetNs(envNode, ns);
+
+ /* add required Body node */
+ bodyNode = xmlSecAddChild(envNode, xmlSecNodeBody, xmlSecSoap11Ns);
+ if(bodyNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeBody));
+ xmlFreeNode(envNode);
+ return(NULL);
+ }
+
+ return(envNode);
+}
+
+/**
+ * xmlSecSoap11EnsureHeader:
+ * @envNode: the pointer to <soap:Envelope> node.
+ *
+ * Gets the pointer to <soap:Header> node (if necessary, the node
+ * is created).
+ *
+ * XML Schema (http://schemas.xmlsoap.org/soap/envelope/):
+ *
+ * <xs:element name="Header" type="tns:Header"/>
+ * <xs:complexType name="Header">
+ * <xs:sequence>
+ * <xs:any namespace="##other" minOccurs="0"
+ * maxOccurs="unbounded" processContents="lax"/>
+ * </xs:sequence>
+ * <xs:anyAttribute namespace="##other" processContents="lax"/>
+ * </xs:complexType>
+ *
+ * Returns: pointer to <soap:Header> node or NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecSoap11EnsureHeader(xmlNodePtr envNode) {
+ xmlNodePtr hdrNode;
+ xmlNodePtr cur;
+
+ xmlSecAssert2(envNode != NULL, NULL);
+
+ /* try to find Header node first */
+ cur = xmlSecGetNextElementNode(envNode->children);
+ if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHeader, xmlSecSoap11Ns)) {
+ return(cur);
+ }
+
+ /* if the first element child is not Header then it is Body */
+ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeBody, xmlSecSoap11Ns)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeBody),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ /* finally add Header node before body */
+ hdrNode = xmlSecAddPrevSibling(cur, xmlSecNodeHeader, xmlSecSoap11Ns);
+ if(hdrNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddPrevSibling",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ return(hdrNode);
+}
+
+/**
+ * xmlSecSoap11AddBodyEntry:
+ * @envNode: the pointer to <soap:Envelope> node.
+ * @entryNode: the pointer to body entry node.
+ *
+ * Adds a new entry to <soap:Body> node.
+ *
+ * Returns: pointer to the added entry (@contentNode) or NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecSoap11AddBodyEntry(xmlNodePtr envNode, xmlNodePtr entryNode) {
+ xmlNodePtr bodyNode;
+
+ xmlSecAssert2(envNode != NULL, NULL);
+ xmlSecAssert2(entryNode != NULL, NULL);
+
+ bodyNode = xmlSecSoap11GetBody(envNode);
+ if(bodyNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap11GetBody",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ return(xmlSecAddChildNode(bodyNode, entryNode));
+}
+
+/**
+ * xmlSecSoap11AddFaultEntry:
+ * @envNode: the pointer to <soap:Envelope> node.
+ * @faultCodeHref: the fault code QName href (must be known in th context of
+ * <soap:Body> node).
+ * @faultCodeLocalPart: the fault code QName LocalPart.
+ * @faultString: the human readable explanation of the fault.
+ * @faultActor: the information about who caused the fault (might be NULL).
+ *
+ * Adds <soap:Fault> entry to the @envNode. Note that only one <soap:Fault>
+ * entry is allowed.
+ *
+ * XML Schema (http://schemas.xmlsoap.org/soap/envelope/):
+ *
+ * <xs:element name="Fault" type="tns:Fault"/>
+ * <xs:complexType name="Fault" final="extension">
+ * <xs:sequence>
+ * <xs:element name="faultcode" type="xs:QName"/>
+ * <xs:element name="faultstring" type="xs:string"/>
+ * <xs:element name="faultactor" type="xs:anyURI" minOccurs="0"/>
+ * <xs:element name="detail" type="tns:detail" minOccurs="0"/>
+ * </xs:sequence>
+ * </xs:complexType>
+ * <xs:complexType name="detail">
+ * <xs:sequence>
+ * <xs:any namespace="##any" minOccurs="0" maxOccurs="unbounded"
+ * processContents="lax"/>
+ * </xs:sequence>
+ * <xs:anyAttribute namespace="##any" processContents="lax"/>
+ * </xs:complexType>
+ *
+ * Returns: pointer to the added entry or NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecSoap11AddFaultEntry(xmlNodePtr envNode, const xmlChar* faultCodeHref,
+ const xmlChar* faultCodeLocalPart,
+ const xmlChar* faultString, const xmlChar* faultActor) {
+ xmlNodePtr bodyNode;
+ xmlNodePtr faultNode;
+ xmlNodePtr cur;
+ xmlChar* qname;
+
+ xmlSecAssert2(envNode != NULL, NULL);
+ xmlSecAssert2(faultCodeLocalPart != NULL, NULL);
+ xmlSecAssert2(faultString != NULL, NULL);
+
+ /* get Body node */
+ bodyNode = xmlSecSoap11GetBody(envNode);
+ if(bodyNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap11GetBody",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ /* check that we don't have Fault node already */
+ faultNode = xmlSecFindChild(bodyNode, xmlSecNodeFault, xmlSecSoap11Ns);
+ if(faultNode != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeBody),
+ XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ /* add Fault node */
+ faultNode = xmlSecAddChild(bodyNode, xmlSecNodeFault, xmlSecSoap11Ns);
+ if(faultNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeFault));
+ return(NULL);
+ }
+
+ /* add faultcode node */
+ cur = xmlSecAddChild(faultNode, xmlSecNodeFaultCode, xmlSecSoap11Ns);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeFaultCode));
+ xmlUnlinkNode(faultNode);
+ xmlFreeNode(faultNode);
+ return(NULL);
+ }
+
+ /* create qname for fault code */
+ qname = xmlSecGetQName(cur, faultCodeHref, faultCodeLocalPart);
+ if(qname == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGetQName",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(cur->name));
+ xmlUnlinkNode(faultNode);
+ xmlFreeNode(faultNode);
+ return(NULL);
+ }
+
+ /* set faultcode value */
+ xmlNodeSetContent(cur, qname);
+ xmlFree(qname);
+
+ /* add faultstring node */
+ cur = xmlSecAddChild(faultNode, xmlSecNodeFaultString, xmlSecSoap11Ns);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeFaultString));
+ xmlUnlinkNode(faultNode);
+ xmlFreeNode(faultNode);
+ return(NULL);
+ }
+
+ /* set faultstring node */
+ xmlNodeSetContent(cur, faultString);
+
+ if(faultActor != NULL) {
+ /* add faultactor node */
+ cur = xmlSecAddChild(faultNode, xmlSecNodeFaultActor, xmlSecSoap11Ns);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeFaultActor));
+ xmlUnlinkNode(faultNode);
+ xmlFreeNode(faultNode);
+ return(NULL);
+ }
+
+ /* set faultactor node */
+ xmlNodeSetContent(cur, faultActor);
+ }
+
+ return(faultNode);
+}
+
+/**
+ * xmlSecSoap11CheckEnvelope:
+ * @envNode: the pointer to <soap:Envelope> node.
+ *
+ * Validates <soap:Envelope> node structure.
+ *
+ * Returns: 1 if @envNode has a valid <soap:Envelope> element, 0 if it is
+ * not valid or a negative value if an error occurs.
+ */
+int
+xmlSecSoap11CheckEnvelope(xmlNodePtr envNode) {
+ xmlNodePtr cur;
+
+ xmlSecAssert2(envNode != NULL, -1);
+
+ /* verify envNode itself */
+ if(!xmlSecCheckNodeName(envNode, xmlSecNodeEnvelope, xmlSecSoap11Ns)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeEnvelope),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(0);
+ }
+
+ /* optional Header node first */
+ cur = xmlSecGetNextElementNode(envNode->children);
+ if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHeader, xmlSecSoap11Ns)) {
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* required Body node is next */
+ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeBody, xmlSecSoap11Ns)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeBody),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(0);
+ }
+
+ return(1);
+}
+
+/**
+ * xmlSecSoap11GetHeader:
+ * @envNode: the pointer to <soap:Envelope> node.
+ *
+ * Gets pointer to the <soap:Header> node.
+ *
+ * Returns: pointer to <soap:Header> node or NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecSoap11GetHeader(xmlNodePtr envNode) {
+ xmlNodePtr cur;
+
+ xmlSecAssert2(envNode != NULL, NULL);
+
+ /* optional Header node is first */
+ cur = xmlSecGetNextElementNode(envNode->children);
+ if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHeader, xmlSecSoap11Ns)) {
+ return(cur);
+ }
+
+ return(NULL);
+}
+
+/**
+ * xmlSecSoap11GetBody:
+ * @envNode: the pointer to <soap:Envelope> node.
+ *
+ * Gets pointer to the <soap:Body> node.
+ *
+ * Returns: pointer to <soap:Body> node or NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecSoap11GetBody(xmlNodePtr envNode) {
+ xmlNodePtr cur;
+
+ xmlSecAssert2(envNode != NULL, NULL);
+
+ /* optional Header node first */
+ cur = xmlSecGetNextElementNode(envNode->children);
+ if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHeader, xmlSecSoap11Ns)) {
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* Body node is next */
+ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeBody, xmlSecSoap11Ns)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeBody),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ return(cur);
+}
+
+/**
+ * xmlSecSoap11GetBodyEntriesNumber:
+ * @envNode: the pointer to <soap:Envelope> node.
+ *
+ * Gets the number of body entries.
+ *
+ * Returns: the number of body entries.
+ */
+xmlSecSize
+xmlSecSoap11GetBodyEntriesNumber(xmlNodePtr envNode) {
+ xmlSecSize number = 0;
+ xmlNodePtr bodyNode;
+ xmlNodePtr cur;
+
+ xmlSecAssert2(envNode != NULL, 0);
+
+ /* get Body node */
+ bodyNode = xmlSecSoap11GetBody(envNode);
+ if(bodyNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap11GetBody",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(0);
+ }
+
+ cur = xmlSecGetNextElementNode(bodyNode->children);
+ while(cur != NULL) {
+ number++;
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ return(number);
+}
+
+/**
+ * xmlSecSoap11GetBodyEntry:
+ * @envNode: the pointer to <soap:Envelope> node.
+ * @pos: the body entry number.
+ *
+ * Gets the body entry number @pos.
+ *
+ * Returns: pointer to body entry node or NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecSoap11GetBodyEntry(xmlNodePtr envNode, xmlSecSize pos) {
+ xmlNodePtr bodyNode;
+ xmlNodePtr cur;
+
+ xmlSecAssert2(envNode != NULL, NULL);
+
+ /* get Body node */
+ bodyNode = xmlSecSoap11GetBody(envNode);
+ if(bodyNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap11GetBody",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ cur = xmlSecGetNextElementNode(bodyNode->children);
+ while((cur != NULL) && (pos > 0)) {
+ pos--;
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ return(cur);
+}
+
+/**
+ * xmlSecSoap11GetFaultEntry:
+ * @envNode: the pointer to <soap:Envelope> node.
+ *
+ * Gets the Fault entry (if any).
+ *
+ * Returns: pointer to Fault entry or NULL if it does not exist.
+ */
+xmlNodePtr
+xmlSecSoap11GetFaultEntry(xmlNodePtr envNode) {
+ xmlNodePtr bodyNode;
+
+ xmlSecAssert2(envNode != NULL, NULL);
+
+ /* get Body node */
+ bodyNode = xmlSecSoap11GetBody(envNode);
+ if(bodyNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap11GetBody",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ return(xmlSecFindChild(bodyNode, xmlSecNodeFault, xmlSecSoap11Ns));
+}
+
+
+/***********************************************************************
+ *
+ * SOAP 1.2
+ *
+ **********************************************************************/
+static const xmlSecQName2IntegerInfo gXmlSecSoap12FaultCodeInfo[] =
+{
+ { xmlSecSoap12Ns, xmlSecSoapFaultCodeVersionMismatch,
+ xmlSecSoap12FaultCodeVersionMismatch },
+ { xmlSecSoap12Ns, xmlSecSoapFaultCodeMustUnderstand,
+ xmlSecSoap12FaultCodeMustUnderstand },
+ { xmlSecSoap12Ns, xmlSecSoapFaultDataEncodningUnknown,
+ xmlSecSoap12FaultCodeDataEncodingUnknown },
+ { xmlSecSoap12Ns, xmlSecSoapFaultCodeSender,
+ xmlSecSoap12FaultCodeSender },
+ { xmlSecSoap12Ns, xmlSecSoapFaultCodeReceiver,
+ xmlSecSoap12FaultCodeReceiver },
+ { NULL, NULL, 0 } /* MUST be last in the list */
+};
+
+/**
+ * xmlSecSoap12CreateEnvelope:
+ * @doc: the parent doc (might be NULL).
+ *
+ * Creates a new SOAP 1.2 Envelope node. Caller is responsible for
+ * adding the returned node to the XML document.
+ *
+ * XML Schema (http://www.w3.org/2003/05/soap-envelope):
+ *
+ * <xs:element name="Envelope" type="tns:Envelope"/>
+ * <xs:complexType name="Envelope">
+ * <xs:sequence>
+ * <xs:element ref="tns:Header" minOccurs="0"/>
+ * <xs:element ref="tns:Body" minOccurs="1"/>
+ * </xs:sequence>
+ * <xs:anyAttribute namespace="##other" processContents="lax"/>
+ * </xs:complexType>
+ *
+ * Returns: pointer to newly created <soap:Envelope> node or NULL
+ * if an error occurs.
+ */
+xmlNodePtr
+xmlSecSoap12CreateEnvelope(xmlDocPtr doc) {
+ xmlNodePtr envNode;
+ xmlNodePtr bodyNode;
+ xmlNsPtr ns;
+
+ /* create Envelope node */
+ envNode = xmlNewDocNode(doc, NULL, xmlSecNodeEnvelope, NULL);
+ if(envNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewDocNode",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeEnvelope));
+ return(NULL);
+ }
+
+ ns = xmlNewNs(envNode, xmlSecSoap12Ns, NULL) ;
+ if(ns == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewNs",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "ns=%s",
+ xmlSecErrorsSafeString(xmlSecSoap12Ns));
+ xmlFreeNode(envNode);
+ return(NULL);
+ }
+ xmlSetNs(envNode, ns);
+
+ /* add required Body node */
+ bodyNode = xmlSecAddChild(envNode, xmlSecNodeBody, xmlSecSoap12Ns);
+ if(bodyNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeBody));
+ xmlFreeNode(envNode);
+ return(NULL);
+ }
+
+ return(envNode);
+}
+
+/**
+ * xmlSecSoap12EnsureHeader:
+ * @envNode: the pointer to <soap:Envelope> node.
+ *
+ * Gets the pointer to <soap:Header> node (if necessary, the node
+ * is created).
+ *
+ * XML Schema (http://www.w3.org/2003/05/soap-envelope):
+ *
+ * <xs:element name="Header" type="tns:Header"/>
+ * <xs:complexType name="Header">
+ * <xs:sequence>
+ * <xs:any namespace="##any" processContents="lax"
+ * minOccurs="0" maxOccurs="unbounded"/>
+ * </xs:sequence>
+ * <xs:anyAttribute namespace="##other" processContents="lax"/>
+ * </xs:complexType>
+ *
+ * Returns: pointer to <soap:Header> node or NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecSoap12EnsureHeader(xmlNodePtr envNode) {
+ xmlNodePtr hdrNode;
+ xmlNodePtr cur;
+
+ xmlSecAssert2(envNode != NULL, NULL);
+
+ /* try to find Header node first */
+ cur = xmlSecGetNextElementNode(envNode->children);
+ if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHeader, xmlSecSoap12Ns)) {
+ return(cur);
+ }
+
+ /* if the first element child is not Header then it is Body */
+ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeBody, xmlSecSoap12Ns)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeBody),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ /* finally add Header node before body */
+ hdrNode = xmlSecAddPrevSibling(cur, xmlSecNodeHeader, xmlSecSoap12Ns);
+ if(hdrNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddPrevSibling",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ return(hdrNode);
+}
+
+/**
+ * xmlSecSoap12AddBodyEntry:
+ * @envNode: the pointer to <soap:Envelope> node.
+ * @entryNode: the pointer to body entry node.
+ *
+ * Adds a new entry to <soap:Body> node.
+ *
+ * XML Schema (http://www.w3.org/2003/05/soap-envelope):
+ *
+ * <xs:element name="Body" type="tns:Body"/>
+ * <xs:complexType name="Body">
+ * <xs:sequence>
+ * <xs:any namespace="##any" processContents="lax"
+ * minOccurs="0" maxOccurs="unbounded"/>
+ * </xs:sequence>
+ * <xs:anyAttribute namespace="##other" processContents="lax"/>
+ * </xs:complexType>
+ *
+ * Returns: pointer to the added entry (@contentNode) or NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecSoap12AddBodyEntry(xmlNodePtr envNode, xmlNodePtr entryNode) {
+ xmlNodePtr bodyNode;
+
+ xmlSecAssert2(envNode != NULL, NULL);
+ xmlSecAssert2(entryNode != NULL, NULL);
+
+ bodyNode = xmlSecSoap12GetBody(envNode);
+ if(bodyNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap12GetBody",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ return(xmlSecAddChildNode(bodyNode, entryNode));
+}
+
+/**
+ * xmlSecSoap12AddFaultEntry:
+ * @envNode: the pointer to <soap:Envelope> node.
+ * @faultCode: the fault code.
+ * @faultReasonText: the human readable explanation of the fault.
+ * @faultReasonLang: the language (xml:lang) for @faultReason string.
+ * @faultNodeURI: the more preciese information about fault source
+ * (might be NULL).
+ * @faultRole: the role the node was operating in at the point
+ * the fault occurred (might be NULL).
+ *
+ * Adds <soap:Fault> entry to the @envNode. Note that only one <soap:Fault>
+ * entry is allowed.
+ *
+ * XML Schema (http://www.w3.org/2003/05/soap-envelope):
+ *
+ * <xs:element name="Fault" type="tns:Fault"/>
+ * <xs:complexType name="Fault" final="extension">
+ * <xs:sequence>
+ * <xs:element name="Code" type="tns:faultcode"/>
+ * <xs:element name="Reason" type="tns:faultreason"/>
+ * <xs:element name="Node" type="xs:anyURI" minOccurs="0"/>
+ * <xs:element name="Role" type="xs:anyURI" minOccurs="0"/>
+ * <xs:element name="Detail" type="tns:detail" minOccurs="0"/>
+ * </xs:sequence>
+ * </xs:complexType>
+ *
+ * <xs:complexType name="faultcode">
+ * <xs:sequence>
+ * <xs:element name="Value" type="tns:faultcodeEnum"/>
+ * <xs:element name="Subcode" type="tns:subcode" minOccurs="0"/>
+ * </xs:sequence>
+ * </xs:complexType>
+ *
+ * <xs:complexType name="faultreason">
+ * <xs:sequence>
+ * <xs:element name="Text" type="tns:reasontext"
+ * minOccurs="1" maxOccurs="unbounded"/>
+ * </xs:sequence>
+ * </xs:complexType>
+ *
+ * <xs:complexType name="reasontext">
+ * <xs:simpleContent>
+ * <xs:extension base="xs:string">
+ * <xs:attribute ref="xml:lang" use="required"/>
+ * </xs:extension>
+ * </xs:simpleContent>
+ * </xs:complexType>
+ *
+ * <xs:simpleType name="faultcodeEnum">
+ * <xs:restriction base="xs:QName">
+ * <xs:enumeration value="tns:DataEncodingUnknown"/>
+ * <xs:enumeration value="tns:MustUnderstand"/>
+ * <xs:enumeration value="tns:Receiver"/>
+ * <xs:enumeration value="tns:Sender"/>
+ * <xs:enumeration value="tns:VersionMismatch"/>
+ * </xs:restriction>
+ * </xs:simpleType>
+ *
+ * <xs:complexType name="subcode">
+ * <xs:sequence>
+ * <xs:element name="Value" type="xs:QName"/>
+ * <xs:element name="Subcode" type="tns:subcode" minOccurs="0"/>
+ * </xs:sequence>
+ * </xs:complexType>
+ *
+ * <xs:complexType name="detail">
+ * <xs:sequence>
+ * <xs:any namespace="##any" processContents="lax"
+ * minOccurs="0" maxOccurs="unbounded"/>
+ * </xs:sequence>
+ * <xs:anyAttribute namespace="##other" processContents="lax"/>
+ * </xs:complexType>
+ *
+ * Returns: pointer to the added entry or NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecSoap12AddFaultEntry(xmlNodePtr envNode, xmlSecSoap12FaultCode faultCode,
+ const xmlChar* faultReasonText, const xmlChar* faultReasonLang,
+ const xmlChar* faultNodeURI, const xmlChar* faultRole) {
+ xmlNodePtr bodyNode;
+ xmlNodePtr faultNode;
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(envNode != NULL, NULL);
+ xmlSecAssert2(faultCode != xmlSecSoap12FaultCodeUnknown, NULL);
+ xmlSecAssert2(faultReasonText != NULL, NULL);
+ xmlSecAssert2(faultReasonLang != NULL, NULL);
+
+ /* get Body node */
+ bodyNode = xmlSecSoap12GetBody(envNode);
+ if(bodyNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap12GetBody",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ /* check that we don't have Fault node already */
+ faultNode = xmlSecFindChild(bodyNode, xmlSecNodeFault, xmlSecSoap12Ns);
+ if(faultNode != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeBody),
+ XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ /* add Fault node */
+ faultNode = xmlSecAddChild(bodyNode, xmlSecNodeFault, xmlSecSoap12Ns);
+ if(faultNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeFault));
+ return(NULL);
+ }
+
+ /* add Code node */
+ cur = xmlSecAddChild(faultNode, xmlSecNodeCode, xmlSecSoap12Ns);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeCode));
+ xmlUnlinkNode(faultNode);
+ xmlFreeNode(faultNode);
+ return(NULL);
+ }
+
+ /* write the fault code in Value child */
+ ret = xmlSecQName2IntegerNodeWrite(gXmlSecSoap12FaultCodeInfo, cur,
+ xmlSecNodeValue, xmlSecSoap12Ns,
+ faultCode);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2IntegerNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "faultCode=%d",
+ faultCode);
+ xmlUnlinkNode(faultNode);
+ xmlFreeNode(faultNode);
+ return(NULL);
+ }
+
+ /* add Reason node */
+ cur = xmlSecAddChild(faultNode, xmlSecNodeReason, xmlSecSoap12Ns);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeReason));
+ xmlUnlinkNode(faultNode);
+ xmlFreeNode(faultNode);
+ return(NULL);
+ }
+
+ /* Add Reason/Text node */
+ if(xmlSecSoap12AddFaultReasonText(faultNode, faultReasonText, faultReasonLang) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap12AddFaultReasonText",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "text=%s",
+ xmlSecErrorsSafeString(faultReasonText));
+ xmlUnlinkNode(faultNode);
+ xmlFreeNode(faultNode);
+ return(NULL);
+ }
+
+ if(faultNodeURI != NULL) {
+ /* add Node node */
+ cur = xmlSecAddChild(faultNode, xmlSecNodeNode, xmlSecSoap12Ns);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeNode));
+ xmlUnlinkNode(faultNode);
+ xmlFreeNode(faultNode);
+ return(NULL);
+ }
+ xmlNodeSetContent(cur, faultNodeURI);
+ }
+
+ if(faultRole != NULL) {
+ /* add Role node */
+ cur = xmlSecAddChild(faultNode, xmlSecNodeRole, xmlSecSoap12Ns);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRole));
+ xmlUnlinkNode(faultNode);
+ xmlFreeNode(faultNode);
+ return(NULL);
+ }
+ xmlNodeSetContent(cur, faultRole);
+ }
+
+ return(faultNode);
+}
+
+/**
+ * xmlSecSoap12AddFaultSubcode:
+ * @faultNode: the pointer to <Fault> node.
+ * @subCodeHref: the subcode href.
+ * @subCodeName: the subcode name.
+ *
+ * Adds a new <Subcode> node to the <Code> node or the last <Subcode> node.
+ *
+ * Returns: a pointer to the newly created <Subcode> node or NULL if an error
+ * occurs.
+ */
+xmlNodePtr
+xmlSecSoap12AddFaultSubcode(xmlNodePtr faultNode, const xmlChar* subCodeHref, const xmlChar* subCodeName) {
+ xmlNodePtr cur, subcodeNode, valueNode;
+ xmlChar* qname;
+
+ xmlSecAssert2(faultNode != NULL, NULL);
+ xmlSecAssert2(subCodeHref != NULL, NULL);
+ xmlSecAssert2(subCodeName != NULL, NULL);
+
+ /* Code node is the first childern in Fault node */
+ cur = xmlSecGetNextElementNode(faultNode->children);
+ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeCode, xmlSecSoap12Ns)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeCode));
+ return(NULL);
+ }
+
+ /* find the Code or Subcode node that does not have Subcode child */
+ while(1) {
+ xmlNodePtr tmp;
+
+ tmp = xmlSecFindChild(cur, xmlSecNodeSubcode, xmlSecSoap12Ns);
+ if(tmp != NULL) {
+ cur = tmp;
+ } else {
+ break;
+ }
+ }
+ xmlSecAssert2(cur != NULL, NULL);
+
+ /* add Subcode node */
+ subcodeNode = xmlSecAddChild(cur, xmlSecNodeSubcode, xmlSecSoap12Ns);
+ if(subcodeNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeSubcode));
+ return(NULL);
+ }
+
+ /* add Value node */
+ valueNode = xmlSecAddChild(subcodeNode, xmlSecNodeValue, xmlSecSoap12Ns);
+ if(valueNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeValue));
+ xmlUnlinkNode(subcodeNode);
+ xmlFreeNode(subcodeNode);
+ return(NULL);
+ }
+
+ /* create qname for fault code */
+ qname = xmlSecGetQName(cur, subCodeHref, subCodeName);
+ if(qname == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGetQName",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(cur->name));
+ xmlUnlinkNode(subcodeNode);
+ xmlFreeNode(subcodeNode);
+ return(NULL);
+ }
+
+ /* set result qname in Value node */
+ xmlNodeSetContent(cur, qname);
+ if(qname != subCodeName) {
+ xmlFree(qname);
+ }
+
+ return(subcodeNode);
+}
+
+/**
+ * xmlSecSoap12AddFaultReasonText:
+ * @faultNode: the pointer to <Fault> node.
+ * @faultReasonText: the new reason text.
+ * @faultReasonLang: the new reason xml:lang attribute.
+ *
+ * Adds a new Text node to the Fault/Reason node.
+ *
+ * Returns: a pointer to the newly created <Text> node or NULL if an error
+ * occurs.
+ */
+xmlNodePtr
+xmlSecSoap12AddFaultReasonText(xmlNodePtr faultNode, const xmlChar* faultReasonText,
+ const xmlChar* faultReasonLang) {
+ xmlNodePtr reasonNode;
+ xmlNodePtr textNode;
+
+ xmlSecAssert2(faultNode != NULL, NULL);
+ xmlSecAssert2(faultReasonText != NULL, NULL);
+ xmlSecAssert2(faultReasonLang != NULL, NULL);
+
+ /* find Reason node */
+ reasonNode = xmlSecFindChild(faultNode, xmlSecNodeReason, xmlSecSoap12Ns);
+ if(reasonNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecFindChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeReason));
+ return(NULL);
+ }
+
+ /* add Text node */
+ textNode = xmlSecAddChild(reasonNode, xmlSecNodeText, xmlSecSoap12Ns);
+ if(textNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeText));
+ return(NULL);
+ }
+ xmlNodeSetContent(textNode, faultReasonText);
+ xmlNodeSetLang(textNode, faultReasonLang);
+
+ return(textNode);
+}
+
+/**
+ * xmlSecSoap12AddFaultDetailEntry:
+ * @faultNode: the pointer to <Fault> node.
+ * @detailEntryNode: the pointer to detail entry node.
+ *
+ * Adds a new child to the Detail child element of @faultNode.
+ *
+ * Returns: pointer to the added child (@detailEntryNode) or NULL if an error
+ * occurs.
+ */
+xmlNodePtr
+xmlSecSoap12AddFaultDetailEntry(xmlNodePtr faultNode, xmlNodePtr detailEntryNode) {
+ xmlNodePtr detailNode;
+
+ xmlSecAssert2(faultNode != NULL, NULL);
+ xmlSecAssert2(detailEntryNode != NULL, NULL);
+
+ /* find Detail node and add it if needed */
+ detailNode = xmlSecFindChild(faultNode, xmlSecNodeDetail, xmlSecSoap12Ns);
+ if(detailNode == NULL) {
+ detailNode = xmlSecAddChild(faultNode, xmlSecNodeDetail, xmlSecSoap12Ns);
+ if(detailNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDetail));
+ return(NULL);
+ }
+ }
+
+ return(xmlSecAddChildNode(detailNode, detailEntryNode));
+}
+
+/**
+ * xmlSecSoap12CheckEnvelope:
+ * @envNode: the pointer to <soap:Envelope> node.
+ *
+ * Validates <soap:Envelope> node structure.
+ *
+ * Returns: 1 if @envNode has a valid <soap:Envelope> element, 0 if it is
+ * not valid or a negative value if an error occurs.
+ */
+int
+xmlSecSoap12CheckEnvelope(xmlNodePtr envNode) {
+ xmlNodePtr cur;
+
+ xmlSecAssert2(envNode != NULL, -1);
+
+ /* verify envNode itself */
+ if(!xmlSecCheckNodeName(envNode, xmlSecNodeEnvelope, xmlSecSoap12Ns)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeEnvelope),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(0);
+ }
+
+ /* optional Header node first */
+ cur = xmlSecGetNextElementNode(envNode->children);
+ if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHeader, xmlSecSoap12Ns)) {
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* required Body node is next */
+ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeBody, xmlSecSoap12Ns)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeBody),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(0);
+ }
+
+ return(1);
+}
+
+/**
+ * xmlSecSoap12GetHeader:
+ * @envNode: the pointer to <soap:Envelope> node.
+ *
+ * Gets pointer to the <soap:Header> node.
+ *
+ * Returns: pointer to <soap:Header> node or NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecSoap12GetHeader(xmlNodePtr envNode) {
+ xmlNodePtr cur;
+
+ xmlSecAssert2(envNode != NULL, NULL);
+
+ /* optional Header node is first */
+ cur = xmlSecGetNextElementNode(envNode->children);
+ if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHeader, xmlSecSoap12Ns)) {
+ return(cur);
+ }
+
+ return(NULL);
+}
+
+/**
+ * xmlSecSoap12GetBody:
+ * @envNode: the pointer to <soap:Envelope> node.
+ *
+ * Gets pointer to the <soap:Body> node.
+ *
+ * Returns: pointer to <soap:Body> node or NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecSoap12GetBody(xmlNodePtr envNode) {
+ xmlNodePtr cur;
+
+ xmlSecAssert2(envNode != NULL, NULL);
+
+ /* optional Header node first */
+ cur = xmlSecGetNextElementNode(envNode->children);
+ if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHeader, xmlSecSoap12Ns)) {
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* Body node is next */
+ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeBody, xmlSecSoap12Ns)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeBody),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ return(cur);
+}
+
+/**
+ * xmlSecSoap12GetBodyEntriesNumber:
+ * @envNode: the pointer to <soap:Envelope> node.
+ *
+ * Gets the number of body entries.
+ *
+ * Returns: the number of body entries.
+ */
+xmlSecSize
+xmlSecSoap12GetBodyEntriesNumber(xmlNodePtr envNode) {
+ xmlSecSize number = 0;
+ xmlNodePtr bodyNode;
+ xmlNodePtr cur;
+
+ xmlSecAssert2(envNode != NULL, 0);
+
+ /* get Body node */
+ bodyNode = xmlSecSoap12GetBody(envNode);
+ if(bodyNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap12GetBody",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(0);
+ }
+
+ cur = xmlSecGetNextElementNode(bodyNode->children);
+ while(cur != NULL) {
+ number++;
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ return(number);
+}
+
+/**
+ * xmlSecSoap12GetBodyEntry:
+ * @envNode: the pointer to <soap:Envelope> node.
+ * @pos: the body entry number.
+ *
+ * Gets the body entry number @pos.
+ *
+ * Returns: pointer to body entry node or NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecSoap12GetBodyEntry(xmlNodePtr envNode, xmlSecSize pos) {
+ xmlNodePtr bodyNode;
+ xmlNodePtr cur;
+
+ xmlSecAssert2(envNode != NULL, NULL);
+
+ /* get Body node */
+ bodyNode = xmlSecSoap12GetBody(envNode);
+ if(bodyNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap12GetBody",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ cur = xmlSecGetNextElementNode(bodyNode->children);
+ while((cur != NULL) && (pos > 0)) {
+ pos--;
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ return(cur);
+}
+
+/**
+ * xmlSecSoap12GetFaultEntry:
+ * @envNode: the pointer to <soap:Envelope> node.
+ *
+ * Gets the Fault entry (if any).
+ *
+ * Returns: pointer to Fault entry or NULL if it does not exist.
+ */
+xmlNodePtr
+xmlSecSoap12GetFaultEntry(xmlNodePtr envNode) {
+ xmlNodePtr bodyNode;
+
+ xmlSecAssert2(envNode != NULL, NULL);
+
+ /* get Body node */
+ bodyNode = xmlSecSoap12GetBody(envNode);
+ if(bodyNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap12GetBody",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ return(xmlSecFindChild(bodyNode, xmlSecNodeFault, xmlSecSoap12Ns));
+}
+
+#endif /* XMLSEC_NO_SOAP */
+
+
diff --git a/src/strings.c b/src/strings.c
new file mode 100644
index 00000000..99ee316c
--- /dev/null
+++ b/src/strings.c
@@ -0,0 +1,597 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * All the string constants.
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+
+/*************************************************************************
+ *
+ * Global Namespaces
+ *
+ ************************************************************************/
+const xmlChar xmlSecNs[] = "http://www.aleksey.com/xmlsec/2002";
+const xmlChar xmlSecDSigNs[] = "http://www.w3.org/2000/09/xmldsig#";
+const xmlChar xmlSecEncNs[] = "http://www.w3.org/2001/04/xmlenc#";
+const xmlChar xmlSecXkmsNs[] = "http://www.w3.org/2002/03/xkms#";
+const xmlChar xmlSecXPathNs[] = "http://www.w3.org/TR/1999/REC-xpath-19991116";
+const xmlChar xmlSecXPath2Ns[] = "http://www.w3.org/2002/06/xmldsig-filter2";
+const xmlChar xmlSecXPointerNs[] = "http://www.w3.org/2001/04/xmldsig-more/xptr";
+const xmlChar xmlSecSoap11Ns[] = "http://schemas.xmlsoap.org/soap/envelope/";
+const xmlChar xmlSecSoap12Ns[] = "http://www.w3.org/2002/06/soap-envelope";
+
+/*************************************************************************
+ *
+ * DSig Nodes
+ *
+ ************************************************************************/
+const xmlChar xmlSecNodeSignature[] = "Signature";
+const xmlChar xmlSecNodeSignedInfo[] = "SignedInfo";
+const xmlChar xmlSecNodeCanonicalizationMethod[]= "CanonicalizationMethod";
+const xmlChar xmlSecNodeSignatureMethod[] = "SignatureMethod";
+const xmlChar xmlSecNodeSignatureValue[] = "SignatureValue";
+const xmlChar xmlSecNodeDigestMethod[] = "DigestMethod";
+const xmlChar xmlSecNodeDigestValue[] = "DigestValue";
+const xmlChar xmlSecNodeObject[] = "Object";
+const xmlChar xmlSecNodeManifest[] = "Manifest";
+const xmlChar xmlSecNodeSignatureProperties[] = "SignatureProperties";
+
+/*************************************************************************
+ *
+ * Encryption Nodes
+ *
+ ************************************************************************/
+const xmlChar xmlSecNodeEncryptedData[] = "EncryptedData";
+const xmlChar xmlSecNodeEncryptionMethod[] = "EncryptionMethod";
+const xmlChar xmlSecNodeEncryptionProperties[] = "EncryptionProperties";
+const xmlChar xmlSecNodeEncryptionProperty[] = "EncryptionProperty";
+const xmlChar xmlSecNodeCipherData[] = "CipherData";
+const xmlChar xmlSecNodeCipherValue[] = "CipherValue";
+const xmlChar xmlSecNodeCipherReference[] = "CipherReference";
+const xmlChar xmlSecNodeReferenceList[] = "ReferenceList";
+const xmlChar xmlSecNodeDataReference[] = "DataReference";
+const xmlChar xmlSecNodeKeyReference[] = "KeyReference";
+
+const xmlChar xmlSecNodeCarriedKeyName[] = "CarriedKeyName";
+
+const xmlChar xmlSecTypeEncContent[] = "http://www.w3.org/2001/04/xmlenc#Content";
+const xmlChar xmlSecTypeEncElement[] = "http://www.w3.org/2001/04/xmlenc#Element";
+
+/*************************************************************************
+ *
+ * XKMS Nodes
+ *
+ ************************************************************************/
+#ifndef XMLSEC_NO_XKMS
+const xmlChar xmlSecXkmsServerRequestResultName[] = "result-response";
+const xmlChar xmlSecXkmsServerRequestStatusName[] = "status-request";
+const xmlChar xmlSecXkmsServerRequestLocateName[] = "locate-request";
+const xmlChar xmlSecXkmsServerRequestValidateName[] = "validate-request";
+const xmlChar xmlSecXkmsServerRequestCompoundName[] = "compound-request";
+
+const xmlChar xmlSecNodeResult[] = "Result";
+const xmlChar xmlSecNodeStatusRequest[] = "StatusRequest";
+const xmlChar xmlSecNodeStatusResult[] = "StatusResult";
+const xmlChar xmlSecNodeLocateRequest[] = "LocateRequest";
+const xmlChar xmlSecNodeLocateResult[] = "LocateResult";
+const xmlChar xmlSecNodeValidateRequest[] = "ValidateRequest";
+const xmlChar xmlSecNodeValidateResult[] = "ValidateResult";
+const xmlChar xmlSecNodeCompoundRequest[] = "CompoundRequest";
+const xmlChar xmlSecNodeCompoundResult[] = "CompoundResult";
+
+const xmlChar xmlSecNodeMessageExtension[] = "MessageExtension";
+const xmlChar xmlSecNodeOpaqueClientData[] = "OpaqueClientData";
+const xmlChar xmlSecNodeResponseMechanism[] = "ResponseMechanism";
+const xmlChar xmlSecNodeRespondWith[] = "RespondWith";
+const xmlChar xmlSecNodePendingNotification[] = "PendingNotification";
+const xmlChar xmlSecNodeQueryKeyBinding[] = "QueryKeyBinding";
+const xmlChar xmlSecNodeKeyUsage[] = "KeyUsage";
+const xmlChar xmlSecNodeUseKeyWith[] = "UseKeyWith";
+const xmlChar xmlSecNodeTimeInstant[] = "TimeInstant";
+const xmlChar xmlSecNodeRequestSignatureValue[] = "RequestSignatureValue";
+const xmlChar xmlSecNodeUnverifiedKeyBinding[] = "UnverifiedKeyBinding";
+const xmlChar xmlSecNodeValidityInterval[] = "ValidityInterval";
+const xmlChar xmlSecNodeStatus[] = "Status";
+const xmlChar xmlSecNodeValidReason[] = "ValidReason";
+const xmlChar xmlSecNodeInvalidReason[] = "InvalidReason";
+const xmlChar xmlSecNodeIndeterminateReason[] = "IndeterminateReason";
+
+const xmlChar xmlSecAttrService[] = "Service";
+const xmlChar xmlSecAttrNonce[] = "Nonce";
+const xmlChar xmlSecAttrOriginalRequestId[] = "OriginalRequestId";
+const xmlChar xmlSecAttrResponseLimit[] = "ResponseLimit";
+const xmlChar xmlSecAttrMechanism[] = "Mechanism[";
+const xmlChar xmlSecAttrIdentifier[] = "Identifier";
+const xmlChar xmlSecAttrApplication[] = "Application";
+const xmlChar xmlSecAttrResultMajor[] = "ResultMajor";
+const xmlChar xmlSecAttrResultMinor[] = "ResultMinor";
+const xmlChar xmlSecAttrRequestId[] = "RequestId";
+const xmlChar xmlSecAttrNotBefore[] = "NotBefore";
+const xmlChar xmlSecAttrNotOnOrAfter[] = "NotOnOrAfter";
+const xmlChar xmlSecAttrTime[] = "Time";
+const xmlChar xmlSecAttrStatusValue[] = "StatusValue";
+
+const xmlChar xmlSecResponseMechanismPending[] = "Pending";
+const xmlChar xmlSecResponseMechanismRepresent[]= "Represent";
+const xmlChar xmlSecResponseMechanismRequestSignatureValue[] = "RequestSignatureValue";
+
+const xmlChar xmlSecRespondWithKeyName[] = "KeyName";
+const xmlChar xmlSecRespondWithKeyValue[] = "KeyValue";
+const xmlChar xmlSecRespondWithX509Cert[] = "X509Cert";
+const xmlChar xmlSecRespondWithX509Chain[] = "X509Chain";
+const xmlChar xmlSecRespondWithX509CRL[] = "X509CRL";
+const xmlChar xmlSecRespondWithOCSP[] = "OCSP";
+const xmlChar xmlSecRespondWithRetrievalMethod[]= "RetrievalMethod";
+const xmlChar xmlSecRespondWithPGP[] = "PGP";
+const xmlChar xmlSecRespondWithPGPWeb[] = "PGPWeb";
+const xmlChar xmlSecRespondWithSPKI[] = "SPKI";
+const xmlChar xmlSecRespondWithPrivateKey[] = "PrivateKey";
+
+const xmlChar xmlSecStatusResultSuccess[] = "Success";
+const xmlChar xmlSecStatusResultFailed[] = "Failed";
+const xmlChar xmlSecStatusResultPending[] = "Pending";
+
+const xmlChar xmlSecKeyUsageEncryption[] = "Encryption";
+const xmlChar xmlSecKeyUsageSignature[] = "Signature";
+const xmlChar xmlSecKeyUsageExchange[] = "Exchange";
+
+const xmlChar xmlSecKeyBindingStatusValid[] = "Valid";
+const xmlChar xmlSecKeyBindingStatusInvalid[] = "Invalid";
+const xmlChar xmlSecKeyBindingStatusIndeterminate[] = "Indeterminate";
+
+const xmlChar xmlSecKeyBindingReasonIssuerTrust[] = "IssuerTrust";
+const xmlChar xmlSecKeyBindingReasonRevocationStatus[] = "RevocationStatus";
+const xmlChar xmlSecKeyBindingReasonValidityInterval[] = "ValidityInterval";
+const xmlChar xmlSecKeyBindingReasonSignature[] = "Signature";
+
+const xmlChar xmlSecResultMajorCodeSuccess[] = "Success";
+const xmlChar xmlSecResultMajorCodeVersionMismatch[] = "VersionMismatch";
+const xmlChar xmlSecResultMajorCodeSender[] = "Sender";
+const xmlChar xmlSecResultMajorCodeReceiver[] = "Receiver";
+const xmlChar xmlSecResultMajorCodeRepresent[] = "Represent";
+const xmlChar xmlSecResultMajorCodePending[] = "Pending";
+
+const xmlChar xmlSecResultMinorCodeNoMatch[] = "NoMatch";
+const xmlChar xmlSecResultMinorCodeTooManyResponses[] = "TooManyResponses";
+const xmlChar xmlSecResultMinorCodeIncomplete[] = "Incomplete";
+const xmlChar xmlSecResultMinorCodeFailure[] = "Failure";
+const xmlChar xmlSecResultMinorCodeRefused[] = "Refused";
+const xmlChar xmlSecResultMinorCodeNoAuthentication[] = "NoAuthentication";
+const xmlChar xmlSecResultMinorCodeMessageNotSupported[]= "MessageNotSupported";
+const xmlChar xmlSecResultMinorCodeUnknownResponseId[] = "UnknownResponseId";
+const xmlChar xmlSecResultMinorCodeNotSynchronous[] = "NotSynchronous";
+
+const xmlChar xmlSecXkmsSoapSubcodeValueMessageNotSupported[] = "MessageNotSupported";
+const xmlChar xmlSecXkmsSoapSubcodeValueBadMessage[] = "BadMessage";
+
+const xmlChar xmlSecXkmsSoapFaultReasonLang[] = "en";
+const xmlChar xmlSecXkmsSoapFaultReasonUnsupportedVersion[] = "Unsupported SOAP version";
+const xmlChar xmlSecXkmsSoapFaultReasonUnableToProcess[] = "Unable to process %s";
+const xmlChar xmlSecXkmsSoapFaultReasonServiceUnavailable[] = "Service temporarily unable";
+const xmlChar xmlSecXkmsSoapFaultReasonMessageNotSupported[]= "%s message not supported";
+const xmlChar xmlSecXkmsSoapFaultReasonMessageInvalid[] = "%s message invalid";
+
+const xmlChar xmlSecXkmsFormatStrPlain[] = "plain";
+const xmlChar xmlSecXkmsFormatStrSoap11[] = "soap-1.1";
+const xmlChar xmlSecXkmsFormatStrSoap12[] = "soap-1.2";
+
+#endif /* XMLSEC_NO_XKMS */
+
+/*************************************************************************
+ *
+ * KeyInfo Nodes
+ *
+ ************************************************************************/
+const xmlChar xmlSecNodeKeyInfo[] = "KeyInfo";
+const xmlChar xmlSecNodeReference[] = "Reference";
+const xmlChar xmlSecNodeTransforms[] = "Transforms";
+const xmlChar xmlSecNodeTransform[] = "Transform";
+
+/*************************************************************************
+ *
+ * Attributes
+ *
+ ************************************************************************/
+const xmlChar xmlSecAttrId[] = "Id";
+const xmlChar xmlSecAttrURI[] = "URI";
+const xmlChar xmlSecAttrType[] = "Type";
+const xmlChar xmlSecAttrMimeType[] = "MimeType";
+const xmlChar xmlSecAttrEncoding[] = "Encoding";
+const xmlChar xmlSecAttrAlgorithm[] = "Algorithm";
+const xmlChar xmlSecAttrFilter[] = "Filter";
+const xmlChar xmlSecAttrRecipient[] = "Recipient";
+const xmlChar xmlSecAttrTarget[] = "Target";
+
+/*************************************************************************
+ *
+ * AES strings
+ *
+ ************************************************************************/
+const xmlChar xmlSecNameAESKeyValue[] = "aes";
+const xmlChar xmlSecNodeAESKeyValue[] = "AESKeyValue";
+const xmlChar xmlSecHrefAESKeyValue[] = "http://www.aleksey.com/xmlsec/2002#AESKeyValue";
+
+const xmlChar xmlSecNameAes128Cbc[] = "aes128-cbc";
+const xmlChar xmlSecHrefAes128Cbc[] = "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
+
+const xmlChar xmlSecNameAes192Cbc[] = "aes192-cbc";
+const xmlChar xmlSecHrefAes192Cbc[] = "http://www.w3.org/2001/04/xmlenc#aes192-cbc";
+
+const xmlChar xmlSecNameAes256Cbc[] = "aes256-cbc";
+const xmlChar xmlSecHrefAes256Cbc[] = "http://www.w3.org/2001/04/xmlenc#aes256-cbc";
+
+const xmlChar xmlSecNameKWAes128[] = "kw-aes128";
+const xmlChar xmlSecHrefKWAes128[] = "http://www.w3.org/2001/04/xmlenc#kw-aes128";
+
+const xmlChar xmlSecNameKWAes192[] = "kw-aes192";
+const xmlChar xmlSecHrefKWAes192[] = "http://www.w3.org/2001/04/xmlenc#kw-aes192";
+
+const xmlChar xmlSecNameKWAes256[] = "kw-aes256";
+const xmlChar xmlSecHrefKWAes256[] = "http://www.w3.org/2001/04/xmlenc#kw-aes256";
+
+/*************************************************************************
+ *
+ * BASE64 strings
+ *
+ ************************************************************************/
+const xmlChar xmlSecNameBase64[] = "base64";
+const xmlChar xmlSecHrefBase64[] = "http://www.w3.org/2000/09/xmldsig#base64";
+
+/*************************************************************************
+ *
+ * C14N strings
+ *
+ ************************************************************************/
+const xmlChar xmlSecNameC14N[] = "c14n";
+const xmlChar xmlSecHrefC14N[] = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
+
+const xmlChar xmlSecNameC14NWithComments[] = "c14n-with-comments";
+const xmlChar xmlSecHrefC14NWithComments[] = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments";
+
+const xmlChar xmlSecNameC14N11[] = "c14n11";
+const xmlChar xmlSecHrefC14N11[] = "http://www.w3.org/2006/12/xml-c14n11";
+
+const xmlChar xmlSecNameC14N11WithComments[] = "c14n11-with-comments";
+const xmlChar xmlSecHrefC14N11WithComments[] = "http://www.w3.org/2006/12/xml-c14n11#WithComments";
+
+const xmlChar xmlSecNameExcC14N[] = "exc-c14n";
+const xmlChar xmlSecHrefExcC14N[] = "http://www.w3.org/2001/10/xml-exc-c14n#";
+
+const xmlChar xmlSecNameExcC14NWithComments[] = "exc-c14n-with-comments";
+const xmlChar xmlSecHrefExcC14NWithComments[] = "http://www.w3.org/2001/10/xml-exc-c14n#WithComments";
+
+const xmlChar xmlSecNsExcC14N[] = "http://www.w3.org/2001/10/xml-exc-c14n#";
+const xmlChar xmlSecNsExcC14NWithComments[] = "http://www.w3.org/2001/10/xml-exc-c14n#WithComments";
+
+const xmlChar xmlSecNodeInclusiveNamespaces[] = "InclusiveNamespaces";
+const xmlChar xmlSecAttrPrefixList[] = "PrefixList";
+
+/*************************************************************************
+ *
+ * DES strings
+ *
+ ************************************************************************/
+const xmlChar xmlSecNameDESKeyValue[] = "des";
+const xmlChar xmlSecNodeDESKeyValue[] = "DESKeyValue";
+const xmlChar xmlSecHrefDESKeyValue[] = "http://www.aleksey.com/xmlsec/2002#DESKeyValue";
+
+const xmlChar xmlSecNameDes3Cbc[] = "tripledes-cbc";
+const xmlChar xmlSecHrefDes3Cbc[] = "http://www.w3.org/2001/04/xmlenc#tripledes-cbc";
+
+const xmlChar xmlSecNameKWDes3[] = "kw-tripledes";
+const xmlChar xmlSecHrefKWDes3[] = "http://www.w3.org/2001/04/xmlenc#kw-tripledes";
+
+/*************************************************************************
+ *
+ * GOST2001 strings
+ *
+ ************************************************************************/
+const xmlChar xmlSecNameGOST2001KeyValue[] = "gost2001";
+const xmlChar xmlSecNodeGOST2001KeyValue[] = "gostr34102001-gostr3411";
+const xmlChar xmlSecHrefGOST2001KeyValue[] = "http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411";
+
+const xmlChar xmlSecNameGost2001GostR3411_94[] = "gostr34102001-gostr3411";
+const xmlChar xmlSecHrefGost2001GostR3411_94[] = "http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411";
+
+/*************************************************************************
+ *
+ * DSA strings
+ *
+ ************************************************************************/
+const xmlChar xmlSecNameDSAKeyValue[] = "dsa";
+const xmlChar xmlSecNodeDSAKeyValue[] = "DSAKeyValue";
+const xmlChar xmlSecHrefDSAKeyValue[] = "http://www.w3.org/2000/09/xmldsig#DSAKeyValue";
+const xmlChar xmlSecNodeDSAP[] = "P";
+const xmlChar xmlSecNodeDSAQ[] = "Q";
+const xmlChar xmlSecNodeDSAG[] = "G";
+const xmlChar xmlSecNodeDSAJ[] = "J";
+const xmlChar xmlSecNodeDSAX[] = "X";
+const xmlChar xmlSecNodeDSAY[] = "Y";
+const xmlChar xmlSecNodeDSASeed[] = "Seed";
+const xmlChar xmlSecNodeDSAPgenCounter[] = "PgenCounter";
+
+const xmlChar xmlSecNameDsaSha1[] = "dsa-sha1";
+const xmlChar xmlSecHrefDsaSha1[] = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
+
+/*************************************************************************
+ *
+ * EncryptedKey
+ *
+ ************************************************************************/
+const xmlChar xmlSecNameEncryptedKey[] = "enc-key";
+const xmlChar xmlSecNodeEncryptedKey[] = "EncryptedKey";
+const xmlChar xmlSecHrefEncryptedKey[] = "http://www.w3.org/2001/04/xmlenc#EncryptedKey";
+
+/*************************************************************************
+ *
+ * Enveloped transform strings
+ *
+ ************************************************************************/
+const xmlChar xmlSecNameEnveloped[] = "enveloped-signature";
+const xmlChar xmlSecHrefEnveloped[] = "http://www.w3.org/2000/09/xmldsig#enveloped-signature";
+
+/*************************************************************************
+ *
+ * HMAC strings
+ *
+ ************************************************************************/
+const xmlChar xmlSecNameHMACKeyValue[] = "hmac";
+const xmlChar xmlSecNodeHMACKeyValue[] = "HMACKeyValue";
+const xmlChar xmlSecHrefHMACKeyValue[] = "http://www.aleksey.com/xmlsec/2002#HMACKeyValue";
+
+const xmlChar xmlSecNodeHMACOutputLength[] = "HMACOutputLength";
+
+const xmlChar xmlSecNameHmacMd5[] = "hmac-md5";
+const xmlChar xmlSecHrefHmacMd5[] = "http://www.w3.org/2001/04/xmldsig-more#hmac-md5";
+
+const xmlChar xmlSecNameHmacRipemd160[] = "hmac-ripemd160";
+const xmlChar xmlSecHrefHmacRipemd160[] = "http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160";
+
+const xmlChar xmlSecNameHmacSha1[] = "hmac-sha1";
+const xmlChar xmlSecHrefHmacSha1[] = "http://www.w3.org/2000/09/xmldsig#hmac-sha1";
+
+const xmlChar xmlSecNameHmacSha224[] = "hmac-sha224";
+const xmlChar xmlSecHrefHmacSha224[] = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha224";
+
+const xmlChar xmlSecNameHmacSha256[] = "hmac-sha256";
+const xmlChar xmlSecHrefHmacSha256[] = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha256";
+
+const xmlChar xmlSecNameHmacSha384[] = "hmac-sha384";
+const xmlChar xmlSecHrefHmacSha384[] = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha384";
+
+const xmlChar xmlSecNameHmacSha512[] = "hmac-sha512";
+const xmlChar xmlSecHrefHmacSha512[] = "http://www.w3.org/2001/04/xmldsig-more#hmac-sha512";
+
+/*************************************************************************
+ *
+ * KeyName strings
+ *
+ ************************************************************************/
+const xmlChar xmlSecNameKeyName[] = "key-name";
+const xmlChar xmlSecNodeKeyName[] = "KeyName";
+
+/*************************************************************************
+ *
+ * KeyValue strings
+ *
+ ************************************************************************/
+const xmlChar xmlSecNameKeyValue[] = "key-value";
+const xmlChar xmlSecNodeKeyValue[] = "KeyValue";
+
+/*************************************************************************
+ *
+ * Memory Buffer strings
+ *
+ ************************************************************************/
+const xmlChar xmlSecNameMemBuf[] = "membuf-transform";
+
+/*************************************************************************
+ *
+ * MD5 strings
+ *
+ ************************************************************************/
+const xmlChar xmlSecNameMd5[] = "md5";
+const xmlChar xmlSecHrefMd5[] = "http://www.w3.org/2001/04/xmldsig-more#md5";
+
+/*************************************************************************
+ *
+ * RetrievalMethod
+ *
+ ************************************************************************/
+const xmlChar xmlSecNameRetrievalMethod[] = "retrieval-method";
+const xmlChar xmlSecNodeRetrievalMethod[] = "RetrievalMethod";
+
+/*************************************************************************
+ *
+ * RIPEMD160 strings
+ *
+ ************************************************************************/
+const xmlChar xmlSecNameRipemd160[] = "ripemd160";
+const xmlChar xmlSecHrefRipemd160[] = "http://www.w3.org/2001/04/xmlenc#ripemd160";
+
+/*************************************************************************
+ *
+ * RSA strings
+ *
+ ************************************************************************/
+const xmlChar xmlSecNameRSAKeyValue[] = "rsa";
+const xmlChar xmlSecNodeRSAKeyValue[] = "RSAKeyValue";
+const xmlChar xmlSecHrefRSAKeyValue[] = "http://www.w3.org/2000/09/xmldsig#RSAKeyValue";
+const xmlChar xmlSecNodeRSAModulus[] = "Modulus";
+const xmlChar xmlSecNodeRSAExponent[] = "Exponent";
+const xmlChar xmlSecNodeRSAPrivateExponent[] = "PrivateExponent";
+
+const xmlChar xmlSecNameRsaMd5[] = "rsa-md5";
+const xmlChar xmlSecHrefRsaMd5[] = "http://www.w3.org/2001/04/xmldsig-more#rsa-md5";
+
+const xmlChar xmlSecNameRsaRipemd160[] = "rsa-ripemd160";
+const xmlChar xmlSecHrefRsaRipemd160[] = "http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160";
+
+const xmlChar xmlSecNameRsaSha1[] = "rsa-sha1";
+const xmlChar xmlSecHrefRsaSha1[] = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
+
+const xmlChar xmlSecNameRsaSha224[] = "rsa-sha224";
+const xmlChar xmlSecHrefRsaSha224[] = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha224";
+
+const xmlChar xmlSecNameRsaSha256[] = "rsa-sha256";
+const xmlChar xmlSecHrefRsaSha256[] = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
+
+const xmlChar xmlSecNameRsaSha384[] = "rsa-sha384";
+const xmlChar xmlSecHrefRsaSha384[] = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384";
+
+const xmlChar xmlSecNameRsaSha512[] = "rsa-sha512";
+const xmlChar xmlSecHrefRsaSha512[] = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512";
+
+const xmlChar xmlSecNameRsaPkcs1[] = "rsa-1_5";
+const xmlChar xmlSecHrefRsaPkcs1[] = "http://www.w3.org/2001/04/xmlenc#rsa-1_5";
+
+const xmlChar xmlSecNameRsaOaep[] = "rsa-oaep-mgf1p";
+const xmlChar xmlSecHrefRsaOaep[] = "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";
+const xmlChar xmlSecNodeRsaOAEPparams[] = "OAEPparams";
+
+/*************************************************************************
+ *
+ * GOSTR3411_94 strings
+ *
+ ************************************************************************/
+const xmlChar xmlSecNameGostR3411_94[] = "gostr3411";
+const xmlChar xmlSecHrefGostR3411_94[] = "http://www.w3.org/2001/04/xmldsig-more#gostr3411";
+
+/*************************************************************************
+ *
+ * SHA1 strings
+ *
+ ************************************************************************/
+const xmlChar xmlSecNameSha1[] = "sha1";
+const xmlChar xmlSecHrefSha1[] = "http://www.w3.org/2000/09/xmldsig#sha1";
+
+const xmlChar xmlSecNameSha224[] = "sha224";
+const xmlChar xmlSecHrefSha224[] = "http://www.w3.org/2001/04/xmldsig-more#sha224";
+
+const xmlChar xmlSecNameSha256[] = "sha256";
+const xmlChar xmlSecHrefSha256[] = "http://www.w3.org/2001/04/xmlenc#sha256";
+
+const xmlChar xmlSecNameSha384[] = "sha384";
+const xmlChar xmlSecHrefSha384[] = "http://www.w3.org/2001/04/xmldsig-more#sha384";
+
+const xmlChar xmlSecNameSha512[] = "sha512";
+const xmlChar xmlSecHrefSha512[] = "http://www.w3.org/2001/04/xmlenc#sha512";
+
+/*************************************************************************
+ *
+ * X509 strings
+ *
+ ************************************************************************/
+const xmlChar xmlSecNameX509Data[] = "x509";
+const xmlChar xmlSecNodeX509Data[] = "X509Data";
+const xmlChar xmlSecHrefX509Data[] = "http://www.w3.org/2000/09/xmldsig#X509Data";
+
+const xmlChar xmlSecNodeX509Certificate[] = "X509Certificate";
+const xmlChar xmlSecNodeX509CRL[] = "X509CRL";
+const xmlChar xmlSecNodeX509SubjectName[] = "X509SubjectName";
+const xmlChar xmlSecNodeX509IssuerSerial[] = "X509IssuerSerial";
+const xmlChar xmlSecNodeX509IssuerName[] = "X509IssuerName";
+const xmlChar xmlSecNodeX509SerialNumber[] = "X509SerialNumber";
+const xmlChar xmlSecNodeX509SKI[] = "X509SKI";
+
+const xmlChar xmlSecNameRawX509Cert[] = "raw-x509-cert";
+const xmlChar xmlSecHrefRawX509Cert[] = "http://www.w3.org/2000/09/xmldsig#rawX509Certificate";
+
+const xmlChar xmlSecNameX509Store[] = "x509-store";
+
+/*************************************************************************
+ *
+ * PGP strings
+ *
+ ************************************************************************/
+const xmlChar xmlSecNamePGPData[] = "pgp";
+const xmlChar xmlSecNodePGPData[] = "PGPData";
+const xmlChar xmlSecHrefPGPData[] = "http://www.w3.org/2000/09/xmldsig#PGPData";
+
+/*************************************************************************
+ *
+ * SPKI strings
+ *
+ ************************************************************************/
+const xmlChar xmlSecNameSPKIData[] = "spki";
+const xmlChar xmlSecNodeSPKIData[] = "SPKIData";
+const xmlChar xmlSecHrefSPKIData[] = "http://www.w3.org/2000/09/xmldsig#SPKIData";
+
+/*************************************************************************
+ *
+ * XPath/XPointer strings
+ *
+ ************************************************************************/
+const xmlChar xmlSecNameXPath[] = "xpath";
+const xmlChar xmlSecNodeXPath[] = "XPath";
+
+const xmlChar xmlSecNameXPath2[] = "xpath2";
+const xmlChar xmlSecNodeXPath2[] = "XPath";
+const xmlChar xmlSecXPath2FilterIntersect[] = "intersect";
+const xmlChar xmlSecXPath2FilterSubtract[] = "subtract";
+const xmlChar xmlSecXPath2FilterUnion[] = "union";
+
+const xmlChar xmlSecNameXPointer[] = "xpointer";
+const xmlChar xmlSecNodeXPointer[] = "XPointer";
+
+/*************************************************************************
+ *
+ * Xslt strings
+ *
+ ************************************************************************/
+const xmlChar xmlSecNameXslt[] = "xslt";
+const xmlChar xmlSecHrefXslt[] = "http://www.w3.org/TR/1999/REC-xslt-19991116";
+
+#ifndef XMLSEC_NO_SOAP
+/*************************************************************************
+ *
+ * SOAP 1.1/1.2 strings
+ *
+ ************************************************************************/
+const xmlChar xmlSecNodeEnvelope[] = "Envelope";
+const xmlChar xmlSecNodeHeader[] = "Header";
+const xmlChar xmlSecNodeBody[] = "Body";
+const xmlChar xmlSecNodeFault[] = "Fault";
+const xmlChar xmlSecNodeFaultCode[] = "faultcode";
+const xmlChar xmlSecNodeFaultString[] = "faultstring";
+const xmlChar xmlSecNodeFaultActor[] = "faultactor";
+const xmlChar xmlSecNodeFaultDetail[] = "detail";
+const xmlChar xmlSecNodeCode[] = "Code";
+const xmlChar xmlSecNodeReason[] = "Reason";
+const xmlChar xmlSecNodeNode[] = "Node";
+const xmlChar xmlSecNodeRole[] = "Role";
+const xmlChar xmlSecNodeDetail[] = "Detail";
+const xmlChar xmlSecNodeValue[] = "Value";
+const xmlChar xmlSecNodeSubcode[] = "Subcode";
+const xmlChar xmlSecNodeText[] = "Text";
+
+
+const xmlChar xmlSecSoapFaultCodeVersionMismatch[] = "VersionMismatch";
+const xmlChar xmlSecSoapFaultCodeMustUnderstand[] = "MustUnderstand";
+const xmlChar xmlSecSoapFaultCodeClient[] = "Client";
+const xmlChar xmlSecSoapFaultCodeServer[] = "Server";
+const xmlChar xmlSecSoapFaultCodeReceiver[] = "Receiver";
+const xmlChar xmlSecSoapFaultCodeSender[] = "Sender";
+const xmlChar xmlSecSoapFaultDataEncodningUnknown[] = "DataEncodingUnknown";
+
+
+#endif /* XMLSEC_NO_SOAP */
+
+/*************************************************************************
+ *
+ * Utility strings
+ *
+ ************************************************************************/
+const xmlChar xmlSecStringEmpty[] = "";
+const xmlChar xmlSecStringCR[] = "\n";
+
+
diff --git a/src/templates.c b/src/templates.c
new file mode 100644
index 00000000..2270db67
--- /dev/null
+++ b/src/templates.c
@@ -0,0 +1,2091 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Creating signature and encryption templates.
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/strings.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/templates.h>
+#include <xmlsec/errors.h>
+
+
+static xmlNodePtr xmlSecTmplAddReference (xmlNodePtr parentNode,
+ xmlSecTransformId digestMethodId,
+ const xmlChar *id,
+ const xmlChar *uri,
+ const xmlChar *type);
+static int xmlSecTmplPrepareEncData (xmlNodePtr parentNode,
+ xmlSecTransformId encMethodId);
+static int xmlSecTmplNodeWriteNsList (xmlNodePtr parentNode,
+ const xmlChar** namespaces);
+/**************************************************************************
+ *
+ * <dsig:Signature/> node
+ *
+ **************************************************************************/
+/**
+ * xmlSecTmplSignatureCreate:
+ * @doc: the pointer to signature document or NULL; in the
+ * second case, application must later call @xmlSetTreeDoc
+ * to ensure that all the children nodes have correct
+ * pointer to XML document.
+ * @c14nMethodId: the signature canonicalization method.
+ * @signMethodId: the signature method.
+ * @id: the node id (may be NULL).
+ *
+ * Creates new <dsig:Signature/> node with the mandatory <dsig:SignedInfo/>,
+ * <dsig:CanonicalizationMethod/>, <dsig:SignatureMethod/> and
+ * <dsig:SignatureValue/> children and sub-children.
+ * The application is responsible for inserting the returned node
+ * in the XML document.
+ *
+ * Returns: the pointer to newly created <dsig:Signature/> node or NULL if an
+ * error occurs.
+ */
+xmlNodePtr
+xmlSecTmplSignatureCreate(xmlDocPtr doc, xmlSecTransformId c14nMethodId,
+ xmlSecTransformId signMethodId, const xmlChar *id) {
+ return xmlSecTmplSignatureCreateNsPref(doc, c14nMethodId, signMethodId, id, NULL);
+}
+
+/**
+ * xmlSecTmplSignatureCreateNsPref:
+ * @doc: the pointer to signature document or NULL; in the
+ * second case, application must later call @xmlSetTreeDoc
+ * to ensure that all the children nodes have correct
+ * pointer to XML document.
+ * @c14nMethodId: the signature canonicalization method.
+ * @signMethodId: the signature method.
+ * @id: the node id (may be NULL).
+ * @nsPrefix: the namespace prefix for the signature element (e.g. "dsig"), or NULL
+ *
+ * Creates new <dsig:Signature/> node with the mandatory
+ * <dsig:SignedInfo/>, <dsig:CanonicalizationMethod/>,
+ * <dsig:SignatureMethod/> and <dsig:SignatureValue/> children and
+ * sub-children. This method differs from xmlSecTmplSignatureCreate in
+ * that it will define the http://www.w3.org/2000/09/xmldsig#
+ * namespace with the given prefix that will be used for all of the
+ * appropriate child nodes. The application is responsible for
+ * inserting the returned node in the XML document.
+ *
+ * Returns: the pointer to newly created <dsig:Signature/> node or NULL if an
+ * error occurs.
+ */
+xmlNodePtr
+xmlSecTmplSignatureCreateNsPref(xmlDocPtr doc, xmlSecTransformId c14nMethodId,
+ xmlSecTransformId signMethodId, const xmlChar *id,
+ const xmlChar* nsPrefix) {
+ xmlNodePtr signNode;
+ xmlNodePtr signedInfoNode;
+ xmlNodePtr cur;
+ xmlNsPtr ns;
+
+ xmlSecAssert2(c14nMethodId != NULL, NULL);
+ xmlSecAssert2(c14nMethodId->href != NULL, NULL);
+ xmlSecAssert2(signMethodId != NULL, NULL);
+ xmlSecAssert2(signMethodId->href != NULL, NULL);
+
+ /* create Signature node itself */
+ signNode = xmlNewDocNode(doc, NULL, xmlSecNodeSignature, NULL);
+ if(signNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewDocNode",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeSignature));
+ return(NULL);
+ }
+
+ ns = xmlNewNs(signNode, xmlSecDSigNs, nsPrefix);
+ if(ns == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewNs",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "ns=%s",
+ xmlSecErrorsSafeString(xmlSecDSigNs));
+ xmlFreeNode(signNode);
+ return(NULL);
+ }
+ xmlSetNs(signNode, ns);
+
+ if(id != NULL) {
+ xmlSetProp(signNode, BAD_CAST "Id", id);
+ }
+
+ /* add SignedInfo node */
+ signedInfoNode = xmlSecAddChild(signNode, xmlSecNodeSignedInfo, xmlSecDSigNs);
+ if(signedInfoNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeSignedInfo));
+ xmlFreeNode(signNode);
+ return(NULL);
+ }
+
+ /* add SignatureValue node */
+ cur = xmlSecAddChild(signNode, xmlSecNodeSignatureValue, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeSignatureValue));
+ xmlFreeNode(signNode);
+ return(NULL);
+ }
+
+ /* add CanonicaizationMethod node to SignedInfo */
+ cur = xmlSecAddChild(signedInfoNode, xmlSecNodeCanonicalizationMethod, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeCanonicalizationMethod));
+ xmlFreeNode(signNode);
+ return(NULL);
+ }
+ if(xmlSetProp(cur, xmlSecAttrAlgorithm, c14nMethodId->href) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s,value=%s",
+ xmlSecErrorsSafeString(xmlSecAttrAlgorithm),
+ xmlSecErrorsSafeString(c14nMethodId->href));
+ xmlFreeNode(signNode);
+ return(NULL);
+ }
+
+ /* add SignatureMethod node to SignedInfo */
+ cur = xmlSecAddChild(signedInfoNode, xmlSecNodeSignatureMethod, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeSignatureMethod));
+ xmlFreeNode(signNode);
+ return(NULL);
+ }
+ if(xmlSetProp(cur, xmlSecAttrAlgorithm, signMethodId->href) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s,value=%s",
+ xmlSecErrorsSafeString(xmlSecAttrAlgorithm),
+ xmlSecErrorsSafeString(signMethodId->href));
+ xmlFreeNode(signNode);
+ return(NULL);
+ }
+
+ return(signNode);
+}
+
+/**
+ * xmlSecTmplSignatureEnsureKeyInfo:
+ * @signNode: the pointer to <dsig:Signature/> node.
+ * @id: the node id (may be NULL).
+ *
+ * Adds (if necessary) <dsig:KeyInfo/> node to the <dsig:Signature/>
+ * node @signNode.
+ *
+ * Returns: the pointer to newly created <dsig:KeyInfo/> node or NULL if an
+ * error occurs.
+ */
+xmlNodePtr
+xmlSecTmplSignatureEnsureKeyInfo(xmlNodePtr signNode, const xmlChar *id) {
+ xmlNodePtr res;
+
+ xmlSecAssert2(signNode != NULL, NULL);
+
+ res = xmlSecFindChild(signNode, xmlSecNodeKeyInfo, xmlSecDSigNs);
+ if(res == NULL) {
+ xmlNodePtr signValueNode;
+
+ signValueNode = xmlSecFindChild(signNode, xmlSecNodeSignatureValue, xmlSecDSigNs);
+ if(signValueNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeSignatureValue),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ res = xmlSecAddNextSibling(signValueNode, xmlSecNodeKeyInfo, xmlSecDSigNs);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddNextSibling",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
+ return(NULL);
+ }
+ }
+ if(id != NULL) {
+ xmlSetProp(res, xmlSecAttrId, id);
+ }
+ return(res);
+}
+
+/**
+ * xmlSecTmplSignatureAddReference:
+ * @signNode: the pointer to <dsig:Signature/> node.
+ * @digestMethodId: the reference digest method.
+ * @id: the node id (may be NULL).
+ * @uri: the reference node uri (may be NULL).
+ * @type: the reference node type (may be NULL).
+ *
+ * Adds <dsig:Reference/> node with given URI (@uri), Id (@id) and
+ * Type (@type) attributes and the required children <dsig:DigestMethod/> and
+ * <dsig:DigestValue/> to the <dsig:SignedInfo/> child of @signNode.
+ *
+ * Returns: the pointer to newly created <dsig:Reference/> node or NULL
+ * if an error occurs.
+ */
+xmlNodePtr
+xmlSecTmplSignatureAddReference(xmlNodePtr signNode, xmlSecTransformId digestMethodId,
+ const xmlChar *id, const xmlChar *uri, const xmlChar *type) {
+ xmlNodePtr signedInfoNode;
+
+ xmlSecAssert2(signNode != NULL, NULL);
+ xmlSecAssert2(digestMethodId != NULL, NULL);
+ xmlSecAssert2(digestMethodId->href != NULL, NULL);
+
+ signedInfoNode = xmlSecFindChild(signNode, xmlSecNodeSignedInfo, xmlSecDSigNs);
+ if(signedInfoNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeSignedInfo),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ return(xmlSecTmplAddReference(signedInfoNode, digestMethodId, id, uri, type));
+}
+
+static xmlNodePtr
+xmlSecTmplAddReference(xmlNodePtr parentNode, xmlSecTransformId digestMethodId,
+ const xmlChar *id, const xmlChar *uri, const xmlChar *type) {
+ xmlNodePtr res;
+ xmlNodePtr cur;
+
+ xmlSecAssert2(parentNode != NULL, NULL);
+ xmlSecAssert2(digestMethodId != NULL, NULL);
+ xmlSecAssert2(digestMethodId->href != NULL, NULL);
+
+ /* add Reference node */
+ res = xmlSecAddChild(parentNode, xmlSecNodeReference, xmlSecDSigNs);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeReference));
+ return(NULL);
+ }
+
+ /* set Reference node attributes */
+ if(id != NULL) {
+ xmlSetProp(res, xmlSecAttrId, id);
+ }
+ if(type != NULL) {
+ xmlSetProp(res, xmlSecAttrType, type);
+ }
+ if(uri != NULL) {
+ xmlSetProp(res, xmlSecAttrURI, uri);
+ }
+
+ /* add DigestMethod node and set algorithm */
+ cur = xmlSecAddChild(res, xmlSecNodeDigestMethod, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDigestMethod));
+ xmlUnlinkNode(res);
+ xmlFreeNode(res);
+ return(NULL);
+ }
+ if(xmlSetProp(cur, xmlSecAttrAlgorithm, digestMethodId->href) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s,value=%s",
+ xmlSecErrorsSafeString(xmlSecAttrAlgorithm),
+ xmlSecErrorsSafeString(digestMethodId->href));
+ xmlUnlinkNode(res);
+ xmlFreeNode(res);
+ return(NULL);
+ }
+
+ /* add DigestValue node */
+ cur = xmlSecAddChild(res, xmlSecNodeDigestValue, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDigestValue));
+ xmlUnlinkNode(res);
+ xmlFreeNode(res);
+ return(NULL);
+ }
+
+ return(res);
+}
+
+/**
+ * xmlSecTmplSignatureAddObject:
+ * @signNode: the pointer to <dsig:Signature/> node.
+ * @id: the node id (may be NULL).
+ * @mimeType: the object mime type (may be NULL).
+ * @encoding: the object encoding (may be NULL).
+ *
+ * Adds <dsig:Object/> node to the <dsig:Signature/> node @signNode.
+ *
+ * Returns: the pointer to newly created <dsig:Object/> node or NULL
+ * if an error occurs.
+ */
+xmlNodePtr
+xmlSecTmplSignatureAddObject(xmlNodePtr signNode, const xmlChar *id,
+ const xmlChar *mimeType, const xmlChar *encoding) {
+ xmlNodePtr res;
+
+ xmlSecAssert2(signNode != NULL, NULL);
+
+ res = xmlSecAddChild(signNode, xmlSecNodeObject, xmlSecDSigNs);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeObject));
+ return(NULL);
+ }
+ if(id != NULL) {
+ xmlSetProp(res, xmlSecAttrId, id);
+ }
+ if(mimeType != NULL) {
+ xmlSetProp(res, xmlSecAttrMimeType, mimeType);
+ }
+ if(encoding != NULL) {
+ xmlSetProp(res, xmlSecAttrEncoding, encoding);
+ }
+ return(res);
+}
+
+/**
+ * xmlSecTmplSignatureGetSignMethodNode:
+ * @signNode: the pointer to <dsig:Signature /> node.
+ *
+ * Gets pointer to <dsig:SignatureMethod/> child of <dsig:KeyInfo/> node.
+ *
+ * Returns: pointer to <dsig:SignatureMethod /> node or NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecTmplSignatureGetSignMethodNode(xmlNodePtr signNode) {
+ xmlNodePtr signedInfoNode;
+
+ xmlSecAssert2(signNode != NULL, NULL);
+
+ signedInfoNode = xmlSecFindChild(signNode, xmlSecNodeSignedInfo, xmlSecDSigNs);
+ if(signedInfoNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeSignedInfo),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ return(xmlSecFindChild(signedInfoNode, xmlSecNodeSignatureMethod, xmlSecDSigNs));
+}
+
+/**
+ * xmlSecTmplSignatureGetC14NMethodNode:
+ * @signNode: the pointer to <dsig:Signature /> node.
+ *
+ * Gets pointer to <dsig:CanonicalizationMethod/> child of <dsig:KeyInfo/> node.
+ *
+ * Returns: pointer to <dsig:CanonicalizationMethod /> node or NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecTmplSignatureGetC14NMethodNode(xmlNodePtr signNode) {
+ xmlNodePtr signedInfoNode;
+
+ xmlSecAssert2(signNode != NULL, NULL);
+
+ signedInfoNode = xmlSecFindChild(signNode, xmlSecNodeSignedInfo, xmlSecDSigNs);
+ if(signedInfoNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeSignedInfo),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ return(xmlSecFindChild(signedInfoNode, xmlSecNodeCanonicalizationMethod, xmlSecDSigNs));
+}
+
+/**
+ * xmlSecTmplReferenceAddTransform:
+ * @referenceNode: the pointer to <dsig:Reference/> node.
+ * @transformId: the transform method id.
+ *
+ * Adds <dsig:Transform/> node to the <dsig:Reference/> node @referenceNode.
+ *
+ * Returns: the pointer to newly created <dsig:Transform/> node or NULL if an
+ * error occurs.
+ */
+xmlNodePtr
+xmlSecTmplReferenceAddTransform(xmlNodePtr referenceNode, xmlSecTransformId transformId) {
+ xmlNodePtr transformsNode;
+ xmlNodePtr res;
+
+ xmlSecAssert2(referenceNode != NULL, NULL);
+ xmlSecAssert2(transformId != NULL, NULL);
+ xmlSecAssert2(transformId->href != NULL, NULL);
+
+ /* do we need to create Transforms node first */
+ transformsNode = xmlSecFindChild(referenceNode, xmlSecNodeTransforms, xmlSecDSigNs);
+ if(transformsNode == NULL) {
+ xmlNodePtr tmp;
+
+ tmp = xmlSecGetNextElementNode(referenceNode->children);
+ if(tmp == NULL) {
+ transformsNode = xmlSecAddChild(referenceNode, xmlSecNodeTransforms, xmlSecDSigNs);
+ } else {
+ transformsNode = xmlSecAddPrevSibling(tmp, xmlSecNodeTransforms, xmlSecDSigNs);
+ }
+ if(transformsNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild or xmlSecAddPrevSibling",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeTransforms));
+ return(NULL);
+ }
+ }
+
+ res = xmlSecAddChild(transformsNode, xmlSecNodeTransform, xmlSecDSigNs);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeTransform));
+ return(NULL);
+ }
+
+ if(xmlSetProp(res, xmlSecAttrAlgorithm, transformId->href) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s,value=%s",
+ xmlSecErrorsSafeString(xmlSecAttrAlgorithm),
+ xmlSecErrorsSafeString(transformId->href));
+ xmlUnlinkNode(res);
+ xmlFreeNode(res);
+ return(NULL);
+ }
+
+ return(res);
+}
+
+/**
+ * xmlSecTmplObjectAddSignProperties:
+ * @objectNode: the pointer to <dsig:Object/> node.
+ * @id: the node id (may be NULL).
+ * @target: the Target (may be NULL).
+ *
+ * Adds <dsig:SignatureProperties/> node to the <dsig:Object/> node @objectNode.
+ *
+ * Returns: the pointer to newly created <dsig:SignatureProperties/> node or NULL
+ * if an error occurs.
+ */
+xmlNodePtr
+xmlSecTmplObjectAddSignProperties(xmlNodePtr objectNode, const xmlChar *id, const xmlChar *target) {
+ xmlNodePtr res;
+
+ xmlSecAssert2(objectNode != NULL, NULL);
+
+ res = xmlSecAddChild(objectNode, xmlSecNodeSignatureProperties, xmlSecDSigNs);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeSignatureProperties));
+ return(NULL);
+ }
+ if(id != NULL) {
+ xmlSetProp(res, xmlSecAttrId, id);
+ }
+ if(target != NULL) {
+ xmlSetProp(res, xmlSecAttrTarget, target);
+ }
+ return(res);
+}
+
+/**
+ * xmlSecTmplObjectAddManifest:
+ * @objectNode: the pointer to <dsig:Object/> node.
+ * @id: the node id (may be NULL).
+ *
+ * Adds <dsig:Manifest/> node to the <dsig:Object/> node @objectNode.
+ *
+ * Returns: the pointer to newly created <dsig:Manifest/> node or NULL
+ * if an error occurs.
+ */
+xmlNodePtr
+xmlSecTmplObjectAddManifest(xmlNodePtr objectNode, const xmlChar *id) {
+ xmlNodePtr res;
+
+ xmlSecAssert2(objectNode != NULL, NULL);
+
+ res = xmlSecAddChild(objectNode, xmlSecNodeManifest, xmlSecDSigNs);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeManifest));
+ return(NULL);
+ }
+ if(id != NULL) {
+ xmlSetProp(res, xmlSecAttrId, id);
+ }
+ return(res);
+}
+
+/**
+ * xmlSecTmplManifestAddReference:
+ * @manifestNode: the pointer to <dsig:Manifest/> node.
+ * @digestMethodId: the reference digest method.
+ * @id: the node id (may be NULL).
+ * @uri: the reference node uri (may be NULL).
+ * @type: the reference node type (may be NULL).
+ *
+ * Adds <dsig:Reference/> node with specified URI (@uri), Id (@id) and
+ * Type (@type) attributes and the required children <dsig:DigestMethod/> and
+ * <dsig:DigestValue/> to the <dsig:Manifest/> node @manifestNode.
+ *
+ * Returns: the pointer to newly created <dsig:Reference/> node or NULL
+ * if an error occurs.
+ */
+xmlNodePtr
+xmlSecTmplManifestAddReference(xmlNodePtr manifestNode, xmlSecTransformId digestMethodId,
+ const xmlChar *id, const xmlChar *uri, const xmlChar *type) {
+ return(xmlSecTmplAddReference(manifestNode, digestMethodId, id, uri, type));
+}
+
+/**************************************************************************
+ *
+ * <enc:EncryptedData/> node
+ *
+ **************************************************************************/
+/**
+ * xmlSecTmplEncDataCreate:
+ * @doc: the pointer to signature document or NULL; in the later
+ * case, application must later call @xmlSetTreeDoc to ensure
+ * that all the children nodes have correct pointer to XML document.
+ * @encMethodId: the encryption method (may be NULL).
+ * @id: the Id attribute (optional).
+ * @type: the Type attribute (optional)
+ * @mimeType: the MimeType attribute (optional)
+ * @encoding: the Encoding attribute (optional)
+ *
+ * Creates new <enc:EncryptedData /> node for encryption template.
+ *
+ * Returns: the pointer newly created <enc:EncryptedData/> node or NULL
+ * if an error occurs.
+ */
+xmlNodePtr
+xmlSecTmplEncDataCreate(xmlDocPtr doc, xmlSecTransformId encMethodId,
+ const xmlChar *id, const xmlChar *type,
+ const xmlChar *mimeType, const xmlChar *encoding) {
+ xmlNodePtr encNode;
+ xmlNsPtr ns;
+
+ encNode = xmlNewDocNode(doc, NULL, xmlSecNodeEncryptedData, NULL);
+ if(encNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewDocNode",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeEncryptedData));
+ return(NULL);
+ }
+
+ ns = xmlNewNs(encNode, xmlSecEncNs, NULL);
+ if(ns == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewNs",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "ns=%s",
+ xmlSecErrorsSafeString(xmlSecEncNs));
+ return(NULL);
+ }
+ xmlSetNs(encNode, ns);
+
+ if(id != NULL) {
+ xmlSetProp(encNode, xmlSecAttrId, id);
+ }
+ if(type != NULL) {
+ xmlSetProp(encNode, xmlSecAttrType, type);
+ }
+ if(mimeType != NULL) {
+ xmlSetProp(encNode, xmlSecAttrMimeType, mimeType);
+ }
+ if(encoding != NULL) {
+ xmlSetProp(encNode, xmlSecAttrEncoding, encoding);
+ }
+
+ if(xmlSecTmplPrepareEncData(encNode, encMethodId) < 0) {
+ xmlFreeNode(encNode);
+ return(NULL);
+ }
+ return(encNode);
+}
+
+static int
+xmlSecTmplPrepareEncData(xmlNodePtr parentNode, xmlSecTransformId encMethodId) {
+ xmlNodePtr cur;
+
+ xmlSecAssert2(parentNode != NULL, -1);
+ xmlSecAssert2((encMethodId == NULL) || (encMethodId->href != NULL), -1);
+
+ /* add EncryptionMethod node if requested */
+ if(encMethodId != NULL) {
+ cur = xmlSecAddChild(parentNode, xmlSecNodeEncryptionMethod, xmlSecEncNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeEncryptionMethod));
+ return(-1);
+ }
+ if(xmlSetProp(cur, xmlSecAttrAlgorithm, encMethodId->href) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s,value=%s",
+ xmlSecErrorsSafeString(xmlSecAttrAlgorithm),
+ xmlSecErrorsSafeString(encMethodId->href));
+ return(-1);
+ }
+ }
+
+ /* and CipherData node */
+ cur = xmlSecAddChild(parentNode, xmlSecNodeCipherData, xmlSecEncNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeCipherData));
+ return(-1);
+ }
+
+ return(0);
+}
+
+
+/**
+ * xmlSecTmplEncDataEnsureKeyInfo:
+ * @encNode: the pointer to <enc:EncryptedData/> node.
+ * @id: the Id attrbibute (optional).
+ *
+ * Adds <dsig:KeyInfo/> to the <enc:EncryptedData/> node @encNode.
+ *
+ * Returns: the pointer to newly created <dsig:KeyInfo/> node or
+ * NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecTmplEncDataEnsureKeyInfo(xmlNodePtr encNode, const xmlChar* id) {
+ xmlNodePtr res;
+
+ xmlSecAssert2(encNode != NULL, NULL);
+
+ res = xmlSecFindChild(encNode, xmlSecNodeKeyInfo, xmlSecDSigNs);
+ if(res == NULL) {
+ xmlNodePtr cipherDataNode;
+
+ cipherDataNode = xmlSecFindChild(encNode, xmlSecNodeCipherData, xmlSecEncNs);
+ if(cipherDataNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeCipherData),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ res = xmlSecAddPrevSibling(cipherDataNode, xmlSecNodeKeyInfo, xmlSecDSigNs);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddPrevSibling",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
+ return(NULL);
+ }
+ }
+ if(id != NULL) {
+ xmlSetProp(res, xmlSecAttrId, id);
+ }
+ return(res);
+}
+
+/**
+ * xmlSecTmplEncDataEnsureEncProperties:
+ * @encNode: the pointer to <enc:EncryptedData/> node.
+ * @id: the Id attribute (optional).
+ *
+ * Adds <enc:EncryptionProperties/> node to the <enc:EncryptedData/>
+ * node @encNode.
+ *
+ * Returns: the pointer to newly created <enc:EncryptionProperties/> node or
+ * NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecTmplEncDataEnsureEncProperties(xmlNodePtr encNode, const xmlChar *id) {
+ xmlNodePtr res;
+
+ xmlSecAssert2(encNode != NULL, NULL);
+
+ res = xmlSecFindChild(encNode, xmlSecNodeEncryptionProperties, xmlSecEncNs);
+ if(res == NULL) {
+ res = xmlSecAddChild(encNode, xmlSecNodeEncryptionProperties, xmlSecEncNs);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeEncryptionProperties));
+ return(NULL);
+ }
+ }
+
+ if(id != NULL) {
+ xmlSetProp(res, xmlSecAttrId, id);
+ }
+
+ return(res);
+}
+
+/**
+ * xmlSecTmplEncDataAddEncProperty:
+ * @encNode: the pointer to <enc:EncryptedData/> node.
+ * @id: the Id attribute (optional).
+ * @target: the Target attribute (optional).
+ *
+ * Adds <enc:EncryptionProperty/> node (and the parent
+ * <enc:EncryptionProperties/> node if required) to the
+ * <enc:EncryptedData/> node @encNode.
+ *
+ * Returns: the pointer to newly created <enc:EncryptionProperty/> node or
+ * NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecTmplEncDataAddEncProperty(xmlNodePtr encNode, const xmlChar *id, const xmlChar *target) {
+ xmlNodePtr encProps;
+ xmlNodePtr res;
+
+ xmlSecAssert2(encNode != NULL, NULL);
+
+ encProps = xmlSecTmplEncDataEnsureEncProperties(encNode, NULL);
+ if(encProps == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTmplEncDataEnsureEncProperties",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ res = xmlSecAddChild(encProps, xmlSecNodeEncryptionProperty, xmlSecEncNs);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeEncryptionProperty));
+ return(NULL);
+ }
+ if(id != NULL) {
+ xmlSetProp(res, xmlSecAttrId, id);
+ }
+ if(target != NULL) {
+ xmlSetProp(res, xmlSecAttrTarget, target);
+ }
+
+ return(res);
+}
+
+/**
+ * xmlSecTmplEncDataEnsureCipherValue:
+ * @encNode: the pointer to <enc:EncryptedData/> node.
+ *
+ * Adds <enc:CipherValue/> to the <enc:EncryptedData/> node @encNode.
+ *
+ * Returns: the pointer to newly created <enc:CipherValue/> node or
+ * NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecTmplEncDataEnsureCipherValue(xmlNodePtr encNode) {
+ xmlNodePtr cipherDataNode;
+ xmlNodePtr res, tmp;
+
+ xmlSecAssert2(encNode != NULL, NULL);
+
+ cipherDataNode = xmlSecFindChild(encNode, xmlSecNodeCipherData, xmlSecEncNs);
+ if(cipherDataNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeCipherData),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ /* check that we don;t have CipherReference node */
+ tmp = xmlSecFindChild(cipherDataNode, xmlSecNodeCipherReference, xmlSecEncNs);
+ if(tmp != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeCipherReference),
+ XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ res = xmlSecFindChild(cipherDataNode, xmlSecNodeCipherValue, xmlSecEncNs);
+ if(res == NULL) {
+ res = xmlSecAddChild(cipherDataNode, xmlSecNodeCipherValue, xmlSecEncNs);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeCipherValue));
+ return(NULL);
+ }
+ }
+
+ return(res);
+}
+
+/**
+ * xmlSecTmplEncDataEnsureCipherReference:
+ * @encNode: the pointer to <enc:EncryptedData/> node.
+ * @uri: the URI attribute (may be NULL).
+ *
+ * Adds <enc:CipherReference/> node with specified URI attribute @uri
+ * to the <enc:EncryptedData/> node @encNode.
+ *
+ * Returns: the pointer to newly created <enc:CipherReference/> node or
+ * NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecTmplEncDataEnsureCipherReference(xmlNodePtr encNode, const xmlChar *uri) {
+ xmlNodePtr cipherDataNode;
+ xmlNodePtr res, tmp;
+
+ xmlSecAssert2(encNode != NULL, NULL);
+
+ cipherDataNode = xmlSecFindChild(encNode, xmlSecNodeCipherData, xmlSecEncNs);
+ if(cipherDataNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeCipherData),
+ XMLSEC_ERRORS_R_NODE_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ /* check that we don;t have CipherValue node */
+ tmp = xmlSecFindChild(cipherDataNode, xmlSecNodeCipherValue, xmlSecEncNs);
+ if(tmp != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeCipherValue),
+ XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ res = xmlSecFindChild(cipherDataNode, xmlSecNodeCipherReference, xmlSecEncNs);
+ if(res == NULL) {
+ res = xmlSecAddChild(cipherDataNode, xmlSecNodeCipherReference, xmlSecEncNs);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeCipherReference));
+ return(NULL);
+ }
+ }
+
+ if(uri != NULL) {
+ xmlSetProp(res, xmlSecAttrURI, uri);
+ }
+
+ return(res);
+}
+
+/**
+ * xmlSecTmplEncDataGetEncMethodNode:
+ * @encNode: the pointer to <enc:EcnryptedData /> node.
+ *
+ * Gets pointer to <enc:EncrytpionMethod/> node.
+ *
+ * Returns: pointer to <enc:EncryptionMethod /> node or NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecTmplEncDataGetEncMethodNode(xmlNodePtr encNode) {
+ xmlSecAssert2(encNode != NULL, NULL);
+
+ return(xmlSecFindChild(encNode, xmlSecNodeEncryptionMethod, xmlSecEncNs));
+}
+
+/**
+ * xmlSecTmplCipherReferenceAddTransform:
+ * @cipherReferenceNode: the pointer to <enc:CipherReference/> node.
+ * @transformId: the transform id.
+ *
+ * Adds <dsig:Transform/> node (and the parent <dsig:Transforms/> node)
+ * with specified transform methods @transform to the <enc:CipherReference/>
+ * child node of the <enc:EncryptedData/> node @encNode.
+ *
+ * Returns: the pointer to newly created <dsig:Transform/> node or
+ * NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecTmplCipherReferenceAddTransform(xmlNodePtr cipherReferenceNode,
+ xmlSecTransformId transformId) {
+ xmlNodePtr transformsNode;
+ xmlNodePtr res;
+
+ xmlSecAssert2(cipherReferenceNode != NULL, NULL);
+ xmlSecAssert2(transformId != NULL, NULL);
+ xmlSecAssert2(transformId->href != NULL, NULL);
+
+ transformsNode = xmlSecFindChild(cipherReferenceNode, xmlSecNodeTransforms, xmlSecEncNs);
+ if(transformsNode == NULL) {
+ transformsNode = xmlSecAddChild(cipherReferenceNode, xmlSecNodeTransforms, xmlSecEncNs);
+ if(transformsNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeTransforms));
+ return(NULL);
+ }
+ }
+
+ res = xmlSecAddChild(transformsNode, xmlSecNodeTransform, xmlSecDSigNs);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeTransform));
+ return(NULL);
+ }
+
+ if(xmlSetProp(res, xmlSecAttrAlgorithm, transformId->href) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s,value=%s",
+ xmlSecErrorsSafeString(xmlSecAttrAlgorithm),
+ xmlSecErrorsSafeString(transformId->href));
+ xmlUnlinkNode(res);
+ xmlFreeNode(res);
+ return(NULL);
+ }
+
+ return(res);
+}
+
+
+/***********************************************************************
+ *
+ * <enc:EncryptedKey> node
+ *
+ **********************************************************************/
+
+/**
+ * xmlSecTmplReferenceListAddDataReference:
+ * @encNode: the pointer to <enc:EncryptedKey/> node.
+ * @uri: uri to reference (optional)
+ *
+ * Adds <enc:DataReference/> and the parent <enc:ReferenceList/> node (if needed).
+ *
+ * Returns: the pointer to newly created <enc:DataReference/> node or
+ * NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecTmplReferenceListAddDataReference(xmlNodePtr encNode, const xmlChar *uri) {
+ xmlNodePtr refListNode, res;
+
+ xmlSecAssert2(encNode != NULL, NULL);
+
+ refListNode = xmlSecFindChild(encNode, xmlSecNodeReferenceList, xmlSecEncNs);
+ if(refListNode == NULL) {
+ refListNode = xmlSecAddChild(encNode, xmlSecNodeReferenceList, xmlSecEncNs);
+ if(refListNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeReferenceList));
+ return(NULL);
+ }
+ }
+
+ res = xmlSecAddChild(refListNode, xmlSecNodeDataReference, xmlSecEncNs);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDataReference));
+ return(NULL);
+ }
+
+ if(uri != NULL) {
+ if(xmlSetProp(res, xmlSecAttrURI, uri) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s,value=%s",
+ xmlSecErrorsSafeString(xmlSecAttrURI),
+ xmlSecErrorsSafeString(uri));
+ xmlUnlinkNode(res);
+ xmlFreeNode(res);
+ return(NULL);
+ }
+ }
+
+ return(res);
+}
+
+/**
+ * xmlSecTmplReferenceListAddKeyReference:
+ * @encNode: the pointer to <enc:EncryptedKey/> node.
+ * @uri: uri to reference (optional)
+ *
+ * Adds <enc:KeyReference/> and the parent <enc:ReferenceList/> node (if needed).
+ *
+ * Returns: the pointer to newly created <enc:KeyReference/> node or
+ * NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecTmplReferenceListAddKeyReference(xmlNodePtr encNode, const xmlChar *uri) {
+ xmlNodePtr refListNode, res;
+
+ xmlSecAssert2(encNode != NULL, NULL);
+
+ refListNode = xmlSecFindChild(encNode, xmlSecNodeReferenceList, xmlSecEncNs);
+ if(refListNode == NULL) {
+ refListNode = xmlSecAddChild(encNode, xmlSecNodeReferenceList, xmlSecEncNs);
+ if(refListNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeReferenceList));
+ return(NULL);
+ }
+ }
+
+ res = xmlSecAddChild(refListNode, xmlSecNodeKeyReference, xmlSecEncNs);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeKeyReference));
+ return(NULL);
+ }
+
+ if(uri != NULL) {
+ if(xmlSetProp(res, xmlSecAttrURI, uri) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s,value=%s",
+ xmlSecErrorsSafeString(xmlSecAttrURI),
+ xmlSecErrorsSafeString(uri));
+ xmlUnlinkNode(res);
+ xmlFreeNode(res);
+ return(NULL);
+ }
+ }
+
+ return(res);
+}
+
+
+/**************************************************************************
+ *
+ * <dsig:KeyInfo/> node
+ *
+ **************************************************************************/
+
+/**
+ * xmlSecTmplKeyInfoAddKeyName:
+ * @keyInfoNode: the pointer to <dsig:KeyInfo/> node.
+ * @name: the key name (optional).
+ *
+ * Adds <dsig:KeyName/> node to the <dsig:KeyInfo/> node @keyInfoNode.
+ *
+ * Returns: the pointer to the newly created <dsig:KeyName/> node or
+ * NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecTmplKeyInfoAddKeyName(xmlNodePtr keyInfoNode, const xmlChar* name) {
+ xmlNodePtr res;
+
+ xmlSecAssert2(keyInfoNode != NULL, NULL);
+
+ res = xmlSecAddChild(keyInfoNode, xmlSecNodeKeyName, xmlSecDSigNs);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeKeyName));
+ return(NULL);
+ }
+ if(name != NULL) {
+ xmlSecNodeEncodeAndSetContent(res, name);
+ }
+ return(res);
+}
+
+/**
+ * xmlSecTmplKeyInfoAddKeyValue:
+ * @keyInfoNode: the pointer to <dsig:KeyInfo/> node.
+ *
+ * Adds <dsig:KeyValue/> node to the <dsig:KeyInfo/> node @keyInfoNode.
+ *
+ * Returns: the pointer to the newly created <dsig:KeyValue/> node or
+ * NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecTmplKeyInfoAddKeyValue(xmlNodePtr keyInfoNode) {
+ xmlNodePtr res;
+
+ xmlSecAssert2(keyInfoNode != NULL, NULL);
+
+ res = xmlSecAddChild(keyInfoNode, xmlSecNodeKeyValue, xmlSecDSigNs);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeKeyValue));
+ return(NULL);
+ }
+
+ return(res);
+}
+
+/**
+ * xmlSecTmplKeyInfoAddX509Data:
+ * @keyInfoNode: the pointer to <dsig:KeyInfo/> node.
+ *
+ * Adds <dsig:X509Data/> node to the <dsig:KeyInfo/> node @keyInfoNode.
+ *
+ * Returns: the pointer to the newly created <dsig:X509Data/> node or
+ * NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecTmplKeyInfoAddX509Data(xmlNodePtr keyInfoNode) {
+ xmlNodePtr res;
+
+ xmlSecAssert2(keyInfoNode != NULL, NULL);
+
+ res = xmlSecAddChild(keyInfoNode, xmlSecNodeX509Data, xmlSecDSigNs);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509Data));
+ return(NULL);
+ }
+
+ return(res);
+}
+
+/**
+ * xmlSecTmplKeyInfoAddRetrievalMethod:
+ * @keyInfoNode: the pointer to <dsig:KeyInfo/> node.
+ * @uri: the URI attribute (optional).
+ * @type: the Type attribute(optional).
+ *
+ * Adds <dsig:RetrievalMethod/> node to the <dsig:KeyInfo/> node @keyInfoNode.
+ *
+ * Returns: the pointer to the newly created <dsig:RetrievalMethod/> node or
+ * NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecTmplKeyInfoAddRetrievalMethod(xmlNodePtr keyInfoNode, const xmlChar *uri,
+ const xmlChar *type) {
+ xmlNodePtr res;
+
+ xmlSecAssert2(keyInfoNode != NULL, NULL);
+
+ res = xmlSecAddChild(keyInfoNode, xmlSecNodeRetrievalMethod, xmlSecDSigNs);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRetrievalMethod));
+ return(NULL);
+ }
+
+ if(uri != NULL) {
+ xmlSetProp(res, xmlSecAttrURI, uri);
+ }
+ if(type != NULL) {
+ xmlSetProp(res, xmlSecAttrType, type);
+ }
+ return(res);
+}
+
+/**
+ * xmlSecTmplRetrievalMethodAddTransform:
+ * @retrMethodNode: the pointer to <dsig:RetrievalMethod/> node.
+ * @transformId: the transform id.
+ *
+ * Adds <dsig:Transform/> node (and the parent <dsig:Transforms/> node
+ * if required) to the <dsig:RetrievalMethod/> node @retrMethod.
+ *
+ * Returns: the pointer to the newly created <dsig:Transforms/> node or
+ * NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecTmplRetrievalMethodAddTransform(xmlNodePtr retrMethodNode, xmlSecTransformId transformId) {
+ xmlNodePtr transformsNode;
+ xmlNodePtr res;
+
+ xmlSecAssert2(retrMethodNode != NULL, NULL);
+ xmlSecAssert2(transformId != NULL, NULL);
+ xmlSecAssert2(transformId->href != NULL, NULL);
+
+ transformsNode = xmlSecFindChild(retrMethodNode, xmlSecNodeTransforms, xmlSecDSigNs);
+ if(transformsNode == NULL) {
+ transformsNode = xmlSecAddChild(retrMethodNode, xmlSecNodeTransforms, xmlSecDSigNs);
+ if(transformsNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeTransforms));
+ return(NULL);
+ }
+ }
+
+ res = xmlSecAddChild(transformsNode, xmlSecNodeTransform, xmlSecDSigNs);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeTransform));
+ return(NULL);
+ }
+
+ if(xmlSetProp(res, xmlSecAttrAlgorithm, transformId->href) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s,value=%s",
+ xmlSecErrorsSafeString(xmlSecAttrAlgorithm),
+ xmlSecErrorsSafeString(transformId->href));
+ xmlUnlinkNode(res);
+ xmlFreeNode(res);
+ return(NULL);
+ }
+
+ return(res);
+}
+
+
+/**
+ * xmlSecTmplKeyInfoAddEncryptedKey:
+ * @keyInfoNode: the pointer to <dsig:KeyInfo/> node.
+ * @encMethodId: the encryption method (optional).
+ * @id: the Id attribute (optional).
+ * @type: the Type attribute (optional).
+ * @recipient: the Recipient attribute (optional).
+ *
+ * Adds <enc:EncryptedKey/> node with given attributes to
+ * the <dsig:KeyInfo/> node @keyInfoNode.
+ *
+ * Returns: the pointer to the newly created <enc:EncryptedKey/> node or
+ * NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecTmplKeyInfoAddEncryptedKey(xmlNodePtr keyInfoNode, xmlSecTransformId encMethodId,
+ const xmlChar* id, const xmlChar* type, const xmlChar* recipient) {
+ xmlNodePtr encKeyNode;
+
+ xmlSecAssert2(keyInfoNode != NULL, NULL);
+
+ /* we allow multiple encrypted key elements */
+ encKeyNode = xmlSecAddChild(keyInfoNode, xmlSecNodeEncryptedKey, xmlSecEncNs);
+ if(encKeyNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeEncryptedKey));
+ return(NULL);
+ }
+
+ if(id != NULL) {
+ xmlSetProp(encKeyNode, xmlSecAttrId, id);
+ }
+ if(type != NULL) {
+ xmlSetProp(encKeyNode, xmlSecAttrType, type);
+ }
+ if(recipient != NULL) {
+ xmlSetProp(encKeyNode, xmlSecAttrRecipient, recipient);
+ }
+
+ if(xmlSecTmplPrepareEncData(encKeyNode, encMethodId) < 0) {
+ xmlUnlinkNode(encKeyNode);
+ xmlFreeNode(encKeyNode);
+ return(NULL);
+ }
+ return(encKeyNode);
+}
+
+/***********************************************************************
+ *
+ * <dsig:X509Data> node
+ *
+ **********************************************************************/
+/**
+ * xmlSecTmplX509DataAddIssuerSerial:
+ * @x509DataNode: the pointer to <dsig:X509Data/> node.
+ *
+ * Adds <dsig:X509IssuerSerial/> node to the given <dsig:X509Data/> node.
+ *
+ * Returns: the pointer to the newly created <dsig:X509IssuerSerial/> node or
+ * NULL if an error occurs.
+ */
+
+xmlNodePtr
+xmlSecTmplX509DataAddIssuerSerial(xmlNodePtr x509DataNode) {
+ xmlNodePtr cur;
+
+ xmlSecAssert2(x509DataNode != NULL, NULL);
+
+ cur = xmlSecFindChild(x509DataNode, xmlSecNodeX509IssuerSerial, xmlSecDSigNs);
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial),
+ XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ cur = xmlSecAddChild(x509DataNode, xmlSecNodeX509IssuerSerial, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial));
+ return(NULL);
+ }
+
+ return (cur);
+}
+
+/**
+ * xmlSecTmplX509IssuerSerialAddIssuerName:
+ * @x509IssuerSerialNode: the pointer to <dsig:X509IssuerSerial/> node.
+ * @issuerName: the issuer name (optional).
+ *
+ * Adds <dsig:X509IssuerName/> node to the <dsig:X509IssuerSerial/> node @x509IssuerSerialNode.
+ *
+ * Returns: the pointer to the newly created <dsig:X509IssuerName/> node or
+ * NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecTmplX509IssuerSerialAddIssuerName(xmlNodePtr x509IssuerSerialNode, const xmlChar* issuerName) {
+ xmlNodePtr res;
+
+ xmlSecAssert2(x509IssuerSerialNode != NULL, NULL);
+
+ if(xmlSecFindChild(x509IssuerSerialNode, xmlSecNodeX509IssuerName,
+ xmlSecDSigNs) != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
+ XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ res = xmlSecAddChild(x509IssuerSerialNode, xmlSecNodeX509IssuerName, xmlSecDSigNs);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
+ return(NULL);
+ }
+
+ if (issuerName != NULL) {
+ xmlSecNodeEncodeAndSetContent(res, issuerName);
+ }
+ return(res);
+}
+
+/**
+ * xmlSecTmplX509IssuerSerialAddSerialNumber:
+ * @x509IssuerSerialNode: the pointer to <dsig:X509IssuerSerial/> node.
+ * @serial: the serial number (optional).
+ *
+ * Adds <dsig:X509SerialNumber/> node to the <dsig:X509IssuerSerial/> node @x509IssuerSerialNode.
+ *
+ * Returns: the pointer to the newly created <dsig:X509SerialNumber/> node or
+ * NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecTmplX509IssuerSerialAddSerialNumber(xmlNodePtr x509IssuerSerialNode, const xmlChar* serial) {
+ xmlNodePtr res;
+
+ xmlSecAssert2(x509IssuerSerialNode != NULL, NULL);
+
+ if(xmlSecFindChild(x509IssuerSerialNode, xmlSecNodeX509SerialNumber,
+ xmlSecDSigNs) != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber),
+ XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ res = xmlSecAddChild(x509IssuerSerialNode, xmlSecNodeX509SerialNumber, xmlSecDSigNs);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
+ return(NULL);
+ }
+
+ if (serial != NULL) {
+ xmlSecNodeEncodeAndSetContent(res, serial);
+ }
+ return(res);
+}
+
+/**
+ * xmlSecTmplX509DataAddSubjectName:
+ * @x509DataNode: the pointer to <dsig:X509Data/> node.
+ *
+ * Adds <dsig:X509SubjectName/> node to the given <dsig:X509Data/> node.
+ *
+ * Returns: the pointer to the newly created <dsig:X509SubjectName/> node or
+ * NULL if an error occurs.
+ */
+
+xmlNodePtr
+xmlSecTmplX509DataAddSubjectName(xmlNodePtr x509DataNode) {
+ xmlNodePtr cur;
+
+ xmlSecAssert2(x509DataNode != NULL, NULL);
+
+ cur = xmlSecFindChild(x509DataNode, xmlSecNodeX509SubjectName, xmlSecDSigNs);
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeX509SubjectName),
+ XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ cur = xmlSecAddChild(x509DataNode, xmlSecNodeX509SubjectName, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SubjectName));
+ return(NULL);
+ }
+
+ return (cur);
+}
+
+/**
+ * xmlSecTmplX509DataAddSKI:
+ * @x509DataNode: the pointer to <dsig:X509Data/> node.
+ *
+ * Adds <dsig:X509SKI/> node to the given <dsig:X509Data/> node.
+ *
+ * Returns: the pointer to the newly created <dsig:X509SKI/> node or
+ * NULL if an error occurs.
+ */
+
+xmlNodePtr
+xmlSecTmplX509DataAddSKI(xmlNodePtr x509DataNode) {
+ xmlNodePtr cur;
+
+ xmlSecAssert2(x509DataNode != NULL, NULL);
+
+ cur = xmlSecFindChild(x509DataNode, xmlSecNodeX509SKI, xmlSecDSigNs);
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeX509SKI),
+ XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ cur = xmlSecAddChild(x509DataNode, xmlSecNodeX509SKI, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509SKI));
+ return(NULL);
+ }
+
+ return (cur);
+}
+
+
+/**
+ * xmlSecTmplX509DataAddCertificate:
+ * @x509DataNode: the pointer to <dsig:X509Data/> node.
+ *
+ * Adds <dsig:X509Certificate/> node to the given <dsig:X509Data/> node.
+ *
+ * Returns: the pointer to the newly created <dsig:X509Certificate/> node or
+ * NULL if an error occurs.
+ */
+
+xmlNodePtr
+xmlSecTmplX509DataAddCertificate(xmlNodePtr x509DataNode) {
+ xmlNodePtr cur;
+
+ xmlSecAssert2(x509DataNode != NULL, NULL);
+
+ cur = xmlSecFindChild(x509DataNode, xmlSecNodeX509Certificate, xmlSecDSigNs);
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeX509Certificate),
+ XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ cur = xmlSecAddChild(x509DataNode, xmlSecNodeX509Certificate, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
+ return(NULL);
+ }
+
+ return (cur);
+}
+
+/**
+ * xmlSecTmplX509DataAddCRL:
+ * @x509DataNode: the pointer to <dsig:X509Data/> node.
+ *
+ * Adds <dsig:X509CRL/> node to the given <dsig:X509Data/> node.
+ *
+ * Returns: the pointer to the newly created <dsig:X509CRL/> node or
+ * NULL if an error occurs.
+ */
+
+xmlNodePtr
+xmlSecTmplX509DataAddCRL(xmlNodePtr x509DataNode) {
+ xmlNodePtr cur;
+
+ xmlSecAssert2(x509DataNode != NULL, NULL);
+
+ cur = xmlSecFindChild(x509DataNode, xmlSecNodeX509CRL, xmlSecDSigNs);
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeX509CRL),
+ XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ cur = xmlSecAddChild(x509DataNode, xmlSecNodeX509CRL, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeX509CRL));
+ return(NULL);
+ }
+
+ return (cur);
+}
+
+/*************************************************************************
+ *
+ * <dsig:Transform/> node
+ *
+ ************************************************************************/
+
+/**
+ * xmlSecTmplTransformAddHmacOutputLength:
+ * @transformNode: the pointer to <dsig:Transform/> node
+ * @bitsLen: the required length in bits
+ *
+ * Creates <dsig:HMACOutputLength/> child for the HMAC transform
+ * node @node.
+ *
+ * Returns: 0 on success and a negatie value otherwise.
+ */
+int
+xmlSecTmplTransformAddHmacOutputLength(xmlNodePtr transformNode, xmlSecSize bitsLen) {
+ xmlNodePtr cur;
+ char buf[32];
+
+ xmlSecAssert2(transformNode != NULL, -1);
+ xmlSecAssert2(bitsLen > 0, -1);
+
+ cur = xmlSecFindChild(transformNode, xmlSecNodeHMACOutputLength, xmlSecDSigNs);
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeHMACOutputLength),
+ XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ cur = xmlSecAddChild(transformNode, xmlSecNodeHMACOutputLength, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeHMACOutputLength));
+ return(-1);
+ }
+
+ sprintf(buf, "%u", bitsLen);
+ xmlNodeSetContent(cur, BAD_CAST buf);
+ return(0);
+}
+
+/**
+ * xmlSecTmplTransformAddRsaOaepParam:
+ * @transformNode: the pointer to <dsig:Transform/> node.
+ * @buf: the OAEP param buffer.
+ * @size: the OAEP param buffer size.
+ *
+ * Creates <enc:OAEPParam/> child node in the @node.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecTmplTransformAddRsaOaepParam(xmlNodePtr transformNode,
+ const xmlSecByte *buf, xmlSecSize size) {
+ xmlNodePtr oaepParamNode;
+ xmlChar *base64;
+
+ xmlSecAssert2(transformNode != NULL, -1);
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(size > 0, -1);
+
+ oaepParamNode = xmlSecFindChild(transformNode, xmlSecNodeRsaOAEPparams, xmlSecEncNs);
+ if(oaepParamNode != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeRsaOAEPparams),
+ XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ oaepParamNode = xmlSecAddChild(transformNode, xmlSecNodeRsaOAEPparams, xmlSecEncNs);
+ if(oaepParamNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeRsaOAEPparams));
+ return(-1);
+ }
+
+ base64 = xmlSecBase64Encode(buf, size, 0);
+ if(base64 == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", size);
+ return(-1);
+ }
+
+ xmlNodeSetContent(oaepParamNode, base64);
+ xmlFree(base64);
+ return(0);
+}
+
+/**
+ * xmlSecTmplTransformAddXsltStylesheet:
+ * @transformNode: the pointer to <dsig:Transform/> node.
+ * @xslt: the XSLT transform exspression.
+ *
+ * Writes the XSLT transform expression to the @node.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecTmplTransformAddXsltStylesheet(xmlNodePtr transformNode, const xmlChar *xslt) {
+ xmlDocPtr xsltDoc;
+ int ret;
+
+ xmlSecAssert2(transformNode != NULL, -1);
+ xmlSecAssert2(xslt != NULL, -1);
+
+ xsltDoc = xmlParseMemory((const char*)xslt, xmlStrlen(xslt));
+ if(xsltDoc == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlParseMemory",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecReplaceContent(transformNode, xmlDocGetRootElement(xsltDoc));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecReplaceContent",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFreeDoc(xsltDoc);
+ return(-1);
+ }
+
+ xmlFreeDoc(xsltDoc);
+ return(0);
+}
+
+/**
+ * xmlSecTmplTransformAddC14NInclNamespaces:
+ * @transformNode: the pointer to <dsig:Transform/> node.
+ * @prefixList: the white space delimited list of namespace prefixes,
+ * where "#default" indicates the default namespace
+ * (optional).
+ *
+ * Adds "inclusive" namespaces to the ExcC14N transform node @node.
+ *
+ * Returns: 0 if success or a negative value otherwise.
+ */
+int
+xmlSecTmplTransformAddC14NInclNamespaces(xmlNodePtr transformNode,
+ const xmlChar *prefixList) {
+ xmlNodePtr cur;
+
+ xmlSecAssert2(transformNode != NULL, -1);
+ xmlSecAssert2(prefixList != NULL, -1);
+
+ cur = xmlSecFindChild(transformNode, xmlSecNodeInclusiveNamespaces, xmlSecNsExcC14N);
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeInclusiveNamespaces),
+ XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ cur = xmlSecAddChild(transformNode, xmlSecNodeInclusiveNamespaces, xmlSecNsExcC14N);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(transformNode)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeInclusiveNamespaces));
+ return(-1);
+ }
+
+ xmlSetProp(cur, xmlSecAttrPrefixList, prefixList);
+ return(0);
+}
+
+/**
+ * xmlSecTmplTransformAddXPath:
+ * @transformNode: the pointer to the <dsig:Transform/> node.
+ * @expression: the XPath expression.
+ * @nsList: the NULL terminated list of namespace prefix/href pairs
+ * (optional).
+ *
+ * Writes XPath transform infromation to the <dsig:Transform/> node
+ * @node.
+ *
+ * Returns: 0 for success or a negative value otherwise.
+ */
+int
+xmlSecTmplTransformAddXPath(xmlNodePtr transformNode, const xmlChar *expression,
+ const xmlChar **nsList) {
+ xmlNodePtr xpathNode;
+
+ xmlSecAssert2(transformNode != NULL, -1);
+ xmlSecAssert2(expression != NULL, -1);
+
+ xpathNode = xmlSecFindChild(transformNode, xmlSecNodeXPath, xmlSecDSigNs);
+ if(xpathNode != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeXPath),
+ XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ xpathNode = xmlSecAddChild(transformNode, xmlSecNodeXPath, xmlSecDSigNs);
+ if(xpathNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeXPath));
+ return(-1);
+ }
+
+ xmlSecNodeEncodeAndSetContent(xpathNode, expression);
+ return((nsList != NULL) ? xmlSecTmplNodeWriteNsList(xpathNode, nsList) : 0);
+}
+
+/**
+ * xmlSecTmplTransformAddXPath2:
+ * @transformNode: the pointer to the <dsig:Transform/> node.
+ * @type: the XPath2 transform type ("union", "intersect" or "subtract").
+ * @expression: the XPath expression.
+ * @nsList: the NULL terminated list of namespace prefix/href pairs.
+ * (optional).
+ *
+ * Writes XPath2 transform infromation to the <dsig:Transform/> node
+ * @node.
+ *
+ * Returns: 0 for success or a negative value otherwise.
+ */
+int
+xmlSecTmplTransformAddXPath2(xmlNodePtr transformNode, const xmlChar* type,
+ const xmlChar *expression, const xmlChar **nsList) {
+ xmlNodePtr xpathNode;
+
+ xmlSecAssert2(transformNode != NULL, -1);
+ xmlSecAssert2(type != NULL, -1);
+ xmlSecAssert2(expression != NULL, -1);
+
+ xpathNode = xmlSecAddChild(transformNode, xmlSecNodeXPath, xmlSecXPath2Ns);
+ if(xpathNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeXPath));
+ return(-1);
+ }
+ xmlSetProp(xpathNode, xmlSecAttrFilter, type);
+
+ xmlSecNodeEncodeAndSetContent(xpathNode, expression);
+ return((nsList != NULL) ? xmlSecTmplNodeWriteNsList(xpathNode, nsList) : 0);
+}
+
+/**
+ * xmlSecTmplTransformAddXPointer:
+ * @transformNode: the pointer to the <dsig:Transform/> node.
+ * @expression: the XPath expression.
+ * @nsList: the NULL terminated list of namespace prefix/href pairs.
+ * (optional).
+ *
+ * Writes XPoniter transform infromation to the <dsig:Transform/> node
+ * @node.
+ *
+ * Returns: 0 for success or a negative value otherwise.
+ */
+int
+xmlSecTmplTransformAddXPointer(xmlNodePtr transformNode, const xmlChar *expression,
+ const xmlChar **nsList) {
+ xmlNodePtr xpointerNode;
+
+ xmlSecAssert2(expression != NULL, -1);
+ xmlSecAssert2(transformNode != NULL, -1);
+
+ xpointerNode = xmlSecFindChild(transformNode, xmlSecNodeXPointer, xmlSecXPointerNs);
+ if(xpointerNode != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeXPointer),
+ XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ xpointerNode = xmlSecAddChild(transformNode, xmlSecNodeXPointer, xmlSecXPointerNs);
+ if(xpointerNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeXPointer));
+ return(-1);
+ }
+
+
+ xmlSecNodeEncodeAndSetContent(xpointerNode, expression);
+ return((nsList != NULL) ? xmlSecTmplNodeWriteNsList(xpointerNode, nsList) : 0);
+}
+
+static int
+xmlSecTmplNodeWriteNsList(xmlNodePtr parentNode, const xmlChar** nsList) {
+ xmlNsPtr ns;
+ const xmlChar *prefix;
+ const xmlChar *href;
+ const xmlChar **ptr;
+
+ xmlSecAssert2(parentNode != NULL, -1);
+ xmlSecAssert2(nsList != NULL, -1);
+
+ ptr = nsList;
+ while((*ptr) != NULL) {
+ if(xmlStrEqual(BAD_CAST "#default", (*ptr))) {
+ prefix = NULL;
+ } else {
+ prefix = (*ptr);
+ }
+ if((++ptr) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "unexpected end of ns list");
+ return(-1);
+ }
+ href = *(ptr++);
+
+ ns = xmlNewNs(parentNode, href, prefix);
+ if(ns == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewNs",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "href=%s;prefix=%s",
+ xmlSecErrorsSafeString(href),
+ xmlSecErrorsSafeString(prefix));
+ return(-1);
+ }
+ }
+ return(0);
+}
diff --git a/src/transforms.c b/src/transforms.c
new file mode 100644
index 00000000..8a2ded23
--- /dev/null
+++ b/src/transforms.c
@@ -0,0 +1,2902 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * The Transforms Element (http://www.w3.org/TR/xmldsig-core/#sec-Transforms)
+ *
+ * The optional Transforms element contains an ordered list of Transform
+ * elements; these describe how the signer obtained the data object that
+ * was digested.
+ *
+ * Schema Definition:
+ *
+ * <element name="Transforms" type="ds:TransformsType"/>
+ * <complexType name="TransformsType">
+ * <sequence>
+ * <element ref="ds:Transform" maxOccurs="unbounded"/>
+ * </sequence>
+ * </complexType>
+ *
+ * <element name="Transform" type="ds:TransformType"/>
+ * <complexType name="TransformType" mixed="true">
+ * <choice minOccurs="0" maxOccurs="unbounded">
+ * <any namespace="##other" processContents="lax"/>
+ * <!-- (1,1) elements from (0,unbounded) namespaces -->
+ * <element name="XPath" type="string"/>
+ * </choice>
+ * <attribute name="Algorithm" type="anyURI" use="required"/>
+ * </complexType>
+ *
+ * DTD:
+ *
+ * <!ELEMENT Transforms (Transform+)>
+ * <!ELEMENT Transform (#PCDATA|XPath %Transform.ANY;)* >
+ * <!ATTLIST Transform Algorithm CDATA #REQUIRED >
+ * <!ELEMENT XPath (#PCDATA) >
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+
+#include "globals.h"
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <libxml/tree.h>
+#include <libxml/xpath.h>
+#include <libxml/xpointer.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/buffer.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keysdata.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/io.h>
+#include <xmlsec/membuf.h>
+#include <xmlsec/parser.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/private/xslt.h>
+
+/**************************************************************************
+ *
+ * Global xmlSecTransformIds list functions
+ *
+ *************************************************************************/
+static xmlSecPtrList xmlSecAllTransformIds;
+
+
+/**
+ * xmlSecTransformIdsGet:
+ *
+ * Gets global registered transform klasses list.
+ *
+ * Returns: the pointer to list of all registered transform klasses.
+ */
+xmlSecPtrListPtr
+xmlSecTransformIdsGet(void) {
+ return(&xmlSecAllTransformIds);
+}
+
+/**
+ * xmlSecTransformIdsInit:
+ *
+ * Initializes the transform klasses. This function is called from the
+ * #xmlSecInit function and the application should not call it directly.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecTransformIdsInit(void) {
+ int ret;
+
+ ret = xmlSecPtrListInitialize(xmlSecTransformIdsGet(), xmlSecTransformIdListId);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListPtrInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecTransformIdListId");
+ return(-1);
+ }
+
+ ret = xmlSecTransformIdsRegisterDefault();
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformIdsRegisterDefault",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+#ifndef XMLSEC_NO_XSLT
+ xmlSecTransformXsltInitialize();
+#endif /* XMLSEC_NO_XSLT */
+
+ return(0);
+}
+
+/**
+ * xmlSecTransformIdsShutdown:
+ *
+ * Shuts down the keys data klasses. This function is called from the
+ * #xmlSecShutdown function and the application should not call it directly.
+ */
+void
+xmlSecTransformIdsShutdown(void) {
+#ifndef XMLSEC_NO_XSLT
+ xmlSecTransformXsltShutdown();
+#endif /* XMLSEC_NO_XSLT */
+
+ xmlSecPtrListFinalize(xmlSecTransformIdsGet());
+}
+
+/**
+ * xmlSecTransformIdsRegister:
+ * @id: the transform klass.
+ *
+ * Registers @id in the global list of transform klasses.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecTransformIdsRegister(xmlSecTransformId id) {
+ int ret;
+
+ xmlSecAssert2(id != xmlSecTransformIdUnknown, -1);
+
+ ret = xmlSecPtrListAdd(xmlSecTransformIdsGet(), (xmlSecPtr)id);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(id)));
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecTransformIdsRegisterDefault:
+ *
+ * Registers default (implemented by XML Security Library)
+ * transform klasses: XPath transform, Base64 transform, ...
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecTransformIdsRegisterDefault(void) {
+ if(xmlSecTransformIdsRegister(xmlSecTransformBase64Id) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformBase64Id)));
+ return(-1);
+ }
+
+ if(xmlSecTransformIdsRegister(xmlSecTransformEnvelopedId) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformEnvelopedId)));
+ return(-1);
+ }
+
+ /* c14n methods */
+ if(xmlSecTransformIdsRegister(xmlSecTransformInclC14NId) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformInclC14NId)));
+ return(-1);
+ }
+ if(xmlSecTransformIdsRegister(xmlSecTransformInclC14NWithCommentsId) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformInclC14NWithCommentsId)));
+ return(-1);
+ }
+ if(xmlSecTransformIdsRegister(xmlSecTransformInclC14N11Id) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformInclC14N11Id)));
+ return(-1);
+ }
+ if(xmlSecTransformIdsRegister(xmlSecTransformInclC14N11WithCommentsId) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformInclC14N11WithCommentsId)));
+ return(-1);
+ }
+ if(xmlSecTransformIdsRegister(xmlSecTransformExclC14NId) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformExclC14NId)));
+ return(-1);
+ }
+ if(xmlSecTransformIdsRegister(xmlSecTransformExclC14NWithCommentsId) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformExclC14NWithCommentsId)));
+ return(-1);
+ }
+
+ if(xmlSecTransformIdsRegister(xmlSecTransformXPathId) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformXPathId)));
+ return(-1);
+ }
+
+ if(xmlSecTransformIdsRegister(xmlSecTransformXPath2Id) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformXPath2Id)));
+ return(-1);
+ }
+
+ if(xmlSecTransformIdsRegister(xmlSecTransformXPointerId) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformXPointerId)));
+ return(-1);
+ }
+
+#ifndef XMLSEC_NO_XSLT
+ if(xmlSecTransformIdsRegister(xmlSecTransformXsltId) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformXsltId)));
+ return(-1);
+ }
+#endif /* XMLSEC_NO_XSLT */
+
+ return(0);
+}
+
+/**************************************************************************
+ *
+ * utils
+ *
+ *************************************************************************/
+/**
+ * xmlSecTransformUriTypeCheck:
+ * @type: the expected URI type.
+ * @uri: the uri for checking.
+ *
+ * Checks if @uri matches expected type @type.
+ *
+ * Returns: 1 if @uri matches @type, 0 if not or a negative value
+ * if an error occurs.
+ */
+int
+xmlSecTransformUriTypeCheck(xmlSecTransformUriType type, const xmlChar* uri) {
+ xmlSecTransformUriType uriType = 0;
+
+ if((uri == NULL) || (xmlStrlen(uri) == 0)) {
+ uriType = xmlSecTransformUriTypeEmpty;
+ } else if(uri[0] == '#') {
+ uriType = xmlSecTransformUriTypeSameDocument;
+ } else if(xmlStrncmp(uri, BAD_CAST "file://", 7) == 0) {
+ uriType = xmlSecTransformUriTypeLocal;
+ } else {
+ uriType = xmlSecTransformUriTypeRemote;
+ }
+ return(((uriType & type) != 0) ? 1 : 0);
+}
+
+/**************************************************************************
+ *
+ * xmlSecTransformCtx
+ *
+ *************************************************************************/
+
+/**
+ * xmlSecTransformCtxCreate:
+ *
+ * Creates transforms chain processing context.
+ * The caller is responsible for destroying returned object by calling
+ * #xmlSecTransformCtxDestroy function.
+ *
+ * Returns: pointer to newly allocated context object or NULL if an error
+ * occurs.
+ */
+xmlSecTransformCtxPtr
+xmlSecTransformCtxCreate(void) {
+ xmlSecTransformCtxPtr ctx;
+ int ret;
+
+ /* Allocate a new xmlSecTransform and fill the fields. */
+ ctx = (xmlSecTransformCtxPtr)xmlMalloc(sizeof(xmlSecTransformCtx));
+ if(ctx == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", sizeof(xmlSecTransformCtx));
+ return(NULL);
+ }
+
+ ret = xmlSecTransformCtxInitialize(ctx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecTransformCtxDestroy(ctx);
+ return(NULL);
+ }
+
+ return(ctx);
+}
+
+/**
+ * xmlSecTransformCtxDestroy:
+ * @ctx: the pointer to transforms chain processing context.
+ *
+ * Destroy context object created with #xmlSecTransformCtxCreate function.
+ */
+void
+xmlSecTransformCtxDestroy(xmlSecTransformCtxPtr ctx) {
+ xmlSecAssert(ctx != NULL);
+
+ xmlSecTransformCtxFinalize(ctx);
+ xmlFree(ctx);
+}
+
+/**
+ * xmlSecTransformCtxInitialize:
+ * @ctx: the pointer to transforms chain processing context.
+ *
+ * Initializes transforms chain processing context.
+ * The caller is responsible for cleaning up returned object by calling
+ * #xmlSecTransformCtxFinalize function.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecTransformCtxInitialize(xmlSecTransformCtxPtr ctx) {
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecTransformCtx));
+
+ ret = xmlSecPtrListInitialize(&(ctx->enabledTransforms), xmlSecTransformIdListId);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ctx->enabledUris = xmlSecTransformUriTypeAny;
+ return(0);
+}
+
+/**
+ * xmlSecTransformCtxFinalize:
+ * @ctx: the pointer to transforms chain processing context.
+ *
+ * Cleans up @ctx object initialized with #xmlSecTransformCtxInitialize function.
+ */
+void
+xmlSecTransformCtxFinalize(xmlSecTransformCtxPtr ctx) {
+ xmlSecAssert(ctx != NULL);
+
+ xmlSecTransformCtxReset(ctx);
+ xmlSecPtrListFinalize(&(ctx->enabledTransforms));
+ memset(ctx, 0, sizeof(xmlSecTransformCtx));
+}
+
+/**
+ * xmlSecTransformCtxReset:
+ * @ctx: the pointer to transforms chain processing context.
+ *
+ * Resets transfroms context for new processing.
+ */
+void
+xmlSecTransformCtxReset(xmlSecTransformCtxPtr ctx) {
+ xmlSecTransformPtr transform, tmp;
+
+ xmlSecAssert(ctx != NULL);
+
+ ctx->result = NULL;
+ ctx->status = xmlSecTransformStatusNone;
+
+ /* destroy uri */
+ if(ctx->uri != NULL) {
+ xmlFree(ctx->uri);
+ ctx->uri = NULL;
+ }
+ if(ctx->xptrExpr != NULL) {
+ xmlFree(ctx->xptrExpr);
+ ctx->xptrExpr = NULL;
+ }
+
+ /* destroy transforms chain */
+ for(transform = ctx->first; transform != NULL; transform = tmp) {
+ tmp = transform->next;
+ xmlSecTransformDestroy(transform);
+ }
+ ctx->first = ctx->last = NULL;
+}
+
+/**
+ * xmlSecTransformCtxCopyUserPref:
+ * @dst: the pointer to destination transforms chain processing context.
+ * @src: the pointer to source transforms chain processing context.
+ *
+ * Copies user settings from @src context to @dst.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecTransformCtxCopyUserPref(xmlSecTransformCtxPtr dst, xmlSecTransformCtxPtr src) {
+ int ret;
+
+ xmlSecAssert2(dst != NULL, -1);
+ xmlSecAssert2(src != NULL, -1);
+
+ dst->userData = src->userData;
+ dst->flags = src->flags;
+ dst->flags2 = src->flags2;
+ dst->enabledUris = src->enabledUris;
+ dst->preExecCallback = src->preExecCallback;
+
+ ret = xmlSecPtrListCopy(&(dst->enabledTransforms), &(src->enabledTransforms));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListCopy",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecTransformCtxAppend:
+ * @ctx: the pointer to transforms chain processing context.
+ * @transform: the pointer to new transform.
+ *
+ * Connects the @transform to the end of the chain of transforms in the @ctx
+ * (see #xmlSecTransformConnect function for details).
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecTransformCtxAppend(xmlSecTransformCtxPtr ctx, xmlSecTransformPtr transform) {
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->status == xmlSecTransformStatusNone, -1);
+ xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
+
+ if(ctx->last != NULL) {
+ ret = xmlSecTransformConnect(ctx->last, transform, ctx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformConnect",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)));
+ return(-1);
+ }
+ } else {
+ xmlSecAssert2(ctx->first == NULL, -1);
+ ctx->first = transform;
+ }
+ ctx->last = transform;
+
+ return(0);
+}
+
+/**
+ * xmlSecTransformCtxPrepend:
+ * @ctx: the pointer to transforms chain processing context.
+ * @transform: the pointer to new transform.
+ *
+ * Connects the @transform to the beggining of the chain of transforms in the @ctx
+ * (see #xmlSecTransformConnect function for details).
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecTransformCtxPrepend(xmlSecTransformCtxPtr ctx, xmlSecTransformPtr transform) {
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->status == xmlSecTransformStatusNone, -1);
+ xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
+
+ if(ctx->first != NULL) {
+ ret = xmlSecTransformConnect(transform, ctx->first, ctx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformConnect",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)));
+ return(-1);
+ }
+ } else {
+ xmlSecAssert2(ctx->last == NULL, -1);
+ ctx->last = transform;
+ }
+ ctx->first = transform;
+
+ return(0);
+}
+
+/**
+ * xmlSecTransformCtxCreateAndAppend:
+ * @ctx: the pointer to transforms chain processing context.
+ * @id: the new transform klass.
+ *
+ * Creaeates new transform and connects it to the end of the chain of
+ * transforms in the @ctx (see #xmlSecTransformConnect function for details).
+ *
+ * Returns: pointer to newly created transform or NULL if an error occurs.
+ */
+xmlSecTransformPtr
+xmlSecTransformCtxCreateAndAppend(xmlSecTransformCtxPtr ctx, xmlSecTransformId id) {
+ xmlSecTransformPtr transform;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, NULL);
+ xmlSecAssert2(ctx->status == xmlSecTransformStatusNone, NULL);
+ xmlSecAssert2(id != xmlSecTransformIdUnknown, NULL);
+
+ transform = xmlSecTransformCreate(id);
+ if(!xmlSecTransformIsValid(transform)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(id)));
+ return(NULL);
+ }
+
+ ret = xmlSecTransformCtxAppend(ctx, transform);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)));
+ xmlSecTransformDestroy(transform);
+ return(NULL);
+ }
+
+ return(transform);
+}
+
+/**
+ * xmlSecTransformCtxCreateAndPrepend:
+ * @ctx: the pointer to transforms chain processing context.
+ * @id: the new transform klass.
+ *
+ * Creaeates new transform and connects it to the end of the chain of
+ * transforms in the @ctx (see #xmlSecTransformConnect function for details).
+ *
+ * Returns: pointer to newly created transform or NULL if an error occurs.
+ */
+xmlSecTransformPtr
+xmlSecTransformCtxCreateAndPrepend(xmlSecTransformCtxPtr ctx, xmlSecTransformId id) {
+ xmlSecTransformPtr transform;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, NULL);
+ xmlSecAssert2(ctx->status == xmlSecTransformStatusNone, NULL);
+ xmlSecAssert2(id != xmlSecTransformIdUnknown, NULL);
+
+ transform = xmlSecTransformCreate(id);
+ if(!xmlSecTransformIsValid(transform)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(id)));
+ return(NULL);
+ }
+
+ ret = xmlSecTransformCtxPrepend(ctx, transform);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxPrepend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)));
+ xmlSecTransformDestroy(transform);
+ return(NULL);
+ }
+
+ return(transform);
+}
+
+/**
+ * xmlSecTransformCtxNodeRead:
+ * @ctx: the pointer to transforms chain processing context.
+ * @node: the pointer to transform's node.
+ * @usage: the transform's usage (signature, encryption, etc.).
+ *
+ * Reads the transform from the @node and appends it to the current chain
+ * of transforms in @ctx.
+ *
+ * Returns: pointer to newly created transform or NULL if an error occurs.
+ */
+xmlSecTransformPtr
+xmlSecTransformCtxNodeRead(xmlSecTransformCtxPtr ctx, xmlNodePtr node,
+ xmlSecTransformUsage usage) {
+ xmlSecTransformPtr transform;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, NULL);
+ xmlSecAssert2(ctx->status == xmlSecTransformStatusNone, NULL);
+ xmlSecAssert2(node != NULL, NULL);
+
+ transform = xmlSecTransformNodeRead(node, usage, ctx);
+ if(transform == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
+ return(NULL);
+ }
+
+ ret = xmlSecTransformCtxAppend(ctx, transform);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)));
+ xmlSecTransformDestroy(transform);
+ return(NULL);
+ }
+
+ return(transform);
+}
+
+/**
+ * xmlSecTransformCtxNodesListRead:
+ * @ctx: the pointer to transforms chain processing context.
+ * @node: the pointer to <dsig:Transform/> nodes parent node.
+ * @usage: the transform's usage (signature, encryption, etc.).
+ *
+ * Reads transforms from the <dsig:Transform/> children of the @node and
+ * appends them to the current transforms chain in @ctx object.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecTransformCtxNodesListRead(xmlSecTransformCtxPtr ctx, xmlNodePtr node, xmlSecTransformUsage usage) {
+ xmlSecTransformPtr transform;
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->status == xmlSecTransformStatusNone, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ cur = xmlSecGetNextElementNode(node->children);
+ while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeTransform, xmlSecDSigNs)) {
+ transform = xmlSecTransformNodeRead(cur, usage, ctx);
+ if(transform == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+
+ ret = xmlSecTransformCtxAppend(ctx, transform);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ xmlSecTransformDestroy(transform);
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+/**
+ * xmlSecTransformCtxSetUri:
+ * @ctx: the pointer to transforms chain processing context.
+ * @uri: the URI.
+ * @hereNode: the pointer to "here" node required by some
+ * XML transforms (may be NULL).
+ *
+ * Parses uri and adds xpointer transforms if required.
+ *
+ * The following examples demonstrate what the URI attribute identifies and
+ * how it is dereferenced
+ * (http://www.w3.org/TR/xmldsig-core/#sec-ReferenceProcessingModel):
+ *
+ * - URI="http://example.com/bar.xml"
+ * identifies the octets that represent the external resource
+ * 'http://example.com/bar.xml', that is probably an XML document given
+ * its file extension.
+ *
+ * - URI="http://example.com/bar.xml#chapter1"
+ * identifies the element with ID attribute value 'chapter1' of the
+ * external XML resource 'http://example.com/bar.xml', provided as an
+ * octet stream. Again, for the sake of interoperability, the element
+ * identified as 'chapter1' should be obtained using an XPath transform
+ * rather than a URI fragment (barename XPointer resolution in external
+ * resources is not REQUIRED in this specification).
+ *
+ * - URI=""
+ * identifies the node-set (minus any comment nodes) of the XML resource
+ * containing the signature
+ *
+ * - URI="#chapter1"
+ * identifies a node-set containing the element with ID attribute value
+ * 'chapter1' of the XML resource containing the signature. XML Signature
+ * (and its applications) modify this node-set to include the element plus
+ * all descendents including namespaces and attributes -- but not comments.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecTransformCtxSetUri(xmlSecTransformCtxPtr ctx, const xmlChar* uri, xmlNodePtr hereNode) {
+ xmlSecNodeSetType nodeSetType = xmlSecNodeSetTree;
+ const xmlChar* xptr;
+ xmlChar* buf = NULL;
+ int useVisa3DHack = 0;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->uri == NULL, -1);
+ xmlSecAssert2(ctx->xptrExpr == NULL, -1);
+ xmlSecAssert2(ctx->status == xmlSecTransformStatusNone, -1);
+ xmlSecAssert2(hereNode != NULL, -1);
+
+ /* check uri */
+ if(xmlSecTransformUriTypeCheck(ctx->enabledUris, uri) != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_URI_TYPE,
+ "uri=%s",
+ xmlSecErrorsSafeString(uri));
+ return(-1);
+ }
+
+ /* is it an empty uri? */
+ if((uri == NULL) || (xmlStrlen(uri) == 0)) {
+ return(0);
+ }
+
+ /* do we have barename or full xpointer? */
+ xptr = xmlStrchr(uri, '#');
+ if(xptr == NULL){
+ ctx->uri = xmlStrdup(uri);
+ if(ctx->uri == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_STRDUP_FAILED,
+ "size=%d", xmlStrlen(uri));
+ return(-1);
+ }
+ /* we are done */
+ return(0);
+ } else if(xmlStrcmp(uri, BAD_CAST "#xpointer(/)") == 0) {
+ ctx->xptrExpr = xmlStrdup(uri);
+ if(ctx->xptrExpr == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_STRDUP_FAILED,
+ "size=%d", xmlStrlen(uri));
+ return(-1);
+ }
+ /* we are done */
+ return(0);
+ }
+
+ ctx->uri = xmlStrndup(uri, xptr - uri);
+ if(ctx->uri == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_STRDUP_FAILED,
+ "size=%d", xptr - uri);
+ return(-1);
+ }
+
+ ctx->xptrExpr = xmlStrdup(xptr);
+ if(ctx->xptrExpr == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_STRDUP_FAILED,
+ "size=%d", xmlStrlen(xptr));
+ return(-1);
+ }
+
+ /* do we have barename or full xpointer? */
+ xmlSecAssert2(xptr != NULL, -1);
+ if((xmlStrncmp(xptr, BAD_CAST "#xpointer(", 10) == 0) || (xmlStrncmp(xptr, BAD_CAST "#xmlns(", 7) == 0)) {
+ ++xptr;
+ nodeSetType = xmlSecNodeSetTree;
+ } else if((ctx->flags & XMLSEC_TRANSFORMCTX_FLAGS_USE_VISA3D_HACK) != 0) {
+ ++xptr;
+ nodeSetType = xmlSecNodeSetTreeWithoutComments;
+ useVisa3DHack = 1;
+ } else {
+ static const char tmpl[] = "xpointer(id(\'%s\'))";
+ xmlSecSize size;
+
+ /* we need to add "xpointer(id('..')) because otherwise we have
+ * problems with numeric ("111" and so on) and other "strange" ids */
+ size = xmlStrlen(BAD_CAST tmpl) + xmlStrlen(xptr) + 2;
+ buf = (xmlChar*)xmlMalloc(size * sizeof(xmlChar));
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", size);
+ return(-1);
+ }
+ sprintf((char*)buf, tmpl, xptr + 1);
+ xptr = buf;
+ nodeSetType = xmlSecNodeSetTreeWithoutComments;
+ }
+
+ if(useVisa3DHack == 0) {
+ xmlSecTransformPtr transform;
+
+ /* we need to create XPonter transform to execute expr */
+ transform = xmlSecTransformCtxCreateAndPrepend(ctx, xmlSecTransformXPointerId);
+ if(!xmlSecTransformIsValid(transform)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxCreateAndPrepend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformXPointerId)));
+ return(-1);
+ }
+
+ ret = xmlSecTransformXPointerSetExpr(transform, xptr, nodeSetType, hereNode);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformXPointerSetExpr",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)));
+ if(buf != NULL) {
+ xmlFree(buf);
+ }
+ return(-1);
+ }
+ } else {
+ /* Visa3D protocol doesn't follow XML/XPointer/XMLDSig specs
+ * and allows invalid XPointer expressions (e.g. "#12345") in
+ * the URI attribute.
+ * Since we couldn't evaluate such expressions thru XPath/XPointer
+ * engine, we need to have this hack here
+ */
+ xmlSecTransformPtr transform;
+
+ transform = xmlSecTransformCtxCreateAndPrepend(ctx, xmlSecTransformVisa3DHackId);
+ if(!xmlSecTransformIsValid(transform)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxCreateAndPrepend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformVisa3DHackId)));
+ return(-1);
+ }
+
+ ret = xmlSecTransformVisa3DHackSetID(transform, xptr);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformVisa3DHackSetID",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)));
+ if(buf != NULL) {
+ xmlFree(buf);
+ }
+ return(-1);
+ }
+ }
+ if(buf != NULL) {
+ xmlFree(buf);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecTransformCtxPrepare:
+ * @ctx: the pointer to transforms chain processing context.
+ * @inputDataType: the expected input type.
+ *
+ * Prepares the transform context for processing data of @inputDataType.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecTransformCtxPrepare(xmlSecTransformCtxPtr ctx, xmlSecTransformDataType inputDataType) {
+ xmlSecTransformDataType firstType;
+ xmlSecTransformPtr transform;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->result == NULL, -1);
+ xmlSecAssert2(ctx->status == xmlSecTransformStatusNone, -1);
+
+ /* add binary buffer to store result */
+ transform = xmlSecTransformCtxCreateAndAppend(ctx, xmlSecTransformMemBufId);
+ if(!xmlSecTransformIsValid(transform)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformMemBufId)));
+ return(-1);
+ }
+ ctx->result = xmlSecTransformMemBufGetBuffer(transform);
+ if(ctx->result == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformMemBufGetBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformMemBufId)));
+ return(-1);
+ }
+
+ firstType = xmlSecTransformGetDataType(ctx->first, xmlSecTransformModePush, ctx);
+ if(((firstType & xmlSecTransformDataTypeBin) == 0) &&
+ ((inputDataType & xmlSecTransformDataTypeBin) != 0)) {
+
+ /* need to add parser transform */
+ transform = xmlSecTransformCtxCreateAndPrepend(ctx, xmlSecTransformXmlParserId);
+ if(transform == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxCreateAndPrepend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformXmlParserId)));
+ return(-1);
+ }
+ } else if(((firstType & xmlSecTransformDataTypeXml) == 0) &&
+ ((inputDataType & xmlSecTransformDataTypeXml) != 0)) {
+
+ /* need to add c14n transform */
+ transform = xmlSecTransformCtxCreateAndPrepend(ctx, xmlSecTransformInclC14NId);
+ if(transform == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxCreateAndPrepend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformInclC14NId)));
+ return(-1);
+ }
+ }
+
+ /* finally let application a chance to verify that it's ok to execte
+ * this transforms chain */
+ if(ctx->preExecCallback != NULL) {
+ ret = (ctx->preExecCallback)(ctx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "ctx->preExecCallback",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ ctx->status = xmlSecTransformStatusWorking;
+ return(0);
+}
+
+/**
+ * xmlSecTransformCtxBinaryExecute:
+ * @ctx: the pointer to transforms chain processing context.
+ * @data: the input binary data buffer.
+ * @dataSize: the input data size.
+ *
+ * Processes binary data using transforms chain in the @ctx.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecTransformCtxBinaryExecute(xmlSecTransformCtxPtr ctx,
+ const xmlSecByte* data, xmlSecSize dataSize) {
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->result == NULL, -1);
+ xmlSecAssert2(ctx->status == xmlSecTransformStatusNone, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(dataSize > 0, -1);
+
+ /* we should not have uri stored in ctx */
+ xmlSecAssert2(ctx->uri == NULL, -1);
+
+ ret = xmlSecTransformCtxPrepare(ctx, xmlSecTransformDataTypeBin);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxPrepare",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "type=bin");
+ return(-1);
+ }
+
+ ret = xmlSecTransformPushBin(ctx->first, data, dataSize, 1, ctx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxPushBin",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "dataSize=%d", dataSize);
+ return(-1);
+ }
+
+ ctx->status = xmlSecTransformStatusFinished;
+ return(0);
+}
+
+/**
+ * xmlSecTransformCtxUriExecute:
+ * @ctx: the pointer to transforms chain processing context.
+ * @uri: the URI.
+ *
+ * Process binary data from the URI using transforms chain in @ctx.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecTransformCtxUriExecute(xmlSecTransformCtxPtr ctx, const xmlChar* uri) {
+ xmlSecTransformPtr uriTransform;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->status == xmlSecTransformStatusNone, -1);
+ xmlSecAssert2(uri != NULL, -1);
+
+ /* we should not execute transform for a different uri */
+ xmlSecAssert2((ctx->uri == NULL) || (uri == ctx->uri) || xmlStrEqual(uri, ctx->uri), -1);
+
+ uriTransform = xmlSecTransformCtxCreateAndPrepend(ctx, xmlSecTransformInputURIId);
+ if(uriTransform == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxCreateAndPrepend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformInputURIId)));
+ return(-1);
+ }
+
+ ret = xmlSecTransformInputURIOpen(uriTransform, uri);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformInputURIOpen",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "uri=%s",
+ xmlSecErrorsSafeString(uri));
+ return(-1);
+ }
+
+ /* we do not need to do something special for this transform */
+ ret = xmlSecTransformCtxPrepare(ctx, xmlSecTransformDataTypeUnknown);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxPrepare",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "type=bin");
+ return(-1);
+ }
+
+ /* Now we have a choice: we either can push from first transform or pop
+ * from last. Our C14N transforms prefers push, so push data!
+ */
+ ret = xmlSecTransformPump(uriTransform, uriTransform->next, ctx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformPump",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "uri=%s",
+ xmlSecErrorsSafeString(uri));
+ return(-1);
+ }
+
+ ctx->status = xmlSecTransformStatusFinished;
+ return(0);
+}
+
+/**
+ * xmlSecTransformCtxXmlExecute:
+ * @ctx: the pointer to transforms chain processing context.
+ * @nodes: the input node set.
+ *
+ * Process @nodes using transforms in the transforms chain in @ctx.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecTransformCtxXmlExecute(xmlSecTransformCtxPtr ctx, xmlSecNodeSetPtr nodes) {
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->result == NULL, -1);
+ xmlSecAssert2(ctx->status == xmlSecTransformStatusNone, -1);
+ xmlSecAssert2(nodes != NULL, -1);
+
+ xmlSecAssert2((ctx->uri == NULL) || (xmlStrlen(ctx->uri) == 0), -1);
+
+ ret = xmlSecTransformCtxPrepare(ctx, xmlSecTransformDataTypeXml);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxPrepare",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "type=xml");
+ return(-1);
+ }
+
+ /* it's better to do push than pop because all XML transform
+ * just don't care and c14n likes push more than pop */
+ ret = xmlSecTransformPushXml(ctx->first, nodes, ctx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformPushXml",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformGetName(ctx->first)));
+ return(-1);
+ }
+
+ ctx->status = xmlSecTransformStatusFinished;
+ return(0);
+}
+
+/**
+ * xmlSecTransformCtxExecute:
+ * @ctx: the pointer to transforms chain processing context.
+ * @doc: the pointer to input document.
+ *
+ * Executes transforms chain in @ctx.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecTransformCtxExecute(xmlSecTransformCtxPtr ctx, xmlDocPtr doc) {
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->result == NULL, -1);
+ xmlSecAssert2(ctx->status == xmlSecTransformStatusNone, -1);
+ xmlSecAssert2(doc != NULL, -1);
+
+ if((ctx->uri == NULL) || (xmlStrlen(ctx->uri) == 0)) {
+ xmlSecNodeSetPtr nodes;
+
+ if((ctx->xptrExpr != NULL) && (xmlStrlen(ctx->xptrExpr) > 0)){
+ /* our xpointer transform takes care of providing correct nodes set */
+ nodes = xmlSecNodeSetCreate(doc, NULL, xmlSecNodeSetNormal);
+ if(nodes == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNodeSetCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ } else {
+ /* we do not want to have comments for empty URI */
+ nodes = xmlSecNodeSetGetChildren(doc, NULL, 0, 0);
+ if(nodes == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNodeSetGetChildren",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ ret = xmlSecTransformCtxXmlExecute(ctx, nodes);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxXmlExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecNodeSetDestroy(nodes);
+ return(-1);
+ }
+ /* TODO: don't destroy nodes here */
+ xmlSecNodeSetDestroy(nodes);
+ } else {
+ ret = xmlSecTransformCtxUriExecute(ctx, ctx->uri);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxUriExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecTransformCtxDebugDump:
+ * @ctx: the pointer to transforms chain processing context.
+ * @output: the pointer to output FILE.
+ *
+ * Prints transforms context debug information to @output.
+ */
+void
+xmlSecTransformCtxDebugDump(xmlSecTransformCtxPtr ctx, FILE* output) {
+ xmlSecTransformPtr transform;
+
+ xmlSecAssert(ctx != NULL);
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "== TRANSFORMS CTX (status=%d)\n", ctx->status);
+
+ fprintf(output, "== flags: 0x%08x\n", ctx->flags);
+ fprintf(output, "== flags2: 0x%08x\n", ctx->flags2);
+ if(xmlSecPtrListGetSize(&(ctx->enabledTransforms)) > 0) {
+ fprintf(output, "== enabled transforms: ");
+ xmlSecTransformIdListDebugDump(&(ctx->enabledTransforms), output);
+ } else {
+ fprintf(output, "== enabled transforms: all\n");
+ }
+
+ fprintf(output, "=== uri: %s\n",
+ (ctx->uri != NULL) ? ctx->uri : BAD_CAST "NULL");
+ fprintf(output, "=== uri xpointer expr: %s\n",
+ (ctx->xptrExpr != NULL) ? ctx->xptrExpr : BAD_CAST "NULL");
+ for(transform = ctx->first; transform != NULL; transform = transform->next) {
+ xmlSecTransformDebugDump(transform, output);
+ }
+}
+
+/**
+ * xmlSecTransformCtxDebugXmlDump:
+ * @ctx: the pointer to transforms chain processing context.
+ * @output: the pointer to output FILE.
+ *
+ * Prints transforms context debug information to @output in XML format.
+ */
+void
+xmlSecTransformCtxDebugXmlDump(xmlSecTransformCtxPtr ctx, FILE* output) {
+ xmlSecTransformPtr transform;
+
+ xmlSecAssert(ctx != NULL);
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "<TransformCtx status=\"%d\">\n", ctx->status);
+
+ fprintf(output, "<Flags>%08x</Flags>\n", ctx->flags);
+ fprintf(output, "<Flags2>%08x</Flags2>\n", ctx->flags2);
+ if(xmlSecPtrListGetSize(&(ctx->enabledTransforms)) > 0) {
+ fprintf(output, "<EnabledTransforms>\n");
+ xmlSecTransformIdListDebugXmlDump(&(ctx->enabledTransforms), output);
+ fprintf(output, "</EnabledTransforms>\n");
+ } else {
+ fprintf(output, "<EnabledTransforms>all</EnabledTransforms>\n");
+ }
+
+
+ fprintf(output, "<Uri>");
+ xmlSecPrintXmlString(output, ctx->uri);
+ fprintf(output, "</Uri>\n");
+
+ fprintf(output, "<UriXPointer>");
+ xmlSecPrintXmlString(output, ctx->xptrExpr);
+ fprintf(output, "</UriXPointer>\n");
+
+ for(transform = ctx->first; transform != NULL; transform = transform->next) {
+ xmlSecTransformDebugXmlDump(transform, output);
+ }
+ fprintf(output, "</TransformCtx>\n");
+}
+
+/**************************************************************************
+ *
+ * xmlSecTransform
+ *
+ *************************************************************************/
+/**
+ * xmlSecTransformCreate:
+ * @id: the transform id to create.
+ *
+ * Creates new transform of the @id klass. The caller is responsible for
+ * destroying returned tansform using #xmlSecTransformDestroy function.
+ *
+ * Returns: pointer to newly created transform or NULL if an error occurs.
+ */
+xmlSecTransformPtr
+xmlSecTransformCreate(xmlSecTransformId id) {
+ xmlSecTransformPtr transform;
+ int ret;
+
+ xmlSecAssert2(id != NULL, NULL);
+ xmlSecAssert2(id->klassSize >= sizeof(xmlSecTransformKlass), NULL);
+ xmlSecAssert2(id->objSize >= sizeof(xmlSecTransform), NULL);
+ xmlSecAssert2(id->name != NULL, NULL);
+
+ /* Allocate a new xmlSecTransform and fill the fields. */
+ transform = (xmlSecTransformPtr)xmlMalloc(id->objSize);
+ if(transform == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", id->objSize);
+ return(NULL);
+ }
+ memset(transform, 0, id->objSize);
+ transform->id = id;
+
+ if(id->initialize != NULL) {
+ ret = (id->initialize)(transform);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "id->initialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecTransformDestroy(transform);
+ return(NULL);
+ }
+ }
+
+ ret = xmlSecBufferInitialize(&(transform->inBuf), 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", 0);
+ xmlSecTransformDestroy(transform);
+ return(NULL);
+ }
+
+ ret = xmlSecBufferInitialize(&(transform->outBuf), 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", 0);
+ xmlSecTransformDestroy(transform);
+ return(NULL);
+ }
+
+ return(transform);
+}
+
+/**
+ * xmlSecTransformDestroy:
+ * @transform: the pointer to transform.
+ *
+ * Destroys transform created with #xmlSecTransformCreate function.
+ */
+void
+xmlSecTransformDestroy(xmlSecTransformPtr transform) {
+ xmlSecAssert(xmlSecTransformIsValid(transform));
+ xmlSecAssert(transform->id->objSize > 0);
+
+ /* first need to remove ourselves from chain */
+ xmlSecTransformRemove(transform);
+
+ xmlSecBufferFinalize(&(transform->inBuf));
+ xmlSecBufferFinalize(&(transform->outBuf));
+
+ /* we never destroy input nodes, output nodes
+ * are destroyed if and only if they are different
+ * from input nodes
+ */
+ if((transform->outNodes != NULL) && (transform->outNodes != transform->inNodes)) {
+ xmlSecNodeSetDestroy(transform->outNodes);
+ }
+ if(transform->id->finalize != NULL) {
+ (transform->id->finalize)(transform);
+ }
+ memset(transform, 0, transform->id->objSize);
+ xmlFree(transform);
+}
+
+/**
+ * xmlSecTransformNodeRead:
+ * @node: the pointer to the transform's node.
+ * @usage: the transform usage (signature, encryption, ...).
+ * @transformCtx: the transform's chaing processing context.
+ *
+ * Reads transform from the @node as follows:
+ *
+ * 1) reads "Algorithm" attribute;
+ *
+ * 2) checks the lists of known and allowed transforms;
+ *
+ * 3) calls transform's create method;
+ *
+ * 4) calls transform's read transform node method.
+ *
+ * Returns: pointer to newly created transform or NULL if an error occurs.
+ */
+xmlSecTransformPtr
+xmlSecTransformNodeRead(xmlNodePtr node, xmlSecTransformUsage usage, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecTransformPtr transform;
+ xmlSecTransformId id;
+ xmlChar *href;
+ int ret;
+
+ xmlSecAssert2(node != NULL, NULL);
+ xmlSecAssert2(transformCtx != NULL, NULL);
+
+ href = xmlGetProp(node, xmlSecAttrAlgorithm);
+ if(href == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecAttrAlgorithm),
+ XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
+ return(NULL);
+ }
+
+ id = xmlSecTransformIdListFindByHref(xmlSecTransformIdsGet(), href, usage);
+ if(id == xmlSecTransformIdUnknown) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformIdListFindByHref",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "href=%s",
+ xmlSecErrorsSafeString(href));
+ xmlFree(href);
+ return(NULL);
+ }
+
+ /* check with enabled transforms list */
+ if((xmlSecPtrListGetSize(&(transformCtx->enabledTransforms)) > 0) &&
+ (xmlSecTransformIdListFind(&(transformCtx->enabledTransforms), id) != 1)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(id)),
+ XMLSEC_ERRORS_R_TRANSFORM_DISABLED,
+ "href=%s",
+ xmlSecErrorsSafeString(href));
+ xmlFree(href);
+ return(NULL);
+ }
+
+ transform = xmlSecTransformCreate(id);
+ if(!xmlSecTransformIsValid(transform)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(id)));
+ xmlFree(href);
+ return(NULL);
+ }
+
+ if(transform->id->readNode != NULL) {
+ ret = transform->id->readNode(transform, node, transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "id->readNode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)));
+ xmlSecTransformDestroy(transform);
+ xmlFree(href);
+ return(NULL);
+ }
+ }
+
+ /* finally remember the transform node */
+ transform->hereNode = node;
+ xmlFree(href);
+ return(transform);
+}
+
+/**
+ * xmlSecTransformPump:
+ * @left: the source pumping transform.
+ * @right: the destination pumping transform.
+ * @transformCtx: the transform's chaing processing context.
+ *
+ * Pops data from @left transform and pushes to @right transform until
+ * no more data is available.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecTransformPump(xmlSecTransformPtr left, xmlSecTransformPtr right, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecTransformDataType leftType;
+ xmlSecTransformDataType rightType;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformIsValid(left), -1);
+ xmlSecAssert2(xmlSecTransformIsValid(right), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ leftType = xmlSecTransformGetDataType(left, xmlSecTransformModePop, transformCtx);
+ rightType = xmlSecTransformGetDataType(right, xmlSecTransformModePush, transformCtx);
+
+ if(((leftType & xmlSecTransformDataTypeXml) != 0) &&
+ ((rightType & xmlSecTransformDataTypeXml) != 0)) {
+
+ xmlSecNodeSetPtr nodes = NULL;
+
+ ret = xmlSecTransformPopXml(left, &nodes, transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(left)),
+ "xmlSecTransformPopXml",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecTransformPushXml(right, nodes, transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(right)),
+ "xmlSecTransformPushXml",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else if(((leftType & xmlSecTransformDataTypeBin) != 0) &&
+ ((rightType & xmlSecTransformDataTypeBin) != 0)) {
+ xmlSecByte buf[XMLSEC_TRANSFORM_BINARY_CHUNK];
+ xmlSecSize bufSize;
+ int final;
+
+ do {
+ ret = xmlSecTransformPopBin(left, buf, sizeof(buf), &bufSize, transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(left)),
+ "xmlSecTransformPopBin",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ final = (bufSize == 0) ? 1 : 0;
+ ret = xmlSecTransformPushBin(right, buf, bufSize, final, transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(right)),
+ "xmlSecTransformPushBin",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } while(final == 0);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(left)),
+ xmlSecErrorsSafeString(xmlSecTransformGetName(right)),
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ "transforms input/output data formats do not match");
+ }
+ return(0);
+}
+
+
+/**
+ * xmlSecTransformSetKey:
+ * @transform: the pointer to transform.
+ * @key: the pointer to key.
+ *
+ * Sets the transform's key.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecTransformSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ if(transform->id->setKey != NULL) {
+ return((transform->id->setKey)(transform, key));
+ }
+ return(0);
+}
+
+/**
+ * xmlSecTransformSetKeyReq:
+ * @transform: the pointer to transform.
+ * @keyReq: the pointer to keys requirements object.
+ *
+ * Sets the key requirements for @transform in the @keyReq.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecTransformSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ keyReq->keyId = xmlSecKeyDataIdUnknown;
+ keyReq->keyType = xmlSecKeyDataTypeUnknown;
+ keyReq->keyUsage = xmlSecKeyUsageAny;
+ keyReq->keyBitsSize = 0;
+
+ if(transform->id->setKeyReq != NULL) {
+ return((transform->id->setKeyReq)(transform, keyReq));
+ }
+ return(0);
+}
+
+/**
+ * xmlSecTransformVerify:
+ * @transform: the pointer to transform.
+ * @data: the binary data for verification.
+ * @dataSize: the data size.
+ * @transformCtx: the transform's chaing processing context.
+ *
+ * Verifies the data with transform's processing results
+ * (for digest, HMAC and signature transforms). The verification
+ * result is stored in the #status member of #xmlSecTransform object.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecTransformVerify(xmlSecTransformPtr transform, const xmlSecByte* data,
+ xmlSecSize dataSize, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
+ xmlSecAssert2(transform->id->verify != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ return((transform->id->verify)(transform, data, dataSize, transformCtx));
+}
+
+/**
+ * xmlSecTransformVerifyNodeContent:
+ * @transform: the pointer to transform.
+ * @node: the pointer to node.
+ * @transformCtx: the transform's chaing processing context.
+ *
+ * Gets the @node content, base64 decodes it and calls #xmlSecTransformVerify
+ * function to verify binary results.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecTransformVerifyNodeContent(xmlSecTransformPtr transform, xmlNodePtr node,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecBuffer buffer;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ret = xmlSecBufferInitialize(&buffer, 0);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecBufferBase64NodeContentRead(&buffer, node);
+ if((ret < 0) || (xmlSecBufferGetData(&buffer) == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferBase64NodeContentRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buffer);
+ return(-1);
+ }
+
+ ret = xmlSecTransformVerify(transform, xmlSecBufferGetData(&buffer),
+ xmlSecBufferGetSize(&buffer), transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecTransformVerify",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buffer);
+ return(-1);
+ }
+
+ xmlSecBufferFinalize(&buffer);
+ return(0);
+}
+
+/**
+ * xmlSecTransformGetDataType:
+ * @transform: the pointer to transform.
+ * @mode: the data mode (push or pop).
+ * @transformCtx: the transform's chaing processing context.
+ *
+ * Gets transform input (@mode is "push") or output (@mode is "pop") data
+ * type (binary or XML).
+ *
+ * Returns: the transform's data type for the @mode operation.
+ */
+xmlSecTransformDataType
+xmlSecTransformGetDataType(xmlSecTransformPtr transform, xmlSecTransformMode mode,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecAssert2(xmlSecTransformIsValid(transform), xmlSecTransformDataTypeUnknown);
+ xmlSecAssert2(transform->id->getDataType != NULL, xmlSecTransformDataTypeUnknown);
+
+ return((transform->id->getDataType)(transform, mode, transformCtx));
+}
+
+/**
+ * xmlSecTransformPushBin:
+ * @transform: the pointer to transform object.
+ * @data: the input binary data,
+ * @dataSize: the input data size.
+ * @final: the flag: if set to 1 then it's the last
+ * data chunk.
+ * @transformCtx: the pointer to transform context object.
+ *
+ * Process binary @data and pushes results to next transform.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecTransformPushBin(xmlSecTransformPtr transform, const xmlSecByte* data,
+ xmlSecSize dataSize, int final, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
+ xmlSecAssert2(transform->id->pushBin != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ return((transform->id->pushBin)(transform, data, dataSize, final, transformCtx));
+}
+
+/**
+ * xmlSecTransformPopBin:
+ * @transform: the pointer to transform object.
+ * @data: the buffer to store result data.
+ * @maxDataSize: the size of the buffer #data.
+ * @dataSize: the pointer to returned data size.
+ * @transformCtx: the pointer to transform context object.
+ *
+ * Pops data from previous transform in the chain, processes data and
+ * returns result in the @data buffer. The size of returned data is
+ * placed in the @dataSize.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecTransformPopBin(xmlSecTransformPtr transform, xmlSecByte* data,
+ xmlSecSize maxDataSize, xmlSecSize* dataSize, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
+ xmlSecAssert2(transform->id->popBin != NULL, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(dataSize != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ return((transform->id->popBin)(transform, data, maxDataSize, dataSize, transformCtx));
+}
+
+/**
+ * xmlSecTransformPushXml:
+ * @transform: the pointer to transform object.
+ * @nodes: the input nodes.
+ * @transformCtx: the pointer to transform context object.
+ *
+ * Processes @nodes and pushes result to the next transform in the chain.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecTransformPushXml(xmlSecTransformPtr transform, xmlSecNodeSetPtr nodes,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
+ xmlSecAssert2(transform->id->pushXml != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ return((transform->id->pushXml)(transform, nodes, transformCtx));
+}
+
+/**
+ * xmlSecTransformPopXml:
+ * @transform: the pointer to transform object.
+ * @nodes: the pointer to store popinter to result nodes.
+ * @transformCtx: the pointer to transform context object.
+ *
+ * Pops data from previous transform in the chain, processes the data and
+ * returns result in @nodes.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecTransformPopXml(xmlSecTransformPtr transform, xmlSecNodeSetPtr* nodes,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
+ xmlSecAssert2(transform->id->popXml != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ return((transform->id->popXml)(transform, nodes, transformCtx));
+}
+
+/**
+ * xmlSecTransformExecute:
+ * @transform: the pointer to transform.
+ * @last: the flag: if set to 1 then it's the last data chunk.
+ * @transformCtx: the transform's chaing processing context.
+ *
+ * Executes transform (used by default popBin/pushBin/popXml/pushXml methods).
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecTransformExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
+ xmlSecAssert2(transform->id->execute != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ return((transform->id->execute)(transform, last, transformCtx));
+}
+
+/**
+ * xmlSecTransformDebugDump:
+ * @transform: the pointer to transform.
+ * @output: the pointer to output FILE.
+ *
+ * Prints transform's debug information to @output.
+ */
+void
+xmlSecTransformDebugDump(xmlSecTransformPtr transform, FILE* output) {
+ xmlSecAssert(xmlSecTransformIsValid(transform));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "=== Transform: %s (href=%s)\n",
+ xmlSecErrorsSafeString(transform->id->name),
+ xmlSecErrorsSafeString(transform->id->href));
+}
+
+/**
+ * xmlSecTransformDebugXmlDump:
+ * @transform: the pointer to transform.
+ * @output: the pointer to output FILE.
+ *
+ * Prints transform's debug information to @output in XML format.
+ */
+void
+xmlSecTransformDebugXmlDump(xmlSecTransformPtr transform, FILE* output) {
+ xmlSecAssert(xmlSecTransformIsValid(transform));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "<Transform name=\"");
+ xmlSecPrintXmlString(output,transform->id->name);
+ fprintf(output, "\" href=\"");
+ xmlSecPrintXmlString(output, transform->id->href);
+ fprintf(output, "\" />\n");
+}
+
+/************************************************************************
+ *
+ * Operations on transforms chain
+ *
+ ************************************************************************/
+/**
+ * xmlSecTransformConnect:
+ * @left: the pointer to left (prev) transform.
+ * @right: the pointer to right (next) transform.
+ * @transformCtx: the transform's chaing processing context.
+ *
+ * If the data object is a node-set and the next transform requires octets,
+ * the signature application MUST attempt to convert the node-set to an octet
+ * stream using Canonical XML [XML-C14N].
+ *
+ * The story is different if the right transform is base64 decode
+ * (http://www.w3.org/TR/xmldsig-core/#sec-Base-64):
+ *
+ * This transform requires an octet stream for input. If an XPath node-set
+ * (or sufficiently functional alternative) is given as input, then it is
+ * converted to an octet stream by performing operations logically equivalent
+ * to 1) applying an XPath transform with expression self::text(), then 2)
+ * taking the string-value of the node-set. Thus, if an XML element is
+ * identified by a barename XPointer in the Reference URI, and its content
+ * consists solely of base64 encoded character data, then this transform
+ * automatically strips away the start and end tags of the identified element
+ * and any of its descendant elements as well as any descendant comments and
+ * processing instructions. The output of this transform is an octet stream.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecTransformConnect(xmlSecTransformPtr left, xmlSecTransformPtr right,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecTransformDataType leftType;
+ xmlSecTransformDataType rightType;
+ xmlSecTransformId middleId;
+ xmlSecTransformPtr middle;
+
+ xmlSecAssert2(xmlSecTransformIsValid(left), -1);
+ xmlSecAssert2(xmlSecTransformIsValid(right), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ leftType = xmlSecTransformGetDataType(left, xmlSecTransformModePop, transformCtx);
+ rightType = xmlSecTransformGetDataType(right, xmlSecTransformModePush, transformCtx);
+
+ /* happy case first: nothing need to be done */
+ if((((leftType & xmlSecTransformDataTypeBin) != 0) &&
+ ((rightType & xmlSecTransformDataTypeBin) != 0)) ||
+ (((leftType & xmlSecTransformDataTypeXml) != 0) &&
+ ((rightType & xmlSecTransformDataTypeXml) != 0))) {
+
+ left->next = right;
+ right->prev = left;
+ return(0);
+ }
+
+ if(((leftType & xmlSecTransformDataTypeBin) != 0) &&
+ ((rightType & xmlSecTransformDataTypeXml) != 0)) {
+
+ /* need to insert parser */
+ middleId = xmlSecTransformXmlParserId;
+ } else if(((leftType & xmlSecTransformDataTypeXml) != 0) &&
+ ((rightType & xmlSecTransformDataTypeBin) != 0)) {
+
+ /* need to insert c14n or special pre-base64 transform */
+ if(xmlSecTransformCheckId(right, xmlSecTransformBase64Id)) {
+ middleId = xmlSecTransformRemoveXmlTagsC14NId;
+ } else {
+ middleId = xmlSecTransformInclC14NId;
+ }
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(left)),
+ xmlSecErrorsSafeString(xmlSecTransformGetName(right)),
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ "leftType=%d;rightType=%d",
+ leftType, rightType);
+ return(-1);
+ }
+
+ /* insert transform */
+ middle = xmlSecTransformCreate(middleId);
+ if(middle == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(left)),
+ "xmlSecTransformCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(middleId)));
+ return(-1);
+ }
+ left->next = middle;
+ middle->prev = left;
+ middle->next = right;
+ right->prev = middle;
+ return(0);
+}
+
+/**
+ * xmlSecTransformRemove:
+ * @transform: the pointer to #xmlSecTransform structure.
+ *
+ * Removes @transform from the chain.
+ */
+void
+xmlSecTransformRemove(xmlSecTransformPtr transform) {
+ xmlSecAssert(xmlSecTransformIsValid(transform));
+
+ if(transform->next != NULL) {
+ transform->next->prev = transform->prev;
+ }
+ if(transform->prev != NULL) {
+ transform->prev->next = transform->next;
+ }
+ transform->next = transform->prev = NULL;
+}
+
+
+/************************************************************************
+ *
+ * Default callbacks, most of the transforms can use them
+ *
+ ************************************************************************/
+/**
+ * xmlSecTransformDefaultGetDataType:
+ * @transform: the pointer to transform.
+ * @mode: the data mode (push or pop).
+ * @transformCtx: the transform's chaing processing context.
+ *
+ * Gets transform input (@mode is "push") or output (@mode is "pop") data
+ * type (binary or XML) by analyzing available pushBin/popBin/pushXml/popXml
+ * methods.
+ *
+ * Returns: the transform's data type for the @mode operation.
+ */
+xmlSecTransformDataType
+xmlSecTransformDefaultGetDataType(xmlSecTransformPtr transform, xmlSecTransformMode mode,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecTransformDataType type = xmlSecTransformDataTypeUnknown;
+
+ xmlSecAssert2(xmlSecTransformIsValid(transform), xmlSecTransformDataTypeUnknown);
+ xmlSecAssert2(transformCtx != NULL, xmlSecTransformDataTypeUnknown);
+
+ /* we'll try to guess the data type based on the handlers we have */
+ switch(mode) {
+ case xmlSecTransformModePush:
+ if(transform->id->pushBin != NULL) {
+ type |= xmlSecTransformDataTypeBin;
+ }
+ if(transform->id->pushXml != NULL) {
+ type |= xmlSecTransformDataTypeXml;
+ }
+ break;
+ case xmlSecTransformModePop:
+ if(transform->id->popBin != NULL) {
+ type |= xmlSecTransformDataTypeBin;
+ }
+ if(transform->id->popXml != NULL) {
+ type |= xmlSecTransformDataTypeXml;
+ }
+ break;
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "mode=%d", mode);
+ return(xmlSecTransformDataTypeUnknown);
+ }
+
+ return(type);
+}
+
+/**
+ * xmlSecTransformDefaultPushBin:
+ * @transform: the pointer to transform object.
+ * @data: the input binary data,
+ * @dataSize: the input data size.
+ * @final: the flag: if set to 1 then it's the last
+ * data chunk.
+ * @transformCtx: the pointer to transform context object.
+ *
+ * Process binary @data by calling transform's execute method and pushes
+ * results to next transform.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecTransformDefaultPushBin(xmlSecTransformPtr transform, const xmlSecByte* data,
+ xmlSecSize dataSize, int final, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecSize inSize = 0;
+ xmlSecSize outSize = 0;
+ int finalData = 0;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ do {
+ /* append data to input buffer */
+ if(dataSize > 0) {
+ xmlSecSize chunkSize;
+
+ xmlSecAssert2(data != NULL, -1);
+
+ chunkSize = dataSize;
+ if(chunkSize > XMLSEC_TRANSFORM_BINARY_CHUNK) {
+ chunkSize = XMLSEC_TRANSFORM_BINARY_CHUNK;
+ }
+
+ ret = xmlSecBufferAppend(&(transform->inBuf), data, chunkSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", chunkSize);
+ return(-1);
+ }
+
+ dataSize -= chunkSize;
+ data += chunkSize;
+ }
+
+ /* process data */
+ inSize = xmlSecBufferGetSize(&(transform->inBuf));
+ outSize = xmlSecBufferGetSize(&(transform->outBuf));
+ finalData = (((dataSize == 0) && (final != 0)) ? 1 : 0);
+ ret = xmlSecTransformExecute(transform, finalData, transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecTransformExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "final=%d", final);
+ return(-1);
+ }
+
+ /* push data to the next transform */
+ inSize = xmlSecBufferGetSize(&(transform->inBuf));
+ outSize = xmlSecBufferGetSize(&(transform->outBuf));
+ if(inSize > 0) {
+ finalData = 0;
+ }
+
+ /* we don't want to puch too much */
+ if(outSize > XMLSEC_TRANSFORM_BINARY_CHUNK) {
+ outSize = XMLSEC_TRANSFORM_BINARY_CHUNK;
+ finalData = 0;
+ }
+ if((transform->next != NULL) && ((outSize > 0) || (finalData != 0))) {
+ ret = xmlSecTransformPushBin(transform->next,
+ xmlSecBufferGetData(&(transform->outBuf)),
+ outSize,
+ finalData,
+ transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform->next)),
+ "xmlSecTransformPushBin",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "final=%d;outSize=%d", final, outSize);
+ return(-1);
+ }
+ }
+
+ /* remove data anyway */
+ if(outSize > 0) {
+ ret = xmlSecBufferRemoveHead(&(transform->outBuf), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
+ }
+ }
+ } while((dataSize > 0) || (outSize > 0));
+
+ return(0);
+}
+
+/**
+ * xmlSecTransformDefaultPopBin:
+ * @transform: the pointer to transform object.
+ * @data: the buffer to store result data.
+ * @maxDataSize: the size of the buffer #data.
+ * @dataSize: the pointer to returned data size.
+ * @transformCtx: the pointer to transform context object.
+ *
+ * Pops data from previous transform in the chain, processes data by calling
+ * transform's execute method and returns result in the @data buffer. The
+ * size of returned data is placed in the @dataSize.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecTransformDefaultPopBin(xmlSecTransformPtr transform, xmlSecByte* data,
+ xmlSecSize maxDataSize, xmlSecSize* dataSize, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecSize outSize;
+ int final = 0;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(dataSize != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ while((xmlSecBufferGetSize(&(transform->outBuf)) == 0) && (final == 0)) {
+ /* read data from previous transform if exist */
+ if(transform->prev != NULL) {
+ xmlSecSize inSize, chunkSize;
+
+ inSize = xmlSecBufferGetSize(&(transform->inBuf));
+ chunkSize = XMLSEC_TRANSFORM_BINARY_CHUNK;
+
+ /* ensure that we have space for at least one data chunk */
+ ret = xmlSecBufferSetMaxSize(&(transform->inBuf), inSize + chunkSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize + chunkSize);
+ return(-1);
+ }
+
+ /* get data from previous transform */
+ ret = xmlSecTransformPopBin(transform->prev,
+ xmlSecBufferGetData(&(transform->inBuf)) + inSize,
+ chunkSize, &chunkSize, transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform->prev)),
+ "xmlSecTransformPopBin",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* adjust our size if needed */
+ if(chunkSize > 0) {
+ ret = xmlSecBufferSetSize(&(transform->inBuf), inSize + chunkSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize + chunkSize);
+ return(-1);
+ }
+ final = 0; /* the previous transform returned some data..*/
+ } else {
+ final = 1; /* no data returned from previous transform, we are done */
+ }
+ } else {
+ final = 1; /* no previous transform, we are "permanently final" */
+ }
+
+ /* execute our transform */
+ ret = xmlSecTransformExecute(transform, final, transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecTransformExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ /* copy result (if any) */
+ outSize = xmlSecBufferGetSize(&(transform->outBuf));
+ if(outSize > maxDataSize) {
+ outSize = maxDataSize;
+ }
+
+ /* we don't want to put too much */
+ if(outSize > XMLSEC_TRANSFORM_BINARY_CHUNK) {
+ outSize = XMLSEC_TRANSFORM_BINARY_CHUNK;
+ }
+ if(outSize > 0) {
+ xmlSecAssert2(xmlSecBufferGetData(&(transform->outBuf)), -1);
+
+ memcpy(data, xmlSecBufferGetData(&(transform->outBuf)), outSize);
+
+ ret = xmlSecBufferRemoveHead(&(transform->outBuf), outSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize);
+ return(-1);
+ }
+ }
+
+ /* set the result size */
+ (*dataSize) = outSize;
+ return(0);
+}
+
+/**
+ * xmlSecTransformDefaultPushXml:
+ * @transform: the pointer to transform object.
+ * @nodes: the input nodes.
+ * @transformCtx: the pointer to transform context object.
+ *
+ * Processes @nodes by calling transform's execute method and pushes
+ * result to the next transform in the chain.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecTransformDefaultPushXml(xmlSecTransformPtr transform, xmlSecNodeSetPtr nodes,
+ xmlSecTransformCtxPtr transformCtx) {
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
+ xmlSecAssert2(transform->inNodes == NULL, -1);
+ xmlSecAssert2(transform->outNodes == NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ /* execute our transform */
+ transform->inNodes = nodes;
+ ret = xmlSecTransformExecute(transform, 1, transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecTransformExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* push result to the next transform (if exist) */
+ if(transform->next != NULL) {
+ ret = xmlSecTransformPushXml(transform->next, transform->outNodes, transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecTransformPushXml",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ return(0);
+}
+
+/**
+ * xmlSecTransformDefaultPopXml:
+ * @transform: the pointer to transform object.
+ * @nodes: the pointer to store popinter to result nodes.
+ * @transformCtx: the pointer to transform context object.
+ *
+ * Pops data from previous transform in the chain, processes the data
+ * by calling transform's execute method and returns result in @nodes.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecTransformDefaultPopXml(xmlSecTransformPtr transform, xmlSecNodeSetPtr* nodes,
+ xmlSecTransformCtxPtr transformCtx) {
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
+ xmlSecAssert2(transform->inNodes == NULL, -1);
+ xmlSecAssert2(transform->outNodes == NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ /* pop result from the prev transform (if exist) */
+ if(transform->prev != NULL) {
+ ret = xmlSecTransformPopXml(transform->prev, &(transform->inNodes), transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecTransformPopXml",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ /* execute our transform */
+ ret = xmlSecTransformExecute(transform, 1, transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecTransformExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* return result if requested */
+ if(nodes != NULL) {
+ (*nodes) = transform->outNodes;
+ }
+
+ return(0);
+}
+
+/***********************************************************************
+ *
+ * Transform Ids list
+ *
+ **********************************************************************/
+static xmlSecPtrListKlass xmlSecTransformIdListKlass = {
+ BAD_CAST "transform-ids-list",
+ NULL, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
+ NULL, /* xmlSecPtrDestroyItemMethod destroyItem; */
+ NULL, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
+ NULL, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
+};
+
+/**
+ * xmlSecTransformIdListGetKlass:
+ *
+ * The transform id list klass.
+ *
+ * Returns: pointer to the transform id list klass.
+ */
+xmlSecPtrListId
+xmlSecTransformIdListGetKlass(void) {
+ return(&xmlSecTransformIdListKlass);
+}
+
+/**
+ * xmlSecTransformIdListFind:
+ * @list: the pointer to transform ids list.
+ * @transformId: the transform klass.
+ *
+ * Lookups @dataId in @list.
+ *
+ * Returns: 1 if @dataId is found in the @list, 0 if not and a negative
+ * value if an error occurs.
+ */
+int
+xmlSecTransformIdListFind(xmlSecPtrListPtr list, xmlSecTransformId transformId) {
+ xmlSecSize i, size;
+
+ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecTransformIdListId), -1);
+ xmlSecAssert2(transformId != NULL, -1);
+
+ size = xmlSecPtrListGetSize(list);
+ for(i = 0; i < size; ++i) {
+ if((xmlSecTransformId)xmlSecPtrListGetItem(list, i) == transformId) {
+ return(1);
+ }
+ }
+ return(0);
+}
+
+/**
+ * xmlSecTransformIdListFindByHref:
+ * @list: the pointer to transform ids list.
+ * @href: the desired transform klass href.
+ * @usage: the desired transform usage.
+ *
+ * Lookups data klass in the list with given @href and @usage in @list.
+ *
+ * Returns: transform klass is found and NULL otherwise.
+ */
+xmlSecTransformId
+xmlSecTransformIdListFindByHref(xmlSecPtrListPtr list, const xmlChar* href,
+ xmlSecTransformUsage usage) {
+ xmlSecTransformId transformId;
+ xmlSecSize i, size;
+
+ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecTransformIdListId), xmlSecTransformIdUnknown);
+ xmlSecAssert2(href != NULL, xmlSecTransformIdUnknown);
+
+ size = xmlSecPtrListGetSize(list);
+ for(i = 0; i < size; ++i) {
+ transformId = (xmlSecTransformId)xmlSecPtrListGetItem(list, i);
+ xmlSecAssert2(transformId != xmlSecTransformIdUnknown, xmlSecTransformIdUnknown);
+
+ if(((usage & transformId->usage) != 0) && (transformId->href != NULL) &&
+ xmlStrEqual(href, transformId->href)) {
+ return(transformId);
+ }
+ }
+ return(xmlSecTransformIdUnknown);
+}
+
+/**
+ * xmlSecTransformIdListFindByName:
+ * @list: the pointer to transform ids list.
+ * @name: the desired transform klass name.
+ * @usage: the desired transform usage.
+ *
+ * Lookups data klass in the list with given @name and @usage in @list.
+ *
+ * Returns: transform klass is found and NULL otherwise.
+ */
+xmlSecTransformId
+xmlSecTransformIdListFindByName(xmlSecPtrListPtr list, const xmlChar* name,
+ xmlSecTransformUsage usage) {
+ xmlSecTransformId transformId;
+ xmlSecSize i, size;
+
+ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecTransformIdListId), xmlSecTransformIdUnknown);
+ xmlSecAssert2(name != NULL, xmlSecTransformIdUnknown);
+
+ size = xmlSecPtrListGetSize(list);
+ for(i = 0; i < size; ++i) {
+ transformId = (xmlSecTransformId)xmlSecPtrListGetItem(list, i);
+ xmlSecAssert2(transformId != xmlSecTransformIdUnknown, xmlSecTransformIdUnknown);
+
+ if(((usage & transformId->usage) != 0) && (transformId->name != NULL) &&
+ xmlStrEqual(name, BAD_CAST transformId->name)) {
+
+ return(transformId);
+ }
+ }
+ return(xmlSecTransformIdUnknown);
+}
+
+/**
+ * xmlSecTransformIdListDebugDump:
+ * @list: the pointer to transform ids list.
+ * @output: the pointer to output FILE.
+ *
+ * Prints binary transform debug information to @output.
+ */
+void
+xmlSecTransformIdListDebugDump(xmlSecPtrListPtr list, FILE* output) {
+ xmlSecTransformId transformId;
+ xmlSecSize i, size;
+
+ xmlSecAssert(xmlSecPtrListCheckId(list, xmlSecTransformIdListId));
+ xmlSecAssert(output != NULL);
+
+ size = xmlSecPtrListGetSize(list);
+ for(i = 0; i < size; ++i) {
+ transformId = (xmlSecTransformId)xmlSecPtrListGetItem(list, i);
+ xmlSecAssert(transformId != NULL);
+ xmlSecAssert(transformId->name != NULL);
+
+ if(i > 0) {
+ fprintf(output, ",\"%s\"", transformId->name);
+ } else {
+ fprintf(output, "\"%s\"", transformId->name);
+ }
+ }
+ fprintf(output, "\n");
+}
+
+/**
+ * xmlSecTransformIdListDebugXmlDump:
+ * @list: the pointer to transform ids list.
+ * @output: the pointer to output FILE.
+ *
+ * Prints binary transform debug information to @output in XML format.
+ */
+void
+xmlSecTransformIdListDebugXmlDump(xmlSecPtrListPtr list, FILE* output) {
+ xmlSecTransformId transformId;
+ xmlSecSize i, size;
+
+ xmlSecAssert(xmlSecPtrListCheckId(list, xmlSecTransformIdListId));
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "<TransformIdsList>\n");
+ size = xmlSecPtrListGetSize(list);
+ for(i = 0; i < size; ++i) {
+ transformId = (xmlSecTransformId)xmlSecPtrListGetItem(list, i);
+ xmlSecAssert(transformId != NULL);
+ xmlSecAssert(transformId->name != NULL);
+
+ fprintf(output, "<TransformId name=\"");
+ xmlSecPrintXmlString(output, transformId->name);
+ fprintf(output, "\" />");
+ }
+ fprintf(output, "</TransformIdsList>\n");
+}
+
+/************************************************************************
+ *
+ * IO buffers for transforms
+ *
+ ************************************************************************/
+typedef struct _xmlSecTransformIOBuffer xmlSecTransformIOBuffer,
+ *xmlSecTransformIOBufferPtr;
+typedef enum {
+ xmlSecTransformIOBufferModeRead,
+ xmlSecTransformIOBufferModeWrite
+} xmlSecTransformIOBufferMode;
+
+struct _xmlSecTransformIOBuffer {
+ xmlSecTransformIOBufferMode mode;
+ xmlSecTransformPtr transform;
+ xmlSecTransformCtxPtr transformCtx;
+};
+
+static xmlSecTransformIOBufferPtr xmlSecTransformIOBufferCreate (xmlSecTransformIOBufferMode mode,
+ xmlSecTransformPtr transform,
+ xmlSecTransformCtxPtr transformCtx);
+static void xmlSecTransformIOBufferDestroy (xmlSecTransformIOBufferPtr buffer);
+static int xmlSecTransformIOBufferRead (xmlSecTransformIOBufferPtr buffer,
+ xmlSecByte *buf,
+ xmlSecSize size);
+static int xmlSecTransformIOBufferWrite (xmlSecTransformIOBufferPtr buffer,
+ const xmlSecByte *buf,
+ xmlSecSize size);
+static int xmlSecTransformIOBufferClose (xmlSecTransformIOBufferPtr buffer);
+
+
+/**
+ * xmlSecTransformCreateOutputBuffer:
+ * @transform: the pointer to transform.
+ * @transformCtx: the pointer to transform context object.
+ *
+ * Creates output buffer to write data to @transform.
+ *
+ * Returns: pointer to new output buffer or NULL if an error occurs.
+ */
+xmlOutputBufferPtr
+xmlSecTransformCreateOutputBuffer(xmlSecTransformPtr transform, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecTransformIOBufferPtr buffer;
+ xmlSecTransformDataType type;
+ xmlOutputBufferPtr output;
+
+ xmlSecAssert2(xmlSecTransformIsValid(transform), NULL);
+ xmlSecAssert2(transformCtx != NULL, NULL);
+
+ /* check that we have binary push method for this transform */
+ type = xmlSecTransformDefaultGetDataType(transform, xmlSecTransformModePush, transformCtx);
+ if((type & xmlSecTransformDataTypeBin) == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ "push binary data not supported");
+ return(NULL);
+ }
+
+ buffer = xmlSecTransformIOBufferCreate(xmlSecTransformIOBufferModeWrite, transform, transformCtx);
+ if(buffer == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecTransformIOBufferCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ output = xmlOutputBufferCreateIO((xmlOutputWriteCallback)xmlSecTransformIOBufferWrite,
+ (xmlOutputCloseCallback)xmlSecTransformIOBufferClose,
+ buffer,
+ NULL);
+ if(output == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlOutputBufferCreateIO",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecTransformIOBufferDestroy(buffer);
+ return(NULL);
+ }
+
+ return(output);
+}
+
+/**
+ * xmlSecTransformCreateInputBuffer:
+ * @transform: the pointer to transform.
+ * @transformCtx: the pointer to transform context object.
+ *
+ * Creates input buffer to read data from @transform.
+ *
+ * Returns: pointer to new input buffer or NULL if an error occurs.
+ */
+xmlParserInputBufferPtr
+xmlSecTransformCreateInputBuffer(xmlSecTransformPtr transform, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecTransformIOBufferPtr buffer;
+ xmlSecTransformDataType type;
+ xmlParserInputBufferPtr input;
+
+ xmlSecAssert2(xmlSecTransformIsValid(transform), NULL);
+ xmlSecAssert2(transformCtx != NULL, NULL);
+
+ /* check that we have binary pop method for this transform */
+ type = xmlSecTransformDefaultGetDataType(transform, xmlSecTransformModePop, transformCtx);
+ if((type & xmlSecTransformDataTypeBin) == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ "pop binary data not supported");
+ return(NULL);
+ }
+
+ buffer = xmlSecTransformIOBufferCreate(xmlSecTransformIOBufferModeRead, transform, transformCtx);
+ if(buffer == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecTransformIOBufferCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ input = xmlParserInputBufferCreateIO((xmlInputReadCallback)xmlSecTransformIOBufferRead,
+ (xmlInputCloseCallback)xmlSecTransformIOBufferClose,
+ buffer,
+ XML_CHAR_ENCODING_NONE);
+ if(input == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlParserInputBufferCreateIO",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecTransformIOBufferDestroy(buffer);
+ return(NULL);
+ }
+
+ return(input);
+}
+
+static xmlSecTransformIOBufferPtr
+xmlSecTransformIOBufferCreate(xmlSecTransformIOBufferMode mode, xmlSecTransformPtr transform,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecTransformIOBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecTransformIsValid(transform), NULL);
+ xmlSecAssert2(transformCtx != NULL, NULL);
+
+ buffer = (xmlSecTransformIOBufferPtr)xmlMalloc(sizeof(xmlSecTransformIOBuffer));
+ if(buffer == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d", sizeof(xmlSecTransformIOBuffer));
+ return(NULL);
+ }
+ memset(buffer, 0, sizeof(xmlSecTransformIOBuffer));
+
+ buffer->mode = mode;
+ buffer->transform = transform;
+ buffer->transformCtx = transformCtx;
+
+ return(buffer);
+}
+
+static void
+xmlSecTransformIOBufferDestroy(xmlSecTransformIOBufferPtr buffer) {
+ xmlSecAssert(buffer != NULL);
+
+ memset(buffer, 0, sizeof(xmlSecTransformIOBuffer));
+ xmlFree(buffer);
+}
+
+static int
+xmlSecTransformIOBufferRead(xmlSecTransformIOBufferPtr buffer,
+ xmlSecByte *buf, xmlSecSize size) {
+ int ret;
+
+ xmlSecAssert2(buffer != NULL, -1);
+ xmlSecAssert2(buffer->mode == xmlSecTransformIOBufferModeRead, -1);
+ xmlSecAssert2(xmlSecTransformIsValid(buffer->transform), -1);
+ xmlSecAssert2(buffer->transformCtx != NULL, -1);
+ xmlSecAssert2(buf != NULL, -1);
+
+ ret = xmlSecTransformPopBin(buffer->transform, buf, size, &size, buffer->transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(buffer->transform)),
+ "xmlSecTransformPopBin",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(size);
+}
+
+static int
+xmlSecTransformIOBufferWrite(xmlSecTransformIOBufferPtr buffer,
+ const xmlSecByte *buf, xmlSecSize size) {
+ int ret;
+
+ xmlSecAssert2(buffer != NULL, -1);
+ xmlSecAssert2(buffer->mode == xmlSecTransformIOBufferModeWrite, -1);
+ xmlSecAssert2(xmlSecTransformIsValid(buffer->transform), -1);
+ xmlSecAssert2(buffer->transformCtx != NULL, -1);
+ xmlSecAssert2(buf != NULL, -1);
+
+ ret = xmlSecTransformPushBin(buffer->transform, buf, size, 0, buffer->transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(buffer->transform)),
+ "xmlSecTransformPushBin",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(size);
+}
+
+static int
+xmlSecTransformIOBufferClose(xmlSecTransformIOBufferPtr buffer) {
+ int ret;
+
+ xmlSecAssert2(buffer != NULL, -1);
+ xmlSecAssert2(xmlSecTransformIsValid(buffer->transform), -1);
+ xmlSecAssert2(buffer->transformCtx != NULL, -1);
+
+ /* need to flush write buffer before destroying */
+ if(buffer->mode == xmlSecTransformIOBufferModeWrite) {
+ ret = xmlSecTransformPushBin(buffer->transform, NULL, 0, 1, buffer->transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(buffer->transform)),
+ "xmlSecTransformPushBin",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ xmlSecTransformIOBufferDestroy(buffer);
+ return(0);
+}
diff --git a/src/x509.c b/src/x509.c
new file mode 100644
index 00000000..028030ef
--- /dev/null
+++ b/src/x509.c
@@ -0,0 +1,97 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#ifndef XMLSEC_NO_X509
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <libxml/tree.h>
+#include <libxml/parser.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/buffer.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/x509.h>
+#include <xmlsec/errors.h>
+
+/**
+ * xmlSecX509DataGetNodeContent:
+ * @node: the pointer to <dsig:X509Data/> node.
+ * @deleteChildren: the flag that indicates whether to remove node children after reading.
+ * @keyInfoCtx: the pointer to <dsig:KeyInfo/> node processing context.
+ *
+ * Reads the contents of <dsig:X509Data/> node and returns it as
+ * a bits mask.
+ *
+ * Returns: the bit mask representing the <dsig:X509Data/> node content
+ * or a negative value if an error occurs.
+ */
+int
+xmlSecX509DataGetNodeContent (xmlNodePtr node, int deleteChildren,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlNodePtr cur, next;
+ int deleteCurNode;
+ int content = 0;
+
+ xmlSecAssert2(node != NULL, 0);
+ xmlSecAssert2(keyInfoCtx != NULL, -1);
+
+ /* determine the current node content */
+ cur = xmlSecGetNextElementNode(node->children);
+ while(cur != NULL) {
+ deleteCurNode = 0;
+ if(xmlSecCheckNodeName(cur, xmlSecNodeX509Certificate, xmlSecDSigNs)) {
+ if(xmlSecIsEmptyNode(cur) == 1) {
+ content |= XMLSEC_X509DATA_CERTIFICATE_NODE;
+ deleteCurNode = 1;
+ }
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) {
+ if(xmlSecIsEmptyNode(cur) == 1) {
+ content |= XMLSEC_X509DATA_SUBJECTNAME_NODE;
+ deleteCurNode = 1;
+ }
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) {
+ if(xmlSecIsEmptyNode(cur) == 1) {
+ content |= XMLSEC_X509DATA_ISSUERSERIAL_NODE;
+ deleteCurNode = 1;
+ }
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) {
+ if(xmlSecIsEmptyNode(cur) == 1) {
+ content |= XMLSEC_X509DATA_SKI_NODE;
+ deleteCurNode = 1;
+ }
+ } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) {
+ if(xmlSecIsEmptyNode(cur) == 1) {
+ content |= XMLSEC_X509DATA_CRL_NODE;
+ deleteCurNode = 1;
+ }
+ } else {
+ /* todo: fail on unknown child node? */
+ }
+ next = xmlSecGetNextElementNode(cur->next);
+ if((deleteCurNode != 0) && (deleteChildren != 0)) {
+ /* remove "template" nodes */
+ xmlUnlinkNode(cur);
+ xmlFreeNode(cur);
+ }
+ cur = next;
+ }
+
+ return (content);
+}
+
+#endif /* XMLSEC_NO_X509 */
+
diff --git a/src/xkms.c b/src/xkms.c
new file mode 100644
index 00000000..d10099bb
--- /dev/null
+++ b/src/xkms.c
@@ -0,0 +1,4981 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * "XML Key Management Specification v 2.0" implementation
+ * http://www.w3.org/TR/xkms2/
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#ifndef XMLSEC_NO_XKMS
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <libxml/tree.h>
+#include <libxml/parser.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/buffer.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/soap.h>
+#include <xmlsec/xkms.h>
+#include <xmlsec/private.h>
+#include <xmlsec/private/xkms.h>
+#include <xmlsec/errors.h>
+
+#define XMLSEC_XKMS_ID_ATTRIBUTE_LEN 32
+
+/* The ID attribute in XKMS is 'Id' */
+static const xmlChar* xmlSecXkmsServerIds[] = { BAD_CAST "Id", NULL };
+
+#ifndef XMLSEC_NO_SOAP
+static int xmlSecXkmsServerCtxWriteSoap11FatalError (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr envNode);
+static int xmlSecXkmsServerCtxWriteSoap12FatalError (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr envNode);
+#endif /* XMLSEC_NO_SOAP */
+
+static int xmlSecXkmsServerCtxRequestAbstractTypeNodeRead (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr* node);
+static int xmlSecXkmsServerCtxSignatureNodeRead (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+static int xmlSecXkmsServerCtxMessageExtensionNodesRead (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr* node);
+static int xmlSecXkmsServerCtxOpaqueClientDataNodeRead (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+static int xmlSecXkmsServerCtxPendingNotificationNodeRead (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+static int xmlSecXkmsServerCtxRespondWithNodesRead (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr* node);
+static int xmlSecXkmsServerCtxPendingRequestNodeRead (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr* node);
+static int xmlSecXkmsServerCtxQueryKeyBindingNodeRead (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+static int xmlSecXkmsServerCtxKeyBindingAbstractTypeNodeRead(xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr* node);
+static int xmlSecXkmsServerCtxKeyBindingAbstractTypeNodeWrite(xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node,
+ xmlSecKeyPtr key);
+static int xmlSecXkmsServerCtxKeyInfoNodeWrite (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node,
+ xmlSecKeyPtr key);
+static int xmlSecXkmsServerCtxUseKeyWithNodesRead (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr* node);
+static int xmlSecXkmsServerCtxUseKeyWithNodesWrite (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node,
+ xmlSecKeyPtr key);
+static int xmlSecXkmsServerCtxTimeInstantNodeRead (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+static int xmlSecXkmsServerCtxResultTypeNodeWrite (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+static int xmlSecXkmsServerCtxRequestSignatureValueNodeWrite(xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+static int xmlSecXkmsServerCtxUnverifiedKeyBindingNodeWrite(xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node,
+ xmlSecKeyPtr key);
+static int xmlSecXkmsServerCtxKeyBindingNodeWrite (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node,
+ xmlSecKeyPtr key);
+static int xmlSecXkmsServerCtxValidityIntervalNodeWrite (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node,
+ xmlSecKeyPtr key);
+static int xmlSecXkmsServerCtxKeyBindingStatusNodeWrite (xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node,
+ xmlSecKeyPtr key);
+
+
+static const xmlSecQName2IntegerInfo gXmlSecXkmsResultMajorInfo[] =
+{
+ { xmlSecXkmsNs, xmlSecResultMajorCodeSuccess,
+ xmlSecXkmsResultMajorSuccess },
+ { xmlSecXkmsNs, xmlSecResultMajorCodeVersionMismatch,
+ xmlSecXkmsResultMajorVersionMismatch },
+ { xmlSecXkmsNs, xmlSecResultMajorCodeSender,
+ xmlSecXkmsResultMajorSender },
+ { xmlSecXkmsNs, xmlSecResultMajorCodeReceiver,
+ xmlSecXkmsResultMajorReceiver },
+ { xmlSecXkmsNs, xmlSecResultMajorCodeRepresent,
+ xmlSecXkmsResultMajorRepresent },
+ { xmlSecXkmsNs, xmlSecResultMajorCodePending,
+ xmlSecXkmsResultMajorPending, },
+ { NULL , NULL, 0 } /* MUST be last in the list */
+};
+
+static const xmlSecQName2IntegerInfo gXmlSecXkmsMinorErrorInfo[] =
+{
+ { xmlSecXkmsNs, xmlSecResultMinorCodeNoMatch,
+ xmlSecXkmsResultMinorNoMatch },
+ { xmlSecXkmsNs, xmlSecResultMinorCodeTooManyResponses,
+ xmlSecXkmsResultMinorTooManyResponses },
+ { xmlSecXkmsNs, xmlSecResultMinorCodeIncomplete,
+ xmlSecXkmsResultMinorIncomplete },
+ { xmlSecXkmsNs, xmlSecResultMinorCodeFailure,
+ xmlSecXkmsResultMinorFailure },
+ { xmlSecXkmsNs, xmlSecResultMinorCodeRefused,
+ xmlSecXkmsResultMinorRefused },
+ { xmlSecXkmsNs, xmlSecResultMinorCodeNoAuthentication,
+ xmlSecXkmsResultMinorNoAuthentication },
+ { xmlSecXkmsNs, xmlSecResultMinorCodeMessageNotSupported,
+ xmlSecXkmsResultMinorMessageNotSupported },
+ { xmlSecXkmsNs, xmlSecResultMinorCodeUnknownResponseId,
+ xmlSecXkmsResultMinorUnknownResponseId },
+ { xmlSecXkmsNs, xmlSecResultMinorCodeNotSynchronous,
+ xmlSecXkmsResultMinorSynchronous },
+ { NULL, NULL, 0 } /* MUST be last in the list */
+};
+
+static const xmlSecQName2IntegerInfo gXmlSecXkmsKeyBindingStatusInfo[] =
+{
+ { xmlSecXkmsNs, xmlSecKeyBindingStatusValid,
+ xmlSecXkmsKeyBindingStatusValid },
+ { xmlSecXkmsNs, xmlSecKeyBindingStatusInvalid,
+ xmlSecXkmsKeyBindingStatusInvalid },
+ { xmlSecXkmsNs, xmlSecKeyBindingStatusIndeterminate,
+ xmlSecXkmsKeyBindingStatusIndeterminate },
+ { NULL, NULL, 0 } /* MUST be last in the list */
+};
+
+static const xmlSecQName2BitMaskInfo gXmlSecXkmsKeyUsageInfo[] =
+{
+ { xmlSecXkmsNs, xmlSecKeyUsageEncryption,
+ xmlSecKeyUsageEncrypt | xmlSecKeyUsageDecrypt },
+ { xmlSecXkmsNs, xmlSecKeyUsageSignature,
+ xmlSecKeyUsageSign | xmlSecKeyUsageVerify },
+ { xmlSecXkmsNs, xmlSecKeyUsageExchange,
+ xmlSecKeyUsageKeyExchange},
+ { NULL, NULL, 0 } /* MUST be last in the list */
+};
+
+static const xmlSecQName2BitMaskInfo gXmlSecXkmsKeyBindingReasonInfo[] =
+{
+ { xmlSecXkmsNs, xmlSecKeyBindingReasonIssuerTrust,
+ XMLSEC_XKMS_KEY_BINDING_REASON_MASK_ISSUER_TRAST },
+ { xmlSecXkmsNs, xmlSecKeyBindingReasonRevocationStatus,
+ XMLSEC_XKMS_KEY_BINDING_REASON_MASK_REVOCATION_STATUS },
+ { xmlSecXkmsNs, xmlSecKeyBindingReasonValidityInterval,
+ XMLSEC_XKMS_KEY_BINDING_REASON_MASK_VALIDITY_INTERVAL },
+ { xmlSecXkmsNs, xmlSecKeyBindingReasonSignature,
+ XMLSEC_XKMS_KEY_BINDING_REASON_MASK_SIGNATURE },
+ { NULL, NULL, 0 } /* MUST be last in the list */
+};
+
+static const xmlSecQName2BitMaskInfo gXmlSecXkmsResponseMechanismInfo[] =
+{
+ { xmlSecXkmsNs, xmlSecResponseMechanismRepresent,
+ XMLSEC_XKMS_RESPONSE_MECHANISM_MASK_REPRESENT },
+ { xmlSecXkmsNs, xmlSecResponseMechanismPending,
+ XMLSEC_XKMS_RESPONSE_MECHANISM_MASK_PENDING },
+ { xmlSecXkmsNs, xmlSecResponseMechanismRequestSignatureValue,
+ XMLSEC_XKMS_RESPONSE_MECHANISM_MASK_REQUEST_SIGNATURE_VALUE },
+ { NULL, NULL, 0 } /* MUST be last in the list */
+};
+
+static const xmlSecQName2IntegerInfo gXmlSecXkmsFormatInfo[] =
+{
+ { NULL, xmlSecXkmsFormatStrPlain,
+ xmlSecXkmsServerFormatPlain },
+#ifndef XMLSEC_NO_SOAP
+ { NULL, xmlSecXkmsFormatStrSoap11,
+ xmlSecXkmsServerFormatSoap11 },
+ { NULL, xmlSecXkmsFormatStrSoap12,
+ xmlSecXkmsServerFormatSoap12 },
+#endif /* XMLSEC_NO_SOAP */
+ { NULL, NULL, 0 } /* MUST be last in the list */
+};
+
+/**
+ * xmlSecXkmsServerFormatFromString:
+ * @str the string.
+ *
+ * Gets xmlSecXkmsServerFormat from string @str.
+ *
+ * Returns: corresponding format or xmlSecXkmsServerFormatUnknown
+ * if format could not be recognized.
+ */
+xmlSecXkmsServerFormat
+xmlSecXkmsServerFormatFromString(const xmlChar* str) {
+ int res;
+ int ret;
+
+ xmlSecAssert2(str != NULL, xmlSecXkmsServerFormatUnknown);
+
+ ret = xmlSecQName2IntegerGetInteger(gXmlSecXkmsFormatInfo, NULL, str, &res);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2IntegerGetInteger",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(xmlSecXkmsServerFormatUnknown);
+ }
+
+ return((xmlSecXkmsServerFormat)res);
+}
+
+/**
+ * xmlSecXkmsServerFormatToString:
+ * @format: the format.
+ *
+ * Gets string from @format.
+ *
+ * Returns: string corresponding to @format or NULL if an error occurs.
+ */
+const xmlChar*
+xmlSecXkmsServerFormatToString (xmlSecXkmsServerFormat format) {
+ xmlSecQName2IntegerInfoConstPtr info;
+
+ xmlSecAssert2(format != xmlSecXkmsServerFormatUnknown, NULL);
+
+ info = xmlSecQName2IntegerGetInfo(gXmlSecXkmsFormatInfo, format);
+ if(info == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2IntegerGetInfo",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ return(info->qnameLocalPart);
+}
+
+/**
+ * xmlSecXkmsServerCtxCreate:
+ * @keysMngr: the pointer to keys manager.
+ *
+ * Creates XKMS request server side processing context.
+ * The caller is responsible for destroying returned object by calling
+ * #xmlSecXkmsServerCtxDestroy function.
+ *
+ * Returns: pointer to newly allocated context object or NULL if an error
+ * occurs.
+ */
+xmlSecXkmsServerCtxPtr
+xmlSecXkmsServerCtxCreate(xmlSecKeysMngrPtr keysMngr) {
+ xmlSecXkmsServerCtxPtr ctx;
+ int ret;
+
+ ctx = (xmlSecXkmsServerCtxPtr) xmlMalloc(sizeof(xmlSecXkmsServerCtx));
+ if(ctx == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "sizeof(xmlSecXkmsServerCtx)=%d",
+ sizeof(xmlSecXkmsServerCtx));
+ return(NULL);
+ }
+
+ ret = xmlSecXkmsServerCtxInitialize(ctx, keysMngr);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxDestroy(ctx);
+ return(NULL);
+ }
+ return(ctx);
+}
+
+/**
+ * xmlSecXkmsServerCtxDestroy:
+ * @ctx: the pointer to XKMS processing context.
+ *
+ * Destroy context object created with #xmlSecXkmsServerCtxCreate function.
+ */
+void
+xmlSecXkmsServerCtxDestroy(xmlSecXkmsServerCtxPtr ctx) {
+ xmlSecAssert(ctx != NULL);
+
+ xmlSecXkmsServerCtxFinalize(ctx);
+ xmlFree(ctx);
+}
+
+/**
+ * xmlSecXkmsServerCtxInitialize:
+ * @ctx: the pointer to XKMS processing context.
+ * @keysMngr: the pointer to keys manager.
+ *
+ * Initializes XKMS element processing context.
+ * The caller is responsible for cleaning up returned object by calling
+ * #xmlSecXkmsServerCtxFinalize function.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecXkmsServerCtxInitialize(xmlSecXkmsServerCtxPtr ctx, xmlSecKeysMngrPtr keysMngr) {
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecXkmsServerCtx));
+
+ ctx->resultMajor = xmlSecXkmsResultMajorSuccess;
+ ctx->resultMinor = xmlSecXkmsResultMinorNone;
+ ctx->responseLimit = XMLSEC_XKMS_NO_RESPONSE_LIMIT;
+ ctx->idLen = XMLSEC_XKMS_ID_ATTRIBUTE_LEN;
+
+ /* initialize key info */
+ ret = xmlSecKeyInfoCtxInitialize(&(ctx->keyInfoReadCtx), keysMngr);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyInfoCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ ctx->keyInfoReadCtx.mode = xmlSecKeyInfoModeRead;
+
+ ret = xmlSecKeyInfoCtxInitialize(&(ctx->keyInfoWriteCtx), keysMngr);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyInfoCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ ctx->keyInfoWriteCtx.mode = xmlSecKeyInfoModeWrite;
+
+ /* enabled RespondWith */
+ ret = xmlSecPtrListInitialize(&(ctx->enabledRespondWithIds), xmlSecXkmsRespondWithIdListId);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* enabled ServerRequest */
+ ret = xmlSecPtrListInitialize(&(ctx->enabledServerRequestIds), xmlSecXkmsServerRequestIdListId);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+
+
+ /* initialize keys list */
+ ret = xmlSecPtrListInitialize(&(ctx->keys), xmlSecKeyPtrListId);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* initialize RespondWith list */
+ ret = xmlSecPtrListInitialize(&(ctx->respWithList), xmlSecXkmsRespondWithIdListId);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecXkmsServerCtxFinalize:
+ * @ctx: the pointer to XKMS processing context.
+ *
+ * Cleans up @ctx object.
+ */
+void
+xmlSecXkmsServerCtxFinalize(xmlSecXkmsServerCtxPtr ctx) {
+ xmlSecAssert(ctx != NULL);
+
+ xmlSecXkmsServerCtxReset(ctx);
+
+ if(ctx->expectedService != NULL) {
+ xmlFree(ctx->expectedService);
+ }
+ if(ctx->idPrefix != NULL) {
+ xmlFree(ctx->idPrefix);
+ }
+
+ xmlSecKeyInfoCtxFinalize(&(ctx->keyInfoReadCtx));
+ xmlSecKeyInfoCtxFinalize(&(ctx->keyInfoWriteCtx));
+ xmlSecPtrListFinalize(&(ctx->enabledRespondWithIds));
+ xmlSecPtrListFinalize(&(ctx->enabledServerRequestIds));
+ xmlSecPtrListFinalize(&(ctx->keys));
+ xmlSecPtrListFinalize(&(ctx->respWithList));
+ memset(ctx, 0, sizeof(xmlSecXkmsServerCtx));
+}
+
+/**
+ * xmlSecXkmsServerCtxReset:
+ * @ctx: the pointer to XKMS processing context.
+ *
+ * Resets @ctx object, user settings are not touched.
+ */
+void
+xmlSecXkmsServerCtxReset(xmlSecXkmsServerCtxPtr ctx) {
+ xmlSecAssert(ctx != NULL);
+
+ ctx->resultMajor = xmlSecXkmsResultMajorSuccess;
+ ctx->resultMinor = xmlSecXkmsResultMinorNone;
+ xmlSecKeyInfoCtxReset(&(ctx->keyInfoReadCtx));
+ xmlSecKeyInfoCtxReset(&(ctx->keyInfoWriteCtx));
+ xmlSecPtrListEmpty(&(ctx->keys));
+ xmlSecPtrListEmpty(&(ctx->respWithList));
+
+ ctx->requestNode = NULL;
+ ctx->opaqueClientDataNode = NULL;
+ ctx->firtsMsgExtNode = NULL;
+ ctx->keyInfoNode = NULL;
+ ctx->requestId = xmlSecXkmsServerRequestIdUnknown;
+
+ if(ctx->id != NULL) {
+ xmlFree(ctx->id); ctx->id = NULL;
+ }
+ if(ctx->service != NULL) {
+ xmlFree(ctx->service); ctx->service = NULL;
+ }
+ if(ctx->nonce != NULL) {
+ xmlFree(ctx->nonce); ctx->nonce = NULL;
+ }
+ if(ctx->originalRequestId != NULL) {
+ xmlFree(ctx->originalRequestId); ctx->originalRequestId = NULL;
+ }
+ if(ctx->pendingNotificationMechanism != NULL) {
+ xmlFree(ctx->pendingNotificationMechanism);
+ ctx->pendingNotificationMechanism = NULL;
+ }
+ if(ctx->pendingNotificationIdentifier != NULL) {
+ xmlFree(ctx->pendingNotificationIdentifier);
+ ctx->pendingNotificationIdentifier = NULL;
+ }
+ if(ctx->compoundRequestContexts != NULL) {
+ xmlSecPtrListDestroy(ctx->compoundRequestContexts);
+ ctx->compoundRequestContexts = NULL;
+ }
+
+ ctx->responseLimit = XMLSEC_XKMS_NO_RESPONSE_LIMIT;
+ ctx->responseMechanismMask = 0;
+}
+
+/**
+ * xmlSecXkmsServerCtxCopyUserPref:
+ * @dst: the pointer to destination context.
+ * @src: the pointer to source context.
+ *
+ * Copies user preference from @src context to @dst.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecXkmsServerCtxCopyUserPref(xmlSecXkmsServerCtxPtr dst, xmlSecXkmsServerCtxPtr src) {
+ int ret;
+
+ xmlSecAssert2(dst != NULL, -1);
+ xmlSecAssert2(src != NULL, -1);
+
+ dst->userData = src->userData;
+ dst->flags = src->flags;
+ dst->flags2 = src->flags2;
+
+ ret = xmlSecKeyInfoCtxCopyUserPref(&(dst->keyInfoReadCtx), &(src->keyInfoReadCtx));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyInfoCtxCopyUserPref",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecKeyInfoCtxCopyUserPref(&(dst->keyInfoWriteCtx), &(src->keyInfoWriteCtx));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyInfoCtxCopyUserPref",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if(src->expectedService != NULL) {
+ dst->expectedService = xmlStrdup(src->expectedService);
+ if(dst->expectedService == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlStrdup",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ if(src->idPrefix != NULL) {
+ dst->idPrefix = xmlStrdup(src->idPrefix);
+ if(dst->idPrefix == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlStrdup",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ src->idLen = dst->idLen;
+
+
+ ret = xmlSecPtrListCopy(&(dst->enabledRespondWithIds), &(src->enabledRespondWithIds));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListCopy",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecPtrListCopy(&(dst->enabledServerRequestIds), &(src->enabledServerRequestIds));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListCopy",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecXkmsServerCtxProcess:
+ * @ctx: the pointer to XKMS processing context.
+ * @node: the pointer to request node.
+ * @format: the request/response format.
+ * @doc: the pointer to response parent XML document (might be NULL).
+ *
+ * Reads XKMS request from @node and creates response to a newly created node.
+ * Caller is responsible for adding the returned node to the XML document.
+ *
+ * Returns: pointer to newly created XKMS response node or NULL
+ * if an error occurs.
+ */
+xmlNodePtr
+xmlSecXkmsServerCtxProcess(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node,
+ xmlSecXkmsServerFormat format, xmlDocPtr doc) {
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, NULL);
+ xmlSecAssert2(ctx->requestId == NULL, NULL);
+ xmlSecAssert2(ctx->requestNode == NULL, NULL);
+ xmlSecAssert2(node != NULL, NULL);
+
+ ctx->requestNode = xmlSecXkmsServerCtxRequestUnwrap(ctx, node, format);
+ if(ctx->requestNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxRequestUnwrap",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(node->name));
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ goto done;
+ }
+
+ ret = xmlSecXkmsServerCtxRequestRead(ctx, ctx->requestNode);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerRequestIdListFindByNode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ctx->requestNode=%s",
+ xmlSecErrorsSafeString(ctx->requestNode->name));
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ goto done;
+ }
+
+ ret = xmlSecXkmsServerRequestExecute(ctx->requestId, ctx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerRequestExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ctx->requestNode=%s",
+ xmlSecErrorsSafeString(ctx->requestNode->name));
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ goto done;
+ }
+
+done:
+ /* always try to write response back */
+ if(ctx->requestId != NULL) {
+ xmlNodePtr respNode;
+ xmlNodePtr wrappedRespNode;
+
+ respNode = xmlSecXkmsServerCtxResponseWrite(ctx, doc);
+ if(respNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxResponseWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ctx->requestNode=%s",
+ xmlSecErrorsSafeString(ctx->requestNode->name));
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ goto error;
+ }
+
+
+ wrappedRespNode = xmlSecXkmsServerCtxResponseWrap(ctx, respNode, format, doc);
+ if(wrappedRespNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxResponseWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ctx->requestNode=%s",
+ xmlSecErrorsSafeString(ctx->requestNode->name));
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ xmlFreeNode(respNode);
+ goto error;
+ }
+
+ return(wrappedRespNode);
+ }
+
+error:
+ /* last attempt: create fatatl error response */
+ return(xmlSecXkmsServerCtxFatalErrorResponseCreate(ctx, format, doc));
+}
+
+/**
+ * xmlSecXkmsServerCtxRequestRead:
+ * @ctx: the pointer to XKMS processing context.
+ * @node: the pointer to request node.
+ *
+ * Reads XKMS request from @node and stores data in @ctx.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecXkmsServerCtxRequestRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->requestId == NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* find out what the request is */
+ if(xmlSecPtrListGetSize(&(ctx->enabledServerRequestIds)) > 0) {
+ ctx->requestId = xmlSecXkmsServerRequestIdListFindByNode(&(ctx->enabledServerRequestIds), node);
+ } else {
+ ctx->requestId = xmlSecXkmsServerRequestIdListFindByNode(xmlSecXkmsServerRequestIdsGet(), node);
+ }
+ if(ctx->requestId == xmlSecXkmsServerRequestIdUnknown) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerRequestIdListFindByNode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(node->name));
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorMessageNotSupported);
+ return(-1);
+ }
+
+ xmlSecAddIDs(node->doc, node, xmlSecXkmsServerIds);
+ ret = xmlSecXkmsServerRequestNodeRead(ctx->requestId, ctx, node);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerRequestNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "request=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(ctx->requestId)));
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecXkmsServerCtxResponseWrite:
+ * @ctx: the pointer to XKMS processing context.
+ * @doc: the pointer to response parent XML document (might be NULL).
+ *
+ * Writes XKMS response from context to a newly created node. Caller is
+ * responsible for adding the returned node to the XML document.
+ *
+ * Returns: pointer to newly created XKMS response node or NULL
+ * if an error occurs.
+ */
+xmlNodePtr
+xmlSecXkmsServerCtxResponseWrite(xmlSecXkmsServerCtxPtr ctx, xmlDocPtr doc) {
+ xmlNodePtr respNode;
+
+ xmlSecAssert2(ctx != NULL, NULL);
+ xmlSecAssert2(ctx->requestId != NULL, NULL);
+
+ /* now write results */
+ respNode = xmlSecXkmsServerRequestNodeWrite(ctx->requestId, ctx, doc, NULL);
+ if(respNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerRequestNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "request=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(ctx->requestId)));
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ return(NULL);
+ }
+
+ return(respNode);
+}
+
+/**
+ * xmlSecXkmsServerCtxRequestUnwrap:
+ * @ctx: the pointer to XKMS processing context.
+ * @node: the pointer to request node.
+ * @format: the request/response format.
+ *
+ * Removes SOAP or other envelope from XKMS request.
+ *
+ * Returns: pointer to "real" XKMS request node or NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecXkmsServerCtxRequestUnwrap(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node, xmlSecXkmsServerFormat format) {
+ xmlNodePtr result = NULL;
+
+ xmlSecAssert2(ctx != NULL, NULL);
+ xmlSecAssert2(node != NULL, NULL);
+
+ switch(format) {
+ case xmlSecXkmsServerFormatPlain:
+ result = node;
+ break;
+#ifndef XMLSEC_NO_SOAP
+ case xmlSecXkmsServerFormatSoap11:
+ /* verify that it is actually soap Envelope node */
+ if(xmlSecSoap11CheckEnvelope(node) != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap11CheckEnvelope",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
+ return(NULL);
+ }
+
+ /* check that Body has exactly one entry */
+ if(xmlSecSoap11GetBodyEntriesNumber(node) != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap11GetBodyEntriesNumber",
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
+ return(NULL);
+ }
+
+ /* this one enntry is our xkms request */
+ result = xmlSecSoap11GetBodyEntry(node, 0);
+ if(result == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap11GetBodyEntry",
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
+ return(NULL);
+ }
+
+ break;
+ case xmlSecXkmsServerFormatSoap12:
+ /* verify that it is actually soap Envelope node */
+ if(xmlSecSoap12CheckEnvelope(node) != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap12CheckEnvelope",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
+ return(NULL);
+ }
+
+ /* check that Body has exactly one entry */
+ if(xmlSecSoap12GetBodyEntriesNumber(node) != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap12GetBodyEntriesNumber",
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
+ return(NULL);
+ }
+
+ /* this one enntry is our xkms request */
+ result = xmlSecSoap12GetBodyEntry(node, 0);
+ if(result == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap12GetBodyEntry",
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
+ return(NULL);
+ }
+
+ break;
+#endif /* XMLSEC_NO_SOAP */
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ "format=%d",
+ format);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
+ return(NULL);
+ }
+
+ return(result);
+}
+
+/**
+ * xmlSecXkmsServerCtxResponseWrap:
+ * @ctx: the pointer to XKMS processing context.
+ * @node: the pointer to response node.
+ * @format: the request/response format.
+ * @doc: the pointer to response parent XML document (might be NULL).
+ *
+ * Creates SOAP or other envelope around XKMS response.
+ * Caller is responsible for adding the returned node to the XML document.
+ *
+ * Returns: pointer to newly created response envelope node or NULL
+ * if an error occurs.
+ */
+xmlNodePtr
+xmlSecXkmsServerCtxResponseWrap(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node, xmlSecXkmsServerFormat format, xmlDocPtr doc) {
+ xmlNodePtr result = NULL;
+
+ xmlSecAssert2(ctx != NULL, NULL);
+ xmlSecAssert2(node != NULL, NULL);
+
+ switch(format) {
+ case xmlSecXkmsServerFormatPlain:
+ result = node; /* do nothing */
+ break;
+#ifndef XMLSEC_NO_SOAP
+ case xmlSecXkmsServerFormatSoap11:
+ result = xmlSecSoap11CreateEnvelope(doc);
+ if(result == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap11CreateEnvelope",
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ return(NULL);
+ }
+
+ if(xmlSecSoap11AddBodyEntry(result, node) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap11AddBodyEntry",
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ return(NULL);
+ }
+ break;
+ case xmlSecXkmsServerFormatSoap12:
+ result = xmlSecSoap12CreateEnvelope(doc);
+ if(result == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap12CreateEnvelope",
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ return(NULL);
+ }
+
+ if(xmlSecSoap12AddBodyEntry(result, node) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap12AddBodyEntry",
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ return(NULL);
+ }
+ break;
+#endif /* XMLSEC_NO_SOAP */
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ "format=%d",
+ format);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
+ return(NULL);
+ }
+
+ return(result);
+}
+
+/**
+ * xmlSecXkmsServerCtxFatalErrorResponseCreate:
+ * @ctx: the pointer to XKMS processing context.
+ * @format: the request/response format.
+ * @doc: the pointer to response parent XML document (might be NULL).
+ *
+ * Creates a "fatal error" SOAP or other envelope respons. Caller is
+ * responsible for adding the returned node to the XML document.
+ *
+ * Returns: pointer to newly created fatal error response (it might be NULL).
+ */
+xmlNodePtr
+xmlSecXkmsServerCtxFatalErrorResponseCreate(xmlSecXkmsServerCtxPtr ctx, xmlSecXkmsServerFormat format, xmlDocPtr doc) {
+ xmlNodePtr result = NULL;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, NULL);
+
+ /* make sure that we have an error */
+ if(ctx->resultMajor == xmlSecXkmsResultMajorSuccess) {
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ }
+
+ switch(format) {
+ case xmlSecXkmsServerFormatPlain:
+ /* try to create fatal error response with XKMS Status request */
+ result = xmlSecXkmsServerRequestNodeWrite(xmlSecXkmsServerRequestResultId, ctx, doc, NULL);
+ if(result == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerRequestNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ break;
+#ifndef XMLSEC_NO_SOAP
+ case xmlSecXkmsServerFormatSoap11:
+ result = xmlSecSoap11CreateEnvelope(doc);
+ if(result == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap11CreateEnvelope",
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ return(NULL);
+ }
+
+ ret = xmlSecXkmsServerCtxWriteSoap11FatalError(ctx, result);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxWriteSoap11FatalError",
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ xmlFreeNode(result);
+ return(NULL);
+ }
+
+ break;
+ case xmlSecXkmsServerFormatSoap12:
+ result = xmlSecSoap12CreateEnvelope(doc);
+ if(result == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap12CreateEnvelope",
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ return(NULL);
+ }
+
+ ret = xmlSecXkmsServerCtxWriteSoap12FatalError(ctx, result);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxWriteSoap12FatalError",
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ xmlFreeNode(result);
+ return(NULL);
+ }
+
+ break;
+#endif /* XMLSEC_NO_SOAP */
+ default:
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ "format=%d",
+ format);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
+ return(NULL);
+ }
+
+ return(result);
+}
+
+#ifndef XMLSEC_NO_SOAP
+static int
+xmlSecXkmsServerCtxWriteSoap11FatalError(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr envNode) {
+ const xmlChar* faultCodeHref = NULL;
+ const xmlChar* faultCodeLocalPart = NULL;
+ xmlChar* faultString = NULL;
+ int len;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(envNode != NULL, -1);
+
+ if((ctx->resultMajor == xmlSecXkmsResultMajorVersionMismatch) ||
+ (ctx->requestNode == NULL)) {
+ /* we were not able to parse the envelope or its general version mismatch error */
+ faultCodeHref = xmlSecSoap11Ns;
+ faultCodeLocalPart = xmlSecSoapFaultCodeVersionMismatch;
+ faultString = xmlStrdup(xmlSecXkmsSoapFaultReasonUnsupportedVersion);
+ if(faultString == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlStrdup",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ return(-1);
+ }
+ } else if((ctx->resultMajor == xmlSecXkmsResultMajorSender) &&
+ (ctx->requestId == NULL)) {
+ /* we understood the request but were not able to parse input message */
+ faultCodeHref = xmlSecSoap11Ns;
+ faultCodeLocalPart = xmlSecSoapFaultCodeClient;
+
+ len = xmlStrlen(BAD_CAST xmlSecErrorsSafeString(ctx->requestNode->name)) +
+ xmlStrlen(xmlSecXkmsSoapFaultReasonMessageInvalid) + 1;
+ faultString = xmlMalloc(len + 1);
+ if(faultString == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ return(-1);
+ }
+ xmlSecStrPrintf(faultString, len , xmlSecXkmsSoapFaultReasonMessageInvalid,
+ xmlSecErrorsSafeString(ctx->requestNode->name));
+ } else if((ctx->resultMajor == xmlSecXkmsResultMajorReceiver) &&
+ (ctx->requestId == NULL)) {
+ /* we understood the request but were not able to process it */
+ faultCodeHref = xmlSecSoap11Ns;
+ faultCodeLocalPart = xmlSecSoapFaultCodeServer;
+ faultString = xmlStrdup(xmlSecXkmsSoapFaultReasonServiceUnavailable);
+ if(faultString == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlStrdup",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ return(-1);
+ }
+ } else if((ctx->requestId == NULL) && (ctx->requestNode != NULL)) {
+ /* we parsed the envelope but were not able to understand this request */
+ faultCodeHref = xmlSecSoap11Ns;
+ faultCodeLocalPart = xmlSecSoapFaultCodeClient;
+
+ len = xmlStrlen(BAD_CAST xmlSecErrorsSafeString(ctx->requestNode->name)) +
+ xmlStrlen(xmlSecXkmsSoapFaultReasonMessageNotSupported) + 1;
+ faultString = xmlMalloc(len + 1);
+ if(faultString == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ return(-1);
+ }
+ xmlSecStrPrintf(faultString, len , xmlSecXkmsSoapFaultReasonMessageNotSupported,
+ xmlSecErrorsSafeString(ctx->requestNode->name));
+ } else {
+ /* just some error */
+ faultCodeHref = xmlSecSoap11Ns;
+ faultCodeLocalPart = xmlSecSoapFaultCodeServer;
+ faultString = xmlStrdup(xmlSecXkmsSoapFaultReasonServiceUnavailable);
+ if(faultString == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlStrdup",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ return(-1);
+ }
+ }
+
+ if(xmlSecSoap11AddFaultEntry(envNode, faultCodeHref, faultCodeLocalPart, faultString, NULL) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap11AddFaultEntry",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ xmlFree(faultString);
+ return(-1);
+ }
+
+ xmlFree(faultString);
+ return(0);
+}
+
+static int
+xmlSecXkmsServerCtxWriteSoap12FatalError(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr envNode) {
+ xmlSecSoap12FaultCode faultCode = xmlSecSoap12FaultCodeUnknown;
+ const xmlChar* faultSubCodeHref = NULL;
+ const xmlChar* faultSubCodeLocalPart = NULL;
+ xmlChar* faultReason = NULL;
+ int len;
+ xmlNodePtr faultNode;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(envNode != NULL, -1);
+
+ if((ctx->resultMajor == xmlSecXkmsResultMajorVersionMismatch) ||
+ (ctx->requestNode == NULL)) {
+ /* we were not able to parse the envelope or its general version mismatch error */
+ faultCode = xmlSecSoap12FaultCodeVersionMismatch;
+ faultReason = xmlStrdup(xmlSecXkmsSoapFaultReasonUnsupportedVersion);
+ if(faultReason == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlStrdup",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ return(-1);
+ }
+ } else if((ctx->resultMajor == xmlSecXkmsResultMajorSender) &&
+ (ctx->requestId == NULL)) {
+ /* we understood the request but were not able to parse input message */
+ faultCode = xmlSecSoap12FaultCodeSender;
+ faultSubCodeHref = xmlSecXkmsNs;
+ faultSubCodeLocalPart = xmlSecXkmsSoapSubcodeValueMessageNotSupported;
+
+ len = xmlStrlen(BAD_CAST xmlSecErrorsSafeString(ctx->requestNode->name)) +
+ xmlStrlen(xmlSecXkmsSoapFaultReasonMessageInvalid) + 1;
+ faultReason = xmlMalloc(len + 1);
+ if(faultReason == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ return(-1);
+ }
+ xmlSecStrPrintf(faultReason, len , xmlSecXkmsSoapFaultReasonMessageInvalid,
+ xmlSecErrorsSafeString(ctx->requestNode->name));
+ } else if((ctx->resultMajor == xmlSecXkmsResultMajorReceiver) &&
+ (ctx->requestId == NULL)) {
+ /* we understood the request but were not able to process it */
+ faultCode = xmlSecSoap12FaultCodeReceiver;
+ faultReason = xmlStrdup(xmlSecXkmsSoapFaultReasonServiceUnavailable);
+ if(faultReason == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlStrdup",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ return(-1);
+ }
+ } else if((ctx->requestId == NULL) && (ctx->requestNode != NULL)) {
+ /* we parsed the envelope but were not able to understand this request */
+ faultCode = xmlSecSoap12FaultCodeSender;
+ faultSubCodeHref = xmlSecXkmsNs;
+ faultSubCodeLocalPart = xmlSecXkmsSoapSubcodeValueBadMessage;
+
+ len = xmlStrlen(BAD_CAST xmlSecErrorsSafeString(ctx->requestNode->name)) +
+ xmlStrlen(xmlSecXkmsSoapFaultReasonMessageNotSupported) + 1;
+ faultReason = xmlMalloc(len + 1);
+ if(faultReason == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ return(-1);
+ }
+ xmlSecStrPrintf(faultReason, len , xmlSecXkmsSoapFaultReasonMessageNotSupported,
+ xmlSecErrorsSafeString(ctx->requestNode->name));
+ } else {
+ /* just some error */
+ faultCode = xmlSecSoap12FaultCodeReceiver;
+ faultReason = xmlStrdup(xmlSecXkmsSoapFaultReasonServiceUnavailable);
+ if(faultReason == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlStrdup",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ return(-1);
+ }
+ }
+ xmlSecAssert2(faultCode != xmlSecSoap12FaultCodeUnknown, -1);
+ xmlSecAssert2(faultReason != NULL, -1);
+
+ faultNode = xmlSecSoap12AddFaultEntry(envNode, faultCode, faultReason,
+ xmlSecXkmsSoapFaultReasonLang, NULL, NULL);
+ if(faultNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap12AddFaultEntry",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ xmlFree(faultReason);
+ return(-1);
+ }
+ xmlFree(faultReason);
+
+ if((faultSubCodeHref != NULL) && (faultSubCodeLocalPart != NULL)) {
+ /* make sure that we have subcode (xkms) namespace declared */
+ if(xmlNewNs(faultNode, faultSubCodeHref, BAD_CAST "xkms") == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewNs",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "ns=%s",
+ xmlSecErrorsSafeString(faultSubCodeHref));
+ return(-1);
+ }
+ if(xmlSecSoap12AddFaultSubcode(faultNode, faultSubCodeHref, faultSubCodeLocalPart) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSoap12AddFaultSubcode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "href=%s,value=%s",
+ xmlSecErrorsSafeString(faultSubCodeHref),
+ xmlSecErrorsSafeString(faultSubCodeLocalPart));
+ return(-1);
+ }
+ }
+
+ return(0);
+}
+
+#endif /* XMLSEC_NO_SOAP */
+
+
+/**
+ * xmlSecXkmsServerCtxSetResult:
+ * @ctx: the pointer to XKMS processing context.
+ * @resultMajor: the major result code.
+ * @resultMinor: the minor result code.
+ *
+ * Sets the major/minor result code in the context if no other result is already
+ * reported.
+ */
+void
+xmlSecXkmsServerCtxSetResult(xmlSecXkmsServerCtxPtr ctx, xmlSecXkmsResultMajor resultMajor,
+ xmlSecXkmsResultMinor resultMinor) {
+ xmlSecAssert(ctx != NULL);
+
+ if((ctx->resultMajor == xmlSecXkmsResultMajorSuccess) &&
+ (resultMinor != xmlSecXkmsResultMajorSuccess)) {
+ ctx->resultMajor = resultMajor;
+ ctx->resultMinor = resultMinor;
+ } else if((ctx->resultMajor == xmlSecXkmsResultMajorSuccess) &&
+ (ctx->resultMinor == xmlSecXkmsResultMinorNone)) {
+ xmlSecAssert(resultMajor == xmlSecXkmsResultMajorSuccess);
+
+ ctx->resultMinor = resultMinor;
+ }
+}
+
+
+/**
+ * xmlSecXkmsServerCtxDebugDump:
+ * @ctx: the pointer to XKMS processing context.
+ * @output: the pointer to output FILE.
+ *
+ * Prints the debug information about @ctx to @output.
+ */
+void
+xmlSecXkmsServerCtxDebugDump(xmlSecXkmsServerCtxPtr ctx, FILE* output) {
+ xmlSecAssert(ctx != NULL);
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "= XKMS SERVER CONTEXT: %s\n",
+ (ctx->requestId != xmlSecXkmsServerRequestIdUnknown &&
+ xmlSecXkmsServerRequestKlassGetName(ctx->requestId)) ?
+ xmlSecXkmsServerRequestKlassGetName(ctx->requestId) :
+ BAD_CAST "NULL");
+
+ xmlSecQName2IntegerDebugDump(gXmlSecXkmsResultMajorInfo,
+ ctx->resultMajor, BAD_CAST "resultMajor", output);
+ xmlSecQName2IntegerDebugDump(gXmlSecXkmsMinorErrorInfo,
+ ctx->resultMinor, BAD_CAST "resultMinor", output);
+
+ fprintf(output, "== id: %s\n",
+ (ctx->id) ? ctx->id : BAD_CAST "");
+ fprintf(output, "== service: %s\n",
+ (ctx->service) ? ctx->service : BAD_CAST "");
+ fprintf(output, "== nonce: %s\n",
+ (ctx->nonce) ? ctx->nonce : BAD_CAST "");
+ fprintf(output, "== originalRequestId: %s\n",
+ (ctx->originalRequestId) ? ctx->originalRequestId : BAD_CAST "");
+ fprintf(output, "== pendingNotificationMechanism: %s\n",
+ (ctx->pendingNotificationMechanism) ?
+ ctx->pendingNotificationMechanism :
+ BAD_CAST "");
+ fprintf(output, "== pendingNotificationIdentifier: %s\n",
+ (ctx->pendingNotificationIdentifier) ?
+ ctx->pendingNotificationIdentifier :
+ BAD_CAST "");
+ if(ctx->responseLimit != XMLSEC_XKMS_NO_RESPONSE_LIMIT) {
+ fprintf(output, "== ResponseLimit: %d\n", ctx->responseLimit);
+ }
+ xmlSecQName2BitMaskDebugDump(gXmlSecXkmsResponseMechanismInfo,
+ ctx->responseMechanismMask, BAD_CAST "responseMechanism", output);
+
+ if(ctx->expectedService != NULL) {
+ fprintf(output, "== expected service: %s\n", ctx->expectedService);
+ }
+ fprintf(output, "== flags: 0x%08x\n", ctx->flags);
+ fprintf(output, "== flags2: 0x%08x\n", ctx->flags2);
+
+ fprintf(output, "== Key Info Read Ctx:\n");
+ xmlSecKeyInfoCtxDebugDump(&(ctx->keyInfoReadCtx), output);
+
+ fprintf(output, "== Key Info Write Ctx:\n");
+ xmlSecKeyInfoCtxDebugDump(&(ctx->keyInfoWriteCtx), output);
+
+ if(xmlSecPtrListGetSize(&(ctx->enabledRespondWithIds)) > 0) {
+ fprintf(output, "== Enabled RespondWith: ");
+ xmlSecTransformIdListDebugDump(&(ctx->enabledRespondWithIds), output);
+ } else {
+ fprintf(output, "== Enabled RespondWith: all\n");
+ }
+
+ if(xmlSecPtrListGetSize(&(ctx->enabledServerRequestIds)) > 0) {
+ fprintf(output, "== Enabled ServerRequest: ");
+ xmlSecTransformIdListDebugDump(&(ctx->enabledServerRequestIds), output);
+ } else {
+ fprintf(output, "== Enabled ServerRequest: all\n");
+ }
+
+ fprintf(output, "== RespondWith List:\n");
+ xmlSecPtrListDebugDump(&(ctx->respWithList), output);
+
+ fprintf(output, "== Keys:\n");
+ xmlSecPtrListDebugDump(&(ctx->keys), output);
+
+ if(ctx->compoundRequestContexts != NULL) {
+ fprintf(output, "== Compound Request:\n");
+ xmlSecPtrListDebugDump(ctx->compoundRequestContexts, output);
+ }
+}
+
+/**
+ * xmlSecXkmsServerCtxDebugXmlDump:
+ * @ctx: the pointer to XKMS processing context.
+ * @output: the pointer to output FILE.
+ *
+ * Prints the debug information about @ctx to @output in XML format.
+ */
+void
+xmlSecXkmsServerCtxDebugXmlDump(xmlSecXkmsServerCtxPtr ctx, FILE* output) {
+ xmlSecAssert(ctx != NULL);
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "<XkmsServerRequestContext name=\"");
+ xmlSecPrintXmlString(output,
+ (ctx->requestId != xmlSecXkmsServerRequestIdUnknown) ?
+ xmlSecXkmsServerRequestKlassGetName(ctx->requestId) :
+ BAD_CAST "NULL"
+ );
+ fprintf(output, "\">\n");
+
+ xmlSecQName2IntegerDebugXmlDump(gXmlSecXkmsResultMajorInfo,
+ ctx->resultMajor, BAD_CAST "MajorError", output);
+ xmlSecQName2IntegerDebugXmlDump(gXmlSecXkmsMinorErrorInfo,
+ ctx->resultMinor, BAD_CAST "MinorError", output);
+
+ fprintf(output, "<Id>");
+ xmlSecPrintXmlString(output, ctx->id);
+ fprintf(output, "</Id>\n");
+
+ fprintf(output, "<Service>");
+ xmlSecPrintXmlString(output, ctx->service);
+ fprintf(output, "</Service>\n");
+
+ fprintf(output, "<Nonce>");
+ xmlSecPrintXmlString(output, ctx->nonce);
+ fprintf(output, "</Nonce>\n");
+
+ fprintf(output, "<OriginalRequestId>");
+ xmlSecPrintXmlString(output, ctx->originalRequestId);
+ fprintf(output, "</OriginalRequestId>\n");
+
+ fprintf(output, "<PendingNotificationMechanism>");
+ xmlSecPrintXmlString(output, ctx->pendingNotificationMechanism);
+ fprintf(output, "</PendingNotificationMechanism>\n");
+
+ fprintf(output, "<PendingNotificationIdentifier>");
+ xmlSecPrintXmlString(output, ctx->pendingNotificationIdentifier);
+ fprintf(output, "</PendingNotificationIdentifier>\n");
+
+ if(ctx->responseLimit != XMLSEC_XKMS_NO_RESPONSE_LIMIT) {
+ fprintf(output, "<ResponseLimit>%d</ResponseLimit>\n", ctx->responseLimit);
+ }
+ xmlSecQName2BitMaskDebugXmlDump(gXmlSecXkmsResponseMechanismInfo,
+ ctx->responseMechanismMask, BAD_CAST "ResponseMechanism", output);
+
+
+ fprintf(output, "<ExpectedService>");
+ xmlSecPrintXmlString(output, ctx->expectedService);
+ fprintf(output, "</ExpectedService>\n");
+
+ fprintf(output, "<Flags>%08x</Flags>\n", ctx->flags);
+ fprintf(output, "<Flags2>%08x</Flags2>\n", ctx->flags2);
+
+ fprintf(output, "<KeyInfoReadCtx>\n");
+ xmlSecKeyInfoCtxDebugXmlDump(&(ctx->keyInfoReadCtx), output);
+ fprintf(output, "</KeyInfoReadCtx>\n");
+
+ fprintf(output, "<KeyInfoWriteCtx>\n");
+ xmlSecKeyInfoCtxDebugXmlDump(&(ctx->keyInfoWriteCtx), output);
+ fprintf(output, "</KeyInfoWriteCtx>\n");
+
+ if(xmlSecPtrListGetSize(&(ctx->enabledRespondWithIds)) > 0) {
+ fprintf(output, "<EnabledRespondWith>\n");
+ xmlSecTransformIdListDebugXmlDump(&(ctx->enabledRespondWithIds), output);
+ fprintf(output, "</EnabledRespondWith>\n");
+ } else {
+ fprintf(output, "<EnabledRespondWith>all</EnabledRespondWith>\n");
+ }
+
+ if(xmlSecPtrListGetSize(&(ctx->enabledServerRequestIds)) > 0) {
+ fprintf(output, "<EnabledServerRequest>\n");
+ xmlSecTransformIdListDebugXmlDump(&(ctx->enabledServerRequestIds), output);
+ fprintf(output, "</EnabledServerRequest>\n");
+ } else {
+ fprintf(output, "<EnabledServerRequest>all</EnabledServerRequest>\n");
+ }
+
+
+ fprintf(output, "<RespondWithList>\n");
+ xmlSecPtrListDebugXmlDump(&(ctx->respWithList), output);
+ fprintf(output, "</RespondWithList>\n");
+
+ fprintf(output, "<Keys>\n");
+ xmlSecPtrListDebugXmlDump(&(ctx->keys), output);
+ fprintf(output, "</Keys>\n");
+
+ if(ctx->compoundRequestContexts != NULL) {
+ fprintf(output, "<CompoundRequest>\n");
+ xmlSecPtrListDebugXmlDump(ctx->compoundRequestContexts, output);
+ fprintf(output, "</CompoundRequest>\n");
+ }
+
+ fprintf(output, "</XkmsServerRequestContext>\n");
+}
+
+/**
+ * <xkms:MessageAbstractType Id Service Nonce?>
+ * <ds:Signature>?
+ * <xkms:MessageExtension>*
+ * (<xkms:OpaqueClientData>
+ * <xkms:OpaqueData>?
+ * )?
+ *
+ * <xkms:RequestAbstractType Id Service Nonce? OriginalRequestId? ResponseLimit?>
+ * <ds:Signature>?
+ * <xkms:MessageExtension>*
+ * (<xkms:OpaqueClientData>
+ * <xkms:OpaqueData>?
+ * )?
+ * <xkms:ResponseMechanism>*
+ * <xkms:RespondWith>*
+ * <xkms:PendingNotification Mechanism Identifier>?
+ *
+ * XML Schema:
+ *
+ * <!-- RequestAbstractType -->
+ * <complexType name="RequestAbstractType" abstract="true">
+ * <complexContent>
+ * <extension base="xkms:MessageAbstractType">
+ * <sequence>
+ * <element ref="xkms:ResponseMechanism" minOccurs="0"
+ * maxOccurs="unbounded"/>
+ * <element ref="xkms:RespondWith" minOccurs="0"
+ * maxOccurs="unbounded"/>
+ * <element ref="xkms:PendingNotification" minOccurs="0"/>
+ * </sequence>
+ * <attribute name="OriginalRequestId" type="anyURI"
+ * use="optional"/>
+ * <attribute name="ResponseLimit" type="integer" use="optional"/>
+ * </extension>
+ * </complexContent>
+ * </complexType>
+ * <!-- /RequestAbstractType -->
+ *
+ * <!-- MessageAbstractType -->
+ * <complexType name="MessageAbstractType" abstract="true">
+ * <sequence>
+ * <element ref="ds:Signature" minOccurs="0"/>
+ * <element ref="xkms:MessageExtension" minOccurs="0"
+ * maxOccurs="unbounded"/>
+ * <element ref="xkms:OpaqueClientData" minOccurs="0"/>
+ * </sequence>
+ * <attribute name="Id" type="ID" use="required"/>
+ * <attribute name="Service" type="anyURI" use="required"/>
+ * <attribute name="Nonce" type="base64Binary" use="optional"/>
+ * </complexType>
+ * <!-- /MessageAbstractType -->
+ */
+static int
+xmlSecXkmsServerCtxRequestAbstractTypeNodeRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr* node) {
+ xmlNodePtr cur;
+ xmlChar* tmp;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2((*node) != NULL, -1);
+
+ cur = (*node);
+ xmlSecAssert2(cur != NULL, -1);
+
+ /* required Id attribute */
+ xmlSecAssert2(ctx->id == NULL, -1);
+ ctx->id = xmlGetProp(cur, xmlSecAttrId);
+ if(ctx->id == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlGetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s;node=%s",
+ xmlSecErrorsSafeString(xmlSecAttrId),
+ xmlSecErrorsSafeString(cur->name));
+ return(-1);
+ }
+
+ /* required Service attribute */
+ xmlSecAssert2(ctx->service == NULL, -1);
+ ctx->service = xmlGetProp(cur, xmlSecAttrService);
+ if(ctx->service == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlGetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s;node=%s",
+ xmlSecErrorsSafeString(xmlSecAttrService),
+ xmlSecErrorsSafeString(cur->name));
+ return(-1);
+ }
+
+ /* check service */
+ if((ctx->expectedService != NULL) && (!xmlStrEqual(ctx->expectedService, ctx->service))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "expectedService=%s;actualService=%s",
+ xmlSecErrorsSafeString(ctx->expectedService),
+ xmlSecErrorsSafeString(ctx->service));
+ return(-1);
+ }
+
+ /* optional Nonce attribute */
+ xmlSecAssert2(ctx->nonce == NULL, -1);
+ ctx->nonce = xmlGetProp(cur, xmlSecAttrNonce);
+
+ /* optional OriginalRequestId attribute */
+ xmlSecAssert2(ctx->originalRequestId == NULL, -1);
+ ctx->originalRequestId = xmlGetProp(cur, xmlSecAttrOriginalRequestId);
+
+ /* optional ResponseLimit attribute */
+ xmlSecAssert2(ctx->responseLimit == XMLSEC_XKMS_NO_RESPONSE_LIMIT, -1);
+ tmp = xmlGetProp(cur, xmlSecAttrResponseLimit);
+ if(tmp != NULL) {
+ ctx->responseLimit = atoi((char*)tmp);
+ xmlFree(tmp);
+ }
+
+ /* now read children */
+ cur = xmlSecGetNextElementNode(cur->children);
+
+ /* first node is optional <dsig:Signature/> node */
+ if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeSignature, xmlSecDSigNs)) {
+ ret = xmlSecXkmsServerCtxSignatureNodeRead(ctx, cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxSignatureNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* next is zero or more <xkms:MessageExtension/> nodes */
+ ret = xmlSecXkmsServerCtxMessageExtensionNodesRead(ctx, &cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxMessageExtensionNodesRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* next is optional <xkms:OpaqueClientData/> node */
+ if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeOpaqueClientData, xmlSecXkmsNs)) {
+ ret = xmlSecXkmsServerCtxOpaqueClientDataNodeRead(ctx, cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxOpaqueClientDataNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* next is zero or more <xkms:ResponseMechanism/> nodes */
+ ret = xmlSecQName2BitMaskNodesRead(gXmlSecXkmsResponseMechanismInfo, &cur,
+ xmlSecNodeResponseMechanism, xmlSecXkmsNs,
+ ((ctx->flags & XMLSEC_XKMS_SERVER_FLAGS_STOP_ON_UNKNOWN_RESPONSE_MECHANISM) != 0) ? 1 : 0,
+ &ctx->responseMechanismMask);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2BitMaskNodesRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecNodeResponseMechanism));
+ return(-1);
+ }
+
+ /* next is zero or more <xkms:RespondWith/> nodes */
+ ret = xmlSecXkmsServerCtxRespondWithNodesRead(ctx, &cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxRespondWithNodesRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* next is optional <xkms:PendingNotification/> node */
+ if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodePendingNotification, xmlSecXkmsNs)) {
+ ret = xmlSecXkmsServerCtxPendingNotificationNodeRead(ctx, cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxPendingNotificationNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ (*node) = cur;
+ return(0);
+}
+
+static int
+xmlSecXkmsServerCtxSignatureNodeRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* todo: verify signature and make sure that correct data was signed */
+ return(0);
+}
+
+/**
+ * <!-- MessageExtension -->
+ * <element name="MessageExtension" type="xkms:MessageExtensionAbstractType"
+ * abstract="true"/>
+ * <complexType name="MessageExtensionAbstractType" abstract="true"/>
+ * <!-- /MessageExtension -->
+ */
+static int
+xmlSecXkmsServerCtxMessageExtensionNodesRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr* node) {
+ xmlNodePtr cur;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->firtsMsgExtNode == NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ cur = (*node);
+ while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeMessageExtension, xmlSecXkmsNs)) {
+ if(ctx->firtsMsgExtNode == NULL) {
+ ctx->firtsMsgExtNode = cur;
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ (*node) = cur;
+ return(0);
+}
+
+static int
+xmlSecXkmsServerCtxOpaqueClientDataNodeRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->opaqueClientDataNode == NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* remember that node, will copy it in the response later */
+ ctx->opaqueClientDataNode = node;
+ return(0);
+}
+
+static int
+xmlSecXkmsServerCtxRespondWithNodesRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr* node) {
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ cur = (*node);
+ while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeRespondWith, xmlSecXkmsNs)) {
+ xmlSecXkmsRespondWithId id = xmlSecXkmsRespondWithIdUnknown;
+
+ if(xmlSecPtrListGetSize(&(ctx->enabledRespondWithIds)) > 0) {
+ id = xmlSecXkmsRespondWithIdListFindByNodeValue(&(ctx->enabledRespondWithIds), cur);
+ } else {
+ id = xmlSecXkmsRespondWithIdListFindByNodeValue(xmlSecXkmsRespondWithIdsGet(), cur);
+ }
+
+ if(id != xmlSecXkmsRespondWithIdUnknown) {
+ ret = xmlSecXkmsRespondWithNodeRead(id, ctx, cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCreateTree",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else if((ctx->flags & XMLSEC_XKMS_SERVER_FLAGS_STOP_ON_UNKNOWN_RESPOND_WITH) != 0) {
+ xmlChar* content ;
+
+ content = xmlNodeGetContent(cur);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s,value=%s",
+ xmlSecErrorsSafeString(cur->name),
+ xmlSecErrorsSafeString(content));
+ if(content != NULL) {
+ xmlFree(content);
+ }
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ (*node) = cur;
+ return(0);
+}
+
+/**
+ * XML Schema:
+ * <!-- PendingNotification -->
+ * <element name="PendingNotification" type="xkms:PendingNotificationType"/>
+ * <complexType name="PendingNotificationType">
+ * <attribute name="Mechanism" type="anyURI" use="required"/>
+ * <attribute name="Identifier" type="anyURI" use="required"/>
+ * </complexType>
+ * <!-- /PendingNotification -->
+ */
+static int
+xmlSecXkmsServerCtxPendingNotificationNodeRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ xmlSecAssert2(ctx->pendingNotificationMechanism == NULL, -1);
+ ctx->pendingNotificationMechanism = xmlGetProp(node, xmlSecAttrMechanism);
+ if(ctx->pendingNotificationMechanism == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlGetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s;node=%s",
+ xmlSecErrorsSafeString(xmlSecAttrMechanism),
+ xmlSecErrorsSafeString(node->name));
+ return(-1);
+ }
+
+ xmlSecAssert2(ctx->pendingNotificationIdentifier == NULL, -1);
+ ctx->pendingNotificationIdentifier = xmlGetProp(node, xmlSecAttrIdentifier);
+ if(ctx->pendingNotificationIdentifier == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlGetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s;node=%s",
+ xmlSecErrorsSafeString(xmlSecAttrIdentifier),
+ xmlSecErrorsSafeString(node->name));
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * <xkms:PendingRequestType Id Service Nonce? OriginalRequestId? ResponseLimit? ResponseId?>
+ * <ds:Signature>?
+ * <xkms:MessageExtension>*
+ * (<xkms:OpaqueClientData>
+ * <xkms:OpaqueData>?
+ * )?
+ * <xkms:ResponseMechanism>*
+ * <xkms:RespondWith>*
+ * <xkms:PendingNotification Mechanism Identifier>?
+ *
+ * XML Schema:
+ *
+ * <!-- PendingRequest -->
+ * <element name="PendingRequest" type="xkms:PendingRequestType"/>
+ * <complexType name="PendingRequestType">
+ * <complexContent>
+ * <extension base="xkms:RequestAbstractType">
+ * <attribute name="ResponseId" type="anyURI" use="optional"/>
+ * </extension>
+ * </complexContent>
+ * </complexType>
+ * <!-- /PendingRequest --> *
+ */
+static int
+xmlSecXkmsServerCtxPendingRequestNodeRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr* node) {
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* first read "parent" type */
+ ret = xmlSecXkmsServerCtxRequestAbstractTypeNodeRead(ctx, node);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxRequestAbstractTypeNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* todo: read responseId */
+ return(0);
+}
+
+/**
+ * <xkms:QueryKeyBinding Id?
+ * <ds:KeyInfo>?
+ * <xkms:KeyUsage>?
+ * <xkms:KeyUsage>?
+ * <xkms:KeyUsage>?
+ * <xkms:UseKeyWith Application Identifier>*
+ * <xkms:TimeInstant Time>?
+ *
+ * XML Schema:
+ * <!-- QueryKeyBinding -->
+ * <element name="QueryKeyBinding" type="xkms:QueryKeyBindingType"/>
+ * <complexType name="QueryKeyBindingType">
+ * <complexContent>
+ * <extension base="xkms:KeyBindingAbstractType">
+ * <sequence>
+ * <element ref="xkms:TimeInstant" minOccurs="0"/>
+ * </sequence>
+ * </extension>
+ * </complexContent>
+ * </complexType>
+ * <!-- /QueryKeyBinding -->
+ */
+static int
+xmlSecXkmsServerCtxQueryKeyBindingNodeRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* first read "parent" type */
+ cur = node;
+ ret = xmlSecXkmsServerCtxKeyBindingAbstractTypeNodeRead(ctx, &cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxKeyBindingAbstractTypeNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* next is optional <xkms:TimeInstant/> node */
+ if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeTimeInstant, xmlSecXkmsNs)) {
+ ret = xmlSecXkmsServerCtxTimeInstantNodeRead(ctx, cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxTimeInstantNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* check that there is nothing after the last node */
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * <xkms:KeyBindingAbstractType Id?>
+ * <ds:KeyInfo>?
+ * <xkms:KeyUsage>?
+ * <xkms:KeyUsage>?
+ * <xkms:KeyUsage>?
+ * <xkms:UseKeyWith Application Identifier>*
+ *
+ * XML Schema:
+ * <!-- KeyBindingAbstractType-->
+ * <complexType name="KeyBindingAbstractType" abstract="true">
+ * <sequence>
+ * <element ref="ds:KeyInfo" minOccurs="0"/>
+ * <element ref="xkms:KeyUsage" minOccurs="0" maxOccurs="3"/>
+ * <element ref="xkms:UseKeyWith" minOccurs="0"
+ * maxOccurs="unbounded"/>
+ * </sequence>
+ * <attribute name="Id" type="ID" use="optional"/>
+ * </complexType>
+ * <!-- /KeyBindingAbstractType-->
+ */
+static int
+xmlSecXkmsServerCtxKeyBindingAbstractTypeNodeRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr* node) {
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2((*node) != NULL, -1);
+
+ cur = (*node);
+ xmlSecAssert2(cur != NULL, -1);
+
+ /* we don't care about Id attribute in this node */
+ cur = xmlSecGetNextElementNode(cur->children);
+
+ /* first node is optional <dsig:KeyInfo/> node. for now we only remember pointer */
+ xmlSecAssert2(ctx->keyInfoNode == NULL, -1);
+ if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeKeyInfo, xmlSecDSigNs)) {
+ ctx->keyInfoNode = cur;
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* next is zero or more <xkms:KeyUsage/> nodes */
+ ret = xmlSecQName2BitMaskNodesRead(gXmlSecXkmsKeyUsageInfo, &cur,
+ xmlSecNodeKeyUsage, xmlSecXkmsNs,
+ ((ctx->flags & XMLSEC_XKMS_SERVER_FLAGS_STOP_ON_UNKNOWN_KEY_USAGE) != 0) ? 1 : 0,
+ &(ctx->keyInfoReadCtx.keyReq.keyUsage));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2BitMaskNodesRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecNodeKeyUsage));
+ return(-1);
+ }
+
+ /* next is zero or more <xkms:UseKeyWith/> nodes */
+ ret = xmlSecXkmsServerCtxUseKeyWithNodesRead(ctx, &cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxUseKeyWithNodesRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ (*node) = cur;
+ return(0);
+}
+
+static int
+xmlSecXkmsServerCtxKeyBindingAbstractTypeNodeWrite(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node, xmlSecKeyPtr key) {
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ /* generate and add Id attribute */
+ ret = xmlSecGenerateAndAddID(node, xmlSecAttrId, ctx->idPrefix, ctx->idLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGenerateAndAddID",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* <dsig:KeyInfo/> node */
+ cur = xmlSecAddChild(node, xmlSecNodeKeyInfo, xmlSecDSigNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
+ return(-1);
+ }
+
+ ret = xmlSecXkmsServerCtxKeyInfoNodeWrite(ctx, cur, key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxKeyInfoNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* next is <xkms:KeyUsage/> node */
+ ret = xmlSecQName2BitMaskNodesWrite(gXmlSecXkmsKeyUsageInfo, node,
+ xmlSecNodeKeyUsage, xmlSecXkmsNs,
+ key->usage);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2BitMaskNodesWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecNodeKeyUsage));
+ return(-1);
+ }
+
+ /* and the last node is <xkms:UseKeyWith/> */
+ ret = xmlSecXkmsServerCtxUseKeyWithNodesWrite(ctx, node, key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxUseKeyWithNodesWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecXkmsServerCtxKeyInfoNodeWrite(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node, xmlSecKeyPtr key) {
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* add child nodes as requested in <xkms:RespondWith/> nodes */
+ ret = xmlSecXkmsRespondWithIdListWrite(&(ctx->respWithList), ctx, node);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsRespondWithIdListWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecKeyInfoNodeWrite(node, key, &(ctx->keyInfoWriteCtx));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyInfoNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+
+/**
+ * XML Schema:
+ * <!-- UseKeyWith -->
+ * <element name="UseKeyWith" type="xkms:UseKeyWithType"/>
+ * <complexType name="UseKeyWithType">
+ * <attribute name="Application" type="anyURI" use="required"/>
+ * <attribute name="Identifier" type="string" use="required"/>
+ * </complexType>
+ * <!-- /UseKeyWith -->
+ */
+static int
+xmlSecXkmsServerCtxUseKeyWithNodesRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr* node) {
+ xmlSecPtrListPtr list;
+ xmlNodePtr cur;
+ xmlSecKeyUseWithPtr keyUseWith;
+ xmlChar* application;
+ xmlChar* identifier;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ list = &(ctx->keyInfoReadCtx.keyReq.keyUseWithList);
+ xmlSecAssert2(xmlSecPtrListGetSize(list) == 0, -1);
+
+ cur = (*node);
+ while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeUseKeyWith, xmlSecXkmsNs)) {
+ application = xmlGetProp(cur, xmlSecAttrApplication);
+ if(application == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlGetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s;node=%s",
+ xmlSecErrorsSafeString(xmlSecAttrApplication),
+ xmlSecErrorsSafeString(cur->name));
+ return(-1);
+ }
+
+ identifier = xmlGetProp(cur, xmlSecAttrIdentifier);
+ if(identifier == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlGetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s;node=%s",
+ xmlSecErrorsSafeString(xmlSecAttrIdentifier),
+ xmlSecErrorsSafeString(cur->name));
+ xmlFree(application);
+ return(-1);
+ }
+
+ keyUseWith = xmlSecKeyUseWithCreate(application, identifier);
+ if(keyUseWith == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyUseWithCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(application);
+ xmlFree(identifier);
+ return(-1);
+ }
+ xmlFree(application);
+ xmlFree(identifier);
+
+ ret = xmlSecPtrListAdd(list, keyUseWith);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyUseWithDestroy(keyUseWith);
+ return(-1);
+ }
+
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ (*node) = cur;
+ return(0);
+}
+
+static int
+xmlSecXkmsServerCtxUseKeyWithNodesWrite(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node, xmlSecKeyPtr key) {
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ /* todo: write UseKeyWith */
+ return(0);
+}
+
+
+static int
+xmlSecXkmsServerCtxTimeInstantNodeRead(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* todo: parse xml schema dataTime or use libxml? */
+ return(0);
+}
+
+/**
+ * <xkms:ResultType Id Service Nonce? ResultMajor ResultMinor? RequestId?>
+ * <ds:Signature>?
+ * <xkms:MessageExtension>*
+ * (<xkms:OpaqueClientData>
+ * <xkms:OpaqueData>?
+ * )?
+ * <xkms:RequestSignatureValue>*
+ *
+ * XML Schema:
+ * <!-- ResultType -->
+ * <element name="Result" type="xkms:ResultType"/>
+ * <complexType name="ResultType">
+ * <complexContent>
+ * <extension base="xkms:MessageAbstractType">
+ * <sequence>
+ * <element ref="xkms:RequestSignatureValue" minOccurs="0"/>
+ * </sequence>
+ * <attribute name="ResultMajor" type="QName" use="required"/>
+ * <attribute name="ResultMinor" type="QName" use="optional"/>
+ * <attribute name="RequestId" type="anyURI" use="optional"/>
+ * </extension>
+ * </complexContent>
+ * </complexType>
+ * <!-- /ResultType -->
+ */
+static int
+xmlSecXkmsServerCtxResultTypeNodeWrite(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* generate and add Id attribute */
+ ret = xmlSecGenerateAndAddID(node, xmlSecAttrId, ctx->idPrefix, ctx->idLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGenerateAndAddID",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* todo: generate nonce? */
+
+ /* set Service atribute (required) */
+ if((ctx->service == NULL) || (xmlSetProp(node, xmlSecAttrService, ctx->service) == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s,value=%s",
+ xmlSecErrorsSafeString(xmlSecAttrService),
+ xmlSecErrorsSafeString(ctx->service));
+ return(-1);
+ }
+
+
+ /* set RequestId atribute (optional) */
+ if((ctx->id != NULL) && (xmlSetProp(node, xmlSecAttrRequestId, ctx->id) == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s,value=%s",
+ xmlSecErrorsSafeString(xmlSecAttrRequestId),
+ xmlSecErrorsSafeString(ctx->id));
+ return(-1);
+ }
+
+
+ /* set major code (required) */
+ ret = xmlSecQName2IntegerAttributeWrite(gXmlSecXkmsResultMajorInfo, node,
+ xmlSecAttrResultMajor, ctx->resultMajor);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2IntegerAttributeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s,value=%d",
+ xmlSecErrorsSafeString(xmlSecAttrResultMajor),
+ ctx->resultMajor);
+ return(-1);
+ }
+
+ /* set minor code (optional) */
+ if(ctx->resultMinor != xmlSecXkmsResultMinorNone) {
+ ret = xmlSecQName2IntegerAttributeWrite(gXmlSecXkmsMinorErrorInfo, node,
+ xmlSecAttrResultMinor, ctx->resultMinor);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2IntegerAttributeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s,value=%d",
+ xmlSecErrorsSafeString(xmlSecAttrResultMinor),
+ ctx->resultMinor);
+ return(-1);
+ }
+ }
+
+ /* todo: create signature template */
+
+ /* todo: create message extension nodes? */
+
+ /* <xkms:OpaqueClientData/>: An XKMS service SHOULD return the value of
+ * the <OpaqueClientData> element unmodified in a request in a response
+ * with status code Succes */
+ if((ctx->resultMajor == xmlSecXkmsResultMajorSuccess) && (ctx->opaqueClientDataNode != NULL)) {
+ xmlNodePtr copyNode;
+
+ copyNode = xmlDocCopyNode(ctx->opaqueClientDataNode, node->doc, 1);
+ if(copyNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(ctx->opaqueClientDataNode->name));
+ return(-1);
+ }
+
+ if(xmlSecAddChildNode(node, copyNode) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChildNode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(copyNode->name));
+ return(-1);
+ }
+ }
+
+ ret = xmlSecXkmsServerCtxRequestSignatureValueNodeWrite(ctx, node);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxRequestSignatureValueNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * A service SHOULD include the <RequestSignatureValue> element in a response
+ * if the following conditions are satisfied and MUST NOT include the value
+ * otherwise:
+ *
+ *
+ * - The <ds:Signature> element was present in the corresponding request
+ * - The service successfully verified the <ds:Signature> element in the
+ * corresponding request, and
+ * - The ResponseMechanism RequestSignatureValue was specified.
+ *
+ */
+static int
+xmlSecXkmsServerCtxRequestSignatureValueNodeWrite(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* todo: check all conditions for RequestSignatureValue */
+ if((ctx->responseMechanismMask & XMLSEC_XKMS_RESPONSE_MECHANISM_MASK_REQUEST_SIGNATURE_VALUE) == 0) {
+ /* The ResponseMechanism RequestSignatureValue was not specified. */
+ return(0);
+ }
+
+ /* todo: write RequestSignatureValue */
+ return(0);
+}
+
+
+/**
+ *
+ * <xkms:UnverifiedKeyBindingType Id?>
+ * <ds:KeyInfo>?
+ * <xkms:KeyUsage>?
+ * <xkms:KeyUsage>?
+ * <xkms:KeyUsage>?
+ * <xkms:UseKeyWith Application Identifier>*
+ * <xkms:ValidityInterval NotBefore NotOnOrAfter>?
+ *
+ * XML Schema:
+ *
+ * <!-- UnverifiedKeyBinding -->
+ * <element name="UnverifiedKeyBinding" type="xkms:UnverifiedKeyBindingType"/>
+ * <complexType name="UnverifiedKeyBindingType">
+ * <complexContent>
+ * <extension base="xkms:KeyBindingAbstractType">
+ * <sequence>
+ * <element ref="xkms:ValidityInterval" minOccurs="0"/>
+ * </sequence>
+ * </extension>
+ * </complexContent>
+ * </complexType>
+ * <!-- /UnverifiedKeyBinding -->
+ */
+static int
+xmlSecXkmsServerCtxUnverifiedKeyBindingNodeWrite(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node, xmlSecKeyPtr key) {
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* first write "parent" type */
+ ret = xmlSecXkmsServerCtxKeyBindingAbstractTypeNodeWrite(ctx, node, key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxKeyBindingAbstractTypeNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* <xkms:ValidityInterval/> node */
+ ret = xmlSecXkmsServerCtxValidityIntervalNodeWrite(ctx, node, key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxValidityIntervalNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecXkmsServerCtxValidityIntervalNodeWrite(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node, xmlSecKeyPtr key) {
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* todo: write key validity interval */
+ return(0);
+}
+
+/**
+ * <xkms:KeyBinding Id?>
+ * <ds:KeyInfo>?
+ * <xkms:KeyUsage>?
+ * <xkms:KeyUsage>?
+ * <xkms:KeyUsage>?
+ * <xkms:UseKeyWith Application Identifier>*
+ * <xkms:ValidityInterval NotBefore NotOnOrAfter>?
+ * <xkms:Status StatusValue>
+ * (<xkms:ValidReason>?
+ * <xkms:IndeterminateReason>?
+ * <xkms:InvalidReason>?
+ * )*
+ *
+ * XML Schema:
+ *
+ * <!-- KeyBinding -->
+ * <element name="KeyBinding" type="xkms:KeyBindingType"/>
+ * <complexType name="KeyBindingType">
+ * <complexContent>
+ * <extension base="xkms:UnverifiedKeyBindingType">
+ * <sequence>
+ * <element ref="xkms:Status"/>
+ * </sequence>
+ * </extension>
+ * </complexContent>
+ * </complexType>
+ * <!-- /KeyBinding -->
+ */
+static int
+xmlSecXkmsServerCtxKeyBindingNodeWrite(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node, xmlSecKeyPtr key) {
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* first write "parent" type */
+ ret = xmlSecXkmsServerCtxUnverifiedKeyBindingNodeWrite(ctx, node, key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxKeyBindingAbstractTypeNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* <xkms:Status/> node */
+ ret = xmlSecXkmsServerCtxKeyBindingStatusNodeWrite(ctx, node, key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxKeyBindingStatusNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * <xkms:Status StatusValue>
+ * (<xkms:ValidReason>?
+ * <xkms:IndeterminateReason>?
+ * <xkms:InvalidReason>?
+ * )*
+ *
+ * XML Schema:
+ *
+ * <!-- Status -->
+ * <element name="Status" type="xkms:StatusType"/>
+ * <complexType name="StatusType">
+ * <sequence>
+ * <element ref="xkms:ValidReason" minOccurs="0"
+ * maxOccurs="unbounded"/>
+ * <element ref="xkms:IndeterminateReason" minOccurs="0"
+ * maxOccurs="unbounded"/>
+ * <element ref="xkms:InvalidReason" minOccurs="0"
+ * maxOccurs="unbounded"/>
+ * </sequence>
+ * <attribute name="StatusValue" type="xkms:KeyBindingStatus"
+ * use="required"/>
+ * </complexType>
+ * <simpleType name="KeyBindingStatus">
+ * <restriction base="QName">
+ * <enumeration value="xkms:Valid"/>
+ * <enumeration value="xkms:Invalid"/>
+ * <enumeration value="xkms:Indeterminate"/>
+ * </restriction>
+ * </simpleType>
+ * <!-- /Status -->
+ */
+static int
+xmlSecXkmsServerCtxKeyBindingStatusNodeWrite(xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node, xmlSecKeyPtr key) {
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(key != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ cur = xmlSecAddChild(node, xmlSecNodeStatus, xmlSecXkmsNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeStatus));
+ return(-1);
+ }
+
+ /* if we are here then the key was validated */
+ ret = xmlSecQName2IntegerAttributeWrite(gXmlSecXkmsKeyBindingStatusInfo, cur,
+ xmlSecAttrStatusValue, xmlSecXkmsKeyBindingStatusValid);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2IntegerAttributeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecAttrStatusValue));
+ return(-1);
+ }
+
+ /* todo: write the reasons */
+ return(0);
+}
+
+/************************************************************************
+ *
+ * xmlSecXkmsServerCtx list
+ *
+ ************************************************************************/
+static xmlSecPtrListKlass xmlSecXkmsServerCtxPtrListKlass = {
+ BAD_CAST "xkms-server-ctx-list",
+ NULL, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
+ (xmlSecPtrDestroyItemMethod)xmlSecXkmsServerCtxDestroy, /* xmlSecPtrDestroyItemMethod destroyItem; */
+ (xmlSecPtrDebugDumpItemMethod)xmlSecXkmsServerCtxDebugDump, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
+ (xmlSecPtrDebugDumpItemMethod)xmlSecXkmsServerCtxDebugXmlDump, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
+};
+
+xmlSecPtrListId
+xmlSecXkmsServerCtxPtrListGetKlass(void) {
+ return(&xmlSecXkmsServerCtxPtrListKlass);
+}
+
+
+/**************************************************************************
+ *
+ * Global xmlSecXkmsRespondWithIds list functions
+ *
+ *************************************************************************/
+static xmlSecPtrList xmlSecAllXkmsRespondWithIds;
+
+
+/**
+ * xmlSecXkmsRespondWithIdsGet:
+ *
+ * Gets global registered RespondWith klasses list.
+ *
+ * Returns: the pointer to list of all registered RespondWith klasses.
+ */
+xmlSecPtrListPtr
+xmlSecXkmsRespondWithIdsGet(void) {
+ return(&xmlSecAllXkmsRespondWithIds);
+}
+
+/**
+ * xmlSecXkmsRespondWithIdsInit:
+ *
+ * Initializes the RespondWith klasses. This function is called from the
+ * #xmlSecInit function and the application should not call it directly.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecXkmsRespondWithIdsInit(void) {
+ int ret;
+
+ ret = xmlSecPtrListInitialize(xmlSecXkmsRespondWithIdsGet(), xmlSecXkmsRespondWithIdListId);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListPtrInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecXkmsRespondWithIdListId");
+ return(-1);
+ }
+
+ ret = xmlSecXkmsRespondWithIdsRegisterDefault();
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsRespondWithIdsRegisterDefault",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecXkmsRespondWithIdsShutdown:
+ *
+ * Shuts down the keys data klasses. This function is called from the
+ * #xmlSecShutdown function and the application should not call it directly.
+ */
+void
+xmlSecXkmsRespondWithIdsShutdown(void) {
+ xmlSecPtrListFinalize(xmlSecXkmsRespondWithIdsGet());
+}
+
+/**
+ * xmlSecXkmsRespondWithIdsRegister:
+ * @id: the RespondWith klass.
+ *
+ * Registers @id in the global list of RespondWith klasses.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecXkmsRespondWithIdsRegister(xmlSecXkmsRespondWithId id) {
+ int ret;
+
+ xmlSecAssert2(id != xmlSecXkmsRespondWithIdUnknown, -1);
+
+ ret = xmlSecPtrListAdd(xmlSecXkmsRespondWithIdsGet(), (xmlSecPtr)id);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "RespondWith=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)));
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecXkmsRespondWithIdsRegisterDefault:
+ *
+ * Registers default (implemented by XML Security Library)
+ * RespondWith klasses: KeyName, KeyValue,...
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecXkmsRespondWithIdsRegisterDefault(void) {
+ if(xmlSecXkmsRespondWithIdsRegister(xmlSecXkmsRespondWithKeyNameId) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsRespondWithIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithKeyNameId)));
+ return(-1);
+ }
+
+ if(xmlSecXkmsRespondWithIdsRegister(xmlSecXkmsRespondWithKeyValueId) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsRespondWithIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithKeyValueId)));
+ return(-1);
+ }
+
+ if(xmlSecXkmsRespondWithIdsRegister(xmlSecXkmsRespondWithPrivateKeyId) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsRespondWithIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithPrivateKeyId)));
+ return(-1);
+ }
+
+ if(xmlSecXkmsRespondWithIdsRegister(xmlSecXkmsRespondWithRetrievalMethodId) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsRespondWithIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithRetrievalMethodId)));
+ return(-1);
+ }
+
+ if(xmlSecXkmsRespondWithIdsRegister(xmlSecXkmsRespondWithX509CertId) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsRespondWithIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithX509CertId)));
+ return(-1);
+ }
+
+ if(xmlSecXkmsRespondWithIdsRegister(xmlSecXkmsRespondWithX509ChainId) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsRespondWithIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithX509ChainId)));
+ return(-1);
+ }
+
+ if(xmlSecXkmsRespondWithIdsRegister(xmlSecXkmsRespondWithX509CRLId) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsRespondWithIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithX509CRLId)));
+ return(-1);
+ }
+
+ /* TODO: OCSP, PGP, PGPWeb, SPKI */
+ /*
+ if(xmlSecXkmsRespondWithIdsRegister(xmlSecXkmsRespondWithPGPId) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsRespondWithIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithPGPId)));
+ return(-1);
+ }
+
+ if(xmlSecXkmsRespondWithIdsRegister(xmlSecXkmsRespondWithSPKIId) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsRespondWithIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(xmlSecXkmsRespondWithSPKIId)));
+ return(-1);
+ }
+ */
+ return(0);
+}
+
+
+/************************************************************************
+ *
+ * XKMS RespondWith Klass
+ *
+ ************************************************************************/
+/**
+ * xmlSecXkmsRespondWithNodeRead:
+ * @id: the RespondWith class.
+ * @ctx: the XKMS request processing context.
+ * @node: the pointer to <xkms:RespondWith/> node.
+ *
+ * Reads the content of the <xkms:RespondWith/> @node.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecXkmsRespondWithNodeRead(xmlSecXkmsRespondWithId id, xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node) {
+ xmlSecAssert2(id != xmlSecXkmsRespondWithIdUnknown, -1);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ if(id->readNode != NULL) {
+ return((id->readNode)(id, ctx, node));
+ }
+ return(0);
+}
+
+/**
+ * xmlSecXkmsRespondWithNodeWrite:
+ * @id: the RespondWith class.
+ * @ctx: the XKMS request processing context.
+ * @node: the pointer to <xkms:RespondWith/> node.
+ *
+ * Writes the content of the <xkms:RespondWith/> @node.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecXkmsRespondWithNodeWrite(xmlSecXkmsRespondWithId id, xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node) {
+ xmlSecAssert2(id != xmlSecXkmsRespondWithIdUnknown, -1);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ if(id->writeNode != NULL) {
+ return((id->writeNode)(id, ctx, node));
+ }
+ return(0);
+}
+
+/**
+ * xmlSecXkmsRespondWithDebugDump:
+ * @id: the RespondWith class.
+ * @output: the output file.
+ *
+ * Writes debug information about @id into the @output.
+ */
+void
+xmlSecXkmsRespondWithDebugDump(xmlSecXkmsRespondWithId id, FILE* output) {
+ xmlSecAssert(id != xmlSecXkmsRespondWithIdUnknown);
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "=== RespondWith: \"%s\" (href=\"%s\")\n",
+ xmlSecErrorsSafeString(id->valueName),
+ xmlSecErrorsSafeString(id->valueNs));
+}
+
+/**
+ * xmlSecXkmsRespondWithDebugXmlDump:
+ * @id: the RespondWith class.
+ * @output: the output file.
+ *
+ * Writes debug information about @id into the @output in XML format.
+ */
+void
+xmlSecXkmsRespondWithDebugXmlDump(xmlSecXkmsRespondWithId id, FILE* output) {
+ xmlSecAssert(id != xmlSecXkmsRespondWithIdUnknown);
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "<RespondWith href=\"");
+ xmlSecPrintXmlString(output, id->valueNs);
+ fprintf(output, "\">");
+ xmlSecPrintXmlString(output, id->valueName);
+ fprintf(output, "</RespondWith>\n");
+}
+
+int
+xmlSecXkmsRespondWithDefaultNodeRead(xmlSecXkmsRespondWithId id, xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node) {
+ int ret;
+
+ xmlSecAssert2(id != xmlSecXkmsRespondWithIdUnknown, -1);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ ret = xmlSecXkmsRespondWithIdListFind(&(ctx->respWithList), id);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)),
+ "xmlSecXkmsRespondWithIdListFind",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ } else if(ret > 0) {
+ /* do nothing, we already have it in the list */
+ return(0);
+ }
+
+ ret = xmlSecPtrListAdd(&(ctx->respWithList), id);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)),
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+int
+xmlSecXkmsRespondWithDefaultNodeWrite(xmlSecXkmsRespondWithId id, xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node) {
+ xmlNodePtr cur;
+
+ xmlSecAssert2(id != xmlSecXkmsRespondWithIdUnknown, -1);
+ xmlSecAssert2(id->nodeName != NULL, -1);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ cur = xmlSecAddChild(node, id->nodeName, id->nodeNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)),
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(id->nodeName));
+ return(-1);
+ }
+
+ return(0);
+}
+
+/************************************************************************
+ *
+ * XKMS RespondWith Klass List
+ *
+ ************************************************************************/
+static xmlSecPtrListKlass xmlSecXkmsRespondWithIdListKlass = {
+ BAD_CAST "respond-with-ids-list",
+ NULL, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
+ NULL, /* xmlSecPtrDestroyItemMethod destroyItem; */
+ (xmlSecPtrDebugDumpItemMethod)xmlSecXkmsRespondWithDebugDump, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
+ (xmlSecPtrDebugDumpItemMethod)xmlSecXkmsRespondWithDebugXmlDump, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
+};
+
+xmlSecPtrListId
+xmlSecXkmsRespondWithIdListGetKlass(void) {
+ return(&xmlSecXkmsRespondWithIdListKlass);
+}
+
+int
+xmlSecXkmsRespondWithIdListFind(xmlSecPtrListPtr list, xmlSecXkmsRespondWithId id) {
+ xmlSecSize i, size;
+
+ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecXkmsRespondWithIdListId), -1);
+ xmlSecAssert2(id != xmlSecXkmsRespondWithIdUnknown, -1);
+
+ size = xmlSecPtrListGetSize(list);
+ for(i = 0; i < size; ++i) {
+ if((xmlSecXkmsRespondWithId)xmlSecPtrListGetItem(list, i) == id) {
+ return(1);
+ }
+ }
+ return(0);
+}
+
+xmlSecXkmsRespondWithId
+xmlSecXkmsRespondWithIdListFindByNodeValue(xmlSecPtrListPtr list, xmlNodePtr node) {
+ xmlSecXkmsRespondWithId result = xmlSecXkmsRespondWithIdUnknown;
+ xmlSecXkmsRespondWithId id;
+ xmlChar* content;
+ xmlChar* qnameLocalPart = NULL;
+ xmlChar* qnamePrefix = NULL;
+ const xmlChar* qnameHref;
+ xmlNsPtr ns;
+ xmlSecSize i, size;
+
+ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecXkmsRespondWithIdListId), xmlSecXkmsRespondWithIdUnknown);
+ xmlSecAssert2(node != NULL, xmlSecXkmsRespondWithIdUnknown);
+
+ content = xmlNodeGetContent(node);
+ if(content == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNodeGetContent",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(node->name));
+ return(xmlSecXkmsRespondWithIdUnknown);
+ }
+
+ qnameLocalPart = (xmlChar*)xmlStrchr(content, ':');
+ if(qnameLocalPart != NULL) {
+ qnamePrefix = content;
+ *(qnameLocalPart++) = '\0';
+ } else {
+ qnamePrefix = NULL;
+ qnameLocalPart = content;
+ }
+
+ /* search namespace href */
+ ns = xmlSearchNs(node->doc, node, qnamePrefix);
+ if((ns == NULL) && (qnamePrefix != NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSearchNs",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=%s,qnamePrefix=%s",
+ xmlSecErrorsSafeString(node->name),
+ xmlSecErrorsSafeString(qnamePrefix));
+ xmlFree(content);
+ return(xmlSecXkmsRespondWithIdUnknown);
+ }
+ qnameHref = (ns != NULL) ? ns->href : BAD_CAST NULL;
+
+ size = xmlSecPtrListGetSize(list);
+ for(i = 0; i < size; ++i) {
+ id = (xmlSecXkmsRespondWithId)xmlSecPtrListGetItem(list, i);
+ if((id != xmlSecXkmsRespondWithIdUnknown) &&
+ xmlStrEqual(id->valueName, qnameLocalPart) &&
+ xmlStrEqual(id->valueNs, qnameHref)) {
+ result = id;
+ break;
+ }
+ }
+
+ xmlFree(content);
+ return(result);
+}
+
+int
+xmlSecXkmsRespondWithIdListWrite(xmlSecPtrListPtr list, xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
+ xmlSecXkmsRespondWithId id;
+ xmlSecSize i, size;
+ int ret;
+
+ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecXkmsRespondWithIdListId), -1);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ size = xmlSecPtrListGetSize(list);
+ for(i = 0; i < size; ++i) {
+ id = (xmlSecXkmsRespondWithId)xmlSecPtrListGetItem(list, i);
+ if(id != xmlSecXkmsRespondWithIdUnknown) {
+ ret = xmlSecXkmsRespondWithNodeWrite(id, ctx, node);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)),
+ "xmlSecXkmsRespondWithNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ }
+
+ return(0);
+}
+
+/********************************************************************
+ *
+ * XML Sec Library RespondWith Ids
+ *
+ *******************************************************************/
+static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithKeyNameKlass = {
+ xmlSecRespondWithKeyName, /* const xmlChar* valueName; */
+ xmlSecXkmsNs, /* const xmlChar* valueNs; */
+ xmlSecNodeKeyName, /* const xmlChar* nodeName; */
+ xmlSecDSigNs, /* const xmlChar* nodeNs; */
+ xmlSecXkmsRespondWithDefaultNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */
+ xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */
+ NULL, /* void* reserved1; */
+ NULL /* void* reserved2; */
+};
+
+/**
+ * xmlSecXkmsRespondWithKeyNameGetKlass:
+ *
+ * The respond with KeyName klass.
+ *
+ * Returns: respond with KeyName klass.
+ */
+xmlSecXkmsRespondWithId
+xmlSecXkmsRespondWithKeyNameGetKlass(void) {
+ return(&xmlSecXkmsRespondWithKeyNameKlass);
+}
+
+
+
+static int xmlSecXkmsRespondWithKeyValueNodeRead (xmlSecXkmsRespondWithId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithKeyValueKlass = {
+ xmlSecRespondWithKeyValue, /* const xmlChar* valueName; */
+ xmlSecXkmsNs, /* const xmlChar* valueNs; */
+ xmlSecNodeKeyValue, /* const xmlChar* nodeName; */
+ xmlSecDSigNs, /* const xmlChar* nodeNs; */
+ xmlSecXkmsRespondWithKeyValueNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */
+ xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */
+ NULL, /* void* reserved1; */
+ NULL /* void* reserved2; */
+};
+
+/**
+ * xmlSecXkmsRespondWithKeyValueGetKlass:
+ *
+ * The respond with KeyValue klass.
+ *
+ * Returns: respond with KeyValue klass.
+ */
+xmlSecXkmsRespondWithId
+xmlSecXkmsRespondWithKeyValueGetKlass(void) {
+ return(&xmlSecXkmsRespondWithKeyValueKlass);
+}
+
+static int
+xmlSecXkmsRespondWithKeyValueNodeRead(xmlSecXkmsRespondWithId id, xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node) {
+ int ret;
+
+ xmlSecAssert2(id == xmlSecXkmsRespondWithKeyValueId, -1);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* do usual stuff */
+ ret = xmlSecXkmsRespondWithDefaultNodeRead(id, ctx, node);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)),
+ "xmlSecXkmsRespondWithDefaultNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* and now set some parameters in the ctx to look for a public or private
+ * key and to write a public key
+ */
+ ctx->keyInfoReadCtx.keyReq.keyType |= (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate);
+ ctx->keyInfoWriteCtx.keyReq.keyType |= xmlSecKeyDataTypePublic;
+
+ return(0);
+}
+
+static int xmlSecXkmsRespondWithPrivateKeyNodeRead (xmlSecXkmsRespondWithId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithPrivateKeyKlass = {
+ xmlSecRespondWithPrivateKey, /* const xmlChar* valueName; */
+ xmlSecXkmsNs, /* const xmlChar* valueNs; */
+ xmlSecNodeKeyValue, /* const xmlChar* nodeName; */
+ xmlSecDSigNs, /* const xmlChar* nodeNs; */
+ xmlSecXkmsRespondWithPrivateKeyNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */
+ xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */
+ NULL, /* void* reserved1; */
+ NULL /* void* reserved2; */
+};
+
+/**
+ * xmlSecXkmsRespondWithPrivateKeyGetKlass:
+ *
+ * The respond with PrivateKey klass.
+ *
+ * Returns: respond with PrivateKey klass.
+ */
+xmlSecXkmsRespondWithId
+xmlSecXkmsRespondWithPrivateKeyGetKlass(void) {
+ return(&xmlSecXkmsRespondWithPrivateKeyKlass);
+}
+
+static int
+xmlSecXkmsRespondWithPrivateKeyNodeRead(xmlSecXkmsRespondWithId id, xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node) {
+ int ret;
+
+ xmlSecAssert2(id == xmlSecXkmsRespondWithPrivateKeyId, -1);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* do usual stuff */
+ ret = xmlSecXkmsRespondWithDefaultNodeRead(id, ctx, node);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)),
+ "xmlSecXkmsRespondWithDefaultNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* and now set some parameters in the ctx to look for a private
+ * key and to write a private key
+ */
+ ctx->keyInfoReadCtx.keyReq.keyType |= xmlSecKeyDataTypePrivate;
+ ctx->keyInfoWriteCtx.keyReq.keyType |= xmlSecKeyDataTypePrivate;
+
+ return(0);
+}
+
+static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithRetrievalMethodKlass = {
+ xmlSecRespondWithRetrievalMethod, /* const xmlChar* valueName; */
+ xmlSecXkmsNs, /* const xmlChar* valueNs; */
+ xmlSecNodeRetrievalMethod, /* const xmlChar* nodeName; */
+ xmlSecDSigNs, /* const xmlChar* nodeNs; */
+ xmlSecXkmsRespondWithDefaultNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */
+ xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */
+ NULL, /* void* reserved1; */
+ NULL /* void* reserved2; */
+};
+
+/**
+ * xmlSecXkmsRespondWithRetrievalMethodGetKlass:
+ *
+ * The respond with RetrievalMethod klass.
+ *
+ * Returns: respond with RetrievalMethod klass.
+ */
+xmlSecXkmsRespondWithId
+xmlSecXkmsRespondWithRetrievalMethodGetKlass(void) {
+ return(&xmlSecXkmsRespondWithRetrievalMethodKlass);
+}
+
+
+
+static int xmlSecXkmsRespondWithX509CertNodeRead (xmlSecXkmsRespondWithId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithX509CertKlass = {
+ xmlSecRespondWithX509Cert, /* const xmlChar* valueName; */
+ xmlSecXkmsNs, /* const xmlChar* valueNs; */
+ xmlSecNodeX509Data, /* const xmlChar* nodeName; */
+ xmlSecDSigNs, /* const xmlChar* nodeNs; */
+ xmlSecXkmsRespondWithX509CertNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */
+ xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */
+ NULL, /* void* reserved1; */
+ NULL /* void* reserved2; */
+};
+
+/**
+ * xmlSecXkmsRespondWithX509CertGetKlass:
+ *
+ * The respond with X509Cert klass.
+ *
+ * Returns: respond with X509Cert klass.
+ */
+xmlSecXkmsRespondWithId
+xmlSecXkmsRespondWithX509CertGetKlass(void) {
+ return(&xmlSecXkmsRespondWithX509CertKlass);
+}
+
+static int
+xmlSecXkmsRespondWithX509CertNodeRead(xmlSecXkmsRespondWithId id, xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node) {
+ int ret;
+
+ xmlSecAssert2(id == xmlSecXkmsRespondWithX509CertId, -1);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* do usual stuff */
+ ret = xmlSecXkmsRespondWithDefaultNodeRead(id, ctx, node);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)),
+ "xmlSecXkmsRespondWithDefaultNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int xmlSecXkmsRespondWithX509ChainNodeRead (xmlSecXkmsRespondWithId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithX509ChainKlass = {
+ xmlSecRespondWithX509Chain, /* const xmlChar* valueName; */
+ xmlSecXkmsNs, /* const xmlChar* valueNs; */
+ xmlSecNodeX509Data, /* const xmlChar* nodeName; */
+ xmlSecDSigNs, /* const xmlChar* nodeNs; */
+ xmlSecXkmsRespondWithX509ChainNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */
+ xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */
+ NULL, /* void* reserved1; */
+ NULL /* void* reserved2; */
+};
+
+/**
+ * xmlSecXkmsRespondWithX509ChainGetKlass:
+ *
+ * The respond with X509Chain klass.
+ *
+ * Returns: respond with X509Chain klass.
+ */
+xmlSecXkmsRespondWithId
+xmlSecXkmsRespondWithX509ChainGetKlass(void) {
+ return(&xmlSecXkmsRespondWithX509ChainKlass);
+}
+
+static int
+xmlSecXkmsRespondWithX509ChainNodeRead(xmlSecXkmsRespondWithId id, xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node) {
+ int ret;
+
+ xmlSecAssert2(id == xmlSecXkmsRespondWithX509ChainId, -1);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* do usual stuff */
+ ret = xmlSecXkmsRespondWithDefaultNodeRead(id, ctx, node);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)),
+ "xmlSecXkmsRespondWithDefaultNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int xmlSecXkmsRespondWithX509CRLNodeRead (xmlSecXkmsRespondWithId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithX509CRLKlass = {
+ xmlSecRespondWithX509CRL, /* const xmlChar* valueName; */
+ xmlSecXkmsNs, /* const xmlChar* valueNs; */
+ xmlSecNodeX509Data, /* const xmlChar* nodeName; */
+ xmlSecDSigNs, /* const xmlChar* nodeNs; */
+ xmlSecXkmsRespondWithX509CRLNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */
+ xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */
+ NULL, /* void* reserved1; */
+ NULL /* void* reserved2; */
+};
+
+/**
+ * xmlSecXkmsRespondWithX509CRLGetKlass:
+ *
+ * The respond with X509CRL klass.
+ *
+ * Returns: respond with X509CRL klass.
+ */
+xmlSecXkmsRespondWithId
+xmlSecXkmsRespondWithX509CRLGetKlass(void) {
+ return(&xmlSecXkmsRespondWithX509CRLKlass);
+}
+
+static int
+xmlSecXkmsRespondWithX509CRLNodeRead(xmlSecXkmsRespondWithId id, xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node) {
+ int ret;
+
+ xmlSecAssert2(id == xmlSecXkmsRespondWithX509CRLId, -1);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* do usual stuff */
+ ret = xmlSecXkmsRespondWithDefaultNodeRead(id, ctx, node);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecXkmsRespondWithKlassGetName(id)),
+ "xmlSecXkmsRespondWithDefaultNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithPGPKlass = {
+ xmlSecRespondWithPGP, /* const xmlChar* valueName; */
+ xmlSecXkmsNs, /* const xmlChar* valueNs; */
+ xmlSecNodePGPData, /* const xmlChar* nodeName; */
+ xmlSecDSigNs, /* const xmlChar* nodeNs; */
+ xmlSecXkmsRespondWithDefaultNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */
+ xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */
+ NULL, /* void* reserved1; */
+ NULL /* void* reserved2; */
+};
+
+/**
+ * xmlSecXkmsRespondWithPGPGetKlass:
+ *
+ * The respond with PGP klass.
+ *
+ * Returns: respond with PGP klass.
+ */
+xmlSecXkmsRespondWithId
+xmlSecXkmsRespondWithPGPGetKlass(void) {
+ return(&xmlSecXkmsRespondWithPGPKlass);
+}
+
+static xmlSecXkmsRespondWithKlass xmlSecXkmsRespondWithSPKIKlass = {
+ xmlSecRespondWithSPKI, /* const xmlChar* valueName; */
+ xmlSecXkmsNs, /* const xmlChar* valueNs; */
+ xmlSecNodeSPKIData, /* const xmlChar* nodeName; */
+ xmlSecDSigNs, /* const xmlChar* nodeNs; */
+ xmlSecXkmsRespondWithDefaultNodeRead, /* xmlSecXkmsRespondWithNodeReadMethod readNode; */
+ xmlSecXkmsRespondWithDefaultNodeWrite, /* xmlSecXkmsRespondWithNodeWriteMethod writeNode; */
+ NULL, /* void* reserved1; */
+ NULL /* void* reserved2; */
+};
+
+/**
+ * xmlSecXkmsRespondWithSPKIGetKlass:
+ *
+ * The respond with SPKI klass.
+ *
+ * Returns: respond with SPKI klass.
+ */
+xmlSecXkmsRespondWithId
+xmlSecXkmsRespondWithSPKIGetKlass(void) {
+ return(&xmlSecXkmsRespondWithSPKIKlass);
+}
+
+/**************************************************************************
+ *
+ * Global xmlSecXkmsServerRequestIds list functions
+ *
+ *************************************************************************/
+static xmlSecPtrList xmlSecAllXkmsServerRequestIds;
+
+
+/**
+ * xmlSecXkmsServerRequestIdsGet:
+ *
+ * Gets global registered ServerRequest klasses list.
+ *
+ * Returns: the pointer to list of all registered ServerRequest klasses.
+ */
+xmlSecPtrListPtr
+xmlSecXkmsServerRequestIdsGet(void) {
+ return(&xmlSecAllXkmsServerRequestIds);
+}
+
+/**
+ * xmlSecXkmsServerRequestIdsInit:
+ *
+ * Initializes the ServerRequest klasses. This function is called from the
+ * #xmlSecInit function and the application should not call it directly.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecXkmsServerRequestIdsInit(void) {
+ int ret;
+
+ ret = xmlSecPtrListInitialize(xmlSecXkmsServerRequestIdsGet(), xmlSecXkmsServerRequestIdListId);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListPtrInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecXkmsServerRequestIdListId");
+ return(-1);
+ }
+
+ ret = xmlSecXkmsServerRequestIdsRegisterDefault();
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerRequestIdsRegisterDefault",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecXkmsServerRequestIdsShutdown:
+ *
+ * Shuts down the keys data klasses. This function is called from the
+ * #xmlSecShutdown function and the application should not call it directly.
+ */
+void
+xmlSecXkmsServerRequestIdsShutdown(void) {
+ xmlSecPtrListFinalize(xmlSecXkmsServerRequestIdsGet());
+}
+
+/**
+ * xmlSecXkmsServerRequestIdsRegister:
+ * @id: the ServerRequest klass.
+ *
+ * Registers @id in the global list of ServerRequest klasses.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecXkmsServerRequestIdsRegister(xmlSecXkmsServerRequestId id) {
+ int ret;
+
+ xmlSecAssert2(id != xmlSecXkmsServerRequestIdUnknown, -1);
+
+ ret = xmlSecPtrListAdd(xmlSecXkmsServerRequestIdsGet(), (xmlSecPtr)id);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "ServerRequest=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(id)));
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecXkmsServerRequestIdsRegisterDefault:
+ *
+ * Registers default (implemented by XML Security Library)
+ * ServerRequest klasses: KeyName, KeyValue,...
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecXkmsServerRequestIdsRegisterDefault(void) {
+ if(xmlSecXkmsServerRequestIdsRegister(xmlSecXkmsServerRequestResultId) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerRequestIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(xmlSecXkmsServerRequestResultId)));
+ return(-1);
+ }
+
+ if(xmlSecXkmsServerRequestIdsRegister(xmlSecXkmsServerRequestStatusId) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerRequestIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(xmlSecXkmsServerRequestStatusId)));
+ return(-1);
+ }
+
+ if(xmlSecXkmsServerRequestIdsRegister(xmlSecXkmsServerRequestCompoundId) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerRequestIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(xmlSecXkmsServerRequestCompoundId)));
+ return(-1);
+ }
+
+ if(xmlSecXkmsServerRequestIdsRegister(xmlSecXkmsServerRequestLocateId) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerRequestIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(xmlSecXkmsServerRequestLocateId)));
+ return(-1);
+ }
+
+ if(xmlSecXkmsServerRequestIdsRegister(xmlSecXkmsServerRequestValidateId) < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerRequestIdsRegister",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "name=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(xmlSecXkmsServerRequestValidateId)));
+ return(-1);
+ }
+
+ return(0);
+}
+
+
+/************************************************************************
+ *
+ * XKMS ServerRequest Klass
+ *
+ ************************************************************************/
+/**
+ * xmlSecXkmsServerRequestNodeRead:
+ * @id: the ServerRequest class.
+ * @ctx: the XKMS request processing context.
+ * @node: the pointer to <xkms:ServerRequest/> node.
+ *
+ * Reads the content of the <xkms:ServerRequest/> @node.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecXkmsServerRequestNodeRead(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node) {
+ xmlSecAssert2(id != xmlSecXkmsServerRequestIdUnknown, -1);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ if(id->readNode != NULL) {
+ return((id->readNode)(id, ctx, node));
+ }
+ return(0);
+}
+
+/**
+ * xmlSecXkmsServerExecute:
+ * @id: the ServerRequest class.
+ * @ctx: the XKMS request processing context.
+ *
+ * Executes XKMS server request.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecXkmsServerRequestExecute(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx) {
+ xmlSecAssert2(id != xmlSecXkmsServerRequestIdUnknown, -1);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if(id->execute != NULL) {
+ return((id->execute)(id, ctx));
+ }
+ return(0);
+}
+
+
+/**
+ * xmlSecXkmsServerResponseNodeWrite:
+ * @id: the ServerRequest class.
+ * @ctx: the XKMS request processing context.
+ * @doc: the pointer to response parent XML document (might be NULL).
+ * @node: the pointer to response parent XML node (might be NULL).
+ *
+ * Writes XKMS response from context to a newly created node. Caller is
+ * responsible for adding the returned node to the XML document.
+ *
+ * Returns: pointer to newly created XKMS response node or NULL
+ * if an error occurs.
+ */
+xmlNodePtr
+xmlSecXkmsServerRequestNodeWrite(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx,
+ xmlDocPtr doc, xmlNodePtr node) {
+ xmlNodePtr respNode;
+ int ret;
+
+ xmlSecAssert2(id != xmlSecXkmsServerRequestIdUnknown, NULL);
+ xmlSecAssert2(ctx != NULL, NULL);
+
+ /* create the response root node */
+ if(node == NULL) {
+ xmlNsPtr ns;
+
+ respNode = xmlNewDocNode(doc, NULL, id->resultNodeName, NULL);
+ if(respNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewDocNode",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(id->resultNodeName));
+ return(NULL);
+ }
+ ns = xmlNewNs(respNode, id->resultNodeNs, NULL);
+ if(ns == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewNs",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "ns=%s",
+ xmlSecErrorsSafeString(id->resultNodeNs));
+ xmlFreeNode(respNode);
+ return(NULL);
+ }
+ xmlSetNs(respNode, ns);
+ } else {
+ respNode = xmlSecAddChild(node, id->resultNodeName, id->resultNodeNs);
+ if(respNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(id->resultNodeName));
+ return(NULL);
+ }
+ }
+
+ if(id->writeNode != NULL) {
+ ret = (id->writeNode)(id, ctx, respNode);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "writeNode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(id->resultNodeName));
+ xmlFreeNode(respNode);
+ return(NULL);
+ }
+ }
+
+ return(respNode);
+}
+
+/**
+ * xmlSecXkmsServerRequestDebugDump:
+ * @id: the ServerRequest class.
+ * @output: the output file.
+ *
+ * Writes debug information about @id into the @output.
+ */
+void
+xmlSecXkmsServerRequestDebugDump(xmlSecXkmsServerRequestId id, FILE* output) {
+ xmlSecAssert(id != xmlSecXkmsServerRequestIdUnknown);
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "=== ServerRequest: %s\n", xmlSecErrorsSafeString(id->name));
+}
+
+/**
+ * xmlSecXkmsServerRequestDebugXmlDump:
+ * @id: the ServerRequest class.
+ * @output: the output file.
+ *
+ * Writes debug information about @id into the @output in XML format.
+ */
+void
+xmlSecXkmsServerRequestDebugXmlDump(xmlSecXkmsServerRequestId id, FILE* output) {
+ xmlSecAssert(id != xmlSecXkmsServerRequestIdUnknown);
+ xmlSecAssert(output != NULL);
+
+ fprintf(output, "<ServerRequest>");
+ xmlSecPrintXmlString(output, id->name);
+ fprintf(output, "</ServerRequest>\n");
+}
+
+/************************************************************************
+ *
+ * XKMS ServerRequest Klass List
+ *
+ ************************************************************************/
+static xmlSecPtrListKlass xmlSecXkmsServerRequestIdListKlass = {
+ BAD_CAST "xkms-server-request-ids-list",
+ NULL, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
+ NULL, /* xmlSecPtrDestroyItemMethod destroyItem; */
+ (xmlSecPtrDebugDumpItemMethod)xmlSecXkmsServerRequestDebugDump, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
+ (xmlSecPtrDebugDumpItemMethod)xmlSecXkmsServerRequestDebugXmlDump, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
+};
+
+xmlSecPtrListId
+xmlSecXkmsServerRequestIdListGetKlass(void) {
+ return(&xmlSecXkmsServerRequestIdListKlass);
+}
+
+int
+xmlSecXkmsServerRequestIdListFind(xmlSecPtrListPtr list, xmlSecXkmsServerRequestId id) {
+ xmlSecSize i, size;
+
+ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecXkmsServerRequestIdListId), -1);
+ xmlSecAssert2(id != xmlSecXkmsServerRequestIdUnknown, -1);
+
+ size = xmlSecPtrListGetSize(list);
+ for(i = 0; i < size; ++i) {
+ if((xmlSecXkmsServerRequestId)xmlSecPtrListGetItem(list, i) == id) {
+ return(1);
+ }
+ }
+ return(0);
+}
+
+xmlSecXkmsServerRequestId
+xmlSecXkmsServerRequestIdListFindByName(xmlSecPtrListPtr list, const xmlChar* name) {
+ xmlSecXkmsServerRequestId id;
+ xmlSecSize i, size;
+
+ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecXkmsServerRequestIdListId), xmlSecXkmsServerRequestIdUnknown);
+ xmlSecAssert2(name != NULL, xmlSecXkmsServerRequestIdUnknown);
+
+ size = xmlSecPtrListGetSize(list);
+ for(i = 0; i < size; ++i) {
+ id = (xmlSecXkmsServerRequestId)xmlSecPtrListGetItem(list, i);
+ if((id != xmlSecXkmsServerRequestIdUnknown) && xmlStrEqual(id->name, name)) {
+ return(id);
+ }
+ }
+ return(xmlSecXkmsServerRequestIdUnknown);
+}
+
+xmlSecXkmsServerRequestId
+xmlSecXkmsServerRequestIdListFindByNode(xmlSecPtrListPtr list, xmlNodePtr node) {
+ xmlSecXkmsServerRequestId id;
+ xmlSecSize i, size;
+
+ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecXkmsServerRequestIdListId), xmlSecXkmsServerRequestIdUnknown);
+ xmlSecAssert2(node != NULL, xmlSecXkmsServerRequestIdUnknown);
+
+ size = xmlSecPtrListGetSize(list);
+ for(i = 0; i < size; ++i) {
+ id = (xmlSecXkmsServerRequestId)xmlSecPtrListGetItem(list, i);
+ if((id != xmlSecXkmsServerRequestIdUnknown) &&
+ xmlSecCheckNodeName(node, id->requestNodeName, id->requestNodeNs)) {
+
+ return(id);
+ }
+ }
+ return(xmlSecXkmsServerRequestIdUnknown);
+}
+
+/********************************************************************
+ *
+ * XML Sec Library ServerRequest Ids
+ *
+ *******************************************************************/
+
+
+/********************************************************************
+ *
+ * Result response
+ *
+ *******************************************************************/
+static int xmlSecXkmsServerRequestResultNodeWrite (xmlSecXkmsServerRequestId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+
+static xmlSecXkmsServerRequestKlass xmlSecXkmsServerRequestResultKlass = {
+ xmlSecXkmsServerRequestResultName, /* const xmlChar* name; */
+ NULL, /* const xmlChar* requestNodeName; */
+ NULL, /* const xmlChar* requestNodeNs; */
+ xmlSecNodeResult, /* const xmlChar* responseNodeName; */
+ xmlSecXkmsNs, /* const xmlChar* responseNodeNs; */
+ 0, /* xmlSecBitMask flags; */
+ NULL, /* xmlSecXkmsServerRequestNodeReadMethod readNode; */
+ xmlSecXkmsServerRequestResultNodeWrite, /* xmlSecXkmsServerRequestNodeWriteMethod writeNode; */
+ NULL, /* xmlSecXkmsServerRequestExecuteMethod execute; */
+ NULL, /* void* reserved1; */
+ NULL /* void* reserved2; */
+};
+
+/**
+ * xmlSecXkmsServerRequestResultGetKlass:
+ *
+ * The Result response klass.
+ *
+ * Returns: Result response klass.
+ */
+xmlSecXkmsServerRequestId
+xmlSecXkmsServerRequestResultGetKlass(void) {
+ return(&xmlSecXkmsServerRequestResultKlass);
+}
+
+static int
+xmlSecXkmsServerRequestResultNodeWrite(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
+ int ret;
+
+ xmlSecAssert2(id == xmlSecXkmsServerRequestResultId, -1);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* set missing parameters (if any) */
+ if(ctx->service == NULL) {
+ ctx->service = xmlStrdup((ctx->expectedService != NULL) ? ctx->expectedService : BAD_CAST "");
+ if(ctx->service == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlStrdup",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ /* first write the "parent" type */
+ ret = xmlSecXkmsServerCtxResultTypeNodeWrite(ctx, node);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxResultTypeNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/********************************************************************
+ *
+ * StatusRequest/StatusResponse
+ *
+ *******************************************************************/
+static int xmlSecXkmsServerRequestStatusNodeRead (xmlSecXkmsServerRequestId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+static int xmlSecXkmsServerRequestStatusNodeWrite (xmlSecXkmsServerRequestId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+
+static xmlSecXkmsServerRequestKlass xmlSecXkmsServerRequestStatusKlass = {
+ xmlSecXkmsServerRequestStatusName, /* const xmlChar* name; */
+ xmlSecNodeStatusRequest, /* const xmlChar* requestNodeName; */
+ xmlSecXkmsNs, /* const xmlChar* requestNodeNs; */
+ xmlSecNodeStatusResult, /* const xmlChar* responseNodeName; */
+ xmlSecXkmsNs, /* const xmlChar* responseNodeNs; */
+ 0, /* xmlSecBitMask flags; */
+ xmlSecXkmsServerRequestStatusNodeRead, /* xmlSecXkmsServerRequestNodeReadMethod readNode; */
+ xmlSecXkmsServerRequestStatusNodeWrite, /* xmlSecXkmsServerRequestNodeWriteMethod writeNode; */
+ NULL, /* xmlSecXkmsServerRequestExecuteMethod execute; */
+ NULL, /* void* reserved1; */
+ NULL /* void* reserved2; */
+};
+
+/**
+ * xmlSecXkmsServerRequestStatusGetKlass:
+ *
+ * The StatusRequest klass.
+ *
+ * Returns: StatusRequest klass.
+ */
+xmlSecXkmsServerRequestId
+xmlSecXkmsServerRequestStatusGetKlass(void) {
+ return(&xmlSecXkmsServerRequestStatusKlass);
+}
+
+/**
+ *
+ * <xkms:StatusRequest Id Service Nonce? OriginalRequestId? ResponseLimit? ResponseId?>
+ * <ds:Signature>?
+ * <xkms:MessageExtension>*
+ * (<xkms:OpaqueClientData>
+ * <xkms:OpaqueData>?
+ * )?
+ * <xkms:ResponseMechanism>*
+ * <xkms:RespondWith>*
+ * <xkms:PendingNotification Mechanism Identifier>?
+ *
+ * XML Schema:
+ * <!-- StatusRequest -->
+ * <element name="StatusRequest" type="xkms:StatusRequestType"/>
+ * <complexType name="StatusRequestType">
+ * <complexContent>
+ * <extension base="xkms:PendingRequestType"/>
+ * </complexContent>
+ * </complexType>
+ * <!-- /StatusRequest -->
+ */
+static int
+xmlSecXkmsServerRequestStatusNodeRead(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecXkmsServerRequestStatusId, -1);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ cur = node;
+
+ /* first read "parent" type */
+ ret = xmlSecXkmsServerCtxPendingRequestNodeRead(ctx, &cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxPendingRequestNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* check that there is nothing after the last node */
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ *
+ * <xkms:StatusResult Id Service Nonce? ResultMajor ResultMinor? RequestId? Success? Failure? Pending?>
+ * <ds:Signature>?
+ * <xkms:MessageExtension>*
+ * (<xkms:OpaqueClientData>
+ * <xkms:OpaqueData>?
+ * )?
+ * <xkms:RequestSignatureValue>*
+ *
+ * XML Schema:
+ *
+ * <!-- StatusResult -->
+ * <element name="StatusResult" type="xkms:StatusResultType"/>
+ * <complexType name="StatusResultType">
+ * <complexContent>
+ * <extension base="xkms:ResultType">
+ * <attribute name="Success" type="integer" use="optional"/>
+ * <attribute name="Failure" type="integer" use="optional"/>
+ * <attribute name="Pending" type="integer" use="optional"/>
+ * </extension>
+ * </complexContent>
+ * </complexType>
+ * <!-- /StatusResult --> *
+ */
+static int
+xmlSecXkmsServerRequestStatusNodeWrite(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
+ int ret;
+
+ xmlSecAssert2(id == xmlSecXkmsServerRequestStatusId, -1);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* first write the "parent" type */
+ ret = xmlSecXkmsServerCtxResultTypeNodeWrite(ctx, node);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxResultTypeNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* todo: add optional StatusResult attributes */
+ return(0);
+}
+
+/********************************************************************
+ *
+ * CompoundRequest/CompoundResponse
+ *
+ *******************************************************************/
+static int xmlSecXkmsServerRequestCompoundNodeRead (xmlSecXkmsServerRequestId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+static int xmlSecXkmsServerRequestCompoundNodeWrite(xmlSecXkmsServerRequestId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+static int xmlSecXkmsServerRequestCompoundExecute (xmlSecXkmsServerRequestId id,
+ xmlSecXkmsServerCtxPtr ctx);
+
+static xmlSecXkmsServerRequestKlass xmlSecXkmsServerRequestCompoundKlass = {
+ xmlSecXkmsServerRequestCompoundName, /* const xmlChar* name; */
+ xmlSecNodeCompoundRequest, /* const xmlChar* requestNodeName; */
+ xmlSecXkmsNs, /* const xmlChar* requestNodeNs; */
+ xmlSecNodeCompoundResult, /* const xmlChar* responseNodeName; */
+ xmlSecXkmsNs, /* const xmlChar* responseNodeNs; */
+ 0, /* xmlSecBitMask flags; */
+ xmlSecXkmsServerRequestCompoundNodeRead, /* xmlSecXkmsServerRequestNodeReadMethod readNode; */
+ xmlSecXkmsServerRequestCompoundNodeWrite, /* xmlSecXkmsServerRequestNodeWriteMethod writeNode; */
+ xmlSecXkmsServerRequestCompoundExecute, /* xmlSecXkmsServerRequestExecuteMethod execute; */
+ NULL, /* void* reserved1; */
+ NULL /* void* reserved2; */
+};
+
+/**
+ * xmlSecXkmsServerRequestCompoundGetKlass:
+ *
+ * The CompoundRequest klass.
+ *
+ * Returns: CompoundRequest klass.
+ */
+xmlSecXkmsServerRequestId
+xmlSecXkmsServerRequestCompoundGetKlass(void) {
+ return(&xmlSecXkmsServerRequestCompoundKlass);
+}
+
+/**
+ * <xkms:CompoundRequest Id Service Nonce? OriginalRequestId? ResponseLimit?>
+ * <ds:Signature>?
+ * <xkms:MessageExtension>*
+ * (<xkms:OpaqueClientData>
+ * <xkms:OpaqueData>?
+ * )?
+ * <xkms:ResponseMechanism>*
+ * <xkms:RespondWith>*
+ * <xkms:PendingNotification Mechanism Identifier>?
+ * (
+ * <xkms:LocateRequest>?
+ * <xkms:ValidateRequest>?
+ * <xkms:RegisterRequest>?
+ * <xkms:ReissueRequest>?
+ * <xkms:RecoverRequest>?
+ * <xkms:RevokeRequest>?
+ * )*
+ *
+ * XML Schema:
+ *
+ * <!-- CompoundRequest -->
+ * <element name="CompoundRequest" type="xkms:CompoundRequestType"/>
+ * <complexType name="CompoundRequestType">
+ * <complexContent>
+ * <extension base="xkms:RequestAbstractType">
+ * <choice maxOccurs="unbounded">
+ * <element ref="xkms:LocateRequest"/>
+ * <element ref="xkms:ValidateRequest"/>
+ * <element ref="xkms:RegisterRequest"/>
+ * <element ref="xkms:ReissueRequest"/>
+ * <element ref="xkms:RecoverRequest"/>
+ * <element ref="xkms:RevokeRequest"/>
+ * </choice>
+ * </extension>
+ * </complexContent>
+ * </complexType>
+ * <!-- /CompoundRequest -->
+ */
+static int
+xmlSecXkmsServerRequestCompoundNodeRead(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
+ xmlSecPtrListPtr serverRequestIdsList;
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecXkmsServerRequestCompoundId, -1);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ cur = node;
+
+ /* first read "parent" type */
+ ret = xmlSecXkmsServerCtxRequestAbstractTypeNodeRead(ctx, &cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxRequestAbstractTypeNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* create list for compound requests */
+ xmlSecAssert2(ctx->compoundRequestContexts == NULL, -1);
+ ctx->compoundRequestContexts = xmlSecPtrListCreate(xmlSecXkmsServerCtxPtrListId);
+ if(ctx->compoundRequestContexts == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* get the list of enabled or all request klasses */
+ if(xmlSecPtrListGetSize(&(ctx->enabledServerRequestIds)) > 0) {
+ serverRequestIdsList = &(ctx->enabledServerRequestIds);
+ } else {
+ serverRequestIdsList = xmlSecXkmsServerRequestIdsGet();
+ }
+ xmlSecAssert2(serverRequestIdsList != NULL, -1);
+
+ while(cur != NULL) {
+ xmlSecXkmsServerCtxPtr ctxChild;
+
+ /* create a new context */
+ ctxChild = xmlSecXkmsServerCtxCreate(ctx->keyInfoReadCtx.keysMngr);
+ if(ctxChild == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* copy all settings from us */
+ ret = xmlSecXkmsServerCtxCopyUserPref(ctxChild, ctx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxCopyUserPref",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxDestroy(ctxChild);
+ return(-1);
+ }
+
+ /* add it to the list */
+ ret = xmlSecPtrListAdd(ctx->compoundRequestContexts, ctxChild);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxDestroy(ctxChild);
+ return(-1);
+ }
+
+ /* and now process request from current node */
+ ctxChild->requestId = xmlSecXkmsServerRequestIdListFindByNode(serverRequestIdsList, cur);
+ if((ctxChild->requestId == xmlSecXkmsServerRequestIdUnknown) ||
+ ((ctxChild->requestId->flags & XMLSEC_XKMS_SERVER_REQUEST_KLASS_ALLOWED_IN_COUMPOUND) == 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerRequestIdListFindByNode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(node->name));
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorMessageNotSupported);
+ return(-1);
+ }
+
+ ret = xmlSecXkmsServerRequestNodeRead(ctxChild->requestId, ctxChild, cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerRequestNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "request=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(ctxChild->requestId)));
+ xmlSecXkmsServerCtxSetResult(ctxChild, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* check that there is nothing after the last node */
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * <xkms:CompoundResult Id Service Nonce? ResultMajor ResultMinor? RequestId?>
+ * <ds:Signature>?
+ * <xkms:MessageExtension>*
+ * (<xkms:OpaqueClientData>
+ * <xkms:OpaqueData>?
+ * )?
+ * <xkms:RequestSignatureValue>*
+ * (
+ * <xkms:LocateResult>?
+ * <xkms:ValidateResult>?
+ * <xkms:RegisterResult>?
+ * <xkms:ReissueResult>?
+ * <xkms:RecoverResult>?
+ * <xkms:RevokeResult>?
+ * )*
+ *
+ *
+ * XML Schema:
+ *
+ * <!-- CompoundResponse -->
+ * <element name="CompoundResult" type="xkms:CompoundResultType"/>
+ * <complexType name="CompoundResultType">
+ * <complexContent>
+ * <extension base="xkms:ResultType">
+ * <choice maxOccurs="unbounded">
+ * <element ref="xkms:LocateResult"/>
+ * <element ref="xkms:ValidateResult"/>
+ * <element ref="xkms:RegisterResult"/>
+ * <element ref="xkms:ReissueResult"/>
+ * <element ref="xkms:RecoverResult"/>
+ * <element ref="xkms:RevokeResult"/>
+ * </choice>
+ * </extension>
+ * </complexContent>
+ * </complexType>
+ * <!-- /CompoundResponse -->
+ */
+static int
+xmlSecXkmsServerRequestCompoundNodeWrite(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
+ int ret;
+
+ xmlSecAssert2(id == xmlSecXkmsServerRequestCompoundId, -1);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* walk thru the list of chilren and pickup first error */
+ if(ctx->compoundRequestContexts != NULL) {
+ xmlSecSize pos;
+
+ for(pos = 0; pos < xmlSecPtrListGetSize(ctx->compoundRequestContexts); pos++) {
+ xmlSecXkmsServerCtxPtr ctxChild;
+
+ ctxChild = (xmlSecXkmsServerCtxPtr)xmlSecPtrListGetItem(ctx->compoundRequestContexts, pos);
+ if(ctxChild == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListGetItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if(ctxChild->resultMajor != xmlSecXkmsResultMajorSuccess) {
+ xmlSecXkmsServerCtxSetResult(ctx, ctxChild->resultMajor, ctxChild->resultMinor);
+ break;
+ }
+ }
+ }
+
+ /* first write the "parent" type */
+ ret = xmlSecXkmsServerCtxResultTypeNodeWrite(ctx, node);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxResultTypeNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* write compound result */
+ if(ctx->compoundRequestContexts != NULL) {
+ xmlSecSize pos;
+
+ for(pos = 0; pos < xmlSecPtrListGetSize(ctx->compoundRequestContexts); pos++) {
+ xmlSecXkmsServerCtxPtr ctxChild;
+ xmlNodePtr cur;
+
+ ctxChild = (xmlSecXkmsServerCtxPtr)xmlSecPtrListGetItem(ctx->compoundRequestContexts, pos);
+ if(ctxChild == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListGetItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ cur = xmlSecXkmsServerRequestNodeWrite(ctxChild->requestId, ctxChild, node->doc, node);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerRequestNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "request=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(ctxChild->requestId)));
+ return(-1);
+ }
+
+ if(xmlSecAddChildNode(node, cur) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChildNode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFreeNode(cur);
+ return(-1);
+ }
+ }
+ }
+
+ return(0);
+}
+
+static int
+xmlSecXkmsServerRequestCompoundExecute(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx) {
+ int ret;
+
+ xmlSecAssert2(id == xmlSecXkmsServerRequestCompoundId, -1);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if(ctx->compoundRequestContexts != NULL) {
+ xmlSecSize pos;
+
+ for(pos = 0; pos < xmlSecPtrListGetSize(ctx->compoundRequestContexts); pos++) {
+ xmlSecXkmsServerCtxPtr ctxChild;
+
+ ctxChild = (xmlSecXkmsServerCtxPtr)xmlSecPtrListGetItem(ctx->compoundRequestContexts, pos);
+ if(ctxChild == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListGetItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorReceiver, xmlSecXkmsResultMinorFailure);
+ continue;
+ }
+
+ ret = xmlSecXkmsServerRequestExecute(ctxChild->requestId, ctxChild);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerRequestExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "request=%s",
+ xmlSecErrorsSafeString(xmlSecXkmsServerRequestKlassGetName(ctxChild->requestId)));
+ xmlSecXkmsServerCtxSetResult(ctxChild, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorFailure);
+ continue;
+ }
+ }
+ }
+
+ return(0);
+}
+
+
+/********************************************************************
+ *
+ * LocateRequest/LocateResponse
+ *
+ *******************************************************************/
+static int xmlSecXkmsServerRequestLocateNodeRead (xmlSecXkmsServerRequestId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+static int xmlSecXkmsServerRequestLocateNodeWrite (xmlSecXkmsServerRequestId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+static int xmlSecXkmsServerRequestLocateExecute (xmlSecXkmsServerRequestId id,
+ xmlSecXkmsServerCtxPtr ctx);
+
+static xmlSecXkmsServerRequestKlass xmlSecXkmsServerRequestLocateKlass = {
+ xmlSecXkmsServerRequestLocateName, /* const xmlChar* name; */
+ xmlSecNodeLocateRequest, /* const xmlChar* requestNodeName; */
+ xmlSecXkmsNs, /* const xmlChar* requestNodeNs; */
+ xmlSecNodeLocateResult, /* const xmlChar* responseNodeName; */
+ xmlSecXkmsNs, /* const xmlChar* responseNodeNs; */
+ XMLSEC_XKMS_SERVER_REQUEST_KLASS_ALLOWED_IN_COUMPOUND, /* xmlSecBitMask flags; */
+ xmlSecXkmsServerRequestLocateNodeRead, /* xmlSecXkmsServerRequestNodeReadMethod readNode; */
+ xmlSecXkmsServerRequestLocateNodeWrite, /* xmlSecXkmsServerRequestNodeWriteMethod writeNode; */
+ xmlSecXkmsServerRequestLocateExecute, /* xmlSecXkmsServerRequestExecuteMethod execute; */
+ NULL, /* void* reserved1; */
+ NULL /* void* reserved2; */
+};
+
+/**
+ * xmlSecXkmsServerRequestLocateGetKlass:
+ *
+ * The LocateRequest klass.
+ *
+ * Returns: LocateRequest klass.
+ */
+xmlSecXkmsServerRequestId
+xmlSecXkmsServerRequestLocateGetKlass(void) {
+ return(&xmlSecXkmsServerRequestLocateKlass);
+}
+
+/**
+ * <xkms:LocateRequest Id Service Nonce? OriginalRequestId? ResponseLimit?>
+ * <ds:Signature>?
+ * <xkms:MessageExtension>*
+ * (<xkms:OpaqueClientData>
+ * <xkms:OpaqueData>?
+ * )?
+ * <xkms:ResponseMechanism>*
+ * <xkms:RespondWith>*
+ * <xkms:PendingNotification Mechanism Identifier>?
+ * <xkms:QueryKeyBinding Id?>
+ * <ds:KeyInfo>?
+ * <xkms:KeyUsage>?
+ * <xkms:KeyUsage>?
+ * <xkms:KeyUsage>?
+ * <xkms:UseKeyWith Application Identifier>*
+ * <xkms:TimeInstant Time>?
+ *
+ * XML Schema:
+ *
+ * <!-- LocateRequest -->
+ * <element name="LocateRequest" type="xkms:LocateRequestType"/>
+ * <complexType name="LocateRequestType">
+ * <complexContent>
+ * <extension base="xkms:RequestAbstractType">
+ * <sequence>
+ * <element ref="xkms:QueryKeyBinding"/>
+ * </sequence>
+ * </extension>
+ * </complexContent>
+ * </complexType>
+ * <!-- /LocateRequest -->
+ */
+static int
+xmlSecXkmsServerRequestLocateNodeRead(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecXkmsServerRequestLocateId, -1);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ cur = node;
+
+ /* first read "parent" type */
+ ret = xmlSecXkmsServerCtxRequestAbstractTypeNodeRead(ctx, &cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxRequestAbstractTypeNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* now read required <xkms:QueryKeyBinding/> node */
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeQueryKeyBinding, xmlSecXkmsNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeQueryKeyBinding));
+ return(-1);
+ }
+
+ /* read <xkms:QueryKeyBinding/> node */
+ ret = xmlSecXkmsServerCtxQueryKeyBindingNodeRead(ctx, cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxQueryKeyBindingNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ /* check that there is nothing after the last node */
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * <xkms:LocateResult Id Service Nonce? ResultMajor ResultMinor? RequestId?>
+ * <ds:Signature>?
+ * <xkms:MessageExtension>*
+ * (<xkms:OpaqueClientData>
+ * <xkms:OpaqueData>?
+ * )?
+ * <xkms:RequestSignatureValue>*
+ * (<xkms:UnverifiedKeyBinding Id?>
+ * <ds:KeyInfo>?
+ * <xkms:KeyUsage>?
+ * <xkms:KeyUsage>?
+ * <xkms:KeyUsage>?
+ * <xkms:UseKeyWith Application Identifier>*
+ * <xkms:ValidityInterval NotBefore NotOnOrAfter>?
+ * )*
+ *
+ * XML Schema:
+ * <!-- LocateResult -->
+ * <element name="LocateResult" type="xkms:LocateResultType"/>
+ * <complexType name="LocateResultType">
+ * <complexContent>
+ * <extension base="xkms:ResultType">
+ * <sequence>
+ * <element ref="xkms:UnverifiedKeyBinding" minOccurs="0"
+ * maxOccurs="unbounded"/>
+ * </sequence>
+ * </extension>
+ * </complexContent>
+ * </complexType>
+ * <!-- /LocateResult -->
+ */
+static int
+xmlSecXkmsServerRequestLocateNodeWrite(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
+ xmlSecSize pos, size;
+ xmlSecKeyPtr key;
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecXkmsServerRequestLocateId, -1);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* first write the "parent" type */
+ ret = xmlSecXkmsServerCtxResultTypeNodeWrite(ctx, node);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxResultTypeNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* write keys in <xkms:UnverifiedKeyBinding> nodes */
+ size = xmlSecPtrListGetSize(&(ctx->keys));
+ for(pos = 0; pos < size; ++pos) {
+ key = (xmlSecKeyPtr)xmlSecPtrListGetItem(&(ctx->keys), pos);
+ if(key == NULL) {
+ continue;
+ }
+
+ cur = xmlSecAddChild(node, xmlSecNodeUnverifiedKeyBinding, xmlSecXkmsNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeUnverifiedKeyBinding));
+ return(-1);
+ }
+
+ ret = xmlSecXkmsServerCtxUnverifiedKeyBindingNodeWrite(ctx, cur, key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxUnverifiedKeyBindingNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ return(0);
+}
+
+static int
+xmlSecXkmsServerRequestLocateExecute(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx) {
+ xmlSecKeyPtr key = NULL;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecXkmsServerRequestLocateId, -1);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ /* now we are ready to search for key */
+ if((ctx->keyInfoReadCtx.keysMngr != NULL) && (ctx->keyInfoReadCtx.keysMngr->getKey != NULL)) {
+ /* todo: set parameters to locate but not validate the key */
+ key = (ctx->keyInfoReadCtx.keysMngr->getKey)(ctx->keyInfoNode, &(ctx->keyInfoReadCtx));
+ }
+
+ /* check that we got what we needed */
+ if((key == NULL) || (!xmlSecKeyMatch(key, NULL, &(ctx->keyInfoReadCtx.keyReq)))) {
+ if(key != NULL) {
+ xmlSecKeyDestroy(key);
+ }
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorNoMatch);
+ return(-1);
+ }
+
+ xmlSecAssert2(key != NULL, -1);
+ ret = xmlSecPtrListAdd(&(ctx->keys), key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(key);
+ return(-1);
+ }
+
+ return(0);
+}
+
+
+/********************************************************************
+ *
+ * ValidateRequest/ValidateResponse
+ *
+ *******************************************************************/
+static int xmlSecXkmsServerRequestValidateNodeRead (xmlSecXkmsServerRequestId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+static int xmlSecXkmsServerRequestValidateNodeWrite(xmlSecXkmsServerRequestId id,
+ xmlSecXkmsServerCtxPtr ctx,
+ xmlNodePtr node);
+static int xmlSecXkmsServerRequestValidateExecute (xmlSecXkmsServerRequestId id,
+ xmlSecXkmsServerCtxPtr ctx);
+
+static xmlSecXkmsServerRequestKlass xmlSecXkmsServerRequestValidateKlass = {
+ xmlSecXkmsServerRequestValidateName, /* const xmlChar* name; */
+ xmlSecNodeValidateRequest, /* const xmlChar* requestNodeName; */
+ xmlSecXkmsNs, /* const xmlChar* requestNodeNs; */
+ xmlSecNodeValidateResult, /* const xmlChar* responseNodeName; */
+ xmlSecXkmsNs, /* const xmlChar* responseNodeNs; */
+ XMLSEC_XKMS_SERVER_REQUEST_KLASS_ALLOWED_IN_COUMPOUND, /* xmlSecBitMask flags; */
+ xmlSecXkmsServerRequestValidateNodeRead, /* xmlSecXkmsServerRequestNodeReadMethod readNode; */
+ xmlSecXkmsServerRequestValidateNodeWrite, /* xmlSecXkmsServerRequestNodeWriteMethod writeNode; */
+ xmlSecXkmsServerRequestValidateExecute, /* xmlSecXkmsServerRequestExecuteMethod execute; */
+ NULL, /* void* reserved1; */
+ NULL /* void* reserved2; */
+};
+
+/**
+ * xmlSecXkmsServerRequestValidateGetKlass:
+ *
+ * The ValidateRequest klass.
+ *
+ * Returns: ValidateRequest klass.
+ */
+xmlSecXkmsServerRequestId
+xmlSecXkmsServerRequestValidateGetKlass(void) {
+ return(&xmlSecXkmsServerRequestValidateKlass);
+}
+
+/**
+ * <xkms:ValidateRequest Id Service Nonce? OriginalRequestId? ResponseLimit?>
+ * <ds:Signature>?
+ * <xkms:MessageExtension>*
+ * (<xkms:OpaqueClientData>
+ * <xkms:OpaqueData>?
+ * )?
+ * <xkms:ResponseMechanism>*
+ * <xkms:RespondWith>*
+ * <xkms:PendingNotification Mechanism Identifier>?
+ * <xkms:QueryKeyBinding Id?>
+ * <ds:KeyInfo>?
+ * <xkms:KeyUsage>?
+ * <xkms:KeyUsage>?
+ * <xkms:KeyUsage>?
+ * <xkms:UseKeyWith Application Identifier>*
+ * <xkms:TimeInstant Time>?
+ *
+ * XML Schema:
+ *
+ * <!-- ValidateRequest -->
+ * <element name="ValidateRequest" type="xkms:ValidateRequestType"/>
+ * <complexType name="ValidateRequestType">
+ * <complexContent>
+ * <extension base="xkms:RequestAbstractType">
+ * <sequence>
+ * <element ref="xkms:QueryKeyBinding"/>
+ * </sequence>
+ * </extension>
+ * </complexContent>
+ * </complexType>
+ * <!-- /ValidateRequest -->
+ */
+static int
+xmlSecXkmsServerRequestValidateNodeRead(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecXkmsServerRequestValidateId, -1);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ cur = node;
+
+ /* first read "parent" type */
+ ret = xmlSecXkmsServerCtxRequestAbstractTypeNodeRead(ctx, &cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxRequestAbstractTypeNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* now read required <xkms:QueryKeyBinding/> node */
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeQueryKeyBinding, xmlSecXkmsNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeQueryKeyBinding));
+ return(-1);
+ }
+
+ /* read <xkms:QueryKeyBinding/> node */
+ ret = xmlSecXkmsServerCtxQueryKeyBindingNodeRead(ctx, cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxQueryKeyBindingNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ /* check that there is nothing after the last node */
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * <xkms:ValidateResult Id Service Nonce? ResultMajor ResultMinor? RequestId?>
+ * <ds:Signature>?
+ * <xkms:MessageExtension>*
+ * (<xkms:OpaqueClientData>
+ * <xkms:OpaqueData>?
+ * )?
+ * <xkms:RequestSignatureValue>*
+ * (<xkms:KeyBinding Id?>
+ * <ds:KeyInfo>?
+ * <xkms:KeyUsage>?
+ * <xkms:KeyUsage>?
+ * <xkms:KeyUsage>?
+ * <xkms:UseKeyWith Application Identifier>*
+ * <xkms:ValidityInterval NotBefore NotOnOrAfter>?
+ * <xkms:Status StatusValue>
+ * (<xkms:ValidReason>?
+ * <xkms:IndeterminateReason>?
+ * <xkms:InvalidReason>?
+ * )*
+ * )*
+ *
+ * XML Schema:
+ *
+ * <!-- ValidateResult -->
+ * <element name="ValidateResult" type="xkms:ValidateResultType"/>
+ * <complexType name="ValidateResultType">
+ * <complexContent>
+ * <extension base="xkms:ResultType">
+ * <sequence>
+ * <element ref="xkms:KeyBinding" minOccurs="0"
+ * maxOccurs="unbounded"/>
+ * </sequence>
+ * </extension>
+ * </complexContent>
+ * </complexType>
+ * <!-- /ValidateResult -->
+ */
+static int
+xmlSecXkmsServerRequestValidateNodeWrite(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx, xmlNodePtr node) {
+ xmlSecSize pos, size;
+ xmlSecKeyPtr key;
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecXkmsServerRequestValidateId, -1);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* first write the "parent" type */
+ ret = xmlSecXkmsServerCtxResultTypeNodeWrite(ctx, node);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxResultTypeNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* write keys in <xkms:UnverifiedKeyBinding> nodes */
+ size = xmlSecPtrListGetSize(&(ctx->keys));
+ for(pos = 0; pos < size; ++pos) {
+ key = (xmlSecKeyPtr)xmlSecPtrListGetItem(&(ctx->keys), pos);
+ if(key == NULL) {
+ continue;
+ }
+
+ cur = xmlSecAddChild(node, xmlSecNodeUnverifiedKeyBinding, xmlSecXkmsNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeUnverifiedKeyBinding));
+ return(-1);
+ }
+
+ ret = xmlSecXkmsServerCtxKeyBindingNodeWrite(ctx, cur, key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerCtxKeyBindingNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ return(0);
+}
+
+static int
+xmlSecXkmsServerRequestValidateExecute(xmlSecXkmsServerRequestId id, xmlSecXkmsServerCtxPtr ctx) {
+ xmlSecKeyPtr key = NULL;
+ int ret;
+
+ xmlSecAssert2(id == xmlSecXkmsServerRequestValidateId, -1);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ /* now we are ready to search for key */
+ if((ctx->keyInfoReadCtx.keysMngr != NULL) && (ctx->keyInfoReadCtx.keysMngr->getKey != NULL)) {
+ key = (ctx->keyInfoReadCtx.keysMngr->getKey)(ctx->keyInfoNode, &(ctx->keyInfoReadCtx));
+ }
+
+ /* check that we got what we needed */
+ if((key == NULL) || (!xmlSecKeyMatch(key, NULL, &(ctx->keyInfoReadCtx.keyReq)))) {
+ if(key != NULL) {
+ xmlSecKeyDestroy(key);
+ }
+ xmlSecXkmsServerCtxSetResult(ctx, xmlSecXkmsResultMajorSender, xmlSecXkmsResultMinorNoMatch);
+ return(-1);
+ }
+
+ xmlSecAssert2(key != NULL, -1);
+ ret = xmlSecPtrListAdd(&(ctx->keys), key);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDestroy(key);
+ return(-1);
+ }
+
+ return(0);
+}
+
+#endif /* XMLSEC_NO_XKMS */
+
diff --git a/src/xmldsig.c b/src/xmldsig.c
new file mode 100644
index 00000000..cec9ca6b
--- /dev/null
+++ b/src/xmldsig.c
@@ -0,0 +1,1795 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * "XML Digital Signature" implementation
+ * http://www.w3.org/TR/xmldsig-core/
+ * http://www.w3.org/Signature/Overview.html
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#ifndef XMLSEC_NO_XMLDSIG
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <libxml/tree.h>
+#include <libxml/parser.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/buffer.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/membuf.h>
+#include <xmlsec/xmldsig.h>
+#include <xmlsec/errors.h>
+
+/**************************************************************************
+ *
+ * xmlSecDSigCtx
+ *
+ *************************************************************************/
+static int xmlSecDSigCtxProcessSignatureNode (xmlSecDSigCtxPtr dsigCtx,
+ xmlNodePtr node);
+static int xmlSecDSigCtxProcessSignedInfoNode (xmlSecDSigCtxPtr dsigCtx,
+ xmlNodePtr node);
+static int xmlSecDSigCtxProcessKeyInfoNode (xmlSecDSigCtxPtr dsigCtx,
+ xmlNodePtr node);
+static int xmlSecDSigCtxProcessObjectNode (xmlSecDSigCtxPtr dsigCtx,
+ xmlNodePtr node);
+static int xmlSecDSigCtxProcessManifestNode (xmlSecDSigCtxPtr dsigCtx,
+ xmlNodePtr node);
+
+/* The ID attribute in XMLDSig is 'Id' */
+static const xmlChar* xmlSecDSigIds[] = { xmlSecAttrId, NULL };
+
+/**
+ * xmlSecDSigCtxCreate:
+ * @keysMngr: the pointer to keys manager.
+ *
+ * Creates <dsig:Signature/> element processing context.
+ * The caller is responsible for destroying returned object by calling
+ * #xmlSecDSigCtxDestroy function.
+ *
+ * Returns: pointer to newly allocated context object or NULL if an error
+ * occurs.
+ */
+xmlSecDSigCtxPtr
+xmlSecDSigCtxCreate(xmlSecKeysMngrPtr keysMngr) {
+ xmlSecDSigCtxPtr dsigCtx;
+ int ret;
+
+ dsigCtx = (xmlSecDSigCtxPtr) xmlMalloc(sizeof(xmlSecDSigCtx));
+ if(dsigCtx == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "sizeof(xmlSecDSigCtx)=%d",
+ sizeof(xmlSecDSigCtx));
+ return(NULL);
+ }
+
+ ret = xmlSecDSigCtxInitialize(dsigCtx, keysMngr);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecDSigCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecDSigCtxDestroy(dsigCtx);
+ return(NULL);
+ }
+ return(dsigCtx);
+}
+
+/**
+ * xmlSecDSigCtxDestroy:
+ * @dsigCtx: the pointer to <dsig:Signature/> processing context.
+ *
+ * Destroy context object created with #xmlSecDSigCtxCreate function.
+ */
+void
+xmlSecDSigCtxDestroy(xmlSecDSigCtxPtr dsigCtx) {
+ xmlSecAssert(dsigCtx != NULL);
+
+ xmlSecDSigCtxFinalize(dsigCtx);
+ xmlFree(dsigCtx);
+}
+
+/**
+ * xmlSecDSigCtxInitialize:
+ * @dsigCtx: the pointer to <dsig:Signature/> processing context.
+ * @keysMngr: the pointer to keys manager.
+ *
+ * Initializes <dsig:Signature/> element processing context.
+ * The caller is responsible for cleaning up returned object by calling
+ * #xmlSecDSigCtxFinalize function.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecDSigCtxInitialize(xmlSecDSigCtxPtr dsigCtx, xmlSecKeysMngrPtr keysMngr) {
+ int ret;
+
+ xmlSecAssert2(dsigCtx != NULL, -1);
+
+ memset(dsigCtx, 0, sizeof(xmlSecDSigCtx));
+
+ /* initialize key info */
+ ret = xmlSecKeyInfoCtxInitialize(&(dsigCtx->keyInfoReadCtx), keysMngr);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyInfoCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ dsigCtx->keyInfoReadCtx.mode = xmlSecKeyInfoModeRead;
+
+ ret = xmlSecKeyInfoCtxInitialize(&(dsigCtx->keyInfoWriteCtx), keysMngr);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyInfoCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ dsigCtx->keyInfoWriteCtx.mode = xmlSecKeyInfoModeWrite;
+ /* it's not wise to write private key :) */
+ dsigCtx->keyInfoWriteCtx.keyReq.keyType = xmlSecKeyDataTypePublic;
+
+ /* initializes transforms dsigCtx */
+ ret = xmlSecTransformCtxInitialize(&(dsigCtx->transformCtx));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* references lists from SignedInfo and Manifest elements */
+ xmlSecPtrListInitialize(&(dsigCtx->signedInfoReferences),
+ xmlSecDSigReferenceCtxListId);
+ xmlSecPtrListInitialize(&(dsigCtx->manifestReferences),
+ xmlSecDSigReferenceCtxListId);
+
+ dsigCtx->enabledReferenceUris = xmlSecTransformUriTypeAny;
+ return(0);
+}
+
+/**
+ * xmlSecDSigCtxFinalize:
+ * @dsigCtx: the pointer to <dsig:Signature/> processing context.
+ *
+ * Cleans up @dsigCtx object initialized with #xmlSecDSigCtxInitialize function.
+ */
+void
+xmlSecDSigCtxFinalize(xmlSecDSigCtxPtr dsigCtx) {
+ xmlSecAssert(dsigCtx != NULL);
+
+ xmlSecTransformCtxFinalize(&(dsigCtx->transformCtx));
+ xmlSecKeyInfoCtxFinalize(&(dsigCtx->keyInfoReadCtx));
+ xmlSecKeyInfoCtxFinalize(&(dsigCtx->keyInfoWriteCtx));
+ xmlSecPtrListFinalize(&(dsigCtx->signedInfoReferences));
+ xmlSecPtrListFinalize(&(dsigCtx->manifestReferences));
+
+ if(dsigCtx->enabledReferenceTransforms != NULL) {
+ xmlSecPtrListDestroy(dsigCtx->enabledReferenceTransforms);
+ }
+ if(dsigCtx->signKey != NULL) {
+ xmlSecKeyDestroy(dsigCtx->signKey);
+ }
+ if(dsigCtx->id != NULL) {
+ xmlFree(dsigCtx->id);
+ }
+ memset(dsigCtx, 0, sizeof(xmlSecDSigCtx));
+}
+
+/**
+ * xmlSecDSigCtxEnableReferenceTransform:
+ * @dsigCtx: the pointer to <dsig:Signature/> processing context.
+ * @transformId: the transform klass.
+ *
+ * Enables @transformId for <dsig:Reference/> elements processing.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecDSigCtxEnableReferenceTransform(xmlSecDSigCtxPtr dsigCtx, xmlSecTransformId transformId) {
+ int ret;
+
+ xmlSecAssert2(dsigCtx != NULL, -1);
+ xmlSecAssert2(dsigCtx->result == NULL, -1);
+ xmlSecAssert2(transformId != xmlSecTransformIdUnknown, -1);
+
+ if(dsigCtx->enabledReferenceTransforms == NULL) {
+ dsigCtx->enabledReferenceTransforms = xmlSecPtrListCreate(xmlSecTransformIdListId);
+ if(dsigCtx->enabledReferenceTransforms == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ ret = xmlSecPtrListAdd(dsigCtx->enabledReferenceTransforms, (void*)transformId);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+/**
+ * xmlSecDSigCtxEnableSignatureTransform:
+ * @dsigCtx: the pointer to <dsig:Signature/> processing context.
+ * @transformId: the transform klass.
+ *
+ * Enables @transformId for <dsig:SignedInfo/> element processing.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecDSigCtxEnableSignatureTransform(xmlSecDSigCtxPtr dsigCtx, xmlSecTransformId transformId) {
+ xmlSecAssert2(dsigCtx != NULL, -1);
+ xmlSecAssert2(dsigCtx->result == NULL, -1);
+ xmlSecAssert2(transformId != xmlSecTransformIdUnknown, -1);
+
+ return(xmlSecPtrListAdd(&(dsigCtx->transformCtx.enabledTransforms), (void*)transformId));
+}
+
+/**
+ * xmlSecDSigCtxGetPreSignBuffer:
+ * @dsigCtx: the pointer to <dsig:Signature/> processing context.
+ *
+ * Gets pointer to the buffer with serialized <dsig:SignedInfo/> element
+ * just before signature claculation (valid if and only if
+ * #XMLSEC_DSIG_FLAGS_STORE_SIGNATURE context flag is set.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+xmlSecBufferPtr
+xmlSecDSigCtxGetPreSignBuffer(xmlSecDSigCtxPtr dsigCtx) {
+ xmlSecAssert2(dsigCtx != NULL, NULL);
+
+ return((dsigCtx->preSignMemBufMethod != NULL) ?
+ xmlSecTransformMemBufGetBuffer(dsigCtx->preSignMemBufMethod) : NULL);
+}
+
+/**
+ * xmlSecDSigCtxSign:
+ * @dsigCtx: the pointer to <dsig:Signature/> processing context.
+ * @tmpl: the pointer to <dsig:Signature/> node with signature template.
+ *
+ * Signs the data as described in @tmpl node.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecDSigCtxSign(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr tmpl) {
+ int ret;
+
+ xmlSecAssert2(dsigCtx != NULL, -1);
+ xmlSecAssert2(dsigCtx->result == NULL, -1);
+ xmlSecAssert2(tmpl != NULL, -1);
+ xmlSecAssert2(tmpl->doc != NULL, -1);
+
+ /* add ids for Signature nodes */
+ dsigCtx->operation = xmlSecTransformOperationSign;
+ dsigCtx->status = xmlSecDSigStatusUnknown;
+ xmlSecAddIDs(tmpl->doc, tmpl, xmlSecDSigIds);
+
+ /* read signature template */
+ ret = xmlSecDSigCtxProcessSignatureNode(dsigCtx, tmpl);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecDSigCtxSigantureProcessNode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ xmlSecAssert2(dsigCtx->signMethod != NULL, -1);
+ xmlSecAssert2(dsigCtx->signValueNode != NULL, -1);
+
+ /* references processing might change the status */
+ if(dsigCtx->status != xmlSecDSigStatusUnknown) {
+ return(0);
+ }
+
+ /* check what we've got */
+ dsigCtx->result = dsigCtx->transformCtx.result;
+ if((dsigCtx->result == NULL) || (xmlSecBufferGetData(dsigCtx->result) == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_RESULT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* write signed data to xml */
+ xmlNodeSetContentLen(dsigCtx->signValueNode,
+ xmlSecBufferGetData(dsigCtx->result),
+ xmlSecBufferGetSize(dsigCtx->result));
+
+ /* set success status and we are done */
+ dsigCtx->status = xmlSecDSigStatusSucceeded;
+ return(0);
+}
+
+/**
+ * xmlSecDSigCtxVerify:
+ * @dsigCtx: the pointer to <dsig:Signature/> processing context.
+ * @node: the pointer with <dsig:Signature/> node.
+ *
+ * Vaidates signature in the @node. The verification result is returned
+ * in #status member of the @dsigCtx object.
+ *
+ * Returns: 0 on success (check #status member of @dsigCtx to get
+ * signature verification result) or a negative value if an error occurs.
+ */
+int
+xmlSecDSigCtxVerify(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) {
+ int ret;
+
+ xmlSecAssert2(dsigCtx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(node->doc != NULL, -1);
+
+ /* add ids for Signature nodes */
+ dsigCtx->operation = xmlSecTransformOperationVerify;
+ dsigCtx->status = xmlSecDSigStatusUnknown;
+ xmlSecAddIDs(node->doc, node, xmlSecDSigIds);
+
+ /* read siganture info */
+ ret = xmlSecDSigCtxProcessSignatureNode(dsigCtx, node);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecDSigCtxSigantureProcessNode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ xmlSecAssert2(dsigCtx->signMethod != NULL, -1);
+ xmlSecAssert2(dsigCtx->signValueNode != NULL, -1);
+
+ /* references processing might change the status */
+ if(dsigCtx->status != xmlSecDSigStatusUnknown) {
+ return(0);
+ }
+
+ /* verify SignatureValue node content */
+ ret = xmlSecTransformVerifyNodeContent(dsigCtx->signMethod, dsigCtx->signValueNode,
+ &(dsigCtx->transformCtx));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformVerifyNodeContent",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* set status and we are done */
+ if(dsigCtx->signMethod->status == xmlSecTransformStatusOk) {
+ dsigCtx->status = xmlSecDSigStatusSucceeded;
+ } else {
+ dsigCtx->status = xmlSecDSigStatusInvalid;
+ }
+ return(0);
+}
+
+/**
+ * xmlSecDSigCtxProcessSignatureNode:
+ *
+ * The Signature element (http://www.w3.org/TR/xmldsig-core/#sec-Signature)
+ *
+ * The Signature element is the root element of an XML Signature.
+ * Implementation MUST generate laxly schema valid [XML-schema] Signature
+ * elements as specified by the following schema:
+ * The way in which the SignedInfo element is presented to the
+ * canonicalization method is dependent on that method. The following
+ * applies to algorithms which process XML as nodes or characters:
+ *
+ * - XML based canonicalization implementations MUST be provided with
+ * a [XPath] node-set originally formed from the document containing
+ * the SignedInfo and currently indicating the SignedInfo, its descendants,
+ * and the attribute and namespace nodes of SignedInfo and its descendant
+ * elements.
+ *
+ * - Text based canonicalization algorithms (such as CRLF and charset
+ * normalization) should be provided with the UTF-8 octets that represent
+ * the well-formed SignedInfo element, from the first character to the
+ * last character of the XML representation, inclusive. This includes
+ * the entire text of the start and end tags of the SignedInfo element
+ * as well as all descendant markup and character data (i.e., the text)
+ * between those tags. Use of text based canonicalization of SignedInfo
+ * is NOT RECOMMENDED.
+ *
+ * =================================
+ * we do not support any non XML based C14N
+ *
+ * Schema Definition:
+ *
+ * <element name="Signature" type="ds:SignatureType"/>
+ * <complexType name="SignatureType">
+ * <sequence>
+ * <element ref="ds:SignedInfo"/>
+ * <element ref="ds:SignatureValue"/>
+ * <element ref="ds:KeyInfo" minOccurs="0"/>
+ * <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>
+ * </sequence> <attribute name="Id" type="ID" use="optional"/>
+ * </complexType>
+ *
+ * DTD:
+ *
+ * <!ELEMENT Signature (SignedInfo, SignatureValue, KeyInfo?, Object*) >
+ * <!ATTLIST Signature
+ * xmlns CDATA #FIXED 'http://www.w3.org/2000/09/xmldsig#'
+ * Id ID #IMPLIED >
+ *
+ */
+static int
+xmlSecDSigCtxProcessSignatureNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) {
+ xmlSecTransformDataType firstType;
+ xmlNodePtr signedInfoNode = NULL;
+ xmlNodePtr keyInfoNode = NULL;
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(dsigCtx != NULL, -1);
+ xmlSecAssert2((dsigCtx->operation == xmlSecTransformOperationSign) || (dsigCtx->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(dsigCtx->status == xmlSecDSigStatusUnknown, -1);
+ xmlSecAssert2(dsigCtx->signValueNode == NULL, -1);
+ xmlSecAssert2(dsigCtx->signMethod == NULL, -1);
+ xmlSecAssert2(dsigCtx->c14nMethod == NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ if(!xmlSecCheckNodeName(node, xmlSecNodeSignature, xmlSecDSigNs)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "expected=%s",
+ xmlSecErrorsSafeString(xmlSecNodeSignature));
+ return(-1);
+ }
+
+ /* read node data */
+ xmlSecAssert2(dsigCtx->id == NULL, -1);
+ dsigCtx->id = xmlGetProp(node, xmlSecAttrId);
+
+ /* first node is required SignedInfo */
+ cur = xmlSecGetNextElementNode(node->children);
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeSignedInfo, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "expected=%s",
+ xmlSecErrorsSafeString(xmlSecNodeSignedInfo));
+ return(-1);
+ }
+ signedInfoNode = cur;
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ /* next node is required SignatureValue */
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeSignatureValue, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "expected=%s",
+ xmlSecErrorsSafeString(xmlSecNodeSignatureValue));
+ return(-1);
+ }
+ dsigCtx->signValueNode = cur;
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ /* next node is optional KeyInfo */
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeKeyInfo, xmlSecDSigNs))) {
+ keyInfoNode = cur;
+ cur = xmlSecGetNextElementNode(cur->next);
+ } else {
+ keyInfoNode = NULL;
+ }
+
+ /* next nodes are optional Object nodes */
+ while((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeObject, xmlSecDSigNs))) {
+ /* read manifests from objects */
+ if((dsigCtx->flags & XMLSEC_DSIG_FLAGS_IGNORE_MANIFESTS) == 0) {
+ ret = xmlSecDSigCtxProcessObjectNode(dsigCtx, cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecDSigCtxProcessObjectNode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* if there is something left than it's an error */
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* now validated all the references and prepare transform */
+ ret = xmlSecDSigCtxProcessSignedInfoNode(dsigCtx, signedInfoNode);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecDSigCtxProcessSignedInfoNode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ /* references processing might change the status */
+ if(dsigCtx->status != xmlSecDSigStatusUnknown) {
+ return(0);
+ }
+
+ /* as the result, we should have sign and c14n methods set */
+ xmlSecAssert2(dsigCtx->signMethod != NULL, -1);
+ xmlSecAssert2(dsigCtx->c14nMethod != NULL, -1);
+
+ ret = xmlSecDSigCtxProcessKeyInfoNode(dsigCtx, keyInfoNode);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecDSigCtxProcessKeyInfoNode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ /* as the result, we should have a key */
+ xmlSecAssert2(dsigCtx->signKey != NULL, -1);
+
+ /* if we need to write result to xml node then we need base64 encode result */
+ if(dsigCtx->operation == xmlSecTransformOperationSign) {
+ xmlSecTransformPtr base64Encode;
+
+ /* we need to add base64 encode transform */
+ base64Encode = xmlSecTransformCtxCreateAndAppend(&(dsigCtx->transformCtx),
+ xmlSecTransformBase64Id);
+ if(base64Encode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxCreateAndAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ base64Encode->operation = xmlSecTransformOperationEncode;
+ }
+
+ firstType = xmlSecTransformGetDataType(dsigCtx->transformCtx.first,
+ xmlSecTransformModePush,
+ &(dsigCtx->transformCtx));
+ if((firstType & xmlSecTransformDataTypeXml) != 0) {
+ xmlSecNodeSetPtr nodeset = NULL;
+
+ xmlSecAssert2(signedInfoNode != NULL, -1);
+ nodeset = xmlSecNodeSetGetChildren(signedInfoNode->doc, signedInfoNode, 1, 0);
+ if(nodeset == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNodeSetGetChildren",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(signedInfoNode)));
+ return(-1);
+ }
+
+ /* calculate the signature */
+ ret = xmlSecTransformCtxXmlExecute(&(dsigCtx->transformCtx), nodeset);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxXmlExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecNodeSetDestroy(nodeset);
+ return(-1);
+ }
+ xmlSecNodeSetDestroy(nodeset);
+ } else {
+ /* TODO */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "the binary c14n transforms are not supported yet",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+/**
+ * xmlSecDSigCtxProcessSignedInfoNode:
+ *
+ * The SignedInfo Element (http://www.w3.org/TR/xmldsig-core/#sec-SignedInfo)
+ *
+ * The structure of SignedInfo includes the canonicalization algorithm,
+ * a result algorithm, and one or more references. The SignedInfo element
+ * may contain an optional ID attribute that will allow it to be referenced by
+ * other signatures and objects.
+ *
+ * SignedInfo does not include explicit result or digest properties (such as
+ * calculation time, cryptographic device serial number, etc.). If an
+ * application needs to associate properties with the result or digest,
+ * it may include such information in a SignatureProperties element within
+ * an Object element.
+ *
+ * Schema Definition:
+ *
+ * <element name="SignedInfo" type="ds:SignedInfoType"/>
+ * <complexType name="SignedInfoType">
+ * <sequence>
+ * <element ref="ds:CanonicalizationMethod"/>
+ * <element ref="ds:SignatureMethod"/>
+ * <element ref="ds:Reference" maxOccurs="unbounded"/>
+ * </sequence>
+ * <attribute name="Id" type="ID" use="optional"/>
+ * </complexType>
+ *
+ * DTD:
+ *
+ * <!ELEMENT SignedInfo (CanonicalizationMethod, SignatureMethod, Reference+) >
+ * <!ATTLIST SignedInfo Id ID #IMPLIED>
+ *
+ */
+static int
+xmlSecDSigCtxProcessSignedInfoNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) {
+ xmlSecDSigReferenceCtxPtr dsigRefCtx;
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(dsigCtx != NULL, -1);
+ xmlSecAssert2(dsigCtx->status == xmlSecDSigStatusUnknown, -1);
+ xmlSecAssert2(dsigCtx->signMethod == NULL, -1);
+ xmlSecAssert2(dsigCtx->c14nMethod == NULL, -1);
+ xmlSecAssert2((dsigCtx->operation == xmlSecTransformOperationSign) || (dsigCtx->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecPtrListGetSize(&(dsigCtx->signedInfoReferences)) == 0, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* first node is required CanonicalizationMethod. */
+ cur = xmlSecGetNextElementNode(node->children);
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeCanonicalizationMethod, xmlSecDSigNs))) {
+ dsigCtx->c14nMethod = xmlSecTransformCtxNodeRead(&(dsigCtx->transformCtx),
+ cur, xmlSecTransformUsageC14NMethod);
+ if(dsigCtx->c14nMethod == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+ } else if(dsigCtx->defC14NMethodId != xmlSecTransformIdUnknown) {
+ /* the dsig spec does require CanonicalizationMethod node
+ * to be present but in some case it application might decide to
+ * minimize traffic */
+ dsigCtx->c14nMethod = xmlSecTransformCtxCreateAndAppend(&(dsigCtx->transformCtx),
+ dsigCtx->defC14NMethodId);
+ if(dsigCtx->c14nMethod == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "CanonicalizationMethod",
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "expected=%s",
+ xmlSecErrorsSafeString(xmlSecNodeCanonicalizationMethod));
+ return(-1);
+ }
+
+ /* insert membuf if requested */
+ if((dsigCtx->flags & XMLSEC_DSIG_FLAGS_STORE_SIGNATURE) != 0) {
+ xmlSecAssert2(dsigCtx->preSignMemBufMethod == NULL, -1);
+ dsigCtx->preSignMemBufMethod = xmlSecTransformCtxCreateAndAppend(&(dsigCtx->transformCtx),
+ xmlSecTransformMemBufId);
+ if(dsigCtx->preSignMemBufMethod == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxCreateAndAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformMemBufId)));
+ }
+ }
+
+ /* next node is required SignatureMethod. */
+ cur = xmlSecGetNextElementNode( ((cur != NULL) ? cur->next : node->children) );
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeSignatureMethod, xmlSecDSigNs))) {
+ dsigCtx->signMethod = xmlSecTransformCtxNodeRead(&(dsigCtx->transformCtx),
+ cur, xmlSecTransformUsageSignatureMethod);
+ if(dsigCtx->signMethod == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+ } else if(dsigCtx->defSignMethodId != xmlSecTransformIdUnknown) {
+ /* the dsig spec does require SignatureMethod node
+ * to be present but in some case it application might decide to
+ * minimize traffic */
+ dsigCtx->signMethod = xmlSecTransformCtxCreateAndAppend(&(dsigCtx->transformCtx),
+ dsigCtx->defSignMethodId);
+ if(dsigCtx->signMethod == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "expected=%s",
+ xmlSecErrorsSafeString(xmlSecNodeSignatureMethod));
+ return(-1);
+ }
+ dsigCtx->signMethod->operation = dsigCtx->operation;
+
+ /* calculate references */
+ cur = xmlSecGetNextElementNode(cur->next);
+ while((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeReference, xmlSecDSigNs))) {
+ /* create reference */
+ dsigRefCtx = xmlSecDSigReferenceCtxCreate(dsigCtx, xmlSecDSigReferenceOriginSignedInfo);
+ if(dsigRefCtx == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecDSigReferenceCtxCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* add to the list */
+ ret = xmlSecPtrListAdd(&(dsigCtx->signedInfoReferences), dsigRefCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecDSigReferenceCtxDestroy(dsigRefCtx);
+ return(-1);
+ }
+
+ /* process */
+ ret = xmlSecDSigReferenceCtxProcessNode(dsigRefCtx, cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecDSigReferenceCtxProcessNode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+
+ /* bail out if next Reference processing failed */
+ if(dsigRefCtx->status != xmlSecDSigStatusSucceeded) {
+ dsigCtx->status = xmlSecDSigStatusInvalid;
+ return(0);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* check that we have at least one Reference */
+ if(xmlSecPtrListGetSize(&(dsigCtx->signedInfoReferences)) == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_DSIG_NO_REFERENCES,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* if there is something left than it's an error */
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+static int
+xmlSecDSigCtxProcessKeyInfoNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) {
+ int ret;
+
+ xmlSecAssert2(dsigCtx != NULL, -1);
+ xmlSecAssert2(dsigCtx->signMethod != NULL, -1);
+
+ /* set key requirements */
+ ret = xmlSecTransformSetKeyReq(dsigCtx->signMethod, &(dsigCtx->keyInfoReadCtx.keyReq));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformSetKeyReq",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformGetName(dsigCtx->signMethod)));
+ return(-1);
+ }
+
+ /* ignore <dsig:KeyInfo /> if there is the key is already set */
+ /* todo: throw an error if key is set and node != NULL? */
+ if((dsigCtx->signKey == NULL) && (dsigCtx->keyInfoReadCtx.keysMngr != NULL)
+ && (dsigCtx->keyInfoReadCtx.keysMngr->getKey != NULL)) {
+ dsigCtx->signKey = (dsigCtx->keyInfoReadCtx.keysMngr->getKey)(node, &(dsigCtx->keyInfoReadCtx));
+ }
+
+ /* check that we have exactly what we want */
+ if((dsigCtx->signKey == NULL) || (!xmlSecKeyMatch(dsigCtx->signKey, NULL, &(dsigCtx->keyInfoReadCtx.keyReq)))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_KEY_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* set the key to the transform */
+ ret = xmlSecTransformSetKey(dsigCtx->signMethod, dsigCtx->signKey);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformSetKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformGetName(dsigCtx->signMethod)));
+ return(-1);
+ }
+
+ /* if we are signing document, update <dsig:KeyInfo/> node */
+ if((node != NULL) && (dsigCtx->operation == xmlSecTransformOperationSign)) {
+ ret = xmlSecKeyInfoNodeWrite(node, dsigCtx->signKey, &(dsigCtx->keyInfoWriteCtx));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyInfoNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecDSigCtxProcessObjectNode:
+ *
+ * The Object Element (http://www.w3.org/TR/xmldsig-core/#sec-Object)
+ *
+ * Object is an optional element that may occur one or more times. When
+ * present, this element may contain any data. The Object element may include
+ * optional MIME type, ID, and encoding attributes.
+ *
+ * Schema Definition:
+ *
+ * <element name="Object" type="ds:ObjectType"/>
+ * <complexType name="ObjectType" mixed="true">
+ * <sequence minOccurs="0" maxOccurs="unbounded">
+ * <any namespace="##any" processContents="lax"/>
+ * </sequence>
+ * <attribute name="Id" type="ID" use="optional"/>
+ * <attribute name="MimeType" type="string" use="optional"/>
+ * <attribute name="Encoding" type="anyURI" use="optional"/>
+ * </complexType>
+ *
+ * DTD:
+ *
+ * <!ELEMENT Object (#PCDATA|Signature|SignatureProperties|Manifest %Object.ANY;)* >
+ * <!ATTLIST Object Id ID #IMPLIED
+ * MimeType CDATA #IMPLIED
+ * Encoding CDATA #IMPLIED >
+ */
+static int
+xmlSecDSigCtxProcessObjectNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) {
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(dsigCtx != NULL, -1);
+ xmlSecAssert2(dsigCtx->status == xmlSecDSigStatusUnknown, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* we care about Manifest nodes only; ignore everything else */
+ cur = xmlSecGetNextElementNode(node->children);
+ while(cur != NULL) {
+ if(xmlSecCheckNodeName(cur, xmlSecNodeManifest, xmlSecDSigNs)) {
+ ret = xmlSecDSigCtxProcessManifestNode(dsigCtx, cur);
+ if(ret < 0){
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecDSigCtxProcessManifestNode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+ return(0);
+}
+
+/**
+ * xmlSecDSigCtxProcessManifestNode:
+ *
+ * The Manifest Element (http://www.w3.org/TR/xmldsig-core/#sec-Manifest)
+ *
+ * The Manifest element provides a list of References. The difference from
+ * the list in SignedInfo is that it is application defined which, if any, of
+ * the digests are actually checked against the objects referenced and what to
+ * do if the object is inaccessible or the digest compare fails. If a Manifest
+ * is pointed to from SignedInfo, the digest over the Manifest itself will be
+ * checked by the core result validation behavior. The digests within such
+ * a Manifest are checked at the application's discretion. If a Manifest is
+ * referenced from another Manifest, even the overall digest of this two level
+ * deep Manifest might not be checked.
+ *
+ * Schema Definition:
+ *
+ * <element name="Manifest" type="ds:ManifestType"/>
+ * <complexType name="ManifestType">
+ * <sequence>
+ * <element ref="ds:Reference" maxOccurs="unbounded"/>
+ * </sequence>
+ * <attribute name="Id" type="ID" use="optional"/>
+ * </complexType>
+ *
+ * DTD:
+ *
+ * <!ELEMENT Manifest (Reference+) >
+ * <!ATTLIST Manifest Id ID #IMPLIED >
+ */
+static int
+xmlSecDSigCtxProcessManifestNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) {
+ xmlSecDSigReferenceCtxPtr dsigRefCtx;
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(dsigCtx != NULL, -1);
+ xmlSecAssert2(dsigCtx->status == xmlSecDSigStatusUnknown, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* calculate references */
+ cur = xmlSecGetNextElementNode(node->children);
+ while((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeReference, xmlSecDSigNs))) {
+ /* create reference */
+ dsigRefCtx = xmlSecDSigReferenceCtxCreate(dsigCtx, xmlSecDSigReferenceOriginManifest);
+ if(dsigRefCtx == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecDSigReferenceCtxCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* add to the list */
+ ret = xmlSecPtrListAdd(&(dsigCtx->manifestReferences), dsigRefCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecDSigReferenceCtxDestroy(dsigRefCtx);
+ return(-1);
+ }
+
+ /* process */
+ ret = xmlSecDSigReferenceCtxProcessNode(dsigRefCtx, cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecDSigReferenceCtxProcessNode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+
+ /* we don;t care if Reference processing failed because
+ * it's Manifest node */
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* we should have nothing else here */
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+/**
+ * xmlSecDSigCtxDebugDump:
+ * @dsigCtx: the pointer to <dsig:Signature/> processing context.
+ * @output: the pointer to output FILE.
+ *
+ * Prints the debug information about @dsigCtx to @output.
+ */
+void
+xmlSecDSigCtxDebugDump(xmlSecDSigCtxPtr dsigCtx, FILE* output) {
+ xmlSecAssert(dsigCtx != NULL);
+ xmlSecAssert(output != NULL);
+
+ if(dsigCtx->operation == xmlSecTransformOperationSign) {
+ fprintf(output, "= SIGNATURE CONTEXT\n");
+ } else {
+ fprintf(output, "= VERIFICATION CONTEXT\n");
+ }
+ switch(dsigCtx->status) {
+ case xmlSecDSigStatusUnknown:
+ fprintf(output, "== Status: unknown\n");
+ break;
+ case xmlSecDSigStatusSucceeded:
+ fprintf(output, "== Status: succeeded\n");
+ break;
+ case xmlSecDSigStatusInvalid:
+ fprintf(output, "== Status: invalid\n");
+ break;
+ }
+ fprintf(output, "== flags: 0x%08x\n", dsigCtx->flags);
+ fprintf(output, "== flags2: 0x%08x\n", dsigCtx->flags2);
+
+ if(dsigCtx->id != NULL) {
+ fprintf(output, "== Id: \"%s\"\n", dsigCtx->id);
+ }
+
+ fprintf(output, "== Key Info Read Ctx:\n");
+ xmlSecKeyInfoCtxDebugDump(&(dsigCtx->keyInfoReadCtx), output);
+ fprintf(output, "== Key Info Write Ctx:\n");
+ xmlSecKeyInfoCtxDebugDump(&(dsigCtx->keyInfoWriteCtx), output);
+
+ fprintf(output, "== Signature Transform Ctx:\n");
+ xmlSecTransformCtxDebugDump(&(dsigCtx->transformCtx), output);
+
+ if(dsigCtx->signMethod != NULL) {
+ fprintf(output, "== Signature Method:\n");
+ xmlSecTransformDebugDump(dsigCtx->signMethod, output);
+ }
+
+ if(dsigCtx->signKey != NULL) {
+ fprintf(output, "== Signature Key:\n");
+ xmlSecKeyDebugDump(dsigCtx->signKey, output);
+ }
+
+ fprintf(output, "== SignedInfo References List:\n");
+ xmlSecPtrListDebugDump(&(dsigCtx->signedInfoReferences), output);
+
+ fprintf(output, "== Manifest References List:\n");
+ xmlSecPtrListDebugDump(&(dsigCtx->manifestReferences), output);
+
+ if((dsigCtx->result != NULL) &&
+ (xmlSecBufferGetData(dsigCtx->result) != NULL)) {
+
+ fprintf(output, "== Result - start buffer:\n");
+ fwrite(xmlSecBufferGetData(dsigCtx->result),
+ xmlSecBufferGetSize(dsigCtx->result),
+ 1, output);
+ fprintf(output, "\n== Result - end buffer\n");
+ }
+ if(((dsigCtx->flags & XMLSEC_DSIG_FLAGS_STORE_SIGNATURE) != 0) &&
+ (xmlSecDSigCtxGetPreSignBuffer(dsigCtx) != NULL) &&
+ (xmlSecBufferGetData(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)) != NULL)) {
+
+ fprintf(output, "== PreSigned data - start buffer:\n");
+ fwrite(xmlSecBufferGetData(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)),
+ xmlSecBufferGetSize(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)),
+ 1, output);
+ fprintf(output, "\n== PreSigned data - end buffer\n");
+ }
+}
+
+/**
+ * xmlSecDSigCtxDebugXmlDump:
+ * @dsigCtx: the pointer to <dsig:Signature/> processing context.
+ * @output: the pointer to output FILE.
+ *
+ * Prints the debug information about @dsigCtx to @output in XML format.
+ */
+void
+xmlSecDSigCtxDebugXmlDump(xmlSecDSigCtxPtr dsigCtx, FILE* output) {
+ xmlSecAssert(dsigCtx != NULL);
+ xmlSecAssert(output != NULL);
+
+ if(dsigCtx->operation == xmlSecTransformOperationSign) {
+ fprintf(output, "<SignatureContext \n");
+ } else {
+ fprintf(output, "<VerificationContext \n");
+ }
+ switch(dsigCtx->status) {
+ case xmlSecDSigStatusUnknown:
+ fprintf(output, "status=\"unknown\" >\n");
+ break;
+ case xmlSecDSigStatusSucceeded:
+ fprintf(output, "status=\"succeeded\" >\n");
+ break;
+ case xmlSecDSigStatusInvalid:
+ fprintf(output, "status=\"invalid\" >\n");
+ break;
+ }
+
+ fprintf(output, "<Flags>%08x</Flags>\n", dsigCtx->flags);
+ fprintf(output, "<Flags2>%08x</Flags2>\n", dsigCtx->flags2);
+
+ fprintf(output, "<Id>");
+ xmlSecPrintXmlString(output, dsigCtx->id);
+ fprintf(output, "</Id>\n");
+
+ fprintf(output, "<KeyInfoReadCtx>\n");
+ xmlSecKeyInfoCtxDebugXmlDump(&(dsigCtx->keyInfoReadCtx), output);
+ fprintf(output, "</KeyInfoReadCtx>\n");
+
+ fprintf(output, "<KeyInfoWriteCtx>\n");
+ xmlSecKeyInfoCtxDebugXmlDump(&(dsigCtx->keyInfoWriteCtx), output);
+ fprintf(output, "</KeyInfoWriteCtx>\n");
+
+ fprintf(output, "<SignatureTransformCtx>\n");
+ xmlSecTransformCtxDebugXmlDump(&(dsigCtx->transformCtx), output);
+ fprintf(output, "</SignatureTransformCtx>\n");
+
+ if(dsigCtx->signMethod != NULL) {
+ fprintf(output, "<SignatureMethod>\n");
+ xmlSecTransformDebugXmlDump(dsigCtx->signMethod, output);
+ fprintf(output, "</SignatureMethod>\n");
+ }
+
+ if(dsigCtx->signKey != NULL) {
+ fprintf(output, "<SignatureKey>\n");
+ xmlSecKeyDebugXmlDump(dsigCtx->signKey, output);
+ fprintf(output, "</SignatureKey>\n");
+ }
+
+ fprintf(output, "<SignedInfoReferences>\n");
+ xmlSecPtrListDebugXmlDump(&(dsigCtx->signedInfoReferences), output);
+ fprintf(output, "</SignedInfoReferences>\n");
+
+ fprintf(output, "<ManifestReferences>\n");
+ xmlSecPtrListDebugXmlDump(&(dsigCtx->manifestReferences), output);
+ fprintf(output, "</ManifestReferences>\n");
+
+ if((dsigCtx->result != NULL) &&
+ (xmlSecBufferGetData(dsigCtx->result) != NULL)) {
+
+ fprintf(output, "<Result>");
+ fwrite(xmlSecBufferGetData(dsigCtx->result),
+ xmlSecBufferGetSize(dsigCtx->result),
+ 1, output);
+ fprintf(output, "</Result>\n");
+ }
+ if(((dsigCtx->flags & XMLSEC_DSIG_FLAGS_STORE_SIGNATURE) != 0) &&
+ (xmlSecDSigCtxGetPreSignBuffer(dsigCtx) != NULL) &&
+ (xmlSecBufferGetData(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)) != NULL)) {
+
+ fprintf(output, "<PreSignedData>");
+ fwrite(xmlSecBufferGetData(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)),
+ xmlSecBufferGetSize(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)),
+ 1, output);
+ fprintf(output, "</PreSignedData>\n");
+ }
+
+ if(dsigCtx->operation == xmlSecTransformOperationSign) {
+ fprintf(output, "</SignatureContext>\n");
+ } else {
+ fprintf(output, "</VerificationContext>\n");
+ }
+}
+
+/**************************************************************************
+ *
+ * xmlSecDSigReferenceCtx
+ *
+ *************************************************************************/
+/**
+ * xmlSecDSigReferenceCtxCreate:
+ * @dsigCtx: the pointer to parent <dsig:Signature/> node processing context.
+ * @origin: the reference origin (<dsig:SignedInfo/> or <dsig:Manifest/> node).
+ *
+ * Creates new <dsig:Reference/> element processing context. Caller is responsible
+ * for destroying the returned context by calling #xmlSecDSigReferenceCtxDestroy
+ * function.
+ *
+ * Returns: pointer to newly created context or NULL if an error occurs.
+ */
+xmlSecDSigReferenceCtxPtr
+xmlSecDSigReferenceCtxCreate(xmlSecDSigCtxPtr dsigCtx, xmlSecDSigReferenceOrigin origin) {
+ xmlSecDSigReferenceCtxPtr dsigRefCtx;
+ int ret;
+
+ xmlSecAssert2(dsigCtx != NULL, NULL);
+
+ dsigRefCtx = (xmlSecDSigReferenceCtxPtr) xmlMalloc(sizeof(xmlSecDSigReferenceCtx));
+ if(dsigRefCtx == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "sizeof(xmlSecDSigReferenceCtx)=%d",
+ sizeof(xmlSecDSigReferenceCtx));
+ return(NULL);
+ }
+
+ ret = xmlSecDSigReferenceCtxInitialize(dsigRefCtx, dsigCtx, origin);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecDSigReferenceCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecDSigReferenceCtxDestroy(dsigRefCtx);
+ return(NULL);
+ }
+ return(dsigRefCtx);
+}
+
+/**
+ * xmlSecDSigReferenceCtxDestroy:
+ * @dsigRefCtx: the pointer to <dsig:Reference/> element processing context.
+ *
+ * Destroy context object created with #xmlSecDSigReferenceCtxCreate function.
+ */
+void
+xmlSecDSigReferenceCtxDestroy(xmlSecDSigReferenceCtxPtr dsigRefCtx) {
+ xmlSecAssert(dsigRefCtx != NULL);
+
+ xmlSecDSigReferenceCtxFinalize(dsigRefCtx);
+ xmlFree(dsigRefCtx);
+}
+
+/**
+ * xmlSecDSigReferenceCtxInitialize:
+ * @dsigRefCtx: the pointer to <dsig:Reference/> element processing context.
+ * @dsigCtx: the pointer to parent <dsig:Signature/> node processing context.
+ * @origin: the reference origin (<dsig:SignedInfo/> or <dsig:Manifest/> node).
+ *
+ * Initializes new <dsig:Reference/> element processing context. Caller is responsible
+ * for cleaning up the returned context by calling #xmlSecDSigReferenceCtxFinalize
+ * function.
+ *
+ * Returns: 0 on succes or aa negative value otherwise.
+ */
+int
+xmlSecDSigReferenceCtxInitialize(xmlSecDSigReferenceCtxPtr dsigRefCtx, xmlSecDSigCtxPtr dsigCtx,
+ xmlSecDSigReferenceOrigin origin) {
+ int ret;
+
+ xmlSecAssert2(dsigCtx != NULL, -1);
+ xmlSecAssert2(dsigRefCtx != NULL, -1);
+
+ memset(dsigRefCtx, 0, sizeof(xmlSecDSigReferenceCtx));
+
+ dsigRefCtx->dsigCtx = dsigCtx;
+ dsigRefCtx->origin = origin;
+
+ /* initializes transforms dsigRefCtx */
+ ret = xmlSecTransformCtxInitialize(&(dsigRefCtx->transformCtx));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* copy enabled transforms */
+ if(dsigCtx->enabledReferenceTransforms != NULL) {
+ ret = xmlSecPtrListCopy(&(dsigRefCtx->transformCtx.enabledTransforms),
+ dsigCtx->enabledReferenceTransforms);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListCopy",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ dsigRefCtx->transformCtx.preExecCallback = dsigCtx->referencePreExecuteCallback;
+ dsigRefCtx->transformCtx.enabledUris = dsigCtx->enabledReferenceUris;
+
+ if((dsigCtx->flags & XMLSEC_DSIG_FLAGS_USE_VISA3D_HACK) != 0) {
+ dsigRefCtx->transformCtx.flags |= XMLSEC_TRANSFORMCTX_FLAGS_USE_VISA3D_HACK;
+ }
+ return(0);
+}
+
+/**
+ * xmlSecDSigReferenceCtxFinalize:
+ * @dsigRefCtx: the pointer to <dsig:Reference/> element processing context.
+ *
+ * Cleans up context object created with #xmlSecDSigReferenceCtxInitialize function.
+ */
+void
+xmlSecDSigReferenceCtxFinalize(xmlSecDSigReferenceCtxPtr dsigRefCtx) {
+ xmlSecAssert(dsigRefCtx != NULL);
+
+ xmlSecTransformCtxFinalize(&(dsigRefCtx->transformCtx));
+ if(dsigRefCtx->id != NULL) {
+ xmlFree(dsigRefCtx->id);
+ }
+ if(dsigRefCtx->uri != NULL) {
+ xmlFree(dsigRefCtx->uri);
+ }
+ if(dsigRefCtx->type != NULL) {
+ xmlFree(dsigRefCtx->type);
+ }
+ memset(dsigRefCtx, 0, sizeof(xmlSecDSigReferenceCtx));
+}
+
+/**
+ * xmlSecDSigReferenceCtxGetPreDigestBuffer:
+ * @dsigRefCtx: the pointer to <dsig:Reference/> element processing context.
+ *
+ * Gets the results of <dsig:Reference/> node processing just before digesting
+ * (valid only if #XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES or
+ * #XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES flas of signature context
+ * is set).
+ *
+ * Returns: pointer to the buffer or NULL if an error occurs.
+ */
+xmlSecBufferPtr
+xmlSecDSigReferenceCtxGetPreDigestBuffer(xmlSecDSigReferenceCtxPtr dsigRefCtx) {
+ xmlSecAssert2(dsigRefCtx != NULL, NULL);
+
+ return((dsigRefCtx->preDigestMemBufMethod != NULL) ?
+ xmlSecTransformMemBufGetBuffer(dsigRefCtx->preDigestMemBufMethod) : NULL);
+}
+
+/**
+ * xmlSecDSigReferenceCtxProcessNode:
+ * @dsigRefCtx: the pointer to <dsig:Reference/> element processing context.
+ * @node: the pointer to <dsig:Reference/> node.
+
+ * The Reference Element (http://www.w3.org/TR/xmldsig-core/#sec-Reference)
+ *
+ * Reference is an element that may occur one or more times. It specifies
+ * a digest algorithm and digest value, and optionally an identifier of the
+ * object being signed, the type of the object, and/or a list of transforms
+ * to be applied prior to digesting. The identification (URI) and transforms
+ * describe how the digested content (i.e., the input to the digest method)
+ * was created. The Type attribute facilitates the processing of referenced
+ * data. For example, while this specification makes no requirements over
+ * external data, an application may wish to signal that the referent is a
+ * Manifest. An optional ID attribute permits a Reference to be referenced
+ * from elsewhere.
+ *
+ * Returns: 0 on succes or aa negative value otherwise.
+ */
+int
+xmlSecDSigReferenceCtxProcessNode(xmlSecDSigReferenceCtxPtr dsigRefCtx, xmlNodePtr node) {
+ xmlSecTransformCtxPtr transformCtx;
+ xmlNodePtr digestValueNode;
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(dsigRefCtx != NULL, -1);
+ xmlSecAssert2(dsigRefCtx->dsigCtx != NULL, -1);
+ xmlSecAssert2(dsigRefCtx->digestMethod == NULL, -1);
+ xmlSecAssert2(dsigRefCtx->digestMethod == NULL, -1);
+ xmlSecAssert2(dsigRefCtx->preDigestMemBufMethod == NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(node->doc != NULL, -1);
+
+ transformCtx = &(dsigRefCtx->transformCtx);
+
+ /* read attributes first */
+ dsigRefCtx->uri = xmlGetProp(node, xmlSecAttrURI);
+ dsigRefCtx->id = xmlGetProp(node, xmlSecAttrId);
+ dsigRefCtx->type= xmlGetProp(node, xmlSecAttrType);
+
+ /* set start URI (and check that it is enabled!) */
+ ret = xmlSecTransformCtxSetUri(transformCtx, dsigRefCtx->uri, node);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxSetUri",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "uri=%s",
+ xmlSecErrorsSafeString(dsigRefCtx->uri));
+ return(-1);
+ }
+
+ /* first is optional Transforms node */
+ cur = xmlSecGetNextElementNode(node->children);
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeTransforms, xmlSecDSigNs))) {
+ ret = xmlSecTransformCtxNodesListRead(transformCtx,
+ cur, xmlSecTransformUsageDSigTransform);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxNodesListRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* insert membuf if requested */
+ if(((dsigRefCtx->origin == xmlSecDSigReferenceOriginSignedInfo) &&
+ ((dsigRefCtx->dsigCtx->flags & XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES) != 0)) ||
+ ((dsigRefCtx->origin == xmlSecDSigReferenceOriginManifest) &&
+ ((dsigRefCtx->dsigCtx->flags & XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES) != 0))) {
+
+ xmlSecAssert2(dsigRefCtx->preDigestMemBufMethod == NULL, -1);
+ dsigRefCtx->preDigestMemBufMethod = xmlSecTransformCtxCreateAndAppend(
+ transformCtx,
+ xmlSecTransformMemBufId);
+ if(dsigRefCtx->preDigestMemBufMethod == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxCreateAndAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformMemBufId)));
+ return(-1);
+ }
+ }
+
+ /* next node is required DigestMethod. */
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDigestMethod, xmlSecDSigNs))) {
+ dsigRefCtx->digestMethod = xmlSecTransformCtxNodeRead(&(dsigRefCtx->transformCtx),
+ cur, xmlSecTransformUsageDigestMethod);
+ if(dsigRefCtx->digestMethod == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+
+ cur = xmlSecGetNextElementNode(cur->next);
+ } else if(dsigRefCtx->dsigCtx->defSignMethodId != xmlSecTransformIdUnknown) {
+ /* the dsig spec does require DigestMethod node
+ * to be present but in some case it application might decide to
+ * minimize traffic */
+ dsigRefCtx->digestMethod = xmlSecTransformCtxCreateAndAppend(&(dsigRefCtx->transformCtx),
+ dsigRefCtx->dsigCtx->defSignMethodId);
+ if(dsigRefCtx->digestMethod == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "expected=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDigestMethod));
+ return(-1);
+ }
+ dsigRefCtx->digestMethod->operation = dsigRefCtx->dsigCtx->operation;
+
+ /* last node is required DigestValue */
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDigestValue, xmlSecDSigNs))) {
+ digestValueNode = cur;
+ cur = xmlSecGetNextElementNode(cur->next);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeDigestValue));
+ return(-1);
+ }
+
+ /* if we have something else then it's an error */
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* if we need to write result to xml node then we need base64 encode result */
+ if(dsigRefCtx->dsigCtx->operation == xmlSecTransformOperationSign) {
+ xmlSecTransformPtr base64Encode;
+
+ /* we need to add base64 encode transform */
+ base64Encode = xmlSecTransformCtxCreateAndAppend(transformCtx, xmlSecTransformBase64Id);
+ if(base64Encode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxCreateAndAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ base64Encode->operation = xmlSecTransformOperationEncode;
+ }
+
+ /* finally get transforms results */
+ ret = xmlSecTransformCtxExecute(transformCtx, node->doc);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ dsigRefCtx->result = transformCtx->result;
+
+ if(dsigRefCtx->dsigCtx->operation == xmlSecTransformOperationSign) {
+ if((dsigRefCtx->result == NULL) || (xmlSecBufferGetData(dsigRefCtx->result) == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* write signed data to xml */
+ xmlNodeSetContentLen(digestValueNode,
+ xmlSecBufferGetData(dsigRefCtx->result),
+ xmlSecBufferGetSize(dsigRefCtx->result));
+
+ /* set success status and we are done */
+ dsigRefCtx->status = xmlSecDSigStatusSucceeded;
+ } else {
+ /* verify SignatureValue node content */
+ ret = xmlSecTransformVerifyNodeContent(dsigRefCtx->digestMethod,
+ digestValueNode, transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformVerifyNodeContent",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* set status and we are done */
+ if(dsigRefCtx->digestMethod->status == xmlSecTransformStatusOk) {
+ dsigRefCtx->status = xmlSecDSigStatusSucceeded;
+ } else {
+ dsigRefCtx->status = xmlSecDSigStatusInvalid;
+ }
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecDSigReferenceCtxDebugDump:
+ * @dsigRefCtx: the pointer to <dsig:Reference/> element processing context.
+ * @output: the pointer to output FILE.
+ *
+ * Prints debug information about @dsigRefCtx to @output.
+ */
+void
+xmlSecDSigReferenceCtxDebugDump(xmlSecDSigReferenceCtxPtr dsigRefCtx, FILE* output) {
+ xmlSecAssert(dsigRefCtx != NULL);
+ xmlSecAssert(dsigRefCtx->dsigCtx != NULL);
+ xmlSecAssert(output != NULL);
+
+ if(dsigRefCtx->dsigCtx->operation == xmlSecTransformOperationSign) {
+ fprintf(output, "= REFERENCE CALCULATION CONTEXT\n");
+ } else {
+ fprintf(output, "= REFERENCE VERIFICATION CONTEXT\n");
+ }
+ switch(dsigRefCtx->status) {
+ case xmlSecDSigStatusUnknown:
+ fprintf(output, "== Status: unknown\n");
+ break;
+ case xmlSecDSigStatusSucceeded:
+ fprintf(output, "== Status: succeeded\n");
+ break;
+ case xmlSecDSigStatusInvalid:
+ fprintf(output, "== Status: invalid\n");
+ break;
+ }
+ if(dsigRefCtx->id != NULL) {
+ fprintf(output, "== Id: \"%s\"\n", dsigRefCtx->id);
+ }
+ if(dsigRefCtx->uri != NULL) {
+ fprintf(output, "== URI: \"%s\"\n", dsigRefCtx->uri);
+ }
+ if(dsigRefCtx->type != NULL) {
+ fprintf(output, "== Type: \"%s\"\n", dsigRefCtx->type);
+ }
+
+ fprintf(output, "== Reference Transform Ctx:\n");
+ xmlSecTransformCtxDebugDump(&(dsigRefCtx->transformCtx), output);
+
+ if(dsigRefCtx->digestMethod != NULL) {
+ fprintf(output, "== Digest Method:\n");
+ xmlSecTransformDebugDump(dsigRefCtx->digestMethod, output);
+ }
+
+ if((xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx) != NULL) &&
+ (xmlSecBufferGetData(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)) != NULL)) {
+
+ fprintf(output, "== PreDigest data - start buffer:\n");
+ fwrite(xmlSecBufferGetData(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)),
+ xmlSecBufferGetSize(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)),
+ 1, output);
+ fprintf(output, "\n== PreDigest data - end buffer\n");
+ }
+
+ if((dsigRefCtx->result != NULL) &&
+ (xmlSecBufferGetData(dsigRefCtx->result) != NULL)) {
+
+ fprintf(output, "== Result - start buffer:\n");
+ fwrite(xmlSecBufferGetData(dsigRefCtx->result),
+ xmlSecBufferGetSize(dsigRefCtx->result), 1,
+ output);
+ fprintf(output, "\n== Result - end buffer\n");
+ }
+}
+
+/**
+ * xmlSecDSigReferenceCtxDebugXmlDump:
+ * @dsigRefCtx: the pointer to <dsig:Reference/> element processing context.
+ * @output: the pointer to output FILE.
+ *
+ * Prints debug information about @dsigRefCtx to @output in output format.
+ */
+void
+xmlSecDSigReferenceCtxDebugXmlDump(xmlSecDSigReferenceCtxPtr dsigRefCtx, FILE* output) {
+ xmlSecAssert(dsigRefCtx != NULL);
+ xmlSecAssert(dsigRefCtx->dsigCtx != NULL);
+ xmlSecAssert(output != NULL);
+
+ if(dsigRefCtx->dsigCtx->operation == xmlSecTransformOperationSign) {
+ fprintf(output, "<ReferenceCalculationContext ");
+ } else {
+ fprintf(output, "<ReferenceVerificationContext ");
+ }
+ switch(dsigRefCtx->status) {
+ case xmlSecDSigStatusUnknown:
+ fprintf(output, "status=\"unknown\" >\n");
+ break;
+ case xmlSecDSigStatusSucceeded:
+ fprintf(output, "status=\"succeeded\" >\n");
+ break;
+ case xmlSecDSigStatusInvalid:
+ fprintf(output, "status=\"invalid\" >\n");
+ break;
+ }
+
+ fprintf(output, "<Id>");
+ xmlSecPrintXmlString(output, dsigRefCtx->id);
+ fprintf(output, "</Id>\n");
+
+ fprintf(output, "<URI>");
+ xmlSecPrintXmlString(output, dsigRefCtx->uri);
+ fprintf(output, "</URI>\n");
+
+ fprintf(output, "<Type>");
+ xmlSecPrintXmlString(output, dsigRefCtx->type);
+ fprintf(output, "</Type>\n");
+
+ fprintf(output, "<ReferenceTransformCtx>\n");
+ xmlSecTransformCtxDebugXmlDump(&(dsigRefCtx->transformCtx), output);
+ fprintf(output, "</ReferenceTransformCtx>\n");
+
+ if(dsigRefCtx->digestMethod != NULL) {
+ fprintf(output, "<DigestMethod>\n");
+ xmlSecTransformDebugXmlDump(dsigRefCtx->digestMethod, output);
+ fprintf(output, "</DigestMethod>\n");
+ }
+
+ if((dsigRefCtx->result != NULL) &&
+ (xmlSecBufferGetData(dsigRefCtx->result) != NULL)) {
+
+ fprintf(output, "<Result>");
+ fwrite(xmlSecBufferGetData(dsigRefCtx->result),
+ xmlSecBufferGetSize(dsigRefCtx->result), 1,
+ output);
+ fprintf(output, "</Result>\n");
+ }
+
+ if((xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx) != NULL) &&
+ (xmlSecBufferGetData(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)) != NULL)) {
+
+ fprintf(output, "<PreDigestData>");
+ fwrite(xmlSecBufferGetData(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)),
+ xmlSecBufferGetSize(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)),
+ 1, output);
+ fprintf(output, "</PreDigestData>\n");
+ }
+ if(dsigRefCtx->dsigCtx->operation == xmlSecTransformOperationSign) {
+ fprintf(output, "</ReferenceCalculationContext>\n");
+ } else {
+ fprintf(output, "</ReferenceVerificationContext>\n");
+ }
+}
+
+
+/**************************************************************************
+ *
+ * xmlSecDSigReferenceCtxListKlass
+ *
+ *************************************************************************/
+static xmlSecPtrListKlass xmlSecDSigReferenceCtxListKlass = {
+ BAD_CAST "dsig-reference-list",
+ NULL, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
+ (xmlSecPtrDestroyItemMethod)xmlSecDSigReferenceCtxDestroy, /* xmlSecPtrDestroyItemMethod destroyItem; */
+ (xmlSecPtrDebugDumpItemMethod)xmlSecDSigReferenceCtxDebugDump, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
+ (xmlSecPtrDebugDumpItemMethod)xmlSecDSigReferenceCtxDebugXmlDump, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
+};
+
+/**
+ * xmlSecDSigReferenceCtxListGetKlass:
+ *
+ * The <dsig:Reference/> element processing contexts list klass.
+ *
+ * Returns: <dsig:Reference/> element processing context list klass.
+ */
+xmlSecPtrListId
+xmlSecDSigReferenceCtxListGetKlass(void) {
+ return(&xmlSecDSigReferenceCtxListKlass);
+}
+
+#endif /* XMLSEC_NO_XMLDSIG */
+
+
diff --git a/src/xmlenc.c b/src/xmlenc.c
new file mode 100644
index 00000000..44c98779
--- /dev/null
+++ b/src/xmlenc.c
@@ -0,0 +1,1339 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * "XML Encryption" implementation
+ * http://www.w3.org/TR/xmlenc-core
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#ifndef XMLSEC_NO_XMLENC
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <libxml/tree.h>
+#include <libxml/parser.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/buffer.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/keyinfo.h>
+#include <xmlsec/xmlenc.h>
+#include <xmlsec/errors.h>
+
+static int xmlSecEncCtxEncDataNodeRead (xmlSecEncCtxPtr encCtx,
+ xmlNodePtr node);
+static int xmlSecEncCtxEncDataNodeWrite (xmlSecEncCtxPtr encCtx);
+static int xmlSecEncCtxCipherDataNodeRead (xmlSecEncCtxPtr encCtx,
+ xmlNodePtr node);
+static int xmlSecEncCtxCipherReferenceNodeRead (xmlSecEncCtxPtr encCtx,
+ xmlNodePtr node);
+
+/* The ID attribute in XMLEnc is 'Id' */
+static const xmlChar* xmlSecEncIds[] = { BAD_CAST "Id", NULL };
+
+
+/**
+ * xmlSecEncCtxCreate:
+ * @keysMngr: the pointer to keys manager.
+ *
+ * Creates <enc:EncryptedData/> element processing context.
+ * The caller is responsible for destroying returned object by calling
+ * #xmlSecEncCtxDestroy function.
+ *
+ * Returns: pointer to newly allocated context object or NULL if an error
+ * occurs.
+ */
+xmlSecEncCtxPtr
+xmlSecEncCtxCreate(xmlSecKeysMngrPtr keysMngr) {
+ xmlSecEncCtxPtr encCtx;
+ int ret;
+
+ encCtx = (xmlSecEncCtxPtr) xmlMalloc(sizeof(xmlSecEncCtx));
+ if(encCtx == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "sizeof(xmlSecEncCtx)=%d",
+ sizeof(xmlSecEncCtx));
+ return(NULL);
+ }
+
+ ret = xmlSecEncCtxInitialize(encCtx, keysMngr);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecEncCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecEncCtxDestroy(encCtx);
+ return(NULL);
+ }
+ return(encCtx);
+}
+
+/**
+ * xmlSecEncCtxDestroy:
+ * @encCtx: the pointer to <enc:EncryptedData/> processing context.
+ *
+ * Destroy context object created with #xmlSecEncCtxCreate function.
+ */
+void
+xmlSecEncCtxDestroy(xmlSecEncCtxPtr encCtx) {
+ xmlSecAssert(encCtx != NULL);
+
+ xmlSecEncCtxFinalize(encCtx);
+ xmlFree(encCtx);
+}
+
+/**
+ * xmlSecEncCtxInitialize:
+ * @encCtx: the pointer to <enc:EncryptedData/> processing context.
+ * @keysMngr: the pointer to keys manager.
+ *
+ * Initializes <enc:EncryptedData/> element processing context.
+ * The caller is responsible for cleaning up returned object by calling
+ * #xmlSecEncCtxFinalize function.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecEncCtxInitialize(xmlSecEncCtxPtr encCtx, xmlSecKeysMngrPtr keysMngr) {
+ int ret;
+
+ xmlSecAssert2(encCtx != NULL, -1);
+
+ memset(encCtx, 0, sizeof(xmlSecEncCtx));
+
+ /* initialize key info */
+ ret = xmlSecKeyInfoCtxInitialize(&(encCtx->keyInfoReadCtx), keysMngr);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyInfoCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ encCtx->keyInfoReadCtx.mode = xmlSecKeyInfoModeRead;
+
+ ret = xmlSecKeyInfoCtxInitialize(&(encCtx->keyInfoWriteCtx), keysMngr);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyInfoCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ encCtx->keyInfoWriteCtx.mode = xmlSecKeyInfoModeWrite;
+ /* it's not wise to write private key :) */
+ encCtx->keyInfoWriteCtx.keyReq.keyType = xmlSecKeyDataTypePublic;
+
+ /* initializes transforms encCtx */
+ ret = xmlSecTransformCtxInitialize(&(encCtx->transformCtx));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecEncCtxFinalize:
+ * @encCtx: the pointer to <enc:EncryptedData/> processing context.
+ *
+ * Cleans up @encCtx object.
+ */
+void
+xmlSecEncCtxFinalize(xmlSecEncCtxPtr encCtx) {
+ xmlSecAssert(encCtx != NULL);
+
+ xmlSecEncCtxReset(encCtx);
+
+ xmlSecTransformCtxFinalize(&(encCtx->transformCtx));
+ xmlSecKeyInfoCtxFinalize(&(encCtx->keyInfoReadCtx));
+ xmlSecKeyInfoCtxFinalize(&(encCtx->keyInfoWriteCtx));
+
+ memset(encCtx, 0, sizeof(xmlSecEncCtx));
+}
+
+/**
+ * xmlSecEncCtxReset:
+ * @encCtx: the pointer to <enc:EncryptedData/> processing context.
+ *
+ * Resets @encCtx object, user settings are not touched.
+ */
+void
+xmlSecEncCtxReset(xmlSecEncCtxPtr encCtx) {
+ xmlSecAssert(encCtx != NULL);
+
+ xmlSecTransformCtxReset(&(encCtx->transformCtx));
+ xmlSecKeyInfoCtxReset(&(encCtx->keyInfoReadCtx));
+ xmlSecKeyInfoCtxReset(&(encCtx->keyInfoWriteCtx));
+
+ encCtx->operation = xmlSecTransformOperationNone;
+ encCtx->result = NULL;
+ encCtx->resultBase64Encoded = 0;
+ encCtx->resultReplaced = 0;
+ encCtx->encMethod = NULL;
+
+ if (encCtx->replacedNodeList != NULL) {
+ xmlFreeNodeList(encCtx->replacedNodeList);
+ encCtx->replacedNodeList = NULL;
+ }
+
+ if(encCtx->encKey != NULL) {
+ xmlSecKeyDestroy(encCtx->encKey);
+ encCtx->encKey = NULL;
+ }
+
+ if(encCtx->id != NULL) {
+ xmlFree(encCtx->id);
+ encCtx->id = NULL;
+ }
+
+ if(encCtx->type != NULL) {
+ xmlFree(encCtx->type);
+ encCtx->type = NULL;
+ }
+
+ if(encCtx->mimeType != NULL) {
+ xmlFree(encCtx->mimeType);
+ encCtx->mimeType = NULL;
+ }
+
+ if(encCtx->encoding != NULL) {
+ xmlFree(encCtx->encoding);
+ encCtx->encoding = NULL;
+ }
+
+ if(encCtx->recipient != NULL) {
+ xmlFree(encCtx->recipient);
+ encCtx->recipient = NULL;
+ }
+
+ if(encCtx->carriedKeyName != NULL) {
+ xmlFree(encCtx->carriedKeyName);
+ encCtx->carriedKeyName = NULL;
+ }
+
+ encCtx->encDataNode = encCtx->encMethodNode =
+ encCtx->keyInfoNode = encCtx->cipherValueNode = NULL;
+}
+
+/**
+ * xmlSecEncCtxCopyUserPref:
+ * @dst: the pointer to destination context.
+ * @src: the pointer to source context.
+ *
+ * Copies user preference from @src context to @dst.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecEncCtxCopyUserPref(xmlSecEncCtxPtr dst, xmlSecEncCtxPtr src) {
+ int ret;
+
+ xmlSecAssert2(dst != NULL, -1);
+ xmlSecAssert2(src != NULL, -1);
+
+ dst->userData = src->userData;
+ dst->flags = src->flags;
+ dst->flags2 = src->flags2;
+ dst->defEncMethodId = src->defEncMethodId;
+ dst->mode = src->mode;
+
+ ret = xmlSecTransformCtxCopyUserPref(&(dst->transformCtx), &(src->transformCtx));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxCopyUserPref",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecKeyInfoCtxCopyUserPref(&(dst->keyInfoReadCtx), &(src->keyInfoReadCtx));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyInfoCtxCopyUserPref",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecKeyInfoCtxCopyUserPref(&(dst->keyInfoWriteCtx), &(src->keyInfoWriteCtx));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyInfoCtxCopyUserPref",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecEncCtxBinaryEncrypt:
+ * @encCtx: the pointer to <enc:EncryptedData/> processing context.
+ * @tmpl: the pointer to <enc:EncryptedData/> template node.
+ * @data: the pointer for binary buffer.
+ * @dataSize: the @data buffer size.
+ *
+ * Encrypts @data according to template @tmpl.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecEncCtxBinaryEncrypt(xmlSecEncCtxPtr encCtx, xmlNodePtr tmpl,
+ const xmlSecByte* data, xmlSecSize dataSize) {
+ int ret;
+
+ xmlSecAssert2(encCtx != NULL, -1);
+ xmlSecAssert2(encCtx->result == NULL, -1);
+ xmlSecAssert2(tmpl != NULL, -1);
+ xmlSecAssert2(data != NULL, -1);
+
+ /* initialize context and add ID atributes to the list of known ids */
+ encCtx->operation = xmlSecTransformOperationEncrypt;
+ xmlSecAddIDs(tmpl->doc, tmpl, xmlSecEncIds);
+
+ /* read the template and set encryption method, key, etc. */
+ ret = xmlSecEncCtxEncDataNodeRead(encCtx, tmpl);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecEncCtxEncDataNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecTransformCtxBinaryExecute(&(encCtx->transformCtx), data, dataSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxBinaryExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "dataSize=%d",
+ dataSize);
+ return(-1);
+ }
+
+ encCtx->result = encCtx->transformCtx.result;
+ xmlSecAssert2(encCtx->result != NULL, -1);
+
+ ret = xmlSecEncCtxEncDataNodeWrite(encCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecEncCtxEncDataNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+/**
+ * xmlSecEncCtxXmlEncrypt:
+ * @encCtx: the pointer to <enc:EncryptedData/> processing context.
+ * @tmpl: the pointer to <enc:EncryptedData/> template node.
+ * @node: the pointer to node for encryption.
+ *
+ * Encrypts @node according to template @tmpl. If requested, @node is replaced
+ * with result <enc:EncryptedData/> node.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecEncCtxXmlEncrypt(xmlSecEncCtxPtr encCtx, xmlNodePtr tmpl, xmlNodePtr node) {
+ xmlOutputBufferPtr output;
+ int ret;
+
+ xmlSecAssert2(encCtx != NULL, -1);
+ xmlSecAssert2(encCtx->result == NULL, -1);
+ xmlSecAssert2(tmpl != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(node->doc != NULL, -1);
+
+ /* initialize context and add ID atributes to the list of known ids */
+ encCtx->operation = xmlSecTransformOperationEncrypt;
+ xmlSecAddIDs(tmpl->doc, tmpl, xmlSecEncIds);
+
+ /* read the template and set encryption method, key, etc. */
+ ret = xmlSecEncCtxEncDataNodeRead(encCtx, tmpl);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecEncCtxEncDataNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecTransformCtxPrepare(&(encCtx->transformCtx), xmlSecTransformDataTypeBin);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxPrepare",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "type=bin");
+ return(-1);
+ }
+
+ xmlSecAssert2(encCtx->transformCtx.first != NULL, -1);
+ output = xmlSecTransformCreateOutputBuffer(encCtx->transformCtx.first,
+ &(encCtx->transformCtx));
+ if(output == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(encCtx->transformCtx.first)),
+ "xmlSecTransformCreateOutputBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* push data thru */
+ if((encCtx->type != NULL) && xmlStrEqual(encCtx->type, xmlSecTypeEncElement)) {
+ /* get the content of the node */
+ xmlNodeDumpOutput(output, node->doc, node, 0, 0, NULL);
+ } else if((encCtx->type != NULL) && xmlStrEqual(encCtx->type, xmlSecTypeEncContent)) {
+ xmlNodePtr cur;
+
+ /* get the content of the nodes childs */
+ for(cur = node->children; cur != NULL; cur = cur->next) {
+ xmlNodeDumpOutput(output, node->doc, cur, 0, 0, NULL);
+ }
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TYPE,
+ "type=%s",
+ xmlSecErrorsSafeString(encCtx->type));
+ xmlOutputBufferClose(output);
+ return(-1);
+ }
+
+ /* close the buffer and flush everything */
+ ret = xmlOutputBufferClose(output);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlOutputBufferClose",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ encCtx->result = encCtx->transformCtx.result;
+ xmlSecAssert2(encCtx->result != NULL, -1);
+
+ ret = xmlSecEncCtxEncDataNodeWrite(encCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecEncCtxEncDataNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* now we need to update our original document */
+ if((encCtx->type != NULL) && xmlStrEqual(encCtx->type, xmlSecTypeEncElement)) {
+ /* check if we need to return the replaced node */
+ if((encCtx->flags & XMLSEC_ENC_RETURN_REPLACED_NODE) != 0) {
+ ret = xmlSecReplaceNodeAndReturn(node, tmpl, &(encCtx->replacedNodeList));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecReplaceNode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
+ return(-1);
+ }
+ } else {
+ ret = xmlSecReplaceNode(node, tmpl);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecReplaceNode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
+ return(-1);
+ }
+ }
+
+ encCtx->resultReplaced = 1;
+ } else if((encCtx->type != NULL) && xmlStrEqual(encCtx->type, xmlSecTypeEncContent)) {
+ /* check if we need to return the replaced node */
+ if((encCtx->flags & XMLSEC_ENC_RETURN_REPLACED_NODE) != 0) {
+ ret = xmlSecReplaceContentAndReturn(node, tmpl, &(encCtx->replacedNodeList));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecReplaceContentAndReturn",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
+ return(-1);
+ }
+ } else {
+ ret = xmlSecReplaceContent(node, tmpl);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecReplaceContent",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
+ return(-1);
+ }
+ }
+
+ encCtx->resultReplaced = 1;
+ } else {
+ /* we should've catached this error before */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TYPE,
+ "type=%s",
+ xmlSecErrorsSafeString(encCtx->type));
+ return(-1);
+ }
+ return(0);
+}
+
+/**
+ * xmlSecEncCtxUriEncrypt:
+ * @encCtx: the pointer to <enc:EncryptedData/> processing context.
+ * @tmpl: the pointer to <enc:EncryptedData/> template node.
+ * @uri: the URI.
+ *
+ * Encrypts data from @uri according to template @tmpl.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecEncCtxUriEncrypt(xmlSecEncCtxPtr encCtx, xmlNodePtr tmpl, const xmlChar *uri) {
+ int ret;
+
+ xmlSecAssert2(encCtx != NULL, -1);
+ xmlSecAssert2(encCtx->result == NULL, -1);
+ xmlSecAssert2(tmpl != NULL, -1);
+ xmlSecAssert2(uri != NULL, -1);
+
+ /* initialize context and add ID atributes to the list of known ids */
+ encCtx->operation = xmlSecTransformOperationEncrypt;
+ xmlSecAddIDs(tmpl->doc, tmpl, xmlSecEncIds);
+
+ /* we need to add input uri transform first */
+ ret = xmlSecTransformCtxSetUri(&(encCtx->transformCtx), uri, tmpl);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxSetUri",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "uri=%s",
+ xmlSecErrorsSafeString(uri));
+ return(-1);
+ }
+
+ /* read the template and set encryption method, key, etc. */
+ ret = xmlSecEncCtxEncDataNodeRead(encCtx, tmpl);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecEncCtxEncDataNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* encrypt the data */
+ ret = xmlSecTransformCtxExecute(&(encCtx->transformCtx), tmpl->doc);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ encCtx->result = encCtx->transformCtx.result;
+ xmlSecAssert2(encCtx->result != NULL, -1);
+
+ ret = xmlSecEncCtxEncDataNodeWrite(encCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecEncCtxEncDataNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecEncCtxDecrypt:
+ * @encCtx: the pointer to <enc:EncryptedData/> processing context.
+ * @node: the pointer to <enc:EncryptedData/> node.
+ *
+ * Decrypts @node and if necessary replaces @node with decrypted data.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecEncCtxDecrypt(xmlSecEncCtxPtr encCtx, xmlNodePtr node) {
+ xmlSecBufferPtr buffer;
+ int ret;
+
+ xmlSecAssert2(encCtx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* decrypt */
+ buffer = xmlSecEncCtxDecryptToBuffer(encCtx, node);
+ if(buffer == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecEncCtxDecryptToBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* replace original node if requested */
+ if((encCtx->type != NULL) && xmlStrEqual(encCtx->type, xmlSecTypeEncElement)) {
+ /* check if we need to return the replaced node */
+ if((encCtx->flags & XMLSEC_ENC_RETURN_REPLACED_NODE) != 0) {
+ ret = xmlSecReplaceNodeBufferAndReturn(node, xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer), &(encCtx->replacedNodeList));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecReplaceNodeBufferAndReturn",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
+ return(-1);
+ }
+ } else {
+ ret = xmlSecReplaceNodeBuffer(node, xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecReplaceNodeBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
+ return(-1);
+ }
+ }
+
+ encCtx->resultReplaced = 1;
+ } else if((encCtx->type != NULL) && xmlStrEqual(encCtx->type, xmlSecTypeEncContent)) {
+ /* replace the node with the buffer */
+
+ /* check if we need to return the replaced node */
+ if((encCtx->flags & XMLSEC_ENC_RETURN_REPLACED_NODE) != 0) {
+ ret = xmlSecReplaceNodeBufferAndReturn(node, xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer), &(encCtx->replacedNodeList));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecReplaceNodeBufferAndReturn",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
+ return(-1);
+ }
+ } else {
+ ret = xmlSecReplaceNodeBuffer(node, xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecReplaceNodeBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
+ return(-1);
+ }
+ }
+ encCtx->resultReplaced = 1;
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecEncCtxDecryptToBuffer:
+ * @encCtx: the pointer to <enc:EncryptedData/> processing context.
+ * @node: the pointer to <enc:EncryptedData/> node.
+ *
+ * Decrypts @node data to the @encCtx buffer.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+xmlSecBufferPtr
+xmlSecEncCtxDecryptToBuffer(xmlSecEncCtxPtr encCtx, xmlNodePtr node) {
+ int ret;
+
+ xmlSecAssert2(encCtx != NULL, NULL);
+ xmlSecAssert2(encCtx->result == NULL, NULL);
+ xmlSecAssert2(node != NULL, NULL);
+
+ /* initialize context and add ID atributes to the list of known ids */
+ encCtx->operation = xmlSecTransformOperationDecrypt;
+ xmlSecAddIDs(node->doc, node, xmlSecEncIds);
+
+ ret = xmlSecEncCtxEncDataNodeRead(encCtx, node);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecEncCtxEncDataNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ /* decrypt the data */
+ if(encCtx->cipherValueNode != NULL) {
+ xmlChar* data = NULL;
+ xmlSecSize dataSize = 0;
+
+ data = xmlNodeGetContent(encCtx->cipherValueNode);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(encCtx->cipherValueNode)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ dataSize = xmlStrlen(data);
+
+ ret = xmlSecTransformCtxBinaryExecute(&(encCtx->transformCtx), data, dataSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxBinaryExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ if(data != NULL) {
+ xmlFree(data);
+ }
+ return(NULL);
+ }
+ if(data != NULL) {
+ xmlFree(data);
+ }
+ } else {
+ ret = xmlSecTransformCtxExecute(&(encCtx->transformCtx), node->doc);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxBinaryExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ }
+
+ encCtx->result = encCtx->transformCtx.result;
+ xmlSecAssert2(encCtx->result != NULL, NULL);
+
+ return(encCtx->result);
+}
+
+static int
+xmlSecEncCtxEncDataNodeRead(xmlSecEncCtxPtr encCtx, xmlNodePtr node) {
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(encCtx != NULL, -1);
+ xmlSecAssert2((encCtx->operation == xmlSecTransformOperationEncrypt) || (encCtx->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ switch(encCtx->mode) {
+ case xmlEncCtxModeEncryptedData:
+ if(!xmlSecCheckNodeName(node, xmlSecNodeEncryptedData, xmlSecEncNs)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "expected=%s",
+ xmlSecErrorsSafeString(xmlSecNodeEncryptedData));
+ return(-1);
+ }
+ break;
+ case xmlEncCtxModeEncryptedKey:
+ if(!xmlSecCheckNodeName(node, xmlSecNodeEncryptedKey, xmlSecEncNs)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "expected=%s",
+ xmlSecErrorsSafeString(xmlSecNodeEncryptedKey));
+ return(-1);
+ }
+ break;
+ }
+
+ /* first read node data */
+ xmlSecAssert2(encCtx->id == NULL, -1);
+ xmlSecAssert2(encCtx->type == NULL, -1);
+ xmlSecAssert2(encCtx->mimeType == NULL, -1);
+ xmlSecAssert2(encCtx->encoding == NULL, -1);
+ xmlSecAssert2(encCtx->recipient == NULL, -1);
+ xmlSecAssert2(encCtx->carriedKeyName == NULL, -1);
+
+ encCtx->id = xmlGetProp(node, xmlSecAttrId);
+ encCtx->type = xmlGetProp(node, xmlSecAttrType);
+ encCtx->mimeType = xmlGetProp(node, xmlSecAttrMimeType);
+ encCtx->encoding = xmlGetProp(node, xmlSecAttrEncoding);
+ if(encCtx->mode == xmlEncCtxModeEncryptedKey) {
+ encCtx->recipient = xmlGetProp(node, xmlSecAttrRecipient);
+ /* todo: check recipient? */
+ }
+ cur = xmlSecGetNextElementNode(node->children);
+
+ /* first node is optional EncryptionMethod, we'll read it later */
+ xmlSecAssert2(encCtx->encMethodNode == NULL, -1);
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeEncryptionMethod, xmlSecEncNs))) {
+ encCtx->encMethodNode = cur;
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* next node is optional KeyInfo, we'll process it later */
+ xmlSecAssert2(encCtx->keyInfoNode == NULL, -1);
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeKeyInfo, xmlSecDSigNs))) {
+ encCtx->keyInfoNode = cur;
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* next is required CipherData node */
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeCipherData, xmlSecEncNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeCipherData));
+ return(-1);
+ }
+
+ ret = xmlSecEncCtxCipherDataNodeRead(encCtx, cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecEncCtxCipherDataNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+
+ /* next is optional EncryptionProperties node (we simply ignore it) */
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeEncryptionProperties, xmlSecEncNs))) {
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* there are more possible nodes for the <EncryptedKey> node */
+ if(encCtx->mode == xmlEncCtxModeEncryptedKey) {
+ /* next is optional ReferenceList node (we simply ignore it) */
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeReferenceList, xmlSecEncNs))) {
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* next is optional CarriedKeyName node (we simply ignore it) */
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeCarriedKeyName, xmlSecEncNs))) {
+ encCtx->carriedKeyName = xmlNodeGetContent(cur);
+ if(encCtx->carriedKeyName == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeCipherData));
+ return(-1);
+ }
+ /* TODO: decode the name? */
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+ }
+
+ /* if there is something left than it's an error */
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* now read the encryption method node */
+ xmlSecAssert2(encCtx->encMethod == NULL, -1);
+ if(encCtx->encMethodNode != NULL) {
+ encCtx->encMethod = xmlSecTransformCtxNodeRead(&(encCtx->transformCtx), encCtx->encMethodNode,
+ xmlSecTransformUsageEncryptionMethod);
+ if(encCtx->encMethod == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(encCtx->encMethodNode)));
+ return(-1);
+ }
+ } else if(encCtx->defEncMethodId != xmlSecTransformIdUnknown) {
+ encCtx->encMethod = xmlSecTransformCtxCreateAndAppend(&(encCtx->transformCtx),
+ encCtx->defEncMethodId);
+ if(encCtx->encMethod == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "encryption method not specified");
+ return(-1);
+ }
+ encCtx->encMethod->operation = encCtx->operation;
+
+ /* we have encryption method, find key */
+ ret = xmlSecTransformSetKeyReq(encCtx->encMethod, &(encCtx->keyInfoReadCtx.keyReq));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformSetKeyReq",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformGetName(encCtx->encMethod)));
+ return(-1);
+ }
+
+ /* TODO: KeyInfo node != NULL and encKey != NULL */
+ if((encCtx->encKey == NULL) && (encCtx->keyInfoReadCtx.keysMngr != NULL)
+ && (encCtx->keyInfoReadCtx.keysMngr->getKey != NULL)) {
+ encCtx->encKey = (encCtx->keyInfoReadCtx.keysMngr->getKey)(encCtx->keyInfoNode,
+ &(encCtx->keyInfoReadCtx));
+ }
+
+ /* check that we have exactly what we want */
+ if((encCtx->encKey == NULL) ||
+ (!xmlSecKeyMatch(encCtx->encKey, NULL, &(encCtx->keyInfoReadCtx.keyReq)))) {
+
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_KEY_NOT_FOUND,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* set the key to the transform */
+ ret = xmlSecTransformSetKey(encCtx->encMethod, encCtx->encKey);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformSetKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "transform=%s",
+ xmlSecErrorsSafeString(xmlSecTransformGetName(encCtx->encMethod)));
+ return(-1);
+ }
+
+ /* if we need to write result to xml node then we need base64 encode it */
+ if((encCtx->operation == xmlSecTransformOperationEncrypt) && (encCtx->cipherValueNode != NULL)) {
+ xmlSecTransformPtr base64Encode;
+
+ /* we need to add base64 encode transform */
+ base64Encode = xmlSecTransformCtxCreateAndAppend(&(encCtx->transformCtx), xmlSecTransformBase64Id);
+ if(base64Encode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxCreateAndAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ base64Encode->operation = xmlSecTransformOperationEncode;
+ encCtx->resultBase64Encoded = 1;
+ }
+
+ return(0);
+}
+
+static int
+xmlSecEncCtxEncDataNodeWrite(xmlSecEncCtxPtr encCtx) {
+ int ret;
+
+ xmlSecAssert2(encCtx != NULL, -1);
+ xmlSecAssert2(encCtx->result != NULL, -1);
+ xmlSecAssert2(encCtx->encKey != NULL, -1);
+
+ /* write encrypted data to xml (if requested) */
+ if(encCtx->cipherValueNode != NULL) {
+ xmlSecAssert2(xmlSecBufferGetData(encCtx->result) != NULL, -1);
+
+ xmlNodeSetContentLen(encCtx->cipherValueNode,
+ xmlSecBufferGetData(encCtx->result),
+ xmlSecBufferGetSize(encCtx->result));
+ encCtx->resultReplaced = 1;
+ }
+
+ /* update <enc:KeyInfo/> node */
+ if(encCtx->keyInfoNode != NULL) {
+ ret = xmlSecKeyInfoNodeWrite(encCtx->keyInfoNode, encCtx->encKey, &(encCtx->keyInfoWriteCtx));
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyInfoNodeWrite",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ return(0);
+}
+
+static int
+xmlSecEncCtxCipherDataNodeRead(xmlSecEncCtxPtr encCtx, xmlNodePtr node) {
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(encCtx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ cur = xmlSecGetNextElementNode(node->children);
+
+ /* we either have CipherValue or CipherReference node */
+ xmlSecAssert2(encCtx->cipherValueNode == NULL, -1);
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeCipherValue, xmlSecEncNs))) {
+ /* don't need data from CipherData node when we are encrypting */
+ if(encCtx->operation == xmlSecTransformOperationDecrypt) {
+ xmlSecTransformPtr base64Decode;
+
+ /* we need to add base64 decode transform */
+ base64Decode = xmlSecTransformCtxCreateAndPrepend(&(encCtx->transformCtx), xmlSecTransformBase64Id);
+ if(base64Decode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxCreateAndPrepend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ encCtx->cipherValueNode = cur;
+ cur = xmlSecGetNextElementNode(cur->next);
+ } else if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeCipherReference, xmlSecEncNs))) {
+ /* don't need data from CipherReference node when we are encrypting */
+ if(encCtx->operation == xmlSecTransformOperationDecrypt) {
+ ret = xmlSecEncCtxCipherReferenceNodeRead(encCtx, cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecEncCtxCipherReferenceNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+static int
+xmlSecEncCtxCipherReferenceNodeRead(xmlSecEncCtxPtr encCtx, xmlNodePtr node) {
+ xmlNodePtr cur;
+ xmlChar* uri;
+ int ret;
+
+ xmlSecAssert2(encCtx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* first read the optional uri attr and check that we can process it */
+ uri = xmlGetProp(node, xmlSecAttrURI);
+ ret = xmlSecTransformCtxSetUri(&(encCtx->transformCtx), uri, node);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxSetUri",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "uri=%s",
+ xmlSecErrorsSafeString(uri));
+ xmlFree(uri);
+ return(-1);
+ }
+ xmlFree(uri);
+
+ cur = xmlSecGetNextElementNode(node->children);
+
+ /* the only one node is optional Transforms node */
+ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeTransforms, xmlSecEncNs))) {
+ ret = xmlSecTransformCtxNodesListRead(&(encCtx->transformCtx), cur,
+ xmlSecTransformUsageDSigTransform);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformCtxNodesListRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(encCtx->encMethodNode)));
+ return(-1);
+ }
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* if there is something left than it's an error */
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+/**
+ * xmlSecEncCtxDebugDump:
+ * @encCtx: the pointer to <enc:EncryptedData/> processing context.
+ * @output: the pointer to output FILE.
+ *
+ * Prints the debug information about @encCtx to @output.
+ */
+void
+xmlSecEncCtxDebugDump(xmlSecEncCtxPtr encCtx, FILE* output) {
+ xmlSecAssert(encCtx != NULL);
+ xmlSecAssert(output != NULL);
+
+ switch(encCtx->mode) {
+ case xmlEncCtxModeEncryptedData:
+ if(encCtx->operation == xmlSecTransformOperationEncrypt) {
+ fprintf(output, "= DATA ENCRYPTION CONTEXT\n");
+ } else {
+ fprintf(output, "= DATA DECRYPTION CONTEXT\n");
+ }
+ break;
+ case xmlEncCtxModeEncryptedKey:
+ if(encCtx->operation == xmlSecTransformOperationEncrypt) {
+ fprintf(output, "= KEY ENCRYPTION CONTEXT\n");
+ } else {
+ fprintf(output, "= KEY DECRYPTION CONTEXT\n");
+ }
+ break;
+ }
+ fprintf(output, "== Status: %s\n",
+ (encCtx->resultReplaced) ? "replaced" : "not-replaced" );
+
+ fprintf(output, "== flags: 0x%08x\n", encCtx->flags);
+ fprintf(output, "== flags2: 0x%08x\n", encCtx->flags2);
+
+ if(encCtx->id != NULL) {
+ fprintf(output, "== Id: \"%s\"\n", encCtx->id);
+ }
+ if(encCtx->type != NULL) {
+ fprintf(output, "== Type: \"%s\"\n", encCtx->type);
+ }
+ if(encCtx->mimeType != NULL) {
+ fprintf(output, "== MimeType: \"%s\"\n", encCtx->mimeType);
+ }
+ if(encCtx->encoding != NULL) {
+ fprintf(output, "== Encoding: \"%s\"\n", encCtx->encoding);
+ }
+ if(encCtx->recipient != NULL) {
+ fprintf(output, "== Recipient: \"%s\"\n", encCtx->recipient);
+ }
+ if(encCtx->carriedKeyName != NULL) {
+ fprintf(output, "== CarriedKeyName: \"%s\"\n", encCtx->carriedKeyName);
+ }
+
+ fprintf(output, "== Key Info Read Ctx:\n");
+ xmlSecKeyInfoCtxDebugDump(&(encCtx->keyInfoReadCtx), output);
+
+ fprintf(output, "== Key Info Write Ctx:\n");
+ xmlSecKeyInfoCtxDebugDump(&(encCtx->keyInfoWriteCtx), output);
+
+ fprintf(output, "== Encryption Transform Ctx:\n");
+ xmlSecTransformCtxDebugDump(&(encCtx->transformCtx), output);
+
+ if(encCtx->encMethod != NULL) {
+ fprintf(output, "== Encryption Method:\n");
+ xmlSecTransformDebugDump(encCtx->encMethod, output);
+ }
+
+ if(encCtx->encKey != NULL) {
+ fprintf(output, "== Encryption Key:\n");
+ xmlSecKeyDebugDump(encCtx->encKey, output);
+ }
+
+ if((encCtx->result != NULL) &&
+ (xmlSecBufferGetData(encCtx->result) != NULL) &&
+ (encCtx->resultBase64Encoded != 0)) {
+
+ fprintf(output, "== Result - start buffer:\n");
+ fwrite(xmlSecBufferGetData(encCtx->result),
+ xmlSecBufferGetSize(encCtx->result), 1,
+ output);
+ fprintf(output, "\n== Result - end buffer\n");
+ }
+}
+
+/**
+ * xmlSecEncCtxDebugXmlDump:
+ * @encCtx: the pointer to <enc:EncryptedData/> processing context.
+ * @output: the pointer to output FILE.
+ *
+ * Prints the debug information about @encCtx to @output in XML format.
+ */
+void
+xmlSecEncCtxDebugXmlDump(xmlSecEncCtxPtr encCtx, FILE* output) {
+ xmlSecAssert(encCtx != NULL);
+ xmlSecAssert(output != NULL);
+
+ switch(encCtx->mode) {
+ case xmlEncCtxModeEncryptedData:
+ if(encCtx->operation == xmlSecTransformOperationEncrypt) {
+ fprintf(output, "<DataEncryptionContext ");
+ } else {
+ fprintf(output, "<DataDecryptionContext ");
+ }
+ break;
+ case xmlEncCtxModeEncryptedKey:
+ if(encCtx->operation == xmlSecTransformOperationEncrypt) {
+ fprintf(output, "<KeyEncryptionContext ");
+ } else {
+ fprintf(output, "<KeyDecryptionContext ");
+ }
+ break;
+ }
+ fprintf(output, "status=\"%s\" >\n", (encCtx->resultReplaced) ? "replaced" : "not-replaced" );
+
+ fprintf(output, "<Flags>%08x</Flags>\n", encCtx->flags);
+ fprintf(output, "<Flags2>%08x</Flags2>\n", encCtx->flags2);
+
+ fprintf(output, "<Id>");
+ xmlSecPrintXmlString(output, encCtx->id);
+ fprintf(output, "</Id>");
+
+ fprintf(output, "<Type>");
+ xmlSecPrintXmlString(output, encCtx->type);
+ fprintf(output, "</Type>");
+
+ fprintf(output, "<MimeType>");
+ xmlSecPrintXmlString(output, encCtx->mimeType);
+ fprintf(output, "</MimeType>");
+
+ fprintf(output, "<Encoding>");
+ xmlSecPrintXmlString(output, encCtx->encoding);
+ fprintf(output, "</Encoding>");
+
+ fprintf(output, "<Recipient>");
+ xmlSecPrintXmlString(output, encCtx->recipient);
+ fprintf(output, "</Recipient>");
+
+ fprintf(output, "<CarriedKeyName>");
+ xmlSecPrintXmlString(output, encCtx->carriedKeyName);
+ fprintf(output, "</CarriedKeyName>");
+
+ fprintf(output, "<KeyInfoReadCtx>\n");
+ xmlSecKeyInfoCtxDebugXmlDump(&(encCtx->keyInfoReadCtx), output);
+ fprintf(output, "</KeyInfoReadCtx>\n");
+
+ fprintf(output, "<KeyInfoWriteCtx>\n");
+ xmlSecKeyInfoCtxDebugXmlDump(&(encCtx->keyInfoWriteCtx), output);
+ fprintf(output, "</KeyInfoWriteCtx>\n");
+
+ fprintf(output, "<EncryptionTransformCtx>\n");
+ xmlSecTransformCtxDebugXmlDump(&(encCtx->transformCtx), output);
+ fprintf(output, "</EncryptionTransformCtx>\n");
+
+ if(encCtx->encMethod != NULL) {
+ fprintf(output, "<EncryptionMethod>\n");
+ xmlSecTransformDebugXmlDump(encCtx->encMethod, output);
+ fprintf(output, "</EncryptionMethod>\n");
+ }
+
+ if(encCtx->encKey != NULL) {
+ fprintf(output, "<EncryptionKey>\n");
+ xmlSecKeyDebugXmlDump(encCtx->encKey, output);
+ fprintf(output, "</EncryptionKey>\n");
+ }
+
+ if((encCtx->result != NULL) &&
+ (xmlSecBufferGetData(encCtx->result) != NULL) &&
+ (encCtx->resultBase64Encoded != 0)) {
+
+ fprintf(output, "<Result>");
+ fwrite(xmlSecBufferGetData(encCtx->result),
+ xmlSecBufferGetSize(encCtx->result), 1,
+ output);
+ fprintf(output, "</Result>\n");
+ }
+
+ switch(encCtx->mode) {
+ case xmlEncCtxModeEncryptedData:
+ if(encCtx->operation == xmlSecTransformOperationEncrypt) {
+ fprintf(output, "</DataEncryptionContext>\n");
+ } else {
+ fprintf(output, "</DataDecryptionContext>\n");
+ }
+ break;
+ case xmlEncCtxModeEncryptedKey:
+ if(encCtx->operation == xmlSecTransformOperationEncrypt) {
+ fprintf(output, "</KeyEncryptionContext>\n");
+ } else {
+ fprintf(output, "</KeyDecryptionContext>\n");
+ }
+ break;
+ }
+}
+
+#endif /* XMLSEC_NO_XMLENC */
+
diff --git a/src/xmlsec.c b/src/xmlsec.c
new file mode 100644
index 00000000..2f7e7f69
--- /dev/null
+++ b/src/xmlsec.c
@@ -0,0 +1,185 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * General functions.
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+
+#include <libxml/tree.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/app.h>
+#include <xmlsec/io.h>
+#include <xmlsec/xkms.h>
+#include <xmlsec/errors.h>
+
+/**
+ * xmlSecInit:
+ *
+ * Initializes XML Security Library. The depended libraries
+ * (LibXML and LibXSLT) must be initialized before.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecInit(void) {
+ xmlSecErrorsInit();
+ xmlSecIOInit();
+
+#ifndef XMLSEC_NO_CRYPTO_DYNAMIC_LOADING
+ if(xmlSecCryptoDLInit() < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCryptoDLInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+#endif /* XMLSEC_NO_CRYPTO_DYNAMIC_LOADING */
+
+ if(xmlSecKeyDataIdsInit() < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyDataIdsInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if(xmlSecTransformIdsInit() < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecTransformIdsInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+#ifndef XMLSEC_NO_XKMS
+ if(xmlSecXkmsRespondWithIdsInit() < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsRespondWithIdsInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ if(xmlSecXkmsServerRequestIdsInit() < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXkmsServerRequestIdsInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+#endif /* XMLSEC_NO_XKMS */
+
+ /* we use rand() function to generate id attributes */
+ srand(time(NULL));
+ return(0);
+}
+
+/**
+ * xmlSecShutdown:
+ *
+ * Clean ups the XML Security Library.
+ *
+ * Returns: 0 on success or a negative value otherwise.
+ */
+int
+xmlSecShutdown(void) {
+ int res = 0;
+
+#ifndef XMLSEC_NO_XKMS
+ xmlSecXkmsServerRequestIdsShutdown();
+ xmlSecXkmsRespondWithIdsShutdown();
+#endif /* XMLSEC_NO_XKMS */
+
+ xmlSecTransformIdsShutdown();
+ xmlSecKeyDataIdsShutdown();
+
+#ifndef XMLSEC_NO_CRYPTO_DYNAMIC_LOADING
+ if(xmlSecCryptoDLShutdown() < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCryptoDLShutdown",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ res = -1;
+ }
+#endif /* XMLSEC_NO_CRYPTO_DYNAMIC_LOADING */
+
+ xmlSecIOShutdown();
+ xmlSecErrorsShutdown();
+ return(res);
+}
+
+/**
+ * xmlSecCheckVersionExt:
+ * @major: the major version number.
+ * @minor: the minor version number.
+ * @subminor: the subminor version number.
+ * @mode: the version check mode.
+ *
+ * Checks if the loaded version of xmlsec library could be used.
+ *
+ * Returns: 1 if the loaded xmlsec library version is OK to use
+ * 0 if it is not or a negative value if an error occurs.
+ */
+int
+xmlSecCheckVersionExt(int major, int minor, int subminor, xmlSecCheckVersionMode mode) {
+ /* we always want to have a match for major version number */
+ if(major != XMLSEC_VERSION_MAJOR) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "expected major version=%d;real major version=%d",
+ XMLSEC_VERSION_MAJOR, major);
+ return(0);
+ }
+
+ switch(mode) {
+ case xmlSecCheckVersionExactMatch:
+ if((minor != XMLSEC_VERSION_MINOR) || (subminor != XMLSEC_VERSION_SUBMINOR)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "mode=exact;expected minor version=%d;real minor version=%d;expected subminor version=%d;real subminor version=%d",
+ XMLSEC_VERSION_MINOR, minor,
+ XMLSEC_VERSION_SUBMINOR, subminor);
+ return(0);
+ }
+ break;
+ case xmlSecCheckVersionABICompatible:
+ if((minor < XMLSEC_VERSION_MINOR) ||
+ ((minor == XMLSEC_VERSION_MINOR) &&
+ (subminor < XMLSEC_VERSION_SUBMINOR))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "mode=abi compatible;expected minor version=%d;real minor version=%d;expected subminor version=%d;real subminor version=%d",
+ XMLSEC_VERSION_MINOR, minor,
+ XMLSEC_VERSION_SUBMINOR, subminor);
+ return(0);
+ }
+ break;
+ }
+
+ return(1);
+}
+
+
diff --git a/src/xmltree.c b/src/xmltree.c
new file mode 100644
index 00000000..27ad09e2
--- /dev/null
+++ b/src/xmltree.c
@@ -0,0 +1,1908 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * Common XML Doc utility functions
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+
+#include <libxml/tree.h>
+#include <libxml/valid.h>
+#include <libxml/xpath.h>
+#include <libxml/xpathInternals.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/parser.h>
+#include <xmlsec/private.h>
+#include <xmlsec/base64.h>
+#include <xmlsec/errors.h>
+
+/**
+ * xmlSecFindChild:
+ * @parent: the pointer to XML node.
+ * @name: the name.
+ * @ns: the namespace href (may be NULL).
+ *
+ * Searches a direct child of the @parent node having given name and
+ * namespace href.
+ *
+ * Returns: the pointer to the found node or NULL if an error occurs or
+ * node is not found.
+ */
+xmlNodePtr
+xmlSecFindChild(const xmlNodePtr parent, const xmlChar *name, const xmlChar *ns) {
+ xmlNodePtr cur;
+
+ xmlSecAssert2(parent != NULL, NULL);
+ xmlSecAssert2(name != NULL, NULL);
+
+ cur = parent->children;
+ while(cur != NULL) {
+ if(cur->type == XML_ELEMENT_NODE) {
+ if(xmlSecCheckNodeName(cur, name, ns)) {
+ return(cur);
+ }
+ }
+ cur = cur->next;
+ }
+ return(NULL);
+}
+
+/**
+ * xmlSecFindParent:
+ * @cur: the pointer to an XML node.
+ * @name: the name.
+ * @ns: the namespace href (may be NULL).
+ *
+ * Searches the ancestors axis of the @cur node for a node having given name
+ * and namespace href.
+ *
+ * Returns: the pointer to the found node or NULL if an error occurs or
+ * node is not found.
+ */
+xmlNodePtr
+xmlSecFindParent(const xmlNodePtr cur, const xmlChar *name, const xmlChar *ns) {
+ xmlSecAssert2(cur != NULL, NULL);
+ xmlSecAssert2(name != NULL, NULL);
+
+ if(xmlSecCheckNodeName(cur, name, ns)) {
+ return(cur);
+ } else if(cur->parent != NULL) {
+ return(xmlSecFindParent(cur->parent, name, ns));
+ }
+ return(NULL);
+}
+
+/**
+ * xmlSecFindNode:
+ * @parent: the pointer to XML node.
+ * @name: the name.
+ * @ns: the namespace href (may be NULL).
+ *
+ * Searches all children of the @parent node having given name and
+ * namespace href.
+ *
+ * Returns: the pointer to the found node or NULL if an error occurs or
+ * node is not found.
+ */
+xmlNodePtr
+xmlSecFindNode(const xmlNodePtr parent, const xmlChar *name, const xmlChar *ns) {
+ xmlNodePtr cur;
+ xmlNodePtr ret;
+
+ xmlSecAssert2(name != NULL, NULL);
+
+ cur = parent;
+ while(cur != NULL) {
+ if((cur->type == XML_ELEMENT_NODE) && xmlSecCheckNodeName(cur, name, ns)) {
+ return(cur);
+ }
+ if(cur->children != NULL) {
+ ret = xmlSecFindNode(cur->children, name, ns);
+ if(ret != NULL) {
+ return(ret);
+ }
+ }
+ cur = cur->next;
+ }
+ return(NULL);
+}
+
+/**
+ * xmlSecGetNodeNsHref:
+ * @cur: the pointer to node.
+ *
+ * Get's node's namespace href.
+ *
+ * Returns: node's namespace href.
+ */
+const xmlChar*
+xmlSecGetNodeNsHref(const xmlNodePtr cur) {
+ xmlNsPtr ns;
+
+ xmlSecAssert2(cur != NULL, NULL);
+
+ /* do we have a namespace in the node? */
+ if(cur->ns != NULL) {
+ return(cur->ns->href);
+ }
+
+ /* search for default namespace */
+ ns = xmlSearchNs(cur->doc, cur, NULL);
+ if(ns != NULL) {
+ return(ns->href);
+ }
+
+ return(NULL);
+}
+
+/**
+ * xmlSecCheckNodeName:
+ * @cur: the pointer to an XML node.
+ * @name: the name,
+ * @ns: the namespace href.
+ *
+ * Checks that the node has a given name and a given namespace href.
+ *
+ * Returns: 1 if the node matches or 0 otherwise.
+ */
+int
+xmlSecCheckNodeName(const xmlNodePtr cur, const xmlChar *name, const xmlChar *ns) {
+ xmlSecAssert2(cur != NULL, 0);
+
+ return(xmlStrEqual(cur->name, name) &&
+ xmlStrEqual(xmlSecGetNodeNsHref(cur), ns));
+}
+
+/**
+ * xmlSecAddChild:
+ * @parent: the pointer to an XML node.
+ * @name: the new node name.
+ * @ns: the new node namespace.
+ *
+ * Adds a child to the node @parent with given @name and namespace @ns.
+ *
+ * Returns: pointer to the new node or NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecAddChild(xmlNodePtr parent, const xmlChar *name, const xmlChar *ns) {
+ xmlNodePtr cur;
+ xmlNodePtr text;
+
+ xmlSecAssert2(parent != NULL, NULL);
+ xmlSecAssert2(name != NULL, NULL);
+
+ if(parent->children == NULL) {
+ /* TODO: add indents */
+ text = xmlNewText(xmlSecStringCR);
+ if(text == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewText",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ xmlAddChild(parent, text);
+ }
+
+ cur = xmlNewChild(parent, NULL, name, NULL);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewChild",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ /* namespaces support */
+ if(ns != NULL) {
+ xmlNsPtr nsPtr;
+
+ /* find namespace by href and check that its prefix is not overwritten */
+ nsPtr = xmlSearchNsByHref(cur->doc, cur, ns);
+ if((nsPtr == NULL) || (xmlSearchNs(cur->doc, cur, nsPtr->prefix) != nsPtr)) {
+ nsPtr = xmlNewNs(cur, ns, NULL);
+ }
+ xmlSetNs(cur, nsPtr);
+ }
+
+ /* TODO: add indents */
+ text = xmlNewText(xmlSecStringCR);
+ if(text == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewText",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ xmlAddChild(parent, text);
+
+ return(cur);
+}
+
+/**
+ * xmlSecAddChildNode:
+ * @parent: the pointer to an XML node.
+ * @child: the new node.
+ *
+ * Adds @child node to the @parent node.
+ *
+ * Returns: pointer to the new node or NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecAddChildNode(xmlNodePtr parent, xmlNodePtr child) {
+ xmlNodePtr text;
+
+ xmlSecAssert2(parent != NULL, NULL);
+ xmlSecAssert2(child != NULL, NULL);
+
+ if(parent->children == NULL) {
+ /* TODO: add indents */
+ text = xmlNewText(xmlSecStringCR);
+ if(text == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewText",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ xmlAddChild(parent, text);
+ }
+
+ xmlAddChild(parent, child);
+
+ /* TODO: add indents */
+ text = xmlNewText(xmlSecStringCR);
+ if(text == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewText",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ xmlAddChild(parent, text);
+
+ return(child);
+}
+
+/**
+ * xmlSecAddNextSibling
+ * @node: the pointer to an XML node.
+ * @name: the new node name.
+ * @ns: the new node namespace.
+ *
+ * Adds next sibling to the node @node with given @name and namespace @ns.
+ *
+ * Returns: pointer to the new node or NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecAddNextSibling(xmlNodePtr node, const xmlChar *name, const xmlChar *ns) {
+ xmlNodePtr cur;
+ xmlNodePtr text;
+
+ xmlSecAssert2(node != NULL, NULL);
+ xmlSecAssert2(name != NULL, NULL);
+
+ cur = xmlNewNode(NULL, name);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewNode",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ xmlAddNextSibling(node, cur);
+
+ /* namespaces support */
+ if(ns != NULL) {
+ xmlNsPtr nsPtr;
+
+ /* find namespace by href and check that its prefix is not overwritten */
+ nsPtr = xmlSearchNsByHref(cur->doc, cur, ns);
+ if((nsPtr == NULL) || (xmlSearchNs(cur->doc, cur, nsPtr->prefix) != nsPtr)) {
+ nsPtr = xmlNewNs(cur, ns, NULL);
+ }
+ xmlSetNs(cur, nsPtr);
+ }
+
+ /* TODO: add indents */
+ text = xmlNewText(xmlSecStringCR);
+ if(text == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewText",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ xmlAddNextSibling(node, text);
+
+ return(cur);
+}
+
+/**
+ * xmlSecAddPrevSibling
+ * @node: the pointer to an XML node.
+ * @name: the new node name.
+ * @ns: the new node namespace.
+ *
+ * Adds prev sibling to the node @node with given @name and namespace @ns.
+ *
+ * Returns: pointer to the new node or NULL if an error occurs.
+ */
+xmlNodePtr
+xmlSecAddPrevSibling(xmlNodePtr node, const xmlChar *name, const xmlChar *ns) {
+ xmlNodePtr cur;
+ xmlNodePtr text;
+
+ xmlSecAssert2(node != NULL, NULL);
+ xmlSecAssert2(name != NULL, NULL);
+
+ cur = xmlNewNode(NULL, name);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewNode",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ xmlAddPrevSibling(node, cur);
+
+ /* namespaces support */
+ if(ns != NULL) {
+ xmlNsPtr nsPtr;
+
+ /* find namespace by href and check that its prefix is not overwritten */
+ nsPtr = xmlSearchNsByHref(cur->doc, cur, ns);
+ if((nsPtr == NULL) || (xmlSearchNs(cur->doc, cur, nsPtr->prefix) != nsPtr)) {
+ nsPtr = xmlNewNs(cur, ns, NULL);
+ }
+ xmlSetNs(cur, nsPtr);
+ }
+
+ /* TODO: add indents */
+ text = xmlNewText(xmlSecStringCR);
+ if(text == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewText",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ xmlAddPrevSibling(node, text);
+
+ return(cur);
+}
+
+/**
+ * xmlSecGetNextElementNode:
+ * @cur: the pointer to an XML node.
+ *
+ * Seraches for the next element node.
+ *
+ * Returns: the pointer to next element node or NULL if it is not found.
+ */
+xmlNodePtr
+xmlSecGetNextElementNode(xmlNodePtr cur) {
+
+ while((cur != NULL) && (cur->type != XML_ELEMENT_NODE)) {
+ cur = cur->next;
+ }
+ return(cur);
+}
+
+/**
+ * xmlSecReplaceNode:
+ * @node: the current node.
+ * @newNode: the new node.
+ *
+ * Swaps the @node and @newNode in the XML tree.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecReplaceNode(xmlNodePtr node, xmlNodePtr newNode) {
+ return xmlSecReplaceNodeAndReturn(node, newNode, NULL);
+}
+
+/**
+ * xmlSecReplaceNodeAndReturn:
+ * @node: the current node.
+ * @newNode: the new node.
+ * @replaced: the replaced node, or release it if NULL is given
+ *
+ * Swaps the @node and @newNode in the XML tree.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecReplaceNodeAndReturn(xmlNodePtr node, xmlNodePtr newNode, xmlNodePtr* replaced) {
+ xmlNodePtr oldNode;
+ int restoreRoot = 0;
+
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(newNode != NULL, -1);
+
+ /* fix documents children if necessary first */
+ if((node->doc != NULL) && (node->doc->children == node)) {
+ node->doc->children = node->next;
+ restoreRoot = 1;
+ }
+ if((newNode->doc != NULL) && (newNode->doc->children == newNode)) {
+ newNode->doc->children = newNode->next;
+ }
+
+ oldNode = xmlReplaceNode(node, newNode);
+ if(oldNode == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlReplaceNode",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if(restoreRoot != 0) {
+ xmlDocSetRootElement(oldNode->doc, newNode);
+ }
+
+ /* return the old node if requested */
+ if(replaced != NULL) {
+ (*replaced) = oldNode;
+ } else {
+ xmlFreeNode(oldNode);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecReplaceContent
+ * @node: the current node.
+ * @newNode: the new node.
+ *
+ * Swaps the content of @node and @newNode.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecReplaceContent(xmlNodePtr node, xmlNodePtr newNode) {
+ return xmlSecReplaceContentAndReturn(node, newNode, NULL);
+}
+
+/**
+ * xmlSecReplaceContentAndReturn
+ * @node: the current node.
+ * @newNode: the new node.
+ * @replaced: the replaced nodes, or release them if NULL is given
+ *
+ * Swaps the content of @node and @newNode.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecReplaceContentAndReturn(xmlNodePtr node, xmlNodePtr newNode, xmlNodePtr *replaced) {
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(newNode != NULL, -1);
+
+ xmlUnlinkNode(newNode);
+ xmlSetTreeDoc(newNode, node->doc);
+
+ /* return the old nodes if requested */
+ if(replaced != NULL) {
+ xmlNodePtr cur, next, tail;
+
+ (*replaced) = tail = NULL;
+ for(cur = node->children; (cur != NULL); cur = next) {
+ next = cur->next;
+ if((*replaced) != NULL) {
+ /* n is unlinked in this function */
+ xmlAddNextSibling(tail, cur);
+ tail = cur;
+ } else {
+ /* this is the first node, (*replaced) is the head */
+ xmlUnlinkNode(cur);
+ (*replaced) = tail = cur;
+ }
+ }
+ } else {
+ /* just delete the content */
+ xmlNodeSetContent(node, NULL);
+ }
+
+ xmlAddChild(node, newNode);
+ xmlSetTreeDoc(newNode, node->doc);
+
+ return(0);
+}
+
+/**
+ * xmlSecReplaceNodeBuffer:
+ * @node: the current node.
+ * @buffer: the XML data.
+ * @size: the XML data size.
+ *
+ * Swaps the @node and the parsed XML data from the @buffer in the XML tree.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecReplaceNodeBuffer(xmlNodePtr node, const xmlSecByte *buffer, xmlSecSize size) {
+ return xmlSecReplaceNodeBufferAndReturn(node, buffer, size, NULL);
+}
+
+/**
+ * xmlSecReplaceNodeBufferAndReturn:
+ * @node: the current node.
+ * @buffer: the XML data.
+ * @size: the XML data size.
+ * @replaced: the replaced nodes, or release them if NULL is given
+ *
+ * Swaps the @node and the parsed XML data from the @buffer in the XML tree.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecReplaceNodeBufferAndReturn(xmlNodePtr node, const xmlSecByte *buffer, xmlSecSize size, xmlNodePtr *replaced) {
+ xmlNodePtr results = NULL;
+ xmlNodePtr next = NULL;
+
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(node->parent != NULL, -1);
+
+ /* parse buffer in the context of node's parent */
+ if(xmlParseInNodeContext(node->parent, (const char*)buffer, size, XML_PARSE_NODICT, &results) != XML_ERR_OK) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlParseInNodeContext",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "Failed to parse content");
+ return(-1);
+ }
+
+ /* add new nodes */
+ while (results != NULL) {
+ next = results->next;
+ xmlAddPrevSibling(node, results);
+ results = next;
+ }
+
+ /* remove old node */
+ xmlUnlinkNode(node);
+
+ /* return the old node if requested */
+ if(replaced != NULL) {
+ (*replaced) = node;
+ } else {
+ xmlFreeNode(node);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecNodeEncodeAndSetContent:
+ * @node: the pointer to an XML node.
+ * @buffer: the pointer to the node content.
+ *
+ * Encodes "special" characters in the @buffer and sets the result
+ * as the node content.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecNodeEncodeAndSetContent(xmlNodePtr node, const xmlChar * buffer) {
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(node->doc != NULL, -1);
+
+ if(buffer != NULL) {
+ xmlChar * tmp;
+
+ tmp = xmlEncodeSpecialChars(node->doc, buffer);
+ if (tmp == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlEncodeSpecialChars",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "Failed to encode special characters");
+ return(-1);
+ }
+
+ xmlNodeSetContent(node, tmp);
+ xmlFree(tmp);
+ } else {
+ xmlNodeSetContent(node, NULL);
+ }
+
+ return(0);
+}
+
+/**
+ * xmlSecAddIDs:
+ * @doc: the pointer to an XML document.
+ * @cur: the pointer to an XML node.
+ * @ids: the pointer to a NULL terminated list of ID attributes.
+ *
+ * Walks thru all children of the @cur node and adds all attributes
+ * from the @ids list to the @doc document IDs attributes hash.
+ */
+void
+xmlSecAddIDs(xmlDocPtr doc, xmlNodePtr cur, const xmlChar** ids) {
+ xmlNodePtr children = NULL;
+
+ xmlSecAssert(doc != NULL);
+ xmlSecAssert(ids != NULL);
+
+ if((cur != NULL) && (cur->type == XML_ELEMENT_NODE)) {
+ xmlAttrPtr attr;
+ xmlAttrPtr tmp;
+ int i;
+ xmlChar* name;
+
+ for(attr = cur->properties; attr != NULL; attr = attr->next) {
+ for(i = 0; ids[i] != NULL; ++i) {
+ if(xmlStrEqual(attr->name, ids[i])) {
+ name = xmlNodeListGetString(doc, attr->children, 1);
+ if(name != NULL) {
+ tmp = xmlGetID(doc, name);
+ if(tmp == NULL) {
+ xmlAddID(NULL, doc, name, attr);
+ } else if(tmp != attr) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "id=%s already defined",
+ xmlSecErrorsSafeString(name));
+ }
+ xmlFree(name);
+ }
+ }
+ }
+ }
+
+ children = cur->children;
+ } else if(cur == NULL) {
+ children = doc->children;
+ }
+
+ while(children != NULL) {
+ if(children->type == XML_ELEMENT_NODE) {
+ xmlSecAddIDs(doc, children, ids);
+ }
+ children = children->next;
+ }
+}
+
+/**
+ * xmlSecGenerateAndAddID:
+ * @node: the node to ID attr to.
+ * @attrName: the ID attr name.
+ * @prefix: the prefix to add to the generated ID (can be NULL).
+ * @len: the length of ID.
+ *
+ * Generates a unique ID in the format <@prefix>base64-encoded(@len random bytes)
+ * and puts it in the attribute @attrName.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecGenerateAndAddID(xmlNodePtr node, const xmlChar* attrName, const xmlChar* prefix, xmlSecSize len) {
+ xmlChar* id;
+ int count;
+
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(attrName != NULL, -1);
+
+ /* we will try 5 times before giving up */
+ for(count = 0; count < 5; count++) {
+ id = xmlSecGenerateID(prefix, len);
+ if(id == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGenerateID",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if((node->doc == NULL) || (xmlGetID(node->doc, id) == NULL)) {
+ /* this is a unique ID in the document and we can use it */
+ if(xmlSetProp(node, attrName, id) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(id);
+ return(-1);
+ }
+
+ xmlFree(id);
+ return(0);
+ }
+ xmlFree(id);
+ }
+
+ return(-1);
+}
+
+/**
+ * xmlSecGenerateID:
+ * @prefix: the prefix to add to the generated ID (can be NULL).
+ * @len: the length of ID.
+ *
+ * Generates a unique ID in the format <@prefix>base64-encoded(@len random bytes).
+ * The caller is responsible for freeing returned string using @xmlFree function.
+ *
+ * Returns: pointer to generated ID string or NULL if an error occurs.
+ */
+xmlChar*
+xmlSecGenerateID(const xmlChar* prefix, xmlSecSize len) {
+ xmlSecBuffer buffer;
+ xmlSecSize i, binLen;
+ xmlChar* res;
+ xmlChar* p;
+ int ret;
+
+ xmlSecAssert2(len > 0, NULL);
+
+ /* we will do base64 decoding later */
+ binLen = (3 * len + 1) / 4;
+
+ ret = xmlSecBufferInitialize(&buffer, binLen + 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+ xmlSecAssert2(xmlSecBufferGetData(&buffer) != NULL, NULL);
+ xmlSecAssert2(xmlSecBufferGetMaxSize(&buffer) >= binLen, NULL);
+
+ ret = xmlSecBufferSetSize(&buffer, binLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buffer);
+ return(NULL);
+ }
+ xmlSecAssert2(xmlSecBufferGetSize(&buffer) == binLen, NULL);
+
+ /* create random bytes */
+ for(i = 0; i < binLen; i++) {
+ (xmlSecBufferGetData(&buffer)) [i] = (xmlSecByte) (256.0 * rand() / (RAND_MAX + 1.0));
+ }
+
+ /* base64 encode random bytes */
+ res = xmlSecBase64Encode(xmlSecBufferGetData(&buffer), xmlSecBufferGetSize(&buffer), 0);
+ if((res == NULL) || (xmlStrlen(res) == 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBase64Encode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecBufferFinalize(&buffer);
+ return(NULL);
+ }
+ xmlSecBufferFinalize(&buffer);
+
+ /* truncate the generated id attribute if needed */
+ if(xmlStrlen(res) > (int)len) {
+ res[len] = '\0';
+ }
+
+ /* we need to cleanup base64 encoded id because ID attr can't have '+' or '/' characters */
+ for(p = res; (*p) != '\0'; p++) {
+ if(((*p) == '+') || ((*p) == '/')) {
+ (*p) = '_';
+ }
+ }
+
+ /* add prefix if exist */
+ if(prefix) {
+ xmlChar* tmp;
+ xmlSecSize tmpLen;
+
+ tmpLen = xmlStrlen(prefix) + xmlStrlen(res) + 1;
+ tmp = xmlMalloc(tmpLen + 1);
+ if(tmp == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFree(res);
+ return(NULL);
+ }
+
+ xmlSecStrPrintf(tmp, tmpLen, BAD_CAST "%s%s", prefix, res);
+ xmlFree(res);
+ res = tmp;
+ } else {
+ /* no prefix: check that ID attribute starts from a letter */
+ if(!(((res[0] >= 'A') && (res[0] <= 'Z')) ||
+ ((res[0] >= 'a') && (res[0] <= 'z')))) {
+ res[0] = 'A';
+ }
+ }
+
+ return(res);
+}
+
+
+/**
+ * xmlSecCreateTree:
+ * @rootNodeName: the root node name.
+ * @rootNodeNs: the root node namespace (otpional).
+ *
+ * Creates a new XML tree with one root node @rootNodeName.
+ *
+ * Returns: pointer to the newly created tree or NULL if an error occurs.
+ */
+xmlDocPtr
+xmlSecCreateTree(const xmlChar* rootNodeName, const xmlChar* rootNodeNs) {
+ xmlDocPtr doc;
+ xmlNodePtr root;
+ xmlNsPtr ns;
+
+ xmlSecAssert2(rootNodeName != NULL, NULL);
+
+ /* create doc */
+ doc = xmlNewDoc(BAD_CAST "1.0");
+ if(doc == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewDoc",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
+ }
+
+ /* create root node */
+ root = xmlNewDocNode(doc, NULL, rootNodeName, NULL);
+ if(root == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewDocNode",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=Keys");
+ xmlFreeDoc(doc);
+ return(NULL);
+ }
+ xmlDocSetRootElement(doc, root);
+
+ /* and set root node namespace */
+ ns = xmlNewNs(root, rootNodeNs, NULL);
+ if(ns == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNewNs",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "ns=%s",
+ xmlSecErrorsSafeString(rootNodeNs));
+ xmlFreeDoc(doc);
+ return(NULL);
+ }
+ xmlSetNs(root, ns);
+
+ return(doc);
+}
+
+/**
+ * xmlSecIsEmptyNode:
+ * @node: the node to check
+ *
+ * Checks whethere the @node is empty (i.e. has only whitespaces children).
+ *
+ * Returns: 1 if @node is empty, 0 otherwise or a negative value if an error occurs.
+ */
+int
+xmlSecIsEmptyNode(xmlNodePtr node) {
+ xmlChar* content;
+ int res;
+
+ xmlSecAssert2(node != NULL, -1);
+
+ if(xmlSecGetNextElementNode(node->children) != NULL) {
+ return(0);
+ }
+
+ content = xmlNodeGetContent(node);
+ if(content == NULL) {
+ return(1);
+ }
+
+ res = xmlSecIsEmptyString(content);
+ xmlFree(content);
+ return(res);
+}
+
+/**
+ * xmlSecIsEmptyString:
+ * @str: the string to check
+ *
+ * Checks whethere the @str is empty (i.e. has only whitespaces children).
+ *
+ * Returns: 1 if @str is empty, 0 otherwise or a negative value if an error occurs.
+ */
+int
+xmlSecIsEmptyString(const xmlChar* str) {
+ xmlSecAssert2(str != NULL, -1);
+
+ for( ;*str != '\0'; ++str) {
+ if(!isspace((int)(*str))) {
+ return(0);
+ }
+ }
+ return(1);
+}
+
+/**
+ * xmlSecPrintXmlString:
+ * @fd: the file descriptor to write the XML string to
+ * @str: the string
+ *
+ * Encodes the @str (e.g. replaces '&' with '&amp;') and writes it to @fd.
+ *
+ * Returns: he number of bytes transmitted or a negative value if an error occurs.
+ */
+int
+xmlSecPrintXmlString(FILE * fd, const xmlChar * str) {
+ int res;
+
+ if(str != NULL) {
+ xmlChar * encoded_str = NULL;
+ encoded_str = xmlEncodeSpecialChars(NULL, str);
+ if(encoded_str == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlEncodeSpecialChars",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "string=%s",
+ xmlSecErrorsSafeString(str));
+ return(-1);
+ }
+
+ res = fprintf(fd, "%s", (const char*)encoded_str);
+ xmlFree(encoded_str);
+ } else {
+ res = fprintf(fd, "NULL");
+ }
+
+ if(res < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "fprintf",
+ XMLSEC_ERRORS_R_IO_FAILED,
+ "res=%d,errno=%d",
+ res, errno);
+ return(-1);
+ }
+ return(res);
+}
+
+
+/**
+ * xmlSecGetQName:
+ * @node: the context node.
+ * @href: the QName href (can be NULL).
+ * @local: the QName local part.
+ *
+ * Creates QName (prefix:local) from @href and @local in the context of the @node.
+ * Caller is responsible for freeing returned string with xmlFree.
+ *
+ * Returns: qname or NULL if an error occurs.
+ */
+xmlChar*
+xmlSecGetQName(xmlNodePtr node, const xmlChar* href, const xmlChar* local) {
+ xmlChar* qname;
+ xmlNsPtr ns;
+
+ xmlSecAssert2(node != NULL, NULL);
+ xmlSecAssert2(local != NULL, NULL);
+
+ /* we don't want to create namespace node ourselves because
+ * it might cause collisions */
+ ns = xmlSearchNsByHref(node->doc, node, href);
+ if((ns == NULL) && (href != NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSearchNsByHref",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=%s,href=%s",
+ xmlSecErrorsSafeString(node->name),
+ xmlSecErrorsSafeString(href));
+ return(NULL);
+ }
+
+ if((ns != NULL) && (ns->prefix != NULL)) {
+ xmlSecSize len;
+
+ len = xmlStrlen(local) + xmlStrlen(ns->prefix) + 4;
+ qname = xmlMalloc(len);
+ if(qname == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlMalloc",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(node->name));
+ return(NULL);
+ }
+ xmlSecStrPrintf(qname, len, BAD_CAST "%s:%s", ns->prefix, local);
+ } else {
+ qname = xmlStrdup(local);
+ if(qname == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlStrdup",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(node->name));
+ return(NULL);
+ }
+ }
+
+
+ return(qname);
+}
+
+
+/*************************************************************************
+ *
+ * QName <-> Integer mapping
+ *
+ ************************************************************************/
+/**
+ * xmlSecQName2IntegerGetInfo:
+ * @info: the qname<->integer mapping information.
+ * @intValue: the integer value.
+ *
+ * Maps integer @intValue to a QName prefix.
+ *
+ * Returns: the QName info that is mapped to @intValue or NULL if such value
+ * is not found.
+ */
+xmlSecQName2IntegerInfoConstPtr
+xmlSecQName2IntegerGetInfo(xmlSecQName2IntegerInfoConstPtr info, int intValue) {
+ unsigned int ii;
+
+ xmlSecAssert2(info != NULL, NULL);
+
+ for(ii = 0; info[ii].qnameLocalPart != NULL; ii++) {
+ if(info[ii].intValue == intValue) {
+ return(&info[ii]);
+ }
+ }
+
+ return(NULL);
+}
+
+/**
+ * xmlSecQName2IntegerGetInteger:
+ * @info: the qname<->integer mapping information.
+ * @qnameHref: the qname href value.
+ * @qnameLocalPart: the qname local part value.
+ * @intValue: the pointer to result integer value.
+ *
+ * Maps qname qname to an integer and returns it in @intValue.
+ *
+ * Returns: 0 on success or a negative value if an error occurs,
+ */
+int
+xmlSecQName2IntegerGetInteger(xmlSecQName2IntegerInfoConstPtr info,
+ const xmlChar* qnameHref, const xmlChar* qnameLocalPart,
+ int* intValue) {
+ unsigned int ii;
+
+ xmlSecAssert2(info != NULL, -1);
+ xmlSecAssert2(qnameLocalPart != NULL, -1);
+ xmlSecAssert2(intValue != NULL, -1);
+
+ for(ii = 0; info[ii].qnameLocalPart != NULL; ii++) {
+ if(xmlStrEqual(info[ii].qnameLocalPart, qnameLocalPart) &&
+ xmlStrEqual(info[ii].qnameHref, qnameHref)) {
+ (*intValue) = info[ii].intValue;
+ return(0);
+ }
+ }
+
+ return(-1);
+}
+
+/**
+ * xmlSecQName2IntegerGetIntegerFromString:
+ * @info: the qname<->integer mapping information.
+ * @node: the pointer to node.
+ * @qname: the qname string.
+ * @intValue: the pointer to result integer value.
+ *
+ * Converts @qname into integer in context of @node.
+ *
+ * Returns: 0 on success or a negative value if an error occurs,
+ */
+int
+xmlSecQName2IntegerGetIntegerFromString(xmlSecQName2IntegerInfoConstPtr info,
+ xmlNodePtr node, const xmlChar* qname,
+ int* intValue) {
+ const xmlChar* qnameLocalPart = NULL;
+ xmlChar* qnamePrefix = NULL;
+ const xmlChar* qnameHref;
+ xmlNsPtr ns;
+ int ret;
+
+ xmlSecAssert2(info != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(qname != NULL, -1);
+ xmlSecAssert2(intValue != NULL, -1);
+
+ qnameLocalPart = xmlStrchr(qname, ':');
+ if(qnameLocalPart != NULL) {
+ qnamePrefix = xmlStrndup(qname, qnameLocalPart - qname);
+ if(qnamePrefix == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlStrndup",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "node=%s,value=%s",
+ xmlSecErrorsSafeString(node->name),
+ xmlSecErrorsSafeString(qname));
+ return(-1);
+ }
+ qnameLocalPart++;
+ } else {
+ qnamePrefix = NULL;
+ qnameLocalPart = qname;
+ }
+
+ /* search namespace href */
+ ns = xmlSearchNs(node->doc, node, qnamePrefix);
+ if((ns == NULL) && (qnamePrefix != NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSearchNs",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=%s,qnamePrefix=%s",
+ xmlSecErrorsSafeString(node->name),
+ xmlSecErrorsSafeString(qnamePrefix));
+ if(qnamePrefix != NULL) {
+ xmlFree(qnamePrefix);
+ }
+ return(-1);
+ }
+ qnameHref = (ns != NULL) ? ns->href : BAD_CAST NULL;
+
+ /* and finally search for integer */
+ ret = xmlSecQName2IntegerGetInteger(info, qnameHref, qnameLocalPart, intValue);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2IntegerGetInteger",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s,qnameLocalPart=%s,qnameHref=%s",
+ xmlSecErrorsSafeString(node->name),
+ xmlSecErrorsSafeString(qnameLocalPart),
+ xmlSecErrorsSafeString(qnameHref));
+ if(qnamePrefix != NULL) {
+ xmlFree(qnamePrefix);
+ }
+ return(-1);
+ }
+
+ if(qnamePrefix != NULL) {
+ xmlFree(qnamePrefix);
+ }
+ return(0);
+}
+
+
+/**
+ * xmlSecQName2IntegerGetStringFromInteger:
+ * @info: the qname<->integer mapping information.
+ * @node: the pointer to node.
+ * @intValue: the integer value.
+ *
+ * Creates qname string for @intValue in context of given @node. Caller
+ * is responsible for freeing returned string with @xmlFree.
+ *
+ * Returns: pointer to newly allocated string on success or NULL if an error occurs,
+ */
+xmlChar*
+xmlSecQName2IntegerGetStringFromInteger(xmlSecQName2IntegerInfoConstPtr info,
+ xmlNodePtr node, int intValue) {
+ xmlSecQName2IntegerInfoConstPtr qnameInfo;
+
+ xmlSecAssert2(info != NULL, NULL);
+ xmlSecAssert2(node != NULL, NULL);
+
+ qnameInfo = xmlSecQName2IntegerGetInfo(info, intValue);
+ if(qnameInfo == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2IntegerGetInfo",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s,intValue=%d",
+ xmlSecErrorsSafeString(node->name),
+ intValue);
+ return(NULL);
+ }
+
+ return (xmlSecGetQName(node, qnameInfo->qnameHref, qnameInfo->qnameLocalPart));
+}
+
+/**
+ * xmlSecQName2IntegerNodeRead:
+ * @info: the qname<->integer mapping information.
+ * @node: the pointer to node.
+ * @intValue: the pointer to result integer value.
+ *
+ * Reads the content of @node and converts it to an integer using mapping
+ * from @info.
+ *
+ * Returns: 0 on success or a negative value if an error occurs,
+ */
+int
+xmlSecQName2IntegerNodeRead(xmlSecQName2IntegerInfoConstPtr info, xmlNodePtr node, int* intValue) {
+ xmlChar* content = NULL;
+ int ret;
+
+ xmlSecAssert2(info != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(intValue != NULL, -1);
+
+ content = xmlNodeGetContent(node);
+ if(content == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNodeGetContent",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(node->name));
+ return(-1);
+ }
+ /* todo: trim content? */
+
+ ret = xmlSecQName2IntegerGetIntegerFromString(info, node, content, intValue);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2IntegerGetIntegerFromString",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s,value=%s",
+ xmlSecErrorsSafeString(node->name),
+ xmlSecErrorsSafeString(content));
+ xmlFree(content);
+ return(-1);
+ }
+
+ xmlFree(content);
+ return(0);
+}
+
+/**
+ * xmlSecQName2IntegerNodeWrite:
+ * @info: the qname<->integer mapping information.
+ * @node: the parent node.
+ * @nodeName: the child node name.
+ * @nodeNs: the child node namespace.
+ * @intValue: the integer value.
+ *
+ * Creates new child node in @node and sets its value to @intValue.
+ *
+ * Returns: 0 on success or a negative value if an error occurs,
+ */
+int
+xmlSecQName2IntegerNodeWrite(xmlSecQName2IntegerInfoConstPtr info, xmlNodePtr node,
+ const xmlChar* nodeName, const xmlChar* nodeNs, int intValue) {
+ xmlNodePtr cur;
+ xmlChar* qname = NULL;
+
+ xmlSecAssert2(info != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(nodeName != NULL, -1);
+
+ /* find and build qname */
+ qname = xmlSecQName2IntegerGetStringFromInteger(info, node, intValue);
+ if(qname == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2IntegerGetStringFromInteger",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s,intValue=%d",
+ xmlSecErrorsSafeString(node->name),
+ intValue);
+ return(-1);
+ }
+
+ cur = xmlSecAddChild(node, nodeName, nodeNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s,intValue=%d",
+ xmlSecErrorsSafeString(nodeName),
+ intValue);
+ xmlFree(qname);
+ return(-1);
+ }
+
+ xmlNodeSetContent(cur, qname);
+ xmlFree(qname);
+ return(0);
+}
+
+/**
+ * xmlSecQName2IntegerAttributeRead:
+ * @info: the qname<->integer mapping information.
+ * @node: the element node.
+ * @attrName: the attribute name.
+ * @intValue: the pointer to result integer value.
+ *
+ * Gets the value of @attrName atrtibute from @node and converts it to integer
+ * according to @info.
+ *
+ * Returns: 0 on success or a negative value if an error occurs,
+ */
+int
+xmlSecQName2IntegerAttributeRead(xmlSecQName2IntegerInfoConstPtr info, xmlNodePtr node,
+ const xmlChar* attrName, int* intValue) {
+ xmlChar* attrValue;
+ int ret;
+
+ xmlSecAssert2(info != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(attrName != NULL, -1);
+ xmlSecAssert2(intValue != NULL, -1);
+
+ attrValue = xmlGetProp(node, attrName);
+ if(attrValue == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlGetProp",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=%s,attrValue=%s",
+ xmlSecErrorsSafeString(node->name),
+ xmlSecErrorsSafeString(attrName));
+ return(-1);
+ }
+ /* todo: trim value? */
+
+ ret = xmlSecQName2IntegerGetIntegerFromString(info, node, attrValue, intValue);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2IntegerGetIntegerFromString",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s,attrName=%s,attrValue=%s",
+ xmlSecErrorsSafeString(node->name),
+ xmlSecErrorsSafeString(attrName),
+ xmlSecErrorsSafeString(attrValue));
+ xmlFree(attrValue);
+ return(-1);
+ }
+
+ xmlFree(attrValue);
+ return(0);
+}
+
+/**
+ * xmlSecQName2IntegerAttributeWrite:
+ * @info: the qname<->integer mapping information.
+ * @node: the parent node.
+ * @attrName: the name of attribute.
+ * @intValue: the integer value.
+ *
+ * Converts @intValue to a qname and sets it to the value of
+ * attribute @attrName in @node.
+ *
+ * Returns: 0 on success or a negative value if an error occurs,
+ */
+int
+xmlSecQName2IntegerAttributeWrite(xmlSecQName2IntegerInfoConstPtr info, xmlNodePtr node,
+ const xmlChar* attrName, int intValue) {
+ xmlChar* qname;
+ xmlAttrPtr attr;
+
+ xmlSecAssert2(info != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(attrName != NULL, -1);
+
+ /* find and build qname */
+ qname = xmlSecQName2IntegerGetStringFromInteger(info, node, intValue);
+ if(qname == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2IntegerGetStringFromInteger",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s,attrName=%s,intValue=%d",
+ xmlSecErrorsSafeString(node->name),
+ xmlSecErrorsSafeString(attrName),
+ intValue);
+ return(-1);
+ }
+
+ attr = xmlSetProp(node, attrName, qname);
+ if(attr == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChildNode",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s,attrName=%s,intValue=%d",
+ xmlSecErrorsSafeString(node->name),
+ xmlSecErrorsSafeString(attrName),
+ intValue);
+ xmlFree(qname);
+ return(-1);
+ }
+
+ xmlFree(qname);
+ return(0);
+}
+
+/**
+ * xmlSecQName2IntegerDebugDump:
+ * @info: the qname<->integer mapping information.
+ * @intValue: the integer value.
+ * @name: the value name to print.
+ * @output: the pointer to output FILE.
+ *
+ * Prints @intValue into @output.
+ */
+void
+xmlSecQName2IntegerDebugDump(xmlSecQName2IntegerInfoConstPtr info, int intValue,
+ const xmlChar* name, FILE* output) {
+ xmlSecQName2IntegerInfoConstPtr qnameInfo;
+
+ xmlSecAssert(info != NULL);
+ xmlSecAssert(name != NULL);
+ xmlSecAssert(output != NULL);
+
+ qnameInfo = xmlSecQName2IntegerGetInfo(info, intValue);
+ if(qnameInfo != NULL) {
+ fprintf(output, "== %s: %d (name=\"%s\", href=\"%s\")\n", name, intValue,
+ (qnameInfo->qnameLocalPart) ? qnameInfo->qnameLocalPart : BAD_CAST NULL,
+ (qnameInfo->qnameHref) ? qnameInfo->qnameHref : BAD_CAST NULL);
+ }
+}
+
+/**
+ * xmlSecQName2IntegerDebugXmlDump:
+ * @info: the qname<->integer mapping information.
+ * @intValue: the integer value.
+ * @name: the value name to print.
+ * @output: the pointer to output FILE.
+ *
+ * Prints @intValue into @output in XML format.
+ */
+void
+xmlSecQName2IntegerDebugXmlDump(xmlSecQName2IntegerInfoConstPtr info, int intValue,
+ const xmlChar* name, FILE* output) {
+ xmlSecQName2IntegerInfoConstPtr qnameInfo;
+
+ xmlSecAssert(info != NULL);
+ xmlSecAssert(name != NULL);
+ xmlSecAssert(output != NULL);
+
+ qnameInfo = xmlSecQName2IntegerGetInfo(info, intValue);
+ if(qnameInfo != NULL) {
+ fprintf(output, "<%s value=\"%d\" href=\"%s\">%s<%s>\n", name, intValue,
+ (qnameInfo->qnameHref) ? qnameInfo->qnameHref : BAD_CAST NULL,
+ (qnameInfo->qnameLocalPart) ? qnameInfo->qnameLocalPart : BAD_CAST NULL,
+ name);
+ }
+}
+
+
+/*************************************************************************
+ *
+ * QName <-> Bits mask mapping
+ *
+ ************************************************************************/
+/**
+ * xmlSecQName2BitMaskGetInfo:
+ * @info: the qname<->bit mask mapping information.
+ * @mask: the bit mask.
+ *
+ * Converts @mask to qname.
+ *
+ * Returns: pointer to the qname info for @mask or NULL if mask is unknown.
+ */
+xmlSecQName2BitMaskInfoConstPtr
+xmlSecQName2BitMaskGetInfo(xmlSecQName2BitMaskInfoConstPtr info, xmlSecBitMask mask) {
+ unsigned int ii;
+
+ xmlSecAssert2(info != NULL, NULL);
+
+ for(ii = 0; info[ii].qnameLocalPart != NULL; ii++) {
+ xmlSecAssert2(info[ii].mask != 0, NULL);
+ if(info[ii].mask == mask) {
+ return(&info[ii]);
+ }
+ }
+
+ return(NULL);
+}
+
+/**
+ * xmlSecQName2BitMaskGetBitMask:
+ * @info: the qname<->bit mask mapping information.
+ * @qnameHref: the qname Href value.
+ * @qnameLocalPart: the qname LocalPart value.
+ * @mask: the pointer to result mask.
+ *
+ * Converts @qnameLocalPart to @mask.
+ *
+ * Returns: 0 on success or a negative value if an error occurs,
+ */
+int
+xmlSecQName2BitMaskGetBitMask(xmlSecQName2BitMaskInfoConstPtr info,
+ const xmlChar* qnameHref, const xmlChar* qnameLocalPart,
+ xmlSecBitMask* mask) {
+ unsigned int ii;
+
+ xmlSecAssert2(info != NULL, -1);
+ xmlSecAssert2(qnameLocalPart != NULL, -1);
+ xmlSecAssert2(mask != NULL, -1);
+
+ for(ii = 0; info[ii].qnameLocalPart != NULL; ii++) {
+ xmlSecAssert2(info[ii].mask != 0, -1);
+ if(xmlStrEqual(info[ii].qnameLocalPart, qnameLocalPart) &&
+ xmlStrEqual(info[ii].qnameHref, qnameHref)) {
+
+ (*mask) = info[ii].mask;
+ return(0);
+ }
+ }
+
+ return(-1);
+}
+
+/**
+ * xmlSecQName2BitMaskGetBitMaskFromString:
+ * @info: the qname<->integer mapping information.
+ * @node: the pointer to node.
+ * @qname: the qname string.
+ * @mask: the pointer to result msk value.
+ *
+ * Converts @qname into integer in context of @node.
+ *
+ * Returns: 0 on success or a negative value if an error occurs,
+ */
+int
+xmlSecQName2BitMaskGetBitMaskFromString(xmlSecQName2BitMaskInfoConstPtr info,
+ xmlNodePtr node, const xmlChar* qname,
+ xmlSecBitMask* mask) {
+ const xmlChar* qnameLocalPart = NULL;
+ xmlChar* qnamePrefix = NULL;
+ const xmlChar* qnameHref;
+ xmlNsPtr ns;
+ int ret;
+
+ xmlSecAssert2(info != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(qname != NULL, -1);
+ xmlSecAssert2(mask != NULL, -1);
+
+ qnameLocalPart = xmlStrchr(qname, ':');
+ if(qnameLocalPart != NULL) {
+ qnamePrefix = xmlStrndup(qname, qnameLocalPart - qname);
+ if(qnamePrefix == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlStrndup",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "node=%s,value=%s",
+ xmlSecErrorsSafeString(node->name),
+ xmlSecErrorsSafeString(qname));
+ return(-1);
+ }
+ qnameLocalPart++;
+ } else {
+ qnamePrefix = NULL;
+ qnameLocalPart = qname;
+ }
+
+ /* search namespace href */
+ ns = xmlSearchNs(node->doc, node, qnamePrefix);
+ if((ns == NULL) && (qnamePrefix != NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSearchNs",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=%s,qnamePrefix=%s",
+ xmlSecErrorsSafeString(node->name),
+ xmlSecErrorsSafeString(qnamePrefix));
+ if(qnamePrefix != NULL) {
+ xmlFree(qnamePrefix);
+ }
+ return(-1);
+ }
+ qnameHref = (ns != NULL) ? ns->href : BAD_CAST NULL;
+
+ /* and finally search for integer */
+ ret = xmlSecQName2BitMaskGetBitMask(info, qnameHref, qnameLocalPart, mask);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2BitMaskGetBitMask",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s,qnameLocalPart=%s,qnameHref=%s",
+ xmlSecErrorsSafeString(node->name),
+ xmlSecErrorsSafeString(qnameLocalPart),
+ xmlSecErrorsSafeString(qnameHref));
+ if(qnamePrefix != NULL) {
+ xmlFree(qnamePrefix);
+ }
+ return(-1);
+ }
+
+ if(qnamePrefix != NULL) {
+ xmlFree(qnamePrefix);
+ }
+ return(0);
+}
+
+
+/**
+ * xmlSecQName2BitMaskGetStringFromBitMask:
+ * @info: the qname<->integer mapping information.
+ * @node: the pointer to node.
+ * @mask: the mask.
+ *
+ * Creates qname string for @mask in context of given @node. Caller
+ * is responsible for freeing returned string with @xmlFree.
+ *
+ * Returns: pointer to newly allocated string on success or NULL if an error occurs,
+ */
+xmlChar*
+xmlSecQName2BitMaskGetStringFromBitMask(xmlSecQName2BitMaskInfoConstPtr info,
+ xmlNodePtr node, xmlSecBitMask mask) {
+ xmlSecQName2BitMaskInfoConstPtr qnameInfo;
+
+ xmlSecAssert2(info != NULL, NULL);
+ xmlSecAssert2(node != NULL, NULL);
+
+ qnameInfo = xmlSecQName2BitMaskGetInfo(info, mask);
+ if(qnameInfo == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2BitMaskGetInfo",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "node=%s,mask=%d",
+ xmlSecErrorsSafeString(node->name),
+ mask);
+ return(NULL);
+ }
+
+ return(xmlSecGetQName(node, qnameInfo->qnameHref, qnameInfo->qnameLocalPart));
+}
+
+/**
+ * xmlSecQName2BitMaskNodesRead:
+ * @info: the qname<->bit mask mapping information.
+ * @node: the start.
+ * @nodeName: the mask nodes name.
+ * @nodeNs: the mask nodes namespace.
+ * @stopOnUnknown: if this flag is set then function exits if unknown
+ * value was found.
+ * @mask: the pointer to result mask.
+ *
+ * Reads <@nodeNs:@nodeName> elements and puts the result bit mask
+ * into @mask. When function exits, @node points to the first element node
+ * after all the <@nodeNs:@nodeName> elements.
+ *
+ * Returns: 0 on success or a negative value if an error occurs,
+ */
+int
+xmlSecQName2BitMaskNodesRead(xmlSecQName2BitMaskInfoConstPtr info, xmlNodePtr* node,
+ const xmlChar* nodeName, const xmlChar* nodeNs,
+ int stopOnUnknown, xmlSecBitMask* mask) {
+ xmlNodePtr cur;
+ xmlChar* content;
+ xmlSecBitMask tmp;
+ int ret;
+
+ xmlSecAssert2(info != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(mask != NULL, -1);
+
+ (*mask) = 0;
+ cur = (*node);
+ while((cur != NULL) && (xmlSecCheckNodeName(cur, nodeName, nodeNs))) {
+ content = xmlNodeGetContent(cur);
+ if(content == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlNodeGetContent",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(cur->name));
+ return(-1);
+ }
+
+ ret = xmlSecQName2BitMaskGetBitMaskFromString(info, cur, content, &tmp);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2BitMaskGetBitMaskFromString",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "value=%s",
+ xmlSecErrorsSafeString(content));
+ xmlFree(content);
+ return(-1);
+ }
+ xmlFree(content);
+
+ if((stopOnUnknown != 0) && (tmp == 0)) {
+ /* todo: better error */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecQName2BitMaskGetBitMaskFromString",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "value=%s",
+ xmlSecErrorsSafeString(content));
+ return(-1);
+ }
+
+ (*mask) |= tmp;
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ (*node) = cur;
+ return(0);
+}
+
+/**
+ * xmlSecQName2BitMaskNodesWrite:
+ * @info: the qname<->bit mask mapping information.
+ * @node: the parent element for mask nodes.
+ * @nodeName: the mask nodes name.
+ * @nodeNs: the mask nodes namespace.
+ * @mask: the bit mask.
+ *
+ * Writes <@nodeNs:@nodeName> elemnts with values from @mask to @node.
+ *
+ * Returns: 0 on success or a negative value if an error occurs,
+ */
+int
+xmlSecQName2BitMaskNodesWrite(xmlSecQName2BitMaskInfoConstPtr info, xmlNodePtr node,
+ const xmlChar* nodeName, const xmlChar* nodeNs,
+ xmlSecBitMask mask) {
+ unsigned int ii;
+
+ xmlSecAssert2(info != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(nodeName != NULL, -1);
+
+ for(ii = 0; (mask != 0) && (info[ii].qnameLocalPart != NULL); ii++) {
+ xmlSecAssert2(info[ii].mask != 0, -1);
+
+ if((mask & info[ii].mask) != 0) {
+ xmlNodePtr cur;
+ xmlChar* qname;
+
+ qname = xmlSecGetQName(node, info[ii].qnameHref, info[ii].qnameLocalPart);
+ if(qname == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGetQName",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(nodeName));
+ return(-1);
+ }
+
+ cur = xmlSecAddChild(node, nodeName, nodeNs);
+ if(cur == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecAddChild",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "node=%s",
+ xmlSecErrorsSafeString(nodeName));
+ xmlFree(qname);
+ return(-1);
+ }
+
+ xmlNodeSetContent(cur, qname);
+ xmlFree(qname);
+ }
+ }
+ return(0);
+}
+
+/**
+ * xmlSecQName2BitMaskDebugDump:
+ * @info: the qname<->bit mask mapping information.
+ * @mask: the bit mask.
+ * @name: the value name to print.
+ * @output: the pointer to output FILE.
+ *
+ * Prints debug information about @mask to @output.
+ */
+void
+xmlSecQName2BitMaskDebugDump(xmlSecQName2BitMaskInfoConstPtr info, xmlSecBitMask mask,
+ const xmlChar* name, FILE* output) {
+ unsigned int ii;
+
+ xmlSecAssert(info != NULL);
+ xmlSecAssert(name != NULL);
+ xmlSecAssert(output != NULL);
+
+ if(mask == 0) {
+ return;
+ }
+
+ fprintf(output, "== %s (0x%08x): ", name, mask);
+ for(ii = 0; (mask != 0) && (info[ii].qnameLocalPart != NULL); ii++) {
+ xmlSecAssert(info[ii].mask != 0);
+
+ if((mask & info[ii].mask) != 0) {
+ fprintf(output, "name=\"%s\" (href=\"%s\"),", info[ii].qnameLocalPart, info[ii].qnameHref);
+ }
+ }
+ fprintf(output, "\n");
+}
+
+/**
+ * xmlSecQName2BitMaskDebugXmlDump:
+ * @info: the qname<->bit mask mapping information.
+ * @mask: the bit mask.
+ * @name: the value name to print.
+ * @output: the pointer to output FILE.
+ *
+ * Prints debug information about @mask to @output in XML format.
+ */
+void
+xmlSecQName2BitMaskDebugXmlDump(xmlSecQName2BitMaskInfoConstPtr info, xmlSecBitMask mask,
+ const xmlChar* name, FILE* output) {
+ unsigned int ii;
+
+ xmlSecAssert(info != NULL);
+ xmlSecAssert(name != NULL);
+ xmlSecAssert(output != NULL);
+
+ if(mask == 0) {
+ return;
+ }
+
+ fprintf(output, "<%sList>\n", name);
+ for(ii = 0; (mask != 0) && (info[ii].qnameLocalPart != NULL); ii++) {
+ xmlSecAssert(info[ii].mask != 0);
+
+ if((mask & info[ii].mask) != 0) {
+ fprintf(output, "<%s href=\"%s\">%s</%s>\n", name,
+ info[ii].qnameHref, info[ii].qnameLocalPart, name);
+ }
+ }
+ fprintf(output, "</%sList>\n", name);
+}
+
+
+
+
diff --git a/src/xpath.c b/src/xpath.c
new file mode 100644
index 00000000..afa7c52c
--- /dev/null
+++ b/src/xpath.c
@@ -0,0 +1,1148 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * XPath transform
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <libxml/tree.h>
+#include <libxml/xpath.h>
+#include <libxml/xpathInternals.h>
+#include <libxml/xpointer.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/list.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+
+/**************************************************************************
+ *
+ * xmlSecXPathHereFunction:
+ * @ctxt: the ponter to XPath context.
+ * @nargs: the arguments nubmer.
+ *
+ * The implementation of XPath "here()" function.
+ * See xmlXPtrHereFunction() in xpointer.c. the only change is that
+ * we return NodeSet instead of NodeInterval.
+ *
+ *****************************************************************************/
+static void
+xmlSecXPathHereFunction(xmlXPathParserContextPtr ctxt, int nargs) {
+ CHECK_ARITY(0);
+
+ if((ctxt == NULL) || (ctxt->context == NULL) || (ctxt->context->here == NULL)) {
+ XP_ERROR(XPTR_SYNTAX_ERROR);
+ }
+ valuePush(ctxt, xmlXPathNewNodeSet(ctxt->context->here));
+}
+
+/**************************************************************************
+ *
+ * XPath/XPointer data
+ *
+ *****************************************************************************/
+typedef struct _xmlSecXPathData xmlSecXPathData,
+ *xmlSecXPathDataPtr;
+typedef enum {
+ xmlSecXPathDataTypeXPath,
+ xmlSecXPathDataTypeXPath2,
+ xmlSecXPathDataTypeXPointer
+} xmlSecXPathDataType;
+
+struct _xmlSecXPathData {
+ xmlSecXPathDataType type;
+ xmlXPathContextPtr ctx;
+ xmlChar* expr;
+ xmlSecNodeSetOp nodeSetOp;
+ xmlSecNodeSetType nodeSetType;
+};
+
+static xmlSecXPathDataPtr xmlSecXPathDataCreate (xmlSecXPathDataType type);
+static void xmlSecXPathDataDestroy (xmlSecXPathDataPtr data);
+static int xmlSecXPathDataSetExpr (xmlSecXPathDataPtr data,
+ const xmlChar* expr);
+static int xmlSecXPathDataRegisterNamespaces(xmlSecXPathDataPtr data,
+ xmlNodePtr node);
+static int xmlSecXPathDataNodeRead (xmlSecXPathDataPtr data,
+ xmlNodePtr node);
+static xmlSecNodeSetPtr xmlSecXPathDataExecute (xmlSecXPathDataPtr data,
+ xmlDocPtr doc,
+ xmlNodePtr hereNode);
+
+static xmlSecXPathDataPtr
+xmlSecXPathDataCreate(xmlSecXPathDataType type) {
+ xmlSecXPathDataPtr data;
+
+ data = (xmlSecXPathDataPtr) xmlMalloc(sizeof(xmlSecXPathData));
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "sizeof(xmlSecXPathData)=%d",
+ sizeof(xmlSecXPathData));
+ return(NULL);
+ }
+ memset(data, 0, sizeof(xmlSecXPathData));
+
+ data->type = type;
+ data->nodeSetType = xmlSecNodeSetTree;
+
+ /* create xpath or xpointer context */
+ switch(data->type) {
+ case xmlSecXPathDataTypeXPath:
+ case xmlSecXPathDataTypeXPath2:
+ data->ctx = xmlXPathNewContext(NULL); /* we'll set doc in the context later */
+ if(data->ctx == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlXPathNewContext",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXPathDataDestroy(data);
+ return(NULL);
+ }
+ break;
+ case xmlSecXPathDataTypeXPointer:
+ data->ctx = xmlXPtrNewContext(NULL, NULL, NULL); /* we'll set doc in the context later */
+ if(data->ctx == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlXPtrNewContext",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXPathDataDestroy(data);
+ return(NULL);
+ }
+ break;
+ }
+
+ return(data);
+}
+
+static void
+xmlSecXPathDataDestroy(xmlSecXPathDataPtr data) {
+ xmlSecAssert(data != NULL);
+
+ if(data->expr != NULL) {
+ xmlFree(data->expr);
+ }
+ if(data->ctx != NULL) {
+ xmlXPathFreeContext(data->ctx);
+ }
+ memset(data, 0, sizeof(xmlSecXPathData));
+ xmlFree(data);
+}
+
+static int
+xmlSecXPathDataSetExpr(xmlSecXPathDataPtr data, const xmlChar* expr) {
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(data->expr == NULL, -1);
+ xmlSecAssert2(data->ctx != NULL, -1);
+ xmlSecAssert2(expr != NULL, -1);
+
+ data->expr = xmlStrdup(expr);
+ if(data->expr == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_STRDUP_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+
+static int
+xmlSecXPathDataRegisterNamespaces(xmlSecXPathDataPtr data, xmlNodePtr node) {
+ xmlNodePtr cur;
+ xmlNsPtr ns;
+ int ret;
+
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(data->ctx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ /* register namespaces */
+ for(cur = node; cur != NULL; cur = cur->parent) {
+ for(ns = cur->nsDef; ns != NULL; ns = ns->next) {
+ /* check that we have no other namespace with same prefix already */
+ if((ns->prefix != NULL) && (xmlXPathNsLookup(data->ctx, ns->prefix) == NULL)){
+ ret = xmlXPathRegisterNs(data->ctx, ns->prefix, ns->href);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlXPathRegisterNs",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "href=%s;prefix=%s",
+ xmlSecErrorsSafeString(ns->href),
+ xmlSecErrorsSafeString(ns->prefix));
+ return(-1);
+ }
+ }
+ }
+ }
+
+ return(0);
+}
+
+static int
+xmlSecXPathDataNodeRead(xmlSecXPathDataPtr data, xmlNodePtr node) {
+ int ret;
+
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(data->expr == NULL, -1);
+ xmlSecAssert2(data->ctx != NULL, -1);
+ xmlSecAssert2(node != NULL, -1);
+
+ ret = xmlSecXPathDataRegisterNamespaces (data, node);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXPathDataRegisterNamespaces",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* read node content and set expr */
+ data->expr = xmlNodeGetContent(node);
+ if(data->expr == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
+ XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static xmlSecNodeSetPtr
+xmlSecXPathDataExecute(xmlSecXPathDataPtr data, xmlDocPtr doc, xmlNodePtr hereNode) {
+ xmlXPathObjectPtr xpathObj = NULL;
+ xmlSecNodeSetPtr nodes;
+
+ xmlSecAssert2(data != NULL, NULL);
+ xmlSecAssert2(data->expr != NULL, NULL);
+ xmlSecAssert2(data->ctx != NULL, NULL);
+ xmlSecAssert2(doc != NULL, NULL);
+ xmlSecAssert2(hereNode != NULL, NULL);
+
+ /* do not forget to set the doc */
+ data->ctx->doc = doc;
+
+ /* here function works only on the same document */
+ if(hereNode->doc == doc) {
+ xmlXPathRegisterFunc(data->ctx, (xmlChar *)"here", xmlSecXPathHereFunction);
+ data->ctx->here = hereNode;
+ data->ctx->xptr = 1;
+ }
+
+ /* execute xpath or xpointer expression */
+ switch(data->type) {
+ case xmlSecXPathDataTypeXPath:
+ case xmlSecXPathDataTypeXPath2:
+ xpathObj = xmlXPathEvalExpression(data->expr, data->ctx);
+ if(xpathObj == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlXPathEvalExpression",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "expr=%s",
+ xmlSecErrorsSafeString(data->expr));
+ return(NULL);
+ }
+ break;
+ case xmlSecXPathDataTypeXPointer:
+ xpathObj = xmlXPtrEval(data->expr, data->ctx);
+ if(xpathObj == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlXPtrEval",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "expr=%s",
+ xmlSecErrorsSafeString(data->expr));
+ return(NULL);
+ }
+ break;
+ }
+
+ nodes = xmlSecNodeSetCreate(doc, xpathObj->nodesetval, data->nodeSetType);
+ if(nodes == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNodeSetCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "type=%d", data->nodeSetType);
+ xmlXPathFreeObject(xpathObj);
+ return(NULL);
+ }
+ xpathObj->nodesetval = NULL;
+ xmlXPathFreeObject(xpathObj);
+
+ return(nodes);
+}
+
+
+/**************************************************************************
+ *
+ * XPath data list
+ *
+ *****************************************************************************/
+#define xmlSecXPathDataListId \
+ xmlSecXPathDataListGetKlass()
+static xmlSecPtrListId xmlSecXPathDataListGetKlass (void);
+static xmlSecNodeSetPtr xmlSecXPathDataListExecute (xmlSecPtrListPtr dataList,
+ xmlDocPtr doc,
+ xmlNodePtr hereNode,
+ xmlSecNodeSetPtr nodes);
+
+static xmlSecPtrListKlass xmlSecXPathDataListKlass = {
+ BAD_CAST "xpath-data-list",
+ NULL, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
+ (xmlSecPtrDestroyItemMethod)xmlSecXPathDataDestroy, /* xmlSecPtrDestroyItemMethod destroyItem; */
+ NULL, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
+ NULL, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
+};
+
+static xmlSecPtrListId
+xmlSecXPathDataListGetKlass(void) {
+ return(&xmlSecXPathDataListKlass);
+}
+
+static xmlSecNodeSetPtr
+xmlSecXPathDataListExecute(xmlSecPtrListPtr dataList, xmlDocPtr doc,
+ xmlNodePtr hereNode, xmlSecNodeSetPtr nodes) {
+ xmlSecXPathDataPtr data;
+ xmlSecNodeSetPtr res, tmp, tmp2;
+ xmlSecSize pos;
+
+ xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), NULL);
+ xmlSecAssert2(xmlSecPtrListGetSize(dataList) > 0, NULL);
+ xmlSecAssert2(doc != NULL, NULL);
+ xmlSecAssert2(hereNode != NULL, NULL);
+
+ res = nodes;
+ for(pos = 0; pos < xmlSecPtrListGetSize(dataList); ++pos) {
+ data = (xmlSecXPathDataPtr)xmlSecPtrListGetItem(dataList, pos);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListGetItem",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "pos=%d", pos);
+ if((res != NULL) && (res != nodes)) {
+ xmlSecNodeSetDestroy(res);
+ }
+ return(NULL);
+ }
+
+ tmp = xmlSecXPathDataExecute(data, doc, hereNode);
+ if(tmp == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXPathDataExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ if((res != NULL) && (res != nodes)) {
+ xmlSecNodeSetDestroy(res);
+ }
+ return(NULL);
+ }
+
+ tmp2 = xmlSecNodeSetAdd(res, tmp, data->nodeSetOp);
+ if(tmp2 == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNodeSetAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecNodeSetIntersection");
+ if((res != NULL) && (res != nodes)) {
+ xmlSecNodeSetDestroy(res);
+ }
+ xmlSecNodeSetDestroy(tmp);
+ return(NULL);
+ }
+ res = tmp2;
+ }
+
+ return(res);
+}
+
+/******************************************************************************
+ *
+ * XPath/XPointer transforms
+ *
+ * xmlSecXPathDataList is located after xmlSecTransform structure
+ *
+ *****************************************************************************/
+#define xmlSecXPathTransformSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecPtrList))
+#define xmlSecXPathTransformGetDataList(transform) \
+ ((xmlSecTransformCheckSize((transform), xmlSecXPathTransformSize)) ? \
+ (xmlSecPtrListPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)) : \
+ (xmlSecPtrListPtr)NULL)
+#define xmlSecTransformXPathCheckId(transform) \
+ (xmlSecTransformCheckId((transform), xmlSecTransformXPathId) || \
+ xmlSecTransformCheckId((transform), xmlSecTransformXPath2Id) || \
+ xmlSecTransformCheckId((transform), xmlSecTransformXPointerId))
+
+static int xmlSecTransformXPathInitialize (xmlSecTransformPtr transform);
+static void xmlSecTransformXPathFinalize (xmlSecTransformPtr transform);
+static int xmlSecTransformXPathExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+
+static int
+xmlSecTransformXPathInitialize(xmlSecTransformPtr transform) {
+ xmlSecPtrListPtr dataList;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformXPathCheckId(transform), -1);
+
+ dataList = xmlSecXPathTransformGetDataList(transform);
+ xmlSecAssert2(dataList != NULL, -1);
+
+ ret = xmlSecPtrListInitialize(dataList, xmlSecXPathDataListId);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecPtrListInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+static void
+xmlSecTransformXPathFinalize(xmlSecTransformPtr transform) {
+ xmlSecPtrListPtr dataList;
+
+ xmlSecAssert(xmlSecTransformXPathCheckId(transform));
+
+ dataList = xmlSecXPathTransformGetDataList(transform);
+ xmlSecAssert(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId));
+
+ xmlSecPtrListFinalize(dataList);
+}
+
+static int
+xmlSecTransformXPathExecute(xmlSecTransformPtr transform, int last,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecPtrListPtr dataList;
+ xmlDocPtr doc;
+
+ xmlSecAssert2(xmlSecTransformXPathCheckId(transform), -1);
+ xmlSecAssert2(transform->hereNode != NULL, -1);
+ xmlSecAssert2(transform->outNodes == NULL, -1);
+ xmlSecAssert2(last != 0, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ dataList = xmlSecXPathTransformGetDataList(transform);
+ xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1);
+ xmlSecAssert2(xmlSecPtrListGetSize(dataList) > 0, -1);
+
+ doc = (transform->inNodes != NULL) ? transform->inNodes->doc : transform->hereNode->doc;
+ xmlSecAssert2(doc != NULL, -1);
+
+ transform->outNodes = xmlSecXPathDataListExecute(dataList, doc,
+ transform->hereNode, transform->inNodes);
+ if(transform->outNodes == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecXPathDataExecute",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+/******************************************************************************
+ *
+ * XPath transform
+ *
+ *****************************************************************************/
+static int xmlSecTransformXPathNodeRead (xmlSecTransformPtr transform,
+ xmlNodePtr node,
+ xmlSecTransformCtxPtr transformCtx);
+
+static xmlSecTransformKlass xmlSecTransformXPathKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecXPathTransformSize, /* xmlSecSize objSize */
+
+ xmlSecNameXPath, /* const xmlChar* name; */
+ xmlSecXPathNs, /* const xmlChar* href; */
+ xmlSecTransformUsageDSigTransform, /* xmlSecTransformUsage usage; */
+
+ xmlSecTransformXPathInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecTransformXPathFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecTransformXPathNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ NULL, /* xmlSecTransformPushBinMethod pushBin; */
+ NULL, /* xmlSecTransformPopBinMethod popBin; */
+ xmlSecTransformDefaultPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
+ xmlSecTransformDefaultPopXml, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecTransformXPathExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecTransformXPathGetKlass:
+ *
+ * The XPath transform evaluates given XPath expression and
+ * intersects the result with the previous nodes set. See
+ * http://www.w3.org/TR/xmldsig-core/#sec-XPath for more details.
+ *
+ * Returns: XPath transform id.
+ */
+xmlSecTransformId
+xmlSecTransformXPathGetKlass(void) {
+ return(&xmlSecTransformXPathKlass);
+}
+
+static const char xpathPattern[] = "(//. | //@* | //namespace::*)[boolean(%s)]";
+static int
+xmlSecTransformXPathNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecPtrListPtr dataList;
+ xmlSecXPathDataPtr data;
+ xmlNodePtr cur;
+ xmlChar* tmp;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPathId), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ dataList = xmlSecXPathTransformGetDataList(transform);
+ xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1);
+ xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1);
+
+ /* there is only one required node */
+ cur = xmlSecGetNextElementNode(node->children);
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeXPath, xmlSecDSigNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "expected=%s",
+ xmlSecErrorsSafeString(xmlSecNodeXPath));
+ return(-1);
+ }
+
+ /* read information from the node */
+ data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPath);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecXPathDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecXPathDataNodeRead(data, cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecXPathDataNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXPathDataDestroy(data);
+ return(-1);
+ }
+
+ /* append it to the list */
+ ret = xmlSecPtrListAdd(dataList, data);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXPathDataDestroy(data);
+ return(-1);
+ }
+
+ /* create full XPath expression */
+ xmlSecAssert2(data->expr != NULL, -1);
+ tmp = (xmlChar*) xmlMalloc(sizeof(xmlChar) * (xmlStrlen(data->expr) +
+ strlen(xpathPattern) + 1));
+ if(tmp == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ "size=%d",
+ xmlStrlen(data->expr) + strlen(xpathPattern) + 1);
+ return(-1);
+ }
+ sprintf((char*)tmp, xpathPattern, (char*)data->expr);
+ xmlFree(data->expr);
+ data->expr = tmp;
+
+ /* set correct node set type and operation */
+ data->nodeSetOp = xmlSecNodeSetIntersection;
+ data->nodeSetType = xmlSecNodeSetNormal;
+
+ /* check that we have nothing else */
+ cur = xmlSecGetNextElementNode(cur->next);
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+/******************************************************************************
+ *
+ * XPath2 transform
+ *
+ *****************************************************************************/
+static int xmlSecTransformXPath2NodeRead (xmlSecTransformPtr transform,
+ xmlNodePtr node,
+ xmlSecTransformCtxPtr transformCtx);
+static xmlSecTransformKlass xmlSecTransformXPath2Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecXPathTransformSize, /* xmlSecSize objSize */
+
+ xmlSecNameXPath2, /* const xmlChar* name; */
+ xmlSecXPath2Ns, /* const xmlChar* href; */
+ xmlSecTransformUsageDSigTransform, /* xmlSecTransformUsage usage; */
+
+ xmlSecTransformXPathInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecTransformXPathFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecTransformXPath2NodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ NULL, /* xmlSecTransformPushBinMethod pushBin; */
+ NULL, /* xmlSecTransformPopBinMethod popBin; */
+ xmlSecTransformDefaultPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
+ xmlSecTransformDefaultPopXml, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecTransformXPathExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecTransformXPath2GetKlass:
+ *
+ * The XPath2 transform (http://www.w3.org/TR/xmldsig-filter2/).
+ *
+ * Returns: XPath2 transform klass.
+ */
+xmlSecTransformId
+xmlSecTransformXPath2GetKlass(void) {
+ return(&xmlSecTransformXPath2Klass);
+}
+
+static int
+xmlSecTransformXPath2NodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecPtrListPtr dataList;
+ xmlSecXPathDataPtr data;
+ xmlNodePtr cur;
+ xmlChar* op;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPath2Id), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ dataList = xmlSecXPathTransformGetDataList(transform);
+ xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1);
+ xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1);
+
+ /* There are only xpath nodes */
+ cur = xmlSecGetNextElementNode(node->children);
+ while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeXPath2, xmlSecXPath2Ns)) {
+ /* read information from the node */
+ data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPath2);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecXPathDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecXPathDataNodeRead(data, cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecXPathDataNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXPathDataDestroy(data);
+ return(-1);
+ }
+
+ /* append it to the list */
+ ret = xmlSecPtrListAdd(dataList, data);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXPathDataDestroy(data);
+ return(-1);
+ }
+
+ /* set correct node set type and operation */
+ data->nodeSetType = xmlSecNodeSetTree;
+ op = xmlGetProp(cur, xmlSecAttrFilter);
+ if(op == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecAttrFilter),
+ XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
+ "node=%s",
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
+ return(-1);
+ }
+ if(xmlStrEqual(op, xmlSecXPath2FilterIntersect)) {
+ data->nodeSetOp = xmlSecNodeSetIntersection;
+ } else if(xmlStrEqual(op, xmlSecXPath2FilterSubtract)) {
+ data->nodeSetOp = xmlSecNodeSetSubtraction;
+ } else if(xmlStrEqual(op, xmlSecXPath2FilterUnion)) {
+ data->nodeSetOp = xmlSecNodeSetUnion;
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecAttrFilter),
+ XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
+ "filter=%s",
+ xmlSecErrorsSafeString(op));
+ xmlFree(op);
+ return(-1);
+ }
+ xmlFree(op);
+
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* check that we have nothing else */
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+/******************************************************************************
+ *
+ * XPointer transform
+ *
+ *****************************************************************************/
+static int xmlSecTransformXPointerNodeRead (xmlSecTransformPtr transform,
+ xmlNodePtr node,
+ xmlSecTransformCtxPtr transformCtx);
+static xmlSecTransformKlass xmlSecTransformXPointerKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecXPathTransformSize, /* xmlSecSize objSize */
+
+ xmlSecNameXPointer, /* const xmlChar* name; */
+ xmlSecXPointerNs, /* const xmlChar* href; */
+ xmlSecTransformUsageDSigTransform, /* xmlSecTransformUsage usage; */
+
+ xmlSecTransformXPathInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecTransformXPathFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecTransformXPointerNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ NULL, /* xmlSecTransformPushBinMethod pushBin; */
+ NULL, /* xmlSecTransformPopBinMethod popBin; */
+ xmlSecTransformDefaultPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
+ xmlSecTransformDefaultPopXml, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecTransformXPathExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecTransformXPointerGetKlass:
+ *
+ * The XPointer transform klass
+ * (http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt).
+ *
+ * Returns: XPointer transform klass.
+ */
+xmlSecTransformId
+xmlSecTransformXPointerGetKlass(void) {
+ return(&xmlSecTransformXPointerKlass);
+}
+
+/**
+ * xmlSecTransformXPointerSetExpr:
+ * @transform: the pointer to XPointer transform.
+ * @expr: the XPointer expression.
+ * @nodeSetType: the type of evaluated XPointer expression.
+ * @hereNode: the pointer to "here" node.
+ *
+ * Sets the XPointer expression for an XPointer @transform.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecTransformXPointerSetExpr(xmlSecTransformPtr transform, const xmlChar* expr,
+ xmlSecNodeSetType nodeSetType, xmlNodePtr hereNode) {
+ xmlSecPtrListPtr dataList;
+ xmlSecXPathDataPtr data;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPointerId), -1);
+ xmlSecAssert2(transform->hereNode == NULL, -1);
+ xmlSecAssert2(expr != NULL, -1);
+ xmlSecAssert2(hereNode != NULL, -1);
+
+ transform->hereNode = hereNode;
+
+ dataList = xmlSecXPathTransformGetDataList(transform);
+ xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1);
+ xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1);
+
+ data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPointer);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecXPathDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecXPathDataRegisterNamespaces(data, hereNode);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecXPathDataRegisterNamespaces",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXPathDataDestroy(data);
+ return(-1);
+ }
+
+ ret = xmlSecXPathDataSetExpr(data, expr);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecXPathDataSetExpr",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXPathDataDestroy(data);
+ return(-1);
+ }
+
+ /* append it to the list */
+ ret = xmlSecPtrListAdd(dataList, data);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXPathDataDestroy(data);
+ return(-1);
+ }
+
+ /* set correct node set type and operation */
+ data->nodeSetOp = xmlSecNodeSetIntersection;
+ data->nodeSetType = nodeSetType;
+
+ return(0);
+}
+
+static int
+xmlSecTransformXPointerNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecPtrListPtr dataList;
+ xmlSecXPathDataPtr data;
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPointerId), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ dataList = xmlSecXPathTransformGetDataList(transform);
+ xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1);
+ xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1);
+
+ /* there is only one required node */
+ cur = xmlSecGetNextElementNode(node->children);
+ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeXPointer, xmlSecXPointerNs))) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "expected=%s",
+ xmlSecErrorsSafeString(xmlSecNodeXPath));
+ return(-1);
+ }
+
+ /* read information from the node */
+ data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPointer);
+ if(data == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecXPathDataCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecXPathDataNodeRead(data, cur);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecXPathDataNodeRead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXPathDataDestroy(data);
+ return(-1);
+ }
+
+ /* append it to the list */
+ ret = xmlSecPtrListAdd(dataList, data);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecPtrListAdd",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecXPathDataDestroy(data);
+ return(-1);
+ }
+
+ /* set correct node set type and operation */
+ data->nodeSetOp = xmlSecNodeSetIntersection;
+ data->nodeSetType = xmlSecNodeSetTree;
+
+ /* check that we have nothing else */
+ cur = xmlSecGetNextElementNode(cur->next);
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+
+/******************************************************************************
+ *
+ * Visa3DHack transform
+ *
+ *****************************************************************************/
+#define xmlSecVisa3DHackTransformSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlChar*))
+#define xmlSecVisa3DHackTransformGetIDPtr(transform) \
+ ((xmlSecTransformCheckSize((transform), xmlSecVisa3DHackTransformSize)) ? \
+ (xmlChar**)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)) : \
+ (xmlChar**)NULL)
+#define xmlSecTransformVisa3DHackCheckId(transform) \
+ (xmlSecTransformCheckId((transform), xmlSecTransformVisa3DHackId))
+
+static int xmlSecTransformVisa3DHackInitialize (xmlSecTransformPtr transform);
+static void xmlSecTransformVisa3DHackFinalize (xmlSecTransformPtr transform);
+static int xmlSecTransformVisa3DHackExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+
+static xmlSecTransformKlass xmlSecTransformVisa3DHackKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecVisa3DHackTransformSize, /* xmlSecSize objSize */
+
+ BAD_CAST "Visa3DHackTransform", /* const xmlChar* name; */
+ NULL, /* const xmlChar* href; */
+ xmlSecTransformUsageDSigTransform, /* xmlSecTransformUsage usage; */
+
+ xmlSecTransformVisa3DHackInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecTransformVisa3DHackFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ NULL, /* xmlSecTransformPushBinMethod pushBin; */
+ NULL, /* xmlSecTransformPopBinMethod popBin; */
+ xmlSecTransformDefaultPushXml, /* xmlSecTransformPushXmlMethod pushXml; */
+ xmlSecTransformDefaultPopXml, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecTransformVisa3DHackExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecTransformVisa3DHackGetKlass:
+ *
+ * The Visa3DHack transform klass. The only reason why we need this
+ * is Visa3D protocol. It doesn't follow XML/XPointer/XMLDSig specs and allows
+ * invalid XPointer expressions in the URI attribute. Since we couldn't evaluate
+ * such expressions thru XPath/XPointer engine, we need to have this hack here.
+ *
+ * Returns: Visa3DHack transform klass.
+ */
+xmlSecTransformId
+xmlSecTransformVisa3DHackGetKlass(void) {
+ return(&xmlSecTransformVisa3DHackKlass);
+}
+
+/**
+ * xmlSecTransformVisa3DHackSetID:
+ * @transform: the pointer to Visa3DHack transform.
+ * @id: the ID value.
+ *
+ * Sets the ID value for an Visa3DHack @transform.
+ *
+ * Returns: 0 on success or a negative value if an error occurs.
+ */
+int
+xmlSecTransformVisa3DHackSetID(xmlSecTransformPtr transform, const xmlChar* id) {
+ xmlChar** idPtr;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformVisa3DHackId), -1);
+ xmlSecAssert2(id != NULL, -1);
+
+ idPtr = xmlSecVisa3DHackTransformGetIDPtr(transform);
+ xmlSecAssert2(idPtr != NULL, -1);
+ xmlSecAssert2((*idPtr) == NULL, -1);
+
+ (*idPtr) = xmlStrdup(id);
+ if((*idPtr) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlStrdup",
+ XMLSEC_ERRORS_R_MALLOC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecTransformVisa3DHackInitialize(xmlSecTransformPtr transform) {
+ xmlSecAssert2(xmlSecTransformVisa3DHackCheckId(transform), -1);
+
+ return(0);
+}
+
+static void
+xmlSecTransformVisa3DHackFinalize(xmlSecTransformPtr transform) {
+ xmlChar** idPtr;
+
+ xmlSecAssert(xmlSecTransformVisa3DHackCheckId(transform));
+
+ idPtr = xmlSecVisa3DHackTransformGetIDPtr(transform);
+ xmlSecAssert(idPtr != NULL);
+
+ if((*idPtr) != NULL) {
+ xmlFree((*idPtr));
+ }
+ (*idPtr) = NULL;
+}
+
+static int
+xmlSecTransformVisa3DHackExecute(xmlSecTransformPtr transform, int last,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlChar** idPtr;
+ xmlDocPtr doc;
+ xmlAttrPtr attr;
+ xmlNodeSetPtr nodeSet;
+
+ xmlSecAssert2(xmlSecTransformVisa3DHackCheckId(transform), -1);
+ xmlSecAssert2(transform->outNodes == NULL, -1);
+ xmlSecAssert2(last != 0, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ idPtr = xmlSecVisa3DHackTransformGetIDPtr(transform);
+ xmlSecAssert2(idPtr != NULL, -1);
+ xmlSecAssert2((*idPtr) != NULL, -1);
+
+ doc = (transform->inNodes != NULL) ? transform->inNodes->doc : transform->hereNode->doc;
+ xmlSecAssert2(doc != NULL, -1);
+
+ attr = xmlGetID(doc, (*idPtr));
+ if((attr == NULL) || (attr->parent == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlGetID",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "id=\"%s\"",
+ xmlSecErrorsSafeString((*idPtr)));
+ return(-1);
+ }
+
+ nodeSet = xmlXPathNodeSetCreate(attr->parent);
+ if(nodeSet == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlXPathNodeSetCreate",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "id=\"%s\"",
+ xmlSecErrorsSafeString((*idPtr)));
+ return(-1);
+ }
+
+ transform->outNodes = xmlSecNodeSetCreate(doc, nodeSet, xmlSecNodeSetTreeWithoutComments);
+ if(transform->outNodes == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecNodeSetCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlXPathFreeNodeSet(nodeSet);
+ return(-1);
+ }
+ return(0);
+}
+
+
+
diff --git a/src/xslt.c b/src/xslt.c
new file mode 100644
index 00000000..0353a251
--- /dev/null
+++ b/src/xslt.c
@@ -0,0 +1,617 @@
+/**
+ * XML Security Library (http://www.aleksey.com/xmlsec).
+ *
+ * XSLT Transform (http://www.w3.org/TR/xmldsig-core/#sec-XSLT)
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ */
+#include "globals.h"
+
+#ifndef XMLSEC_NO_XSLT
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <libxml/tree.h>
+#include <libxslt/xslt.h>
+#include <libxslt/xsltInternals.h>
+#include <libxslt/transform.h>
+#include <libxslt/xsltutils.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/parser.h>
+#include <xmlsec/errors.h>
+#include <xmlsec/private/xslt.h>
+
+/**************************************************************************
+ *
+ * Internal xslt ctx
+ *
+ *****************************************************************************/
+typedef struct _xmlSecXsltCtx xmlSecXsltCtx, *xmlSecXsltCtxPtr;
+struct _xmlSecXsltCtx {
+ xsltStylesheetPtr xslt;
+ xmlParserCtxtPtr parserCtx;
+};
+
+/****************************************************************************
+ *
+ * XSLT transform
+ *
+ * xmlSecXsltCtx is located after xmlSecTransform
+ *
+ ***************************************************************************/
+#define xmlSecXsltSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecXsltCtx))
+#define xmlSecXsltGetCtx(transform) \
+ ((xmlSecXsltCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecXsltInitialize (xmlSecTransformPtr transform);
+static void xmlSecXsltFinalize (xmlSecTransformPtr transform);
+static int xmlSecXsltReadNode (xmlSecTransformPtr transform,
+ xmlNodePtr node,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecXsltPushBin (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ int final,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecXsltExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecXslProcess (xmlSecXsltCtxPtr ctx,
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out);
+static xmlDocPtr xmlSecXsApplyStylesheet (xmlSecXsltCtxPtr ctx,
+ xmlDocPtr doc);
+
+static xmlSecTransformKlass xmlSecXsltKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecXsltSize, /* xmlSecSize objSize */
+
+ xmlSecNameXslt, /* const xmlChar* name; */
+ xmlSecHrefXslt, /* const xmlChar* href; */
+ xmlSecTransformUsageDSigTransform, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecXsltInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecXsltFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecXsltReadNode, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecXsltPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecXsltExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+
+#define XMLSEC_XSLT_COPY_SEC_PREF(src, dst, pref) \
+ xsltSetSecurityPrefs((dst), (pref), xsltGetSecurityPrefs((src), (pref)))
+
+static xsltSecurityPrefsPtr g_xslt_default_security_prefs = NULL;
+
+void xmlSecTransformXsltInitialize(void) {
+ xmlSecAssert(g_xslt_default_security_prefs == NULL);
+
+ g_xslt_default_security_prefs = xsltNewSecurityPrefs();
+ xmlSecAssert(g_xslt_default_security_prefs != NULL);
+ xsltSetSecurityPrefs(g_xslt_default_security_prefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(g_xslt_default_security_prefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid);
+ xsltSetSecurityPrefs(g_xslt_default_security_prefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid);
+ xsltSetSecurityPrefs(g_xslt_default_security_prefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid);
+ xsltSetSecurityPrefs(g_xslt_default_security_prefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid);
+}
+
+void xmlSecTransformXsltShutdown(void) {
+ if(g_xslt_default_security_prefs != NULL) {
+ xsltFreeSecurityPrefs(g_xslt_default_security_prefs);
+ g_xslt_default_security_prefs = NULL;
+ }
+}
+
+/**
+ * xmlSecTransformXsltSetDefaultSecurityPrefs:
+ * @sec: the new security preferences
+ *
+ * Sets the new default security preferences. The xmlsec default security policy is
+ * to disable everything.
+ */
+XMLSEC_EXPORT void
+xmlSecTransformXsltSetDefaultSecurityPrefs(xsltSecurityPrefsPtr sec) {
+ xmlSecAssert(sec != NULL);
+ xmlSecAssert(g_xslt_default_security_prefs != NULL);
+
+ /* copy prefs */
+ XMLSEC_XSLT_COPY_SEC_PREF(sec, g_xslt_default_security_prefs, XSLT_SECPREF_READ_FILE);
+ XMLSEC_XSLT_COPY_SEC_PREF(sec, g_xslt_default_security_prefs, XSLT_SECPREF_WRITE_FILE);
+ XMLSEC_XSLT_COPY_SEC_PREF(sec, g_xslt_default_security_prefs, XSLT_SECPREF_CREATE_DIRECTORY);
+ XMLSEC_XSLT_COPY_SEC_PREF(sec, g_xslt_default_security_prefs, XSLT_SECPREF_READ_NETWORK);
+ XMLSEC_XSLT_COPY_SEC_PREF(sec, g_xslt_default_security_prefs, XSLT_SECPREF_WRITE_NETWORK);
+}
+
+/**
+ * xmlSecTransformXsltGetKlass:
+ *
+ * XSLT transform klass (http://www.w3.org/TR/xmldsig-core/#sec-XSLT):
+ *
+ * The normative specification for XSL Transformations is [XSLT].
+ * Specification of a namespace-qualified stylesheet element, which MUST be
+ * the sole child of the Transform element, indicates that the specified style
+ * sheet should be used. Whether this instantiates in-line processing of local
+ * XSLT declarations within the resource is determined by the XSLT processing
+ * model; the ordered application of multiple stylesheet may require multiple
+ * Transforms. No special provision is made for the identification of a remote
+ * stylesheet at a given URI because it can be communicated via an xsl:include
+ * or xsl:import within the stylesheet child of the Transform.
+ *
+ * This transform requires an octet stream as input. If the actual input is an
+ * XPath node-set, then the signature application should attempt to convert it
+ * to octets (apply Canonical XML]) as described in the Reference Processing
+ * Model (section 4.3.3.2).]
+ *
+ * The output of this transform is an octet stream. The processing rules for
+ * the XSL style sheet or transform element are stated in the XSLT specification
+ * [XSLT]. We RECOMMEND that XSLT transform authors use an output method of xml
+ * for XML and HTML. As XSLT implementations do not produce consistent
+ * serializations of their output, we further RECOMMEND inserting a transform
+ * after the XSLT transform to canonicalize the output. These steps will help
+ * to ensure interoperability of the resulting signatures among applications
+ * that support the XSLT transform. Note that if the output is actually HTML,
+ * then the result of these steps is logically equivalent [XHTML].
+ *
+ * Returns: pointer to XSLT transform klass.
+ */
+xmlSecTransformId
+xmlSecTransformXsltGetKlass(void) {
+ return(&xmlSecXsltKlass);
+}
+
+static int
+xmlSecXsltInitialize(xmlSecTransformPtr transform) {
+ xmlSecXsltCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXsltId), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecXsltSize), -1);
+
+ ctx = xmlSecXsltGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ /* initialize context */
+ memset(ctx, 0, sizeof(xmlSecXsltCtx));
+
+ /* done */
+ return(0);
+}
+
+static void
+xmlSecXsltFinalize(xmlSecTransformPtr transform) {
+ xmlSecXsltCtxPtr ctx;
+
+ xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecTransformXsltId));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecXsltSize));
+
+ ctx = xmlSecXsltGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ if(ctx->xslt != NULL) {
+ xsltFreeStylesheet(ctx->xslt);
+ }
+ if(ctx->parserCtx != NULL) {
+ xmlFreeParserCtxt(ctx->parserCtx);
+ }
+ memset(ctx, 0, sizeof(xmlSecXsltCtx));
+}
+
+static int
+xmlSecXsltReadNode(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecXsltCtxPtr ctx;
+ xmlBufferPtr buffer;
+ xmlDocPtr doc;
+ xmlNodePtr cur;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXsltId), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecXsltSize), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecXsltGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->xslt == NULL, -1);
+
+ /* read content in the buffer */
+ buffer = xmlBufferCreate();
+ if(buffer == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlBufferCreate",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ cur = node->children;
+ while(cur != NULL) {
+ xmlNodeDump(buffer, cur->doc, cur, 0, 0);
+ cur = cur->next;
+ }
+
+ /* parse the buffer */
+ doc = xmlSecParseMemory(xmlBufferContent(buffer),
+ xmlBufferLength(buffer), 1);
+ if(doc == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecParseMemory",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlBufferFree(buffer);
+ return(-1);
+ }
+
+ /* pre-process stylesheet */
+ ctx->xslt = xsltParseStylesheetDoc(doc);
+ if(ctx->xslt == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xsltParseStylesheetDoc",
+ XMLSEC_ERRORS_R_XSLT_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ /* after parsing stylesheet doc is assigned
+ * to it and will be freed by xsltFreeStylesheet() */
+ xmlFreeDoc(doc);
+ xmlBufferFree(buffer);
+ return(-1);
+ }
+
+ xmlBufferFree(buffer);
+ return(0);
+}
+
+static int
+xmlSecXsltPushBin(xmlSecTransformPtr transform, const xmlSecByte* data,
+ xmlSecSize dataSize, int final, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecXsltCtxPtr ctx;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXsltId), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecXsltSize), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecXsltGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->xslt != NULL, -1);
+
+ /* check/update current transform status */
+ if(transform->status == xmlSecTransformStatusNone) {
+ xmlSecAssert2(ctx->parserCtx == NULL, -1);
+
+ ctx->parserCtx = xmlCreatePushParserCtxt(NULL, NULL, NULL, 0, NULL);
+ if(ctx->parserCtx == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlCreatePushParserCtxt",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* required for c14n! */
+ ctx->parserCtx->loadsubset = XML_DETECT_IDS | XML_COMPLETE_ATTRS;
+ ctx->parserCtx->replaceEntities = 1;
+
+ transform->status = xmlSecTransformStatusWorking;
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ return(0);
+ } else if(transform->status != xmlSecTransformStatusWorking) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+ xmlSecAssert2(transform->status == xmlSecTransformStatusWorking, -1);
+ xmlSecAssert2(ctx->parserCtx != NULL, -1);
+
+ /* push data to the input buffer */
+ if((data != NULL) && (dataSize > 0)) {
+ ret = xmlParseChunk(ctx->parserCtx, (const char*)data, dataSize, 0);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlParseChunk",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ "size=%d", dataSize);
+ return(-1);
+ }
+ }
+
+ /* finish parsing, apply xslt transforms and push to next in the chain */
+ if(final != 0) {
+ xmlDocPtr docIn;
+ xmlDocPtr docOut;
+ xmlOutputBufferPtr output;
+
+ /* finalize */
+ ret = xmlParseChunk(ctx->parserCtx, NULL, 0, 1);
+ if((ret != 0) || (ctx->parserCtx->myDoc == NULL)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlParseChunk",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* todo: check that document is well formed? */
+ docIn = ctx->parserCtx->myDoc;
+ ctx->parserCtx->myDoc = NULL;
+
+ docOut = xmlSecXsApplyStylesheet(ctx, docIn);
+ if(docOut == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecXsApplyStylesheet",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFreeDoc(docIn);
+ return(-1);
+ }
+ xmlFreeDoc(docIn);
+
+ if(transform->next != NULL) {
+ output = xmlSecTransformCreateOutputBuffer(transform->next, transformCtx);
+ if(output == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecTransformCreateOutputBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFreeDoc(docOut);
+ return(-1);
+ }
+ } else {
+ output = xmlSecBufferCreateOutputBuffer(&(transform->outBuf));
+ if(output == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferCreateOutputBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFreeDoc(docOut);
+ return(-1);
+ }
+ }
+
+ ret = xsltSaveResultTo(output, docOut, ctx->xslt);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xsltSaveResultTo",
+ XMLSEC_ERRORS_R_XSLT_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlOutputBufferClose(output);
+ xmlFreeDoc(docOut);
+ return(-1);
+ }
+ ret = xmlOutputBufferClose(output);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlOutputBufferClose",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlFreeDoc(docOut);
+ return(-1);
+ }
+ xmlFreeDoc(docOut);
+
+ transform->status = xmlSecTransformStatusFinished;
+ }
+
+ return(0);
+}
+
+static int
+xmlSecXsltExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecXsltCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ xmlSecSize inSize, outSize;
+ int ret;
+
+ xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXsltId), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecXsltSize), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecXsltGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->xslt != NULL, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
+ /* just do nothing */
+ xmlSecAssert2(outSize == 0, -1);
+
+ } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
+ xmlSecAssert2(outSize == 0, -1);
+
+ ret = xmlSecXslProcess(ctx, in, out);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecXslProcess",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+ transform->status = xmlSecTransformStatusFinished;
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(inSize == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+ return(0);
+}
+
+/* TODO: create PopBin method instead */
+static int
+xmlSecXslProcess(xmlSecXsltCtxPtr ctx, xmlSecBufferPtr in, xmlSecBufferPtr out) {
+ xmlDocPtr docIn = NULL;
+ xmlDocPtr docOut = NULL;
+ xmlOutputBufferPtr output = NULL;
+ int res = -1;
+ int ret;
+
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ docIn = xmlSecParseMemory(xmlSecBufferGetData(in), xmlSecBufferGetSize(in), 1);
+ if(docIn == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecParseMemory",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ docOut = xmlSecXsApplyStylesheet(ctx, docIn);
+ if(docOut == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecXsApplyStylesheet",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ output = xmlSecBufferCreateOutputBuffer(out);
+ if(output == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferCreateOutputBuffer",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ ret = xsltSaveResultTo(output, docOut, ctx->xslt);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xsltSaveResultTo",
+ XMLSEC_ERRORS_R_XSLT_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ ret = xmlOutputBufferClose(output);
+ output = NULL;
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlOutputBufferClose",
+ XMLSEC_ERRORS_R_XML_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ res = 0;
+
+done:
+ if(output != NULL) xmlOutputBufferClose(output);
+ if(docIn != NULL) xmlFreeDoc(docIn);
+ if(docOut != NULL) xmlFreeDoc(docOut);
+ return(res);
+}
+
+
+static xmlDocPtr
+xmlSecXsApplyStylesheet(xmlSecXsltCtxPtr ctx, xmlDocPtr doc) {
+ xsltTransformContextPtr xsltCtx = NULL;
+ xmlDocPtr res = NULL;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, NULL);
+ xmlSecAssert2(ctx->xslt != NULL, NULL);
+ xmlSecAssert2(doc != NULL, NULL);
+
+ xsltCtx = xsltNewTransformContext(ctx->xslt, doc);
+ if(xsltCtx == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xsltNewTransformContext",
+ XMLSEC_ERRORS_R_XSLT_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ /* set security prefs */
+ ret = xsltSetCtxtSecurityPrefs(g_xslt_default_security_prefs, xsltCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xsltSetCtxtSecurityPrefs",
+ XMLSEC_ERRORS_R_XSLT_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+ res = xsltApplyStylesheetUser(ctx->xslt, doc, NULL, NULL, NULL, xsltCtx);
+ if(res == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xsltApplyStylesheetUser",
+ XMLSEC_ERRORS_R_XSLT_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ goto done;
+ }
+
+done:
+ if(xsltCtx != NULL) xsltFreeTransformContext(xsltCtx);
+ return res;
+}
+
+
+#endif /* XMLSEC_NO_XSLT */
+
diff --git a/tests/01-phaos-xmlenc-3/Readme.txt b/tests/01-phaos-xmlenc-3/Readme.txt
new file mode 100644
index 00000000..5d11ee2d
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/Readme.txt
@@ -0,0 +1,52 @@
+This directory contains the following files:
+
+ Readme.txt -- This file.
+
+ payment.xml -- A sample XML file.
+
+ key.txt -- Keys for decrypting the encrypted XML files enc-*-*-*-*.xml.
+
+ dh-priv-key.der
+ -- Diffie-Hellman private key encoded in PKCS#8 PrivateKeyInfo formate.
+ This key can be used to decrypt the files enc-*-*-ka-dh.xml.
+ rsa-priv-key.der
+ -- RSA private key encoded in PKCS#8 PrivateKeyInfo formate.
+ This key can be used to decrypt the files enc-*-*-kt-*.xml.
+
+ enc-*-*-*-*.xml
+ -- XML document obtained by encrypting and replacing part of the
+ sample payment.xml. The data encryption key is in turn
+ encrypted.
+
+ Each file has the form: enc-A-B-C-D.xml, where:
+
+ A indicates the type of the data encrypted. This includes:
+
+ element = The CreditCard element.
+ content = The content of the CreditCard element
+ (multiple elements).
+ text = The content of the Number element (text node).
+
+ B indicates the data encryption algorithm.
+
+ C indicates the key encryption protocols:
+ kt = key transport
+ kw = key wrap
+ ka = key agreement
+
+ D indicates the key encryption algorithm.
+
+bad-*-enc-*-*-*-*.xml
+ -- some "screw-up" samples
+
+The sample encrypted XML files are produced from Phaos XML toolkit.
+
+Jiandong Guo
+Phaos Technology
+http://www.phaos.com
+
+jguo@phaos.com
+
+
+
+
diff --git a/tests/01-phaos-xmlenc-3/bad-alg-enc-element-aes128-kw-3des.xml b/tests/01-phaos-xmlenc-3/bad-alg-enc-element-aes128-kw-3des.xml
new file mode 100644
index 00000000..b7156579
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/bad-alg-enc-element-aes128-kw-3des.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-tripledes"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-tripledes-key</ds:KeyName>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>HgVuHoXxBQWD9fvi0gt9TanywZ5lJokM/12fcMG6gRoMjsCPulH+4A==</CipherValue>
+ </CipherData>
+ <ReferenceList>
+ <DataReference URI="#ED"/>
+ </ReferenceList>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ yUMIHkj5EETckjZ59fpda4+m4YLCrkJsnuRz+Q3e5sP+VvHKRH1kdeGkXw3kYURV
+ JM3nQjGl2egW80oUxSykQD2F9iDoIjNhLSgIbyuse64oo/5/v9IiaUpSvrAocwLP
+ AzFIUmOrxmIagAkRGDOeMR8tdHLD6g84dQj4O/aGfwhL/2wUo/l+7onrbmsd6pVI
+ fjNyvXm+eITuyUnkDTHrCR+dfb2sHaQ3g3McgyfP6ZjI/L50SPJZ/w==
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/dh-priv-key.der b/tests/01-phaos-xmlenc-3/dh-priv-key.der
new file mode 100644
index 00000000..8af4f0ac
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/dh-priv-key.der
Binary files differ
diff --git a/tests/01-phaos-xmlenc-3/enc-content-3des-kw-aes192.data b/tests/01-phaos-xmlenc-3/enc-content-3des-kw-aes192.data
new file mode 100644
index 00000000..1d794286
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-content-3des-kw-aes192.data
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <CreditCard Currency="USD" Limit="5,000">
+ <Number>4019 2445 0277 5567</Number>
+ <Issuer>Bank of the Internet</Issuer>
+ <Expiration Time="04/02"/>
+ </CreditCard>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-content-3des-kw-aes192.tmpl b/tests/01-phaos-xmlenc-3/enc-content-3des-kw-aes192.tmpl
new file mode 100644
index 00000000..fa26733c
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-content-3des-kw-aes192.tmpl
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes192"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-aes192-key</ds:KeyName>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue></CipherValue>
+ </CipherData>
+ <ReferenceList>
+ <DataReference URI="#ED"/>
+ </ReferenceList>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
diff --git a/tests/01-phaos-xmlenc-3/enc-content-3des-kw-aes192.xml b/tests/01-phaos-xmlenc-3/enc-content-3des-kw-aes192.xml
new file mode 100644
index 00000000..4771f01d
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-content-3des-kw-aes192.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <CreditCard Currency="USD" Limit="5,000">
+ <EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes192"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-aes192-key</ds:KeyName>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>5+GpVUQNTAT3uY8pPedEg/PpftiX+fJsTCun+fgmIz0=</CipherValue>
+ </CipherData>
+ <ReferenceList>
+ <DataReference URI="#ED"/>
+ </ReferenceList>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ QBWlf/iYDXKbBWf0Pu3Bgzt5oLBwIs4NKPb/I0SxDYVnDc34i7tZG5UzHlztsWlX
+ udfbIW9l7k5WVdy9bfXZWrp6sXamBedUQTrr+z4v4u2jWaUyqEioLe7h36QeoU23
+ QvkOzRO9AiWm/QCCzePZ3Frp4LM9lXOE
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
+ </CreditCard>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-content-aes128-kw-3des.data b/tests/01-phaos-xmlenc-3/enc-content-aes128-kw-3des.data
new file mode 100644
index 00000000..1d794286
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-content-aes128-kw-3des.data
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <CreditCard Currency="USD" Limit="5,000">
+ <Number>4019 2445 0277 5567</Number>
+ <Issuer>Bank of the Internet</Issuer>
+ <Expiration Time="04/02"/>
+ </CreditCard>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-content-aes128-kw-3des.tmpl b/tests/01-phaos-xmlenc-3/enc-content-aes128-kw-3des.tmpl
new file mode 100644
index 00000000..623a8268
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-content-aes128-kw-3des.tmpl
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-tripledes"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-3des-key</ds:KeyName>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue></CipherValue>
+ </CipherData>
+ <ReferenceList>
+ <DataReference URI="#ED"/>
+ </ReferenceList>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
diff --git a/tests/01-phaos-xmlenc-3/enc-content-aes128-kw-3des.xml b/tests/01-phaos-xmlenc-3/enc-content-aes128-kw-3des.xml
new file mode 100644
index 00000000..7958d57d
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-content-aes128-kw-3des.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <CreditCard Currency="USD" Limit="5,000">
+ <EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-tripledes"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-3des-key</ds:KeyName>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>/PZvvn42E9dmMUZ8KCY6B5XtLaaIaG4X5YNDwgV5Vlo=</CipherValue>
+ </CipherData>
+ <ReferenceList>
+ <DataReference URI="#ED"/>
+ </ReferenceList>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ rINpr0HonGcKnnf/vYx8N3gnd+1rb+zwH1vnfjyt+bOoSU72w/QqniT71/GxtFFx
+ gwE0/arABVa1r8/PMRerWqyParMnpwIRq6dzQHKb5SqiqFEYPRZhytTGZFXN39oG
+ YZkSINOli5paMwTWrq6hDSPRozKvfEqhuI0VgZU4OLM=
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
+ </CreditCard>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-content-aes192-kw-aes256.data b/tests/01-phaos-xmlenc-3/enc-content-aes192-kw-aes256.data
new file mode 100644
index 00000000..1d794286
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-content-aes192-kw-aes256.data
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <CreditCard Currency="USD" Limit="5,000">
+ <Number>4019 2445 0277 5567</Number>
+ <Issuer>Bank of the Internet</Issuer>
+ <Expiration Time="04/02"/>
+ </CreditCard>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-content-aes192-kw-aes256.tmpl b/tests/01-phaos-xmlenc-3/enc-content-aes192-kw-aes256.tmpl
new file mode 100644
index 00000000..11aa7632
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-content-aes192-kw-aes256.tmpl
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes256"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-aes256-key</ds:KeyName>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue></CipherValue>
+ </CipherData>
+ <ReferenceList>
+ <DataReference URI="#ED"/>
+ </ReferenceList>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
diff --git a/tests/01-phaos-xmlenc-3/enc-content-aes192-kw-aes256.xml b/tests/01-phaos-xmlenc-3/enc-content-aes192-kw-aes256.xml
new file mode 100644
index 00000000..86a787be
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-content-aes192-kw-aes256.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <CreditCard Currency="USD" Limit="5,000">
+ <EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes256"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-aes256-key</ds:KeyName>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>IbnoS1cvuIFIGB46jj1V1FGftc92irrCwcC7BoBvxwQ=</CipherValue>
+ </CipherData>
+ <ReferenceList>
+ <DataReference URI="#ED"/>
+ </ReferenceList>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ /RDTbL2ce9Ca+2GS0FLJbFMXcpEvDLlW5RnpeKLe+pIO1lNpxsi40/tsqCVauD66
+ FOCaXkKPcQYaeHVtD4jnE/OHZYFVJ8zS8z4I7nDg44R1e9ZJ9xN3kAEub1T2MdeK
+ SVxPrhksHOWTwxFbPul9YRaNsrmi9a0XN4ggudJu+Rw=
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
+ </CreditCard>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-content-aes256-kt-rsa1_5.data b/tests/01-phaos-xmlenc-3/enc-content-aes256-kt-rsa1_5.data
new file mode 100644
index 00000000..1d794286
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-content-aes256-kt-rsa1_5.data
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <CreditCard Currency="USD" Limit="5,000">
+ <Number>4019 2445 0277 5567</Number>
+ <Issuer>Bank of the Internet</Issuer>
+ <Expiration Time="04/02"/>
+ </CreditCard>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-content-aes256-kt-rsa1_5.tmpl b/tests/01-phaos-xmlenc-3/enc-content-aes256-kt-rsa1_5.tmpl
new file mode 100644
index 00000000..709ee222
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-content-aes256-kt-rsa1_5.tmpl
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey" URI="#EK"/>
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-rsa-key</ds:KeyName>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+ <ReferenceList>
+ <DataReference URI="#ED"/>
+ </ReferenceList>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
diff --git a/tests/01-phaos-xmlenc-3/enc-content-aes256-kt-rsa1_5.xml b/tests/01-phaos-xmlenc-3/enc-content-aes256-kt-rsa1_5.xml
new file mode 100644
index 00000000..3f77c81b
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-content-aes256-kt-rsa1_5.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <CreditCard Currency="USD" Limit="5,000">
+ <EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey" URI="#EK"/>
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-rsa-key</ds:KeyName>
+ <ds:X509Data>
+ <ds:X509Certificate>
+ MIIDzTCCArWgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBljELMAkGA1UEBhMCVVMx
+ CzAJBgNVBAgTAk5ZMRIwEAYDVQQHEwlNYW5oYXR0YW4xFTATBgNVBAoTDExhdmEg
+ U3VwcmVtZTEUMBIGA1UECxMLSGVhZCBPZmZpY2UxFDASBgNVBAMTC1JTQSBUZXN0
+ IENBMSMwIQYJKoZIhvcNAQkBFhR0ZWNoQGxhdmFzdXByZW1lLm9yZzAeFw0wMjAx
+ MzExNjI5NDNaFw00MzAyMjUxNjI5NDNaMIGWMQswCQYDVQQGEwJVUzELMAkGA1UE
+ CBMCTlkxEjAQBgNVBAcTCU1hbmhhdHRhbjEVMBMGA1UEChMMTGF2YSBTdXByZW1l
+ MRQwEgYDVQQLEwtIZWFkIE9mZmljZTEUMBIGA1UEAxMLUlNBIFRlc3QgQ0ExIzAh
+ BgkqhkiG9w0BCQEWFHRlY2hAbGF2YXN1cHJlbWUub3JnMIIBIjANBgkqhkiG9w0B
+ AQEFAAOCAQ8AMIIBCgKCAQEAgj3TOyUtgg99oEfsm8h9JTZBxUkzYkXVUOHxIwnk
+ Fwp4y9ZnrGja/j+kpRyKvYP5CkNdq0e58/r7GLXj45iqd03XjsFNTdjy4OIOgf7J
+ xMG7z+hEB1LT2swTs10GILFWPByRl3/BEsnekLZdoqNoJrvnttVkxgu3x80Ji3/A
+ ZD8Ub/kBGOSPyu6pn3OdnMTc5q4r1qUe985lQzCZvCMw6AoGeCyJodNu2MbveNeH
+ +YPjRgLCQfzvOFRq+9qMtE8XfUJZdNhPZhgdsOGf8uJauTcIHbAyw7BhxPy6RikW
+ W5yiWUmBya+7t4y1TQJzham/0y0zU3TAA7b/rDrU7xmNPwIDAQABoyQwIjAPBgNV
+ HRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBgAwDQYJKoZIhvcNAQEEBQADggEB
+ ADELWZjFLPjSjGeOaeUwH/mEOP+l/nTtxe07IWAQL4kvb4wsiUsM1EkPptcBQsym
+ OYgFhf3Elqma84bbOyp85y/iQnjpqWWJ73TFXSWZamSIhYb4Gk+dQuwFI+zD3B2y
+ WwqghaAHDzxtzROLUBjo+97Y6ng6V5zjmtdGOFwNXwWhf3Y+MjnErtBIKYao8NJO
+ p6di80w82+s6Ot+CLVvVobLhxS/y8yWplATRiQnI5ij/WTLML+tiU5aes0c9abaf
+ O7i9j1iTuZsDT3f96ia0RSLsXSGij737QKc3ZM8lSxBWfepWYO+G+IRgr1q9IUDa
+ kKO/vB9Ay64Rt88XbLnnGns=
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ Vc7VOXgJDlw/oQ0hOvIaBKsGiOwyvIArzkhd2W7mZBQyeFlkJlxZQdnPGGg4kJE9
+ EGWeMWQZ0XavJy+xA9Z+PlIFqkpPHUXyos9jZZNniRxEtl6tLce2ReSVah+y8Lb3
+ 3xSNSm+O9k2B42yP3Osrj175KNMSMLLM2ZuA0iq28aP7v7DmtDY7VNp0n+O4nJUM
+ Eyy4RO0jmtXctt3jUfpCmGkqy42/LG6F5h1kluyfszjHvi/9lD5LEkCl2Y/3az+j
+ 2vLuuXM45z6ef14Dlgsh7eJtqp3bRT0Tpp4JvBWMiuDZaV1zUcZq7q80lNMvXucb
+ mSrSmlXn2lWPttfTrcjXrw==
+ </CipherValue>
+ </CipherData>
+ <ReferenceList>
+ <DataReference URI="#ED"/>
+ </ReferenceList>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ p5MMs6F765jIUqOj5rH1vAro0Rx4/PLIoEOXCOWaEGbEdCHh0m86zifozutcmoBA
+ xy1SuxmJjtFDO32f/bpuDhdzFDgLrlVIcXrNeHGgken6NryC2n1NdGS9CiYsyaPF
+ B5CWEkx3Prtbak6S20z3XZTJltOdoqzeNOn8/IDavLA=
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
+ </CreditCard>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-element-3des-ka-dh.xml b/tests/01-phaos-xmlenc-3/enc-element-3des-ka-dh.xml
new file mode 100644
index 00000000..ec75a1a7
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-3des-ka-dh.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <AgreementMethod Algorithm="http://www.w3.org/2001/04/xmlenc#dh">
+ <KA-Nonce>YWJjZGU=</KA-Nonce>
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <OriginatorKeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>
+ MIIEjDCCA/WgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBljELMAkGA1UEBhMCVVMx
+ CzAJBgNVBAgTAk5ZMRIwEAYDVQQHEwlNYW5oYXR0YW4xFTATBgNVBAoTDExhdmEg
+ U3VwcmVtZTEUMBIGA1UECxMLSGVhZCBPZmZpY2UxFDASBgNVBAMTC1JTQSBUZXN0
+ IENBMSMwIQYJKoZIhvcNAQkBFhR0ZWNoQGxhdmFzdXByZW1lLm9yZzAeFw0wMjAx
+ MzAyMjUwNDBaFw0xMDAxMDEwNTAwMDBaMIGMMQswCQYDVQQGEwJVUzELMAkGA1UE
+ CBMCTlkxEjAQBgNVBAcTCU1hbmhhdHRhbjEOMAwGA1UEChMFUGhhb3MxFDASBgNV
+ BAsTC0hlYWQgT2ZmaWNlMRcwFQYDVQQDEw5ESCBUZXN0IENsaWVudDEdMBsGCSqG
+ SIb3DQEJARYOdGVjaEBwaGFvcy5vcmcwggJDMIIBuAYHKoZIzj4CATCCAasCgYEA
+ uavat7i6NOpnRObdx7Gz38h8xkgmv20XUaj1JjfvMAQfQFMHeshGhY2Q0mwvJ1Of
+ X/kZ4cMbSYUywh3WAY6zQs8W2uxg8GeduCLebNQGTaHVFVmrJMQawlV1bIMQ+kDi
+ IQNR/FPqSNHKD2Q9/uoGD5d2l4KP3qH8dv5HOT8fCwUCgYBxunqmUuKZFTNKJhH9
+ G6UINlI/Xr9jPesj5/I8fpWgxZxsgkzksqisDCslZ09uZTATrGFTF3fk6kNhx25s
+ UCtYHHK1HzQmsLMu2BWNBQrkLC+Mkd3d39UdNduPW4kCMpcdoHAh+zTqAH2QkKJm
+ yxc/x0LevkSUk8rX8DFa3y152QIVAL+Eo4gPL339dk7inq87PnR1PWuHAm0A+C9E
+ GPDSphFaPWO5LQTNflJ0l9IGjcNFGrJX0imWrjM2q6bGYz0ZK4cJhcX12YZOjR52
+ TZh3cy6yAJG470i65nlz5/3ESWFHsMO0COrDi/Ca5RfMrYGcc8hrydzFlT1zqMFa
+ 1yuqQKVsGwXcMBwDFgCZ/hqLAtBi6dyv6Ky+OfXfXgJBPhQCAgNPA4GEAAKBgFWw
+ LyYO4IPxJsbaQQsJ4K1xTjPSjTMmvG4fpKA+S1BGz8FI1SPACb2/YYCrmjoWNvkQ
+ V6NTQ+eji6TGA7ET85c4AcRZtxOi3gSP5Kq2A3E9dUouikhrKSHFb+Nx420CXmtp
+ jxBu+qUTb7AMrRCus8maHwU9PdKQbZxoDFOLArJHo00wSzAPBgNVHQ8BAf8EBQMD
+ BwgAMBkGA1UdEQQSMBCBDnRlY2hAcGhhb3Mub3JnMB0GA1UdDgQWBBTfky/d+/wI
+ 6zicN4uDl0PSAyRNnTANBgkqhkiG9w0BAQQFAAOBgQA+2cWsAZ9a44ttBX1Z3eMI
+ e0GgduXErBt9xsv2Sy6fS/6CyyJm3tpthuT2WMZmu6E+ceBLkFU+TnxnEf/NrSj8
+ wtQt/wVHacaSZMcwUDv/uTUxrtIZUJ7A7VxcAvbnLE5fQqKhF6QT5irtbE2Ryvd7
+ oMfGG8PmU+sbN9sNXtIzOA==
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </OriginatorKeyInfo>
+ <RecipientKeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>
+ MIIEjTCCA/agAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBljELMAkGA1UEBhMCVVMx
+ CzAJBgNVBAgTAk5ZMRIwEAYDVQQHEwlNYW5oYXR0YW4xFTATBgNVBAoTDExhdmEg
+ U3VwcmVtZTEUMBIGA1UECxMLSGVhZCBPZmZpY2UxFDASBgNVBAMTC1JTQSBUZXN0
+ IENBMSMwIQYJKoZIhvcNAQkBFhR0ZWNoQGxhdmFzdXByZW1lLm9yZzAeFw0wMjAx
+ MzAyMjUyNTNaFw0xMDAxMDEwNTAwMDBaMIGMMQswCQYDVQQGEwJVUzELMAkGA1UE
+ CBMCTlkxEjAQBgNVBAcTCU1hbmhhdHRhbjEOMAwGA1UEChMFUGhhb3MxFDASBgNV
+ BAsTC0hlYWQgT2ZmaWNlMRcwFQYDVQQDEw5ESCBUZXN0IENsaWVudDEdMBsGCSqG
+ SIb3DQEJARYOdGVjaEBwaGFvcy5vcmcwggJEMIIBuAYHKoZIzj4CATCCAasCgYEA
+ uavat7i6NOpnRObdx7Gz38h8xkgmv20XUaj1JjfvMAQfQFMHeshGhY2Q0mwvJ1Of
+ X/kZ4cMbSYUywh3WAY6zQs8W2uxg8GeduCLebNQGTaHVFVmrJMQawlV1bIMQ+kDi
+ IQNR/FPqSNHKD2Q9/uoGD5d2l4KP3qH8dv5HOT8fCwUCgYBxunqmUuKZFTNKJhH9
+ G6UINlI/Xr9jPesj5/I8fpWgxZxsgkzksqisDCslZ09uZTATrGFTF3fk6kNhx25s
+ UCtYHHK1HzQmsLMu2BWNBQrkLC+Mkd3d39UdNduPW4kCMpcdoHAh+zTqAH2QkKJm
+ yxc/x0LevkSUk8rX8DFa3y152QIVAL+Eo4gPL339dk7inq87PnR1PWuHAm0A+C9E
+ GPDSphFaPWO5LQTNflJ0l9IGjcNFGrJX0imWrjM2q6bGYz0ZK4cJhcX12YZOjR52
+ TZh3cy6yAJG470i65nlz5/3ESWFHsMO0COrDi/Ca5RfMrYGcc8hrydzFlT1zqMFa
+ 1yuqQKVsGwXcMBwDFgCZ/hqLAtBi6dyv6Ky+OfXfXgJBPhQCAgNPA4GFAAKBgQCM
+ KtnMyjT9G1LKTZoN7rHwIO08D5j1YYIscsQDc+q4ny5WEFo+wEmOqxGcE9JrRdeb
+ it6cT8F7TWWzeDJUyaXFEi4E1panCBCL1crqS/HbY8VH/zzhT+5L232LchsoYa1p
+ dqxxLHW8RrOax4RLVrcIOPcW4x3Ggk0ANYQhR6kNmqNNMEswDwYDVR0PAQH/BAUD
+ AwcIADAZBgNVHREEEjAQgQ50ZWNoQHBoYW9zLm9yZzAdBgNVHQ4EFgQUHddBJmfV
+ 6MD3FTbVmHcLFN6QFAcwDQYJKoZIhvcNAQEEBQADgYEAKZl9P/ZmIrwHp3BTfBHl
+ eFBk9CbhK14FObMGWSkfjqipb5snXBPE3uPBrvP1StisPRsK/y1OZfcjjkA6ht0j
+ YWp9lohNDTlc/NOKGOQSCpntqr+wQhc6l16jezqR7sKv2eHBFGs0V7HCrEe2mTP4
+ rDa/YKrmL5K6S9GSF27rx40=
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </RecipientKeyInfo>
+ </AgreementMethod>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ BsIAtHyqE+foVEU2B8EoSAErEMjuunlXygmu+BC6SN+mYGFEsQ/frVzgiKBo2yRe
+ bbnuUqAwDx03wS4zqmW5lD1C6bm/9tUSSv8HcNr7vRqrx3tRQ51y6y5xRbhjK6Zi
+ vKHDXwZpxY4CnhfUwbtTSZisjNn/eV6UYxZdz2zmTxAJXAPI1dVFiPdqhljXhlDE
+ tVAt/1f+//u1D782NMCuPVUt09Mtbf0pcFJhtoCmx84NVT3XwK+2Tg==
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-element-3des-kt-rsa1_5.data b/tests/01-phaos-xmlenc-3/enc-element-3des-kt-rsa1_5.data
new file mode 100644
index 00000000..1d794286
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-3des-kt-rsa1_5.data
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <CreditCard Currency="USD" Limit="5,000">
+ <Number>4019 2445 0277 5567</Number>
+ <Issuer>Bank of the Internet</Issuer>
+ <Expiration Time="04/02"/>
+ </CreditCard>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-element-3des-kt-rsa1_5.tmpl b/tests/01-phaos-xmlenc-3/enc-element-3des-kt-rsa1_5.tmpl
new file mode 100644
index 00000000..8328ebb6
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-3des-kt-rsa1_5.tmpl
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-rsa-key</ds:KeyName>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+ <ReferenceList>
+ <DataReference URI="#ED"/>
+ </ReferenceList>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+</EncryptedData>
diff --git a/tests/01-phaos-xmlenc-3/enc-element-3des-kt-rsa1_5.xml b/tests/01-phaos-xmlenc-3/enc-element-3des-kt-rsa1_5.xml
new file mode 100644
index 00000000..2772fbd7
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-3des-kt-rsa1_5.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-rsa-key</ds:KeyName>
+ <ds:X509Data>
+ <ds:X509Certificate>
+ MIIDzTCCArWgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBljELMAkGA1UEBhMCVVMx
+ CzAJBgNVBAgTAk5ZMRIwEAYDVQQHEwlNYW5oYXR0YW4xFTATBgNVBAoTDExhdmEg
+ U3VwcmVtZTEUMBIGA1UECxMLSGVhZCBPZmZpY2UxFDASBgNVBAMTC1JTQSBUZXN0
+ IENBMSMwIQYJKoZIhvcNAQkBFhR0ZWNoQGxhdmFzdXByZW1lLm9yZzAeFw0wMjAx
+ MzExNjI5NDNaFw00MzAyMjUxNjI5NDNaMIGWMQswCQYDVQQGEwJVUzELMAkGA1UE
+ CBMCTlkxEjAQBgNVBAcTCU1hbmhhdHRhbjEVMBMGA1UEChMMTGF2YSBTdXByZW1l
+ MRQwEgYDVQQLEwtIZWFkIE9mZmljZTEUMBIGA1UEAxMLUlNBIFRlc3QgQ0ExIzAh
+ BgkqhkiG9w0BCQEWFHRlY2hAbGF2YXN1cHJlbWUub3JnMIIBIjANBgkqhkiG9w0B
+ AQEFAAOCAQ8AMIIBCgKCAQEAgj3TOyUtgg99oEfsm8h9JTZBxUkzYkXVUOHxIwnk
+ Fwp4y9ZnrGja/j+kpRyKvYP5CkNdq0e58/r7GLXj45iqd03XjsFNTdjy4OIOgf7J
+ xMG7z+hEB1LT2swTs10GILFWPByRl3/BEsnekLZdoqNoJrvnttVkxgu3x80Ji3/A
+ ZD8Ub/kBGOSPyu6pn3OdnMTc5q4r1qUe985lQzCZvCMw6AoGeCyJodNu2MbveNeH
+ +YPjRgLCQfzvOFRq+9qMtE8XfUJZdNhPZhgdsOGf8uJauTcIHbAyw7BhxPy6RikW
+ W5yiWUmBya+7t4y1TQJzham/0y0zU3TAA7b/rDrU7xmNPwIDAQABoyQwIjAPBgNV
+ HRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBgAwDQYJKoZIhvcNAQEEBQADggEB
+ ADELWZjFLPjSjGeOaeUwH/mEOP+l/nTtxe07IWAQL4kvb4wsiUsM1EkPptcBQsym
+ OYgFhf3Elqma84bbOyp85y/iQnjpqWWJ73TFXSWZamSIhYb4Gk+dQuwFI+zD3B2y
+ WwqghaAHDzxtzROLUBjo+97Y6ng6V5zjmtdGOFwNXwWhf3Y+MjnErtBIKYao8NJO
+ p6di80w82+s6Ot+CLVvVobLhxS/y8yWplATRiQnI5ij/WTLML+tiU5aes0c9abaf
+ O7i9j1iTuZsDT3f96ia0RSLsXSGij737QKc3ZM8lSxBWfepWYO+G+IRgr1q9IUDa
+ kKO/vB9Ay64Rt88XbLnnGns=
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ bYDE3XSjELiEW/rX08ZQUcG1dK1l1uSw14EKhIHbwrM8DFZKF4fBaPXxG/91mkOA
+ cs3q0LZESrqHGVrm9UvqL48utkNrR56ud60FhIgSBgdKE/9qTMjrSCX1Vw7xfhJH
+ Fc4tD3vjhALLaO3SUT8esPQKPK4gEWYMNzdpyNQuD0mrLiQ/SnHuHKzBmSjjgKkk
+ xFcFVdiPT/XAhEZcuvkOyLMYgPN55slcnRzckOEq6zOcu8Ww6/2dG0a0TRioFeHW
+ ecqmW8jawxxOVnVVSdDNlqwYWpM+2XxgYuSifsDwkwaNwVAM/xXgj05ZPr49powT
+ 1nZJ5cARCmW5zLh6aNpQng==
+ </CipherValue>
+ </CipherData>
+ <ReferenceList>
+ <DataReference URI="#ED"/>
+ </ReferenceList>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ LBisCaY4C+s7h8LjVpi8++dCzxxM2P7jR+rw+W0bVZz/YNfG9Q4Id/GkTlcYP/aT
+ WNJfNVhip8KD6QiQqjsRkaF81w8Uam1lVXz8X2Gc6Rsx5L7j+1OblmB6VLPuIwBJ
+ wImjNiEX4RhrS4TfxF/zIq0sLT2DCHdHI752VCnZ8ulVKDnamCZUvT95YqlcCYnc
+ VWAOV5fYH3YvtZ6S/zpTEKW79dnGQZL8od5aJsRrid5fq49X/5KtMw==
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha1.data b/tests/01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha1.data
new file mode 100644
index 00000000..1d794286
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha1.data
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <CreditCard Currency="USD" Limit="5,000">
+ <Number>4019 2445 0277 5567</Number>
+ <Issuer>Bank of the Internet</Issuer>
+ <Expiration Time="04/02"/>
+ </CreditCard>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha1.tmpl b/tests/01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha1.tmpl
new file mode 100644
index 00000000..3405bd9f
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha1.tmpl
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+ <EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
+ </EncryptionMethod>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-rsa-key</ds:KeyName>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
diff --git a/tests/01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha1.xml b/tests/01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha1.xml
new file mode 100644
index 00000000..2cce7a18
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha1.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
+ </EncryptionMethod>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-rsa-key</ds:KeyName>
+ <ds:X509Data>
+ <ds:X509Certificate>
+ MIIDzTCCArWgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBljELMAkGA1UEBhMCVVMx
+ CzAJBgNVBAgTAk5ZMRIwEAYDVQQHEwlNYW5oYXR0YW4xFTATBgNVBAoTDExhdmEg
+ U3VwcmVtZTEUMBIGA1UECxMLSGVhZCBPZmZpY2UxFDASBgNVBAMTC1JTQSBUZXN0
+ IENBMSMwIQYJKoZIhvcNAQkBFhR0ZWNoQGxhdmFzdXByZW1lLm9yZzAeFw0wMjAx
+ MzExNjI5NDNaFw00MzAyMjUxNjI5NDNaMIGWMQswCQYDVQQGEwJVUzELMAkGA1UE
+ CBMCTlkxEjAQBgNVBAcTCU1hbmhhdHRhbjEVMBMGA1UEChMMTGF2YSBTdXByZW1l
+ MRQwEgYDVQQLEwtIZWFkIE9mZmljZTEUMBIGA1UEAxMLUlNBIFRlc3QgQ0ExIzAh
+ BgkqhkiG9w0BCQEWFHRlY2hAbGF2YXN1cHJlbWUub3JnMIIBIjANBgkqhkiG9w0B
+ AQEFAAOCAQ8AMIIBCgKCAQEAgj3TOyUtgg99oEfsm8h9JTZBxUkzYkXVUOHxIwnk
+ Fwp4y9ZnrGja/j+kpRyKvYP5CkNdq0e58/r7GLXj45iqd03XjsFNTdjy4OIOgf7J
+ xMG7z+hEB1LT2swTs10GILFWPByRl3/BEsnekLZdoqNoJrvnttVkxgu3x80Ji3/A
+ ZD8Ub/kBGOSPyu6pn3OdnMTc5q4r1qUe985lQzCZvCMw6AoGeCyJodNu2MbveNeH
+ +YPjRgLCQfzvOFRq+9qMtE8XfUJZdNhPZhgdsOGf8uJauTcIHbAyw7BhxPy6RikW
+ W5yiWUmBya+7t4y1TQJzham/0y0zU3TAA7b/rDrU7xmNPwIDAQABoyQwIjAPBgNV
+ HRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBgAwDQYJKoZIhvcNAQEEBQADggEB
+ ADELWZjFLPjSjGeOaeUwH/mEOP+l/nTtxe07IWAQL4kvb4wsiUsM1EkPptcBQsym
+ OYgFhf3Elqma84bbOyp85y/iQnjpqWWJ73TFXSWZamSIhYb4Gk+dQuwFI+zD3B2y
+ WwqghaAHDzxtzROLUBjo+97Y6ng6V5zjmtdGOFwNXwWhf3Y+MjnErtBIKYao8NJO
+ p6di80w82+s6Ot+CLVvVobLhxS/y8yWplATRiQnI5ij/WTLML+tiU5aes0c9abaf
+ O7i9j1iTuZsDT3f96ia0RSLsXSGij737QKc3ZM8lSxBWfepWYO+G+IRgr1q9IUDa
+ kKO/vB9Ay64Rt88XbLnnGns=
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ ZF0JPSfv75/8M+O2O/xi+8N1b9KT94a4l1D1Q65hnX6F00t+wAWZSkcDUoD/y2/E
+ RKGUyuQwsG6l58e4MwYpmDI4RhHrUYLCQBacAehqVZhwNxv99L7ANsqrZJoT7N0k
+ ER9MbmuIZGb4qisLDfZtzIGKKUUiA3ARfQny4MUxFovSmVUF2OjqSBXUVV/PjMLi
+ fVTVyqCMv08YwmM4abj33tKOEMtiZqAa09lUIpnCUzq2IAShSRNBzWIHe+ndoB6G
+ 2p6ufk0TuRidwdQZkZwTW/2PjK1x7KejaqADWaOIImKhSBMpGzkVfDuv8aAFXOtf
+ +LV67Ov6hJAt7FB65tE9Hg==
+ </CipherValue>
+ </CipherData>
+ <ReferenceList>
+ <DataReference URI="#ED"/>
+ </ReferenceList>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ kY6scZxpyRXQbaDZp+LbuvSFYgmI3pQrfsrCVt3/9sZzpeUTPXJEatQ5KPOXYpJC
+ Gid01h/T8PIezic0Ooz/jU+r3kYMKesMYiXin4CXTZYcGhd0TjmOd4kg1vlhE8kt
+ WLC7JDzFLPAqXbOug3ghmWunFiUETbGJaF5V4AHIoZrYP+RS3DTLgJcATuDeWyOd
+ ueqnLefXiCDNqgSTsK4OyNlX0fpUJgKbL+Mhf5vsqxyIqDsS/p6cRA==
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha256.xml b/tests/01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha256.xml
new file mode 100644
index 00000000..29c97303
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha256.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
+ <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
+ </EncryptionMethod>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-rsa-key</ds:KeyName>
+ <ds:X509Data>
+ <ds:X509Certificate>
+ MIIDzTCCArWgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBljELMAkGA1UEBhMCVVMx
+ CzAJBgNVBAgTAk5ZMRIwEAYDVQQHEwlNYW5oYXR0YW4xFTATBgNVBAoTDExhdmEg
+ U3VwcmVtZTEUMBIGA1UECxMLSGVhZCBPZmZpY2UxFDASBgNVBAMTC1JTQSBUZXN0
+ IENBMSMwIQYJKoZIhvcNAQkBFhR0ZWNoQGxhdmFzdXByZW1lLm9yZzAeFw0wMjAx
+ MzExNjI5NDNaFw00MzAyMjUxNjI5NDNaMIGWMQswCQYDVQQGEwJVUzELMAkGA1UE
+ CBMCTlkxEjAQBgNVBAcTCU1hbmhhdHRhbjEVMBMGA1UEChMMTGF2YSBTdXByZW1l
+ MRQwEgYDVQQLEwtIZWFkIE9mZmljZTEUMBIGA1UEAxMLUlNBIFRlc3QgQ0ExIzAh
+ BgkqhkiG9w0BCQEWFHRlY2hAbGF2YXN1cHJlbWUub3JnMIIBIjANBgkqhkiG9w0B
+ AQEFAAOCAQ8AMIIBCgKCAQEAgj3TOyUtgg99oEfsm8h9JTZBxUkzYkXVUOHxIwnk
+ Fwp4y9ZnrGja/j+kpRyKvYP5CkNdq0e58/r7GLXj45iqd03XjsFNTdjy4OIOgf7J
+ xMG7z+hEB1LT2swTs10GILFWPByRl3/BEsnekLZdoqNoJrvnttVkxgu3x80Ji3/A
+ ZD8Ub/kBGOSPyu6pn3OdnMTc5q4r1qUe985lQzCZvCMw6AoGeCyJodNu2MbveNeH
+ +YPjRgLCQfzvOFRq+9qMtE8XfUJZdNhPZhgdsOGf8uJauTcIHbAyw7BhxPy6RikW
+ W5yiWUmBya+7t4y1TQJzham/0y0zU3TAA7b/rDrU7xmNPwIDAQABoyQwIjAPBgNV
+ HRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBgAwDQYJKoZIhvcNAQEEBQADggEB
+ ADELWZjFLPjSjGeOaeUwH/mEOP+l/nTtxe07IWAQL4kvb4wsiUsM1EkPptcBQsym
+ OYgFhf3Elqma84bbOyp85y/iQnjpqWWJ73TFXSWZamSIhYb4Gk+dQuwFI+zD3B2y
+ WwqghaAHDzxtzROLUBjo+97Y6ng6V5zjmtdGOFwNXwWhf3Y+MjnErtBIKYao8NJO
+ p6di80w82+s6Ot+CLVvVobLhxS/y8yWplATRiQnI5ij/WTLML+tiU5aes0c9abaf
+ O7i9j1iTuZsDT3f96ia0RSLsXSGij737QKc3ZM8lSxBWfepWYO+G+IRgr1q9IUDa
+ kKO/vB9Ay64Rt88XbLnnGns=
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ Y97gGuJRx1Vt31KHkKJfJCh/7XSSQxMH8rF+GAlnEMd4fq8+sL92XBMtLiLiNeWC
+ VNaiBorxZrqIW9xPAcOdvN1v1QIxlhf8LtiFyBMWKQm9i61t64cJC2ZRCdT8nPxy
+ Qt+fvUXGpLn0LA4cHyMukeLPO4EUQY8whunVXkuSgTKjJICxYKF8HNYsHUr1/fyy
+ QL2PW1/UfyEpSBJAZMg+TQFuBSCbAuWbFK2AgSupV5NIppBNU/eRhArReeuAgzSu
+ nY9dX1ofdZs8GzvuV8tfcBHzT/h59MPYMxl4sZrl/0NeMQ0ewZhX3yygebgyzZNP
+ 4TB4QzQZHRoXNIPUs0vkfA==
+ </CipherValue>
+ </CipherData>
+ <ReferenceList>
+ <DataReference URI="#ED"/>
+ </ReferenceList>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ 3Bg5VZK+B/FETt4rT4baIJ4jFKBraqxPnltaSNC672NTcMxBlWG5omCGsbL31gAe
+ BDNelmi+3OmqhPLYYsbNOSl6O7YKoP6JvbXVcUcwWwsjEt9Fm6PTrTMy+vp+bgFM
+ J8L0WCwyPXnCl/DJS99eaGSG518ynfM/cEmDUINFatT8PX55B4Pd+o1BWkmVxg+E
+ jOgiai7L35HCOTpiBwLUUErvvulujk9iFW5ZvqkgIDLOlDLfx4/V9A==
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha512.xml b/tests/01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha512.xml
new file mode 100644
index 00000000..3cdc2a1b
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha512.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
+ <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
+ </EncryptionMethod>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-rsa-key</ds:KeyName>
+ <ds:X509Data>
+ <ds:X509Certificate>
+ MIIDzTCCArWgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBljELMAkGA1UEBhMCVVMx
+ CzAJBgNVBAgTAk5ZMRIwEAYDVQQHEwlNYW5oYXR0YW4xFTATBgNVBAoTDExhdmEg
+ U3VwcmVtZTEUMBIGA1UECxMLSGVhZCBPZmZpY2UxFDASBgNVBAMTC1JTQSBUZXN0
+ IENBMSMwIQYJKoZIhvcNAQkBFhR0ZWNoQGxhdmFzdXByZW1lLm9yZzAeFw0wMjAx
+ MzExNjI5NDNaFw00MzAyMjUxNjI5NDNaMIGWMQswCQYDVQQGEwJVUzELMAkGA1UE
+ CBMCTlkxEjAQBgNVBAcTCU1hbmhhdHRhbjEVMBMGA1UEChMMTGF2YSBTdXByZW1l
+ MRQwEgYDVQQLEwtIZWFkIE9mZmljZTEUMBIGA1UEAxMLUlNBIFRlc3QgQ0ExIzAh
+ BgkqhkiG9w0BCQEWFHRlY2hAbGF2YXN1cHJlbWUub3JnMIIBIjANBgkqhkiG9w0B
+ AQEFAAOCAQ8AMIIBCgKCAQEAgj3TOyUtgg99oEfsm8h9JTZBxUkzYkXVUOHxIwnk
+ Fwp4y9ZnrGja/j+kpRyKvYP5CkNdq0e58/r7GLXj45iqd03XjsFNTdjy4OIOgf7J
+ xMG7z+hEB1LT2swTs10GILFWPByRl3/BEsnekLZdoqNoJrvnttVkxgu3x80Ji3/A
+ ZD8Ub/kBGOSPyu6pn3OdnMTc5q4r1qUe985lQzCZvCMw6AoGeCyJodNu2MbveNeH
+ +YPjRgLCQfzvOFRq+9qMtE8XfUJZdNhPZhgdsOGf8uJauTcIHbAyw7BhxPy6RikW
+ W5yiWUmBya+7t4y1TQJzham/0y0zU3TAA7b/rDrU7xmNPwIDAQABoyQwIjAPBgNV
+ HRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBgAwDQYJKoZIhvcNAQEEBQADggEB
+ ADELWZjFLPjSjGeOaeUwH/mEOP+l/nTtxe07IWAQL4kvb4wsiUsM1EkPptcBQsym
+ OYgFhf3Elqma84bbOyp85y/iQnjpqWWJ73TFXSWZamSIhYb4Gk+dQuwFI+zD3B2y
+ WwqghaAHDzxtzROLUBjo+97Y6ng6V5zjmtdGOFwNXwWhf3Y+MjnErtBIKYao8NJO
+ p6di80w82+s6Ot+CLVvVobLhxS/y8yWplATRiQnI5ij/WTLML+tiU5aes0c9abaf
+ O7i9j1iTuZsDT3f96ia0RSLsXSGij737QKc3ZM8lSxBWfepWYO+G+IRgr1q9IUDa
+ kKO/vB9Ay64Rt88XbLnnGns=
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ bJVDvrtv578zcv3L/pK2YCCJtvMTDupUJB5+ZNlr6QjWolttow3QRrYHXj/W00SX
+ lGMdqRuJOkn575Xq3PHO1smO5cxWl5j7sTzVSAkzx/Z5xqiMhrFV+lBWOA/vp437
+ mEyGUxDrlE3E2NwvKCn8ovP3OrLIz3TVzy3U16hm0yriWcIZAQEpCQsSLxtPWVXt
+ +MMVvn/9y1CLAZh6dHBVHipp/mpf2X2ki4XuHvCRvaAB0fynB3mVbOUAi/NYR65o
+ u5BOfeS7HgTkWpo/XTa7e/XpkGsShodOm4ixJ+wKSNsMgNXivYmtghQR79x8H0+J
+ lMeTf3dYtV3RUJvi5n1CRA==
+ </CipherValue>
+ </CipherData>
+ <ReferenceList>
+ <DataReference URI="#ED"/>
+ </ReferenceList>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ HkxiYRptVjgbv1UjUpyAYp/ty8vBgGgQY/Zr+0tz5Z8W16gp7kvHxAIcyL3E81yO
+ 7G54qhvQS4Ie1Et+j9/XEgBL8RdF8TdBnQ5PlPaoW0ckIV/f8gIxxGU0akjciUSG
+ iXHKL059fdr46aDFLYtwniNiJYG16eG/FFhlDdplWIK+FkaTEMMADEG78Dryle+A
+ DTl1V63WGBpS73k21hag/Mwv2xw5HUasmP1RFuLX4JCxcZAwJrPzoA==
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-element-3des-kw-3des.data b/tests/01-phaos-xmlenc-3/enc-element-3des-kw-3des.data
new file mode 100644
index 00000000..1d794286
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-3des-kw-3des.data
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <CreditCard Currency="USD" Limit="5,000">
+ <Number>4019 2445 0277 5567</Number>
+ <Issuer>Bank of the Internet</Issuer>
+ <Expiration Time="04/02"/>
+ </CreditCard>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-element-3des-kw-3des.tmpl b/tests/01-phaos-xmlenc-3/enc-element-3des-kw-3des.tmpl
new file mode 100644
index 00000000..072859ba
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-3des-kw-3des.tmpl
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-tripledes"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-tripledes-key</ds:KeyName>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue></CipherValue>
+ </CipherData>
+ <ReferenceList>
+ <DataReference URI="#ED"/>
+ </ReferenceList>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
diff --git a/tests/01-phaos-xmlenc-3/enc-element-3des-kw-3des.xml b/tests/01-phaos-xmlenc-3/enc-element-3des-kw-3des.xml
new file mode 100644
index 00000000..dad2cccf
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-3des-kw-3des.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-tripledes"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-tripledes-key</ds:KeyName>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>HgVuHoXxBQWD9fvi0gt9TanywZ5lJokM/12fcMG6gRoMjsCPulH+4A==</CipherValue>
+ </CipherData>
+ <ReferenceList>
+ <DataReference URI="#ED"/>
+ </ReferenceList>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ yUMIHkj5EETckjZ59fpda4+m4YLCrkJsnuRz+Q3e5sP+VvHKRH1kdeGkXw3kYURV
+ JM3nQjGl2egW80oUxSykQD2F9iDoIjNhLSgIbyuse64oo/5/v9IiaUpSvrAocwLP
+ AzFIUmOrxmIagAkRGDOeMR8tdHLD6g84dQj4O/aGfwhL/2wUo/l+7onrbmsd6pVI
+ fjNyvXm+eITuyUnkDTHrCR+dfb2sHaQ3g3McgyfP6ZjI/L50SPJZ/w==
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-element-aes128-ka-dh.xml b/tests/01-phaos-xmlenc-3/enc-element-aes128-ka-dh.xml
new file mode 100644
index 00000000..4672de73
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-aes128-ka-dh.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <AgreementMethod Algorithm="http://www.w3.org/2001/04/xmlenc#dh">
+ <KA-Nonce>YWJjZGU=</KA-Nonce>
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <OriginatorKeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>
+ MIIEjDCCA/WgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBljELMAkGA1UEBhMCVVMx
+ CzAJBgNVBAgTAk5ZMRIwEAYDVQQHEwlNYW5oYXR0YW4xFTATBgNVBAoTDExhdmEg
+ U3VwcmVtZTEUMBIGA1UECxMLSGVhZCBPZmZpY2UxFDASBgNVBAMTC1JTQSBUZXN0
+ IENBMSMwIQYJKoZIhvcNAQkBFhR0ZWNoQGxhdmFzdXByZW1lLm9yZzAeFw0wMjAx
+ MzAyMjUwNDBaFw0xMDAxMDEwNTAwMDBaMIGMMQswCQYDVQQGEwJVUzELMAkGA1UE
+ CBMCTlkxEjAQBgNVBAcTCU1hbmhhdHRhbjEOMAwGA1UEChMFUGhhb3MxFDASBgNV
+ BAsTC0hlYWQgT2ZmaWNlMRcwFQYDVQQDEw5ESCBUZXN0IENsaWVudDEdMBsGCSqG
+ SIb3DQEJARYOdGVjaEBwaGFvcy5vcmcwggJDMIIBuAYHKoZIzj4CATCCAasCgYEA
+ uavat7i6NOpnRObdx7Gz38h8xkgmv20XUaj1JjfvMAQfQFMHeshGhY2Q0mwvJ1Of
+ X/kZ4cMbSYUywh3WAY6zQs8W2uxg8GeduCLebNQGTaHVFVmrJMQawlV1bIMQ+kDi
+ IQNR/FPqSNHKD2Q9/uoGD5d2l4KP3qH8dv5HOT8fCwUCgYBxunqmUuKZFTNKJhH9
+ G6UINlI/Xr9jPesj5/I8fpWgxZxsgkzksqisDCslZ09uZTATrGFTF3fk6kNhx25s
+ UCtYHHK1HzQmsLMu2BWNBQrkLC+Mkd3d39UdNduPW4kCMpcdoHAh+zTqAH2QkKJm
+ yxc/x0LevkSUk8rX8DFa3y152QIVAL+Eo4gPL339dk7inq87PnR1PWuHAm0A+C9E
+ GPDSphFaPWO5LQTNflJ0l9IGjcNFGrJX0imWrjM2q6bGYz0ZK4cJhcX12YZOjR52
+ TZh3cy6yAJG470i65nlz5/3ESWFHsMO0COrDi/Ca5RfMrYGcc8hrydzFlT1zqMFa
+ 1yuqQKVsGwXcMBwDFgCZ/hqLAtBi6dyv6Ky+OfXfXgJBPhQCAgNPA4GEAAKBgFWw
+ LyYO4IPxJsbaQQsJ4K1xTjPSjTMmvG4fpKA+S1BGz8FI1SPACb2/YYCrmjoWNvkQ
+ V6NTQ+eji6TGA7ET85c4AcRZtxOi3gSP5Kq2A3E9dUouikhrKSHFb+Nx420CXmtp
+ jxBu+qUTb7AMrRCus8maHwU9PdKQbZxoDFOLArJHo00wSzAPBgNVHQ8BAf8EBQMD
+ BwgAMBkGA1UdEQQSMBCBDnRlY2hAcGhhb3Mub3JnMB0GA1UdDgQWBBTfky/d+/wI
+ 6zicN4uDl0PSAyRNnTANBgkqhkiG9w0BAQQFAAOBgQA+2cWsAZ9a44ttBX1Z3eMI
+ e0GgduXErBt9xsv2Sy6fS/6CyyJm3tpthuT2WMZmu6E+ceBLkFU+TnxnEf/NrSj8
+ wtQt/wVHacaSZMcwUDv/uTUxrtIZUJ7A7VxcAvbnLE5fQqKhF6QT5irtbE2Ryvd7
+ oMfGG8PmU+sbN9sNXtIzOA==
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </OriginatorKeyInfo>
+ <RecipientKeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>
+ MIIEjTCCA/agAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBljELMAkGA1UEBhMCVVMx
+ CzAJBgNVBAgTAk5ZMRIwEAYDVQQHEwlNYW5oYXR0YW4xFTATBgNVBAoTDExhdmEg
+ U3VwcmVtZTEUMBIGA1UECxMLSGVhZCBPZmZpY2UxFDASBgNVBAMTC1JTQSBUZXN0
+ IENBMSMwIQYJKoZIhvcNAQkBFhR0ZWNoQGxhdmFzdXByZW1lLm9yZzAeFw0wMjAx
+ MzAyMjUyNTNaFw0xMDAxMDEwNTAwMDBaMIGMMQswCQYDVQQGEwJVUzELMAkGA1UE
+ CBMCTlkxEjAQBgNVBAcTCU1hbmhhdHRhbjEOMAwGA1UEChMFUGhhb3MxFDASBgNV
+ BAsTC0hlYWQgT2ZmaWNlMRcwFQYDVQQDEw5ESCBUZXN0IENsaWVudDEdMBsGCSqG
+ SIb3DQEJARYOdGVjaEBwaGFvcy5vcmcwggJEMIIBuAYHKoZIzj4CATCCAasCgYEA
+ uavat7i6NOpnRObdx7Gz38h8xkgmv20XUaj1JjfvMAQfQFMHeshGhY2Q0mwvJ1Of
+ X/kZ4cMbSYUywh3WAY6zQs8W2uxg8GeduCLebNQGTaHVFVmrJMQawlV1bIMQ+kDi
+ IQNR/FPqSNHKD2Q9/uoGD5d2l4KP3qH8dv5HOT8fCwUCgYBxunqmUuKZFTNKJhH9
+ G6UINlI/Xr9jPesj5/I8fpWgxZxsgkzksqisDCslZ09uZTATrGFTF3fk6kNhx25s
+ UCtYHHK1HzQmsLMu2BWNBQrkLC+Mkd3d39UdNduPW4kCMpcdoHAh+zTqAH2QkKJm
+ yxc/x0LevkSUk8rX8DFa3y152QIVAL+Eo4gPL339dk7inq87PnR1PWuHAm0A+C9E
+ GPDSphFaPWO5LQTNflJ0l9IGjcNFGrJX0imWrjM2q6bGYz0ZK4cJhcX12YZOjR52
+ TZh3cy6yAJG470i65nlz5/3ESWFHsMO0COrDi/Ca5RfMrYGcc8hrydzFlT1zqMFa
+ 1yuqQKVsGwXcMBwDFgCZ/hqLAtBi6dyv6Ky+OfXfXgJBPhQCAgNPA4GFAAKBgQCM
+ KtnMyjT9G1LKTZoN7rHwIO08D5j1YYIscsQDc+q4ny5WEFo+wEmOqxGcE9JrRdeb
+ it6cT8F7TWWzeDJUyaXFEi4E1panCBCL1crqS/HbY8VH/zzhT+5L232LchsoYa1p
+ dqxxLHW8RrOax4RLVrcIOPcW4x3Ggk0ANYQhR6kNmqNNMEswDwYDVR0PAQH/BAUD
+ AwcIADAZBgNVHREEEjAQgQ50ZWNoQHBoYW9zLm9yZzAdBgNVHQ4EFgQUHddBJmfV
+ 6MD3FTbVmHcLFN6QFAcwDQYJKoZIhvcNAQEEBQADgYEAKZl9P/ZmIrwHp3BTfBHl
+ eFBk9CbhK14FObMGWSkfjqipb5snXBPE3uPBrvP1StisPRsK/y1OZfcjjkA6ht0j
+ YWp9lohNDTlc/NOKGOQSCpntqr+wQhc6l16jezqR7sKv2eHBFGs0V7HCrEe2mTP4
+ rDa/YKrmL5K6S9GSF27rx40=
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </RecipientKeyInfo>
+ </AgreementMethod>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ 2+4oM3TFfOQ5JMIvRbTk3SbeWqbSVAhMb9zT+3BatcUJuhxzzXtLKEzkfPT09iTP
+ NmwEoUysB5uETmQ49Fd/0l21QjUmctAaCBIbWSrP4f3K2SUGxjKNZE4Pes+8DwiT
+ H1cak+3qT0zbqFa6rXcdLxS/ucxJOPMJV9ZCE4SkvFt2ZME8uRevFEYIqp/HInFZ
+ OjY9Lf8+hHOXVOVqrMObx7/CFzm0AS2aL4WmyfGM3zyUN1BF3nS4zzVOHNfIFopX
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-element-aes128-kt-rsa1_5.data b/tests/01-phaos-xmlenc-3/enc-element-aes128-kt-rsa1_5.data
new file mode 100644
index 00000000..1d794286
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-aes128-kt-rsa1_5.data
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <CreditCard Currency="USD" Limit="5,000">
+ <Number>4019 2445 0277 5567</Number>
+ <Issuer>Bank of the Internet</Issuer>
+ <Expiration Time="04/02"/>
+ </CreditCard>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-element-aes128-kt-rsa1_5.tmpl b/tests/01-phaos-xmlenc-3/enc-element-aes128-kt-rsa1_5.tmpl
new file mode 100644
index 00000000..78b6a0f7
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-aes128-kt-rsa1_5.tmpl
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+ <EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-rsa-key</ds:KeyName>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
diff --git a/tests/01-phaos-xmlenc-3/enc-element-aes128-kt-rsa1_5.xml b/tests/01-phaos-xmlenc-3/enc-element-aes128-kt-rsa1_5.xml
new file mode 100644
index 00000000..ff5816e7
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-aes128-kt-rsa1_5.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-rsa-key</ds:KeyName>
+ <ds:X509Data>
+ <ds:X509Certificate>
+ MIIDzTCCArWgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBljELMAkGA1UEBhMCVVMx
+ CzAJBgNVBAgTAk5ZMRIwEAYDVQQHEwlNYW5oYXR0YW4xFTATBgNVBAoTDExhdmEg
+ U3VwcmVtZTEUMBIGA1UECxMLSGVhZCBPZmZpY2UxFDASBgNVBAMTC1JTQSBUZXN0
+ IENBMSMwIQYJKoZIhvcNAQkBFhR0ZWNoQGxhdmFzdXByZW1lLm9yZzAeFw0wMjAx
+ MzExNjI5NDNaFw00MzAyMjUxNjI5NDNaMIGWMQswCQYDVQQGEwJVUzELMAkGA1UE
+ CBMCTlkxEjAQBgNVBAcTCU1hbmhhdHRhbjEVMBMGA1UEChMMTGF2YSBTdXByZW1l
+ MRQwEgYDVQQLEwtIZWFkIE9mZmljZTEUMBIGA1UEAxMLUlNBIFRlc3QgQ0ExIzAh
+ BgkqhkiG9w0BCQEWFHRlY2hAbGF2YXN1cHJlbWUub3JnMIIBIjANBgkqhkiG9w0B
+ AQEFAAOCAQ8AMIIBCgKCAQEAgj3TOyUtgg99oEfsm8h9JTZBxUkzYkXVUOHxIwnk
+ Fwp4y9ZnrGja/j+kpRyKvYP5CkNdq0e58/r7GLXj45iqd03XjsFNTdjy4OIOgf7J
+ xMG7z+hEB1LT2swTs10GILFWPByRl3/BEsnekLZdoqNoJrvnttVkxgu3x80Ji3/A
+ ZD8Ub/kBGOSPyu6pn3OdnMTc5q4r1qUe985lQzCZvCMw6AoGeCyJodNu2MbveNeH
+ +YPjRgLCQfzvOFRq+9qMtE8XfUJZdNhPZhgdsOGf8uJauTcIHbAyw7BhxPy6RikW
+ W5yiWUmBya+7t4y1TQJzham/0y0zU3TAA7b/rDrU7xmNPwIDAQABoyQwIjAPBgNV
+ HRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBgAwDQYJKoZIhvcNAQEEBQADggEB
+ ADELWZjFLPjSjGeOaeUwH/mEOP+l/nTtxe07IWAQL4kvb4wsiUsM1EkPptcBQsym
+ OYgFhf3Elqma84bbOyp85y/iQnjpqWWJ73TFXSWZamSIhYb4Gk+dQuwFI+zD3B2y
+ WwqghaAHDzxtzROLUBjo+97Y6ng6V5zjmtdGOFwNXwWhf3Y+MjnErtBIKYao8NJO
+ p6di80w82+s6Ot+CLVvVobLhxS/y8yWplATRiQnI5ij/WTLML+tiU5aes0c9abaf
+ O7i9j1iTuZsDT3f96ia0RSLsXSGij737QKc3ZM8lSxBWfepWYO+G+IRgr1q9IUDa
+ kKO/vB9Ay64Rt88XbLnnGns=
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ cCxxYh3xGBTqlXbhmKxWzNMlHeE28E7vPrMyM5V4T+t1Iy2csj1BoQ7cqBjEhqEy
+ Eot4WNRYsY7P44mWBKurj2mdWQWgoxHvtITP9AR3JTMxUo3TF5ltW76DLDsEvWlE
+ uZKam0PYj6lYPKd4npUULeZyR/rDRrth/wFIBD8vbQlUsBHapNT9MbQfSKZemOuT
+ UJL9PNgsosySpKrX564oQw398XsxfTFxi4hqbdqzA/CLL418X01hUjIHdyv6XnA2
+ 98Bmfv9WMPpX05udR4raDv5X8NWxjH00hAhasM3qumxoyCT6mAGfqvE23I+OXtrN
+ lUvE9mMjANw4zweCHsOcfw==
+ </CipherValue>
+ </CipherData>
+ <ReferenceList>
+ <DataReference URI="#ED"/>
+ </ReferenceList>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ u2vogkwlvFqeknJ0lYTBZkWS/eX8LR1fDPFMfyK1/UY0EyZfHvbONfDHcC/HLv/f
+ aAOOO2Y0GqsknP0LYT1OznkiJrzx134cmJCgbyrYXd3Mp21Pq3rs66JJ34Qt3/+I
+ EyJBUSMT8TdT3fBD44BtOqH2op/hy2g3hQPFZul4GiHBEnNJL/4nU1yad3bMvtAB
+ mzhx80lJvPGLcruj5V77WMvkvZfoeEqMq4qPWK02ZURsJsq0iZcJDi39NB7OCiON
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-element-aes128-kt-rsa_oaep_sha1.data b/tests/01-phaos-xmlenc-3/enc-element-aes128-kt-rsa_oaep_sha1.data
new file mode 100644
index 00000000..1d794286
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-aes128-kt-rsa_oaep_sha1.data
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <CreditCard Currency="USD" Limit="5,000">
+ <Number>4019 2445 0277 5567</Number>
+ <Issuer>Bank of the Internet</Issuer>
+ <Expiration Time="04/02"/>
+ </CreditCard>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-element-aes128-kt-rsa_oaep_sha1.tmpl b/tests/01-phaos-xmlenc-3/enc-element-aes128-kt-rsa_oaep_sha1.tmpl
new file mode 100644
index 00000000..f42357fb
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-aes128-kt-rsa_oaep_sha1.tmpl
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+ <EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
+ </EncryptionMethod>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-rsa-key</ds:KeyName>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
diff --git a/tests/01-phaos-xmlenc-3/enc-element-aes128-kt-rsa_oaep_sha1.xml b/tests/01-phaos-xmlenc-3/enc-element-aes128-kt-rsa_oaep_sha1.xml
new file mode 100644
index 00000000..e8ec21fe
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-aes128-kt-rsa_oaep_sha1.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
+ </EncryptionMethod>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-rsa-key</ds:KeyName>
+ <ds:X509Data>
+ <ds:X509Certificate>
+ MIIDzTCCArWgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBljELMAkGA1UEBhMCVVMx
+ CzAJBgNVBAgTAk5ZMRIwEAYDVQQHEwlNYW5oYXR0YW4xFTATBgNVBAoTDExhdmEg
+ U3VwcmVtZTEUMBIGA1UECxMLSGVhZCBPZmZpY2UxFDASBgNVBAMTC1JTQSBUZXN0
+ IENBMSMwIQYJKoZIhvcNAQkBFhR0ZWNoQGxhdmFzdXByZW1lLm9yZzAeFw0wMjAx
+ MzExNjI5NDNaFw00MzAyMjUxNjI5NDNaMIGWMQswCQYDVQQGEwJVUzELMAkGA1UE
+ CBMCTlkxEjAQBgNVBAcTCU1hbmhhdHRhbjEVMBMGA1UEChMMTGF2YSBTdXByZW1l
+ MRQwEgYDVQQLEwtIZWFkIE9mZmljZTEUMBIGA1UEAxMLUlNBIFRlc3QgQ0ExIzAh
+ BgkqhkiG9w0BCQEWFHRlY2hAbGF2YXN1cHJlbWUub3JnMIIBIjANBgkqhkiG9w0B
+ AQEFAAOCAQ8AMIIBCgKCAQEAgj3TOyUtgg99oEfsm8h9JTZBxUkzYkXVUOHxIwnk
+ Fwp4y9ZnrGja/j+kpRyKvYP5CkNdq0e58/r7GLXj45iqd03XjsFNTdjy4OIOgf7J
+ xMG7z+hEB1LT2swTs10GILFWPByRl3/BEsnekLZdoqNoJrvnttVkxgu3x80Ji3/A
+ ZD8Ub/kBGOSPyu6pn3OdnMTc5q4r1qUe985lQzCZvCMw6AoGeCyJodNu2MbveNeH
+ +YPjRgLCQfzvOFRq+9qMtE8XfUJZdNhPZhgdsOGf8uJauTcIHbAyw7BhxPy6RikW
+ W5yiWUmBya+7t4y1TQJzham/0y0zU3TAA7b/rDrU7xmNPwIDAQABoyQwIjAPBgNV
+ HRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBgAwDQYJKoZIhvcNAQEEBQADggEB
+ ADELWZjFLPjSjGeOaeUwH/mEOP+l/nTtxe07IWAQL4kvb4wsiUsM1EkPptcBQsym
+ OYgFhf3Elqma84bbOyp85y/iQnjpqWWJ73TFXSWZamSIhYb4Gk+dQuwFI+zD3B2y
+ WwqghaAHDzxtzROLUBjo+97Y6ng6V5zjmtdGOFwNXwWhf3Y+MjnErtBIKYao8NJO
+ p6di80w82+s6Ot+CLVvVobLhxS/y8yWplATRiQnI5ij/WTLML+tiU5aes0c9abaf
+ O7i9j1iTuZsDT3f96ia0RSLsXSGij737QKc3ZM8lSxBWfepWYO+G+IRgr1q9IUDa
+ kKO/vB9Ay64Rt88XbLnnGns=
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ W6N0IhRF2AdgfzzkZSp/u1kH5KmH8L4W8k4mdNMboLsYgnBUV3lsRvoFrVTXluMV
+ DtXY1ju7aAEUJP9eMRU676kvRR5nSVuAbWCAejgkHMtGShJHU1s/JMzbu3iaxsuy
+ PosT7/iafinNIXumvqLM/WQl9KbsmcWoAmJISbK1+WJ2kahrXNav4+7vMJq90BOP
+ l8bXIzeKIsps7OGwEvrFaJ5RzVjZXi9SDXXD1vd6tJBcCfcZ347Mat1tZkR3cYrC
+ MhDdte3gYGUQLzUlMYucvWz1slzTX3rYea/vhgA+OLOpdZxwM4igx1d8j5jjmo8F
+ R1rxwd0G4NHA1bZ6TOy/IA==
+ </CipherValue>
+ </CipherData>
+ <ReferenceList>
+ <DataReference URI="#ED"/>
+ </ReferenceList>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ YjIkLPqklVVN1faEsX1t5EXXxdlW3B0rKoZsT5DtaS+pChdcceQV605clJ8YEhOj
+ EhM0oCGf855bQVWp7J3TJqUFlxahREEWCfEvsIUzy/wNMHV6Z/mTFkQUWnrO3C3D
+ SC6rTglijkPp592Sh1Cb6HTD60Nc/Myn3QLnwlSj+30x3uTUiAVEL+xduAnppCR1
+ vhRsB3yw32TjRfZt1b+UURRzCts5oLrVAu9SSrmgJI+vUX9gsRgvwkmsi4AAq38a
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-element-aes128-kw-aes128.data b/tests/01-phaos-xmlenc-3/enc-element-aes128-kw-aes128.data
new file mode 100644
index 00000000..1d794286
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-aes128-kw-aes128.data
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <CreditCard Currency="USD" Limit="5,000">
+ <Number>4019 2445 0277 5567</Number>
+ <Issuer>Bank of the Internet</Issuer>
+ <Expiration Time="04/02"/>
+ </CreditCard>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-element-aes128-kw-aes128.tmpl b/tests/01-phaos-xmlenc-3/enc-element-aes128-kw-aes128.tmpl
new file mode 100644
index 00000000..dc60d67b
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-aes128-kw-aes128.tmpl
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes128"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-aes128-key</ds:KeyName>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue></CipherValue>
+ </CipherData>
+ <ReferenceList>
+ <DataReference URI="#ED"/>
+ </ReferenceList>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+ </EncryptedData> \ No newline at end of file
diff --git a/tests/01-phaos-xmlenc-3/enc-element-aes128-kw-aes128.xml b/tests/01-phaos-xmlenc-3/enc-element-aes128-kw-aes128.xml
new file mode 100644
index 00000000..aa6f0ff4
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-aes128-kw-aes128.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes128"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-aes128-key</ds:KeyName>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>GPl6bneL1jKl0/lGnf9gejlYHRI6XxFz</CipherValue>
+ </CipherData>
+ <ReferenceList>
+ <DataReference URI="#ED"/>
+ </ReferenceList>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ AbJmB4dsNP5svH3n260KeHFFqRoXaBoDYIqtrhXHE0t1TvJaGtvwjJt2pgM8Yffc
+ xKyOLWJljv+FraXUZFnW+VJloMTAXQ8DyeR8ds1sj6X7hT62RFIKm0DvggdBAh9d
+ tpeF6fwtOeUUCmidna7im7SLh9a9/CKTBb9RqDzKXQ+Sai6knJPZHtX/yF6ZedgX
+ GOUFLX3EdzwVgJ3jnKcB/LZjapsPrRs+6lMdck26aRizWJBHYpY86gWWnu+Ob+/k
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-element-aes128-kw-aes256.data b/tests/01-phaos-xmlenc-3/enc-element-aes128-kw-aes256.data
new file mode 100644
index 00000000..1d794286
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-aes128-kw-aes256.data
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <CreditCard Currency="USD" Limit="5,000">
+ <Number>4019 2445 0277 5567</Number>
+ <Issuer>Bank of the Internet</Issuer>
+ <Expiration Time="04/02"/>
+ </CreditCard>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-element-aes128-kw-aes256.tmpl b/tests/01-phaos-xmlenc-3/enc-element-aes128-kw-aes256.tmpl
new file mode 100644
index 00000000..b139039a
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-aes128-kw-aes256.tmpl
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes256"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-aes256-key</ds:KeyName>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue></CipherValue>
+ </CipherData>
+ <ReferenceList>
+ <DataReference URI="#ED"/>
+ </ReferenceList>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+ </EncryptedData> \ No newline at end of file
diff --git a/tests/01-phaos-xmlenc-3/enc-element-aes128-kw-aes256.xml b/tests/01-phaos-xmlenc-3/enc-element-aes128-kw-aes256.xml
new file mode 100644
index 00000000..2b376a1d
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-aes128-kw-aes256.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes256"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-aes256-key</ds:KeyName>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>ic+Om6/3ZKcThVN3iv9lUEankNkDv3Et</CipherValue>
+ </CipherData>
+ <ReferenceList>
+ <DataReference URI="#ED"/>
+ </ReferenceList>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ T+1ay9FMWTWWnoPYUhVHMA2SNV2w9OirluWOrMSZvRUC8mQHmYfKcuD9WshrgtVd
+ dnsiPobRS+Q0DJgfX8CtfjJ3wtQ2DXX9GFgV8662G0hZEjQ4SGgWhxtQEusjVFSl
+ Uw4/pxmECD5O6K7N9PwnlYwMm9teksvfWcG5xir+w4k24cc9njLj5Yd0uX2o5Nj1
+ sjjNFzbw5cQ4Fx3KSG2HGwnnC/+5/xyoX1eJgdOxdKQvR8uSMmyIcTPGVtRAzH3l
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-element-aes192-ka-dh.xml b/tests/01-phaos-xmlenc-3/enc-element-aes192-ka-dh.xml
new file mode 100644
index 00000000..d722ccdf
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-aes192-ka-dh.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <AgreementMethod Algorithm="http://www.w3.org/2001/04/xmlenc#dh">
+ <KA-Nonce>YWJjZGU=</KA-Nonce>
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <OriginatorKeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>
+ MIIEjDCCA/WgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBljELMAkGA1UEBhMCVVMx
+ CzAJBgNVBAgTAk5ZMRIwEAYDVQQHEwlNYW5oYXR0YW4xFTATBgNVBAoTDExhdmEg
+ U3VwcmVtZTEUMBIGA1UECxMLSGVhZCBPZmZpY2UxFDASBgNVBAMTC1JTQSBUZXN0
+ IENBMSMwIQYJKoZIhvcNAQkBFhR0ZWNoQGxhdmFzdXByZW1lLm9yZzAeFw0wMjAx
+ MzAyMjUwNDBaFw0xMDAxMDEwNTAwMDBaMIGMMQswCQYDVQQGEwJVUzELMAkGA1UE
+ CBMCTlkxEjAQBgNVBAcTCU1hbmhhdHRhbjEOMAwGA1UEChMFUGhhb3MxFDASBgNV
+ BAsTC0hlYWQgT2ZmaWNlMRcwFQYDVQQDEw5ESCBUZXN0IENsaWVudDEdMBsGCSqG
+ SIb3DQEJARYOdGVjaEBwaGFvcy5vcmcwggJDMIIBuAYHKoZIzj4CATCCAasCgYEA
+ uavat7i6NOpnRObdx7Gz38h8xkgmv20XUaj1JjfvMAQfQFMHeshGhY2Q0mwvJ1Of
+ X/kZ4cMbSYUywh3WAY6zQs8W2uxg8GeduCLebNQGTaHVFVmrJMQawlV1bIMQ+kDi
+ IQNR/FPqSNHKD2Q9/uoGD5d2l4KP3qH8dv5HOT8fCwUCgYBxunqmUuKZFTNKJhH9
+ G6UINlI/Xr9jPesj5/I8fpWgxZxsgkzksqisDCslZ09uZTATrGFTF3fk6kNhx25s
+ UCtYHHK1HzQmsLMu2BWNBQrkLC+Mkd3d39UdNduPW4kCMpcdoHAh+zTqAH2QkKJm
+ yxc/x0LevkSUk8rX8DFa3y152QIVAL+Eo4gPL339dk7inq87PnR1PWuHAm0A+C9E
+ GPDSphFaPWO5LQTNflJ0l9IGjcNFGrJX0imWrjM2q6bGYz0ZK4cJhcX12YZOjR52
+ TZh3cy6yAJG470i65nlz5/3ESWFHsMO0COrDi/Ca5RfMrYGcc8hrydzFlT1zqMFa
+ 1yuqQKVsGwXcMBwDFgCZ/hqLAtBi6dyv6Ky+OfXfXgJBPhQCAgNPA4GEAAKBgFWw
+ LyYO4IPxJsbaQQsJ4K1xTjPSjTMmvG4fpKA+S1BGz8FI1SPACb2/YYCrmjoWNvkQ
+ V6NTQ+eji6TGA7ET85c4AcRZtxOi3gSP5Kq2A3E9dUouikhrKSHFb+Nx420CXmtp
+ jxBu+qUTb7AMrRCus8maHwU9PdKQbZxoDFOLArJHo00wSzAPBgNVHQ8BAf8EBQMD
+ BwgAMBkGA1UdEQQSMBCBDnRlY2hAcGhhb3Mub3JnMB0GA1UdDgQWBBTfky/d+/wI
+ 6zicN4uDl0PSAyRNnTANBgkqhkiG9w0BAQQFAAOBgQA+2cWsAZ9a44ttBX1Z3eMI
+ e0GgduXErBt9xsv2Sy6fS/6CyyJm3tpthuT2WMZmu6E+ceBLkFU+TnxnEf/NrSj8
+ wtQt/wVHacaSZMcwUDv/uTUxrtIZUJ7A7VxcAvbnLE5fQqKhF6QT5irtbE2Ryvd7
+ oMfGG8PmU+sbN9sNXtIzOA==
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </OriginatorKeyInfo>
+ <RecipientKeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>
+ MIIEjTCCA/agAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBljELMAkGA1UEBhMCVVMx
+ CzAJBgNVBAgTAk5ZMRIwEAYDVQQHEwlNYW5oYXR0YW4xFTATBgNVBAoTDExhdmEg
+ U3VwcmVtZTEUMBIGA1UECxMLSGVhZCBPZmZpY2UxFDASBgNVBAMTC1JTQSBUZXN0
+ IENBMSMwIQYJKoZIhvcNAQkBFhR0ZWNoQGxhdmFzdXByZW1lLm9yZzAeFw0wMjAx
+ MzAyMjUyNTNaFw0xMDAxMDEwNTAwMDBaMIGMMQswCQYDVQQGEwJVUzELMAkGA1UE
+ CBMCTlkxEjAQBgNVBAcTCU1hbmhhdHRhbjEOMAwGA1UEChMFUGhhb3MxFDASBgNV
+ BAsTC0hlYWQgT2ZmaWNlMRcwFQYDVQQDEw5ESCBUZXN0IENsaWVudDEdMBsGCSqG
+ SIb3DQEJARYOdGVjaEBwaGFvcy5vcmcwggJEMIIBuAYHKoZIzj4CATCCAasCgYEA
+ uavat7i6NOpnRObdx7Gz38h8xkgmv20XUaj1JjfvMAQfQFMHeshGhY2Q0mwvJ1Of
+ X/kZ4cMbSYUywh3WAY6zQs8W2uxg8GeduCLebNQGTaHVFVmrJMQawlV1bIMQ+kDi
+ IQNR/FPqSNHKD2Q9/uoGD5d2l4KP3qH8dv5HOT8fCwUCgYBxunqmUuKZFTNKJhH9
+ G6UINlI/Xr9jPesj5/I8fpWgxZxsgkzksqisDCslZ09uZTATrGFTF3fk6kNhx25s
+ UCtYHHK1HzQmsLMu2BWNBQrkLC+Mkd3d39UdNduPW4kCMpcdoHAh+zTqAH2QkKJm
+ yxc/x0LevkSUk8rX8DFa3y152QIVAL+Eo4gPL339dk7inq87PnR1PWuHAm0A+C9E
+ GPDSphFaPWO5LQTNflJ0l9IGjcNFGrJX0imWrjM2q6bGYz0ZK4cJhcX12YZOjR52
+ TZh3cy6yAJG470i65nlz5/3ESWFHsMO0COrDi/Ca5RfMrYGcc8hrydzFlT1zqMFa
+ 1yuqQKVsGwXcMBwDFgCZ/hqLAtBi6dyv6Ky+OfXfXgJBPhQCAgNPA4GFAAKBgQCM
+ KtnMyjT9G1LKTZoN7rHwIO08D5j1YYIscsQDc+q4ny5WEFo+wEmOqxGcE9JrRdeb
+ it6cT8F7TWWzeDJUyaXFEi4E1panCBCL1crqS/HbY8VH/zzhT+5L232LchsoYa1p
+ dqxxLHW8RrOax4RLVrcIOPcW4x3Ggk0ANYQhR6kNmqNNMEswDwYDVR0PAQH/BAUD
+ AwcIADAZBgNVHREEEjAQgQ50ZWNoQHBoYW9zLm9yZzAdBgNVHQ4EFgQUHddBJmfV
+ 6MD3FTbVmHcLFN6QFAcwDQYJKoZIhvcNAQEEBQADgYEAKZl9P/ZmIrwHp3BTfBHl
+ eFBk9CbhK14FObMGWSkfjqipb5snXBPE3uPBrvP1StisPRsK/y1OZfcjjkA6ht0j
+ YWp9lohNDTlc/NOKGOQSCpntqr+wQhc6l16jezqR7sKv2eHBFGs0V7HCrEe2mTP4
+ rDa/YKrmL5K6S9GSF27rx40=
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </RecipientKeyInfo>
+ </AgreementMethod>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ jg5SecwV6R7dluAMEUsPwWmrTc236XCF8xEVEV7cyEJDfTmdk6BNX4w5BKfFDfOP
+ ph4t428f9HI3WIg48BVY8DDaYOReo0a3BKcIoiDjo80V5eZdAQdlWLOecKmD339+
+ gqxeBIdJkmQyIpKqDM2NAlqcKM0p+utAn5M8fUosBBO7boJ8i/lnOvDrkqiELHQy
+ ZZZKgWsYoIZNKPq1Fd6AUVBAIod3ruMfZYVfXL5G2S1jYa8JNcwp2MU32SIuSIxL
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-element-aes192-kt-rsa_oaep_sha1.data b/tests/01-phaos-xmlenc-3/enc-element-aes192-kt-rsa_oaep_sha1.data
new file mode 100644
index 00000000..1d794286
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-aes192-kt-rsa_oaep_sha1.data
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <CreditCard Currency="USD" Limit="5,000">
+ <Number>4019 2445 0277 5567</Number>
+ <Issuer>Bank of the Internet</Issuer>
+ <Expiration Time="04/02"/>
+ </CreditCard>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-element-aes192-kt-rsa_oaep_sha1.tmpl b/tests/01-phaos-xmlenc-3/enc-element-aes192-kt-rsa_oaep_sha1.tmpl
new file mode 100644
index 00000000..ca51a473
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-aes192-kt-rsa_oaep_sha1.tmpl
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+ <EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
+ </EncryptionMethod>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-rsa-key</ds:KeyName>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
diff --git a/tests/01-phaos-xmlenc-3/enc-element-aes192-kt-rsa_oaep_sha1.xml b/tests/01-phaos-xmlenc-3/enc-element-aes192-kt-rsa_oaep_sha1.xml
new file mode 100644
index 00000000..ecad1ebb
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-aes192-kt-rsa_oaep_sha1.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
+ </EncryptionMethod>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-rsa-key</ds:KeyName>
+ <ds:X509Data>
+ <ds:X509Certificate>
+ MIIDzTCCArWgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBljELMAkGA1UEBhMCVVMx
+ CzAJBgNVBAgTAk5ZMRIwEAYDVQQHEwlNYW5oYXR0YW4xFTATBgNVBAoTDExhdmEg
+ U3VwcmVtZTEUMBIGA1UECxMLSGVhZCBPZmZpY2UxFDASBgNVBAMTC1JTQSBUZXN0
+ IENBMSMwIQYJKoZIhvcNAQkBFhR0ZWNoQGxhdmFzdXByZW1lLm9yZzAeFw0wMjAx
+ MzExNjI5NDNaFw00MzAyMjUxNjI5NDNaMIGWMQswCQYDVQQGEwJVUzELMAkGA1UE
+ CBMCTlkxEjAQBgNVBAcTCU1hbmhhdHRhbjEVMBMGA1UEChMMTGF2YSBTdXByZW1l
+ MRQwEgYDVQQLEwtIZWFkIE9mZmljZTEUMBIGA1UEAxMLUlNBIFRlc3QgQ0ExIzAh
+ BgkqhkiG9w0BCQEWFHRlY2hAbGF2YXN1cHJlbWUub3JnMIIBIjANBgkqhkiG9w0B
+ AQEFAAOCAQ8AMIIBCgKCAQEAgj3TOyUtgg99oEfsm8h9JTZBxUkzYkXVUOHxIwnk
+ Fwp4y9ZnrGja/j+kpRyKvYP5CkNdq0e58/r7GLXj45iqd03XjsFNTdjy4OIOgf7J
+ xMG7z+hEB1LT2swTs10GILFWPByRl3/BEsnekLZdoqNoJrvnttVkxgu3x80Ji3/A
+ ZD8Ub/kBGOSPyu6pn3OdnMTc5q4r1qUe985lQzCZvCMw6AoGeCyJodNu2MbveNeH
+ +YPjRgLCQfzvOFRq+9qMtE8XfUJZdNhPZhgdsOGf8uJauTcIHbAyw7BhxPy6RikW
+ W5yiWUmBya+7t4y1TQJzham/0y0zU3TAA7b/rDrU7xmNPwIDAQABoyQwIjAPBgNV
+ HRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBgAwDQYJKoZIhvcNAQEEBQADggEB
+ ADELWZjFLPjSjGeOaeUwH/mEOP+l/nTtxe07IWAQL4kvb4wsiUsM1EkPptcBQsym
+ OYgFhf3Elqma84bbOyp85y/iQnjpqWWJ73TFXSWZamSIhYb4Gk+dQuwFI+zD3B2y
+ WwqghaAHDzxtzROLUBjo+97Y6ng6V5zjmtdGOFwNXwWhf3Y+MjnErtBIKYao8NJO
+ p6di80w82+s6Ot+CLVvVobLhxS/y8yWplATRiQnI5ij/WTLML+tiU5aes0c9abaf
+ O7i9j1iTuZsDT3f96ia0RSLsXSGij737QKc3ZM8lSxBWfepWYO+G+IRgr1q9IUDa
+ kKO/vB9Ay64Rt88XbLnnGns=
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ ELSmG8oo52p2ANjbCRJDV0K6M/3W+1b+3A1c07oNWdxeUerdUBarYe5BQingndIv
+ y4qfD9hGif8AmY0IXuLWptmZYx8TlHLSYw7TUfLxYMVLzUVtDgrPAqXStNcpJK/l
+ 0INMurXU+xnvDXpQEcCthh6C8AWxvXDVKW+8Ud8vLYkGGNVgtEPtdAybx2WptfzJ
+ TSYvkRr0VEjDJSg9ZPSJLCeOwQZ9+YvP9F9E556EHK5A476fAgeNL3uefsZ4Yo4Q
+ 1UANOvSBtY2ro8xOj6PyBI/5RiW9AVUQd+5UiPq1/jWSoKTFaWib4xr5WhI4dQlc
+ nkYU3EYhmST4pokqevZplw==
+ </CipherValue>
+ </CipherData>
+ <ReferenceList>
+ <DataReference URI="#ED"/>
+ </ReferenceList>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ WeFDc5EMzI4i77yhGpY2Ae+5VvbPSdnrmXvlRrntz5v6snRmVxtSAXJQgJiouER8
+ BNVTiMdB/YcpzOeWLAEfEZG1PswYFsmkYd9QCvGpv1oXisv9Cv8uR9BBmz/ylOmX
+ pBCfU38i0fR90JOkGMjwtlkNTwPwOsG5EFRch8jx/wk6qaj6qojJOA21IlFsTKFA
+ ugZ3uZeDFPNBJMSVnLudyMFrQYWT14ji/aFETqhQxwlHkgrx1WDN26tBN/9Q6aTZ
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-element-aes192-kw-aes192.data b/tests/01-phaos-xmlenc-3/enc-element-aes192-kw-aes192.data
new file mode 100644
index 00000000..1d794286
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-aes192-kw-aes192.data
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <CreditCard Currency="USD" Limit="5,000">
+ <Number>4019 2445 0277 5567</Number>
+ <Issuer>Bank of the Internet</Issuer>
+ <Expiration Time="04/02"/>
+ </CreditCard>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-element-aes192-kw-aes192.tmpl b/tests/01-phaos-xmlenc-3/enc-element-aes192-kw-aes192.tmpl
new file mode 100644
index 00000000..a90d3250
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-aes192-kw-aes192.tmpl
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes192"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-aes192-key</ds:KeyName>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue></CipherValue>
+ </CipherData>
+ <ReferenceList>
+ <DataReference URI="#ED"/>
+ </ReferenceList>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
diff --git a/tests/01-phaos-xmlenc-3/enc-element-aes192-kw-aes192.xml b/tests/01-phaos-xmlenc-3/enc-element-aes192-kw-aes192.xml
new file mode 100644
index 00000000..d3cc6307
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-aes192-kw-aes192.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes192"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-aes192-key</ds:KeyName>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>iuZvvGBWScikHld9TtNIOz0Sm7Srg5AcxOBMA8qIvQY=</CipherValue>
+ </CipherData>
+ <ReferenceList>
+ <DataReference URI="#ED"/>
+ </ReferenceList>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ /zILD8Eq5vvZK7A+XJaHzoXVqPkk91sOunyhqj+yFA6ZJquaFSUz3A/aQ8AkTrVS
+ /rGiNCXDOfmpIab6DRH5deOG0RNxDQvtSiAmM+Beb+Aas5WJ9UNKk1ff8sBdgznl
+ 9u8ApmELFPj5u2ucOdCOGS+Re708aSI6SGmqUEJusoXLWJSSD0gE1xW1hmukrTaR
+ p8kkchaNNTM+x4gLbq3sSsfncnCo9E/MpeQqQfBPL7r92UwvUMY/DEVz0BbKLomG
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-element-aes256-ka-dh.xml b/tests/01-phaos-xmlenc-3/enc-element-aes256-ka-dh.xml
new file mode 100644
index 00000000..221665f3
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-aes256-ka-dh.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <AgreementMethod Algorithm="http://www.w3.org/2001/04/xmlenc#dh">
+ <KA-Nonce>YWJjZGU=</KA-Nonce>
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <OriginatorKeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>
+ MIIEjDCCA/WgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBljELMAkGA1UEBhMCVVMx
+ CzAJBgNVBAgTAk5ZMRIwEAYDVQQHEwlNYW5oYXR0YW4xFTATBgNVBAoTDExhdmEg
+ U3VwcmVtZTEUMBIGA1UECxMLSGVhZCBPZmZpY2UxFDASBgNVBAMTC1JTQSBUZXN0
+ IENBMSMwIQYJKoZIhvcNAQkBFhR0ZWNoQGxhdmFzdXByZW1lLm9yZzAeFw0wMjAx
+ MzAyMjUwNDBaFw0xMDAxMDEwNTAwMDBaMIGMMQswCQYDVQQGEwJVUzELMAkGA1UE
+ CBMCTlkxEjAQBgNVBAcTCU1hbmhhdHRhbjEOMAwGA1UEChMFUGhhb3MxFDASBgNV
+ BAsTC0hlYWQgT2ZmaWNlMRcwFQYDVQQDEw5ESCBUZXN0IENsaWVudDEdMBsGCSqG
+ SIb3DQEJARYOdGVjaEBwaGFvcy5vcmcwggJDMIIBuAYHKoZIzj4CATCCAasCgYEA
+ uavat7i6NOpnRObdx7Gz38h8xkgmv20XUaj1JjfvMAQfQFMHeshGhY2Q0mwvJ1Of
+ X/kZ4cMbSYUywh3WAY6zQs8W2uxg8GeduCLebNQGTaHVFVmrJMQawlV1bIMQ+kDi
+ IQNR/FPqSNHKD2Q9/uoGD5d2l4KP3qH8dv5HOT8fCwUCgYBxunqmUuKZFTNKJhH9
+ G6UINlI/Xr9jPesj5/I8fpWgxZxsgkzksqisDCslZ09uZTATrGFTF3fk6kNhx25s
+ UCtYHHK1HzQmsLMu2BWNBQrkLC+Mkd3d39UdNduPW4kCMpcdoHAh+zTqAH2QkKJm
+ yxc/x0LevkSUk8rX8DFa3y152QIVAL+Eo4gPL339dk7inq87PnR1PWuHAm0A+C9E
+ GPDSphFaPWO5LQTNflJ0l9IGjcNFGrJX0imWrjM2q6bGYz0ZK4cJhcX12YZOjR52
+ TZh3cy6yAJG470i65nlz5/3ESWFHsMO0COrDi/Ca5RfMrYGcc8hrydzFlT1zqMFa
+ 1yuqQKVsGwXcMBwDFgCZ/hqLAtBi6dyv6Ky+OfXfXgJBPhQCAgNPA4GEAAKBgFWw
+ LyYO4IPxJsbaQQsJ4K1xTjPSjTMmvG4fpKA+S1BGz8FI1SPACb2/YYCrmjoWNvkQ
+ V6NTQ+eji6TGA7ET85c4AcRZtxOi3gSP5Kq2A3E9dUouikhrKSHFb+Nx420CXmtp
+ jxBu+qUTb7AMrRCus8maHwU9PdKQbZxoDFOLArJHo00wSzAPBgNVHQ8BAf8EBQMD
+ BwgAMBkGA1UdEQQSMBCBDnRlY2hAcGhhb3Mub3JnMB0GA1UdDgQWBBTfky/d+/wI
+ 6zicN4uDl0PSAyRNnTANBgkqhkiG9w0BAQQFAAOBgQA+2cWsAZ9a44ttBX1Z3eMI
+ e0GgduXErBt9xsv2Sy6fS/6CyyJm3tpthuT2WMZmu6E+ceBLkFU+TnxnEf/NrSj8
+ wtQt/wVHacaSZMcwUDv/uTUxrtIZUJ7A7VxcAvbnLE5fQqKhF6QT5irtbE2Ryvd7
+ oMfGG8PmU+sbN9sNXtIzOA==
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </OriginatorKeyInfo>
+ <RecipientKeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>
+ MIIEjTCCA/agAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBljELMAkGA1UEBhMCVVMx
+ CzAJBgNVBAgTAk5ZMRIwEAYDVQQHEwlNYW5oYXR0YW4xFTATBgNVBAoTDExhdmEg
+ U3VwcmVtZTEUMBIGA1UECxMLSGVhZCBPZmZpY2UxFDASBgNVBAMTC1JTQSBUZXN0
+ IENBMSMwIQYJKoZIhvcNAQkBFhR0ZWNoQGxhdmFzdXByZW1lLm9yZzAeFw0wMjAx
+ MzAyMjUyNTNaFw0xMDAxMDEwNTAwMDBaMIGMMQswCQYDVQQGEwJVUzELMAkGA1UE
+ CBMCTlkxEjAQBgNVBAcTCU1hbmhhdHRhbjEOMAwGA1UEChMFUGhhb3MxFDASBgNV
+ BAsTC0hlYWQgT2ZmaWNlMRcwFQYDVQQDEw5ESCBUZXN0IENsaWVudDEdMBsGCSqG
+ SIb3DQEJARYOdGVjaEBwaGFvcy5vcmcwggJEMIIBuAYHKoZIzj4CATCCAasCgYEA
+ uavat7i6NOpnRObdx7Gz38h8xkgmv20XUaj1JjfvMAQfQFMHeshGhY2Q0mwvJ1Of
+ X/kZ4cMbSYUywh3WAY6zQs8W2uxg8GeduCLebNQGTaHVFVmrJMQawlV1bIMQ+kDi
+ IQNR/FPqSNHKD2Q9/uoGD5d2l4KP3qH8dv5HOT8fCwUCgYBxunqmUuKZFTNKJhH9
+ G6UINlI/Xr9jPesj5/I8fpWgxZxsgkzksqisDCslZ09uZTATrGFTF3fk6kNhx25s
+ UCtYHHK1HzQmsLMu2BWNBQrkLC+Mkd3d39UdNduPW4kCMpcdoHAh+zTqAH2QkKJm
+ yxc/x0LevkSUk8rX8DFa3y152QIVAL+Eo4gPL339dk7inq87PnR1PWuHAm0A+C9E
+ GPDSphFaPWO5LQTNflJ0l9IGjcNFGrJX0imWrjM2q6bGYz0ZK4cJhcX12YZOjR52
+ TZh3cy6yAJG470i65nlz5/3ESWFHsMO0COrDi/Ca5RfMrYGcc8hrydzFlT1zqMFa
+ 1yuqQKVsGwXcMBwDFgCZ/hqLAtBi6dyv6Ky+OfXfXgJBPhQCAgNPA4GFAAKBgQCM
+ KtnMyjT9G1LKTZoN7rHwIO08D5j1YYIscsQDc+q4ny5WEFo+wEmOqxGcE9JrRdeb
+ it6cT8F7TWWzeDJUyaXFEi4E1panCBCL1crqS/HbY8VH/zzhT+5L232LchsoYa1p
+ dqxxLHW8RrOax4RLVrcIOPcW4x3Ggk0ANYQhR6kNmqNNMEswDwYDVR0PAQH/BAUD
+ AwcIADAZBgNVHREEEjAQgQ50ZWNoQHBoYW9zLm9yZzAdBgNVHQ4EFgQUHddBJmfV
+ 6MD3FTbVmHcLFN6QFAcwDQYJKoZIhvcNAQEEBQADgYEAKZl9P/ZmIrwHp3BTfBHl
+ eFBk9CbhK14FObMGWSkfjqipb5snXBPE3uPBrvP1StisPRsK/y1OZfcjjkA6ht0j
+ YWp9lohNDTlc/NOKGOQSCpntqr+wQhc6l16jezqR7sKv2eHBFGs0V7HCrEe2mTP4
+ rDa/YKrmL5K6S9GSF27rx40=
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </RecipientKeyInfo>
+ </AgreementMethod>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ aXXD/Yz+ENFF/uop7z9RwfeVfdFteZwcxMILahK/NKF58LMsUKcr0C9jk5IkMZqJ
+ m+bszCs5O61zLI/iJcKFUU2VrokeTuYUP2BZMoxL7q0zqUs7bIwm61IEmU0ghtAT
+ 5jSGCbZLPfz3SRe3de023098UbTg+xC/zLslLxBvEtuZh/rNIoNlCA1WwUNV7oRG
+ tFoqxzDDh/hyBJzSMAw/S/efNORn4Bbfqu4WjO5bN8wxCi1ATFtAmhSVh3c6t1/U
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-element-aes256-kw-aes256.data b/tests/01-phaos-xmlenc-3/enc-element-aes256-kw-aes256.data
new file mode 100644
index 00000000..1d794286
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-aes256-kw-aes256.data
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <CreditCard Currency="USD" Limit="5,000">
+ <Number>4019 2445 0277 5567</Number>
+ <Issuer>Bank of the Internet</Issuer>
+ <Expiration Time="04/02"/>
+ </CreditCard>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-element-aes256-kw-aes256.tmpl b/tests/01-phaos-xmlenc-3/enc-element-aes256-kw-aes256.tmpl
new file mode 100644
index 00000000..95d16987
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-aes256-kw-aes256.tmpl
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes256"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-aes256-key</ds:KeyName>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue></CipherValue>
+ </CipherData>
+ <ReferenceList>
+ <DataReference URI="#ED"/>
+ </ReferenceList>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
diff --git a/tests/01-phaos-xmlenc-3/enc-element-aes256-kw-aes256.xml b/tests/01-phaos-xmlenc-3/enc-element-aes256-kw-aes256.xml
new file mode 100644
index 00000000..9730db87
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-element-aes256-kw-aes256.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes256"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-aes256-key</ds:KeyName>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>IMwdsyg89IZ4Txf1SYYZNKUOKuYdDoIi/zEKXCjj4j9PM6BdkZligA==</CipherValue>
+ </CipherData>
+ <ReferenceList>
+ <DataReference URI="#ED"/>
+ </ReferenceList>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ sKcjsnw0spmr+iFPf2FWILKQz32+8DvSGm6WTtmMd9syqY/+BIubjH3PS7ROuGY6
+ xaotStXfOXm5fE4R3Haqw/04gfV4jJU3vIZZHYj9blDIn602YtqI+xti2zZOhGZ4
+ 9gssg7m8ZOJ28yfbQfNw97RdwQiSnIU/Bh87xQJRDK0/M3fOHylMUTH7xMMbQu5m
+ rhYj49kNpnVK7XyP7jCek0lT2ei7KYdKaxD/Jm/xWPxaxyS2C8q9bku5HMsEKJOn
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-text-3des-kw-aes256.data b/tests/01-phaos-xmlenc-3/enc-text-3des-kw-aes256.data
new file mode 100644
index 00000000..1d794286
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-text-3des-kw-aes256.data
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <CreditCard Currency="USD" Limit="5,000">
+ <Number>4019 2445 0277 5567</Number>
+ <Issuer>Bank of the Internet</Issuer>
+ <Expiration Time="04/02"/>
+ </CreditCard>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-text-3des-kw-aes256.tmpl b/tests/01-phaos-xmlenc-3/enc-text-3des-kw-aes256.tmpl
new file mode 100644
index 00000000..37e28273
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-text-3des-kw-aes256.tmpl
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes256"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-aes256-key</ds:KeyName>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+ <ReferenceList>
+ <DataReference URI="#ED"/>
+ </ReferenceList>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
diff --git a/tests/01-phaos-xmlenc-3/enc-text-3des-kw-aes256.xml b/tests/01-phaos-xmlenc-3/enc-text-3des-kw-aes256.xml
new file mode 100644
index 00000000..b972f1d4
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-text-3des-kw-aes256.xml
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <CreditCard Currency="USD" Limit="5,000">
+ <Number><EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes256"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-aes256-key</ds:KeyName>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ jOvQe4SxDqEMvAHcmb3Z+/Uedj23pvL6BRQsl2sjJlQ=
+ </CipherValue>
+ </CipherData>
+ <ReferenceList>
+ <DataReference URI="#ED"/>
+ </ReferenceList>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ tY3V4h8kopDTZXb80BoqEWH7/nWryHZhU504S1ZRPLw=
+ </CipherValue>
+ </CipherData>
+ </EncryptedData></Number>
+ <Issuer>Bank of the Internet</Issuer>
+ <Expiration Time="04/02"/>
+ </CreditCard>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-text-aes128-kw-aes192.data b/tests/01-phaos-xmlenc-3/enc-text-aes128-kw-aes192.data
new file mode 100644
index 00000000..1d794286
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-text-aes128-kw-aes192.data
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <CreditCard Currency="USD" Limit="5,000">
+ <Number>4019 2445 0277 5567</Number>
+ <Issuer>Bank of the Internet</Issuer>
+ <Expiration Time="04/02"/>
+ </CreditCard>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-text-aes128-kw-aes192.tmpl b/tests/01-phaos-xmlenc-3/enc-text-aes128-kw-aes192.tmpl
new file mode 100644
index 00000000..5da83247
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-text-aes128-kw-aes192.tmpl
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes192"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-aes192-key</ds:KeyName>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue></CipherValue>
+ </CipherData>
+ <ReferenceList>
+ <DataReference URI="#ED"/>
+ </ReferenceList>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue></CipherValue>
+ </CipherData>
+ </EncryptedData>
diff --git a/tests/01-phaos-xmlenc-3/enc-text-aes128-kw-aes192.xml b/tests/01-phaos-xmlenc-3/enc-text-aes128-kw-aes192.xml
new file mode 100644
index 00000000..a380abb2
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-text-aes128-kw-aes192.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <CreditCard Currency="USD" Limit="5,000">
+ <Number><EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes192"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-aes192-key</ds:KeyName>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>PeDwjnCsg6xWzs3SmzUtc2nyUz28nGu7</CipherValue>
+ </CipherData>
+ <ReferenceList>
+ <DataReference URI="#ED"/>
+ </ReferenceList>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>6hfMgI39JG5aIId4ZxZkXLGSGVcC7Wu4yOSdkC4H3NJ50pMdcZI2c38YoFHpFZFS</CipherValue>
+ </CipherData>
+ </EncryptedData></Number>
+ <Issuer>Bank of the Internet</Issuer>
+ <Expiration Time="04/02"/>
+ </CreditCard>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-text-aes192-kt-rsa1_5.data b/tests/01-phaos-xmlenc-3/enc-text-aes192-kt-rsa1_5.data
new file mode 100644
index 00000000..1d794286
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-text-aes192-kt-rsa1_5.data
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <CreditCard Currency="USD" Limit="5,000">
+ <Number>4019 2445 0277 5567</Number>
+ <Issuer>Bank of the Internet</Issuer>
+ <Expiration Time="04/02"/>
+ </CreditCard>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-text-aes192-kt-rsa1_5.tmpl b/tests/01-phaos-xmlenc-3/enc-text-aes192-kt-rsa1_5.tmpl
new file mode 100644
index 00000000..7b961732
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-text-aes192-kt-rsa1_5.tmpl
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-rsa-key</ds:KeyName>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+</EncryptedData>
diff --git a/tests/01-phaos-xmlenc-3/enc-text-aes192-kt-rsa1_5.xml b/tests/01-phaos-xmlenc-3/enc-text-aes192-kt-rsa1_5.xml
new file mode 100644
index 00000000..46f5844a
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-text-aes192-kt-rsa1_5.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <CreditCard Currency="USD" Limit="5,000">
+ <Number><EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-rsa-key</ds:KeyName>
+ <ds:X509Data>
+ <ds:X509Certificate>
+ MIIDzTCCArWgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBljELMAkGA1UEBhMCVVMx
+ CzAJBgNVBAgTAk5ZMRIwEAYDVQQHEwlNYW5oYXR0YW4xFTATBgNVBAoTDExhdmEg
+ U3VwcmVtZTEUMBIGA1UECxMLSGVhZCBPZmZpY2UxFDASBgNVBAMTC1JTQSBUZXN0
+ IENBMSMwIQYJKoZIhvcNAQkBFhR0ZWNoQGxhdmFzdXByZW1lLm9yZzAeFw0wMjAx
+ MzExNjI5NDNaFw00MzAyMjUxNjI5NDNaMIGWMQswCQYDVQQGEwJVUzELMAkGA1UE
+ CBMCTlkxEjAQBgNVBAcTCU1hbmhhdHRhbjEVMBMGA1UEChMMTGF2YSBTdXByZW1l
+ MRQwEgYDVQQLEwtIZWFkIE9mZmljZTEUMBIGA1UEAxMLUlNBIFRlc3QgQ0ExIzAh
+ BgkqhkiG9w0BCQEWFHRlY2hAbGF2YXN1cHJlbWUub3JnMIIBIjANBgkqhkiG9w0B
+ AQEFAAOCAQ8AMIIBCgKCAQEAgj3TOyUtgg99oEfsm8h9JTZBxUkzYkXVUOHxIwnk
+ Fwp4y9ZnrGja/j+kpRyKvYP5CkNdq0e58/r7GLXj45iqd03XjsFNTdjy4OIOgf7J
+ xMG7z+hEB1LT2swTs10GILFWPByRl3/BEsnekLZdoqNoJrvnttVkxgu3x80Ji3/A
+ ZD8Ub/kBGOSPyu6pn3OdnMTc5q4r1qUe985lQzCZvCMw6AoGeCyJodNu2MbveNeH
+ +YPjRgLCQfzvOFRq+9qMtE8XfUJZdNhPZhgdsOGf8uJauTcIHbAyw7BhxPy6RikW
+ W5yiWUmBya+7t4y1TQJzham/0y0zU3TAA7b/rDrU7xmNPwIDAQABoyQwIjAPBgNV
+ HRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBgAwDQYJKoZIhvcNAQEEBQADggEB
+ ADELWZjFLPjSjGeOaeUwH/mEOP+l/nTtxe07IWAQL4kvb4wsiUsM1EkPptcBQsym
+ OYgFhf3Elqma84bbOyp85y/iQnjpqWWJ73TFXSWZamSIhYb4Gk+dQuwFI+zD3B2y
+ WwqghaAHDzxtzROLUBjo+97Y6ng6V5zjmtdGOFwNXwWhf3Y+MjnErtBIKYao8NJO
+ p6di80w82+s6Ot+CLVvVobLhxS/y8yWplATRiQnI5ij/WTLML+tiU5aes0c9abaf
+ O7i9j1iTuZsDT3f96ia0RSLsXSGij737QKc3ZM8lSxBWfepWYO+G+IRgr1q9IUDa
+ kKO/vB9Ay64Rt88XbLnnGns=
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ fiDteajx7IJTorLOQoMiXyblOh3zNix23qAy0hcKKP1/7OeLDT1hEnrXkKVvG83h
+ No3WF89VPuZGuGeEIJl4xcMklHItcI370NmGjCgKI5GQS/6yxMr4mEbiUL2X8Ycy
+ wVa2GUV9qFlkv6C8OnFpCUqBgJOjbUAu9pQ3OWa35Nv8tKqyaphPUaQtPc8ZMehS
+ cLHtkYKeByWqz5Djp11rklDp4v1QSeDWEn9zCKkaFiD0DZRtqpnTzwjj1tZsDNp8
+ mbps2mAlqnU0L+EsR+8KTRh5vzmxueM+lsLkGH2Rusy2qi/GqmF/NiwyTBdokWoM
+ Vd9qzUAODGnwGzf7ymyVKg==
+ </CipherValue>
+ </CipherData>
+ <ReferenceList>
+ <DataReference URI="#ED"/>
+ </ReferenceList>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ hg1h2JBeLhLq1QxPKsOQUE/ThbnjAdFCfQYKeqO1ipbi6lTZr5XPP3XsIybze0nX
+ </CipherValue>
+ </CipherData>
+ </EncryptedData></Number>
+ <Issuer>Bank of the Internet</Issuer>
+ <Expiration Time="04/02"/>
+ </CreditCard>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-text-aes256-kt-rsa_oaep_sha1.data b/tests/01-phaos-xmlenc-3/enc-text-aes256-kt-rsa_oaep_sha1.data
new file mode 100644
index 00000000..1d794286
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-text-aes256-kt-rsa_oaep_sha1.data
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <CreditCard Currency="USD" Limit="5,000">
+ <Number>4019 2445 0277 5567</Number>
+ <Issuer>Bank of the Internet</Issuer>
+ <Expiration Time="04/02"/>
+ </CreditCard>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/enc-text-aes256-kt-rsa_oaep_sha1.tmpl b/tests/01-phaos-xmlenc-3/enc-text-aes256-kt-rsa_oaep_sha1.tmpl
new file mode 100644
index 00000000..199da111
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-text-aes256-kt-rsa_oaep_sha1.tmpl
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
+ </EncryptionMethod>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-rsa-key</ds:KeyName>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+</EncryptedData> \ No newline at end of file
diff --git a/tests/01-phaos-xmlenc-3/enc-text-aes256-kt-rsa_oaep_sha1.xml b/tests/01-phaos-xmlenc-3/enc-text-aes256-kt-rsa_oaep_sha1.xml
new file mode 100644
index 00000000..a44829f7
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/enc-text-aes256-kt-rsa_oaep_sha1.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <CreditCard Currency="USD" Limit="5,000">
+ <Number><EncryptedData Id="ED" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey Id="EK" xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
+ </EncryptionMethod>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:KeyName>my-rsa-key</ds:KeyName>
+ <ds:X509Data>
+ <ds:X509Certificate>
+ MIIDzTCCArWgAwIBAgIBATANBgkqhkiG9w0BAQQFADCBljELMAkGA1UEBhMCVVMx
+ CzAJBgNVBAgTAk5ZMRIwEAYDVQQHEwlNYW5oYXR0YW4xFTATBgNVBAoTDExhdmEg
+ U3VwcmVtZTEUMBIGA1UECxMLSGVhZCBPZmZpY2UxFDASBgNVBAMTC1JTQSBUZXN0
+ IENBMSMwIQYJKoZIhvcNAQkBFhR0ZWNoQGxhdmFzdXByZW1lLm9yZzAeFw0wMjAx
+ MzExNjI5NDNaFw00MzAyMjUxNjI5NDNaMIGWMQswCQYDVQQGEwJVUzELMAkGA1UE
+ CBMCTlkxEjAQBgNVBAcTCU1hbmhhdHRhbjEVMBMGA1UEChMMTGF2YSBTdXByZW1l
+ MRQwEgYDVQQLEwtIZWFkIE9mZmljZTEUMBIGA1UEAxMLUlNBIFRlc3QgQ0ExIzAh
+ BgkqhkiG9w0BCQEWFHRlY2hAbGF2YXN1cHJlbWUub3JnMIIBIjANBgkqhkiG9w0B
+ AQEFAAOCAQ8AMIIBCgKCAQEAgj3TOyUtgg99oEfsm8h9JTZBxUkzYkXVUOHxIwnk
+ Fwp4y9ZnrGja/j+kpRyKvYP5CkNdq0e58/r7GLXj45iqd03XjsFNTdjy4OIOgf7J
+ xMG7z+hEB1LT2swTs10GILFWPByRl3/BEsnekLZdoqNoJrvnttVkxgu3x80Ji3/A
+ ZD8Ub/kBGOSPyu6pn3OdnMTc5q4r1qUe985lQzCZvCMw6AoGeCyJodNu2MbveNeH
+ +YPjRgLCQfzvOFRq+9qMtE8XfUJZdNhPZhgdsOGf8uJauTcIHbAyw7BhxPy6RikW
+ W5yiWUmBya+7t4y1TQJzham/0y0zU3TAA7b/rDrU7xmNPwIDAQABoyQwIjAPBgNV
+ HRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBgAwDQYJKoZIhvcNAQEEBQADggEB
+ ADELWZjFLPjSjGeOaeUwH/mEOP+l/nTtxe07IWAQL4kvb4wsiUsM1EkPptcBQsym
+ OYgFhf3Elqma84bbOyp85y/iQnjpqWWJ73TFXSWZamSIhYb4Gk+dQuwFI+zD3B2y
+ WwqghaAHDzxtzROLUBjo+97Y6ng6V5zjmtdGOFwNXwWhf3Y+MjnErtBIKYao8NJO
+ p6di80w82+s6Ot+CLVvVobLhxS/y8yWplATRiQnI5ij/WTLML+tiU5aes0c9abaf
+ O7i9j1iTuZsDT3f96ia0RSLsXSGij737QKc3ZM8lSxBWfepWYO+G+IRgr1q9IUDa
+ kKO/vB9Ay64Rt88XbLnnGns=
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ FCMw2HiQoGdINvvQYoMdRH0fE5oM9i3E9D4IRx9nwvnZLbA/Oi5snoKYEjYQ8ALK
+ QxYkGKhHtvwsUpVyxA9wGxbNP19Qt1yJIthG6mHUrGTcN9iYvY85FacG3NQWmdMh
+ HjqmylWZAqY4b+qDHczciqzT9i/M3AVct8RrgfVL/MgYyo1WLM0n+svRtc+GFYu6
+ QupE5bV1UFb/x3FaQtlzm6fIin+BSThCPKfnanj5Z1rAZsi7Wo9TiK610DKh9zXx
+ ONfiLcv9fpoHxpsEzCvAp+RUzLTuqxsLR1rdOveQLy/lTx9eClK8YepzlQIaXiOY
+ y0UqwPAQnEjuVzOmT3CsrQ==
+ </CipherValue>
+ </CipherData>
+ <ReferenceList>
+ <DataReference URI="#ED"/>
+ </ReferenceList>
+ </EncryptedKey>
+ </ds:KeyInfo>
+ <CipherData>
+ <CipherValue>
+ DpNYC0Np5hHaQAUyHWpM3MQ99wkDFtGRc7TywqxmhI4sJKDXM5SRjVlKf6st5wOz
+ </CipherValue>
+ </CipherData>
+ </EncryptedData></Number>
+ <Issuer>Bank of the Internet</Issuer>
+ <Expiration Time="04/02"/>
+ </CreditCard>
+</PaymentInfo>
diff --git a/tests/01-phaos-xmlenc-3/key.txt b/tests/01-phaos-xmlenc-3/key.txt
new file mode 100644
index 00000000..d08983a6
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/key.txt
@@ -0,0 +1,117 @@
+This file contains keys to decrypt the sample xml documents: enc-*-*-*-*.xml.
+
+All the keys are expressed in hex string.
+
+The symmetric keys (Triple DES Key, AES-128 Key, AES-192 Key, AES-256 Key) are
+key wrap keys. They can be used to decrypt the EncryptedKey element in the files: enc-*-*-kw-*.xml.
+
+The RSA Private Key is for decrypting the EncryptedKey element in the files: enc-*-*-kt-*.xml.
+
+The Diffie-Hellman Private Key is the Recipient's private key which can be used to derive
+the data decryption key for the EncryptedData element in the files: enc-*-*-ka-dh.xml.
+
+#Triple DES Key (identified by the key name = my-3des-key):
+#----------------------------------------------------------
+c8 8f 89 d5 fd e9 b9 80 04 46 32 1c 4f ab df 83 a4 62 b6 62 97 f2 70 f4
+
+#AES-128 Key (identified by the key name = my-aes128-key):
+#---------------------------------------------------------
+d3 5f b2 b9 0d a1 b8 f4 b5 f9 0b f4 2c 7f b3 69
+
+#AES-192 Key (identified by the key name = my-aes192-key):
+#---------------------------------------------------------
+22 57 ee 4b 8d 0b bd 2b 55 53 43 23 f1 e3 eb ac 61 d5 84 06 f8 f3 2f be
+
+#AES-256 Key (identified by the key name = my-aes256-key):
+#---------------------------------------------------------
+66 16 78 bf 74 65 c1 39 42 10 ea 48 ac 77 cb 29 5c 89 38 10 ed 10 93 8e 40 36
+ad ff 8c 51 d5 b0
+
+#RSA Private Key:
+#----------------
+
+#Modulus:
+82 3d d3 3b 25 2d 82 0f 7d a0 47 ec 9b c8 7d 25 36 41 c5 49 33 62 45 d5 50 e1
+f1 23 09 e4 17 0a 78 cb d6 67 ac 68 da fe 3f a4 a5 1c 8a bd 83 f9 0a 43 5d ab
+47 b9 f3 fa fb 18 b5 e3 e3 98 aa 77 4d d7 8e c1 4d 4d d8 f2 e0 e2 0e 81 fe c9
+c4 c1 bb cf e8 44 07 52 d3 da cc 13 b3 5d 06 20 b1 56 3c 1c 91 97 7f c1 12 c9
+de 90 b6 5d a2 a3 68 26 bb e7 b6 d5 64 c6 0b b7 c7 cd 09 8b 7f c0 64 3f 14 6f
+f9 01 18 e4 8f ca ee a9 9f 73 9d 9c c4 dc e6 ae 2b d6 a5 1e f7 ce 65 43 30 99
+bc 23 30 e8 0a 06 78 2c 89 a1 d3 6e d8 c6 ef 78 d7 87 f9 83 e3 46 02 c2 41 fc
+ef 38 54 6a fb da 8c b4 4f 17 7d 42 59 74 d8 4f 66 18 1d b0 e1 9f f2 e2 5a b9
+37 08 1d b0 32 c3 b0 61 c4 fc ba 46 29 16 5b 9c a2 59 49 81 c9 af bb b7 8c b5
+4d 02 73 85 a9 bf d3 2d 33 53 74 c0 03 b6 ff ac 3a d4 ef 19 8d 3f
+
+#Public Expotent
+01 00 01
+
+#Exponent
+52 be 3c 88 82 e2 1a 93 04 d8 e3 58 ea cf c0 d1 f7 5a 69 a0 4b c8 cf 5c ea 79 e0
+dc c5 d7 e6 db 7c 4a e3 f8 11 8c bc 34 72 f2 83 03 53 11 7b da a8 2e 8c 3f d8 dd
+c6 a7 59 07 25 e7 96 1c d3 8f e0 20 66 4d 60 73 68 b5 45 31 d8 cd b5 b5 32 0f 72
+e6 6f 45 68 f1 b2 2e 7b 20 b8 ff 0c 79 90 b0 9c 97 f9 d7 2a 0e db 84 ec a5 3b 76
+d9 70 bf 26 7c 92 85 91 a4 e8 3d 61 90 ca 2e 9a 35 9b 61 13 d1 18 f2 34 49 bd 7e
+fb 7a 9b 76 70 49 ac 00 f5 8b b4 c5 25 6f 54 8b a4 34 89 7b 7a 29 90 cc 16 1e 19
+0c 06 c2 13 20 32 8c 9b 41 68 f0 20 ea 67 6e f7 11 7d 3f e2 02 1f 67 fc 0c 97 72
+3b 4e 30 6c 16 86 27 e3 7a 5f 94 d5 73 0c 86 b7 0b de 60 39 c5 bf a0 19 0a 59 ed
+34 e8 4d f9 8e 10 97 95 0a 1f 41 44 aa 60 9e 21 f8 25 50 a5 86 24 ce 78 de 15 4c
+b6 58 83 f0 46 98 64 e3 ac 46 4a 5f 81
+
+#Prime 1
+8a 00 d7 b6 c1 27 b3 df 90 56 c4 0a 62 89 48 fc 61 34 11 d9 1d d4 e9 32 1b 0d 75
+37 76 08 30 d3 73 3a 8b 5c 0c aa 14 d3 f2 6d d6 12 3b 35 a5 91 82 2f 7f 2f 2a 61
+98 43 3f 74 16 8d 9e b3 56 e8 63 c8 11 34 a3 51 0f 45 b8 ad 8b cb 09 0d 52 23 36
+0f e5 05 b0 b9 6a 10 9e 12 e7 4f fb 91 d5 ce 0b 7b 7d ae 6f 6d 88 83 f2 ab 02 4a
+37 14 66 c8 00 0a 7e 24 5b 62 21 2d aa a4 79 cd d1 97 70 11
+
+#Prime 2
+f1 9a 06 c5 37 17 23 ba 6a 9a 45 9c 23 ce ec 88 78 6d 87 58 c5 08 6b f7 10 cc 00
+78 8c b8 b6 4e 07 06 4c 63 66 80 72 fe 15 36 9b 1b e2 60 f8 6e 14 43 e3 25 32 84
+6e 24 11 79 b5 4b c1 a4 c9 c6 ce 78 dd d7 86 43 5b 21 75 51 d3 d7 4d 39 c3 21 b2
+86 e2 15 5d 80 b9 e9 78 6e fb c0 76 cb 7d ba e7 4f d7 c1 14 d2 51 7c 4f fd e4 3e
+41 bd 8c 78 33 d9 d1 78 29 1e 15 3b e1 96 b8 17 cd 76 78 4f
+
+#Prime exponent 1
+01 37 0a af 28 3a 32 42 38 a2 1a ed c0 7a 56 f3 29 e3 ec 78 4d e3 ee fd aa f1 4e
+63 e3 9d 24 d8 e7 bd cf 36 4b 42 40 16 b1 9e b7 f0 c7 26 ac c3 80 32 ec da bc 73
+c9 84 66 0d 9e 99 36 99 7b 9d 66 2b 7f c3 47 e0 d1 d2 9a 52 a4 d5 6f c9 f7 3c 2a
+20 af b2 82 20 cf c7 3f ad 08 ee 52 57 b1 5b 34 0c ad 49 98 df 8d 01 24 64 cf 0b
+5a 3a ca c0 de 07 39 9f 16 52 e1 d9 e6 13 b6 a2 d2 42 94 11
+
+#Prime exponent 2
+47 c0 ff 11 c3 72 d3 e1 a1 97 7f e5 07 9d 85 12 62 f1 e4 a8 b0 9b f7 b4 c1 00 55
+83 78 07 c3 dd 18 a8 fe 36 e7 52 6e d4 97 68 48 58 d7 bb 05 0d 6c 67 5d 26 c7 02
+1d 40 7c 52 82 77 55 d2 78 67 21 f0 08 8e 99 d0 fe 27 5f 77 f5 f0 77 32 bf ec 4c
+c9 e8 37 5f e8 4f 82 33 6c 58 a3 de 72 e5 00 bc de f4 be 81 95 1e 7e 07 ca f6 6c
+ff ca 3e a6 99 24 c3 ac f9 ea 71
+
+#CrtCoffieient:
+75 5e b2 85 d4 5c 52 b4 81 83 a7 bc 43 67 f5 a2 be cb 79 8c e2 eb 15 a3 7f 54 51
+8e a3 ce 81 fe 95 07 fc 62 32 61 7a 46 76 4a b9 15 33 2b d8 9e 46 70 21 b4 31 49
+4d 2d 67 3d b7 d5 2c f4 ac 01 2c f1 01 a1 90 19 d6 77 02 c1 c3 e2 3a 74 de 30 b2
+2a d0 5a 3c a7 43 cd e5 6b ae b2 18 3d cc 99 e0 e0 5e a0 55 94 bf 39 43 12 d1 1c
+a8 97 37 38 dc 29 35 66 a5 ee 78 4a 11 b6 ff 02 3a 85 9a 98
+
+
+#Diffie-Hellman Private Key:
+#---------------------------
+
+#Prime P
+b9 ab da b7 b8 ba 34 ea 67 44 e6 dd c7 b1 b3 df c8 7c c6 48 26 bf 6d 17 51 a8 f5
+26 37 ef 30 04 1f 40 53 07 7a c8 46 85 8d 90 d2 6c 2f 27 53 9f 5f f9 19 e1 c3 1b
+49 85 32 c2 1d d6 01 8e b3 42 cf 16 da ec 60 f0 67 9d b8 22 de 6c d4 06 4d a1 d5
+15 59 ab 24 c4 1a c2 55 75 6c 83 10 fa 40 e2 21 03 51 fc 53 ea 48 d1 ca 0f 64 3d
+fe ea 06 0f 97 76 97 82 8f de a1 fc 76 fe 47 39 3f 1f 0b 05
+
+#Generator G
+71 ba 7a a6 52 e2 99 15 33 4a 26 11 fd 1b a5 08 36 52 3f 5e bf 63 3d eb 23 e7 f2
+3c 7e 95 a0 c5 9c 6c 82 4c e4 b2 a8 ac 0c 2b 25 67 4f 6e 65 30 13 ac 61 53 17 77
+e4 ea 43 61 c7 6e 6c 50 2b 58 1c 72 b5 1f 34 26 b0 b3 2e d8 15 8d 05 0a e4 2c 2f
+8c 91 dd dd df d5 1d 35 db 8f 5b 89 02 32 97 1d a0 70 21 fb 34 ea 00 7d 90 90 a2
+66 cb 17 3f c7 42 de be 44 94 93 ca d7 f0 31 5a df 2d 79 d9
+
+#Prime Q
+bf 84 a3 88 0f 2f 7d fd 76 4e e2 9e af 3b 3e 74 75 3d 6b 87
+
+#Private Key Value
+6d 27 17 0e c9 ff b3 29 8e 12 2c 1f a7 a8 48 64 42 f2 12 b3
diff --git a/tests/01-phaos-xmlenc-3/keys.xml b/tests/01-phaos-xmlenc-3/keys.xml
new file mode 100644
index 00000000..f01bdc54
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/keys.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0"?>
+<Keys xmlns="http://www.aleksey.com/xmlsec/2002">
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>my-rsa-key</KeyName>
+ <KeyValue>
+ <RSAKeyValue>
+ <Modulus>
+ gj3TOyUtgg99oEfsm8h9JTZBxUkzYkXVUOHxIwnkFwp4y9ZnrGja/j+kpRyKvYP5
+ CkNdq0e58/r7GLXj45iqd03XjsFNTdjy4OIOgf7JxMG7z+hEB1LT2swTs10GILFW
+ PByRl3/BEsnekLZdoqNoJrvnttVkxgu3x80Ji3/AZD8Ub/kBGOSPyu6pn3OdnMTc
+ 5q4r1qUe985lQzCZvCMw6AoGeCyJodNu2MbveNeH+YPjRgLCQfzvOFRq+9qMtE8X
+ fUJZdNhPZhgdsOGf8uJauTcIHbAyw7BhxPy6RikWW5yiWUmBya+7t4y1TQJzham/
+ 0y0zU3TAA7b/rDrU7xmNPw==
+ </Modulus>
+ <Exponent>
+ AQAB
+ </Exponent>
+ <PrivateExponent xmlns="http://www.aleksey.com/xmlsec/2002">
+ Ur48iILiGpME2ONY6s/A0fdaaaBLyM9c6nng3MXX5tt8SuP4EYy8NHLygwNTEXva
+ qC6MP9jdxqdZByXnlhzTj+AgZk1gc2i1RTHYzbW1Mg9y5m9FaPGyLnsguP8MeZCw
+ nJf51yoO24TspTt22XC/JnyShZGk6D1hkMoumjWbYRPRGPI0Sb1++3qbdnBJrAD1
+ i7TFJW9Ui6Q0iXt6KZDMFh4ZDAbCEyAyjJtBaPAg6mdu9xF9P+ICH2f8DJdyO04w
+ bBaGJ+N6X5TVcwyGtwveYDnFv6AZClntNOhN+Y4Ql5UKH0FEqmCeIfglUKWGJM54
+ 3hVMtliD8EaYZOOsRkpfgQ==
+ </PrivateExponent>
+ </RSAKeyValue>
+ </KeyValue>
+ </KeyInfo>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>my-3des-key</KeyName>
+ <KeyValue>
+ <DESKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">
+ yI+J1f3puYAERjIcT6vfg6RitmKX8nD0
+ </DESKeyValue>
+ </KeyValue>
+ </KeyInfo>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>my-aes256-key</KeyName>
+ <KeyValue>
+ <AESKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">
+ ZhZ4v3RlwTlCEOpIrHfLKVyJOBDtEJOOQDat/4xR1bA=
+ </AESKeyValue>
+ </KeyValue>
+ </KeyInfo>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>my-aes192-key</KeyName>
+ <KeyValue>
+ <AESKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">
+ IlfuS40LvStVU0Mj8ePrrGHVhAb48y++
+ </AESKeyValue>
+ </KeyValue>
+ </KeyInfo>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>my-aes128-key</KeyName>
+ <KeyValue>
+ <AESKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">
+ 01+yuQ2huPS1+Qv0LH+zaQ==
+ </AESKeyValue>
+ </KeyValue>
+ </KeyInfo>
+</Keys>
diff --git a/tests/01-phaos-xmlenc-3/payment.xml b/tests/01-phaos-xmlenc-3/payment.xml
new file mode 100644
index 00000000..e7b50c77
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/payment.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PaymentInfo xmlns="http://example.org/paymentv2">
+ <Name>John Smith</Name>
+ <CreditCard Currency="USD" Limit="5,000">
+ <Number>4019 2445 0277 5567</Number>
+ <Issuer>Bank of the Internet</Issuer>
+ <Expiration Time="04/02"/>
+ </CreditCard>
+</PaymentInfo> \ No newline at end of file
diff --git a/tests/01-phaos-xmlenc-3/rsa-priv-key.der b/tests/01-phaos-xmlenc-3/rsa-priv-key.der
new file mode 100644
index 00000000..0a1e4b27
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/rsa-priv-key.der
Binary files differ
diff --git a/tests/01-phaos-xmlenc-3/rsa-priv-key.p12 b/tests/01-phaos-xmlenc-3/rsa-priv-key.p12
new file mode 100644
index 00000000..f17e6ecc
--- /dev/null
+++ b/tests/01-phaos-xmlenc-3/rsa-priv-key.p12
Binary files differ
diff --git a/tests/aleksey-xkms-01/bad-request-name-not-supported.xml b/tests/aleksey-xkms-01/bad-request-name-not-supported.xml
new file mode 100644
index 00000000..f2d874f1
--- /dev/null
+++ b/tests/aleksey-xkms-01/bad-request-name-not-supported.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0"?>
+<Result xmlns="http://www.w3.org/2002/03/xkms#" Id="K5FhJO2yxpaycO7RjWW87ASoUt7qQc0h" Service="http://www.example.com/xkms" ResultMajor="Sender" ResultMinor="MessageNotSupported"/>
diff --git a/tests/aleksey-xkms-01/bad-request-name.xml b/tests/aleksey-xkms-01/bad-request-name.xml
new file mode 100644
index 00000000..1166191d
--- /dev/null
+++ b/tests/aleksey-xkms-01/bad-request-name.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="utf-8"?>
+<InvalidRequest xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
+ xmlns="http://www.w3.org/2002/03/xkms#"
+ Id="aleksey_xkms_01_bad_request_name"
+ Service="http://www.example.com/xkms"
+ Nonce="NhdGUxFjAUBgNVBAMTDUFsZWtzZXkasdfgU2Fu"
+ ResponseLimit="5" >
+ <RespondWith>KeyName</RespondWith>
+</InvalidRequest>
diff --git a/tests/aleksey-xkms-01/compound-example-1-no-match.xml b/tests/aleksey-xkms-01/compound-example-1-no-match.xml
new file mode 100644
index 00000000..4027213c
--- /dev/null
+++ b/tests/aleksey-xkms-01/compound-example-1-no-match.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0"?>
+<CompoundResult xmlns="http://www.w3.org/2002/03/xkms#" Id="PTLTkLuPfZtNrXVhhcrCqa_0o_73Sqno" Service="http://www.example.com/xkms" RequestId="Ie383fac377f1e54d2b26596c072b8b7a" ResultMajor="Sender" ResultMinor="NoMatch">
+<LocateResult Id="ADj5gRxQoJ__nZ6iWKweeUVy7C4ydhs3" Service="http://www.example.com/xkms" RequestId="I97a5c09bff0fe094d27facf5e5adb206" ResultMajor="Sender" ResultMinor="NoMatch"/>
+
+<LocateResult Id="tWuDz6Ahiw2U40SQXvT_X4Dq1B5KCanL" Service="http://www.example.com/xkms" RequestId="Icf173d33d71c80c74589c6204f7aeb4f" ResultMajor="Sender" ResultMinor="NoMatch"/>
+
+</CompoundResult>
diff --git a/tests/aleksey-xkms-01/compound-example-1.xml b/tests/aleksey-xkms-01/compound-example-1.xml
new file mode 100644
index 00000000..f933ab60
--- /dev/null
+++ b/tests/aleksey-xkms-01/compound-example-1.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="utf-8"?>
+<CompoundRequest xmlns="http://www.w3.org/2002/03/xkms#"
+ Id="Ie383fac377f1e54d2b26596c072b8b7a"
+ Service="http://www.example.com/xkms">
+ <LocateRequest Id="I97a5c09bff0fe094d27facf5e5adb206"
+ Service="http://www.example.com/xkms">
+ <RespondWith>KeyValue</RespondWith>
+ <QueryKeyBinding>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <X509Data>
+ <X509Certificate>
+MIIDdDCCAx6gAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBqTELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExHjAcBgNVBAoTFWFsZWtzZXkteGttcy0wMSB0
+ZXN0czEZMBcGA1UECxMQc2Vjb25kIGxldmVsIGtleTEmMCQGA1UEAxMdaHR0cDov
+L3d3dy5hbGVrc2V5LmNvbS94bWxzZWMxIjAgBgkqhkiG9w0BCQEWE2FsZWtzZXlA
+YWxla3NleS5jb20wHhcNMDQwMjAyMjA1NzAyWhcNMDUwMjAxMjA1NzAyWjCBqDEL
+MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExHjAcBgNVBAoTFWFsZWtz
+ZXkteGttcy0wMSB0ZXN0czEYMBYGA1UECxMPdGhpcmQgbGV2ZWwga2V5MSYwJAYD
+VQQDEx1odHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYzEiMCAGCSqGSIb3DQEJ
+ARYTYWxla3NleUBhbGVrc2V5LmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDn
+yQJWr0ZHBuP0uaOACOkD78aRjBr9pEfafTN9qOJv519GD3fg0NFSdZFOpsUKvNYO
+vwOJiyf+S9gSOOtnJVzpAgMBAAGjggEuMIIBKjAJBgNVHRMEAjAAMCwGCWCGSAGG
++EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU
+VBaMhaAXDULGX8z23piFj9uzOPowgc8GA1UdIwSBxzCBxIAUi6lU1cREQvVyXYY6
+y8pTI4qPt/yhgaikgaUwgaIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9y
+bmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxHjAcBgNVBAoTFWFsZWtzZXkteGttcy0w
+MSB0ZXN0czEmMCQGA1UEAxMdaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMx
+IjAgBgkqhkiG9w0BCQEWE2FsZWtzZXlAYWxla3NleS5jb22CAQEwDQYJKoZIhvcN
+AQEEBQADQQAKRCJXl5CTvvDN5jMaawgGU4DYDpvKmJbMKIV7XM+ZXBFnvcooUSIy
+6EGxF8UmAOSNaqZy+bPXJHiRCbmpNR3e
+ </X509Certificate>
+ </X509Data>
+ </KeyInfo>
+ <KeyUsage>Signature</KeyUsage>
+ </QueryKeyBinding>
+ </LocateRequest>
+ <LocateRequest Id="Icf173d33d71c80c74589c6204f7aeb4f"
+ Service="http://www.example.com/xkms">
+ <RespondWith>KeyName</RespondWith>
+ <RespondWith>KeyValue</RespondWith>
+ <RespondWith>X509Cert</RespondWith>
+ <RespondWith>X509Chain</RespondWith>
+ <RespondWith>PGPWeb</RespondWith>
+ <RespondWith>PGP</RespondWith>
+ <QueryKeyBinding>
+ <KeyUsage>Encryption</KeyUsage>
+ <UseKeyWith Application="urn:ietf:rfc:2440" Identifier="bob@bobcorp.test"/>
+ <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="bob@bobcorp.test"/>
+ </QueryKeyBinding>
+ </LocateRequest>
+</CompoundRequest>
diff --git a/tests/aleksey-xkms-01/keys/cert1.der b/tests/aleksey-xkms-01/keys/cert1.der
new file mode 100644
index 00000000..491687f9
--- /dev/null
+++ b/tests/aleksey-xkms-01/keys/cert1.der
Binary files differ
diff --git a/tests/aleksey-xkms-01/keys/cert1.pem b/tests/aleksey-xkms-01/keys/cert1.pem
new file mode 100644
index 00000000..c7d4e779
--- /dev/null
+++ b/tests/aleksey-xkms-01/keys/cert1.pem
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEbTCCA9agAwIBAgIBADANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTEdMBsGA1UE
+ChMUWE1MIFNlY3VyaXR5IExpYnJhcnkxKTAnBgNVBAsTIGFsZWtzZXkteGttcy0w
+MSByb290IGNlcnRpZmljYXRlMSYwJAYDVQQDEx1odHRwOi8vd3d3LmFsZWtzZXku
+Y29tL3htbHNlYzEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4X
+DTA0MDIwMzE5MTEyN1oXDTA0MDMwNDE5MTEyN1owgcsxCzAJBgNVBAYTAlVTMRMw
+EQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxHTAbBgNVBAoT
+FFhNTCBTZWN1cml0eSBMaWJyYXJ5MSkwJwYDVQQLEyBhbGVrc2V5LXhrbXMtMDEg
+cm9vdCBjZXJ0aWZpY2F0ZTEmMCQGA1UEAxMdaHR0cDovL3d3dy5hbGVrc2V5LmNv
+bS94bWxzZWMxITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTCBnzAN
+BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsq7Kwr1+KvsQ2FHud4ZHet3lmj8L3jnu
+xinzAg3CmDmvMomawqpr11eQyJPBjWoWt+KWXIHZv435YbVSnv/MZ96lGC/QDMj+
+Ni1N6tMjjTxmp6qEXrQ0IrskI7jVs2DaceA4GGqLkQ3y1bSQ5RBbhDMwzSLsU8Mz
+8xdsbYIfndkCAwEAAaOCAV0wggFZMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFAv8
+ELYR+j4WXCUEteLjbzDpxGE2MIH4BgNVHSMEgfAwge2AFAv8ELYR+j4WXCUEteLj
+bzDpxGE2oYHRpIHOMIHLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5p
+YTESMBAGA1UEBxMJU3Vubnl2YWxlMR0wGwYDVQQKExRYTUwgU2VjdXJpdHkgTGli
+cmFyeTEpMCcGA1UECxMgYWxla3NleS14a21zLTAxIHJvb3QgY2VydGlmaWNhdGUx
+JjAkBgNVBAMTHWh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjMSEwHwYJKoZI
+hvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CAQAwLwYJYIZIAYb4QgENBCIWIGFs
+ZWtzZXkteGttcy0wMSByb290IGNlcnRpZmljYXRlMA0GCSqGSIb3DQEBBAUAA4GB
+ABJOf0Q8mVh2IA0Z9DDx/ELDObra7jbbjbthYNmPJlBQ2nwT+zACqoV4rEAm3USR
+BbY9n2ny3voxT5ODEFgi1S8s6VCoyyrou1RJttToN0h+r9kQmgEaTr/bGcKDb5pk
+U07fkNzxY/VkfaLH2b68xfvmQ8J4d9bHTmahiTdZuW4h
+-----END CERTIFICATE-----
diff --git a/tests/aleksey-xkms-01/keys/cert2.der b/tests/aleksey-xkms-01/keys/cert2.der
new file mode 100644
index 00000000..215727b2
--- /dev/null
+++ b/tests/aleksey-xkms-01/keys/cert2.der
Binary files differ
diff --git a/tests/aleksey-xkms-01/keys/cert2.pem b/tests/aleksey-xkms-01/keys/cert2.pem
new file mode 100644
index 00000000..1d878176
--- /dev/null
+++ b/tests/aleksey-xkms-01/keys/cert2.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEJTCCA46gAwIBAgIBATANBgkqhkiG9w0BAQUFADCByzELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTEdMBsGA1UE
+ChMUWE1MIFNlY3VyaXR5IExpYnJhcnkxKTAnBgNVBAsTIGFsZWtzZXkteGttcy0w
+MSByb290IGNlcnRpZmljYXRlMSYwJAYDVQQDEx1odHRwOi8vd3d3LmFsZWtzZXku
+Y29tL3htbHNlYzEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4X
+DTA0MDIwMzE5MTEyN1oXDTE0MDEzMTE5MTEyN1owgb8xCzAJBgNVBAYTAlVTMRMw
+EQYDVQQIEwpDYWxpZm9ybmlhMR0wGwYDVQQKExRYTUwgU2VjdXJpdHkgTGlicmFy
+eTExMC8GA1UECxMoYWxla3NleS14a21zLTAxIHNlY29uZCBsZXZlbCBjZXJ0aWZp
+Y2F0ZTEmMCQGA1UEAxMdaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMxITAf
+BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTBcMA0GCSqGSIb3DQEBAQUA
+A0sAMEgCQQDd+36RCkHXnn6pxsfTKhTo/Zocgr4pgtOzS+aT5eji+A0GzPaFHXpY
+0K+nDphWUYBzjrjOkxMBzlvv+BOvc9SzAgMBAAGjggFlMIIBYTAMBgNVHRMEBTAD
+AQH/MB0GA1UdDgQWBBQTZBEwsylIFyyafRuyvYQ+rY3gwzCB+AYDVR0jBIHwMIHt
+gBQL/BC2Efo+FlwlBLXi428w6cRhNqGB0aSBzjCByzELMAkGA1UEBhMCVVMxEzAR
+BgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTEdMBsGA1UEChMU
+WE1MIFNlY3VyaXR5IExpYnJhcnkxKTAnBgNVBAsTIGFsZWtzZXkteGttcy0wMSBy
+b290IGNlcnRpZmljYXRlMSYwJAYDVQQDEx1odHRwOi8vd3d3LmFsZWtzZXkuY29t
+L3htbHNlYzEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggEAMDcG
+CWCGSAGG+EIBDQQqFihhbGVrc2V5LXhrbXMtMDEgc2Vjb25kIGxldmVsIGNlcnRp
+ZmljYXRlMA0GCSqGSIb3DQEBBQUAA4GBAGMs5oZgbjfJBTeWZ7VZHAOyT+sS0tzK
+EPONgoId9RZLlBmxosG2zZ+Tu5xEqxh4HlkUzHEnenB7K/fmGTnQDrHHQH3Q/afI
+zMot8vXO5V3GX7vdYwU6tCEWUG+2JoaJ2riDcrkVwdEpKLo6GH3bGsqkreeH05ll
+oL+n2iYuEzV+
+-----END CERTIFICATE-----
diff --git a/tests/aleksey-xkms-01/keys/cert3.der b/tests/aleksey-xkms-01/keys/cert3.der
new file mode 100644
index 00000000..83eb3522
--- /dev/null
+++ b/tests/aleksey-xkms-01/keys/cert3.der
Binary files differ
diff --git a/tests/aleksey-xkms-01/keys/cert3.pem b/tests/aleksey-xkms-01/keys/cert3.pem
new file mode 100644
index 00000000..67b3caf9
--- /dev/null
+++ b/tests/aleksey-xkms-01/keys/cert3.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEDTCCA7egAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBvzELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExHTAbBgNVBAoTFFhNTCBTZWN1cml0eSBMaWJy
+YXJ5MTEwLwYDVQQLEyhhbGVrc2V5LXhrbXMtMDEgc2Vjb25kIGxldmVsIGNlcnRp
+ZmljYXRlMSYwJAYDVQQDEx1odHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYzEh
+MB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4XDTA0MDIwMzE5MTEy
+OFoXDTE0MDEzMTE5MTEyOFowgcsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxp
+Zm9ybmlhMR0wGwYDVQQKExRYTUwgU2VjdXJpdHkgTGlicmFyeTE9MDsGA1UECxM0
+YWxla3NleS14a21zLTAxIHNpZ25hdHVyZSBhbmQgZW5jcnlwdGlvbiBjZXJ0aWZp
+Y2F0ZTEmMCQGA1UEAxMdaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMxITAf
+BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTBcMA0GCSqGSIb3DQEBAQUA
+A0sAMEgCQQDS208fS1M+MzOOewMytAU7ecT5ErtLTrK2mZr7QMqAGs696qHv9WOW
+i115eDaLW50XRVNr16eiquDtXl53EfBvAgMBAAGjggGOMIIBijAJBgNVHRMEAjAA
+MBEGCWCGSAGG+EIBAQQEAwIEsDALBgNVHQ8EBAMCBeAwQwYJYIZIAYb4QgENBDYW
+NGFsZWtzZXkteGttcy0wMSBzaWduYXR1cmUgYW5kIGVuY3J5cHRpb24gY2VydGlm
+aWNhdGUwHQYDVR0OBBYEFJw9QoFYPiU7VQheRsUV7LrY84+TMIH4BgNVHSMEgfAw
+ge2AFBNkETCzKUgXLJp9G7K9hD6tjeDDoYHRpIHOMIHLMQswCQYDVQQGEwJVUzET
+MBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMR0wGwYDVQQK
+ExRYTUwgU2VjdXJpdHkgTGlicmFyeTEpMCcGA1UECxMgYWxla3NleS14a21zLTAx
+IHJvb3QgY2VydGlmaWNhdGUxJjAkBgNVBAMTHWh0dHA6Ly93d3cuYWxla3NleS5j
+b20veG1sc2VjMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CAQEw
+DQYJKoZIhvcNAQEFBQADQQAsb2Wh4hp+axYEGrsTMqd9j8pKuxJqa89ob4nl/FwN
+5jelwnWbB+3HG7f9GusYg6nNzga1EFD3YTfW23YWIKd9
+-----END CERTIFICATE-----
diff --git a/tests/aleksey-xkms-01/keys/create-keys.sh b/tests/aleksey-xkms-01/keys/create-keys.sh
new file mode 100755
index 00000000..127e1274
--- /dev/null
+++ b/tests/aleksey-xkms-01/keys/create-keys.sh
@@ -0,0 +1,73 @@
+#!/bin/sh
+#
+# This script along with "openssl.cnf" file from this folder creates
+# a chain of three certificates containing RSA 1024 keys:
+# cert1 (key1) - root CA certificate (self signed).
+# cert2 (key2) - second level CA certificate (signed with key1/cert1)
+# cert3 (key3) - signature/encryption certificate (signed with key2/cert2)
+# All the private keys are encrypted with password "secret".
+#
+export CA_TOP=./demoCA
+export CA_PWD=secret
+
+echo "Remove old file"
+rm -rf "$CA_TOP" *.pem *.der *.p12 *.req
+
+echo "Create CA folders structure"
+mkdir "$CA_TOP"
+mkdir "${CA_TOP}/certs"
+mkdir "${CA_TOP}/crl"
+mkdir "${CA_TOP}/newcerts"
+mkdir "${CA_TOP}/private"
+echo "01" > "$CA_TOP/serial"
+touch "$CA_TOP/index.txt"
+
+echo "Create root key and certificate"
+export CERT_NAME="aleksey-xkms-01 root certificate"
+openssl req -config ./openssl.cnf -new -x509 -keyout key1.pem -out cert1.pem -batch
+
+echo "Generate RSA key and second level certificate"
+export CERT_NAME="aleksey-xkms-01 second level certificate"
+openssl genrsa -out key2.pem
+openssl req -config ./openssl.cnf -batch -new -key key2.pem -out req2.pem
+openssl ca -config ./openssl.cnf -passin pass:$CA_PWD -batch -extensions v3_ca -cert cert1.pem -keyfile key1.pem -out cert2.pem -infiles req2.pem
+
+echo "Generate another RSA key and third level certificate"
+export CERT_NAME="aleksey-xkms-01 signature and encryption certificate"
+openssl genrsa -out key3.pem
+openssl req -config ./openssl.cnf -batch -new -key key3.pem -out req3.pem
+openssl ca -config ./openssl.cnf -passin pass:$CA_PWD -batch -cert cert2.pem -keyfile key2.pem -out cert3.pem -infiles req3.pem
+
+echo "Convert all private keys to der, pkcs8/der and pkcs12 format"
+openssl rsa -passin pass:$CA_PWD -passout pass:$CA_PWD -inform PEM -outform DER -in key1.pem -out key1.der
+openssl rsa -passin pass:$CA_PWD -passout pass:$CA_PWD -inform PEM -outform DER -in key2.pem -out key2.der
+openssl rsa -passin pass:$CA_PWD -passout pass:$CA_PWD -inform PEM -outform DER -in key3.pem -out key3.der
+
+openssl pkcs8 -passin pass:$CA_PWD -passout pass:$CA_PWD -in key1.pem -inform pem -out key1-pk8.der -outform der -topk8
+openssl pkcs8 -passin pass:$CA_PWD -passout pass:$CA_PWD -in key2.pem -inform pem -out key2-pk8.der -outform der -topk8
+openssl pkcs8 -passin pass:$CA_PWD -passout pass:$CA_PWD -in key3.pem -inform pem -out key3-pk8.der -outform der -topk8
+
+openssl pkcs12 -passin pass:$CA_PWD -passout pass:$CA_PWD -export -in cert1.pem -inkey key1.pem -name key1 -out key1.p12
+openssl pkcs12 -passin pass:$CA_PWD -passout pass:$CA_PWD -export -in cert2.pem -inkey key2.pem -name key2 -out key2.p12
+openssl pkcs12 -passin pass:$CA_PWD -passout pass:$CA_PWD -export -in cert3.pem -inkey key3.pem -name key3 -out key3.p12
+
+echo "Convert all certificates to der format"
+openssl x509 -outform DER -in cert1.pem -out cert1.der
+openssl x509 -outform DER -in cert2.pem -out cert2.der
+openssl x509 -outform DER -in cert3.pem -out cert3.der
+
+echo "View certificates"
+openssl x509 -noout -text -in cert1.pem
+openssl x509 -noout -text -in cert2.pem
+openssl x509 -noout -text -in cert3.pem
+
+echo "Test certificates"
+openssl verify -CAfile cert1.pem cert2.pem
+openssl verify -CAfile cert1.pem -untrusted cert2.pem cert3.pem
+
+
+echo "Cleanup"
+rm -rf "$CA_TOP" *.req
+
+
+ \ No newline at end of file
diff --git a/tests/aleksey-xkms-01/keys/key1-pk8.der b/tests/aleksey-xkms-01/keys/key1-pk8.der
new file mode 100644
index 00000000..534bbe0f
--- /dev/null
+++ b/tests/aleksey-xkms-01/keys/key1-pk8.der
Binary files differ
diff --git a/tests/aleksey-xkms-01/keys/key1.der b/tests/aleksey-xkms-01/keys/key1.der
new file mode 100644
index 00000000..418252f1
--- /dev/null
+++ b/tests/aleksey-xkms-01/keys/key1.der
Binary files differ
diff --git a/tests/aleksey-xkms-01/keys/key1.p12 b/tests/aleksey-xkms-01/keys/key1.p12
new file mode 100644
index 00000000..17475702
--- /dev/null
+++ b/tests/aleksey-xkms-01/keys/key1.p12
Binary files differ
diff --git a/tests/aleksey-xkms-01/keys/key1.pem b/tests/aleksey-xkms-01/keys/key1.pem
new file mode 100644
index 00000000..384146f7
--- /dev/null
+++ b/tests/aleksey-xkms-01/keys/key1.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,EF746F459C10E84C
+
++vGzkn5DyrDLs2Y0Lob6vcvfA/GgjJDU6HOrOUziiujCSWE0ajdsrQROcuoLjkm3
+EyHsIxEqqawJM5uYMhw/tYH+9n+89w0GYRELhL/z+u23dUPNlJd/32ttGDmywyBB
+byucTX4plVs74nrbeXuK9AJy7AKmZKV/h2fWjLNSNtWEa86A2b9wH2MrIIxfjoQX
+cw9rb1ejs6O8takn0HmOfoTHvor+jq21w299jLZ32GfUhJTiTPNpfnqBwwmlKvoe
+UyIPgquRi1XAstCuzTRCrfCqJTRB7OBh2dvoWgz/12/z11PULtr15XB3ex9pOZn/
+Dw/qYLwDqv4pp7sRHZeTOPRZ6By6KPTeFn3A7jd4P/s/M1IcGJ46DXSjx+wlhYs6
+QnanaZhApt1Xk9HWiLPlrGbT98QkXYorp6NHGeuAl1HB3epnZRfGB7DhgbKcVTlJ
+FS/MOo6knz5XjKjbE03Jf0EQlad5UsXcwlAzxGGYDjEnCOpOwowkKBrpl4yvkEBK
+Md69hiAaIHup35yz51mwTXalwUiJMNSKp6DSoM2I9MFxTvKJXnClVwa/Xy6fb1L+
+W1tMyFvLtUpe2un9NFBS/7bxfOxSeBWQGxvKFyqwcn/JC3xNhnXybpgIFPijrfXj
+Dot8uDHjZZaZ0PogsnF1chd7TcNXH93VKQJSHPt/2p9+B2hM10cQE27iS9Op6AXr
+S62hLDddlxja1xebclecfWG6IVZrL2fH2rDQDUWxXbZ4Mq/qWO2prkrvEBhK447h
+WuupfwIAY9wVEFsTY3jbnjlpHo4ucpXCxvxJl5niXgwKwMXVoccOFg==
+-----END RSA PRIVATE KEY-----
diff --git a/tests/aleksey-xkms-01/keys/key2-pk8.der b/tests/aleksey-xkms-01/keys/key2-pk8.der
new file mode 100644
index 00000000..4144ca8a
--- /dev/null
+++ b/tests/aleksey-xkms-01/keys/key2-pk8.der
Binary files differ
diff --git a/tests/aleksey-xkms-01/keys/key2.der b/tests/aleksey-xkms-01/keys/key2.der
new file mode 100644
index 00000000..25012762
--- /dev/null
+++ b/tests/aleksey-xkms-01/keys/key2.der
Binary files differ
diff --git a/tests/aleksey-xkms-01/keys/key2.p12 b/tests/aleksey-xkms-01/keys/key2.p12
new file mode 100644
index 00000000..e1b69c2d
--- /dev/null
+++ b/tests/aleksey-xkms-01/keys/key2.p12
Binary files differ
diff --git a/tests/aleksey-xkms-01/keys/key2.pem b/tests/aleksey-xkms-01/keys/key2.pem
new file mode 100644
index 00000000..3786b66c
--- /dev/null
+++ b/tests/aleksey-xkms-01/keys/key2.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBAN37fpEKQdeefqnGx9MqFOj9mhyCvimC07NL5pPl6OL4DQbM9oUd
+eljQr6cOmFZRgHOOuM6TEwHOW+/4E69z1LMCAwEAAQJAdaKTHfWbktIxOXNX7bV9
+Q0Mxai5267Siz39Hf9T0p2HjERBxLjn2/wr6LbzmIsj13hLr4CcGzjS1nQFo2ogU
+8QIhAP2XFRdCV6virQiK/yAkRU+oBHEcLdKdJb61h5QM3SMlAiEA4BeEycqGq8Pz
+Bg86CA2cf4asTj/PzULyU7XmDgB9fPcCIQCvruqaqYiJeUm9IGatgtNN4y3omsgY
+IGzU2XhrFhphzQIhALj28KXWwt3X+SoRO2cWRQyFzocv6IeWMIqj42W/RdT1AiEA
+1sl/iVwvUefejP+CaD00Aswo8PW6zUiNNfoLeH4dfwo=
+-----END RSA PRIVATE KEY-----
diff --git a/tests/aleksey-xkms-01/keys/key3-pk8.der b/tests/aleksey-xkms-01/keys/key3-pk8.der
new file mode 100644
index 00000000..17dcd29c
--- /dev/null
+++ b/tests/aleksey-xkms-01/keys/key3-pk8.der
Binary files differ
diff --git a/tests/aleksey-xkms-01/keys/key3.der b/tests/aleksey-xkms-01/keys/key3.der
new file mode 100644
index 00000000..8209754e
--- /dev/null
+++ b/tests/aleksey-xkms-01/keys/key3.der
Binary files differ
diff --git a/tests/aleksey-xkms-01/keys/key3.p12 b/tests/aleksey-xkms-01/keys/key3.p12
new file mode 100644
index 00000000..8670b50e
--- /dev/null
+++ b/tests/aleksey-xkms-01/keys/key3.p12
Binary files differ
diff --git a/tests/aleksey-xkms-01/keys/key3.pem b/tests/aleksey-xkms-01/keys/key3.pem
new file mode 100644
index 00000000..9574d1d4
--- /dev/null
+++ b/tests/aleksey-xkms-01/keys/key3.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOgIBAAJBANLbTx9LUz4zM457AzK0BTt5xPkSu0tOsraZmvtAyoAazr3qoe/1
+Y5aLXXl4NotbnRdFU2vXp6Kq4O1eXncR8G8CAwEAAQJAa3T2qrUhlCZV1Pvd0l4p
++HiDKIgiSSuvKh23/Om1CXkyhUot7ky5FtH0vjPjy8C9YNeVQefcOFpUlgT13ifH
+GQIhAPogHHKhfQz1RveauqOUEhUM60M861oioeDTVICgFUGTAiEA188Xz+fPHg8P
+EaOnlWAfpj5MEPv/Hn1bG3Z1LRA1TzUCICmtQBA5qESIehK3zXGEMp8fT/QcKnsS
+WjbD/8iO4/vRAiAzgugBJSin2RpUsIaAvifvy3DmoO+9PFixzm2bqwG+fQIhAJIA
+D28ibeq5xOdikLT3yyZQQ7kuYRVp7lQeVb0K7U5l
+-----END RSA PRIVATE KEY-----
diff --git a/tests/aleksey-xkms-01/keys/openssl.cnf b/tests/aleksey-xkms-01/keys/openssl.cnf
new file mode 100644
index 00000000..0d6326bc
--- /dev/null
+++ b/tests/aleksey-xkms-01/keys/openssl.cnf
@@ -0,0 +1,106 @@
+#
+# aleksey-xkms-01 OpenSSL configuration file.
+#
+# Environment variables:
+# CA_TOP - the CA folder (./demoCA)
+# CERT_NAME - the currently generated certificate name ("")
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+[ ca ]
+default_ca = CA_default # The default ca section
+
+[ CA_default ]
+dir = $ENV::CA_TOP # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = cert1.pem # The CA certificate
+private_key = key1.pem # The private key
+serial = $dir/serial # The current serial number
+crl = $dir/crl.pem # The current CRL
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+default_days = 3650 # how long to certify for
+default_crl_days = 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+policy = policy_match
+
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca
+input_password = secret
+output_password = secret
+string_mask = nombstr
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = US
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = California
+localityName = Locality Name (eg, city)
+localityName_default = Sunnyvale
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = XML Security Library
+organizationalUnitName = Organizational Unit Name (eg, section)
+organizationalUnitName_default = $ENV::CERT_NAME
+commonName = Common Name (eg, your name or your server\'s hostname)
+commonName_default = http://www.aleksey.com/xmlsec
+emailAddress = Email Address
+emailAddress_default = xmlsec@aleksey.com
+
+[ req_attributes ]
+
+[ v3_req ]
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+nsComment = $ENV::CERT_NAME
+
+[ v3_ca ]
+basicConstraints = CA:TRUE
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid:always,issuer:always
+nsComment = $ENV::CERT_NAME
+
+[ usr_cert ]
+basicConstraints = CA:FALSE
+nsCertType = client, email, objsign
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+nsComment = $ENV::CERT_NAME
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
diff --git a/tests/aleksey-xkms-01/keys/req2.pem b/tests/aleksey-xkms-01/keys/req2.pem
new file mode 100644
index 00000000..3860d8d9
--- /dev/null
+++ b/tests/aleksey-xkms-01/keys/req2.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBjzCCATkCAQAwgdMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
+MRIwEAYDVQQHEwlTdW5ueXZhbGUxHTAbBgNVBAoTFFhNTCBTZWN1cml0eSBMaWJy
+YXJ5MTEwLwYDVQQLEyhhbGVrc2V5LXhrbXMtMDEgc2Vjb25kIGxldmVsIGNlcnRp
+ZmljYXRlMSYwJAYDVQQDEx1odHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYzEh
+MB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMFwwDQYJKoZIhvcNAQEB
+BQADSwAwSAJBAN37fpEKQdeefqnGx9MqFOj9mhyCvimC07NL5pPl6OL4DQbM9oUd
+eljQr6cOmFZRgHOOuM6TEwHOW+/4E69z1LMCAwEAAaAAMA0GCSqGSIb3DQEBBAUA
+A0EAoBq9CU6bylLSV9+msyb1Ya49PV4eCXJuvQ4S6lJz/FdrOnxK65BsXWI3Vo58
+KSIfJNTjAC0Xy51ANAG5mUxeyw==
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/aleksey-xkms-01/keys/req3.pem b/tests/aleksey-xkms-01/keys/req3.pem
new file mode 100644
index 00000000..16b33444
--- /dev/null
+++ b/tests/aleksey-xkms-01/keys/req3.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBmzCCAUUCAQAwgd8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
+MRIwEAYDVQQHEwlTdW5ueXZhbGUxHTAbBgNVBAoTFFhNTCBTZWN1cml0eSBMaWJy
+YXJ5MT0wOwYDVQQLEzRhbGVrc2V5LXhrbXMtMDEgc2lnbmF0dXJlIGFuZCBlbmNy
+eXB0aW9uIGNlcnRpZmljYXRlMSYwJAYDVQQDEx1odHRwOi8vd3d3LmFsZWtzZXku
+Y29tL3htbHNlYzEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMFww
+DQYJKoZIhvcNAQEBBQADSwAwSAJBANLbTx9LUz4zM457AzK0BTt5xPkSu0tOsraZ
+mvtAyoAazr3qoe/1Y5aLXXl4NotbnRdFU2vXp6Kq4O1eXncR8G8CAwEAAaAAMA0G
+CSqGSIb3DQEBBAUAA0EAqBHpXfIIFP1VGwqI6em5vOuyapzYx+s4Cjrem7zHZ+7J
+GM4uRSy8oE2RPiLODy9DVmPRpdit/9yhWrlQIhxalQ==
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/aleksey-xkms-01/locate-example-1-bad-service.xml b/tests/aleksey-xkms-01/locate-example-1-bad-service.xml
new file mode 100644
index 00000000..ca54d136
--- /dev/null
+++ b/tests/aleksey-xkms-01/locate-example-1-bad-service.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0"?>
+<LocateResult xmlns="http://www.w3.org/2002/03/xkms#" Id="AK4RNs6LxPMwFfTN5X3UEaIzsts8n7i3" Service="http://www.example.com/xkms" RequestId="Ibcef5348aa386dedeff0bdf6bae872db" ResultMajor="Sender" ResultMinor="Failure"/>
diff --git a/tests/aleksey-xkms-01/locate-example-1-no-match.xml b/tests/aleksey-xkms-01/locate-example-1-no-match.xml
new file mode 100644
index 00000000..f3a230ab
--- /dev/null
+++ b/tests/aleksey-xkms-01/locate-example-1-no-match.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0"?>
+<LocateResult xmlns="http://www.w3.org/2002/03/xkms#" Id="i_EgHv33_VtORyYM7QcrREX_ERkxuMin" Service="http://www.example.com/xkms" RequestId="Ibcef5348aa386dedeff0bdf6bae872db" ResultMajor="Sender" ResultMinor="NoMatch"/>
diff --git a/tests/aleksey-xkms-01/locate-example-1.xml b/tests/aleksey-xkms-01/locate-example-1.xml
new file mode 100644
index 00000000..6c575747
--- /dev/null
+++ b/tests/aleksey-xkms-01/locate-example-1.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?>
+<LocateRequest xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
+ xmlns="http://www.w3.org/2002/03/xkms#"
+ Id="Ibcef5348aa386dedeff0bdf6bae872db"
+ Service="http://www.example.com/xkms">
+ <RespondWith>KeyName</RespondWith>
+ <RespondWith>KeyValue</RespondWith>
+ <RespondWith>X509Cert</RespondWith>
+ <RespondWith>X509Chain</RespondWith>
+ <RespondWith>PGPWeb</RespondWith>
+ <RespondWith>PGP</RespondWith>
+ <QueryKeyBinding>
+ <KeyUsage>Encryption</KeyUsage>
+ <UseKeyWith Application="urn:ietf:rfc:2440" Identifier="bob@bobcorp.test"/>
+ <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="bob@bobcorp.test"/>
+ </QueryKeyBinding>
+</LocateRequest>
diff --git a/tests/aleksey-xkms-01/locate-example-2-no-match.xml b/tests/aleksey-xkms-01/locate-example-2-no-match.xml
new file mode 100644
index 00000000..57092c03
--- /dev/null
+++ b/tests/aleksey-xkms-01/locate-example-2-no-match.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0"?>
+<LocateResult xmlns="http://www.w3.org/2002/03/xkms#" Id="kh561pqakQw3jtjxWZ19apUKn__1Ggpw" Service="http://www.example.com/xkms" RequestId="I4593b8d4b6bd9ae7262560b5de1016bc" ResultMajor="Sender" ResultMinor="NoMatch"/>
diff --git a/tests/aleksey-xkms-01/locate-example-2.xml b/tests/aleksey-xkms-01/locate-example-2.xml
new file mode 100644
index 00000000..cc91dc96
--- /dev/null
+++ b/tests/aleksey-xkms-01/locate-example-2.xml
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="utf-8"?>
+<LocateRequest xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
+ xmlns="http://www.w3.org/2002/03/xkms#"
+ Id="I4593b8d4b6bd9ae7262560b5de1016bc"
+ Service="http://www.example.com/xkms">
+ <RespondWith>KeyValue</RespondWith>
+ <QueryKeyBinding>
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIIEDTCCA7egAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBvzELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExHTAbBgNVBAoTFFhNTCBTZWN1cml0eSBMaWJy
+YXJ5MTEwLwYDVQQLEyhhbGVrc2V5LXhrbXMtMDEgc2Vjb25kIGxldmVsIGNlcnRp
+ZmljYXRlMSYwJAYDVQQDEx1odHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYzEh
+MB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4XDTA0MDIwMzE5MTEy
+OFoXDTE0MDEzMTE5MTEyOFowgcsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxp
+Zm9ybmlhMR0wGwYDVQQKExRYTUwgU2VjdXJpdHkgTGlicmFyeTE9MDsGA1UECxM0
+YWxla3NleS14a21zLTAxIHNpZ25hdHVyZSBhbmQgZW5jcnlwdGlvbiBjZXJ0aWZp
+Y2F0ZTEmMCQGA1UEAxMdaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMxITAf
+BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTBcMA0GCSqGSIb3DQEBAQUA
+A0sAMEgCQQDS208fS1M+MzOOewMytAU7ecT5ErtLTrK2mZr7QMqAGs696qHv9WOW
+i115eDaLW50XRVNr16eiquDtXl53EfBvAgMBAAGjggGOMIIBijAJBgNVHRMEAjAA
+MBEGCWCGSAGG+EIBAQQEAwIEsDALBgNVHQ8EBAMCBeAwQwYJYIZIAYb4QgENBDYW
+NGFsZWtzZXkteGttcy0wMSBzaWduYXR1cmUgYW5kIGVuY3J5cHRpb24gY2VydGlm
+aWNhdGUwHQYDVR0OBBYEFJw9QoFYPiU7VQheRsUV7LrY84+TMIH4BgNVHSMEgfAw
+ge2AFBNkETCzKUgXLJp9G7K9hD6tjeDDoYHRpIHOMIHLMQswCQYDVQQGEwJVUzET
+MBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMR0wGwYDVQQK
+ExRYTUwgU2VjdXJpdHkgTGlicmFyeTEpMCcGA1UECxMgYWxla3NleS14a21zLTAx
+IHJvb3QgY2VydGlmaWNhdGUxJjAkBgNVBAMTHWh0dHA6Ly93d3cuYWxla3NleS5j
+b20veG1sc2VjMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CAQEw
+DQYJKoZIhvcNAQEFBQADQQAsb2Wh4hp+axYEGrsTMqd9j8pKuxJqa89ob4nl/FwN
+5jelwnWbB+3HG7f9GusYg6nNzga1EFD3YTfW23YWIKd9
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ <KeyUsage>Signature</KeyUsage>
+ </QueryKeyBinding>
+</LocateRequest>
diff --git a/tests/aleksey-xkms-01/locate-opaque-client-data-no-match.xml b/tests/aleksey-xkms-01/locate-opaque-client-data-no-match.xml
new file mode 100644
index 00000000..0e3f152a
--- /dev/null
+++ b/tests/aleksey-xkms-01/locate-opaque-client-data-no-match.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0"?>
+<LocateResult xmlns="http://www.w3.org/2002/03/xkms#" Id="lWW2Ua0wnq19PPm09tZdVx87UcG2Wt_g" Service="http://www.example.com/xkms" RequestId="aleksey_xkms_01_locate_opaque_client_data" ResultMajor="Sender" ResultMinor="NoMatch"/>
diff --git a/tests/aleksey-xkms-01/locate-opaque-client-data.xml b/tests/aleksey-xkms-01/locate-opaque-client-data.xml
new file mode 100644
index 00000000..b8345e47
--- /dev/null
+++ b/tests/aleksey-xkms-01/locate-opaque-client-data.xml
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="utf-8"?>
+<xkms:LocateRequest xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
+ xmlns:xkms="http://www.w3.org/2002/03/xkms#"
+ Id="aleksey_xkms_01_locate_opaque_client_data"
+ Service="http://www.example.com/xkms"
+ Nonce="NhdGUxFjAUBgNVBAMTDUFsZWtzZXkgU2Fu"
+ ResponseLimit="5" >
+ <xkms:MessageExtension>
+ <example:Data xmlns:example="http://www.example.com/MessageExtension">01234</example:Data>
+ </xkms:MessageExtension>
+ <xkms:MessageExtension>
+ <example:Data xmlns:example="http://www.example.com/MessageExtension">56789</example:Data>
+ </xkms:MessageExtension>
+ <xkms:OpaqueClientData>
+ <xkms:OpaqueData>XfiZuHwu3rTFhca9O6sVPOcBuFTrnAgMBAAGjggFXMIIBUzAJBgNVHRMEAjAA</xkms:OpaqueData>
+ </xkms:OpaqueClientData>
+ <xkms:RespondWith>xkms:KeyName</xkms:RespondWith>
+ <xkms:RespondWith>xkms:KeyValue</xkms:RespondWith>
+ <xkms:RespondWith>xkms:X509Cert</xkms:RespondWith>
+ <xkms:RespondWith>xkms:X509Chain</xkms:RespondWith>
+ <xkms:RespondWith>PGPWeb</xkms:RespondWith>
+ <xkms:RespondWith>PGP</xkms:RespondWith>
+ <xkms:QueryKeyBinding>
+ <ds:KeyInfo>
+ <KeyName>key2</KeyName>
+ </ds:KeyInfo>
+ <xkms:KeyUsage>xkms:Encryption</xkms:KeyUsage>
+ <xkms:UseKeyWith Application="urn:ietf:rfc:2440" Identifier="bob@bobcorp.test"/>
+ <xkms:UseKeyWith Application="urn:ietf:rfc:2633" Identifier="bob@bobcorp.test"/>
+ </xkms:QueryKeyBinding>
+</xkms:LocateRequest>
diff --git a/tests/aleksey-xkms-01/readme.txt b/tests/aleksey-xkms-01/readme.txt
new file mode 100644
index 00000000..8aac6f41
--- /dev/null
+++ b/tests/aleksey-xkms-01/readme.txt
@@ -0,0 +1,117 @@
+XKMS Featrues
+ <xkms:StatusRequest>
+ <xkms:LocateRequest>
+ <xkms:ValidateRequest>
+ <xkms:CompundRequest>
+ Pending requests
+ <xkms:MessageExtension>
+ <xkms:OpaqueClientData>
+ <xkms:KeyUsage>
+ <xkms:UseKeyWith>
+ <xkms:TieInstant> and <xkms:ValidityInterval>
+
+
+Expected service is http://www.example.com/xkms
+
+1) Tests
+1.1) locate-example-1 (LocateRequest example 4.1.1 from XKMS 2.0 spec).
+
+ * locate-example-1.xml - LocateRequest file.
+ * locate-example-1-no-match.xml - LocateResult: "NoMatch" error
+ (key not found).
+ * locate-example-1-bad-service.xml - LocateResult: bad "Service".
+
+1.2) locate-example-2 (LocateRequest example 4.1.2 from XKMS 2.0 spec
+with certificate from cert2.pem file).
+
+ * locate-example-2.xml - LocateRequest file.
+ * locate-example-2-no-match.xml - LocateResult: "NoMatch" error
+ (key not found).
+
+1.3) validate-example-1 (ValidateRequest example 4.2.1 from XKMS 2.0 spec
+with certificates from cert2.pem and cert3.pem file).
+
+ * validate-example-1.xml - ValidateRequest file.
+ * validate-example-1-no-match.xml - ValidateResult: "NoMatch" error
+ (key not found).
+
+1.4) compaund-example-1 (CompaundRequest example 2.8.1 from XKMS 2.0 spec
+with certificate from cert3.pem file).
+
+ * compaund-example-1.xml - CompaundRequest file.
+ * compound-example-1-no-match.xml - CompoundResult: "NoMatch" error
+ (key not found).
+
+1.5) locate-opaque-client-data (LocateRequest with xkms:MessageExtension and
+xkms:OpaqueClientData nodes).
+
+ * locate-opaque-client-data.xml - LocateRequest file.
+ * locate-opaque-client-data-no-match.xml
+ - LocateResult: "NoMatch" error
+ (key not found).
+
+1.6) status-request (simple StatusRequest)
+
+ * status-request.xml - StatusRequest file.
+ * status-request-success.xml - StatusResult: success.
+
+1.7) soap12-locate-example-1 (SOAP 1.2 LocateRequest example 3.1.1
+from XKMS 2.0 spec
+
+ * soap12-locate-example-1.xml - SOAP 1.2 LocateRequest file.
+ * soap12-locate-example-1-no-match.xml
+ - SOAP 1.2 LocateResult: "NoMatch"
+ error (key not found).
+ * soap12-locate-example-1-unsupported.xml
+ - Processing SOAP 1.2 request with
+ SOAP 1.1: "Unsupported SOAP Version":
+
+1.8) soap11-locate-example-1 (SOAP 1.1 LocateRequest example 3.1.2
+from XKMS 2.0 spec
+
+ * soap11-locate-example-1.xml - SOAP 1.1 LocateRequest file.
+ * soap11-locate-example-1-no-match.xml
+ - SOAP 1.1 LocateResult: "NoMatch"
+ error (key not found).
+ * soap11-locate-example-1-unsupported.xml
+ - Processing SOAP 1.1 request with
+ SOAP 1.2: "Unsupported SOAP Version":
+
+1.9) bad-request-name (A request with invalid node name).
+ bad-request-name.xml - Invalid request file.
+ bad-request-name-not-supported.xml - Result: MessageNotSupported error.
+
+1.10) soap12-bad-request-name (SOAP 1.2 request with invalid node name).
+ soap12-bad-request-name.xml - SOAP 1.2 Invalid request file.
+ soap12-bad-request-name-not-supported.xml
+ - SOAP 1.2 Result: MessageNotSupported error.
+
+1.11) soap11-bad-request-name (SOAP 1.1 request with invalid node name).
+ soap11-bad-request-name.xml - SOAP 1.1 Invalid request file.
+ soap11-bad-request-name-not-supported.xml
+ - SOAP 1.1 Result: MessageNotSupported error.
+
+
+2) Keys and certificates (private keys are encrypted with password "secret")
+ keys/create-keys.sh - shell script to create the keys and certificates chain
+ keys/openssl.cnf - config file for create-keys.sh script
+ keys/key1.pem - root certificate RSA 1024 key in PEM format
+ keys/key1.der - key1.pem key in DER format
+ keys/key1-pk8.der - key1.pem key in PKCS8 DER format
+ keys/key1.p12 - key1.pem key and cert1.pem in PKCS12 format
+ keys/cert1.pem - root certificate for key1.pem
+ keys/cert1.der - cert1.pem certificate in DER format
+ keys/key2.pem - second level CA RSA 1024 key
+ keys/key2.der - key2.pem key in DER format
+ keys/key2.p12 - key2.pem key and cert2.pem in PKCS12 format
+ keys/key2-pk8.der - key2.pem key in PKCS8 DER format
+ keys/cert2.pem - certificate for key2.pem signed with key1.pem (cert1.pem)
+ keys/cert2.der - cert2.pem certificate in DER format
+ keys/key3.pem - signature/encryption RSA 1024 key
+ keys/key3.der - key3.pem key in DER format
+ keys/key3.p12 - key3.pem key and cert3.pem in PKCS12 format
+ keys/key3-pk8.der - key3.pem key in PKCS8 DER format
+ keys/cert3.pem - certificate for key3.pem signed with key2.pem (cert2.pem)
+ keys/cert3.der - cert3.pem certificate in DER format
+
+ \ No newline at end of file
diff --git a/tests/aleksey-xkms-01/soap11-bad-request-name-msg-invalid.xml b/tests/aleksey-xkms-01/soap11-bad-request-name-msg-invalid.xml
new file mode 100644
index 00000000..b53a68c0
--- /dev/null
+++ b/tests/aleksey-xkms-01/soap11-bad-request-name-msg-invalid.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0"?>
+<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/">
+<Body>
+<Fault>
+<faultcode>Client</faultcode>
+<faultstring>InvalidRequest message invalid</faultstring>
+</Fault>
+</Body>
+</Envelope>
diff --git a/tests/aleksey-xkms-01/soap11-bad-request-name.xml b/tests/aleksey-xkms-01/soap11-bad-request-name.xml
new file mode 100644
index 00000000..1c41d8d3
--- /dev/null
+++ b/tests/aleksey-xkms-01/soap11-bad-request-name.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0"?>
+<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
+ <env:Body>
+ <xkms:InvalidRequest xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
+ xmlns:xkms="http://www.w3.org/2002/03/xkms#"
+ Id="aleksey_xkms_01_bad_request_name"
+ Service="http://www.example.com/xkms"
+ Nonce="NhdGUxFjAUBgNVBAMTDUFsZWtzZXkasdfgU2Fu"
+ ResponseLimit="5" >
+ <xkms:RespondWith>KeyName</xkms:RespondWith>
+ </xkms:InvalidRequest>
+ </env:Body>
+</env:Envelope>
diff --git a/tests/aleksey-xkms-01/soap11-locate-example-1-no-match.xml b/tests/aleksey-xkms-01/soap11-locate-example-1-no-match.xml
new file mode 100644
index 00000000..77dfc5f7
--- /dev/null
+++ b/tests/aleksey-xkms-01/soap11-locate-example-1-no-match.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0"?>
+<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/">
+<Body>
+<LocateResult xmlns="http://www.w3.org/2002/03/xkms#" Id="VWctryrG7XgGsbTws4kvbVDTR_9lXg8u" Service="http://www.example.com/xkms" RequestId="I94d1048aa24259465d7271cb4433dbb4" ResultMajor="Sender" ResultMinor="NoMatch"/>
+</Body>
+</Envelope>
diff --git a/tests/aleksey-xkms-01/soap11-locate-example-1-unsupported.xml b/tests/aleksey-xkms-01/soap11-locate-example-1-unsupported.xml
new file mode 100644
index 00000000..9b0fcebe
--- /dev/null
+++ b/tests/aleksey-xkms-01/soap11-locate-example-1-unsupported.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0"?>
+<Envelope xmlns="http://www.w3.org/2002/06/soap-envelope">
+<Body>
+<Fault>
+<Code>
+<Value>VersionMismatch</Value>
+</Code>
+<Reason>
+<Text xml:lang="en">Unsupported SOAP version</Text>
+</Reason>
+</Fault>
+</Body>
+</Envelope>
diff --git a/tests/aleksey-xkms-01/soap11-locate-example-1.xml b/tests/aleksey-xkms-01/soap11-locate-example-1.xml
new file mode 100644
index 00000000..67213ffd
--- /dev/null
+++ b/tests/aleksey-xkms-01/soap11-locate-example-1.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0"?>
+<env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
+ <env:Body>
+ <LocateRequest xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
+ xmlns="http://www.w3.org/2002/03/xkms#"
+ Id="I94d1048aa24259465d7271cb4433dbb4"
+ Service="http://www.example.com/xkms">
+ <RespondWith>KeyName</RespondWith>
+ <RespondWith>KeyValue</RespondWith>
+ <RespondWith>X509Cert</RespondWith>
+ <RespondWith>X509Chain</RespondWith>
+ <RespondWith>PGPWeb</RespondWith>
+ <RespondWith>PGP</RespondWith>
+ <RespondWith>Multiple</RespondWith>
+ <QueryKeyBinding>
+ <KeyUsage>Encryption</KeyUsage>
+ <UseKeyWith Application="urn:ietf:rfc:2440" Identifier="bob@bobcorp.test"/>
+ <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="bob@bobcorp.test"/>
+ </QueryKeyBinding>
+ </LocateRequest>
+ </env:Body>
+</env:Envelope>
diff --git a/tests/aleksey-xkms-01/soap12-bad-request-name-msg-invalid.xml b/tests/aleksey-xkms-01/soap12-bad-request-name-msg-invalid.xml
new file mode 100644
index 00000000..f9de89e2
--- /dev/null
+++ b/tests/aleksey-xkms-01/soap12-bad-request-name-msg-invalid.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0"?>
+<Envelope xmlns="http://www.w3.org/2002/06/soap-envelope">
+<Body>
+<Fault xmlns:xkms="http://www.w3.org/2002/03/xkms#">
+<Code>xkms:MessageNotSupported</Code>
+<Reason>
+<Text xml:lang="en">InvalidRequest message invalid</Text>
+</Reason>
+</Fault>
+</Body>
+</Envelope>
diff --git a/tests/aleksey-xkms-01/soap12-bad-request-name.xml b/tests/aleksey-xkms-01/soap12-bad-request-name.xml
new file mode 100644
index 00000000..76a05cce
--- /dev/null
+++ b/tests/aleksey-xkms-01/soap12-bad-request-name.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0"?>
+<env:Envelope xmlns:env="http://www.w3.org/2002/06/soap-envelope">
+ <env:Body>
+ <xkms:InvalidRequest xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
+ xmlns:xkms="http://www.w3.org/2002/03/xkms#"
+ Id="aleksey_xkms_01_bad_request_name"
+ Service="http://www.example.com/xkms"
+ Nonce="NhdGUxFjAUBgNVBAMTDUFsZWtzZXkasdfgU2Fu"
+ ResponseLimit="5" >
+ <xkms:RespondWith>KeyName</xkms:RespondWith>
+ </xkms:InvalidRequest>
+ </env:Body>
+</env:Envelope>
diff --git a/tests/aleksey-xkms-01/soap12-locate-example-1-no-match.xml b/tests/aleksey-xkms-01/soap12-locate-example-1-no-match.xml
new file mode 100644
index 00000000..f4a47df1
--- /dev/null
+++ b/tests/aleksey-xkms-01/soap12-locate-example-1-no-match.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0"?>
+<Envelope xmlns="http://www.w3.org/2002/06/soap-envelope">
+<Body>
+<LocateResult xmlns="http://www.w3.org/2002/03/xkms#" Id="AlDwXZQSF4xaOGzRVMb6cympaV8fKmqU" Service="http://www.example.com/xkms" RequestId="I94d1048aa24259465d7271cb4433dbb4" ResultMajor="Sender" ResultMinor="NoMatch"/>
+</Body>
+</Envelope>
diff --git a/tests/aleksey-xkms-01/soap12-locate-example-1-unsupported.xml b/tests/aleksey-xkms-01/soap12-locate-example-1-unsupported.xml
new file mode 100644
index 00000000..02b7e2a3
--- /dev/null
+++ b/tests/aleksey-xkms-01/soap12-locate-example-1-unsupported.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0"?>
+<Envelope xmlns="http://schemas.xmlsoap.org/soap/envelope/">
+<Body>
+<Fault>
+<faultcode>VersionMismatch</faultcode>
+<faultstring>Unsupported SOAP version</faultstring>
+</Fault>
+</Body>
+</Envelope>
diff --git a/tests/aleksey-xkms-01/soap12-locate-example-1.xml b/tests/aleksey-xkms-01/soap12-locate-example-1.xml
new file mode 100644
index 00000000..f5f0cc95
--- /dev/null
+++ b/tests/aleksey-xkms-01/soap12-locate-example-1.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0"?>
+<env:Envelope xmlns:env="http://www.w3.org/2002/06/soap-envelope">
+ <env:Body>
+ <LocateRequest xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
+ xmlns="http://www.w3.org/2002/03/xkms#"
+ Id="I94d1048aa24259465d7271cb4433dbb4"
+ Service="http://www.example.com/xkms">
+ <RespondWith>KeyName</RespondWith>
+ <RespondWith>KeyValue</RespondWith>
+ <RespondWith>X509Cert</RespondWith>
+ <RespondWith>X509Chain</RespondWith>
+ <RespondWith>PGPWeb</RespondWith>
+ <RespondWith>PGP</RespondWith>
+ <RespondWith>Multiple</RespondWith>
+ <QueryKeyBinding>
+ <KeyUsage>Encryption</KeyUsage>
+ <UseKeyWith Application="urn:ietf:rfc:2440" Identifier="bob@bobcorp.test"/>
+ <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="bob@bobcorp.test"/>
+ </QueryKeyBinding>
+ </LocateRequest>
+ </env:Body>
+</env:Envelope>
diff --git a/tests/aleksey-xkms-01/status-request-success.xml b/tests/aleksey-xkms-01/status-request-success.xml
new file mode 100644
index 00000000..14f52431
--- /dev/null
+++ b/tests/aleksey-xkms-01/status-request-success.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0"?>
+<StatusResult xmlns="http://www.w3.org/2002/03/xkms#" Id="qWvHe4Wa3MO8EpJoPhhXTY9jf_PGByYC" Service="http://www.example.com/xkms" RequestId="aleksey_xkms_01_status_request" ResultMajor="Success"/>
diff --git a/tests/aleksey-xkms-01/status-request.xml b/tests/aleksey-xkms-01/status-request.xml
new file mode 100644
index 00000000..bb54cf69
--- /dev/null
+++ b/tests/aleksey-xkms-01/status-request.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?>
+<xkms:StatusRequest xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
+ xmlns:xkms="http://www.w3.org/2002/03/xkms#"
+ Id="aleksey_xkms_01_status_request"
+ Service="http://www.example.com/xkms" >
+</xkms:StatusRequest>
diff --git a/tests/aleksey-xkms-01/validate-example-1-no-match.xml b/tests/aleksey-xkms-01/validate-example-1-no-match.xml
new file mode 100644
index 00000000..482ddffe
--- /dev/null
+++ b/tests/aleksey-xkms-01/validate-example-1-no-match.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0"?>
+<ValidateResult xmlns="http://www.w3.org/2002/03/xkms#" Id="U8u3JSp5D5o2rbKEd8Y8yG1UBBC5_szY" Service="http://www.example.com/xkms" RequestId="Ic4d10f0affff49382b021a820613fa71" ResultMajor="Sender" ResultMinor="NoMatch"/>
diff --git a/tests/aleksey-xkms-01/validate-example-1.xml b/tests/aleksey-xkms-01/validate-example-1.xml
new file mode 100644
index 00000000..a184cb94
--- /dev/null
+++ b/tests/aleksey-xkms-01/validate-example-1.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="utf-8"?>
+<ValidateRequest xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
+ xmlns="http://www.w3.org/2002/03/xkms#"
+ Id="Ic4d10f0affff49382b021a820613fa71"
+ Service="http://www.example.com/xkms">
+ <RespondWith>KeyName</RespondWith>
+ <QueryKeyBinding>
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>
+MIIEDTCCA7egAwIBAgIBAjANBgkqhkiG9w0BAQUFADCBvzELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExHTAbBgNVBAoTFFhNTCBTZWN1cml0eSBMaWJy
+YXJ5MTEwLwYDVQQLEyhhbGVrc2V5LXhrbXMtMDEgc2Vjb25kIGxldmVsIGNlcnRp
+ZmljYXRlMSYwJAYDVQQDEx1odHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYzEh
+MB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4XDTA0MDIwMzE5MTEy
+OFoXDTE0MDEzMTE5MTEyOFowgcsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxp
+Zm9ybmlhMR0wGwYDVQQKExRYTUwgU2VjdXJpdHkgTGlicmFyeTE9MDsGA1UECxM0
+YWxla3NleS14a21zLTAxIHNpZ25hdHVyZSBhbmQgZW5jcnlwdGlvbiBjZXJ0aWZp
+Y2F0ZTEmMCQGA1UEAxMdaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMxITAf
+BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTBcMA0GCSqGSIb3DQEBAQUA
+A0sAMEgCQQDS208fS1M+MzOOewMytAU7ecT5ErtLTrK2mZr7QMqAGs696qHv9WOW
+i115eDaLW50XRVNr16eiquDtXl53EfBvAgMBAAGjggGOMIIBijAJBgNVHRMEAjAA
+MBEGCWCGSAGG+EIBAQQEAwIEsDALBgNVHQ8EBAMCBeAwQwYJYIZIAYb4QgENBDYW
+NGFsZWtzZXkteGttcy0wMSBzaWduYXR1cmUgYW5kIGVuY3J5cHRpb24gY2VydGlm
+aWNhdGUwHQYDVR0OBBYEFJw9QoFYPiU7VQheRsUV7LrY84+TMIH4BgNVHSMEgfAw
+ge2AFBNkETCzKUgXLJp9G7K9hD6tjeDDoYHRpIHOMIHLMQswCQYDVQQGEwJVUzET
+MBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJU3Vubnl2YWxlMR0wGwYDVQQK
+ExRYTUwgU2VjdXJpdHkgTGlicmFyeTEpMCcGA1UECxMgYWxla3NleS14a21zLTAx
+IHJvb3QgY2VydGlmaWNhdGUxJjAkBgNVBAMTHWh0dHA6Ly93d3cuYWxla3NleS5j
+b20veG1sc2VjMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CAQEw
+DQYJKoZIhvcNAQEFBQADQQAsb2Wh4hp+axYEGrsTMqd9j8pKuxJqa89ob4nl/FwN
+5jelwnWbB+3HG7f9GusYg6nNzga1EFD3YTfW23YWIKd9
+ </ds:X509Certificate>
+ <ds:X509Certificate>
+MIIEJTCCA46gAwIBAgIBATANBgkqhkiG9w0BAQUFADCByzELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTEdMBsGA1UE
+ChMUWE1MIFNlY3VyaXR5IExpYnJhcnkxKTAnBgNVBAsTIGFsZWtzZXkteGttcy0w
+MSByb290IGNlcnRpZmljYXRlMSYwJAYDVQQDEx1odHRwOi8vd3d3LmFsZWtzZXku
+Y29tL3htbHNlYzEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4X
+DTA0MDIwMzE5MTEyN1oXDTE0MDEzMTE5MTEyN1owgb8xCzAJBgNVBAYTAlVTMRMw
+EQYDVQQIEwpDYWxpZm9ybmlhMR0wGwYDVQQKExRYTUwgU2VjdXJpdHkgTGlicmFy
+eTExMC8GA1UECxMoYWxla3NleS14a21zLTAxIHNlY29uZCBsZXZlbCBjZXJ0aWZp
+Y2F0ZTEmMCQGA1UEAxMdaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMxITAf
+BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTBcMA0GCSqGSIb3DQEBAQUA
+A0sAMEgCQQDd+36RCkHXnn6pxsfTKhTo/Zocgr4pgtOzS+aT5eji+A0GzPaFHXpY
+0K+nDphWUYBzjrjOkxMBzlvv+BOvc9SzAgMBAAGjggFlMIIBYTAMBgNVHRMEBTAD
+AQH/MB0GA1UdDgQWBBQTZBEwsylIFyyafRuyvYQ+rY3gwzCB+AYDVR0jBIHwMIHt
+gBQL/BC2Efo+FlwlBLXi428w6cRhNqGB0aSBzjCByzELMAkGA1UEBhMCVVMxEzAR
+BgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTEdMBsGA1UEChMU
+WE1MIFNlY3VyaXR5IExpYnJhcnkxKTAnBgNVBAsTIGFsZWtzZXkteGttcy0wMSBy
+b290IGNlcnRpZmljYXRlMSYwJAYDVQQDEx1odHRwOi8vd3d3LmFsZWtzZXkuY29t
+L3htbHNlYzEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggEAMDcG
+CWCGSAGG+EIBDQQqFihhbGVrc2V5LXhrbXMtMDEgc2Vjb25kIGxldmVsIGNlcnRp
+ZmljYXRlMA0GCSqGSIb3DQEBBQUAA4GBAGMs5oZgbjfJBTeWZ7VZHAOyT+sS0tzK
+EPONgoId9RZLlBmxosG2zZ+Tu5xEqxh4HlkUzHEnenB7K/fmGTnQDrHHQH3Q/afI
+zMot8vXO5V3GX7vdYwU6tCEWUG+2JoaJ2riDcrkVwdEpKLo6GH3bGsqkreeH05ll
+oL+n2iYuEzV+
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ <KeyUsage>Signature</KeyUsage>
+ <UseKeyWith Application="urn:ietf:rfc:2633" Identifier="alice@alicecorp.test"/>
+ </QueryKeyBinding>
+</ValidateRequest>
diff --git a/tests/aleksey-xmldsig-01/README b/tests/aleksey-xmldsig-01/README
new file mode 100644
index 00000000..7b12f7b3
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/README
@@ -0,0 +1,47 @@
+README
+http://groups.google.com/groups?hl=en&threadm=9jlbt7%243141%241%40FreeBSD.csie.NCTU.edu.tw&rnum=20&prev=/groups%3Fq%3Dopenssl%2Bx509%2Bcertificates%2Bchain%26start%3D10%26hl%3Den%26selm%3D9jlbt7%25243141%25241%2540FreeBSD.csie.NCTU.edu.tw%26rnum%3D20
+http://www.post1.com/home/ngps/m2/howto.ca.html
+
+
+Commands:
+
+(0) create new CA and modify the openssl.cnf file
+to point to it
+
+> CA.pl -newca
+
+(1) a self-signed des3 root ca cert, using
+
+> openssl genrsa -des3 -out ca.key
+> openssl req -new -key ca.key -out ca.csr
+> openssl x509 -req -signkey ca.key -out ca.crt -in ca.csr
+
+verify ca.crt
+
+> openssl x509 -text -in ca.crt
+
+(2) a second ca cert, signed by the first ca, using
+
+> openssl genrsa -des3 -out ca2.key
+> openssl req -new -key ca2.key -out ca2.csr
+> openssl ca -cert ca.crt -keyfile ca.key -out ca2.crt -infiles ca2.csr
+
+verify ca2.crt
+
+> openssl x509 -text -in ca2.crt
+> openssl verify -CAfile ca.crt ca2.crt
+
+
+(3) a user cert using
+
+> openssl genrsa -des3 -out user.key
+> openssl req -new -key user.key -out user.csr
+> openssl ca -cert ca2.crt -keyfile ca2.key -out user.crt -infiles user.csr
+
+
+verify user.crt
+
+> openssl x509 -text -in ca3.crt
+> openssl verify -CAfile ca.crt -untrusted ca2.crt user.crt
+
+
diff --git a/tests/aleksey-xmldsig-01/dtd-hmac-91.dtd b/tests/aleksey-xmldsig-01/dtd-hmac-91.dtd
new file mode 100644
index 00000000..630c0aea
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/dtd-hmac-91.dtd
@@ -0,0 +1 @@
+<!ATTLIST SOAP:Body id ID #IMPLIED>
diff --git a/tests/aleksey-xmldsig-01/dtd-hmac-91.tmpl b/tests/aleksey-xmldsig-01/dtd-hmac-91.tmpl
new file mode 100644
index 00000000..ae473dfa
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/dtd-hmac-91.tmpl
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext"><SOAP:Header><wsse:Security><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+<SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1">
+ <HMACOutputLength>91</HMACOutputLength>
+ </SignatureMethod>
+ <Reference URI="#Body">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <DigestValue></DigestValue>
+ </Reference>
+</SignedInfo>
+ <SignatureValue></SignatureValue><KeyInfo><KeyName>name:KEY</KeyName></KeyInfo></Signature></wsse:Security></SOAP:Header><SOAP:Body id="Body">
+<echo xmlns="http://www.example.org">
+this
+is
+a
+test
+of
+echoing
+simple-91
+</echo>
+</SOAP:Body></SOAP:Envelope>
+
diff --git a/tests/aleksey-xmldsig-01/dtd-hmac-91.xml b/tests/aleksey-xmldsig-01/dtd-hmac-91.xml
new file mode 100644
index 00000000..8293a647
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/dtd-hmac-91.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext"><SOAP:Header><wsse:Security><Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+<SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1">
+ <HMACOutputLength>91</HMACOutputLength>
+ </SignatureMethod>
+ <Reference URI="#Body">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <DigestValue>KlK8TF9wnLYvXz008MJV4umoHhE=</DigestValue>
+ </Reference>
+</SignedInfo>
+ <SignatureValue>gmtoF50KWNUTGQCg</SignatureValue><KeyInfo><KeyName>name:KEY</KeyName></KeyInfo></Signature></wsse:Security></SOAP:Header><SOAP:Body id="Body">
+<echo xmlns="http://www.example.org">
+this
+is
+a
+test
+of
+echoing
+simple-91
+</echo>
+</SOAP:Body></SOAP:Envelope>
+
diff --git a/tests/aleksey-xmldsig-01/enveloped-gost.tmpl b/tests/aleksey-xmldsig-01/enveloped-gost.tmpl
new file mode 100644
index 00000000..a89538df
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloped-gost.tmpl
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+XML Security Library example: Simple signature template file for sign1 example.
+-->
+<Envelope xmlns="urn:envelope">
+ <Data>
+ Hello, World!
+ </Data>
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411"/>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">not(ancestor-or-self::dsig:Signature)</XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#gostr3411"/>
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue/>
+ <KeyInfo>
+<X509Data>
+<X509Certificate></X509Certificate>
+</X509Data>
+</KeyInfo>
+</Signature>
+</Envelope>
diff --git a/tests/aleksey-xmldsig-01/enveloped-gost.xml b/tests/aleksey-xmldsig-01/enveloped-gost.xml
new file mode 100644
index 00000000..a00b1a91
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloped-gost.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+XML Security Library example: Simple signature template file for sign1 example.
+-->
+<Envelope xmlns="urn:envelope">
+ <Data>
+ Hello, World!
+ </Data>
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#gostr34102001-gostr3411"/>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">not(ancestor-or-self::dsig:Signature)</XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#gostr3411"/>
+ <DigestValue>e1x3rydsnTQukoiTtQ0vHaWYqKka7yRiP1sB8AVobaA=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>DLVX5EypJpYtdD+iAx9/BCKDZlWNnG70jqps5qFGNmoRem5czMSIhc6yVR48ywN2
++HHUYG+9UouTr/d7BfDl8g==</SignatureValue>
+ <KeyInfo>
+<X509Data>
+<X509Certificate>MIICBzCCAbSgAwIBAgIBPDAKBgYqhQMCAgMFADCBjzELMAkGA1UEBhMCUlUxDzAN
+BgNVBAcTBk1vc2NvdzEjMCEGA1UEAxMaR09TVDIwMDEgQ3J5cHRvUHJvIFRlc3Qg
+Q0ExEjAQBgNVBAoTCUNyeXB0b2NvbTETMBEGA1UECxMKT3BlblNTTCBDQTEhMB8G
+CSqGSIb3DQEJARYSdml0dXNAY3J5cHRvY29tLnJ1MB4XDTA2MDExNjExMjQzN1oX
+DTA3MDExNjEyMjQzN1owXjELMAkGA1UEBhMCUlUxEjAQBgNVBAoTCUNyeXB0b2Nv
+bTEMMAoGA1UECxMDMTMwMQwwCgYDVQQDEwNSYW4xHzAdBgkqhkiG9w0BCQEWEHJh
+bkBjcnlwdG9jb20ucnUwYzAcBgYqhQMCAhMwEgYHKoUDAgIjAQYHKoUDAgIeAQND
+AARASEKiNMuNPqSOVf9PSG2IuWKQy9jvKX2w2pAQnJJsslTis9llJAJn10nXMW2T
+qvkI9C/DtrDiRmGuuS0PARgzVqMnMCUwDgYDVR0PAQH/BAQDAgbAMBMGA1UdJQQM
+MAoGCCqFAwIZAQIBMAoGBiqFAwICAwUAA0EAruCZrlhscel2tb/FPtdA0fBv3WOh
+mrmUMgrjVr/xVr0ZPeIzFGXAcKWYiEi5Gu+mJp17VLlhIq0Qny80bc6AdQ==</X509Certificate>
+</X509Data>
+</KeyInfo>
+</Signature>
+</Envelope>
diff --git a/tests/aleksey-xmldsig-01/enveloping-dsa-x509chain.tmpl b/tests/aleksey-xmldsig-01/enveloping-dsa-x509chain.tmpl
new file mode 100644
index 00000000..b3526b82
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-dsa-x509chain.tmpl
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ </X509Data>
+ </KeyInfo>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-dsa-x509chain.xml b/tests/aleksey-xmldsig-01/enveloping-dsa-x509chain.xml
new file mode 100644
index 00000000..f6d02ea5
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-dsa-x509chain.xml
@@ -0,0 +1,87 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <DigestValue>7/XTsHaBSOnJ/jXD5v0zL6VKYsk=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>Niji66p2agomSLiShIYXIekL7bdFEnxzpa2ETcad9mHXHWd218vjUg==</SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ <X509Certificate>MIIETTCCA7agAwIBAgIJANaOuOCRgiz3MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wHhcNMDUwNzEw
+MDIyOTAxWhcNMTUwNzA4MDIyOTAxWjCBvDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
+CkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRw
+Oi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRlc3QgUm9vdCBD
+ZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJ
+ARYSeG1sc2VjQGFsZWtzZXkuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDayaFajJxOdVU+8EjwO31S2XqNmYxxbHfiUJO3w2h57OPUkKAcKe5Gvt9hJbPT
+b3C4blPScOke2RexKnXS7pAXXbxFlgUlZ0QK0K2pdl559OSmrtH3mPP9BJvvDMlx
+kcNj9/EeD+yGd8GN/yT6PTDh8G/4lszOXL+tyKIkC4Ys/wIDAQABo4IBUzCCAU8w
+DAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
+Q2VydGlmaWNhdGUwHQYDVR0OBBYEFNpG6Wvmr9M9quUhS1LtymYo4P6FMIHxBgNV
+HSMEgekwgeaAFNpG6Wvmr9M9quUhS1LtymYo4P6FoYHCpIG/MIG8MQswCQYDVQQG
+EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3VyaXR5
+IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwGA1UE
+CxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNhbmlu
+MSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CCQDWjrjgkYIs9zAN
+BgkqhkiG9w0BAQUFAAOBgQBUXbdOTQwArcNrbxavzARp2JGOnzo6WzTm+OFSXC0F
+08YwT8jWbht97e8lNNVOBU4Y/38ReZqYC9OqFofG1/O9AdQ58WL/FWg8DgP5MJPT
+T9kRU3FU01jUiX2+kbdnghZAOJm0ziRNxfNPwIIWPKYXyXEKQQzrnxyFey1hP7cg
+6A==</X509Certificate>
+<X509Certificate>MIIEFTCCA36gAwIBAgIJANaOuOCRgiz4MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wHhcNMDUwNzEw
+MDIyOTU1WhcNMTUwNzA4MDIyOTU1WjCByDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
+CkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRw
+Oi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKjAoBgNVBAsTIVRlc3QgU2Vjb25k
+IExldmVsIFJTQSBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEh
+MB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMFwwDQYJKoZIhvcNAQEB
+BQADSwAwSAJBALK68onYK5Q8PfeCE+3hDwyKV6wfFVtunIp+ZputhWkMZUOY4oqn
+ffuolRln3kp/CVdtHaPTPIpYma9HFTH4+xMCAwEAAaOCAVMwggFPMAwGA1UdEwQF
+MAMBAf8wLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmlj
+YXRlMB0GA1UdDgQWBBT+5OxTJPCVlccQteFEtV05ZVrjfjCB8QYDVR0jBIHpMIHm
+gBTaRulr5q/TParlIUtS7cpmKOD+haGBwqSBvzCBvDELMAkGA1UEBhMCVVMxEzAR
+BgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5
+IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRlc3Qg
+Um9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqG
+SIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggkA1o644JGCLPcwDQYJKoZIhvcN
+AQEFBQADgYEAmY0RjbSVqOU/xvyhSq8Juk6u8bDHYIUgrfhIDZUtVT1s+op4ReOO
+kC7W7ZDOl8MxhJmt4KMqc6niYoQeuXTA9QpOleBqi8R7+0cyeGebo5JOFWN7J7wl
+lupKp1iJcKtcARwA7bso/Q5OefAwDN4pucg13fOYKVktF8XLQkIUsfY=</X509Certificate>
+<X509Certificate>MIIEdDCCBB6gAwIBAgIJANaOuOCRgiz5MA0GCSqGSIb3DQEBBQUAMIHIMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEqMCgG
+A1UECxMhVGVzdCBTZWNvbmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQD
+Ew1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5j
+b20wHhcNMDUwNzEwMDIzMTU5WhcNMTUwNzA4MDIzMTU5WjCBxzELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBM
+aWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKTAnBgNVBAsT
+IFRlc3QgVGhpcmQgTGV2ZWwgRFNBIENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVr
+c2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wgfAw
+gagGByqGSM44BAEwgZwCQQDIMfw6P79Fcw0hrxYKq3ePh7wmevc95UjfF2JHQJBX
+Jb9XFBa5LRy71lzh/OYMH4oh4giiFVRVBCW9HpZqOTNJAhUAlEOrmqjJG3tfjU49
+XjJuM3AXNskCQAUzwzmbp53bZ+bzDcOU6UGh3Ig/TFdLGXYevs3tiZaFLa//EYF+
+l5Tdsr3NQpGRRf4arXvXPZyIJhYYHJVk7OMDQwACQDonSDDJk3VaIfdVHPnOitRq
+V5XPFfMDksNb0WelnZdl/qokl9eaU+8uiH7LtsU0QYX9lE8kTplcUdD0bxjDYJ2j
+ggFTMIIBTzAMBgNVHRMEBTADAQH/MCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdl
+bmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUpVifKXAtGkJHRAParmenuvcp
+ZT4wgfEGA1UdIwSB6TCB5oAU/uTsUyTwlZXHELXhRLVdOWVa436hgcKkgb8wgbwx
+CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwg
+U2VjdXJpdHkgTGlicmFyeSAoaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMp
+MR4wHAYDVQQLExVUZXN0IFJvb3QgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtz
+ZXkgU2FuaW4xITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbYIJANaO
+uOCRgiz4MA0GCSqGSIb3DQEBBQUAA0EAJB9Kc4/Z0hTwiDYR5fXVPyzAjD+BeChR
+F14ztWl1Ol6REWFRbIGfEz3XDgCHCiocM8ExXi7zn26R072cdBz7+w==</X509Certificate>
+</X509Data>
+ </KeyInfo>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-expired-cert.tmpl b/tests/aleksey-xmldsig-01/enveloping-expired-cert.tmpl
new file mode 100644
index 00000000..9b7eeac9
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-expired-cert.tmpl
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ </X509Data>
+ </KeyInfo>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-expired-cert.xml b/tests/aleksey-xmldsig-01/enveloping-expired-cert.xml
new file mode 100644
index 00000000..cc4d4cca
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-expired-cert.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <DigestValue>7/XTsHaBSOnJ/jXD5v0zL6VKYsk=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>SPqE1/nehy9KOKeFSODZWZyvUZ/iS4jameUSXtvmfPgez5lN5QL4ox+QDlo37IeW
+NDjt380ZiA7kx9pnlx8jfQ==</SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ <X509Certificate>MIIEFTCCA36gAwIBAgIJANaOuOCRgiz4MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wHhcNMDUwNzEw
+MDIyOTU1WhcNMTUwNzA4MDIyOTU1WjCByDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
+CkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRw
+Oi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKjAoBgNVBAsTIVRlc3QgU2Vjb25k
+IExldmVsIFJTQSBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEh
+MB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMFwwDQYJKoZIhvcNAQEB
+BQADSwAwSAJBALK68onYK5Q8PfeCE+3hDwyKV6wfFVtunIp+ZputhWkMZUOY4oqn
+ffuolRln3kp/CVdtHaPTPIpYma9HFTH4+xMCAwEAAaOCAVMwggFPMAwGA1UdEwQF
+MAMBAf8wLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmlj
+YXRlMB0GA1UdDgQWBBT+5OxTJPCVlccQteFEtV05ZVrjfjCB8QYDVR0jBIHpMIHm
+gBTaRulr5q/TParlIUtS7cpmKOD+haGBwqSBvzCBvDELMAkGA1UEBhMCVVMxEzAR
+BgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5
+IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRlc3Qg
+Um9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqG
+SIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggkA1o644JGCLPcwDQYJKoZIhvcN
+AQEFBQADgYEAmY0RjbSVqOU/xvyhSq8Juk6u8bDHYIUgrfhIDZUtVT1s+op4ReOO
+kC7W7ZDOl8MxhJmt4KMqc6niYoQeuXTA9QpOleBqi8R7+0cyeGebo5JOFWN7J7wl
+lupKp1iJcKtcARwA7bso/Q5OefAwDN4pucg13fOYKVktF8XLQkIUsfY=</X509Certificate>
+<X509Certificate>MIIETTCCA7agAwIBAgIJANaOuOCRgiz3MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wHhcNMDUwNzEw
+MDIyOTAxWhcNMTUwNzA4MDIyOTAxWjCBvDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
+CkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRw
+Oi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRlc3QgUm9vdCBD
+ZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJ
+ARYSeG1sc2VjQGFsZWtzZXkuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDayaFajJxOdVU+8EjwO31S2XqNmYxxbHfiUJO3w2h57OPUkKAcKe5Gvt9hJbPT
+b3C4blPScOke2RexKnXS7pAXXbxFlgUlZ0QK0K2pdl559OSmrtH3mPP9BJvvDMlx
+kcNj9/EeD+yGd8GN/yT6PTDh8G/4lszOXL+tyKIkC4Ys/wIDAQABo4IBUzCCAU8w
+DAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
+Q2VydGlmaWNhdGUwHQYDVR0OBBYEFNpG6Wvmr9M9quUhS1LtymYo4P6FMIHxBgNV
+HSMEgekwgeaAFNpG6Wvmr9M9quUhS1LtymYo4P6FoYHCpIG/MIG8MQswCQYDVQQG
+EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3VyaXR5
+IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwGA1UE
+CxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNhbmlu
+MSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CCQDWjrjgkYIs9zAN
+BgkqhkiG9w0BAQUFAAOBgQBUXbdOTQwArcNrbxavzARp2JGOnzo6WzTm+OFSXC0F
+08YwT8jWbht97e8lNNVOBU4Y/38ReZqYC9OqFofG1/O9AdQ58WL/FWg8DgP5MJPT
+T9kRU3FU01jUiX2+kbdnghZAOJm0ziRNxfNPwIIWPKYXyXEKQQzrnxyFey1hP7cg
+6A==</X509Certificate>
+<X509Certificate>MIID2zCCA4WgAwIBAgIJANaOuOCRgiz7MA0GCSqGSIb3DQEBBQUAMIHIMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEqMCgG
+A1UECxMhVGVzdCBTZWNvbmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQD
+Ew1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5j
+b20wHhcNMDUwNzEwMDM1MTU2WhcNMDUwNzExMDM1MTU2WjCBwzELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBM
+aWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxJTAjBgNVBAsT
+HFRlc3QgRXhwaXJlZCBSU0EgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtzZXkg
+U2FuaW4xITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTBcMA0GCSqG
+SIb3DQEBAQUAA0sAMEgCQQDJUmVgQEBmML80PvR8zIwGkyDiE5boEWR4pGmaGUOH
+bRnFQkt2mt+4/QeYtm7GRVRUe6YJigUovU1u3DQDiOjzAgMBAAGjggFTMIIBTzAM
+BgNVHRMEBTADAQH/MCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBD
+ZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU+fqJEjRKO1kG3y4X8sCPsiYHeMkwgfEGA1Ud
+IwSB6TCB5oAU/uTsUyTwlZXHELXhRLVdOWVa436hgcKkgb8wgbwxCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkg
+TGlicmFyeSAoaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMpMR4wHAYDVQQL
+ExVUZXN0IFJvb3QgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4x
+ITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbYIJANaOuOCRgiz4MA0G
+CSqGSIb3DQEBBQUAA0EAmLTpL4oqi+VjrLISYYxY5FfAqACYAOpIbIdWM2QtjozB
+dQxFVSK2RHn2z1W2gWy7N8VQmfrggN73LIKOXuoV5A==</X509Certificate>
+</X509Data>
+ </KeyInfo>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-md5-hmac-md5-64.tmpl b/tests/aleksey-xmldsig-01/enveloping-md5-hmac-md5-64.tmpl
new file mode 100644
index 00000000..b43fade7
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-md5-hmac-md5-64.tmpl
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-md5">
+ <HMACOutputLength>80</HMACOutputLength>
+ </SignatureMethod>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#md5"/>
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-md5-hmac-md5-64.xml b/tests/aleksey-xmldsig-01/enveloping-md5-hmac-md5-64.xml
new file mode 100644
index 00000000..195993a4
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-md5-hmac-md5-64.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-md5">
+ <HMACOutputLength>80</HMACOutputLength>
+ </SignatureMethod>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#md5"/>
+ <DigestValue>/u+47lA0BK55De4qRAg16w==</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>8woIGhwIlkw9Gw==</SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-md5-hmac-md5.tmpl b/tests/aleksey-xmldsig-01/enveloping-md5-hmac-md5.tmpl
new file mode 100644
index 00000000..55dd5c1c
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-md5-hmac-md5.tmpl
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-md5" />
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#md5" />
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-md5-hmac-md5.xml b/tests/aleksey-xmldsig-01/enveloping-md5-hmac-md5.xml
new file mode 100644
index 00000000..d8159789
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-md5-hmac-md5.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-md5"/>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#md5"/>
+ <DigestValue>/u+47lA0BK55De4qRAg16w==</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>7uFBgN6DOM9SJj+UBkM2fQ==</SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-md5-rsa-md5.tmpl b/tests/aleksey-xmldsig-01/enveloping-md5-rsa-md5.tmpl
new file mode 100644
index 00000000..1eb428a6
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-md5-rsa-md5.tmpl
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-md5"/>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#md5"/>
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <KeyInfo>
+ <X509Data/>
+ </KeyInfo>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-md5-rsa-md5.xml b/tests/aleksey-xmldsig-01/enveloping-md5-rsa-md5.xml
new file mode 100644
index 00000000..ebca5032
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-md5-rsa-md5.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-md5"/>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#md5"/>
+ <DigestValue>/u+47lA0BK55De4qRAg16w==</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>dpWrHCBhPfYE9VLIhCfEe3HrViieYwgo/52RmQLtYM5VRbWwa237LqE6xf8UUdxr
+veblI1kr28sjdrxE+zAEhQ==</SignatureValue>
+ <KeyInfo>
+ <X509Data>
+<X509Certificate>MIIEFTCCA36gAwIBAgIJANaOuOCRgiz4MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wHhcNMDUwNzEw
+MDIyOTU1WhcNMTUwNzA4MDIyOTU1WjCByDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
+CkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRw
+Oi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKjAoBgNVBAsTIVRlc3QgU2Vjb25k
+IExldmVsIFJTQSBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEh
+MB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMFwwDQYJKoZIhvcNAQEB
+BQADSwAwSAJBALK68onYK5Q8PfeCE+3hDwyKV6wfFVtunIp+ZputhWkMZUOY4oqn
+ffuolRln3kp/CVdtHaPTPIpYma9HFTH4+xMCAwEAAaOCAVMwggFPMAwGA1UdEwQF
+MAMBAf8wLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmlj
+YXRlMB0GA1UdDgQWBBT+5OxTJPCVlccQteFEtV05ZVrjfjCB8QYDVR0jBIHpMIHm
+gBTaRulr5q/TParlIUtS7cpmKOD+haGBwqSBvzCBvDELMAkGA1UEBhMCVVMxEzAR
+BgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5
+IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRlc3Qg
+Um9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqG
+SIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggkA1o644JGCLPcwDQYJKoZIhvcN
+AQEFBQADgYEAmY0RjbSVqOU/xvyhSq8Juk6u8bDHYIUgrfhIDZUtVT1s+op4ReOO
+kC7W7ZDOl8MxhJmt4KMqc6niYoQeuXTA9QpOleBqi8R7+0cyeGebo5JOFWN7J7wl
+lupKp1iJcKtcARwA7bso/Q5OefAwDN4pucg13fOYKVktF8XLQkIUsfY=</X509Certificate>
+<X509Certificate>MIIETTCCA7agAwIBAgIJANaOuOCRgiz3MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wHhcNMDUwNzEw
+MDIyOTAxWhcNMTUwNzA4MDIyOTAxWjCBvDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
+CkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRw
+Oi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRlc3QgUm9vdCBD
+ZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJ
+ARYSeG1sc2VjQGFsZWtzZXkuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDayaFajJxOdVU+8EjwO31S2XqNmYxxbHfiUJO3w2h57OPUkKAcKe5Gvt9hJbPT
+b3C4blPScOke2RexKnXS7pAXXbxFlgUlZ0QK0K2pdl559OSmrtH3mPP9BJvvDMlx
+kcNj9/EeD+yGd8GN/yT6PTDh8G/4lszOXL+tyKIkC4Ys/wIDAQABo4IBUzCCAU8w
+DAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
+Q2VydGlmaWNhdGUwHQYDVR0OBBYEFNpG6Wvmr9M9quUhS1LtymYo4P6FMIHxBgNV
+HSMEgekwgeaAFNpG6Wvmr9M9quUhS1LtymYo4P6FoYHCpIG/MIG8MQswCQYDVQQG
+EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3VyaXR5
+IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwGA1UE
+CxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNhbmlu
+MSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CCQDWjrjgkYIs9zAN
+BgkqhkiG9w0BAQUFAAOBgQBUXbdOTQwArcNrbxavzARp2JGOnzo6WzTm+OFSXC0F
+08YwT8jWbht97e8lNNVOBU4Y/38ReZqYC9OqFofG1/O9AdQ58WL/FWg8DgP5MJPT
+T9kRU3FU01jUiX2+kbdnghZAOJm0ziRNxfNPwIIWPKYXyXEKQQzrnxyFey1hP7cg
+6A==</X509Certificate>
+<X509Certificate>MIID3zCCA4mgAwIBAgIJANaOuOCRgiz6MA0GCSqGSIb3DQEBBQUAMIHIMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEqMCgG
+A1UECxMhVGVzdCBTZWNvbmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQD
+Ew1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5j
+b20wHhcNMDUwNzEwMDIzMzAyWhcNMTUwNzA4MDIzMzAyWjCBxzELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBM
+aWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKTAnBgNVBAsT
+IFRlc3QgVGhpcmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVr
+c2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wXDAN
+BgkqhkiG9w0BAQEFAANLADBIAkEA09BtD3aeVt6DVDkk0dI7Vh7LjqdnsYmW0tbD
+VxxK+nume+Z9Sb4znbUKkWl+vgQATdRUEyhT2P+Gqrd0UBzYfQIDAQABo4IBUzCC
+AU8wDAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0
+ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNf0xkZ3zjcEI60pVPuwDqTMQygZMIHx
+BgNVHSMEgekwgeaAFP7k7FMk8JWVxxC14US1XTllWuN+oYHCpIG/MIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CCQDWjrjgkYIs
++DANBgkqhkiG9w0BAQUFAANBAEfjvmWwi2gBpYt7bwF6oHiFLoIh5kiLAPrlOFAb
+PZlLDqr5+eDcr1cf0pksgW7fVE9NzTSmwjDFuEcPqJV62Ek=</X509Certificate>
+</X509Data>
+ </KeyInfo>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160-64.tmpl b/tests/aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160-64.tmpl
new file mode 100644
index 00000000..37909320
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160-64.tmpl
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160">
+ <HMACOutputLength>80</HMACOutputLength>
+ </SignatureMethod>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#ripemd160"/>
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160-64.xml b/tests/aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160-64.xml
new file mode 100644
index 00000000..a91328d3
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160-64.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160">
+ <HMACOutputLength>80</HMACOutputLength>
+ </SignatureMethod>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#ripemd160"/>
+ <DigestValue>Ofs8NqfoXX+r0Cas3GRY2GbzhPo=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>cAAf5NRMJvdO9w==</SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160.tmpl b/tests/aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160.tmpl
new file mode 100644
index 00000000..8f159965
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160.tmpl
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160" />
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#ripemd160"/>
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160.xml b/tests/aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160.xml
new file mode 100644
index 00000000..057cf471
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160"/>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#ripemd160"/>
+ <DigestValue>Ofs8NqfoXX+r0Cas3GRY2GbzhPo=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>tt3/nrk/uQ79pKHEZaCxXNncAtg=</SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-ripemd160-rsa-ripemd160.tmpl b/tests/aleksey-xmldsig-01/enveloping-ripemd160-rsa-ripemd160.tmpl
new file mode 100644
index 00000000..6675f7c5
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-ripemd160-rsa-ripemd160.tmpl
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160"/>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#ripemd160"/>
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <KeyInfo>
+ <X509Data/>
+ </KeyInfo>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-ripemd160-rsa-ripemd160.xml b/tests/aleksey-xmldsig-01/enveloping-ripemd160-rsa-ripemd160.xml
new file mode 100644
index 00000000..9180626a
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-ripemd160-rsa-ripemd160.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160"/>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#ripemd160"/>
+ <DigestValue>Ofs8NqfoXX+r0Cas3GRY2GbzhPo=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>un5Fwdn5LTFBPQPv1GSst3mviS7I1X8icM7cYRTSIqKMnkXOIzXgcEKVcfO1oodP
+9ABdLzQB0wdZJW6CCoHKwA==</SignatureValue>
+ <KeyInfo>
+ <X509Data>
+<X509Certificate>MIIEFTCCA36gAwIBAgIJANaOuOCRgiz4MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wHhcNMDUwNzEw
+MDIyOTU1WhcNMTUwNzA4MDIyOTU1WjCByDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
+CkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRw
+Oi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKjAoBgNVBAsTIVRlc3QgU2Vjb25k
+IExldmVsIFJTQSBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEh
+MB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMFwwDQYJKoZIhvcNAQEB
+BQADSwAwSAJBALK68onYK5Q8PfeCE+3hDwyKV6wfFVtunIp+ZputhWkMZUOY4oqn
+ffuolRln3kp/CVdtHaPTPIpYma9HFTH4+xMCAwEAAaOCAVMwggFPMAwGA1UdEwQF
+MAMBAf8wLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmlj
+YXRlMB0GA1UdDgQWBBT+5OxTJPCVlccQteFEtV05ZVrjfjCB8QYDVR0jBIHpMIHm
+gBTaRulr5q/TParlIUtS7cpmKOD+haGBwqSBvzCBvDELMAkGA1UEBhMCVVMxEzAR
+BgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5
+IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRlc3Qg
+Um9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqG
+SIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggkA1o644JGCLPcwDQYJKoZIhvcN
+AQEFBQADgYEAmY0RjbSVqOU/xvyhSq8Juk6u8bDHYIUgrfhIDZUtVT1s+op4ReOO
+kC7W7ZDOl8MxhJmt4KMqc6niYoQeuXTA9QpOleBqi8R7+0cyeGebo5JOFWN7J7wl
+lupKp1iJcKtcARwA7bso/Q5OefAwDN4pucg13fOYKVktF8XLQkIUsfY=</X509Certificate>
+<X509Certificate>MIIETTCCA7agAwIBAgIJANaOuOCRgiz3MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wHhcNMDUwNzEw
+MDIyOTAxWhcNMTUwNzA4MDIyOTAxWjCBvDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
+CkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRw
+Oi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRlc3QgUm9vdCBD
+ZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJ
+ARYSeG1sc2VjQGFsZWtzZXkuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDayaFajJxOdVU+8EjwO31S2XqNmYxxbHfiUJO3w2h57OPUkKAcKe5Gvt9hJbPT
+b3C4blPScOke2RexKnXS7pAXXbxFlgUlZ0QK0K2pdl559OSmrtH3mPP9BJvvDMlx
+kcNj9/EeD+yGd8GN/yT6PTDh8G/4lszOXL+tyKIkC4Ys/wIDAQABo4IBUzCCAU8w
+DAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
+Q2VydGlmaWNhdGUwHQYDVR0OBBYEFNpG6Wvmr9M9quUhS1LtymYo4P6FMIHxBgNV
+HSMEgekwgeaAFNpG6Wvmr9M9quUhS1LtymYo4P6FoYHCpIG/MIG8MQswCQYDVQQG
+EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3VyaXR5
+IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwGA1UE
+CxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNhbmlu
+MSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CCQDWjrjgkYIs9zAN
+BgkqhkiG9w0BAQUFAAOBgQBUXbdOTQwArcNrbxavzARp2JGOnzo6WzTm+OFSXC0F
+08YwT8jWbht97e8lNNVOBU4Y/38ReZqYC9OqFofG1/O9AdQ58WL/FWg8DgP5MJPT
+T9kRU3FU01jUiX2+kbdnghZAOJm0ziRNxfNPwIIWPKYXyXEKQQzrnxyFey1hP7cg
+6A==</X509Certificate>
+<X509Certificate>MIID3zCCA4mgAwIBAgIJANaOuOCRgiz6MA0GCSqGSIb3DQEBBQUAMIHIMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEqMCgG
+A1UECxMhVGVzdCBTZWNvbmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQD
+Ew1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5j
+b20wHhcNMDUwNzEwMDIzMzAyWhcNMTUwNzA4MDIzMzAyWjCBxzELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBM
+aWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKTAnBgNVBAsT
+IFRlc3QgVGhpcmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVr
+c2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wXDAN
+BgkqhkiG9w0BAQEFAANLADBIAkEA09BtD3aeVt6DVDkk0dI7Vh7LjqdnsYmW0tbD
+VxxK+nume+Z9Sb4znbUKkWl+vgQATdRUEyhT2P+Gqrd0UBzYfQIDAQABo4IBUzCC
+AU8wDAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0
+ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNf0xkZ3zjcEI60pVPuwDqTMQygZMIHx
+BgNVHSMEgekwgeaAFP7k7FMk8JWVxxC14US1XTllWuN+oYHCpIG/MIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CCQDWjrjgkYIs
++DANBgkqhkiG9w0BAQUFAANBAEfjvmWwi2gBpYt7bwF6oHiFLoIh5kiLAPrlOFAb
+PZlLDqr5+eDcr1cf0pksgW7fVE9NzTSmwjDFuEcPqJV62Ek=</X509Certificate>
+</X509Data>
+ </KeyInfo>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-rsa-x509chain.tmpl b/tests/aleksey-xmldsig-01/enveloping-rsa-x509chain.tmpl
new file mode 100644
index 00000000..9b7eeac9
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-rsa-x509chain.tmpl
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ </X509Data>
+ </KeyInfo>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-rsa-x509chain.xml b/tests/aleksey-xmldsig-01/enveloping-rsa-x509chain.xml
new file mode 100644
index 00000000..0cf0f425
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-rsa-x509chain.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <DigestValue>7/XTsHaBSOnJ/jXD5v0zL6VKYsk=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>RCkGabfqV1XpXvx0rGDEIAzs4/U9TDKvZIWN9MBRi5BPAr1pXnX0iAve+2OEeBTm
+nstv7BjG6CDnb69ouJSeWg==</SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ <X509Certificate>MIIEFTCCA36gAwIBAgIJANaOuOCRgiz4MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wHhcNMDUwNzEw
+MDIyOTU1WhcNMTUwNzA4MDIyOTU1WjCByDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
+CkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRw
+Oi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKjAoBgNVBAsTIVRlc3QgU2Vjb25k
+IExldmVsIFJTQSBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEh
+MB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMFwwDQYJKoZIhvcNAQEB
+BQADSwAwSAJBALK68onYK5Q8PfeCE+3hDwyKV6wfFVtunIp+ZputhWkMZUOY4oqn
+ffuolRln3kp/CVdtHaPTPIpYma9HFTH4+xMCAwEAAaOCAVMwggFPMAwGA1UdEwQF
+MAMBAf8wLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmlj
+YXRlMB0GA1UdDgQWBBT+5OxTJPCVlccQteFEtV05ZVrjfjCB8QYDVR0jBIHpMIHm
+gBTaRulr5q/TParlIUtS7cpmKOD+haGBwqSBvzCBvDELMAkGA1UEBhMCVVMxEzAR
+BgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5
+IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRlc3Qg
+Um9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqG
+SIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggkA1o644JGCLPcwDQYJKoZIhvcN
+AQEFBQADgYEAmY0RjbSVqOU/xvyhSq8Juk6u8bDHYIUgrfhIDZUtVT1s+op4ReOO
+kC7W7ZDOl8MxhJmt4KMqc6niYoQeuXTA9QpOleBqi8R7+0cyeGebo5JOFWN7J7wl
+lupKp1iJcKtcARwA7bso/Q5OefAwDN4pucg13fOYKVktF8XLQkIUsfY=</X509Certificate>
+<X509Certificate>MIIETTCCA7agAwIBAgIJANaOuOCRgiz3MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wHhcNMDUwNzEw
+MDIyOTAxWhcNMTUwNzA4MDIyOTAxWjCBvDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
+CkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRw
+Oi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRlc3QgUm9vdCBD
+ZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJ
+ARYSeG1sc2VjQGFsZWtzZXkuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDayaFajJxOdVU+8EjwO31S2XqNmYxxbHfiUJO3w2h57OPUkKAcKe5Gvt9hJbPT
+b3C4blPScOke2RexKnXS7pAXXbxFlgUlZ0QK0K2pdl559OSmrtH3mPP9BJvvDMlx
+kcNj9/EeD+yGd8GN/yT6PTDh8G/4lszOXL+tyKIkC4Ys/wIDAQABo4IBUzCCAU8w
+DAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
+Q2VydGlmaWNhdGUwHQYDVR0OBBYEFNpG6Wvmr9M9quUhS1LtymYo4P6FMIHxBgNV
+HSMEgekwgeaAFNpG6Wvmr9M9quUhS1LtymYo4P6FoYHCpIG/MIG8MQswCQYDVQQG
+EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3VyaXR5
+IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwGA1UE
+CxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNhbmlu
+MSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CCQDWjrjgkYIs9zAN
+BgkqhkiG9w0BAQUFAAOBgQBUXbdOTQwArcNrbxavzARp2JGOnzo6WzTm+OFSXC0F
+08YwT8jWbht97e8lNNVOBU4Y/38ReZqYC9OqFofG1/O9AdQ58WL/FWg8DgP5MJPT
+T9kRU3FU01jUiX2+kbdnghZAOJm0ziRNxfNPwIIWPKYXyXEKQQzrnxyFey1hP7cg
+6A==</X509Certificate>
+<X509Certificate>MIID3zCCA4mgAwIBAgIJANaOuOCRgiz6MA0GCSqGSIb3DQEBBQUAMIHIMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEqMCgG
+A1UECxMhVGVzdCBTZWNvbmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQD
+Ew1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5j
+b20wHhcNMDUwNzEwMDIzMzAyWhcNMTUwNzA4MDIzMzAyWjCBxzELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBM
+aWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKTAnBgNVBAsT
+IFRlc3QgVGhpcmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVr
+c2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wXDAN
+BgkqhkiG9w0BAQEFAANLADBIAkEA09BtD3aeVt6DVDkk0dI7Vh7LjqdnsYmW0tbD
+VxxK+nume+Z9Sb4znbUKkWl+vgQATdRUEyhT2P+Gqrd0UBzYfQIDAQABo4IBUzCC
+AU8wDAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0
+ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNf0xkZ3zjcEI60pVPuwDqTMQygZMIHx
+BgNVHSMEgekwgeaAFP7k7FMk8JWVxxC14US1XTllWuN+oYHCpIG/MIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CCQDWjrjgkYIs
++DANBgkqhkiG9w0BAQUFAANBAEfjvmWwi2gBpYt7bwF6oHiFLoIh5kiLAPrlOFAb
+PZlLDqr5+eDcr1cf0pksgW7fVE9NzTSmwjDFuEcPqJV62Ek=</X509Certificate>
+</X509Data>
+ </KeyInfo>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha1-hmac-sha1-64.tmpl b/tests/aleksey-xmldsig-01/enveloping-sha1-hmac-sha1-64.tmpl
new file mode 100644
index 00000000..de4dee35
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha1-hmac-sha1-64.tmpl
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1">
+ <HMACOutputLength>80</HMACOutputLength>
+ </SignatureMethod>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha1-hmac-sha1-64.xml b/tests/aleksey-xmldsig-01/enveloping-sha1-hmac-sha1-64.xml
new file mode 100644
index 00000000..000cbc6b
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha1-hmac-sha1-64.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1">
+ <HMACOutputLength>80</HMACOutputLength>
+ </SignatureMethod>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <DigestValue>7/XTsHaBSOnJ/jXD5v0zL6VKYsk=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>xjqFz/yYQRTOrw==</SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha1-hmac-sha1.tmpl b/tests/aleksey-xmldsig-01/enveloping-sha1-hmac-sha1.tmpl
new file mode 100644
index 00000000..92eeb55d
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha1-hmac-sha1.tmpl
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha1-hmac-sha1.xml b/tests/aleksey-xmldsig-01/enveloping-sha1-hmac-sha1.xml
new file mode 100644
index 00000000..ce01eab7
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha1-hmac-sha1.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <DigestValue>7/XTsHaBSOnJ/jXD5v0zL6VKYsk=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>JElPttIT4Am7Q+MNoMyv+WDfAZw=</SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha1-rsa-sha1.tmpl b/tests/aleksey-xmldsig-01/enveloping-sha1-rsa-sha1.tmpl
new file mode 100644
index 00000000..c71f4cc5
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha1-rsa-sha1.tmpl
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <KeyInfo>
+ <X509Data/>
+ </KeyInfo>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha1-rsa-sha1.xml b/tests/aleksey-xmldsig-01/enveloping-sha1-rsa-sha1.xml
new file mode 100644
index 00000000..79794a97
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha1-rsa-sha1.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <DigestValue>7/XTsHaBSOnJ/jXD5v0zL6VKYsk=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>RCkGabfqV1XpXvx0rGDEIAzs4/U9TDKvZIWN9MBRi5BPAr1pXnX0iAve+2OEeBTm
+nstv7BjG6CDnb69ouJSeWg==</SignatureValue>
+ <KeyInfo>
+ <X509Data>
+<X509Certificate>MIIEFTCCA36gAwIBAgIJANaOuOCRgiz4MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wHhcNMDUwNzEw
+MDIyOTU1WhcNMTUwNzA4MDIyOTU1WjCByDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
+CkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRw
+Oi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKjAoBgNVBAsTIVRlc3QgU2Vjb25k
+IExldmVsIFJTQSBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEh
+MB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMFwwDQYJKoZIhvcNAQEB
+BQADSwAwSAJBALK68onYK5Q8PfeCE+3hDwyKV6wfFVtunIp+ZputhWkMZUOY4oqn
+ffuolRln3kp/CVdtHaPTPIpYma9HFTH4+xMCAwEAAaOCAVMwggFPMAwGA1UdEwQF
+MAMBAf8wLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmlj
+YXRlMB0GA1UdDgQWBBT+5OxTJPCVlccQteFEtV05ZVrjfjCB8QYDVR0jBIHpMIHm
+gBTaRulr5q/TParlIUtS7cpmKOD+haGBwqSBvzCBvDELMAkGA1UEBhMCVVMxEzAR
+BgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5
+IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRlc3Qg
+Um9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqG
+SIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggkA1o644JGCLPcwDQYJKoZIhvcN
+AQEFBQADgYEAmY0RjbSVqOU/xvyhSq8Juk6u8bDHYIUgrfhIDZUtVT1s+op4ReOO
+kC7W7ZDOl8MxhJmt4KMqc6niYoQeuXTA9QpOleBqi8R7+0cyeGebo5JOFWN7J7wl
+lupKp1iJcKtcARwA7bso/Q5OefAwDN4pucg13fOYKVktF8XLQkIUsfY=</X509Certificate>
+<X509Certificate>MIIETTCCA7agAwIBAgIJANaOuOCRgiz3MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wHhcNMDUwNzEw
+MDIyOTAxWhcNMTUwNzA4MDIyOTAxWjCBvDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
+CkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRw
+Oi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRlc3QgUm9vdCBD
+ZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJ
+ARYSeG1sc2VjQGFsZWtzZXkuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDayaFajJxOdVU+8EjwO31S2XqNmYxxbHfiUJO3w2h57OPUkKAcKe5Gvt9hJbPT
+b3C4blPScOke2RexKnXS7pAXXbxFlgUlZ0QK0K2pdl559OSmrtH3mPP9BJvvDMlx
+kcNj9/EeD+yGd8GN/yT6PTDh8G/4lszOXL+tyKIkC4Ys/wIDAQABo4IBUzCCAU8w
+DAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
+Q2VydGlmaWNhdGUwHQYDVR0OBBYEFNpG6Wvmr9M9quUhS1LtymYo4P6FMIHxBgNV
+HSMEgekwgeaAFNpG6Wvmr9M9quUhS1LtymYo4P6FoYHCpIG/MIG8MQswCQYDVQQG
+EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3VyaXR5
+IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwGA1UE
+CxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNhbmlu
+MSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CCQDWjrjgkYIs9zAN
+BgkqhkiG9w0BAQUFAAOBgQBUXbdOTQwArcNrbxavzARp2JGOnzo6WzTm+OFSXC0F
+08YwT8jWbht97e8lNNVOBU4Y/38ReZqYC9OqFofG1/O9AdQ58WL/FWg8DgP5MJPT
+T9kRU3FU01jUiX2+kbdnghZAOJm0ziRNxfNPwIIWPKYXyXEKQQzrnxyFey1hP7cg
+6A==</X509Certificate>
+<X509Certificate>MIID3zCCA4mgAwIBAgIJANaOuOCRgiz6MA0GCSqGSIb3DQEBBQUAMIHIMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEqMCgG
+A1UECxMhVGVzdCBTZWNvbmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQD
+Ew1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5j
+b20wHhcNMDUwNzEwMDIzMzAyWhcNMTUwNzA4MDIzMzAyWjCBxzELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBM
+aWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKTAnBgNVBAsT
+IFRlc3QgVGhpcmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVr
+c2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wXDAN
+BgkqhkiG9w0BAQEFAANLADBIAkEA09BtD3aeVt6DVDkk0dI7Vh7LjqdnsYmW0tbD
+VxxK+nume+Z9Sb4znbUKkWl+vgQATdRUEyhT2P+Gqrd0UBzYfQIDAQABo4IBUzCC
+AU8wDAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0
+ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNf0xkZ3zjcEI60pVPuwDqTMQygZMIHx
+BgNVHSMEgekwgeaAFP7k7FMk8JWVxxC14US1XTllWuN+oYHCpIG/MIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CCQDWjrjgkYIs
++DANBgkqhkiG9w0BAQUFAANBAEfjvmWwi2gBpYt7bwF6oHiFLoIh5kiLAPrlOFAb
+PZlLDqr5+eDcr1cf0pksgW7fVE9NzTSmwjDFuEcPqJV62Ek=</X509Certificate>
+</X509Data>
+ </KeyInfo>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha224-hmac-sha224-64.tmpl b/tests/aleksey-xmldsig-01/enveloping-sha224-hmac-sha224-64.tmpl
new file mode 100644
index 00000000..6bcac303
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha224-hmac-sha224-64.tmpl
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha224">
+ <HMACOutputLength>80</HMACOutputLength>
+ </SignatureMethod>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/>
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha224-hmac-sha224-64.xml b/tests/aleksey-xmldsig-01/enveloping-sha224-hmac-sha224-64.xml
new file mode 100644
index 00000000..2f87f4b2
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha224-hmac-sha224-64.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha224">
+ <HMACOutputLength>80</HMACOutputLength>
+ </SignatureMethod>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/>
+ <DigestValue>azpKU6mkkPqPdDdtDXlEzVb0Xo2HgZMfuJ8KBw==</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>lZnrOj6ykWj7Zg==</SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha224-hmac-sha224.tmpl b/tests/aleksey-xmldsig-01/enveloping-sha224-hmac-sha224.tmpl
new file mode 100644
index 00000000..d60dd522
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha224-hmac-sha224.tmpl
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha224"/>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/>
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha224-hmac-sha224.xml b/tests/aleksey-xmldsig-01/enveloping-sha224-hmac-sha224.xml
new file mode 100644
index 00000000..16720505
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha224-hmac-sha224.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha224"/>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/>
+ <DigestValue>azpKU6mkkPqPdDdtDXlEzVb0Xo2HgZMfuJ8KBw==</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>w3xX2+aJSszo0AZX86jF2/fhzv5JyJrO0MTcWg==</SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha224-rsa-sha224.tmpl b/tests/aleksey-xmldsig-01/enveloping-sha224-rsa-sha224.tmpl
new file mode 100644
index 00000000..5bb40085
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha224-rsa-sha224.tmpl
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha224"/>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/>
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <KeyInfo>
+ <X509Data/>
+ </KeyInfo>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha224-rsa-sha224.xml b/tests/aleksey-xmldsig-01/enveloping-sha224-rsa-sha224.xml
new file mode 100644
index 00000000..979073e2
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha224-rsa-sha224.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha224"/>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha224"/>
+ <DigestValue>azpKU6mkkPqPdDdtDXlEzVb0Xo2HgZMfuJ8KBw==</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>Ywv4CqyMcauc5+yFHkavKYK5CRplbcIsNtG8+EJE2j7xuKpi05LsRhbZpyBR8B92
+9C6zUO2A/7unU1mJc2WZcQ==</SignatureValue>
+ <KeyInfo>
+ <X509Data>
+<X509Certificate>MIIEFTCCA36gAwIBAgIJANaOuOCRgiz4MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wHhcNMDUwNzEw
+MDIyOTU1WhcNMTUwNzA4MDIyOTU1WjCByDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
+CkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRw
+Oi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKjAoBgNVBAsTIVRlc3QgU2Vjb25k
+IExldmVsIFJTQSBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEh
+MB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMFwwDQYJKoZIhvcNAQEB
+BQADSwAwSAJBALK68onYK5Q8PfeCE+3hDwyKV6wfFVtunIp+ZputhWkMZUOY4oqn
+ffuolRln3kp/CVdtHaPTPIpYma9HFTH4+xMCAwEAAaOCAVMwggFPMAwGA1UdEwQF
+MAMBAf8wLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmlj
+YXRlMB0GA1UdDgQWBBT+5OxTJPCVlccQteFEtV05ZVrjfjCB8QYDVR0jBIHpMIHm
+gBTaRulr5q/TParlIUtS7cpmKOD+haGBwqSBvzCBvDELMAkGA1UEBhMCVVMxEzAR
+BgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5
+IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRlc3Qg
+Um9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqG
+SIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggkA1o644JGCLPcwDQYJKoZIhvcN
+AQEFBQADgYEAmY0RjbSVqOU/xvyhSq8Juk6u8bDHYIUgrfhIDZUtVT1s+op4ReOO
+kC7W7ZDOl8MxhJmt4KMqc6niYoQeuXTA9QpOleBqi8R7+0cyeGebo5JOFWN7J7wl
+lupKp1iJcKtcARwA7bso/Q5OefAwDN4pucg13fOYKVktF8XLQkIUsfY=</X509Certificate>
+<X509Certificate>MIIETTCCA7agAwIBAgIJANaOuOCRgiz3MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wHhcNMDUwNzEw
+MDIyOTAxWhcNMTUwNzA4MDIyOTAxWjCBvDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
+CkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRw
+Oi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRlc3QgUm9vdCBD
+ZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJ
+ARYSeG1sc2VjQGFsZWtzZXkuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDayaFajJxOdVU+8EjwO31S2XqNmYxxbHfiUJO3w2h57OPUkKAcKe5Gvt9hJbPT
+b3C4blPScOke2RexKnXS7pAXXbxFlgUlZ0QK0K2pdl559OSmrtH3mPP9BJvvDMlx
+kcNj9/EeD+yGd8GN/yT6PTDh8G/4lszOXL+tyKIkC4Ys/wIDAQABo4IBUzCCAU8w
+DAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
+Q2VydGlmaWNhdGUwHQYDVR0OBBYEFNpG6Wvmr9M9quUhS1LtymYo4P6FMIHxBgNV
+HSMEgekwgeaAFNpG6Wvmr9M9quUhS1LtymYo4P6FoYHCpIG/MIG8MQswCQYDVQQG
+EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3VyaXR5
+IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwGA1UE
+CxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNhbmlu
+MSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CCQDWjrjgkYIs9zAN
+BgkqhkiG9w0BAQUFAAOBgQBUXbdOTQwArcNrbxavzARp2JGOnzo6WzTm+OFSXC0F
+08YwT8jWbht97e8lNNVOBU4Y/38ReZqYC9OqFofG1/O9AdQ58WL/FWg8DgP5MJPT
+T9kRU3FU01jUiX2+kbdnghZAOJm0ziRNxfNPwIIWPKYXyXEKQQzrnxyFey1hP7cg
+6A==</X509Certificate>
+<X509Certificate>MIID3zCCA4mgAwIBAgIJANaOuOCRgiz6MA0GCSqGSIb3DQEBBQUAMIHIMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEqMCgG
+A1UECxMhVGVzdCBTZWNvbmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQD
+Ew1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5j
+b20wHhcNMDUwNzEwMDIzMzAyWhcNMTUwNzA4MDIzMzAyWjCBxzELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBM
+aWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKTAnBgNVBAsT
+IFRlc3QgVGhpcmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVr
+c2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wXDAN
+BgkqhkiG9w0BAQEFAANLADBIAkEA09BtD3aeVt6DVDkk0dI7Vh7LjqdnsYmW0tbD
+VxxK+nume+Z9Sb4znbUKkWl+vgQATdRUEyhT2P+Gqrd0UBzYfQIDAQABo4IBUzCC
+AU8wDAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0
+ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNf0xkZ3zjcEI60pVPuwDqTMQygZMIHx
+BgNVHSMEgekwgeaAFP7k7FMk8JWVxxC14US1XTllWuN+oYHCpIG/MIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CCQDWjrjgkYIs
++DANBgkqhkiG9w0BAQUFAANBAEfjvmWwi2gBpYt7bwF6oHiFLoIh5kiLAPrlOFAb
+PZlLDqr5+eDcr1cf0pksgW7fVE9NzTSmwjDFuEcPqJV62Ek=</X509Certificate>
+</X509Data>
+ </KeyInfo>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha256-hmac-sha256-64.tmpl b/tests/aleksey-xmldsig-01/enveloping-sha256-hmac-sha256-64.tmpl
new file mode 100644
index 00000000..ffbbc6f5
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha256-hmac-sha256-64.tmpl
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256">
+ <HMACOutputLength>80</HMACOutputLength>
+ </SignatureMethod>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha256-hmac-sha256-64.xml b/tests/aleksey-xmldsig-01/enveloping-sha256-hmac-sha256-64.xml
new file mode 100644
index 00000000..4e6d8122
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha256-hmac-sha256-64.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256">
+ <HMACOutputLength>80</HMACOutputLength>
+ </SignatureMethod>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>iDhYt78o294fA6pzQ7k44+eejrQMi+WX3l3UrUdtL1Q=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>zDqLw++TOXixpw==</SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha256-hmac-sha256.tmpl b/tests/aleksey-xmldsig-01/enveloping-sha256-hmac-sha256.tmpl
new file mode 100644
index 00000000..c475cc9d
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha256-hmac-sha256.tmpl
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"/>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha256-hmac-sha256.xml b/tests/aleksey-xmldsig-01/enveloping-sha256-hmac-sha256.xml
new file mode 100644
index 00000000..427a5511
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha256-hmac-sha256.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256"/>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>iDhYt78o294fA6pzQ7k44+eejrQMi+WX3l3UrUdtL1Q=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>6E34uTISXH5HLnt9wyOB8dxwz/Z31S+qxWF+rULRnhU=</SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha256-rsa-sha256.tmpl b/tests/aleksey-xmldsig-01/enveloping-sha256-rsa-sha256.tmpl
new file mode 100644
index 00000000..ed5daf78
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha256-rsa-sha256.tmpl
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <KeyInfo>
+ <X509Data/>
+ </KeyInfo>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha256-rsa-sha256.xml b/tests/aleksey-xmldsig-01/enveloping-sha256-rsa-sha256.xml
new file mode 100644
index 00000000..b96be4ad
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha256-rsa-sha256.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <DigestValue>iDhYt78o294fA6pzQ7k44+eejrQMi+WX3l3UrUdtL1Q=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>xOSp1bweDaNd5+NzBNO+m+1oEOm1jNjBMXf12F7LsXoBDpvgC3efL2XgkoRY8LJ9
+msV4PSDkJRzzmvSTvQ6Txg==</SignatureValue>
+ <KeyInfo>
+ <X509Data>
+<X509Certificate>MIIEFTCCA36gAwIBAgIJANaOuOCRgiz4MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wHhcNMDUwNzEw
+MDIyOTU1WhcNMTUwNzA4MDIyOTU1WjCByDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
+CkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRw
+Oi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKjAoBgNVBAsTIVRlc3QgU2Vjb25k
+IExldmVsIFJTQSBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEh
+MB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMFwwDQYJKoZIhvcNAQEB
+BQADSwAwSAJBALK68onYK5Q8PfeCE+3hDwyKV6wfFVtunIp+ZputhWkMZUOY4oqn
+ffuolRln3kp/CVdtHaPTPIpYma9HFTH4+xMCAwEAAaOCAVMwggFPMAwGA1UdEwQF
+MAMBAf8wLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmlj
+YXRlMB0GA1UdDgQWBBT+5OxTJPCVlccQteFEtV05ZVrjfjCB8QYDVR0jBIHpMIHm
+gBTaRulr5q/TParlIUtS7cpmKOD+haGBwqSBvzCBvDELMAkGA1UEBhMCVVMxEzAR
+BgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5
+IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRlc3Qg
+Um9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqG
+SIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggkA1o644JGCLPcwDQYJKoZIhvcN
+AQEFBQADgYEAmY0RjbSVqOU/xvyhSq8Juk6u8bDHYIUgrfhIDZUtVT1s+op4ReOO
+kC7W7ZDOl8MxhJmt4KMqc6niYoQeuXTA9QpOleBqi8R7+0cyeGebo5JOFWN7J7wl
+lupKp1iJcKtcARwA7bso/Q5OefAwDN4pucg13fOYKVktF8XLQkIUsfY=</X509Certificate>
+<X509Certificate>MIIETTCCA7agAwIBAgIJANaOuOCRgiz3MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wHhcNMDUwNzEw
+MDIyOTAxWhcNMTUwNzA4MDIyOTAxWjCBvDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
+CkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRw
+Oi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRlc3QgUm9vdCBD
+ZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJ
+ARYSeG1sc2VjQGFsZWtzZXkuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDayaFajJxOdVU+8EjwO31S2XqNmYxxbHfiUJO3w2h57OPUkKAcKe5Gvt9hJbPT
+b3C4blPScOke2RexKnXS7pAXXbxFlgUlZ0QK0K2pdl559OSmrtH3mPP9BJvvDMlx
+kcNj9/EeD+yGd8GN/yT6PTDh8G/4lszOXL+tyKIkC4Ys/wIDAQABo4IBUzCCAU8w
+DAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
+Q2VydGlmaWNhdGUwHQYDVR0OBBYEFNpG6Wvmr9M9quUhS1LtymYo4P6FMIHxBgNV
+HSMEgekwgeaAFNpG6Wvmr9M9quUhS1LtymYo4P6FoYHCpIG/MIG8MQswCQYDVQQG
+EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3VyaXR5
+IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwGA1UE
+CxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNhbmlu
+MSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CCQDWjrjgkYIs9zAN
+BgkqhkiG9w0BAQUFAAOBgQBUXbdOTQwArcNrbxavzARp2JGOnzo6WzTm+OFSXC0F
+08YwT8jWbht97e8lNNVOBU4Y/38ReZqYC9OqFofG1/O9AdQ58WL/FWg8DgP5MJPT
+T9kRU3FU01jUiX2+kbdnghZAOJm0ziRNxfNPwIIWPKYXyXEKQQzrnxyFey1hP7cg
+6A==</X509Certificate>
+<X509Certificate>MIID3zCCA4mgAwIBAgIJANaOuOCRgiz6MA0GCSqGSIb3DQEBBQUAMIHIMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEqMCgG
+A1UECxMhVGVzdCBTZWNvbmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQD
+Ew1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5j
+b20wHhcNMDUwNzEwMDIzMzAyWhcNMTUwNzA4MDIzMzAyWjCBxzELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBM
+aWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKTAnBgNVBAsT
+IFRlc3QgVGhpcmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVr
+c2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wXDAN
+BgkqhkiG9w0BAQEFAANLADBIAkEA09BtD3aeVt6DVDkk0dI7Vh7LjqdnsYmW0tbD
+VxxK+nume+Z9Sb4znbUKkWl+vgQATdRUEyhT2P+Gqrd0UBzYfQIDAQABo4IBUzCC
+AU8wDAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0
+ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNf0xkZ3zjcEI60pVPuwDqTMQygZMIHx
+BgNVHSMEgekwgeaAFP7k7FMk8JWVxxC14US1XTllWuN+oYHCpIG/MIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CCQDWjrjgkYIs
++DANBgkqhkiG9w0BAQUFAANBAEfjvmWwi2gBpYt7bwF6oHiFLoIh5kiLAPrlOFAb
+PZlLDqr5+eDcr1cf0pksgW7fVE9NzTSmwjDFuEcPqJV62Ek=</X509Certificate>
+</X509Data>
+ </KeyInfo>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha384-hmac-sha384-64.tmpl b/tests/aleksey-xmldsig-01/enveloping-sha384-hmac-sha384-64.tmpl
new file mode 100644
index 00000000..fcccf830
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha384-hmac-sha384-64.tmpl
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha384">
+ <HMACOutputLength>80</HMACOutputLength>
+ </SignatureMethod>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/>
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha384-hmac-sha384-64.xml b/tests/aleksey-xmldsig-01/enveloping-sha384-hmac-sha384-64.xml
new file mode 100644
index 00000000..d5a442a3
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha384-hmac-sha384-64.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha384">
+ <HMACOutputLength>80</HMACOutputLength>
+ </SignatureMethod>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/>
+ <DigestValue>uTx8AeqrTmv+nijRsWW7TOs1pCIuCudsFRVloP6hPin8Q4x9fFX2j/zj53XB37OG</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>ZgeAT9hZEkXlyQ==</SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha384-hmac-sha384.tmpl b/tests/aleksey-xmldsig-01/enveloping-sha384-hmac-sha384.tmpl
new file mode 100644
index 00000000..13d87fed
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha384-hmac-sha384.tmpl
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha384"/>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/>
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha384-hmac-sha384.xml b/tests/aleksey-xmldsig-01/enveloping-sha384-hmac-sha384.xml
new file mode 100644
index 00000000..3072a948
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha384-hmac-sha384.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha384"/>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/>
+ <DigestValue>uTx8AeqrTmv+nijRsWW7TOs1pCIuCudsFRVloP6hPin8Q4x9fFX2j/zj53XB37OG</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>kUBgPpyFGkOClebckbYHoEY3fMoJtQHPHXC0NLn7/pOUvMuIAH2djvCGnB2+HHhd</SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha384-rsa-sha384.tmpl b/tests/aleksey-xmldsig-01/enveloping-sha384-rsa-sha384.tmpl
new file mode 100644
index 00000000..7b051090
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha384-rsa-sha384.tmpl
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/>
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <KeyInfo>
+ <X509Data/>
+ </KeyInfo>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha384-rsa-sha384.xml b/tests/aleksey-xmldsig-01/enveloping-sha384-rsa-sha384.xml
new file mode 100644
index 00000000..4aeaac19
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha384-rsa-sha384.xml
@@ -0,0 +1,103 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha384"/>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/>
+ <DigestValue>uTx8AeqrTmv+nijRsWW7TOs1pCIuCudsFRVloP6hPin8Q4x9fFX2j/zj53XB37OG</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>uFn4ZDXvFwAuXt5pROQidUaCGAG1ptEeia2AIzQzRQpWnE9CQ/v+qXYC0PZITr7/
+UeYAr5vGnjXT4euuq/Na5HlTkUSIPfNP0XobrkbFoQHDsceKnw47OhinXICRxeAS
+HPNGrQ9lal9TatY/EG33dhpSOyHjngT+g4FxHDAchqNaUSTJHt5t8i+q0INA8Crx
+98AfhcbkfkcJZ3sZ4aGyvFJEq203KXEhCyQExZ/t1jjXhlEc+KX+2+qmiQnS6Ndy
+Ql4RbQt6us/wjXrunNEjYR75+k6U2U1cqZmPoHJtxEP9E1DfVHd5nkWs/nYS3u78
+Udz5Ot2Ms/7URAywG6sA6jPl2WZUe/kdvXfhYT4mR8cK9f/hPCXn4C0/cMTZEJRa
+lO1KajV590QmHv188Ec3nyaeorYnF/1oNdSXERlsEp4ZttfyQTIKqVQXMwZWjnid
+He09m3vBPZFUfy3oK7Y9fdaV4lNrhG7UVd9jhJwyE089sfqGvk5M02K2cBuES54d
+lU0IksBwqKwomfrjU0eMMqF59R5sKu1/25XmnJwj6SBEpeqxlWzz7NSLMIEJEdwq
+2ZkTvQEYbZjo/p0U1e8qr4w/zRamSQUhAaHPsuYrG4x5QnjMd6s8uxkOchnAEyYO
+ZtF20MPtrH6k1D7JwxPb87C8ET75iKR4lm4lYJiFrn8=</SignatureValue>
+ <KeyInfo>
+ <X509Data>
+<X509Certificate>MIIEFTCCA36gAwIBAgIJANaOuOCRgiz4MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wHhcNMDUwNzEw
+MDIyOTU1WhcNMTUwNzA4MDIyOTU1WjCByDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
+CkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRw
+Oi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKjAoBgNVBAsTIVRlc3QgU2Vjb25k
+IExldmVsIFJTQSBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEh
+MB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMFwwDQYJKoZIhvcNAQEB
+BQADSwAwSAJBALK68onYK5Q8PfeCE+3hDwyKV6wfFVtunIp+ZputhWkMZUOY4oqn
+ffuolRln3kp/CVdtHaPTPIpYma9HFTH4+xMCAwEAAaOCAVMwggFPMAwGA1UdEwQF
+MAMBAf8wLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmlj
+YXRlMB0GA1UdDgQWBBT+5OxTJPCVlccQteFEtV05ZVrjfjCB8QYDVR0jBIHpMIHm
+gBTaRulr5q/TParlIUtS7cpmKOD+haGBwqSBvzCBvDELMAkGA1UEBhMCVVMxEzAR
+BgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5
+IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRlc3Qg
+Um9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqG
+SIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggkA1o644JGCLPcwDQYJKoZIhvcN
+AQEFBQADgYEAmY0RjbSVqOU/xvyhSq8Juk6u8bDHYIUgrfhIDZUtVT1s+op4ReOO
+kC7W7ZDOl8MxhJmt4KMqc6niYoQeuXTA9QpOleBqi8R7+0cyeGebo5JOFWN7J7wl
+lupKp1iJcKtcARwA7bso/Q5OefAwDN4pucg13fOYKVktF8XLQkIUsfY=</X509Certificate>
+<X509Certificate>MIIETTCCA7agAwIBAgIJANaOuOCRgiz3MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wHhcNMDUwNzEw
+MDIyOTAxWhcNMTUwNzA4MDIyOTAxWjCBvDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
+CkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRw
+Oi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRlc3QgUm9vdCBD
+ZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJ
+ARYSeG1sc2VjQGFsZWtzZXkuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDayaFajJxOdVU+8EjwO31S2XqNmYxxbHfiUJO3w2h57OPUkKAcKe5Gvt9hJbPT
+b3C4blPScOke2RexKnXS7pAXXbxFlgUlZ0QK0K2pdl559OSmrtH3mPP9BJvvDMlx
+kcNj9/EeD+yGd8GN/yT6PTDh8G/4lszOXL+tyKIkC4Ys/wIDAQABo4IBUzCCAU8w
+DAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
+Q2VydGlmaWNhdGUwHQYDVR0OBBYEFNpG6Wvmr9M9quUhS1LtymYo4P6FMIHxBgNV
+HSMEgekwgeaAFNpG6Wvmr9M9quUhS1LtymYo4P6FoYHCpIG/MIG8MQswCQYDVQQG
+EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3VyaXR5
+IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwGA1UE
+CxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNhbmlu
+MSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CCQDWjrjgkYIs9zAN
+BgkqhkiG9w0BAQUFAAOBgQBUXbdOTQwArcNrbxavzARp2JGOnzo6WzTm+OFSXC0F
+08YwT8jWbht97e8lNNVOBU4Y/38ReZqYC9OqFofG1/O9AdQ58WL/FWg8DgP5MJPT
+T9kRU3FU01jUiX2+kbdnghZAOJm0ziRNxfNPwIIWPKYXyXEKQQzrnxyFey1hP7cg
+6A==</X509Certificate>
+<X509Certificate>MIIFmTCCBUOgAwIBAgIJANaOuOCRgiz8MA0GCSqGSIb3DQEBBQUAMIHIMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEqMCgG
+A1UECxMhVGVzdCBTZWNvbmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQD
+Ew1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5j
+b20wHhcNMDUwNzExMDI1MDExWhcNMTUwNzA5MDI1MDExWjCBuTELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBM
+aWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxGzAZBgNVBAsT
+ElRlc3QgTGFyZ2UgUlNBIEtleTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8G
+CSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMIICIjANBgkqhkiG9w0BAQEF
+AAOCAg8AMIICCgKCAgEA82H5NlSuXRdoGxgoJHJOOV2/IBfIfCBZ+6NC5Cy3DW2X
+fuGbulnD5+hk/3Y1WOCQ+isTkl+6t39UJW7OzRujeJI0MX+d3IBhPHJpbbg1qPgf
+A2zl10FTJISKcnA84jmL7HCd088uCPYFgK82j+2O799QM5RYFY+HxLRlPaHRIwBq
+ZzVgBli9Q4qGUin0oeFff1luykp4Fp3aBNlh1KPqaXJ/G6r/yAdRE1DBPn2b93Dc
+ul2UqSus6lbgPH9dke+9giXyN+ss2a233T68hnqviY/5Ml6c0EEMjLeEXinpT/y1
+XPT5gjK5Ne2ECjIjMrWkscjFoBa1d40hj1OAxKGkZe6vCoQdNDDjBzXOFo5pe7ch
+kVYmwtc/eQ7gsnelymCIFTCPZaqPnZ/QUD0qm09hykMZuWlYG5h3Q0IeCHwwWFLU
+s+vRop4o3RuW/fko/XbY7JEh0Y1CTPUFcC7Su5rFyOF3XU5fwqufwHVREW7qaw7U
+vJPepJXj0lJXrHTFpuWilD/YQw5CjHWtDGnRqI7nSXcrOK/JrEN3J5CCHWLmMaAb
+F75+Yywp7Bs9S1I57Hoq/Egvvc7ZHyEC+yxu2UAUxWrOILwM5K6HNdLaX9uVUPPj
+7SyTrUJbr2X++EsK3GB/3Ug4iND8pKr8XweXz663Qz2H675R4/GMH2NDKSSMlCMC
+AwEAAaOCAVMwggFPMAwGA1UdEwQFMAMBAf8wLAYJYIZIAYb4QgENBB8WHU9wZW5T
+U0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSQNTYRUvkAZfxx53Ow
+ke0LGYTGKDCB8QYDVR0jBIHpMIHmgBT+5OxTJPCVlccQteFEtV05ZVrjfqGBwqSB
+vzCBvDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoT
+NFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3ht
+bHNlYykxHjAcBgNVBAsTFVRlc3QgUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMN
+QWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29t
+ggkA1o644JGCLPgwDQYJKoZIhvcNAQEFBQADQQB5zUH88GYT8Xa9IlHdkS96Rv2w
+6kTmc12sAC1uDJCl4TvyTHV5Egjrf/qCfeD3dttjbAfpZQqYiE6xD9JXPd9P</X509Certificate>
+</X509Data>
+ </KeyInfo>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha512-hmac-sha512-64.tmpl b/tests/aleksey-xmldsig-01/enveloping-sha512-hmac-sha512-64.tmpl
new file mode 100644
index 00000000..e1f37028
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha512-hmac-sha512-64.tmpl
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha512">
+ <HMACOutputLength>80</HMACOutputLength>
+ </SignatureMethod>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha512-hmac-sha512-64.xml b/tests/aleksey-xmldsig-01/enveloping-sha512-hmac-sha512-64.xml
new file mode 100644
index 00000000..ccc0f4a3
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha512-hmac-sha512-64.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha512">
+ <HMACOutputLength>80</HMACOutputLength>
+ </SignatureMethod>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
+ <DigestValue>E2Jo801uUCgAIa65niLU7jPSWPWUbsgT+okPgBcw/h72V7bmI0J2faJ+8EbwVwah
+XDnbRaf22WqerzX1vL0QzA==</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>shktZYjrs58vuA==</SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha512-hmac-sha512.tmpl b/tests/aleksey-xmldsig-01/enveloping-sha512-hmac-sha512.tmpl
new file mode 100644
index 00000000..0c0a5ec2
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha512-hmac-sha512.tmpl
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha512"/>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha512-hmac-sha512.xml b/tests/aleksey-xmldsig-01/enveloping-sha512-hmac-sha512.xml
new file mode 100644
index 00000000..e672b8b6
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha512-hmac-sha512.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha512"/>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
+ <DigestValue>E2Jo801uUCgAIa65niLU7jPSWPWUbsgT+okPgBcw/h72V7bmI0J2faJ+8EbwVwah
+XDnbRaf22WqerzX1vL0QzA==</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>Zrlh7+epRyXMyvjgAzF9jRFFTWPEOTeOGh5HxrEn0xkKMvQtdAK36Xm1y92HmPlL
+SHYkQIF4KJJ5iIWQ0k/Lnw==</SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha512-rsa-sha512.tmpl b/tests/aleksey-xmldsig-01/enveloping-sha512-rsa-sha512.tmpl
new file mode 100644
index 00000000..4286ceda
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha512-rsa-sha512.tmpl
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <KeyInfo>
+ <X509Data/>
+ </KeyInfo>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/enveloping-sha512-rsa-sha512.xml b/tests/aleksey-xmldsig-01/enveloping-sha512-rsa-sha512.xml
new file mode 100644
index 00000000..5f37cf4f
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/enveloping-sha512-rsa-sha512.xml
@@ -0,0 +1,104 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
+ <DigestValue>E2Jo801uUCgAIa65niLU7jPSWPWUbsgT+okPgBcw/h72V7bmI0J2faJ+8EbwVwah
+XDnbRaf22WqerzX1vL0QzA==</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>X2d4uz1EmG0woubIv7rk7qznSNus9TtcDMvITXReQoeDLgsgdwtTlfkBIbOsR1Dr
+UNByKIpO/8FjRrqkdv6Ti+tR3tpSZHxeRKOyDvIjz5pUUcytikvT7MK7hPwq3TSe
+u0AW9ybbY6TKENJWI2IOKxj134QFJZCVfsGUnXxp2JY//OhuLMHU47WBIEOnG4pd
+heS/RkatH9s7ZbSkwWuN3HPUh3pssL5KPnwHnFdOIAaf7DcEjnegmmIv/5hedcto
+OvzAVrGoeht/UDYqOO7P4C6qwSr9UoUHaVFa/mCjWdk+Ld+P5SVywBYw3rlPVK6Y
+Os6YGMi8OC+HYjhSLn87xjZhX1LUmZjGrxIPtpkuY3i3YvQRo0im/o0u01CIKoXF
+ruAm3UzJs4dvwIuSgy6Jwso/y6KWuWM/fbjtoz7kKaalhmh51YW+0LNwwy5DutLv
+Ty9GOjTei/XZmSqkYTNtsn6FCcQs32q+l+t7q46t4RU7IBq50VJIJ8M+CRFFK1zt
+TdAd/ifZloxU7Dibg7qtUKwLf2YJDHMxyi4dYFiL1EbadJBnmsgcmbamhhvYidUt
+5M0PGCJxg9zURw7t81OT3c9mmgMkxVcAmjGqiZTlkNgsa+q7uiBfyCp8GbkejNBv
+tV0wvmrUFb5/Ds4qTwSbcNi4IN3YB0X6fy7YhhMW5gQ=</SignatureValue>
+ <KeyInfo>
+ <X509Data>
+<X509Certificate>MIIEFTCCA36gAwIBAgIJANaOuOCRgiz4MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wHhcNMDUwNzEw
+MDIyOTU1WhcNMTUwNzA4MDIyOTU1WjCByDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
+CkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRw
+Oi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKjAoBgNVBAsTIVRlc3QgU2Vjb25k
+IExldmVsIFJTQSBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEh
+MB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMFwwDQYJKoZIhvcNAQEB
+BQADSwAwSAJBALK68onYK5Q8PfeCE+3hDwyKV6wfFVtunIp+ZputhWkMZUOY4oqn
+ffuolRln3kp/CVdtHaPTPIpYma9HFTH4+xMCAwEAAaOCAVMwggFPMAwGA1UdEwQF
+MAMBAf8wLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmlj
+YXRlMB0GA1UdDgQWBBT+5OxTJPCVlccQteFEtV05ZVrjfjCB8QYDVR0jBIHpMIHm
+gBTaRulr5q/TParlIUtS7cpmKOD+haGBwqSBvzCBvDELMAkGA1UEBhMCVVMxEzAR
+BgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5
+IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRlc3Qg
+Um9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqG
+SIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggkA1o644JGCLPcwDQYJKoZIhvcN
+AQEFBQADgYEAmY0RjbSVqOU/xvyhSq8Juk6u8bDHYIUgrfhIDZUtVT1s+op4ReOO
+kC7W7ZDOl8MxhJmt4KMqc6niYoQeuXTA9QpOleBqi8R7+0cyeGebo5JOFWN7J7wl
+lupKp1iJcKtcARwA7bso/Q5OefAwDN4pucg13fOYKVktF8XLQkIUsfY=</X509Certificate>
+<X509Certificate>MIIETTCCA7agAwIBAgIJANaOuOCRgiz3MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wHhcNMDUwNzEw
+MDIyOTAxWhcNMTUwNzA4MDIyOTAxWjCBvDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
+CkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRw
+Oi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRlc3QgUm9vdCBD
+ZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJ
+ARYSeG1sc2VjQGFsZWtzZXkuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDayaFajJxOdVU+8EjwO31S2XqNmYxxbHfiUJO3w2h57OPUkKAcKe5Gvt9hJbPT
+b3C4blPScOke2RexKnXS7pAXXbxFlgUlZ0QK0K2pdl559OSmrtH3mPP9BJvvDMlx
+kcNj9/EeD+yGd8GN/yT6PTDh8G/4lszOXL+tyKIkC4Ys/wIDAQABo4IBUzCCAU8w
+DAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
+Q2VydGlmaWNhdGUwHQYDVR0OBBYEFNpG6Wvmr9M9quUhS1LtymYo4P6FMIHxBgNV
+HSMEgekwgeaAFNpG6Wvmr9M9quUhS1LtymYo4P6FoYHCpIG/MIG8MQswCQYDVQQG
+EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3VyaXR5
+IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwGA1UE
+CxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNhbmlu
+MSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CCQDWjrjgkYIs9zAN
+BgkqhkiG9w0BAQUFAAOBgQBUXbdOTQwArcNrbxavzARp2JGOnzo6WzTm+OFSXC0F
+08YwT8jWbht97e8lNNVOBU4Y/38ReZqYC9OqFofG1/O9AdQ58WL/FWg8DgP5MJPT
+T9kRU3FU01jUiX2+kbdnghZAOJm0ziRNxfNPwIIWPKYXyXEKQQzrnxyFey1hP7cg
+6A==</X509Certificate>
+<X509Certificate>MIIFmTCCBUOgAwIBAgIJANaOuOCRgiz8MA0GCSqGSIb3DQEBBQUAMIHIMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEqMCgG
+A1UECxMhVGVzdCBTZWNvbmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQD
+Ew1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5j
+b20wHhcNMDUwNzExMDI1MDExWhcNMTUwNzA5MDI1MDExWjCBuTELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBM
+aWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxGzAZBgNVBAsT
+ElRlc3QgTGFyZ2UgUlNBIEtleTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8G
+CSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMIICIjANBgkqhkiG9w0BAQEF
+AAOCAg8AMIICCgKCAgEA82H5NlSuXRdoGxgoJHJOOV2/IBfIfCBZ+6NC5Cy3DW2X
+fuGbulnD5+hk/3Y1WOCQ+isTkl+6t39UJW7OzRujeJI0MX+d3IBhPHJpbbg1qPgf
+A2zl10FTJISKcnA84jmL7HCd088uCPYFgK82j+2O799QM5RYFY+HxLRlPaHRIwBq
+ZzVgBli9Q4qGUin0oeFff1luykp4Fp3aBNlh1KPqaXJ/G6r/yAdRE1DBPn2b93Dc
+ul2UqSus6lbgPH9dke+9giXyN+ss2a233T68hnqviY/5Ml6c0EEMjLeEXinpT/y1
+XPT5gjK5Ne2ECjIjMrWkscjFoBa1d40hj1OAxKGkZe6vCoQdNDDjBzXOFo5pe7ch
+kVYmwtc/eQ7gsnelymCIFTCPZaqPnZ/QUD0qm09hykMZuWlYG5h3Q0IeCHwwWFLU
+s+vRop4o3RuW/fko/XbY7JEh0Y1CTPUFcC7Su5rFyOF3XU5fwqufwHVREW7qaw7U
+vJPepJXj0lJXrHTFpuWilD/YQw5CjHWtDGnRqI7nSXcrOK/JrEN3J5CCHWLmMaAb
+F75+Yywp7Bs9S1I57Hoq/Egvvc7ZHyEC+yxu2UAUxWrOILwM5K6HNdLaX9uVUPPj
+7SyTrUJbr2X++EsK3GB/3Ug4iND8pKr8XweXz663Qz2H675R4/GMH2NDKSSMlCMC
+AwEAAaOCAVMwggFPMAwGA1UdEwQFMAMBAf8wLAYJYIZIAYb4QgENBB8WHU9wZW5T
+U0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSQNTYRUvkAZfxx53Ow
+ke0LGYTGKDCB8QYDVR0jBIHpMIHmgBT+5OxTJPCVlccQteFEtV05ZVrjfqGBwqSB
+vzCBvDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoT
+NFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3ht
+bHNlYykxHjAcBgNVBAsTFVRlc3QgUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMN
+QWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29t
+ggkA1o644JGCLPgwDQYJKoZIhvcNAQEFBQADQQB5zUH88GYT8Xa9IlHdkS96Rv2w
+6kTmc12sAC1uDJCl4TvyTHV5Egjrf/qCfeD3dttjbAfpZQqYiE6xD9JXPd9P</X509Certificate>
+</X509Data>
+ </KeyInfo>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/aleksey-xmldsig-01/x509data-sn-test.tmpl b/tests/aleksey-xmldsig-01/x509data-sn-test.tmpl
new file mode 100755
index 00000000..9a875c06
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/x509data-sn-test.tmpl
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Document>
+ <ToBeSigned>
+ Some very secret data
+ </ToBeSigned>
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2">
+ <XPath xmlns="http://www.w3.org/2002/06/xmldsig-filter2" Filter="intersect"> //ToBeSigned </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue/>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue/>
+ <KeyInfo>
+ <X509Data>
+ <X509IssuerSerial/>
+ </X509Data>
+ </KeyInfo>
+ </Signature>
+</Document>
diff --git a/tests/aleksey-xmldsig-01/x509data-sn-test.xml b/tests/aleksey-xmldsig-01/x509data-sn-test.xml
new file mode 100755
index 00000000..2136faa4
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/x509data-sn-test.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Document>
+ <ToBeSigned>
+ Some very secret data
+ </ToBeSigned>
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2">
+ <XPath xmlns="http://www.w3.org/2002/06/xmldsig-filter2" Filter="intersect"> //ToBeSigned </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <DigestValue>3om1gINPzaogcdLuDdjIQlls4NE=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>W/X7k6Q6T9RFW56VkRV9HGW5wkyUxvvlUcEyUkggVE04gsOK0Rx0rqq2woUxzkk1
+jvXfCtm2xknb2/cOmqfO/g==</SignatureValue>
+ <KeyInfo>
+ <X509Data>
+
+ <X509IssuerSerial>
+<X509IssuerName>emailAddress=xmlsec@aleksey.com,CN=Aleksey Sanin,OU=Test Root Certificate,O=XML Security Library (http://www.aleksey.com/xmlsec),ST=California,C=US</X509IssuerName>
+<X509SerialNumber>15460497845462904056</X509SerialNumber>
+</X509IssuerSerial>
+<X509IssuerSerial>
+<X509IssuerName>emailAddress=xmlsec@aleksey.com,CN=Aleksey Sanin,OU=Test Root Certificate,O=XML Security Library (http://www.aleksey.com/xmlsec),ST=California,C=US</X509IssuerName>
+<X509SerialNumber>15460497845462904055</X509SerialNumber>
+</X509IssuerSerial>
+<X509IssuerSerial>
+<X509IssuerName>emailAddress=xmlsec@aleksey.com,CN=Aleksey Sanin,OU=Test Second Level RSA Certificate,O=XML Security Library (http://www.aleksey.com/xmlsec),ST=California,C=US</X509IssuerName>
+<X509SerialNumber>15460497845462904058</X509SerialNumber>
+</X509IssuerSerial>
+</X509Data>
+ </KeyInfo>
+ </Signature>
+</Document>
diff --git a/tests/aleksey-xmldsig-01/x509data-test.tmpl b/tests/aleksey-xmldsig-01/x509data-test.tmpl
new file mode 100644
index 00000000..fe860b33
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/x509data-test.tmpl
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Document>
+ <ToBeSigned>
+ Some very secret data
+ </ToBeSigned>
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2">
+ <XPath xmlns="http://www.w3.org/2002/06/xmldsig-filter2" Filter="intersect"> //ToBeSigned </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue/>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue/>
+ <KeyInfo>
+ <X509Data>
+ <X509SubjectName/>
+ <X509IssuerSerial/>
+ <X509SKI/>
+ <X509Certificate/>
+ <X509CRL/>
+ </X509Data>
+ </KeyInfo>
+ </Signature>
+</Document>
diff --git a/tests/aleksey-xmldsig-01/x509data-test.xml b/tests/aleksey-xmldsig-01/x509data-test.xml
new file mode 100644
index 00000000..287cc778
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/x509data-test.xml
@@ -0,0 +1,117 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Document>
+ <ToBeSigned>
+ Some very secret data
+ </ToBeSigned>
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2">
+ <XPath xmlns="http://www.w3.org/2002/06/xmldsig-filter2" Filter="intersect"> //ToBeSigned </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <DigestValue>3om1gINPzaogcdLuDdjIQlls4NE=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>W/X7k6Q6T9RFW56VkRV9HGW5wkyUxvvlUcEyUkggVE04gsOK0Rx0rqq2woUxzkk1
+jvXfCtm2xknb2/cOmqfO/g==</SignatureValue>
+ <KeyInfo>
+ <X509Data>
+
+
+
+
+
+ <X509Certificate>MIIEFTCCA36gAwIBAgIJANaOuOCRgiz4MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wHhcNMDUwNzEw
+MDIyOTU1WhcNMTUwNzA4MDIyOTU1WjCByDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
+CkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRw
+Oi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKjAoBgNVBAsTIVRlc3QgU2Vjb25k
+IExldmVsIFJTQSBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEh
+MB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMFwwDQYJKoZIhvcNAQEB
+BQADSwAwSAJBALK68onYK5Q8PfeCE+3hDwyKV6wfFVtunIp+ZputhWkMZUOY4oqn
+ffuolRln3kp/CVdtHaPTPIpYma9HFTH4+xMCAwEAAaOCAVMwggFPMAwGA1UdEwQF
+MAMBAf8wLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmlj
+YXRlMB0GA1UdDgQWBBT+5OxTJPCVlccQteFEtV05ZVrjfjCB8QYDVR0jBIHpMIHm
+gBTaRulr5q/TParlIUtS7cpmKOD+haGBwqSBvzCBvDELMAkGA1UEBhMCVVMxEzAR
+BgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5
+IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRlc3Qg
+Um9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqG
+SIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggkA1o644JGCLPcwDQYJKoZIhvcN
+AQEFBQADgYEAmY0RjbSVqOU/xvyhSq8Juk6u8bDHYIUgrfhIDZUtVT1s+op4ReOO
+kC7W7ZDOl8MxhJmt4KMqc6niYoQeuXTA9QpOleBqi8R7+0cyeGebo5JOFWN7J7wl
+lupKp1iJcKtcARwA7bso/Q5OefAwDN4pucg13fOYKVktF8XLQkIUsfY=</X509Certificate>
+<X509SubjectName>emailAddress=xmlsec@aleksey.com,CN=Aleksey Sanin,OU=Test Second Level RSA Certificate,O=XML Security Library (http://www.aleksey.com/xmlsec),ST=California,C=US</X509SubjectName>
+<X509IssuerSerial>
+<X509IssuerName>emailAddress=xmlsec@aleksey.com,CN=Aleksey Sanin,OU=Test Root Certificate,O=XML Security Library (http://www.aleksey.com/xmlsec),ST=California,C=US</X509IssuerName>
+<X509SerialNumber>15460497845462904056</X509SerialNumber>
+</X509IssuerSerial>
+<X509SKI>/uTsUyTwlZXHELXhRLVdOWVa434=</X509SKI>
+<X509Certificate>MIIETTCCA7agAwIBAgIJANaOuOCRgiz3MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wHhcNMDUwNzEw
+MDIyOTAxWhcNMTUwNzA4MDIyOTAxWjCBvDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
+CkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRw
+Oi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRlc3QgUm9vdCBD
+ZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJ
+ARYSeG1sc2VjQGFsZWtzZXkuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDayaFajJxOdVU+8EjwO31S2XqNmYxxbHfiUJO3w2h57OPUkKAcKe5Gvt9hJbPT
+b3C4blPScOke2RexKnXS7pAXXbxFlgUlZ0QK0K2pdl559OSmrtH3mPP9BJvvDMlx
+kcNj9/EeD+yGd8GN/yT6PTDh8G/4lszOXL+tyKIkC4Ys/wIDAQABo4IBUzCCAU8w
+DAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
+Q2VydGlmaWNhdGUwHQYDVR0OBBYEFNpG6Wvmr9M9quUhS1LtymYo4P6FMIHxBgNV
+HSMEgekwgeaAFNpG6Wvmr9M9quUhS1LtymYo4P6FoYHCpIG/MIG8MQswCQYDVQQG
+EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3VyaXR5
+IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwGA1UE
+CxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNhbmlu
+MSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CCQDWjrjgkYIs9zAN
+BgkqhkiG9w0BAQUFAAOBgQBUXbdOTQwArcNrbxavzARp2JGOnzo6WzTm+OFSXC0F
+08YwT8jWbht97e8lNNVOBU4Y/38ReZqYC9OqFofG1/O9AdQ58WL/FWg8DgP5MJPT
+T9kRU3FU01jUiX2+kbdnghZAOJm0ziRNxfNPwIIWPKYXyXEKQQzrnxyFey1hP7cg
+6A==</X509Certificate>
+<X509SubjectName>emailAddress=xmlsec@aleksey.com,CN=Aleksey Sanin,OU=Test Root Certificate,O=XML Security Library (http://www.aleksey.com/xmlsec),ST=California,C=US</X509SubjectName>
+<X509IssuerSerial>
+<X509IssuerName>emailAddress=xmlsec@aleksey.com,CN=Aleksey Sanin,OU=Test Root Certificate,O=XML Security Library (http://www.aleksey.com/xmlsec),ST=California,C=US</X509IssuerName>
+<X509SerialNumber>15460497845462904055</X509SerialNumber>
+</X509IssuerSerial>
+<X509SKI>2kbpa+av0z2q5SFLUu3KZijg/oU=</X509SKI>
+<X509Certificate>MIID3zCCA4mgAwIBAgIJANaOuOCRgiz6MA0GCSqGSIb3DQEBBQUAMIHIMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEqMCgG
+A1UECxMhVGVzdCBTZWNvbmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQD
+Ew1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5j
+b20wHhcNMDUwNzEwMDIzMzAyWhcNMTUwNzA4MDIzMzAyWjCBxzELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBM
+aWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKTAnBgNVBAsT
+IFRlc3QgVGhpcmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVr
+c2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wXDAN
+BgkqhkiG9w0BAQEFAANLADBIAkEA09BtD3aeVt6DVDkk0dI7Vh7LjqdnsYmW0tbD
+VxxK+nume+Z9Sb4znbUKkWl+vgQATdRUEyhT2P+Gqrd0UBzYfQIDAQABo4IBUzCC
+AU8wDAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0
+ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNf0xkZ3zjcEI60pVPuwDqTMQygZMIHx
+BgNVHSMEgekwgeaAFP7k7FMk8JWVxxC14US1XTllWuN+oYHCpIG/MIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CCQDWjrjgkYIs
++DANBgkqhkiG9w0BAQUFAANBAEfjvmWwi2gBpYt7bwF6oHiFLoIh5kiLAPrlOFAb
+PZlLDqr5+eDcr1cf0pksgW7fVE9NzTSmwjDFuEcPqJV62Ek=</X509Certificate>
+<X509SubjectName>emailAddress=xmlsec@aleksey.com,CN=Aleksey Sanin,OU=Test Third Level RSA Certificate,O=XML Security Library (http://www.aleksey.com/xmlsec),ST=California,C=US</X509SubjectName>
+<X509IssuerSerial>
+<X509IssuerName>emailAddress=xmlsec@aleksey.com,CN=Aleksey Sanin,OU=Test Second Level RSA Certificate,O=XML Security Library (http://www.aleksey.com/xmlsec),ST=California,C=US</X509IssuerName>
+<X509SerialNumber>15460497845462904058</X509SerialNumber>
+</X509IssuerSerial>
+<X509SKI>1/TGRnfONwQjrSlU+7AOpMxDKBk=</X509SKI>
+</X509Data>
+ </KeyInfo>
+ </Signature>
+</Document>
diff --git a/tests/aleksey-xmldsig-01/xpointer-hmac.tmpl b/tests/aleksey-xmldsig-01/xpointer-hmac.tmpl
new file mode 100644
index 00000000..b96bfbe2
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/xpointer-hmac.tmpl
@@ -0,0 +1,29 @@
+<?xml version="1.0"?>
+<!DOCTYPE test [
+<!ATTLIST ToBeSigned Id ID #IMPLIED>
+]>
+<Document xmlns:xenc="http://www.example.org/xenc" xmlns:dsig="http://www.example.org/dsig">
+ <ToBeSigned Id="foo">
+ <Secrets>Test</Secrets>
+ </ToBeSigned>
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2001/04/xmldsig-more/xptr">
+ <XPointer xmlns="http://www.w3.org/2001/04/xmldsig-more/xptr">
+ xpointer(id(&quot;foo&quot;))
+ </XPointer>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <DigestValue/>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <Object Id="object">some text</Object>
+ </Signature>
+</Document>
diff --git a/tests/aleksey-xmldsig-01/xpointer-hmac.xml b/tests/aleksey-xmldsig-01/xpointer-hmac.xml
new file mode 100644
index 00000000..2a255f8a
--- /dev/null
+++ b/tests/aleksey-xmldsig-01/xpointer-hmac.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0"?>
+<!DOCTYPE test [
+<!ATTLIST ToBeSigned Id ID #IMPLIED>
+]>
+<Document xmlns:xenc="http://www.example.org/xenc" xmlns:dsig="http://www.example.org/dsig">
+ <ToBeSigned Id="foo">
+ <Secrets>Test</Secrets>
+ </ToBeSigned>
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2001/04/xmldsig-more/xptr">
+ <XPointer xmlns="http://www.w3.org/2001/04/xmldsig-more/xptr">
+ xpointer(id(&quot;foo&quot;))
+ </XPointer>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ <DigestValue>faszbFrqwUNeZH5QrXPPobn+zso=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>BTB6iZWZjOIG0JjGjpYbihO3Igg=</SignatureValue>
+ <Object Id="object">some text</Object>
+ </Signature>
+</Document>
diff --git a/tests/aleksey-xmlenc-01/enc-aes128cbc-keyname.data b/tests/aleksey-xmlenc-01/enc-aes128cbc-keyname.data
new file mode 100644
index 00000000..594c477e
--- /dev/null
+++ b/tests/aleksey-xmlenc-01/enc-aes128cbc-keyname.data
@@ -0,0 +1 @@
+AES 128 test \ No newline at end of file
diff --git a/tests/aleksey-xmlenc-01/enc-aes128cbc-keyname.tmpl b/tests/aleksey-xmlenc-01/enc-aes128cbc-keyname.tmpl
new file mode 100644
index 00000000..ac1a0dee
--- /dev/null
+++ b/tests/aleksey-xmlenc-01/enc-aes128cbc-keyname.tmpl
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" MimeType="text/plain">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>test-aes128</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+</EncryptedData>
diff --git a/tests/aleksey-xmlenc-01/enc-aes128cbc-keyname.xml b/tests/aleksey-xmlenc-01/enc-aes128cbc-keyname.xml
new file mode 100644
index 00000000..76098001
--- /dev/null
+++ b/tests/aleksey-xmlenc-01/enc-aes128cbc-keyname.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" MimeType="text/plain">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>test-aes128</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ 432rJLM0EzSdHa3cWLfs3U83HBztt3Ic39z8CNByrpo=
+ </CipherValue>
+ </CipherData>
+</EncryptedData>
diff --git a/tests/aleksey-xmlenc-01/enc-aes192cbc-keyname-ref.data b/tests/aleksey-xmlenc-01/enc-aes192cbc-keyname-ref.data
new file mode 100644
index 00000000..b033a78f
--- /dev/null
+++ b/tests/aleksey-xmlenc-01/enc-aes192cbc-keyname-ref.data
@@ -0,0 +1 @@
+AES 192 test \ No newline at end of file
diff --git a/tests/aleksey-xmlenc-01/enc-aes192cbc-keyname-ref.xml b/tests/aleksey-xmlenc-01/enc-aes192cbc-keyname-ref.xml
new file mode 100644
index 00000000..38318246
--- /dev/null
+++ b/tests/aleksey-xmlenc-01/enc-aes192cbc-keyname-ref.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE test [
+<!ATTLIST CipherValue Id ID #IMPLIED>
+]>
+<Test>
+ <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" MimeType="text/plain">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>test-aes192</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherReference URI="#object1">
+ <Transforms>
+ <Transform xmlns="http://www.w3.org/2000/09/xmldsig#"
+ Algorithm="http://www.w3.org/2000/09/xmldsig#base64" />
+ </Transforms>
+ </CipherReference>
+ </CipherData>
+ </EncryptedData>
+ <CipherValue Id="object1">AJLsXcJ1gw8iioTiVGnmQRpzOO+FWsQscv3Lh6H6lXo=</CipherValue>
+</Test>
diff --git a/tests/aleksey-xmlenc-01/enc-aes192cbc-keyname.data b/tests/aleksey-xmlenc-01/enc-aes192cbc-keyname.data
new file mode 100644
index 00000000..b033a78f
--- /dev/null
+++ b/tests/aleksey-xmlenc-01/enc-aes192cbc-keyname.data
@@ -0,0 +1 @@
+AES 192 test \ No newline at end of file
diff --git a/tests/aleksey-xmlenc-01/enc-aes192cbc-keyname.tmpl b/tests/aleksey-xmlenc-01/enc-aes192cbc-keyname.tmpl
new file mode 100644
index 00000000..5a472d0f
--- /dev/null
+++ b/tests/aleksey-xmlenc-01/enc-aes192cbc-keyname.tmpl
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" MimeType="text/plain">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>test-aes192</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+</EncryptedData>
diff --git a/tests/aleksey-xmlenc-01/enc-aes192cbc-keyname.xml b/tests/aleksey-xmlenc-01/enc-aes192cbc-keyname.xml
new file mode 100644
index 00000000..deb92cdc
--- /dev/null
+++ b/tests/aleksey-xmlenc-01/enc-aes192cbc-keyname.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" MimeType="text/plain">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>test-aes192</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ AJLsXcJ1gw8iioTiVGnmQRpzOO+FWsQscv3Lh6H6lXo=
+ </CipherValue>
+ </CipherData>
+</EncryptedData>
diff --git a/tests/aleksey-xmlenc-01/enc-aes256cbc-keyname.data b/tests/aleksey-xmlenc-01/enc-aes256cbc-keyname.data
new file mode 100644
index 00000000..0050ab2b
--- /dev/null
+++ b/tests/aleksey-xmlenc-01/enc-aes256cbc-keyname.data
@@ -0,0 +1 @@
+AES 256 test \ No newline at end of file
diff --git a/tests/aleksey-xmlenc-01/enc-aes256cbc-keyname.tmpl b/tests/aleksey-xmlenc-01/enc-aes256cbc-keyname.tmpl
new file mode 100644
index 00000000..f3821f4c
--- /dev/null
+++ b/tests/aleksey-xmlenc-01/enc-aes256cbc-keyname.tmpl
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" MimeType="text/plain">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>test-aes256</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue/>
+ </CipherData>
+</EncryptedData>
diff --git a/tests/aleksey-xmlenc-01/enc-aes256cbc-keyname.xml b/tests/aleksey-xmlenc-01/enc-aes256cbc-keyname.xml
new file mode 100644
index 00000000..c1ffb715
--- /dev/null
+++ b/tests/aleksey-xmlenc-01/enc-aes256cbc-keyname.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" MimeType="text/plain">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>test-aes256</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ yBkkKOjMipVQ8TFH2hztqEdz+GY24hwA/NTbhAZmBnM=
+ </CipherValue>
+ </CipherData>
+</EncryptedData>
diff --git a/tests/aleksey-xmlenc-01/enc-des3cbc-aes192-keyname.data b/tests/aleksey-xmlenc-01/enc-des3cbc-aes192-keyname.data
new file mode 100644
index 00000000..2c05c79b
--- /dev/null
+++ b/tests/aleksey-xmlenc-01/enc-des3cbc-aes192-keyname.data
@@ -0,0 +1 @@
+DES3 with AES 192 EncryptedKey test \ No newline at end of file
diff --git a/tests/aleksey-xmlenc-01/enc-des3cbc-aes192-keyname.tmpl b/tests/aleksey-xmlenc-01/enc-des3cbc-aes192-keyname.tmpl
new file mode 100644
index 00000000..539d63ea
--- /dev/null
+++ b/tests/aleksey-xmlenc-01/enc-des3cbc-aes192-keyname.tmpl
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" MimeType="text/plain" >
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>test-aes192</KeyName>
+ </KeyInfo>
+ <CipherData><CipherValue /></CipherData>
+ </EncryptedKey>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue />
+ </CipherData>
+</EncryptedData> \ No newline at end of file
diff --git a/tests/aleksey-xmlenc-01/enc-des3cbc-aes192-keyname.xml b/tests/aleksey-xmlenc-01/enc-des3cbc-aes192-keyname.xml
new file mode 100644
index 00000000..039b8ce0
--- /dev/null
+++ b/tests/aleksey-xmlenc-01/enc-des3cbc-aes192-keyname.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" MimeType="text/plain">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc"/>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>test-aes192</KeyName>
+ </KeyInfo>
+ <CipherData><CipherValue>W2NlGNjoDf4uJDaVvgwmts4OrhHvJB5Fp70uE3WQzp2yIg9CPSi7cI17AC/C1heM</CipherValue></CipherData>
+ </EncryptedKey>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ 1PP85RS57jDTni0Yq61fo7P7mUUIZSYPu5yyIMUtAscecST0B3SguUyCvTAoBw46
+ </CipherValue>
+ </CipherData>
+</EncryptedData>
diff --git a/tests/aleksey-xmlenc-01/enc-des3cbc-keyname-content.data b/tests/aleksey-xmlenc-01/enc-des3cbc-keyname-content.data
new file mode 100644
index 00000000..0532dec5
--- /dev/null
+++ b/tests/aleksey-xmlenc-01/enc-des3cbc-keyname-content.data
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE test [
+<!ATTLIST Test Id ID #IMPLIED>
+]>
+<Test Id="Test">
+test
+</Test>
diff --git a/tests/aleksey-xmlenc-01/enc-des3cbc-keyname-content.tmpl b/tests/aleksey-xmlenc-01/enc-des3cbc-keyname-content.tmpl
new file mode 100644
index 00000000..c3e5ba8d
--- /dev/null
+++ b/tests/aleksey-xmlenc-01/enc-des3cbc-keyname-content.tmpl
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE test [
+<!ATTLIST Test Id ID #IMPLIED>
+]>
+<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" MimeType="text/plain" Type="http://www.w3.org/2001/04/xmlenc#Content">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>test-des</KeyName>
+ </KeyInfo>
+ <CipherData><CipherValue/></CipherData>
+</EncryptedData> \ No newline at end of file
diff --git a/tests/aleksey-xmlenc-01/enc-des3cbc-keyname-content.xml b/tests/aleksey-xmlenc-01/enc-des3cbc-keyname-content.xml
new file mode 100644
index 00000000..d7f96276
--- /dev/null
+++ b/tests/aleksey-xmlenc-01/enc-des3cbc-keyname-content.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE test [
+<!ATTLIST Test Id ID #IMPLIED>
+]>
+<Test Id="Test"><EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" MimeType="text/plain" Type="http://www.w3.org/2001/04/xmlenc#Content">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>test-des</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ V0CekKjZodbqjW4Yq3lMkA==
+ </CipherValue>
+ </CipherData>
+</EncryptedData></Test>
diff --git a/tests/aleksey-xmlenc-01/enc-des3cbc-keyname-element-root.data b/tests/aleksey-xmlenc-01/enc-des3cbc-keyname-element-root.data
new file mode 100644
index 00000000..0532dec5
--- /dev/null
+++ b/tests/aleksey-xmlenc-01/enc-des3cbc-keyname-element-root.data
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE test [
+<!ATTLIST Test Id ID #IMPLIED>
+]>
+<Test Id="Test">
+test
+</Test>
diff --git a/tests/aleksey-xmlenc-01/enc-des3cbc-keyname-element-root.tmpl b/tests/aleksey-xmlenc-01/enc-des3cbc-keyname-element-root.tmpl
new file mode 100644
index 00000000..02a8a878
--- /dev/null
+++ b/tests/aleksey-xmlenc-01/enc-des3cbc-keyname-element-root.tmpl
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE test [
+<!ATTLIST Test Id ID #IMPLIED>
+]>
+<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" MimeType="text/plain" Type="http://www.w3.org/2001/04/xmlenc#Element">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>test-des</KeyName>
+ </KeyInfo>
+ <CipherData><CipherValue/></CipherData>
+</EncryptedData> \ No newline at end of file
diff --git a/tests/aleksey-xmlenc-01/enc-des3cbc-keyname-element-root.xml b/tests/aleksey-xmlenc-01/enc-des3cbc-keyname-element-root.xml
new file mode 100644
index 00000000..1ed96274
--- /dev/null
+++ b/tests/aleksey-xmlenc-01/enc-des3cbc-keyname-element-root.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE test [
+<!ATTLIST Test Id ID #IMPLIED>
+]>
+<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" MimeType="text/plain" Type="http://www.w3.org/2001/04/xmlenc#Element">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>test-des</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ HDvKKAd3/jXGSiDF1166ltlr9VMWOjeqGF3A+wVteY0+efDB3kgYMg==
+ </CipherValue>
+ </CipherData>
+</EncryptedData>
diff --git a/tests/aleksey-xmlenc-01/enc-des3cbc-keyname-element.data b/tests/aleksey-xmlenc-01/enc-des3cbc-keyname-element.data
new file mode 100644
index 00000000..ac486415
--- /dev/null
+++ b/tests/aleksey-xmlenc-01/enc-des3cbc-keyname-element.data
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE test [
+<!ATTLIST Test Id ID #IMPLIED>
+]>
+<Envelope>
+ <Test Id="Test">
+ test
+ </Test>
+</Envelope>
diff --git a/tests/aleksey-xmlenc-01/enc-des3cbc-keyname-element.tmpl b/tests/aleksey-xmlenc-01/enc-des3cbc-keyname-element.tmpl
new file mode 100644
index 00000000..02a8a878
--- /dev/null
+++ b/tests/aleksey-xmlenc-01/enc-des3cbc-keyname-element.tmpl
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE test [
+<!ATTLIST Test Id ID #IMPLIED>
+]>
+<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" MimeType="text/plain" Type="http://www.w3.org/2001/04/xmlenc#Element">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>test-des</KeyName>
+ </KeyInfo>
+ <CipherData><CipherValue/></CipherData>
+</EncryptedData> \ No newline at end of file
diff --git a/tests/aleksey-xmlenc-01/enc-des3cbc-keyname-element.xml b/tests/aleksey-xmlenc-01/enc-des3cbc-keyname-element.xml
new file mode 100644
index 00000000..fab88415
--- /dev/null
+++ b/tests/aleksey-xmlenc-01/enc-des3cbc-keyname-element.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE test [
+<!ATTLIST Test Id ID #IMPLIED>
+]>
+<Envelope>
+ <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" MimeType="text/plain" Type="http://www.w3.org/2001/04/xmlenc#Element">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>test-des</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ R7/6DcpvRzHeYQ09rSjgm6COYB3srMqwpxeBWRmzT2P+lwa/bZGgZEOSQyayMEIt
+ </CipherValue>
+ </CipherData>
+</EncryptedData>
+</Envelope>
diff --git a/tests/aleksey-xmlenc-01/enc-des3cbc-keyname.data b/tests/aleksey-xmlenc-01/enc-des3cbc-keyname.data
new file mode 100644
index 00000000..30d74d25
--- /dev/null
+++ b/tests/aleksey-xmlenc-01/enc-des3cbc-keyname.data
@@ -0,0 +1 @@
+test \ No newline at end of file
diff --git a/tests/aleksey-xmlenc-01/enc-des3cbc-keyname.tmpl b/tests/aleksey-xmlenc-01/enc-des3cbc-keyname.tmpl
new file mode 100644
index 00000000..8ccb664d
--- /dev/null
+++ b/tests/aleksey-xmlenc-01/enc-des3cbc-keyname.tmpl
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" MimeType="text/plain">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName />
+ </KeyInfo>
+ <CipherData><CipherValue /></CipherData>
+</EncryptedData>
diff --git a/tests/aleksey-xmlenc-01/enc-des3cbc-keyname.xml b/tests/aleksey-xmlenc-01/enc-des3cbc-keyname.xml
new file mode 100644
index 00000000..fdcccee9
--- /dev/null
+++ b/tests/aleksey-xmlenc-01/enc-des3cbc-keyname.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" MimeType="text/plain">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>test-des</KeyName>
+ </KeyInfo>
+ <CipherData> <CipherValue>iWFa3B64eDmVedgWVjyDag== </CipherValue></CipherData>
+</EncryptedData>
diff --git a/tests/aleksey-xmlenc-01/enc-des3cbc-keyname2.data b/tests/aleksey-xmlenc-01/enc-des3cbc-keyname2.data
new file mode 100644
index 00000000..541425af
--- /dev/null
+++ b/tests/aleksey-xmlenc-01/enc-des3cbc-keyname2.data
@@ -0,0 +1 @@
+big secret \ No newline at end of file
diff --git a/tests/aleksey-xmlenc-01/enc-des3cbc-keyname2.tmpl b/tests/aleksey-xmlenc-01/enc-des3cbc-keyname2.tmpl
new file mode 100644
index 00000000..7a8d4cc1
--- /dev/null
+++ b/tests/aleksey-xmlenc-01/enc-des3cbc-keyname2.tmpl
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" MimeType="text/plain">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName />
+ </KeyInfo>
+ <CipherData>
+<CipherValue />
+</CipherData>
+</EncryptedData>
diff --git a/tests/aleksey-xmlenc-01/enc-des3cbc-keyname2.xml b/tests/aleksey-xmlenc-01/enc-des3cbc-keyname2.xml
new file mode 100644
index 00000000..ba927245
--- /dev/null
+++ b/tests/aleksey-xmlenc-01/enc-des3cbc-keyname2.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" MimeType="text/plain">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>test-des</KeyName>
+ </KeyInfo>
+ <CipherData>
+<CipherValue>
+EBCx80yc0F+4nrNYevpf5dkHioi9j0QT
+</CipherValue>
+</CipherData>
+</EncryptedData>
diff --git a/tests/keys/README b/tests/keys/README
new file mode 100644
index 00000000..14515024
--- /dev/null
+++ b/tests/keys/README
@@ -0,0 +1,203 @@
+README
+
+0. Passwords
+ For all files the password is "secret".
+
+1. Files list
+
+ cakey.pem Root CA private key
+ cacert.pem Root CA for cakey.pem
+ ca2key.pem RSA private key
+ ca2cert.pem Second-level RSA cert for ca2key.pem
+ dsakey.pem DSA private key
+ dsacert.pem Third level DSA cert for dsakey.pem
+ rsakey.pem RSA private key
+ rsacert.pem Third level RSA cert for rsacert.pem
+ hmackey.bin HMAC key ('secret')
+ expired.key key for expired cert
+ expired.crt expired certificate
+ rsa2key.pem RSA private key
+ rsa2cert.pem Self signed RSA certificate with negative serial number
+
+2. How certificates were generated:
+
+ A. Create new CA
+ - Change DAYS and CADAYS in CA.pl to 3650 (10 years)
+ > export SSLEAY_CONFIG="-config ./openssl.cnf"
+ > CA.pl -newca
+ > cp ./demoCA/cacert.pem .
+ > cp ./demoCA/private/cakey.pem .
+ > openssl x509 -text -in cacert.pem
+
+ B. Generate RSA key and second level CA
+ > openssl genrsa -out ca2key.pem
+ > openssl req -config ./openssl.cnf -new -key ca2key.pem -out ca2req.pem
+ > openssl ca -config ./openssl.cnf -cert cacert.pem -keyfile cakey.pem \
+ -out ca2cert.pem -infiles ca2req.pem
+ > openssl verify -CAfile cacert.pem ca2cert.pem
+
+ C. Generate and sign DSA key with second level CA
+ > openssl dsaparam -out dsakey.pem -genkey 512
+ > openssl req -config ./openssl.cnf -new -key dsakey.pem -out dsareq.pem
+ > openssl ca -config ./openssl.cnf -cert ca2cert.pem -keyfile ca2key.pem \
+ -out dsacert.pem -infiles dsareq.pem
+ > openssl verify -CAfile cacert.pem -untrusted ca2cert.pem dsacert.pem
+
+ D. Generate and sign RSA key with second level CA
+ > openssl genrsa -out rsakey.pem
+ > openssl req -config ./openssl.cnf -new -key rsakey.pem -out rsareq.pem
+ > openssl ca -config ./openssl.cnf -cert ca2cert.pem -keyfile ca2key.pem \
+ -out rsacert.pem -infiles rsareq.pem
+ > openssl verify -CAfile cacert.pem -untrusted ca2cert.pem rsacert.pem
+
+ E. Generate and sign large RSA key with second level CA
+ > openssl genrsa -out largersakey.pem 4096
+ > openssl req -config ./openssl.cnf -new -key largersakey.pem -out largersareq.pem
+ > openssl ca -config ./openssl.cnf -cert ca2cert.pem -keyfile ca2key.pem \
+ -out largersacert.pem -infiles largersareq.pem
+ > openssl verify -CAfile cacert.pem -untrusted ca2cert.pem largersacert.pem
+
+ F. Generate and sign short-live RSA cert for "expired cert" test
+ > openssl genrsa -out expiredkey.pem
+ > openssl req -config ./openssl.cnf -new -days 1 -key expiredkey.pem \
+ -out expiredreq.pem
+ > openssl ca -config ./openssl.cnf -days 1 -cert ca2cert.pem \
+ -keyfile ca2key.pem -out expiredcert.pem -infiles expiredreq.pem
+ > openssl verify -CAfile cacert.pem -untrusted ca2cert.pem expiredcert.pem
+
+3. Converting key and certs between PEM and DER formats
+
+ - Convert PEM private key file to DER file
+ RSA key:
+ > openssl rsa -inform PEM -outform DER -in rsakey.pem -out rsakey.der
+ > openssl rsa -inform PEM -outform DER -in largersakey.pem -out largersakey.der
+ > openssl rsa -inform PEM -outform DER -in expiredkey.pem -out expiredkey.der
+ DSA key:
+ > openssl dsa -inform PEM -outform DER -in dsakey.pem -out dsakey.der
+
+ - Convert PEM cert file to DER file
+ > openssl x509 -outform DER -in cacert.pem -out cacert.der
+ > openssl x509 -outform DER -in ca2cert.pem -out ca2cert.der
+ > openssl x509 -outform DER -in dsacert.pem -out dsacert.der
+ > openssl x509 -outform DER -in rsacert.pem -out rsacert.der
+ > openssl x509 -outform DER -in largersacert.pem -out largersacert.der
+ > openssl x509 -outform DER -in expiredcert.pem -out expiredcert.der
+
+ - (optional) Convert PEM public key file to DER file
+ RSA key:
+ > openssl rsa -inform PEM -outform DER -pubin -pubout -in lugh.key -out lugh.der
+ DSA key:
+ > openssl dsa -inform PEM -outform DER -pubin -pubout -in lugh.key -out lugh.der
+
+ If you aren't sure if the public key is RSA or DSA, just run one of
+ the above commands, and the error messaging will make it clear :)
+
+ - (optional) Convert DER cert file to PEM file
+ > openssl x509 -inform DER -outform PEM -in ca2cert.der -out ca2cert.pem
+
+4. Converting an unencrypted PEM or DER file containing a private key
+ to an encrypted PEM or DER file containing the same private key but
+ encrypted
+ > openssl pkcs8 -in dsakey.pem -inform pem -out dsakey.p8-pem -outform pem -topk8
+ > openssl pkcs8 -in dsakey.der -inform der -out dsakey.p8-der -outform der -topk8
+ > openssl pkcs8 -in rsakey.pem -inform pem -out rsakey.p8-pem -outform pem -topk8
+ > openssl pkcs8 -in rsakey.der -inform der -out rsakey.p8-der -outform der -topk8
+ > openssl pkcs8 -in largersakey.pem -inform pem -out largersakey.p8-pem \
+ -outform pem -topk8
+ > openssl pkcs8 -in largersakey.der -inform der -out largersakey.p8-der \
+ -outform der -topk8
+
+5. NSS is unfriendly towards standalone private keys.
+ This procedure helps convert raw private keys into PKCS12 form that is
+ suitable for not only NSS but all crypto engines.
+
+ > cat dsakey.pem dsacert.pem ca2cert.pem cacert.pem > alldsa.pem
+ > openssl pkcs12 -export -in alldsa.pem -name TestDsaKey -out dsakey.p12
+
+ > cat rsakey.pem rsacert.pem ca2cert.pem cacert.pem > allrsa.pem
+ > openssl pkcs12 -export -in allrsa.pem -name TestRsaKey -out rsakey.p12
+
+ > cat largersakey.pem largersacert.pem ca2cert.pem cacert.pem > alllargersa.pem
+ > openssl pkcs12 -export -in alllargersa.pem -name TestLargeRsaKey -out largersakey.p12
+
+ > cat expiredkey.pem expiredcert.pem ca2cert.pem cacert.pem > allexpired.pem
+ > openssl pkcs12 -export -in allexpired.pem -name TestExpiredRsaKey \
+ -out expiredkey.p12
+
+
+ 5a.
+ Input: DSA/RSA private key in PEM or DER format
+ Output: A PKCS12 file containing the private key, and a self-signed
+ certificate with the corresponding public key
+
+ # first convert key file to PEM format, if not already in that format
+ > openssl <dsa|rsa> -inform der -outform pem -in key.der -out key.pem
+
+ # answer questions at the prompt
+ # Note: use a unique subject (=issuer) for each self-signed cert you
+ # create (since there is no way to specify serial # using the command
+ # below)
+ > openssl req -new -keyform <der|pem> -key key.<der|pem> -x509 -sha1 -days 999999 -outform pem -out cert.pem
+
+ # now using the cert and key in PEM format, conver them to a PKCS12 file
+ # enter some password on prompt
+ > openssl pkcs12 -export -in cert.pem -inkey key.pem -name <nickname> -out keycert.p12
+
+ # This pkcs12 file can be used directly on the xmlsec command line, or
+ # can be pre-loaded into the crypto engine database (if any).
+
+ # In the case of NSS, you can pre-load the key using pk12util.
+ # The key and cert will have the nickname "nickname" (used in above step)
+ > pk12util -d <nss_config_dir> -i keycert.p12
+
+ 5b.
+ Input: DSA/RSA private key in PEM or DER format
+ KeyCert containing corresponding public key
+ Other certs in the chain leading from KeyCert to the root
+ Output: A PKCS12 file containing the private key, the KeyCert and the
+ certs in the chain
+
+ # first convert key file to PEM format, if not already in that format
+ > openssl <dsa|rsa> -inform der -outform pem -in key.der -out key.pem
+
+ # convert all cert files to PEM format, if not already in that format
+ > openssl x509 -inform der -outform pem -in cert.der -out cert.pem
+
+ # concatenate all cert.pem files created above to 1 file - allcerts.pem
+ > cat keycert.pem cert1.pem cert2.pem .... > allcerts.pem
+
+ # now using the certs and key in PEM format, conver them to a PKCS12 file
+ # enter some password on prompt
+ > openssl pkcs12 -export -in allcerts.pem -inkey key.pem \
+ -name <nickname of key & keycert>
+ [-caname <nickname of cert1> -caname <nickname of cert2>.... ]
+ -out keycert.p12
+
+ # This pkcs12 file can be used directly on the xmlsec command line, or
+ # can be pre-loaded into the crypto engine database (if any).
+
+ # In the case of NSS, you can pre-load the key using pk12util.
+ # The key and certs will have the nickname "nickname"
+ # (used in above step)
+ > pk12util -d <nss_config_dir> -i keycert.p12
+
+6. On Windows, one needs to specify Crypto Service Provider (CSP) in the
+pkcs12 file to ensure it is loaded correctly to be used with SHA2 algorithms.
+Worse, the CSP is different for XP and older versions
+
+
+ Input: DSA/RSA private key in PEM or DER format
+ Output: A PKCS12 file containing the private key, and a self-signed
+ certificate with the corresponding public key. Plus the CSP
+ name to be used for this key/cert.
+
+
+ > cat rsakey.pem rsacert.pem ca2cert.pem cacert.pem > allrsa.pem
+ > openssl pkcs12 -export -in allrsa.pem -name TestRsaKey -out rsakey-winxp.p12 -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)"
+ > openssl pkcs12 -export -in allrsa.pem -name TestRsaKey -out rsakey-win.p12 -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider"
+
+
+ > cat largersakey.pem largersacert.pem ca2cert.pem cacert.pem > alllargersa.pem
+ > openssl pkcs12 -export -in alllargersa.pem -name TestLargeRsaKey -out largersakey-winxp.p12 -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)"
+ > openssl pkcs12 -export -in alllargersa.pem -name TestLargeRsaKey -out largersakey-win.p12 -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider"
+
diff --git a/tests/keys/ca2cert.der b/tests/keys/ca2cert.der
new file mode 100644
index 00000000..0f163c46
--- /dev/null
+++ b/tests/keys/ca2cert.der
Binary files differ
diff --git a/tests/keys/ca2cert.pem b/tests/keys/ca2cert.pem
new file mode 100644
index 00000000..aacdd36d
--- /dev/null
+++ b/tests/keys/ca2cert.pem
@@ -0,0 +1,66 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ d6:8e:b8:e0:91:82:2c:f8
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Root Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ Validity
+ Not Before: Jul 10 02:29:55 2005 GMT
+ Not After : Jul 8 02:29:55 2015 GMT
+ Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Second Level RSA Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (512 bit)
+ Modulus (512 bit):
+ 00:b2:ba:f2:89:d8:2b:94:3c:3d:f7:82:13:ed:e1:
+ 0f:0c:8a:57:ac:1f:15:5b:6e:9c:8a:7e:66:9b:ad:
+ 85:69:0c:65:43:98:e2:8a:a7:7d:fb:a8:95:19:67:
+ de:4a:7f:09:57:6d:1d:a3:d3:3c:8a:58:99:af:47:
+ 15:31:f8:fb:13
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ FE:E4:EC:53:24:F0:95:95:C7:10:B5:E1:44:B5:5D:39:65:5A:E3:7E
+ X509v3 Authority Key Identifier:
+ keyid:DA:46:E9:6B:E6:AF:D3:3D:AA:E5:21:4B:52:ED:CA:66:28:E0:FE:85
+ DirName:/C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Test Root Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ serial:D6:8E:B8:E0:91:82:2C:F7
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 99:8d:11:8d:b4:95:a8:e5:3f:c6:fc:a1:4a:af:09:ba:4e:ae:
+ f1:b0:c7:60:85:20:ad:f8:48:0d:95:2d:55:3d:6c:fa:8a:78:
+ 45:e3:8e:90:2e:d6:ed:90:ce:97:c3:31:84:99:ad:e0:a3:2a:
+ 73:a9:e2:62:84:1e:b9:74:c0:f5:0a:4e:95:e0:6a:8b:c4:7b:
+ fb:47:32:78:67:9b:a3:92:4e:15:63:7b:27:bc:25:96:ea:4a:
+ a7:58:89:70:ab:5c:01:1c:00:ed:bb:28:fd:0e:4e:79:f0:30:
+ 0c:de:29:b9:c8:35:dd:f3:98:29:59:2d:17:c5:cb:42:42:14:
+ b1:f6
+-----BEGIN CERTIFICATE-----
+MIIEFTCCA36gAwIBAgIJANaOuOCRgiz4MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wHhcNMDUwNzEw
+MDIyOTU1WhcNMTUwNzA4MDIyOTU1WjCByDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
+CkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRw
+Oi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKjAoBgNVBAsTIVRlc3QgU2Vjb25k
+IExldmVsIFJTQSBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEh
+MB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMFwwDQYJKoZIhvcNAQEB
+BQADSwAwSAJBALK68onYK5Q8PfeCE+3hDwyKV6wfFVtunIp+ZputhWkMZUOY4oqn
+ffuolRln3kp/CVdtHaPTPIpYma9HFTH4+xMCAwEAAaOCAVMwggFPMAwGA1UdEwQF
+MAMBAf8wLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmlj
+YXRlMB0GA1UdDgQWBBT+5OxTJPCVlccQteFEtV05ZVrjfjCB8QYDVR0jBIHpMIHm
+gBTaRulr5q/TParlIUtS7cpmKOD+haGBwqSBvzCBvDELMAkGA1UEBhMCVVMxEzAR
+BgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5
+IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRlc3Qg
+Um9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqG
+SIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggkA1o644JGCLPcwDQYJKoZIhvcN
+AQEFBQADgYEAmY0RjbSVqOU/xvyhSq8Juk6u8bDHYIUgrfhIDZUtVT1s+op4ReOO
+kC7W7ZDOl8MxhJmt4KMqc6niYoQeuXTA9QpOleBqi8R7+0cyeGebo5JOFWN7J7wl
+lupKp1iJcKtcARwA7bso/Q5OefAwDN4pucg13fOYKVktF8XLQkIUsfY=
+-----END CERTIFICATE-----
diff --git a/tests/keys/ca2key.pem b/tests/keys/ca2key.pem
new file mode 100644
index 00000000..1b842b7d
--- /dev/null
+++ b/tests/keys/ca2key.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBALK68onYK5Q8PfeCE+3hDwyKV6wfFVtunIp+ZputhWkMZUOY4oqn
+ffuolRln3kp/CVdtHaPTPIpYma9HFTH4+xMCAwEAAQJBAKXFUUlar2jIyyyygCuF
+L8EQ2yowlk18dULa4+6GbZO0t7D+sPAjog7xxSG3ppM0jvh2QO0w0CHz4E+DD5l4
+v/kCIQDYd4Iy9gUBDxsL2bLnVr+HWqrmA8fmksd+x9Nr0f2dBwIhANNfI1VenWH6
+76PXxDFEHeexPXm8iEu5u4oq9i10rzqVAiABZNObzGW/2f8MlnxGbRKSpozPKlsR
+KwTJ1jOQUCvX5QIhALNaAcg5bT+rRlX3CmFnVBy5ttkqEVh389rsU1EEtn71AiEA
+zIAQsg4C691XNHCPRdrQFG+tKoeyyuwaBr1Xn4dGpTU=
+-----END RSA PRIVATE KEY-----
diff --git a/tests/keys/cacert.der b/tests/keys/cacert.der
new file mode 100644
index 00000000..170a3f69
--- /dev/null
+++ b/tests/keys/cacert.der
Binary files differ
diff --git a/tests/keys/cacert.pem b/tests/keys/cacert.pem
new file mode 100644
index 00000000..a86c2e77
--- /dev/null
+++ b/tests/keys/cacert.pem
@@ -0,0 +1,72 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ d6:8e:b8:e0:91:82:2c:f7
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Root Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ Validity
+ Not Before: Jul 10 02:29:01 2005 GMT
+ Not After : Jul 8 02:29:01 2015 GMT
+ Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Root Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:da:c9:a1:5a:8c:9c:4e:75:55:3e:f0:48:f0:3b:
+ 7d:52:d9:7a:8d:99:8c:71:6c:77:e2:50:93:b7:c3:
+ 68:79:ec:e3:d4:90:a0:1c:29:ee:46:be:df:61:25:
+ b3:d3:6f:70:b8:6e:53:d2:70:e9:1e:d9:17:b1:2a:
+ 75:d2:ee:90:17:5d:bc:45:96:05:25:67:44:0a:d0:
+ ad:a9:76:5e:79:f4:e4:a6:ae:d1:f7:98:f3:fd:04:
+ 9b:ef:0c:c9:71:91:c3:63:f7:f1:1e:0f:ec:86:77:
+ c1:8d:ff:24:fa:3d:30:e1:f0:6f:f8:96:cc:ce:5c:
+ bf:ad:c8:a2:24:0b:86:2c:ff
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ DA:46:E9:6B:E6:AF:D3:3D:AA:E5:21:4B:52:ED:CA:66:28:E0:FE:85
+ X509v3 Authority Key Identifier:
+ keyid:DA:46:E9:6B:E6:AF:D3:3D:AA:E5:21:4B:52:ED:CA:66:28:E0:FE:85
+ DirName:/C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Test Root Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ serial:D6:8E:B8:E0:91:82:2C:F7
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 54:5d:b7:4e:4d:0c:00:ad:c3:6b:6f:16:af:cc:04:69:d8:91:
+ 8e:9f:3a:3a:5b:34:e6:f8:e1:52:5c:2d:05:d3:c6:30:4f:c8:
+ d6:6e:1b:7d:ed:ef:25:34:d5:4e:05:4e:18:ff:7f:11:79:9a:
+ 98:0b:d3:aa:16:87:c6:d7:f3:bd:01:d4:39:f1:62:ff:15:68:
+ 3c:0e:03:f9:30:93:d3:4f:d9:11:53:71:54:d3:58:d4:89:7d:
+ be:91:b7:67:82:16:40:38:99:b4:ce:24:4d:c5:f3:4f:c0:82:
+ 16:3c:a6:17:c9:71:0a:41:0c:eb:9f:1c:85:7b:2d:61:3f:b7:
+ 20:e8
+-----BEGIN CERTIFICATE-----
+MIIETTCCA7agAwIBAgIJANaOuOCRgiz3MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wHhcNMDUwNzEw
+MDIyOTAxWhcNMTUwNzA4MDIyOTAxWjCBvDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
+CkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRw
+Oi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRlc3QgUm9vdCBD
+ZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJ
+ARYSeG1sc2VjQGFsZWtzZXkuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDayaFajJxOdVU+8EjwO31S2XqNmYxxbHfiUJO3w2h57OPUkKAcKe5Gvt9hJbPT
+b3C4blPScOke2RexKnXS7pAXXbxFlgUlZ0QK0K2pdl559OSmrtH3mPP9BJvvDMlx
+kcNj9/EeD+yGd8GN/yT6PTDh8G/4lszOXL+tyKIkC4Ys/wIDAQABo4IBUzCCAU8w
+DAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
+Q2VydGlmaWNhdGUwHQYDVR0OBBYEFNpG6Wvmr9M9quUhS1LtymYo4P6FMIHxBgNV
+HSMEgekwgeaAFNpG6Wvmr9M9quUhS1LtymYo4P6FoYHCpIG/MIG8MQswCQYDVQQG
+EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3VyaXR5
+IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwGA1UE
+CxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNhbmlu
+MSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CCQDWjrjgkYIs9zAN
+BgkqhkiG9w0BAQUFAAOBgQBUXbdOTQwArcNrbxavzARp2JGOnzo6WzTm+OFSXC0F
+08YwT8jWbht97e8lNNVOBU4Y/38ReZqYC9OqFofG1/O9AdQ58WL/FWg8DgP5MJPT
+T9kRU3FU01jUiX2+kbdnghZAOJm0ziRNxfNPwIIWPKYXyXEKQQzrnxyFey1hP7cg
+6A==
+-----END CERTIFICATE-----
diff --git a/tests/keys/cakey.pem b/tests/keys/cakey.pem
new file mode 100644
index 00000000..0270e59c
--- /dev/null
+++ b/tests/keys/cakey.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,77F426A47A174623
+
+FH1NdgJgrX1OGKM0WfzwRUWmLTmfawdaUPeFNJbz1+40J5DEt1DmC6o0QkXoxIPC
+Te/+FS80gNruYgYIWu4WXftCSdvSfGI8LP1JZ7hmMCl055J2mLVKT4o6HqAQnHrb
+hTATVG6CB/GdHTFPG3J65qIyTlG50jyzfwZtliMCCAwi+AaAlo5xzUe0DgedytB2
+sFkLq5EiD6066P/LXPH/Z5SJKiMCFOl0Gjwd3M9ohZufnEJPJT5ap2fm7OSJSfa6
+jPREY+UwhPyKkYOc2c8gojj6HrsSQlXPl176b1+31c19hhhRAtDfJBIU2OrOFVk/
+V88/Dm0I+ROyLme0rYfFg8uHz2aIymzEMds5ZKEFTFbBhaWbVYKIX7+82tftnd+P
+2kT15JAK9V27F0p4SRiQ5RsDkT3rBWsZjtk9Rptkrgec9aKoTaO2fT8bPaWFR/M1
+6X7kjMqhLw1sHmsSeDKx0YCWfS+gWh7RPjGQ2EfH2pxoZkUAR5R3cZCEn3Ia1BeV
+UTFWy+DwjEeSrNkO96E0pH1r8204cJAKK8cWS4HSAPMsQPf5cZjIrrAak/9Wupkq
+fnrB0Ae6GFO2gHYQfbSL+KdEq6w5+S6XZyTauVyaJAjjIFDmegfaKWHzNvqCWJ4T
+YPsiptUrKz6DYyhiUrNJQKcyGWHWrwMNIbldqSBNCa8OIVoaZiRibgO1SIafAGAS
+9MDXXVaY6rqx1yfZYDc9VgKGXTJhBXALCeGMYF43bvAmPq3M13QJA0rlO7lAUUF2
+5INqBUeJxZrYxn6tRr9EMty/UcYnPR3YHgt0RDZycvbcqPsU5tHk9Q==
+-----END RSA PRIVATE KEY-----
diff --git a/tests/keys/demoCA/cacert.pem b/tests/keys/demoCA/cacert.pem
new file mode 100644
index 00000000..a86c2e77
--- /dev/null
+++ b/tests/keys/demoCA/cacert.pem
@@ -0,0 +1,72 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ d6:8e:b8:e0:91:82:2c:f7
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Root Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ Validity
+ Not Before: Jul 10 02:29:01 2005 GMT
+ Not After : Jul 8 02:29:01 2015 GMT
+ Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Root Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:da:c9:a1:5a:8c:9c:4e:75:55:3e:f0:48:f0:3b:
+ 7d:52:d9:7a:8d:99:8c:71:6c:77:e2:50:93:b7:c3:
+ 68:79:ec:e3:d4:90:a0:1c:29:ee:46:be:df:61:25:
+ b3:d3:6f:70:b8:6e:53:d2:70:e9:1e:d9:17:b1:2a:
+ 75:d2:ee:90:17:5d:bc:45:96:05:25:67:44:0a:d0:
+ ad:a9:76:5e:79:f4:e4:a6:ae:d1:f7:98:f3:fd:04:
+ 9b:ef:0c:c9:71:91:c3:63:f7:f1:1e:0f:ec:86:77:
+ c1:8d:ff:24:fa:3d:30:e1:f0:6f:f8:96:cc:ce:5c:
+ bf:ad:c8:a2:24:0b:86:2c:ff
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ DA:46:E9:6B:E6:AF:D3:3D:AA:E5:21:4B:52:ED:CA:66:28:E0:FE:85
+ X509v3 Authority Key Identifier:
+ keyid:DA:46:E9:6B:E6:AF:D3:3D:AA:E5:21:4B:52:ED:CA:66:28:E0:FE:85
+ DirName:/C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Test Root Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ serial:D6:8E:B8:E0:91:82:2C:F7
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 54:5d:b7:4e:4d:0c:00:ad:c3:6b:6f:16:af:cc:04:69:d8:91:
+ 8e:9f:3a:3a:5b:34:e6:f8:e1:52:5c:2d:05:d3:c6:30:4f:c8:
+ d6:6e:1b:7d:ed:ef:25:34:d5:4e:05:4e:18:ff:7f:11:79:9a:
+ 98:0b:d3:aa:16:87:c6:d7:f3:bd:01:d4:39:f1:62:ff:15:68:
+ 3c:0e:03:f9:30:93:d3:4f:d9:11:53:71:54:d3:58:d4:89:7d:
+ be:91:b7:67:82:16:40:38:99:b4:ce:24:4d:c5:f3:4f:c0:82:
+ 16:3c:a6:17:c9:71:0a:41:0c:eb:9f:1c:85:7b:2d:61:3f:b7:
+ 20:e8
+-----BEGIN CERTIFICATE-----
+MIIETTCCA7agAwIBAgIJANaOuOCRgiz3MA0GCSqGSIb3DQEBBQUAMIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wHhcNMDUwNzEw
+MDIyOTAxWhcNMTUwNzA4MDIyOTAxWjCBvDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
+CkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRw
+Oi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRlc3QgUm9vdCBD
+ZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJ
+ARYSeG1sc2VjQGFsZWtzZXkuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
+gQDayaFajJxOdVU+8EjwO31S2XqNmYxxbHfiUJO3w2h57OPUkKAcKe5Gvt9hJbPT
+b3C4blPScOke2RexKnXS7pAXXbxFlgUlZ0QK0K2pdl559OSmrtH3mPP9BJvvDMlx
+kcNj9/EeD+yGd8GN/yT6PTDh8G/4lszOXL+tyKIkC4Ys/wIDAQABo4IBUzCCAU8w
+DAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQg
+Q2VydGlmaWNhdGUwHQYDVR0OBBYEFNpG6Wvmr9M9quUhS1LtymYo4P6FMIHxBgNV
+HSMEgekwgeaAFNpG6Wvmr9M9quUhS1LtymYo4P6FoYHCpIG/MIG8MQswCQYDVQQG
+EwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3VyaXR5
+IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwGA1UE
+CxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNhbmlu
+MSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CCQDWjrjgkYIs9zAN
+BgkqhkiG9w0BAQUFAAOBgQBUXbdOTQwArcNrbxavzARp2JGOnzo6WzTm+OFSXC0F
+08YwT8jWbht97e8lNNVOBU4Y/38ReZqYC9OqFofG1/O9AdQ58WL/FWg8DgP5MJPT
+T9kRU3FU01jUiX2+kbdnghZAOJm0ziRNxfNPwIIWPKYXyXEKQQzrnxyFey1hP7cg
+6A==
+-----END CERTIFICATE-----
diff --git a/tests/keys/demoCA/careq.pem b/tests/keys/demoCA/careq.pem
new file mode 100644
index 00000000..751683c9
--- /dev/null
+++ b/tests/keys/demoCA/careq.pem
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICETCCAXoCAQAwgdAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
+MRIwEAYDVQQHEwlTdW5ueXZhbGUxPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJy
+YXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxHjAcBgNVBAsTFVRl
+c3QgUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8G
+CSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMIGfMA0GCSqGSIb3DQEBAQUA
+A4GNADCBiQKBgQDayaFajJxOdVU+8EjwO31S2XqNmYxxbHfiUJO3w2h57OPUkKAc
+Ke5Gvt9hJbPTb3C4blPScOke2RexKnXS7pAXXbxFlgUlZ0QK0K2pdl559OSmrtH3
+mPP9BJvvDMlxkcNj9/EeD+yGd8GN/yT6PTDh8G/4lszOXL+tyKIkC4Ys/wIDAQAB
+oAAwDQYJKoZIhvcNAQEFBQADgYEAwvOxekaXG1dTb9oqedDGoI6iiej8rSySBFbG
+7JezbVlB3MuvbSn28YVDXW/R+TEgeumiT4LxcGWRWzB15uldsTuwb3Tr8a/VBb4g
+tssb19qToEo0qlhJwXyPbSnoytdkBnF0s7EVksSjNF77GJXKHkfq+nUcwB9djTa1
+IXqN41A=
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/keys/demoCA/index.txt b/tests/keys/demoCA/index.txt
new file mode 100644
index 00000000..fd1f6743
--- /dev/null
+++ b/tests/keys/demoCA/index.txt
@@ -0,0 +1,6 @@
+V 150708022901Z D68EB8E091822CF7 unknown /C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Test Root Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+V 150708022955Z D68EB8E091822CF8 unknown /C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Test Second Level RSA Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+V 150708023159Z D68EB8E091822CF9 unknown /C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Test Third Level DSA Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+V 150708023302Z D68EB8E091822CFA unknown /C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Test Third Level RSA Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+V 050711035156Z D68EB8E091822CFB unknown /C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Test Expired RSA Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+V 150709025011Z D68EB8E091822CFC unknown /C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Test Large RSA Key/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
diff --git a/tests/keys/demoCA/newcerts/01.pem b/tests/keys/demoCA/newcerts/01.pem
new file mode 100644
index 00000000..1d52b059
--- /dev/null
+++ b/tests/keys/demoCA/newcerts/01.pem
@@ -0,0 +1,65 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 1 (0x1)
+ Signature Algorithm: md5WithRSAEncryption
+ Issuer: C=US, ST=California, L=Sunnyvale, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Root Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ Validity
+ Not Before: Feb 2 08:00:59 2002 GMT
+ Not After : Jan 31 08:00:59 2012 GMT
+ Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Second Level Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (512 bit)
+ Modulus (512 bit):
+ 00:c8:2e:eb:aa:1c:0a:f2:7f:21:d8:05:b6:87:a7:
+ cb:a3:15:fb:32:94:18:60:47:54:b9:df:8e:b3:e4:
+ 39:cc:f5:e6:7e:8b:60:72:f5:61:93:57:28:17:7e:
+ 26:6e:1f:0b:b7:ad:31:61:71:af:4e:ea:c5:4f:39:
+ c0:6e:15:3a:e7
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 78:D7:2D:91:61:2F:95:22:4A:BB:E1:D5:3D:C6:26:AF:AB:97:D2:04
+ X509v3 Authority Key Identifier:
+ keyid:B4:B9:EF:9A:E6:97:0E:68:65:1E:98:CE:FA:55:0D:89:06:DB:4C:7C
+ DirName:/C=US/ST=California/L=Sunnyvale/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Root Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ serial:00
+
+ Signature Algorithm: md5WithRSAEncryption
+ 71:24:77:dd:31:b7:13:3a:95:16:25:d4:2b:58:dc:c7:6d:0b:
+ 72:1c:c4:9d:2d:21:d3:00:b2:21:d7:43:91:86:5b:41:5d:26:
+ 1e:bc:9c:b0:5e:66:33:d8:5e:f4:f3:45:ae:10:3c:5d:1e:e5:
+ 32:b0:bf:04:28:f9:4c:ec:b4:53:26:8a:2a:57:23:38:b7:ad:
+ f9:51:a3:18:b2:6f:b8:4b:40:38:83:da:56:b4:70:34:49:47:
+ ea:f6:ae:a1:8a:1c:e6:57:10:c0:ec:bc:23:d7:de:0e:6d:13:
+ 4c:58:52:0b:4e:b7:d4:47:33:84:d3:14:1b:ba:d3:f0:78:c4:
+ 66:fe
+-----BEGIN CERTIFICATE-----
+MIIEFzCCA4CgAwIBAgIBATANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTE9MDsGA1UE
+ChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20v
+eG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxl
+a3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4X
+DTAyMDIwMjA4MDA1OVoXDTEyMDEzMTA4MDA1OVowgb8xCzAJBgNVBAYTAlVTMRMw
+EQYDVQQIEwpDYWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGlicmFy
+eSAoaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMpMSEwHwYDVQQLExhTZWNv
+bmQgTGV2ZWwgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAf
+BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTBcMA0GCSqGSIb3DQEBAQUA
+A0sAMEgCQQDILuuqHAryfyHYBbaHp8ujFfsylBhgR1S5346z5DnM9eZ+i2By9WGT
+VygXfiZuHwu3rTFhca9O6sVPOcBuFTrnAgMBAAGjggFXMIIBUzAJBgNVHRMEAjAA
+MCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAd
+BgNVHQ4EFgQUeNctkWEvlSJKu+HVPcYmr6uX0gQwgfgGA1UdIwSB8DCB7YAUtLnv
+muaXDmhlHpjO+lUNiQbbTHyhgdGkgc4wgcsxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
+EwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxPTA7BgNVBAoTNFhNTCBT
+ZWN1cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykx
+GTAXBgNVBAsTEFJvb3QgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtzZXkgU2Fu
+aW4xITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbYIBADANBgkqhkiG
+9w0BAQQFAAOBgQBxJHfdMbcTOpUWJdQrWNzHbQtyHMSdLSHTALIh10ORhltBXSYe
+vJywXmYz2F7080WuEDxdHuUysL8EKPlM7LRTJooqVyM4t635UaMYsm+4S0A4g9pW
+tHA0SUfq9q6hihzmVxDA7Lwj194ObRNMWFILTrfURzOE0xQbutPweMRm/g==
+-----END CERTIFICATE-----
diff --git a/tests/keys/demoCA/newcerts/02.pem b/tests/keys/demoCA/newcerts/02.pem
new file mode 100644
index 00000000..46c32c64
--- /dev/null
+++ b/tests/keys/demoCA/newcerts/02.pem
@@ -0,0 +1,93 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 2 (0x2)
+ Signature Algorithm: md5WithRSAEncryption
+ Issuer: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Second Level Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ Validity
+ Not Before: Feb 2 08:01:27 2002 GMT
+ Not After : Jan 31 08:01:27 2012 GMT
+ Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Third Level DSA Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ Subject Public Key Info:
+ Public Key Algorithm: dsaEncryption
+ DSA Public Key:
+ pub:
+ 3a:7f:8a:04:91:37:ab:54:d1:84:6f:51:b2:93:57:
+ d3:55:48:e4:2d:15:cd:2c:b8:37:f4:32:0b:86:33:
+ 10:43:68:ab:71:89:90:a1:c8:62:af:a0:ae:af:59:
+ a9:5f:71:83:61:9e:a3:fd:e6:aa:17:5c:10:d3:ad:
+ 61:19:96:11:f3:99:26:3d:7c:a2:e9:03:e9:33:5c:
+ 79:84:59:e0:78:c7:8c:ad:d6:63:7c:0a:d8:e5:7a:
+ 40:e9:72:fa:4d:df:c6:01:10:a4:ff:fb:22:50:a4:
+ 6b:96:08:08:bb:87:5e:b6:ea:8e:7e:5b:d1:77:0a:
+ f4:bd:86:0e:d5:8e:ca:3b
+ P:
+ 00:8a:65:ba:29:80:4f:61:70:1f:ea:2b:52:02:e6:
+ 2c:d5:a2:cf:7e:cf:3f:bc:11:22:ba:cb:ff:a6:5d:
+ 57:32:2b:8c:bc:1e:ef:ca:22:60:4a:3f:3f:35:39:
+ 11:72:2f:d4:5f:fa:d5:5e:ff:2b:6c:24:63:bd:81:
+ 57:df:1e:7f:e7:77:f8:85:ce:87:2b:3e:c9:40:8e:
+ 2a:a8:1e:c5:97:93:7c:eb:3a:7e:06:c4:31:35:0e:
+ 2d:ce:8b:ac:f5:2d:87:4d:dd:bf:cd:d4:f0:56:cb:
+ ce:f8:7f:65:dc:56:a1:99:5a:7f:9b:62:07:13:85:
+ b6:ec:96:28:17:8f:6a:3f:5d
+ Q:
+ 00:bf:fc:73:5a:a8:d1:be:27:a4:93:6a:cc:5b:7c:
+ 29:62:ca:53:f5:4b
+ G:
+ 50:8c:b3:50:39:4b:7b:ab:82:0a:01:78:46:1f:7c:
+ 7e:22:99:be:0e:b8:50:9e:05:33:92:fe:59:b0:92:
+ 32:65:6c:14:dd:3a:7d:3c:31:cb:79:da:3c:f3:82:
+ cf:3a:2e:7e:c1:ef:fc:1b:de:da:0b:eb:0e:f7:74:
+ ef:ca:17:58:92:5f:f4:0e:38:a4:86:67:26:47:63:
+ 12:19:b6:46:c0:c5:a5:73:6a:d2:d3:ca:64:57:23:
+ 56:c7:66:aa:0e:0c:5f:a6:0d:bb:0a:6f:66:e4:f0:
+ 4a:80:c6:e6:ed:50:30:dd:26:98:7f:60:99:b2:13:
+ de:3f:71:e0:c3:be:ec:46
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 47:B5:4E:1A:17:A3:EC:03:C3:38:6C:09:F5:B4:72:E4:4E:B8:84:96
+ X509v3 Authority Key Identifier:
+ keyid:78:D7:2D:91:61:2F:95:22:4A:BB:E1:D5:3D:C6:26:AF:AB:97:D2:04
+ DirName:/C=US/ST=California/L=Sunnyvale/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Root Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ serial:01
+
+ Signature Algorithm: md5WithRSAEncryption
+ 7a:ba:53:30:b9:42:d6:d2:51:68:71:ec:ae:5c:48:d3:10:29:
+ a0:cb:82:40:af:fc:09:34:ad:58:4e:11:63:6b:3d:0e:ac:23:
+ 53:96:ca:4d:81:52:2d:7b:07:17:cd:db:11:8f:de:ee:b0:02:
+ bc:45:6a:b2:a3:ba:94:ef:af:44
+-----BEGIN CERTIFICATE-----
+MIIFKTCCBNOgAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBvzELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJy
+YXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxITAfBgNVBAsTGFNl
+Y29uZCBMZXZlbCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEh
+MB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4XDTAyMDIwMjA4MDEy
+N1oXDTEyMDEzMTA4MDEyN1owgcIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxp
+Zm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGlicmFyeSAoaHR0cDovL3d3
+dy5hbGVrc2V5LmNvbS94bWxzZWMpMSQwIgYDVQQLExtUaGlyZCBMZXZlbCBEU0Eg
+Q2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAfBgkqhkiG9w0B
+CQEWEnhtbHNlY0BhbGVrc2V5LmNvbTCCAbYwggErBgcqhkjOOAQBMIIBHgKBgQCK
+ZbopgE9hcB/qK1IC5izVos9+zz+8ESK6y/+mXVcyK4y8Hu/KImBKPz81ORFyL9Rf
++tVe/ytsJGO9gVffHn/nd/iFzocrPslAjiqoHsWXk3zrOn4GxDE1Di3Oi6z1LYdN
+3b/N1PBWy874f2XcVqGZWn+bYgcThbbsligXj2o/XQIVAL/8c1qo0b4npJNqzFt8
+KWLKU/VLAoGAUIyzUDlLe6uCCgF4Rh98fiKZvg64UJ4FM5L+WbCSMmVsFN06fTwx
+y3naPPOCzzoufsHv/Bve2gvrDvd078oXWJJf9A44pIZnJkdjEhm2RsDFpXNq0tPK
+ZFcjVsdmqg4MX6YNuwpvZuTwSoDG5u1QMN0mmH9gmbIT3j9x4MO+7EYDgYQAAoGA
+On+KBJE3q1TRhG9RspNX01VI5C0VzSy4N/QyC4YzEENoq3GJkKHIYq+grq9ZqV9x
+g2Geo/3mqhdcENOtYRmWEfOZJj18oukD6TNceYRZ4HjHjK3WY3wK2OV6QOly+k3f
+xgEQpP/7IlCka5YICLuHXrbqjn5b0XcK9L2GDtWOyjujggFXMIIBUzAJBgNVHRME
+AjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0
+ZTAdBgNVHQ4EFgQUR7VOGhej7APDOGwJ9bRy5E64hJYwgfgGA1UdIwSB8DCB7YAU
+eNctkWEvlSJKu+HVPcYmr6uX0gShgdGkgc4wgcsxCzAJBgNVBAYTAlVTMRMwEQYD
+VQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxPTA7BgNVBAoTNFhN
+TCBTZWN1cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNl
+YykxGTAXBgNVBAsTEFJvb3QgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtzZXkg
+U2FuaW4xITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbYIBATANBgkq
+hkiG9w0BAQQFAANBAHq6UzC5QtbSUWhx7K5cSNMQKaDLgkCv/Ak0rVhOEWNrPQ6s
+I1OWyk2BUi17BxfN2xGP3u6wArxFarKjupTvr0Q=
+-----END CERTIFICATE-----
diff --git a/tests/keys/demoCA/newcerts/03.pem b/tests/keys/demoCA/newcerts/03.pem
new file mode 100644
index 00000000..899304b8
--- /dev/null
+++ b/tests/keys/demoCA/newcerts/03.pem
@@ -0,0 +1,60 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 3 (0x3)
+ Signature Algorithm: md5WithRSAEncryption
+ Issuer: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Second Level Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ Validity
+ Not Before: Feb 2 08:01:48 2002 GMT
+ Not After : Jan 31 08:01:48 2012 GMT
+ Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Third Level RSA Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (512 bit)
+ Modulus (512 bit):
+ 00:d0:a7:a5:8b:76:b1:e1:34:c6:1c:a9:22:5d:db:
+ b4:bd:c1:6e:b1:1d:1c:04:50:92:92:09:84:39:e9:
+ ab:a0:d2:7f:b8:b1:ae:3d:da:5f:25:5a:3d:6b:62:
+ fa:e6:b1:db:55:df:b5:02:b4:95:aa:39:2c:28:6e:
+ 3f:67:a7:2b:17
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ A4:18:1D:13:D5:8C:32:84:0C:9D:D1:B8:88:34:FD:5C:37:D9:FA:48
+ X509v3 Authority Key Identifier:
+ keyid:78:D7:2D:91:61:2F:95:22:4A:BB:E1:D5:3D:C6:26:AF:AB:97:D2:04
+ DirName:/C=US/ST=California/L=Sunnyvale/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Root Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ serial:01
+
+ Signature Algorithm: md5WithRSAEncryption
+ 2f:3f:38:6c:2b:1a:18:40:4e:54:4b:0a:63:8b:1c:79:7c:a3:
+ e2:76:50:03:e7:a6:79:9c:f3:eb:5c:ec:61:a3:bb:2d:4b:f8:
+ 74:33:c7:77:f6:e3:60:e0:b9:d1:07:d6:2e:f5:13:46:ae:2e:
+ 0d:7e:8a:47:33:1c:f6:dd:8f:4f
+-----BEGIN CERTIFICATE-----
+MIIDzTCCA3egAwIBAgIBAzANBgkqhkiG9w0BAQQFADCBvzELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJy
+YXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxITAfBgNVBAsTGFNl
+Y29uZCBMZXZlbCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEh
+MB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4XDTAyMDIwMjA4MDE0
+OFoXDTEyMDEzMTA4MDE0OFowgcIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxp
+Zm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGlicmFyeSAoaHR0cDovL3d3
+dy5hbGVrc2V5LmNvbS94bWxzZWMpMSQwIgYDVQQLExtUaGlyZCBMZXZlbCBSU0Eg
+Q2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAfBgkqhkiG9w0B
+CQEWEnhtbHNlY0BhbGVrc2V5LmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDQ
+p6WLdrHhNMYcqSJd27S9wW6xHRwEUJKSCYQ56aug0n+4sa492l8lWj1rYvrmsdtV
+37UCtJWqOSwobj9npysXAgMBAAGjggFXMIIBUzAJBgNVHRMEAjAAMCwGCWCGSAGG
++EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU
+pBgdE9WMMoQMndG4iDT9XDfZ+kgwgfgGA1UdIwSB8DCB7YAUeNctkWEvlSJKu+HV
+PcYmr6uX0gShgdGkgc4wgcsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9y
+bmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBM
+aWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxGTAXBgNVBAsT
+EFJvb3QgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAfBgkq
+hkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbYIBATANBgkqhkiG9w0BAQQFAANB
+AC8/OGwrGhhATlRLCmOLHHl8o+J2UAPnpnmc8+tc7GGjuy1L+HQzx3f242DgudEH
+1i71E0auLg1+ikczHPbdj08=
+-----END CERTIFICATE-----
diff --git a/tests/keys/demoCA/newcerts/04.pem b/tests/keys/demoCA/newcerts/04.pem
new file mode 100644
index 00000000..8987ac2c
--- /dev/null
+++ b/tests/keys/demoCA/newcerts/04.pem
@@ -0,0 +1,60 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 4 (0x4)
+ Signature Algorithm: md5WithRSAEncryption
+ Issuer: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Second Level Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ Validity
+ Not Before: Feb 2 08:03:01 2002 GMT
+ Not After : May 3 08:03:01 2002 GMT
+ Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Expired Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (512 bit)
+ Modulus (512 bit):
+ 00:c0:20:e3:2b:9b:34:1e:1c:78:cc:a6:ab:20:a5:
+ 6c:4b:8f:05:60:3d:1e:b9:00:bb:8a:27:d8:46:d5:
+ 9e:b7:c1:ab:b2:f8:e6:52:64:19:54:36:44:4b:3d:
+ 68:08:7e:7d:2f:6f:88:4c:41:50:2f:90:8c:35:7f:
+ 25:d8:e7:47:a1
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ AF:B7:A6:58:73:1D:AA:14:33:37:7D:38:CE:D7:AA:00:68:26:39:61
+ X509v3 Authority Key Identifier:
+ keyid:78:D7:2D:91:61:2F:95:22:4A:BB:E1:D5:3D:C6:26:AF:AB:97:D2:04
+ DirName:/C=US/ST=California/L=Sunnyvale/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Root Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ serial:01
+
+ Signature Algorithm: md5WithRSAEncryption
+ 17:42:07:f0:8d:90:14:c3:28:19:ec:07:4c:e0:33:54:69:c0:
+ 6c:07:84:c3:2f:cb:0a:1f:44:b6:15:8a:13:8c:3b:f4:3d:d3:
+ dc:aa:d2:14:b5:9c:04:75:57:a9:7e:46:a3:70:00:3d:ee:46:
+ 1f:11:79:da:34:08:00:68:bf:31
+-----BEGIN CERTIFICATE-----
+MIIDxTCCA2+gAwIBAgIBBDANBgkqhkiG9w0BAQQFADCBvzELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJy
+YXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxITAfBgNVBAsTGFNl
+Y29uZCBMZXZlbCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEh
+MB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4XDTAyMDIwMjA4MDMw
+MVoXDTAyMDUwMzA4MDMwMVowgboxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxp
+Zm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGlicmFyeSAoaHR0cDovL3d3
+dy5hbGVrc2V5LmNvbS94bWxzZWMpMRwwGgYDVQQLExNFeHBpcmVkIENlcnRpZmlj
+YXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxz
+ZWNAYWxla3NleS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAwCDjK5s0Hhx4
+zKarIKVsS48FYD0euQC7iifYRtWet8GrsvjmUmQZVDZESz1oCH59L2+ITEFQL5CM
+NX8l2OdHoQIDAQABo4IBVzCCAVMwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYd
+T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFK+3plhzHaoU
+Mzd9OM7XqgBoJjlhMIH4BgNVHSMEgfAwge2AFHjXLZFhL5UiSrvh1T3GJq+rl9IE
+oYHRpIHOMIHLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTESMBAG
+A1UEBxMJU3Vubnl2YWxlMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGlicmFyeSAo
+aHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMpMRkwFwYDVQQLExBSb290IENl
+cnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkB
+FhJ4bWxzZWNAYWxla3NleS5jb22CAQEwDQYJKoZIhvcNAQEEBQADQQAXQgfwjZAU
+wygZ7AdM4DNUacBsB4TDL8sKH0S2FYoTjDv0PdPcqtIUtZwEdVepfkajcAA97kYf
+EXnaNAgAaL8x
+-----END CERTIFICATE-----
diff --git a/tests/keys/demoCA/newcerts/05.pem b/tests/keys/demoCA/newcerts/05.pem
new file mode 100644
index 00000000..02489a43
--- /dev/null
+++ b/tests/keys/demoCA/newcerts/05.pem
@@ -0,0 +1,83 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 5 (0x5)
+ Signature Algorithm: md5WithRSAEncryption
+ Issuer: C=US, ST=California, L=Sunnyvale, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Root Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ Validity
+ Not Before: Mar 31 04:02:22 2003 GMT
+ Not After : Mar 28 04:02:22 2013 GMT
+ Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Examples RSA Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:97:b8:fe:b4:3f:83:35:78:16:89:04:ec:2b:61:
+ 8c:bf:c4:5f:00:81:4a:45:e6:d9:cd:e9:e2:3c:97:
+ 3b:45:ad:aa:e6:8d:0b:77:71:07:01:4f:7c:f9:7d:
+ e2:19:aa:dd:91:59:f4:f1:cf:3d:ba:78:46:96:11:
+ 9c:b6:5b:46:39:73:55:23:aa:f7:9e:00:5c:e5:e9:
+ 49:ec:3b:9c:3f:84:99:3a:90:ad:df:7e:64:86:c6:
+ 26:72:ce:31:08:79:7e:13:15:b8:e5:bf:d6:56:02:
+ 8d:60:21:4c:27:18:64:fb:fb:55:70:f6:33:bd:2f:
+ 55:70:d5:5e:7e:99:ae:a4:e0:aa:45:47:13:a8:30:
+ d5:a0:8a:9d:cc:20:ec:e4:8e:51:c9:54:c5:7f:3e:
+ 66:2d:74:bf:a3:7a:f8:f3:ec:94:57:39:b4:ac:00:
+ 75:62:61:54:b4:d0:e0:52:86:f8:5e:77:ec:50:43:
+ 9c:d2:ba:a7:8c:62:5a:bc:b2:fe:f3:cc:62:7e:23:
+ 60:6b:c7:51:49:37:78:7e:25:15:30:ab:fa:b4:ae:
+ 25:8f:22:fc:a3:48:7f:f2:0a:8a:6e:e0:fe:8d:f0:
+ 01:ed:c6:33:cc:6b:a1:fd:a6:80:ef:06:8c:af:f6:
+ 40:3a:8e:42:14:20:61:12:1f:e3:fc:05:b1:05:d5:
+ 65:c3
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 24:84:2C:F2:D4:59:20:62:8B:2E:5C:86:90:A3:AA:30:BA:27:1A:9C
+ X509v3 Authority Key Identifier:
+ keyid:B4:B9:EF:9A:E6:97:0E:68:65:1E:98:CE:FA:55:0D:89:06:DB:4C:7C
+ DirName:/C=US/ST=California/L=Sunnyvale/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Root Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ serial:00
+
+ Signature Algorithm: md5WithRSAEncryption
+ b5:3f:9b:32:31:4a:ff:2f:84:3b:a8:9b:11:5c:a6:5c:f0:76:
+ 52:d9:6e:f4:90:ad:fa:0d:90:c1:98:d5:4a:12:dd:82:6b:37:
+ e8:d9:2d:62:92:c9:61:37:98:86:8f:a4:49:6a:5e:25:d0:18:
+ 69:30:0f:98:8f:43:58:89:31:b2:3b:05:e2:ef:c7:a6:71:5f:
+ f7:fe:73:c5:a7:b2:cd:2e:73:53:71:7d:a8:4c:68:1a:32:1b:
+ 5e:48:2f:8f:9b:7a:a3:b5:f3:67:e8:b1:a2:89:4e:b2:4d:1b:
+ 79:9c:ff:f0:0d:19:4f:4e:b1:03:3d:99:f0:44:b7:8a:0b:34:
+ 9d:83
+-----BEGIN CERTIFICATE-----
+MIIE3zCCBEigAwIBAgIBBTANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTE9MDsGA1UE
+ChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20v
+eG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxl
+a3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMB4X
+DTAzMDMzMTA0MDIyMloXDTEzMDMyODA0MDIyMlowgb8xCzAJBgNVBAYTAlVTMRMw
+EQYDVQQIEwpDYWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkgTGlicmFy
+eSAoaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMpMSEwHwYDVQQLExhFeGFt
+cGxlcyBSU0EgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4xITAf
+BgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTCCASIwDQYJKoZIhvcNAQEB
+BQADggEPADCCAQoCggEBAJe4/rQ/gzV4FokE7CthjL/EXwCBSkXm2c3p4jyXO0Wt
+quaNC3dxBwFPfPl94hmq3ZFZ9PHPPbp4RpYRnLZbRjlzVSOq954AXOXpSew7nD+E
+mTqQrd9+ZIbGJnLOMQh5fhMVuOW/1lYCjWAhTCcYZPv7VXD2M70vVXDVXn6ZrqTg
+qkVHE6gw1aCKncwg7OSOUclUxX8+Zi10v6N6+PPslFc5tKwAdWJhVLTQ4FKG+F53
+7FBDnNK6p4xiWryy/vPMYn4jYGvHUUk3eH4lFTCr+rSuJY8i/KNIf/IKim7g/o3w
+Ae3GM8xrof2mgO8GjK/2QDqOQhQgYRIf4/wFsQXVZcMCAwEAAaOCAVcwggFTMAkG
+A1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRp
+ZmljYXRlMB0GA1UdDgQWBBQkhCzy1FkgYosuXIaQo6owuicanDCB+AYDVR0jBIHw
+MIHtgBS0ue+a5pcOaGUemM76VQ2JBttMfKGB0aSBzjCByzELMAkGA1UEBhMCVVMx
+EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTE9MDsGA1UE
+ChM0WE1MIFNlY3VyaXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20v
+eG1sc2VjKTEZMBcGA1UECxMQUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMNQWxl
+a3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tggEA
+MA0GCSqGSIb3DQEBBAUAA4GBALU/mzIxSv8vhDuomxFcplzwdlLZbvSQrfoNkMGY
+1UoS3YJrN+jZLWKSyWE3mIaPpElqXiXQGGkwD5iPQ1iJMbI7BeLvx6ZxX/f+c8Wn
+ss0uc1NxfahMaBoyG15IL4+beqO182fosaKJTrJNG3mc//ANGU9OsQM9mfBEt4oL
+NJ2D
+-----END CERTIFICATE-----
diff --git a/tests/keys/demoCA/private/cakey.pem b/tests/keys/demoCA/private/cakey.pem
new file mode 100644
index 00000000..0270e59c
--- /dev/null
+++ b/tests/keys/demoCA/private/cakey.pem
@@ -0,0 +1,18 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,77F426A47A174623
+
+FH1NdgJgrX1OGKM0WfzwRUWmLTmfawdaUPeFNJbz1+40J5DEt1DmC6o0QkXoxIPC
+Te/+FS80gNruYgYIWu4WXftCSdvSfGI8LP1JZ7hmMCl055J2mLVKT4o6HqAQnHrb
+hTATVG6CB/GdHTFPG3J65qIyTlG50jyzfwZtliMCCAwi+AaAlo5xzUe0DgedytB2
+sFkLq5EiD6066P/LXPH/Z5SJKiMCFOl0Gjwd3M9ohZufnEJPJT5ap2fm7OSJSfa6
+jPREY+UwhPyKkYOc2c8gojj6HrsSQlXPl176b1+31c19hhhRAtDfJBIU2OrOFVk/
+V88/Dm0I+ROyLme0rYfFg8uHz2aIymzEMds5ZKEFTFbBhaWbVYKIX7+82tftnd+P
+2kT15JAK9V27F0p4SRiQ5RsDkT3rBWsZjtk9Rptkrgec9aKoTaO2fT8bPaWFR/M1
+6X7kjMqhLw1sHmsSeDKx0YCWfS+gWh7RPjGQ2EfH2pxoZkUAR5R3cZCEn3Ia1BeV
+UTFWy+DwjEeSrNkO96E0pH1r8204cJAKK8cWS4HSAPMsQPf5cZjIrrAak/9Wupkq
+fnrB0Ae6GFO2gHYQfbSL+KdEq6w5+S6XZyTauVyaJAjjIFDmegfaKWHzNvqCWJ4T
+YPsiptUrKz6DYyhiUrNJQKcyGWHWrwMNIbldqSBNCa8OIVoaZiRibgO1SIafAGAS
+9MDXXVaY6rqx1yfZYDc9VgKGXTJhBXALCeGMYF43bvAmPq3M13QJA0rlO7lAUUF2
+5INqBUeJxZrYxn6tRr9EMty/UcYnPR3YHgt0RDZycvbcqPsU5tHk9Q==
+-----END RSA PRIVATE KEY-----
diff --git a/tests/keys/demoCA/serial b/tests/keys/demoCA/serial
new file mode 100644
index 00000000..fcb2a009
--- /dev/null
+++ b/tests/keys/demoCA/serial
@@ -0,0 +1 @@
+D68EB8E091822CFD
diff --git a/tests/keys/dsacert.der b/tests/keys/dsacert.der
new file mode 100644
index 00000000..fb063bec
--- /dev/null
+++ b/tests/keys/dsacert.der
Binary files differ
diff --git a/tests/keys/dsacert.pem b/tests/keys/dsacert.pem
new file mode 100644
index 00000000..0119b658
--- /dev/null
+++ b/tests/keys/dsacert.pem
@@ -0,0 +1,78 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ d6:8e:b8:e0:91:82:2c:f9
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Second Level RSA Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ Validity
+ Not Before: Jul 10 02:31:59 2005 GMT
+ Not After : Jul 8 02:31:59 2015 GMT
+ Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Third Level DSA Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ Subject Public Key Info:
+ Public Key Algorithm: dsaEncryption
+ DSA Public Key:
+ pub:
+ 3a:27:48:30:c9:93:75:5a:21:f7:55:1c:f9:ce:8a:
+ d4:6a:57:95:cf:15:f3:03:92:c3:5b:d1:67:a5:9d:
+ 97:65:fe:aa:24:97:d7:9a:53:ef:2e:88:7e:cb:b6:
+ c5:34:41:85:fd:94:4f:24:4e:99:5c:51:d0:f4:6f:
+ 18:c3:60:9d
+ P:
+ 00:c8:31:fc:3a:3f:bf:45:73:0d:21:af:16:0a:ab:
+ 77:8f:87:bc:26:7a:f7:3d:e5:48:df:17:62:47:40:
+ 90:57:25:bf:57:14:16:b9:2d:1c:bb:d6:5c:e1:fc:
+ e6:0c:1f:8a:21:e2:08:a2:15:54:55:04:25:bd:1e:
+ 96:6a:39:33:49
+ Q:
+ 00:94:43:ab:9a:a8:c9:1b:7b:5f:8d:4e:3d:5e:32:
+ 6e:33:70:17:36:c9
+ G:
+ 05:33:c3:39:9b:a7:9d:db:67:e6:f3:0d:c3:94:e9:
+ 41:a1:dc:88:3f:4c:57:4b:19:76:1e:be:cd:ed:89:
+ 96:85:2d:af:ff:11:81:7e:97:94:dd:b2:bd:cd:42:
+ 91:91:45:fe:1a:ad:7b:d7:3d:9c:88:26:16:18:1c:
+ 95:64:ec:e3
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ A5:58:9F:29:70:2D:1A:42:47:44:03:DA:AE:67:A7:BA:F7:29:65:3E
+ X509v3 Authority Key Identifier:
+ keyid:FE:E4:EC:53:24:F0:95:95:C7:10:B5:E1:44:B5:5D:39:65:5A:E3:7E
+ DirName:/C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Test Root Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ serial:D6:8E:B8:E0:91:82:2C:F8
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 24:1f:4a:73:8f:d9:d2:14:f0:88:36:11:e5:f5:d5:3f:2c:c0:
+ 8c:3f:81:78:28:51:17:5e:33:b5:69:75:3a:5e:91:11:61:51:
+ 6c:81:9f:13:3d:d7:0e:00:87:0a:2a:1c:33:c1:31:5e:2e:f3:
+ 9f:6e:91:d3:bd:9c:74:1c:fb:fb
+-----BEGIN CERTIFICATE-----
+MIIEdDCCBB6gAwIBAgIJANaOuOCRgiz5MA0GCSqGSIb3DQEBBQUAMIHIMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEqMCgG
+A1UECxMhVGVzdCBTZWNvbmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQD
+Ew1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5j
+b20wHhcNMDUwNzEwMDIzMTU5WhcNMTUwNzA4MDIzMTU5WjCBxzELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBM
+aWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKTAnBgNVBAsT
+IFRlc3QgVGhpcmQgTGV2ZWwgRFNBIENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVr
+c2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wgfAw
+gagGByqGSM44BAEwgZwCQQDIMfw6P79Fcw0hrxYKq3ePh7wmevc95UjfF2JHQJBX
+Jb9XFBa5LRy71lzh/OYMH4oh4giiFVRVBCW9HpZqOTNJAhUAlEOrmqjJG3tfjU49
+XjJuM3AXNskCQAUzwzmbp53bZ+bzDcOU6UGh3Ig/TFdLGXYevs3tiZaFLa//EYF+
+l5Tdsr3NQpGRRf4arXvXPZyIJhYYHJVk7OMDQwACQDonSDDJk3VaIfdVHPnOitRq
+V5XPFfMDksNb0WelnZdl/qokl9eaU+8uiH7LtsU0QYX9lE8kTplcUdD0bxjDYJ2j
+ggFTMIIBTzAMBgNVHRMEBTADAQH/MCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdl
+bmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUpVifKXAtGkJHRAParmenuvcp
+ZT4wgfEGA1UdIwSB6TCB5oAU/uTsUyTwlZXHELXhRLVdOWVa436hgcKkgb8wgbwx
+CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwg
+U2VjdXJpdHkgTGlicmFyeSAoaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMp
+MR4wHAYDVQQLExVUZXN0IFJvb3QgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtz
+ZXkgU2FuaW4xITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbYIJANaO
+uOCRgiz4MA0GCSqGSIb3DQEBBQUAA0EAJB9Kc4/Z0hTwiDYR5fXVPyzAjD+BeChR
+F14ztWl1Ol6REWFRbIGfEz3XDgCHCiocM8ExXi7zn26R072cdBz7+w==
+-----END CERTIFICATE-----
diff --git a/tests/keys/dsakey.der b/tests/keys/dsakey.der
new file mode 100644
index 00000000..a056304c
--- /dev/null
+++ b/tests/keys/dsakey.der
Binary files differ
diff --git a/tests/keys/dsakey.p12 b/tests/keys/dsakey.p12
new file mode 100644
index 00000000..2ca3659d
--- /dev/null
+++ b/tests/keys/dsakey.p12
Binary files differ
diff --git a/tests/keys/dsakey.p8-der b/tests/keys/dsakey.p8-der
new file mode 100644
index 00000000..2a00d2a2
--- /dev/null
+++ b/tests/keys/dsakey.p8-der
Binary files differ
diff --git a/tests/keys/dsakey.p8-pem b/tests/keys/dsakey.p8-pem
new file mode 100644
index 00000000..cd0e5ec2
--- /dev/null
+++ b/tests/keys/dsakey.p8-pem
@@ -0,0 +1,8 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIHwMBsGCSqGSIb3DQEFAzAOBAgRtaP0qtejsQICCAAEgdBZeMkYVwHBSOuUj5p8
+hNEswZwOAT+yY063ziixN/rCwXJMvnmWRvHGXBoSJ2FNtXjhZrl8W3Vk7SZBCGyw
+Brez9jVTm9iZr9UcTP/e3RZo4yzLBy9iE+qJg86mGkJw+HSHaGReHtq2NV+CcnC9
+jWiBGb9WHTy/NJNpK/ne7UOamVVPYLDAoRIdZvSo8bV3NDp0Oui7flRxV+OJBsti
+NQZYJskY0O74jOjvvaBdih/NIWDHKED1EtnxuKrMSOQtq57zSwdVQ6nS1hedJzms
+AzZ1
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/keys/dsakey.pem b/tests/keys/dsakey.pem
new file mode 100644
index 00000000..8fdd52a9
--- /dev/null
+++ b/tests/keys/dsakey.pem
@@ -0,0 +1,14 @@
+-----BEGIN DSA PARAMETERS-----
+MIGcAkEAyDH8Oj+/RXMNIa8WCqt3j4e8Jnr3PeVI3xdiR0CQVyW/VxQWuS0cu9Zc
+4fzmDB+KIeIIohVUVQQlvR6WajkzSQIVAJRDq5qoyRt7X41OPV4ybjNwFzbJAkAF
+M8M5m6ed22fm8w3DlOlBodyIP0xXSxl2Hr7N7YmWhS2v/xGBfpeU3bK9zUKRkUX+
+Gq171z2ciCYWGByVZOzj
+-----END DSA PARAMETERS-----
+-----BEGIN DSA PRIVATE KEY-----
+MIH3AgEAAkEAyDH8Oj+/RXMNIa8WCqt3j4e8Jnr3PeVI3xdiR0CQVyW/VxQWuS0c
+u9Zc4fzmDB+KIeIIohVUVQQlvR6WajkzSQIVAJRDq5qoyRt7X41OPV4ybjNwFzbJ
+AkAFM8M5m6ed22fm8w3DlOlBodyIP0xXSxl2Hr7N7YmWhS2v/xGBfpeU3bK9zUKR
+kUX+Gq171z2ciCYWGByVZOzjAkA6J0gwyZN1WiH3VRz5zorUaleVzxXzA5LDW9Fn
+pZ2XZf6qJJfXmlPvLoh+y7bFNEGF/ZRPJE6ZXFHQ9G8Yw2CdAhQDAKSQn+F+aV8C
+BUJ9PVUDOVc8rw==
+-----END DSA PRIVATE KEY-----
diff --git a/tests/keys/expiredcert.der b/tests/keys/expiredcert.der
new file mode 100644
index 00000000..aefc5ea0
--- /dev/null
+++ b/tests/keys/expiredcert.der
Binary files differ
diff --git a/tests/keys/expiredcert.pem b/tests/keys/expiredcert.pem
new file mode 100644
index 00000000..f5581ca2
--- /dev/null
+++ b/tests/keys/expiredcert.pem
@@ -0,0 +1,61 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ d6:8e:b8:e0:91:82:2c:fb
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Second Level RSA Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ Validity
+ Not Before: Jul 10 03:51:56 2005 GMT
+ Not After : Jul 11 03:51:56 2005 GMT
+ Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Expired RSA Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (512 bit)
+ Modulus (512 bit):
+ 00:c9:52:65:60:40:40:66:30:bf:34:3e:f4:7c:cc:
+ 8c:06:93:20:e2:13:96:e8:11:64:78:a4:69:9a:19:
+ 43:87:6d:19:c5:42:4b:76:9a:df:b8:fd:07:98:b6:
+ 6e:c6:45:54:54:7b:a6:09:8a:05:28:bd:4d:6e:dc:
+ 34:03:88:e8:f3
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ F9:FA:89:12:34:4A:3B:59:06:DF:2E:17:F2:C0:8F:B2:26:07:78:C9
+ X509v3 Authority Key Identifier:
+ keyid:FE:E4:EC:53:24:F0:95:95:C7:10:B5:E1:44:B5:5D:39:65:5A:E3:7E
+ DirName:/C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Test Root Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ serial:D6:8E:B8:E0:91:82:2C:F8
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 98:b4:e9:2f:8a:2a:8b:e5:63:ac:b2:12:61:8c:58:e4:57:c0:
+ a8:00:98:00:ea:48:6c:87:56:33:64:2d:8e:8c:c1:75:0c:45:
+ 55:22:b6:44:79:f6:cf:55:b6:81:6c:bb:37:c5:50:99:fa:e0:
+ 80:de:f7:2c:82:8e:5e:ea:15:e4
+-----BEGIN CERTIFICATE-----
+MIID2zCCA4WgAwIBAgIJANaOuOCRgiz7MA0GCSqGSIb3DQEBBQUAMIHIMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEqMCgG
+A1UECxMhVGVzdCBTZWNvbmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQD
+Ew1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5j
+b20wHhcNMDUwNzEwMDM1MTU2WhcNMDUwNzExMDM1MTU2WjCBwzELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBM
+aWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxJTAjBgNVBAsT
+HFRlc3QgRXhwaXJlZCBSU0EgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtzZXkg
+U2FuaW4xITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTBcMA0GCSqG
+SIb3DQEBAQUAA0sAMEgCQQDJUmVgQEBmML80PvR8zIwGkyDiE5boEWR4pGmaGUOH
+bRnFQkt2mt+4/QeYtm7GRVRUe6YJigUovU1u3DQDiOjzAgMBAAGjggFTMIIBTzAM
+BgNVHRMEBTADAQH/MCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBD
+ZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU+fqJEjRKO1kG3y4X8sCPsiYHeMkwgfEGA1Ud
+IwSB6TCB5oAU/uTsUyTwlZXHELXhRLVdOWVa436hgcKkgb8wgbwxCzAJBgNVBAYT
+AlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwgU2VjdXJpdHkg
+TGlicmFyeSAoaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMpMR4wHAYDVQQL
+ExVUZXN0IFJvb3QgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtzZXkgU2FuaW4x
+ITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbYIJANaOuOCRgiz4MA0G
+CSqGSIb3DQEBBQUAA0EAmLTpL4oqi+VjrLISYYxY5FfAqACYAOpIbIdWM2QtjozB
+dQxFVSK2RHn2z1W2gWy7N8VQmfrggN73LIKOXuoV5A==
+-----END CERTIFICATE-----
diff --git a/tests/keys/expiredkey.der b/tests/keys/expiredkey.der
new file mode 100644
index 00000000..316e41bd
--- /dev/null
+++ b/tests/keys/expiredkey.der
Binary files differ
diff --git a/tests/keys/expiredkey.p12 b/tests/keys/expiredkey.p12
new file mode 100644
index 00000000..4604e11b
--- /dev/null
+++ b/tests/keys/expiredkey.p12
Binary files differ
diff --git a/tests/keys/expiredkey.pem b/tests/keys/expiredkey.pem
new file mode 100644
index 00000000..13344549
--- /dev/null
+++ b/tests/keys/expiredkey.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOQIBAAJBAMlSZWBAQGYwvzQ+9HzMjAaTIOITlugRZHikaZoZQ4dtGcVCS3aa
+37j9B5i2bsZFVFR7pgmKBSi9TW7cNAOI6PMCAwEAAQJALeTWr2Z2R9V9ARAI9Bo9
+IZKQwHjuweCVItt4J2Ty+///KhuEnHhYJC40sH4QrpufuATLXJCzUaFHNPIAAY2G
+wQIhAPc3NqqCKzaTakzy9OZWW1d2ZZpiy6OMG1NBOGXrNq6bAiEA0Hm2HJpJ4l6P
+FN6ZAVTnV+VXt98DvyFRSlU8XFMr6IkCIDn/Mwz3csnf9a1NxlSPZ+hx904r5Vhe
+Ez8J6wBGGVMHAiAGtXP71ac9Bqf6FvO7jDzpojLBcwbO1saj6rxHiFGoaQIgFxuV
+W/NisfilEN3POFcTeuWob3qf4CSl/3/bQH6tUFU=
+-----END RSA PRIVATE KEY-----
diff --git a/tests/keys/expiredreq.pem b/tests/keys/expiredreq.pem
new file mode 100644
index 00000000..3fcfbd29
--- /dev/null
+++ b/tests/keys/expiredreq.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBkzCCAT0CAQAwgdcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
+MRIwEAYDVQQHEwlTdW5ueXZhbGUxPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJy
+YXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxJTAjBgNVBAsTHFRl
+c3QgRXhwaXJlZCBSU0EgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtzZXkgU2Fu
+aW4xITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbTBcMA0GCSqGSIb3
+DQEBAQUAA0sAMEgCQQDJUmVgQEBmML80PvR8zIwGkyDiE5boEWR4pGmaGUOHbRnF
+Qkt2mt+4/QeYtm7GRVRUe6YJigUovU1u3DQDiOjzAgMBAAGgADANBgkqhkiG9w0B
+AQQFAANBAMQmO+O1QV1h3x/NcwY9v9xSp1xmhnbdTYQXl2jRa75epxxSKwT8rzj5
+zlopg6hyt8mBTiMlXfUGfUDzccdfYG0=
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/keys/gost2001ca.der b/tests/keys/gost2001ca.der
new file mode 100644
index 00000000..b48d01ab
--- /dev/null
+++ b/tests/keys/gost2001ca.der
Binary files differ
diff --git a/tests/keys/gost2001ca.pem b/tests/keys/gost2001ca.pem
new file mode 100644
index 00000000..9bc47e1c
--- /dev/null
+++ b/tests/keys/gost2001ca.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIICCzCCAbgCAQEwCgYGKoUDAgIDBQAwgY8xCzAJBgNVBAYTAlJVMQ8wDQYDVQQH
+EwZNb3Njb3cxIzAhBgNVBAMTGkdPU1QyMDAxIENyeXB0b1BybyBUZXN0IENBMRIw
+EAYDVQQKEwlDcnlwdG9jb20xEzARBgNVBAsTCk9wZW5TU0wgQ0ExITAfBgkqhkiG
+9w0BCQEWEnZpdHVzQGNyeXB0b2NvbS5ydTAeFw0wNTA2MDMxNTA3MjhaFw0xNTA2
+MDMxNTA3MjhaMIGPMQswCQYDVQQGEwJSVTEPMA0GA1UEBxMGTW9zY293MSMwIQYD
+VQQDExpHT1NUMjAwMSBDcnlwdG9Qcm8gVGVzdCBDQTESMBAGA1UEChMJQ3J5cHRv
+Y29tMRMwEQYDVQQLEwpPcGVuU1NMIENBMSEwHwYJKoZIhvcNAQkBFhJ2aXR1c0Bj
+cnlwdG9jb20ucnUwYzAcBgYqhQMCAhMwEgYHKoUDAgIjAQYHKoUDAgIeAQNDAARA
+gLdWGphDAny4aHnGbd5sVUaIFLJ0W7bEHiP3TQikVe76L+l/yIBI4BU1YmyOCQnX
+DROKczl5PBGHOPl5J3D7ZjAKBgYqhQMCAgMFAANBANS0ZNrxY7IH6UHHBGdAqkzq
+yMqz7W2v44VaioXKhSHQlgl9x9pwC4t0oirghLKXgMERcE0HJ0zHWKO9g3pqLhc=
+-----END CERTIFICATE-----
diff --git a/tests/keys/hmackey.bin b/tests/keys/hmackey.bin
new file mode 100644
index 00000000..536aca34
--- /dev/null
+++ b/tests/keys/hmackey.bin
@@ -0,0 +1 @@
+secret \ No newline at end of file
diff --git a/tests/keys/keys.xml b/tests/keys/keys.xml
new file mode 100644
index 00000000..cead991a
--- /dev/null
+++ b/tests/keys/keys.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0"?>
+<Keys xmlns="http://www.aleksey.com/xmlsec/2002">
+<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+<KeyName>test-hmac-sha1</KeyName>
+<KeyValue>
+<HMACKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">c2VjcmV0</HMACKeyValue>
+</KeyValue>
+</KeyInfo>
+<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+<KeyName>test-dsa</KeyName>
+<KeyValue>
+<DSAKeyValue>
+<P>
+4jl6DkcmDDBt815kg/WbxW1gnLtqH+kdjqEeFDD9m6EqGqvVhFbbvNNQqAwuaiJU
+nWlR8gG47GtHKFN6w8CM1qteIo3foK504otZFNsl1p3cInQpdRCp2e/lQ+E24J/H
+/n4Ix9pBNV63JIiSIqa+GpDuBpW4o3rrBRxTjOwYpWk=
+</P>
+<Q>
+9WQwByMPy0u1C8e2SeNQTvkG6tM=
+</Q>
+<G>
+Rrg7e8pNLHMFK0pGW7xvzb7Kh6icJSsiBaX6aHqaQc9rSzzMJG3snBuQricNaUH5
+8ipucT+hdPRTo6g0ty5noyyBmqUvYHf9NuskQhPDmC3uTtqQTHeCEuX8XoH3YYlB
+uE4nXvQRGZoyy+43ISe9aDnEAgIUVQXEayTVppRF24I=
+</G>
+<X xmlns="http://www.aleksey.com/xmlsec/2002">
+S3Gt9BE+wZb996U6h4nSNtYxEmE=
+</X>
+<Y>
+WT0+1bR+bj65u5iDJ0MRc6/8iEAbvj7l5sAVn/H+SdZy94wW5mnSLCC5ufN33QPp
+WNvgVk2igM+W51WlhFDgA8Xz9lRPk19jW8BXQpqv11MKoIBpaSAWvnhs/0AKubiT
+XxJz7i78ZJy4hVTn99Rvt6Tc16/LICZfsqIJr+VK4Sg=
+</Y>
+</DSAKeyValue>
+</KeyValue>
+</KeyInfo>
+<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+<KeyName>test-rsa</KeyName>
+<KeyValue>
+<RSAKeyValue>
+<Modulus>
+0rGgazIyv0XjPXGGBwt1wvfCPO++VAlxW15LFinbxCeBkq/5jb/71gC7R2CJtUK4
+y/tIi7g89YBwQosJpgMMZt69fz51omEv/WobD0vUFcbRxek+Yi23ZHxhZMtO42Re
+zfpwgC4ep0fXL+V105BUmjGFYACnUJdtMkG8ahH8/Zs=
+</Modulus>
+<Exponent>
+Aw==
+</Exponent>
+<PrivateExponent xmlns="http://www.aleksey.com/xmlsec/2002">
+jHZq8iF3Ki6Xfkuur1z5LKUsKJ/UOAZLkj7cuXE9LW+rtx/7s9VSjqsnhOsGeNcl
+3VIwXSV9+QBK1wdbxAIIQ16+yWXNY+21K94h4C6ssx44lqgODL25OXDsE92EZFu0
+1gApBhqOUxV1gUXDqMnHqSWbk7/1kwX6RzsioRu0UKs=
+</PrivateExponent>
+</RSAKeyValue>
+</KeyValue>
+</KeyInfo>
+<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+<KeyName>test-des</KeyName>
+<KeyValue>
+<DESKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">
+zBFljViy/Qhd8AG0vGxf+SekrJ1ttpIz
+</DESKeyValue>
+</KeyValue>
+</KeyInfo>
+<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+<KeyName>test-aes128</KeyName>
+<KeyValue>
+<AESKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">0Xfy3ES+Fbv/OfWuQHKvPA==</AESKeyValue>
+</KeyValue>
+</KeyInfo>
+<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+<KeyName>test-aes192</KeyName>
+<KeyValue>
+<AESKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">lk9DyA07xL/m45fUb7zbLoy3c0hLhw80</AESKeyValue>
+</KeyValue>
+</KeyInfo>
+<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+<KeyName>test-aes256</KeyName>
+<KeyValue>
+<AESKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">fpCPQLCMZCw9WipH8kk1J75CqYgWBhbJDMFPiUS0hzE=</AESKeyValue>
+</KeyValue>
+</KeyInfo>
+</Keys>
diff --git a/tests/keys/largersacert.der b/tests/keys/largersacert.der
new file mode 100644
index 00000000..93464522
--- /dev/null
+++ b/tests/keys/largersacert.der
Binary files differ
diff --git a/tests/keys/largersacert.pem b/tests/keys/largersacert.pem
new file mode 100644
index 00000000..7c1a4e05
--- /dev/null
+++ b/tests/keys/largersacert.pem
@@ -0,0 +1,100 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ d6:8e:b8:e0:91:82:2c:fc
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Second Level RSA Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ Validity
+ Not Before: Jul 11 02:50:11 2005 GMT
+ Not After : Jul 9 02:50:11 2015 GMT
+ Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Large RSA Key, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (4096 bit)
+ Modulus (4096 bit):
+ 00:f3:61:f9:36:54:ae:5d:17:68:1b:18:28:24:72:
+ 4e:39:5d:bf:20:17:c8:7c:20:59:fb:a3:42:e4:2c:
+ b7:0d:6d:97:7e:e1:9b:ba:59:c3:e7:e8:64:ff:76:
+ 35:58:e0:90:fa:2b:13:92:5f:ba:b7:7f:54:25:6e:
+ ce:cd:1b:a3:78:92:34:31:7f:9d:dc:80:61:3c:72:
+ 69:6d:b8:35:a8:f8:1f:03:6c:e5:d7:41:53:24:84:
+ 8a:72:70:3c:e2:39:8b:ec:70:9d:d3:cf:2e:08:f6:
+ 05:80:af:36:8f:ed:8e:ef:df:50:33:94:58:15:8f:
+ 87:c4:b4:65:3d:a1:d1:23:00:6a:67:35:60:06:58:
+ bd:43:8a:86:52:29:f4:a1:e1:5f:7f:59:6e:ca:4a:
+ 78:16:9d:da:04:d9:61:d4:a3:ea:69:72:7f:1b:aa:
+ ff:c8:07:51:13:50:c1:3e:7d:9b:f7:70:dc:ba:5d:
+ 94:a9:2b:ac:ea:56:e0:3c:7f:5d:91:ef:bd:82:25:
+ f2:37:eb:2c:d9:ad:b7:dd:3e:bc:86:7a:af:89:8f:
+ f9:32:5e:9c:d0:41:0c:8c:b7:84:5e:29:e9:4f:fc:
+ b5:5c:f4:f9:82:32:b9:35:ed:84:0a:32:23:32:b5:
+ a4:b1:c8:c5:a0:16:b5:77:8d:21:8f:53:80:c4:a1:
+ a4:65:ee:af:0a:84:1d:34:30:e3:07:35:ce:16:8e:
+ 69:7b:b7:21:91:56:26:c2:d7:3f:79:0e:e0:b2:77:
+ a5:ca:60:88:15:30:8f:65:aa:8f:9d:9f:d0:50:3d:
+ 2a:9b:4f:61:ca:43:19:b9:69:58:1b:98:77:43:42:
+ 1e:08:7c:30:58:52:d4:b3:eb:d1:a2:9e:28:dd:1b:
+ 96:fd:f9:28:fd:76:d8:ec:91:21:d1:8d:42:4c:f5:
+ 05:70:2e:d2:bb:9a:c5:c8:e1:77:5d:4e:5f:c2:ab:
+ 9f:c0:75:51:11:6e:ea:6b:0e:d4:bc:93:de:a4:95:
+ e3:d2:52:57:ac:74:c5:a6:e5:a2:94:3f:d8:43:0e:
+ 42:8c:75:ad:0c:69:d1:a8:8e:e7:49:77:2b:38:af:
+ c9:ac:43:77:27:90:82:1d:62:e6:31:a0:1b:17:be:
+ 7e:63:2c:29:ec:1b:3d:4b:52:39:ec:7a:2a:fc:48:
+ 2f:bd:ce:d9:1f:21:02:fb:2c:6e:d9:40:14:c5:6a:
+ ce:20:bc:0c:e4:ae:87:35:d2:da:5f:db:95:50:f3:
+ e3:ed:2c:93:ad:42:5b:af:65:fe:f8:4b:0a:dc:60:
+ 7f:dd:48:38:88:d0:fc:a4:aa:fc:5f:07:97:cf:ae:
+ b7:43:3d:87:eb:be:51:e3:f1:8c:1f:63:43:29:24:
+ 8c:94:23
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 90:35:36:11:52:F9:00:65:FC:71:E7:73:B0:91:ED:0B:19:84:C6:28
+ X509v3 Authority Key Identifier:
+ keyid:FE:E4:EC:53:24:F0:95:95:C7:10:B5:E1:44:B5:5D:39:65:5A:E3:7E
+ DirName:/C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Test Root Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ serial:D6:8E:B8:E0:91:82:2C:F8
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 79:cd:41:fc:f0:66:13:f1:76:bd:22:51:dd:91:2f:7a:46:fd:
+ b0:ea:44:e6:73:5d:ac:00:2d:6e:0c:90:a5:e1:3b:f2:4c:75:
+ 79:12:08:eb:7f:fa:82:7d:e0:f7:76:db:63:6c:07:e9:65:0a:
+ 98:88:4e:b1:0f:d2:57:3d:df:4f
+-----BEGIN CERTIFICATE-----
+MIIFmTCCBUOgAwIBAgIJANaOuOCRgiz8MA0GCSqGSIb3DQEBBQUAMIHIMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEqMCgG
+A1UECxMhVGVzdCBTZWNvbmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQD
+Ew1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5j
+b20wHhcNMDUwNzExMDI1MDExWhcNMTUwNzA5MDI1MDExWjCBuTELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBM
+aWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxGzAZBgNVBAsT
+ElRlc3QgTGFyZ2UgUlNBIEtleTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8G
+CSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMIICIjANBgkqhkiG9w0BAQEF
+AAOCAg8AMIICCgKCAgEA82H5NlSuXRdoGxgoJHJOOV2/IBfIfCBZ+6NC5Cy3DW2X
+fuGbulnD5+hk/3Y1WOCQ+isTkl+6t39UJW7OzRujeJI0MX+d3IBhPHJpbbg1qPgf
+A2zl10FTJISKcnA84jmL7HCd088uCPYFgK82j+2O799QM5RYFY+HxLRlPaHRIwBq
+ZzVgBli9Q4qGUin0oeFff1luykp4Fp3aBNlh1KPqaXJ/G6r/yAdRE1DBPn2b93Dc
+ul2UqSus6lbgPH9dke+9giXyN+ss2a233T68hnqviY/5Ml6c0EEMjLeEXinpT/y1
+XPT5gjK5Ne2ECjIjMrWkscjFoBa1d40hj1OAxKGkZe6vCoQdNDDjBzXOFo5pe7ch
+kVYmwtc/eQ7gsnelymCIFTCPZaqPnZ/QUD0qm09hykMZuWlYG5h3Q0IeCHwwWFLU
+s+vRop4o3RuW/fko/XbY7JEh0Y1CTPUFcC7Su5rFyOF3XU5fwqufwHVREW7qaw7U
+vJPepJXj0lJXrHTFpuWilD/YQw5CjHWtDGnRqI7nSXcrOK/JrEN3J5CCHWLmMaAb
+F75+Yywp7Bs9S1I57Hoq/Egvvc7ZHyEC+yxu2UAUxWrOILwM5K6HNdLaX9uVUPPj
+7SyTrUJbr2X++EsK3GB/3Ug4iND8pKr8XweXz663Qz2H675R4/GMH2NDKSSMlCMC
+AwEAAaOCAVMwggFPMAwGA1UdEwQFMAMBAf8wLAYJYIZIAYb4QgENBB8WHU9wZW5T
+U0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBSQNTYRUvkAZfxx53Ow
+ke0LGYTGKDCB8QYDVR0jBIHpMIHmgBT+5OxTJPCVlccQteFEtV05ZVrjfqGBwqSB
+vzCBvDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoT
+NFhNTCBTZWN1cml0eSBMaWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3ht
+bHNlYykxHjAcBgNVBAsTFVRlc3QgUm9vdCBDZXJ0aWZpY2F0ZTEWMBQGA1UEAxMN
+QWxla3NleSBTYW5pbjEhMB8GCSqGSIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29t
+ggkA1o644JGCLPgwDQYJKoZIhvcNAQEFBQADQQB5zUH88GYT8Xa9IlHdkS96Rv2w
+6kTmc12sAC1uDJCl4TvyTHV5Egjrf/qCfeD3dttjbAfpZQqYiE6xD9JXPd9P
+-----END CERTIFICATE-----
diff --git a/tests/keys/largersakey-win.p12 b/tests/keys/largersakey-win.p12
new file mode 100644
index 00000000..af04b9e4
--- /dev/null
+++ b/tests/keys/largersakey-win.p12
Binary files differ
diff --git a/tests/keys/largersakey-winxp.p12 b/tests/keys/largersakey-winxp.p12
new file mode 100644
index 00000000..75746297
--- /dev/null
+++ b/tests/keys/largersakey-winxp.p12
Binary files differ
diff --git a/tests/keys/largersakey.der b/tests/keys/largersakey.der
new file mode 100644
index 00000000..c76b59fa
--- /dev/null
+++ b/tests/keys/largersakey.der
Binary files differ
diff --git a/tests/keys/largersakey.p12 b/tests/keys/largersakey.p12
new file mode 100644
index 00000000..613fc7ce
--- /dev/null
+++ b/tests/keys/largersakey.p12
Binary files differ
diff --git a/tests/keys/largersakey.p8-der b/tests/keys/largersakey.p8-der
new file mode 100644
index 00000000..1c75f06b
--- /dev/null
+++ b/tests/keys/largersakey.p8-der
Binary files differ
diff --git a/tests/keys/largersakey.p8-pem b/tests/keys/largersakey.p8-pem
new file mode 100644
index 00000000..7991d7ac
--- /dev/null
+++ b/tests/keys/largersakey.p8-pem
@@ -0,0 +1,53 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIJaTAbBgkqhkiG9w0BBQMwDgQII/X7tBz2lDgCAggABIIJSIFZASAVzO/ZwE3K
+ldJI6KQ8KJSH2b8iP5VLqAYKn7GlrAOioT9XBBF1QgE5r8B9qAxp/if8fC7CF0Wo
+iruZI1hJpBjuSFgNSgomHr2jXxPVX59YxmBkM3KQ5FC4gL70+LDqzhhozIaAyrbe
+c+w94NjCq3cR9w3S6lnjpc/JZaTNz9Yb/Psl6PfCdEdnGpyxiGLpKZDCnVvBgPXU
+7C9yJ9/GDUQynBl1xiEWR89jVpatZjOJgz8NJU3upE5SWVVYIThXGgrm6Xolyh3M
+L9qZksyKQg1r48Bd9w9kxRUOhgJzQ5ovFDHoftRmc7RMxLvorsI7SYYbSTNAz2JF
+q/H7yakrPD5TYMzt8ctFp6Jh9yq98pobyzLbugSxP1QrapfJe1LWQm4qKV6tZcqw
+T/mHbS1+7a1EtCFi7l4rlTT/Xu2gGAdiroT+cfNWJlwo63kCaiVpYzmEhBJVJOtS
+YVRTRjf8UofWhkEXNSrn07xeFS7bIzG5icdvjvRKaRwHhXgSyVIp9eFumX8oW0ZG
+nrEVqc8mjzEP2tBkytgfPmEiOnBizX9Bg6RLjL8Kzfev3Sj/eeizrCRA4qPPlzRN
+uF5hdi+yFakPQN6XKQd9PuCksY7w0Vb+x51baF96LYO82Q9pThYk8AUPMek1nB1w
+BTWTphukTJfwmBzAZCKm1VrMjIFgN1gRK6jO/FYtveJ5yGNx9vi6Y3Bs1heOJdVn
+Hjnq0rXWzDvHR8pzlDo85R/WNqjmkH9qQ/Tnsixm7J4IguXjE6znrC+4bcfJsWRc
+01a+15WgSvATGYNAa0zgUgv7JGvHsxHu+OCYnpNQnxGVYpyK0p7Kzm/DEM7mr49Z
+jHm+nuZ2n/sLVoyn5OI7JeCWuHWCdHWGz8P90jOdhdFadg2RPS0OdO9JAnL9mznD
+AmnI35zq02FP3lHxE/4/deAhDYVUGQzVKnAsLaXoRVZ77O5UjUMuDZN6E59EAR3w
+y32IXuoUphR3ID6tW3e4nCYWEmjExxNn1ZFU/ImIlIbYZp6ym+ulZhA4ZcFafBoA
+kdpcULakqCEHFW2coSeB+NtQvU2DEw9T+Vnnl2WUD8Gb1Y1G1Z8iB1gNg2Zjn2rL
+tY/ZBM4IQR2uXzyus6o/poF0qpPC37DI1YTlOBMyg1oOA2fc2l4wULx+u7jMtNEL
+eG//swW4F8Od5j3Hs0kJpJ00O98dqcXpYy/UaGQNdWzIUIg8AjScMdt/aFg6vluR
+JmS3mmZr5GY6GG0+n4xTzDCFDHwPO+dkx2z0qry8qWUUz5cL2Ym6KS+MGqKNz4vO
+kScYfg51gikT+kT6xshO62alqZwsmZB3YCp/7dD9s2LcWFaKQvVFoi+EXum/sBBL
+7/fbh30Cx1eSpYN/Jb1FRwlcg/e4lcpp4et8LL2oLCghPbBfw5qYnQLN/oA2LJnB
+TTVGc0lA6ZSkI1UrqfDLQvBCrLKXhO2hp3KvRoJlLc1dXXyHh40c7/8Aw+BUqkrO
+/sv52jTkwttPc9RnUhR1F9LVyMrOhYD9BlgZGqzMLzi58+WHigcgtfNColps6ATi
+GaMmBfCl0VSw3u686RyXOjpTwGHVgwCp0hLuHbg8USBaqqnt4PpVG5zAU95KQ6t4
+Nr7CZBJQWlGotu2orgyV2JfcvNWtZjr5usbxnA5mSLEWI09rpnQRP+JGFGCQQr00
+6PAaWnyYCs4ZFYkWWkzuAVMSE0Xvbll2+bwnprA39AfPl/2UCBzwxS2bdbvDdLgX
+wh+plYaRWnUhZwbK8XIH6Gc+zfAc6glJobkP3gV2hbNXo/1yHuuPrjz5AZ1J7B05
+hnN53NoUncnrCcNc79jkTzuprJ3UkIBc7ibUXjf3vdzfsbA+9GVxKWdY1jmNU3si
+yDJlywhNaMf1LwJsnq1tn4B37NrZEjtTejnk9HkLYu89q1f+t45PkSrnuf1J75ej
+jXCzRQGMVkLh+vB8mCYPbraMciOPaLBNM5mQpNCITZVJ6xq7JfRqnKYK1U9LhzB+
+4r19bvri2gBuXCBM71LN6UWRSLYCRbKWDs1OJKBB4T6BtMU4FwHUGspF9Ch5Cmqw
+fRzJsVI+/sFlgxN7Y++qmH5hH7LoWsQAthGmhxdXjIXGek+hTYToTnS+vu4Eyz2/
+VzMS4oPAsBVlRWkzcfE6vA2tdPMt0+pmLoow+shuskrciFCJtQl6WiOA/ei+XoTG
+Amzy5cILYqJ6BW+IxcoIp4OH3KdzJPz+AccQZkBPxkYbwkw7+6wLk+RXirwyXGaz
+x+s+MSUloio2IGXi8nUdeaBbEt7X32H9TB2QXIOyVPaUSKCMcozzfxGLt+NEL/+C
+tUjsVUvRsPw1qW7kT2cVsmJUclg+R/6dozkXlCrEa0Er/6TmD+n3BTehUBFwO/r3
+vOOKyNUfofAC2fI7koOP/W08WBnJdDqd6RrYdyD09nKzkXcmPfq9i6pCnLe4rwZc
+YA8KDMBxBRho4DA0Av4JcbMlZu872xAdk7RJMcaugIOQ8uJshNK8+KpLmy9KDkDC
+nZLTunTO97KmRUqrhYC9rqPqioYZG09uWWZWjpvexoOa9zZoIY1f601tLBEg/m/7
+4AO3L7TlPG1jZZgI0rbMb7er4AajAfNEwthwJ8K4GqWLi87GijppfAsComHfhPwg
+AOOQtZ5kRztEeJXXEi6LGNvyhZF8v5zvHgk4jGoF+PMg2idL/V59VOPbuFtLFkMw
+QtaZ50jcqDBLeBPWfmbgdo7bHx0fVlcAdQVvUerqm218fXCDaraOQLNekqjpFwib
+A1/c4+UhcVqFrFldsZYSy/c9kH1LWt/7tbL50rLKNUkGPqlqeEsgbKlVFI+PvTNZ
+iMJ03tZ2Z6OL5KgHr8iVZbvK4b/JQRLy2mhkuR3UB0bSSSDzYy+6Is0Ejs4V2nYv
+TK0zBETlmPqTtyK9Gsj22kSgXuE9PIrG8dfN2y7mEYsva6p5e4t/afbZBMbnK8xy
+8S/QXVuQ1GlBLZNeUqUyMkBwtUq213irEbj0dA1SlaZ3DEO9Y92JOkze+swNXGQf
+F+V1/Md3R3OfgGKYz6CiKZzYpdRubpxdtHq3X9bs6ESLss91lHsdTRYw5Cli+AZc
+0T6x10xq/vPerq3Z3uVgdF1GREnVoZ07nZAJJJZWnyZugvM1/w1ZFSYv8xqKjl/G
+n6hCl1lFtfyHieoKYA==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/keys/largersakey.pem b/tests/keys/largersakey.pem
new file mode 100644
index 00000000..d25dbbd2
--- /dev/null
+++ b/tests/keys/largersakey.pem
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKAIBAAKCAgEA82H5NlSuXRdoGxgoJHJOOV2/IBfIfCBZ+6NC5Cy3DW2XfuGb
+ulnD5+hk/3Y1WOCQ+isTkl+6t39UJW7OzRujeJI0MX+d3IBhPHJpbbg1qPgfA2zl
+10FTJISKcnA84jmL7HCd088uCPYFgK82j+2O799QM5RYFY+HxLRlPaHRIwBqZzVg
+Bli9Q4qGUin0oeFff1luykp4Fp3aBNlh1KPqaXJ/G6r/yAdRE1DBPn2b93Dcul2U
+qSus6lbgPH9dke+9giXyN+ss2a233T68hnqviY/5Ml6c0EEMjLeEXinpT/y1XPT5
+gjK5Ne2ECjIjMrWkscjFoBa1d40hj1OAxKGkZe6vCoQdNDDjBzXOFo5pe7chkVYm
+wtc/eQ7gsnelymCIFTCPZaqPnZ/QUD0qm09hykMZuWlYG5h3Q0IeCHwwWFLUs+vR
+op4o3RuW/fko/XbY7JEh0Y1CTPUFcC7Su5rFyOF3XU5fwqufwHVREW7qaw7UvJPe
+pJXj0lJXrHTFpuWilD/YQw5CjHWtDGnRqI7nSXcrOK/JrEN3J5CCHWLmMaAbF75+
+Yywp7Bs9S1I57Hoq/Egvvc7ZHyEC+yxu2UAUxWrOILwM5K6HNdLaX9uVUPPj7SyT
+rUJbr2X++EsK3GB/3Ug4iND8pKr8XweXz663Qz2H675R4/GMH2NDKSSMlCMCAwEA
+AQKCAgBHktNgJ+0TEVQbS7JabYcVlb0kKfpajoUH3I5KXeADQexgcuaCGe3j4FL7
+UX8EwR3BhDOAQ0i8t+Q+EeUdKnibd5uDxvzcoKB3z0mz641UQIuWTUsWT26s+ZFh
+cCJngPbmNIQlivMFzZv2qRBJqVn0rt5+HKz+wjPyI/717gV73p5r9aVkmGooV6+C
+sDXx+T5FTD6pnNbOB+Paszby+rVwByzcLSCFaaltHb2GrBfW38j5wZV7Xo2+aIgP
+IoGY7kDz6kbeLPoGlfDRTqbQgXnn4YAuUOaa09Zl934k1vx2+mE3kg9iO5p+Anhn
+KzFwszxY0CtWFfeNzeJFrQ/cQ5D9micMaTVB9zyizarkXGgHOoncuIVBVgV8i7gA
+YxxcR2jsDhySoUXcIMFWxxMVR66dx+gK4FUB/GOX26NMcvj0FgjQkUWCoDKivUSi
+9ClgH2/r8bFS+nNEoWuJ23LqUO2LtGDF1z2PXSs8SVUd2SPTHjlnJ6nSFbrtrfkw
+GMUov/QizIn7GH0IGUJCU5RZq3VUs5SdJqr7Glz8yjnbFacTfSrXdbLjD7toFOE8
+tNOJrAKI7mBhH9LsnQ4E0RRjpX/6GozVO6xfeNFWKsx4ocZ0T7wRjSwb6Pi/lVf5
+9VZwXgI67MJA8Px6MIGUDkPOOo63n1/Zs4YY3Pl7qKAOGr898QKCAQEA/1B8O+qi
+gXbTcXCAEkmQimhQDlrylBunucWTKPLNFLd1qiAwAlx9kDVHH0GV/lxqEKh9bm00
+6OOqHpEYwOoHFWfXr0hX4+FK86fI8SCZ8TPbMWYkx7567yAwl9p44mv3wHbwuVCs
+EoyQS5EKCfcOL/pLF7OyDMMWaHNLx24C+g7LRpim/NyUPQjTxmRBX4rd+4qFBIKH
+1Ksan+7rm/yzY3VZCtwLzqKQntsOPrdYO0vPYpq5lieIjSsz2v7uFa+QgHVaaupU
+UYEK3tpEKfLS+iLNA1aEmmlVfkFc3qWeR7y8SFN9TedBVLGg6gwjZ1kf5Yo4Zfgf
+FU/0XmuL0g/JmwKCAQEA9AlJKwUBtMEeauIY00gNCdQVN1oxsCrxa8knDMDWl9EO
+KEpoA6ilepROszlxj7ejdFBxHqnI0h4U6yLimsDB+LOA8ULvIhTYOWV2FIA/zpfw
+ej34dcnA4QiM7Cs63z6r84c3JS+EVL13zZoNBdmTzsLIEy47Sqv8XP1VzI24mZ+t
+LU6LXX50kj4iibPrFgfYkA1zsfh/amY1hBXktAj4tvOMI9sugy3py1iPlpu+UX3W
+7nbUzI66bZtDguLszQWkWfMwwkHABQcjO+e6fKKVe9P/KdCH3cXz3YTK3ZK9fIWJ
+jISFymS8wd9o70iI9HT+0/d4TEd8lmOpq1VCq2XsGQKCAQA0Fvyx0MZE+bRcEaLf
+mEi4JF4o/588XoQS39+NXDRBRMjp49VHtg0cLfKLyvrKQZqWOXoV3IwN890SjXHq
+chTt5hjYNz9PS/jZy2Kw54Dg+D6BTqC0bAVy4jNn1/gP4g1TJDEq7e2dfzY1ZKsS
+q2gmm79UX6I0/lyFBPjyAFz1Ha2VgrGXJ33LEhD7ChtYXeG6X2GSMPt7hUlSVhGV
+6rHC2f9HuuthxkMRVgoK+6cxud7e9Ehm/Tvb6XOT+60hmYc23jqLU7HOSzCnlQqR
+MGyhAhan1rAJPPJnZviGqG2pnzUe4IHRMhxfJjp5Ze6XOFTMpS2qiDv3Qi/OT8zg
+F75/AoIBAARbThUYh8lEUVizJKJQ/PqZ8K8GSzDL83drJelSYAJh1xDdEzJNhnbD
+wwvsEJzyOFbRQNO9UDqAEvuHqef9XPklqz2jZkWDfcC4kP0YtQrpJ3/nL1JbAbiC
+wJFOzERECCnW1iMxz/j7UPI4t9bM5ZihXZUKFEDnBSBb3XZDaXJEqYDPkClhIo+h
+0FgJAD9qcHFR7CjXON8baAUtpuGX72jEvFG/jfsFjND2icm0ihdGWdn0ASSNv8JJ
+LVFe379hRGfesZYmOllcoUJmhqvG80g8pqeGc4aADDR+NGj0P7HDaIs7qm/MkJod
+dPAgqWFD3XDHUDx8YjsFGHhYk1IgBbECggEBAOse/fI06KcoQ3ARHUV98UsTBf4C
+eLydlAkdoyJkJ+dIqFmqRLmNzOolfzfEJkp+YO9fU6KU5+mF2PUxGcU6QhUOk2Lz
+DF5ARFeZSNZ6UmrFdm3QGkBHE7u+iRBjHhrR80PjE0qYM7Vjqg9L1k4hr97ccrj9
+tNRSEqPtR7XA6QfAx3RBlJfQXAmwLeSuGC6Sh0Q55UYhHegN2IblFcYdoxYr68uD
+pMpypdcgbClKBaxCIvcKvbPiziHsAU2VZnLmCOA66Csqv0Tw/IjUops5EegIJ6LT
+29QsXgdv3E/Wb6yQF9vS0LRWBjEy3/FRwaxs6acqslfBT3QKQMSjDADTCKo=
+-----END RSA PRIVATE KEY-----
diff --git a/tests/keys/largersareq.pem b/tests/keys/largersareq.pem
new file mode 100644
index 00000000..c8da3dc2
--- /dev/null
+++ b/tests/keys/largersareq.pem
@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIFEzCCAvsCAQAwgc0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
+MRIwEAYDVQQHEwlTdW5ueXZhbGUxPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBMaWJy
+YXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxGzAZBgNVBAsTElRl
+c3QgTGFyZ2UgUlNBIEtleTEWMBQGA1UEAxMNQWxla3NleSBTYW5pbjEhMB8GCSqG
+SIb3DQEJARYSeG1sc2VjQGFsZWtzZXkuY29tMIICIjANBgkqhkiG9w0BAQEFAAOC
+Ag8AMIICCgKCAgEA82H5NlSuXRdoGxgoJHJOOV2/IBfIfCBZ+6NC5Cy3DW2XfuGb
+ulnD5+hk/3Y1WOCQ+isTkl+6t39UJW7OzRujeJI0MX+d3IBhPHJpbbg1qPgfA2zl
+10FTJISKcnA84jmL7HCd088uCPYFgK82j+2O799QM5RYFY+HxLRlPaHRIwBqZzVg
+Bli9Q4qGUin0oeFff1luykp4Fp3aBNlh1KPqaXJ/G6r/yAdRE1DBPn2b93Dcul2U
+qSus6lbgPH9dke+9giXyN+ss2a233T68hnqviY/5Ml6c0EEMjLeEXinpT/y1XPT5
+gjK5Ne2ECjIjMrWkscjFoBa1d40hj1OAxKGkZe6vCoQdNDDjBzXOFo5pe7chkVYm
+wtc/eQ7gsnelymCIFTCPZaqPnZ/QUD0qm09hykMZuWlYG5h3Q0IeCHwwWFLUs+vR
+op4o3RuW/fko/XbY7JEh0Y1CTPUFcC7Su5rFyOF3XU5fwqufwHVREW7qaw7UvJPe
+pJXj0lJXrHTFpuWilD/YQw5CjHWtDGnRqI7nSXcrOK/JrEN3J5CCHWLmMaAbF75+
+Yywp7Bs9S1I57Hoq/Egvvc7ZHyEC+yxu2UAUxWrOILwM5K6HNdLaX9uVUPPj7SyT
+rUJbr2X++EsK3GB/3Ug4iND8pKr8XweXz663Qz2H675R4/GMH2NDKSSMlCMCAwEA
+AaAAMA0GCSqGSIb3DQEBBAUAA4ICAQDW+eyCOkDNCtpO8i8ThqBMA++0WmnY1T8Q
+3tSFxgne8ZVz+/2fERcB7ZuPLH7+Uu37cdsaBP0Qq5jRqe0WiMlrOiV7sdFPDPnV
+uuiOCbSrxSc1FfmuSmtx2XnKZHCGpyRmArASvlN15PG+e8t/rN3EeqlAMeDnHyng
+ODoWXY8WxwNC6Ft8H/1duVhM0yP0lvLSKwgrUx3jU+m9gmWZADnQN5DZo32MJr/8
+KEJrjRYJQQ1oZZ34VNLCrZgutyH5y/A8dSZRpy99RA8PJ3trd1HWN2VMQesIhuKs
+uS0rZLdFov0JbH1dGe1V3DM7Omt4jvhZQ4wje6JkIDKoguuZ8izX1iZ+hfNFSxUx
+vREmTvoEMmOagAbg1OGfexbTMhQE5YcoNK8YdJj9xKIcD2Oj6TnWHX6p9JclAlIV
+LFxnXDsXHIRb2weoPc942PXH3yavHRWaguYAhDHYxb3TSPm5JDHKr6i7YRKCueV/
+NB84mhAGd40SKUCFGoD6wSWhKWG1KrBUNY0X2Qp8M71ZfWN4SF0sjcwB2XQQp6yr
+0mvxXSbMhtr4bSGKB5RECJRM16DaJ2VapTJ3Pr3S4+bZVkxUq6KCJZY7rQeyk7RP
+6U7k0u5XKUOgEmH93DL7ac0FMy70hIyaAiG4k3jE4P6ewqBmsWaW3OtT3RWtBCNd
+E8XvfdMyBg==
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/keys/merlincert.pem b/tests/keys/merlincert.pem
new file mode 100644
index 00000000..cff8e3ea
--- /dev/null
+++ b/tests/keys/merlincert.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDTDCCAwugAwIBAgIGAOxN334jMAkGByqGSM44BAMwbjELMAkGA1UEBhMCSUUx
+DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEVMBMGA1UEAxMMVHJhbnNpZW50IENB
+MB4XDTAyMDIyODE3NTI1NFoXDTAzMDIyODE3NTI1NFowbjELMAkGA1UEBhMCSUUx
+DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEVMBMGA1UEAxMMVHJhbnNpZW50IENB
+MIIBtzCCASsGByqGSM44BAEwggEeAoGBAIprqepZpIuKwJlLLSm/8XQUTFjbUPqQ
+zfe2ZywPV95Sm5BB7WBco0N7gHLYFUie+YlUbisc+Am+Uc1ZtuRGipiqvK4n9TLQ
+SIuo4wycZiHTWhChvc1U3/YIicdTfSNLd6IdXwFWQ0q8ysyRkNlrw3yHxR3STLQd
+wtFShpi2Ue15AhUAxDve3j7sEnh4rIzM5gK+5/gxxFUCgYA0u6AB/ohknGjcEI6L
+nKsYRXC2UTNdyed1eF3RPPfwKdApzhIS6mbg/I/lOYu8rrhMN84Puyej9bmgjUpl
+2KZ9bZziv/rBo3NlK+Jww5aEthjrbU2fqeMFzxU3CjFanMJeEqbvRvz4Phhkyf95
+TkM3x2+FO/9s0rbUV8mqOnTfdQOBhQACgYEAhiDEE1r/AVBPgmBksGXqTRTHYhLq
++PE+lUD0zi8qUQTIsgIyjoWORG8HG9XoRl/4LxXVUP3hiJSE78MINC61m3ef6Ir1
+lbWo1lSUY9gi88Gy7TJMJrkpCwgzeNgUL5U/ZACwup8lM0D04Bi7lxZ7Vt4fqPMG
+MoY2QUwG2H3SUTGjNjA0MA4GA1UdDwEB/wQEAwICBDAPBgNVHRMECDAGAQH/AgEA
+MBEGA1UdDgQKBAiCOqKyJnVZWzAJBgcqhkjOOAQDAzAAMC0CFQCGiGcFnv0ZDYOb
+M8Ebo7XQJrgn2QIUa0pkSOjcyp9B68ZDaxsMLIpuVwM=
+-----END CERTIFICATE-----
diff --git a/tests/keys/openssl.cnf b/tests/keys/openssl.cnf
new file mode 100644
index 00000000..ecd8b887
--- /dev/null
+++ b/tests/keys/openssl.cnf
@@ -0,0 +1,316 @@
+#
+# OpenSSL example configuration file.
+# This is mostly being used for generation of certificate requests.
+#
+
+# This definition stops the following lines choking if HOME isn't
+# defined.
+HOME = .
+RANDFILE = $ENV::HOME/.rnd
+
+# Extra OBJECT IDENTIFIER info:
+#oid_file = $ENV::HOME/.oid
+oid_section = new_oids
+
+# To use this configuration file with the "-extfile" option of the
+# "openssl x509" utility, name here the section containing the
+# X.509v3 extensions to use:
+# extensions =
+# (Alternatively, use a configuration file that has only
+# X.509v3 extensions in its main [= default] section.)
+
+[ new_oids ]
+
+# We can add new OIDs in here for use by 'ca' and 'req'.
+# Add a simple OID like this:
+# testoid1=1.2.3.4
+# Or use config file substitution like this:
+# testoid2=${testoid1}.5.6
+
+####################################################################
+[ ca ]
+default_ca = CA_default # The default ca section
+
+####################################################################
+[ CA_default ]
+
+dir = ./demoCA # Where everything is kept
+certs = $dir/certs # Where the issued certs are kept
+crl_dir = $dir/crl # Where the issued crl are kept
+database = $dir/index.txt # database index file.
+#unique_subject = no # Set to 'no' to allow creation of
+ # several ctificates with same subject.
+new_certs_dir = $dir/newcerts # default place for new certs.
+
+certificate = $dir/cacert.pem # The CA certificate
+serial = $dir/serial # The current serial number
+crlnumber = $dir/crlnumber # the current crl number
+ # must be commented out to leave a V1 CRL
+crl = $dir/crl.pem # The current CRL
+private_key = $dir/private/cakey.pem# The private key
+RANDFILE = $dir/private/.rand # private random number file
+
+x509_extensions = usr_cert # The extentions to add to the cert
+
+# Comment out the following two lines for the "traditional"
+# (and highly broken) format.
+name_opt = ca_default # Subject Name options
+cert_opt = ca_default # Certificate field options
+
+# Extension copying option: use with caution.
+# copy_extensions = copy
+
+# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
+# so this is commented out by default to leave a V1 CRL.
+# crlnumber must also be commented out to leave a V1 CRL.
+# crl_extensions = crl_ext
+
+default_days = 3650 # how long to certify for
+default_crl_days= 30 # how long before next CRL
+default_md = sha1 # which md to use.
+preserve = no # keep passed DN ordering
+
+# A few difference way of specifying how similar the request should look
+# For type CA, the listed attributes must be the same, and the optional
+# and supplied fields are just that :-)
+policy = policy_match
+
+# For the CA policy
+[ policy_match ]
+countryName = match
+stateOrProvinceName = match
+organizationName = match
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+# For the 'anything' policy
+# At this point in time, you must list all acceptable 'object'
+# types.
+[ policy_anything ]
+countryName = optional
+stateOrProvinceName = optional
+localityName = optional
+organizationName = optional
+organizationalUnitName = optional
+commonName = supplied
+emailAddress = optional
+
+####################################################################
+[ req ]
+default_bits = 1024
+default_keyfile = privkey.pem
+distinguished_name = req_distinguished_name
+attributes = req_attributes
+x509_extensions = v3_ca # The extentions to add to the self signed cert
+
+# Passwords for private keys if not present they will be prompted for
+# input_password = secret
+# output_password = secret
+
+# This sets a mask for permitted string types. There are several options.
+# default: PrintableString, T61String, BMPString.
+# pkix : PrintableString, BMPString.
+# utf8only: only UTF8Strings.
+# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
+# MASK:XXXX a literal mask value.
+# WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings
+# so use this option with caution!
+string_mask = nombstr
+
+# req_extensions = v3_req # The extensions to add to a certificate request
+
+[ req_distinguished_name ]
+countryName = Country Name (2 letter code)
+countryName_default = US
+countryName_min = 2
+countryName_max = 2
+
+stateOrProvinceName = State or Province Name (full name)
+stateOrProvinceName_default = California
+
+localityName = Locality Name (eg, city)
+localityName_default = Sunnyvale
+
+0.organizationName = Organization Name (eg, company)
+0.organizationName_default = XML Security Library (http://www.aleksey.com/xmlsec)
+
+# we can do this but it is not needed normally :-)
+#1.organizationName = Second Organization Name (eg, company)
+#1.organizationName_default = World Wide Web Pty Ltd
+
+organizationalUnitName = Organizational Unit Name (eg, section)
+#organizationalUnitName_default =
+
+commonName = Common Name (eg, YOUR name)
+commonName_max = 64
+commonName_default = Aleksey Sanin
+
+emailAddress = Email Address
+emailAddress_max = 64
+emailAddress_default = xmlsec@aleksey.com
+
+# SET-ex3 = SET extension number 3
+
+[ req_attributes ]
+challengePassword = A challenge password
+challengePassword_min = 4
+challengePassword_max = 20
+
+unstructuredName = An optional company name
+
+[ usr_cert ]
+
+# These extensions are added when 'ca' signs a request.
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:TRUE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+[ v3_req ]
+
+# Extensions to add to a certificate request
+
+basicConstraints = CA:FALSE
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+[ v3_ca ]
+
+
+# Extensions for a typical CA
+
+
+# PKIX recommendation.
+
+subjectKeyIdentifier=hash
+
+authorityKeyIdentifier=keyid:always,issuer:always
+
+# This is what PKIX recommends but some broken software chokes on critical
+# extensions.
+#basicConstraints = critical,CA:true
+# So we do this instead.
+basicConstraints = CA:true
+
+# Key usage: this is typical for a CA certificate. However since it will
+# prevent it being used as an test self-signed certificate it is best
+# left out by default.
+# keyUsage = cRLSign, keyCertSign
+
+# Some might want this also
+# nsCertType = sslCA, emailCA
+
+# Include email address in subject alt name: another PKIX recommendation
+# subjectAltName=email:copy
+# Copy issuer details
+# issuerAltName=issuer:copy
+
+# DER hex encoding of an extension: beware experts only!
+# obj=DER:02:03
+# Where 'obj' is a standard or added object
+# You can even override a supported extension:
+# basicConstraints= critical, DER:30:03:01:01:FF
+
+[ crl_ext ]
+
+# CRL extensions.
+# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
+
+# issuerAltName=issuer:copy
+authorityKeyIdentifier=keyid:always,issuer:always
+
+[ proxy_cert_ext ]
+# These extensions should be added when creating a proxy certificate
+
+# This goes against PKIX guidelines but some CAs do it and some software
+# requires this to avoid interpreting an end user certificate as a CA.
+
+basicConstraints=CA:FALSE
+
+# Here are some examples of the usage of nsCertType. If it is omitted
+# the certificate can be used for anything *except* object signing.
+
+# This is OK for an SSL server.
+# nsCertType = server
+
+# For an object signing certificate this would be used.
+# nsCertType = objsign
+
+# For normal client use this is typical
+# nsCertType = client, email
+
+# and for everything including object signing:
+# nsCertType = client, email, objsign
+
+# This is typical in keyUsage for a client certificate.
+# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+# This will be displayed in Netscape's comment listbox.
+nsComment = "OpenSSL Generated Certificate"
+
+# PKIX recommendations harmless if included in all certificates.
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid,issuer:always
+
+# This stuff is for subjectAltName and issuerAltname.
+# Import the email address.
+# subjectAltName=email:copy
+# An alternative to produce certificates that aren't
+# deprecated according to PKIX.
+# subjectAltName=email:move
+
+# Copy subject details
+# issuerAltName=issuer:copy
+
+#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
+#nsBaseUrl
+#nsRevocationUrl
+#nsRenewalUrl
+#nsCaPolicyUrl
+#nsSslServerName
+
+# This really needs to be in place for it to be a proxy certificate.
+proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
diff --git a/tests/keys/rsacert.der b/tests/keys/rsacert.der
new file mode 100644
index 00000000..a480d645
--- /dev/null
+++ b/tests/keys/rsacert.der
Binary files differ
diff --git a/tests/keys/rsacert.pem b/tests/keys/rsacert.pem
new file mode 100644
index 00000000..89c58f0a
--- /dev/null
+++ b/tests/keys/rsacert.pem
@@ -0,0 +1,61 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ d6:8e:b8:e0:91:82:2c:fa
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Second Level RSA Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ Validity
+ Not Before: Jul 10 02:33:02 2005 GMT
+ Not After : Jul 8 02:33:02 2015 GMT
+ Subject: C=US, ST=California, O=XML Security Library (http://www.aleksey.com/xmlsec), OU=Test Third Level RSA Certificate, CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (512 bit)
+ Modulus (512 bit):
+ 00:d3:d0:6d:0f:76:9e:56:de:83:54:39:24:d1:d2:
+ 3b:56:1e:cb:8e:a7:67:b1:89:96:d2:d6:c3:57:1c:
+ 4a:fa:7b:a6:7b:e6:7d:49:be:33:9d:b5:0a:91:69:
+ 7e:be:04:00:4d:d4:54:13:28:53:d8:ff:86:aa:b7:
+ 74:50:1c:d8:7d
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:TRUE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ D7:F4:C6:46:77:CE:37:04:23:AD:29:54:FB:B0:0E:A4:CC:43:28:19
+ X509v3 Authority Key Identifier:
+ keyid:FE:E4:EC:53:24:F0:95:95:C7:10:B5:E1:44:B5:5D:39:65:5A:E3:7E
+ DirName:/C=US/ST=California/O=XML Security Library (http://www.aleksey.com/xmlsec)/OU=Test Root Certificate/CN=Aleksey Sanin/emailAddress=xmlsec@aleksey.com
+ serial:D6:8E:B8:E0:91:82:2C:F8
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 47:e3:be:65:b0:8b:68:01:a5:8b:7b:6f:01:7a:a0:78:85:2e:
+ 82:21:e6:48:8b:00:fa:e5:38:50:1b:3d:99:4b:0e:aa:f9:f9:
+ e0:dc:af:57:1f:d2:99:2c:81:6e:df:54:4f:4d:cd:34:a6:c2:
+ 30:c5:b8:47:0f:a8:95:7a:d8:49
+-----BEGIN CERTIFICATE-----
+MIID3zCCA4mgAwIBAgIJANaOuOCRgiz6MA0GCSqGSIb3DQEBBQUAMIHIMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEqMCgG
+A1UECxMhVGVzdCBTZWNvbmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQD
+Ew1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5j
+b20wHhcNMDUwNzEwMDIzMzAyWhcNMTUwNzA4MDIzMzAyWjCBxzELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBM
+aWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKTAnBgNVBAsT
+IFRlc3QgVGhpcmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVr
+c2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wXDAN
+BgkqhkiG9w0BAQEFAANLADBIAkEA09BtD3aeVt6DVDkk0dI7Vh7LjqdnsYmW0tbD
+VxxK+nume+Z9Sb4znbUKkWl+vgQATdRUEyhT2P+Gqrd0UBzYfQIDAQABo4IBUzCC
+AU8wDAYDVR0TBAUwAwEB/zAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0
+ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNf0xkZ3zjcEI60pVPuwDqTMQygZMIHx
+BgNVHSMEgekwgeaAFP7k7FMk8JWVxxC14US1XTllWuN+oYHCpIG/MIG8MQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEeMBwG
+A1UECxMVVGVzdCBSb290IENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVrc2V5IFNh
+bmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb22CCQDWjrjgkYIs
++DANBgkqhkiG9w0BAQUFAANBAEfjvmWwi2gBpYt7bwF6oHiFLoIh5kiLAPrlOFAb
+PZlLDqr5+eDcr1cf0pksgW7fVE9NzTSmwjDFuEcPqJV62Ek=
+-----END CERTIFICATE-----
diff --git a/tests/keys/rsakey-win.p12 b/tests/keys/rsakey-win.p12
new file mode 100644
index 00000000..e0281f7d
--- /dev/null
+++ b/tests/keys/rsakey-win.p12
Binary files differ
diff --git a/tests/keys/rsakey-winxp.p12 b/tests/keys/rsakey-winxp.p12
new file mode 100644
index 00000000..3817a7e1
--- /dev/null
+++ b/tests/keys/rsakey-winxp.p12
Binary files differ
diff --git a/tests/keys/rsakey.der b/tests/keys/rsakey.der
new file mode 100644
index 00000000..6a844dbd
--- /dev/null
+++ b/tests/keys/rsakey.der
Binary files differ
diff --git a/tests/keys/rsakey.p12 b/tests/keys/rsakey.p12
new file mode 100644
index 00000000..2c6be5ed
--- /dev/null
+++ b/tests/keys/rsakey.p12
Binary files differ
diff --git a/tests/keys/rsakey.p8-der b/tests/keys/rsakey.p8-der
new file mode 100644
index 00000000..fed75a6e
--- /dev/null
+++ b/tests/keys/rsakey.p8-der
Binary files differ
diff --git a/tests/keys/rsakey.p8-pem b/tests/keys/rsakey.p8-pem
new file mode 100644
index 00000000..f31b10ff
--- /dev/null
+++ b/tests/keys/rsakey.p8-pem
@@ -0,0 +1,11 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIBgTAbBgkqhkiG9w0BBQMwDgQIEZ3kmUDSHvUCAggABIIBYPVfp9uKbSZ7fhvF
+8g5KVcikiKq1cVPUTg+9579/peIQtowRFAosI+MIAB+eTAyLSCtl7SetsuD/oykW
+nONRnjzKeuF2PgQj3AwtBVQtMD6z9hZoc+uTrp7t1J53SFhKpS2NCwzEb4VyE+Fy
+NpD2g30ccYmWkwWNOd9Z1kACnxRtaoGa5jj2Tim/Xz+okDeAR+TWt5vAh6K34Tfm
+ndmcWHbEEh7QTEXvzzgU0WMx1CA8hbMaRRBBoGbRecCLnQ0hBBeShP5cPkM6P0mY
+5ZIRBk68duKgZLchL3z9Mzy+faRKqusNod37L88PGDSkqjMIEbyQP33TwH5zCg4x
+Iu5H8TmPpWLefQi54XUH/xkdW0oX648hFflLDNrP9USeSVB0l4A+xEX2qL94Q6Ed
+SGFFLk+Fvwo+oPYPCJvYceHCBeuKatRX8CdsPTnkalnWMM5og4re6SyH96EAGVcK
+9Gr5OGI=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/keys/rsakey.pem b/tests/keys/rsakey.pem
new file mode 100644
index 00000000..8ea653ff
--- /dev/null
+++ b/tests/keys/rsakey.pem
@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBPAIBAAJBANPQbQ92nlbeg1Q5JNHSO1Yey46nZ7GJltLWw1ccSvp7pnvmfUm+
+M521CpFpfr4EAE3UVBMoU9j/hqq3dFAc2H0CAwEAAQJBALFVCjmsAZyQ5jqZLO5N
+qEfNuHZSSUol+xPBogFIOq3BWa269eNNcAK5or5g0XWWon7EPdyGT4qyDVH9KzXK
+RLECIQDzm/Nj0epUGN51/rKJgRXWkXW/nfSCMO9fvQR6Ujoq3wIhAN6WeHK9vgWg
+wBWqMdq5sR211+LlDH7rOUQ6rBpbsoQjAiEA7jzpfglgPPZFOOfo+oh/LuP6X3a+
+FER/FQXpRyb7M8kCIETUrwZ8WkiPPxbz/Fqw1W5kjw/g2I5e2uSYaCP2eyuVAiEA
+mOI6RhRyMqgxQyy0plJVjG1s4fdu92AWYy9AwYeyd/8=
+-----END RSA PRIVATE KEY-----
diff --git a/tests/merlin-c14n-three/Readme.txt b/tests/merlin-c14n-three/Readme.txt
new file mode 100644
index 00000000..fdef3efb
--- /dev/null
+++ b/tests/merlin-c14n-three/Readme.txt
@@ -0,0 +1,20 @@
+Signature[1] using Canonical XML[2] and Exclusive Canonical XML[3]
+
+[1] http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/
+[2] http://www.w3.org/TR/2001/REC-xml-c14n-20010315
+[3] http://www.w3.org/TR/2002/PR-xml-exc-c14n-20020524/
+
+. signature.xml - The signatures
+. c14n-*.xml - The intermediate c14n output
+
+This signature demonstrates canonicalization behaviour when
+parts of the namespace axis are excluded or included. The
+same examples are repeated for canonical XML, exclusive
+canonical XML and exclusive canonical XML with an inclusive
+namespace prefix list. Some examples repeat the same
+behaviour with different XPath expressions.
+
+Merlin Hughes <merlin@baltimore.ie>
+Baltimore Technologies, Ltd.
+
+Friday, May 31, 2002
diff --git a/tests/merlin-c14n-three/c14n-0.txt b/tests/merlin-c14n-three/c14n-0.txt
new file mode 100644
index 00000000..6bac93e4
--- /dev/null
+++ b/tests/merlin-c14n-three/c14n-0.txt
@@ -0,0 +1,15 @@
+<bar:Something xmlns="http://example.org/" xmlns:bar="http://example.org/bar" xmlns:baz="http://example.org/baz" xmlns:foo="http://example.org/foo" xml:lang="en-ie">
+ <foo:Nothing>
+ <foo:Something>
+ <bar:Something>
+ <foo:Something>
+ <foo:Nothing>
+ <foo:Something>
+ <baz:Something></baz:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </foo:Something>
+ </bar:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </bar:Something> \ No newline at end of file
diff --git a/tests/merlin-c14n-three/c14n-1.txt b/tests/merlin-c14n-three/c14n-1.txt
new file mode 100644
index 00000000..2bb5f06e
--- /dev/null
+++ b/tests/merlin-c14n-three/c14n-1.txt
@@ -0,0 +1,15 @@
+<bar:Something xmlns:bar="http://example.org/bar" xml:lang="en-ie">
+ <foo:Nothing>
+ <foo:Something xmlns:foo="http://example.org/foo">
+ <bar:Something xmlns:bar="http://example.org/bar">
+ <foo:Something xmlns:foo="http://example.org/foo">
+ <foo:Nothing>
+ <foo:Something xmlns:foo="http://example.org/foo">
+ <baz:Something xmlns:baz="http://example.org/baz"></baz:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </foo:Something>
+ </bar:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </bar:Something> \ No newline at end of file
diff --git a/tests/merlin-c14n-three/c14n-10.txt b/tests/merlin-c14n-three/c14n-10.txt
new file mode 100644
index 00000000..7a86b5e7
--- /dev/null
+++ b/tests/merlin-c14n-three/c14n-10.txt
@@ -0,0 +1,15 @@
+<bar:Something xmlns:bar="http://example.org/bar">
+ <foo:Nothing>
+ <foo:Something xmlns:foo="http://example.org/foo">
+ <bar:Something>
+ <foo:Something>
+ <foo:Nothing>
+ <foo:Something xmlns:foo="http://example.org/foo">
+ <baz:Something xmlns:baz="http://example.org/baz"></baz:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </foo:Something>
+ </bar:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </bar:Something> \ No newline at end of file
diff --git a/tests/merlin-c14n-three/c14n-11.txt b/tests/merlin-c14n-three/c14n-11.txt
new file mode 100644
index 00000000..1fcc3513
--- /dev/null
+++ b/tests/merlin-c14n-three/c14n-11.txt
@@ -0,0 +1,15 @@
+<bar:Something xmlns:bar="http://example.org/bar">
+ <foo:Nothing xmlns:foo="http://example.org/foo">
+ <foo:Something>
+ <bar:Something>
+ <foo:Something>
+ <foo:Nothing>
+ <foo:Something>
+ <baz:Something xmlns:baz="http://example.org/baz"></baz:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </foo:Something>
+ </bar:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </bar:Something> \ No newline at end of file
diff --git a/tests/merlin-c14n-three/c14n-12.txt b/tests/merlin-c14n-three/c14n-12.txt
new file mode 100644
index 00000000..afaa6a8c
--- /dev/null
+++ b/tests/merlin-c14n-three/c14n-12.txt
@@ -0,0 +1,15 @@
+<bar:Something xmlns:bar="http://example.org/bar">
+ <foo:Nothing xmlns:foo="http://example.org/foo">
+
+ <bar:Something>
+
+ <foo:Nothing>
+
+ <baz:Something xmlns:baz="http://example.org/baz"></baz:Something>
+
+ </foo:Nothing>
+
+ </bar:Something>
+
+ </foo:Nothing>
+ </bar:Something> \ No newline at end of file
diff --git a/tests/merlin-c14n-three/c14n-13.txt b/tests/merlin-c14n-three/c14n-13.txt
new file mode 100644
index 00000000..e8e07daa
--- /dev/null
+++ b/tests/merlin-c14n-three/c14n-13.txt
@@ -0,0 +1,15 @@
+<bar:Something>
+ <foo:Nothing>
+ <foo:Something>
+ <bar:Something>
+ <foo:Something>
+ <foo:Nothing>
+ <foo:Something>
+ <baz:Something></baz:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </foo:Something>
+ </bar:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </bar:Something> \ No newline at end of file
diff --git a/tests/merlin-c14n-three/c14n-14.txt b/tests/merlin-c14n-three/c14n-14.txt
new file mode 100644
index 00000000..e8e07daa
--- /dev/null
+++ b/tests/merlin-c14n-three/c14n-14.txt
@@ -0,0 +1,15 @@
+<bar:Something>
+ <foo:Nothing>
+ <foo:Something>
+ <bar:Something>
+ <foo:Something>
+ <foo:Nothing>
+ <foo:Something>
+ <baz:Something></baz:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </foo:Something>
+ </bar:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </bar:Something> \ No newline at end of file
diff --git a/tests/merlin-c14n-three/c14n-15.txt b/tests/merlin-c14n-three/c14n-15.txt
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/tests/merlin-c14n-three/c14n-15.txt
diff --git a/tests/merlin-c14n-three/c14n-16.txt b/tests/merlin-c14n-three/c14n-16.txt
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/tests/merlin-c14n-three/c14n-16.txt
diff --git a/tests/merlin-c14n-three/c14n-17.txt b/tests/merlin-c14n-three/c14n-17.txt
new file mode 100644
index 00000000..e8e07daa
--- /dev/null
+++ b/tests/merlin-c14n-three/c14n-17.txt
@@ -0,0 +1,15 @@
+<bar:Something>
+ <foo:Nothing>
+ <foo:Something>
+ <bar:Something>
+ <foo:Something>
+ <foo:Nothing>
+ <foo:Something>
+ <baz:Something></baz:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </foo:Something>
+ </bar:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </bar:Something> \ No newline at end of file
diff --git a/tests/merlin-c14n-three/c14n-18.txt b/tests/merlin-c14n-three/c14n-18.txt
new file mode 100644
index 00000000..e3c3ce55
--- /dev/null
+++ b/tests/merlin-c14n-three/c14n-18.txt
@@ -0,0 +1,15 @@
+<bar:Something xmlns="http://example.org/" xmlns:bar="http://example.org/bar">
+ <foo:Nothing xmlns:foo="http://example.org/foo">
+ <foo:Something>
+ <bar:Something>
+ <foo:Something>
+ <foo:Nothing>
+ <foo:Something>
+ <baz:Something xmlns:baz="http://example.org/baz"></baz:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </foo:Something>
+ </bar:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </bar:Something> \ No newline at end of file
diff --git a/tests/merlin-c14n-three/c14n-19.txt b/tests/merlin-c14n-three/c14n-19.txt
new file mode 100644
index 00000000..7a86b5e7
--- /dev/null
+++ b/tests/merlin-c14n-three/c14n-19.txt
@@ -0,0 +1,15 @@
+<bar:Something xmlns:bar="http://example.org/bar">
+ <foo:Nothing>
+ <foo:Something xmlns:foo="http://example.org/foo">
+ <bar:Something>
+ <foo:Something>
+ <foo:Nothing>
+ <foo:Something xmlns:foo="http://example.org/foo">
+ <baz:Something xmlns:baz="http://example.org/baz"></baz:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </foo:Something>
+ </bar:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </bar:Something> \ No newline at end of file
diff --git a/tests/merlin-c14n-three/c14n-2.txt b/tests/merlin-c14n-three/c14n-2.txt
new file mode 100644
index 00000000..dfacdb4b
--- /dev/null
+++ b/tests/merlin-c14n-three/c14n-2.txt
@@ -0,0 +1,15 @@
+<bar:Something xmlns:bar="http://example.org/bar" xml:lang="en-ie">
+ <foo:Nothing xmlns:foo="http://example.org/foo">
+ <foo:Something>
+ <bar:Something xmlns:bar="http://example.org/bar">
+ <foo:Something xmlns:foo="http://example.org/foo">
+ <foo:Nothing>
+ <foo:Something>
+ <baz:Something xmlns:baz="http://example.org/baz"></baz:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </foo:Something>
+ </bar:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </bar:Something> \ No newline at end of file
diff --git a/tests/merlin-c14n-three/c14n-20.txt b/tests/merlin-c14n-three/c14n-20.txt
new file mode 100644
index 00000000..1fcc3513
--- /dev/null
+++ b/tests/merlin-c14n-three/c14n-20.txt
@@ -0,0 +1,15 @@
+<bar:Something xmlns:bar="http://example.org/bar">
+ <foo:Nothing xmlns:foo="http://example.org/foo">
+ <foo:Something>
+ <bar:Something>
+ <foo:Something>
+ <foo:Nothing>
+ <foo:Something>
+ <baz:Something xmlns:baz="http://example.org/baz"></baz:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </foo:Something>
+ </bar:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </bar:Something> \ No newline at end of file
diff --git a/tests/merlin-c14n-three/c14n-21.txt b/tests/merlin-c14n-three/c14n-21.txt
new file mode 100644
index 00000000..afaa6a8c
--- /dev/null
+++ b/tests/merlin-c14n-three/c14n-21.txt
@@ -0,0 +1,15 @@
+<bar:Something xmlns:bar="http://example.org/bar">
+ <foo:Nothing xmlns:foo="http://example.org/foo">
+
+ <bar:Something>
+
+ <foo:Nothing>
+
+ <baz:Something xmlns:baz="http://example.org/baz"></baz:Something>
+
+ </foo:Nothing>
+
+ </bar:Something>
+
+ </foo:Nothing>
+ </bar:Something> \ No newline at end of file
diff --git a/tests/merlin-c14n-three/c14n-22.txt b/tests/merlin-c14n-three/c14n-22.txt
new file mode 100644
index 00000000..e8e07daa
--- /dev/null
+++ b/tests/merlin-c14n-three/c14n-22.txt
@@ -0,0 +1,15 @@
+<bar:Something>
+ <foo:Nothing>
+ <foo:Something>
+ <bar:Something>
+ <foo:Something>
+ <foo:Nothing>
+ <foo:Something>
+ <baz:Something></baz:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </foo:Something>
+ </bar:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </bar:Something> \ No newline at end of file
diff --git a/tests/merlin-c14n-three/c14n-23.txt b/tests/merlin-c14n-three/c14n-23.txt
new file mode 100644
index 00000000..e8e07daa
--- /dev/null
+++ b/tests/merlin-c14n-three/c14n-23.txt
@@ -0,0 +1,15 @@
+<bar:Something>
+ <foo:Nothing>
+ <foo:Something>
+ <bar:Something>
+ <foo:Something>
+ <foo:Nothing>
+ <foo:Something>
+ <baz:Something></baz:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </foo:Something>
+ </bar:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </bar:Something> \ No newline at end of file
diff --git a/tests/merlin-c14n-three/c14n-24.txt b/tests/merlin-c14n-three/c14n-24.txt
new file mode 100644
index 00000000..50dc4231
--- /dev/null
+++ b/tests/merlin-c14n-three/c14n-24.txt
@@ -0,0 +1 @@
+ xmlns="http://example.org/" xmlns="http://example.org/" xmlns="http://example.org/" xmlns="http://example.org/" xmlns="http://example.org/" xmlns="http://example.org/" xmlns="http://example.org/" xmlns="http://example.org/" \ No newline at end of file
diff --git a/tests/merlin-c14n-three/c14n-25.txt b/tests/merlin-c14n-three/c14n-25.txt
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/tests/merlin-c14n-three/c14n-25.txt
diff --git a/tests/merlin-c14n-three/c14n-26.txt b/tests/merlin-c14n-three/c14n-26.txt
new file mode 100644
index 00000000..19c70cb0
--- /dev/null
+++ b/tests/merlin-c14n-three/c14n-26.txt
@@ -0,0 +1,15 @@
+<bar:Something>
+ <foo:Nothing xmlns="http://example.org/">
+ <foo:Something xmlns="">
+ <bar:Something xmlns="http://example.org/">
+ <foo:Something xmlns="">
+ <foo:Nothing xmlns="http://example.org/">
+ <foo:Something xmlns="">
+ <baz:Something xmlns="http://example.org/"></baz:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </foo:Something>
+ </bar:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </bar:Something> \ No newline at end of file
diff --git a/tests/merlin-c14n-three/c14n-27.txt b/tests/merlin-c14n-three/c14n-27.txt
new file mode 100644
index 00000000..117f21a7
--- /dev/null
+++ b/tests/merlin-c14n-three/c14n-27.txt
@@ -0,0 +1,430 @@
+<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:bar="http://example.org/bar" xmlns:baz="http://example.org/baz" xmlns:foo="http://example.org/foo" xml:lang="en-ie">
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod>
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"></SignatureMethod>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something
+ </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
+ <DigestValue>zDcKZDPIDity6ezoUjjYh5l5HD8=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ ((name() != "bar") or parent::bar:Something) and
+ ((name() != "foo") or parent::foo:Something) and
+ ((name() != "baz") or parent::baz:Something) and
+ ((name() != "") or self::text())
+ </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
+ <DigestValue>c6/BJXIi3MjZG8+1xfVv0U0OF/s=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (self::text() or
+ (namespace-uri() != "") or
+ (string(self::node()) = namespace-uri(parent::node())))
+ </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
+ <DigestValue>jT1amifr+CPI+9DdvhzLAJhMggs=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ not (self::foo:Something) and
+ (self::text() or
+ (namespace-uri() != "") or
+ (string(self::node()) = namespace-uri(parent::node())))
+ </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
+ <DigestValue>rwkxkAxYpYzu6x85sa2RgCWmn2Q=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (count(parent::node()/namespace::*) !=
+ count(parent::node()/namespace::* | self::node()))
+ </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
+ <DigestValue>wH13J/+xZdks1qYv5s8oQD1u4PE=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (self::text() or
+ (namespace-uri() != ""))
+ </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
+ <DigestValue>wH13J/+xZdks1qYv5s8oQD1u4PE=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (count(parent::node()/namespace::*) =
+ count(parent::node()/namespace::* | self::node()))
+ </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
+ <DigestValue>TYZShIzLB4+/2u+yVB7OocXtWyI=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (string(self::node()) = namespace-uri(parent::node()))
+ </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
+ <DigestValue>EhCKd+AMiKcL/i41otNu2FnO+/s=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (self::text() or
+ (namespace-uri() != "") or
+ ((name() = "") and
+ ((count(ancestor-or-self::node()) mod 2) = 1)))
+ </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
+ <DigestValue>5oWfKR+g5kK86E3FRTBck+R/BQ0=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
+ <DigestValue>uKgNnJZ4MvqphhpPjor3iChHsQQ=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ ((name() != "bar") or parent::bar:Something) and
+ ((name() != "foo") or parent::foo:Something) and
+ ((name() != "baz") or parent::baz:Something) and
+ ((name() != "") or self::text())
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
+ <DigestValue>PMxe5U6Yzpybj86NXLeXND6J7z8=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (self::text() or
+ (namespace-uri() != "") or
+ (string(self::node()) = namespace-uri(parent::node())))
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
+ <DigestValue>uKgNnJZ4MvqphhpPjor3iChHsQQ=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ not (self::foo:Something) and
+ (self::text() or
+ (namespace-uri() != "") or
+ (string(self::node()) = namespace-uri(parent::node())))
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
+ <DigestValue>8yo+TMHoDprtw3V8HBuaX7I2eYA=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (count(parent::node()/namespace::*) !=
+ count(parent::node()/namespace::* | self::node()))
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
+ <DigestValue>yFhy1S9CS8j2bPAgM43KZcSX8Us=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (self::text() or
+ (namespace-uri() != ""))
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
+ <DigestValue>yFhy1S9CS8j2bPAgM43KZcSX8Us=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (count(parent::node()/namespace::*) =
+ count(parent::node()/namespace::* | self::node()))
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
+ <DigestValue>2jmj7l5rSw0yVb/vlWAYkK/YBwk=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (string(self::node()) = namespace-uri(parent::node()))
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
+ <DigestValue>2jmj7l5rSw0yVb/vlWAYkK/YBwk=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (self::text() or
+ (namespace-uri() != "") or
+ ((name() = "") and
+ ((count(ancestor-or-self::node()) mod 2) = 1)))
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
+ <DigestValue>yFhy1S9CS8j2bPAgM43KZcSX8Us=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+ <InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default"></InclusiveNamespaces>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
+ <DigestValue>K5OrULSkVjkuQd85gxbrkcowg60=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ ((name() != "bar") or parent::bar:Something) and
+ ((name() != "foo") or parent::foo:Something) and
+ ((name() != "baz") or parent::baz:Something) and
+ ((name() != "") or self::text())
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+ <InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default"></InclusiveNamespaces>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
+ <DigestValue>PMxe5U6Yzpybj86NXLeXND6J7z8=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (self::text() or
+ (namespace-uri() != "") or
+ (string(self::node()) = namespace-uri(parent::node())))
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+ <InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default"></InclusiveNamespaces>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
+ <DigestValue>uKgNnJZ4MvqphhpPjor3iChHsQQ=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ not (self::foo:Something) and
+ (self::text() or
+ (namespace-uri() != "") or
+ (string(self::node()) = namespace-uri(parent::node())))
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+ <InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default"></InclusiveNamespaces>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
+ <DigestValue>8yo+TMHoDprtw3V8HBuaX7I2eYA=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (count(parent::node()/namespace::*) !=
+ count(parent::node()/namespace::* | self::node()))
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+ <InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default"></InclusiveNamespaces>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
+ <DigestValue>yFhy1S9CS8j2bPAgM43KZcSX8Us=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (self::text() or
+ (namespace-uri() != ""))
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+ <InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default"></InclusiveNamespaces>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
+ <DigestValue>yFhy1S9CS8j2bPAgM43KZcSX8Us=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (count(parent::node()/namespace::*) =
+ count(parent::node()/namespace::* | self::node()))
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+ <InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default"></InclusiveNamespaces>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
+ <DigestValue>9nKcDwpjNsAMgP+d+YYSVix6DG0=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (string(self::node()) = namespace-uri(parent::node()))
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+ <InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default"></InclusiveNamespaces>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
+ <DigestValue>2jmj7l5rSw0yVb/vlWAYkK/YBwk=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (self::text() or
+ (namespace-uri() != "") or
+ ((name() = "") and
+ ((count(ancestor-or-self::node()) mod 2) = 1)))
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+ <InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default"></InclusiveNamespaces>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
+ <DigestValue>CwltHOmCf0tFSyrqRDYQNFT4eo8=</DigestValue>
+ </Reference>
+ </SignedInfo> \ No newline at end of file
diff --git a/tests/merlin-c14n-three/c14n-3.txt b/tests/merlin-c14n-three/c14n-3.txt
new file mode 100644
index 00000000..fe106675
--- /dev/null
+++ b/tests/merlin-c14n-three/c14n-3.txt
@@ -0,0 +1,15 @@
+<bar:Something xmlns:bar="http://example.org/bar" xml:lang="en-ie">
+ <foo:Nothing xmlns:foo="http://example.org/foo">
+
+ <bar:Something xmlns:bar="http://example.org/bar" xml:lang="en-ie">
+ xmlns:foo="http://example.org/foo"
+ <foo:Nothing xmlns:foo="http://example.org/foo" xml:lang="en-ie">
+
+ <baz:Something xmlns:baz="http://example.org/baz" xml:lang="en-ie"></baz:Something>
+
+ </foo:Nothing>
+
+ </bar:Something>
+
+ </foo:Nothing>
+ </bar:Something> \ No newline at end of file
diff --git a/tests/merlin-c14n-three/c14n-4.txt b/tests/merlin-c14n-three/c14n-4.txt
new file mode 100644
index 00000000..bf97f5e7
--- /dev/null
+++ b/tests/merlin-c14n-three/c14n-4.txt
@@ -0,0 +1,15 @@
+<bar:Something xml:lang="en-ie">
+ <foo:Nothing>
+ <foo:Something>
+ <bar:Something>
+ <foo:Something>
+ <foo:Nothing>
+ <foo:Something>
+ <baz:Something></baz:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </foo:Something>
+ </bar:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </bar:Something> \ No newline at end of file
diff --git a/tests/merlin-c14n-three/c14n-5.txt b/tests/merlin-c14n-three/c14n-5.txt
new file mode 100644
index 00000000..bf97f5e7
--- /dev/null
+++ b/tests/merlin-c14n-three/c14n-5.txt
@@ -0,0 +1,15 @@
+<bar:Something xml:lang="en-ie">
+ <foo:Nothing>
+ <foo:Something>
+ <bar:Something>
+ <foo:Something>
+ <foo:Nothing>
+ <foo:Something>
+ <baz:Something></baz:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </foo:Something>
+ </bar:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </bar:Something> \ No newline at end of file
diff --git a/tests/merlin-c14n-three/c14n-6.txt b/tests/merlin-c14n-three/c14n-6.txt
new file mode 100644
index 00000000..eef68d40
--- /dev/null
+++ b/tests/merlin-c14n-three/c14n-6.txt
@@ -0,0 +1 @@
+ xmlns="http://example.org/" xmlns:bar="http://example.org/bar" xmlns:baz="http://example.org/baz" xmlns:foo="http://example.org/foo" xmlns="http://example.org/" xmlns:bar="http://example.org/bar" xmlns:baz="http://example.org/baz" xmlns:foo="http://example.org/foo" xmlns="http://example.org/" xmlns:bar="http://example.org/bar" xmlns:baz="http://example.org/baz" xmlns:foo="http://example.org/foo" xmlns="http://example.org/" xmlns:bar="http://example.org/bar" xmlns:baz="http://example.org/baz" xmlns:foo="http://example.org/foo" xmlns="http://example.org/" xmlns:bar="http://example.org/bar" xmlns:baz="http://example.org/baz" xmlns:foo="http://example.org/foo" xmlns="http://example.org/" xmlns:bar="http://example.org/bar" xmlns:baz="http://example.org/baz" xmlns:foo="http://example.org/foo" xmlns="http://example.org/" xmlns:bar="http://example.org/bar" xmlns:baz="http://example.org/baz" xmlns:foo="http://example.org/foo" xmlns="http://example.org/" xmlns:bar="http://example.org/bar" xmlns:baz="http://example.org/baz" xmlns:foo="http://example.org/foo" \ No newline at end of file
diff --git a/tests/merlin-c14n-three/c14n-7.txt b/tests/merlin-c14n-three/c14n-7.txt
new file mode 100644
index 00000000..6644ce3e
--- /dev/null
+++ b/tests/merlin-c14n-three/c14n-7.txt
@@ -0,0 +1 @@
+ xmlns:bar="http://example.org/bar" xmlns:foo="http://example.org/foo" xmlns:foo="http://example.org/foo" xmlns:bar="http://example.org/bar" xmlns:foo="http://example.org/foo" xmlns:foo="http://example.org/foo" xmlns:foo="http://example.org/foo" xmlns:baz="http://example.org/baz" \ No newline at end of file
diff --git a/tests/merlin-c14n-three/c14n-8.txt b/tests/merlin-c14n-three/c14n-8.txt
new file mode 100644
index 00000000..2c4ed848
--- /dev/null
+++ b/tests/merlin-c14n-three/c14n-8.txt
@@ -0,0 +1,15 @@
+<bar:Something xml:lang="en-ie">
+ <foo:Nothing xmlns="http://example.org/">
+ <foo:Something xmlns="">
+ <bar:Something xmlns="http://example.org/">
+ <foo:Something xmlns="">
+ <foo:Nothing xmlns="http://example.org/">
+ <foo:Something xmlns="">
+ <baz:Something xmlns="http://example.org/"></baz:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </foo:Something>
+ </bar:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </bar:Something> \ No newline at end of file
diff --git a/tests/merlin-c14n-three/c14n-9.txt b/tests/merlin-c14n-three/c14n-9.txt
new file mode 100644
index 00000000..1fcc3513
--- /dev/null
+++ b/tests/merlin-c14n-three/c14n-9.txt
@@ -0,0 +1,15 @@
+<bar:Something xmlns:bar="http://example.org/bar">
+ <foo:Nothing xmlns:foo="http://example.org/foo">
+ <foo:Something>
+ <bar:Something>
+ <foo:Something>
+ <foo:Nothing>
+ <foo:Something>
+ <baz:Something xmlns:baz="http://example.org/baz"></baz:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </foo:Something>
+ </bar:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </bar:Something> \ No newline at end of file
diff --git a/tests/merlin-c14n-three/signature.xml b/tests/merlin-c14n-three/signature.xml
new file mode 100644
index 00000000..a344404e
--- /dev/null
+++ b/tests/merlin-c14n-three/signature.xml
@@ -0,0 +1,526 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<foo:Root xmlns:bar="http://example.org/bar" xmlns:baz="http://example.org/baz" xmlns:foo="http://example.org/foo" xmlns="http://example.org/" xml:lang="en-ie">
+ <bar:Something>
+ <foo:Nothing>
+ <foo:Something>
+ <bar:Something>
+ <foo:Something>
+ <foo:Nothing>
+ <foo:Something>
+ <baz:Something />
+ </foo:Something>
+ </foo:Nothing>
+ </foo:Something>
+ </bar:Something>
+ </foo:Something>
+ </foo:Nothing>
+ </bar:Something>
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something
+ </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>zDcKZDPIDity6ezoUjjYh5l5HD8=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ ((name() != "bar") or parent::bar:Something) and
+ ((name() != "foo") or parent::foo:Something) and
+ ((name() != "baz") or parent::baz:Something) and
+ ((name() != "") or self::text())
+ </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>c6/BJXIi3MjZG8+1xfVv0U0OF/s=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (self::text() or
+ (namespace-uri() != "") or
+ (string(self::node()) = namespace-uri(parent::node())))
+ </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>jT1amifr+CPI+9DdvhzLAJhMggs=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ not (self::foo:Something) and
+ (self::text() or
+ (namespace-uri() != "") or
+ (string(self::node()) = namespace-uri(parent::node())))
+ </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>rwkxkAxYpYzu6x85sa2RgCWmn2Q=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (count(parent::node()/namespace::*) !=
+ count(parent::node()/namespace::* | self::node()))
+ </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>wH13J/+xZdks1qYv5s8oQD1u4PE=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (self::text() or
+ (namespace-uri() != ""))
+ </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>wH13J/+xZdks1qYv5s8oQD1u4PE=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (count(parent::node()/namespace::*) =
+ count(parent::node()/namespace::* | self::node()))
+ </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>TYZShIzLB4+/2u+yVB7OocXtWyI=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (string(self::node()) = namespace-uri(parent::node()))
+ </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>EhCKd+AMiKcL/i41otNu2FnO+/s=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (self::text() or
+ (namespace-uri() != "") or
+ ((name() = "") and
+ ((count(ancestor-or-self::node()) mod 2) = 1)))
+ </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>5oWfKR+g5kK86E3FRTBck+R/BQ0=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>uKgNnJZ4MvqphhpPjor3iChHsQQ=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ ((name() != "bar") or parent::bar:Something) and
+ ((name() != "foo") or parent::foo:Something) and
+ ((name() != "baz") or parent::baz:Something) and
+ ((name() != "") or self::text())
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>PMxe5U6Yzpybj86NXLeXND6J7z8=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (self::text() or
+ (namespace-uri() != "") or
+ (string(self::node()) = namespace-uri(parent::node())))
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>uKgNnJZ4MvqphhpPjor3iChHsQQ=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ not (self::foo:Something) and
+ (self::text() or
+ (namespace-uri() != "") or
+ (string(self::node()) = namespace-uri(parent::node())))
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>8yo+TMHoDprtw3V8HBuaX7I2eYA=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (count(parent::node()/namespace::*) !=
+ count(parent::node()/namespace::* | self::node()))
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>yFhy1S9CS8j2bPAgM43KZcSX8Us=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (self::text() or
+ (namespace-uri() != ""))
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>yFhy1S9CS8j2bPAgM43KZcSX8Us=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (count(parent::node()/namespace::*) =
+ count(parent::node()/namespace::* | self::node()))
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>2jmj7l5rSw0yVb/vlWAYkK/YBwk=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (string(self::node()) = namespace-uri(parent::node()))
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>2jmj7l5rSw0yVb/vlWAYkK/YBwk=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (self::text() or
+ (namespace-uri() != "") or
+ ((name() = "") and
+ ((count(ancestor-or-self::node()) mod 2) = 1)))
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>yFhy1S9CS8j2bPAgM43KZcSX8Us=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+ <InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default" />
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>K5OrULSkVjkuQd85gxbrkcowg60=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ ((name() != "bar") or parent::bar:Something) and
+ ((name() != "foo") or parent::foo:Something) and
+ ((name() != "baz") or parent::baz:Something) and
+ ((name() != "") or self::text())
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+ <InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default" />
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>PMxe5U6Yzpybj86NXLeXND6J7z8=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (self::text() or
+ (namespace-uri() != "") or
+ (string(self::node()) = namespace-uri(parent::node())))
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+ <InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default" />
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>uKgNnJZ4MvqphhpPjor3iChHsQQ=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ not (self::foo:Something) and
+ (self::text() or
+ (namespace-uri() != "") or
+ (string(self::node()) = namespace-uri(parent::node())))
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+ <InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default" />
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>8yo+TMHoDprtw3V8HBuaX7I2eYA=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (count(parent::node()/namespace::*) !=
+ count(parent::node()/namespace::* | self::node()))
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+ <InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default" />
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>yFhy1S9CS8j2bPAgM43KZcSX8Us=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (self::text() or
+ (namespace-uri() != ""))
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+ <InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default" />
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>yFhy1S9CS8j2bPAgM43KZcSX8Us=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (count(parent::node()/namespace::*) =
+ count(parent::node()/namespace::* | self::node()))
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+ <InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default" />
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>9nKcDwpjNsAMgP+d+YYSVix6DG0=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (string(self::node()) = namespace-uri(parent::node()))
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+ <InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default" />
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>2jmj7l5rSw0yVb/vlWAYkK/YBwk=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+
+ ancestor-or-self::bar:Something and
+ (self::text() or
+ (namespace-uri() != "") or
+ ((name() = "") and
+ ((count(ancestor-or-self::node()) mod 2) = 1)))
+ </XPath>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+ <InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="#default" />
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>CwltHOmCf0tFSyrqRDYQNFT4eo8=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ N6aqg79OKMQzkU7uTHRmn4ryplhaTh0OFlCRqa/rS+pUBV6M8nTX5A==
+ </SignatureValue>
+ <KeyInfo>
+ <KeyValue>
+ <DSAKeyValue>
+ <P>
+ 3eOeAvqnEyFpW+uTSgrdj7YLjaTkpyHecKFIoLu8QZNkGTQI1ciITBH0lqfIkdCH
+ Si8fiUC3DTq3J9FsJef4YVtDF7JpUvHTOQqtq7Zgx6KC8Wxkz6rQCxOr7F0ApOYi
+ 89zLRoe4MkDGe6ux0+WtyOTQoVIGNTDDUFXrUQNbLrE=
+ </P>
+ <Q>hDLcFK0GO/Hz1arxOOvsgM/VLyU=</Q>
+ <G>
+ nnx7hbdWozGbtnFgnbFnopfRl7XRacpkPJRGf5P2IUgVspEUSUoN6i1fDBfBg43z
+ Kt7dlEaQL7b5+JTZt3MhZNPosxsgxVuT7Ts/g5k7EnpdYv0a5hw5Bw29fjbGHfgM
+ 8d2rhd2Ui0xHbk0D451nhLxVWulviOSPhzKKvXrbySA=
+ </G>
+ <Y>
+ cfYpihpAQeepbNFS4MAbQRhdXpDi5wLrwxE5hIvoYqo1L8BQVu8fY1TFAPtoae1i
+ Bg/GIJyP3iLfyuBJaDvJJLP30wBH9i/s5J3656PevpOVdTfi777Fi9Gj6y/ib2Vv
+ +OZfJkkp4L50+p5TUhPmQLJtREsgtl+tnIOyJT++G9U=
+ </Y>
+ </DSAKeyValue>
+ </KeyValue>
+ <X509Data>
+ <X509SubjectName>
+ CN=Merlin Hughes,OU=X/Secure,O=Baltimore Technologies Ltd.,ST=Dublin,C=IE
+ </X509SubjectName>
+ <X509IssuerSerial>
+ <X509IssuerName>
+ CN=Transient CA,OU=X/Secure,O=Baltimore Technologies Ltd.,ST=Dublin,C=IE
+ </X509IssuerName>
+ <X509SerialNumber>1017788370348</X509SerialNumber>
+ </X509IssuerSerial>
+ <X509Certificate>
+ MIIDUDCCAxCgAwIBAgIGAOz46g2sMAkGByqGSM44BAMwbjELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEVMBMGA1UEAxMMVHJhbnNpZW50IENB
+ MB4XDTAyMDQwMjIyNTkzMFoXDTEyMDQwMjIxNTkyNVowbzELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEWMBQGA1UEAxMNTWVybGluIEh1Z2hl
+ czCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQDd454C+qcTIWlb65NKCt2PtguNpOSn
+ Id5woUigu7xBk2QZNAjVyIhMEfSWp8iR0IdKLx+JQLcNOrcn0Wwl5/hhW0MXsmlS
+ 8dM5Cq2rtmDHooLxbGTPqtALE6vsXQCk5iLz3MtGh7gyQMZ7q7HT5a3I5NChUgY1
+ MMNQVetRA1susQIVAIQy3BStBjvx89Wq8Tjr7IDP1S8lAoGBAJ58e4W3VqMxm7Zx
+ YJ2xZ6KX0Ze10WnKZDyURn+T9iFIFbKRFElKDeotXwwXwYON8yre3ZRGkC+2+fiU
+ 2bdzIWTT6LMbIMVbk+07P4OZOxJ6XWL9GuYcOQcNvX42xh34DPHdq4XdlItMR25N
+ A+OdZ4S8VVrpb4jkj4cyir1628kgA4GEAAKBgHH2KYoaQEHnqWzRUuDAG0EYXV6Q
+ 4ucC68MROYSL6GKqNS/AUFbvH2NUxQD7aGntYgYPxiCcj94i38rgSWg7ySSz99MA
+ R/Yv7OSd+uej3r6TlXU34u++xYvRo+sv4m9lb/jmXyZJKeC+dPqeU1IT5kCybURL
+ ILZfrZyDsiU/vhvVozowODAOBgNVHQ8BAf8EBAMCB4AwEQYDVR0OBAoECIatY7SE
+ lXEOMBMGA1UdIwQMMAqACIOGPkB2MuKTMAkGByqGSM44BAMDLwAwLAIUSvT02iQj
+ Q5da4Wpe0Bvs7GuCcVsCFCEcQpbjUfnxXFXNWiFyQ49ZrWqn
+ </X509Certificate>
+ <X509Certificate>
+ MIIDSzCCAwugAwIBAgIGAOz46fwJMAkGByqGSM44BAMwbjELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEVMBMGA1UEAxMMVHJhbnNpZW50IENB
+ MB4XDTAyMDQwMjIyNTkyNVoXDTEyMDQwMjIxNTkyNVowbjELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEVMBMGA1UEAxMMVHJhbnNpZW50IENB
+ MIIBtzCCASwGByqGSM44BAEwggEfAoGBAN3jngL6pxMhaVvrk0oK3Y+2C42k5Kch
+ 3nChSKC7vEGTZBk0CNXIiEwR9JanyJHQh0ovH4lAtw06tyfRbCXn+GFbQxeyaVLx
+ 0zkKrau2YMeigvFsZM+q0AsTq+xdAKTmIvPcy0aHuDJAxnursdPlrcjk0KFSBjUw
+ w1BV61EDWy6xAhUAhDLcFK0GO/Hz1arxOOvsgM/VLyUCgYEAnnx7hbdWozGbtnFg
+ nbFnopfRl7XRacpkPJRGf5P2IUgVspEUSUoN6i1fDBfBg43zKt7dlEaQL7b5+JTZ
+ t3MhZNPosxsgxVuT7Ts/g5k7EnpdYv0a5hw5Bw29fjbGHfgM8d2rhd2Ui0xHbk0D
+ 451nhLxVWulviOSPhzKKvXrbySADgYQAAoGAfag+HCABIJadDD9Aarhgc2QR3Lp7
+ PpMOh0lAwLiIsvkO4UlbeOS0IJC8bcqLjM1fVw6FGSaxmq+4y1ag2m9k6IdE0Qh5
+ NxB/xFkmdwqXFRIJVp44OeUygB47YK76NmUIYG3DdfiPPU3bqzjvtOtETiCHvo25
+ 4D6UjwPpYErXRUajNjA0MA4GA1UdDwEB/wQEAwICBDAPBgNVHRMECDAGAQH/AgEA
+ MBEGA1UdDgQKBAiDhj5AdjLikzAJBgcqhkjOOAQDAy8AMCwCFELu0nuweqW7Wf0s
+ gk/CAGGL0BGKAhRNdgQGr5iyZKoH4oqPm0VJ9TjXLg==
+ </X509Certificate>
+ </X509Data>
+ </KeyInfo>
+ </Signature>
+</foo:Root>
diff --git a/tests/merlin-exc-c14n-one/Readme.txt b/tests/merlin-exc-c14n-one/Readme.txt
new file mode 100644
index 00000000..1ba1cd92
--- /dev/null
+++ b/tests/merlin-exc-c14n-one/Readme.txt
@@ -0,0 +1,3 @@
+untested exclusive c14n example signature + c14n output
+merlin@baltimore.ie
+mon jan 14 2002
diff --git a/tests/merlin-exc-c14n-one/exc-signature.tmpl b/tests/merlin-exc-c14n-one/exc-signature.tmpl
new file mode 100644
index 00000000..7b635ae0
--- /dev/null
+++ b/tests/merlin-exc-c14n-one/exc-signature.tmpl
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Foo xmlns:bar="urn:bar" xmlns="urn:foo" xml:space="preserve">
+ <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:SignedInfo>
+ <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <dsig:Reference URI="#xpointer(id('to-be-signed'))">
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <dsig:DigestValue></dsig:DigestValue>
+ </dsig:Reference>
+ <dsig:Reference URI="#xpointer(id('to-be-signed'))">
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+ <InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="bar #default" />
+ </dsig:Transform>
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <dsig:DigestValue></dsig:DigestValue>
+ </dsig:Reference>
+ <dsig:Reference URI="#xpointer(id('to-be-signed'))">
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" />
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <dsig:DigestValue></dsig:DigestValue>
+ </dsig:Reference>
+ <dsig:Reference URI="#xpointer(id('to-be-signed'))">
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments">
+ <InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="bar #default" />
+ </dsig:Transform>
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <dsig:DigestValue></dsig:DigestValue>
+ </dsig:Reference>
+ </dsig:SignedInfo>
+ <dsig:SignatureValue>
+ </dsig:SignatureValue>
+ <dsig:KeyInfo>
+ <dsig:KeyValue>
+ </dsig:KeyValue>
+ </dsig:KeyInfo>
+ <dsig:Object Id="to-be-signed">
+ <bar:Baz>
+ <!-- comment -->
+ </bar:Baz>
+ </dsig:Object>
+ </dsig:Signature>
+</Foo>
diff --git a/tests/merlin-exc-c14n-one/exc-signature.xml b/tests/merlin-exc-c14n-one/exc-signature.xml
new file mode 100644
index 00000000..e805940b
--- /dev/null
+++ b/tests/merlin-exc-c14n-one/exc-signature.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Foo xmlns:bar="urn:bar" xmlns="urn:foo" xml:space="preserve">
+ <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:SignedInfo>
+ <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <dsig:Reference URI="#xpointer(id('to-be-signed'))">
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <dsig:DigestValue>7yOTjUu+9oEhShgyIIXDLjQ08aY=</dsig:DigestValue>
+ </dsig:Reference>
+ <dsig:Reference URI="#xpointer(id('to-be-signed'))">
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
+ <InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="bar #default" />
+ </dsig:Transform>
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <dsig:DigestValue>09xMy0RTQM1Q91demYe/0F6AGXo=</dsig:DigestValue>
+ </dsig:Reference>
+ <dsig:Reference URI="#xpointer(id('to-be-signed'))">
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" />
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <dsig:DigestValue>ZQH+SkCN8c5y0feAr+aRTZDwyvY=</dsig:DigestValue>
+ </dsig:Reference>
+ <dsig:Reference URI="#xpointer(id('to-be-signed'))">
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments">
+ <InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="bar #default" />
+ </dsig:Transform>
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <dsig:DigestValue>a1cTqBgbqpUt6bMJN4C6zFtnoyo=</dsig:DigestValue>
+ </dsig:Reference>
+ </dsig:SignedInfo>
+ <dsig:SignatureValue>
+ Kv1e7Kjhz4gFtOZKgvC5cLYtMQNIn99fyLBa6D//bBokTxTUEkMwaA==
+ </dsig:SignatureValue>
+ <dsig:KeyInfo>
+ <dsig:KeyValue>
+ <dsig:DSAKeyValue>
+ <dsig:P>
+ 8FkJgwdyizV5Vd0m6DA/DZsdweJdnkueYVUd7L8aA4JpZxrlCI/M7mDE/OGhEhgB
+ nFzSTrBjSFpT7DG66uy7oJeE+RgkXO7EWWOEglMPwaZgGgi1oZarv95VOx3uO8W8
+ L7+S/3AuHNUZQD4b5bpdYAmjXFwz6dl0mKiXAvVuP9E=
+ </dsig:P>
+ <dsig:Q>
+ mFf8DiMVNFXy0vag9oNGNW/g4u0=
+ </dsig:Q>
+ <dsig:G>
+ g8gRdNlq9EOTR2TjmVApqCAZAq3jEjOIxXbs8JBiZ+U7dV9geeXEy13GbYoP23Qr
+ apZQo+35diw+cMYPHjN+iUCwUkiGWv7/piAK+Ootfw03etL8XiVWjtL5NBof2CNp
+ wmAw7mrwmNG092y1e6HXSGMMZpaoth/P8xhsxCQsqI8=
+ </dsig:G>
+ <dsig:Y>
+ j0V14dc/I+okDAeG4ZbWUzb3HTFkEOC6feOMo5Dk218GcPqEKroVHaDBF9CmRV1v
+ B8MUOExB+6ZNHfcs5Vaw0HVn62YiEBzrmKikx6SxO4Dg9L8I5WbHn37vxUKvHs8r
+ 7+rma3kpZQftTMiBpJ8XK8Z6jg8VhuJqo9yZZO+p3I0=
+ </dsig:Y>
+ </dsig:DSAKeyValue>
+ </dsig:KeyValue>
+ </dsig:KeyInfo>
+ <dsig:Object Id="to-be-signed">
+ <bar:Baz>
+ <!-- comment -->
+ </bar:Baz>
+ </dsig:Object>
+ </dsig:Signature>
+</Foo>
diff --git a/tests/merlin-xmldsig-twenty-three/Readme.txt b/tests/merlin-xmldsig-twenty-three/Readme.txt
new file mode 100644
index 00000000..37e9d88f
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/Readme.txt
@@ -0,0 +1,63 @@
+Sample XML Signatures[1][2]
+
+[1] http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/
+[2] http://www.w3.org/TR/2001/REC-xml-c14n-20010315
+
+1. A large and complex signature:
+
+This includes internal and external base 64, references of the forms
+"", "#xpointer(/)", "#foo" and "#xpointer(id('foo'))" (with and
+without comments), manifests, signature properties, simple xpath
+with here(), xslt, retrieval method and odd interreferential
+dependencies.
+
+ signature.xml - A signature
+ signature.tmpl - The template from which the signature was created
+ signature-c14n-*.txt - All intermediate c14n output
+
+2. Some basic signatures:
+
+The key for the HMAC-SHA1 signatures is "secret".getBytes("ASCII")
+which is, in hex, (73 65 63 72 65 74). No key info is provided for
+these signatures.
+
+ signature-enveloped-dsa.xml
+ signature-enveloping-b64-dsa.xml
+ signature-enveloping-dsa.xml
+ signature-enveloping-hmac-sha1-40.xml
+ signature-enveloping-hmac-sha1.xml
+ signature-enveloping-rsa.xml
+ signature-external-b64-dsa.xml
+ signature-external-dsa.xml - The signatures
+ signature-*-c14n-*.txt - The intermediate c14n output
+
+3. Varying key information:
+
+To resolve the key associated with the KeyName in `signature-keyname.xml'
+you must perform a cunning transformation from the name `Xxx' to the
+certificate that resides in the directory `certs/' that has a subject name
+containing the common name `Xxx', which happens to be in the file
+`certs/xxx.crt'.
+
+To resolve the key associated with the X509Data in `signature-x509-is.xml',
+`signature-x509-ski.xml' and `signature-x509-sn.xml' you need to resolve
+the identified certificate from those in the `certs' directory.
+
+In `signature-x509-crt-crl.xml' an X.509 CRL is present which has revoked
+the X.509 certificate used for signing. So verification should be
+qualified.
+
+ signature-keyname.xml
+ signature-retrievalmethod-rawx509crt.xml
+ signature-x509-crt-crl.xml
+ signature-x509-crt.xml
+ signature-x509-is.xml
+ signature-x509-ski.xml
+ signature-x509-sn.xml - The signatures
+ certs/*.crt - The certificates
+
+Merlin Hughes <merlin@baltimore.ie>
+Baltimore Technologies, Ltd.
+http://www.baltimore.com/
+
+Thursday, April 4, 2002
diff --git a/tests/merlin-xmldsig-twenty-three/certs/badb.der b/tests/merlin-xmldsig-twenty-three/certs/badb.der
new file mode 100644
index 00000000..2d0dec68
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/certs/badb.der
Binary files differ
diff --git a/tests/merlin-xmldsig-twenty-three/certs/badb.pem b/tests/merlin-xmldsig-twenty-three/certs/badb.pem
new file mode 100644
index 00000000..0221d206
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/certs/badb.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDTjCCAw6gAwIBAgIGAOz5IWdKMAkGByqGSM44BAMwdjELMAkGA1UEBhMCSUUx
+DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEdMBsGA1UEAxMUQW5vdGhlciBUcmFu
+c2llbnQgQ0EwHhcNMDIwNDAyMjM1OTU3WhcNMTIwNDAyMjI1OTQ2WjBmMQswCQYD
+VQQGEwJJRTEPMA0GA1UECBMGRHVibGluMSQwIgYDVQQKExtCYWx0aW1vcmUgVGVj
+aG5vbG9naWVzIEx0ZC4xETAPBgNVBAsTCFgvU2VjdXJlMQ0wCwYDVQQDEwRCYWRi
+MIIBtjCCASsGByqGSM44BAEwggEeAoGBAISKsEonjNGgHs/uh+9YKgnwZ8Bt3T7u
+yQBJW9dxpMF0cPUXz4dFbSFY4QyW8igCLswpOa+eHHEYsWvE0Nr1lcKHUPXq7u41
+JJwHNq1RAFeZiU6wa+1FL3v1/T1rAgzepV7xS4iafz4vxdHMlfwgKfoyKfq6JU1z
+oVM/ahI5xWDDAhUAmEv6eIJrB4KN0fPRABPx3NHYclkCgYAlhuYZ/AzPta7+bE5C
+QasmSVzc8uM/e+LN7ABlEXwQRk6QfZBcX8TbePNE8ZFng4Uft/QzAOUxALET7kKA
+ek4Jeytpzc0XYCYyuGJATm4F9ZY1pAJ5yQmUmwvDYdlaZJ4ldGzO/R57Evngn/G4
+tqjjoi0sx3jq7czvDwdGHnky0AOBhAACgYATQutuLkVzLAWmxY7yUNr12h3oXy54
+Bq1CfurLlhfiraKcFqe6QB6DvfEbh+4e/GeQIPI3y+dP/zkvrbdjN6l74mCueWTI
+dyn+wrhsvHbx6sb8YiElOKE7xnM1Nv8jOgcOR1NwJinjKqPv+stIdDENExfx6Ubz
+8hrtRueuFP3b36M6MDgwDgYDVR0PAQH/BAQDAgeAMBEGA1UdDgQKBAiAtARqytE1
+qDATBgNVHSMEDDAKgAiKHFYwWjISfTAJBgcqhkjOOAQDAy8AMCwCFFKTrj8PpVIm
+Yzp9a4bruXQS6ZvQAhQ1kT4Tac5xe7Gu8fu4RlzNTm911A==
+-----END CERTIFICATE-----
diff --git a/tests/merlin-xmldsig-twenty-three/certs/balor.der b/tests/merlin-xmldsig-twenty-three/certs/balor.der
new file mode 100644
index 00000000..806d59d7
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/certs/balor.der
Binary files differ
diff --git a/tests/merlin-xmldsig-twenty-three/certs/balor.pem b/tests/merlin-xmldsig-twenty-three/certs/balor.pem
new file mode 100644
index 00000000..edc1748a
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/certs/balor.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDTzCCAw+gAwIBAgIGAOz5IaxHMAkGByqGSM44BAMwdjELMAkGA1UEBhMCSUUx
+DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEdMBsGA1UEAxMUQW5vdGhlciBUcmFu
+c2llbnQgQ0EwHhcNMDIwNDAzMDAwMDE1WhcNMTIwNDAyMjI1OTQ2WjBnMQswCQYD
+VQQGEwJJRTEPMA0GA1UECBMGRHVibGluMSQwIgYDVQQKExtCYWx0aW1vcmUgVGVj
+aG5vbG9naWVzIEx0ZC4xETAPBgNVBAsTCFgvU2VjdXJlMQ4wDAYDVQQDEwVCYWxv
+cjCCAbYwggErBgcqhkjOOAQBMIIBHgKBgQCEirBKJ4zRoB7P7ofvWCoJ8GfAbd0+
+7skASVvXcaTBdHD1F8+HRW0hWOEMlvIoAi7MKTmvnhxxGLFrxNDa9ZXCh1D16u7u
+NSScBzatUQBXmYlOsGvtRS979f09awIM3qVe8UuImn8+L8XRzJX8ICn6Min6uiVN
+c6FTP2oSOcVgwwIVAJhL+niCaweCjdHz0QAT8dzR2HJZAoGAJYbmGfwMz7Wu/mxO
+QkGrJklc3PLjP3vizewAZRF8EEZOkH2QXF/E23jzRPGRZ4OFH7f0MwDlMQCxE+5C
+gHpOCXsrac3NF2AmMrhiQE5uBfWWNaQCeckJlJsLw2HZWmSeJXRszv0eexL54J/x
+uLao46ItLMd46u3M7w8HRh55MtADgYQAAoGAbueMW9xlSwsHNyM3j1KFYeM2yUon
+KtIVOMFc4VmNFE14ldDEldIK/8072nA2fCJvWfhTTC5DOAjzvSmH8sw2cgCLuo72
+K39mC5aDx3/US5x+WwiDqYiVQbrir09mHdnjGnRRPWTjmA4AM3PBOCNi8VykODIB
+r9sgc3UAV+b8jl+jOjA4MA4GA1UdDwEB/wQEAwIHgDARBgNVHQ4ECgQIg+4EbbfC
+EBMwEwYDVR0jBAwwCoAIihxWMFoyEn0wCQYHKoZIzjgEAwMvADAsAhRDxoNOoKQC
+6qpfb4Eh4YrYxHnwnwIUZKOfYeB62qVk0Mpd4V/zHNWC360=
+-----END CERTIFICATE-----
diff --git a/tests/merlin-xmldsig-twenty-three/certs/bres.pem b/tests/merlin-xmldsig-twenty-three/certs/bres.pem
new file mode 100644
index 00000000..18a0966c
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/certs/bres.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDTjCCAw6gAwIBAgIGAOz5Id5/MAkGByqGSM44BAMwdjELMAkGA1UEBhMCSUUx
+DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEdMBsGA1UEAxMUQW5vdGhlciBUcmFu
+c2llbnQgQ0EwHhcNMDIwNDAzMDAwMDI4WhcNMTIwNDAyMjI1OTQ2WjBmMQswCQYD
+VQQGEwJJRTEPMA0GA1UECBMGRHVibGluMSQwIgYDVQQKExtCYWx0aW1vcmUgVGVj
+aG5vbG9naWVzIEx0ZC4xETAPBgNVBAsTCFgvU2VjdXJlMQ0wCwYDVQQDEwRCcmVz
+MIIBtjCCASsGByqGSM44BAEwggEeAoGBAISKsEonjNGgHs/uh+9YKgnwZ8Bt3T7u
+yQBJW9dxpMF0cPUXz4dFbSFY4QyW8igCLswpOa+eHHEYsWvE0Nr1lcKHUPXq7u41
+JJwHNq1RAFeZiU6wa+1FL3v1/T1rAgzepV7xS4iafz4vxdHMlfwgKfoyKfq6JU1z
+oVM/ahI5xWDDAhUAmEv6eIJrB4KN0fPRABPx3NHYclkCgYAlhuYZ/AzPta7+bE5C
+QasmSVzc8uM/e+LN7ABlEXwQRk6QfZBcX8TbePNE8ZFng4Uft/QzAOUxALET7kKA
+ek4Jeytpzc0XYCYyuGJATm4F9ZY1pAJ5yQmUmwvDYdlaZJ4ldGzO/R57Evngn/G4
+tqjjoi0sx3jq7czvDwdGHnky0AOBhAACgYBgvDFxw1U6Ou2G6P/+347Jfk2wPB1/
+atr4p3JUVLuT0ExZG6np+rKiXmcBbYKbAhMY37zVkroR9bwo+NgaJGubQ4ex5Y1X
+N2Q5gIHNhNfKr8G4LPVqWGxf/lFPDYxX3ezqBJPpJCJTREX7s6Hp/VTV2SpQlySv
++GRcFKJFPlhD9aM6MDgwDgYDVR0PAQH/BAQDAgeAMBEGA1UdDgQKBAiC+5gx0MHL
+hTATBgNVHSMEDDAKgAiKHFYwWjISfTAJBgcqhkjOOAQDAy8AMCwCFDTcM5i61uqq
+/aveERhOJ6NG/LubAhREVDtAeNbTEywXr4O7KvEEvFLUjg==
+-----END CERTIFICATE-----
diff --git a/tests/merlin-xmldsig-twenty-three/certs/ca.der b/tests/merlin-xmldsig-twenty-three/certs/ca.der
new file mode 100644
index 00000000..00861d03
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/certs/ca.der
Binary files differ
diff --git a/tests/merlin-xmldsig-twenty-three/certs/ca.pem b/tests/merlin-xmldsig-twenty-three/certs/ca.pem
new file mode 100644
index 00000000..4e6d5766
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/certs/ca.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWjCCAxqgAwIBAgIGAOz5ITo8MAkGByqGSM44BAMwdjELMAkGA1UEBhMCSUUx
+DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEdMBsGA1UEAxMUQW5vdGhlciBUcmFu
+c2llbnQgQ0EwHhcNMDIwNDAyMjM1OTQ2WhcNMTIwNDAyMjI1OTQ2WjB2MQswCQYD
+VQQGEwJJRTEPMA0GA1UECBMGRHVibGluMSQwIgYDVQQKExtCYWx0aW1vcmUgVGVj
+aG5vbG9naWVzIEx0ZC4xETAPBgNVBAsTCFgvU2VjdXJlMR0wGwYDVQQDExRBbm90
+aGVyIFRyYW5zaWVudCBDQTCCAbYwggErBgcqhkjOOAQBMIIBHgKBgQCEirBKJ4zR
+oB7P7ofvWCoJ8GfAbd0+7skASVvXcaTBdHD1F8+HRW0hWOEMlvIoAi7MKTmvnhxx
+GLFrxNDa9ZXCh1D16u7uNSScBzatUQBXmYlOsGvtRS979f09awIM3qVe8UuImn8+
+L8XRzJX8ICn6Min6uiVNc6FTP2oSOcVgwwIVAJhL+niCaweCjdHz0QAT8dzR2HJZ
+AoGAJYbmGfwMz7Wu/mxOQkGrJklc3PLjP3vizewAZRF8EEZOkH2QXF/E23jzRPGR
+Z4OFH7f0MwDlMQCxE+5CgHpOCXsrac3NF2AmMrhiQE5uBfWWNaQCeckJlJsLw2HZ
+WmSeJXRszv0eexL54J/xuLao46ItLMd46u3M7w8HRh55MtADgYQAAoGADpGA7hzl
+zqaxtr6U+w86qQmoDJhIPMGAUG65aFhGDLm410IzA30J4DYEd9gpnG7lNF+AeHQq
+rpvUN+H0CB0eSxiElFRiV+x+oYUN/p1v/mbKXb4H1+mT7XTi5G/k9Kw5e8UbNgDC
+Ij/2uewSMd5y+jkWUUUXlwYbqt5pOZZhmtejNjA0MA4GA1UdDwEB/wQEAwICBDAP
+BgNVHRMECDAGAQH/AgEAMBEGA1UdDgQKBAiKHFYwWjISfTAJBgcqhkjOOAQDAy8A
+MCwCFDI9WLFVplIMf5ta+kB2s/BHBzm9AhQTczFDTX/7sawplNpLfzu5i/g+qA==
+-----END CERTIFICATE-----
diff --git a/tests/merlin-xmldsig-twenty-three/certs/lugh-cert.der b/tests/merlin-xmldsig-twenty-three/certs/lugh-cert.der
new file mode 100644
index 00000000..2109edfa
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/certs/lugh-cert.der
Binary files differ
diff --git a/tests/merlin-xmldsig-twenty-three/certs/lugh-cert.pem b/tests/merlin-xmldsig-twenty-three/certs/lugh-cert.pem
new file mode 100644
index 00000000..049721f1
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/certs/lugh-cert.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDTzCCAw6gAwIBAgIGAOz5IcSmMAkGByqGSM44BAMwdjELMAkGA1UEBhMCSUUx
+DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEdMBsGA1UEAxMUQW5vdGhlciBUcmFu
+c2llbnQgQ0EwHhcNMDIwNDAzMDAwMDIxWhcNMTIwNDAyMjI1OTQ2WjBmMQswCQYD
+VQQGEwJJRTEPMA0GA1UECBMGRHVibGluMSQwIgYDVQQKExtCYWx0aW1vcmUgVGVj
+aG5vbG9naWVzIEx0ZC4xETAPBgNVBAsTCFgvU2VjdXJlMQ0wCwYDVQQDEwRMdWdo
+MIIBtjCCASsGByqGSM44BAEwggEeAoGBAISKsEonjNGgHs/uh+9YKgnwZ8Bt3T7u
+yQBJW9dxpMF0cPUXz4dFbSFY4QyW8igCLswpOa+eHHEYsWvE0Nr1lcKHUPXq7u41
+JJwHNq1RAFeZiU6wa+1FL3v1/T1rAgzepV7xS4iafz4vxdHMlfwgKfoyKfq6JU1z
+oVM/ahI5xWDDAhUAmEv6eIJrB4KN0fPRABPx3NHYclkCgYAlhuYZ/AzPta7+bE5C
+QasmSVzc8uM/e+LN7ABlEXwQRk6QfZBcX8TbePNE8ZFng4Uft/QzAOUxALET7kKA
+ek4Jeytpzc0XYCYyuGJATm4F9ZY1pAJ5yQmUmwvDYdlaZJ4ldGzO/R57Evngn/G4
+tqjjoi0sx3jq7czvDwdGHnky0AOBhAACgYBIdlgw5JS5w1C4a5zQVul03YLFTkaX
+6RxbTYsDcnb0SyegrcKQ5y7MgaeDTUVIzCe6Q1WNjvT1fLwWmygpNVUUOZKEJT3p
+kSB+8/7IrGM+IWUTxkyIwasgsmrQnV/a+CSRFVDzZQKJFzcdCfZmK0yxh2NrPMiQ
+ogOgroVjgLrlE6M6MDgwDgYDVR0PAQH/BAQDAgeAMBEGA1UdDgQKBAiMWQ6+Iv7t
+UDATBgNVHSMEDDAKgAiKHFYwWjISfTAJBgcqhkjOOAQDAzAAMC0CFQCE72yE3Jte
+0ltPp3yWpePyMp0RJgIUdB+bQ5BzY7G332mPCCH7dNa1Y0Q=
+-----END CERTIFICATE-----
diff --git a/tests/merlin-xmldsig-twenty-three/certs/lugh.der b/tests/merlin-xmldsig-twenty-three/certs/lugh.der
new file mode 100644
index 00000000..3b1193ab
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/certs/lugh.der
Binary files differ
diff --git a/tests/merlin-xmldsig-twenty-three/certs/lugh.pem b/tests/merlin-xmldsig-twenty-three/certs/lugh.pem
new file mode 100644
index 00000000..e0d1e959
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/certs/lugh.pem
@@ -0,0 +1,12 @@
+-----BEGIN PUBLIC KEY-----
+MIIBtjCCASsGByqGSM44BAEwggEeAoGBAISKsEonjNGgHs/uh+9YKgnwZ8Bt3T7u
+yQBJW9dxpMF0cPUXz4dFbSFY4QyW8igCLswpOa+eHHEYsWvE0Nr1lcKHUPXq7u41
+JJwHNq1RAFeZiU6wa+1FL3v1/T1rAgzepV7xS4iafz4vxdHMlfwgKfoyKfq6JU1z
+oVM/ahI5xWDDAhUAmEv6eIJrB4KN0fPRABPx3NHYclkCgYAlhuYZ/AzPta7+bE5C
+QasmSVzc8uM/e+LN7ABlEXwQRk6QfZBcX8TbePNE8ZFng4Uft/QzAOUxALET7kKA
+ek4Jeytpzc0XYCYyuGJATm4F9ZY1pAJ5yQmUmwvDYdlaZJ4ldGzO/R57Evngn/G4
+tqjjoi0sx3jq7czvDwdGHnky0AOBhAACgYBIdlgw5JS5w1C4a5zQVul03YLFTkaX
+6RxbTYsDcnb0SyegrcKQ5y7MgaeDTUVIzCe6Q1WNjvT1fLwWmygpNVUUOZKEJT3p
+kSB+8/7IrGM+IWUTxkyIwasgsmrQnV/a+CSRFVDzZQKJFzcdCfZmK0yxh2NrPMiQ
+ogOgroVjgLrlEw==
+-----END PUBLIC KEY-----
diff --git a/tests/merlin-xmldsig-twenty-three/certs/macha.der b/tests/merlin-xmldsig-twenty-three/certs/macha.der
new file mode 100644
index 00000000..484ddc26
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/certs/macha.der
Binary files differ
diff --git a/tests/merlin-xmldsig-twenty-three/certs/macha.pem b/tests/merlin-xmldsig-twenty-three/certs/macha.pem
new file mode 100644
index 00000000..2402a12f
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/certs/macha.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDUDCCAw+gAwIBAgIGAOz5IXv6MAkGByqGSM44BAMwdjELMAkGA1UEBhMCSUUx
+DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEdMBsGA1UEAxMUQW5vdGhlciBUcmFu
+c2llbnQgQ0EwHhcNMDIwNDAzMDAwMDAzWhcNMTIwNDAyMjI1OTQ2WjBnMQswCQYD
+VQQGEwJJRTEPMA0GA1UECBMGRHVibGluMSQwIgYDVQQKExtCYWx0aW1vcmUgVGVj
+aG5vbG9naWVzIEx0ZC4xETAPBgNVBAsTCFgvU2VjdXJlMQ4wDAYDVQQDEwVNYWNo
+YTCCAbYwggErBgcqhkjOOAQBMIIBHgKBgQCEirBKJ4zRoB7P7ofvWCoJ8GfAbd0+
+7skASVvXcaTBdHD1F8+HRW0hWOEMlvIoAi7MKTmvnhxxGLFrxNDa9ZXCh1D16u7u
+NSScBzatUQBXmYlOsGvtRS979f09awIM3qVe8UuImn8+L8XRzJX8ICn6Min6uiVN
+c6FTP2oSOcVgwwIVAJhL+niCaweCjdHz0QAT8dzR2HJZAoGAJYbmGfwMz7Wu/mxO
+QkGrJklc3PLjP3vizewAZRF8EEZOkH2QXF/E23jzRPGRZ4OFH7f0MwDlMQCxE+5C
+gHpOCXsrac3NF2AmMrhiQE5uBfWWNaQCeckJlJsLw2HZWmSeJXRszv0eexL54J/x
+uLao46ItLMd46u3M7w8HRh55MtADgYQAAoGAXenEaP4SIoG3ukTjtqT8TOKddzyb
+dd8epOpGDnPemC6hmsjkbfNDrKEdbsb9AKhb0pp2HKWxNPzPACJ65LMgrtTPY/6f
+NLxB1/o+J1dJR7nehKF9WjwDjAJJ6f9Wc4OwJP7B7DlwWzhaMMNOzmASAUU/AoeL
+WTuMfjA3O+6hm6ijOjA4MA4GA1UdDwEB/wQEAwIHgDARBgNVHQ4ECgQIizPsQXmT
+yPowEwYDVR0jBAwwCoAIihxWMFoyEn0wCQYHKoZIzjgEAwMwADAtAhUAiT4zE8AB
+6veOzVcWxkyYFwHcnFsCFDorkHKzPCnWkmpuDY39GvfKEYBA
+-----END CERTIFICATE-----
diff --git a/tests/merlin-xmldsig-twenty-three/certs/merlin.der b/tests/merlin-xmldsig-twenty-three/certs/merlin.der
new file mode 100644
index 00000000..a72fc7f0
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/certs/merlin.der
Binary files differ
diff --git a/tests/merlin-xmldsig-twenty-three/certs/merlin.pem b/tests/merlin-xmldsig-twenty-three/certs/merlin.pem
new file mode 100644
index 00000000..7efe8e08
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/certs/merlin.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDSzCCAwugAwIBAgIGAOz46fwJMAkGByqGSM44BAMwbjELMAkGA1UEBhMCSUUx
+DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEVMBMGA1UEAxMMVHJhbnNpZW50IENB
+MB4XDTAyMDQwMjIyNTkyNVoXDTEyMDQwMjIxNTkyNVowbjELMAkGA1UEBhMCSUUx
+DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEVMBMGA1UEAxMMVHJhbnNpZW50IENB
+MIIBtzCCASwGByqGSM44BAEwggEfAoGBAN3jngL6pxMhaVvrk0oK3Y+2C42k5Kch
+3nChSKC7vEGTZBk0CNXIiEwR9JanyJHQh0ovH4lAtw06tyfRbCXn+GFbQxeyaVLx
+0zkKrau2YMeigvFsZM+q0AsTq+xdAKTmIvPcy0aHuDJAxnursdPlrcjk0KFSBjUw
+w1BV61EDWy6xAhUAhDLcFK0GO/Hz1arxOOvsgM/VLyUCgYEAnnx7hbdWozGbtnFg
+nbFnopfRl7XRacpkPJRGf5P2IUgVspEUSUoN6i1fDBfBg43zKt7dlEaQL7b5+JTZ
+t3MhZNPosxsgxVuT7Ts/g5k7EnpdYv0a5hw5Bw29fjbGHfgM8d2rhd2Ui0xHbk0D
+451nhLxVWulviOSPhzKKvXrbySADgYQAAoGAfag+HCABIJadDD9Aarhgc2QR3Lp7
+PpMOh0lAwLiIsvkO4UlbeOS0IJC8bcqLjM1fVw6FGSaxmq+4y1ag2m9k6IdE0Qh5
+NxB/xFkmdwqXFRIJVp44OeUygB47YK76NmUIYG3DdfiPPU3bqzjvtOtETiCHvo25
+4D6UjwPpYErXRUajNjA0MA4GA1UdDwEB/wQEAwICBDAPBgNVHRMECDAGAQH/AgEA
+MBEGA1UdDgQKBAiDhj5AdjLikzAJBgcqhkjOOAQDAy8AMCwCFELu0nuweqW7Wf0s
+gk/CAGGL0BGKAhRNdgQGr5iyZKoH4oqPm0VJ9TjXLg==
+-----END CERTIFICATE-----
+
diff --git a/tests/merlin-xmldsig-twenty-three/certs/morigu.pem b/tests/merlin-xmldsig-twenty-three/certs/morigu.pem
new file mode 100644
index 00000000..c1fd6eb5
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/certs/morigu.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDUDCCAxCgAwIBAgIGAOz5IVHTMAkGByqGSM44BAMwdjELMAkGA1UEBhMCSUUx
+DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEdMBsGA1UEAxMUQW5vdGhlciBUcmFu
+c2llbnQgQ0EwHhcNMDIwNDAyMjM1OTUyWhcNMTIwNDAyMjI1OTQ2WjBoMQswCQYD
+VQQGEwJJRTEPMA0GA1UECBMGRHVibGluMSQwIgYDVQQKExtCYWx0aW1vcmUgVGVj
+aG5vbG9naWVzIEx0ZC4xETAPBgNVBAsTCFgvU2VjdXJlMQ8wDQYDVQQDEwZNb3Jp
+Z3UwggG2MIIBKwYHKoZIzjgEATCCAR4CgYEAhIqwSieM0aAez+6H71gqCfBnwG3d
+Pu7JAElb13GkwXRw9RfPh0VtIVjhDJbyKAIuzCk5r54ccRixa8TQ2vWVwodQ9eru
+7jUknAc2rVEAV5mJTrBr7UUve/X9PWsCDN6lXvFLiJp/Pi/F0cyV/CAp+jIp+rol
+TXOhUz9qEjnFYMMCFQCYS/p4gmsHgo3R89EAE/Hc0dhyWQKBgCWG5hn8DM+1rv5s
+TkJBqyZJXNzy4z974s3sAGURfBBGTpB9kFxfxNt480TxkWeDhR+39DMA5TEAsRPu
+QoB6Tgl7K2nNzRdgJjK4YkBObgX1ljWkAnnJCZSbC8Nh2VpkniV0bM79HnsS+eCf
+8bi2qOOiLSzHeOrtzO8PB0YeeTLQA4GEAAKBgH1NBJ9Az5TwY4tDE0dPYVHHABt+
+yLspnT3k9G6YWUMFhZ/+3RuqEPjnKrPfUoXTTJGIACgPU3/PkqwrPVD0JMdpOcnZ
+LHiJ/P7QRQeMwDRoBrs7genB1bDd4pSJrEUcjrkA5uRrIj2Z5fL+UuLiLGPO2rM7
+BNQRIq3QFPdX++NuozowODAOBgNVHQ8BAf8EBAMCB4AwEQYDVR0OBAoECIK7Ljjh
++EsfMBMGA1UdIwQMMAqACIocVjBaMhJ9MAkGByqGSM44BAMDLwAwLAIUEJJCOHw8
+ppxoRyz3s+Vmb4NKIfMCFDgJoZn9zh/3WoYNBURODwLvyBOy
+-----END CERTIFICATE-----
diff --git a/tests/merlin-xmldsig-twenty-three/certs/nemain.der b/tests/merlin-xmldsig-twenty-three/certs/nemain.der
new file mode 100644
index 00000000..f4b62ae6
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/certs/nemain.der
Binary files differ
diff --git a/tests/merlin-xmldsig-twenty-three/certs/nemain.pem b/tests/merlin-xmldsig-twenty-three/certs/nemain.pem
new file mode 100644
index 00000000..b681a5c2
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/certs/nemain.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDUDCCAxCgAwIBAgIGAOz5IZDHMAkGByqGSM44BAMwdjELMAkGA1UEBhMCSUUx
+DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEdMBsGA1UEAxMUQW5vdGhlciBUcmFu
+c2llbnQgQ0EwHhcNMDIwNDAzMDAwMDA4WhcNMTIwNDAyMjI1OTQ2WjBoMQswCQYD
+VQQGEwJJRTEPMA0GA1UECBMGRHVibGluMSQwIgYDVQQKExtCYWx0aW1vcmUgVGVj
+aG5vbG9naWVzIEx0ZC4xETAPBgNVBAsTCFgvU2VjdXJlMQ8wDQYDVQQDEwZOZW1h
+aW4wggG2MIIBKwYHKoZIzjgEATCCAR4CgYEAhIqwSieM0aAez+6H71gqCfBnwG3d
+Pu7JAElb13GkwXRw9RfPh0VtIVjhDJbyKAIuzCk5r54ccRixa8TQ2vWVwodQ9eru
+7jUknAc2rVEAV5mJTrBr7UUve/X9PWsCDN6lXvFLiJp/Pi/F0cyV/CAp+jIp+rol
+TXOhUz9qEjnFYMMCFQCYS/p4gmsHgo3R89EAE/Hc0dhyWQKBgCWG5hn8DM+1rv5s
+TkJBqyZJXNzy4z974s3sAGURfBBGTpB9kFxfxNt480TxkWeDhR+39DMA5TEAsRPu
+QoB6Tgl7K2nNzRdgJjK4YkBObgX1ljWkAnnJCZSbC8Nh2VpkniV0bM79HnsS+eCf
+8bi2qOOiLSzHeOrtzO8PB0YeeTLQA4GEAAKBgHzbc/0aTzXwKKeT85kjCq2HD4WY
+nZC9DOck02gNhNbEgN+wGeUPDSQM/vhmxVeoK3ptVA/sU8arBW8V+AdrU/9hJr0v
+nEiqgt9WQLHUhnMJiXTMLcS7XHeIVcwh/iRjD61HUp1cby9UMHZRsW6Ys8rUi0Zn
+/1KrtpTwZJuNwsYIozowODAOBgNVHQ8BAf8EBAMCB4AwEQYDVR0OBAoECIX9dMSn
+0pyIMBMGA1UdIwQMMAqACIocVjBaMhJ9MAkGByqGSM44BAMDLwAwLAIUFRYkL6qD
+NZWtKU03+WYBiGEGSoECFEtRGI19WHg+sT9fBfGKfo8NnJX4
+-----END CERTIFICATE-----
diff --git a/tests/merlin-xmldsig-twenty-three/signature-enveloped-dsa.tmpl b/tests/merlin-xmldsig-twenty-three/signature-enveloped-dsa.tmpl
new file mode 100644
index 00000000..853fbf69
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/signature-enveloped-dsa.tmpl
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Envelope xmlns="http://example.org/envelope">
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <KeyInfo>
+ <KeyValue>
+ </KeyValue>
+ </KeyInfo>
+ </Signature>
+</Envelope>
diff --git a/tests/merlin-xmldsig-twenty-three/signature-enveloped-dsa.xml b/tests/merlin-xmldsig-twenty-three/signature-enveloped-dsa.xml
new file mode 100644
index 00000000..f5ff1f50
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/signature-enveloped-dsa.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Envelope xmlns="http://example.org/envelope">
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>fdy6S2NLpnT4fMdokUHSHsmpcvo=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ Z4pBb+o+XOKWME7CpLyXuNqyIYdXOcGvthfUf+ZDLL5immPx+3tK8Q==
+ </SignatureValue>
+ <KeyInfo>
+ <KeyValue>
+ <DSAKeyValue>
+ <P>
+ 3eOeAvqnEyFpW+uTSgrdj7YLjaTkpyHecKFIoLu8QZNkGTQI1ciITBH0lqfIkdCH
+ Si8fiUC3DTq3J9FsJef4YVtDF7JpUvHTOQqtq7Zgx6KC8Wxkz6rQCxOr7F0ApOYi
+ 89zLRoe4MkDGe6ux0+WtyOTQoVIGNTDDUFXrUQNbLrE=
+ </P>
+ <Q>
+ hDLcFK0GO/Hz1arxOOvsgM/VLyU=
+ </Q>
+ <G>
+ nnx7hbdWozGbtnFgnbFnopfRl7XRacpkPJRGf5P2IUgVspEUSUoN6i1fDBfBg43z
+ Kt7dlEaQL7b5+JTZt3MhZNPosxsgxVuT7Ts/g5k7EnpdYv0a5hw5Bw29fjbGHfgM
+ 8d2rhd2Ui0xHbk0D451nhLxVWulviOSPhzKKvXrbySA=
+ </G>
+ <Y>
+ cfYpihpAQeepbNFS4MAbQRhdXpDi5wLrwxE5hIvoYqo1L8BQVu8fY1TFAPtoae1i
+ Bg/GIJyP3iLfyuBJaDvJJLP30wBH9i/s5J3656PevpOVdTfi777Fi9Gj6y/ib2Vv
+ +OZfJkkp4L50+p5TUhPmQLJtREsgtl+tnIOyJT++G9U=
+ </Y>
+ </DSAKeyValue>
+ </KeyValue>
+ </KeyInfo>
+ </Signature>
+</Envelope>
diff --git a/tests/merlin-xmldsig-twenty-three/signature-enveloping-b64-dsa.tmpl b/tests/merlin-xmldsig-twenty-three/signature-enveloping-b64-dsa.tmpl
new file mode 100644
index 00000000..5ca8d504
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/signature-enveloping-b64-dsa.tmpl
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="#object">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#base64" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <KeyInfo>
+ <KeyValue>
+ </KeyValue>
+ </KeyInfo>
+ <Object Id="object">c29tZSB0ZXh0</Object>
+</Signature>
diff --git a/tests/merlin-xmldsig-twenty-three/signature-enveloping-b64-dsa.xml b/tests/merlin-xmldsig-twenty-three/signature-enveloping-b64-dsa.xml
new file mode 100644
index 00000000..4e924b0e
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/signature-enveloping-b64-dsa.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="#object">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#base64" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>N6pjx3OY2VRHMmLhoAV8HmMu2nc=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ KgAeq8e0yUNfFz+mFlZ3QgyQNMciV+Z3BoDQDvQNker7pazEnJmOIA==
+ </SignatureValue>
+ <KeyInfo>
+ <KeyValue>
+ <DSAKeyValue>
+ <P>
+ 3eOeAvqnEyFpW+uTSgrdj7YLjaTkpyHecKFIoLu8QZNkGTQI1ciITBH0lqfIkdCH
+ Si8fiUC3DTq3J9FsJef4YVtDF7JpUvHTOQqtq7Zgx6KC8Wxkz6rQCxOr7F0ApOYi
+ 89zLRoe4MkDGe6ux0+WtyOTQoVIGNTDDUFXrUQNbLrE=
+ </P>
+ <Q>
+ hDLcFK0GO/Hz1arxOOvsgM/VLyU=
+ </Q>
+ <G>
+ nnx7hbdWozGbtnFgnbFnopfRl7XRacpkPJRGf5P2IUgVspEUSUoN6i1fDBfBg43z
+ Kt7dlEaQL7b5+JTZt3MhZNPosxsgxVuT7Ts/g5k7EnpdYv0a5hw5Bw29fjbGHfgM
+ 8d2rhd2Ui0xHbk0D451nhLxVWulviOSPhzKKvXrbySA=
+ </G>
+ <Y>
+ cfYpihpAQeepbNFS4MAbQRhdXpDi5wLrwxE5hIvoYqo1L8BQVu8fY1TFAPtoae1i
+ Bg/GIJyP3iLfyuBJaDvJJLP30wBH9i/s5J3656PevpOVdTfi777Fi9Gj6y/ib2Vv
+ +OZfJkkp4L50+p5TUhPmQLJtREsgtl+tnIOyJT++G9U=
+ </Y>
+ </DSAKeyValue>
+ </KeyValue>
+ </KeyInfo>
+ <Object Id="object">c29tZSB0ZXh0</Object>
+</Signature>
diff --git a/tests/merlin-xmldsig-twenty-three/signature-enveloping-dsa.tmpl b/tests/merlin-xmldsig-twenty-three/signature-enveloping-dsa.tmpl
new file mode 100644
index 00000000..555fc8b1
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/signature-enveloping-dsa.tmpl
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <KeyInfo>
+ <KeyValue>
+ </KeyValue>
+ </KeyInfo>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/merlin-xmldsig-twenty-three/signature-enveloping-dsa.xml b/tests/merlin-xmldsig-twenty-three/signature-enveloping-dsa.xml
new file mode 100644
index 00000000..488ac261
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/signature-enveloping-dsa.xml
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>7/XTsHaBSOnJ/jXD5v0zL6VKYsk=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ PfD92lkxKgc2OKvF4p0ba6cJj6d1eqIDx5Q1hvVYTviotje23Snunw==
+ </SignatureValue>
+ <KeyInfo>
+ <KeyValue>
+ <DSAKeyValue>
+ <P>
+ 3eOeAvqnEyFpW+uTSgrdj7YLjaTkpyHecKFIoLu8QZNkGTQI1ciITBH0lqfIkdCH
+ Si8fiUC3DTq3J9FsJef4YVtDF7JpUvHTOQqtq7Zgx6KC8Wxkz6rQCxOr7F0ApOYi
+ 89zLRoe4MkDGe6ux0+WtyOTQoVIGNTDDUFXrUQNbLrE=
+ </P>
+ <Q>
+ hDLcFK0GO/Hz1arxOOvsgM/VLyU=
+ </Q>
+ <G>
+ nnx7hbdWozGbtnFgnbFnopfRl7XRacpkPJRGf5P2IUgVspEUSUoN6i1fDBfBg43z
+ Kt7dlEaQL7b5+JTZt3MhZNPosxsgxVuT7Ts/g5k7EnpdYv0a5hw5Bw29fjbGHfgM
+ 8d2rhd2Ui0xHbk0D451nhLxVWulviOSPhzKKvXrbySA=
+ </G>
+ <Y>
+ cfYpihpAQeepbNFS4MAbQRhdXpDi5wLrwxE5hIvoYqo1L8BQVu8fY1TFAPtoae1i
+ Bg/GIJyP3iLfyuBJaDvJJLP30wBH9i/s5J3656PevpOVdTfi777Fi9Gj6y/ib2Vv
+ +OZfJkkp4L50+p5TUhPmQLJtREsgtl+tnIOyJT++G9U=
+ </Y>
+ </DSAKeyValue>
+ </KeyValue>
+ </KeyInfo>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1-40.tmpl b/tests/merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1-40.tmpl
new file mode 100644
index 00000000..1057b61c
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1-40.tmpl
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1">
+ <HMACOutputLength>80</HMACOutputLength>
+ </SignatureMethod>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1-40.xml b/tests/merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1-40.xml
new file mode 100644
index 00000000..d654c536
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1-40.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1">
+ <HMACOutputLength>80</HMACOutputLength>
+ </SignatureMethod>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>7/XTsHaBSOnJ/jXD5v0zL6VKYsk=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ xjqFz/yYQRTOrw==
+ </SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1.tmpl b/tests/merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1.tmpl
new file mode 100644
index 00000000..2b310a6d
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1.tmpl
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1.xml b/tests/merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1.xml
new file mode 100644
index 00000000..c0c8343a
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>7/XTsHaBSOnJ/jXD5v0zL6VKYsk=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ JElPttIT4Am7Q+MNoMyv+WDfAZw=
+ </SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/merlin-xmldsig-twenty-three/signature-enveloping-rsa.tmpl b/tests/merlin-xmldsig-twenty-three/signature-enveloping-rsa.tmpl
new file mode 100644
index 00000000..edc7c7e9
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/signature-enveloping-rsa.tmpl
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <KeyInfo>
+ <KeyValue>
+ </KeyValue>
+ </KeyInfo>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/merlin-xmldsig-twenty-three/signature-enveloping-rsa.xml b/tests/merlin-xmldsig-twenty-three/signature-enveloping-rsa.xml
new file mode 100644
index 00000000..1580d838
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/signature-enveloping-rsa.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>7/XTsHaBSOnJ/jXD5v0zL6VKYsk=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ ov3HOoPN0w71N3DdGNhN+dSzQm6NJFUB5qGKRp9Q986nVzMb8wCIVxCQu+x3vMtq
+ p4/R3KEcPtEJSaoR+thGq++GPIh2mZXyWJs3xHy9P4xmoTVwli7/l7s8ebDSmnbZ
+ 7xZU4Iy1BSMZSxGKnRG+Z/0GJIfTz8jhH6wCe3l03L4=
+ </SignatureValue>
+ <KeyInfo>
+ <KeyValue>
+ <RSAKeyValue>
+ <Modulus>
+ q07hpxA5DGFfvJFZueFl/LI85XxQxrvqgVugL25V090A9MrlLBg5PmAsxFTe+G6a
+ xvWJQwYOVHj/nuiCnNLa9a7uAtPFiTtW+v5H3wlLaY3ws4atRBNOQlYkIBp38sTf
+ QBkk4i8PEU1GQ2M0CLIJq4/2Akfv1wxzSQ9+8oWkArc=
+ </Modulus>
+ <Exponent>
+ AQAB
+ </Exponent>
+ </RSAKeyValue>
+ </KeyValue>
+ </KeyInfo>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/tests/merlin-xmldsig-twenty-three/signature-external-b64-dsa.tmpl b/tests/merlin-xmldsig-twenty-three/signature-external-b64-dsa.tmpl
new file mode 100644
index 00000000..be723e01
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/signature-external-b64-dsa.tmpl
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="http://www.w3.org/Signature/2002/04/xml-stylesheet.b64">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#base64" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <KeyInfo>
+ <KeyValue>
+ </KeyValue>
+ </KeyInfo>
+</Signature>
diff --git a/tests/merlin-xmldsig-twenty-three/signature-external-b64-dsa.xml b/tests/merlin-xmldsig-twenty-three/signature-external-b64-dsa.xml
new file mode 100644
index 00000000..1fb56630
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/signature-external-b64-dsa.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="http://www.w3.org/Signature/2002/04/xml-stylesheet.b64">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#base64" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ IhOlAjMFaZtkEju5R5bi528h1HpDa4A21sudZynhJRRLjZuQIHZ3eQ==
+ </SignatureValue>
+ <KeyInfo>
+ <KeyValue>
+ <DSAKeyValue>
+ <P>
+ 3eOeAvqnEyFpW+uTSgrdj7YLjaTkpyHecKFIoLu8QZNkGTQI1ciITBH0lqfIkdCH
+ Si8fiUC3DTq3J9FsJef4YVtDF7JpUvHTOQqtq7Zgx6KC8Wxkz6rQCxOr7F0ApOYi
+ 89zLRoe4MkDGe6ux0+WtyOTQoVIGNTDDUFXrUQNbLrE=
+ </P>
+ <Q>
+ hDLcFK0GO/Hz1arxOOvsgM/VLyU=
+ </Q>
+ <G>
+ nnx7hbdWozGbtnFgnbFnopfRl7XRacpkPJRGf5P2IUgVspEUSUoN6i1fDBfBg43z
+ Kt7dlEaQL7b5+JTZt3MhZNPosxsgxVuT7Ts/g5k7EnpdYv0a5hw5Bw29fjbGHfgM
+ 8d2rhd2Ui0xHbk0D451nhLxVWulviOSPhzKKvXrbySA=
+ </G>
+ <Y>
+ cfYpihpAQeepbNFS4MAbQRhdXpDi5wLrwxE5hIvoYqo1L8BQVu8fY1TFAPtoae1i
+ Bg/GIJyP3iLfyuBJaDvJJLP30wBH9i/s5J3656PevpOVdTfi777Fi9Gj6y/ib2Vv
+ +OZfJkkp4L50+p5TUhPmQLJtREsgtl+tnIOyJT++G9U=
+ </Y>
+ </DSAKeyValue>
+ </KeyValue>
+ </KeyInfo>
+</Signature>
diff --git a/tests/merlin-xmldsig-twenty-three/signature-external-dsa.tmpl b/tests/merlin-xmldsig-twenty-three/signature-external-dsa.tmpl
new file mode 100644
index 00000000..7b9ab4cc
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/signature-external-dsa.tmpl
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <KeyInfo>
+ <KeyValue>
+ </KeyValue>
+ </KeyInfo>
+</Signature>
diff --git a/tests/merlin-xmldsig-twenty-three/signature-external-dsa.xml b/tests/merlin-xmldsig-twenty-three/signature-external-dsa.xml
new file mode 100644
index 00000000..34d3e6a8
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/signature-external-dsa.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ LaL1/t/XodYvDJDgSEbq47GX8ltnlx3FFURdi7o+UFVi+zLf0WyWaQ==
+ </SignatureValue>
+ <KeyInfo>
+ <KeyValue>
+ <DSAKeyValue>
+ <P>
+ 3eOeAvqnEyFpW+uTSgrdj7YLjaTkpyHecKFIoLu8QZNkGTQI1ciITBH0lqfIkdCH
+ Si8fiUC3DTq3J9FsJef4YVtDF7JpUvHTOQqtq7Zgx6KC8Wxkz6rQCxOr7F0ApOYi
+ 89zLRoe4MkDGe6ux0+WtyOTQoVIGNTDDUFXrUQNbLrE=
+ </P>
+ <Q>
+ hDLcFK0GO/Hz1arxOOvsgM/VLyU=
+ </Q>
+ <G>
+ nnx7hbdWozGbtnFgnbFnopfRl7XRacpkPJRGf5P2IUgVspEUSUoN6i1fDBfBg43z
+ Kt7dlEaQL7b5+JTZt3MhZNPosxsgxVuT7Ts/g5k7EnpdYv0a5hw5Bw29fjbGHfgM
+ 8d2rhd2Ui0xHbk0D451nhLxVWulviOSPhzKKvXrbySA=
+ </G>
+ <Y>
+ cfYpihpAQeepbNFS4MAbQRhdXpDi5wLrwxE5hIvoYqo1L8BQVu8fY1TFAPtoae1i
+ Bg/GIJyP3iLfyuBJaDvJJLP30wBH9i/s5J3656PevpOVdTfi777Fi9Gj6y/ib2Vv
+ +OZfJkkp4L50+p5TUhPmQLJtREsgtl+tnIOyJT++G9U=
+ </Y>
+ </DSAKeyValue>
+ </KeyValue>
+ </KeyInfo>
+</Signature>
diff --git a/tests/merlin-xmldsig-twenty-three/signature-keyname.tmpl b/tests/merlin-xmldsig-twenty-three/signature-keyname.tmpl
new file mode 100644
index 00000000..9059e282
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/signature-keyname.tmpl
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <KeyInfo>
+ <KeyName></KeyName>
+ </KeyInfo>
+</Signature>
diff --git a/tests/merlin-xmldsig-twenty-three/signature-keyname.xml b/tests/merlin-xmldsig-twenty-three/signature-keyname.xml
new file mode 100644
index 00000000..a7c60a3d
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/signature-keyname.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ JkJ3GplEU0iDbqSv7ZOXhvv3zeM1KmP+CLphhoc+NPYqpGYQiW6O6w==
+ </SignatureValue>
+ <KeyInfo>
+ <KeyName>Lugh</KeyName>
+ </KeyInfo>
+</Signature>
diff --git a/tests/merlin-xmldsig-twenty-three/signature-retrievalmethod-rawx509crt.tmpl b/tests/merlin-xmldsig-twenty-three/signature-retrievalmethod-rawx509crt.tmpl
new file mode 100644
index 00000000..11d69cfd
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/signature-retrievalmethod-rawx509crt.tmpl
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <KeyInfo>
+ <RetrievalMethod Type="http://www.w3.org/2000/09/xmldsig#rawX509Certificate" URI="tests/keys/dsacert.der" />
+ </KeyInfo>
+</Signature>
diff --git a/tests/merlin-xmldsig-twenty-three/signature-retrievalmethod-rawx509crt.xml b/tests/merlin-xmldsig-twenty-three/signature-retrievalmethod-rawx509crt.xml
new file mode 100644
index 00000000..30620184
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/signature-retrievalmethod-rawx509crt.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ SNB5FI193RFXoG2j8Z9bXWgW7BMPICqNob4Hjh08oou4tkhGxz4+pg==
+ </SignatureValue>
+ <KeyInfo>
+ <RetrievalMethod Type="http://www.w3.org/2000/09/xmldsig#rawX509Certificate" URI="tests/merlin-xmldsig-twenty-three/certs/balor.der" />
+ </KeyInfo>
+</Signature>
diff --git a/tests/merlin-xmldsig-twenty-three/signature-x509-crt-crl.tmpl b/tests/merlin-xmldsig-twenty-three/signature-x509-crt-crl.tmpl
new file mode 100644
index 00000000..8c2e6692
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/signature-x509-crt-crl.tmpl
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ </X509Data>
+ </KeyInfo>
+</Signature>
diff --git a/tests/merlin-xmldsig-twenty-three/signature-x509-crt-crl.xml b/tests/merlin-xmldsig-twenty-three/signature-x509-crt-crl.xml
new file mode 100644
index 00000000..fe01797e
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/signature-x509-crt-crl.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ WF6EaX66f8CdGE6NafmzdLpb/1OVYX4kBNsqgGIqHR5JZAu4HpbVQQ==
+ </SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ <X509Certificate>
+ MIIDTjCCAw6gAwIBAgIGAOz5Id5/MAkGByqGSM44BAMwdjELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEdMBsGA1UEAxMUQW5vdGhlciBUcmFu
+ c2llbnQgQ0EwHhcNMDIwNDAzMDAwMDI4WhcNMTIwNDAyMjI1OTQ2WjBmMQswCQYD
+ VQQGEwJJRTEPMA0GA1UECBMGRHVibGluMSQwIgYDVQQKExtCYWx0aW1vcmUgVGVj
+ aG5vbG9naWVzIEx0ZC4xETAPBgNVBAsTCFgvU2VjdXJlMQ0wCwYDVQQDEwRCcmVz
+ MIIBtjCCASsGByqGSM44BAEwggEeAoGBAISKsEonjNGgHs/uh+9YKgnwZ8Bt3T7u
+ yQBJW9dxpMF0cPUXz4dFbSFY4QyW8igCLswpOa+eHHEYsWvE0Nr1lcKHUPXq7u41
+ JJwHNq1RAFeZiU6wa+1FL3v1/T1rAgzepV7xS4iafz4vxdHMlfwgKfoyKfq6JU1z
+ oVM/ahI5xWDDAhUAmEv6eIJrB4KN0fPRABPx3NHYclkCgYAlhuYZ/AzPta7+bE5C
+ QasmSVzc8uM/e+LN7ABlEXwQRk6QfZBcX8TbePNE8ZFng4Uft/QzAOUxALET7kKA
+ ek4Jeytpzc0XYCYyuGJATm4F9ZY1pAJ5yQmUmwvDYdlaZJ4ldGzO/R57Evngn/G4
+ tqjjoi0sx3jq7czvDwdGHnky0AOBhAACgYBgvDFxw1U6Ou2G6P/+347Jfk2wPB1/
+ atr4p3JUVLuT0ExZG6np+rKiXmcBbYKbAhMY37zVkroR9bwo+NgaJGubQ4ex5Y1X
+ N2Q5gIHNhNfKr8G4LPVqWGxf/lFPDYxX3ezqBJPpJCJTREX7s6Hp/VTV2SpQlySv
+ +GRcFKJFPlhD9aM6MDgwDgYDVR0PAQH/BAQDAgeAMBEGA1UdDgQKBAiC+5gx0MHL
+ hTATBgNVHSMEDDAKgAiKHFYwWjISfTAJBgcqhkjOOAQDAy8AMCwCFDTcM5i61uqq
+ /aveERhOJ6NG/LubAhREVDtAeNbTEywXr4O7KvEEvFLUjg==
+ </X509Certificate>
+ <X509CRL>
+ MIIBJDCB5AIBATAJBgcqhkjOOAQDMHYxCzAJBgNVBAYTAklFMQ8wDQYDVQQIEwZE
+ dWJsaW4xJDAiBgNVBAoTG0JhbHRpbW9yZSBUZWNobm9sb2dpZXMgTHRkLjERMA8G
+ A1UECxMIWC9TZWN1cmUxHTAbBgNVBAMTFEFub3RoZXIgVHJhbnNpZW50IENBFw0w
+ MjA0MDQwMjE2NThaFw0xMTA0MDIwMjE2NThaMBkwFwIGAOz5Id5/Fw0wMjA0MDQw
+ MjE2NThaoCMwITATBgNVHSMEDDAKgAiKHFYwWjISfTAKBgNVHRQEAwIBADAJBgcq
+ hkjOOAQDAzAAMC0CFCEIm38fvGzSJHms284hUs9dNB8nAhUAjEtZr0TGgc6sVRVk
+ krEgltdo7Jw=
+ </X509CRL>
+ </X509Data>
+ </KeyInfo>
+</Signature>
diff --git a/tests/merlin-xmldsig-twenty-three/signature-x509-crt.tmpl b/tests/merlin-xmldsig-twenty-three/signature-x509-crt.tmpl
new file mode 100644
index 00000000..8c2e6692
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/signature-x509-crt.tmpl
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ </X509Data>
+ </KeyInfo>
+</Signature>
diff --git a/tests/merlin-xmldsig-twenty-three/signature-x509-crt.xml b/tests/merlin-xmldsig-twenty-three/signature-x509-crt.xml
new file mode 100644
index 00000000..2048fd27
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/signature-x509-crt.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ GCQVmBq+1H7e9IjvKfe+egLM1Jlp3L1JCGkl9SlJ0eaDh2MKYUUnHA==
+ </SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ <X509Certificate>
+ MIIDUDCCAxCgAwIBAgIGAOz5IVHTMAkGByqGSM44BAMwdjELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEdMBsGA1UEAxMUQW5vdGhlciBUcmFu
+ c2llbnQgQ0EwHhcNMDIwNDAyMjM1OTUyWhcNMTIwNDAyMjI1OTQ2WjBoMQswCQYD
+ VQQGEwJJRTEPMA0GA1UECBMGRHVibGluMSQwIgYDVQQKExtCYWx0aW1vcmUgVGVj
+ aG5vbG9naWVzIEx0ZC4xETAPBgNVBAsTCFgvU2VjdXJlMQ8wDQYDVQQDEwZNb3Jp
+ Z3UwggG2MIIBKwYHKoZIzjgEATCCAR4CgYEAhIqwSieM0aAez+6H71gqCfBnwG3d
+ Pu7JAElb13GkwXRw9RfPh0VtIVjhDJbyKAIuzCk5r54ccRixa8TQ2vWVwodQ9eru
+ 7jUknAc2rVEAV5mJTrBr7UUve/X9PWsCDN6lXvFLiJp/Pi/F0cyV/CAp+jIp+rol
+ TXOhUz9qEjnFYMMCFQCYS/p4gmsHgo3R89EAE/Hc0dhyWQKBgCWG5hn8DM+1rv5s
+ TkJBqyZJXNzy4z974s3sAGURfBBGTpB9kFxfxNt480TxkWeDhR+39DMA5TEAsRPu
+ QoB6Tgl7K2nNzRdgJjK4YkBObgX1ljWkAnnJCZSbC8Nh2VpkniV0bM79HnsS+eCf
+ 8bi2qOOiLSzHeOrtzO8PB0YeeTLQA4GEAAKBgH1NBJ9Az5TwY4tDE0dPYVHHABt+
+ yLspnT3k9G6YWUMFhZ/+3RuqEPjnKrPfUoXTTJGIACgPU3/PkqwrPVD0JMdpOcnZ
+ LHiJ/P7QRQeMwDRoBrs7genB1bDd4pSJrEUcjrkA5uRrIj2Z5fL+UuLiLGPO2rM7
+ BNQRIq3QFPdX++NuozowODAOBgNVHQ8BAf8EBAMCB4AwEQYDVR0OBAoECIK7Ljjh
+ +EsfMBMGA1UdIwQMMAqACIocVjBaMhJ9MAkGByqGSM44BAMDLwAwLAIUEJJCOHw8
+ ppxoRyz3s+Vmb4NKIfMCFDgJoZn9zh/3WoYNBURODwLvyBOy
+ </X509Certificate>
+ </X509Data>
+ </KeyInfo>
+</Signature>
diff --git a/tests/merlin-xmldsig-twenty-three/signature-x509-is.tmpl b/tests/merlin-xmldsig-twenty-three/signature-x509-is.tmpl
new file mode 100644
index 00000000..8c2e6692
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/signature-x509-is.tmpl
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ </X509Data>
+ </KeyInfo>
+</Signature>
diff --git a/tests/merlin-xmldsig-twenty-three/signature-x509-is.xml b/tests/merlin-xmldsig-twenty-three/signature-x509-is.xml
new file mode 100644
index 00000000..b7a01f85
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/signature-x509-is.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ bmKMy/w1DO9dHA6E7Dt0B8IFkYAj1/UD3TqcdqIcfkMT7evE8+NBgg==
+ </SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ <X509IssuerSerial>
+ <X509IssuerName>
+ CN=Another Transient CA,OU=X/Secure,O=Baltimore Technologies Ltd.,ST=Dublin,C=IE
+ </X509IssuerName>
+ <X509SerialNumber>1017792003066</X509SerialNumber>
+ </X509IssuerSerial>
+ </X509Data>
+ </KeyInfo>
+</Signature>
diff --git a/tests/merlin-xmldsig-twenty-three/signature-x509-ski.tmpl b/tests/merlin-xmldsig-twenty-three/signature-x509-ski.tmpl
new file mode 100644
index 00000000..8c2e6692
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/signature-x509-ski.tmpl
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ </X509Data>
+ </KeyInfo>
+</Signature>
diff --git a/tests/merlin-xmldsig-twenty-three/signature-x509-ski.xml b/tests/merlin-xmldsig-twenty-three/signature-x509-ski.xml
new file mode 100644
index 00000000..c71bfce5
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/signature-x509-ski.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ F9nEU1Us48iKTml8n7E4wt7HtFJ5gaLIgox0J9WbujGndW0oQJbeGg==
+ </SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ <X509SKI>
+ hf10xKfSnIg=
+ </X509SKI>
+ </X509Data>
+ </KeyInfo>
+</Signature>
diff --git a/tests/merlin-xmldsig-twenty-three/signature-x509-sn.tmpl b/tests/merlin-xmldsig-twenty-three/signature-x509-sn.tmpl
new file mode 100644
index 00000000..8c2e6692
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/signature-x509-sn.tmpl
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ </X509Data>
+ </KeyInfo>
+</Signature>
diff --git a/tests/merlin-xmldsig-twenty-three/signature-x509-sn.xml b/tests/merlin-xmldsig-twenty-three/signature-x509-sn.xml
new file mode 100644
index 00000000..d5b08088
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/signature-x509-sn.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ MUOjiqG0dbjvR6+qYYPL85nKSt2FeZGQBQkYudv48KyJhJLG1Bp+bA==
+ </SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ <X509SubjectName>
+ CN=Badb,OU=X/Secure,O=Baltimore Technologies Ltd.,ST=Dublin,C=IE
+ </X509SubjectName>
+ </X509Data>
+ </KeyInfo>
+</Signature>
diff --git a/tests/merlin-xmldsig-twenty-three/signature.tmpl b/tests/merlin-xmldsig-twenty-three/signature.tmpl
new file mode 100644
index 00000000..ebd2bc2a
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/signature.tmpl
@@ -0,0 +1,245 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE Envelope [
+ <!ENTITY dsig 'http://www.w3.org/2000/09/xmldsig#'>
+ <!ENTITY c14n 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'>
+ <!ENTITY xpath 'http://www.w3.org/TR/1999/REC-xpath-19991116'>
+ <!ENTITY xslt 'http://www.w3.org/TR/1999/REC-xslt-19991116'>
+ <!ATTLIST Notaries Id ID #IMPLIED>
+]>
+<!-- Preamble -->
+<Envelope xmlns:foo="http://example.org/foo" xmlns="http://example.org/usps">
+ <DearSir>foo</DearSir>
+ <Body>bar</Body>
+ <YoursSincerely>
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="signature">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ <Reference URI="http://www.w3.org/Signature/2002/04/xml-stylesheet.b64">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#base64" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#object-1">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+ self::text()
+ </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#object-2">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#base64" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="#manifest-1">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#SignatureProperties" URI="#signature-properties-1">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ <Reference URI="#xpointer(/)">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ <Reference URI="#xpointer(/)">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#object-3">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#object-3">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#xpointer(id('object-3'))">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#xpointer(id('object-3'))">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ <Reference Id="reference-1" URI="#manifest-reference-1">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ <Reference Id="reference-2" URI="#reference-1">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ <Reference URI="#reference-2">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ ancestor-or-self::dsig:SignedInfo
+ and
+ count(ancestor-or-self::dsig:Reference |
+ here()/ancestor::dsig:Reference[1]) &gt;
+ count(ancestor-or-self::dsig:Reference)
+ or
+ count(ancestor-or-self::node() |
+ id('notaries')) =
+ count(ancestor-or-self::node())
+ </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <KeyInfo>
+ <RetrievalMethod Type="http://www.w3.org/2000/09/xmldsig#X509Data" URI="#object-4">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ ancestor-or-self::dsig:X509Data
+ </XPath>
+ </Transform>
+ </Transforms>
+ </RetrievalMethod>
+ </KeyInfo>
+ <Object Id="object-1" MimeType="text/plain">I am the text.</Object>
+ <Object Encoding="http://www.w3.org/2000/09/xmldsig#base64" Id="object-2" MimeType="text/plain">SSBhbSB0aGUgdGV4dC4=</Object>
+ <Object Id="object-3">
+ <NonCommentandus xmlns=""><!-- Commentandum --></NonCommentandus>
+ </Object>
+ <Object>
+ <Manifest Id="manifest-1">
+ <Reference Id="manifest-reference-1" URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ <Reference URI="#reference-1">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ <Reference URI="#notaries">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/TR/xhtml1/strict" exclude-result-prefixes="foo" version="1.0">
+ <xsl:output encoding="UTF-8" indent="no" method="xml" />
+ <xsl:template match="/">
+ <html>
+ <head>
+ <title>Notaries</title>
+ </head>
+ <body>
+ <table>
+ <xsl:for-each select="Notaries/Notary">
+ <tr>
+ <th>
+ <xsl:value-of select="@name" />
+ </th>
+ </tr>
+ </xsl:for-each>
+ </table>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue></DigestValue>
+ </Reference>
+ </Manifest>
+ </Object>
+ <Object>
+ <SignatureProperties Id="signature-properties-1">
+ <SignatureProperty Target="#signature">
+ <SignerAddress xmlns="urn:demo"><IP>192.168.21.138</IP></SignerAddress>
+ </SignatureProperty>
+ </SignatureProperties>
+ </Object>
+ <Object Id="object-4">
+ <X509Data>
+ <X509Certificate>
+MIIEdDCCBB6gAwIBAgIJANaOuOCRgiz5MA0GCSqGSIb3DQEBBQUAMIHIMQswCQYD
+VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTE9MDsGA1UEChM0WE1MIFNlY3Vy
+aXR5IExpYnJhcnkgKGh0dHA6Ly93d3cuYWxla3NleS5jb20veG1sc2VjKTEqMCgG
+A1UECxMhVGVzdCBTZWNvbmQgTGV2ZWwgUlNBIENlcnRpZmljYXRlMRYwFAYDVQQD
+Ew1BbGVrc2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5j
+b20wHhcNMDUwNzEwMDIzMTU5WhcNMTUwNzA4MDIzMTU5WjCBxzELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExPTA7BgNVBAoTNFhNTCBTZWN1cml0eSBM
+aWJyYXJ5IChodHRwOi8vd3d3LmFsZWtzZXkuY29tL3htbHNlYykxKTAnBgNVBAsT
+IFRlc3QgVGhpcmQgTGV2ZWwgRFNBIENlcnRpZmljYXRlMRYwFAYDVQQDEw1BbGVr
+c2V5IFNhbmluMSEwHwYJKoZIhvcNAQkBFhJ4bWxzZWNAYWxla3NleS5jb20wgfAw
+gagGByqGSM44BAEwgZwCQQDIMfw6P79Fcw0hrxYKq3ePh7wmevc95UjfF2JHQJBX
+Jb9XFBa5LRy71lzh/OYMH4oh4giiFVRVBCW9HpZqOTNJAhUAlEOrmqjJG3tfjU49
+XjJuM3AXNskCQAUzwzmbp53bZ+bzDcOU6UGh3Ig/TFdLGXYevs3tiZaFLa//EYF+
+l5Tdsr3NQpGRRf4arXvXPZyIJhYYHJVk7OMDQwACQDonSDDJk3VaIfdVHPnOitRq
+V5XPFfMDksNb0WelnZdl/qokl9eaU+8uiH7LtsU0QYX9lE8kTplcUdD0bxjDYJ2j
+ggFTMIIBTzAMBgNVHRMEBTADAQH/MCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdl
+bmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUpVifKXAtGkJHRAParmenuvcp
+ZT4wgfEGA1UdIwSB6TCB5oAU/uTsUyTwlZXHELXhRLVdOWVa436hgcKkgb8wgbwx
+CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMT0wOwYDVQQKEzRYTUwg
+U2VjdXJpdHkgTGlicmFyeSAoaHR0cDovL3d3dy5hbGVrc2V5LmNvbS94bWxzZWMp
+MR4wHAYDVQQLExVUZXN0IFJvb3QgQ2VydGlmaWNhdGUxFjAUBgNVBAMTDUFsZWtz
+ZXkgU2FuaW4xITAfBgkqhkiG9w0BCQEWEnhtbHNlY0BhbGVrc2V5LmNvbYIJANaO
+uOCRgiz4MA0GCSqGSIb3DQEBBQUAA0EAJB9Kc4/Z0hTwiDYR5fXVPyzAjD+BeChR
+F14ztWl1Ol6REWFRbIGfEz3XDgCHCiocM8ExXi7zn26R072cdBz7+w==
+ </X509Certificate>
+ </X509Data>
+ </Object>
+ </Signature>
+ </YoursSincerely>
+ <PostScript>bar</PostScript>
+ <Notaries xmlns="" Id="notaries">
+ <Notary name="Great, A. T." />
+ <Notary name="Hun, A. T." />
+ </Notaries>
+ <!-- Commentary -->
+</Envelope>
+<!-- Postamble -->
diff --git a/tests/merlin-xmldsig-twenty-three/signature.xml b/tests/merlin-xmldsig-twenty-three/signature.xml
new file mode 100644
index 00000000..504fbe11
--- /dev/null
+++ b/tests/merlin-xmldsig-twenty-three/signature.xml
@@ -0,0 +1,269 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE Envelope [
+ <!ENTITY dsig 'http://www.w3.org/2000/09/xmldsig#'>
+ <!ENTITY c14n 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'>
+ <!ENTITY xpath 'http://www.w3.org/TR/1999/REC-xpath-19991116'>
+ <!ENTITY xslt 'http://www.w3.org/TR/1999/REC-xslt-19991116'>
+ <!ATTLIST Notaries Id ID #IMPLIED>
+]>
+<!-- Preamble -->
+<Envelope xmlns:foo="http://example.org/foo" xmlns="http://example.org/usps">
+ <DearSir>foo</DearSir>
+ <Body>bar</Body>
+ <YoursSincerely>
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="signature">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ <Reference URI="http://www.w3.org/Signature/2002/04/xml-stylesheet.b64">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#base64" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#object-1">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+ self::text()
+ </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>zyjp8GJOX69990Kkqw8ioPXGExk=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ ancestor-or-self::dsig:SignedInfo
+ and
+ count(ancestor-or-self::dsig:Reference |
+ here()/ancestor::dsig:Reference[1]) &gt;
+ count(ancestor-or-self::dsig:Reference)
+ or
+ count(ancestor-or-self::node() |
+ id('notaries')) =
+ count(ancestor-or-self::node())
+ </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>tQiE3GUKiBenPyp3J0Ei6rJMFv4=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#object-2">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#base64" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>zyjp8GJOX69990Kkqw8ioPXGExk=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="#manifest-1">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>qg4HFwsN+/WX32uH85WlJU9l45k=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#SignatureProperties" URI="#signature-properties-1">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>ETlEI3y7hvvAtMe9wQSz7LhbHEE=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>J/O0HhdaPXxx49fgGWMESL09GpA=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>J/O0HhdaPXxx49fgGWMESL09GpA=</DigestValue>
+ </Reference>
+ <Reference URI="#xpointer(/)">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>J/O0HhdaPXxx49fgGWMESL09GpA=</DigestValue>
+ </Reference>
+ <Reference URI="#xpointer(/)">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>MkL9CX8yeABBth1RChyPx58Ls8w=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#object-3">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>yamSIokKmjA3hB/s3Fu07wDO3vM=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#object-3">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>yamSIokKmjA3hB/s3Fu07wDO3vM=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#xpointer(id('object-3'))">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>yamSIokKmjA3hB/s3Fu07wDO3vM=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#xpointer(id('object-3'))">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>419CYgyTWOTGYGBhzieWklNf7Bk=</DigestValue>
+ </Reference>
+ <Reference URI="#reference-2">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>VzK45P9Ksjqq5oXlKQpkGgB2CNY=</DigestValue>
+ </Reference>
+ <Reference Id="reference-1" URI="#manifest-reference-1">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>7/9fR+NIDz9owc1Lfsxu1JBr8uo=</DigestValue>
+ </Reference>
+ <Reference Id="reference-2" URI="#reference-1">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>qURlo3LSq4TWQtygBZJ0iXQ9E14=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ WvZUJAJ/3QNqzQvwne2vvy7U5Pck8ZZ5UTa6pIwR7GE+PoGi6A1kyw==
+ </SignatureValue>
+ <KeyInfo>
+ <RetrievalMethod Type="http://www.w3.org/2000/09/xmldsig#X509Data" URI="#object-4">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ ancestor-or-self::dsig:X509Data
+ </XPath>
+ </Transform>
+ </Transforms>
+ </RetrievalMethod>
+ </KeyInfo>
+ <Object Id="object-1" MimeType="text/plain">I am the text.</Object>
+ <Object Encoding="http://www.w3.org/2000/09/xmldsig#base64" Id="object-2" MimeType="text/plain">SSBhbSB0aGUgdGV4dC4=</Object>
+ <Object Id="object-3">
+ <NonCommentandus xmlns=""><!-- Commentandum --></NonCommentandus>
+ </Object>
+ <Object>
+ <Manifest Id="manifest-1">
+ <Reference Id="manifest-reference-1" URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ <Reference URI="#reference-1">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>qURlo3LSq4TWQtygBZJ0iXQ9E14=</DigestValue>
+ </Reference>
+ <Reference URI="#notaries">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/TR/xhtml1/strict" exclude-result-prefixes="foo" version="1.0">
+ <xsl:output encoding="UTF-8" indent="no" method="xml" />
+ <xsl:template match="/">
+ <html>
+ <head>
+ <title>Notaries</title>
+ </head>
+ <body>
+ <table>
+ <xsl:for-each select="Notaries/Notary">
+ <tr>
+ <th>
+ <xsl:value-of select="@name" />
+ </th>
+ </tr>
+ </xsl:for-each>
+ </table>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>c7wq5XKos6RqNVJyFy7/fl6+sAs=</DigestValue>
+ </Reference>
+ </Manifest>
+ </Object>
+ <Object>
+ <SignatureProperties Id="signature-properties-1">
+ <SignatureProperty Target="#signature">
+ <SignerAddress xmlns="urn:demo"><IP>192.168.21.138</IP></SignerAddress>
+ </SignatureProperty>
+ </SignatureProperties>
+ </Object>
+ <Object Id="object-4">
+ <X509Data>
+ <X509SubjectName>
+ CN=Merlin Hughes,OU=X/Secure,O=Baltimore Technologies Ltd.,ST=Dublin,C=IE
+ </X509SubjectName>
+ <X509IssuerSerial>
+ <X509IssuerName>
+ CN=Transient CA,OU=X/Secure,O=Baltimore Technologies Ltd.,ST=Dublin,C=IE
+ </X509IssuerName>
+ <X509SerialNumber>1017788370348</X509SerialNumber>
+ </X509IssuerSerial>
+ <X509Certificate>
+ MIIDUDCCAxCgAwIBAgIGAOz46g2sMAkGByqGSM44BAMwbjELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEVMBMGA1UEAxMMVHJhbnNpZW50IENB
+ MB4XDTAyMDQwMjIyNTkzMFoXDTEyMDQwMjIxNTkyNVowbzELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEWMBQGA1UEAxMNTWVybGluIEh1Z2hl
+ czCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQDd454C+qcTIWlb65NKCt2PtguNpOSn
+ Id5woUigu7xBk2QZNAjVyIhMEfSWp8iR0IdKLx+JQLcNOrcn0Wwl5/hhW0MXsmlS
+ 8dM5Cq2rtmDHooLxbGTPqtALE6vsXQCk5iLz3MtGh7gyQMZ7q7HT5a3I5NChUgY1
+ MMNQVetRA1susQIVAIQy3BStBjvx89Wq8Tjr7IDP1S8lAoGBAJ58e4W3VqMxm7Zx
+ YJ2xZ6KX0Ze10WnKZDyURn+T9iFIFbKRFElKDeotXwwXwYON8yre3ZRGkC+2+fiU
+ 2bdzIWTT6LMbIMVbk+07P4OZOxJ6XWL9GuYcOQcNvX42xh34DPHdq4XdlItMR25N
+ A+OdZ4S8VVrpb4jkj4cyir1628kgA4GEAAKBgHH2KYoaQEHnqWzRUuDAG0EYXV6Q
+ 4ucC68MROYSL6GKqNS/AUFbvH2NUxQD7aGntYgYPxiCcj94i38rgSWg7ySSz99MA
+ R/Yv7OSd+uej3r6TlXU34u++xYvRo+sv4m9lb/jmXyZJKeC+dPqeU1IT5kCybURL
+ ILZfrZyDsiU/vhvVozowODAOBgNVHQ8BAf8EBAMCB4AwEQYDVR0OBAoECIatY7SE
+ lXEOMBMGA1UdIwQMMAqACIOGPkB2MuKTMAkGByqGSM44BAMDLwAwLAIUSvT02iQj
+ Q5da4Wpe0Bvs7GuCcVsCFCEcQpbjUfnxXFXNWiFyQ49ZrWqn
+ </X509Certificate>
+ <X509Certificate>
+ MIIDSzCCAwugAwIBAgIGAOz46fwJMAkGByqGSM44BAMwbjELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEVMBMGA1UEAxMMVHJhbnNpZW50IENB
+ MB4XDTAyMDQwMjIyNTkyNVoXDTEyMDQwMjIxNTkyNVowbjELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEVMBMGA1UEAxMMVHJhbnNpZW50IENB
+ MIIBtzCCASwGByqGSM44BAEwggEfAoGBAN3jngL6pxMhaVvrk0oK3Y+2C42k5Kch
+ 3nChSKC7vEGTZBk0CNXIiEwR9JanyJHQh0ovH4lAtw06tyfRbCXn+GFbQxeyaVLx
+ 0zkKrau2YMeigvFsZM+q0AsTq+xdAKTmIvPcy0aHuDJAxnursdPlrcjk0KFSBjUw
+ w1BV61EDWy6xAhUAhDLcFK0GO/Hz1arxOOvsgM/VLyUCgYEAnnx7hbdWozGbtnFg
+ nbFnopfRl7XRacpkPJRGf5P2IUgVspEUSUoN6i1fDBfBg43zKt7dlEaQL7b5+JTZ
+ t3MhZNPosxsgxVuT7Ts/g5k7EnpdYv0a5hw5Bw29fjbGHfgM8d2rhd2Ui0xHbk0D
+ 451nhLxVWulviOSPhzKKvXrbySADgYQAAoGAfag+HCABIJadDD9Aarhgc2QR3Lp7
+ PpMOh0lAwLiIsvkO4UlbeOS0IJC8bcqLjM1fVw6FGSaxmq+4y1ag2m9k6IdE0Qh5
+ NxB/xFkmdwqXFRIJVp44OeUygB47YK76NmUIYG3DdfiPPU3bqzjvtOtETiCHvo25
+ 4D6UjwPpYErXRUajNjA0MA4GA1UdDwEB/wQEAwICBDAPBgNVHRMECDAGAQH/AgEA
+ MBEGA1UdDgQKBAiDhj5AdjLikzAJBgcqhkjOOAQDAy8AMCwCFELu0nuweqW7Wf0s
+ gk/CAGGL0BGKAhRNdgQGr5iyZKoH4oqPm0VJ9TjXLg==
+ </X509Certificate>
+ </X509Data>
+ </Object>
+ </Signature>
+ </YoursSincerely>
+ <PostScript>bar</PostScript>
+ <Notaries xmlns="" Id="notaries">
+ <Notary name="Great, A. T." />
+ <Notary name="Hun, A. T." />
+ </Notaries>
+ <!-- Commentary -->
+</Envelope>
+<!-- Postamble -->
diff --git a/tests/merlin-xmlenc-five/Readme.txt b/tests/merlin-xmlenc-five/Readme.txt
new file mode 100644
index 00000000..3a663b7c
--- /dev/null
+++ b/tests/merlin-xmlenc-five/Readme.txt
@@ -0,0 +1,117 @@
+Example Signatures[1] using Encryption[2] key information and
+Additional Security URIs[3], Encrypted Data[2] and Decryption
+Transform[4]
+
+[1] http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/
+[2] http://www.w3.org/Encryption/2001/Drafts/xmlenc-core/
+[3] http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt
+[4] http://www.w3.org/TR/xmlenc-decrypt
+
+***
+Some of these signature are WITHOUT cryptographic merit;
+for example, key transport of an HMAC key is meaningless.
+These are provided solely for testing purposes.
+***
+
+Private keys necessary for performing the verification
+and decryption are provided in the PKCS#12 file ids.p12,
+encrypted under the pass phrase "Our Little Secret". I
+may have done some of the ASN.1 encoding in this P12
+incorrectly; I hope not. Private keys are also available
+in PKCS#8 encoding; rsa.p8, dh1.p8.
+
+RSA/OAEP is presently poorly defined; I assume MGF1/SHA-1.
+
+Secret keys are identified by key name as follows:
+
+ Key Name | Algorithm | Key Value
+----------+-----------+-----------
+ bob | 3des | "abcdefghijklmnopqrstuvwx".getBytes ("ASCII")
+ job | aes-128 | "abcdefghijklmnop".getBytes ("ASCII")
+ jeb | aes-192 | "abcdefghijklmnopqrstuvwx".getBytes ("ASCII")
+ jed | aes-256 | "abcdefghijklmnopqrstuvwxyz012345".getBytes ("ASCII")
+
+. encrypt-content-aes128-cbc-kw-aes192.xml
+. encrypt-content-aes192-cbc-dh-sha512.xml
+. encrypt-content-tripledes-cbc.xml
+. encrypt-data-aes128-cbc.xml
+. encrypt-data-aes192-cbc-kw-aes256.xml
+. encrypt-data-aes256-cbc-kw-tripledes.xml
+. encrypt-data-tripledes-cbc-rsa-oaep-mgf1p-sha256.xml
+. encrypt-data-tripledes-cbc-rsa-oaep-mgf1p.xml
+. encrypt-element-aes128-cbc-rsa-1_5.xml
+. encrypt-element-aes192-cbc-ref.xml
+. encrypt-element-aes256-cbc-kw-aes256-dh-ripemd160.xml
+. encrypt-element-tripledes-cbc-kw-aes128.xml
+ Encrypted content, element and data. RSA private key has
+ friendly name "RSA" in the P12, and is rsa.p8.
+ DH private key has ID "DH1", and is dh1.p8.
+
+. encrypt-content-aes256-cbc-prop.xml
+ Contains a useless EncryptionProperty.
+
+. encrypt-element-aes256-cbc-carried-kw-aes256.xml
+ External EncryptedKey contains a CarriedKeyName which
+ is referenced by a KeyName in the EncryptedData; the
+ key for Recipient "someone else" is not for you; the
+ key for Recipient "you" is.
+
+. encrypt-element-aes256-cbc-retrieved-kw-aes256.xml
+ External EncryptedKey is identified by a RetrievalMethod
+ in the EncryptedData.
+
+. decryption-transform.xml
+ Decryption transform.
+
+. decryption-transform-except.xml
+ Decryption transform with Except.
+
+All signatures are performed with nontruncated HMAC
+algorithms.
+
+For debugging purposes, where chosen, the MAC key is
+"abcdefghijklmnopqrstuvwxyz012345".getBytes ("ASCII"). Where
+agreed, it has length equal to the HMAC output length; e.g., 256
+bits for HMAC/SHA-256.
+
+. encsig-ripemd160-hmac-ripemd160-kw-tripledes.xml
+ RIPEMD-160 message digest; HMAC/RIPEMD-160 key is wrapped
+ using triple DES. The decryption key is from the above table,
+ identified by the key name "bob".
+
+. encsig-sha256-hmac-sha256-kw-aes128.xml
+ SHA-256 message digest; HMAC/SHA-256 key is wrapped using
+ AES-128. The decryption key is from the above table, identified
+ by the key name "job".
+
+. encsig-sha384-hmac-sha384-kw-aes192.xml
+ SHA-384 message digest; HMAC/SHA-384 key is wrapped using
+ AES-192. The decryption key is from the above table, identified
+ by the key name "jeb".
+
+. encsig-sha512-hmac-sha512-kw-aes256.xml
+ SHA-512 message digest; HMAC/SHA-512 key is wrapped using
+ AES-256. The decryption key is from the above table, identified
+ by the key name "jed".
+
+. encsig-hmac-sha256-rsa-1_5.xml
+ HMAC/SHA-256 keys is transported using RSA/OAEP. Your private
+ key has friendly name "RSA" in the P12.
+
+. encsig-hmac-sha256-rsa-oaep-mgf1p.xml
+ HMAC/SHA-256 keys is transported using RSA/PKCS#1. Your private
+ key has friendly name "RSA" in the P12.
+
+. encsig-hmac-sha256-dh.xml
+ HMAC/SHA-256 key is agreed using Diffie Hellman. Your private
+ key has friendly name "DH1" in the P12.
+
+. encsig-hmac-sha256-kw-tripledes-dh.xml
+ HMAC/SHA-256 key is wrapped using triple DES. The decryption
+ key is agreed using Diffie Hellman. Your private key has
+ friendly name "DH1" in the P12.
+
+Merlin Hughes <merlin@baltimore.ie>
+Baltimore Technologies, Ltd.
+
+Monday, March 4, 2002
diff --git a/tests/merlin-xmlenc-five/bad-encrypt-content-aes128-cbc-kw-aes192.xml b/tests/merlin-xmlenc-five/bad-encrypt-content-aes128-cbc-kw-aes192.xml
new file mode 100644
index 00000000..74eec57f
--- /dev/null
+++ b/tests/merlin-xmlenc-five/bad-encrypt-content-aes128-cbc-kw-aes192.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PurchaseOrder xmlns="urn:example:po">
+ <Items>
+ <Item Code="001-001-001" Quantity="1">
+ spade
+ </Item>
+ <Item Code="001-001-002" Quantity="1">
+ shovel
+ </Item>
+ </Items>
+ <ShippingAddress>
+ Dig PLC, 1 First Ave, Dublin 1, Ireland
+ </ShippingAddress>
+ <PaymentInfo>
+ <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Content">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes192" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>jeb</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ JbjZH7Mq564oMybpvCHWYM/5ER3eFsAV
+ </CipherValue>
+ </CipherData>
+ </EncryptedKey>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ YDYTxR+smxZDSVoXXEp3n6HzTgWqV7ZlG6I1lmEv7zLGZBF/o7eqe5QGT6L3DPNW
+ geflA8vVJHxwliixWcvHCnNKQkx+Sw8YbIknCQyr4mqtXEmHhsie5XYTEyqgKLVP
+ YdNXf56wLUTMEmBqq7cto9OrYcBWkrDcQQvHmDkHuG+Nom4m+623GsB0FNts6VyN
+ sdGMwo4K0bEFReLL04l6It+cgLJ2q+LKdBoMQL59IAQmrwi0bkiqee2cLlDuGyQ1
+ KD9IQ1qtlJpvQujN4xNVWT00UjtWxmpSMID/Kue/AnXn7Cf8zw1ZZQitgh8uWOX2
+ uMy99F2YlxqIK1r+MeXHuZDNf75S8dFaKIKtHMf7ioA=
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
+ </PaymentInfo>
+</PurchaseOrder>
diff --git a/tests/merlin-xmlenc-five/decryption-transform-except.xml b/tests/merlin-xmlenc-five/decryption-transform-except.xml
new file mode 100644
index 00000000..bdd22516
--- /dev/null
+++ b/tests/merlin-xmlenc-five/decryption-transform-except.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PurchaseOrder xmlns="urn:example:po">
+ <Items>
+ <Item Code="001-001-001" Quantity="1">
+ spade
+ </Item>
+ <Item Code="001-001-002" Quantity="1">
+ shovel
+ </Item>
+ </Items>
+ <ShippingAddress>
+ Dig PLC, 1 First Ave, Dublin 1, Ireland
+ </ShippingAddress>
+ <PaymentInfo>
+ <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Id="encrypt-data-0" Type="http://www.w3.org/2001/04/xmlenc#Content">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>jed</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ cX6lnfgmvWuxyiQgNhzAq1lYggW2M5GziFgNBQju3xcnDqlzf5LSjeyBnbL0Q7ws
+ 8XhySFCrdwIi5mVxyfdFkVrTlzQQ0viaqTDgi9PQRgZMOImGGWij3wbmf9XseHHt
+ 6q8V7LPjMFQAnsLDQgKf4gzzOnhtKf15GfTEpGvUnNn2dLDxw+hDcD1N54/bjSQs
+ uTiL7PgGQ5g4u4eaXRRLWeAGsIf5QgdQG3GLiOZIX1LJ5bREKgXeKrtJJI97xUX3
+ 3vaF+tKRcSFBFIMjFrw271bFj4vvvQZfSS6xX+BKXHOUu8C4NH9Le8pA9o4NgCB8
+ tWA8W3iI5/BGEZve0Me9byvPHYjRXlbG+YqysVTmzfw=
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
+ <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Id="encrypt-data-1">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
+ <CipherData>
+ <CipherValue>
+ x3aR5pJ5pepFFH5ENv61pZG4pVwNKaM+H9oyY4qG6d8l/C0J1iGv6c8dyLp0YQ2k
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
+ </PaymentInfo>
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ <Transform Algorithm="http://www.w3.org/2001/04/decrypt#">
+ <Except xmlns="http://www.w3.org/2001/04/decrypt#" URI="#encrypt-data-1" />
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
+ <DigestValue>5Oe9qba6preOZG1NZAYK2/6pu9RCon9vRJ9hVLDpeng=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ LuHrz9+WG7/c4Q81tFboNZg2cktWbZcRfp08XrmgKy1GDm9xSfTYCA==
+ </SignatureValue>
+ <KeyInfo>
+ <KeyValue>
+ <DSAKeyValue>
+ <P>
+ imup6lmki4rAmUstKb/xdBRMWNtQ+pDN97ZnLA9X3lKbkEHtYFyjQ3uActgVSJ75
+ iVRuKxz4Cb5RzVm25EaKmKq8rif1MtBIi6jjDJxmIdNaEKG9zVTf9giJx1N9I0t3
+ oh1fAVZDSrzKzJGQ2WvDfIfFHdJMtB3C0VKGmLZR7Xk=
+ </P>
+ <Q>
+ xDve3j7sEnh4rIzM5gK+5/gxxFU=
+ </Q>
+ <G>
+ NLugAf6IZJxo3BCOi5yrGEVwtlEzXcnndXhd0Tz38CnQKc4SEupm4PyP5TmLvK64
+ TDfOD7sno/W5oI1KZdimfW2c4r/6waNzZSvicMOWhLYY621Nn6njBc8VNwoxWpzC
+ XhKm70b8+D4YZMn/eU5DN8dvhTv/bNK21FfJqjp033U=
+ </G>
+ <Y>
+ W7dOmH/vWqocVCiqaxj6soxVXfR8XpMdY2Zv4Amjr3n81geyOLb6IZ+l7MUbdp85
+ 29DQzuoVTthVpB9X4JKCprZIzifOTM1PFflTBzjx7egJwJWAIVdWyiIPjke6Va+w
+ uV2n4Rl/cgCvrXK5cTov5C/Bpaf6o+qrrDGFBLLZTF4=
+ </Y>
+ </DSAKeyValue>
+ </KeyValue>
+ </KeyInfo>
+ </Signature>
+</PurchaseOrder>
diff --git a/tests/merlin-xmlenc-five/decryption-transform.xml b/tests/merlin-xmlenc-five/decryption-transform.xml
new file mode 100644
index 00000000..50d68b34
--- /dev/null
+++ b/tests/merlin-xmlenc-five/decryption-transform.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PurchaseOrder xmlns="urn:example:po">
+ <Items>
+ <Item Code="001-001-001" Quantity="1">
+ spade
+ </Item>
+ <Item Code="001-001-002" Quantity="1">
+ shovel
+ </Item>
+ </Items>
+ <ShippingAddress>
+ Dig PLC, 1 First Ave, Dublin 1, Ireland
+ </ShippingAddress>
+ <PaymentInfo>
+ <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Id="encrypt-data-0" Type="http://www.w3.org/2001/04/xmlenc#Content">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>jed</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ SE3HkQevYxzuN9LoMH3QIYHK0X7DBlobhiTbRucgKcTKt9DsUJIcd6JZV6lrw/4x
+ YICyq6YM73IWpibspxgz/0chhvWem9sYZvWTuTtZgHzeY0Uri6bpXqBEn1YT0K6B
+ chwfv1myfp91EmdPHU+shH6ZEyYkHJUMss58iIawIuVsIfpCO7xDKgfs/glnN3os
+ epY0KvAMZSnwUAf42fQ3TlahLTR+B52AmdodwaCwQlwQwrC7RH0FtNiiLQA9SA2t
+ //StKWcyHjswUCejfKLdjv6bK+WmBxmnNWtmI9DYkjJ6V5pYU1MVw+JG410O+gaa
+ fnNWxlWa+BGwcTaz+KNrP8bIqli8IoJJgxXIUqfb734=
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
+ </PaymentInfo>
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ <Transform Algorithm="http://www.w3.org/2001/04/decrypt#" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
+ <DigestValue>wSvPYqTcpLfX2mKXibtsmm7FDu8N+/BObM0+bGaeXhk=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ O0VYUdslJ8t2EURD0T/v2nNrFQMo42vzvfAhooZrDbkuLbCj6/Hxmw==
+ </SignatureValue>
+ <KeyInfo>
+ <KeyValue>
+ <DSAKeyValue>
+ <P>
+ imup6lmki4rAmUstKb/xdBRMWNtQ+pDN97ZnLA9X3lKbkEHtYFyjQ3uActgVSJ75
+ iVRuKxz4Cb5RzVm25EaKmKq8rif1MtBIi6jjDJxmIdNaEKG9zVTf9giJx1N9I0t3
+ oh1fAVZDSrzKzJGQ2WvDfIfFHdJMtB3C0VKGmLZR7Xk=
+ </P>
+ <Q>
+ xDve3j7sEnh4rIzM5gK+5/gxxFU=
+ </Q>
+ <G>
+ NLugAf6IZJxo3BCOi5yrGEVwtlEzXcnndXhd0Tz38CnQKc4SEupm4PyP5TmLvK64
+ TDfOD7sno/W5oI1KZdimfW2c4r/6waNzZSvicMOWhLYY621Nn6njBc8VNwoxWpzC
+ XhKm70b8+D4YZMn/eU5DN8dvhTv/bNK21FfJqjp033U=
+ </G>
+ <Y>
+ W7dOmH/vWqocVCiqaxj6soxVXfR8XpMdY2Zv4Amjr3n81geyOLb6IZ+l7MUbdp85
+ 29DQzuoVTthVpB9X4JKCprZIzifOTM1PFflTBzjx7egJwJWAIVdWyiIPjke6Va+w
+ uV2n4Rl/cgCvrXK5cTov5C/Bpaf6o+qrrDGFBLLZTF4=
+ </Y>
+ </DSAKeyValue>
+ </KeyValue>
+ </KeyInfo>
+ </Signature>
+</PurchaseOrder>
diff --git a/tests/merlin-xmlenc-five/dh0.p8 b/tests/merlin-xmlenc-five/dh0.p8
new file mode 100644
index 00000000..86bf4ce3
--- /dev/null
+++ b/tests/merlin-xmlenc-five/dh0.p8
Binary files differ
diff --git a/tests/merlin-xmlenc-five/dh1.p8 b/tests/merlin-xmlenc-five/dh1.p8
new file mode 100644
index 00000000..86bf4ce3
--- /dev/null
+++ b/tests/merlin-xmlenc-five/dh1.p8
Binary files differ
diff --git a/tests/merlin-xmlenc-five/dsa.p8 b/tests/merlin-xmlenc-five/dsa.p8
new file mode 100644
index 00000000..95b240fc
--- /dev/null
+++ b/tests/merlin-xmlenc-five/dsa.p8
Binary files differ
diff --git a/tests/merlin-xmlenc-five/encrypt-content-aes128-cbc-kw-aes192.data b/tests/merlin-xmlenc-five/encrypt-content-aes128-cbc-kw-aes192.data
new file mode 100644
index 00000000..a42179d6
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encrypt-content-aes128-cbc-kw-aes192.data
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE test [
+<!ATTLIST PaymentInfo Id ID #IMPLIED>
+]>
+<PurchaseOrder xmlns="urn:example:po">
+ <Items>
+ <Item Code="001-001-001" Quantity="1">
+ spade
+ </Item>
+ <Item Code="001-001-002" Quantity="1">
+ shovel
+ </Item>
+ </Items>
+ <ShippingAddress>
+ Dig PLC, 1 First Ave, Dublin 1, Ireland
+ </ShippingAddress>
+ <PaymentInfo>
+ <BillingAddress>
+ Dig PLC, 1 First Ave, Dublin 1, Ireland
+ </BillingAddress>
+ <CreditCard Type="Amex">
+ <Name>Foo B Baz</Name>
+ <Number>1234 567890 12345</Number>
+ <Expires Month="1" Year="2005"/>
+ </CreditCard>
+ </PaymentInfo>
+</PurchaseOrder>
diff --git a/tests/merlin-xmlenc-five/encrypt-content-aes128-cbc-kw-aes192.tmpl b/tests/merlin-xmlenc-five/encrypt-content-aes128-cbc-kw-aes192.tmpl
new file mode 100644
index 00000000..bb6f3d71
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encrypt-content-aes128-cbc-kw-aes192.tmpl
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Content">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes192" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>jeb</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+ </EncryptedKey>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
diff --git a/tests/merlin-xmlenc-five/encrypt-content-aes128-cbc-kw-aes192.xml b/tests/merlin-xmlenc-five/encrypt-content-aes128-cbc-kw-aes192.xml
new file mode 100644
index 00000000..3553bf4a
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encrypt-content-aes128-cbc-kw-aes192.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE test [
+<!ATTLIST PaymentInfo Id ID #IMPLIED>
+]>
+<PurchaseOrder xmlns="urn:example:po">
+ <Items>
+ <Item Code="001-001-001" Quantity="1">
+ spade
+ </Item>
+ <Item Code="001-001-002" Quantity="1">
+ shovel
+ </Item>
+ </Items>
+ <ShippingAddress>
+ Dig PLC, 1 First Ave, Dublin 1, Ireland
+ </ShippingAddress>
+ <PaymentInfo>
+ <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Content">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes192" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>jeb</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ IbjZH7Mq564oMybpvCHWYM/5ER3eFsAV
+ </CipherValue>
+ </CipherData>
+ </EncryptedKey>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ YDYTxR+smxZDSVoXXEp3n6HzTgWqV7ZlG6I1lmEv7zLGZBF/o7eqe5QGT6L3DPNW
+ geflA8vVJHxwliixWcvHCnNKQkx+Sw8YbIknCQyr4mqtXEmHhsie5XYTEyqgKLVP
+ YdNXf56wLUTMEmBqq7cto9OrYcBWkrDcQQvHmDkHuG+Nom4m+623GsB0FNts6VyN
+ sdGMwo4K0bEFReLL04l6It+cgLJ2q+LKdBoMQL59IAQmrwi0bkiqee2cLlDuGyQ1
+ KD9IQ1qtlJpvQujN4xNVWT00UjtWxmpSMID/Kue/AnXn7Cf8zw1ZZQitgh8uWOX2
+ uMy99F2YlxqIK1r+MeXHuZDNf75S8dFaKIKtHMf7ioA=
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
+ </PaymentInfo>
+</PurchaseOrder>
diff --git a/tests/merlin-xmlenc-five/encrypt-content-aes192-cbc-dh-sha512.xml b/tests/merlin-xmlenc-five/encrypt-content-aes192-cbc-dh-sha512.xml
new file mode 100644
index 00000000..d1242784
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encrypt-content-aes192-cbc-dh-sha512.xml
@@ -0,0 +1,113 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PurchaseOrder xmlns="urn:example:po">
+ <Items>
+ <Item Code="001-001-001" Quantity="1">
+ spade
+ </Item>
+ <Item Code="001-001-002" Quantity="1">
+ shovel
+ </Item>
+ </Items>
+ <ShippingAddress>
+ Dig PLC, 1 First Ave, Dublin 1, Ireland
+ </ShippingAddress>
+ <PaymentInfo>
+ <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Content">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <AgreementMethod xmlns="http://www.w3.org/2001/04/xmlenc#" Algorithm="http://www.w3.org/2001/04/xmlenc#dh">
+ <KA-Nonce>
+ bm9uY2U=
+ </KA-Nonce>
+ <DigestMethod xmlns="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2001/04/xmlenc#sha512" />
+ <OriginatorKeyInfo>
+ <KeyValue xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <DHKeyValue xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <P>
+ plygl2uMNc+jYtAZeKCZxPsmqa2z8DrOUa7L455iszN4SdPnL+LsZD47VJayvQY8
+ 6D1J5arkwrbUzmhMAjBZsENPBgffRwwEBTjoq+gjSyZNIbxqsqnJdEyUElzn4kGE
+ whECkJGnOaScacpjZg11h+gd0iBfY091bGHrCZrvr/8=
+ </P>
+ <Q>
+ 9jJXQijNovoq6QUBFcEUYwUvyTM=
+ </Q>
+ <Generator>
+ PerUZgMEMDTegMdTBRG9DPY5EHmwDxwzladdRcfvfdfU/9wlPzz5BUotMm730J9d
+ lF6avWr929fzYsnIOUDeUOJpltXmrTYnvz5Bi6yuUu6bVwSfv7u4S+I/EM9ZB+eY
+ 3fdF5TAMHD4tK86lw5APDrN2QnO1UMCwIvjOFatSOI0=
+ </Generator>
+ <Public>
+ Ulu6B1lCwajtIBnolqqgU+R1oxfye63DnI/iLM/Oe+Y8I/LMMaEmo3LmCU30m82r
+ NyOUqgfnm97S0bT8ZhI8gvw0EyQJ87vhlUz4WcmddU/YlTi3gJHUClr2olmBmRCt
+ m2vKo/BpoLGJ0Wg1eyWfo54+gCqbeNez/DmBGcBEEhM=
+ </Public>
+ </DHKeyValue>
+ </KeyValue>
+ <X509Data xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <X509Certificate>
+ MIIDvjCCA36gAwIBAgIGAOxN39MIMAkGByqGSM44BAMwbjELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEVMBMGA1UEAxMMVHJhbnNpZW50IENB
+ MB4XDTAyMDIyODE3NTMxNloXDTAzMDIyODE3NTI1NFowbzELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEWMBQGA1UEAxMNTWVybGluIEh1Z2hl
+ czCCAiUwggGaBgcqhkjOPgIBMIIBjQKBgQCmXKCXa4w1z6Ni0Bl4oJnE+yaprbPw
+ Os5RrsvjnmKzM3hJ0+cv4uxkPjtUlrK9BjzoPUnlquTCttTOaEwCMFmwQ08GB99H
+ DAQFOOir6CNLJk0hvGqyqcl0TJQSXOfiQYTCEQKQkac5pJxpymNmDXWH6B3SIF9j
+ T3VsYesJmu+v/wKBgD3q1GYDBDA03oDHUwURvQz2ORB5sA8cM5WnXUXH733X1P/c
+ JT88+QVKLTJu99CfXZRemr1q/dvX82LJyDlA3lDiaZbV5q02J78+QYusrlLum1cE
+ n7+7uEviPxDPWQfnmN33ReUwDBw+LSvOpcOQDw6zdkJztVDAsCL4zhWrUjiNAhUA
+ 9jJXQijNovoq6QUBFcEUYwUvyTMCbQCs/HkLusCqHmY71JxUOFzy5fuWkPpWXJzx
+ qU3oz1BfMZtPUqjpBnqU97M7VUEg+5pRG2txaHP8XNmB1bY0DCE88riDmHP7HqZB
+ Z2gbaH2LxXDQDayb5GcPfn38eDcWvVAaKP9fJ8wG5RUu3AoDgYQAAoGAUlu6B1lC
+ wajtIBnolqqgU+R1oxfye63DnI/iLM/Oe+Y8I/LMMaEmo3LmCU30m82rNyOUqgfn
+ m97S0bT8ZhI8gvw0EyQJ87vhlUz4WcmddU/YlTi3gJHUClr2olmBmRCtm2vKo/Bp
+ oLGJ0Wg1eyWfo54+gCqbeNez/DmBGcBEEhOjOjA4MA4GA1UdDwEB/wQEAwIDCDAR
+ BgNVHQ4ECgQIgUAwB+9f1oIwEwYDVR0jBAwwCoAIgjqisiZ1WVswCQYHKoZIzjgE
+ AwMvADAsAhQ41mCUsFhmxI58tytV8XEVZOCuUwIUVMe/HbUAH5PJ7aRoCNqa3fCI
+ cU0=
+ </X509Certificate>
+ </X509Data>
+ </OriginatorKeyInfo>
+ <RecipientKeyInfo>
+ <X509Data xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <X509Certificate>
+ MIIDvjCCA36gAwIBAgIGAOxN3+EMMAkGByqGSM44BAMwbjELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEVMBMGA1UEAxMMVHJhbnNpZW50IENB
+ MB4XDTAyMDIyODE3NTMxOVoXDTAzMDIyODE3NTI1NFowbzELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEWMBQGA1UEAxMNTmlscmVtIFNlaGd1
+ aDCCAiUwggGaBgcqhkjOPgIBMIIBjQKBgQCmXKCXa4w1z6Ni0Bl4oJnE+yaprbPw
+ Os5RrsvjnmKzM3hJ0+cv4uxkPjtUlrK9BjzoPUnlquTCttTOaEwCMFmwQ08GB99H
+ DAQFOOir6CNLJk0hvGqyqcl0TJQSXOfiQYTCEQKQkac5pJxpymNmDXWH6B3SIF9j
+ T3VsYesJmu+v/wKBgD3q1GYDBDA03oDHUwURvQz2ORB5sA8cM5WnXUXH733X1P/c
+ JT88+QVKLTJu99CfXZRemr1q/dvX82LJyDlA3lDiaZbV5q02J78+QYusrlLum1cE
+ n7+7uEviPxDPWQfnmN33ReUwDBw+LSvOpcOQDw6zdkJztVDAsCL4zhWrUjiNAhUA
+ 9jJXQijNovoq6QUBFcEUYwUvyTMCbQCs/HkLusCqHmY71JxUOFzy5fuWkPpWXJzx
+ qU3oz1BfMZtPUqjpBnqU97M7VUEg+5pRG2txaHP8XNmB1bY0DCE88riDmHP7HqZB
+ Z2gbaH2LxXDQDayb5GcPfn38eDcWvVAaKP9fJ8wG5RUu3AoDgYQAAoGAGSYT19Pb
+ VCxMt06cAP7zQZ6AC5eXp3zeAweIevV96ryA1mB03qhB9X2lVowAUOFc24aVRTz7
+ wRoRjNQ20atzSy21C7yXDkvZ4uxfdrpIqpIVrI28e7XL+6CrhnAk621OvdeyEz5H
+ orA21hPXoCNdnUPG5Ib20oopM87ptF5dwiWjOjA4MA4GA1UdDwEB/wQEAwIDCDAR
+ BgNVHQ4ECgQIiDCSQ3FB/oEwEwYDVR0jBAwwCoAIgjqisiZ1WVswCQYHKoZIzjgE
+ AwMvADAsAhQMtZ98TyqVkVqUJ3RJqaU7l2xqKgIUX997qRqeMjAkK88NHeNd95/2
+ Yos=
+ </X509Certificate>
+ </X509Data>
+ </RecipientKeyInfo>
+ </AgreementMethod>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ 5jIlxXZGhx8vUNbL0ZvdRry6mPapX8qLYlDgy3tE6nRbnBRWACviYQAXBqvDfn1R
+ TKmBWZ5NoJobM8lXWOk2nNQIuSQojcFYRuvcWU7DffDVX7dUCAVRJp6PS/5V1IHR
+ JJ2WBagWSW1lFW9mqjfe0ZflEZGYI3/5kUYQIpbMvEuXoF8129VGiKalZsCVTRxd
+ /IsdT8x/7L57GlGq0OzCMI5zG3QrBV7wUOoqBu5SxS8QUvUPucH8hsD4Bq4BwVEa
+ GlUVAj7H3HYYo7fviTO4i2lTMunGW9rcJVnKXjDM/Mds3oM4zbBo/Ao3m3rmpUUz
+ AwSe6ofh6ML418+cyCaRUoVQOlG+VwkHEKUiYYGhsKY=
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
+ </PaymentInfo>
+</PurchaseOrder>
diff --git a/tests/merlin-xmlenc-five/encrypt-content-aes256-cbc-prop.data b/tests/merlin-xmlenc-five/encrypt-content-aes256-cbc-prop.data
new file mode 100644
index 00000000..2997c127
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encrypt-content-aes256-cbc-prop.data
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE test [
+<!ATTLIST PaymentInfo Id ID #IMPLIED>
+]>
+<PurchaseOrder xmlns="urn:example:po">
+ <Items>
+ <Item Code="001-001-001" Quantity="1">
+ spade
+ </Item>
+ <Item Code="001-001-002" Quantity="1">
+ shovel
+ </Item>
+ </Items>
+ <ShippingAddress>
+ Dig PLC, 1 First Ave, Dublin 1, Ireland
+ </ShippingAddress>
+ <PaymentInfo Id="Payment">
+ <BillingAddress>
+ Dig PLC, 1 First Ave, Dublin 1, Ireland
+ </BillingAddress>
+ <CreditCard Type="Amex">
+ <Name>Foo B Baz</Name>
+ <Number>1234 567890 12345</Number>
+ <Expires Month="1" Year="2005"/>
+ </CreditCard>
+ </PaymentInfo>
+</PurchaseOrder>
diff --git a/tests/merlin-xmlenc-five/encrypt-content-aes256-cbc-prop.tmpl b/tests/merlin-xmlenc-five/encrypt-content-aes256-cbc-prop.tmpl
new file mode 100644
index 00000000..2cdca95e
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encrypt-content-aes256-cbc-prop.tmpl
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Id="encrypt-data-0" Type="http://www.w3.org/2001/04/xmlenc#Content">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>jed</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+ <EncryptionProperties>
+ <EncryptionProperty Target="#encrypt-data-0">
+ <Certification xmlns="urn:example:prop">
+ certifiable
+ </Certification>
+ </EncryptionProperty>
+ </EncryptionProperties>
+</EncryptedData>
diff --git a/tests/merlin-xmlenc-five/encrypt-content-aes256-cbc-prop.xml b/tests/merlin-xmlenc-five/encrypt-content-aes256-cbc-prop.xml
new file mode 100644
index 00000000..ea87af6d
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encrypt-content-aes256-cbc-prop.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE test [
+<!ATTLIST PaymentInfo Id ID #IMPLIED>
+]>
+<PurchaseOrder xmlns="urn:example:po">
+ <Items>
+ <Item Code="001-001-001" Quantity="1">
+ spade
+ </Item>
+ <Item Code="001-001-002" Quantity="1">
+ shovel
+ </Item>
+ </Items>
+ <ShippingAddress>
+ Dig PLC, 1 First Ave, Dublin 1, Ireland
+ </ShippingAddress>
+ <PaymentInfo Id="Payment">
+ <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Id="encrypt-data-0" Type="http://www.w3.org/2001/04/xmlenc#Content">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>jed</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ H8n1OuEJFyUgUguDFF6ml8nRbA0IaDYgmtGelWT4V7CSz9q/AvtfxyMzUH+tQZ+F
+ jyXh3otR1+V1+8EsevzEq5nUmNKl+wyxQmWaUvbvXpSwAJnlJdyvnP56JiXUBS+p
+ C2KzlO9kk8l6awtuRd9Z6eVjngwTf7kNprmu5Bv0o+x7dcq96G8wGLvMThbs4uxk
+ iIDK5+qGBzzIlFw3GG82MKmnVBveQw3LD52y76yBtoayuAJFJMnrXa0OEAaBRSI2
+ fjPNGJV3sCyKZDHqGlsQ4X+VvXzevLbBLkFy1xH9/zoUXo8cEaTvsIOBYu/Xn/CJ
+ y/dpe/dvOqqji+9vFccAyrBHxHeYSonuFsxfpSDVC6Y=
+ </CipherValue>
+ </CipherData>
+ <EncryptionProperties>
+ <EncryptionProperty Target="#encrypt-data-0">
+ <Certification xmlns="urn:example:prop">
+ certifiable
+ </Certification>
+ </EncryptionProperty>
+ </EncryptionProperties>
+ </EncryptedData>
+ </PaymentInfo>
+</PurchaseOrder>
diff --git a/tests/merlin-xmlenc-five/encrypt-content-tripledes-cbc.data b/tests/merlin-xmlenc-five/encrypt-content-tripledes-cbc.data
new file mode 100644
index 00000000..2997c127
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encrypt-content-tripledes-cbc.data
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE test [
+<!ATTLIST PaymentInfo Id ID #IMPLIED>
+]>
+<PurchaseOrder xmlns="urn:example:po">
+ <Items>
+ <Item Code="001-001-001" Quantity="1">
+ spade
+ </Item>
+ <Item Code="001-001-002" Quantity="1">
+ shovel
+ </Item>
+ </Items>
+ <ShippingAddress>
+ Dig PLC, 1 First Ave, Dublin 1, Ireland
+ </ShippingAddress>
+ <PaymentInfo Id="Payment">
+ <BillingAddress>
+ Dig PLC, 1 First Ave, Dublin 1, Ireland
+ </BillingAddress>
+ <CreditCard Type="Amex">
+ <Name>Foo B Baz</Name>
+ <Number>1234 567890 12345</Number>
+ <Expires Month="1" Year="2005"/>
+ </CreditCard>
+ </PaymentInfo>
+</PurchaseOrder>
diff --git a/tests/merlin-xmlenc-five/encrypt-content-tripledes-cbc.tmpl b/tests/merlin-xmlenc-five/encrypt-content-tripledes-cbc.tmpl
new file mode 100644
index 00000000..3428cbf9
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encrypt-content-tripledes-cbc.tmpl
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Content">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>bob</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+</EncryptedData>
diff --git a/tests/merlin-xmlenc-five/encrypt-content-tripledes-cbc.xml b/tests/merlin-xmlenc-five/encrypt-content-tripledes-cbc.xml
new file mode 100644
index 00000000..90e13446
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encrypt-content-tripledes-cbc.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE test [
+<!ATTLIST PaymentInfo Id ID #IMPLIED>
+]>
+<PurchaseOrder xmlns="urn:example:po">
+ <Items>
+ <Item Code="001-001-001" Quantity="1">
+ spade
+ </Item>
+ <Item Code="001-001-002" Quantity="1">
+ shovel
+ </Item>
+ </Items>
+ <ShippingAddress>
+ Dig PLC, 1 First Ave, Dublin 1, Ireland
+ </ShippingAddress>
+ <PaymentInfo Id="Payment">
+ <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Content">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>bob</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ uchJT2QyzQe7BoBaDYKPR5BDgEW8jsJ3UOGEYz9EVrBKVztYfcu0xhif5Y9kqtyx
+ DDa7woNcTyhwQDZh9jGr5hzkcjrsKfMjJw+PnKNZzc+KMW0z861L8sdhdl8TA+bt
+ yudfaCEJaH4RdHABp+VMzL5CrXr5skvubolWs1KzUtqbRekkxucknzJmnqRY8yPp
+ 4iBvVuvus+Bk0pj271NWu13CmHvdJRMMDSX30JMfsecW6mfdF5xjoFciL8VnemzJ
+ qt0SUVjMzoeY0PnCdk09Ej2OZdj8AtkLPCEKeiBBD+coCf5F8WaLrPTRPgjoAtiN
+ Wda+McaZPJje1IfoAKGTcg==
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
+ </PaymentInfo>
+</PurchaseOrder>
diff --git a/tests/merlin-xmlenc-five/encrypt-data-aes128-cbc.data b/tests/merlin-xmlenc-five/encrypt-data-aes128-cbc.data
new file mode 100644
index 00000000..9d04ac31
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encrypt-data-aes128-cbc.data
@@ -0,0 +1 @@
+top secret message
diff --git a/tests/merlin-xmlenc-five/encrypt-data-aes128-cbc.tmpl b/tests/merlin-xmlenc-five/encrypt-data-aes128-cbc.tmpl
new file mode 100644
index 00000000..86a074f3
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encrypt-data-aes128-cbc.tmpl
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" MimeType="text/plain">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>job</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+</EncryptedData>
diff --git a/tests/merlin-xmlenc-five/encrypt-data-aes128-cbc.xml b/tests/merlin-xmlenc-five/encrypt-data-aes128-cbc.xml
new file mode 100644
index 00000000..8ae0a064
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encrypt-data-aes128-cbc.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" MimeType="text/plain">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>job</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ QMpxhXq1DtBeyC9KfSaMQWrEtefe+e935gF/x62spvmL6IW0XeS0W4Kk31OgWzN0
+ </CipherValue>
+ </CipherData>
+</EncryptedData>
diff --git a/tests/merlin-xmlenc-five/encrypt-data-aes192-cbc-kw-aes256.data b/tests/merlin-xmlenc-five/encrypt-data-aes192-cbc-kw-aes256.data
new file mode 100644
index 00000000..9d04ac31
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encrypt-data-aes192-cbc-kw-aes256.data
@@ -0,0 +1 @@
+top secret message
diff --git a/tests/merlin-xmlenc-five/encrypt-data-aes192-cbc-kw-aes256.tmpl b/tests/merlin-xmlenc-five/encrypt-data-aes192-cbc-kw-aes256.tmpl
new file mode 100644
index 00000000..95dd1dde
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encrypt-data-aes192-cbc-kw-aes256.tmpl
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" MimeType="text/plain">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes256" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>jed</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+ </EncryptedKey>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+</EncryptedData>
diff --git a/tests/merlin-xmlenc-five/encrypt-data-aes192-cbc-kw-aes256.xml b/tests/merlin-xmlenc-five/encrypt-data-aes192-cbc-kw-aes256.xml
new file mode 100644
index 00000000..55ccb1e7
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encrypt-data-aes192-cbc-kw-aes256.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" MimeType="text/plain">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes256" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>jed</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ 4AAgyi3M7xNdBimbQZKdGJLn3/cS4Yv8QKuA01+gUnY=
+ </CipherValue>
+ </CipherData>
+ </EncryptedKey>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ 50lv94d/DFJirJXYOUXaBlrO+7gIXpx8cqH+G2xvE4mueoIxmGs8RH7FBXwjuMgf
+ </CipherValue>
+ </CipherData>
+</EncryptedData>
diff --git a/tests/merlin-xmlenc-five/encrypt-data-aes256-cbc-kw-tripledes.data b/tests/merlin-xmlenc-five/encrypt-data-aes256-cbc-kw-tripledes.data
new file mode 100644
index 00000000..9d04ac31
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encrypt-data-aes256-cbc-kw-tripledes.data
@@ -0,0 +1 @@
+top secret message
diff --git a/tests/merlin-xmlenc-five/encrypt-data-aes256-cbc-kw-tripledes.tmpl b/tests/merlin-xmlenc-five/encrypt-data-aes256-cbc-kw-tripledes.tmpl
new file mode 100644
index 00000000..ad6f4b62
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encrypt-data-aes256-cbc-kw-tripledes.tmpl
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" MimeType="text/plain">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-tripledes" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>bob</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+ </EncryptedKey>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+</EncryptedData>
diff --git a/tests/merlin-xmlenc-five/encrypt-data-aes256-cbc-kw-tripledes.xml b/tests/merlin-xmlenc-five/encrypt-data-aes256-cbc-kw-tripledes.xml
new file mode 100644
index 00000000..14e2b922
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encrypt-data-aes256-cbc-kw-tripledes.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" MimeType="text/plain">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-tripledes" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>bob</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ ZyJbVsjRM4MEsswwwHz57aUz1eMqZHuEIoEPGS47CcmLvhuCtlzWZ9S/WcVJZIpz
+ </CipherValue>
+ </CipherData>
+ </EncryptedKey>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ Lp2ZWyJERT05icmHvWWbEtCCfmB2jvSlSclhS0oj3A3PU90aE6v+bFFQxrHw7VUd
+ </CipherValue>
+ </CipherData>
+</EncryptedData>
diff --git a/tests/merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p-sha256.xml b/tests/merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p-sha256.xml
new file mode 100644
index 00000000..c9c30e09
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p-sha256.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" MimeType="text/plain">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
+ <DigestMethod xmlns="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
+ <OAEPparams>
+ MTIzNDU2Nzg=
+ </OAEPparams>
+ </EncryptionMethod>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <X509Data>
+ <X509Certificate>
+ MIICkjCCAfugAwIBAgIGAOxN32E+MA0GCSqGSIb3DQEBBQUAMG4xCzAJBgNVBAYT
+ AklFMQ8wDQYDVQQIEwZEdWJsaW4xJDAiBgNVBAoTG0JhbHRpbW9yZSBUZWNobm9s
+ b2dpZXMgTHRkLjERMA8GA1UECxMIWC9TZWN1cmUxFTATBgNVBAMTDFRyYW5zaWVu
+ dCBDQTAeFw0wMjAyMjgxNzUyNDZaFw0wMzAyMjgxNzUyNDBaMG8xCzAJBgNVBAYT
+ AklFMQ8wDQYDVQQIEwZEdWJsaW4xJDAiBgNVBAoTG0JhbHRpbW9yZSBUZWNobm9s
+ b2dpZXMgTHRkLjERMA8GA1UECxMIWC9TZWN1cmUxFjAUBgNVBAMTDU1lcmxpbiBI
+ dWdoZXMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAORdNSxbNFWlQeNsOlYJ
+ 9gN9eZD+rguRqKhmhOm7i63VDd5ALm2APXhqAmGBPzLN5jlL9g2XALK5WSO4XKjJ
+ McVfYg4+nPuOeHgqdD4HUgf19j/6SaTMcmDFJQMmx1Qw+Aakq3mGcSfvOJcBZctz
+ a50VucfCGL1NdfBEcaL3BnhjAgMBAAGjOjA4MA4GA1UdDwEB/wQEAwIFoDARBgNV
+ HQ4ECgQIjFG0ZGNyvNswEwYDVR0jBAwwCoAIhJXVlhr6O4wwDQYJKoZIhvcNAQEF
+ BQADgYEAXzG7x5aCJYRusTbmuZqhidGM5iiA9+RmZ4JTPDEgbeiTiJROxpr+ZjnA
+ TmsDKrCpqNUiHWjmsKEArYQp8R/KjdKl/pVe3jUvTxb0YZ+li/7k0GQ5LyRT/K4c
+ 2SgyLlyBPhpMq+z3g4P2egVRaZbxsLuKQILf7MIV/X5iAEBzu1w=
+ </X509Certificate>
+ </X509Data>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ 1SVctZA/RB6vVjsu5NYTxowdvsViJJ1skDXX09RmNU3YlCuPpSqWWhCU5u5ILfr9
+ 6AFcascXbdFyEZ9tjDhK8Nid2MEqkR/Mc9zFHf7mPMnO7C8bRggkjjdILSIF/Ft7
+ FXzm/DFP50IF3zPe/n5jy2Nk8uRvTmKUDcnoV6qnUgY=
+ </CipherValue>
+ </CipherData>
+ </EncryptedKey>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ QOImekuU44UeCmVaMma9bCT5h5a6mWXDSndTB81jvHw=
+ </CipherValue>
+ </CipherData>
+</EncryptedData>
diff --git a/tests/merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p.data b/tests/merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p.data
new file mode 100644
index 00000000..9d04ac31
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p.data
@@ -0,0 +1 @@
+top secret message
diff --git a/tests/merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p.tmpl b/tests/merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p.tmpl
new file mode 100644
index 00000000..7818502a
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p.tmpl
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" MimeType="text/plain">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
+ <DigestMethod xmlns="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ </EncryptionMethod>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+ </EncryptedKey>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+</EncryptedData>
diff --git a/tests/merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p.xml b/tests/merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p.xml
new file mode 100644
index 00000000..29daa4ea
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" MimeType="text/plain">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
+ <DigestMethod xmlns="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ </EncryptionMethod>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <X509Data>
+ <X509Certificate>
+ MIICkjCCAfugAwIBAgIGAOxN32E+MA0GCSqGSIb3DQEBBQUAMG4xCzAJBgNVBAYT
+ AklFMQ8wDQYDVQQIEwZEdWJsaW4xJDAiBgNVBAoTG0JhbHRpbW9yZSBUZWNobm9s
+ b2dpZXMgTHRkLjERMA8GA1UECxMIWC9TZWN1cmUxFTATBgNVBAMTDFRyYW5zaWVu
+ dCBDQTAeFw0wMjAyMjgxNzUyNDZaFw0wMzAyMjgxNzUyNDBaMG8xCzAJBgNVBAYT
+ AklFMQ8wDQYDVQQIEwZEdWJsaW4xJDAiBgNVBAoTG0JhbHRpbW9yZSBUZWNobm9s
+ b2dpZXMgTHRkLjERMA8GA1UECxMIWC9TZWN1cmUxFjAUBgNVBAMTDU1lcmxpbiBI
+ dWdoZXMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAORdNSxbNFWlQeNsOlYJ
+ 9gN9eZD+rguRqKhmhOm7i63VDd5ALm2APXhqAmGBPzLN5jlL9g2XALK5WSO4XKjJ
+ McVfYg4+nPuOeHgqdD4HUgf19j/6SaTMcmDFJQMmx1Qw+Aakq3mGcSfvOJcBZctz
+ a50VucfCGL1NdfBEcaL3BnhjAgMBAAGjOjA4MA4GA1UdDwEB/wQEAwIFoDARBgNV
+ HQ4ECgQIjFG0ZGNyvNswEwYDVR0jBAwwCoAIhJXVlhr6O4wwDQYJKoZIhvcNAQEF
+ BQADgYEAXzG7x5aCJYRusTbmuZqhidGM5iiA9+RmZ4JTPDEgbeiTiJROxpr+ZjnA
+ TmsDKrCpqNUiHWjmsKEArYQp8R/KjdKl/pVe3jUvTxb0YZ+li/7k0GQ5LyRT/K4c
+ 2SgyLlyBPhpMq+z3g4P2egVRaZbxsLuKQILf7MIV/X5iAEBzu1w=
+ </X509Certificate>
+ </X509Data>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ S5SqVG+QxxpCNWobuqQFAI6db1pTEpWNMQXQVJAPjlfmvnVmTtq5v6fgMA2l/r7M
+ iX7gUPZthrKezkSavDfi057cK6YKpC5/KACXjNJvUoaVXj/aXpcoMOO+ZTPq36eo
+ pyeW99DWYgCbY88Kf9R3r3QMx/ogwjScfRVJTRZL3Lo=
+ </CipherValue>
+ </CipherData>
+ </EncryptedKey>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ HG02AxNyn4iA9NH5x+PQ9lgPNzTkljThotXWKz0UYrE=
+ </CipherValue>
+ </CipherData>
+</EncryptedData>
diff --git a/tests/merlin-xmlenc-five/encrypt-element-aes128-cbc-rsa-1_5.data b/tests/merlin-xmlenc-five/encrypt-element-aes128-cbc-rsa-1_5.data
new file mode 100644
index 00000000..7c83b3e2
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encrypt-element-aes128-cbc-rsa-1_5.data
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE test [
+<!ATTLIST PurchaseOrder Id ID #IMPLIED>
+]>
+<PurchaseOrder xmlns="urn:example:po" Id="Purchase">
+ <Items>
+ <Item Code="001-001-001" Quantity="1">
+ spade
+ </Item>
+ <Item Code="001-001-002" Quantity="1">
+ shovel
+ </Item>
+ </Items>
+ <ShippingAddress>
+ Dig PLC, 1 First Ave, Dublin 1, Ireland
+ </ShippingAddress>
+ <PaymentInfo>
+ <BillingAddress>
+ Dig PLC, 1 First Ave, Dublin 1, Ireland
+ </BillingAddress>
+ <CreditCard Type="Amex">
+ <Name>Foo B Baz</Name>
+ <Number>1234 567890 12345</Number>
+ <Expires Month="1" Year="2005"/>
+ </CreditCard>
+ </PaymentInfo>
+</PurchaseOrder>
diff --git a/tests/merlin-xmlenc-five/encrypt-element-aes128-cbc-rsa-1_5.tmpl b/tests/merlin-xmlenc-five/encrypt-element-aes128-cbc-rsa-1_5.tmpl
new file mode 100644
index 00000000..40ac2e32
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encrypt-element-aes128-cbc-rsa-1_5.tmpl
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+ </EncryptedKey>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+</EncryptedData>
diff --git a/tests/merlin-xmlenc-five/encrypt-element-aes128-cbc-rsa-1_5.xml b/tests/merlin-xmlenc-five/encrypt-element-aes128-cbc-rsa-1_5.xml
new file mode 100644
index 00000000..9d74e16c
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encrypt-element-aes128-cbc-rsa-1_5.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE test [
+<!ATTLIST PurchaseOrder Id ID #IMPLIED>
+]>
+<PurchaseOrder xmlns="urn:example:po" Id="Purchase">
+ <Items>
+ <Item Code="001-001-001" Quantity="1">
+ spade
+ </Item>
+ <Item Code="001-001-002" Quantity="1">
+ shovel
+ </Item>
+ </Items>
+ <ShippingAddress>
+ Dig PLC, 1 First Ave, Dublin 1, Ireland
+ </ShippingAddress>
+ <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <X509Data>
+ <X509Certificate>
+ MIICkjCCAfugAwIBAgIGAOxN32E+MA0GCSqGSIb3DQEBBQUAMG4xCzAJBgNVBAYT
+ AklFMQ8wDQYDVQQIEwZEdWJsaW4xJDAiBgNVBAoTG0JhbHRpbW9yZSBUZWNobm9s
+ b2dpZXMgTHRkLjERMA8GA1UECxMIWC9TZWN1cmUxFTATBgNVBAMTDFRyYW5zaWVu
+ dCBDQTAeFw0wMjAyMjgxNzUyNDZaFw0wMzAyMjgxNzUyNDBaMG8xCzAJBgNVBAYT
+ AklFMQ8wDQYDVQQIEwZEdWJsaW4xJDAiBgNVBAoTG0JhbHRpbW9yZSBUZWNobm9s
+ b2dpZXMgTHRkLjERMA8GA1UECxMIWC9TZWN1cmUxFjAUBgNVBAMTDU1lcmxpbiBI
+ dWdoZXMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAORdNSxbNFWlQeNsOlYJ
+ 9gN9eZD+rguRqKhmhOm7i63VDd5ALm2APXhqAmGBPzLN5jlL9g2XALK5WSO4XKjJ
+ McVfYg4+nPuOeHgqdD4HUgf19j/6SaTMcmDFJQMmx1Qw+Aakq3mGcSfvOJcBZctz
+ a50VucfCGL1NdfBEcaL3BnhjAgMBAAGjOjA4MA4GA1UdDwEB/wQEAwIFoDARBgNV
+ HQ4ECgQIjFG0ZGNyvNswEwYDVR0jBAwwCoAIhJXVlhr6O4wwDQYJKoZIhvcNAQEF
+ BQADgYEAXzG7x5aCJYRusTbmuZqhidGM5iiA9+RmZ4JTPDEgbeiTiJROxpr+ZjnA
+ TmsDKrCpqNUiHWjmsKEArYQp8R/KjdKl/pVe3jUvTxb0YZ+li/7k0GQ5LyRT/K4c
+ 2SgyLlyBPhpMq+z3g4P2egVRaZbxsLuKQILf7MIV/X5iAEBzu1w=
+ </X509Certificate>
+ </X509Data>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ heZshNX5m7arS3OmR72+8WNCMMpznxE41dLWkgd6XJpzl+IN2xuijAf4YPEjjJmZ
+ nt9PlO3/hiHl0Cvpg5vMR6AhvL49BvCz9JCeMG6x3MHBiKbRNhyEq2rX7o1GdJhC
+ 5cm35Q/ZDKV9DHG8jWmPcOb8yKU9NYo2LJKDb3YHOJY=
+ </CipherValue>
+ </CipherData>
+ </EncryptedKey>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ 0wkECpTy60/FDwbVM4zgd9qJVjR4h0q4PLm5pyyIxAuhbEh0art03yEikmbWBt2H
+ 7qOk2G9iufUdwwqNPuZV5Qw5Rg2FMvTx234lDERGn5p+hhjOTcss5JF9QDzgdiec
+ KABX3vbCESi/f3uwQ8BYDT+6SnxTR+xtcNv5xhbUCIFk/TaenSWx6p6fntTwTl1e
+ lpwnI0EtM1yf4a9tBiH9PNd36BUv2rvSi4cZvJqSB3ZKvGtuwwyRzOzlzl259d1u
+ QuoYysTBEAHw/WIop8eAexU9PUv7UbTkQAQag1yStda+GepVdpXEpu4hcxXQcvfs
+ 9AQgkAgh4JKrnY4Bhz2B/e4CHHfbEedDOi+FVYlZuLn0CzrKMnM+1nUmqxJVWHz7
+ hytidpuqNRw3gcMkYvgH6g==
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
+</PurchaseOrder>
diff --git a/tests/merlin-xmlenc-five/encrypt-element-aes192-cbc-ref.data b/tests/merlin-xmlenc-five/encrypt-element-aes192-cbc-ref.data
new file mode 100644
index 00000000..ae9a6e58
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encrypt-element-aes192-cbc-ref.data
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE test [
+<!ATTLIST PaymentInfo Id ID #IMPLIED>
+]>
+<PurchaseOrder xmlns="urn:example:po">
+ <Items>
+ <Item Code="001-001-001" Quantity="1">
+ spade
+ </Item>
+ <Item Code="001-001-002" Quantity="1">
+ shovel
+ </Item>
+ </Items>
+ <ShippingAddress>
+ Dig PLC, 1 First Ave, Dublin 1, Ireland
+ </ShippingAddress>
+ <PaymentInfo>
+ <BillingAddress>
+ Dig PLC, 1 First Ave, Dublin 1, Ireland
+ </BillingAddress>
+ <CreditCard Type="Amex">
+ <Name>Foo B Baz</Name>
+ <Number>1234 567890 12345</Number>
+ <Expires Month="1" Year="2005"/>
+ </CreditCard>
+ </PaymentInfo>
+ <CipherValue xmlns="http://www.example.org/repository" Id="example1">
+ zih1MFU6Px1m2U1lSEIV9LUIsnb3SIWBfRHlRrOWKFFFcVvXiE6z3nCbkNYMuy1T
+ nPwXDd9/BkOGiPuFT2jixN7Zowe2ANK1dZXKVjZ1+ACx+Kg17U+EMPEuq481OW7e
+ wm0vnbur0L2lCXb4DP7c6sotV89W53v2MlaYqWHhlBO/zasqwhl6q/c/L/GdPUHH
+ ovKZ+24ZWYktxCLEXMslIAysQ0UFBLolrtC/7XDgYY9s4UvbedgeqbrdnxQ4LiRn
+ L+aKN1bnKF3KlWKCJFvVrRESriGPBfpasWA/A1LOK333a8LaOlS7RFamflfICk+t
+ VqCspVnIs6vBBtrGLI5SsJS+rh1r42jI/h/ivELUOmUq1sZCFQvEhx7AiHi4/9SY
+ LWcR4w3ZH3aqFL/XtAzKYQ==
+ </CipherValue>
+</PurchaseOrder>
diff --git a/tests/merlin-xmlenc-five/encrypt-element-aes192-cbc-ref.xml b/tests/merlin-xmlenc-five/encrypt-element-aes192-cbc-ref.xml
new file mode 100644
index 00000000..2c8da0d8
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encrypt-element-aes192-cbc-ref.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE test [
+<!ATTLIST PaymentInfo Id ID #IMPLIED>
+]>
+<PurchaseOrder xmlns="urn:example:po">
+ <Items>
+ <Item Code="001-001-001" Quantity="1">
+ spade
+ </Item>
+ <Item Code="001-001-002" Quantity="1">
+ shovel
+ </Item>
+ </Items>
+ <ShippingAddress>
+ Dig PLC, 1 First Ave, Dublin 1, Ireland
+ </ShippingAddress>
+ <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes192-cbc" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>jeb</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherReference URI="">
+ <Transforms>
+ <Transform xmlns="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath xmlns:rep="http://www.example.org/repository">self::text()[parent::rep:CipherValue[@Id="example1"]]</XPath>
+ </Transform>
+ <Transform xmlns="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#base64" />
+ </Transforms>
+ </CipherReference>
+ </CipherData>
+ </EncryptedData>
+ <CipherValue xmlns="http://www.example.org/repository" Id="example1">
+ zih1MFU6Px1m2U1lSEIV9LUIsnb3SIWBfRHlRrOWKFFFcVvXiE6z3nCbkNYMuy1T
+ nPwXDd9/BkOGiPuFT2jixN7Zowe2ANK1dZXKVjZ1+ACx+Kg17U+EMPEuq481OW7e
+ wm0vnbur0L2lCXb4DP7c6sotV89W53v2MlaYqWHhlBO/zasqwhl6q/c/L/GdPUHH
+ ovKZ+24ZWYktxCLEXMslIAysQ0UFBLolrtC/7XDgYY9s4UvbedgeqbrdnxQ4LiRn
+ L+aKN1bnKF3KlWKCJFvVrRESriGPBfpasWA/A1LOK333a8LaOlS7RFamflfICk+t
+ VqCspVnIs6vBBtrGLI5SsJS+rh1r42jI/h/ivELUOmUq1sZCFQvEhx7AiHi4/9SY
+ LWcR4w3ZH3aqFL/XtAzKYQ==
+ </CipherValue>
+</PurchaseOrder>
diff --git a/tests/merlin-xmlenc-five/encrypt-element-aes256-cbc-carried-kw-aes256.xml b/tests/merlin-xmlenc-five/encrypt-element-aes256-cbc-carried-kw-aes256.xml
new file mode 100644
index 00000000..3594a7f4
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encrypt-element-aes256-cbc-carried-kw-aes256.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PurchaseOrder xmlns="urn:example:po">
+ <Items>
+ <Item Code="001-001-001" Quantity="1">
+ spade
+ </Item>
+ <Item Code="001-001-002" Quantity="1">
+ shovel
+ </Item>
+ </Items>
+ <ShippingAddress>
+ Dig PLC, 1 First Ave, Dublin 1, Ireland
+ </ShippingAddress>
+ <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>Foo Key</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ pdDtiyd7XQ/BFEEN0PMJuHnLUfCY+bJlsW+q04OiKSPnRd4/dS1tjaTfj5dPpGXe
+ cY3fJvRsq9QP1CJiwyEC/EQ1zSLbzwOtZ+NtxtsFgYvPBJ9t86ZcXIjlErQ85z3L
+ wnb8rSHpE9tu4tJ1rjgf2i6NCbdFnSMXLSDgLEs48+gkX0cJCmKxzRaSE4cV0OSl
+ hBWND4EYzX1M679VlSYrI0de+lSPO3Vx+y/TuZ5Vo+uu9+YP+ce0LRkx2BicjjsP
+ QO9sp+yjHPNDIV1Z7VHsDIWqqmBaNQo3GuzF5WzWgaXTKnPv/IgUQn+1t3EtgHyb
+ JhnfR/1em16z/Zaf9Uy1Lfd//yfEJ9BCjqwe1UjwN6ytu1v2BHd+8bVjD2o+Dg8V
+ 7ayOLlkWOTOLvtJMPOXPqw==
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#" Recipient="someone else">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes256" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>ned</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ EWlIkFPGrkeW4cyjWSznLVoClVh/OEC7Klya9d9o7R6wll6JswZb2w==
+ </CipherValue>
+ </CipherData>
+ <CarriedKeyName>Foo Key</CarriedKeyName>
+ </EncryptedKey>
+ <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#" Recipient="you">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes256" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>jed</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ bsL63D0hPN6EOyzdgfEmKsAAvoJiGM+Wp9a9KZM92IKdl7s3YSntRg==
+ </CipherValue>
+ </CipherData>
+ <CarriedKeyName>Foo Key</CarriedKeyName>
+ </EncryptedKey>
+ </KeyInfo>
+</PurchaseOrder>
diff --git a/tests/merlin-xmlenc-five/encrypt-element-aes256-cbc-kw-aes256-dh-ripemd160.xml b/tests/merlin-xmlenc-five/encrypt-element-aes256-cbc-kw-aes256-dh-ripemd160.xml
new file mode 100644
index 00000000..5fb336ac
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encrypt-element-aes256-cbc-kw-aes256-dh-ripemd160.xml
@@ -0,0 +1,122 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PurchaseOrder xmlns="urn:example:po">
+ <Items>
+ <Item Code="001-001-001" Quantity="1">
+ spade
+ </Item>
+ <Item Code="001-001-002" Quantity="1">
+ shovel
+ </Item>
+ </Items>
+ <ShippingAddress>
+ Dig PLC, 1 First Ave, Dublin 1, Ireland
+ </ShippingAddress>
+ <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes256" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <AgreementMethod xmlns="http://www.w3.org/2001/04/xmlenc#" Algorithm="http://www.w3.org/2001/04/xmlenc#dh">
+ <KA-Nonce>
+ bm9uY2U=
+ </KA-Nonce>
+ <DigestMethod xmlns="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2001/04/xmlenc#ripemd160" />
+ <OriginatorKeyInfo>
+ <KeyValue xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <DHKeyValue xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <P>
+ plygl2uMNc+jYtAZeKCZxPsmqa2z8DrOUa7L455iszN4SdPnL+LsZD47VJayvQY8
+ 6D1J5arkwrbUzmhMAjBZsENPBgffRwwEBTjoq+gjSyZNIbxqsqnJdEyUElzn4kGE
+ whECkJGnOaScacpjZg11h+gd0iBfY091bGHrCZrvr/8=
+ </P>
+ <Q>
+ 9jJXQijNovoq6QUBFcEUYwUvyTM=
+ </Q>
+ <Generator>
+ PerUZgMEMDTegMdTBRG9DPY5EHmwDxwzladdRcfvfdfU/9wlPzz5BUotMm730J9d
+ lF6avWr929fzYsnIOUDeUOJpltXmrTYnvz5Bi6yuUu6bVwSfv7u4S+I/EM9ZB+eY
+ 3fdF5TAMHD4tK86lw5APDrN2QnO1UMCwIvjOFatSOI0=
+ </Generator>
+ <Public>
+ Ulu6B1lCwajtIBnolqqgU+R1oxfye63DnI/iLM/Oe+Y8I/LMMaEmo3LmCU30m82r
+ NyOUqgfnm97S0bT8ZhI8gvw0EyQJ87vhlUz4WcmddU/YlTi3gJHUClr2olmBmRCt
+ m2vKo/BpoLGJ0Wg1eyWfo54+gCqbeNez/DmBGcBEEhM=
+ </Public>
+ </DHKeyValue>
+ </KeyValue>
+ <X509Data xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <X509Certificate>
+ MIIDvjCCA36gAwIBAgIGAOxN39MIMAkGByqGSM44BAMwbjELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEVMBMGA1UEAxMMVHJhbnNpZW50IENB
+ MB4XDTAyMDIyODE3NTMxNloXDTAzMDIyODE3NTI1NFowbzELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEWMBQGA1UEAxMNTWVybGluIEh1Z2hl
+ czCCAiUwggGaBgcqhkjOPgIBMIIBjQKBgQCmXKCXa4w1z6Ni0Bl4oJnE+yaprbPw
+ Os5RrsvjnmKzM3hJ0+cv4uxkPjtUlrK9BjzoPUnlquTCttTOaEwCMFmwQ08GB99H
+ DAQFOOir6CNLJk0hvGqyqcl0TJQSXOfiQYTCEQKQkac5pJxpymNmDXWH6B3SIF9j
+ T3VsYesJmu+v/wKBgD3q1GYDBDA03oDHUwURvQz2ORB5sA8cM5WnXUXH733X1P/c
+ JT88+QVKLTJu99CfXZRemr1q/dvX82LJyDlA3lDiaZbV5q02J78+QYusrlLum1cE
+ n7+7uEviPxDPWQfnmN33ReUwDBw+LSvOpcOQDw6zdkJztVDAsCL4zhWrUjiNAhUA
+ 9jJXQijNovoq6QUBFcEUYwUvyTMCbQCs/HkLusCqHmY71JxUOFzy5fuWkPpWXJzx
+ qU3oz1BfMZtPUqjpBnqU97M7VUEg+5pRG2txaHP8XNmB1bY0DCE88riDmHP7HqZB
+ Z2gbaH2LxXDQDayb5GcPfn38eDcWvVAaKP9fJ8wG5RUu3AoDgYQAAoGAUlu6B1lC
+ wajtIBnolqqgU+R1oxfye63DnI/iLM/Oe+Y8I/LMMaEmo3LmCU30m82rNyOUqgfn
+ m97S0bT8ZhI8gvw0EyQJ87vhlUz4WcmddU/YlTi3gJHUClr2olmBmRCtm2vKo/Bp
+ oLGJ0Wg1eyWfo54+gCqbeNez/DmBGcBEEhOjOjA4MA4GA1UdDwEB/wQEAwIDCDAR
+ BgNVHQ4ECgQIgUAwB+9f1oIwEwYDVR0jBAwwCoAIgjqisiZ1WVswCQYHKoZIzjgE
+ AwMvADAsAhQ41mCUsFhmxI58tytV8XEVZOCuUwIUVMe/HbUAH5PJ7aRoCNqa3fCI
+ cU0=
+ </X509Certificate>
+ </X509Data>
+ </OriginatorKeyInfo>
+ <RecipientKeyInfo>
+ <X509Data xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <X509Certificate>
+ MIIDvjCCA36gAwIBAgIGAOxN3+EMMAkGByqGSM44BAMwbjELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEVMBMGA1UEAxMMVHJhbnNpZW50IENB
+ MB4XDTAyMDIyODE3NTMxOVoXDTAzMDIyODE3NTI1NFowbzELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEWMBQGA1UEAxMNTmlscmVtIFNlaGd1
+ aDCCAiUwggGaBgcqhkjOPgIBMIIBjQKBgQCmXKCXa4w1z6Ni0Bl4oJnE+yaprbPw
+ Os5RrsvjnmKzM3hJ0+cv4uxkPjtUlrK9BjzoPUnlquTCttTOaEwCMFmwQ08GB99H
+ DAQFOOir6CNLJk0hvGqyqcl0TJQSXOfiQYTCEQKQkac5pJxpymNmDXWH6B3SIF9j
+ T3VsYesJmu+v/wKBgD3q1GYDBDA03oDHUwURvQz2ORB5sA8cM5WnXUXH733X1P/c
+ JT88+QVKLTJu99CfXZRemr1q/dvX82LJyDlA3lDiaZbV5q02J78+QYusrlLum1cE
+ n7+7uEviPxDPWQfnmN33ReUwDBw+LSvOpcOQDw6zdkJztVDAsCL4zhWrUjiNAhUA
+ 9jJXQijNovoq6QUBFcEUYwUvyTMCbQCs/HkLusCqHmY71JxUOFzy5fuWkPpWXJzx
+ qU3oz1BfMZtPUqjpBnqU97M7VUEg+5pRG2txaHP8XNmB1bY0DCE88riDmHP7HqZB
+ Z2gbaH2LxXDQDayb5GcPfn38eDcWvVAaKP9fJ8wG5RUu3AoDgYQAAoGAGSYT19Pb
+ VCxMt06cAP7zQZ6AC5eXp3zeAweIevV96ryA1mB03qhB9X2lVowAUOFc24aVRTz7
+ wRoRjNQ20atzSy21C7yXDkvZ4uxfdrpIqpIVrI28e7XL+6CrhnAk621OvdeyEz5H
+ orA21hPXoCNdnUPG5Ib20oopM87ptF5dwiWjOjA4MA4GA1UdDwEB/wQEAwIDCDAR
+ BgNVHQ4ECgQIiDCSQ3FB/oEwEwYDVR0jBAwwCoAIgjqisiZ1WVswCQYHKoZIzjgE
+ AwMvADAsAhQMtZ98TyqVkVqUJ3RJqaU7l2xqKgIUX997qRqeMjAkK88NHeNd95/2
+ Yos=
+ </X509Certificate>
+ </X509Data>
+ </RecipientKeyInfo>
+ </AgreementMethod>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ qKWnCxVIlNvPEqBMxhCaY6z9NK0ZFCmRef1U5wbIMPaR/g2Zdw7VZg==
+ </CipherValue>
+ </CipherData>
+ </EncryptedKey>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ betMfG/VMLdwNGdkspCrJSo092PltInklQisKd8ImQgeFMzjn73OpXhK0KJtB9IB
+ 1xGjENZ8Yzu625ehhCZGGFK4mp8DkIE7Sfw7O+5UEqprE/cGrWL0bbcz0U7X2Evh
+ 4/9va6h+DHAzmVYW7bqsa0WkiHkELRq44ORdSzyPUIwpGUCsOWyThsYfIn4uhIHQ
+ NJVTKPRHTb5H5lsxNtobSeXACSYAHk/BmJM99h4IQ9Gh7bCkhkmZsIvo/lNOW+6r
+ xtvLqHfYw9XhJe7hL0Q5EluMCBZQJ/Vx2r5lTXzBeonlurpzNdRa+ClKSVRUwKYH
+ Vjemr/o+Y4e4r8gD3TVP3auVuUCmi3XLpj4WjOsPDcekzZUgXA/xuJ+7jHXjOEOK
+ RViMiwIk0cqOa6s0Qg63EQ==
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
+</PurchaseOrder>
diff --git a/tests/merlin-xmlenc-five/encrypt-element-aes256-cbc-retrieved-kw-aes256.data b/tests/merlin-xmlenc-five/encrypt-element-aes256-cbc-retrieved-kw-aes256.data
new file mode 100644
index 00000000..0d6bb44c
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encrypt-element-aes256-cbc-retrieved-kw-aes256.data
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE test [
+<!ATTLIST EncryptedKey Id ID #IMPLIED>
+]>
+<PurchaseOrder xmlns="urn:example:po">
+ <Items>
+ <Item Code="001-001-001" Quantity="1">
+ spade
+ </Item>
+ <Item Code="001-001-002" Quantity="1">
+ shovel
+ </Item>
+ </Items>
+ <ShippingAddress>
+ Dig PLC, 1 First Ave, Dublin 1, Ireland
+ </ShippingAddress>
+ <PaymentInfo>
+ <BillingAddress>
+ Dig PLC, 1 First Ave, Dublin 1, Ireland
+ </BillingAddress>
+ <CreditCard Type="Amex">
+ <Name>Foo B Baz</Name>
+ <Number>1234 567890 12345</Number>
+ <Expires Month="1" Year="2005"/>
+ </CreditCard>
+ </PaymentInfo>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#" Id="encrypt-key-0">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes256"/>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>jed</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ bsL63D0hPN6EOyzdgfEmKsAAvoJiGM+Wp9a9KZM92IKdl7s3YSntRg==
+ </CipherValue>
+ </CipherData>
+ </EncryptedKey>
+ </KeyInfo>
+</PurchaseOrder>
diff --git a/tests/merlin-xmlenc-five/encrypt-element-aes256-cbc-retrieved-kw-aes256.xml b/tests/merlin-xmlenc-five/encrypt-element-aes256-cbc-retrieved-kw-aes256.xml
new file mode 100644
index 00000000..a08f51f3
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encrypt-element-aes256-cbc-retrieved-kw-aes256.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE test [
+<!ATTLIST EncryptedKey Id ID #IMPLIED>
+]>
+<PurchaseOrder xmlns="urn:example:po">
+ <Items>
+ <Item Code="001-001-001" Quantity="1">
+ spade
+ </Item>
+ <Item Code="001-001-002" Quantity="1">
+ shovel
+ </Item>
+ </Items>
+ <ShippingAddress>
+ Dig PLC, 1 First Ave, Dublin 1, Ireland
+ </ShippingAddress>
+ <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey" URI="#encrypt-key-0" />
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ cudR6Hg0xqhrOjbvQz4C/WOdHbcB7Duc+xFxbObkfkW6jXweDOf8Tq87FPbj5bby
+ oCLbWqq3ap/zx/gN8Xv3Fj6fYUz3dIb1wzXy7B0/3me7i4fBHyGropflLi7iEag2
+ WU7aGJ0CA9/jQr6Td2qhH0CDU47QN9eK/PVMPPfLX1D1A90uK32wPn+SCysE58Q3
+ rCi7Jwo+OsrxT0qqjP82T3FjVi0i/dsnPb5GQWLE3/y7OsIuknuMRO4mWma+bO/m
+ aAN9JNeom5Kn3IKHCK2+kyx+LsGo2daKxF7RF9QqlaA/imsMS4trRjZjYhgfgm96
+ kb1l4AI7VZcfRXwYdzLqKNHty6ZxbSQBMeEca0mEuIbor7IH34641a/BuFME/BLm
+ MoVaLUCE0rg1e1U0S18UCg==
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#" Id="encrypt-key-0">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes256" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>jed</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ bsL63D0hPN6EOyzdgfEmKsAAvoJiGM+Wp9a9KZM92IKdl7s3YSntRg==
+ </CipherValue>
+ </CipherData>
+ </EncryptedKey>
+ </KeyInfo>
+</PurchaseOrder>
diff --git a/tests/merlin-xmlenc-five/encrypt-element-tripledes-cbc-kw-aes128.data b/tests/merlin-xmlenc-five/encrypt-element-tripledes-cbc-kw-aes128.data
new file mode 100644
index 00000000..a42179d6
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encrypt-element-tripledes-cbc-kw-aes128.data
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE test [
+<!ATTLIST PaymentInfo Id ID #IMPLIED>
+]>
+<PurchaseOrder xmlns="urn:example:po">
+ <Items>
+ <Item Code="001-001-001" Quantity="1">
+ spade
+ </Item>
+ <Item Code="001-001-002" Quantity="1">
+ shovel
+ </Item>
+ </Items>
+ <ShippingAddress>
+ Dig PLC, 1 First Ave, Dublin 1, Ireland
+ </ShippingAddress>
+ <PaymentInfo>
+ <BillingAddress>
+ Dig PLC, 1 First Ave, Dublin 1, Ireland
+ </BillingAddress>
+ <CreditCard Type="Amex">
+ <Name>Foo B Baz</Name>
+ <Number>1234 567890 12345</Number>
+ <Expires Month="1" Year="2005"/>
+ </CreditCard>
+ </PaymentInfo>
+</PurchaseOrder>
diff --git a/tests/merlin-xmlenc-five/encrypt-element-tripledes-cbc-kw-aes128.tmpl b/tests/merlin-xmlenc-five/encrypt-element-tripledes-cbc-kw-aes128.tmpl
new file mode 100644
index 00000000..eb5105c7
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encrypt-element-tripledes-cbc-kw-aes128.tmpl
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+ <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes128" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>job</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+ </EncryptedKey>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
diff --git a/tests/merlin-xmlenc-five/encrypt-element-tripledes-cbc-kw-aes128.xml b/tests/merlin-xmlenc-five/encrypt-element-tripledes-cbc-kw-aes128.xml
new file mode 100644
index 00000000..6aca9d99
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encrypt-element-tripledes-cbc-kw-aes128.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE test [
+<!ATTLIST PaymentInfo Id ID #IMPLIED>
+]>
+<PurchaseOrder xmlns="urn:example:po">
+ <Items>
+ <Item Code="001-001-001" Quantity="1">
+ spade
+ </Item>
+ <Item Code="001-001-002" Quantity="1">
+ shovel
+ </Item>
+ </Items>
+ <ShippingAddress>
+ Dig PLC, 1 First Ave, Dublin 1, Ireland
+ </ShippingAddress>
+ <EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Type="http://www.w3.org/2001/04/xmlenc#Element">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes128" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>job</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ dV45TUpJbidb9iKa34xj1WVtTZ036cnqvym2TBJWR5c=
+ </CipherValue>
+ </CipherData>
+ </EncryptedKey>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ bmExbDyrUQtsGjNBU7TRpMhOC76O/wBDWVMQML43lWNP0xp7QwVPce1XdbB4AVUn
+ xxAuJh18jOd9UzPTzrJHrKWvsWP8Xp1m/HL3A1XhOUe+MEcFyJB9fXazhDmyaSYU
+ SvieaPXcpzKWiHhZE8RKUyAYw9nU9wf2SEUgCVRuRPfsrXg4Uyr83VTn84LPe9sL
+ dd2hMj4jhgHL86b7PTYBWdtrYXq0Jwzptuw+TZ1C706BAZDYNAiSTdx3J17Ey3ex
+ IeIFBBIq8D8Gp7XiH4UxiDB6rtA2czox6+FCvaIsrGFaaw9XdzvhiZ3HxYROjprz
+ qiXcJlZzG6j8yRdpHSjsDkN3w7XjEgRODieGx110rBytZcwtqb0zc6JTZH5DzoJy
+ </CipherValue>
+ </CipherData>
+ </EncryptedData>
+</PurchaseOrder>
diff --git a/tests/merlin-xmlenc-five/encsig-hmac-sha256-dh.xml b/tests/merlin-xmlenc-five/encsig-hmac-sha256-dh.xml
new file mode 100644
index 00000000..a69d9361
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encsig-hmac-sha256-dh.xml
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ 255LFQdP+eAK2aeuuLnz10pmaw4WEYb6TZa3B6H4z8c=
+ </SignatureValue>
+ <KeyInfo>
+ <AgreementMethod xmlns="http://www.w3.org/2001/04/xmlenc#" Algorithm="http://www.w3.org/2001/04/xmlenc#dh">
+ <KA-Nonce>
+ bm9uY2U=
+ </KA-Nonce>
+ <DigestMethod xmlns="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
+ <OriginatorKeyInfo>
+ <KeyValue xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <DHKeyValue xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <P>
+ plygl2uMNc+jYtAZeKCZxPsmqa2z8DrOUa7L455iszN4SdPnL+LsZD47VJayvQY8
+ 6D1J5arkwrbUzmhMAjBZsENPBgffRwwEBTjoq+gjSyZNIbxqsqnJdEyUElzn4kGE
+ whECkJGnOaScacpjZg11h+gd0iBfY091bGHrCZrvr/8=
+ </P>
+ <Q>
+ 9jJXQijNovoq6QUBFcEUYwUvyTM=
+ </Q>
+ <Generator>
+ PerUZgMEMDTegMdTBRG9DPY5EHmwDxwzladdRcfvfdfU/9wlPzz5BUotMm730J9d
+ lF6avWr929fzYsnIOUDeUOJpltXmrTYnvz5Bi6yuUu6bVwSfv7u4S+I/EM9ZB+eY
+ 3fdF5TAMHD4tK86lw5APDrN2QnO1UMCwIvjOFatSOI0=
+ </Generator>
+ <Public>
+ Ulu6B1lCwajtIBnolqqgU+R1oxfye63DnI/iLM/Oe+Y8I/LMMaEmo3LmCU30m82r
+ NyOUqgfnm97S0bT8ZhI8gvw0EyQJ87vhlUz4WcmddU/YlTi3gJHUClr2olmBmRCt
+ m2vKo/BpoLGJ0Wg1eyWfo54+gCqbeNez/DmBGcBEEhM=
+ </Public>
+ </DHKeyValue>
+ </KeyValue>
+ <X509Data xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <X509Certificate>
+ MIIDvjCCA36gAwIBAgIGAOxN39MIMAkGByqGSM44BAMwbjELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEVMBMGA1UEAxMMVHJhbnNpZW50IENB
+ MB4XDTAyMDIyODE3NTMxNloXDTAzMDIyODE3NTI1NFowbzELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEWMBQGA1UEAxMNTWVybGluIEh1Z2hl
+ czCCAiUwggGaBgcqhkjOPgIBMIIBjQKBgQCmXKCXa4w1z6Ni0Bl4oJnE+yaprbPw
+ Os5RrsvjnmKzM3hJ0+cv4uxkPjtUlrK9BjzoPUnlquTCttTOaEwCMFmwQ08GB99H
+ DAQFOOir6CNLJk0hvGqyqcl0TJQSXOfiQYTCEQKQkac5pJxpymNmDXWH6B3SIF9j
+ T3VsYesJmu+v/wKBgD3q1GYDBDA03oDHUwURvQz2ORB5sA8cM5WnXUXH733X1P/c
+ JT88+QVKLTJu99CfXZRemr1q/dvX82LJyDlA3lDiaZbV5q02J78+QYusrlLum1cE
+ n7+7uEviPxDPWQfnmN33ReUwDBw+LSvOpcOQDw6zdkJztVDAsCL4zhWrUjiNAhUA
+ 9jJXQijNovoq6QUBFcEUYwUvyTMCbQCs/HkLusCqHmY71JxUOFzy5fuWkPpWXJzx
+ qU3oz1BfMZtPUqjpBnqU97M7VUEg+5pRG2txaHP8XNmB1bY0DCE88riDmHP7HqZB
+ Z2gbaH2LxXDQDayb5GcPfn38eDcWvVAaKP9fJ8wG5RUu3AoDgYQAAoGAUlu6B1lC
+ wajtIBnolqqgU+R1oxfye63DnI/iLM/Oe+Y8I/LMMaEmo3LmCU30m82rNyOUqgfn
+ m97S0bT8ZhI8gvw0EyQJ87vhlUz4WcmddU/YlTi3gJHUClr2olmBmRCtm2vKo/Bp
+ oLGJ0Wg1eyWfo54+gCqbeNez/DmBGcBEEhOjOjA4MA4GA1UdDwEB/wQEAwIDCDAR
+ BgNVHQ4ECgQIgUAwB+9f1oIwEwYDVR0jBAwwCoAIgjqisiZ1WVswCQYHKoZIzjgE
+ AwMvADAsAhQ41mCUsFhmxI58tytV8XEVZOCuUwIUVMe/HbUAH5PJ7aRoCNqa3fCI
+ cU0=
+ </X509Certificate>
+ </X509Data>
+ </OriginatorKeyInfo>
+ <RecipientKeyInfo>
+ <X509Data xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <X509Certificate>
+ MIIDvjCCA36gAwIBAgIGAOxN3+EMMAkGByqGSM44BAMwbjELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEVMBMGA1UEAxMMVHJhbnNpZW50IENB
+ MB4XDTAyMDIyODE3NTMxOVoXDTAzMDIyODE3NTI1NFowbzELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEWMBQGA1UEAxMNTmlscmVtIFNlaGd1
+ aDCCAiUwggGaBgcqhkjOPgIBMIIBjQKBgQCmXKCXa4w1z6Ni0Bl4oJnE+yaprbPw
+ Os5RrsvjnmKzM3hJ0+cv4uxkPjtUlrK9BjzoPUnlquTCttTOaEwCMFmwQ08GB99H
+ DAQFOOir6CNLJk0hvGqyqcl0TJQSXOfiQYTCEQKQkac5pJxpymNmDXWH6B3SIF9j
+ T3VsYesJmu+v/wKBgD3q1GYDBDA03oDHUwURvQz2ORB5sA8cM5WnXUXH733X1P/c
+ JT88+QVKLTJu99CfXZRemr1q/dvX82LJyDlA3lDiaZbV5q02J78+QYusrlLum1cE
+ n7+7uEviPxDPWQfnmN33ReUwDBw+LSvOpcOQDw6zdkJztVDAsCL4zhWrUjiNAhUA
+ 9jJXQijNovoq6QUBFcEUYwUvyTMCbQCs/HkLusCqHmY71JxUOFzy5fuWkPpWXJzx
+ qU3oz1BfMZtPUqjpBnqU97M7VUEg+5pRG2txaHP8XNmB1bY0DCE88riDmHP7HqZB
+ Z2gbaH2LxXDQDayb5GcPfn38eDcWvVAaKP9fJ8wG5RUu3AoDgYQAAoGAGSYT19Pb
+ VCxMt06cAP7zQZ6AC5eXp3zeAweIevV96ryA1mB03qhB9X2lVowAUOFc24aVRTz7
+ wRoRjNQ20atzSy21C7yXDkvZ4uxfdrpIqpIVrI28e7XL+6CrhnAk621OvdeyEz5H
+ orA21hPXoCNdnUPG5Ib20oopM87ptF5dwiWjOjA4MA4GA1UdDwEB/wQEAwIDCDAR
+ BgNVHQ4ECgQIiDCSQ3FB/oEwEwYDVR0jBAwwCoAIgjqisiZ1WVswCQYHKoZIzjgE
+ AwMvADAsAhQMtZ98TyqVkVqUJ3RJqaU7l2xqKgIUX997qRqeMjAkK88NHeNd95/2
+ Yos=
+ </X509Certificate>
+ </X509Data>
+ </RecipientKeyInfo>
+ </AgreementMethod>
+ </KeyInfo>
+</Signature>
diff --git a/tests/merlin-xmlenc-five/encsig-hmac-sha256-kw-tripledes-dh.xml b/tests/merlin-xmlenc-five/encsig-hmac-sha256-kw-tripledes-dh.xml
new file mode 100644
index 00000000..79ef3f12
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encsig-hmac-sha256-kw-tripledes-dh.xml
@@ -0,0 +1,108 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ 9XBpYbFplNqqF7U/QtCHYE20U7oIxcyCr0L19MlenNo=
+ </SignatureValue>
+ <KeyInfo>
+ <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-tripledes" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <AgreementMethod xmlns="http://www.w3.org/2001/04/xmlenc#" Algorithm="http://www.w3.org/2001/04/xmlenc#dh">
+ <KA-Nonce>
+ bm9uY2U=
+ </KA-Nonce>
+ <DigestMethod xmlns="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
+ <OriginatorKeyInfo>
+ <KeyValue xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <DHKeyValue xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <P>
+ plygl2uMNc+jYtAZeKCZxPsmqa2z8DrOUa7L455iszN4SdPnL+LsZD47VJayvQY8
+ 6D1J5arkwrbUzmhMAjBZsENPBgffRwwEBTjoq+gjSyZNIbxqsqnJdEyUElzn4kGE
+ whECkJGnOaScacpjZg11h+gd0iBfY091bGHrCZrvr/8=
+ </P>
+ <Q>
+ 9jJXQijNovoq6QUBFcEUYwUvyTM=
+ </Q>
+ <Generator>
+ PerUZgMEMDTegMdTBRG9DPY5EHmwDxwzladdRcfvfdfU/9wlPzz5BUotMm730J9d
+ lF6avWr929fzYsnIOUDeUOJpltXmrTYnvz5Bi6yuUu6bVwSfv7u4S+I/EM9ZB+eY
+ 3fdF5TAMHD4tK86lw5APDrN2QnO1UMCwIvjOFatSOI0=
+ </Generator>
+ <Public>
+ Ulu6B1lCwajtIBnolqqgU+R1oxfye63DnI/iLM/Oe+Y8I/LMMaEmo3LmCU30m82r
+ NyOUqgfnm97S0bT8ZhI8gvw0EyQJ87vhlUz4WcmddU/YlTi3gJHUClr2olmBmRCt
+ m2vKo/BpoLGJ0Wg1eyWfo54+gCqbeNez/DmBGcBEEhM=
+ </Public>
+ </DHKeyValue>
+ </KeyValue>
+ <X509Data xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <X509Certificate>
+ MIIDvjCCA36gAwIBAgIGAOxN39MIMAkGByqGSM44BAMwbjELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEVMBMGA1UEAxMMVHJhbnNpZW50IENB
+ MB4XDTAyMDIyODE3NTMxNloXDTAzMDIyODE3NTI1NFowbzELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEWMBQGA1UEAxMNTWVybGluIEh1Z2hl
+ czCCAiUwggGaBgcqhkjOPgIBMIIBjQKBgQCmXKCXa4w1z6Ni0Bl4oJnE+yaprbPw
+ Os5RrsvjnmKzM3hJ0+cv4uxkPjtUlrK9BjzoPUnlquTCttTOaEwCMFmwQ08GB99H
+ DAQFOOir6CNLJk0hvGqyqcl0TJQSXOfiQYTCEQKQkac5pJxpymNmDXWH6B3SIF9j
+ T3VsYesJmu+v/wKBgD3q1GYDBDA03oDHUwURvQz2ORB5sA8cM5WnXUXH733X1P/c
+ JT88+QVKLTJu99CfXZRemr1q/dvX82LJyDlA3lDiaZbV5q02J78+QYusrlLum1cE
+ n7+7uEviPxDPWQfnmN33ReUwDBw+LSvOpcOQDw6zdkJztVDAsCL4zhWrUjiNAhUA
+ 9jJXQijNovoq6QUBFcEUYwUvyTMCbQCs/HkLusCqHmY71JxUOFzy5fuWkPpWXJzx
+ qU3oz1BfMZtPUqjpBnqU97M7VUEg+5pRG2txaHP8XNmB1bY0DCE88riDmHP7HqZB
+ Z2gbaH2LxXDQDayb5GcPfn38eDcWvVAaKP9fJ8wG5RUu3AoDgYQAAoGAUlu6B1lC
+ wajtIBnolqqgU+R1oxfye63DnI/iLM/Oe+Y8I/LMMaEmo3LmCU30m82rNyOUqgfn
+ m97S0bT8ZhI8gvw0EyQJ87vhlUz4WcmddU/YlTi3gJHUClr2olmBmRCtm2vKo/Bp
+ oLGJ0Wg1eyWfo54+gCqbeNez/DmBGcBEEhOjOjA4MA4GA1UdDwEB/wQEAwIDCDAR
+ BgNVHQ4ECgQIgUAwB+9f1oIwEwYDVR0jBAwwCoAIgjqisiZ1WVswCQYHKoZIzjgE
+ AwMvADAsAhQ41mCUsFhmxI58tytV8XEVZOCuUwIUVMe/HbUAH5PJ7aRoCNqa3fCI
+ cU0=
+ </X509Certificate>
+ </X509Data>
+ </OriginatorKeyInfo>
+ <RecipientKeyInfo>
+ <X509Data xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <X509Certificate>
+ MIIDvjCCA36gAwIBAgIGAOxN3+EMMAkGByqGSM44BAMwbjELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEVMBMGA1UEAxMMVHJhbnNpZW50IENB
+ MB4XDTAyMDIyODE3NTMxOVoXDTAzMDIyODE3NTI1NFowbzELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEWMBQGA1UEAxMNTmlscmVtIFNlaGd1
+ aDCCAiUwggGaBgcqhkjOPgIBMIIBjQKBgQCmXKCXa4w1z6Ni0Bl4oJnE+yaprbPw
+ Os5RrsvjnmKzM3hJ0+cv4uxkPjtUlrK9BjzoPUnlquTCttTOaEwCMFmwQ08GB99H
+ DAQFOOir6CNLJk0hvGqyqcl0TJQSXOfiQYTCEQKQkac5pJxpymNmDXWH6B3SIF9j
+ T3VsYesJmu+v/wKBgD3q1GYDBDA03oDHUwURvQz2ORB5sA8cM5WnXUXH733X1P/c
+ JT88+QVKLTJu99CfXZRemr1q/dvX82LJyDlA3lDiaZbV5q02J78+QYusrlLum1cE
+ n7+7uEviPxDPWQfnmN33ReUwDBw+LSvOpcOQDw6zdkJztVDAsCL4zhWrUjiNAhUA
+ 9jJXQijNovoq6QUBFcEUYwUvyTMCbQCs/HkLusCqHmY71JxUOFzy5fuWkPpWXJzx
+ qU3oz1BfMZtPUqjpBnqU97M7VUEg+5pRG2txaHP8XNmB1bY0DCE88riDmHP7HqZB
+ Z2gbaH2LxXDQDayb5GcPfn38eDcWvVAaKP9fJ8wG5RUu3AoDgYQAAoGAGSYT19Pb
+ VCxMt06cAP7zQZ6AC5eXp3zeAweIevV96ryA1mB03qhB9X2lVowAUOFc24aVRTz7
+ wRoRjNQ20atzSy21C7yXDkvZ4uxfdrpIqpIVrI28e7XL+6CrhnAk621OvdeyEz5H
+ orA21hPXoCNdnUPG5Ib20oopM87ptF5dwiWjOjA4MA4GA1UdDwEB/wQEAwIDCDAR
+ BgNVHQ4ECgQIiDCSQ3FB/oEwEwYDVR0jBAwwCoAIgjqisiZ1WVswCQYHKoZIzjgE
+ AwMvADAsAhQMtZ98TyqVkVqUJ3RJqaU7l2xqKgIUX997qRqeMjAkK88NHeNd95/2
+ Yos=
+ </X509Certificate>
+ </X509Data>
+ </RecipientKeyInfo>
+ </AgreementMethod>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ 2s+2ji8opL0SLKziiyNZ+mZ8Ibfu7cTwe4C0MmyarYDwGmsiRSqff8trHUwa+njZ
+ </CipherValue>
+ </CipherData>
+ </EncryptedKey>
+ </KeyInfo>
+</Signature>
diff --git a/tests/merlin-xmlenc-five/encsig-hmac-sha256-rsa-1_5.xml b/tests/merlin-xmlenc-five/encsig-hmac-sha256-rsa-1_5.xml
new file mode 100644
index 00000000..ecc29878
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encsig-hmac-sha256-rsa-1_5.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ 9XBpYbFplNqqF7U/QtCHYE20U7oIxcyCr0L19MlenNo=
+ </SignatureValue>
+ <KeyInfo>
+ <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <X509Data>
+ <X509Certificate>
+ MIICkjCCAfugAwIBAgIGAOxN32E+MA0GCSqGSIb3DQEBBQUAMG4xCzAJBgNVBAYT
+ AklFMQ8wDQYDVQQIEwZEdWJsaW4xJDAiBgNVBAoTG0JhbHRpbW9yZSBUZWNobm9s
+ b2dpZXMgTHRkLjERMA8GA1UECxMIWC9TZWN1cmUxFTATBgNVBAMTDFRyYW5zaWVu
+ dCBDQTAeFw0wMjAyMjgxNzUyNDZaFw0wMzAyMjgxNzUyNDBaMG8xCzAJBgNVBAYT
+ AklFMQ8wDQYDVQQIEwZEdWJsaW4xJDAiBgNVBAoTG0JhbHRpbW9yZSBUZWNobm9s
+ b2dpZXMgTHRkLjERMA8GA1UECxMIWC9TZWN1cmUxFjAUBgNVBAMTDU1lcmxpbiBI
+ dWdoZXMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAORdNSxbNFWlQeNsOlYJ
+ 9gN9eZD+rguRqKhmhOm7i63VDd5ALm2APXhqAmGBPzLN5jlL9g2XALK5WSO4XKjJ
+ McVfYg4+nPuOeHgqdD4HUgf19j/6SaTMcmDFJQMmx1Qw+Aakq3mGcSfvOJcBZctz
+ a50VucfCGL1NdfBEcaL3BnhjAgMBAAGjOjA4MA4GA1UdDwEB/wQEAwIFoDARBgNV
+ HQ4ECgQIjFG0ZGNyvNswEwYDVR0jBAwwCoAIhJXVlhr6O4wwDQYJKoZIhvcNAQEF
+ BQADgYEAXzG7x5aCJYRusTbmuZqhidGM5iiA9+RmZ4JTPDEgbeiTiJROxpr+ZjnA
+ TmsDKrCpqNUiHWjmsKEArYQp8R/KjdKl/pVe3jUvTxb0YZ+li/7k0GQ5LyRT/K4c
+ 2SgyLlyBPhpMq+z3g4P2egVRaZbxsLuKQILf7MIV/X5iAEBzu1w=
+ </X509Certificate>
+ </X509Data>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ BRhPOKN/KLCih2Q2RoxQiaV0s1FfpOM+kisl9MwRSPow5CyX91rBVfoWpP/Qq1T3
+ Rj/f0gVoJyE008uLic4X/S4spnudlOzTkVB6bUzoBt4j+z4hEq/cIfHqVdEJ+lN0
+ iu1sJk3k6ESl22OWEqQB7Rl5sAdhFPOqXsnLUNWmqA8=
+ </CipherValue>
+ </CipherData>
+ </EncryptedKey>
+ </KeyInfo>
+</Signature>
diff --git a/tests/merlin-xmlenc-five/encsig-hmac-sha256-rsa-oaep-mgf1p.xml b/tests/merlin-xmlenc-five/encsig-hmac-sha256-rsa-oaep-mgf1p.xml
new file mode 100644
index 00000000..1779093a
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encsig-hmac-sha256-rsa-oaep-mgf1p.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ 9XBpYbFplNqqF7U/QtCHYE20U7oIxcyCr0L19MlenNo=
+ </SignatureValue>
+ <KeyInfo>
+ <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
+ <DigestMethod xmlns="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <OAEPparams>
+ MTIzNDU2Nzg=
+ </OAEPparams>
+ </EncryptionMethod>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <X509Data>
+ <X509Certificate>
+ MIICkjCCAfugAwIBAgIGAOxN32E+MA0GCSqGSIb3DQEBBQUAMG4xCzAJBgNVBAYT
+ AklFMQ8wDQYDVQQIEwZEdWJsaW4xJDAiBgNVBAoTG0JhbHRpbW9yZSBUZWNobm9s
+ b2dpZXMgTHRkLjERMA8GA1UECxMIWC9TZWN1cmUxFTATBgNVBAMTDFRyYW5zaWVu
+ dCBDQTAeFw0wMjAyMjgxNzUyNDZaFw0wMzAyMjgxNzUyNDBaMG8xCzAJBgNVBAYT
+ AklFMQ8wDQYDVQQIEwZEdWJsaW4xJDAiBgNVBAoTG0JhbHRpbW9yZSBUZWNobm9s
+ b2dpZXMgTHRkLjERMA8GA1UECxMIWC9TZWN1cmUxFjAUBgNVBAMTDU1lcmxpbiBI
+ dWdoZXMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAORdNSxbNFWlQeNsOlYJ
+ 9gN9eZD+rguRqKhmhOm7i63VDd5ALm2APXhqAmGBPzLN5jlL9g2XALK5WSO4XKjJ
+ McVfYg4+nPuOeHgqdD4HUgf19j/6SaTMcmDFJQMmx1Qw+Aakq3mGcSfvOJcBZctz
+ a50VucfCGL1NdfBEcaL3BnhjAgMBAAGjOjA4MA4GA1UdDwEB/wQEAwIFoDARBgNV
+ HQ4ECgQIjFG0ZGNyvNswEwYDVR0jBAwwCoAIhJXVlhr6O4wwDQYJKoZIhvcNAQEF
+ BQADgYEAXzG7x5aCJYRusTbmuZqhidGM5iiA9+RmZ4JTPDEgbeiTiJROxpr+ZjnA
+ TmsDKrCpqNUiHWjmsKEArYQp8R/KjdKl/pVe3jUvTxb0YZ+li/7k0GQ5LyRT/K4c
+ 2SgyLlyBPhpMq+z3g4P2egVRaZbxsLuKQILf7MIV/X5iAEBzu1w=
+ </X509Certificate>
+ </X509Data>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ NGIOL9UzhGwPYvVzbBxOGzxXfTIkzIsmtNSkWA03p64aS41vVA0sKWvcr/79Nf7T
+ 6RdA61TmwOKa5GDUYRumEadC7Z0zKFDKcuN78iJzlj2WwVqr5vBx14X2BSVW+de1
+ UTmXRZFRosFOk9etvD7Lm1V+kqIxqSrod68G8gJvGrY=
+ </CipherValue>
+ </CipherData>
+ </EncryptedKey>
+ </KeyInfo>
+</Signature>
diff --git a/tests/merlin-xmlenc-five/encsig-ripemd160-hmac-ripemd160-kw-tripledes.tmpl b/tests/merlin-xmlenc-five/encsig-ripemd160-hmac-ripemd160-kw-tripledes.tmpl
new file mode 100644
index 00000000..3d78bb37
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encsig-ripemd160-hmac-ripemd160-kw-tripledes.tmpl
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#ripemd160" />
+ <DigestValue></DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ </SignatureValue>
+ <KeyInfo>
+ <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-tripledes" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>bob</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ </CipherValue>
+ </CipherData>
+ </EncryptedKey>
+ </KeyInfo>
+</Signature>
diff --git a/tests/merlin-xmlenc-five/encsig-ripemd160-hmac-ripemd160-kw-tripledes.xml b/tests/merlin-xmlenc-five/encsig-ripemd160-hmac-ripemd160-kw-tripledes.xml
new file mode 100644
index 00000000..532800bb
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encsig-ripemd160-hmac-ripemd160-kw-tripledes.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-ripemd160" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#ripemd160" />
+ <DigestValue>ixv9ZpIiqEzBC3Uztm5Rl6tXd9Q=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ kwV4uELL96oFm8/+VGzq+xAOgUg=
+ </SignatureValue>
+ <KeyInfo>
+ <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-tripledes" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>bob</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ gHMpx5iF7+KXtNHLasZrkcLHn8Ti4rxUjCIRK+IcgbQir6FUsQ/uxQ3o8enEMWq1
+ </CipherValue>
+ </CipherData>
+ </EncryptedKey>
+ </KeyInfo>
+</Signature>
diff --git a/tests/merlin-xmlenc-five/encsig-sha256-hmac-sha256-kw-aes128.xml b/tests/merlin-xmlenc-five/encsig-sha256-hmac-sha256-kw-aes128.xml
new file mode 100644
index 00000000..535510c7
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encsig-sha256-hmac-sha256-kw-aes128.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha256" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
+ <DigestValue>eI1OLVStn6Z4q7Byq8XGUJ4bce1LMSlanI6o+SvYzt0=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ cOQGJE3d3fXi1BIfdvr1v6tz/4lt9xGznfyDPXEvc4Q=
+ </SignatureValue>
+ <KeyInfo>
+ <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes128" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>job</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ rPnY/XoSGCbuwy7vpslf29rs9dbvSCmGFOjEs3LT6g/qyZjfDA+2fQ==
+ </CipherValue>
+ </CipherData>
+ </EncryptedKey>
+ </KeyInfo>
+</Signature>
diff --git a/tests/merlin-xmlenc-five/encsig-sha384-hmac-sha384-kw-aes192.xml b/tests/merlin-xmlenc-five/encsig-sha384-hmac-sha384-kw-aes192.xml
new file mode 100644
index 00000000..836aba22
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encsig-sha384-hmac-sha384-kw-aes192.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha384" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384" />
+ <DigestValue>bWetGDV3M5oEiecfEHILQxVQRa1XgdY37VH8eWi9yVVx7Rr7UNhk+v6Jk7sMNPoA</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ iEjhOJoKiwsOBduxHj7bxILSsl6TLhNO3w/vlRcw9RZAe24HIxLRfhj4Xqsz1Orr
+ </SignatureValue>
+ <KeyInfo>
+ <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes192" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>jeb</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ 19D633XVohP6UJvaVRAhJek+ahtM3gOiVs6nZyAasDEb+WCUQOcWZw==
+ </CipherValue>
+ </CipherData>
+ </EncryptedKey>
+ </KeyInfo>
+</Signature>
diff --git a/tests/merlin-xmlenc-five/encsig-sha512-hmac-sha512-kw-aes256.xml b/tests/merlin-xmlenc-five/encsig-sha512-hmac-sha512-kw-aes256.xml
new file mode 100644
index 00000000..9adfafd8
--- /dev/null
+++ b/tests/merlin-xmlenc-five/encsig-sha512-hmac-sha512-kw-aes256.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha512" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512" />
+ <DigestValue>c8+KT9+qCSbNpdZm7/dp9Mv/lgF51ATycY0Ttz/0bw2p5nvnmeEgQpIPw5HhVJ9Ku6dDf0RKVVR/CsYvPGfnEg==</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ zB8ZUo9bQxzxnxW2aZ217eu//1e5xHB6RlfEOFOlx1l5PIhadKAlQo0z1D9B2HVU
+ Kj4StSnlUsrvDo2BxgiAoA==
+ </SignatureValue>
+ <KeyInfo>
+ <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
+ <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes256" />
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>jed</KeyName>
+ </KeyInfo>
+ <CipherData>
+ <CipherValue>
+ tPCC89jQShB+WDINCdRfKgf8wTlAx8xRXD73RmEHPBfix8zS1N82KQ==
+ </CipherValue>
+ </CipherData>
+ </EncryptedKey>
+ </KeyInfo>
+</Signature>
diff --git a/tests/merlin-xmlenc-five/ids.p12 b/tests/merlin-xmlenc-five/ids.p12
new file mode 100644
index 00000000..e659a4b6
--- /dev/null
+++ b/tests/merlin-xmlenc-five/ids.p12
Binary files differ
diff --git a/tests/merlin-xmlenc-five/keys.xml b/tests/merlin-xmlenc-five/keys.xml
new file mode 100644
index 00000000..9a8c0154
--- /dev/null
+++ b/tests/merlin-xmlenc-five/keys.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0"?>
+<Keys xmlns="http://www.aleksey.com/xmlsec/2002" >
+
+<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>bob</KeyName>
+ <KeyValue>
+ <DESKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">
+ YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4
+ </DESKeyValue>
+ </KeyValue>
+</KeyInfo>
+
+<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>jed</KeyName>
+ <KeyValue>
+ <AESKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">
+ YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXowMTIzNDU=
+ </AESKeyValue>
+ </KeyValue>
+</KeyInfo>
+
+<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>job</KeyName>
+ <KeyValue>
+ <AESKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">
+ YWJjZGVmZ2hpamtsbW5vcA==
+ </AESKeyValue>
+ </KeyValue>
+</KeyInfo>
+
+<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <KeyName>jeb</KeyName>
+ <KeyValue>
+ <AESKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">
+ YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4
+ </AESKeyValue>
+ </KeyValue>
+</KeyInfo>
+
+
+
+</Keys>
diff --git a/tests/merlin-xmlenc-five/plaintext.xml b/tests/merlin-xmlenc-five/plaintext.xml
new file mode 100644
index 00000000..26907987
--- /dev/null
+++ b/tests/merlin-xmlenc-five/plaintext.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<PurchaseOrder xmlns="urn:example:po">
+ <Items>
+ <Item Code="001-001-001" Quantity="1">
+ spade
+ </Item>
+ <Item Code="001-001-002" Quantity="1">
+ shovel
+ </Item>
+ </Items>
+ <ShippingAddress>
+ Dig PLC, 1 First Ave, Dublin 1, Ireland
+ </ShippingAddress>
+ <PaymentInfo>
+ <BillingAddress>
+ Dig PLC, 1 First Ave, Dublin 1, Ireland
+ </BillingAddress>
+ <CreditCard Type="Amex">
+ <Name>Foo B Baz</Name>
+ <Number>1234 567890 12345</Number>
+ <Expires Month="1" Year="2005" />
+ </CreditCard>
+ </PaymentInfo>
+</PurchaseOrder>
diff --git a/tests/merlin-xmlenc-five/rsa.p8 b/tests/merlin-xmlenc-five/rsa.p8
new file mode 100644
index 00000000..df70c742
--- /dev/null
+++ b/tests/merlin-xmlenc-five/rsa.p8
Binary files differ
diff --git a/tests/merlin-xmlenc-five/rsapriv.der b/tests/merlin-xmlenc-five/rsapriv.der
new file mode 100644
index 00000000..53642680
--- /dev/null
+++ b/tests/merlin-xmlenc-five/rsapriv.der
Binary files differ
diff --git a/tests/merlin-xmlenc-five/rsapriv.p12 b/tests/merlin-xmlenc-five/rsapriv.p12
new file mode 100644
index 00000000..bc6838b3
--- /dev/null
+++ b/tests/merlin-xmlenc-five/rsapriv.p12
Binary files differ
diff --git a/tests/merlin-xmlenc-five/rsapriv.p8-der b/tests/merlin-xmlenc-five/rsapriv.p8-der
new file mode 100644
index 00000000..66cb1c79
--- /dev/null
+++ b/tests/merlin-xmlenc-five/rsapriv.p8-der
Binary files differ
diff --git a/tests/merlin-xmlenc-five/rsapriv.p8-pem b/tests/merlin-xmlenc-five/rsapriv.p8-pem
new file mode 100644
index 00000000..e16c4252
--- /dev/null
+++ b/tests/merlin-xmlenc-five/rsapriv.p8-pem
@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICoTAbBgkqhkiG9w0BBQMwDgQI7pCqxlSm0uoCAggABIICgKiSM7d9ApczPWn9
+/+K9P4zFx/nER+vtY/XZKvzKOmu5j4kq7CvNTP4LWXsg95LBEuMQO+0I5PpNeM1w
+WxzqHHoCdv2OY/1yUkU5dzU5buBq442kUYT86jIXTPxJ0zhqc057jpSvo5dF2m+E
+FPG/h5YIqtnI6esQppODOSm+zBuCFNBrsXWvAs/ao64FKgw3rXtlySeuA4Ulqv6D
+MkkO8SOqGeB7of7jlAGB6fGCitMOPXS6YYK79mbKx6KTawBpLCKUYJM4/CJiqbTq
+eSfzSUC28r84uRGwIqtQvf3n0KmffaOTsUinV7Pgyne/rmzd1jNOYk9lqWfyCAQk
+S/QX966F7sWtIroHLYAVkOSwCXQp2UfMpIb18/ll4IqUwmaOeb8HbyXefC3kbWen
+IKuyyMBT3ov0hyCR+FUcGo/w/18mKRwSIQYWjpxuRgDCxXmSsXYYGTCkQGyvKGmm
+iMMAPwHHOtKZtUL5geIJbBDBFtRNj6ttaUlVmUWyt+mTZD8YOplEIDDbcnACQMxH
+W3MZNJPMY5IzNdvWtePsVGCFBFjsPTf1AvsNum89dcwI7V5YU5eD7VbaoqyvGGwK
+yUZZu+SBq5cMZCeAYK5MtYJvml9iJAKEFo5o4+bpsGJ/olbQP8HJI47ln5hhfm6i
+343IUAoKc9l8URMqArZfwj0B1XVeMksQ6UipLjjCpS4/2QA7MGtOWsI+2tfaIAyK
+iDwIujiM5K8b423uMo6IVU/7gBsDdpsQEQqw3gXqlBYcJ1iXO83EI+QB5EXfg2WS
+B2RiiaR40nAxudNjT4wX55BtFU+oYT4gvF+6wxsLCmSEmgvD9ePCSAsOxg/vD5tj
+5OSA/4o=
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/merlin-xmlenc-five/rsapriv.pem b/tests/merlin-xmlenc-five/rsapriv.pem
new file mode 100644
index 00000000..c2406c7f
--- /dev/null
+++ b/tests/merlin-xmlenc-five/rsapriv.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDkXTUsWzRVpUHjbDpWCfYDfXmQ/q4LkaioZoTpu4ut1Q3eQC5t
+gD14agJhgT8yzeY5S/YNlwCyuVkjuFyoyTHFX2IOPpz7jnh4KnQ+B1IH9fY/+kmk
+zHJgxSUDJsdUMPgGpKt5hnEn7ziXAWXLc2udFbnHwhi9TXXwRHGi9wZ4YwIDAQAB
+AoGBALNTnlXeqRI4W61DZ+v4ln/XIIeD9xiOoWrcVrNU2zL+g41ryQmkEqFkXcpD
+vGUg2xFTXTz+v0WZ1y39sIW6uKFRYUfaNsF6iVfGAyx1VWK/jgtPnCWDQy26Eby0
+BqpbZRy1a6MLYVEG/5bvZE01CDV4XttpTrNX91WWcYGduJxBAkEA6ED1ZOqIzBpu
+c2KAo+bWmroCH8+cSDk0gVq6bnRB+EEhRCmo/VgvndWLxfexdGmDIOAIisB06N5a
+GzBSCaEY/QJBAPu2cNvuuBNLwrlxPCwOEpIHYT4gJq8UMtg6O6N+u++nYCGhK6uo
+VCmrKY+UewyNIcsLZF0jsNI2qJjiU1vQxN8CQQDfQJnigMQwlfO3/Ga1po6Buu2R
+0IpkroB3G1R8GkrTrR+iGv2zUdKrwHsUOC2fPlFrB4+OeMOomRw6aG9jjDStAkB1
+ztiZhuvuVAoKIv5HnDqC0CNqIUAZtzlozDB3f+xT6SFr+/Plfn4Nlod4JMVGhZNo
+ZaeOlBLBAEX+cAcVtOs/AkBicZOAPv84ABmFfyhXhYaAuacaJLq//jg+t+URUOg+
+XZS9naRmawEQxOkZQVoMeKgvu05+V4MniFqdQBINIkr5
+-----END RSA PRIVATE KEY-----
diff --git a/tests/merlin-xmlenc-five/rsapub.pem b/tests/merlin-xmlenc-five/rsapub.pem
new file mode 100644
index 00000000..d92c99e9
--- /dev/null
+++ b/tests/merlin-xmlenc-five/rsapub.pem
@@ -0,0 +1,6 @@
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDkXTUsWzRVpUHjbDpWCfYDfXmQ
+/q4LkaioZoTpu4ut1Q3eQC5tgD14agJhgT8yzeY5S/YNlwCyuVkjuFyoyTHFX2IO
+Ppz7jnh4KnQ+B1IH9fY/+kmkzHJgxSUDJsdUMPgGpKt5hnEn7ziXAWXLc2udFbnH
+whi9TXXwRHGi9wZ4YwIDAQAB
+-----END PUBLIC KEY-----
diff --git a/tests/merlin-xpath-filter2-three/Readme.txt b/tests/merlin-xpath-filter2-three/Readme.txt
new file mode 100644
index 00000000..728be33a
--- /dev/null
+++ b/tests/merlin-xpath-filter2-three/Readme.txt
@@ -0,0 +1,23 @@
+Sample XML Signatures[1] using the revised XPath Filter 2.0[2]
+
+[1] http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/
+[2] Were it considered, the URL would be http://www.w3.org/TR/xmldsig-filter2/
+ but in the meantime it is attached to the accompanying message
+
+First, the last example from the spec along with an example of
+an empty input node set:
+
+ sign-spec.tmpl - A basic signature template
+ sign-spec.xml - The signature
+ sign-spec-c14n-*.txt - C14n output
+
+Next, John Boyer's example (for performance testing):
+
+ sign-xfdl.tmpl - The signature template
+ sign-xfdl.xml - The signature
+ sign-xfdl-c14n-*.txt - C14n output
+
+Merlin Hughes <merlin@baltimore.ie>
+Baltimore Technologies, Ltd.
+
+Wednesday, June 10, 2002
diff --git a/tests/merlin-xpath-filter2-three/sign-spec-c14n-0.txt b/tests/merlin-xpath-filter2-three/sign-spec-c14n-0.txt
new file mode 100644
index 00000000..6b9358fd
--- /dev/null
+++ b/tests/merlin-xpath-filter2-three/sign-spec-c14n-0.txt
@@ -0,0 +1,11 @@
+<ToBeSigned>
+
+ <Data></Data>
+ <ReallyToBeSigned>
+
+ <Data></Data>
+ </ReallyToBeSigned>
+ </ToBeSigned><ToBeSigned>
+ <Data></Data>
+
+ </ToBeSigned> \ No newline at end of file
diff --git a/tests/merlin-xpath-filter2-three/sign-spec-c14n-1.txt b/tests/merlin-xpath-filter2-three/sign-spec-c14n-1.txt
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/tests/merlin-xpath-filter2-three/sign-spec-c14n-1.txt
diff --git a/tests/merlin-xpath-filter2-three/sign-spec-c14n-2.txt b/tests/merlin-xpath-filter2-three/sign-spec-c14n-2.txt
new file mode 100644
index 00000000..0a5d0536
--- /dev/null
+++ b/tests/merlin-xpath-filter2-three/sign-spec-c14n-2.txt
@@ -0,0 +1,25 @@
+<dsig:SignedInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></dsig:CanonicalizationMethod>
+ <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"></dsig:SignatureMethod>
+ <dsig:Reference URI="">
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2">
+ <XPath xmlns="http://www.w3.org/2002/06/xmldsig-filter2" Filter="intersect"> //ToBeSigned </XPath>
+ <XPath xmlns="http://www.w3.org/2002/06/xmldsig-filter2" Filter="subtract"> //NotToBeSigned </XPath>
+ <XPath xmlns="http://www.w3.org/2002/06/xmldsig-filter2" Filter="union"> //ReallyToBeSigned </XPath>
+ </dsig:Transform>
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod>
+ <dsig:DigestValue>p6/HaYIdxbEdYX8/8zNfjED4H5Y=</dsig:DigestValue>
+ </dsig:Reference>
+ <dsig:Reference URI="#signature-value">
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></dsig:Transform>
+ <dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2">
+ <XPath xmlns="http://www.w3.org/2002/06/xmldsig-filter2" Filter="union"> /</XPath>
+ </dsig:Transform>
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod>
+ <dsig:DigestValue>2jmj7l5rSw0yVb/vlWAYkK/YBwk=</dsig:DigestValue>
+ </dsig:Reference>
+ </dsig:SignedInfo> \ No newline at end of file
diff --git a/tests/merlin-xpath-filter2-three/sign-spec.tmpl b/tests/merlin-xpath-filter2-three/sign-spec.tmpl
new file mode 100644
index 00000000..0b0d38c3
--- /dev/null
+++ b/tests/merlin-xpath-filter2-three/sign-spec.tmpl
@@ -0,0 +1,50 @@
+<?xml version="1.0"?>
+<Document>
+ <ToBeSigned>
+ <!-- comment -->
+ <Data />
+ <NotToBeSigned>
+ <ReallyToBeSigned>
+ <!-- comment -->
+ <Data />
+ </ReallyToBeSigned>
+ </NotToBeSigned>
+ </ToBeSigned>
+ <ToBeSigned>
+ <Data />
+ <NotToBeSigned>
+ <Data />
+ </NotToBeSigned>
+ </ToBeSigned>
+ <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig-xpath="http://www.w3.org/2002/06/xmldsig-filter2">
+ <dsig:SignedInfo>
+ <dsig:CanonicalizationMethod Algorithm="" />
+ <dsig:SignatureMethod Algorithm="" />
+ <dsig:Reference URI="">
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2">
+ <dsig-xpath:XPath Filter="intersect"> //ToBeSigned </dsig-xpath:XPath>
+ <dsig-xpath:XPath Filter="subtract"> //NotToBeSigned </dsig-xpath:XPath>
+ <dsig-xpath:XPath Filter="union"> //ReallyToBeSigned </dsig-xpath:XPath>
+ </dsig:Transform>
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="" />
+ <dsig:DigestValue />
+ </dsig:Reference>
+ <dsig:Reference URI="#signature-value">
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ <dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2">
+ <dsig-xpath:XPath Filter="union"> /</dsig-xpath:XPath>
+ </dsig:Transform>
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="" />
+ <dsig:DigestValue />
+ </dsig:Reference>
+ </dsig:SignedInfo>
+ <dsig:SignatureValue Id="signature-value" />
+ <dsig:KeyInfo>
+ <dsig:KeyValue/>
+ </dsig:KeyInfo>
+ </dsig:Signature>
+</Document>
diff --git a/tests/merlin-xpath-filter2-three/sign-spec.xml b/tests/merlin-xpath-filter2-three/sign-spec.xml
new file mode 100644
index 00000000..dd5dfd76
--- /dev/null
+++ b/tests/merlin-xpath-filter2-three/sign-spec.xml
@@ -0,0 +1,122 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Document>
+ <ToBeSigned>
+ <!-- comment -->
+ <Data />
+ <NotToBeSigned>
+ <ReallyToBeSigned>
+ <!-- comment -->
+ <Data />
+ </ReallyToBeSigned>
+ </NotToBeSigned>
+ </ToBeSigned>
+ <ToBeSigned>
+ <Data />
+ <NotToBeSigned>
+ <Data />
+ </NotToBeSigned>
+ </ToBeSigned>
+ <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:SignedInfo>
+ <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <dsig:Reference URI="">
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2">
+ <XPath xmlns="http://www.w3.org/2002/06/xmldsig-filter2" Filter="intersect"> //ToBeSigned </XPath>
+ <XPath xmlns="http://www.w3.org/2002/06/xmldsig-filter2" Filter="subtract"> //NotToBeSigned </XPath>
+ <XPath xmlns="http://www.w3.org/2002/06/xmldsig-filter2" Filter="union"> //ReallyToBeSigned </XPath>
+ </dsig:Transform>
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <dsig:DigestValue>p6/HaYIdxbEdYX8/8zNfjED4H5Y=</dsig:DigestValue>
+ </dsig:Reference>
+ <dsig:Reference URI="#signature-value">
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ <dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2">
+ <XPath xmlns="http://www.w3.org/2002/06/xmldsig-filter2" Filter="union"> /</XPath>
+ </dsig:Transform>
+ </dsig:Transforms>
+ <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <dsig:DigestValue>2jmj7l5rSw0yVb/vlWAYkK/YBwk=</dsig:DigestValue>
+ </dsig:Reference>
+ </dsig:SignedInfo>
+ <dsig:SignatureValue Id="signature-value">
+ Ft7PdmEYSC8GwxffIa4xiobr1iEaUf3LGNfPLiQnJBJI/1Cp5WiEiQ==
+ </dsig:SignatureValue>
+ <dsig:KeyInfo>
+ <dsig:KeyValue>
+ <dsig:DSAKeyValue>
+ <dsig:P>
+ 3eOeAvqnEyFpW+uTSgrdj7YLjaTkpyHecKFIoLu8QZNkGTQI1ciITBH0lqfIkdCH
+ Si8fiUC3DTq3J9FsJef4YVtDF7JpUvHTOQqtq7Zgx6KC8Wxkz6rQCxOr7F0ApOYi
+ 89zLRoe4MkDGe6ux0+WtyOTQoVIGNTDDUFXrUQNbLrE=
+ </dsig:P>
+ <dsig:Q>hDLcFK0GO/Hz1arxOOvsgM/VLyU=</dsig:Q>
+ <dsig:G>
+ nnx7hbdWozGbtnFgnbFnopfRl7XRacpkPJRGf5P2IUgVspEUSUoN6i1fDBfBg43z
+ Kt7dlEaQL7b5+JTZt3MhZNPosxsgxVuT7Ts/g5k7EnpdYv0a5hw5Bw29fjbGHfgM
+ 8d2rhd2Ui0xHbk0D451nhLxVWulviOSPhzKKvXrbySA=
+ </dsig:G>
+ <dsig:Y>
+ cfYpihpAQeepbNFS4MAbQRhdXpDi5wLrwxE5hIvoYqo1L8BQVu8fY1TFAPtoae1i
+ Bg/GIJyP3iLfyuBJaDvJJLP30wBH9i/s5J3656PevpOVdTfi777Fi9Gj6y/ib2Vv
+ +OZfJkkp4L50+p5TUhPmQLJtREsgtl+tnIOyJT++G9U=
+ </dsig:Y>
+ </dsig:DSAKeyValue>
+ </dsig:KeyValue>
+ <dsig:X509Data>
+ <dsig:X509SubjectName>
+ CN=Merlin Hughes,OU=X/Secure,O=Baltimore Technologies Ltd.,ST=Dublin,C=IE
+ </dsig:X509SubjectName>
+ <dsig:X509IssuerSerial>
+ <dsig:X509IssuerName>
+ CN=Transient CA,OU=X/Secure,O=Baltimore Technologies Ltd.,ST=Dublin,C=IE
+ </dsig:X509IssuerName>
+ <dsig:X509SerialNumber>1017788370348</dsig:X509SerialNumber>
+ </dsig:X509IssuerSerial>
+ <dsig:X509Certificate>
+ MIIDUDCCAxCgAwIBAgIGAOz46g2sMAkGByqGSM44BAMwbjELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEVMBMGA1UEAxMMVHJhbnNpZW50IENB
+ MB4XDTAyMDQwMjIyNTkzMFoXDTEyMDQwMjIxNTkyNVowbzELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEWMBQGA1UEAxMNTWVybGluIEh1Z2hl
+ czCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQDd454C+qcTIWlb65NKCt2PtguNpOSn
+ Id5woUigu7xBk2QZNAjVyIhMEfSWp8iR0IdKLx+JQLcNOrcn0Wwl5/hhW0MXsmlS
+ 8dM5Cq2rtmDHooLxbGTPqtALE6vsXQCk5iLz3MtGh7gyQMZ7q7HT5a3I5NChUgY1
+ MMNQVetRA1susQIVAIQy3BStBjvx89Wq8Tjr7IDP1S8lAoGBAJ58e4W3VqMxm7Zx
+ YJ2xZ6KX0Ze10WnKZDyURn+T9iFIFbKRFElKDeotXwwXwYON8yre3ZRGkC+2+fiU
+ 2bdzIWTT6LMbIMVbk+07P4OZOxJ6XWL9GuYcOQcNvX42xh34DPHdq4XdlItMR25N
+ A+OdZ4S8VVrpb4jkj4cyir1628kgA4GEAAKBgHH2KYoaQEHnqWzRUuDAG0EYXV6Q
+ 4ucC68MROYSL6GKqNS/AUFbvH2NUxQD7aGntYgYPxiCcj94i38rgSWg7ySSz99MA
+ R/Yv7OSd+uej3r6TlXU34u++xYvRo+sv4m9lb/jmXyZJKeC+dPqeU1IT5kCybURL
+ ILZfrZyDsiU/vhvVozowODAOBgNVHQ8BAf8EBAMCB4AwEQYDVR0OBAoECIatY7SE
+ lXEOMBMGA1UdIwQMMAqACIOGPkB2MuKTMAkGByqGSM44BAMDLwAwLAIUSvT02iQj
+ Q5da4Wpe0Bvs7GuCcVsCFCEcQpbjUfnxXFXNWiFyQ49ZrWqn
+ </dsig:X509Certificate>
+ <dsig:X509Certificate>
+ MIIDSzCCAwugAwIBAgIGAOz46fwJMAkGByqGSM44BAMwbjELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEVMBMGA1UEAxMMVHJhbnNpZW50IENB
+ MB4XDTAyMDQwMjIyNTkyNVoXDTEyMDQwMjIxNTkyNVowbjELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEVMBMGA1UEAxMMVHJhbnNpZW50IENB
+ MIIBtzCCASwGByqGSM44BAEwggEfAoGBAN3jngL6pxMhaVvrk0oK3Y+2C42k5Kch
+ 3nChSKC7vEGTZBk0CNXIiEwR9JanyJHQh0ovH4lAtw06tyfRbCXn+GFbQxeyaVLx
+ 0zkKrau2YMeigvFsZM+q0AsTq+xdAKTmIvPcy0aHuDJAxnursdPlrcjk0KFSBjUw
+ w1BV61EDWy6xAhUAhDLcFK0GO/Hz1arxOOvsgM/VLyUCgYEAnnx7hbdWozGbtnFg
+ nbFnopfRl7XRacpkPJRGf5P2IUgVspEUSUoN6i1fDBfBg43zKt7dlEaQL7b5+JTZ
+ t3MhZNPosxsgxVuT7Ts/g5k7EnpdYv0a5hw5Bw29fjbGHfgM8d2rhd2Ui0xHbk0D
+ 451nhLxVWulviOSPhzKKvXrbySADgYQAAoGAfag+HCABIJadDD9Aarhgc2QR3Lp7
+ PpMOh0lAwLiIsvkO4UlbeOS0IJC8bcqLjM1fVw6FGSaxmq+4y1ag2m9k6IdE0Qh5
+ NxB/xFkmdwqXFRIJVp44OeUygB47YK76NmUIYG3DdfiPPU3bqzjvtOtETiCHvo25
+ 4D6UjwPpYErXRUajNjA0MA4GA1UdDwEB/wQEAwICBDAPBgNVHRMECDAGAQH/AgEA
+ MBEGA1UdDgQKBAiDhj5AdjLikzAJBgcqhkjOOAQDAy8AMCwCFELu0nuweqW7Wf0s
+ gk/CAGGL0BGKAhRNdgQGr5iyZKoH4oqPm0VJ9TjXLg==
+ </dsig:X509Certificate>
+ </dsig:X509Data>
+ </dsig:KeyInfo>
+ </dsig:Signature>
+</Document>
diff --git a/tests/merlin-xpath-filter2-three/sign-xfdl-c14n-0.txt b/tests/merlin-xpath-filter2-three/sign-xfdl-c14n-0.txt
new file mode 100644
index 00000000..dea89da0
--- /dev/null
+++ b/tests/merlin-xpath-filter2-three/sign-xfdl-c14n-0.txt
@@ -0,0 +1,3986 @@
+<XFDL version="4.0.1">
+ <vfd_title>SF71</vfd_title>
+ <vfd_author>Thomas Mohr</vfd_author>
+ <vfd_revision>4/6/98</vfd_revision>
+ <vfd_date>4/6/98</vfd_date>
+ <saveformat>application/x-xfdl</saveformat>
+ <transmitformat>application/x-xfdl</transmitformat>
+ <formid content="array">
+ <version>1.0.0</version>
+ </formid>
+ <page sid="PAGE1">
+ <vfd_pagesize>letter</vfd_pagesize>
+ <vfd_pagedpi>120</vfd_pagedpi>
+ <vfd_printsize>8.0;10.5</vfd_printsize>
+ <label>PAGE1</label>
+ <bgcolor content="array">
+ <ae>235</ae>
+ <ae>235</ae>
+ <ae>235</ae>
+ </bgcolor>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>9</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <label sid="LABEL1">
+ <value>REQUEST FOR LEAVE OR APPROVED ABSENCE</value>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>14</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ <justify>center</justify>
+ <size content="array">
+ <ae>61</ae>
+ <ae>1</ae>
+ </size>
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>19</ae>
+ <ae>3</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>874</ae>
+ <ae>34</ae>
+ </ae>
+ </itemlocation>
+ </label>
+ <label sid="LABEL2">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>20</ae>
+ <ae>35</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>79</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>1. NAME</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL3">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>100</ae>
+ <ae>35</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>218</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>(Last, First, Middle Initial)</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ <ae>italic</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL4">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>511</ae>
+ <ae>35</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>385</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>2. EMPLOYEE OR SOCIAL SECURITY NUMBER</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL5">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>20</ae>
+ <ae>85</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>170</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>3. ORGANIZATION</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL6">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>20</ae>
+ <ae>135</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>248</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>4. TYPE OF LEAVE/ABSENCE</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL7">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>32</ae>
+ <ae>155</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>236</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>(Check appropriate box(es) below.)</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>9</ae>
+ <ae>plain</ae>
+ <ae>italic</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL8">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>270</ae>
+ <ae>158</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>48</ae>
+ <ae>22</ae>
+ </ae>
+ </itemlocation>
+ <value>From:</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>9</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL9">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>268</ae>
+ <ae>135</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>163</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>Date</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ <justify>center</justify>
+ </label>
+ <label sid="LABEL10">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>352</ae>
+ <ae>158</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>48</ae>
+ <ae>22</ae>
+ </ae>
+ </itemlocation>
+ <value>To:</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>9</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL11">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>432</ae>
+ <ae>158</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>48</ae>
+ <ae>22</ae>
+ </ae>
+ </itemlocation>
+ <value>From:</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>9</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL12">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>430</ae>
+ <ae>135</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>163</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>Time</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ <justify>center</justify>
+ </label>
+ <label sid="LABEL13">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>513</ae>
+ <ae>158</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>48</ae>
+ <ae>22</ae>
+ </ae>
+ </itemlocation>
+ <value>To:</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>9</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL14">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>592</ae>
+ <ae>134</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>46</ae>
+ </ae>
+ </itemlocation>
+ <value>Total
+Hours</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ <justify>center</justify>
+ </label>
+ <label sid="LABEL15">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>64</ae>
+ <ae>186</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>205</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>Accrued Annual Leave</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL16">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>64</ae>
+ <ae>232</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>205</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>Restored Annual Leave</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL17">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>64</ae>
+ <ae>278</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>205</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>Advance Annual Leave</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL18">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>64</ae>
+ <ae>323</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>205</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>Accured Sick Leave</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL19">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>64</ae>
+ <ae>368</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>205</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>Advance Sick Leave</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL20">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>19</ae>
+ <ae>409</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>Purpose:</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL21">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>142</ae>
+ <ae>410</ae>
+ </ae>
+ </itemlocation>
+ <value>Medical/dental/optical Examination of requesting employee</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>9</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <size content="array">
+ <ae>45</ae>
+ <ae>1</ae>
+ </size>
+ </label>
+ <label sid="LABEL22">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>535</ae>
+ <ae>410</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>46</ae>
+ <ae>24</ae>
+ </ae>
+ </itemlocation>
+ <value>Other</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>9</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL23">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>142</ae>
+ <ae>435</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>439</ae>
+ <ae>42</ae>
+ </ae>
+ </itemlocation>
+ <value>Care of family member/bereavement, including medical/dental/optical examination of family member</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>9</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL24">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>64</ae>
+ <ae>498</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>204</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>Compensatory Time Off</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL25">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>64</ae>
+ <ae>535</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>180</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>Other Paid Absence</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL26">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>64</ae>
+ <ae>556</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>158</ae>
+ <ae>24</ae>
+ </ae>
+ </itemlocation>
+ <value>(Specify in Remarks)</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>9</ae>
+ <ae>plain</ae>
+ <ae>italic</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL27">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>64</ae>
+ <ae>593</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>192</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>Leave Without Pay</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL28">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>676</ae>
+ <ae>135</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>215</ae>
+ <ae>46</ae>
+ </ae>
+ </itemlocation>
+ <value>5. FAMILY AND
+ MEDICAL LEAVE</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL29">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>677</ae>
+ <ae>183</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>214</ae>
+ <ae>126</ae>
+ </ae>
+ </itemlocation>
+ <value>If annual leave, sick leave, or leave without pay will be used under the Family and Medical Leave Act of 1993, please provide the following information:</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL30">
+ <value>I hereby invoke my</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>700</ae>
+ <ae>322</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>191</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ </label>
+ <label sid="LABEL31">
+ <value>entitlement Family and</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>675</ae>
+ <ae>342</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>216</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ </label>
+ <label sid="LABEL32">
+ <value>Medical Leave for:</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>675</ae>
+ <ae>364</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>215</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ </label>
+ <label sid="LABEL33">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>708</ae>
+ <ae>403</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>181</ae>
+ <ae>22</ae>
+ </ae>
+ </itemlocation>
+ <value>Birth/Adoption/Foster Care</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL34">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>708</ae>
+ <ae>426</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>182</ae>
+ <ae>38</ae>
+ </ae>
+ </itemlocation>
+ <value>Serious Heath Condition of spouse, Son, Daughter, or Parent</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL35">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>708</ae>
+ <ae>483</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>184</ae>
+ <ae>22</ae>
+ </ae>
+ </itemlocation>
+ <value>Serious Health Condition of Self</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL36">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>675</ae>
+ <ae>537</ae>
+ </ae>
+ </itemlocation>
+ <value>Contact your supervisor and/or our personnel office to obtain additional information about your entitlements and responsibilities under the Family and Medical Leave Act of 1993.</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <size content="array">
+ <ae>26</ae>
+ <ae>5</ae>
+ </size>
+ </label>
+ <label sid="LABEL37">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>19</ae>
+ <ae>630</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>192</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>6. REMARKS:</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL38">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>19</ae>
+ <ae>747</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>170</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>7. CERTIFICATION:</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL39">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>178</ae>
+ <ae>747</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>715</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>I hereby request leave/approved absence from duty as indicated above and certify that such leave/absence</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL40">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>19</ae>
+ <ae>767</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>873</ae>
+ <ae>66</ae>
+ </ae>
+ </itemlocation>
+ <value>is reuested from the purpose(s) indicated. I understand that I must comply with my employing agency's procedures for requesting leave/approved absence (and provide additional documention, including medical certification, if required) and that falsification of information on this form may be grounds for disciplinary action, including removal.</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL41">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>19</ae>
+ <ae>841</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>230</ae>
+ <ae>27</ae>
+ </ae>
+ </itemlocation>
+ <value>EMPLOYEE SIGNATURE</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>11</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL42">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>597</ae>
+ <ae>841</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>58</ae>
+ <ae>27</ae>
+ </ae>
+ </itemlocation>
+ <value>DATE</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>11</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL43">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>19</ae>
+ <ae>877</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>335</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>8. OFFICAL ACTION ON REQUEST:</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL44">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>41</ae>
+ <ae>897</ae>
+ </ae>
+ </itemlocation>
+ <value>(If disapproved, give reason. If annual leave, initiate action to reschedule.)</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <size content="array">
+ <ae>53</ae>
+ <ae>1</ae>
+ </size>
+ </label>
+ <label sid="LABEL45">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>388</ae>
+ <ae>875</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>192</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>APPROVED</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL46">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>638</ae>
+ <ae>875</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>192</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>DISAPPROVED</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL47">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>19</ae>
+ <ae>941</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>112</ae>
+ <ae>27</ae>
+ </ae>
+ </itemlocation>
+ <value>SIGNATURE</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>11</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL48">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>597</ae>
+ <ae>940</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>58</ae>
+ <ae>27</ae>
+ </ae>
+ </itemlocation>
+ <value>DATE</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>11</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL49">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>970</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>876</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>PRIVACY ACT STATEMENT</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ <justify>center</justify>
+ </label>
+ <label sid="LABEL50">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>19</ae>
+ <ae>996</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>873</ae>
+ <ae>134</ae>
+ </ae>
+ </itemlocation>
+ <value>Section 6311 of title 5, United States Code, authorizes collection of this information. The primary use of this information is by management and your payroll office to approve and record your use of leave. Additional disclosures of the information mat be: To the Department of labor when processing a claim for compensation regarding a job connected injury or illness; to a State unemployment compensation office regarding a claim; the Federal Life Insurance or Health Benefits carries regarding a claim; to a Federal State, or local law enforcement agency when your agency becomes aware of a violation or possible violation of civil or criminal law; to a Federal agency when conducting an investigation for employment or Services Administration in connection with its responsibilities for records management.
+
+Where the Employee identification number is your Social Security Number, collection of this information is authorized by Executive Order 9397. Furnishing the information on this form, including your Social Security Number, is voluntary, but to do so may result in disapproval request.</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL51">
+ <value>If your agency uses the information furnished on this form for purposes other than those indicated above, it may provide you with an additional statement reflecting those purposes.</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>7</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>18</ae>
+ <ae>1140</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>875</ae>
+ <ae>22</ae>
+ </ae>
+ </itemlocation>
+ </label>
+ <label sid="LABEL52">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>18</ae>
+ <ae>1168</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>422</ae>
+ <ae>38</ae>
+ </ae>
+ </itemlocation>
+ <value>NSN 7540-000-753-5067
+PREVIOUS EDITION MAY BE USED</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL53">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>438</ae>
+ <ae>1168</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>454</ae>
+ <ae>38</ae>
+ </ae>
+ </itemlocation>
+ <value>STANDARD FORM 71 (Rev. 12-97)
+PRESCRIBED BY OFFICE OF PERSONNEL MANAGEMENT, 5 CFR PART 630</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <justify>right</justify>
+ </label>
+ <line sid="LINE1">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>32</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>876</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE2">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>82</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>876</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE3">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>133</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>876</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE4">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>179</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>876</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE5">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>268</ae>
+ <ae>218</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>406</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE6">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>268</ae>
+ <ae>263</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>406</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE7">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>311</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>657</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE8">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>268</ae>
+ <ae>354</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>406</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE9">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>268</ae>
+ <ae>398</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>406</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE10">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>484</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>657</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE11">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>530</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>657</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE12">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>578</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>657</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE13">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>626</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>876</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE14">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>743</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>876</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE15">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>867</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>876</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE16">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>967</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>876</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE17">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>1164</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>876</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE18">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>32</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>1133</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE19">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>510</ae>
+ <ae>32</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>51</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE20">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>892</ae>
+ <ae>32</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>1133</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE21">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>268</ae>
+ <ae>133</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>266</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE22">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>349</ae>
+ <ae>179</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>220</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE23">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>430</ae>
+ <ae>133</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>266</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE24">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>510</ae>
+ <ae>179</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>220</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE25">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>592</ae>
+ <ae>133</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>265</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE26">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>673</ae>
+ <ae>133</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>494</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE27">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>268</ae>
+ <ae>484</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>143</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE28">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>349</ae>
+ <ae>484</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>143</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE29">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>431</ae>
+ <ae>484</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>143</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE30">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>510</ae>
+ <ae>484</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>143</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE31">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>591</ae>
+ <ae>484</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>143</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <field sid="FIELD1">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>20</ae>
+ <ae>58</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>489</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <format content="array">
+ <ae>string</ae>
+ <ae>mandatory</ae>
+ </format>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <borderwidth>0</borderwidth>
+ <value>John Q. Public</value>
+ </field>
+ <field sid="FIELD2">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>537</ae>
+ <ae>58</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>123</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <format content="array">
+ <ae>string</ae>
+ <ae>mandatory</ae>
+ </format>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <borderwidth>0</borderwidth>
+ <value>123456789</value>
+ </field>
+ <field sid="FIELD3">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>19</ae>
+ <ae>109</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>872</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <format content="array">
+ <ae>string</ae>
+ <ae>mandatory</ae>
+ </format>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <borderwidth>0</borderwidth>
+ <value>PureEdge Solutions Inc.</value>
+ </field>
+ <check sid="CHECK1">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>28</ae>
+ <ae>191</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>22</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>18</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </check>
+ <field sid="FIELD4">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>269</ae>
+ <ae>188</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK1.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK1.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK1.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </field>
+ <field sid="FIELD5">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>350</ae>
+ <ae>188</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK1.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK1.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK1.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </field>
+ <field sid="FIELD6">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>431</ae>
+ <ae>188</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK1.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK1.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK1.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <field sid="FIELD7">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>511</ae>
+ <ae>188</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>81</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK1.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK1.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK1.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <field sid="FIELD8">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>593</ae>
+ <ae>188</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK1.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK1.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>float</ae>
+ <ae>optional</ae>
+ <range content="array">
+ <ae>0</ae>
+ <ae>9999.9999</ae>
+ </range>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK1.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <check sid="CHECK2">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>28</ae>
+ <ae>231</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>22</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>18</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </check>
+ <field sid="FIELD9">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>269</ae>
+ <ae>231</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK2.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK2.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK2.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </field>
+ <field sid="FIELD10">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>350</ae>
+ <ae>231</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK2.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK2.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK2.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </field>
+ <field sid="FIELD11">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>431</ae>
+ <ae>231</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK2.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK2.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK2.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <field sid="FIELD12">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>511</ae>
+ <ae>231</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>81</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK2.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK2.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK2.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <field sid="FIELD13">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>593</ae>
+ <ae>231</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK2.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK2.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>float</ae>
+ <ae>optional</ae>
+ <range content="array">
+ <ae>0</ae>
+ <ae>9999.9999</ae>
+ </range>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK2.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <check sid="CHECK3">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>28</ae>
+ <ae>277</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>22</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>18</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </check>
+ <field sid="FIELD14">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>269</ae>
+ <ae>276</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK3.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK3.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK3.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </field>
+ <field sid="FIELD15">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>350</ae>
+ <ae>276</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK3.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK3.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK3.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </field>
+ <field sid="FIELD16">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>431</ae>
+ <ae>276</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK3.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK3.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK3.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <field sid="FIELD17">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>511</ae>
+ <ae>276</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>81</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK3.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK3.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK3.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <field sid="FIELD18">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>593</ae>
+ <ae>276</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK3.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK3.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>float</ae>
+ <ae>optional</ae>
+ <range content="array">
+ <ae>0</ae>
+ <ae>9999.9999</ae>
+ </range>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK3.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <check sid="CHECK4">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>28</ae>
+ <ae>322</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>22</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>18</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </check>
+ <field sid="FIELD19">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>269</ae>
+ <ae>321</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK4.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK4.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK4.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </field>
+ <field sid="FIELD20">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>350</ae>
+ <ae>321</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK4.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK4.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK4.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </field>
+ <field sid="FIELD21">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>431</ae>
+ <ae>321</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>79</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK4.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK4.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK4.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <field sid="FIELD22">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>511</ae>
+ <ae>321</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>81</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK4.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK4.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK4.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <field sid="FIELD23">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>593</ae>
+ <ae>321</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK4.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK4.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>float</ae>
+ <ae>optional</ae>
+ <range content="array">
+ <ae>0</ae>
+ <ae>9999.9999</ae>
+ </range>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK4.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <check sid="CHECK5">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>28</ae>
+ <ae>367</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>22</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>18</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </check>
+ <field sid="FIELD24">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>269</ae>
+ <ae>366</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK5.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK5.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK5.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </field>
+ <field sid="FIELD25">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>350</ae>
+ <ae>366</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK5.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK5.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK5.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </field>
+ <field sid="FIELD26">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>431</ae>
+ <ae>366</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK5.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK5.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK5.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <field sid="FIELD27">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>511</ae>
+ <ae>366</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>81</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK5.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK5.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK5.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <field sid="FIELD28">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>593</ae>
+ <ae>366</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK5.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK5.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>float</ae>
+ <ae>optional</ae>
+ <range content="array">
+ <ae>0</ae>
+ <ae>9999.9999</ae>
+ </range>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK5.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <check sid="CHECK6">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>121</ae>
+ <ae>412</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>15</ae>
+ <ae>14</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value>off</value>
+ <active content="compute">
+ <cval>off</cval>
+ <compute>
+ (CHECK5.value == "on") ? "on" : "off"
+ </compute>
+ </active>
+ <editstate content="compute">
+ <cval>readwrite</cval>
+ <compute>
+ (value == "on") ? "readonly" : "readwrite"
+ </compute>
+ </editstate>
+ <radio_check content="compute">
+ <cval></cval>
+ <compute>
+ ((CHECK8.value == "on") || (CHECK7.value == "on")) ? set("value", "off") : ""
+ </compute>
+ </radio_check>
+ </check>
+ <check sid="CHECK7">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>121</ae>
+ <ae>438</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>15</ae>
+ <ae>14</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value>off</value>
+ <active content="compute">
+ <cval>off</cval>
+ <compute>
+ (CHECK5.value == "on") ? "on" : "off"
+ </compute>
+ </active>
+ <editstate content="compute">
+ <cval>readwrite</cval>
+ <compute>
+ (value == "on") ? "readonly" : "readwrite"
+ </compute>
+ </editstate>
+ <radio_check content="compute">
+ <cval></cval>
+ <compute>
+ ((CHECK8.value == "on") || (CHECK6.value == "on")) ? set("value", "off") : ""
+ </compute>
+ </radio_check>
+ </check>
+ <check sid="CHECK8">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>519</ae>
+ <ae>412</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>15</ae>
+ <ae>14</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value>off</value>
+ <active content="compute">
+ <cval>off</cval>
+ <compute>
+ (CHECK5.value == "on") ? "on" : "off"
+ </compute>
+ </active>
+ <editstate content="compute">
+ <cval>readwrite</cval>
+ <compute>
+ (value == "on") ? "readonly" : "readwrite"
+ </compute>
+ </editstate>
+ <radio_check content="compute">
+ <cval></cval>
+ <compute>
+ ((CHECK6.value == "on") || (CHECK7.value == "on")) ? set("value", "off") : ""
+ </compute>
+ </radio_check>
+ </check>
+ <check sid="CHECK9">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>28</ae>
+ <ae>495</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>22</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>18</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </check>
+ <field sid="FIELD29">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>269</ae>
+ <ae>498</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK9.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK9.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK9.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </field>
+ <field sid="FIELD30">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>350</ae>
+ <ae>498</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>81</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK9.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK9.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK9.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </field>
+ <field sid="FIELD31">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>432</ae>
+ <ae>498</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>78</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK9.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK9.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK9.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <field sid="FIELD32">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>511</ae>
+ <ae>498</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK9.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK9.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK9.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <field sid="FIELD33">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>592</ae>
+ <ae>498</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>81</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK9.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK9.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>float</ae>
+ <ae>optional</ae>
+ <range content="array">
+ <ae>0</ae>
+ <ae>9999.9999</ae>
+ </range>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK9.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <check sid="CHECK10">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>28</ae>
+ <ae>543</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>22</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>18</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </check>
+ <field sid="FIELD34">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>269</ae>
+ <ae>543</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK10.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK10.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK10.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </field>
+ <field sid="FIELD35">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>350</ae>
+ <ae>543</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>81</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK10.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK10.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK10.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </field>
+ <field sid="FIELD36">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>432</ae>
+ <ae>543</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>78</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK10.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK10.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK10.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <field sid="FIELD37">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>511</ae>
+ <ae>543</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK10.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK10.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK10.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <field sid="FIELD38">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>592</ae>
+ <ae>543</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>81</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK10.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK10.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>float</ae>
+ <ae>optional</ae>
+ <range content="array">
+ <ae>0</ae>
+ <ae>9999.9999</ae>
+ </range>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK10.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <check sid="CHECK11">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>28</ae>
+ <ae>591</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>22</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>18</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </check>
+ <field sid="FIELD39">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>269</ae>
+ <ae>590</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK11.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK11.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK11.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </field>
+ <field sid="FIELD40">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>350</ae>
+ <ae>590</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>81</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK11.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK11.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK11.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </field>
+ <field sid="FIELD41">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>432</ae>
+ <ae>590</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>78</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK11.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK11.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK11.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <field sid="FIELD42">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>511</ae>
+ <ae>590</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK11.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK11.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK11.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <field sid="FIELD43">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>592</ae>
+ <ae>590</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>81</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK11.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK11.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>float</ae>
+ <ae>optional</ae>
+ <range content="array">
+ <ae>0</ae>
+ <ae>9999.9999</ae>
+ </range>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK11.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <check sid="CHECK12">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>680</ae>
+ <ae>326</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>15</ae>
+ <ae>14</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </check>
+ <check sid="CHECK13">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>689</ae>
+ <ae>404</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>15</ae>
+ <ae>14</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <active content="compute">
+ <cval>off</cval>
+ <compute>
+ (CHECK12.value == "on") ? "on" : "off"
+ </compute>
+ </active>
+ <editstate content="compute">
+ <cval>readwrite</cval>
+ <compute>
+ (value == "on") ? "readonly" : "readwrite"
+ </compute>
+ </editstate>
+ <radio_check content="compute">
+ <cval></cval>
+ <compute>
+ ((CHECK14.value == "on") || (CHECK15.value == "on")) ? set("value", "off") : ""
+ </compute>
+ </radio_check>
+ <value></value>
+ </check>
+ <check sid="CHECK14">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>689</ae>
+ <ae>428</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>15</ae>
+ <ae>14</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <active content="compute">
+ <cval>off</cval>
+ <compute>
+ (CHECK12.value == "on") ? "on" : "off"
+ </compute>
+ </active>
+ <editstate content="compute">
+ <cval>readwrite</cval>
+ <compute>
+ (value == "on") ? "readonly" : "readwrite"
+ </compute>
+ </editstate>
+ <radio_check content="compute">
+ <cval></cval>
+ <compute>
+ ((CHECK15.value == "on") || (CHECK13.value == "on")) ? set("value", "off") : ""
+ </compute>
+ </radio_check>
+ <value></value>
+ </check>
+ <check sid="CHECK15">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>689</ae>
+ <ae>485</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>15</ae>
+ <ae>14</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <active content="compute">
+ <cval>off</cval>
+ <compute>
+ (CHECK12.value == "on") ? "on" : "off"
+ </compute>
+ </active>
+ <editstate content="compute">
+ <cval>readwrite</cval>
+ <compute>
+ (value == "on") ? "readonly" : "readwrite"
+ </compute>
+ </editstate>
+ <radio_check content="compute">
+ <cval></cval>
+ <compute>
+ ((CHECK14.value == "on") || (CHECK13.value == "on")) ? set("value", "off") : ""
+ </compute>
+ </radio_check>
+ <value></value>
+ </check>
+ <field sid="FIELD44">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>42</ae>
+ <ae>657</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>846</ae>
+ <ae>57</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <borderwidth>0</borderwidth>
+ <format content="array">
+ <ae>string</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ (CHECK10.value == "on") ? "mandatory" : "optional"
+ </compute>
+ </ae>
+ </format>
+ <value></value>
+ </field>
+ <field sid="FIELD45">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>42</ae>
+ <ae>712</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>846</ae>
+ <ae>31</ae>
+ </ae>
+ </itemlocation>
+ <borderwidth>0</borderwidth>
+ <format content="array">
+ <ae>string</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ (CHECK8.value == "on") ? "mandatory" : "optional"
+ </compute>
+ </ae>
+ </format>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK8.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <value></value>
+ </field>
+ <button sid="BUTTON1">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>250</ae>
+ <ae>839</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>346</ae>
+ <ae>27</ae>
+ </ae>
+ </itemlocation>
+ <type>signature</type>
+ <signature>SIGNATURE1</signature>
+ <signer>(cs) John M. Boyer, jboyer@pureedge.com</signer>
+ <signoptions content="array">
+ <ae>omit</ae>
+ <ae>triggeritem</ae>
+ </signoptions>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>8</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ <borderwidth>0</borderwidth>
+ <signitemrefs content="array">
+ <ae>omit</ae>
+ <ae>PAGE1.CHECK16</ae>
+ <ae>PAGE1.CHECK17</ae>
+ <ae>PAGE1.FIELD47</ae>
+ <ae>PAGE1.BUTTON2</ae>
+ <ae>SIGNATURE2</ae>
+ <ae>PAGE1.FIELD48</ae>
+ </signitemrefs>
+ <format content="array">
+ <ae>string</ae>
+ <ae>mandatory</ae>
+ </format>
+ <value content="compute">
+ <cval>(cs) John M. Boyer, jboyer@pureedge.com</cval>
+ <compute>
+ signer
+ </compute>
+ </value>
+ </button>
+
+ <field sid="FIELD46">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>655</ae>
+ <ae>840</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>155</ae>
+ <ae>27</ae>
+ </ae>
+ </itemlocation>
+ <borderwidth>0</borderwidth>
+ <editstate>readonly</editstate>
+ <value content="compute">
+ <cval>05-08-02</cval>
+ <compute>
+ (BUTTON1.value != "") ? "*" : ""
+ </compute>
+ </value>
+ <format content="array">
+ <ae>date</ae>
+ <ae>optional</ae>
+ <presentation>MM-DD-YY</presentation>
+ </format>
+ </field>
+
+
+
+
+
+ <spacer sid="vfd_spacer">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>960</ae>
+ <ae>1260</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </spacer>
+ </page>
+</XFDL> \ No newline at end of file
diff --git a/tests/merlin-xpath-filter2-three/sign-xfdl.tmpl b/tests/merlin-xpath-filter2-three/sign-xfdl.tmpl
new file mode 100644
index 00000000..b3ed7685
--- /dev/null
+++ b/tests/merlin-xpath-filter2-three/sign-xfdl.tmpl
@@ -0,0 +1,4153 @@
+<?xml version="1.0"?>
+<XFDL version="4.0.1">
+ <vfd_title>SF71</vfd_title>
+ <vfd_author>Thomas Mohr</vfd_author>
+ <vfd_revision>4/6/98</vfd_revision>
+ <vfd_date>4/6/98</vfd_date>
+ <saveformat>application/x-xfdl</saveformat>
+ <transmitformat>application/x-xfdl</transmitformat>
+ <formid content="array">
+ <version>1.0.0</version>
+ </formid>
+ <page sid="PAGE1">
+ <vfd_pagesize>letter</vfd_pagesize>
+ <vfd_pagedpi>120</vfd_pagedpi>
+ <vfd_printsize>8.0;10.5</vfd_printsize>
+ <label>PAGE1</label>
+ <bgcolor content="array">
+ <ae>235</ae>
+ <ae>235</ae>
+ <ae>235</ae>
+ </bgcolor>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>9</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <label sid="LABEL1">
+ <value>REQUEST FOR LEAVE OR APPROVED ABSENCE</value>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>14</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ <justify>center</justify>
+ <size content="array">
+ <ae>61</ae>
+ <ae>1</ae>
+ </size>
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>19</ae>
+ <ae>3</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>874</ae>
+ <ae>34</ae>
+ </ae>
+ </itemlocation>
+ </label>
+ <label sid="LABEL2">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>20</ae>
+ <ae>35</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>79</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>1. NAME</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL3">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>100</ae>
+ <ae>35</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>218</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>(Last, First, Middle Initial)</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ <ae>italic</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL4">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>511</ae>
+ <ae>35</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>385</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>2. EMPLOYEE OR SOCIAL SECURITY NUMBER</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL5">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>20</ae>
+ <ae>85</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>170</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>3. ORGANIZATION</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL6">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>20</ae>
+ <ae>135</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>248</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>4. TYPE OF LEAVE/ABSENCE</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL7">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>32</ae>
+ <ae>155</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>236</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>(Check appropriate box(es) below.)</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>9</ae>
+ <ae>plain</ae>
+ <ae>italic</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL8">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>270</ae>
+ <ae>158</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>48</ae>
+ <ae>22</ae>
+ </ae>
+ </itemlocation>
+ <value>From:</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>9</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL9">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>268</ae>
+ <ae>135</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>163</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>Date</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ <justify>center</justify>
+ </label>
+ <label sid="LABEL10">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>352</ae>
+ <ae>158</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>48</ae>
+ <ae>22</ae>
+ </ae>
+ </itemlocation>
+ <value>To:</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>9</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL11">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>432</ae>
+ <ae>158</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>48</ae>
+ <ae>22</ae>
+ </ae>
+ </itemlocation>
+ <value>From:</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>9</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL12">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>430</ae>
+ <ae>135</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>163</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>Time</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ <justify>center</justify>
+ </label>
+ <label sid="LABEL13">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>513</ae>
+ <ae>158</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>48</ae>
+ <ae>22</ae>
+ </ae>
+ </itemlocation>
+ <value>To:</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>9</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL14">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>592</ae>
+ <ae>134</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>46</ae>
+ </ae>
+ </itemlocation>
+ <value>Total
+Hours</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ <justify>center</justify>
+ </label>
+ <label sid="LABEL15">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>64</ae>
+ <ae>186</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>205</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>Accrued Annual Leave</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL16">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>64</ae>
+ <ae>232</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>205</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>Restored Annual Leave</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL17">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>64</ae>
+ <ae>278</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>205</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>Advance Annual Leave</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL18">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>64</ae>
+ <ae>323</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>205</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>Accured Sick Leave</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL19">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>64</ae>
+ <ae>368</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>205</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>Advance Sick Leave</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL20">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>19</ae>
+ <ae>409</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>Purpose:</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL21">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>142</ae>
+ <ae>410</ae>
+ </ae>
+ </itemlocation>
+ <value>Medical/dental/optical Examination of requesting employee</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>9</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <size content="array">
+ <ae>45</ae>
+ <ae>1</ae>
+ </size>
+ </label>
+ <label sid="LABEL22">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>535</ae>
+ <ae>410</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>46</ae>
+ <ae>24</ae>
+ </ae>
+ </itemlocation>
+ <value>Other</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>9</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL23">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>142</ae>
+ <ae>435</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>439</ae>
+ <ae>42</ae>
+ </ae>
+ </itemlocation>
+ <value>Care of family member/bereavement, including medical/dental/optical examination of family member</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>9</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL24">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>64</ae>
+ <ae>498</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>204</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>Compensatory Time Off</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL25">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>64</ae>
+ <ae>535</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>180</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>Other Paid Absence</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL26">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>64</ae>
+ <ae>556</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>158</ae>
+ <ae>24</ae>
+ </ae>
+ </itemlocation>
+ <value>(Specify in Remarks)</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>9</ae>
+ <ae>plain</ae>
+ <ae>italic</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL27">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>64</ae>
+ <ae>593</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>192</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>Leave Without Pay</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL28">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>676</ae>
+ <ae>135</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>215</ae>
+ <ae>46</ae>
+ </ae>
+ </itemlocation>
+ <value>5. FAMILY AND
+ MEDICAL LEAVE</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL29">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>677</ae>
+ <ae>183</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>214</ae>
+ <ae>126</ae>
+ </ae>
+ </itemlocation>
+ <value>If annual leave, sick leave, or leave without pay will be used under the Family and Medical Leave Act of 1993, please provide the following information:</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL30">
+ <value>I hereby invoke my</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>700</ae>
+ <ae>322</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>191</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ </label>
+ <label sid="LABEL31">
+ <value>entitlement Family and</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>675</ae>
+ <ae>342</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>216</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ </label>
+ <label sid="LABEL32">
+ <value>Medical Leave for:</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>675</ae>
+ <ae>364</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>215</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ </label>
+ <label sid="LABEL33">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>708</ae>
+ <ae>403</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>181</ae>
+ <ae>22</ae>
+ </ae>
+ </itemlocation>
+ <value>Birth/Adoption/Foster Care</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL34">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>708</ae>
+ <ae>426</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>182</ae>
+ <ae>38</ae>
+ </ae>
+ </itemlocation>
+ <value>Serious Heath Condition of spouse, Son, Daughter, or Parent</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL35">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>708</ae>
+ <ae>483</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>184</ae>
+ <ae>22</ae>
+ </ae>
+ </itemlocation>
+ <value>Serious Health Condition of Self</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL36">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>675</ae>
+ <ae>537</ae>
+ </ae>
+ </itemlocation>
+ <value>Contact your supervisor and/or our personnel office to obtain additional information about your entitlements and responsibilities under the Family and Medical Leave Act of 1993.</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <size content="array">
+ <ae>26</ae>
+ <ae>5</ae>
+ </size>
+ </label>
+ <label sid="LABEL37">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>19</ae>
+ <ae>630</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>192</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>6. REMARKS:</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL38">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>19</ae>
+ <ae>747</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>170</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>7. CERTIFICATION:</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL39">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>178</ae>
+ <ae>747</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>715</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>I hereby request leave/approved absence from duty as indicated above and certify that such leave/absence</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL40">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>19</ae>
+ <ae>767</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>873</ae>
+ <ae>66</ae>
+ </ae>
+ </itemlocation>
+ <value>is reuested from the purpose(s) indicated. I understand that I must comply with my employing agency's procedures for requesting leave/approved absence (and provide additional documention, including medical certification, if required) and that falsification of information on this form may be grounds for disciplinary action, including removal.</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL41">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>19</ae>
+ <ae>841</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>230</ae>
+ <ae>27</ae>
+ </ae>
+ </itemlocation>
+ <value>EMPLOYEE SIGNATURE</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>11</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL42">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>597</ae>
+ <ae>841</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>58</ae>
+ <ae>27</ae>
+ </ae>
+ </itemlocation>
+ <value>DATE</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>11</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL43">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>19</ae>
+ <ae>877</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>335</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>8. OFFICAL ACTION ON REQUEST:</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL44">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>41</ae>
+ <ae>897</ae>
+ </ae>
+ </itemlocation>
+ <value>(If disapproved, give reason. If annual leave, initiate action to reschedule.)</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <size content="array">
+ <ae>53</ae>
+ <ae>1</ae>
+ </size>
+ </label>
+ <label sid="LABEL45">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>388</ae>
+ <ae>875</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>192</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>APPROVED</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL46">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>638</ae>
+ <ae>875</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>192</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>DISAPPROVED</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL47">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>19</ae>
+ <ae>941</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>112</ae>
+ <ae>27</ae>
+ </ae>
+ </itemlocation>
+ <value>SIGNATURE</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>11</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL48">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>597</ae>
+ <ae>940</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>58</ae>
+ <ae>27</ae>
+ </ae>
+ </itemlocation>
+ <value>DATE</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>11</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL49">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>970</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>876</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>PRIVACY ACT STATEMENT</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ <justify>center</justify>
+ </label>
+ <label sid="LABEL50">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>19</ae>
+ <ae>996</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>873</ae>
+ <ae>134</ae>
+ </ae>
+ </itemlocation>
+ <value>Section 6311 of title 5, United States Code, authorizes collection of this information. The primary use of this information is by management and your payroll office to approve and record your use of leave. Additional disclosures of the information mat be: To the Department of labor when processing a claim for compensation regarding a job connected injury or illness; to a State unemployment compensation office regarding a claim; the Federal Life Insurance or Health Benefits carries regarding a claim; to a Federal State, or local law enforcement agency when your agency becomes aware of a violation or possible violation of civil or criminal law; to a Federal agency when conducting an investigation for employment or Services Administration in connection with its responsibilities for records management.
+
+Where the Employee identification number is your Social Security Number, collection of this information is authorized by Executive Order 9397. Furnishing the information on this form, including your Social Security Number, is voluntary, but to do so may result in disapproval request.</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL51">
+ <value>If your agency uses the information furnished on this form for purposes other than those indicated above, it may provide you with an additional statement reflecting those purposes.</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>7</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>18</ae>
+ <ae>1140</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>875</ae>
+ <ae>22</ae>
+ </ae>
+ </itemlocation>
+ </label>
+ <label sid="LABEL52">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>18</ae>
+ <ae>1168</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>422</ae>
+ <ae>38</ae>
+ </ae>
+ </itemlocation>
+ <value>NSN 7540-000-753-5067
+PREVIOUS EDITION MAY BE USED</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL53">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>438</ae>
+ <ae>1168</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>454</ae>
+ <ae>38</ae>
+ </ae>
+ </itemlocation>
+ <value>STANDARD FORM 71 (Rev. 12-97)
+PRESCRIBED BY OFFICE OF PERSONNEL MANAGEMENT, 5 CFR PART 630</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <justify>right</justify>
+ </label>
+ <line sid="LINE1">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>32</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>876</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE2">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>82</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>876</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE3">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>133</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>876</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE4">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>179</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>876</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE5">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>268</ae>
+ <ae>218</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>406</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE6">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>268</ae>
+ <ae>263</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>406</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE7">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>311</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>657</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE8">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>268</ae>
+ <ae>354</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>406</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE9">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>268</ae>
+ <ae>398</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>406</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE10">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>484</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>657</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE11">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>530</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>657</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE12">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>578</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>657</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE13">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>626</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>876</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE14">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>743</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>876</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE15">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>867</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>876</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE16">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>967</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>876</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE17">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>1164</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>876</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE18">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>32</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>1133</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE19">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>510</ae>
+ <ae>32</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>51</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE20">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>892</ae>
+ <ae>32</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>1133</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE21">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>268</ae>
+ <ae>133</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>266</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE22">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>349</ae>
+ <ae>179</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>220</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE23">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>430</ae>
+ <ae>133</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>266</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE24">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>510</ae>
+ <ae>179</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>220</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE25">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>592</ae>
+ <ae>133</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>265</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE26">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>673</ae>
+ <ae>133</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>494</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE27">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>268</ae>
+ <ae>484</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>143</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE28">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>349</ae>
+ <ae>484</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>143</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE29">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>431</ae>
+ <ae>484</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>143</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE30">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>510</ae>
+ <ae>484</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>143</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE31">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>591</ae>
+ <ae>484</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>143</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <field sid="FIELD1">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>20</ae>
+ <ae>58</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>489</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <format content="array">
+ <ae>string</ae>
+ <ae>mandatory</ae>
+ </format>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <borderwidth>0</borderwidth>
+ <value>John Q. Public</value>
+ </field>
+ <field sid="FIELD2">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>537</ae>
+ <ae>58</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>123</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <format content="array">
+ <ae>string</ae>
+ <ae>mandatory</ae>
+ </format>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <borderwidth>0</borderwidth>
+ <value>123456789</value>
+ </field>
+ <field sid="FIELD3">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>19</ae>
+ <ae>109</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>872</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <format content="array">
+ <ae>string</ae>
+ <ae>mandatory</ae>
+ </format>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <borderwidth>0</borderwidth>
+ <value>PureEdge Solutions Inc.</value>
+ </field>
+ <check sid="CHECK1">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>28</ae>
+ <ae>191</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>22</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>18</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </check>
+ <field sid="FIELD4">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>269</ae>
+ <ae>188</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK1.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK1.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK1.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </field>
+ <field sid="FIELD5">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>350</ae>
+ <ae>188</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK1.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK1.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK1.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </field>
+ <field sid="FIELD6">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>431</ae>
+ <ae>188</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK1.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK1.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK1.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <field sid="FIELD7">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>511</ae>
+ <ae>188</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>81</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK1.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK1.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK1.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <field sid="FIELD8">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>593</ae>
+ <ae>188</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK1.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK1.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>float</ae>
+ <ae>optional</ae>
+ <range content="array">
+ <ae>0</ae>
+ <ae>9999.9999</ae>
+ </range>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK1.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <check sid="CHECK2">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>28</ae>
+ <ae>231</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>22</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>18</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </check>
+ <field sid="FIELD9">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>269</ae>
+ <ae>231</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK2.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK2.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK2.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </field>
+ <field sid="FIELD10">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>350</ae>
+ <ae>231</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK2.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK2.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK2.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </field>
+ <field sid="FIELD11">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>431</ae>
+ <ae>231</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK2.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK2.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK2.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <field sid="FIELD12">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>511</ae>
+ <ae>231</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>81</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK2.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK2.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK2.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <field sid="FIELD13">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>593</ae>
+ <ae>231</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK2.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK2.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>float</ae>
+ <ae>optional</ae>
+ <range content="array">
+ <ae>0</ae>
+ <ae>9999.9999</ae>
+ </range>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK2.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <check sid="CHECK3">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>28</ae>
+ <ae>277</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>22</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>18</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </check>
+ <field sid="FIELD14">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>269</ae>
+ <ae>276</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK3.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK3.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK3.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </field>
+ <field sid="FIELD15">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>350</ae>
+ <ae>276</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK3.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK3.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK3.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </field>
+ <field sid="FIELD16">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>431</ae>
+ <ae>276</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK3.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK3.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK3.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <field sid="FIELD17">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>511</ae>
+ <ae>276</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>81</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK3.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK3.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK3.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <field sid="FIELD18">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>593</ae>
+ <ae>276</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK3.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK3.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>float</ae>
+ <ae>optional</ae>
+ <range content="array">
+ <ae>0</ae>
+ <ae>9999.9999</ae>
+ </range>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK3.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <check sid="CHECK4">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>28</ae>
+ <ae>322</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>22</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>18</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </check>
+ <field sid="FIELD19">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>269</ae>
+ <ae>321</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK4.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK4.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK4.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </field>
+ <field sid="FIELD20">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>350</ae>
+ <ae>321</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK4.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK4.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK4.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </field>
+ <field sid="FIELD21">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>431</ae>
+ <ae>321</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>79</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK4.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK4.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK4.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <field sid="FIELD22">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>511</ae>
+ <ae>321</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>81</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK4.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK4.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK4.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <field sid="FIELD23">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>593</ae>
+ <ae>321</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK4.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK4.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>float</ae>
+ <ae>optional</ae>
+ <range content="array">
+ <ae>0</ae>
+ <ae>9999.9999</ae>
+ </range>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK4.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <check sid="CHECK5">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>28</ae>
+ <ae>367</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>22</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>18</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </check>
+ <field sid="FIELD24">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>269</ae>
+ <ae>366</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK5.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK5.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK5.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </field>
+ <field sid="FIELD25">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>350</ae>
+ <ae>366</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK5.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK5.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK5.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </field>
+ <field sid="FIELD26">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>431</ae>
+ <ae>366</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK5.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK5.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK5.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <field sid="FIELD27">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>511</ae>
+ <ae>366</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>81</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK5.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK5.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK5.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <field sid="FIELD28">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>593</ae>
+ <ae>366</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK5.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK5.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>float</ae>
+ <ae>optional</ae>
+ <range content="array">
+ <ae>0</ae>
+ <ae>9999.9999</ae>
+ </range>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK5.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <check sid="CHECK6">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>121</ae>
+ <ae>412</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>15</ae>
+ <ae>14</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value>off</value>
+ <active content="compute">
+ <cval>off</cval>
+ <compute>
+ (CHECK5.value == "on") ? "on" : "off"
+ </compute>
+ </active>
+ <editstate content="compute">
+ <cval>readwrite</cval>
+ <compute>
+ (value == "on") ? "readonly" : "readwrite"
+ </compute>
+ </editstate>
+ <radio_check content="compute">
+ <cval></cval>
+ <compute>
+ ((CHECK8.value == "on") || (CHECK7.value == "on")) ? set("value", "off") : ""
+ </compute>
+ </radio_check>
+ </check>
+ <check sid="CHECK7">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>121</ae>
+ <ae>438</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>15</ae>
+ <ae>14</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value>off</value>
+ <active content="compute">
+ <cval>off</cval>
+ <compute>
+ (CHECK5.value == "on") ? "on" : "off"
+ </compute>
+ </active>
+ <editstate content="compute">
+ <cval>readwrite</cval>
+ <compute>
+ (value == "on") ? "readonly" : "readwrite"
+ </compute>
+ </editstate>
+ <radio_check content="compute">
+ <cval></cval>
+ <compute>
+ ((CHECK8.value == "on") || (CHECK6.value == "on")) ? set("value", "off") : ""
+ </compute>
+ </radio_check>
+ </check>
+ <check sid="CHECK8">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>519</ae>
+ <ae>412</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>15</ae>
+ <ae>14</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value>off</value>
+ <active content="compute">
+ <cval>off</cval>
+ <compute>
+ (CHECK5.value == "on") ? "on" : "off"
+ </compute>
+ </active>
+ <editstate content="compute">
+ <cval>readwrite</cval>
+ <compute>
+ (value == "on") ? "readonly" : "readwrite"
+ </compute>
+ </editstate>
+ <radio_check content="compute">
+ <cval></cval>
+ <compute>
+ ((CHECK6.value == "on") || (CHECK7.value == "on")) ? set("value", "off") : ""
+ </compute>
+ </radio_check>
+ </check>
+ <check sid="CHECK9">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>28</ae>
+ <ae>495</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>22</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>18</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </check>
+ <field sid="FIELD29">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>269</ae>
+ <ae>498</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK9.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK9.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK9.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </field>
+ <field sid="FIELD30">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>350</ae>
+ <ae>498</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>81</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK9.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK9.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK9.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </field>
+ <field sid="FIELD31">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>432</ae>
+ <ae>498</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>78</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK9.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK9.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK9.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <field sid="FIELD32">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>511</ae>
+ <ae>498</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK9.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK9.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK9.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <field sid="FIELD33">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>592</ae>
+ <ae>498</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>81</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK9.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK9.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>float</ae>
+ <ae>optional</ae>
+ <range content="array">
+ <ae>0</ae>
+ <ae>9999.9999</ae>
+ </range>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK9.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <check sid="CHECK10">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>28</ae>
+ <ae>543</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>22</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>18</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </check>
+ <field sid="FIELD34">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>269</ae>
+ <ae>543</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK10.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK10.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK10.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </field>
+ <field sid="FIELD35">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>350</ae>
+ <ae>543</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>81</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK10.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK10.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK10.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </field>
+ <field sid="FIELD36">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>432</ae>
+ <ae>543</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>78</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK10.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK10.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK10.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <field sid="FIELD37">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>511</ae>
+ <ae>543</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK10.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK10.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK10.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <field sid="FIELD38">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>592</ae>
+ <ae>543</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>81</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK10.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK10.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>float</ae>
+ <ae>optional</ae>
+ <range content="array">
+ <ae>0</ae>
+ <ae>9999.9999</ae>
+ </range>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK10.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <check sid="CHECK11">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>28</ae>
+ <ae>591</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>22</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>18</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </check>
+ <field sid="FIELD39">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>269</ae>
+ <ae>590</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK11.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK11.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK11.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </field>
+ <field sid="FIELD40">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>350</ae>
+ <ae>590</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>81</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK11.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK11.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK11.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </field>
+ <field sid="FIELD41">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>432</ae>
+ <ae>590</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>78</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK11.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK11.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK11.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <field sid="FIELD42">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>511</ae>
+ <ae>590</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK11.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK11.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK11.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <field sid="FIELD43">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>592</ae>
+ <ae>590</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>81</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK11.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK11.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>float</ae>
+ <ae>optional</ae>
+ <range content="array">
+ <ae>0</ae>
+ <ae>9999.9999</ae>
+ </range>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK11.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value></value>
+ </field>
+ <check sid="CHECK12">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>680</ae>
+ <ae>326</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>15</ae>
+ <ae>14</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value></value>
+ </check>
+ <check sid="CHECK13">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>689</ae>
+ <ae>404</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>15</ae>
+ <ae>14</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <active content="compute">
+ <cval>off</cval>
+ <compute>
+ (CHECK12.value == "on") ? "on" : "off"
+ </compute>
+ </active>
+ <editstate content="compute">
+ <cval>readwrite</cval>
+ <compute>
+ (value == "on") ? "readonly" : "readwrite"
+ </compute>
+ </editstate>
+ <radio_check content="compute">
+ <cval></cval>
+ <compute>
+ ((CHECK14.value == "on") || (CHECK15.value == "on")) ? set("value", "off") : ""
+ </compute>
+ </radio_check>
+ <value></value>
+ </check>
+ <check sid="CHECK14">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>689</ae>
+ <ae>428</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>15</ae>
+ <ae>14</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <active content="compute">
+ <cval>off</cval>
+ <compute>
+ (CHECK12.value == "on") ? "on" : "off"
+ </compute>
+ </active>
+ <editstate content="compute">
+ <cval>readwrite</cval>
+ <compute>
+ (value == "on") ? "readonly" : "readwrite"
+ </compute>
+ </editstate>
+ <radio_check content="compute">
+ <cval></cval>
+ <compute>
+ ((CHECK15.value == "on") || (CHECK13.value == "on")) ? set("value", "off") : ""
+ </compute>
+ </radio_check>
+ <value></value>
+ </check>
+ <check sid="CHECK15">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>689</ae>
+ <ae>485</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>15</ae>
+ <ae>14</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <active content="compute">
+ <cval>off</cval>
+ <compute>
+ (CHECK12.value == "on") ? "on" : "off"
+ </compute>
+ </active>
+ <editstate content="compute">
+ <cval>readwrite</cval>
+ <compute>
+ (value == "on") ? "readonly" : "readwrite"
+ </compute>
+ </editstate>
+ <radio_check content="compute">
+ <cval></cval>
+ <compute>
+ ((CHECK14.value == "on") || (CHECK13.value == "on")) ? set("value", "off") : ""
+ </compute>
+ </radio_check>
+ <value></value>
+ </check>
+ <field sid="FIELD44">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>42</ae>
+ <ae>657</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>846</ae>
+ <ae>57</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <borderwidth>0</borderwidth>
+ <format content="array">
+ <ae>string</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ (CHECK10.value == "on") ? "mandatory" : "optional"
+ </compute>
+ </ae>
+ </format>
+ <value></value>
+ </field>
+ <field sid="FIELD45">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>42</ae>
+ <ae>712</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>846</ae>
+ <ae>31</ae>
+ </ae>
+ </itemlocation>
+ <borderwidth>0</borderwidth>
+ <format content="array">
+ <ae>string</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ (CHECK8.value == "on") ? "mandatory" : "optional"
+ </compute>
+ </ae>
+ </format>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK8.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <value></value>
+ </field>
+ <button sid="BUTTON1">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>250</ae>
+ <ae>839</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>346</ae>
+ <ae>27</ae>
+ </ae>
+ </itemlocation>
+ <type>signature</type>
+ <signature>SIGNATURE1</signature>
+ <signer>(cs) John M. Boyer, jboyer@pureedge.com</signer>
+ <signoptions content="array">
+ <ae>omit</ae>
+ <ae>triggeritem</ae>
+ </signoptions>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>8</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ <borderwidth>0</borderwidth>
+ <signitemrefs content="array">
+ <ae>omit</ae>
+ <ae>PAGE1.CHECK16</ae>
+ <ae>PAGE1.CHECK17</ae>
+ <ae>PAGE1.FIELD47</ae>
+ <ae>PAGE1.BUTTON2</ae>
+ <ae>SIGNATURE2</ae>
+ <ae>PAGE1.FIELD48</ae>
+ </signitemrefs>
+ <format content="array">
+ <ae>string</ae>
+ <ae>mandatory</ae>
+ </format>
+ <value content="compute">
+ <cval>(cs) John M. Boyer, jboyer@pureedge.com</cval>
+ <compute>
+ signer
+ </compute>
+ </value>
+ </button>
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ <Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2">
+ <XPath xmlns="http://www.w3.org/2002/06/xmldsig-filter2" Filter="subtract">
+ /XFDL/page[@sid="PAGE1"]/*[@sid="CHECK16" or @sid="CHECK17" or @sid="FIELD47" or @sid="BUTTON2" or @sid="FIELD48"] |
+ /XFDL/page/triggeritem[not(@sid)]
+ </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue />
+ </Reference>
+ </SignedInfo>
+ <SignatureValue />
+ <KeyInfo>
+ <KeyValue />
+ </KeyInfo>
+ </Signature>
+ <field sid="FIELD46">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>655</ae>
+ <ae>840</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>155</ae>
+ <ae>27</ae>
+ </ae>
+ </itemlocation>
+ <borderwidth>0</borderwidth>
+ <editstate>readonly</editstate>
+ <value content="compute">
+ <cval>05-08-02</cval>
+ <compute>
+ (BUTTON1.value != "") ? "*" : ""
+ </compute>
+ </value>
+ <format content="array">
+ <ae>date</ae>
+ <ae>optional</ae>
+ <presentation>MM-DD-YY</presentation>
+ </format>
+ </field>
+ <check sid="CHECK16">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>362</ae>
+ <ae>873</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>22</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>18</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <radio_behaviour content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK17.value == "on") ? set("value", "off") : ""
+ </compute>
+ </radio_behaviour>
+ <value></value>
+ </check>
+ <check sid="CHECK17">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>604</ae>
+ <ae>873</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>22</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>18</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <radio_behaviour content="compute">
+ <cval></cval>
+ <compute>
+ (CHECK16.value == "on") ? set("value", "off") : ""
+ </compute>
+ </radio_behaviour>
+ <value></value>
+ </check>
+ <field sid="FIELD47">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>41</ae>
+ <ae>917</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>770</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <Format content="array">
+ <ae>string</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ (CHECK17.value == "on") ? "mandatory" : "optional"
+ </compute>
+ </ae>
+ </Format>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK17.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <borderwidth>0</borderwidth>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <value></value>
+ </field>
+ <button sid="BUTTON2">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>132</ae>
+ <ae>939</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>466</ae>
+ <ae>27</ae>
+ </ae>
+ </itemlocation>
+ <type>signature</type>
+ <signature>SIGNATURE2</signature>
+ <signer></signer>
+ <format content="array">
+ <ae>string</ae>
+ <ae>mandatory</ae>
+ </format>
+ <signoptions content="array">
+ <ae>omit</ae>
+ <ae>triggeritem</ae>
+ </signoptions>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>8</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ <value content="compute">
+ <cval></cval>
+ <compute>
+ signer
+ </compute>
+ </value>
+ <borderwidth>0</borderwidth>
+ </button>
+ <field sid="FIELD48">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>656</ae>
+ <ae>940</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>155</ae>
+ <ae>27</ae>
+ </ae>
+ </itemlocation>
+ <borderwidth>0</borderwidth>
+ <editstate>readonly</editstate>
+ <value content="compute">
+ <cval></cval>
+ <compute>
+ (BUTTON2.value != "") ? "*" : ""
+ </compute>
+ </value>
+ <format content="array">
+ <ae>date</ae>
+ <ae>optional</ae>
+ <presentation>MM-DD-YY</presentation>
+ </format>
+ </field>
+ <spacer sid="vfd_spacer">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>960</ae>
+ <ae>1260</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </spacer>
+ </page>
+</XFDL>
diff --git a/tests/merlin-xpath-filter2-three/sign-xfdl.xml b/tests/merlin-xpath-filter2-three/sign-xfdl.xml
new file mode 100644
index 00000000..897460ba
--- /dev/null
+++ b/tests/merlin-xpath-filter2-three/sign-xfdl.xml
@@ -0,0 +1,4225 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<XFDL version="4.0.1">
+ <vfd_title>SF71</vfd_title>
+ <vfd_author>Thomas Mohr</vfd_author>
+ <vfd_revision>4/6/98</vfd_revision>
+ <vfd_date>4/6/98</vfd_date>
+ <saveformat>application/x-xfdl</saveformat>
+ <transmitformat>application/x-xfdl</transmitformat>
+ <formid content="array">
+ <version>1.0.0</version>
+ </formid>
+ <page sid="PAGE1">
+ <vfd_pagesize>letter</vfd_pagesize>
+ <vfd_pagedpi>120</vfd_pagedpi>
+ <vfd_printsize>8.0;10.5</vfd_printsize>
+ <label>PAGE1</label>
+ <bgcolor content="array">
+ <ae>235</ae>
+ <ae>235</ae>
+ <ae>235</ae>
+ </bgcolor>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>9</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <label sid="LABEL1">
+ <value>REQUEST FOR LEAVE OR APPROVED ABSENCE</value>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>14</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ <justify>center</justify>
+ <size content="array">
+ <ae>61</ae>
+ <ae>1</ae>
+ </size>
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>19</ae>
+ <ae>3</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>874</ae>
+ <ae>34</ae>
+ </ae>
+ </itemlocation>
+ </label>
+ <label sid="LABEL2">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>20</ae>
+ <ae>35</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>79</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>1. NAME</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL3">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>100</ae>
+ <ae>35</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>218</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>(Last, First, Middle Initial)</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ <ae>italic</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL4">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>511</ae>
+ <ae>35</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>385</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>2. EMPLOYEE OR SOCIAL SECURITY NUMBER</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL5">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>20</ae>
+ <ae>85</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>170</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>3. ORGANIZATION</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL6">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>20</ae>
+ <ae>135</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>248</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>4. TYPE OF LEAVE/ABSENCE</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL7">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>32</ae>
+ <ae>155</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>236</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>(Check appropriate box(es) below.)</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>9</ae>
+ <ae>plain</ae>
+ <ae>italic</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL8">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>270</ae>
+ <ae>158</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>48</ae>
+ <ae>22</ae>
+ </ae>
+ </itemlocation>
+ <value>From:</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>9</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL9">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>268</ae>
+ <ae>135</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>163</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>Date</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ <justify>center</justify>
+ </label>
+ <label sid="LABEL10">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>352</ae>
+ <ae>158</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>48</ae>
+ <ae>22</ae>
+ </ae>
+ </itemlocation>
+ <value>To:</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>9</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL11">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>432</ae>
+ <ae>158</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>48</ae>
+ <ae>22</ae>
+ </ae>
+ </itemlocation>
+ <value>From:</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>9</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL12">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>430</ae>
+ <ae>135</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>163</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>Time</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ <justify>center</justify>
+ </label>
+ <label sid="LABEL13">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>513</ae>
+ <ae>158</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>48</ae>
+ <ae>22</ae>
+ </ae>
+ </itemlocation>
+ <value>To:</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>9</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL14">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>592</ae>
+ <ae>134</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>46</ae>
+ </ae>
+ </itemlocation>
+ <value>Total
+Hours</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ <justify>center</justify>
+ </label>
+ <label sid="LABEL15">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>64</ae>
+ <ae>186</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>205</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>Accrued Annual Leave</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL16">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>64</ae>
+ <ae>232</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>205</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>Restored Annual Leave</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL17">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>64</ae>
+ <ae>278</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>205</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>Advance Annual Leave</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL18">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>64</ae>
+ <ae>323</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>205</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>Accured Sick Leave</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL19">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>64</ae>
+ <ae>368</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>205</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>Advance Sick Leave</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL20">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>19</ae>
+ <ae>409</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>Purpose:</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL21">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>142</ae>
+ <ae>410</ae>
+ </ae>
+ </itemlocation>
+ <value>Medical/dental/optical Examination of requesting employee</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>9</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <size content="array">
+ <ae>45</ae>
+ <ae>1</ae>
+ </size>
+ </label>
+ <label sid="LABEL22">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>535</ae>
+ <ae>410</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>46</ae>
+ <ae>24</ae>
+ </ae>
+ </itemlocation>
+ <value>Other</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>9</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL23">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>142</ae>
+ <ae>435</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>439</ae>
+ <ae>42</ae>
+ </ae>
+ </itemlocation>
+ <value>Care of family member/bereavement, including medical/dental/optical examination of family member</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>9</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL24">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>64</ae>
+ <ae>498</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>204</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>Compensatory Time Off</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL25">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>64</ae>
+ <ae>535</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>180</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>Other Paid Absence</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL26">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>64</ae>
+ <ae>556</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>158</ae>
+ <ae>24</ae>
+ </ae>
+ </itemlocation>
+ <value>(Specify in Remarks)</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>9</ae>
+ <ae>plain</ae>
+ <ae>italic</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL27">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>64</ae>
+ <ae>593</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>192</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>Leave Without Pay</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL28">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>676</ae>
+ <ae>135</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>215</ae>
+ <ae>46</ae>
+ </ae>
+ </itemlocation>
+ <value>5. FAMILY AND
+ MEDICAL LEAVE</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL29">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>677</ae>
+ <ae>183</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>214</ae>
+ <ae>126</ae>
+ </ae>
+ </itemlocation>
+ <value>If annual leave, sick leave, or leave without pay will be used under the Family and Medical Leave Act of 1993, please provide the following information:</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL30">
+ <value>I hereby invoke my</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>700</ae>
+ <ae>322</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>191</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ </label>
+ <label sid="LABEL31">
+ <value>entitlement Family and</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>675</ae>
+ <ae>342</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>216</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ </label>
+ <label sid="LABEL32">
+ <value>Medical Leave for:</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>675</ae>
+ <ae>364</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>215</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ </label>
+ <label sid="LABEL33">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>708</ae>
+ <ae>403</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>181</ae>
+ <ae>22</ae>
+ </ae>
+ </itemlocation>
+ <value>Birth/Adoption/Foster Care</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL34">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>708</ae>
+ <ae>426</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>182</ae>
+ <ae>38</ae>
+ </ae>
+ </itemlocation>
+ <value>Serious Heath Condition of spouse, Son, Daughter, or Parent</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL35">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>708</ae>
+ <ae>483</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>184</ae>
+ <ae>22</ae>
+ </ae>
+ </itemlocation>
+ <value>Serious Health Condition of Self</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL36">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>675</ae>
+ <ae>537</ae>
+ </ae>
+ </itemlocation>
+ <value>Contact your supervisor and/or our personnel office to obtain additional information about your entitlements and responsibilities under the Family and Medical Leave Act of 1993.</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <size content="array">
+ <ae>26</ae>
+ <ae>5</ae>
+ </size>
+ </label>
+ <label sid="LABEL37">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>19</ae>
+ <ae>630</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>192</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>6. REMARKS:</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL38">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>19</ae>
+ <ae>747</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>170</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>7. CERTIFICATION:</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL39">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>178</ae>
+ <ae>747</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>715</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>I hereby request leave/approved absence from duty as indicated above and certify that such leave/absence</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL40">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>19</ae>
+ <ae>767</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>873</ae>
+ <ae>66</ae>
+ </ae>
+ </itemlocation>
+ <value>is reuested from the purpose(s) indicated. I understand that I must comply with my employing agency's procedures for requesting leave/approved absence (and provide additional documention, including medical certification, if required) and that falsification of information on this form may be grounds for disciplinary action, including removal.</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL41">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>19</ae>
+ <ae>841</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>230</ae>
+ <ae>27</ae>
+ </ae>
+ </itemlocation>
+ <value>EMPLOYEE SIGNATURE</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>11</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL42">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>597</ae>
+ <ae>841</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>58</ae>
+ <ae>27</ae>
+ </ae>
+ </itemlocation>
+ <value>DATE</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>11</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL43">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>19</ae>
+ <ae>877</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>335</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>8. OFFICAL ACTION ON REQUEST:</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL44">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>41</ae>
+ <ae>897</ae>
+ </ae>
+ </itemlocation>
+ <value>(If disapproved, give reason. If annual leave, initiate action to reschedule.)</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <size content="array">
+ <ae>53</ae>
+ <ae>1</ae>
+ </size>
+ </label>
+ <label sid="LABEL45">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>388</ae>
+ <ae>875</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>192</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>APPROVED</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL46">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>638</ae>
+ <ae>875</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>192</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>DISAPPROVED</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL47">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>19</ae>
+ <ae>941</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>112</ae>
+ <ae>27</ae>
+ </ae>
+ </itemlocation>
+ <value>SIGNATURE</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>11</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL48">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>597</ae>
+ <ae>940</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>58</ae>
+ <ae>27</ae>
+ </ae>
+ </itemlocation>
+ <value>DATE</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>11</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL49">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>970</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>876</ae>
+ <ae>26</ae>
+ </ae>
+ </itemlocation>
+ <value>PRIVACY ACT STATEMENT</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>10</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ <justify>center</justify>
+ </label>
+ <label sid="LABEL50">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>19</ae>
+ <ae>996</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>873</ae>
+ <ae>134</ae>
+ </ae>
+ </itemlocation>
+ <value>Section 6311 of title 5, United States Code, authorizes collection of this information. The primary use of this information is by management and your payroll office to approve and record your use of leave. Additional disclosures of the information mat be: To the Department of labor when processing a claim for compensation regarding a job connected injury or illness; to a State unemployment compensation office regarding a claim; the Federal Life Insurance or Health Benefits carries regarding a claim; to a Federal State, or local law enforcement agency when your agency becomes aware of a violation or possible violation of civil or criminal law; to a Federal agency when conducting an investigation for employment or Services Administration in connection with its responsibilities for records management.
+
+Where the Employee identification number is your Social Security Number, collection of this information is authorized by Executive Order 9397. Furnishing the information on this form, including your Social Security Number, is voluntary, but to do so may result in disapproval request.</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL51">
+ <value>If your agency uses the information furnished on this form for purposes other than those indicated above, it may provide you with an additional statement reflecting those purposes.</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>7</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>18</ae>
+ <ae>1140</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>875</ae>
+ <ae>22</ae>
+ </ae>
+ </itemlocation>
+ </label>
+ <label sid="LABEL52">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>18</ae>
+ <ae>1168</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>422</ae>
+ <ae>38</ae>
+ </ae>
+ </itemlocation>
+ <value>NSN 7540-000-753-5067
+PREVIOUS EDITION MAY BE USED</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ </label>
+ <label sid="LABEL53">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>438</ae>
+ <ae>1168</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>454</ae>
+ <ae>38</ae>
+ </ae>
+ </itemlocation>
+ <value>STANDARD FORM 71 (Rev. 12-97)
+PRESCRIBED BY OFFICE OF PERSONNEL MANAGEMENT, 5 CFR PART 630</value>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <justify>right</justify>
+ </label>
+ <line sid="LINE1">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>32</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>876</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE2">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>82</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>876</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE3">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>133</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>876</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE4">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>179</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>876</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE5">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>268</ae>
+ <ae>218</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>406</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE6">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>268</ae>
+ <ae>263</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>406</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE7">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>311</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>657</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE8">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>268</ae>
+ <ae>354</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>406</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE9">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>268</ae>
+ <ae>398</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>406</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE10">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>484</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>657</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE11">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>530</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>657</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE12">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>578</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>657</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE13">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>626</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>876</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE14">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>743</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>876</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE15">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>867</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>876</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE16">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>967</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>876</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE17">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>1164</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>876</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE18">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>17</ae>
+ <ae>32</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>1133</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE19">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>510</ae>
+ <ae>32</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>51</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE20">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>892</ae>
+ <ae>32</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>1133</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE21">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>268</ae>
+ <ae>133</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>266</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE22">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>349</ae>
+ <ae>179</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>220</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE23">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>430</ae>
+ <ae>133</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>266</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE24">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>510</ae>
+ <ae>179</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>220</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE25">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>592</ae>
+ <ae>133</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>265</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE26">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>673</ae>
+ <ae>133</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>494</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE27">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>268</ae>
+ <ae>484</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>143</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE28">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>349</ae>
+ <ae>484</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>143</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE29">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>431</ae>
+ <ae>484</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>143</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE30">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>510</ae>
+ <ae>484</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>143</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <line sid="LINE31">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>591</ae>
+ <ae>484</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>143</ae>
+ </ae>
+ </itemlocation>
+ </line>
+ <field sid="FIELD1">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>20</ae>
+ <ae>58</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>489</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <format content="array">
+ <ae>string</ae>
+ <ae>mandatory</ae>
+ </format>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <borderwidth>0</borderwidth>
+ <value>John Q. Public</value>
+ </field>
+ <field sid="FIELD2">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>537</ae>
+ <ae>58</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>123</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <format content="array">
+ <ae>string</ae>
+ <ae>mandatory</ae>
+ </format>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <borderwidth>0</borderwidth>
+ <value>123456789</value>
+ </field>
+ <field sid="FIELD3">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>19</ae>
+ <ae>109</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>872</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <format content="array">
+ <ae>string</ae>
+ <ae>mandatory</ae>
+ </format>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <borderwidth>0</borderwidth>
+ <value>PureEdge Solutions Inc.</value>
+ </field>
+ <check sid="CHECK1">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>28</ae>
+ <ae>191</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>22</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>18</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value />
+ </check>
+ <field sid="FIELD4">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>269</ae>
+ <ae>188</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK1.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK1.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK1.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value />
+ </field>
+ <field sid="FIELD5">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>350</ae>
+ <ae>188</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK1.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK1.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK1.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value />
+ </field>
+ <field sid="FIELD6">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>431</ae>
+ <ae>188</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK1.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK1.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK1.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value />
+ </field>
+ <field sid="FIELD7">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>511</ae>
+ <ae>188</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>81</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK1.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK1.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK1.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value />
+ </field>
+ <field sid="FIELD8">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>593</ae>
+ <ae>188</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK1.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK1.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>float</ae>
+ <ae>optional</ae>
+ <range content="array">
+ <ae>0</ae>
+ <ae>9999.9999</ae>
+ </range>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK1.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value />
+ </field>
+ <check sid="CHECK2">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>28</ae>
+ <ae>231</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>22</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>18</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value />
+ </check>
+ <field sid="FIELD9">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>269</ae>
+ <ae>231</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK2.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK2.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK2.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value />
+ </field>
+ <field sid="FIELD10">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>350</ae>
+ <ae>231</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK2.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK2.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK2.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value />
+ </field>
+ <field sid="FIELD11">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>431</ae>
+ <ae>231</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK2.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK2.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK2.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value />
+ </field>
+ <field sid="FIELD12">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>511</ae>
+ <ae>231</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>81</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK2.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK2.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK2.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value />
+ </field>
+ <field sid="FIELD13">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>593</ae>
+ <ae>231</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK2.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK2.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>float</ae>
+ <ae>optional</ae>
+ <range content="array">
+ <ae>0</ae>
+ <ae>9999.9999</ae>
+ </range>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK2.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value />
+ </field>
+ <check sid="CHECK3">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>28</ae>
+ <ae>277</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>22</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>18</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value />
+ </check>
+ <field sid="FIELD14">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>269</ae>
+ <ae>276</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK3.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK3.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK3.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value />
+ </field>
+ <field sid="FIELD15">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>350</ae>
+ <ae>276</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK3.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK3.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK3.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value />
+ </field>
+ <field sid="FIELD16">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>431</ae>
+ <ae>276</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK3.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK3.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK3.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value />
+ </field>
+ <field sid="FIELD17">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>511</ae>
+ <ae>276</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>81</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK3.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK3.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK3.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value />
+ </field>
+ <field sid="FIELD18">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>593</ae>
+ <ae>276</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK3.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK3.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>float</ae>
+ <ae>optional</ae>
+ <range content="array">
+ <ae>0</ae>
+ <ae>9999.9999</ae>
+ </range>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK3.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value />
+ </field>
+ <check sid="CHECK4">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>28</ae>
+ <ae>322</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>22</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>18</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value />
+ </check>
+ <field sid="FIELD19">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>269</ae>
+ <ae>321</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK4.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK4.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK4.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value />
+ </field>
+ <field sid="FIELD20">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>350</ae>
+ <ae>321</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK4.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK4.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK4.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value />
+ </field>
+ <field sid="FIELD21">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>431</ae>
+ <ae>321</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>79</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK4.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK4.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK4.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value />
+ </field>
+ <field sid="FIELD22">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>511</ae>
+ <ae>321</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>81</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK4.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK4.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK4.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value />
+ </field>
+ <field sid="FIELD23">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>593</ae>
+ <ae>321</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK4.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK4.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>float</ae>
+ <ae>optional</ae>
+ <range content="array">
+ <ae>0</ae>
+ <ae>9999.9999</ae>
+ </range>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK4.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value />
+ </field>
+ <check sid="CHECK5">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>28</ae>
+ <ae>367</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>22</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>18</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value />
+ </check>
+ <field sid="FIELD24">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>269</ae>
+ <ae>366</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK5.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK5.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK5.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value />
+ </field>
+ <field sid="FIELD25">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>350</ae>
+ <ae>366</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK5.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK5.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK5.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value />
+ </field>
+ <field sid="FIELD26">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>431</ae>
+ <ae>366</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK5.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK5.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK5.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value />
+ </field>
+ <field sid="FIELD27">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>511</ae>
+ <ae>366</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>81</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK5.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK5.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK5.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value />
+ </field>
+ <field sid="FIELD28">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>593</ae>
+ <ae>366</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK5.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK5.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>float</ae>
+ <ae>optional</ae>
+ <range content="array">
+ <ae>0</ae>
+ <ae>9999.9999</ae>
+ </range>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK5.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value />
+ </field>
+ <check sid="CHECK6">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>121</ae>
+ <ae>412</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>15</ae>
+ <ae>14</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value>off</value>
+ <active content="compute">
+ <cval>off</cval>
+ <compute>
+ (CHECK5.value == "on") ? "on" : "off"
+ </compute>
+ </active>
+ <editstate content="compute">
+ <cval>readwrite</cval>
+ <compute>
+ (value == "on") ? "readonly" : "readwrite"
+ </compute>
+ </editstate>
+ <radio_check content="compute">
+ <cval />
+ <compute>
+ ((CHECK8.value == "on") || (CHECK7.value == "on")) ? set("value", "off") : ""
+ </compute>
+ </radio_check>
+ </check>
+ <check sid="CHECK7">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>121</ae>
+ <ae>438</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>15</ae>
+ <ae>14</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value>off</value>
+ <active content="compute">
+ <cval>off</cval>
+ <compute>
+ (CHECK5.value == "on") ? "on" : "off"
+ </compute>
+ </active>
+ <editstate content="compute">
+ <cval>readwrite</cval>
+ <compute>
+ (value == "on") ? "readonly" : "readwrite"
+ </compute>
+ </editstate>
+ <radio_check content="compute">
+ <cval />
+ <compute>
+ ((CHECK8.value == "on") || (CHECK6.value == "on")) ? set("value", "off") : ""
+ </compute>
+ </radio_check>
+ </check>
+ <check sid="CHECK8">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>519</ae>
+ <ae>412</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>15</ae>
+ <ae>14</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value>off</value>
+ <active content="compute">
+ <cval>off</cval>
+ <compute>
+ (CHECK5.value == "on") ? "on" : "off"
+ </compute>
+ </active>
+ <editstate content="compute">
+ <cval>readwrite</cval>
+ <compute>
+ (value == "on") ? "readonly" : "readwrite"
+ </compute>
+ </editstate>
+ <radio_check content="compute">
+ <cval />
+ <compute>
+ ((CHECK6.value == "on") || (CHECK7.value == "on")) ? set("value", "off") : ""
+ </compute>
+ </radio_check>
+ </check>
+ <check sid="CHECK9">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>28</ae>
+ <ae>495</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>22</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>18</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value />
+ </check>
+ <field sid="FIELD29">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>269</ae>
+ <ae>498</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK9.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK9.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK9.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value />
+ </field>
+ <field sid="FIELD30">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>350</ae>
+ <ae>498</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>81</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK9.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK9.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK9.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value />
+ </field>
+ <field sid="FIELD31">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>432</ae>
+ <ae>498</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>78</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK9.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK9.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK9.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value />
+ </field>
+ <field sid="FIELD32">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>511</ae>
+ <ae>498</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK9.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK9.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK9.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value />
+ </field>
+ <field sid="FIELD33">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>592</ae>
+ <ae>498</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>81</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK9.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK9.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>float</ae>
+ <ae>optional</ae>
+ <range content="array">
+ <ae>0</ae>
+ <ae>9999.9999</ae>
+ </range>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK9.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value />
+ </field>
+ <check sid="CHECK10">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>28</ae>
+ <ae>543</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>22</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>18</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value />
+ </check>
+ <field sid="FIELD34">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>269</ae>
+ <ae>543</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK10.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK10.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK10.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value />
+ </field>
+ <field sid="FIELD35">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>350</ae>
+ <ae>543</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>81</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK10.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK10.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK10.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value />
+ </field>
+ <field sid="FIELD36">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>432</ae>
+ <ae>543</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>78</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK10.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK10.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK10.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value />
+ </field>
+ <field sid="FIELD37">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>511</ae>
+ <ae>543</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK10.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK10.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK10.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value />
+ </field>
+ <field sid="FIELD38">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>592</ae>
+ <ae>543</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>81</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK10.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK10.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>float</ae>
+ <ae>optional</ae>
+ <range content="array">
+ <ae>0</ae>
+ <ae>9999.9999</ae>
+ </range>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK10.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value />
+ </field>
+ <check sid="CHECK11">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>28</ae>
+ <ae>591</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>22</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>18</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value />
+ </check>
+ <field sid="FIELD39">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>269</ae>
+ <ae>590</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK11.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK11.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK11.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value />
+ </field>
+ <field sid="FIELD40">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>350</ae>
+ <ae>590</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>81</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK11.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK11.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>date</ae>
+ <ae>case_insensitive</ae>
+ <ae>optional</ae>
+ <template content="array">
+ <ae>##-##-##</ae>
+ </template>
+ <presentation>MM-DD-YY</presentation>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK11.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <fontinfo content="array">
+ <ae>Courier</ae>
+ <ae>8</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value />
+ </field>
+ <field sid="FIELD41">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>432</ae>
+ <ae>590</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>78</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK11.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK11.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK11.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value />
+ </field>
+ <field sid="FIELD42">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>511</ae>
+ <ae>590</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>80</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <justify>center</justify>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK11.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK11.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>time</ae>
+ <ae>short</ae>
+ <ae>optional</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK11.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value />
+ </field>
+ <field sid="FIELD43">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>592</ae>
+ <ae>590</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>81</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK11.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <check_off content="compute">
+ <cval />
+ <compute>
+ (CHECK11.value == "off") ? set("value", "") : ""
+ </compute>
+ </check_off>
+ <format content="array">
+ <ae>float</ae>
+ <ae>optional</ae>
+ <range content="array">
+ <ae>0</ae>
+ <ae>9999.9999</ae>
+ </range>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ ((CHECK11.value == "on") ? "mandatory" : "optional")
+ </compute>
+ </ae>
+ </format>
+ <borderwidth>0</borderwidth>
+ <value />
+ </field>
+ <check sid="CHECK12">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>680</ae>
+ <ae>326</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>15</ae>
+ <ae>14</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <value />
+ </check>
+ <check sid="CHECK13">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>689</ae>
+ <ae>404</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>15</ae>
+ <ae>14</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <active content="compute">
+ <cval>off</cval>
+ <compute>
+ (CHECK12.value == "on") ? "on" : "off"
+ </compute>
+ </active>
+ <editstate content="compute">
+ <cval>readwrite</cval>
+ <compute>
+ (value == "on") ? "readonly" : "readwrite"
+ </compute>
+ </editstate>
+ <radio_check content="compute">
+ <cval />
+ <compute>
+ ((CHECK14.value == "on") || (CHECK15.value == "on")) ? set("value", "off") : ""
+ </compute>
+ </radio_check>
+ <value />
+ </check>
+ <check sid="CHECK14">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>689</ae>
+ <ae>428</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>15</ae>
+ <ae>14</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <active content="compute">
+ <cval>off</cval>
+ <compute>
+ (CHECK12.value == "on") ? "on" : "off"
+ </compute>
+ </active>
+ <editstate content="compute">
+ <cval>readwrite</cval>
+ <compute>
+ (value == "on") ? "readonly" : "readwrite"
+ </compute>
+ </editstate>
+ <radio_check content="compute">
+ <cval />
+ <compute>
+ ((CHECK15.value == "on") || (CHECK13.value == "on")) ? set("value", "off") : ""
+ </compute>
+ </radio_check>
+ <value />
+ </check>
+ <check sid="CHECK15">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>689</ae>
+ <ae>485</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>15</ae>
+ <ae>14</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>10</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <active content="compute">
+ <cval>off</cval>
+ <compute>
+ (CHECK12.value == "on") ? "on" : "off"
+ </compute>
+ </active>
+ <editstate content="compute">
+ <cval>readwrite</cval>
+ <compute>
+ (value == "on") ? "readonly" : "readwrite"
+ </compute>
+ </editstate>
+ <radio_check content="compute">
+ <cval />
+ <compute>
+ ((CHECK14.value == "on") || (CHECK13.value == "on")) ? set("value", "off") : ""
+ </compute>
+ </radio_check>
+ <value />
+ </check>
+ <field sid="FIELD44">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>42</ae>
+ <ae>657</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>846</ae>
+ <ae>57</ae>
+ </ae>
+ </itemlocation>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <borderwidth>0</borderwidth>
+ <format content="array">
+ <ae>string</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ (CHECK10.value == "on") ? "mandatory" : "optional"
+ </compute>
+ </ae>
+ </format>
+ <value />
+ </field>
+ <field sid="FIELD45">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>42</ae>
+ <ae>712</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>846</ae>
+ <ae>31</ae>
+ </ae>
+ </itemlocation>
+ <borderwidth>0</borderwidth>
+ <format content="array">
+ <ae>string</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ (CHECK8.value == "on") ? "mandatory" : "optional"
+ </compute>
+ </ae>
+ </format>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK8.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <value />
+ </field>
+ <button sid="BUTTON1">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>250</ae>
+ <ae>839</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>346</ae>
+ <ae>27</ae>
+ </ae>
+ </itemlocation>
+ <type>signature</type>
+ <signature>SIGNATURE1</signature>
+ <signer>(cs) John M. Boyer, jboyer@pureedge.com</signer>
+ <signoptions content="array">
+ <ae>omit</ae>
+ <ae>triggeritem</ae>
+ </signoptions>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>8</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ <borderwidth>0</borderwidth>
+ <signitemrefs content="array">
+ <ae>omit</ae>
+ <ae>PAGE1.CHECK16</ae>
+ <ae>PAGE1.CHECK17</ae>
+ <ae>PAGE1.FIELD47</ae>
+ <ae>PAGE1.BUTTON2</ae>
+ <ae>SIGNATURE2</ae>
+ <ae>PAGE1.FIELD48</ae>
+ </signitemrefs>
+ <format content="array">
+ <ae>string</ae>
+ <ae>mandatory</ae>
+ </format>
+ <value content="compute">
+ <cval>(cs) John M. Boyer, jboyer@pureedge.com</cval>
+ <compute>
+ signer
+ </compute>
+ </value>
+ </button>
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ <Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2">
+ <XPath xmlns="http://www.w3.org/2002/06/xmldsig-filter2" Filter="subtract">
+ /XFDL/page[@sid="PAGE1"]/*[@sid="CHECK16" or @sid="CHECK17" or @sid="FIELD47" or @sid="BUTTON2" or @sid="FIELD48"] |
+ /XFDL/page/triggeritem[not(@sid)]
+ </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>xtHvgrYCYiWUtvgbaA6yx4fY4hI=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ UCx213C5lb0LhhsAHEO+L5Pbkq8sBhh/yXJuL4zDZMyASF/cn6eoDA==
+ </SignatureValue>
+ <KeyInfo>
+ <KeyValue>
+ <DSAKeyValue>
+ <P>
+ 3eOeAvqnEyFpW+uTSgrdj7YLjaTkpyHecKFIoLu8QZNkGTQI1ciITBH0lqfIkdCH
+ Si8fiUC3DTq3J9FsJef4YVtDF7JpUvHTOQqtq7Zgx6KC8Wxkz6rQCxOr7F0ApOYi
+ 89zLRoe4MkDGe6ux0+WtyOTQoVIGNTDDUFXrUQNbLrE=
+ </P>
+ <Q>hDLcFK0GO/Hz1arxOOvsgM/VLyU=</Q>
+ <G>
+ nnx7hbdWozGbtnFgnbFnopfRl7XRacpkPJRGf5P2IUgVspEUSUoN6i1fDBfBg43z
+ Kt7dlEaQL7b5+JTZt3MhZNPosxsgxVuT7Ts/g5k7EnpdYv0a5hw5Bw29fjbGHfgM
+ 8d2rhd2Ui0xHbk0D451nhLxVWulviOSPhzKKvXrbySA=
+ </G>
+ <Y>
+ cfYpihpAQeepbNFS4MAbQRhdXpDi5wLrwxE5hIvoYqo1L8BQVu8fY1TFAPtoae1i
+ Bg/GIJyP3iLfyuBJaDvJJLP30wBH9i/s5J3656PevpOVdTfi777Fi9Gj6y/ib2Vv
+ +OZfJkkp4L50+p5TUhPmQLJtREsgtl+tnIOyJT++G9U=
+ </Y>
+ </DSAKeyValue>
+ </KeyValue>
+ <X509Data>
+ <X509SubjectName>
+ CN=Merlin Hughes,OU=X/Secure,O=Baltimore Technologies Ltd.,ST=Dublin,C=IE
+ </X509SubjectName>
+ <X509IssuerSerial>
+ <X509IssuerName>
+ CN=Transient CA,OU=X/Secure,O=Baltimore Technologies Ltd.,ST=Dublin,C=IE
+ </X509IssuerName>
+ <X509SerialNumber>1017788370348</X509SerialNumber>
+ </X509IssuerSerial>
+ <X509Certificate>
+ MIIDUDCCAxCgAwIBAgIGAOz46g2sMAkGByqGSM44BAMwbjELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEVMBMGA1UEAxMMVHJhbnNpZW50IENB
+ MB4XDTAyMDQwMjIyNTkzMFoXDTEyMDQwMjIxNTkyNVowbzELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEWMBQGA1UEAxMNTWVybGluIEh1Z2hl
+ czCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQDd454C+qcTIWlb65NKCt2PtguNpOSn
+ Id5woUigu7xBk2QZNAjVyIhMEfSWp8iR0IdKLx+JQLcNOrcn0Wwl5/hhW0MXsmlS
+ 8dM5Cq2rtmDHooLxbGTPqtALE6vsXQCk5iLz3MtGh7gyQMZ7q7HT5a3I5NChUgY1
+ MMNQVetRA1susQIVAIQy3BStBjvx89Wq8Tjr7IDP1S8lAoGBAJ58e4W3VqMxm7Zx
+ YJ2xZ6KX0Ze10WnKZDyURn+T9iFIFbKRFElKDeotXwwXwYON8yre3ZRGkC+2+fiU
+ 2bdzIWTT6LMbIMVbk+07P4OZOxJ6XWL9GuYcOQcNvX42xh34DPHdq4XdlItMR25N
+ A+OdZ4S8VVrpb4jkj4cyir1628kgA4GEAAKBgHH2KYoaQEHnqWzRUuDAG0EYXV6Q
+ 4ucC68MROYSL6GKqNS/AUFbvH2NUxQD7aGntYgYPxiCcj94i38rgSWg7ySSz99MA
+ R/Yv7OSd+uej3r6TlXU34u++xYvRo+sv4m9lb/jmXyZJKeC+dPqeU1IT5kCybURL
+ ILZfrZyDsiU/vhvVozowODAOBgNVHQ8BAf8EBAMCB4AwEQYDVR0OBAoECIatY7SE
+ lXEOMBMGA1UdIwQMMAqACIOGPkB2MuKTMAkGByqGSM44BAMDLwAwLAIUSvT02iQj
+ Q5da4Wpe0Bvs7GuCcVsCFCEcQpbjUfnxXFXNWiFyQ49ZrWqn
+ </X509Certificate>
+ <X509Certificate>
+ MIIDSzCCAwugAwIBAgIGAOz46fwJMAkGByqGSM44BAMwbjELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEVMBMGA1UEAxMMVHJhbnNpZW50IENB
+ MB4XDTAyMDQwMjIyNTkyNVoXDTEyMDQwMjIxNTkyNVowbjELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEVMBMGA1UEAxMMVHJhbnNpZW50IENB
+ MIIBtzCCASwGByqGSM44BAEwggEfAoGBAN3jngL6pxMhaVvrk0oK3Y+2C42k5Kch
+ 3nChSKC7vEGTZBk0CNXIiEwR9JanyJHQh0ovH4lAtw06tyfRbCXn+GFbQxeyaVLx
+ 0zkKrau2YMeigvFsZM+q0AsTq+xdAKTmIvPcy0aHuDJAxnursdPlrcjk0KFSBjUw
+ w1BV61EDWy6xAhUAhDLcFK0GO/Hz1arxOOvsgM/VLyUCgYEAnnx7hbdWozGbtnFg
+ nbFnopfRl7XRacpkPJRGf5P2IUgVspEUSUoN6i1fDBfBg43zKt7dlEaQL7b5+JTZ
+ t3MhZNPosxsgxVuT7Ts/g5k7EnpdYv0a5hw5Bw29fjbGHfgM8d2rhd2Ui0xHbk0D
+ 451nhLxVWulviOSPhzKKvXrbySADgYQAAoGAfag+HCABIJadDD9Aarhgc2QR3Lp7
+ PpMOh0lAwLiIsvkO4UlbeOS0IJC8bcqLjM1fVw6FGSaxmq+4y1ag2m9k6IdE0Qh5
+ NxB/xFkmdwqXFRIJVp44OeUygB47YK76NmUIYG3DdfiPPU3bqzjvtOtETiCHvo25
+ 4D6UjwPpYErXRUajNjA0MA4GA1UdDwEB/wQEAwICBDAPBgNVHRMECDAGAQH/AgEA
+ MBEGA1UdDgQKBAiDhj5AdjLikzAJBgcqhkjOOAQDAy8AMCwCFELu0nuweqW7Wf0s
+ gk/CAGGL0BGKAhRNdgQGr5iyZKoH4oqPm0VJ9TjXLg==
+ </X509Certificate>
+ </X509Data>
+ </KeyInfo>
+ </Signature>
+ <field sid="FIELD46">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>655</ae>
+ <ae>840</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>155</ae>
+ <ae>27</ae>
+ </ae>
+ </itemlocation>
+ <borderwidth>0</borderwidth>
+ <editstate>readonly</editstate>
+ <value content="compute">
+ <cval>05-08-02</cval>
+ <compute>
+ (BUTTON1.value != "") ? "*" : ""
+ </compute>
+ </value>
+ <format content="array">
+ <ae>date</ae>
+ <ae>optional</ae>
+ <presentation>MM-DD-YY</presentation>
+ </format>
+ </field>
+ <check sid="CHECK16">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>362</ae>
+ <ae>873</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>22</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>18</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <radio_behaviour content="compute">
+ <cval />
+ <compute>
+ (CHECK17.value == "on") ? set("value", "off") : ""
+ </compute>
+ </radio_behaviour>
+ <value />
+ </check>
+ <check sid="CHECK17">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>604</ae>
+ <ae>873</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>22</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <fontinfo content="array">
+ <ae>Helvetica</ae>
+ <ae>18</ae>
+ <ae>plain</ae>
+ </fontinfo>
+ <radio_behaviour content="compute">
+ <cval />
+ <compute>
+ (CHECK16.value == "on") ? set("value", "off") : ""
+ </compute>
+ </radio_behaviour>
+ <value />
+ </check>
+ <field sid="FIELD47">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>41</ae>
+ <ae>917</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>770</ae>
+ <ae>23</ae>
+ </ae>
+ </itemlocation>
+ <Format content="array">
+ <ae>string</ae>
+ <ae content="compute">
+ <cval>optional</cval>
+ <compute>
+ (CHECK17.value == "on") ? "mandatory" : "optional"
+ </compute>
+ </ae>
+ </Format>
+ <editstate content="compute">
+ <cval>readonly</cval>
+ <compute>
+ (CHECK17.value == "on") ? "readwrite" : "readonly"
+ </compute>
+ </editstate>
+ <borderwidth>0</borderwidth>
+ <scrollhoriz>wordwrap</scrollhoriz>
+ <scrollvert>fixed</scrollvert>
+ <value />
+ </field>
+ <button sid="BUTTON2">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>132</ae>
+ <ae>939</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>466</ae>
+ <ae>27</ae>
+ </ae>
+ </itemlocation>
+ <type>signature</type>
+ <signature>SIGNATURE2</signature>
+ <signer />
+ <format content="array">
+ <ae>string</ae>
+ <ae>mandatory</ae>
+ </format>
+ <signoptions content="array">
+ <ae>omit</ae>
+ <ae>triggeritem</ae>
+ </signoptions>
+ <fontinfo content="array">
+ <ae>Times</ae>
+ <ae>8</ae>
+ <ae>bold</ae>
+ </fontinfo>
+ <value content="compute">
+ <cval />
+ <compute>
+ signer
+ </compute>
+ </value>
+ <borderwidth>0</borderwidth>
+ </button>
+ <field sid="FIELD48">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>656</ae>
+ <ae>940</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>155</ae>
+ <ae>27</ae>
+ </ae>
+ </itemlocation>
+ <borderwidth>0</borderwidth>
+ <editstate>readonly</editstate>
+ <value content="compute">
+ <cval />
+ <compute>
+ (BUTTON2.value != "") ? "*" : ""
+ </compute>
+ </value>
+ <format content="array">
+ <ae>date</ae>
+ <ae>optional</ae>
+ <presentation>MM-DD-YY</presentation>
+ </format>
+ </field>
+ <spacer sid="vfd_spacer">
+ <itemlocation content="array">
+ <ae content="array">
+ <ae>absolute</ae>
+ <ae>960</ae>
+ <ae>1260</ae>
+ </ae>
+ <ae content="array">
+ <ae>extent</ae>
+ <ae>1</ae>
+ <ae>1</ae>
+ </ae>
+ </itemlocation>
+ </spacer>
+ </page>
+</XFDL>
diff --git a/tests/nss.supp b/tests/nss.supp
new file mode 100644
index 00000000..8287f219
--- /dev/null
+++ b/tests/nss.supp
@@ -0,0 +1,220 @@
+##----------------------------------------------------------------------##
+#
+# Errors to suppress by default with NSS
+#
+# Format of this file is:
+# {
+# name_of_suppression
+# kind: one of Param Value1 Value2 Value4 Value8
+# Free Addr1 Addr2 Addr4 Addr8
+# Cond (previously known as Value0)
+# (if Param: name of system call param, if Free: name of free-ing fn)
+# caller0 name, or /name/of/so/file.so
+# caller1 name, or ditto
+# (optionally: caller2 name)
+# (optionally: caller3 name)
+# }
+
+##----------------------------------------------------------------------##
+{
+ NSS memcmp/prng_RandomUpdate
+ Memcheck:Cond
+ fun:memcmp
+ fun:prng_RandomUpdate
+}
+
+{
+ NSS alg_fips*/prng_RandomUpdate
+ Memcheck:Cond
+ fun:alg_fips*
+ fun:prng_RandomUpdate
+}
+
+{
+ NSS sec_asn1d_parse_leaf/SEC_ASN1*
+ Memcheck:Cond
+ fun:sec_asn1d*
+ fun:SEC_ASN1*
+}
+
+{
+ NSS DES_Do1Block
+ Memcheck:Value4
+ fun:DES_Do1Block
+ fun:DES_EDE*
+}
+
+{
+ NSS *mp*
+ Memcheck:Cond
+ fun:*
+ fun:*mp_*
+}
+
+{
+ NSS *mp*
+ Memcheck:Cond
+ fun:*mp*
+ fun:*
+}
+
+{
+ NSS *mp*
+ Memcheck:Value4
+ fun:*
+ fun:*mp*
+}
+
+{
+ NSS *mp*
+ Memcheck:Value4
+ fun:*mp*
+ fun:*dsa*
+}
+
+{
+ NSS *alg_fips*
+ Memcheck:Cond
+ fun:*alg_fips*
+ fun:*
+}
+
+{
+ NSS memcmp/prng
+ Memcheck:Value4
+ fun:memcmp
+ fun:*prng*
+}
+
+{
+ NSS *alg_fips*
+ Memcheck:Value4
+ fun:*alg_fips*
+ fun:*prng*
+}
+
+{
+ NSS *DSA_Generate*
+ Memcheck:Value4
+ fun:*DSA_Generate*
+ fun:*DSA*
+}
+
+{
+ NSS *DSA_Generate*
+ Memcheck:Cond
+ fun:*DSA_Generate*
+ fun:*DSA*
+}
+
+{
+ NSS *memset/SECITEM*
+ Memcheck:Value4
+ fun:*mem*
+ fun:*SECITEM*
+}
+
+{
+ NSS *FreeArena*
+ Memcheck:Cond
+ fun:*Arena*
+ fun:*Arena*
+}
+
+{
+ NSS *memcpy/sec*
+ Memcheck:Cond
+ fun:*mem*
+ fun:*sec*
+}
+
+{
+ NSS *memcpy/sec*
+ Memcheck:Value4
+ fun:*mem*
+ fun:*sec*
+}
+
+{
+ NSS *sec*
+ Memcheck:Value4
+ fun:*sec*
+ fun:*
+}
+
+{
+ NSS *sec*
+ Memcheck:Cond
+ fun:*sec*
+ fun:*
+}
+
+
+{
+ NSS *PL_Hash*
+ Memcheck:Value4
+ fun:*PL_Hash*
+ fun:*
+}
+
+{
+ NSS *PL_Hash*
+ Memcheck:Cond
+ fun:*PL_Hash*
+ fun:*
+}
+
+{
+ NSS *SEC*
+ Memcheck:Value4
+ fun:*SEC*
+ fun:*
+}
+
+{
+ NSS *SEC*
+ Memcheck:Cond
+ fun:*SEC*
+ fun:*
+}
+
+{
+ NSS *PORT*
+ Memcheck:Value4
+ fun:*PORT*
+ fun:*
+}
+
+{
+ NSS *PORT*
+ Memcheck:Cond
+ fun:*PORT*
+ fun:*
+}
+
+{
+ NSS *DES*
+ Memcheck:Value4
+ fun:*DES*
+ fun:*
+}
+
+{
+ NSS *__GI__*
+ Addrcheck,Memcheck:Param
+ write(buf)
+ obj:*libc-2.2*so
+}
+
+{
+ NSS xmlSecBase64*
+ Memcheck:Value4
+ fun:xmlSecBase64*
+}
+
+{
+ NSS rijndael*
+ Memcheck:Value4
+ fun:rijndael*
+}
+
diff --git a/tests/nssdb/cert8.db b/tests/nssdb/cert8.db
new file mode 100644
index 00000000..ac40a332
--- /dev/null
+++ b/tests/nssdb/cert8.db
Binary files differ
diff --git a/tests/nssdb/key3.db b/tests/nssdb/key3.db
new file mode 100644
index 00000000..fcbd3e84
--- /dev/null
+++ b/tests/nssdb/key3.db
Binary files differ
diff --git a/tests/nssdb/secmod.db b/tests/nssdb/secmod.db
new file mode 100644
index 00000000..9a028078
--- /dev/null
+++ b/tests/nssdb/secmod.db
Binary files differ
diff --git a/tests/openssl.supp b/tests/openssl.supp
new file mode 100644
index 00000000..78f5b835
--- /dev/null
+++ b/tests/openssl.supp
@@ -0,0 +1,63 @@
+##----------------------------------------------------------------------##
+#
+# Errors to suppress by default with OpenSSL
+#
+# Format of this file is:
+# {
+# name_of_suppression
+# kind: one of Param Value1 Value2 Value4 Value8
+# Free Addr1 Addr2 Addr4 Addr8
+# Cond (previously known as Value0)
+# (if Param: name of system call param, if Free: name of free-ing fn)
+# caller0 name, or /name/of/so/file.so
+# caller1 name, or ditto
+# (optionally: caller2 name)
+# (optionally: caller3 name)
+# }
+
+##----------------------------------------------------------------------##
+{
+ OpenSSL BN_*(Cond)
+ Memcheck:Cond
+ fun:BN_*
+}
+
+{
+ OpenSSL BN_*(Value4)
+ Memcheck:Value4
+ fun:BN_*
+}
+
+{
+ OpenSSL bn_*(Cond)
+ Memcheck:Cond
+ fun:bn_*
+}
+
+{
+ OpenSSL bn_*(Value4)
+ Memcheck:Value4
+ fun:bn_*
+}
+
+{
+ OpenSSL AES_encrypt(Value4)
+ Memcheck:Value4
+ fun:AES_encrypt
+ fun:AES_cbc_encrypt
+}
+
+{
+ OpenSSL DES_encrypt*(Value4)
+ Memcheck:Value4
+ fun:DES_encrypt2
+ fun:DES_encrypt3
+}
+
+{
+ OpenSSL RSA_padding_add_PKCS1_type_2(Cond)
+ Memcheck:Cond
+ fun:RSA_padding_add_PKCS1_type_2
+ fun:RSA_eay_public_encrypt
+}
+
diff --git a/tests/phaos-xmldsig-three/README.txt b/tests/phaos-xmldsig-three/README.txt
new file mode 100644
index 00000000..9703fcf0
--- /dev/null
+++ b/tests/phaos-xmldsig-three/README.txt
@@ -0,0 +1,248 @@
+Sample XML Signatures Produced Using the Phaos XML Toolkit
+
+November 26, 2002
+
+
+Contents of phaos-xmldsig-three
+===============================
+
+ signature-rsa-enveloped.xml
+ ---------------------------
+ Contains an RSA enveloped signature.
+
+
+ signature-rsa-enveloping.xml
+ ----------------------------
+ Contains an RSA enveloping signature.
+
+
+ signature-rsa-detached.xml
+ --------------------------
+ Contains an RSA detached signature.
+
+
+ signature-dsa-enveloped.xml
+ ---------------------------
+ Contains a DSA enveloped signature.
+
+
+ signature-dsa-enveloping.xml
+ ----------------------------
+ Contains a DSA enveloping signature.
+
+
+ signature-dsa-detached.xml
+ --------------------------
+ Contains a DSA detached signature.
+
+
+ signature-hmac-md5-c14n-enveloping.xml
+ --------------------------------------
+ Contains an enveloping MD5 HMAC signature and uses XML Canonicalization
+ as the canonicalization method. The HMAC secret is the ASCII encoding of
+ the word "test".
+
+
+ signature-hmac-sha1-exclusive-c14n-enveloped.xml
+ ------------------------------------------------
+ Contains an enveloped SHA-1 HMAC signature and uses the Exclusive XML
+ Canonicalization canonicalization method. The HMAC secret is the ASCII
+ encoding of the word "test".
+
+
+ signature-hmac-sha1-exclusive-c14n-comments-detached.xml
+ --------------------------------------------------------
+ Contains a detached SHA-1 HMAC signature and uses the Exclusive XML
+ Canonicalization With Comments canonicalization method. The HMAC secret
+ is the ASCII encoding of the word "test".
+
+
+ signature-hmac-sha1-40-c14n-comments-detached.xml
+ -------------------------------------------------
+ Contains a detached 40-byte SHA-1 HMAC signature and uses the XML
+ Canonicalization With Comments canonicalization method. The HMAC secret is
+ the ASCII encoding of the word "test".
+
+
+ signature-hmac-sha1-40-exclusive-c14n-comments-detached.xml
+ -----------------------------------------------------------
+ Contains a detached 40 byte SHA-1 HMAC signature and uses the Exclusive
+ XML Canonicalization With Comments canonicalization method. The HMAC secret
+ is the ASCII encoding of the word "test".
+
+
+ signature-dsa-detached-manifest.xml
+ -----------------------------------
+ Contains a detached DSA signature with a manifest.
+
+
+ signature-rsa-detached-manifest.xml
+ ----------------------------------
+ Contains a detached RSA signature with a manifest.
+
+
+ signature-rsa-detached-b64-transform.xml
+ ----------------------------------------
+ Contains a detached RSA signature with a Base64 decode transform.
+
+
+ signature-rsa-detached-xpath-transform.xml
+ ------------------------------------------
+ Contains a detached RSA signature with an XPath transform.
+
+
+ signature-rsa-xpath-transform-enveloped.xml
+ ------------------------------------------
+ Contains an RSA signature with an XPath transform that produces the
+ same result as the enveloped signature algorithm.
+
+
+ signature-rsa-detached-xslt-transform.xml
+ ------------------------------------------
+ Contains a detached RSA signature with an XSLT transformation.
+
+
+ signature-rsa-detached-x509-data.xml
+ ------------------------------------
+ Contains a detached RSA signature with several X509Data subelements.
+
+
+ signature-rsa-detached-x509-data-subject-name.xml
+ ------------------------------------
+ Contains a detached RSA signature with an X509SubjectName that
+ references the subject name of the certificate stored in
+ certs/rsa-client-cert.der.
+
+
+ signature-rsa-detached-x509-data-issuer-serial.xml
+ ------------------------------------
+ Contains a detached RSA signature with an X509IssuerSerial that
+ references the issuer and serial number of the certificate stored in
+ certs/rsa-client-cert.der.
+
+
+ signature-rsa-detached-x509-data-ski.xml
+ ------------------------------------
+ Contains a detached RSA signature with an X509SKI that
+ references the Subject Key Identifier of the certificate stored in
+ certs/rsa-client-cert.der.
+
+
+ signature-rsa-detached-x509-data-client-cert.xml
+ ------------------------------------
+ Contains a detached RSA signature with an X509Certificate that
+ represents the certificate stored in certs/rsa-client-cert.der.
+
+
+ signature-rsa-detached-x509-data-cert-chain.xml
+ ------------------------------------
+ Contains a detached RSA signature with two X509Certificate
+ elements that represent the certificates stored in
+ certs/rsa-client-cert.der and certs/rsa-ca-cert.der.
+
+
+ signature-rsa-detached-xslt-transform-retrieval-method.xml
+ ------------------------------------
+ Contains a detached RSA signature with an XSLT transform and a KeyInfo
+ element that refers to an external X.509 certificate. The certificate
+ is located in certs/rsa-client-cert.der.
+
+
+ signature-big.xml
+ -----------------
+ Contains a larger detached RSA signature that contains a manifest and many
+ references that test various transformation algorithms, URI reference syntax
+ formats, etc. The KeyInfo contains a KeyName whose value is the subject
+ name of the certificate stored in certs/rsa-client-cert.der.
+
+
+ signature-rsa-detached-xslt-transform-bad-retrieval-method.xml
+ ---------------------------------------------------------------
+ Contains a detached RSA signature with an XSLT transform and a KeyInfo
+ element that refers to an INCORRECT external X.509 certificate. (The correct
+ X.509 certificate is located in certs/rsa-client-cert.der.) Verification
+ should FAIL.
+
+
+ signature-rsa-enveloped-bad-digest-val.xml
+ ------------------------------------------
+ Contains an enveloped RSA signature that contains a reference with an INCORRECT
+ digest value. Verification should FAIL.
+
+
+ signature-rsa-enveloped-bad-sig.xml
+ -----------------------------------
+ Contains an enveloped RSA signature that contains a reference that was added
+ after the signature value was computed. Verification should FAIL.
+
+
+ document.xml
+ ------------
+ An XML document that is referenced by some of the signature examples.
+
+
+ document-stylesheet.xml
+ -----------------------
+ The same as document.xml with the addition of an xsl-stylesheet processing
+ instruction.
+
+
+ document.xsl
+ ------------
+ An XSL stylesheet referenced by several of the signature examples and
+ document-stylesheet.xml.
+
+
+ document.b64
+ ------------
+ A Base64 encoded XML document.
+
+
+ README.txt
+ ----------
+ This file.
+
+
+
+Contents of phaos-xmldsig-three/certs
+=====================================
+
+ rsa-cert.der
+ ------------
+ An RSA end entity certificate issued by the CA certificate contained in
+ rsa-ca-cert.der.
+
+ enc-rsa-key.der
+ ---------------
+ The RSA private key that matches rsa-cert.der, password-encrypted using
+ the PKCS#8 format. The password is "test".
+
+ dsa-cert.der
+ ------------
+ An DSA end entity certificate issued by the CA certificate contained in
+ dsa-ca-cert.der.
+
+ enc-dsa-key.der
+ ---------------
+ The DSA private key that matches dsa-cert.der, password-encrypted using
+ the PKCS#8 format. The password is "test".
+
+ rsa-ca-cert.der
+ ---------------
+ An RSA self-signed CA certificate.
+
+ dsa-ca-cert.der
+ ---------------
+ A DSA self-signed CA certificate.
+
+ crl.der
+ -------
+ A sample CRL that revokes rsa-cert.der.
+
+
+
+Joe Morgan
+Software Engineer
+Phaos Technology
+jmorgan@phaos.com
+http://www.phaos.com/
diff --git a/tests/phaos-xmldsig-three/certs/crl.der b/tests/phaos-xmldsig-three/certs/crl.der
new file mode 100644
index 00000000..c80e2729
--- /dev/null
+++ b/tests/phaos-xmldsig-three/certs/crl.der
Binary files differ
diff --git a/tests/phaos-xmldsig-three/certs/dsa-ca-cert.der b/tests/phaos-xmldsig-three/certs/dsa-ca-cert.der
new file mode 100644
index 00000000..50d738cb
--- /dev/null
+++ b/tests/phaos-xmldsig-three/certs/dsa-ca-cert.der
Binary files differ
diff --git a/tests/phaos-xmldsig-three/certs/dsa-cert.der b/tests/phaos-xmldsig-three/certs/dsa-cert.der
new file mode 100644
index 00000000..461dbf02
--- /dev/null
+++ b/tests/phaos-xmldsig-three/certs/dsa-cert.der
Binary files differ
diff --git a/tests/phaos-xmldsig-three/certs/enc-dsa-key.der b/tests/phaos-xmldsig-three/certs/enc-dsa-key.der
new file mode 100644
index 00000000..3cfb02a0
--- /dev/null
+++ b/tests/phaos-xmldsig-three/certs/enc-dsa-key.der
Binary files differ
diff --git a/tests/phaos-xmldsig-three/certs/enc-rsa-key.der b/tests/phaos-xmldsig-three/certs/enc-rsa-key.der
new file mode 100644
index 00000000..0715b172
--- /dev/null
+++ b/tests/phaos-xmldsig-three/certs/enc-rsa-key.der
Binary files differ
diff --git a/tests/phaos-xmldsig-three/certs/hmackey.bin b/tests/phaos-xmldsig-three/certs/hmackey.bin
new file mode 100644
index 00000000..30d74d25
--- /dev/null
+++ b/tests/phaos-xmldsig-three/certs/hmackey.bin
@@ -0,0 +1 @@
+test \ No newline at end of file
diff --git a/tests/phaos-xmldsig-three/certs/rsa-ca-cert.der b/tests/phaos-xmldsig-three/certs/rsa-ca-cert.der
new file mode 100644
index 00000000..7bd9a2ca
--- /dev/null
+++ b/tests/phaos-xmldsig-three/certs/rsa-ca-cert.der
Binary files differ
diff --git a/tests/phaos-xmldsig-three/certs/rsa-cert.der b/tests/phaos-xmldsig-three/certs/rsa-cert.der
new file mode 100644
index 00000000..a6c6e5f4
--- /dev/null
+++ b/tests/phaos-xmldsig-three/certs/rsa-cert.der
Binary files differ
diff --git a/tests/phaos-xmldsig-three/document-stylesheet.xml b/tests/phaos-xmldsig-three/document-stylesheet.xml
new file mode 100644
index 00000000..8f86944f
--- /dev/null
+++ b/tests/phaos-xmldsig-three/document-stylesheet.xml
@@ -0,0 +1,7 @@
+<?xml-stylesheet type="text/xsl" href="document.xsl"?>
+<player id="10012" bats="left" throws="right">
+ <!-- Here's a comment -->
+ <name>Alfonso Soriano</name>
+ <position>2B</position>
+ <team>New York Yankees</team>
+</player>
diff --git a/tests/phaos-xmldsig-three/document.b64 b/tests/phaos-xmldsig-three/document.b64
new file mode 100644
index 00000000..79649816
--- /dev/null
+++ b/tests/phaos-xmldsig-three/document.b64
@@ -0,0 +1,4 @@
+PHBsYXllciBpZD0iMTAwMTIiIGJhdHM9ImxlZnQiIHRocm93cz0icmlnaHQiPg0K
+CTwhLS0gSGVyZSdzIGEgY29tbWVudCAtLT4NCgk8bmFtZT5BbGZvbnNvIFNvcmlh
+bm88L25hbWU+DQoJPHBvc2l0aW9uPjJCPC9wb3NpdGlvbj4NCgk8dGVhbT5OZXcg
+WW9yayBZYW5rZWVzPC90ZWFtPg0KPC9wbGF5ZXI+DQo=
diff --git a/tests/phaos-xmldsig-three/document.xml b/tests/phaos-xmldsig-three/document.xml
new file mode 100644
index 00000000..2421be1c
--- /dev/null
+++ b/tests/phaos-xmldsig-three/document.xml
@@ -0,0 +1,6 @@
+<player id="10012" bats="left" throws="right">
+ <!-- Here's a comment -->
+ <name>Alfonso Soriano</name>
+ <position>2B</position>
+ <team>New York Yankees</team>
+</player>
diff --git a/tests/phaos-xmldsig-three/document.xsl b/tests/phaos-xmldsig-three/document.xsl
new file mode 100644
index 00000000..7c3cd854
--- /dev/null
+++ b/tests/phaos-xmldsig-three/document.xsl
@@ -0,0 +1,45 @@
+
+<xsl:stylesheet version="1.0"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/TR/xhtml1/strict" >
+
+<xsl:strip-space elements="player name position team"/>
+<xsl:output
+ method="xml"
+ indent="no"
+ encoding="iso-8859-1"
+/>
+
+<xsl:template match="player">
+ <html>
+ <head>
+ <title>
+ <xsl:value-of select="name"/>
+ </title>
+ </head>
+ <body>
+ <xsl:apply-templates/>
+ </body>
+ </html>
+</xsl:template>
+
+<xsl:template match="player/name">
+ <h1>
+ <xsl:apply-templates/>
+ </h1>
+</xsl:template>
+
+<xsl:template match="player/position">
+ <h2>
+ <xsl:apply-templates/>
+ </h2>
+</xsl:template>
+
+<xsl:template match="player/team">
+ <h3>
+ <xsl:apply-templates/>
+ </h3>
+</xsl:template>
+
+
+
+</xsl:stylesheet>
diff --git a/tests/phaos-xmldsig-three/signature-big.xml b/tests/phaos-xmldsig-three/signature-big.xml
new file mode 100644
index 00000000..ff572d15
--- /dev/null
+++ b/tests/phaos-xmldsig-three/signature-big.xml
@@ -0,0 +1,39 @@
+<dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-0" URI="document.xml"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>5KcCsBlhsIP4iMmHcaU2dXJPU8k=</dsig:DigestValue></dsig:Reference><dsig:Reference Id="reference-b64" URI="document.b64"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#base64"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>5KcCsBlhsIP4iMmHcaU2dXJPU8k=</dsig:DigestValue></dsig:Reference><dsig:Reference Id="reference-xslt" URI="document-stylesheet.xml"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns="http://www.w3.org/TR/xhtml1/strict" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+
+<xsl:strip-space elements="player name position team"/>
+<xsl:output encoding="iso-8859-1" indent="no" method="xml"/>
+
+<xsl:template match="player">
+ <html>
+ <head>
+ <title>
+ <xsl:value-of select="name"/>
+ </title>
+ </head>
+ <body>
+ <xsl:apply-templates/>
+ </body>
+ </html>
+</xsl:template>
+
+<xsl:template match="player/name">
+ <h1>
+ <xsl:apply-templates/>
+ </h1>
+</xsl:template>
+
+<xsl:template match="player/position">
+ <h2>
+ <xsl:apply-templates/>
+ </h2>
+</xsl:template>
+
+<xsl:template match="player/team">
+ <h3>
+ <xsl:apply-templates/>
+ </h3>
+</xsl:template>
+
+
+
+</xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>2HiTcKdfZ9O83wthUFP8ISRdRXQ=</dsig:DigestValue></dsig:Reference><dsig:Reference Id="reference-xpath" URI="document.xml"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">@*</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>TReY52bmpNnv+3gET3YhgJXTImk=</dsig:DigestValue></dsig:Reference><dsig:Reference Id="reference-manifest" Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="#manifest-0"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>Zk5dsGelTgg61hMSPfKYRRYZvr8=</dsig:DigestValue></dsig:Reference><dsig:Reference Id="reference-object-0" Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#object-0"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>BGhr3V/fMiTscUgZVMEMmeQvQpI=</dsig:DigestValue></dsig:Reference><dsig:Reference Id="reference-key-info" URI="#key-info"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>k08/9AdPEuZyBRJhHKyjH1px3IQ=</dsig:DigestValue></dsig:Reference><dsig:Reference Id="reference-key-name" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath xmlns:ds="http://www.w3.org/2000/09/xmldsig#">ancestor-or-self::ds:KeyName</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>4ehoLl+KxYvqlwPGRaPcpxprLeA=</dsig:DigestValue></dsig:Reference><dsig:Reference Id="reference-xpointer-0" URI="#xpointer(id('reference-b64'))"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>CBCjDfHcpu7cWHr6zD0y/Y62fso=</dsig:DigestValue></dsig:Reference><dsig:Reference Id="reference-xpointer-1" URI="#xpointer(id('reference-object-0'))"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>RwemIyLY5WSPgXA3OZiZLhGCyTo=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>EUqZ5jMNvD/dHHi90X//yL7r7t6WpyY0fChIAaUPPXsbDHeNgzfsDe8AZYYD6klroeYJRuHXHtY1PdB5b9+XfwO3oduznLYVN3bmeLMvdYMWlw4SGYtbvyNZtovgA8qcEAQ29sQ+aA9pvCQgSKpTJF8DuYv6fKlktZtPyYh7HRk=</dsig:SignatureValue><dsig:KeyInfo Id="key-info"><dsig:KeyName>CN=Test Client (RSA),OU=Engineering,O=Phaos Technology,L=New York,ST=New York,C=US</dsig:KeyName></dsig:KeyInfo><dsig:Object Id="object-0"><dsig:Manifest Id="manifest-0"><dsig:Reference Id="reference-raw-x509-cert" Type="http://www.w3.org/2000/09/xmldsig#rawX509Certificate" URI="certs/rsa-cert.der"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>RtIlTB3BmyCRFTr7sRtOyPni0Ig=</dsig:DigestValue></dsig:Reference><dsig:Reference Id="reference-rfc3161" URI="http://www.ietf.org/rfc/rfc3161.txt"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>eT5ZU9fkIwQ9b9XAYq+iIYnj0DQ=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature> \ No newline at end of file
diff --git a/tests/phaos-xmldsig-three/signature-dsa-detached.xml b/tests/phaos-xmldsig-three/signature-dsa-detached.xml
new file mode 100644
index 00000000..81a394bf
--- /dev/null
+++ b/tests/phaos-xmldsig-three/signature-dsa-detached.xml
@@ -0,0 +1 @@
+<dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/><dsig:Reference URI="http://www.ietf.org/rfc/rfc3161.txt"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>eT5ZU9fkIwQ9b9XAYq+iIYnj0DQ=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>IEYfZwI0+/wn9rTbJdXaIVAvjJN1vvmDDbw4X4GY1Row9OMyiI7VqA==</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDjzCCA02gAwIBAgIDHoSBMAkGByqGSM44BAMwfDELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQHEwhOZXcgWW9yazEZMBcGA1UEChMQUGhhb3MgVGVjaG5vbG9neTEUMBIGA1UECxMLRW5naW5lZXJpbmcxFjAUBgNVBAMTDVRlc3QgQ0EgKERTQSkwHhcNMDIwNDI5MTkxNzUyWhcNMTIwNDI2MTkxNzUyWjCBgDELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQHEwhOZXcgWW9yazEZMBcGA1UEChMQUGhhb3MgVGVjaG5vbG9neTEUMBIGA1UECxMLRW5naW5lZXJpbmcxGjAYBgNVBAMTEVRlc3QgQ2xpZW50IChEU0EpMIIBtjCCASsGByqGSM44BAEwggEeAoGBAOZZarV6NhtYOtSfFhbD9NFPXJec+3ps5Mak63uAvKVf6nU/GEZG8a7xyuwXOwV3ce2m3D+OvONg3BGdO7u3rAs5VfY84kE1rIo/XepfDa2vUUTKs9+8A8dIVD0X5lh3hFRR6UJIFJS9ZWov1I7N+n24iJ11qEd31kJ+vr46j+UvAhUAvSPQz7ak24nBo5gwSMfEXkvEblcCgYAJTKoCgSREekqtuZWcDy3e+RIQzwaTeoeZM26fFV2YFVqK2o+d/oPtJfEtFA2+4nz4EAjvRT/6K7kRSScT5DO8fZs8/0H2leX2U0FXzzDOMIL4zeRAPb4GOmz410mROOGskzKCLwo8YINuZ9Kp/4XX6cEikMiArNbFuFQwd31V8gOBhAACgYAktkcKG0v06OFikPa1Wk3j5Sun0/RH/WOaRADe9jJxJ/oYO0YPIRKMK5aXawfgTAi3fImSE3gI/AaCuuSrwfVL5TtfvqdMRqhsCYSWcGsF4Xq5q1HDCYK9WbgMIqzVck143VCWxsuKR/1omC7OOPy6fPJhlF2MxyCOEu1WN5gALaNbMFkwDAYDVR0TAQH/BAIwADAPBgNVHQ8BAf8EBQMDB9gAMBkGA1UdEQQSMBCBDnRlY2hAcGhhb3MuY29tMB0GA1UdDgQWBBRsW9jwXGyEQfGGTp1+6fy5Alr2qDAJBgcqhkjOOAQDAzEAMC4CFQCLHnvOkvMdxjw3sSYgdljtiEGPTAIVALEZRsqT2ldGoOE3dUgY3LEWenhN</dsig:X509Certificate><dsig:X509IssuerSerial><dsig:X509IssuerName>CN=Test CA (DSA),OU=Engineering,O=Phaos Technology,L=New York,ST=New York,C=US</dsig:X509IssuerName><dsig:X509SerialNumber>2000001</dsig:X509SerialNumber></dsig:X509IssuerSerial><dsig:X509SubjectName>CN=Test Client (DSA),OU=Engineering,O=Phaos Technology,L=New York,ST=New York,C=US</dsig:X509SubjectName><dsig:X509SKI>bFvY8FxshEHxhk6dfun8uQJa9qg=</dsig:X509SKI></dsig:X509Data></dsig:KeyInfo></dsig:Signature> \ No newline at end of file
diff --git a/tests/phaos-xmldsig-three/signature-dsa-enveloped.xml b/tests/phaos-xmldsig-three/signature-dsa-enveloped.xml
new file mode 100644
index 00000000..9bc8bf23
--- /dev/null
+++ b/tests/phaos-xmldsig-three/signature-dsa-enveloped.xml
@@ -0,0 +1,6 @@
+<player bats="left" id="10012" throws="right">
+ <!-- Here's a comment -->
+ <name>Alfonso Soriano</name>
+ <position>2B</position>
+ <team>New York Yankees</team>
+<dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>nDF2V/bzRd0VE3EwShWtsBzTEDc=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>Hmt1KjwoXdyyroB+KfcoUEaM5NcXhwB2CbIblJHwTxek1bF1ZMqvig==</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDjzCCA02gAwIBAgIDHoSBMAkGByqGSM44BAMwfDELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQHEwhOZXcgWW9yazEZMBcGA1UEChMQUGhhb3MgVGVjaG5vbG9neTEUMBIGA1UECxMLRW5naW5lZXJpbmcxFjAUBgNVBAMTDVRlc3QgQ0EgKERTQSkwHhcNMDIwNDI5MTkxNzUyWhcNMTIwNDI2MTkxNzUyWjCBgDELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQHEwhOZXcgWW9yazEZMBcGA1UEChMQUGhhb3MgVGVjaG5vbG9neTEUMBIGA1UECxMLRW5naW5lZXJpbmcxGjAYBgNVBAMTEVRlc3QgQ2xpZW50IChEU0EpMIIBtjCCASsGByqGSM44BAEwggEeAoGBAOZZarV6NhtYOtSfFhbD9NFPXJec+3ps5Mak63uAvKVf6nU/GEZG8a7xyuwXOwV3ce2m3D+OvONg3BGdO7u3rAs5VfY84kE1rIo/XepfDa2vUUTKs9+8A8dIVD0X5lh3hFRR6UJIFJS9ZWov1I7N+n24iJ11qEd31kJ+vr46j+UvAhUAvSPQz7ak24nBo5gwSMfEXkvEblcCgYAJTKoCgSREekqtuZWcDy3e+RIQzwaTeoeZM26fFV2YFVqK2o+d/oPtJfEtFA2+4nz4EAjvRT/6K7kRSScT5DO8fZs8/0H2leX2U0FXzzDOMIL4zeRAPb4GOmz410mROOGskzKCLwo8YINuZ9Kp/4XX6cEikMiArNbFuFQwd31V8gOBhAACgYAktkcKG0v06OFikPa1Wk3j5Sun0/RH/WOaRADe9jJxJ/oYO0YPIRKMK5aXawfgTAi3fImSE3gI/AaCuuSrwfVL5TtfvqdMRqhsCYSWcGsF4Xq5q1HDCYK9WbgMIqzVck143VCWxsuKR/1omC7OOPy6fPJhlF2MxyCOEu1WN5gALaNbMFkwDAYDVR0TAQH/BAIwADAPBgNVHQ8BAf8EBQMDB9gAMBkGA1UdEQQSMBCBDnRlY2hAcGhhb3MuY29tMB0GA1UdDgQWBBRsW9jwXGyEQfGGTp1+6fy5Alr2qDAJBgcqhkjOOAQDAzEAMC4CFQCLHnvOkvMdxjw3sSYgdljtiEGPTAIVALEZRsqT2ldGoOE3dUgY3LEWenhN</dsig:X509Certificate><dsig:X509IssuerSerial><dsig:X509IssuerName>CN=Test CA (DSA),OU=Engineering,O=Phaos Technology,L=New York,ST=New York,C=US</dsig:X509IssuerName><dsig:X509SerialNumber>2000001</dsig:X509SerialNumber></dsig:X509IssuerSerial><dsig:X509SubjectName>CN=Test Client (DSA),OU=Engineering,O=Phaos Technology,L=New York,ST=New York,C=US</dsig:X509SubjectName><dsig:X509SKI>bFvY8FxshEHxhk6dfun8uQJa9qg=</dsig:X509SKI></dsig:X509Data></dsig:KeyInfo></dsig:Signature></player> \ No newline at end of file
diff --git a/tests/phaos-xmldsig-three/signature-dsa-enveloping.xml b/tests/phaos-xmldsig-three/signature-dsa-enveloping.xml
new file mode 100644
index 00000000..20e40fcf
--- /dev/null
+++ b/tests/phaos-xmldsig-three/signature-dsa-enveloping.xml
@@ -0,0 +1,6 @@
+<dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#DSig.Object_FXUsJKYcZCtVFl80BxBacw22"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>rXdK89trp685VfNWmSyYrLGP+5Y=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>iqsxSGtOON/M37ZczTO5EZXQrNQSO0pIPQlLysCmfOLqAoHi2MBwvA==</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIDjzCCA02gAwIBAgIDHoSBMAkGByqGSM44BAMwfDELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQHEwhOZXcgWW9yazEZMBcGA1UEChMQUGhhb3MgVGVjaG5vbG9neTEUMBIGA1UECxMLRW5naW5lZXJpbmcxFjAUBgNVBAMTDVRlc3QgQ0EgKERTQSkwHhcNMDIwNDI5MTkxNzUyWhcNMTIwNDI2MTkxNzUyWjCBgDELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQHEwhOZXcgWW9yazEZMBcGA1UEChMQUGhhb3MgVGVjaG5vbG9neTEUMBIGA1UECxMLRW5naW5lZXJpbmcxGjAYBgNVBAMTEVRlc3QgQ2xpZW50IChEU0EpMIIBtjCCASsGByqGSM44BAEwggEeAoGBAOZZarV6NhtYOtSfFhbD9NFPXJec+3ps5Mak63uAvKVf6nU/GEZG8a7xyuwXOwV3ce2m3D+OvONg3BGdO7u3rAs5VfY84kE1rIo/XepfDa2vUUTKs9+8A8dIVD0X5lh3hFRR6UJIFJS9ZWov1I7N+n24iJ11qEd31kJ+vr46j+UvAhUAvSPQz7ak24nBo5gwSMfEXkvEblcCgYAJTKoCgSREekqtuZWcDy3e+RIQzwaTeoeZM26fFV2YFVqK2o+d/oPtJfEtFA2+4nz4EAjvRT/6K7kRSScT5DO8fZs8/0H2leX2U0FXzzDOMIL4zeRAPb4GOmz410mROOGskzKCLwo8YINuZ9Kp/4XX6cEikMiArNbFuFQwd31V8gOBhAACgYAktkcKG0v06OFikPa1Wk3j5Sun0/RH/WOaRADe9jJxJ/oYO0YPIRKMK5aXawfgTAi3fImSE3gI/AaCuuSrwfVL5TtfvqdMRqhsCYSWcGsF4Xq5q1HDCYK9WbgMIqzVck143VCWxsuKR/1omC7OOPy6fPJhlF2MxyCOEu1WN5gALaNbMFkwDAYDVR0TAQH/BAIwADAPBgNVHQ8BAf8EBQMDB9gAMBkGA1UdEQQSMBCBDnRlY2hAcGhhb3MuY29tMB0GA1UdDgQWBBRsW9jwXGyEQfGGTp1+6fy5Alr2qDAJBgcqhkjOOAQDAzEAMC4CFQCLHnvOkvMdxjw3sSYgdljtiEGPTAIVALEZRsqT2ldGoOE3dUgY3LEWenhN</dsig:X509Certificate><dsig:X509IssuerSerial><dsig:X509IssuerName>CN=Test CA (DSA),OU=Engineering,O=Phaos Technology,L=New York,ST=New York,C=US</dsig:X509IssuerName><dsig:X509SerialNumber>2000001</dsig:X509SerialNumber></dsig:X509IssuerSerial><dsig:X509SubjectName>CN=Test Client (DSA),OU=Engineering,O=Phaos Technology,L=New York,ST=New York,C=US</dsig:X509SubjectName><dsig:X509SKI>bFvY8FxshEHxhk6dfun8uQJa9qg=</dsig:X509SKI></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="DSig.Object_FXUsJKYcZCtVFl80BxBacw22" MimeType="text/xml"><player bats="left" id="10012" throws="right">
+ <!-- Here's a comment -->
+ <name>Alfonso Soriano</name>
+ <position>2B</position>
+ <team>New York Yankees</team>
+</player></dsig:Object></dsig:Signature> \ No newline at end of file
diff --git a/tests/phaos-xmldsig-three/signature-dsa-manifest.xml b/tests/phaos-xmldsig-three/signature-dsa-manifest.xml
new file mode 100644
index 00000000..291d949a
--- /dev/null
+++ b/tests/phaos-xmldsig-three/signature-dsa-manifest.xml
@@ -0,0 +1 @@
+<dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/><dsig:Reference Id="reference-manifest" Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="#manifest"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>NIYWGr1CiWC02cfck47Xf/UM9AA=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>k0jMfEzvBG2Uh9H0MCqLn3OqkFVUwKIyl6VWlQbk91JzDgzMhtEyrg==</dsig:SignatureValue><dsig:KeyInfo><dsig:KeyValue><dsig:DSAKeyValue><dsig:P>5llqtXo2G1g61J8WFsP00U9cl5z7emzkxqTre4C8pV/qdT8YRkbxrvHK7Bc7BXdx7abcP46842DcEZ07u7esCzlV9jziQTWsij9d6l8Nra9RRMqz37wDx0hUPRfmWHeEVFHpQkgUlL1lai/Ujs36fbiInXWoR3fWQn6+vjqP5S8=</dsig:P><dsig:Q>vSPQz7ak24nBo5gwSMfEXkvEblc=</dsig:Q><dsig:G>CUyqAoEkRHpKrbmVnA8t3vkSEM8Gk3qHmTNunxVdmBVaitqPnf6D7SXxLRQNvuJ8+BAI70U/+iu5EUknE+QzvH2bPP9B9pXl9lNBV88wzjCC+M3kQD2+Bjps+NdJkTjhrJMygi8KPGCDbmfSqf+F1+nBIpDIgKzWxbhUMHd9VfI=</dsig:G><dsig:Y>JLZHChtL9OjhYpD2tVpN4+Urp9P0R/1jmkQA3vYycSf6GDtGDyESjCuWl2sH4EwIt3yJkhN4CPwGgrrkq8H1S+U7X76nTEaobAmElnBrBeF6uatRwwmCvVm4DCKs1XJNeN1QlsbLikf9aJguzjj8unzyYZRdjMcgjhLtVjeYAC0=</dsig:Y><dsig:J>ATfG1k4XSpDlWczkblMTpUkvazbCh6NH0ImOzLyjXlhRpihqtb/HBaCGWs3JzAiafW75tk57/9+vj6drV/vl44l14K5piP7VnDSADNCkBq9gCN/wM3u8w7cb8gpgTqC68I2yHzVVh4umjOrrgg==</dsig:J></dsig:DSAKeyValue></dsig:KeyValue></dsig:KeyInfo><dsig:Object><dsig:Manifest Id="manifest"><dsig:Reference Id="reference-0" URI="document.xml"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>5KcCsBlhsIP4iMmHcaU2dXJPU8k=</dsig:DigestValue></dsig:Reference><dsig:Reference Id="reference-1" URI="http://www.ietf.org/rfc/rfc3161.txt"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>eT5ZU9fkIwQ9b9XAYq+iIYnj0DQ=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature> \ No newline at end of file
diff --git a/tests/phaos-xmldsig-three/signature-hmac-md5-c14n-enveloping.xml b/tests/phaos-xmldsig-three/signature-hmac-md5-c14n-enveloping.xml
new file mode 100644
index 00000000..f7a1f1f1
--- /dev/null
+++ b/tests/phaos-xmldsig-three/signature-hmac-md5-c14n-enveloping.xml
@@ -0,0 +1,6 @@
+<dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-md5"/><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#object-paOGfpowMpVEz7RkFL6iWA22"><dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#md5"/><dsig:DigestValue>tQ7wVagV/v8GTSZnYYYw3g==</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>BsR9wW+N76Dg+QYMpwN5kA==</dsig:SignatureValue><dsig:Object Id="object-paOGfpowMpVEz7RkFL6iWA22" MimeType="text/xml"><player bats="left" id="10012" throws="right">
+ <!-- Here's a comment -->
+ <name>Alfonso Soriano</name>
+ <position>2B</position>
+ <team>New York Yankees</team>
+</player></dsig:Object></dsig:Signature> \ No newline at end of file
diff --git a/tests/phaos-xmldsig-three/signature-hmac-sha1-40-c14n-comments-detached.xml b/tests/phaos-xmldsig-three/signature-hmac-sha1-40-c14n-comments-detached.xml
new file mode 100644
index 00000000..5427ba38
--- /dev/null
+++ b/tests/phaos-xmldsig-three/signature-hmac-sha1-40-c14n-comments-detached.xml
@@ -0,0 +1 @@
+<dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"><dsig:HMACOutputLength>80</dsig:HMACOutputLength></dsig:SignatureMethod><dsig:Reference URI="http://www.ietf.org/rfc/rfc3161.txt"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>eT5ZU9fkIwQ9b9XAYq+iIYnj0DQ=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>e/Cz41h/IJocTg==</dsig:SignatureValue></dsig:Signature> \ No newline at end of file
diff --git a/tests/phaos-xmldsig-three/signature-hmac-sha1-40-exclusive-c14n-comments-detached.xml b/tests/phaos-xmldsig-three/signature-hmac-sha1-40-exclusive-c14n-comments-detached.xml
new file mode 100644
index 00000000..8a9fabfc
--- /dev/null
+++ b/tests/phaos-xmldsig-three/signature-hmac-sha1-40-exclusive-c14n-comments-detached.xml
@@ -0,0 +1 @@
+<dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"><dsig:HMACOutputLength>80</dsig:HMACOutputLength></dsig:SignatureMethod><dsig:Reference URI="http://www.ietf.org/rfc/rfc3161.txt"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>eT5ZU9fkIwQ9b9XAYq+iIYnj0DQ=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>iuQK6TvAjMciIw==</dsig:SignatureValue></dsig:Signature> \ No newline at end of file
diff --git a/tests/phaos-xmldsig-three/signature-hmac-sha1-exclusive-c14n-comments-detached.xml b/tests/phaos-xmldsig-three/signature-hmac-sha1-exclusive-c14n-comments-detached.xml
new file mode 100644
index 00000000..05238c71
--- /dev/null
+++ b/tests/phaos-xmldsig-three/signature-hmac-sha1-exclusive-c14n-comments-detached.xml
@@ -0,0 +1 @@
+<dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/><dsig:Reference URI="http://www.ietf.org/rfc/rfc3161.txt"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>eT5ZU9fkIwQ9b9XAYq+iIYnj0DQ=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>kF7hLqyaxP0KeS7N3VereUYo3XE=</dsig:SignatureValue></dsig:Signature> \ No newline at end of file
diff --git a/tests/phaos-xmldsig-three/signature-hmac-sha1-exclusive-c14n-enveloped.xml b/tests/phaos-xmldsig-three/signature-hmac-sha1-exclusive-c14n-enveloped.xml
new file mode 100644
index 00000000..0ad5e852
--- /dev/null
+++ b/tests/phaos-xmldsig-three/signature-hmac-sha1-exclusive-c14n-enveloped.xml
@@ -0,0 +1,6 @@
+<player bats="left" id="10012" throws="right">
+ <!-- Here's a comment -->
+ <name>Alfonso Soriano</name>
+ <position>2B</position>
+ <team>New York Yankees</team>
+<dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>nDF2V/bzRd0VE3EwShWtsBzTEDc=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>KOKmDJ7emm1ESMBujg88B8g/Rd8=</dsig:SignatureValue></dsig:Signature></player> \ No newline at end of file
diff --git a/tests/phaos-xmldsig-three/signature-rsa-detached-b64-transform.xml b/tests/phaos-xmldsig-three/signature-rsa-detached-b64-transform.xml
new file mode 100644
index 00000000..b744c9b6
--- /dev/null
+++ b/tests/phaos-xmldsig-three/signature-rsa-detached-b64-transform.xml
@@ -0,0 +1 @@
+<dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-manifest" Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="#manifest"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>9BGp06kfYkpbY8LXwb6YS+UJz5A=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>GbZsFzJ3pu+nmV22+gvH3DjUjw7uLQdCxr83GjtrNuBpnV3y6nqp1S5Tu7TQeRQjc7YUAXBwcq74ur4BBzqKVF3waB0zP99HH6u165g811s05lKLdw4WY3WdfA67mvDSbDCYvb6ENot7uQcEnDTyIrrsfekZTvqCX/bHwb7di34=</dsig:SignatureValue><dsig:KeyInfo><dsig:KeyValue><dsig:RSAKeyValue><dsig:Modulus>gIb6nAB9oS/AI5jIj6WymvQhRxiMlE07G4abmMliYi5zWzvaFE2tnU+RZIBgtoXcgDEIU/vsLQut7nzCn9mHxC8JEaV4D4U91j64AyZakShqJw7qjJfqUxxPL0yJv2oFiouPDjGuJ9JPi0NrsZq+yfWfM54s4b9SNkcOIVMybZU=</dsig:Modulus><dsig:Exponent>AQAB</dsig:Exponent></dsig:RSAKeyValue></dsig:KeyValue></dsig:KeyInfo><dsig:Object><dsig:Manifest Id="manifest"><dsig:Reference Id="reference-0" URI="document.b64"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#base64"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>5KcCsBlhsIP4iMmHcaU2dXJPU8k=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature> \ No newline at end of file
diff --git a/tests/phaos-xmldsig-three/signature-rsa-detached-xpath-transform.xml b/tests/phaos-xmldsig-three/signature-rsa-detached-xpath-transform.xml
new file mode 100644
index 00000000..b9d032b2
--- /dev/null
+++ b/tests/phaos-xmldsig-three/signature-rsa-detached-xpath-transform.xml
@@ -0,0 +1 @@
+<dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-manifest" Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="#manifest"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>8EQLOiDYEmJDGDVTgNAcWNxr2Hg=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>dVvxMcQMshKcCJuEaqPf4gK2yQdZrEEflYIWKZ5vZ5Hxm2q98sifPFdbEH4+juo0wTbu2fqbY4U9pOGWbkZRerOh/iCtDU+pNqwrzXvmPhRIb9Ncwo7sRuy70j4jewNFhyku0PKbKuVmikZugWr+u3nS2f6CTsEp1/JzF4bwLA4=</dsig:SignatureValue><dsig:KeyInfo><dsig:KeyValue><dsig:RSAKeyValue><dsig:Modulus>gIb6nAB9oS/AI5jIj6WymvQhRxiMlE07G4abmMliYi5zWzvaFE2tnU+RZIBgtoXcgDEIU/vsLQut7nzCn9mHxC8JEaV4D4U91j64AyZakShqJw7qjJfqUxxPL0yJv2oFiouPDjGuJ9JPi0NrsZq+yfWfM54s4b9SNkcOIVMybZU=</dsig:Modulus><dsig:Exponent>AQAB</dsig:Exponent></dsig:RSAKeyValue></dsig:KeyValue></dsig:KeyInfo><dsig:Object><dsig:Manifest Id="manifest"><dsig:Reference Id="reference-0" URI="document.xml"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">@*</dsig:XPath></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>TReY52bmpNnv+3gET3YhgJXTImk=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature> \ No newline at end of file
diff --git a/tests/phaos-xmldsig-three/signature-rsa-detached-xslt-transform-bad-retrieval-method.xml b/tests/phaos-xmldsig-three/signature-rsa-detached-xslt-transform-bad-retrieval-method.xml
new file mode 100644
index 00000000..5013275e
--- /dev/null
+++ b/tests/phaos-xmldsig-three/signature-rsa-detached-xslt-transform-bad-retrieval-method.xml
@@ -0,0 +1,6 @@
+<player bats="left" id="10012" throws="right">
+ <!-- Here's a comment -->
+ <name>Alfonso Soriano</name>
+ <position>2B</position>
+ <team>New York Yankees</team>
+<dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>nDF2V/bzRd0VE3EwShWtsBzTEDc=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fbye4Xm//RPUTsLd1dwJPo0gPZYX6gVYCEB/gz2348EARNk/nCCch1fFfpuqAGMKg4ayVC0yWkUyE5V4QB33jaGlh9wuNQSjxs6TIvFwSsT+0ioDgVgFv0gVeasbyNL4rFEHuAWL8QKwDT9L6b2wUvJC90DmpBs9GMR2jTZIWlM=</dsig:SignatureValue><dsig:KeyInfo><dsig:RetrievalMethod Type="http://www.w3.org/2000/09/xmldsig#rawX509Certificate" URI="certs/dsa-ca-cert.der"/></dsig:KeyInfo></dsig:Signature></player> \ No newline at end of file
diff --git a/tests/phaos-xmldsig-three/signature-rsa-detached-xslt-transform-retrieval-method.xml b/tests/phaos-xmldsig-three/signature-rsa-detached-xslt-transform-retrieval-method.xml
new file mode 100644
index 00000000..cee62b4d
--- /dev/null
+++ b/tests/phaos-xmldsig-three/signature-rsa-detached-xslt-transform-retrieval-method.xml
@@ -0,0 +1,39 @@
+<dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-manifest" Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="#manifest"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>afPdOzRB6PgYpVX2GECgTBf8P30=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>ffXjlLiu+EuGKfMLhvhZb6m3ULwd1zJ7BBe48oHrGxGsEdQWLt18AyOYMFHlhRi0i2DPurR6jPJGKWhwD6uRM1c6Rb/eDlZ7FNeqI0Bzv8xA0QEZ1nLAVJBC4LAKZp3Ha+7hs+l9rKuCk9ZiSO1UDMppEd8zoTucqCiAKTOWMd8=</dsig:SignatureValue><dsig:KeyInfo><dsig:RetrievalMethod Type="http://www.w3.org/2000/09/xmldsig#rawX509Certificate" URI="certs/rsa-cert.der"/></dsig:KeyInfo><dsig:Object><dsig:Manifest Id="manifest"><dsig:Reference Id="reference-0" URI="document-stylesheet.xml"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns="http://www.w3.org/TR/xhtml1/strict" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+
+<xsl:strip-space elements="player name position team"/>
+<xsl:output encoding="iso-8859-1" indent="no" method="xml"/>
+
+<xsl:template match="player">
+ <html>
+ <head>
+ <title>
+ <xsl:value-of select="name"/>
+ </title>
+ </head>
+ <body>
+ <xsl:apply-templates/>
+ </body>
+ </html>
+</xsl:template>
+
+<xsl:template match="player/name">
+ <h1>
+ <xsl:apply-templates/>
+ </h1>
+</xsl:template>
+
+<xsl:template match="player/position">
+ <h2>
+ <xsl:apply-templates/>
+ </h2>
+</xsl:template>
+
+<xsl:template match="player/team">
+ <h3>
+ <xsl:apply-templates/>
+ </h3>
+</xsl:template>
+
+
+
+</xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>2HiTcKdfZ9O83wthUFP8ISRdRXQ=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature> \ No newline at end of file
diff --git a/tests/phaos-xmldsig-three/signature-rsa-detached-xslt-transform.xml b/tests/phaos-xmldsig-three/signature-rsa-detached-xslt-transform.xml
new file mode 100644
index 00000000..bcbc6ee6
--- /dev/null
+++ b/tests/phaos-xmldsig-three/signature-rsa-detached-xslt-transform.xml
@@ -0,0 +1,39 @@
+<dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-manifest" Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="#manifest"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>afPdOzRB6PgYpVX2GECgTBf8P30=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>ffXjlLiu+EuGKfMLhvhZb6m3ULwd1zJ7BBe48oHrGxGsEdQWLt18AyOYMFHlhRi0i2DPurR6jPJGKWhwD6uRM1c6Rb/eDlZ7FNeqI0Bzv8xA0QEZ1nLAVJBC4LAKZp3Ha+7hs+l9rKuCk9ZiSO1UDMppEd8zoTucqCiAKTOWMd8=</dsig:SignatureValue><dsig:KeyInfo><dsig:KeyValue><dsig:RSAKeyValue><dsig:Modulus>gIb6nAB9oS/AI5jIj6WymvQhRxiMlE07G4abmMliYi5zWzvaFE2tnU+RZIBgtoXcgDEIU/vsLQut7nzCn9mHxC8JEaV4D4U91j64AyZakShqJw7qjJfqUxxPL0yJv2oFiouPDjGuJ9JPi0NrsZq+yfWfM54s4b9SNkcOIVMybZU=</dsig:Modulus><dsig:Exponent>AQAB</dsig:Exponent></dsig:RSAKeyValue></dsig:KeyValue></dsig:KeyInfo><dsig:Object><dsig:Manifest Id="manifest"><dsig:Reference Id="reference-0" URI="document-stylesheet.xml"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns="http://www.w3.org/TR/xhtml1/strict" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+
+<xsl:strip-space elements="player name position team"/>
+<xsl:output encoding="iso-8859-1" indent="no" method="xml"/>
+
+<xsl:template match="player">
+ <html>
+ <head>
+ <title>
+ <xsl:value-of select="name"/>
+ </title>
+ </head>
+ <body>
+ <xsl:apply-templates/>
+ </body>
+ </html>
+</xsl:template>
+
+<xsl:template match="player/name">
+ <h1>
+ <xsl:apply-templates/>
+ </h1>
+</xsl:template>
+
+<xsl:template match="player/position">
+ <h2>
+ <xsl:apply-templates/>
+ </h2>
+</xsl:template>
+
+<xsl:template match="player/team">
+ <h3>
+ <xsl:apply-templates/>
+ </h3>
+</xsl:template>
+
+
+
+</xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>2HiTcKdfZ9O83wthUFP8ISRdRXQ=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature> \ No newline at end of file
diff --git a/tests/phaos-xmldsig-three/signature-rsa-detached.xml b/tests/phaos-xmldsig-three/signature-rsa-detached.xml
new file mode 100644
index 00000000..22e28f6e
--- /dev/null
+++ b/tests/phaos-xmldsig-three/signature-rsa-detached.xml
@@ -0,0 +1 @@
+<dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI="http://www.ietf.org/rfc/rfc3161.txt"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>eT5ZU9fkIwQ9b9XAYq+iIYnj0DQ=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>clDfKMq12I9JQp01RSzDcBro/+H8rTgaD9kgUCgvA8dEF55EessFUP6RC+KHZoNSJVGcnSKJa6Rtdi3mwS7b3zBo4pExiMLHgyi1UMViklX+MC75oU6tSDs3PP8r6BKmZqj0FNcjOh7wgJzey8nyv8UrTnQniSvZK62JYKz73sY=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIC0DCCAjmgAwIBAgIDD0JBMA0GCSqGSIb3DQEBBAUAMHwxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazERMA8GA1UEBxMITmV3IFlvcmsxGTAXBgNVBAoTEFBoYW9zIFRlY2hub2xvZ3kxFDASBgNVBAsTC0VuZ2luZWVyaW5nMRYwFAYDVQQDEw1UZXN0IENBIChSU0EpMB4XDTAyMDQyOTE5MTY0MFoXDTEyMDQyNjE5MTY0MFowgYAxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazERMA8GA1UEBxMITmV3IFlvcmsxGTAXBgNVBAoTEFBoYW9zIFRlY2hub2xvZ3kxFDASBgNVBAsTC0VuZ2luZWVyaW5nMRowGAYDVQQDExFUZXN0IENsaWVudCAoUlNBKTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAgIb6nAB9oS/AI5jIj6WymvQhRxiMlE07G4abmMliYi5zWzvaFE2tnU+RZIBgtoXcgDEIU/vsLQut7nzCn9mHxC8JEaV4D4U91j64AyZakShqJw7qjJfqUxxPL0yJv2oFiouPDjGuJ9JPi0NrsZq+yfWfM54s4b9SNkcOIVMybZUCAwEAAaNbMFkwDAYDVR0TAQH/BAIwADAPBgNVHQ8BAf8EBQMDB9gAMBkGA1UdEQQSMBCBDnRlY2hAcGhhb3MuY29tMB0GA1UdDgQWBBQT58rBCxPmVLeZaYGRqVROnQlFbzANBgkqhkiG9w0BAQQFAAOBgQCxbCovFST25t+ryN1RipqozxJQcguKfeCwbfgBNobzcRvoW0kSIf7zi4mtQajDM0NfslFF51/dex5Rn64HmFFshSwSvQQMyf5Cfaqv2XQ60OXq6nAFG6WbHoge6RqfIez2MWDLoSB6plsjKtMmL3mcybBhROtX5GGuLx1NtfhNFQ==</dsig:X509Certificate><dsig:X509IssuerSerial><dsig:X509IssuerName>CN=Test CA (RSA),OU=Engineering,O=Phaos Technology,L=New York,ST=New York,C=US</dsig:X509IssuerName><dsig:X509SerialNumber>1000001</dsig:X509SerialNumber></dsig:X509IssuerSerial><dsig:X509SubjectName>CN=Test Client (RSA),OU=Engineering,O=Phaos Technology,L=New York,ST=New York,C=US</dsig:X509SubjectName><dsig:X509SKI>E+fKwQsT5lS3mWmBkalUTp0JRW8=</dsig:X509SKI></dsig:X509Data></dsig:KeyInfo></dsig:Signature> \ No newline at end of file
diff --git a/tests/phaos-xmldsig-three/signature-rsa-enveloped-bad-digest-val.xml b/tests/phaos-xmldsig-three/signature-rsa-enveloped-bad-digest-val.xml
new file mode 100644
index 00000000..f9bf744a
--- /dev/null
+++ b/tests/phaos-xmldsig-three/signature-rsa-enveloped-bad-digest-val.xml
@@ -0,0 +1,6 @@
+<player bats="left" id="10012" throws="right">
+ <!-- Here's a comment -->
+ <name>Alfonso Soriano</name>
+ <position>2B</position>
+ <team>New York Yankees</team>
+<dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>nM52V/bzRd0VE3EwShWtsBzTEDc=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fbye4Xm//RPUTsLd1dwJPo0gPZYX6gVYCEB/gz2348EARNk/nCCch1fFfpuqAGMKg4ayVC0yWkUyE5V4QB33jaGlh9wuNQSjxs6TIvFwSsT+0ioDgVgFv0gVeasbyNL4rFEHuAWL8QKwDT9L6b2wUvJC90DmpBs9GMR2jTZIWlM=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIC0DCCAjmgAwIBAgIDD0JBMA0GCSqGSIb3DQEBBAUAMHwxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazERMA8GA1UEBxMITmV3IFlvcmsxGTAXBgNVBAoTEFBoYW9zIFRlY2hub2xvZ3kxFDASBgNVBAsTC0VuZ2luZWVyaW5nMRYwFAYDVQQDEw1UZXN0IENBIChSU0EpMB4XDTAyMDQyOTE5MTY0MFoXDTEyMDQyNjE5MTY0MFowgYAxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazERMA8GA1UEBxMITmV3IFlvcmsxGTAXBgNVBAoTEFBoYW9zIFRlY2hub2xvZ3kxFDASBgNVBAsTC0VuZ2luZWVyaW5nMRowGAYDVQQDExFUZXN0IENsaWVudCAoUlNBKTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAgIb6nAB9oS/AI5jIj6WymvQhRxiMlE07G4abmMliYi5zWzvaFE2tnU+RZIBgtoXcgDEIU/vsLQut7nzCn9mHxC8JEaV4D4U91j64AyZakShqJw7qjJfqUxxPL0yJv2oFiouPDjGuJ9JPi0NrsZq+yfWfM54s4b9SNkcOIVMybZUCAwEAAaNbMFkwDAYDVR0TAQH/BAIwADAPBgNVHQ8BAf8EBQMDB9gAMBkGA1UdEQQSMBCBDnRlY2hAcGhhb3MuY29tMB0GA1UdDgQWBBQT58rBCxPmVLeZaYGRqVROnQlFbzANBgkqhkiG9w0BAQQFAAOBgQCxbCovFST25t+ryN1RipqozxJQcguKfeCwbfgBNobzcRvoW0kSIf7zi4mtQajDM0NfslFF51/dex5Rn64HmFFshSwSvQQMyf5Cfaqv2XQ60OXq6nAFG6WbHoge6RqfIez2MWDLoSB6plsjKtMmL3mcybBhROtX5GGuLx1NtfhNFQ==</dsig:X509Certificate><dsig:X509IssuerSerial><dsig:X509IssuerName>CN=Test CA (RSA),OU=Engineering,O=Phaos Technology,L=New York,ST=New York,C=US</dsig:X509IssuerName><dsig:X509SerialNumber>1000001</dsig:X509SerialNumber></dsig:X509IssuerSerial><dsig:X509SubjectName>CN=Test Client (RSA),OU=Engineering,O=Phaos Technology,L=New York,ST=New York,C=US</dsig:X509SubjectName><dsig:X509SKI>E+fKwQsT5lS3mWmBkalUTp0JRW8=</dsig:X509SKI></dsig:X509Data></dsig:KeyInfo></dsig:Signature></player> \ No newline at end of file
diff --git a/tests/phaos-xmldsig-three/signature-rsa-enveloped-bad-sig.xml b/tests/phaos-xmldsig-three/signature-rsa-enveloped-bad-sig.xml
new file mode 100644
index 00000000..799795bc
--- /dev/null
+++ b/tests/phaos-xmldsig-three/signature-rsa-enveloped-bad-sig.xml
@@ -0,0 +1,6 @@
+<player bats="left" id="10012" throws="right">
+ <!-- Here's a comment -->
+ <name>Alfonso Soriano</name>
+ <position>2B</position>
+ <team>New York Yankees</team>
+<dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>nDF2V/bzRd0VE3EwShWtsBzTEDc=</dsig:DigestValue></dsig:Reference><dsig:Reference Id="ref-EZnNy6QCskkDpv7kwcMl9w22" URI=""><dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#md5"/></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fbye4Xm//RPUTsLd1dwJPo0gPZYX6gVYCEB/gz2348EARNk/nCCch1fFfpuqAGMKg4ayVC0yWkUyE5V4QB33jaGlh9wuNQSjxs6TIvFwSsT+0ioDgVgFv0gVeasbyNL4rFEHuAWL8QKwDT9L6b2wUvJC90DmpBs9GMR2jTZIWlM=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIC0DCCAjmgAwIBAgIDD0JBMA0GCSqGSIb3DQEBBAUAMHwxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazERMA8GA1UEBxMITmV3IFlvcmsxGTAXBgNVBAoTEFBoYW9zIFRlY2hub2xvZ3kxFDASBgNVBAsTC0VuZ2luZWVyaW5nMRYwFAYDVQQDEw1UZXN0IENBIChSU0EpMB4XDTAyMDQyOTE5MTY0MFoXDTEyMDQyNjE5MTY0MFowgYAxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazERMA8GA1UEBxMITmV3IFlvcmsxGTAXBgNVBAoTEFBoYW9zIFRlY2hub2xvZ3kxFDASBgNVBAsTC0VuZ2luZWVyaW5nMRowGAYDVQQDExFUZXN0IENsaWVudCAoUlNBKTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAgIb6nAB9oS/AI5jIj6WymvQhRxiMlE07G4abmMliYi5zWzvaFE2tnU+RZIBgtoXcgDEIU/vsLQut7nzCn9mHxC8JEaV4D4U91j64AyZakShqJw7qjJfqUxxPL0yJv2oFiouPDjGuJ9JPi0NrsZq+yfWfM54s4b9SNkcOIVMybZUCAwEAAaNbMFkwDAYDVR0TAQH/BAIwADAPBgNVHQ8BAf8EBQMDB9gAMBkGA1UdEQQSMBCBDnRlY2hAcGhhb3MuY29tMB0GA1UdDgQWBBQT58rBCxPmVLeZaYGRqVROnQlFbzANBgkqhkiG9w0BAQQFAAOBgQCxbCovFST25t+ryN1RipqozxJQcguKfeCwbfgBNobzcRvoW0kSIf7zi4mtQajDM0NfslFF51/dex5Rn64HmFFshSwSvQQMyf5Cfaqv2XQ60OXq6nAFG6WbHoge6RqfIez2MWDLoSB6plsjKtMmL3mcybBhROtX5GGuLx1NtfhNFQ==</dsig:X509Certificate><dsig:X509IssuerSerial><dsig:X509IssuerName>CN=Test CA (RSA),OU=Engineering,O=Phaos Technology,L=New York,ST=New York,C=US</dsig:X509IssuerName><dsig:X509SerialNumber>1000001</dsig:X509SerialNumber></dsig:X509IssuerSerial><dsig:X509SubjectName>CN=Test Client (RSA),OU=Engineering,O=Phaos Technology,L=New York,ST=New York,C=US</dsig:X509SubjectName><dsig:X509SKI>E+fKwQsT5lS3mWmBkalUTp0JRW8=</dsig:X509SKI></dsig:X509Data></dsig:KeyInfo></dsig:Signature></player> \ No newline at end of file
diff --git a/tests/phaos-xmldsig-three/signature-rsa-enveloped.xml b/tests/phaos-xmldsig-three/signature-rsa-enveloped.xml
new file mode 100644
index 00000000..093ada4c
--- /dev/null
+++ b/tests/phaos-xmldsig-three/signature-rsa-enveloped.xml
@@ -0,0 +1,6 @@
+<player bats="left" id="10012" throws="right">
+ <!-- Here's a comment -->
+ <name>Alfonso Soriano</name>
+ <position>2B</position>
+ <team>New York Yankees</team>
+<dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>nDF2V/bzRd0VE3EwShWtsBzTEDc=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>fbye4Xm//RPUTsLd1dwJPo0gPZYX6gVYCEB/gz2348EARNk/nCCch1fFfpuqAGMKg4ayVC0yWkUyE5V4QB33jaGlh9wuNQSjxs6TIvFwSsT+0ioDgVgFv0gVeasbyNL4rFEHuAWL8QKwDT9L6b2wUvJC90DmpBs9GMR2jTZIWlM=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIC0DCCAjmgAwIBAgIDD0JBMA0GCSqGSIb3DQEBBAUAMHwxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazERMA8GA1UEBxMITmV3IFlvcmsxGTAXBgNVBAoTEFBoYW9zIFRlY2hub2xvZ3kxFDASBgNVBAsTC0VuZ2luZWVyaW5nMRYwFAYDVQQDEw1UZXN0IENBIChSU0EpMB4XDTAyMDQyOTE5MTY0MFoXDTEyMDQyNjE5MTY0MFowgYAxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazERMA8GA1UEBxMITmV3IFlvcmsxGTAXBgNVBAoTEFBoYW9zIFRlY2hub2xvZ3kxFDASBgNVBAsTC0VuZ2luZWVyaW5nMRowGAYDVQQDExFUZXN0IENsaWVudCAoUlNBKTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAgIb6nAB9oS/AI5jIj6WymvQhRxiMlE07G4abmMliYi5zWzvaFE2tnU+RZIBgtoXcgDEIU/vsLQut7nzCn9mHxC8JEaV4D4U91j64AyZakShqJw7qjJfqUxxPL0yJv2oFiouPDjGuJ9JPi0NrsZq+yfWfM54s4b9SNkcOIVMybZUCAwEAAaNbMFkwDAYDVR0TAQH/BAIwADAPBgNVHQ8BAf8EBQMDB9gAMBkGA1UdEQQSMBCBDnRlY2hAcGhhb3MuY29tMB0GA1UdDgQWBBQT58rBCxPmVLeZaYGRqVROnQlFbzANBgkqhkiG9w0BAQQFAAOBgQCxbCovFST25t+ryN1RipqozxJQcguKfeCwbfgBNobzcRvoW0kSIf7zi4mtQajDM0NfslFF51/dex5Rn64HmFFshSwSvQQMyf5Cfaqv2XQ60OXq6nAFG6WbHoge6RqfIez2MWDLoSB6plsjKtMmL3mcybBhROtX5GGuLx1NtfhNFQ==</dsig:X509Certificate><dsig:X509IssuerSerial><dsig:X509IssuerName>CN=Test CA (RSA),OU=Engineering,O=Phaos Technology,L=New York,ST=New York,C=US</dsig:X509IssuerName><dsig:X509SerialNumber>1000001</dsig:X509SerialNumber></dsig:X509IssuerSerial><dsig:X509SubjectName>CN=Test Client (RSA),OU=Engineering,O=Phaos Technology,L=New York,ST=New York,C=US</dsig:X509SubjectName><dsig:X509SKI>E+fKwQsT5lS3mWmBkalUTp0JRW8=</dsig:X509SKI></dsig:X509Data></dsig:KeyInfo></dsig:Signature></player> \ No newline at end of file
diff --git a/tests/phaos-xmldsig-three/signature-rsa-enveloping.xml b/tests/phaos-xmldsig-three/signature-rsa-enveloping.xml
new file mode 100644
index 00000000..d8448988
--- /dev/null
+++ b/tests/phaos-xmldsig-three/signature-rsa-enveloping.xml
@@ -0,0 +1,6 @@
+<dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#DSig.Object_oZgpbcerGtb0YWgPcBv8Fg22"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>OLdgv4vWS4DAsiZUr41BZgppB2Q=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>eiuD94jyedzuHvhICyQ8vkeHjyhiFf1dWQEikAaf+q2edJumgz2wECVA4g8v/97Sp8f5A/97ktVAknsRxmC7JHuwTzgaz9gKvqIbCpHZLAPxovI1wA8o+YzuH1lv4RtkMv3WYqwuGm3eisnEv464H9Sa2V6L0VUHNPk8MEwDUyo=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIC0DCCAjmgAwIBAgIDD0JBMA0GCSqGSIb3DQEBBAUAMHwxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazERMA8GA1UEBxMITmV3IFlvcmsxGTAXBgNVBAoTEFBoYW9zIFRlY2hub2xvZ3kxFDASBgNVBAsTC0VuZ2luZWVyaW5nMRYwFAYDVQQDEw1UZXN0IENBIChSU0EpMB4XDTAyMDQyOTE5MTY0MFoXDTEyMDQyNjE5MTY0MFowgYAxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazERMA8GA1UEBxMITmV3IFlvcmsxGTAXBgNVBAoTEFBoYW9zIFRlY2hub2xvZ3kxFDASBgNVBAsTC0VuZ2luZWVyaW5nMRowGAYDVQQDExFUZXN0IENsaWVudCAoUlNBKTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAgIb6nAB9oS/AI5jIj6WymvQhRxiMlE07G4abmMliYi5zWzvaFE2tnU+RZIBgtoXcgDEIU/vsLQut7nzCn9mHxC8JEaV4D4U91j64AyZakShqJw7qjJfqUxxPL0yJv2oFiouPDjGuJ9JPi0NrsZq+yfWfM54s4b9SNkcOIVMybZUCAwEAAaNbMFkwDAYDVR0TAQH/BAIwADAPBgNVHQ8BAf8EBQMDB9gAMBkGA1UdEQQSMBCBDnRlY2hAcGhhb3MuY29tMB0GA1UdDgQWBBQT58rBCxPmVLeZaYGRqVROnQlFbzANBgkqhkiG9w0BAQQFAAOBgQCxbCovFST25t+ryN1RipqozxJQcguKfeCwbfgBNobzcRvoW0kSIf7zi4mtQajDM0NfslFF51/dex5Rn64HmFFshSwSvQQMyf5Cfaqv2XQ60OXq6nAFG6WbHoge6RqfIez2MWDLoSB6plsjKtMmL3mcybBhROtX5GGuLx1NtfhNFQ==</dsig:X509Certificate><dsig:X509IssuerSerial><dsig:X509IssuerName>CN=Test CA (RSA),OU=Engineering,O=Phaos Technology,L=New York,ST=New York,C=US</dsig:X509IssuerName><dsig:X509SerialNumber>1000001</dsig:X509SerialNumber></dsig:X509IssuerSerial><dsig:X509SubjectName>CN=Test Client (RSA),OU=Engineering,O=Phaos Technology,L=New York,ST=New York,C=US</dsig:X509SubjectName><dsig:X509SKI>E+fKwQsT5lS3mWmBkalUTp0JRW8=</dsig:X509SKI></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="DSig.Object_oZgpbcerGtb0YWgPcBv8Fg22" MimeType="text/xml"><player bats="left" id="10012" throws="right">
+ <!-- Here's a comment -->
+ <name>Alfonso Soriano</name>
+ <position>2B</position>
+ <team>New York Yankees</team>
+</player></dsig:Object></dsig:Signature> \ No newline at end of file
diff --git a/tests/phaos-xmldsig-three/signature-rsa-manifest-x509-data-cert-chain.xml b/tests/phaos-xmldsig-three/signature-rsa-manifest-x509-data-cert-chain.xml
new file mode 100644
index 00000000..e8ea5353
--- /dev/null
+++ b/tests/phaos-xmldsig-three/signature-rsa-manifest-x509-data-cert-chain.xml
@@ -0,0 +1 @@
+<dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-manifest" Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="#manifest"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>NIYWGr1CiWC02cfck47Xf/UM9AA=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>E3tz123wD0lO8VwhVEBfFTsD5gc0Bplx6YtVuDM0cUJDHb5F+DiuxGugGqIt+CKUklSO2kSD7YmDeTnT+bXbbX+wokGQhKib+GhHQbYW8rckvF9KJ7Z+U1uKKGW3NyKN281Q301XDQYKrSwBK+ns4+PmVpNMB8Rfqp6jWJkX1aE=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIC0DCCAjmgAwIBAgIDD0JBMA0GCSqGSIb3DQEBBAUAMHwxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazERMA8GA1UEBxMITmV3IFlvcmsxGTAXBgNVBAoTEFBoYW9zIFRlY2hub2xvZ3kxFDASBgNVBAsTC0VuZ2luZWVyaW5nMRYwFAYDVQQDEw1UZXN0IENBIChSU0EpMB4XDTAyMDQyOTE5MTY0MFoXDTEyMDQyNjE5MTY0MFowgYAxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazERMA8GA1UEBxMITmV3IFlvcmsxGTAXBgNVBAoTEFBoYW9zIFRlY2hub2xvZ3kxFDASBgNVBAsTC0VuZ2luZWVyaW5nMRowGAYDVQQDExFUZXN0IENsaWVudCAoUlNBKTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAgIb6nAB9oS/AI5jIj6WymvQhRxiMlE07G4abmMliYi5zWzvaFE2tnU+RZIBgtoXcgDEIU/vsLQut7nzCn9mHxC8JEaV4D4U91j64AyZakShqJw7qjJfqUxxPL0yJv2oFiouPDjGuJ9JPi0NrsZq+yfWfM54s4b9SNkcOIVMybZUCAwEAAaNbMFkwDAYDVR0TAQH/BAIwADAPBgNVHQ8BAf8EBQMDB9gAMBkGA1UdEQQSMBCBDnRlY2hAcGhhb3MuY29tMB0GA1UdDgQWBBQT58rBCxPmVLeZaYGRqVROnQlFbzANBgkqhkiG9w0BAQQFAAOBgQCxbCovFST25t+ryN1RipqozxJQcguKfeCwbfgBNobzcRvoW0kSIf7zi4mtQajDM0NfslFF51/dex5Rn64HmFFshSwSvQQMyf5Cfaqv2XQ60OXq6nAFG6WbHoge6RqfIez2MWDLoSB6plsjKtMmL3mcybBhROtX5GGuLx1NtfhNFQ==</dsig:X509Certificate><dsig:X509Certificate>MIICzjCCAjegAwIBAgIDAYagMA0GCSqGSIb3DQEBBAUAMHwxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazERMA8GA1UEBxMITmV3IFlvcmsxGTAXBgNVBAoTEFBoYW9zIFRlY2hub2xvZ3kxFDASBgNVBAsTC0VuZ2luZWVyaW5nMRYwFAYDVQQDEw1UZXN0IENBIChSU0EpMB4XDTAyMDQyOTE5MDUyNFoXDTEwMTIzMTA1MDAwMFowfDELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQHEwhOZXcgWW9yazEZMBcGA1UEChMQUGhhb3MgVGVjaG5vbG9neTEUMBIGA1UECxMLRW5naW5lZXJpbmcxFjAUBgNVBAMTDVRlc3QgQ0EgKFJTQSkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALO5BLdMI/8/geNgk2SgbklQImTtQDwhkcutAlw35rS/84Y+Ct1qBi5r8c6JRVb/oEqQSs9TBczpLnd+D7xiqJ6/JcB3R9MDg/pAVoJCrCY4oZNlkJSasYWKZo77zSuUphNEfJEVZ4SMtwxZQLHFailJHm4L30zjI2E0N2YHyi7/AgMBAAGjXjBcMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwfGADAZBgNVHREEEjAQgQ50ZWNoQHBoYW9zLmNvbTAdBgNVHQ4EFgQUMwlR0HC1hlo487v3Z47eghoDMMwwDQYJKoZIhvcNAQEEBQADgYEAY+elRel/6kG/o7xNmU9CrZM1EJMh3cHoedPOHt4yHP6crj6OYZMA+C7ifHX/wvGpcwZymMPqlr3cQ7B7/h88yCVJuANTe1BQtA6nZ4Cz6Bh9Mip3n8ycuXCDbxkUd0ALQYD6SS2+awVSHVGYRmFRd9vyW1nkg9EsScaqa7XG+6A=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest Id="manifest"><dsig:Reference Id="reference-0" URI="document.xml"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>5KcCsBlhsIP4iMmHcaU2dXJPU8k=</dsig:DigestValue></dsig:Reference><dsig:Reference Id="reference-1" URI="http://www.ietf.org/rfc/rfc3161.txt"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>eT5ZU9fkIwQ9b9XAYq+iIYnj0DQ=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature> \ No newline at end of file
diff --git a/tests/phaos-xmldsig-three/signature-rsa-manifest-x509-data-cert.xml b/tests/phaos-xmldsig-three/signature-rsa-manifest-x509-data-cert.xml
new file mode 100644
index 00000000..0a1f0b4b
--- /dev/null
+++ b/tests/phaos-xmldsig-three/signature-rsa-manifest-x509-data-cert.xml
@@ -0,0 +1 @@
+<dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-manifest" Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="#manifest"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>NIYWGr1CiWC02cfck47Xf/UM9AA=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>E3tz123wD0lO8VwhVEBfFTsD5gc0Bplx6YtVuDM0cUJDHb5F+DiuxGugGqIt+CKUklSO2kSD7YmDeTnT+bXbbX+wokGQhKib+GhHQbYW8rckvF9KJ7Z+U1uKKGW3NyKN281Q301XDQYKrSwBK+ns4+PmVpNMB8Rfqp6jWJkX1aE=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIC0DCCAjmgAwIBAgIDD0JBMA0GCSqGSIb3DQEBBAUAMHwxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazERMA8GA1UEBxMITmV3IFlvcmsxGTAXBgNVBAoTEFBoYW9zIFRlY2hub2xvZ3kxFDASBgNVBAsTC0VuZ2luZWVyaW5nMRYwFAYDVQQDEw1UZXN0IENBIChSU0EpMB4XDTAyMDQyOTE5MTY0MFoXDTEyMDQyNjE5MTY0MFowgYAxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazERMA8GA1UEBxMITmV3IFlvcmsxGTAXBgNVBAoTEFBoYW9zIFRlY2hub2xvZ3kxFDASBgNVBAsTC0VuZ2luZWVyaW5nMRowGAYDVQQDExFUZXN0IENsaWVudCAoUlNBKTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAgIb6nAB9oS/AI5jIj6WymvQhRxiMlE07G4abmMliYi5zWzvaFE2tnU+RZIBgtoXcgDEIU/vsLQut7nzCn9mHxC8JEaV4D4U91j64AyZakShqJw7qjJfqUxxPL0yJv2oFiouPDjGuJ9JPi0NrsZq+yfWfM54s4b9SNkcOIVMybZUCAwEAAaNbMFkwDAYDVR0TAQH/BAIwADAPBgNVHQ8BAf8EBQMDB9gAMBkGA1UdEQQSMBCBDnRlY2hAcGhhb3MuY29tMB0GA1UdDgQWBBQT58rBCxPmVLeZaYGRqVROnQlFbzANBgkqhkiG9w0BAQQFAAOBgQCxbCovFST25t+ryN1RipqozxJQcguKfeCwbfgBNobzcRvoW0kSIf7zi4mtQajDM0NfslFF51/dex5Rn64HmFFshSwSvQQMyf5Cfaqv2XQ60OXq6nAFG6WbHoge6RqfIez2MWDLoSB6plsjKtMmL3mcybBhROtX5GGuLx1NtfhNFQ==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest Id="manifest"><dsig:Reference Id="reference-0" URI="document.xml"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>5KcCsBlhsIP4iMmHcaU2dXJPU8k=</dsig:DigestValue></dsig:Reference><dsig:Reference Id="reference-1" URI="http://www.ietf.org/rfc/rfc3161.txt"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>eT5ZU9fkIwQ9b9XAYq+iIYnj0DQ=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature> \ No newline at end of file
diff --git a/tests/phaos-xmldsig-three/signature-rsa-manifest-x509-data-issuer-serial.xml b/tests/phaos-xmldsig-three/signature-rsa-manifest-x509-data-issuer-serial.xml
new file mode 100644
index 00000000..3b20b283
--- /dev/null
+++ b/tests/phaos-xmldsig-three/signature-rsa-manifest-x509-data-issuer-serial.xml
@@ -0,0 +1 @@
+<dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-manifest" Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="#manifest"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>NIYWGr1CiWC02cfck47Xf/UM9AA=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>E3tz123wD0lO8VwhVEBfFTsD5gc0Bplx6YtVuDM0cUJDHb5F+DiuxGugGqIt+CKUklSO2kSD7YmDeTnT+bXbbX+wokGQhKib+GhHQbYW8rckvF9KJ7Z+U1uKKGW3NyKN281Q301XDQYKrSwBK+ns4+PmVpNMB8Rfqp6jWJkX1aE=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509IssuerSerial><dsig:X509IssuerName>CN=Test CA (RSA),OU=Engineering,O=Phaos Technology,L=New York,ST=New York,C=US</dsig:X509IssuerName><dsig:X509SerialNumber>1000001</dsig:X509SerialNumber></dsig:X509IssuerSerial></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest Id="manifest"><dsig:Reference Id="reference-0" URI="document.xml"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>5KcCsBlhsIP4iMmHcaU2dXJPU8k=</dsig:DigestValue></dsig:Reference><dsig:Reference Id="reference-1" URI="http://www.ietf.org/rfc/rfc3161.txt"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>eT5ZU9fkIwQ9b9XAYq+iIYnj0DQ=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature> \ No newline at end of file
diff --git a/tests/phaos-xmldsig-three/signature-rsa-manifest-x509-data-ski.xml b/tests/phaos-xmldsig-three/signature-rsa-manifest-x509-data-ski.xml
new file mode 100644
index 00000000..0554d866
--- /dev/null
+++ b/tests/phaos-xmldsig-three/signature-rsa-manifest-x509-data-ski.xml
@@ -0,0 +1 @@
+<dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-manifest" Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="#manifest"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>NIYWGr1CiWC02cfck47Xf/UM9AA=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>E3tz123wD0lO8VwhVEBfFTsD5gc0Bplx6YtVuDM0cUJDHb5F+DiuxGugGqIt+CKUklSO2kSD7YmDeTnT+bXbbX+wokGQhKib+GhHQbYW8rckvF9KJ7Z+U1uKKGW3NyKN281Q301XDQYKrSwBK+ns4+PmVpNMB8Rfqp6jWJkX1aE=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509SKI>E+fKwQsT5lS3mWmBkalUTp0JRW8=</dsig:X509SKI></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest Id="manifest"><dsig:Reference Id="reference-0" URI="document.xml"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>5KcCsBlhsIP4iMmHcaU2dXJPU8k=</dsig:DigestValue></dsig:Reference><dsig:Reference Id="reference-1" URI="http://www.ietf.org/rfc/rfc3161.txt"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>eT5ZU9fkIwQ9b9XAYq+iIYnj0DQ=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature> \ No newline at end of file
diff --git a/tests/phaos-xmldsig-three/signature-rsa-manifest-x509-data-subject-name.xml b/tests/phaos-xmldsig-three/signature-rsa-manifest-x509-data-subject-name.xml
new file mode 100644
index 00000000..470da217
--- /dev/null
+++ b/tests/phaos-xmldsig-three/signature-rsa-manifest-x509-data-subject-name.xml
@@ -0,0 +1 @@
+<dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-manifest" Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="#manifest"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>NIYWGr1CiWC02cfck47Xf/UM9AA=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>E3tz123wD0lO8VwhVEBfFTsD5gc0Bplx6YtVuDM0cUJDHb5F+DiuxGugGqIt+CKUklSO2kSD7YmDeTnT+bXbbX+wokGQhKib+GhHQbYW8rckvF9KJ7Z+U1uKKGW3NyKN281Q301XDQYKrSwBK+ns4+PmVpNMB8Rfqp6jWJkX1aE=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509SubjectName>CN=Test Client (RSA),OU=Engineering,O=Phaos Technology,L=New York,ST=New York,C=US</dsig:X509SubjectName></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest Id="manifest"><dsig:Reference Id="reference-0" URI="document.xml"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>5KcCsBlhsIP4iMmHcaU2dXJPU8k=</dsig:DigestValue></dsig:Reference><dsig:Reference Id="reference-1" URI="http://www.ietf.org/rfc/rfc3161.txt"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>eT5ZU9fkIwQ9b9XAYq+iIYnj0DQ=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature> \ No newline at end of file
diff --git a/tests/phaos-xmldsig-three/signature-rsa-manifest.xml b/tests/phaos-xmldsig-three/signature-rsa-manifest.xml
new file mode 100644
index 00000000..49c30005
--- /dev/null
+++ b/tests/phaos-xmldsig-three/signature-rsa-manifest.xml
@@ -0,0 +1 @@
+<dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-manifest" Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="#manifest"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>NIYWGr1CiWC02cfck47Xf/UM9AA=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>E3tz123wD0lO8VwhVEBfFTsD5gc0Bplx6YtVuDM0cUJDHb5F+DiuxGugGqIt+CKUklSO2kSD7YmDeTnT+bXbbX+wokGQhKib+GhHQbYW8rckvF9KJ7Z+U1uKKGW3NyKN281Q301XDQYKrSwBK+ns4+PmVpNMB8Rfqp6jWJkX1aE=</dsig:SignatureValue><dsig:KeyInfo><dsig:KeyValue><dsig:RSAKeyValue><dsig:Modulus>gIb6nAB9oS/AI5jIj6WymvQhRxiMlE07G4abmMliYi5zWzvaFE2tnU+RZIBgtoXcgDEIU/vsLQut7nzCn9mHxC8JEaV4D4U91j64AyZakShqJw7qjJfqUxxPL0yJv2oFiouPDjGuJ9JPi0NrsZq+yfWfM54s4b9SNkcOIVMybZU=</dsig:Modulus><dsig:Exponent>AQAB</dsig:Exponent></dsig:RSAKeyValue></dsig:KeyValue></dsig:KeyInfo><dsig:Object><dsig:Manifest Id="manifest"><dsig:Reference Id="reference-0" URI="document.xml"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>5KcCsBlhsIP4iMmHcaU2dXJPU8k=</dsig:DigestValue></dsig:Reference><dsig:Reference Id="reference-1" URI="http://www.ietf.org/rfc/rfc3161.txt"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>eT5ZU9fkIwQ9b9XAYq+iIYnj0DQ=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature> \ No newline at end of file
diff --git a/tests/phaos-xmldsig-three/signature-rsa-xpath-transform-enveloped.xml b/tests/phaos-xmldsig-three/signature-rsa-xpath-transform-enveloped.xml
new file mode 100644
index 00000000..417ee3a9
--- /dev/null
+++ b/tests/phaos-xmldsig-three/signature-rsa-xpath-transform-enveloped.xml
@@ -0,0 +1,6 @@
+<player bats="left" id="10012" throws="right">
+ <!-- Here's a comment -->
+ <name>Alfonso Soriano</name>
+ <position>2B</position>
+ <team>New York Yankees</team>
+<dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">count(ancestor-or-self::dsig:Signature | here()/ancestor::dsig:Signature[1]) &gt; count(ancestor-or-self::dsig:Signature)</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>nDF2V/bzRd0VE3EwShWtsBzTEDc=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>eMfbu79eYzYilIOVlOw4r/PgJAJm4wdFhBnqxPf2OYtwtv/zHzbwvhfVQG90cYlWAdW7zaki1Om1LdPxgAb+urxb8e5gma3nxK+u/jPJ9ykQimqiOpBIpbGYOv/xFDS1XDu4LY4BITe+ZyyvUpYSFGv5X//eJ9rUyC8TJy8SNEk=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIC0DCCAjmgAwIBAgIDD0JBMA0GCSqGSIb3DQEBBAUAMHwxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazERMA8GA1UEBxMITmV3IFlvcmsxGTAXBgNVBAoTEFBoYW9zIFRlY2hub2xvZ3kxFDASBgNVBAsTC0VuZ2luZWVyaW5nMRYwFAYDVQQDEw1UZXN0IENBIChSU0EpMB4XDTAyMDQyOTE5MTY0MFoXDTEyMDQyNjE5MTY0MFowgYAxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazERMA8GA1UEBxMITmV3IFlvcmsxGTAXBgNVBAoTEFBoYW9zIFRlY2hub2xvZ3kxFDASBgNVBAsTC0VuZ2luZWVyaW5nMRowGAYDVQQDExFUZXN0IENsaWVudCAoUlNBKTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAgIb6nAB9oS/AI5jIj6WymvQhRxiMlE07G4abmMliYi5zWzvaFE2tnU+RZIBgtoXcgDEIU/vsLQut7nzCn9mHxC8JEaV4D4U91j64AyZakShqJw7qjJfqUxxPL0yJv2oFiouPDjGuJ9JPi0NrsZq+yfWfM54s4b9SNkcOIVMybZUCAwEAAaNbMFkwDAYDVR0TAQH/BAIwADAPBgNVHQ8BAf8EBQMDB9gAMBkGA1UdEQQSMBCBDnRlY2hAcGhhb3MuY29tMB0GA1UdDgQWBBQT58rBCxPmVLeZaYGRqVROnQlFbzANBgkqhkiG9w0BAQQFAAOBgQCxbCovFST25t+ryN1RipqozxJQcguKfeCwbfgBNobzcRvoW0kSIf7zi4mtQajDM0NfslFF51/dex5Rn64HmFFshSwSvQQMyf5Cfaqv2XQ60OXq6nAFG6WbHoge6RqfIez2MWDLoSB6plsjKtMmL3mcybBhROtX5GGuLx1NtfhNFQ==</dsig:X509Certificate><dsig:X509IssuerSerial><dsig:X509IssuerName>CN=Test CA (RSA),OU=Engineering,O=Phaos Technology,L=New York,ST=New York,C=US</dsig:X509IssuerName><dsig:X509SerialNumber>1000001</dsig:X509SerialNumber></dsig:X509IssuerSerial><dsig:X509SubjectName>CN=Test Client (RSA),OU=Engineering,O=Phaos Technology,L=New York,ST=New York,C=US</dsig:X509SubjectName><dsig:X509SKI>E+fKwQsT5lS3mWmBkalUTp0JRW8=</dsig:X509SKI></dsig:X509Data></dsig:KeyInfo></dsig:Signature></player> \ No newline at end of file
diff --git a/tests/phaos-xmldsig-three/signature-rsa-~x509-data-crl.xml b/tests/phaos-xmldsig-three/signature-rsa-~x509-data-crl.xml
new file mode 100644
index 00000000..005401a1
--- /dev/null
+++ b/tests/phaos-xmldsig-three/signature-rsa-~x509-data-crl.xml
@@ -0,0 +1 @@
+<dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-manifest" Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="#manifest"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>NIYWGr1CiWC02cfck47Xf/UM9AA=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>E3tz123wD0lO8VwhVEBfFTsD5gc0Bplx6YtVuDM0cUJDHb5F+DiuxGugGqIt+CKUklSO2kSD7YmDeTnT+bXbbX+wokGQhKib+GhHQbYW8rckvF9KJ7Z+U1uKKGW3NyKN281Q301XDQYKrSwBK+ns4+PmVpNMB8Rfqp6jWJkX1aE=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509SubjectName>CN=Test Client (RSA),OU=Engineering,O=Phaos Technology,L=New York,ST=New York,C=US</dsig:X509SubjectName><dsig:X509IssuerSerial><dsig:X509IssuerName>CN=Test CA (RSA),OU=Engineering,O=Phaos Technology,L=New York,ST=New York,C=US</dsig:X509IssuerName><dsig:X509SerialNumber>1000001</dsig:X509SerialNumber></dsig:X509IssuerSerial><dsig:X509SKI>E+fKwQsT5lS3mWmBkalUTp0JRW8=</dsig:X509SKI><dsig:X509Certificate>MIIC0DCCAjmgAwIBAgIDD0JBMA0GCSqGSIb3DQEBBAUAMHwxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazERMA8GA1UEBxMITmV3IFlvcmsxGTAXBgNVBAoTEFBoYW9zIFRlY2hub2xvZ3kxFDASBgNVBAsTC0VuZ2luZWVyaW5nMRYwFAYDVQQDEw1UZXN0IENBIChSU0EpMB4XDTAyMDQyOTE5MTY0MFoXDTEyMDQyNjE5MTY0MFowgYAxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazERMA8GA1UEBxMITmV3IFlvcmsxGTAXBgNVBAoTEFBoYW9zIFRlY2hub2xvZ3kxFDASBgNVBAsTC0VuZ2luZWVyaW5nMRowGAYDVQQDExFUZXN0IENsaWVudCAoUlNBKTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAgIb6nAB9oS/AI5jIj6WymvQhRxiMlE07G4abmMliYi5zWzvaFE2tnU+RZIBgtoXcgDEIU/vsLQut7nzCn9mHxC8JEaV4D4U91j64AyZakShqJw7qjJfqUxxPL0yJv2oFiouPDjGuJ9JPi0NrsZq+yfWfM54s4b9SNkcOIVMybZUCAwEAAaNbMFkwDAYDVR0TAQH/BAIwADAPBgNVHQ8BAf8EBQMDB9gAMBkGA1UdEQQSMBCBDnRlY2hAcGhhb3MuY29tMB0GA1UdDgQWBBQT58rBCxPmVLeZaYGRqVROnQlFbzANBgkqhkiG9w0BAQQFAAOBgQCxbCovFST25t+ryN1RipqozxJQcguKfeCwbfgBNobzcRvoW0kSIf7zi4mtQajDM0NfslFF51/dex5Rn64HmFFshSwSvQQMyf5Cfaqv2XQ60OXq6nAFG6WbHoge6RqfIez2MWDLoSB6plsjKtMmL3mcybBhROtX5GGuLx1NtfhNFQ==</dsig:X509Certificate><dsig:X509Certificate>MIICzjCCAjegAwIBAgIDAYagMA0GCSqGSIb3DQEBBAUAMHwxCzAJBgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazERMA8GA1UEBxMITmV3IFlvcmsxGTAXBgNVBAoTEFBoYW9zIFRlY2hub2xvZ3kxFDASBgNVBAsTC0VuZ2luZWVyaW5nMRYwFAYDVQQDEw1UZXN0IENBIChSU0EpMB4XDTAyMDQyOTE5MDUyNFoXDTEwMTIzMTA1MDAwMFowfDELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQHEwhOZXcgWW9yazEZMBcGA1UEChMQUGhhb3MgVGVjaG5vbG9neTEUMBIGA1UECxMLRW5naW5lZXJpbmcxFjAUBgNVBAMTDVRlc3QgQ0EgKFJTQSkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALO5BLdMI/8/geNgk2SgbklQImTtQDwhkcutAlw35rS/84Y+Ct1qBi5r8c6JRVb/oEqQSs9TBczpLnd+D7xiqJ6/JcB3R9MDg/pAVoJCrCY4oZNlkJSasYWKZo77zSuUphNEfJEVZ4SMtwxZQLHFailJHm4L30zjI2E0N2YHyi7/AgMBAAGjXjBcMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwfGADAZBgNVHREEEjAQgQ50ZWNoQHBoYW9zLmNvbTAdBgNVHQ4EFgQUMwlR0HC1hlo487v3Z47eghoDMMwwDQYJKoZIhvcNAQEEBQADgYEAY+elRel/6kG/o7xNmU9CrZM1EJMh3cHoedPOHt4yHP6crj6OYZMA+C7ifHX/wvGpcwZymMPqlr3cQ7B7/h88yCVJuANTe1BQtA6nZ4Cz6Bh9Mip3n8ycuXCDbxkUd0ALQYD6SS2+awVSHVGYRmFRd9vyW1nkg9EsScaqa7XG+6A=</dsig:X509Certificate><dsig:X509CRL>MIIBnjCCAQcCAQEwDQYJKoZIhvcNAQEEBQAwfDELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE5ldyBZb3JrMREwDwYDVQQHEwhOZXcgWW9yazEZMBcGA1UEChMQUGhhb3MgVGVjaG5vbG9neTEUMBIGA1UECxMLRW5naW5lZXJpbmcxFjAUBgNVBAMTDVRlc3QgQ0EgKFJTQSkXDTAyMDQyOTE5MTkyOFoXDTEyMDQyNjE5MTkyOFowJDAiAgMPQkEXDTAyMDQyOTE5MTkyOFowDDAKBgNVHRUEAwoBAaAxMC8wDAYDVR0UBAUCAy3GwDAfBgNVHSMEGDAWgBQzCVHQcLWGWjjzu/dnjt6CGgMwzDANBgkqhkiG9w0BAQQFAAOBgQBAp2he5UWtQxjGt1M6cQnBtNFbG2EYfQOtXt0bWOl8vjRMcFFtCc0/eXr9TQ13F7E4E6mF6geHzjFQ/qYF5r5ytZCBusCD2DGem0HWNiWIj9FMKvhxcqCYE3FY1d79EMjbI9Du81NUFZgdQub0LbhXkEt53j1p7ff8bI1ng+vtFw==</dsig:X509CRL></dsig:X509Data></dsig:KeyInfo><dsig:Object><dsig:Manifest Id="manifest"><dsig:Reference Id="reference-0" URI="document.xml"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>5KcCsBlhsIP4iMmHcaU2dXJPU8k=</dsig:DigestValue></dsig:Reference><dsig:Reference Id="reference-1" URI="http://www.ietf.org/rfc/rfc3161.txt"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>eT5ZU9fkIwQ9b9XAYq+iIYnj0DQ=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature> \ No newline at end of file
diff --git a/tests/testDSig.sh b/tests/testDSig.sh
new file mode 100755
index 00000000..2ef9bc73
--- /dev/null
+++ b/tests/testDSig.sh
@@ -0,0 +1,875 @@
+#!/bin/sh
+#
+# This script needs to be called from testrun.sh script
+#
+
+##########################################################################
+##########################################################################
+##########################################################################
+echo "--- testDSig started for xmlsec-$crypto library ($timestamp)"
+echo "--- LD_LIBRARY_PATH=$LD_LIBRARY_PATH"
+echo "--- log file is $logfile"
+echo "--- testDSig started for xmlsec-$crypto library ($timestamp)" >> $logfile
+echo "--- LD_LIBRARY_PATH=$LD_LIBRARY_PATH" >> $logfile
+
+##########################################################################
+##########################################################################
+##########################################################################
+echo "--------- Positive Testing ----------"
+
+##########################################################################
+#
+# xmldsig2ed-tests
+#
+# http://www.w3.org/TR/xmldsig2ed-tests/
+#
+##########################################################################
+
+execDSigTest $res_success \
+ "xmldsig2ed-tests" \
+ "defCan-1" \
+ "c14n11 sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "xmldsig2ed-tests" \
+ "defCan-2" \
+ "c14n11 xslt xpath sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+#
+# differences in XSLT transform output, tbd
+#
+# execDSigTest $res_success \
+# "xmldsig2ed-tests" \
+# "defCan-3" \
+# "c14n11 xslt xpath sha1 hmac-sha1" \
+# "hmac" \
+# "--hmackey $topfolder/keys/hmackey.bin" \
+# "--hmackey $topfolder/keys/hmackey.bin" \
+# "--hmackey $topfolder/keys/hmackey.bin"
+#
+
+execDSigTest $res_success \
+ "xmldsig2ed-tests" \
+ "xpointer-1-SUN" \
+ "c14n11 xpointer sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "xmldsig2ed-tests" \
+ "xpointer-2-SUN" \
+ "c14n11 xpointer sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "xmldsig2ed-tests" \
+ "xpointer-3-SUN" \
+ "c14n11 xpointer sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "xmldsig2ed-tests" \
+ "xpointer-4-SUN" \
+ "c14n11 xpointer sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "xmldsig2ed-tests" \
+ "xpointer-5-SUN" \
+ "c14n11 xpointer sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "xmldsig2ed-tests" \
+ "xpointer-6-SUN" \
+ "c14n11 xpointer sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+##########################################################################
+#
+# aleksey-xmldsig-01
+#
+##########################################################################
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-dsa-x509chain" \
+ "sha1 dsa-sha1" \
+ "dsa x509" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-rsa-x509chain" \
+ "sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
+ "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-md5-hmac-md5" \
+ "md5 hmac-md5" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-md5-hmac-md5-64" \
+ "md5 hmac-md5" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160" \
+ "ripemd160 hmac-ripemd160" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-ripemd160-hmac-ripemd160-64" \
+ "ripemd160 hmac-ripemd160" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/xpointer-hmac" \
+ "xpointer sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha1-hmac-sha1" \
+ "sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha1-hmac-sha1-64" \
+ "sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha224-hmac-sha224" \
+ "sha224 hmac-sha224" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha224-hmac-sha224-64" \
+ "sha224 hmac-sha224" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha256-hmac-sha256" \
+ "sha256 hmac-sha256" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha256-hmac-sha256-64" \
+ "sha256 hmac-sha256" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha384-hmac-sha384" \
+ "sha384 hmac-sha384" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha384-hmac-sha384-64" \
+ "sha384 hmac-sha384" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha512-hmac-sha512" \
+ "sha512 hmac-sha512" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha512-hmac-sha512-64" \
+ "sha512 hmac-sha512" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-md5-rsa-md5" \
+ "md5 rsa-md5" \
+ "rsa x509" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
+ "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-ripemd160-rsa-ripemd160" \
+ "ripemd160 rsa-ripemd160" \
+ "rsa x509" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
+ "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha1-rsa-sha1" \
+ "sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
+ "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha224-rsa-sha224" \
+ "sha224 rsa-sha224" \
+ "rsa x509" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
+ "$priv_key_option $topfolder/keys/rsakey$priv_key_suffix.$priv_key_format --pwd secret" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha256-rsa-sha256" \
+ "sha256 rsa-sha256" \
+ "rsa x509" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
+ "$priv_key_option $topfolder/keys/rsakey$priv_key_suffix.$priv_key_format --pwd secret" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha384-rsa-sha384" \
+ "sha384 rsa-sha384" \
+ "rsa x509" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
+ "$priv_key_option $topfolder/keys/largersakey$priv_key_suffix.$priv_key_format --pwd secret" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-sha512-rsa-sha512" \
+ "sha512 rsa-sha512" \
+ "rsa x509" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509" \
+ "$priv_key_option $topfolder/keys/largersakey$priv_key_suffix.$priv_key_format --pwd secret" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
+
+#
+# To generate expired cert run the following command
+# > xmlsec1 sign --pkcs12 tests/keys/expiredkey.p12 --pwd secret --output out.xml ./tests/aleksey-xmldsig-01/enveloping-expired-cert.tmpl
+#
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloping-expired-cert" \
+ "sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509 --verification-time 2005-07-10+10:00:00"
+
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/dtd-hmac-91" \
+ "sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin --dtd-file $topfolder/aleksey-xmldsig-01/dtd-hmac-91.dtd" \
+ "--hmackey $topfolder/keys/hmackey.bin --dtd-file $topfolder/aleksey-xmldsig-01/dtd-hmac-91.dtd" \
+ "--hmackey $topfolder/keys/hmackey.bin --dtd-file $topfolder/aleksey-xmldsig-01/dtd-hmac-91.dtd"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/x509data-test" \
+ "xpath2 sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format" \
+ "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format"
+
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/x509data-sn-test" \
+ "xpath2 sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --untrusted-$cert_format $topfolder/keys/ca2cert.$cert_format --untrusted-$cert_format $topfolder/keys/rsacert.$cert_format --enabled-key-data x509" \
+ "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --untrusted-$cert_format $topfolder/keys/ca2cert.$cert_format --untrusted-$cert_format $topfolder/keys/rsacert.$cert_format --enabled-key-data x509"
+
+##########################################################################
+#
+# merlin-xmldsig-twenty-three
+#
+##########################################################################
+execDSigTest $res_success \
+ "" \
+ "merlin-xmldsig-twenty-three/signature-enveloped-dsa" \
+ "enveloped-signature sha1 dsa-sha1" \
+ "dsa" \
+ " " \
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
+ " "
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmldsig-twenty-three/signature-enveloping-dsa" \
+ "sha1 dsa-sha1" \
+ "dsa" \
+ " " \
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
+ " "
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmldsig-twenty-three/signature-enveloping-b64-dsa" \
+ "base64 sha1 dsa-sha1" \
+ "dsa" \
+ " " \
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
+ " "
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1-40" \
+ "sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1" \
+ "sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin" \
+ "--hmackey $topfolder/keys/hmackey.bin"
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmldsig-twenty-three/signature-enveloping-rsa" \
+ "sha1 rsa-sha1" \
+ "rsa" \
+ " " \
+ "$priv_key_option $topfolder/keys/rsakey.$priv_key_format --pwd secret" \
+ " "
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmldsig-twenty-three/signature-external-b64-dsa" \
+ "base64 sha1 dsa-sha1" \
+ "dsa" \
+ " " \
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
+ " "
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmldsig-twenty-three/signature-external-dsa" \
+ "sha1 dsa-sha1" \
+ "dsa" \
+ "" \
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
+ " "
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmldsig-twenty-three/signature-keyname" \
+ "sha1 dsa-sha1" \
+ "dsa x509" \
+ "" \
+ "$priv_key_option:test-dsa $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
+ "$priv_key_option:test-dsa $topfolder/keys/dsakey.$priv_key_format --pwd secret"
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmldsig-twenty-three/signature-x509-crt" \
+ "sha1 dsa-sha1" \
+ "dsa x509" \
+ "" \
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret"\
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format"
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmldsig-twenty-three/signature-x509-sn" \
+ "sha1 dsa-sha1" \
+ "dsa x509" \
+ "" \
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret"\
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format"
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmldsig-twenty-three/signature-x509-is" \
+ "sha1 dsa-sha1" \
+ "dsa x509" \
+ "" \
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret"\
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format"
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmldsig-twenty-three/signature-x509-ski" \
+ "sha1 dsa-sha1" \
+ "dsa x509" \
+ "" \
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret"\
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format"
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmldsig-twenty-three/signature-retrievalmethod-rawx509crt" \
+ "sha1 dsa-sha1" \
+ "dsa x509" \
+ "" \
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret"\
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --trusted-$cert_format $topfolder/keys/ca2cert.$cert_format"
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmldsig-twenty-three/signature" \
+ "base64 xpath enveloped-signature c14n-with-comments sha1 dsa-sha1" \
+ "dsa x509" \
+ "" \
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --untrusted-$cert_format $topfolder/keys/ca2cert.$cert_format"
+
+
+##########################################################################
+#
+# merlin-xmlenc-five
+#
+# While the main operation is signature (and this is why we have these
+# tests here instead of testEnc.sh), these tests check the encryption
+# key transport/wrapper algorightms
+#
+##########################################################################
+execDSigTest $res_success \
+ "" \
+ "merlin-xmlenc-five/encsig-ripemd160-hmac-ripemd160-kw-tripledes" \
+ "ripemd160 hmac-ripemd160 kw-tripledes" \
+ "hmac des" \
+ "" \
+ "--session-key hmac-192 --keys-file $topfolder/merlin-xmlenc-five/keys.xml" \
+ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml"
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmlenc-five/encsig-sha256-hmac-sha256-kw-aes128" \
+ "sha256 hmac-sha256 kw-aes128" \
+ "hmac aes" \
+ ""
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmlenc-five/encsig-sha384-hmac-sha384-kw-aes192" \
+ "sha384 hmac-sha384 kw-aes192" \
+ "hmac aes" \
+ ""
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmlenc-five/encsig-sha512-hmac-sha512-kw-aes256" \
+ "sha512 hmac-sha512 kw-aes256" \
+ "hmac aes" \
+ ""
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmlenc-five/encsig-hmac-sha256-rsa-1_5" \
+ "sha1 hmac-sha256 rsa-1_5" \
+ "hmac rsa" \
+ ""
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xmlenc-five/encsig-hmac-sha256-rsa-oaep-mgf1p" \
+ "sha1 hmac-sha256 rsa-oaep-mgf1p" \
+ "hmac rsa" \
+ ""
+
+
+
+##########################################################################
+#
+# merlin-exc-c14n-one
+#
+##########################################################################
+execDSigTest $res_success \
+ "" \
+ "merlin-exc-c14n-one/exc-signature" \
+ "exc-c14n sha1 dsa-sha1" \
+ "dsa" \
+ " " \
+ "$priv_key_option $topfolder/keys/dsakey.$priv_key_format --pwd secret" \
+ " "
+
+execDSigTest $res_success \
+ "" \
+ "merlin-exc-c14n-one/exc-signature" \
+ "exc-c14n sha1 dsa-sha1" \
+ "dsa" \
+ " "
+
+##########################################################################
+#
+# merlin-c14n-three
+#
+##########################################################################
+
+execDSigTest $res_success \
+ "" \
+ "merlin-c14n-three/signature" \
+ "c14n c14n-with-comments exc-c14n exc-c14n-with-comments xpath sha1 dsa-sha1" \
+ "dsa" \
+ " "
+
+##########################################################################
+#
+# merlin-xpath-filter2-three
+#
+##########################################################################
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xpath-filter2-three/sign-xfdl" \
+ "enveloped-signature xpath2 sha1 dsa-sha1" \
+ "dsa" \
+ " "
+
+execDSigTest $res_success \
+ "" \
+ "merlin-xpath-filter2-three/sign-spec" \
+ "enveloped-signature xpath2 sha1 dsa-sha1" \
+ "dsa" \
+ " "
+##########################################################################
+#
+# phaos-xmldsig-three
+#
+##########################################################################
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-big" \
+ "base64 xslt xpath sha1 rsa-sha1" \
+ "rsa x509" \
+ "--pubkey-cert-$cert_format certs/rsa-cert.$cert_format"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-dsa-detached" \
+ "sha1 dsa-sha1" \
+ "dsa x509" \
+ "--trusted-$cert_format certs/dsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-dsa-enveloped" \
+ "enveloped-signature sha1 dsa-sha1" \
+ "dsa x509" \
+ "--trusted-$cert_format certs/dsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-dsa-enveloping" \
+ "sha1 dsa-sha1" \
+ "dsa x509" \
+ "--trusted-$cert_format certs/dsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-dsa-manifest" \
+ "sha1 dsa-sha1" \
+ "dsa x509" \
+ "--trusted-$cert_format certs/dsa-ca-cert.$cert_format --verification-time 2009-01-01+10:00:00"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-hmac-md5-c14n-enveloping" \
+ "md5 hmac-md5" \
+ "hmac" \
+ "--hmackey certs/hmackey.bin"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-hmac-sha1-40-c14n-comments-detached" \
+ "c14n-with-comments sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey certs/hmackey.bin"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-hmac-sha1-40-exclusive-c14n-comments-detached" \
+ "exc-c14n-with-comments sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey certs/hmackey.bin"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-hmac-sha1-exclusive-c14n-comments-detached" \
+ "exc-c14n-with-comments sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey certs/hmackey.bin"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-hmac-sha1-exclusive-c14n-enveloped" \
+ "enveloped-signature exc-c14n sha1 hmac-sha1" \
+ "hmac" \
+ "--hmackey certs/hmackey.bin"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-detached-b64-transform" \
+ "base64 sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-detached" \
+ "sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-detached-xpath-transform" \
+ "xpath sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-detached-xslt-transform-retrieval-method" \
+ "xslt sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-detached-xslt-transform" \
+ "xslt sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-enveloped" \
+ "enveloped-signature sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-enveloping" \
+ "sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-manifest-x509-data-cert-chain" \
+ "sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-manifest-x509-data-cert" \
+ "sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-manifest-x509-data-issuer-serial" \
+ "sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-manifest-x509-data-ski" \
+ "sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-manifest-x509-data-subject-name" \
+ "sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --untrusted-$cert_format certs/rsa-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-manifest" \
+ "sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00"
+
+execDSigTest $res_success \
+ "phaos-xmldsig-three" \
+ "signature-rsa-xpath-transform-enveloped" \
+ "enveloped-signature xpath sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format --X509-skip-strict-checks --verification-time 2009-01-01+10:00:00"
+
+
+##########################################################################
+#
+# test dynamic signature
+#
+##########################################################################
+echo "Dynamic signature template"
+printf " Create new signature "
+echo "$xmlsec_app sign-tmpl $xmlsec_params --keys-file $keysfile --output $tmpfile" >> $logfile
+$VALGRIND $xmlsec_app sign-tmpl $xmlsec_params --keys-file $keysfile --output $tmpfile >> $logfile 2>> $logfile
+printRes $res_success $?
+printf " Verify new signature "
+echo "$xmlsec_app verify --keys-file $keysfile $tmpfile" >> $logfile
+$VALGRIND $xmlsec_app verify $xmlsec_params --keys-file $keysfile $tmpfile >> $logfile 2>> $logfile
+printRes $res_success $?
+
+
+##########################################################################
+##########################################################################
+##########################################################################
+echo "--------- These tests CAN FAIL (extra OS config required) ----------"
+execDSigTest $res_success \
+ "" \
+ "aleksey-xmldsig-01/enveloped-gost" \
+ "enveloped-signature gostr34102001-gostr3411 gostr3411" \
+ "gost" \
+ "--trusted-$cert_format $topfolder/keys/gost2001ca.$cert_format --untrusted-$cert_format $topfolder/keys/ca2cert.$cert_format --enabled-key-data x509" \
+ "" \
+ ""
+
+
+##########################################################################
+##########################################################################
+##########################################################################
+echo "--------- Negative Testing ----------"
+execDSigTest $res_fail \
+ "" \
+ "merlin-xmldsig-twenty-three/signature-x509-crt-crl" \
+ "sha1 rsa-sha1" \
+ "rsa x509" \
+ "--X509-skip-strict-checks --trusted-$cert_format $topfolder/merlin-xmldsig-twenty-three/certs/ca.$cert_format"
+
+execDSigTest $res_fail \
+ "" \
+ "aleksey-xmldsig-01/enveloping-expired-cert" \
+ "sha1 dsa-sha1" \
+ "dsa x509" \
+ "--trusted-$cert_format $topfolder/keys/cacert.$cert_format --enabled-key-data x509"
+
+execDSigTest $res_fail \
+ "" \
+ "aleksey-xmldsig-01/dtd-hmac-91" \
+ "sha1 hmac-sha1" \
+ "hmac" \
+ "--enabled-reference-uris empty --hmackey $topfolder/keys/hmackey.bin --dtd-file $topfolder/aleksey-xmldsig-01/dtd-hmac-91.dtd"
+
+execDSigTest $res_fail \
+ "phaos-xmldsig-three" \
+ "signature-rsa-detached-xslt-transform-bad-retrieval-method" \
+ "xslt sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format"
+
+execDSigTest $res_fail \
+ "phaos-xmldsig-three" \
+ "signature-rsa-enveloped-bad-digest-val" \
+ "enveloped-signature sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format"
+
+execDSigTest $res_fail \
+ "phaos-xmldsig-three" \
+ "signature-rsa-enveloped-bad-sig" \
+ "enveloped-signature sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format"
+
+execDSigTest $res_fail \
+ "phaos-xmldsig-three" \
+ "signature-rsa-manifest-x509-data-crl" \
+ "sha1 rsa-sha1" \
+ "rsa x509" \
+ "--trusted-$cert_format certs/rsa-ca-cert.$cert_format"
+
+##########################################################################
+##########################################################################
+##########################################################################
+echo "--- testDSig finished" >> $logfile
+echo "--- testDSig finished"
+echo "--- detailed log is written to $logfile"
+
diff --git a/tests/testEnc.sh b/tests/testEnc.sh
new file mode 100755
index 00000000..54d1ca81
--- /dev/null
+++ b/tests/testEnc.sh
@@ -0,0 +1,411 @@
+#!/bin/sh
+#
+# This script needs to be called from testrun.sh script
+#
+
+##########################################################################
+##########################################################################
+##########################################################################
+echo "--- testEnc started for xmlsec-$crypto library ($timestamp)"
+echo "--- LD_LIBRARY_PATH=$LD_LIBRARY_PATH"
+echo "--- log file is $logfile"
+echo "--- testEnc started for xmlsec-$crypto library ($timestamp)" >> $logfile
+echo "--- LD_LIBRARY_PATH=$LD_LIBRARY_PATH" >> $logfile
+
+##########################################################################
+##########################################################################
+##########################################################################
+echo "--------- Positive Testing ----------"
+
+##########################################################################
+#
+# aleksey-xmlenc-01
+#
+##########################################################################
+
+execEncTest $res_success \
+ "" \
+ "aleksey-xmlenc-01/enc-des3cbc-keyname" \
+ "tripledes-cbc" \
+ "--keys-file $topfolder/keys/keys.xml" \
+ "--keys-file $keysfile --binary-data $topfolder/aleksey-xmlenc-01/enc-des3cbc-keyname.data" \
+ "--keys-file $keysfile"
+
+execEncTest $res_success \
+ "" \
+ "aleksey-xmlenc-01/enc-des3cbc-keyname2" \
+ "tripledes-cbc" \
+ "--keys-file $topfolder/keys/keys.xml" \
+ "--keys-file $keysfile --binary-data $topfolder/aleksey-xmlenc-01/enc-des3cbc-keyname2.data" \
+ "--keys-file $keysfile"
+
+execEncTest $res_success \
+ "" \
+ "aleksey-xmlenc-01/enc-aes128cbc-keyname" \
+ "aes128-cbc" \
+ "--keys-file $topfolder/keys/keys.xml" \
+ "--keys-file $keysfile --binary-data $topfolder/aleksey-xmlenc-01/enc-aes128cbc-keyname.data" \
+ "--keys-file $keysfile"
+
+execEncTest $res_success \
+ "" \
+ "aleksey-xmlenc-01/enc-aes192cbc-keyname" \
+ "aes192-cbc" \
+ "--keys-file $topfolder/keys/keys.xml" \
+ "--keys-file $keysfile --binary-data $topfolder/aleksey-xmlenc-01/enc-aes192cbc-keyname.data" \
+ "--keys-file $keysfile"
+
+execEncTest $res_success \
+ "" \
+ "aleksey-xmlenc-01/enc-aes192cbc-keyname-ref" \
+ "aes192-cbc" \
+ "--keys-file $topfolder/keys/keys.xml"
+
+execEncTest $res_success \
+ "" \
+ "aleksey-xmlenc-01/enc-aes256cbc-keyname" \
+ "aes256-cbc" \
+ "--keys-file $topfolder/keys/keys.xml" \
+ "--keys-file $keysfile --binary-data $topfolder/aleksey-xmlenc-01/enc-aes256cbc-keyname.data" \
+ "--keys-file $keysfile"
+
+execEncTest $res_success \
+ "" \
+ "aleksey-xmlenc-01/enc-des3cbc-keyname-content" \
+ "tripledes-cbc" \
+ "--keys-file $topfolder/keys/keys.xml" \
+ "--keys-file $keysfile --xml-data $topfolder/aleksey-xmlenc-01/enc-des3cbc-keyname-content.data --node-id Test" \
+ "--keys-file $keysfile"
+
+execEncTest $res_success \
+ "" \
+ "aleksey-xmlenc-01/enc-des3cbc-keyname-element" \
+ "tripledes-cbc" \
+ "--keys-file $topfolder/keys/keys.xml" \
+ "--keys-file $keysfile --xml-data $topfolder/aleksey-xmlenc-01/enc-des3cbc-keyname-element.data --node-id Test" \
+ "--keys-file $keysfile"
+
+execEncTest $res_success \
+ "" \
+ "aleksey-xmlenc-01/enc-des3cbc-keyname-element-root" \
+ "tripledes-cbc" \
+ "--keys-file $topfolder/keys/keys.xml" \
+ "--keys-file $keysfile --xml-data $topfolder/aleksey-xmlenc-01/enc-des3cbc-keyname-element-root.data --node-id Test" \
+ "--keys-file $keysfile"
+
+execEncTest $res_success \
+ "" \
+ "aleksey-xmlenc-01/enc-des3cbc-aes192-keyname" \
+ "tripledes-cbc kw-aes192" \
+ "--keys-file $topfolder/keys/keys.xml --enabled-key-data key-name,enc-key" \
+ "--keys-file $keysfile --session-key des-192 --binary-data $topfolder/aleksey-xmlenc-01/enc-des3cbc-aes192-keyname.data" \
+ "--keys-file $keysfile"
+
+##########################################################################
+#
+# merlin-xmlenc-five
+#
+##########################################################################
+
+execEncTest $res_success \
+ "" \
+ "merlin-xmlenc-five/encrypt-data-aes128-cbc" \
+ "aes128-cbc" \
+ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml" \
+ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml --binary-data $topfolder/merlin-xmlenc-five/encrypt-data-aes128-cbc.data" \
+ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml"
+
+execEncTest $res_success \
+ "" \
+ "merlin-xmlenc-five/encrypt-content-tripledes-cbc" \
+ "tripledes-cbc" \
+ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml" \
+ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml --enabled-key-data key-name --xml-data $topfolder/merlin-xmlenc-five/encrypt-content-tripledes-cbc.data --node-id Payment" \
+ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml"
+
+execEncTest $res_success \
+ "" \
+ "merlin-xmlenc-five/encrypt-content-aes256-cbc-prop" \
+ "aes256-cbc" \
+ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml" \
+ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml --enabled-key-data key-name --xml-data $topfolder/merlin-xmlenc-five/encrypt-content-aes256-cbc-prop.data --node-id Payment" \
+ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml"
+
+execEncTest $res_success \
+ "" \
+ "merlin-xmlenc-five/encrypt-element-aes192-cbc-ref" \
+ "aes192-cbc" \
+ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml"
+
+execEncTest $res_success \
+ "" \
+ "merlin-xmlenc-five/encrypt-element-aes128-cbc-rsa-1_5" \
+ "aes128-cbc rsa-1_5" \
+ "$priv_key_option $topfolder/merlin-xmlenc-five/rsapriv.$priv_key_format --pwd secret" \
+ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml --session-key aes-128 $priv_key_option $topfolder/merlin-xmlenc-five/rsapriv.$priv_key_format --xml-data $topfolder/merlin-xmlenc-five/encrypt-element-aes128-cbc-rsa-1_5.data --node-id Purchase --pwd secret" \
+ "$priv_key_option $topfolder/merlin-xmlenc-five/rsapriv.$priv_key_format --pwd secret"
+
+execEncTest $res_success \
+ "" \
+ "merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p" \
+ "tripledes-cbc rsa-oaep-mgf1p" \
+ "$priv_key_option $topfolder/merlin-xmlenc-five/rsapriv.$priv_key_format --pwd secret" \
+ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml --session-key des-192 $priv_key_option $topfolder/merlin-xmlenc-five/rsapriv.$priv_key_format --binary-data $topfolder/merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p.data --pwd secret" \
+ "$priv_key_option $topfolder/merlin-xmlenc-five/rsapriv.$priv_key_format --pwd secret"
+
+execEncTest $res_success \
+ "" \
+ "merlin-xmlenc-five/encrypt-data-aes256-cbc-kw-tripledes" \
+ "aes256-cbc kw-tripledes" \
+ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml" \
+ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml --session-key aes-256 --binary-data $topfolder/merlin-xmlenc-five/encrypt-data-aes256-cbc-kw-tripledes.data" \
+ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml"
+
+execEncTest $res_success \
+ "" \
+ "merlin-xmlenc-five/encrypt-content-aes128-cbc-kw-aes192" \
+ "aes128-cbc kw-aes192" \
+ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml" \
+ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml --session-key aes-128 --node-name urn:example:po:PaymentInfo --xml-data $topfolder/merlin-xmlenc-five/encrypt-content-aes128-cbc-kw-aes192.data" \
+ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml"
+
+execEncTest $res_success \
+ "" \
+ "merlin-xmlenc-five/encrypt-data-aes192-cbc-kw-aes256" \
+ "aes192-cbc kw-aes256" \
+ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml" \
+ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml --session-key aes-192 --binary-data $topfolder/merlin-xmlenc-five/encrypt-data-aes192-cbc-kw-aes256.data" \
+ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml"
+
+execEncTest $res_success \
+ "" \
+ "merlin-xmlenc-five/encrypt-element-tripledes-cbc-kw-aes128" \
+ "tripledes-cbc kw-aes128" \
+ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml" \
+ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml --session-key des-192 --node-name urn:example:po:PaymentInfo --xml-data $topfolder/merlin-xmlenc-five/encrypt-element-tripledes-cbc-kw-aes128.data" \
+ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml"
+
+execEncTest $res_success \
+ "" \
+ "merlin-xmlenc-five/encrypt-element-aes256-cbc-retrieved-kw-aes256" \
+ "aes256-cbc kw-aes256" \
+ "--keys-file $topfolder/merlin-xmlenc-five/keys.xml"
+
+
+#merlin-xmlenc-five/encrypt-data-tripledes-cbc-rsa-oaep-mgf1p-sha256.xml
+
+#merlin-xmlenc-five/encrypt-element-aes256-cbc-carried-kw-aes256.xml
+#merlin-xmlenc-five/decryption-transform-except.xml
+#merlin-xmlenc-five/decryption-transform.xml
+
+#merlin-xmlenc-five/encrypt-element-aes256-cbc-kw-aes256-dh-ripemd160.xml
+#merlin-xmlenc-five/encrypt-content-aes192-cbc-dh-sha512.xml
+#merlin-xmlenc-five/encsig-hmac-sha256-dh.xml
+#merlin-xmlenc-five/encsig-hmac-sha256-kw-tripledes-dh.xml
+
+##########################################################################
+#
+# 01-phaos-xmlenc-3
+#
+##########################################################################
+
+execEncTest $res_success \
+ "" \
+ "01-phaos-xmlenc-3/enc-element-3des-kt-rsa1_5" \
+ "tripledes-cbc rsa-1_5" \
+ "$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret" \
+ "--session-key des-192 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-element-3des-kt-rsa1_5.data --node-name http://example.org/paymentv2:CreditCard" \
+ "$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret"
+
+execEncTest $res_success \
+ "" \
+ "01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha1" \
+ "tripledes-cbc rsa-oaep-mgf1p" \
+ "$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret" \
+ "--session-key des-192 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha1.data --node-name http://example.org/paymentv2:CreditCard" \
+ "$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret"
+
+execEncTest $res_success \
+ "" \
+ "01-phaos-xmlenc-3/enc-element-aes128-kt-rsa1_5" \
+ "aes128-cbc rsa-1_5" \
+ "$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret" \
+ "--session-key aes-128 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-element-aes128-kt-rsa1_5.data --node-name http://example.org/paymentv2:CreditCard" \
+ "$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret"
+
+execEncTest $res_success \
+ "" \
+ "01-phaos-xmlenc-3/enc-element-aes128-kt-rsa_oaep_sha1" \
+ "aes128-cbc rsa-oaep-mgf1p" \
+ "$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret" \
+ "--session-key aes-128 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-element-aes128-kt-rsa_oaep_sha1.data --node-name http://example.org/paymentv2:CreditCard" \
+ "$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret"
+
+execEncTest $res_success \
+ "" \
+ "01-phaos-xmlenc-3/enc-element-aes192-kt-rsa_oaep_sha1" \
+ "aes192-cbc rsa-oaep-mgf1p" \
+ "$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret" \
+ "--session-key aes-192 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-element-aes192-kt-rsa_oaep_sha1.data --node-name http://example.org/paymentv2:CreditCard" \
+ "$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret"
+
+execEncTest $res_success \
+ "" \
+ "01-phaos-xmlenc-3/enc-text-aes192-kt-rsa1_5" \
+ "aes192-cbc rsa-1_5" \
+ "$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret" \
+ "--session-key aes-192 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-text-aes192-kt-rsa1_5.data --node-name http://example.org/paymentv2:CreditCard" \
+ "$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret"
+
+execEncTest $res_success \
+ "" \
+ "01-phaos-xmlenc-3/enc-content-aes256-kt-rsa1_5" \
+ "aes256-cbc rsa-1_5" \
+ "$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret" \
+ "--session-key aes-256 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-content-aes256-kt-rsa1_5.data --node-name http://example.org/paymentv2:CreditCard" \
+ "$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret"
+
+execEncTest $res_success \
+ "" \
+ "01-phaos-xmlenc-3/enc-text-aes256-kt-rsa_oaep_sha1" \
+ "aes256-cbc rsa-oaep-mgf1p" \
+ "$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret" \
+ "--session-key aes-256 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-text-aes256-kt-rsa_oaep_sha1.data --node-name http://example.org/paymentv2:CreditCard" \
+ "$priv_key_option $topfolder/01-phaos-xmlenc-3/rsa-priv-key.$priv_key_format --pwd secret"
+
+execEncTest $res_success \
+ "" \
+ "01-phaos-xmlenc-3/enc-element-3des-kw-3des" \
+ "tripledes-cbc kw-tripledes" \
+ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" \
+ "--session-key des-192 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-element-3des-kw-3des.data --node-name http://example.org/paymentv2:CreditCard" \
+ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml"
+
+execEncTest $res_success \
+ "" \
+ "01-phaos-xmlenc-3/enc-content-aes128-kw-3des" \
+ "aes128-cbc kw-tripledes" \
+ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" \
+ "--session-key aes-128 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-content-aes128-kw-3des.data --node-name http://example.org/paymentv2:CreditCard" \
+ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml"
+
+execEncTest $res_success \
+ "" \
+ "01-phaos-xmlenc-3/enc-element-aes128-kw-aes128" \
+ "aes128-cbc kw-aes128" \
+ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" \
+ "--session-key aes-128 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-element-aes128-kw-aes128.data --node-name http://example.org/paymentv2:CreditCard" \
+ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml"
+
+execEncTest $res_success \
+ "" \
+ "01-phaos-xmlenc-3/enc-element-aes128-kw-aes256" \
+ "aes128-cbc kw-aes256" \
+ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" \
+ "--session-key aes-128 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-element-aes128-kw-aes256.data --node-name http://example.org/paymentv2:CreditCard" \
+ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml"
+
+execEncTest $res_success \
+ "" \
+ "01-phaos-xmlenc-3/enc-content-3des-kw-aes192" \
+ "tripledes-cbc kw-aes192" \
+ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" \
+ "--session-key des-192 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-content-3des-kw-aes192.data --node-name http://example.org/paymentv2:CreditCard" \
+ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml"
+
+execEncTest $res_success \
+ "" \
+ "01-phaos-xmlenc-3/enc-content-aes192-kw-aes256" \
+ "aes192-cbc kw-aes256" \
+ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" \
+ "--session-key aes-192 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-content-aes192-kw-aes256.data --node-name http://example.org/paymentv2:CreditCard" \
+ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml"
+
+execEncTest $res_success \
+ "" \
+ "01-phaos-xmlenc-3/enc-element-aes192-kw-aes192" \
+ "aes192-cbc kw-aes192" \
+ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" \
+ "--session-key aes-192 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-element-aes192-kw-aes192.data --node-name http://example.org/paymentv2:CreditCard" \
+ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml"
+
+execEncTest $res_success \
+ "" \
+ "01-phaos-xmlenc-3/enc-element-aes256-kw-aes256" \
+ "aes256-cbc kw-aes256" \
+ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" \
+ "--session-key aes-256 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-element-aes256-kw-aes256.data --node-name http://example.org/paymentv2:CreditCard" \
+ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml"
+
+execEncTest $res_success \
+ "" \
+ "01-phaos-xmlenc-3/enc-text-3des-kw-aes256" \
+ "tripledes-cbc kw-aes256" \
+ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" \
+ "--session-key des-192 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-text-3des-kw-aes256.data --node-name http://example.org/paymentv2:CreditCard" \
+ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml"
+
+execEncTest $res_success \
+ "" \
+ "01-phaos-xmlenc-3/enc-text-aes128-kw-aes192" \
+ "aes128-cbc kw-aes192" \
+ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml" \
+ "--session-key aes-128 --keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-key-data key-name --xml-data $topfolder/01-phaos-xmlenc-3/enc-text-aes128-kw-aes192.data --node-name http://example.org/paymentv2:CreditCard" \
+ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml"
+
+#01-phaos-xmlenc-3/enc-element-3des-ka-dh.xml
+#01-phaos-xmlenc-3/enc-element-aes128-ka-dh.xml
+#01-phaos-xmlenc-3/enc-element-aes192-ka-dh.xml
+#01-phaos-xmlenc-3/enc-element-aes256-ka-dh.xml
+
+#01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha256.xml
+#01-phaos-xmlenc-3/enc-element-3des-kt-rsa_oaep_sha512.xml
+
+##########################################################################
+#
+# test dynamicencryption
+#
+##########################################################################
+echo "Dynamic encryption template"
+printf " Encrypt template "
+echo "$xmlsec_app encrypt-tmpl $xmlsec_params --keys-file $keysfile --output $tmpfile" >> $logfile
+$VALGRIND $xmlsec_app encrypt-tmpl $xmlsec_params --keys-file $keysfile --output $tmpfile >> $logfile 2>> $logfile
+printRes $res_success $?
+printf " Decrypt document "
+echo "$xmlsec_app decrypt $xmlsec_params $keysfile $tmpfile" >> $logfile
+$VALGRIND $xmlsec_app decrypt $xmlsec_params --keys-file $keysfile $tmpfile >> $logfile 2>> $logfile
+printRes $res_success $?
+
+
+##########################################################################
+##########################################################################
+##########################################################################
+echo "--------- Negative Testing: Following tests MUST FAIL ----------"
+echo "--- detailed log is written to $logfile"
+execEncTest $res_fail \
+ "" \
+ "01-phaos-xmlenc-3/bad-alg-enc-element-aes128-kw-3des" \
+ "" \
+ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml"
+
+execEncTest $res_fail \
+ "" \
+ "aleksey-xmlenc-01/enc-aes192cbc-keyname-ref" \
+ "" \
+ "--keys-file $topfolder/keys/keys.xml --enabled-cipher-reference-uris empty"
+
+execEncTest $res_fail \
+ "" \
+ "01-phaos-xmlenc-3/enc-content-aes256-kt-rsa1_5" \
+ "" \
+ "--keys-file $topfolder/01-phaos-xmlenc-3/keys.xml --enabled-retrieval-method-uris empty"
+
+rm -rf $tmpfile
+
+##########################################################################
+##########################################################################
+##########################################################################
+echo "--- testEnc finished" >> $logfile
+echo "--- testEnc finished"
+echo "--- detailed log is written to $logfile"
+
diff --git a/tests/testKeys.sh b/tests/testKeys.sh
new file mode 100755
index 00000000..1bf7dc23
--- /dev/null
+++ b/tests/testKeys.sh
@@ -0,0 +1,69 @@
+#!/bin/sh
+#
+# This script needs to be called from testrun.sh script
+#
+
+##########################################################################
+##########################################################################
+##########################################################################
+echo "--- testKeys started for xmlsec-$crypto library ($timestamp) ---"
+echo "--- LD_LIBRARY_PATH=$LD_LIBRARY_PATH"
+echo "--- log file is $logfile"
+echo "--- testKeys started for xmlsec-$crypto library ($timestamp) ---" >> $logfile
+echo "--- LD_LIBRARY_PATH=$LD_LIBRARY_PATH" >> $logfile
+
+# cleanup crypto config folder
+mkdir -p $crypto_config
+rm -rf $crypto_config/*
+
+# remove old keys file and copy NSS DB files if needed
+rm -rf $keysfile
+if [ "z$crypto" = "znss" ] ; then
+ cp -f $nssdbfolder/*.db $crypto_config
+fi
+
+##########################################################################
+##########################################################################
+##########################################################################
+echo "--------- Positive Testing ----------"
+execKeysTest $res_success \
+ "hmac" \
+ "test-hmac-sha1" \
+ "hmac-192"
+
+execKeysTest $res_success \
+ "rsa " \
+ "test-rsa " \
+ "rsa-1024"
+
+execKeysTest $res_success \
+ "dsa " \
+ "test-dsa " \
+ "dsa-1024"
+
+execKeysTest $res_success \
+ "des " \
+ "test-des " \
+ "des-192 "
+
+execKeysTest $res_success \
+ "aes " \
+ "test-aes128 " \
+ "aes-128 "
+
+execKeysTest $res_success \
+ "aes " \
+ "test-aes192 " \
+ "aes-192 "
+
+execKeysTest $res_success \
+ "aes " \
+ "test-aes256 " \
+ "aes-256 "
+
+##########################################################################
+##########################################################################
+##########################################################################
+echo "--- testKeys finished ---" >> $logfile
+echo "--- testKeys finished ---"
+echo "--- detailed log is written to $logfile ---"
diff --git a/tests/testRes.sh b/tests/testRes.sh
new file mode 100755
index 00000000..5514f72d
--- /dev/null
+++ b/tests/testRes.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+if [ "z$TMPFOLDER" = "z" ] ; then
+ TMPFOLDER=/tmp
+fi
+
+logfiles='$TMPFOLDER/test*.log'
+
+echo "-------------------- MEMORY USAGE --------------------"
+grep 'in use' $logfiles | \
+ sed 's/==.*==//' | \
+ sort -u
+
+echo "-------------------- ERRORS --------------------"
+grep 'ERROR SUMMARY' $logfiles | \
+ sed 's/==.*==//' | \
+ sed 's/(suppressed: .*//' | \
+ sort -u
+
+ \ No newline at end of file
diff --git a/tests/testXKMS.sh b/tests/testXKMS.sh
new file mode 100755
index 00000000..be972dd1
--- /dev/null
+++ b/tests/testXKMS.sh
@@ -0,0 +1,129 @@
+#!/bin/sh
+#
+# This script needs to be called from testrun.sh script
+#
+
+##########################################################################
+##########################################################################
+##########################################################################
+echo "--- testXKMS started for xmlsec-$crypto library ($timestamp)"
+echo "--- LD_LIBRARY_PATH=$LD_LIBRARY_PATH"
+echo "--- log file is $logfile"
+echo "--- testXKMS started for xmlsec-$crypto library ($timestamp)" >> $logfile
+echo "--- LD_LIBRARY_PATH=$LD_LIBRARY_PATH" >> $logfile
+
+##########################################################################
+##########################################################################
+##########################################################################
+echo "--------- Positive Testing ----------"
+
+execXkmsServerRequestTest $res_success \
+ "" \
+ "aleksey-xkms-01/locate-example-1" \
+ "" \
+ "no-match" \
+ "--xkms-service http://www.example.com/xkms"
+
+execXkmsServerRequestTest $res_success \
+ "" \
+ "aleksey-xkms-01/locate-example-1" \
+ "" \
+ "bad-service" \
+ "--xkms-service http://www.example.com/xkms-bad-service"
+
+execXkmsServerRequestTest $res_success \
+ "" \
+ "aleksey-xkms-01/locate-example-2" \
+ "" \
+ "no-match" \
+ "--xkms-service http://www.example.com/xkms"
+
+execXkmsServerRequestTest $res_success \
+ "" \
+ "aleksey-xkms-01/validate-example-1" \
+ "" \
+ "no-match" \
+ "--xkms-service http://www.example.com/xkms"
+
+execXkmsServerRequestTest $res_success \
+ "" \
+ "aleksey-xkms-01/locate-opaque-client-data" \
+ "" \
+ "no-match" \
+ "--xkms-service http://www.example.com/xkms"
+
+execXkmsServerRequestTest $res_success \
+ "" \
+ "aleksey-xkms-01/compound-example-1" \
+ "" \
+ "no-match" \
+ "--xkms-service http://www.example.com/xkms"
+
+execXkmsServerRequestTest $res_success \
+ "" \
+ "aleksey-xkms-01/status-request" \
+ "" \
+ "success" \
+ "--xkms-service http://www.example.com/xkms"
+
+execXkmsServerRequestTest $res_success \
+ "" \
+ "aleksey-xkms-01/bad-request-name" \
+ "" \
+ "not-supported" \
+ "--xkms-service http://www.example.com/xkms"
+
+execXkmsServerRequestTest $res_success \
+ "" \
+ "aleksey-xkms-01/soap12-locate-example-1" \
+ "" \
+ "no-match" \
+ "--xkms-service http://www.example.com/xkms --xkms-format soap-1.2"
+
+execXkmsServerRequestTest $res_success \
+ "" \
+ "aleksey-xkms-01/soap11-locate-example-1" \
+ "" \
+ "unsupported" \
+ "--xkms-service http://www.example.com/xkms --xkms-format soap-1.2"
+
+execXkmsServerRequestTest $res_success \
+ "" \
+ "aleksey-xkms-01/soap12-bad-request-name" \
+ "" \
+ "msg-invalid" \
+ "--xkms-service http://www.example.com/xkms --xkms-format soap-1.2"
+
+execXkmsServerRequestTest $res_success \
+ "" \
+ "aleksey-xkms-01/soap11-locate-example-1" \
+ "" \
+ "no-match" \
+ "--xkms-service http://www.example.com/xkms --xkms-format soap-1.1"
+
+execXkmsServerRequestTest $res_success \
+ "" \
+ "aleksey-xkms-01/soap12-locate-example-1" \
+ "" \
+ "unsupported" \
+ "--xkms-service http://www.example.com/xkms --xkms-format soap-1.1"
+
+execXkmsServerRequestTest $res_success \
+ "" \
+ "aleksey-xkms-01/soap11-bad-request-name" \
+ "" \
+ "msg-invalid" \
+ "--xkms-service http://www.example.com/xkms --xkms-format soap-1.1"
+
+##########################################################################
+##########################################################################
+##########################################################################
+echo "--------- Negative Testing ----------"
+
+##########################################################################
+##########################################################################
+##########################################################################
+echo "--- testXKMS finished" >> $logfile
+echo "--- testXKMS finished"
+echo "--- detailed log is written to $logfile"
+
diff --git a/tests/testrun.sh b/tests/testrun.sh
new file mode 100755
index 00000000..c1f629b8
--- /dev/null
+++ b/tests/testrun.sh
@@ -0,0 +1,443 @@
+#!/bin/sh
+
+OS_ARCH=`uname -o`
+OS_KERNEL=`uname -s`
+
+#
+# Get command line params
+#
+testfile="$1"
+crypto="$2"
+topfolder="$3"
+xmlsec_app="$4"
+file_format="$5"
+timestamp=`date +%Y%m%d_%H%M%S`
+
+if [ "z$OS_ARCH" = "zCygwin" ] ; then
+ topfolder=`cygpath -wa "$topfolder"`
+ xmlsec_app=`cygpath -a "$xmlsec_app"`
+fi
+
+#
+# Prepare folders
+#
+if [ "z$TMPFOLDER" = "z" ] ; then
+ TMPFOLDER=/tmp
+fi
+testname=`basename $testfile`
+if [ "z$OS_ARCH" = "zCygwin" ] ; then
+ tmpfile=`cygpath -wa $TMPFOLDER/$testname.$timestamp-$$.tmp`
+ logfile=`cygpath -wa $TMPFOLDER/$testname.$timestamp-$$.log`
+else
+ tmpfile=$TMPFOLDER/$testname.$timestamp-$$.tmp
+ logfile=$TMPFOLDER/$testname.$timestamp-$$.log
+fi
+nssdbfolder=$topfolder/nssdb
+
+#
+# Valgrind
+#
+valgrind_suppression="--suppressions=$topfolder/openssl.supp --suppressions=$topfolder/nss.supp"
+valgrind_options="--leak-check=yes --show-reachable=yes --num-callers=32 -v"
+if [ -n "$DEBUG_MEMORY" ] ; then
+ export VALGRIND="valgrind $valgrind_options"
+ export REPEAT=3
+ xmlsec_params="$xmlsec_params --repeat $REPEAT"
+fi
+
+#
+# Setup crypto engine
+#
+crypto_config=$TMPFOLDER/xmlsec-crypto-config
+keysfile=$crypto_config/keys.xml
+if [ "z$XMLSEC_DEFAULT_CRYPTO" != "z" ] ; then
+ xmlsec_params="$xmlsec_params --crypto $XMLSEC_DEFAULT_CRYPTO"
+elif [ "z$crypto" != "z" ] ; then
+ xmlsec_params="$xmlsec_params --crypto $crypto"
+fi
+xmlsec_params="$xmlsec_params --crypto-config $crypto_config"
+
+#
+# Setup keys config
+#
+pub_key_format=$file_format
+cert_format=$file_format
+
+#
+# GCrypt/GnuTLS only supports DER format for now, others are good to go with PKCS12
+#
+if [ "z$crypto" != "zgcrypt" ] ; then
+ priv_key_option="--pkcs12"
+ priv_key_format="p12"
+else
+ priv_key_option="--privkey-der"
+ priv_key_format="der"
+ pub_key_format="der"
+fi
+
+# On Windows, one needs to specify Crypto Service Provider (CSP)
+# in the pkcs12 file to ensure it is loaded correctly to be used
+# with SHA2 algorithms. Worse, the CSP is different for XP and older
+# versions
+if test "z$OS_ARCH" = "zCygwin" || test "z$OS_ARCH" = "zMsys" ; then
+ # Samples:
+ # Cygwin : CYGWIN_NT-5.1
+ # Msys : MINGW32_NT-5.1
+ if expr "$OS_KERNEL" : '.*_NT-5\.1' > /dev/null; then
+ priv_key_suffix="-winxp"
+ else
+ priv_key_suffix="-win"
+ fi
+else
+ priv_key_suffix=""
+fi
+
+
+#
+# Misc
+#
+if [ -n "$PERF_TEST" ] ; then
+ xmlsec_params="$xmlsec_params --repeat $PERF_TEST"
+fi
+
+if test "z$OS_ARCH" = "zCygwin" || test "z$OS_ARCH" = "zMsys" ; then
+ diff_param=-uw
+else
+ diff_param=-u
+fi
+
+#
+# Check the command result and print it to stdout
+#
+res_success="success"
+res_fail="fail"
+printRes() {
+ expected_res="$1"
+ actual_res="$2"
+
+ # convert status to string
+ if [ $actual_res = 0 ]; then
+ actual_res=$res_success
+ else
+ actual_res=$res_fail
+ fi
+
+ # check
+ if [ "z$expected_res" = "z$actual_res" ] ; then
+ echo " OK"
+ else
+ echo " Fail"
+ fi
+
+ # memlog
+ if [ -f .memdump ] ; then
+ cat .memdump >> $logfile
+ fi
+}
+
+#
+# Keys Manager test function
+#
+execKeysTest() {
+ expected_res="$1"
+ req_key_data="$2"
+ key_name="$3"
+ alg_name="$4"
+
+ # prepare
+ rm -f $tmpfile
+ old_pwd=`pwd`
+
+ # check params
+ if [ "z$expected_res" != "z$res_success" -a "z$expected_res" != "z$res_fail" ] ; then
+ echo " Bad parameter: expected_res=$expected_res"
+ cd $old_pwd
+ return
+ fi
+ echo "Test: $alg_name ($expected_res)"
+
+ # check key data
+ if [ -n "$req_key_data" ] ; then
+ printf " Checking required key data "
+ echo "$xmlsec_app check-key-data $xmlsec_params $req_key_data" >> $logfile
+ $xmlsec_app check-key-data $xmlsec_params $req_key_data >> $logfile 2>> $logfile
+ res=$?
+ if [ $res = 0 ]; then
+ echo " OK"
+ else
+ echo " Skip"
+ return
+ fi
+ fi
+
+ # run tests
+ printf " Creating new key "
+ params="--gen-key:$key_name $alg_name"
+ if [ -f $keysfile ] ; then
+ params="$params --keys-file $keysfile"
+ fi
+ echo "$xmlsec_app keys $params $xmlsec_params $keysfile" >> $logfile
+ $VALGRIND $xmlsec_app keys $params $xmlsec_params $keysfile >> $logfile 2>> $logfile
+ printRes $expected_res $?
+
+ # cleanup
+ cd $old_pwd
+ rm -f $tmpfile
+}
+
+#
+# DSig test function
+#
+execDSigTest() {
+ expected_res="$1"
+ folder="$2"
+ filename="$3"
+ req_transforms="$4"
+ req_key_data="$5"
+ params1="$6"
+ params2="$7"
+ params3="$8"
+
+ # prepare
+ rm -f $tmpfile
+ old_pwd=`pwd`
+
+ # check params
+ if [ "z$expected_res" != "z$res_success" -a "z$expected_res" != "z$res_fail" ] ; then
+ echo " Bad parameter: expected_res=$expected_res"
+ cd $old_pwd
+ return
+ fi
+ if [ -n "$folder" ] ; then
+ cd $topfolder/$folder
+ full_file=$filename
+ echo $folder/$filename
+ echo "Test: $folder/$filename in folder " `pwd` " ($expected_res)" >> $logfile
+ else
+ full_file=$topfolder/$filename
+ echo $filename
+ echo "Test: $folder/$filename ($expected_res)" >> $logfile
+ fi
+
+ # check transforms
+ if [ -n "$req_transforms" ] ; then
+ printf " Checking required transforms "
+ echo "$xmlsec_app check-transforms $xmlsec_params $req_transforms" >> $logfile
+ $xmlsec_app check-transforms $xmlsec_params $req_transforms >> $logfile 2>> $logfile
+ res=$?
+ if [ $res = 0 ]; then
+ echo " OK"
+ else
+ echo " Skip"
+ cd $old_pwd
+ return
+ fi
+ fi
+
+ # check key data
+ if [ -n "$req_key_data" ] ; then
+ printf " Checking required key data "
+ echo "$xmlsec_app check-key-data $xmlsec_params $req_key_data" >> $logfile
+ $xmlsec_app check-key-data $xmlsec_params $req_key_data >> $logfile 2>> $logfile
+ res=$?
+ if [ $res = 0 ]; then
+ echo " OK"
+ else
+ echo "Skip"
+ return
+ fi
+ fi
+
+ # run tests
+ if [ -n "$params1" ] ; then
+ printf " Verify existing signature "
+ echo "$xmlsec_app verify $xmlsec_params $params1 $full_file.xml" >> $logfile
+ $VALGRIND $xmlsec_app verify $xmlsec_params $params1 $full_file.xml >> $logfile 2>> $logfile
+ printRes $expected_res $?
+ fi
+
+ if [ -n "$params2" -a -z "$PERF_TEST" ] ; then
+ printf " Create new signature "
+ echo "$xmlsec_app sign $xmlsec_params $params2 --output $tmpfile $full_file.tmpl" >> $logfile
+ $VALGRIND $xmlsec_app sign $xmlsec_params $params2 --output $tmpfile $full_file.tmpl >> $logfile 2>> $logfile
+ printRes $expected_res $?
+ fi
+
+ if [ -n "$params3" -a -z "$PERF_TEST" ] ; then
+ printf " Verify new signature "
+ echo "$xmlsec_app verify $xmlsec_params $params3 $tmpfile" >> $logfile
+ $VALGRIND $xmlsec_app verify $xmlsec_params $params3 $tmpfile >> $logfile 2>> $logfile
+ printRes $expected_res $?
+ fi
+
+ # cleanup
+ cd $old_pwd
+ rm -f $tmpfile
+}
+
+#
+# Enc test function
+#
+execEncTest() {
+ expected_res="$1"
+ folder="$2"
+ filename="$3"
+ req_transforms="$4"
+ params1="$5"
+ params2="$6"
+ params3="$7"
+
+ # prepare
+ rm -f $tmpfile $tmpfile.2
+ old_pwd=`pwd`
+
+ # check params
+ if [ "z$expected_res" != "z$res_success" -a "z$expected_res" != "z$res_fail" ] ; then
+ echo " Bad parameter: expected_res=$expected_res"
+ cd $old_pwd
+ return
+ fi
+ if [ -n "$folder" ] ; then
+ cd $topfolder/$folder
+ full_file=$filename
+ echo $folder/$filename
+ echo "Test: $folder/$filename in folder " `pwd` " ($expected_res)" >> $logfile
+ else
+ full_file=$topfolder/$filename
+ echo $filename
+ echo "Test: $folder/$filename ($expected_res)" >> $logfile
+ fi
+
+ # check transforms
+ if [ -n "$req_transforms" ] ; then
+ printf " Checking required transforms "
+ echo "$xmlsec_app check-transforms $xmlsec_params $req_transforms" >> $logfile
+ $xmlsec_app check-transforms $xmlsec_params $req_transforms >> $logfile 2>> $logfile
+ res=$?
+ if [ $res = 0 ]; then
+ echo " OK"
+ else
+ echo " Skip"
+ return
+ fi
+ fi
+
+ # run tests
+ if [ -n "$params1" ] ; then
+ rm -f $tmpfile
+ printf " Decrypt existing document "
+ echo "$xmlsec_app decrypt $xmlsec_params $params1 $full_file.xml" >> $logfile
+ $VALGRIND $xmlsec_app decrypt $xmlsec_params $params1 $full_file.xml > $tmpfile 2>> $logfile
+ res=$?
+ if [ $res = 0 ]; then
+ diff $diff_param $full_file.data $tmpfile >> $logfile 2>> $logfile
+ printRes $expected_res $?
+ else
+ printRes $expected_res $res
+ fi
+ fi
+
+ if [ -n "$params2" -a -z "$PERF_TEST" ] ; then
+ rm -f $tmpfile
+ printf " Encrypt document "
+ echo "$xmlsec_app encrypt $xmlsec_params $params2 --output $tmpfile $full_file.tmpl" >> $logfile
+ $VALGRIND $xmlsec_app encrypt $xmlsec_params $params2 --output $tmpfile $full_file.tmpl >> $logfile 2>> $logfile
+ printRes $expected_res $?
+ fi
+
+ if [ -n "$params3" -a -z "$PERF_TEST" ] ; then
+ rm -f $tmpfile.2
+ printf " Decrypt new document "
+ echo "$xmlsec_app decrypt $xmlsec_params $params3 --output $tmpfile.2 $tmpfile" >> $logfile
+ $VALGRIND $xmlsec_app decrypt $xmlsec_params $params3 --output $tmpfile.2 $tmpfile >> $logfile 2>> $logfile
+ res=$?
+ if [ $res = 0 ]; then
+ diff $diff_param $full_file.data $tmpfile.2 >> $logfile 2>> $logfile
+ printRes $expected_res $?
+ else
+ printRes $expected_res $res
+ fi
+ fi
+
+ # cleanup
+ cd $old_pwd
+ rm -f $tmpfile $tmpfile.2
+}
+
+execXkmsServerRequestTest() {
+ expected_res="$1"
+ folder="$2"
+ filename="$3"
+ req_transforms="$4"
+ response="$5"
+ params1="$6"
+
+ # prepare
+ rm -f $tmpfile $tmpfile.2 tmpfile.3
+ old_pwd=`pwd`
+
+ # check params
+ if [ "z$expected_res" != "z$res_success" -a "z$expected_res" != "z$res_fail" ] ; then
+ echo " Bad parameter: expected_res=$expected_res"
+ cd $old_pwd
+ return
+ fi
+ if [ -n "$folder" ] ; then
+ cd $topfolder/$folder
+ full_file=$filename
+ full_resfile=$filename-$response
+ echo "$folder/$filename ($response)"
+ echo "Test: $folder/$filename in folder " `pwd` " $response ($expected_res)" >> $logfile
+ else
+ full_file=$topfolder/$filename
+ full_resfile=$topfolder/$filename-$response
+ echo "$filename ($response)"
+ echo "Test: $folder/$filename $response ($expected_res)" >> $logfile
+ fi
+
+ # check transforms
+ if [ -n "$req_transforms" ] ; then
+ printf " Checking required transforms "
+ echo "$xmlsec_app check-transforms $xmlsec_params $req_transforms" >> $logfile
+ $xmlsec_app check-transforms $xmlsec_params $req_transforms >> $logfile 2>> $logfile
+ res=$?
+ if [ $res = 0 ]; then
+ echo " OK"
+ else
+ echo " Skip"
+ return
+ fi
+ fi
+
+ # run tests
+ if [ -n "$params1" ] ; then
+ printf " Processing xkms request "
+ echo "$xmlsec_app --xkms-server-request --output $tmpfile $xmlsec_params $params1 $full_file.xml" >> $logfile
+ $VALGRIND $xmlsec_app --xkms-server-request --output $tmpfile $xmlsec_params $params1 $full_file.xml >> $logfile 2>> $logfile
+ res=$?
+ if [ $res = 0 ]; then
+ # cleanup Id attribute because it is generated every time
+ sed 's/ Id="[^\"]*"/ Id=""/g' $full_resfile > $tmpfile.2
+ sed 's/ Id="[^\"]*"/ Id=""/g' $tmpfile > $tmpfile.3
+ diff $tmpfile.2 $tmpfile.3 >> $logfile 2>> $logfile
+ printRes $expected_res $?
+ else
+ printRes $expected_res $res
+ fi
+ fi
+
+ # cleanup
+ cd $old_pwd
+ rm -f $tmpfile $tmpfile.2 tmpfile.3
+}
+
+
+# prepare
+rm -rf $tmpfile $tmpfile.2 tmpfile.3
+
+# run tests
+source "$testfile"
+
+# cleanup
+rm -rf $tmpfile $tmpfile.2 tmpfile.3
+
diff --git a/tests/xmldsig2ed-tests/c14n11/xml-base-input.xml b/tests/xmldsig2ed-tests/c14n11/xml-base-input.xml
new file mode 100644
index 00000000..68adb249
--- /dev/null
+++ b/tests/xmldsig2ed-tests/c14n11/xml-base-input.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<ietf:c14n11XmlBaseDoc1 xmlns:ietf="http://www.ietf.org" xmlns:w3c="http://www.w3.org" xml:base="http://xmlbase.example.org/xmlbase0/">
+ <ietf:e1 xml:base="/xmlbase1/">
+ <ietf:e11 xml:base="/xmlbase11/">
+ <ietf:e111 xml:base="/xmlbase111/"/>
+ </ietf:e11>
+ <ietf:e12 at="2">
+ <ietf:e121 xml:base="/xmlbase121/"/>
+ </ietf:e12>
+ </ietf:e1>
+ <ietf:e2>
+ <ietf:e21 xml:base="/xmlbase21/"/>
+ </ietf:e2>
+ <ietf:e3>
+ <ietf:e31 at="3"/>
+ </ietf:e3>
+</ietf:c14n11XmlBaseDoc1>
diff --git a/tests/xmldsig2ed-tests/defCan-1.tmpl b/tests/xmldsig2ed-tests/defCan-1.tmpl
new file mode 100644
index 00000000..a825ea83
--- /dev/null
+++ b/tests/xmldsig2ed-tests/defCan-1.tmpl
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2006/12/xml-c14n11"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/><Reference URI="c14n11/xml-base-input.xml"><Transforms><Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><XPath xmlns:ietf="http://www.ietf.org">ancestor-or-self::ietf:c14n11XmlBaseDoc1 and not(ancestor-or-self::ietf:e2)</XPath></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue></DigestValue></Reference></SignedInfo><SignatureValue></SignatureValue></Signature> \ No newline at end of file
diff --git a/tests/xmldsig2ed-tests/defCan-1.xml b/tests/xmldsig2ed-tests/defCan-1.xml
new file mode 100644
index 00000000..2bf98ae7
--- /dev/null
+++ b/tests/xmldsig2ed-tests/defCan-1.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2006/12/xml-c14n11"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/><Reference URI="c14n11/xml-base-input.xml"><Transforms><Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><XPath xmlns:ietf="http://www.ietf.org">ancestor-or-self::ietf:c14n11XmlBaseDoc1 and not(ancestor-or-self::ietf:e2)</XPath></Transform><Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>t7d2cL8Ink8A5i3cS9/bu9MBBU8=</DigestValue></Reference></SignedInfo><SignatureValue>LR4s+Nxoq3VZO1NiCLoiovfCpK4=</SignatureValue></Signature> \ No newline at end of file
diff --git a/tests/xmldsig2ed-tests/defCan-2.tmpl b/tests/xmldsig2ed-tests/defCan-2.tmpl
new file mode 100644
index 00000000..dedf7398
--- /dev/null
+++ b/tests/xmldsig2ed-tests/defCan-2.tmpl
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2006/12/xml-c14n11"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/><Reference URI="c14n11/xml-base-input.xml"><Transforms><Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><XPath xmlns:ietf="http://www.ietf.org">ancestor-or-self::ietf:e21</XPath></Transform><Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0"><xsl:template match="@*|node()"><xsl:copy><xsl:apply-templates select="@*|node()"/></xsl:copy></xsl:template></xsl:stylesheet></Transform><Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><XPath xmlns:ietf="http://www.ietf.org">1</XPath></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue></DigestValue></Reference></SignedInfo><SignatureValue></SignatureValue></Signature> \ No newline at end of file
diff --git a/tests/xmldsig2ed-tests/defCan-2.xml b/tests/xmldsig2ed-tests/defCan-2.xml
new file mode 100644
index 00000000..21a1d342
--- /dev/null
+++ b/tests/xmldsig2ed-tests/defCan-2.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2006/12/xml-c14n11"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/><Reference URI="c14n11/xml-base-input.xml"><Transforms><Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><XPath xmlns:ietf="http://www.ietf.org">ancestor-or-self::ietf:e21</XPath></Transform><Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/><Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns="http://www.w3.org/1999/XSL/Transform" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"><xsl:template match="@*|node()"><xsl:copy><xsl:apply-templates select="@*|node()"/></xsl:copy></xsl:template></xsl:stylesheet></Transform><Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><XPath xmlns:ietf="http://www.ietf.org">1</XPath></Transform><Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>fL7Igzs0LL7lKHJzAJIKYCphYBo=</DigestValue></Reference></SignedInfo><SignatureValue>bKQLywY51VZwjutUX/CUMsVs6RE=</SignatureValue></Signature> \ No newline at end of file
diff --git a/tests/xmldsig2ed-tests/defCan-3.tmpl b/tests/xmldsig2ed-tests/defCan-3.tmpl
new file mode 100644
index 00000000..2a0e819a
--- /dev/null
+++ b/tests/xmldsig2ed-tests/defCan-3.tmpl
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2006/12/xml-c14n11"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/><Reference URI="c14n11/xml-base-input.xml"><Transforms><Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><XPath xmlns:ietf="http://www.ietf.org">ancestor-or-self::ietf:e3</XPath></Transform><Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0"><xsl:template match="@*|node()"><xsl:copy><xsl:apply-templates select="@*|node()"/></xsl:copy></xsl:template></xsl:stylesheet></Transform><Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><XPath xmlns:ietf="http://www.ietf.org">1</XPath></Transform><Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0"><xsl:template match="@*|node()"><xsl:copy><xsl:apply-templates select="@*|node()"/></xsl:copy></xsl:template></xsl:stylesheet></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue></DigestValue></Reference></SignedInfo><SignatureValue></SignatureValue></Signature> \ No newline at end of file
diff --git a/tests/xmldsig2ed-tests/defCan-3.xml b/tests/xmldsig2ed-tests/defCan-3.xml
new file mode 100644
index 00000000..73b1b83a
--- /dev/null
+++ b/tests/xmldsig2ed-tests/defCan-3.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2006/12/xml-c14n11"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/><Reference URI="c14n11/xml-base-input.xml"><Transforms><Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><XPath xmlns:ietf="http://www.ietf.org">ancestor-or-self::ietf:e21</XPath></Transform><Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/><Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns="http://www.w3.org/1999/XSL/Transform" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"><xsl:template match="@*|node()"><xsl:copy><xsl:apply-templates select="@*|node()"/></xsl:copy></xsl:template></xsl:stylesheet></Transform><Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><XPath xmlns:ietf="http://www.ietf.org">1</XPath></Transform><Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/><Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns="http://www.w3.org/1999/XSL/Transform" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"><xsl:template match="@*|node()"><xsl:copy><xsl:apply-templates select="@*|node()"/></xsl:copy></xsl:template></xsl:stylesheet></Transform></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>hqabUu4fEZp7GK5JRyFC26W5JBk=</DigestValue></Reference></SignedInfo><SignatureValue>9+wp0W9xwL5X3kSttxABZ7p/kU0=</SignatureValue></Signature> \ No newline at end of file
diff --git a/tests/xmldsig2ed-tests/xpointer-1-SUN.xml b/tests/xmldsig2ed-tests/xpointer-1-SUN.xml
new file mode 100644
index 00000000..2b07faa4
--- /dev/null
+++ b/tests/xmldsig2ed-tests/xpointer-1-SUN.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?><ietf:c14n11XmlPointerDoc1 xmlns:ietf="http://www.ietf.org" xmlns:w3c="http://www.w3.org">
+ <!-- This is a xml document for checking behaviour of tools with regards to comments when using scheme-based xpointers in the ds:Reference's URI attribute -->
+ <ietf:e1 xml:id="e1ID">
+ <!-- This is a comment for ietf:e1 element -->
+ <ietf:e11>
+ <!-- This is a comment for ietf:e11 element -->
+ <ietf:e111/>
+ </ietf:e11>
+ <ietf:e12 at="2">
+ <!-- This is a comment for ietf:e12 element -->
+ <ietf:e121/>
+ </ietf:e12>
+ </ietf:e1>
+ <ietf:e2 xml:id="e2ID">
+ <!-- This is a comment for ietf:e2 element -->
+ <ietf:e21/>
+ </ietf:e2>
+ <ietf:e3 xml:id="e3ID">
+ <ietf:e31 at="3"/>
+ </ietf:e3>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2006/12/xml-c14n11"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/><Reference URI="#xpointer(/)"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11#WithComments"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>/IZyGLL72rXhisXRkB617TxJrL8=</DigestValue></Reference></SignedInfo><SignatureValue>E4gxKwllVjvvlUQFe9p/ssO7Yxw=</SignatureValue></Signature></ietf:c14n11XmlPointerDoc1> \ No newline at end of file
diff --git a/tests/xmldsig2ed-tests/xpointer-2-SUN.xml b/tests/xmldsig2ed-tests/xpointer-2-SUN.xml
new file mode 100644
index 00000000..c1a32305
--- /dev/null
+++ b/tests/xmldsig2ed-tests/xpointer-2-SUN.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2006/12/xml-c14n11"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/><Reference URI="#xpointer(id('e1ID'))"><Transforms><Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11#WithComments"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>XhSsDpWTt+ti0kcU9XYpleRDHfQ=</DigestValue></Reference></SignedInfo><SignatureValue>brEpICVA4lg7eQwz7i/rlBmYXiU=</SignatureValue><Object><ietf:c14n11XmlPointerDoc1 xmlns:ietf="http://www.ietf.org" xmlns:w3c="http://www.w3.org">
+ <!-- This is a xml document for checking behaviour of tools with regards to comments when using scheme-based xpointers in the ds:Reference's URI attribute -->
+ <ietf:e1 xml:id="e1ID">
+ <!-- This is a comment for ietf:e1 element -->
+ <ietf:e11>
+ <!-- This is a comment for ietf:e11 element -->
+ <ietf:e111/>
+ </ietf:e11>
+ <ietf:e12 at="2">
+ <!-- This is a comment for ietf:e12 element -->
+ <ietf:e121/>
+ </ietf:e12>
+ </ietf:e1>
+ <ietf:e2 xml:id="e2ID">
+ <!-- This is a comment for ietf:e2 element -->
+ <ietf:e21/>
+ </ietf:e2>
+ <ietf:e3 xml:id="e3ID">
+ <ietf:e31 at="3"/>
+ </ietf:e3>
+</ietf:c14n11XmlPointerDoc1></Object></Signature> \ No newline at end of file
diff --git a/tests/xmldsig2ed-tests/xpointer-3-SUN.xml b/tests/xmldsig2ed-tests/xpointer-3-SUN.xml
new file mode 100644
index 00000000..e8451234
--- /dev/null
+++ b/tests/xmldsig2ed-tests/xpointer-3-SUN.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?><ietf:c14n11XmlPointerDoc1 xmlns:ietf="http://www.ietf.org" xmlns:w3c="http://www.w3.org">
+ <!-- This is a xml document for checking behaviour of tools with regards to comments when using scheme-based xpointers in the ds:Reference's URI attribute -->
+ <ietf:e1 xml:id="e1ID">
+ <!-- This is a comment for ietf:e1 element -->
+ <ietf:e11>
+ <!-- This is a comment for ietf:e11 element -->
+ <ietf:e111/>
+ </ietf:e11>
+ <ietf:e12 at="2">
+ <!-- This is a comment for ietf:e12 element -->
+ <ietf:e121/>
+ </ietf:e12>
+ </ietf:e1>
+ <ietf:e2 xml:id="e2ID">
+ <!-- This is a comment for ietf:e2 element -->
+ <ietf:e21/>
+ </ietf:e2>
+ <ietf:e3 xml:id="e3ID">
+ <ietf:e31 at="3"/>
+ </ietf:e3>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2006/12/xml-c14n11"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11#WithComments"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>gaV5r7qC3Ve/t641+d3ykN8JFSc=</DigestValue></Reference></SignedInfo><SignatureValue>gS1QKSwAH/6eE3OFi/L9O0oKKig=</SignatureValue></Signature></ietf:c14n11XmlPointerDoc1> \ No newline at end of file
diff --git a/tests/xmldsig2ed-tests/xpointer-4-SUN.xml b/tests/xmldsig2ed-tests/xpointer-4-SUN.xml
new file mode 100644
index 00000000..84c38838
--- /dev/null
+++ b/tests/xmldsig2ed-tests/xpointer-4-SUN.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2006/12/xml-c14n11"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/><Reference URI="#e1ID"><Transforms><Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11#WithComments"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>3K+K4MbR2EW7l/ry59XockKqt4g=</DigestValue></Reference></SignedInfo><SignatureValue>dgyjONUs9rBjW7PH25seGqcMNZY=</SignatureValue><Object><ietf:c14n11XmlPointerDoc1 xmlns:ietf="http://www.ietf.org" xmlns:w3c="http://www.w3.org">
+ <!-- This is a xml document for checking behaviour of tools with regards to comments when using scheme-based xpointers in the ds:Reference's URI attribute -->
+ <ietf:e1 xml:id="e1ID">
+ <!-- This is a comment for ietf:e1 element -->
+ <ietf:e11>
+ <!-- This is a comment for ietf:e11 element -->
+ <ietf:e111/>
+ </ietf:e11>
+ <ietf:e12 at="2">
+ <!-- This is a comment for ietf:e12 element -->
+ <ietf:e121/>
+ </ietf:e12>
+ </ietf:e1>
+ <ietf:e2 xml:id="e2ID">
+ <!-- This is a comment for ietf:e2 element -->
+ <ietf:e21/>
+ </ietf:e2>
+ <ietf:e3 xml:id="e3ID">
+ <ietf:e31 at="3"/>
+ </ietf:e3>
+</ietf:c14n11XmlPointerDoc1></Object></Signature> \ No newline at end of file
diff --git a/tests/xmldsig2ed-tests/xpointer-5-SUN.xml b/tests/xmldsig2ed-tests/xpointer-5-SUN.xml
new file mode 100644
index 00000000..401eff60
--- /dev/null
+++ b/tests/xmldsig2ed-tests/xpointer-5-SUN.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2006/12/xml-c14n11"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/><Reference URI="#xpointer(id('e1ID'))"><Transforms><Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11#WithComments"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>XhSsDpWTt+ti0kcU9XYpleRDHfQ=</DigestValue></Reference><Reference URI="#xpointer(id('e2ID'))"><Transforms><Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11#WithComments"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>abyA1j4yzf1IgQLWwDwKuU9l8Ik=</DigestValue></Reference><Reference URI="#xpointer(id('e3ID'))"><Transforms><Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11#WithComments"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>RUUBiUeFf8uRqTlpCyutkXDqnJ4=</DigestValue></Reference></SignedInfo><SignatureValue>sG+0pHk9TB6v7jES9RZUIVKMFos=</SignatureValue><Object><ietf:c14n11XmlPointerDoc1 xmlns:ietf="http://www.ietf.org" xmlns:w3c="http://www.w3.org">
+ <!-- This is a xml document for checking behaviour of tools with regards to comments when using scheme-based xpointers in the ds:Reference's URI attribute -->
+ <ietf:e1 xml:id="e1ID">
+ <!-- This is a comment for ietf:e1 element -->
+ <ietf:e11>
+ <!-- This is a comment for ietf:e11 element -->
+ <ietf:e111/>
+ </ietf:e11>
+ <ietf:e12 at="2">
+ <!-- This is a comment for ietf:e12 element -->
+ <ietf:e121/>
+ </ietf:e12>
+ </ietf:e1>
+ <ietf:e2 xml:id="e2ID">
+ <!-- This is a comment for ietf:e2 element -->
+ <ietf:e21/>
+ </ietf:e2>
+ <ietf:e3 xml:id="e3ID">
+ <ietf:e31 at="3"/>
+ </ietf:e3>
+</ietf:c14n11XmlPointerDoc1></Object></Signature> \ No newline at end of file
diff --git a/tests/xmldsig2ed-tests/xpointer-6-SUN.xml b/tests/xmldsig2ed-tests/xpointer-6-SUN.xml
new file mode 100644
index 00000000..2f13aab3
--- /dev/null
+++ b/tests/xmldsig2ed-tests/xpointer-6-SUN.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2006/12/xml-c14n11"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/><Reference URI="#e1ID"><Transforms><Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11#WithComments"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>3K+K4MbR2EW7l/ry59XockKqt4g=</DigestValue></Reference><Reference URI="#e2ID"><Transforms><Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11#WithComments"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>hnKFjGFr/jwLCCTckZpaclOwe28=</DigestValue></Reference><Reference URI="#e3ID"><Transforms><Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11#WithComments"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>RUUBiUeFf8uRqTlpCyutkXDqnJ4=</DigestValue></Reference></SignedInfo><SignatureValue>XzEJQ+whhHUYlqiCEt8XFxC8wpk=</SignatureValue><Object><ietf:c14n11XmlPointerDoc1 xmlns:ietf="http://www.ietf.org" xmlns:w3c="http://www.w3.org">
+ <!-- This is a xml document for checking behaviour of tools with regards to comments when using scheme-based xpointers in the ds:Reference's URI attribute -->
+ <ietf:e1 xml:id="e1ID">
+ <!-- This is a comment for ietf:e1 element -->
+ <ietf:e11>
+ <!-- This is a comment for ietf:e11 element -->
+ <ietf:e111/>
+ </ietf:e11>
+ <ietf:e12 at="2">
+ <!-- This is a comment for ietf:e12 element -->
+ <ietf:e121/>
+ </ietf:e12>
+ </ietf:e1>
+ <ietf:e2 xml:id="e2ID">
+ <!-- This is a comment for ietf:e2 element -->
+ <ietf:e21/>
+ </ietf:e2>
+ <ietf:e3 xml:id="e3ID">
+ <ietf:e31 at="3"/>
+ </ietf:e3>
+</ietf:c14n11XmlPointerDoc1></Object></Signature> \ No newline at end of file
diff --git a/win32/Makefile.msvc b/win32/Makefile.msvc
new file mode 100644
index 00000000..b1d8869e
--- /dev/null
+++ b/win32/Makefile.msvc
@@ -0,0 +1,699 @@
+# Makefile for xmlsec, specific for Windows, MSVC and NMAKE.
+#
+# Take a look at the beginning and modify the variables to suit your
+# environment. Having done that, you can do a
+#
+# nmake [all] to build the xmlsec and the accompanying utilities.
+# nmake clean to remove all compiler output files and return to a
+# clean state.
+# nmake rebuild to rebuild everything from scratch. This basically does
+# a 'nmake clean' and then a 'nmake all'.
+# nmake install to install the library and its header files.
+#
+# March 2002, Igor Zlatkovic <igor@stud.fh-frankfurt.de>
+# Created for LibXML and LibXSLT
+# April 2002, Aleksey Sanin <aleksey@aleksey.com>
+# Modified for XMLSec Libary
+#
+
+AUTOCONF = .\configure.txt
+
+# If you cannot run the configuration script, which would take the burden of
+# editing this file from your back, then remove the following line...
+!include $(AUTOCONF)
+# ...and enable the following lines and adapt them to your environment.
+#BASEDIR = ..
+#XMLSEC_SRCDIR = $(BASEDIR)\src
+#APPS_SRCDIR = $(BASEDIR)\apps
+#BINDIR = binaries
+#XMLSEC_MAJOR_VERSION = 0 # set this to the right value.
+#XMLSEC_MINOR_VERSION = 0 # set this to the right value.
+#XMLSEC_MICRO_VERSION = 0 # set this to the right value.
+#WITH_XMLSEC_DEBUG = 1
+#UNICODE = 1
+#DEBUG = 0
+#WITH_CRYPTO=openssl
+#WITH_CRYPTO=openssl
+#WITH_DEFAULT_CRYPTO=openssl
+#WITH_OPENSSL=1
+#WITH_OPENSSL_VERSION=
+#WITH_NSS=0
+#WITH_MSCRYPTO=0
+#WITH_LIBXSLT=1
+#STATIC = 0
+#WITH_DL = 1
+#PREFIX = . # set this to the right value.
+#BINPREFIX = $(PREFIX)\bin
+#INCPREFIX = $(PREFIX)\include
+#LIBPREFIX = $(PREFIX)\lib
+#SOPREFIX = $(PREFIX)\lib
+#INCLUDE = $(INCLUDE);$(INCPREFIX)
+#LIB = $(LIB);$(LIBPREFIX)
+
+# There should never be a need to modify anything below this line.
+# ----------------------------------------------------------------
+
+#
+# Names of various input and output components.
+#
+!if "$(STATIC)" == "1"
+APP_NAME = xmlseca.exe
+!else
+APP_NAME = xmlsec.exe
+!endif
+APP_NAME_MANIFEST = $(APP_NAME).manifest
+
+XMLSEC_NAME = xmlsec
+XMLSEC_BASENAME = lib$(XMLSEC_NAME)
+XMLSEC_SO = $(XMLSEC_BASENAME).dll
+XMLSEC_SO_MANIFEST = $(XMLSEC_BASENAME).dll.manifest
+XMLSEC_IMP = $(XMLSEC_BASENAME).lib
+XMLSEC_A = $(XMLSEC_BASENAME)_a.lib
+
+XMLSEC_OPENSSL_NAME = $(XMLSEC_NAME)-openssl
+XMLSEC_OPENSSL_BASENAME = lib$(XMLSEC_OPENSSL_NAME)
+XMLSEC_OPENSSL_SO = $(XMLSEC_OPENSSL_BASENAME).dll
+XMLSEC_OPENSSL_SO_MANIFEST = $(XMLSEC_OPENSSL_BASENAME).dll.manifest
+XMLSEC_OPENSSL_IMP = $(XMLSEC_OPENSSL_BASENAME).lib
+XMLSEC_OPENSSL_A = $(XMLSEC_OPENSSL_BASENAME)_a.lib
+
+XMLSEC_NSS_NAME = $(XMLSEC_NAME)-nss
+XMLSEC_NSS_BASENAME = lib$(XMLSEC_NSS_NAME)
+XMLSEC_NSS_SO = $(XMLSEC_NSS_BASENAME).dll
+XMLSEC_NSS_SO_MANIFEST = $(XMLSEC_NSS_BASENAME).dll.manifest
+XMLSEC_NSS_IMP = $(XMLSEC_NSS_BASENAME).lib
+XMLSEC_NSS_A = $(XMLSEC_NSS_BASENAME)_a.lib
+
+XMLSEC_MSCRYPTO_NAME = $(XMLSEC_NAME)-mscrypto
+XMLSEC_MSCRYPTO_BASENAME= lib$(XMLSEC_MSCRYPTO_NAME)
+XMLSEC_MSCRYPTO_SO = $(XMLSEC_MSCRYPTO_BASENAME).dll
+XMLSEC_MSCRYPTO_SO_MANIFEST = $(XMLSEC_MSCRYPTO_BASENAME).dll.manifest
+XMLSEC_MSCRYPTO_IMP = $(XMLSEC_MSCRYPTO_BASENAME).lib
+XMLSEC_MSCRYPTO_A = $(XMLSEC_MSCRYPTO_BASENAME)_a.lib
+
+#
+# Places where intermediate files produced by the compiler go
+#
+XMLSEC_APPS_INTDIR = apps.int
+XMLSEC_APPS_INTDIR_A = apps_a.int
+
+XMLSEC_INTDIR = $(XMLSEC_BASENAME).int
+XMLSEC_INTDIR_A = $(XMLSEC_BASENAME)_a.int
+
+XMLSEC_OPENSSL_INTDIR = $(XMLSEC_BASENAME)_openssl.int
+XMLSEC_OPENSSL_INTDIR_A = $(XMLSEC_BASENAME)_openssl_a.int
+
+XMLSEC_NSS_INTDIR = $(XMLSEC_BASENAME)_nss.int
+XMLSEC_NSS_INTDIR_A = $(XMLSEC_BASENAME)_nss_a.int
+
+XMLSEC_MSCRYPTO_INTDIR = $(XMLSEC_BASENAME)_mscrypto.int
+XMLSEC_MSCRYPTO_INTDIR_A= $(XMLSEC_BASENAME)_mscrypto_a.int
+
+#
+# Source folders
+#
+XMLSEC_OPENSSL_SRCDIR = $(XMLSEC_SRCDIR)\openssl
+XMLSEC_NSS_SRCDIR = $(XMLSEC_SRCDIR)\nss
+XMLSEC_MSCRYPTO_SRCDIR = $(XMLSEC_SRCDIR)\mscrypto
+
+
+#
+# Object files for libraries and apps.
+#
+XMLSEC_APPS_OBJS = \
+ $(XMLSEC_APPS_INTDIR)\crypto.obj\
+ $(XMLSEC_APPS_INTDIR)\cmdline.obj\
+ $(XMLSEC_APPS_INTDIR)\xmlsec.obj
+XMLSEC_APPS_OBJS_A = \
+ $(XMLSEC_APPS_INTDIR_A)\crypto.obj\
+ $(XMLSEC_APPS_INTDIR_A)\cmdline.obj\
+ $(XMLSEC_APPS_INTDIR_A)\xmlsec.obj
+
+XMLSEC_OBJS = \
+ $(XMLSEC_INTDIR)\app.obj\
+ $(XMLSEC_INTDIR)\base64.obj\
+ $(XMLSEC_INTDIR)\bn.obj\
+ $(XMLSEC_INTDIR)\buffer.obj \
+ $(XMLSEC_INTDIR)\c14n.obj \
+ $(XMLSEC_INTDIR)\dl.obj \
+ $(XMLSEC_INTDIR)\enveloped.obj \
+ $(XMLSEC_INTDIR)\errors.obj \
+ $(XMLSEC_INTDIR)\io.obj \
+ $(XMLSEC_INTDIR)\keyinfo.obj \
+ $(XMLSEC_INTDIR)\keys.obj \
+ $(XMLSEC_INTDIR)\keysdata.obj \
+ $(XMLSEC_INTDIR)\keysmngr.obj \
+ $(XMLSEC_INTDIR)\kw_aes_des.obj \
+ $(XMLSEC_INTDIR)\list.obj \
+ $(XMLSEC_INTDIR)\membuf.obj \
+ $(XMLSEC_INTDIR)\nodeset.obj \
+ $(XMLSEC_INTDIR)\parser.obj \
+ $(XMLSEC_INTDIR)\soap.obj \
+ $(XMLSEC_INTDIR)\strings.obj \
+ $(XMLSEC_INTDIR)\templates.obj \
+ $(XMLSEC_INTDIR)\transforms.obj \
+ $(XMLSEC_INTDIR)\x509.obj \
+ $(XMLSEC_INTDIR)\xkms.obj \
+ $(XMLSEC_INTDIR)\xmldsig.obj \
+ $(XMLSEC_INTDIR)\xmlenc.obj \
+ $(XMLSEC_INTDIR)\xmlsec.obj \
+ $(XMLSEC_INTDIR)\xmltree.obj \
+ $(XMLSEC_INTDIR)\xpath.obj \
+ $(XMLSEC_INTDIR)\xslt.obj
+XMLSEC_OBJS_A = \
+ $(XMLSEC_INTDIR_A)\app.obj\
+ $(XMLSEC_INTDIR_A)\base64.obj\
+ $(XMLSEC_INTDIR_A)\bn.obj\
+ $(XMLSEC_INTDIR_A)\buffer.obj \
+ $(XMLSEC_INTDIR_A)\c14n.obj \
+ $(XMLSEC_INTDIR_A)\dl.obj \
+ $(XMLSEC_INTDIR_A)\enveloped.obj \
+ $(XMLSEC_INTDIR_A)\errors.obj \
+ $(XMLSEC_INTDIR_A)\io.obj \
+ $(XMLSEC_INTDIR_A)\keyinfo.obj \
+ $(XMLSEC_INTDIR_A)\keys.obj \
+ $(XMLSEC_INTDIR_A)\keysdata.obj \
+ $(XMLSEC_INTDIR_A)\keysmngr.obj \
+ $(XMLSEC_INTDIR_A)\kw_aes_des.obj \
+ $(XMLSEC_INTDIR_A)\list.obj \
+ $(XMLSEC_INTDIR_A)\membuf.obj \
+ $(XMLSEC_INTDIR_A)\nodeset.obj \
+ $(XMLSEC_INTDIR_A)\parser.obj \
+ $(XMLSEC_INTDIR_A)\soap.obj \
+ $(XMLSEC_INTDIR_A)\strings.obj \
+ $(XMLSEC_INTDIR_A)\templates.obj \
+ $(XMLSEC_INTDIR_A)\transforms.obj \
+ $(XMLSEC_INTDIR_A)\x509.obj \
+ $(XMLSEC_INTDIR_A)\xkms.obj \
+ $(XMLSEC_INTDIR_A)\xmldsig.obj \
+ $(XMLSEC_INTDIR_A)\xmlenc.obj \
+ $(XMLSEC_INTDIR_A)\xmlsec.obj \
+ $(XMLSEC_INTDIR_A)\xmltree.obj \
+ $(XMLSEC_INTDIR_A)\xpath.obj \
+ $(XMLSEC_INTDIR_A)\xslt.obj
+
+XMLSEC_OPENSSL_OBJS = \
+ $(XMLSEC_OPENSSL_INTDIR)\app.obj\
+ $(XMLSEC_OPENSSL_INTDIR)\bn.obj \
+ $(XMLSEC_OPENSSL_INTDIR)\ciphers.obj \
+ $(XMLSEC_OPENSSL_INTDIR)\crypto.obj \
+ $(XMLSEC_OPENSSL_INTDIR)\digests.obj \
+ $(XMLSEC_OPENSSL_INTDIR)\evp.obj \
+ $(XMLSEC_OPENSSL_INTDIR)\hmac.obj \
+ $(XMLSEC_OPENSSL_INTDIR)\kt_rsa.obj \
+ $(XMLSEC_OPENSSL_INTDIR)\kw_aes.obj \
+ $(XMLSEC_OPENSSL_INTDIR)\kw_des.obj \
+ $(XMLSEC_OPENSSL_INTDIR)\signatures.obj \
+ $(XMLSEC_OPENSSL_INTDIR)\strings.obj \
+ $(XMLSEC_OPENSSL_INTDIR)\symkeys.obj \
+ $(XMLSEC_OPENSSL_INTDIR)\x509.obj \
+ $(XMLSEC_OPENSSL_INTDIR)\x509vfy.obj
+XMLSEC_OPENSSL_OBJS_A = \
+ $(XMLSEC_OPENSSL_INTDIR_A)\app.obj\
+ $(XMLSEC_OPENSSL_INTDIR_A)\bn.obj \
+ $(XMLSEC_OPENSSL_INTDIR_A)\ciphers.obj \
+ $(XMLSEC_OPENSSL_INTDIR_A)\crypto.obj \
+ $(XMLSEC_OPENSSL_INTDIR_A)\digests.obj \
+ $(XMLSEC_OPENSSL_INTDIR_A)\evp.obj \
+ $(XMLSEC_OPENSSL_INTDIR_A)\hmac.obj \
+ $(XMLSEC_OPENSSL_INTDIR_A)\kt_rsa.obj \
+ $(XMLSEC_OPENSSL_INTDIR_A)\kw_aes.obj \
+ $(XMLSEC_OPENSSL_INTDIR_A)\kw_des.obj \
+ $(XMLSEC_OPENSSL_INTDIR_A)\signatures.obj \
+ $(XMLSEC_OPENSSL_INTDIR_A)\strings.obj \
+ $(XMLSEC_OPENSSL_INTDIR_A)\symkeys.obj \
+ $(XMLSEC_OPENSSL_INTDIR_A)\x509.obj \
+ $(XMLSEC_OPENSSL_INTDIR_A)\x509vfy.obj
+
+XMLSEC_NSS_OBJS = \
+ $(XMLSEC_NSS_INTDIR)\app.obj\
+ $(XMLSEC_NSS_INTDIR)\bignum.obj\
+ $(XMLSEC_NSS_INTDIR)\ciphers.obj \
+ $(XMLSEC_NSS_INTDIR)\crypto.obj \
+ $(XMLSEC_NSS_INTDIR)\digests.obj \
+ $(XMLSEC_NSS_INTDIR)\hmac.obj \
+ $(XMLSEC_NSS_INTDIR)\pkikeys.obj\
+ $(XMLSEC_NSS_INTDIR)\signatures.obj\
+ $(XMLSEC_NSS_INTDIR)\symkeys.obj \
+ $(XMLSEC_NSS_INTDIR)\x509.obj\
+ $(XMLSEC_NSS_INTDIR)\x509vfy.obj\
+ $(XMLSEC_NSS_INTDIR)\keysstore.obj\
+ $(XMLSEC_NSS_INTDIR)\keytrans.obj\
+ $(XMLSEC_NSS_INTDIR)\kw_des.obj\
+ $(XMLSEC_NSS_INTDIR)\kw_aes.obj\
+ $(XMLSEC_NSS_INTDIR)\strings.obj
+XMLSEC_NSS_OBJS_A = \
+ $(XMLSEC_NSS_INTDIR_A)\app.obj\
+ $(XMLSEC_NSS_INTDIR_A)\bignum.obj\
+ $(XMLSEC_NSS_INTDIR_A)\ciphers.obj \
+ $(XMLSEC_NSS_INTDIR_A)\crypto.obj \
+ $(XMLSEC_NSS_INTDIR_A)\digests.obj \
+ $(XMLSEC_NSS_INTDIR_A)\hmac.obj \
+ $(XMLSEC_NSS_INTDIR_A)\pkikeys.obj\
+ $(XMLSEC_NSS_INTDIR_A)\signatures.obj\
+ $(XMLSEC_NSS_INTDIR_A)\symkeys.obj \
+ $(XMLSEC_NSS_INTDIR_A)\x509.obj\
+ $(XMLSEC_NSS_INTDIR_A)\x509vfy.obj\
+ $(XMLSEC_NSS_INTDIR_A)\keysstore.obj\
+ $(XMLSEC_NSS_INTDIR_A)\kt_rsa.obj\
+ $(XMLSEC_NSS_INTDIR_A)\kw_des.obj\
+ $(XMLSEC_NSS_INTDIR_A)\kw_aes.obj\
+ $(XMLSEC_NSS_INTDIR_A)\strings.obj
+
+XMLSEC_MSCRYPTO_OBJS = \
+ $(XMLSEC_MSCRYPTO_INTDIR)\app.obj\
+ $(XMLSEC_MSCRYPTO_INTDIR)\crypto.obj \
+ $(XMLSEC_MSCRYPTO_INTDIR)\ciphers.obj \
+ $(XMLSEC_MSCRYPTO_INTDIR)\digests.obj \
+ $(XMLSEC_MSCRYPTO_INTDIR)\hmac.obj \
+ $(XMLSEC_MSCRYPTO_INTDIR)\symkeys.obj \
+ $(XMLSEC_MSCRYPTO_INTDIR)\kt_rsa.obj \
+ $(XMLSEC_MSCRYPTO_INTDIR)\kw_aes.obj \
+ $(XMLSEC_MSCRYPTO_INTDIR)\kw_des.obj \
+ $(XMLSEC_MSCRYPTO_INTDIR)\strings.obj \
+ $(XMLSEC_MSCRYPTO_INTDIR)\signatures.obj \
+ $(XMLSEC_MSCRYPTO_INTDIR)\certkeys.obj \
+ $(XMLSEC_MSCRYPTO_INTDIR)\keysstore.obj \
+ $(XMLSEC_MSCRYPTO_INTDIR)\x509.obj \
+ $(XMLSEC_MSCRYPTO_INTDIR)\x509vfy.obj
+XMLSEC_MSCRYPTO_OBJS_A = \
+ $(XMLSEC_MSCRYPTO_INTDIR_A)\app.obj\
+ $(XMLSEC_MSCRYPTO_INTDIR_A)\crypto.obj \
+ $(XMLSEC_MSCRYPTO_INTDIR_A)\ciphers.obj \
+ $(XMLSEC_MSCRYPTO_INTDIR_A)\digests.obj \
+ $(XMLSEC_MSCRYPTO_INTDIR_A)\hmac.obj \
+ $(XMLSEC_MSCRYPTO_INTDIR_A)\symkeys.obj \
+ $(XMLSEC_MSCRYPTO_INTDIR_A)\kt_rsa.obj \
+ $(XMLSEC_MSCRYPTO_INTDIR_A)\kw_aes.obj \
+ $(XMLSEC_MSCRYPTO_INTDIR_A)\kw_des.obj \
+ $(XMLSEC_MSCRYPTO_INTDIR_A)\strings.obj \
+ $(XMLSEC_MSCRYPTO_INTDIR_A)\signatures.obj \
+ $(XMLSEC_MSCRYPTO_INTDIR_A)\certkeys.obj \
+ $(XMLSEC_MSCRYPTO_INTDIR_A)\keysstore.obj \
+ $(XMLSEC_MSCRYPTO_INTDIR_A)\x509.obj \
+ $(XMLSEC_MSCRYPTO_INTDIR_A)\x509vfy.obj
+
+#
+# The preprocessor and its options.
+#
+CPP = cl.exe /EP
+CPPFLAGS = /nologo
+
+#
+# The compiler and its options.
+#
+CC = cl.exe
+CFLAGS = /nologo /D "WIN32" /D "_WINDOWS"
+CFLAGS = $(CFLAGS) /D "_MBCS" /D "_REENTRANT" /W1 /MD
+CFLAGS = $(CFLAGS) /I$(BASEDIR) /I$(BASEDIR)\include
+CFLAGS = $(CFLAGS) /I$(INCPREFIX)
+CFLAGS = $(CFLAGS) /D PACKAGE=\"$(XMLSEC_NAME)\"
+CFLAGS = $(CFLAGS) /D "HAVE_STDIO_H" /D "HAVE_STDLIB_H"
+CFLAGS = $(CFLAGS) /D "HAVE_STRING_H" /D "HAVE_CTYPE_H"
+CFLAGS = $(CFLAGS) /D "HAVE_MALLOC_H" /D "HAVE_MEMORY_H"
+
+!if "$(UNICODE)" == "1"
+CFLAGS = $(CFLAGS) /D "UNICODE" /D "_UNICODE"
+!endif
+
+# Optimisation and debug symbols.
+!if "$(DEBUG)" == "1"
+CFLAGS = $(CFLAGS) /D "_DEBUG" /Od /Z7
+!else
+CFLAGS = $(CFLAGS) /D "NDEBUG" /O2
+!endif
+
+# configurable options
+!if "$(WITH_LIBXSLT)" == "1"
+!else
+CFLAGS = $(CFLAGS) /DXMLSEC_NO_XSLT=1
+!endif
+
+!if "$(WITH_NT4)" == "1"
+CFLAGS = $(CFLAGS) /DXMLSEC_MSCRYPTO_NT4=1
+!else
+!endif
+
+APP_CFLAGS = /D "XMLSEC_CRYPTO=\"$(XMLSEC_CRYPTO)\""
+!if "$(WITH_DL)" == "1"
+CFLAGS = $(CFLAGS) /D "XMLSEC_DL_WIN32"
+APP_CFLAGS = $(APP_CFLAGS) /D "XMLSEC_CRYPTO_DYNAMIC_LOADING"
+!else
+CFLAGS = $(CFLAGS) /D "XMLSEC_NO_CRYPTO_DYNAMIC_LOADING"
+APP_CFLAGS = $(APP_CFLAGS) $(XMLSEC_CRYPTO_CFLAGS)
+# this disables TEMPLATE tests and helps with missing algorithms (hmac) in mscrypto
+APP_CFLAGS = $(APP_CFLAGS) /D "XMLSEC_NO_TMPL_TEST"
+!endif
+
+!if "$(WITH_OPENSSL_VERSION)" == ""
+XMLSEC_OPENSSL_CFLAGS = /D "XMLSEC_CRYPTO_OPENSSL" /D "XMLSEC_CRYPTO=\"openssl\""
+!else
+XMLSEC_OPENSSL_CFLAGS = /D "$(WITH_OPENSSL_VERSION)" /D "XMLSEC_CRYPTO_OPENSSL" /D "XMLSEC_CRYPTO=\"openssl\""
+!endif
+XMLSEC_NSS_CFLAGS = /D "XMLSEC_CRYPTO_NSS" /D "XMLSEC_CRYPTO=\"nss\""
+XMLSEC_MSCRYPTO_CFLAGS = /D "XMLSEC_CRYPTO_MSCRYPTO" /D "XMLSEC_CRYPTO=\"mscrypto\""
+
+#
+# The linker and its options.
+#
+LD = link.exe
+LDFLAGS = /nologo
+LDFLAGS = $(LDFLAGS) /LIBPATH:$(BINDIR) /LIBPATH:$(LIBPREFIX)
+LIBS =
+
+# Optimisation and debug symbols.
+!if "$(DEBUG)" == "1"
+LDFLAGS = $(LDFLAGS) /DEBUG
+!else
+LDFLAGS = $(LDFLAGS) /OPT:NOWIN98
+!endif
+
+SOLIBS = $(LIBS) libxml2.lib
+ALIBS = $(LIBS) libxml2_a.lib
+
+!if "$(WITH_ICONV)" == "1"
+SOLIBS = $(SOLIBS) iconv.lib
+ALIBS = $(ALIBS) iconv_a.lib
+!endif
+
+!if "$(WITH_LIBXSLT)" == "1"
+SOLIBS = $(SOLIBS) libxslt.lib
+ALIBS = $(ALIBS) libxslt_a.lib
+!endif
+
+!if "$(STATIC)" == "1"
+APP_LIBS = $(ALIBS) $(XMLSEC_CRYPTO_ALIBS)
+!else
+APP_LIBS = $(SOLIBS) $(XMLSEC_CRYPTO_SOLIBS)
+!endif
+
+!if "$(WITH_DL)" == "1"
+!else
+!endif
+
+XMLSEC_OPENSSL_SOLIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib
+XMLSEC_OPENSSL_ALIBS = libeay32.lib wsock32.lib kernel32.lib user32.lib gdi32.lib
+
+XMLSEC_NSS_SOLIBS = smime3.lib ssl3.lib nss3.lib libnspr4.lib libplds4.lib libplc4.lib kernel32.lib user32.lib gdi32.lib
+XMLSEC_NSS_ALIBS = smime3.lib ssl3.lib nss3.lib libnspr4_s.lib libplds4_s.lib libplc4_s.lib kernel32.lib user32.lib gdi32.lib
+
+XMLSEC_MSCRYPTO_SOLIBS = kernel32.lib user32.lib gdi32.lib Crypt32.lib Advapi32.lib
+XMLSEC_MSCRYPTO_ALIBS = kernel32.lib user32.lib gdi32.lib Crypt32.lib Advapi32.lib
+
+
+# The archiver and its options.
+AR = link.exe /lib
+ARFLAGS = /nologo
+
+
+#
+# xmlsec-<default-crypto> options
+#
+!if "$(WITH_DEFAULT_CRYPTO)" == "openssl"
+XMLSEC_CRYPTO = "openssl"
+XMLSEC_CRYPTO_CFLAGS = $(XMLSEC_OPENSSL_CFLAGS)
+XMLSEC_CRYPTO_SOLIBS = $(XMLSEC_OPENSSL_SOLIBS)
+XMLSEC_CRYPTO_ALIBS = $(XMLSEC_OPENSSL_ALIBS)
+XMLSEC_CRYPTO_SO = $(XMLSEC_OPENSSL_SO)
+XMLSEC_CRYPTO_IMP = $(XMLSEC_OPENSSL_IMP)
+XMLSEC_CRYPTO_A = $(XMLSEC_OPENSSL_A)
+!endif
+
+!if "$(WITH_DEFAULT_CRYPTO)" == "nss"
+XMLSEC_CRYPTO = "nss"
+XMLSEC_CRYPTO_CFLAGS = $(XMLSEC_NSS_CFLAGS)
+XMLSEC_CRYPTO_SOLIBS = $(XMLSEC_NSS_SOLIBS)
+XMLSEC_CRYPTO_ALIBS = $(XMLSEC_NSS_ALIBS)
+XMLSEC_CRYPTO_SO = $(XMLSEC_NSS_SO)
+XMLSEC_CRYPTO_IMP = $(XMLSEC_NSS_IMP)
+XMLSEC_CRYPTO_A = $(XMLSEC_NSS_A)
+!endif
+
+!if "$(WITH_DEFAULT_CRYPTO)" == "mscrypto"
+XMLSEC_CRYPTO = "mscrypto"
+XMLSEC_CRYPTO_CFLAGS = $(XMLSEC_MSCRYPTO_CFLAGS)
+XMLSEC_CRYPTO_SOLIBS = $(XMLSEC_MSCRYPTO_SOLIBS)
+XMLSEC_CRYPTO_ALIBS = $(XMLSEC_MSCRYPTO_ALIBS)
+XMLSEC_CRYPTO_SO = $(XMLSEC_MSCRYPTO_SO)
+XMLSEC_CRYPTO_IMP = $(XMLSEC_MSCRYPTO_IMP)
+XMLSEC_CRYPTO_A = $(XMLSEC_MSCRYPTO_A)
+!endif
+
+#
+# Build rules
+#
+
+all : xmlsec xmlseca $(WITH_CRYPTO) apps
+
+xmlsec : $(XMLSEC_APPS_INTDIR) $(BINDIR)\$(XMLSEC_SO) $(WITH_DEFAULT_CRYPTO)
+
+xmlseca : $(XMLSEC_APPS_INTDIR_A) $(BINDIR)\$(XMLSEC_A) $(WITH_DEFAULT_CRYPTO)
+
+openssl: $(BINDIR)\$(XMLSEC_OPENSSL_SO) $(BINDIR)\$(XMLSEC_OPENSSL_A)
+
+nss: $(BINDIR)\$(XMLSEC_NSS_SO) $(BINDIR)\$(XMLSEC_NSS_A)
+
+mscrypto: $(BINDIR)\$(XMLSEC_MSCRYPTO_SO) $(BINDIR)\$(XMLSEC_MSCRYPTO_A)
+
+apps : $(BINDIR)\$(APP_NAME)
+
+check : check-keys check-dsig check-enc
+
+check-keys : $(BINDIR)\$(APP_NAME)
+ cd ..
+ if not exist win32\tmp mkdir win32\tmp
+ set TMPFOLDER=win32/tmp
+ sh ./tests/testrun.sh ./tests/testKeys.sh default ./tests win32/$(BINDIR)/$(APP_NAME) der
+ cd win32
+
+check-dsig : $(BINDIR)\$(APP_NAME)
+ cd ..
+ if not exist win32\tmp mkdir win32\tmp
+ set TMPFOLDER=win32/tmp
+ sh ./tests/testrun.sh ./tests/testDSig.sh default ./tests win32/$(BINDIR)/$(APP_NAME) der
+ cd win32
+
+check-enc : $(BINDIR)\$(APP_NAME)
+ cd ..
+ if not exist win32\tmp mkdir win32\tmp
+ set TMPFOLDER=win32/tmp
+ sh ./tests/testrun.sh ./tests/testEnc.sh default ./tests win32/$(BINDIR)/$(APP_NAME) der
+ cd win32
+
+check-xkms : $(BINDIR)\$(APP_NAME)
+ cd ..
+ if not exist win32\tmp mkdir win32\tmp
+ set TMPFOLDER=win32\tmp
+ sh ./tests/testrun.sh ./tests/testXKMS.sh default ./tests win32/$(BINDIR)/$(APP_NAME) der
+ cd win32
+
+clean :
+ if exist $(XMLSEC_INTDIR) rmdir /S /Q $(XMLSEC_INTDIR)
+ if exist $(XMLSEC_INTDIR_A) rmdir /S /Q $(XMLSEC_INTDIR_A)
+ if exist $(XMLSEC_OPENSSL_INTDIR) rmdir /S /Q $(XMLSEC_OPENSSL_INTDIR)
+ if exist $(XMLSEC_OPENSSL_INTDIR_A) rmdir /S /Q $(XMLSEC_OPENSSL_INTDIR_A)
+ if exist $(XMLSEC_NSS_INTDIR) rmdir /S /Q $(XMLSEC_NSS_INTDIR)
+ if exist $(XMLSEC_NSS_INTDIR_A) rmdir /S /Q $(XMLSEC_NSS_INTDIR_A)
+ if exist $(XMLSEC_MSCRYPTO_INTDIR) rmdir /S /Q $(XMLSEC_MSCRYPTO_INTDIR)
+ if exist $(XMLSEC_MSCRYPTO_INTDIR_A) rmdir /S /Q $(XMLSEC_MSCRYPTO_INTDIR_A)
+ if exist $(XMLSEC_APPS_INTDIR) rmdir /S /Q $(XMLSEC_APPS_INTDIR)
+ if exist $(XMLSEC_APPS_INTDIR_A) rmdir /S /Q $(XMLSEC_APPS_INTDIR_A)
+ if exist $(BINDIR) rmdir /S /Q $(BINDIR)
+
+rebuild : clean all
+
+install : all
+ if not exist $(INCPREFIX)\$(XMLSEC_NAME) mkdir $(INCPREFIX)\$(XMLSEC_NAME)
+ if not exist $(BINPREFIX) mkdir $(BINPREFIX)
+ if not exist $(LIBPREFIX) mkdir $(LIBPREFIX)
+ if exist $(BINDIR)\$(XMLSEC_OPENSSL_SO) if not exist $(INCPREFIX)\$(XMLSEC_NAME)\openssl mkdir $(INCPREFIX)\$(XMLSEC_NAME)\openssl
+ if exist $(BINDIR)\$(XMLSEC_NSS_SO) if not exist $(INCPREFIX)\$(XMLSEC_NAME)\nss mkdir $(INCPREFIX)\$(XMLSEC_NAME)\nss
+ if exist $(BINDIR)\$(XMLSEC_MSCRYPTO_SO) if not exist $(INCPREFIX)\$(XMLSEC_NAME)\mscrypto mkdir $(INCPREFIX)\$(XMLSEC_NAME)\mscrypto
+ if exist $(BASEDIR)\include\$(XMLSEC_NAME) copy $(BASEDIR)\include\$(XMLSEC_NAME)\*.h $(INCPREFIX)\$(XMLSEC_NAME)
+ if exist $(BINDIR)\$(XMLSEC_OPENSSL_SO) copy $(BASEDIR)\include\$(XMLSEC_NAME)\openssl\*.h $(INCPREFIX)\$(XMLSEC_NAME)\openssl
+ if exist $(BINDIR)\$(XMLSEC_NSS_SO) copy $(BASEDIR)\include\$(XMLSEC_NAME)\nss\*.h $(INCPREFIX)\$(XMLSEC_NAME)\nss
+ if exist $(BINDIR)\$(XMLSEC_MSCRYPTO_SO) copy $(BASEDIR)\include\$(XMLSEC_NAME)\mscrypto\*.h $(INCPREFIX)\$(XMLSEC_NAME)\mscrypto
+ if exist $(BINDIR)\$(XMLSEC_SO) copy $(BINDIR)\$(XMLSEC_SO) $(SOPREFIX)
+ if exist $(BINDIR)\$(XMLSEC_SO_MANIFEST) copy $(BINDIR)\$(XMLSEC_SO_MANIFEST) $(SOPREFIX)
+ if exist $(BINDIR)\$(XMLSEC_A) copy $(BINDIR)\$(XMLSEC_A) $(LIBPREFIX)
+ if exist $(BINDIR)\$(XMLSEC_IMP) copy $(BINDIR)\$(XMLSEC_IMP) $(LIBPREFIX)
+ if exist $(BINDIR)\$(XMLSEC_OPENSSL_SO) copy $(BINDIR)\$(XMLSEC_OPENSSL_SO) $(SOPREFIX)
+ if exist $(BINDIR)\$(XMLSEC_OPENSSL_SO_MANIFEST) copy $(BINDIR)\$(XMLSEC_OPENSSL_SO_MANIFEST) $(SOPREFIX)
+ if exist $(BINDIR)\$(XMLSEC_OPENSSL_A) copy $(BINDIR)\$(XMLSEC_OPENSSL_A) $(LIBPREFIX)
+ if exist $(BINDIR)\$(XMLSEC_OPENSSL_IMP) copy $(BINDIR)\$(XMLSEC_OPENSSL_IMP) $(LIBPREFIX)
+ if exist $(BINDIR)\$(XMLSEC_NSS_SO) copy $(BINDIR)\$(XMLSEC_NSS_SO) $(SOPREFIX)
+ if exist $(BINDIR)\$(XMLSEC_NSS_SO_MANIFEST) copy $(BINDIR)\$(XMLSEC_NSS_SO_MANIFEST) $(SOPREFIX)
+ if exist $(BINDIR)\$(XMLSEC_NSS_A) copy $(BINDIR)\$(XMLSEC_NSS_A) $(LIBPREFIX)
+ if exist $(BINDIR)\$(XMLSEC_NSS_IMP) copy $(BINDIR)\$(XMLSEC_NSS_IMP) $(LIBPREFIX)
+ if exist $(BINDIR)\$(XMLSEC_MSCRYPTO_SO) copy $(BINDIR)\$(XMLSEC_MSCRYPTO_SO) $(SOPREFIX)
+ if exist $(BINDIR)\$(XMLSEC_MSCRYPTO_SO_MANIFEST) copy $(BINDIR)\$(XMLSEC_MSCRYPTO_SO_MANIFEST) $(SOPREFIX)
+ if exist $(BINDIR)\$(XMLSEC_MSCRYPTO_A) copy $(BINDIR)\$(XMLSEC_MSCRYPTO_A) $(LIBPREFIX)
+ if exist $(BINDIR)\$(XMLSEC_MSCRYPTO_IMP) copy $(BINDIR)\$(XMLSEC_MSCRYPTO_IMP) $(LIBPREFIX)
+ if exist $(BINDIR)\$(APP_NAME) copy $(BINDIR)\$(APP_NAME) $(BINPREFIX)
+ if exist $(BINDIR)\$(APP_NAME_MANIFEST) copy $(BINDIR)\$(APP_NAME_MANIFEST) $(BINPREFIX)
+
+uninstall :
+ if exist $(INCPREFIX)\$(XMLSEC_NAME) rmdir /S /Q $(INCPREFIX)\$(XMLSEC_NAME)
+ if exist $(SOPREFIX)\$(XMLSEC_SO) del /F /S /Q $(SOPREFIX)\$(XMLSEC_SO)
+ if exist $(SOPREFIX)\$(XMLSEC_SO_MANIFEST) del /F /S /Q $(SOPREFIX)\$(XMLSEC_SO)
+ if exist $(LIBPREFIX)\$(XMLSEC_A) del /F /S /Q $(LIBPREFIX)\$(XMLSEC_A)
+ if exist $(LIBPREFIX)\$(XMLSEC_IMP) del /F /S /Q $(LIBPREFIX)\$(XMLSEC_IMP)
+ if exist $(SOPREFIX)\$(XMLSEC_OPENSSL_SO) del /F /S /Q $(SOPREFIX)\$(XMLSEC_OPENSSL_SO)
+ if exist $(SOPREFIX)\$(XMLSEC_OPENSSL_SO_MANIFEST) del /F /S /Q $(SOPREFIX)\$(XMLSEC_OPENSSL_SO)
+ if exist $(LIBPREFIX)\$(XMLSEC_OPENSSL_A) del /F /S /Q $(LIBPREFIX)\$(XMLSEC_OPENSSL_A)
+ if exist $(LIBPREFIX)\$(XMLSEC_OPENSSL_IMP) del /F /S /Q $(LIBPREFIX)\$(XMLSEC_OPENSSL_IMP)
+ if exist $(SOPREFIX)\$(XMLSEC_NSS_SO) del /F /S /Q $(SOPREFIX)\$(XMLSEC_NSS_SO)
+ if exist $(SOPREFIX)\$(XMLSEC_NSS_SO_MANIFEST) del /F /S /Q $(SOPREFIX)\$(XMLSEC_NSS_SO)
+ if exist $(LIBPREFIX)\$(XMLSEC_NSS_A) del /F /S /Q $(LIBPREFIX)\$(XMLSEC_NSS_A)
+ if exist $(LIBPREFIX)\$(XMLSEC_NSS_IMP) del /F /S /Q $(LIBPREFIX)\$(XMLSEC_NSS_IMP)
+ if exist $(SOPREFIX)\$(XMLSEC_MSCRYPTO_SO) del /F /S /Q $(SOPREFIX)\$(XMLSEC_MSCRYPTO_SO)
+ if exist $(SOPREFIX)\$(XMLSEC_MSCRYPTO_SO_MANIFEST) del /F /S /Q $(SOPREFIX)\$(XMLSEC_MSCRYPTO_SO)
+ if exist $(LIBPREFIX)\$(XMLSEC_MSCRYPTO_A) del /F /S /Q $(LIBPREFIX)\$(XMLSEC_MSCRYPTO_A)
+ if exist $(LIBPREFIX)\$(XMLSEC_MSCRYPTO_IMP) del /F /S /Q $(LIBPREFIX)\$(XMLSEC_MSCRYPTO_IMP)
+ if exist $(BINPREFIX)\$(APP_NAME) del /F /S /Q $(BINPREFIX)\$(APP_NAME)
+ if exist $(BINPREFIX)\$(APP_NAME_MANIFEST) del /F /S /Q $(BINPREFIX)\$(APP_NAME_MANIFEST)
+
+# This is a target for me, to make a binary distribution. Not for the public use,
+# keep your hands off :-)
+BDVERSION = $(XMLSEC_VERSION_MAJOR).$(XMLSEC_VERSION_MINOR).$(XMLSEC_VERSION_SUBMINOR)
+BDPREFIX = $(XMLSEC_BASENAME)-$(BDVERSION).win32
+bindist : all
+ $(MAKE) /nologo PREFIX=$(BDPREFIX) SOPREFIX=$(BDPREFIX)\bin install
+ cscript //NoLogo configure.js genreadme $(XMLSEC_BASENAME) $(BDVERSION) $(BDPREFIX)\readme.txt
+
+# Makes the compiler output directory.
+$(BINDIR) :
+ if not exist $(BINDIR) mkdir $(BINDIR)
+
+# Makes intermediate directories.
+$(XMLSEC_APPS_INTDIR) :
+ if not exist $(XMLSEC_APPS_INTDIR) mkdir $(XMLSEC_APPS_INTDIR)
+$(XMLSEC_APPS_INTDIR_A) :
+ if not exist $(XMLSEC_APPS_INTDIR_A) mkdir $(XMLSEC_APPS_INTDIR_A)
+
+$(XMLSEC_INTDIR) :
+ if not exist $(XMLSEC_INTDIR) mkdir $(XMLSEC_INTDIR)
+$(XMLSEC_INTDIR_A) :
+ if not exist $(XMLSEC_INTDIR_A) mkdir $(XMLSEC_INTDIR_A)
+
+$(XMLSEC_OPENSSL_INTDIR) :
+ if not exist $(XMLSEC_OPENSSL_INTDIR) mkdir $(XMLSEC_OPENSSL_INTDIR)
+$(XMLSEC_OPENSSL_INTDIR_A) :
+ if not exist $(XMLSEC_OPENSSL_INTDIR_A) mkdir $(XMLSEC_OPENSSL_INTDIR_A)
+
+$(XMLSEC_NSS_INTDIR) :
+ if not exist $(XMLSEC_NSS_INTDIR) mkdir $(XMLSEC_NSS_INTDIR)
+$(XMLSEC_NSS_INTDIR_A) :
+ if not exist $(XMLSEC_NSS_INTDIR_A) mkdir $(XMLSEC_NSS_INTDIR_A)
+
+$(XMLSEC_MSCRYPTO_INTDIR) :
+ if not exist $(XMLSEC_MSCRYPTO_INTDIR) mkdir $(XMLSEC_MSCRYPTO_INTDIR)
+$(XMLSEC_MSCRYPTO_INTDIR_A) :
+ if not exist $(XMLSEC_MSCRYPTO_INTDIR_A) mkdir $(XMLSEC_MSCRYPTO_INTDIR_A)
+
+# An implicit rule for xmlsec compilation.
+{$(APPS_SRCDIR)}.c{$(XMLSEC_APPS_INTDIR)}.obj::
+ $(CC) $(CFLAGS) $(APP_CFLAGS) /Fo$(XMLSEC_APPS_INTDIR)\ /c $<
+
+{$(XMLSEC_SRCDIR)}.c{$(XMLSEC_INTDIR)}.obj::
+ $(CC) $(CFLAGS) /Fo$(XMLSEC_INTDIR)\ /c $<
+
+{$(XMLSEC_SRCDIR)}.c{$(XMLSEC_OPENSSL_INTDIR)}.obj::
+ $(CC) $(CFLAGS) $(XMLSEC_OPENSSL_CFLAGS) /Fo$(XMLSEC_OPENSSL_INTDIR)\ /c $<
+{$(XMLSEC_OPENSSL_SRCDIR)}.c{$(XMLSEC_OPENSSL_INTDIR)}.obj::
+ $(CC) $(CFLAGS) $(XMLSEC_OPENSSL_CFLAGS) /Fo$(XMLSEC_OPENSSL_INTDIR)\ /c $<
+
+{$(XMLSEC_SRCDIR)}.c{$(XMLSEC_NSS_INTDIR)}.obj::
+ $(CC) $(CFLAGS) $(XMLSEC_NSS_CFLAGS) /Fo$(XMLSEC_NSS_INTDIR)\ /c $<
+{$(XMLSEC_NSS_SRCDIR)}.c{$(XMLSEC_NSS_INTDIR)}.obj::
+ $(CC) $(CFLAGS) $(XMLSEC_NSS_CFLAGS) /Fo$(XMLSEC_NSS_INTDIR)\ /c $<
+
+{$(XMLSEC_SRCDIR)}.c{$(XMLSEC_MSCRYPTO_INTDIR)}.obj::
+ $(CC) $(CFLAGS) $(XMLSEC_MSCRYPTO_CFLAGS) /Fo$(XMLSEC_MSCRYPTO_INTDIR)\ /c $<
+{$(XMLSEC_MSCRYPTO_SRCDIR)}.c{$(XMLSEC_MSCRYPTO_INTDIR)}.obj::
+ $(CC) $(CFLAGS) $(XMLSEC_MSCRYPTO_CFLAGS) /Fo$(XMLSEC_MSCRYPTO_INTDIR)\ /c $<
+
+# An implicit rule for static xmlsec compilation.
+{$(APPS_SRCDIR)}.c{$(XMLSEC_APPS_INTDIR_A)}.obj::
+ $(CC) /D "LIBXML_STATIC" /D "LIBXSLT_STATIC" /D "XMLSEC_STATIC" \
+ $(CFLAGS) $(APP_CFLAGS) /Fo$(XMLSEC_APPS_INTDIR_A)\ /c $<
+
+{$(XMLSEC_SRCDIR)}.c{$(XMLSEC_INTDIR_A)}.obj::
+ $(CC) /D "LIBXML_STATIC" /D "LIBXSLT_STATIC" /D "XMLSEC_STATIC" \
+ $(CFLAGS) /Fo$(XMLSEC_INTDIR_A)\ /c $<
+
+{$(XMLSEC_SRCDIR)}.c{$(XMLSEC_OPENSSL_INTDIR_A)}.obj::
+ $(CC) /D "LIBXML_STATIC" /D "LIBXSLT_STATIC" /D "XMLSEC_STATIC" \
+ $(CFLAGS) $(XMLSEC_OPENSSL_CFLAGS) /Fo$(XMLSEC_OPENSSL_INTDIR_A)\ /c $<
+{$(XMLSEC_OPENSSL_SRCDIR)}.c{$(XMLSEC_OPENSSL_INTDIR_A)}.obj::
+ $(CC) /D "LIBXML_STATIC" /D "LIBXSLT_STATIC" /D "XMLSEC_STATIC" \
+ $(CFLAGS) $(XMLSEC_OPENSSL_CFLAGS) /Fo$(XMLSEC_OPENSSL_INTDIR_A)\ /c $<
+
+{$(XMLSEC_SRCDIR)}.c{$(XMLSEC_NSS_INTDIR_A)}.obj::
+ $(CC) /D "LIBXML_STATIC" /D "LIBXSLT_STATIC" /D "XMLSEC_STATIC" \
+ $(CFLAGS) $(XMLSEC_NSS_CFLAGS) /Fo$(XMLSEC_NSS_INTDIR_A)\ /c $<
+{$(XMLSEC_NSS_SRCDIR)}.c{$(XMLSEC_NSS_INTDIR_A)}.obj::
+ $(CC) /D "LIBXML_STATIC" /D "LIBXSLT_STATIC" /D "XMLSEC_STATIC" \
+ $(CFLAGS) $(XMLSEC_NSS_CFLAGS) /Fo$(XMLSEC_NSS_INTDIR_A)\ /c $<
+
+{$(XMLSEC_SRCDIR)}.c{$(XMLSEC_MSCRYPTO_INTDIR_A)}.obj::
+ $(CC) /D "LIBXML_STATIC" /D "LIBXSLT_STATIC" /D "XMLSEC_STATIC" \
+ $(CFLAGS) $(XMLSEC_MSCRYPTO_CFLAGS) /Fo$(XMLSEC_MSCRYPTO_INTDIR_A)\ /c $<
+{$(XMLSEC_MSCRYPTO_SRCDIR)}.c{$(XMLSEC_MSCRYPTO_INTDIR_A)}.obj::
+ $(CC) /D "LIBXML_STATIC" /D "LIBXSLT_STATIC" /D "XMLSEC_STATIC" \
+ $(CFLAGS) $(XMLSEC_MSCRYPTO_CFLAGS) /Fo$(XMLSEC_MSCRYPTO_INTDIR_A)\ /c $<
+
+# Compiles xmlsec source. Uses the implicit rule for commands.
+$(XMLSEC_OBJS) : $(XMLSEC_INTDIR)
+$(XMLSEC_OBJS_A) : $(XMLSEC_INTDIR_A)
+
+$(XMLSEC_OPENSSL_OBJS) : $(XMLSEC_OPENSSL_INTDIR)
+$(XMLSEC_OPENSSL_OBJS_A) : $(XMLSEC_OPENSSL_INTDIR_A)
+
+$(XMLSEC_NSS_OBJS) : $(XMLSEC_NSS_INTDIR)
+$(XMLSEC_NSS_OBJS_A) : $(XMLSEC_NSS_INTDIR_A)
+
+$(XMLSEC_MSCRYPTO_OBJS) : $(XMLSEC_MSCRYPTO_INTDIR)
+$(XMLSEC_MSCRYPTO_OBJS_A) : $(XMLSEC_MSCRYPTO_INTDIR_A)
+
+# Creates the shared objects and archives.
+$(BINDIR)\$(XMLSEC_SO) : $(BINDIR) $(XMLSEC_OBJS)
+ $(LD) $(LDFLAGS) /DLL /VERSION:$(XMLSEC_VERSION_MAJOR).$(XMLSEC_VERSION_MINOR) \
+ /IMPLIB:$(BINDIR)\$(XMLSEC_IMP) /OUT:$(BINDIR)\$(XMLSEC_SO) \
+ $(XMLSEC_OBJS) $(SOLIBS)
+$(BINDIR)\$(XMLSEC_A) : $(BINDIR) $(XMLSEC_OBJS_A)
+ $(AR) $(ARFLAGS) /OUT:$(BINDIR)\$(XMLSEC_A) $(XMLSEC_OBJS_A)
+
+$(BINDIR)\$(XMLSEC_OPENSSL_SO) : $(BINDIR) $(XMLSEC_OPENSSL_OBJS)
+ $(LD) $(LDFLAGS) /DLL /VERSION:$(XMLSEC_VERSION_MAJOR).$(XMLSEC_VERSION_MINOR) \
+ /IMPLIB:$(BINDIR)\$(XMLSEC_OPENSSL_IMP) /OUT:$(BINDIR)\$(XMLSEC_OPENSSL_SO) \
+ $(XMLSEC_OPENSSL_OBJS) $(XMLSEC_IMP) $(SOLIBS) $(XMLSEC_OPENSSL_SOLIBS)
+$(BINDIR)\$(XMLSEC_OPENSSL_A) : $(BINDIR) $(XMLSEC_OPENSSL_OBJS_A)
+ $(AR) $(ARFLAGS) /OUT:$(BINDIR)\$(XMLSEC_OPENSSL_A) $(XMLSEC_OPENSSL_OBJS_A)
+
+$(BINDIR)\$(XMLSEC_NSS_SO) : $(BINDIR) $(XMLSEC_NSS_OBJS)
+ $(LD) $(LDFLAGS) /DLL /VERSION:$(XMLSEC_VERSION_MAJOR).$(XMLSEC_VERSION_MINOR) \
+ /IMPLIB:$(BINDIR)\$(XMLSEC_NSS_IMP) /OUT:$(BINDIR)\$(XMLSEC_NSS_SO) \
+ $(XMLSEC_NSS_OBJS) $(XMLSEC_IMP) $(SOLIBS) $(XMLSEC_NSS_SOLIBS)
+$(BINDIR)\$(XMLSEC_NSS_A) : $(BINDIR) $(XMLSEC_NSS_OBJS_A)
+ $(AR) $(ARFLAGS) /OUT:$(BINDIR)\$(XMLSEC_NSS_A) $(XMLSEC_NSS_OBJS_A)
+
+$(BINDIR)\$(XMLSEC_MSCRYPTO_SO) : $(BINDIR) $(XMLSEC_MSCRYPTO_OBJS)
+ $(LD) $(LDFLAGS) /DLL /VERSION:$(XMLSEC_VERSION_MAJOR).$(XMLSEC_VERSION_MINOR) \
+ /IMPLIB:$(BINDIR)\$(XMLSEC_MSCRYPTO_IMP) /OUT:$(BINDIR)\$(XMLSEC_MSCRYPTO_SO) \
+ $(XMLSEC_MSCRYPTO_OBJS) $(XMLSEC_IMP) $(SOLIBS) $(XMLSEC_MSCRYPTO_SOLIBS)
+$(BINDIR)\$(XMLSEC_MSCRYPTO_A) : $(BINDIR) $(XMLSEC_MSCRYPTO_OBJS_A)
+ $(AR) $(ARFLAGS) /OUT:$(BINDIR)\$(XMLSEC_MSCRYPTO_A) $(XMLSEC_MSCRYPTO_OBJS_A)
+
+# An implicit rule for xmlsec command line tool
+$(BINDIR)\xmlseca.exe: $(BINDIR) $(XMLSEC_APPS_OBJS_A)
+ $(LD) $(LDFLAGS) /OUT:$@ $(XMLSEC_A) $(XMLSEC_CRYPTO_A) $(APP_LIBS) $(XMLSEC_APPS_OBJS_A)
+$(BINDIR)\xmlsec.exe: $(BINDIR) $(XMLSEC_APPS_OBJS)
+ $(LD) $(LDFLAGS) /OUT:$@ $(XMLSEC_IMP) $(XMLSEC_CRYPTO_IMP) $(APP_LIBS) $(XMLSEC_APPS_OBJS)
+
+# Builds xmlsec and friends. Uses the implicit rule for commands.
+$(BINDIR)\$(APP_NAME) : $(BINDIR) xmlsec xmlseca
+
+# Source dependences should be autogenerated somehow here, but how to
+# do it? I have no clue.
+
diff --git a/win32/README.txt b/win32/README.txt
new file mode 100644
index 00000000..511aa16b
--- /dev/null
+++ b/win32/README.txt
@@ -0,0 +1,168 @@
+
+ Windows port
+ ------------
+
+This directory contains the files required to build this software on the
+native Windows platform.
+
+As a rule of thumb, the root of this directory contains files needed
+to build the library using the command-line tools, while various
+subdirectories contain project files for various IDEs.
+
+
+ 1. Building the library
+ ================================= ============
+
+Building from command line is the easiest, preferred and the only
+currently supported method.
+
+In order to build from the command-line you need to make sure that
+your compiler works from the command line. This is not always the
+case, often the required environment variables are missing. If you are
+not sure, test if this works first. If it doesn't, you will first have
+to configure your compiler suite to run from the command-line - please
+refer to your compiler's documentation regarding that.
+
+The first thing you want to do is configure the source. You can have
+the configuration script do this automatically for you. The
+configuration script is written in JScript, a Microsoft's
+implementation of the ECMA scripting language. Almost every Windows
+machine can execute this through the Windows Scripting Host. If your
+system lacks the ability to execute JScript for some reason, you must
+perform the configuration manually.
+
+The second step is compiling the source and, optionally, installing it
+to the location of your choosing.
+
+
+ 1.1 Configuring the source automatically
+ ----------------------------------------
+
+The configuration script accepts numerous options. Some of these
+affect features which will be available in the compiled software,
+others affect the way the software is built and installed. To see a
+full list of options supported by the configuration script, run
+
+ cscript configure.js help
+
+from the win32 subdirectory. The configuration script will present you
+the options it accepts and give a biref explanation of these. In every
+case you will have two sets of options. The first set is specific to
+the software you are building and the second one is specific to the
+Windows port.
+
+Once you have decided which options suit you, run the script with that
+options. Here is an example:
+
+ cscript configure.js prefix=c:\opt include=c:\opt\include
+ lib=c:\opt\lib debug=yes
+
+The previous example will configure the process to install the library
+in c:\opt, use c:\opt\include and c:\opt\lib as additional search
+paths for the compiler and the linker and build executables with debug
+symbols.
+
+Note: Please do not use path names which contain spaces. This will
+fail. Allowing this would require me to put almost everything in the
+Makefile in quotas and that looks quite ugly with my
+syntax-highlighting engine. If you absolutely must use spaces in paths
+send me an email and tell me why. If there are enough of you out there
+who need this, or if a single one has a very good reason, I will
+modify the Makefile to allow spaces in paths.
+
+
+ 1.2 (Not) Configuring the source manually
+ -----------------------------------------
+
+The manual configuration is pretty straightforward, but I would
+suggest rather to get a JScript engine and let the configure script do
+it for you. This process involves editing the apropriate Makefile to
+suit your needs, as well as manually generating certain *.h files from
+their *.h.in sources.
+
+If you really have no idea what I am talking about and ask yourself
+what in Gods name do I mean with '*.h files and their *.h.in sources',
+then you really should do an automatic configuration. Which files must
+be generated and what needs to be done with their sources in order to
+generate them is something people who have built this software before
+allready know. You will not find any explanations for that
+here. Please configure the source manually only if you allready know
+what you must do. Otherwise, you have the choice of either getting a
+precompiled binary distribution, or performing the automatic
+configuration.
+
+ 1.3 Compiling
+ -------------
+
+After the configuration stage has been completed, you want to build
+the software. To do that, type
+
+ nmake
+
+in the win32 subdirectory.When the building completes, you will find
+the executable files in win32\binaries directory.
+
+You can install the software into the directory you specified to the
+configure script during the configure stage by typing
+
+ nmake install
+
+That would be it, enjoy.
+
+ 2. Building your appliation
+ ================================= ============
+
+On Windows there is no easy way to automatically configure compilation
+options or paths. You have to do everything manualy. Start up your
+favorite IDE or text editor and read on.
+
+ 2.1 Global Defines.
+ ------------- ------------- ------------- ------
+
+If you want to use automatic crypto library configuration (xmlsec/crypto.h file)
+you need to add one of the following global defines:
+
+ #define XMLSEC_CRYPTO_OPENSSL
+ #define XMLSEC_CRYPTO_GNUTLS
+ #define XMLSEC_CRYPTO_NSS
+
+Also you'll need to define all configuration parameters used during XML Security
+Library compilation (XMLSEC_OPENSSL_096, XMLSEC_NO_AES, XMLSEC_NO_X509,...).
+
+ 2.1 Additional Global Defines for static linking.
+ ------------- ------------- ------------- ------
+
+Also if you (*and only if*) are linking libraries staticaly, you'll need to add following
+global defines:
+
+ 2.2 Setting include and library paths.
+ ------------- ------------- ------------- ------
+
+As usual, you need to have correct include and library paths to xmlsec, libxml,
+libxslt, iconv, openssl or any other library used in your application.
+
+ 2.3 Selecting correct Windows runtime libraries.
+ ------------- ------------- ------------- ------
+
+Windows basically has 6 different C runtimes. The first one is called libc.lib
+and can only be linked to statically and used only in single-threaded mode.
+The second one is also can only be linked staticaly and used in multi-threaded
+mode. The third one is called msvcrt.dll and can only be linked to dynamically.
+These three then live in their debug and release incarnations, which results in
+six C runtimes. The rule is simple: exactly the same runtime must be used
+throughout the application. Client code *MUST* use the same runtime as XMLSec,
+LibXML, LibXSLT, OpenSSL or any other library used.
+
+If you downloaded XMLSec, LibXML, LibXSLT and OpenSSL binaries from Igor's
+page then all libraries are all linked to msvcrt.dll ("Multithreaded DLL"
+(NOT DEBUG!); /MD compiler switch). The click-next click-finish wizardry
+from Visual Studio chooses the single-threaded libc.lib as the default
+when you create a new project. And this causes great problems because
+you program crashes on first IO operation, first malloc/free from different
+runtimes or something even more trivial.
+
+Do not forget that if you need a different runtime for some reason, then
+you MUST recompile not only XMLSec, but LibXML, LibXSLT and OpenSSL as well.
+
+
+March 2002, Igor Zlatkovic <igor@stud.fh-frankfurt.de>
diff --git a/win32/configure.js b/win32/configure.js
new file mode 100644
index 00000000..c5551f17
--- /dev/null
+++ b/win32/configure.js
@@ -0,0 +1,395 @@
+/* Configure script for xmlsec, specific for Windows with Scripting Host.
+ *
+ * This script will configure the libxmlsec build process and create necessary files.
+ * Run it with an 'help', or an invalid option and it will tell you what options
+ * it accepts.
+ *
+ * March 2002, Igor Zlatkovic <igor@stud.fh-frankfurt.de>
+ * Created for LibXML and LibXSLT
+ * April 2002, Aleksey Sanin <aleksey@aleksey.com>
+ * Modified for XMLSec Libary
+ */
+
+/* The source directory, relative to the one where this file resides. */
+var baseDir = "..";
+var srcDir = baseDir + "\\src";
+var srcDirApps = baseDir + "\\apps";
+/* The directory where we put the binaries after compilation. */
+var binDir = "binaries";
+/* Base name of what we are building. */
+var baseName = "libxmlsec";
+
+/* Configure file which contains the version and the output file where
+ we can store our build configuration. */
+var configFile = baseDir + "\\configure.in";
+var versionFile = ".\\configure.txt";
+
+/* Input and output files regarding the lib(e)xml features. The second
+ output file is there for the compatibility reasons, otherwise it
+ is identical to the first. */
+var optsFileIn = baseDir + "\\config.h.in";
+var optsFile = baseDir + "\\config.h";
+
+/* Version strings for the binary distribution. Will be filled later
+ in the code. */
+var verMajorXmlSec;
+var verMinorXmlSec;
+var verMicroXmlSec;
+
+/* Libxmlsec features. */
+var withCrypto = "openssl";
+var withDefaultCrypto = "openssl";
+var withOpenSSL = 0;
+var withOpenSSLVersion = "";
+var withNss = 0;
+var withMSCrypto = 0;
+var withLibXSLT = 1;
+var withIconv = 1;
+var withNT4 = 1;
+
+/* Win32 build options. */
+var buildUnicode = 1;
+var buildDebug = 0;
+var buildStatic = 1;
+var buildWithDLSupport = 1;
+var buildPrefix = ".";
+var buildBinPrefix = "$(PREFIX)\\bin";
+var buildIncPrefix = "$(PREFIX)\\include";
+var buildLibPrefix = "$(PREFIX)\\lib";
+var buildSoPrefix = "$(PREFIX)\\lib";
+var buildInclude = ".";
+var buildLib = ".";
+/* Local stuff */
+var error = 0;
+
+/* Helper function, transforms the option variable into the 'Enabled'
+ or 'Disabled' string. */
+function boolToStr(opt)
+{
+ if (opt == false)
+ return "Disabled";
+ else if (opt == true)
+ return "Enabled";
+ error = 1;
+ return "Undefined";
+}
+
+/* Helper function, transforms the argument string into the boolean
+ value. */
+function strToBool(opt)
+{
+ if (opt == "0" || opt == "no")
+ return false;
+ else if (opt == "1" || opt == "yes")
+ return true;
+ error = 1;
+ return false;
+}
+
+/* Displays the details about how to use this script. */
+function usage()
+{
+ var txt;
+ txt = "Usage:\n";
+ txt += " cscript " + WScript.ScriptName + " <options>\n";
+ txt += " cscript " + WScript.ScriptName + " help\n\n";
+ txt += "Options can be specified in the form <option>=<value>, where the value is\n";
+ txt += "either 'yes' or 'no'.\n\n";
+ txt += "XmlSec Library options, default value given in parentheses:\n\n";
+ txt += " crypto: Crypto engines list, first is default: \"openssl\",\n";
+ txt += " \"openssl=096\", \"openssl=097\", \"openssl=098\", \n";
+ txt += " \"nss\", \"mscrypto\" (\"" + withCrypto + "\");\n"
+ txt += " xslt: LibXSLT is used (" + (withLibXSLT? "yes" : "no") + ")\n";
+ txt += " iconv: Use the iconv library (" + (withIconv? "yes" : "no") + ")\n";
+ txt += " nt4: Enable NT 4.0 support (" + (withNT4? "yes" : "no") + ")\n";
+ txt += "\nWin32 build options, default value given in parentheses:\n\n";
+ txt += " unicode: Build Unicode version (" + (buildUnicode? "yes" : "no") + ")\n";
+ txt += " debug: Build unoptimised debug executables (" + (buildDebug? "yes" : "no") + ")\n";
+ txt += " static: Link libxmlsec statically to xmlsec (" + (buildStatic? "yes" : "no") + ")\n";
+ txt += " with-dl: Enable dynamic loading of xmlsec-crypto libraries (" + (buildWithDLSupport? "yes" : "no") + ")\n";
+ txt += " prefix: Base directory for the installation (" + buildPrefix + ")\n";
+ txt += " bindir: Directory where xmlsec and friends should be installed\n";
+ txt += " (" + buildBinPrefix + ")\n";
+ txt += " incdir: Directory where headers should be installed\n";
+ txt += " (" + buildIncPrefix + ")\n";
+ txt += " libdir: Directory where static and import libraries should be\n";
+ txt += " installed (" + buildLibPrefix + ")\n";
+ txt += " sodir: Directory where shared libraries should be installed\n";
+ txt += " (" + buildSoPrefix + ")\n";
+ txt += " include: Additional search path for the compiler, particularily\n";
+ txt += " where libxml headers can be found (" + buildInclude + ")\n";
+ txt += " lib: Additional search path for the linker, particularily\n";
+ txt += " where libxml library can be found (" + buildLib + ")\n";
+ WScript.Echo(txt);
+}
+
+/* Discovers the version we are working with by reading the apropriate
+ configuration file. Despite its name, this also writes the configuration
+ file included by our makefile. */
+function discoverVersion()
+{
+ var fso, cf, vf, ln, s;
+
+ fso = new ActiveXObject("Scripting.FileSystemObject");
+ cf = fso.OpenTextFile(configFile, 1);
+ vf = fso.CreateTextFile(versionFile, true);
+ vf.WriteLine("# " + versionFile);
+ vf.WriteLine("# This file is generated automatically by " + WScript.ScriptName + ".");
+ vf.WriteBlankLines(1);
+ while (cf.AtEndOfStream != true) {
+ ln = cf.ReadLine();
+ s = new String(ln);
+ if (s.search(/^XMLSEC_VERSION_MAJOR/) != -1) {
+ WScript.Echo(verMajorXmlSec);
+ vf.WriteLine(s);
+ verMajorXmlSec = s.substring(s.indexOf("=") + 1, s.length)
+ } else if(s.search(/^XMLSEC_VERSION_MINOR/) != -1) {
+ vf.WriteLine(s);
+ verMinorXmlSec = s.substring(s.indexOf("=") + 1, s.length)
+ } else if(s.search(/^XMLSEC_VERSION_SUBMINOR/) != -1) {
+ vf.WriteLine(s);
+ verMicroXmlSec = s.substring(s.indexOf("=") + 1, s.length)
+ }
+ }
+ cf.Close();
+ vf.WriteLine("BASEDIR=" + baseDir);
+ vf.WriteLine("XMLSEC_SRCDIR=" + srcDir);
+ vf.WriteLine("APPS_SRCDIR=" + srcDirApps);
+ vf.WriteLine("BINDIR=" + binDir);
+ vf.WriteLine("WITH_CRYPTO=" + withCrypto);
+ vf.WriteLine("WITH_DEFAULT_CRYPTO=" + withDefaultCrypto);
+ vf.WriteLine("WITH_OPENSSL=" + withOpenSSL);
+ vf.WriteLine("WITH_OPENSSL_VERSION=XMLSEC_OPENSSL_" + withOpenSSLVersion);
+ vf.WriteLine("WITH_NSS=" + withNss);
+ vf.WriteLine("WITH_MSCRYPTO=" + withMSCrypto);
+ vf.WriteLine("WITH_LIBXSLT=" + (withLibXSLT ? "1" : "0"));
+ vf.WriteLine("WITH_ICONV=" + (withIconv ? "1" : "0"));
+ vf.WriteLine("WITH_NT4=" + (withNT4 ? "1" : "0"));
+ vf.WriteLine("UNICODE=" + (buildUnicode? "1" : "0"));
+ vf.WriteLine("DEBUG=" + (buildDebug? "1" : "0"));
+ vf.WriteLine("STATIC=" + (buildStatic? "1" : "0"));
+ vf.WriteLine("WITH_DL=" + (buildWithDLSupport ? "1" : "0"));
+ vf.WriteLine("PREFIX=" + buildPrefix);
+ vf.WriteLine("BINPREFIX=" + buildBinPrefix);
+ vf.WriteLine("INCPREFIX=" + buildIncPrefix);
+ vf.WriteLine("LIBPREFIX=" + buildLibPrefix);
+ vf.WriteLine("SOPREFIX=" + buildSoPrefix);
+ vf.WriteLine("INCLUDE=$(INCLUDE);" + buildInclude);
+ vf.WriteLine("LIB=$(LIB);" + buildLib);
+ vf.Close();
+}
+
+/* Configures xmlsec. This one will generate config.h from config.h.in
+ taking what the user passed on the command line into account. */
+function configureXmlSec()
+{
+ var fso, ofi, of, ln, s;
+ fso = new ActiveXObject("Scripting.FileSystemObject");
+ ofi = fso.OpenTextFile(optsFileIn, 1);
+ of = fso.CreateTextFile(optsFile, true);
+ while (ofi.AtEndOfStream != true) {
+ ln = ofi.ReadLine();
+ s = new String(ln);
+ if (s.search(/\@VERSION\@/) != -1) {
+ of.WriteLine(s.replace(/\@VERSION\@/,
+ verMajorXmlSec + "." + verMinorXmlSec + "." + verMicroXmlSec));
+ } else if (s.search(/\@XMLSECVERSION_NUMBER\@/) != -1) {
+ of.WriteLine(s.replace(/\@XMLSECVERSION_NUMBER\@/,
+ verMajorXmlSec*10000 + verMinorXmlSec*100 + verMicroXmlSec*1));
+ } else
+ of.WriteLine(ln);
+ }
+ ofi.Close();
+ of.Close();
+}
+
+/* Creates the readme file for the binary distribution of 'bname', for the
+ version 'ver' in the file 'file'. This one is called from the Makefile when
+ generating a binary distribution. The parameters are passed by make. */
+function genReadme(bname, ver, file)
+{
+ var fso, f;
+ fso = new ActiveXObject("Scripting.FileSystemObject");
+ f = fso.CreateTextFile(file, true);
+ f.WriteLine(" " + bname + " " + ver);
+ f.WriteLine(" --------------");
+ f.WriteBlankLines(1);
+ f.WriteLine(" This is " + bname + ", version " + ver + ", binary package for the native Win32/IA32");
+ f.WriteLine("platform.");
+ f.WriteBlankLines(1);
+ f.WriteLine(" The files in this package do not require any special installation");
+ f.WriteLine("steps. Extract the contents of the archive whereever you wish and");
+ f.WriteLine("make sure that your tools which use " + bname + " can find it.");
+ f.WriteBlankLines(1);
+ f.WriteLine(" For example, if you want to run the supplied utilities from the command");
+ f.WriteLine("line, you can, if you wish, add the 'bin' subdirectory to the PATH");
+ f.WriteLine("environment variable.");
+ f.WriteLine(" If you want to make programmes in C which use " + bname + ", you'll");
+ f.WriteLine("likely know how to use the contents of this package. If you don't, please");
+ f.WriteLine("refer to your compiler's documentation.");
+ f.WriteBlankLines(1);
+ f.WriteLine(" If there is something you cannot keep for yourself, such as a problem,");
+ f.WriteLine("a cheer of joy, a comment or a suggestion, feel free to contact me using");
+ f.WriteLine("the address below.");
+ f.WriteBlankLines(1);
+ f.WriteLine("Igor Zlatkovic (igor@zlatkovic.com)");
+ f.Close();
+}
+
+/*
+ * main(),
+ * Execution begins here.
+ */
+
+/* Parse the command-line arguments. */
+for (i = 0; (i < WScript.Arguments.length) && (error == 0); i++) {
+ var arg, opt;
+ arg = WScript.Arguments(i);
+ opt = arg.substring(0, arg.indexOf("="));
+ if (opt.length == 0)
+ opt = arg.substring(0, arg.indexOf(":"));
+ if (opt.length > 0) {
+ if (opt == "crypto")
+ withCrypto = arg.substring(opt.length + 1, arg.length);
+ else if (opt == "xslt")
+ withLibXSLT = strToBool(arg.substring(opt.length + 1, arg.length));
+ else if (opt == "iconv")
+ withIconv = strToBool(arg.substring(opt.length + 1, arg.length));
+ else if (opt == "nt4")
+ withNT4 = strToBool(arg.substring(opt.length + 1, arg.length));
+ else if (opt == "unicode")
+ buildUnicode = strToBool(arg.substring(opt.length + 1, arg.length));
+ else if (opt == "debug")
+ buildDebug = strToBool(arg.substring(opt.length + 1, arg.length));
+ else if (opt == "static")
+ buildStatic = strToBool(arg.substring(opt.length + 1, arg.length));
+ else if (opt == "with-dl")
+ buildWithDLSupport = strToBool(arg.substring(opt.length + 1, arg.length));
+ else if (opt == "prefix")
+ buildPrefix = arg.substring(opt.length + 1, arg.length);
+ else if (opt == "incdir")
+ buildIncPrefix = arg.substring(opt.length + 1, arg.length);
+ else if (opt == "bindir")
+ buildBinPrefix = arg.substring(opt.length + 1, arg.length);
+ else if (opt == "libdir")
+ buildLibPrefix = arg.substring(opt.length + 1, arg.length);
+ else if (opt == "sodir")
+ buildSoPrefix = arg.substring(opt.length + 1, arg.length);
+ else if (opt == "incdir")
+ buildIncPrefix = arg.substring(opt.length + 1, arg.length);
+ else if (opt == "include")
+ buildInclude = arg.substring(opt.length + 1, arg.length);
+ else if (opt == "lib")
+ buildLib = arg.substring(opt.length + 1, arg.length);
+ else
+ error = 1;
+ } else if (i == 0) {
+ if (arg == "genreadme") {
+ // This command comes from the Makefile and will not be checked
+ // for errors, because Makefile will always supply right parameters.
+ genReadme(WScript.Arguments(1), WScript.Arguments(2), WScript.Arguments(3));
+ WScript.Quit(0);
+ } else if (arg == "help") {
+ usage();
+ WScript.Quit(0);
+ }
+ } else
+ error = 1;
+}
+// If we have an error here, it is because the user supplied bad parameters.
+if (error != 0) {
+ usage();
+ WScript.Quit(error);
+}
+
+// Discover crypto support
+var crlist, j, curcrypto;
+crlist = withCrypto.split(",");
+withCrypto = "";
+withDefaultCrypto = "";
+for (j = 0; j < crlist.length; j++) {
+ if (crlist[j] == "openssl") {
+ curcrypto="openssl";
+ withOpenSSL = 1;
+ withOpenSSLVersion = "098"; /* default */
+ } else if (crlist[j] == "openssl=096") {
+ curcrypto="openssl";
+ withOpenSSL = 1;
+ withOpenSSLVersion = "096";
+ } else if (crlist[j] == "openssl=097") {
+ curcrypto="openssl";
+ withOpenSSL = 1;
+ withOpenSSLVersion = "097";
+ } else if (crlist[j] == "openssl=098") {
+ curcrypto="openssl";
+ withOpenSSL = 1;
+ withOpenSSLVersion = "098";
+ } else if (crlist[j] == "nss") {
+ curcrypto="nss";
+ withNss = 1;
+ } else if (crlist[j] == "mscrypto") {
+ curcrypto="mscrypto";
+ withMSCrypto = 1;
+ } else {
+ WScript.Echo("Unknown crypto engine \"" + crlist[j] + "\" is found. Aborting.");
+ WScript.Quit(error);
+ }
+ if (j == 0) {
+ withDefaultCrypto = curcrypto;
+ withCrypto = curcrypto;
+ } else {
+ withCrypto = withCrypto + " " + curcrypto;
+ }
+}
+
+// Discover the version.
+discoverVersion();
+if (error != 0) {
+ WScript.Echo("Version discovery failed, aborting.");
+ WScript.Quit(error);
+}
+WScript.Echo(baseName + " version: " + verMajorXmlSec + "." + verMinorXmlSec + "." + verMicroXmlSec);
+
+
+// Configure libxmlsec.
+configureXmlSec();
+if (error != 0) {
+ WScript.Echo("Configuration failed, aborting.");
+ WScript.Quit(error);
+}
+
+
+// Create the Makefile.
+var fso = new ActiveXObject("Scripting.FileSystemObject");
+fso.CopyFile(".\\Makefile.msvc", ".\\Makefile", true);
+WScript.Echo("Created Makefile.");
+
+// Display the final configuration.
+var txtOut = "\nXMLSEC configuration\n";
+txtOut += "----------------------------\n";
+txtOut += " Use Crypto: " + withCrypto + "\n";
+txtOut += " Use Default Crypto: " + withDefaultCrypto + "\n";
+txtOut += " Use OpenSSL: " + boolToStr(withOpenSSL) + "\n";
+txtOut += "Use OpenSSL Version: " + withOpenSSLVersion + "\n";
+txtOut += " Use NSS: " + boolToStr(withNss) + "\n";
+txtOut += " Use MSCrypto: " + boolToStr(withMSCrypto) + "\n";
+txtOut += " Use LibXSLT: " + boolToStr(withLibXSLT) + "\n";
+txtOut += " Use iconv: " + boolToStr(withIconv) + "\n";
+txtOut += " NT 4.0 support: " + boolToStr(withNT4) + "\n";
+txtOut += "\n";
+txtOut += "Win32 build configuration\n";
+txtOut += "-------------------------\n";
+txtOut += " Unicode: " + boolToStr(buildUnicode) + "\n";
+txtOut += " Debug symbols: " + boolToStr(buildDebug) + "\n";
+txtOut += " Static xmlsec: " + boolToStr(buildStatic) + "\n";
+txtOut += " Enable DL suport: " + boolToStr(buildWithDLSupport) + "\n";
+txtOut += " Install prefix: " + buildPrefix + "\n";
+txtOut += " Put tools in: " + buildBinPrefix + "\n";
+txtOut += " Put headers in: " + buildIncPrefix + "\n";
+txtOut += "Put static libs in: " + buildLibPrefix + "\n";
+txtOut += "Put shared libs in: " + buildSoPrefix + "\n";
+txtOut += " Include path: " + buildInclude + "\n";
+txtOut += " Lib path: " + buildLib + "\n";
+WScript.Echo(txtOut);
+
+// Done.
diff --git a/win32/libxmlsec.def.src b/win32/libxmlsec.def.src
new file mode 100644
index 00000000..ee500208
--- /dev/null
+++ b/win32/libxmlsec.def.src
@@ -0,0 +1,25 @@
+/* win32/libxmlsec.def.src
+ Pseudo-source used to create a .DEF file for proper dynamic linkage.
+
+ Assuming you use Microsoft's C compiler, you run a
+
+ cl /EP libxmlsec.def.src > libxmlsec.def
+
+ in order to get the right .DEF file. Basically, all you do is
+ preprocess this file using a C/C++ preprocessor and the right
+ .DEF file should come out.
+
+ Should you need a function which does not seem to be exported
+ from the libxmlsec.dll, its name is most certainly missing here.
+ Add the name of the offending function to this file and rebuild.
+
+ 21.03.2002, Igor Zlatkovic (igor@stud.fh-frankfurt.de)
+ Created
+ for LibXML and LibXSLT
+ April 2002, Aleksey Sanin <aleksey@aleksey.com>
+ Modified for XMLSec Libary
+*/
+
+LIBRARY libxmlsec
+EXPORTS
+
diff --git a/win32/mycfg.bat b/win32/mycfg.bat
new file mode 100644
index 00000000..9af468e3
--- /dev/null
+++ b/win32/mycfg.bat
@@ -0,0 +1,21 @@
+@echo on
+REM
+REM This is my personal configuration file.
+REM I am lazy to type all this crap again and again
+REM You are welcome to customize this file for your
+REM needs but do not check it into the CVS, please.
+REM
+REM Aleksey Sanin <aleksey@aleksey.com>
+REM
+
+SET PREFIX=C:\cygwin\home\local
+SET XMLSEC_INCLUDE=%PREFIX%\include;%PREFIX%\include\mozilla;%PREFIX%\include\mozilla\nspr;%PREFIX%\include\mozilla\nss;%MSSDK_INCLUDE%
+SET XMLSEC_LIB=%PREFIX%\lib;%MSSDK_LIB%
+SET XMLSEC_OPTIONS=static=no iconv=no debug=yes xslt=yes crypto=mscrypto,openssl unicode=yes
+
+del /F Makefile configure.txt
+cscript configure.js prefix=%PREFIX% %XMLSEC_OPTIONS% include=%XMLSEC_INCLUDE% lib=%XMLSEC_LIB%
+
+mkdir binaries
+copy %PREFIX%\bin\*.dll binaries
+copy %PREFIX%\lib\*.dll binaries
diff --git a/xmlsec-config.in b/xmlsec-config.in
new file mode 100644
index 00000000..cb46909b
--- /dev/null
+++ b/xmlsec-config.in
@@ -0,0 +1,243 @@
+#! /bin/sh
+
+prefix="@prefix@"
+package="@PACKAGE@"
+exec_prefix="@exec_prefix@"
+exec_prefix_set=no
+package_libdir="@libdir@"
+
+usage()
+{
+ cat <<EOF
+Usage: $package-config [OPTION]...
+
+Known values for OPTION are:
+
+ --prefix=DIR change XMLSEC prefix
+ --exec-prefix=DIR change XMLSEC executable prefix
+ --libs print library linking information
+ --cflags print pre-processor and compiler flags
+ --crypto print the default crypto library name
+ --help display this help and exit
+ --version output version information
+ --crypto=LIB configure with XMLSEC crypto library (one of the
+ following: none default openssl nss gnutls gcrypt)
+EOF
+
+ exit $1
+}
+
+
+#
+# first parse command line aruments
+#
+if [ $# -eq 0 ]
+then
+ usage 1 1>&2
+fi
+
+cflags=false
+libs=false
+if [ "z@XMLSEC_NO_CRYPTO_DYNAMIC_LOADING@" = "z1" ] ;
+then
+ crypto="default"
+else
+ crypto="none"
+fi
+
+while [ $# -gt 0 ]
+do
+ case "$1" in
+ -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
+ *) optarg= ;;
+ esac
+
+ case "$1" in
+ --crypto=*)
+ crypto=$optarg
+ ;;
+
+ --prefix=*)
+ prefix=$optarg
+ if [ $exec_prefix_set = no ]
+ then
+ exec_prefix=$optarg
+ fi
+ ;;
+
+ --prefix)
+ echo $prefix
+ ;;
+
+ --exec-prefix=*)
+ exec_prefix=$optarg
+ exec_prefix_set=yes
+ ;;
+
+ --exec-prefix)
+ echo $exec_prefix
+ ;;
+
+ --version)
+ echo @VERSION@
+ exit 0
+ ;;
+
+ --crypto)
+ echo @XMLSEC_CRYPTO@
+ exit 0
+ ;;
+
+ --help)
+ usage 0
+ ;;
+
+ --cflags)
+ cflags=true
+ ;;
+
+ --libs)
+ libs=true
+ ;;
+
+ *)
+ usage 1
+ ;;
+ esac
+ shift
+done
+
+#
+# Get LibXML2 settings
+#
+the_xml_flags="`@LIBXML_CONFIG@ --cflags`"
+the_xml_libs="`@LIBXML_CONFIG@ --libs`"
+
+#
+# Get LibXSLT settings
+#
+the_xslt_flags=""
+the_xslt_libs=""
+if test "@XMLSEC_NO_LIBXSLT@" = "0"; then
+ the_xslt_flags="`@LIBXSLT_CONFIG@ --cflags`"
+ the_xslt_libs="`@LIBXSLT_CONFIG@ --libs`"
+fi
+
+#
+# Get crypto library settings
+#
+the_crypto_flags=""
+the_crypto_libs=""
+the_xmlsec_crypto_lib=""
+case "$crypto" in
+none)
+ # no crypto, just the core xmlsec engine (useful when more
+ # than one crypto engine i sused by application)
+ if [ "z@XMLSEC_NO_CRYPTO_DYNAMIC_LOADING@" != "z1" ] ;
+ then
+ the_crypto_flags="-DXMLSEC_CRYPTO_DYNAMIC_LOADING=1 -DXMLSEC_CRYPTO=\\\"@XMLSEC_CRYPTO@\\\""
+ fi
+ ;;
+
+default)
+ the_crypto_flags="@XMLSEC_CRYPTO_CFLAGS@ -DXMLSEC_CRYPTO=\\\"@XMLSEC_CRYPTO@\\\""
+ the_crypto_libs="@XMLSEC_CRYPTO_LIBS@"
+ the_xmlsec_crypto_lib="-l@XMLSEC_CRYPTO_LIB@"
+ ;;
+
+openssl)
+ if test "@XMLSEC_NO_OPENSSL@" = "0"; then
+ the_crypto_flags="@OPENSSL_CFLAGS@ -DXMLSEC_CRYPTO=\\\"openssl\\\""
+ the_crypto_libs="@OPENSSL_LIBS@"
+ the_xmlsec_crypto_lib="-l@OPENSSL_CRYPTO_LIB@"
+ else
+ echo "Error: the \"$crypto\" cryptographic library is not supported"
+ usage 1
+ fi
+ ;;
+
+gnutls)
+ if test "@XMLSEC_NO_GNUTLS@" = "0"; then
+ the_crypto_flags="@GNUTLS_CFLAGS@ -DXMLSEC_CRYPTO=\\\"gnutls\\\""
+ the_crypto_libs="@GNUTLS_LIBS@"
+ the_xmlsec_crypto_lib="-l@GNUTLS_CRYPTO_LIB@"
+ else
+ echo "Error: the \"$crypto\" cryptographic library is not supported"
+ usage 1
+ fi
+ ;;
+
+gcrypt)
+ if test "@XMLSEC_NO_GCRYPT@" = "0"; then
+ the_crypto_flags="@GCRYPT_CFLAGS@ -DXMLSEC_CRYPTO=\\\"gcrypt\\\""
+ the_crypto_libs="@GCRYPT_LIBS@"
+ the_xmlsec_crypto_lib="-l@GCRYPT_CRYPTO_LIB@"
+ else
+ echo "Error: the \"$crypto\" cryptographic library is not supported"
+ usage 1
+ fi
+ ;;
+
+nss)
+ if test "@XMLSEC_NO_NSS@" = "0"; then
+ the_crypto_flags="@NSS_CFLAGS@ -DXMLSEC_CRYPTO=\\\"nss\\\""
+ the_crypto_libs="@NSS_LIBS@"
+ the_xmlsec_crypto_lib="-l@NSS_CRYPTO_LIB@"
+ else
+ echo "Error: the \"$crypto\" cryptographic library is not supported"
+ usage 1
+ fi
+ ;;
+
+*)
+ echo "Error: the \"$crypto\" cryptographic library is not supported"
+ usage 1
+ ;;
+
+esac
+
+#
+# Assemble all the settings together
+#
+the_flags="$the_flags @XMLSEC_CORE_CFLAGS@ $the_xml_flags $the_xslt_flags $the_crypto_flags"
+the_libs="$the_libs -L${package_libdir} @XMLSEC_CORE_LIBS@ $the_xmlsec_crypto_lib -lxmlsec1 $the_xml_libs $the_xslt_libs $the_crypto_libs"
+
+if $cflags; then
+ all_flags="$the_flags"
+fi
+
+if $libs; then
+ all_flags="$all_flags $services $the_libs"
+fi
+
+if test -z "$all_flags" || test "x$all_flags" = "x "; then
+ exit 1
+fi
+
+# Straight out any possible duplicates, but be careful to
+# get `-lfoo -lbar -lbaz' for `-lfoo -lbaz -lbar -lbaz'
+other_flags=
+rev_libs=
+for i in $all_flags; do
+ case "$i" in
+ # a library, save it for later, in reverse order
+ -l*) rev_libs="$i $rev_libs" ;;
+ *)
+ case " $other_flags " in
+ *\ $i\ *) ;; # already there
+ *) other_flags="$other_flags $i" ;; # add it to output
+ esac ;;
+ esac
+done
+
+ord_libs=
+for i in $rev_libs; do
+ case " $ord_libs " in
+ *\ $i\ *) ;; # already there
+ *) ord_libs="$i $ord_libs" ;; # add it to output in reverse order
+ esac
+done
+
+echo $other_flags $ord_libs
+
+exit 0
diff --git a/xmlsec-gcrypt.pc.in b/xmlsec-gcrypt.pc.in
new file mode 100644
index 00000000..1c00496c
--- /dev/null
+++ b/xmlsec-gcrypt.pc.in
@@ -0,0 +1,11 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: xmlsec1-gcrypt
+Version: @VERSION@
+Description: XML Security Library implements XML Signature and XML Encryption standards
+Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ libxslt >= @LIBXSLT_MIN_VERSION@
+Cflags: -DXMLSEC_CRYPTO=\"gcrypt\" @XMLSEC_GCRYPT_CFLAGS@
+Libs: @XMLSEC_GCRYPT_LIBS@
diff --git a/xmlsec-gnutls.pc.in b/xmlsec-gnutls.pc.in
new file mode 100644
index 00000000..e538cd43
--- /dev/null
+++ b/xmlsec-gnutls.pc.in
@@ -0,0 +1,11 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: xmlsec1-gnutls
+Version: @VERSION@
+Description: XML Security Library implements XML Signature and XML Encryption standards
+Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ libxslt >= @LIBXSLT_MIN_VERSION@
+Cflags: -DXMLSEC_CRYPTO=\"gnutls\" @XMLSEC_GNUTLS_CFLAGS@
+Libs: @XMLSEC_GNUTLS_LIBS@
diff --git a/xmlsec-nss.pc.in b/xmlsec-nss.pc.in
new file mode 100644
index 00000000..a6d6c5c8
--- /dev/null
+++ b/xmlsec-nss.pc.in
@@ -0,0 +1,11 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: xmlsec1-nss
+Version: @VERSION@
+Description: XML Security Library implements XML Signature and XML Encryption standards
+Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ libxslt >= @LIBXSLT_MIN_VERSION@ @NSPR_PACKAGE@ >= @MOZILLA_MIN_VERSION@ @NSS_PACKAGE@ >= @MOZILLA_MIN_VERSION@
+Cflags: -DXMLSEC_CRYPTO=\"nss\" -DXMLSEC_CRYPTO_NSS=1 @XMLSEC_CORE_CFLAGS@
+Libs: -L${libdir} -lxmlsec1-nss @XMLSEC_CORE_LIBS@
diff --git a/xmlsec-openssl.pc.in b/xmlsec-openssl.pc.in
new file mode 100644
index 00000000..85ee2b09
--- /dev/null
+++ b/xmlsec-openssl.pc.in
@@ -0,0 +1,11 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: xmlsec1-openssl
+Version: @VERSION@
+Description: XML Security Library implements XML Signature and XML Encryption standards
+Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ libxslt >= @LIBXSLT_MIN_VERSION@
+Cflags: -DXMLSEC_CRYPTO=\"openssl\" @XMLSEC_OPENSSL_CFLAGS@
+Libs: @XMLSEC_OPENSSL_LIBS@
diff --git a/xmlsec.pc.in b/xmlsec.pc.in
new file mode 100644
index 00000000..a750ab83
--- /dev/null
+++ b/xmlsec.pc.in
@@ -0,0 +1,11 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: xmlsec1
+Version: @VERSION@
+Description: XML Security Library implements XML Signature and XML Encryption standards
+Requires: libxml-2.0 >= @LIBXML_MIN_VERSION@ libxslt >= @LIBXSLT_MIN_VERSION@
+Cflags: -DXMLSEC_CRYPTO=\"@XMLSEC_CRYPTO@\" -DXMLSEC_CRYPTO_DYNAMIC_LOADING=1 @XMLSEC_CORE_CFLAGS@
+Libs: -L${libdir} @XMLSEC_CORE_LIBS@
diff --git a/xmlsec.spec.in b/xmlsec.spec.in
new file mode 100644
index 00000000..102555a9
--- /dev/null
+++ b/xmlsec.spec.in
@@ -0,0 +1,185 @@
+Summary: Library providing support for "XML Signature" and "XML Encryption" standards
+Name: @PACKAGE@
+Version: @VERSION@
+Release: 1
+License: MIT
+Group: Development/Libraries
+Vendor: Aleksey Sanin <aleksey@aleksey.com>
+Distribution: Aleksey Sanin <aleksey@aleksey.com>
+Packager: Aleksey Sanin <aleksey@aleksey.com>
+Source: ftp://ftp.aleksey.com/pub/xmlsec/releases/@PACKAGE@-%{version}.tar.gz
+BuildRoot: %{_tmppath}/@PACKAGE@-%{version}-root
+URL: http://www.aleksey.com/xmlsec
+Requires: libxml2 >= @LIBXML_MIN_VERSION@
+Requires: libxslt >= @LIBXSLT_MIN_VERSION@
+Requires: ltdl
+BuildRequires: libxml2-devel >= @LIBXML_MIN_VERSION@
+BuildRequires: libxslt-devel >= @LIBXSLT_MIN_VERSION@
+Prefix: %{_prefix}
+Docdir: %{_docdir}
+
+%define _unpackaged_files_terminate_build 0
+%define _missing_doc_files_terminate_build 0
+
+%description
+XML Security Library is a C library based on LibXML2 and OpenSSL.
+The library was created with a goal to support major XML security
+standards "XML Digital Signature" and "XML Encryption".
+
+%package devel
+Summary: Libraries, includes, etc. to develop applications with XML Digital Signatures and XML Encryption support.
+Group: Development/Libraries
+Requires: xmlsec1 = %{version}
+Requires: libxml2-devel >= @LIBXML_MIN_VERSION@
+Requires: libxslt-devel >= @LIBXSLT_MIN_VERSION@
+Requires: openssl-devel >= @OPENSSL_MIN_VERSION@
+Requires: zlib-devel
+
+%description devel
+Libraries, includes, etc. you can use to develop applications with XML Digital
+Signatures and XML Encryption support.
+
+%package openssl
+Summary: OpenSSL crypto plugin for XML Security Library
+Group: Development/Libraries
+Requires: xmlsec1 = %{version}
+Requires: libxml2 >= @LIBXML_MIN_VERSION@
+Requires: libxslt >= @LIBXSLT_MIN_VERSION@
+Requires: openssl >= @OPENSSL_MIN_VERSION@
+BuildRequires: openssl-devel >= @OPENSSL_MIN_VERSION@
+
+%description openssl
+OpenSSL plugin for XML Security Library provides OpenSSL based crypto services
+for the xmlsec library
+
+%package openssl-devel
+Summary: OpenSSL crypto plugin for XML Security Library
+Group: Development/Libraries
+Requires: xmlsec1 = %{version}
+Requires: xmlsec1-devel = %{version}
+Requires: xmlsec1-openssl = %{version}
+Requires: libxml2-devel >= @LIBXML_MIN_VERSION@
+Requires: libxslt-devel >= @LIBXSLT_MIN_VERSION@
+Requires: openssl >= @OPENSSL_MIN_VERSION@
+Requires: openssl-devel >= @OPENSSL_MIN_VERSION@
+
+%description openssl-devel
+Libraries, includes, etc. for developing XML Security applications with OpenSSL
+
+%package nss
+Summary: NSS crypto plugin for XML Security Library
+Group: Development/Libraries
+Requires: xmlsec1 = %{version}
+Requires: libxml2 >= @LIBXML_MIN_VERSION@
+Requires: libxslt >= @LIBXSLT_MIN_VERSION@
+Requires: mozilla-nss >= @MOZILLA_MIN_VERSION@
+BuildRequires: mozilla-nss-devel >= @MOZILLA_MIN_VERSION@
+
+%description nss
+NSS plugin for XML Security Library provides NSS based crypto services
+for the xmlsec library
+
+%package nss-devel
+Summary: NSS crypto plugin for XML Security Library
+Group: Development/Libraries
+Requires: xmlsec1 = %{version}
+Requires: xmlsec1-devel = %{version}
+Requires: xmlsec1-nss = %{version}
+Requires: libxml2-devel >= @LIBXML_MIN_VERSION@
+Requires: libxslt-devel >= @LIBXSLT_MIN_VERSION@
+Requires: mozilla-nss-devel >= @MOZILLA_MIN_VERSION@
+
+%description nss-devel
+Libraries, includes, etc. for developing XML Security applications with NSS
+
+%prep
+%setup -q
+
+%build
+# Needed for snapshot releases.
+if [ ! -f configure ]; then
+%ifarch alpha
+ CFLAGS="$RPM_OPT_FLAGS" ./autogen.sh --host=alpha-redhat-linux --prefix=%prefix --sysconfdir="/etc" --mandir=%{_mandir}
+%else
+ CFLAGS="$RPM_OPT_FLAGS" ./autogen.sh --prefix=%prefix --sysconfdir="/etc" --mandir=%{_mandir}
+%endif
+else
+%ifarch alpha
+ CFLAGS="$RPM_OPT_FLAGS" ./configure --host=alpha-redhat-linux --prefix=%prefix --sysconfdir="/etc" --mandir=%{_mandir}
+%else
+ CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=%prefix --sysconfdir="/etc" --mandir=%{_mandir}
+%endif
+fi
+if [ "$SMP" != "" ]; then
+ (make "MAKE=make -k -j $SMP"; exit 0)
+ make
+else
+ make
+fi
+
+%install
+rm -rf $RPM_BUILD_ROOT
+mkdir -p $RPM_BUILD_ROOT/usr/bin
+mkdir -p $RPM_BUILD_ROOT/usr/include/@PACKAGE@
+mkdir -p $RPM_BUILD_ROOT/usr/lib
+mkdir -p $RPM_BUILD_ROOT/usr/man/man1
+make prefix=$RPM_BUILD_ROOT%{prefix} mandir=$RPM_BUILD_ROOT%{_mandir} install
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%post -p /sbin/ldconfig
+
+%postun -p /sbin/ldconfig
+
+%files
+%defattr(-, root, root)
+
+%doc AUTHORS ChangeLog NEWS README Copyright
+%doc %{_mandir}/man1/xmlsec1.1*
+
+%{prefix}/lib/libxmlsec1.so.*
+%{prefix}/lib/libxmlsec1.so
+%{prefix}/bin/xmlsec1
+
+%files devel
+%defattr(-, root, root)
+
+%{prefix}/bin/xmlsec1-config
+%{prefix}/include/xmlsec1/xmlsec/*.h
+%{prefix}/include/xmlsec1/xmlsec/private/*.h
+%{prefix}/lib/libxmlsec1.*a
+%{prefix}/lib/pkgconfig/xmlsec1.pc
+%{prefix}/lib/xmlsec1Conf.sh
+%{prefix}/share/doc/xmlsec1/*
+%{prefix}/share/aclocal/xmlsec1.m4
+%doc AUTHORS HACKING ChangeLog NEWS README Copyright
+%doc %{_mandir}/man1/xmlsec1-config.1*
+
+%files openssl
+%defattr(-, root, root)
+
+%{prefix}/lib/libxmlsec1-openssl.so.*
+%{prefix}/lib/libxmlsec1-openssl.so
+
+%files openssl-devel
+%defattr(-, root, root)
+
+%{prefix}/include/xmlsec1/xmlsec/openssl/*.h
+%{prefix}/lib/libxmlsec1-openssl.*a
+%{prefix}/lib/pkgconfig/xmlsec1-openssl.pc
+
+%files nss
+%defattr(-, root, root)
+
+%{prefix}/lib/libxmlsec1-nss.so.*
+%{prefix}/lib/libxmlsec1-nss.so
+
+%files nss-devel
+%defattr(-, root, root)
+
+%{prefix}/include/xmlsec1/xmlsec/nss/*.h
+%{prefix}/lib/libxmlsec1-nss.*a
+%{prefix}/lib/pkgconfig/xmlsec1-nss.pc
+
+%changelog
diff --git a/xmlsec1-config b/xmlsec1-config
new file mode 100644
index 00000000..ed59ce8c
--- /dev/null
+++ b/xmlsec1-config
@@ -0,0 +1,243 @@
+#! /bin/sh
+
+prefix="/usr"
+package="xmlsec1"
+exec_prefix="${prefix}"
+exec_prefix_set=no
+package_libdir="${exec_prefix}/lib"
+
+usage()
+{
+ cat <<EOF
+Usage: $package-config [OPTION]...
+
+Known values for OPTION are:
+
+ --prefix=DIR change XMLSEC prefix
+ --exec-prefix=DIR change XMLSEC executable prefix
+ --libs print library linking information
+ --cflags print pre-processor and compiler flags
+ --crypto print the default crypto library name
+ --help display this help and exit
+ --version output version information
+ --crypto=LIB configure with XMLSEC crypto library (one of the
+ following: none default openssl nss gnutls gcrypt)
+EOF
+
+ exit $1
+}
+
+
+#
+# first parse command line aruments
+#
+if [ $# -eq 0 ]
+then
+ usage 1 1>&2
+fi
+
+cflags=false
+libs=false
+if [ "z0" = "z1" ] ;
+then
+ crypto="default"
+else
+ crypto="none"
+fi
+
+while [ $# -gt 0 ]
+do
+ case "$1" in
+ -*=*) optarg=`echo "$1" | sed 's/[-_a-zA-Z0-9]*=//'` ;;
+ *) optarg= ;;
+ esac
+
+ case "$1" in
+ --crypto=*)
+ crypto=$optarg
+ ;;
+
+ --prefix=*)
+ prefix=$optarg
+ if [ $exec_prefix_set = no ]
+ then
+ exec_prefix=$optarg
+ fi
+ ;;
+
+ --prefix)
+ echo $prefix
+ ;;
+
+ --exec-prefix=*)
+ exec_prefix=$optarg
+ exec_prefix_set=yes
+ ;;
+
+ --exec-prefix)
+ echo $exec_prefix
+ ;;
+
+ --version)
+ echo 1.2.18
+ exit 0
+ ;;
+
+ --crypto)
+ echo openssl
+ exit 0
+ ;;
+
+ --help)
+ usage 0
+ ;;
+
+ --cflags)
+ cflags=true
+ ;;
+
+ --libs)
+ libs=true
+ ;;
+
+ *)
+ usage 1
+ ;;
+ esac
+ shift
+done
+
+#
+# Get LibXML2 settings
+#
+the_xml_flags="`xml2-config --cflags`"
+the_xml_libs="`xml2-config --libs`"
+
+#
+# Get LibXSLT settings
+#
+the_xslt_flags=""
+the_xslt_libs=""
+if test "0" = "0"; then
+ the_xslt_flags="`xslt-config --cflags`"
+ the_xslt_libs="`xslt-config --libs`"
+fi
+
+#
+# Get crypto library settings
+#
+the_crypto_flags=""
+the_crypto_libs=""
+the_xmlsec_crypto_lib=""
+case "$crypto" in
+none)
+ # no crypto, just the core xmlsec engine (useful when more
+ # than one crypto engine i sused by application)
+ if [ "z0" != "z1" ] ;
+ then
+ the_crypto_flags="-DXMLSEC_CRYPTO_DYNAMIC_LOADING=1 -DXMLSEC_CRYPTO=\\\"openssl\\\""
+ fi
+ ;;
+
+default)
+ the_crypto_flags=" -DXMLSEC_OPENSSL_098=1 -DXMLSEC_CRYPTO_OPENSSL=1 -DXMLSEC_CRYPTO=\\\"openssl\\\""
+ the_crypto_libs="-lssl -lcrypto "
+ the_xmlsec_crypto_lib="-lxmlsec1-openssl"
+ ;;
+
+openssl)
+ if test "0" = "0"; then
+ the_crypto_flags=" -DXMLSEC_OPENSSL_098=1 -DXMLSEC_CRYPTO_OPENSSL=1 -DXMLSEC_CRYPTO=\\\"openssl\\\""
+ the_crypto_libs="-lssl -lcrypto "
+ the_xmlsec_crypto_lib="-lxmlsec1-openssl"
+ else
+ echo "Error: the \"$crypto\" cryptographic library is not supported"
+ usage 1
+ fi
+ ;;
+
+gnutls)
+ if test "0" = "0"; then
+ the_crypto_flags=" -DXMLSEC_CRYPTO_GNUTLS=1 -DXMLSEC_CRYPTO=\\\"gnutls\\\""
+ the_crypto_libs="-lgnutls "
+ the_xmlsec_crypto_lib="-lxmlsec1-gnutls"
+ else
+ echo "Error: the \"$crypto\" cryptographic library is not supported"
+ usage 1
+ fi
+ ;;
+
+gcrypt)
+ if test "0" = "0"; then
+ the_crypto_flags=" -DXMLSEC_CRYPTO_GCRYPT=1 -DXMLSEC_CRYPTO=\\\"gcrypt\\\""
+ the_crypto_libs=" -lgcrypt"
+ the_xmlsec_crypto_lib="-lxmlsec1-gcrypt"
+ else
+ echo "Error: the \"$crypto\" cryptographic library is not supported"
+ usage 1
+ fi
+ ;;
+
+nss)
+ if test "0" = "0"; then
+ the_crypto_flags="-I/usr/include/nspr -I/usr/include/nss -DXMLSEC_CRYPTO_NSS=1 -DXMLSEC_CRYPTO=\\\"nss\\\""
+ the_crypto_libs="-lnss3 -lnssutil3 -lsmime3 -lssl3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl "
+ the_xmlsec_crypto_lib="-lxmlsec1-nss"
+ else
+ echo "Error: the \"$crypto\" cryptographic library is not supported"
+ usage 1
+ fi
+ ;;
+
+*)
+ echo "Error: the \"$crypto\" cryptographic library is not supported"
+ usage 1
+ ;;
+
+esac
+
+#
+# Assemble all the settings together
+#
+the_flags="$the_flags -D__XMLSEC_FUNCTION__=__FUNCTION__ -DXMLSEC_NO_GOST=1 -DXMLSEC_NO_XKMS=1 -DXMLSEC_DL_LIBLTDL=1, -I${prefix}/include/xmlsec1 $the_xml_flags $the_xslt_flags $the_crypto_flags"
+the_libs="$the_libs -L${package_libdir} -lxmlsec1 -lltdl $the_xmlsec_crypto_lib -lxmlsec1 $the_xml_libs $the_xslt_libs $the_crypto_libs"
+
+if $cflags; then
+ all_flags="$the_flags"
+fi
+
+if $libs; then
+ all_flags="$all_flags $services $the_libs"
+fi
+
+if test -z "$all_flags" || test "x$all_flags" = "x "; then
+ exit 1
+fi
+
+# Straight out any possible duplicates, but be careful to
+# get `-lfoo -lbar -lbaz' for `-lfoo -lbaz -lbar -lbaz'
+other_flags=
+rev_libs=
+for i in $all_flags; do
+ case "$i" in
+ # a library, save it for later, in reverse order
+ -l*) rev_libs="$i $rev_libs" ;;
+ *)
+ case " $other_flags " in
+ *\ $i\ *) ;; # already there
+ *) other_flags="$other_flags $i" ;; # add it to output
+ esac ;;
+ esac
+done
+
+ord_libs=
+for i in $rev_libs; do
+ case " $ord_libs " in
+ *\ $i\ *) ;; # already there
+ *) ord_libs="$i $ord_libs" ;; # add it to output in reverse order
+ esac
+done
+
+echo $other_flags $ord_libs
+
+exit 0
diff --git a/xmlsec1-gcrypt.pc b/xmlsec1-gcrypt.pc
new file mode 100644
index 00000000..825d74d0
--- /dev/null
+++ b/xmlsec1-gcrypt.pc
@@ -0,0 +1,11 @@
+prefix=/usr
+exec_prefix=${prefix}
+libdir=${exec_prefix}/lib
+includedir=${prefix}/include
+
+Name: xmlsec1-gcrypt
+Version: 1.2.18
+Description: XML Security Library implements XML Signature and XML Encryption standards
+Requires: libxml-2.0 >= 2.7.4 libxslt >= 1.0.20
+Cflags: -DXMLSEC_CRYPTO=\"gcrypt\" -D__XMLSEC_FUNCTION__=__FUNCTION__ -DXMLSEC_NO_GOST=1 -DXMLSEC_NO_XKMS=1 -DXMLSEC_DL_LIBLTDL=1, -I${prefix}/include/xmlsec1 -DXMLSEC_CRYPTO_GCRYPT=1
+Libs: -L${exec_prefix}/lib -lxmlsec1-gcrypt -lxmlsec1 -lltdl -lgcrypt
diff --git a/xmlsec1-gnutls.pc b/xmlsec1-gnutls.pc
new file mode 100644
index 00000000..95fc344f
--- /dev/null
+++ b/xmlsec1-gnutls.pc
@@ -0,0 +1,11 @@
+prefix=/usr
+exec_prefix=${prefix}
+libdir=${exec_prefix}/lib
+includedir=${prefix}/include
+
+Name: xmlsec1-gnutls
+Version: 1.2.18
+Description: XML Security Library implements XML Signature and XML Encryption standards
+Requires: libxml-2.0 >= 2.7.4 libxslt >= 1.0.20
+Cflags: -DXMLSEC_CRYPTO=\"gnutls\" -D__XMLSEC_FUNCTION__=__FUNCTION__ -DXMLSEC_NO_GOST=1 -DXMLSEC_NO_XKMS=1 -DXMLSEC_DL_LIBLTDL=1, -I${prefix}/include/xmlsec1 -DXMLSEC_CRYPTO_GNUTLS=1
+Libs: -L${exec_prefix}/lib -lxmlsec1-gnutls -lxmlsec1-gcrypt -lxmlsec1 -lltdl -lgnutls
diff --git a/xmlsec1-nss.pc b/xmlsec1-nss.pc
new file mode 100644
index 00000000..71a0bad1
--- /dev/null
+++ b/xmlsec1-nss.pc
@@ -0,0 +1,11 @@
+prefix=/usr
+exec_prefix=${prefix}
+libdir=${exec_prefix}/lib
+includedir=${prefix}/include
+
+Name: xmlsec1-nss
+Version: 1.2.18
+Description: XML Security Library implements XML Signature and XML Encryption standards
+Requires: libxml-2.0 >= 2.7.4 libxslt >= 1.0.20 xulrunner-nspr >= 1.4 xulrunner-nss >= 1.4
+Cflags: -DXMLSEC_CRYPTO=\"nss\" -DXMLSEC_CRYPTO_NSS=1 -D__XMLSEC_FUNCTION__=__FUNCTION__ -DXMLSEC_NO_GOST=1 -DXMLSEC_NO_XKMS=1 -DXMLSEC_DL_LIBLTDL=1, -I${prefix}/include/xmlsec1
+Libs: -L${libdir} -lxmlsec1-nss -lxmlsec1 -lltdl
diff --git a/xmlsec1-openssl.pc b/xmlsec1-openssl.pc
new file mode 100644
index 00000000..5325bd00
--- /dev/null
+++ b/xmlsec1-openssl.pc
@@ -0,0 +1,11 @@
+prefix=/usr
+exec_prefix=${prefix}
+libdir=${exec_prefix}/lib
+includedir=${prefix}/include
+
+Name: xmlsec1-openssl
+Version: 1.2.18
+Description: XML Security Library implements XML Signature and XML Encryption standards
+Requires: libxml-2.0 >= 2.7.4 libxslt >= 1.0.20
+Cflags: -DXMLSEC_CRYPTO=\"openssl\" -D__XMLSEC_FUNCTION__=__FUNCTION__ -DXMLSEC_NO_GOST=1 -DXMLSEC_NO_XKMS=1 -DXMLSEC_DL_LIBLTDL=1, -I${prefix}/include/xmlsec1 -DXMLSEC_OPENSSL_098=1 -DXMLSEC_CRYPTO_OPENSSL=1
+Libs: -L${exec_prefix}/lib -lxmlsec1-openssl -lxmlsec1 -lltdl -lssl -lcrypto
diff --git a/xmlsec1.m4 b/xmlsec1.m4
new file mode 100644
index 00000000..363c723d
--- /dev/null
+++ b/xmlsec1.m4
@@ -0,0 +1,172 @@
+#
+# Configure paths for xmlsec1
+# H. Ronsdorf 2006-02-03
+# Adapted from:
+#
+dnl AM_PATH_XMLSEC1([MINIMUM-VERSION, [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND]]])
+dnl Test for libxmlsec1, and define XMLSEC1_CFLAGS and XMLSEC1_LIBS
+dnl
+AC_DEFUN([AM_PATH_XMLSEC1],[
+
+ AC_ARG_WITH(xmlsec1-prefix,
+ AC_HELP_STRING(
+ [--with-xmlsec1-prefix=PFX],
+ [Prefix where libxmlsec1 is installed (optional)]
+ ),
+ xmlsec1_config_prefix="$withval", xmlsec1_config_prefix=""
+ )
+
+ AC_ARG_WITH(xmlsec1-exec-prefix,
+ AC_HELP_STRING(
+ [--with-xmlsec1-exec-prefix=PFX],
+ [Exec prefix where libxmlsec1 is installed (optional)]
+ ),
+ xmlsec1_config_exec_prefix="$withval", xmlsec1_config_exec_prefix=""
+ )
+
+ AC_ARG_ENABLE(xmlsec1test,
+ AC_HELP_STRING(
+ [--disable-xmlsec1test],
+ [Do not try to compile and run a test cSOAP program]
+ ),,
+ enable_xmlsec1test=yes
+ )
+
+ if test x$xmlsec1_config_exec_prefix != x ; then
+ xmlsec1_config_args="$xmlsec1_config_args --exec-prefix=$xmlsec1_config_exec_prefix"
+ if test x${XMLSEC1_CONFIG+set} != xset ; then
+ XMLSEC1_CONFIG=$xmlsec1_config_exec_prefix/bin/xmlsec1-config
+ fi
+ fi
+ if test x$xmlsec1_config_prefix != x ; then
+ xmlsec1_config_args="$xmlsec1_config_args --prefix=$xmlsec1_config_prefix"
+ if test x${XMLSEC1_CONFIG+set} != xset ; then
+ XMLSEC1_CONFIG=$xmlsec1_config_prefix/bin/xmlsec1-config
+ fi
+ fi
+
+
+ AC_PATH_PROG(XMLSEC1_CONFIG, xmlsec1-config, no)
+ min_xmlsec1_version=ifelse([$1], ,1.0.0,[$1])
+ AC_MSG_CHECKING(for libxmlsec1 - version >= $min_xmlsec1_version)
+ no_xmlsec1=""
+ if test "$XMLSEC1_CONFIG" = "no" ; then
+ no_xmlsec1=yes
+ else
+ XMLSEC1_CFLAGS=`$XMLSEC1_CONFIG $xmlsec1_config_args --cflags`
+ XMLSEC1_LIBS=`$XMLSEC1_CONFIG $xmlsec1_config_args --libs`
+ xmlsec1_config_major_version=`$XMLSEC1_CONFIG $xmlsec1_config_args --version | \
+ sed 's/\([[0-9]]*\).\([[0-9]]*\).\([[0-9]]*\)/\1/'`
+ xmlsec1_config_minor_version=`$XMLSEC1_CONFIG $xmlsec1_config_args --version | \
+ sed 's/\([[0-9]]*\).\([[0-9]]*\).\([[0-9]]*\)/\2/'`
+ xmlsec1_config_micro_version=`$XMLSEC1_CONFIG $xmlsec1_config_args --version | \
+ sed 's/\([[0-9]]*\).\([[0-9]]*\).\([[0-9]]*\)/\3/'`
+ if test "x$enable_xmlsec1test" = "xyes" ; then
+ ac_save_CFLAGS="$CFLAGS"
+ ac_save_LIBS="$LIBS"
+ CFLAGS="$CFLAGS $XMLSEC1_CFLAGS"
+ LIBS="$XMLSEC1_LIBS $LIBS"
+dnl
+dnl Now check if the installed libxmlsec1 is sufficiently new.
+dnl (Also sanity checks the results of xmlsec1-config to some extent)
+dnl
+ rm -f conf.xmlsec1test
+ AC_TRY_RUN([
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <libxml/tree.h>
+#include <xmlsec/xmlsec.h>
+
+int main(int argc, char **argv) {
+
+ int major, minor, micro;
+ char *tmp_version;
+
+ system("touch conf.xmlsec1test");
+
+ /* Capture xmlsec1-config output via autoconf/configure variables */
+ /* HP/UX 9 (%@#!) writes to sscanf strings */
+ tmp_version = (char *)strdup("$min_xmlsec1_version");
+ if (sscanf(tmp_version, "%d.%d.%d", &major, &minor, &micro) != 3) {
+
+ printf("%s, bad version string from xmlsec1-config\n", "$min_xmlsec1_version");
+ exit(1);
+ }
+ free(tmp_version);
+
+ /* Test that the library is greater than our minimum version */
+ if (($xmlsec1_config_major_version < major) ||
+ (($xmlsec1_config_major_version == major) && ($xmlsec1_config_minor_version < minor)) ||
+ (($xmlsec1_config_major_version == major) && ($xmlsec1_config_minor_version == minor) && ($xmlsec1_config_micro_version < micro))) {
+
+ printf("\n*** An old version of libxmlsec1 (%d.%d.%d) was found.\n", $xmlsec1_config_major_version, $xmlsec1_config_minor_version, $xmlsec1_config_micro_version);
+ printf("*** You need a version of libxmlsec1 newer than %d.%d.%d. The latest version of\n", major, minor, micro);
+ printf("*** libxmlsec1 is always available from http://xmlsec1.sf.net.\n\n");
+ printf("*** If you have already installed a sufficiently new version, this error\n");
+ printf("*** probably means that the wrong copy of the xmlsec1-config shell script is\n");
+ printf("*** being found. The easiest way to fix this is to remove the old version\n");
+ printf("*** of libxmlsec1, but you can also set the XMLSEC1_CONFIG environment to point to the\n");
+ printf("*** correct copy of xmlsec1-config. (In this case, you will have to\n");
+ printf("*** modify your LD_LIBRARY_PATH environment variable, or edit /etc/ld.so.conf\n");
+ printf("*** so that the correct libraries are found at run-time))\n");
+ return 1;
+ }
+ else {
+
+ return 0;
+ }
+}
+],, no_xmlsec1=yes,[echo $ac_n "cross compiling; assumed OK... $ac_c"])
+ CFLAGS="$ac_save_CFLAGS"
+ LIBS="$ac_save_LIBS"
+ fi
+ fi
+
+ if test "x$no_xmlsec1" = x ; then
+ AC_MSG_RESULT(yes (version $xmlsec1_config_major_version.$xmlsec1_config_minor_version.$xmlsec1_config_micro_version))
+ ifelse([$2], , :, [$2])
+ else
+ AC_MSG_RESULT(no)
+ if test "$XMLSEC1_CONFIG" = "no" ; then
+ echo "*** The xmlsec1-config script installed by LIBXMLSEC1 could not be found"
+ echo "*** If libxmlsec1 was installed in PREFIX, make sure PREFIX/bin is in"
+ echo "*** your path, or set the XMLSEC1_CONFIG environment variable to the"
+ echo "*** full path to xmlsec1-config."
+ else
+ if test -f conf.xmlsec1test ; then
+ :
+ else
+ echo "*** Could not run libxmlsec1 test program, checking why..."
+ CFLAGS="$CFLAGS $XMLSEC1_CFLAGS"
+ LIBS="$LIBS $XMLSEC1_LIBS"
+ AC_TRY_LINK([
+#include <libxmlsec1/version.h>
+#include <stdio.h>
+], [ soap_client_destroy(); return 0;],
+ [ echo "*** The test program compiled, but did not run. This usually means"
+ echo "*** that the run-time linker is not finding LIBXMLSEC1 or finding the wrong"
+ echo "*** version of LIBXMLSEC1. If it is not finding LIBXMLSEC1, you'll need to set your"
+ echo "*** LD_LIBRARY_PATH environment variable, or edit /etc/ld.so.conf to point"
+ echo "*** to the installed location Also, make sure you have run ldconfig if that"
+ echo "*** is required on your system"
+ echo "***"
+ echo "*** If you have an old version installed, it is best to remove it, although"
+ echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH" ],
+ [ echo "*** The test program failed to compile or link. See the file config.log for the"
+ echo "*** exact error that occured. This usually means LIBXMLSEC1 was incorrectly installed"
+ echo "*** or that you have moved LIBXMLSEC1 since it was installed. In the latter case, you"
+ echo "*** may want to edit the xmlsec1-config script: $XMLSEC1_CONFIG" ])
+ CFLAGS="$ac_save_CFLAGS"
+ LIBS="$ac_save_LIBS"
+ fi
+ fi
+
+ XMLSEC1_CFLAGS=""
+ XMLSEC1_LIBS=""
+ ifelse([$3], , :, [$3])
+ fi
+ AC_SUBST(XMLSEC1_CFLAGS)
+ AC_SUBST(XMLSEC1_LIBS)
+ rm -f conf.xmlsec1test
+])
diff --git a/xmlsec1.pc b/xmlsec1.pc
new file mode 100644
index 00000000..074ec09e
--- /dev/null
+++ b/xmlsec1.pc
@@ -0,0 +1,11 @@
+prefix=/usr
+exec_prefix=${prefix}
+libdir=${exec_prefix}/lib
+includedir=${prefix}/include
+
+Name: xmlsec1
+Version: 1.2.18
+Description: XML Security Library implements XML Signature and XML Encryption standards
+Requires: libxml-2.0 >= 2.7.4 libxslt >= 1.0.20
+Cflags: -DXMLSEC_CRYPTO=\"openssl\" -DXMLSEC_CRYPTO_DYNAMIC_LOADING=1 -D__XMLSEC_FUNCTION__=__FUNCTION__ -DXMLSEC_NO_GOST=1 -DXMLSEC_NO_XKMS=1 -DXMLSEC_DL_LIBLTDL=1, -I${prefix}/include/xmlsec1
+Libs: -L${libdir} -lxmlsec1 -lltdl
diff --git a/xmlsec1.spec b/xmlsec1.spec
new file mode 100644
index 00000000..20264baa
--- /dev/null
+++ b/xmlsec1.spec
@@ -0,0 +1,185 @@
+Summary: Library providing support for "XML Signature" and "XML Encryption" standards
+Name: xmlsec1
+Version: 1.2.18
+Release: 1
+License: MIT
+Group: Development/Libraries
+Vendor: Aleksey Sanin <aleksey@aleksey.com>
+Distribution: Aleksey Sanin <aleksey@aleksey.com>
+Packager: Aleksey Sanin <aleksey@aleksey.com>
+Source: ftp://ftp.aleksey.com/pub/xmlsec/releases/xmlsec1-%{version}.tar.gz
+BuildRoot: %{_tmppath}/xmlsec1-%{version}-root
+URL: http://www.aleksey.com/xmlsec
+Requires: libxml2 >= 2.7.4
+Requires: libxslt >= 1.0.20
+Requires: ltdl
+BuildRequires: libxml2-devel >= 2.7.4
+BuildRequires: libxslt-devel >= 1.0.20
+Prefix: %{_prefix}
+Docdir: %{_docdir}
+
+%define _unpackaged_files_terminate_build 0
+%define _missing_doc_files_terminate_build 0
+
+%description
+XML Security Library is a C library based on LibXML2 and OpenSSL.
+The library was created with a goal to support major XML security
+standards "XML Digital Signature" and "XML Encryption".
+
+%package devel
+Summary: Libraries, includes, etc. to develop applications with XML Digital Signatures and XML Encryption support.
+Group: Development/Libraries
+Requires: xmlsec1 = %{version}
+Requires: libxml2-devel >= 2.7.4
+Requires: libxslt-devel >= 1.0.20
+Requires: openssl-devel >= 0.9.6
+Requires: zlib-devel
+
+%description devel
+Libraries, includes, etc. you can use to develop applications with XML Digital
+Signatures and XML Encryption support.
+
+%package openssl
+Summary: OpenSSL crypto plugin for XML Security Library
+Group: Development/Libraries
+Requires: xmlsec1 = %{version}
+Requires: libxml2 >= 2.7.4
+Requires: libxslt >= 1.0.20
+Requires: openssl >= 0.9.6
+BuildRequires: openssl-devel >= 0.9.6
+
+%description openssl
+OpenSSL plugin for XML Security Library provides OpenSSL based crypto services
+for the xmlsec library
+
+%package openssl-devel
+Summary: OpenSSL crypto plugin for XML Security Library
+Group: Development/Libraries
+Requires: xmlsec1 = %{version}
+Requires: xmlsec1-devel = %{version}
+Requires: xmlsec1-openssl = %{version}
+Requires: libxml2-devel >= 2.7.4
+Requires: libxslt-devel >= 1.0.20
+Requires: openssl >= 0.9.6
+Requires: openssl-devel >= 0.9.6
+
+%description openssl-devel
+Libraries, includes, etc. for developing XML Security applications with OpenSSL
+
+%package nss
+Summary: NSS crypto plugin for XML Security Library
+Group: Development/Libraries
+Requires: xmlsec1 = %{version}
+Requires: libxml2 >= 2.7.4
+Requires: libxslt >= 1.0.20
+Requires: mozilla-nss >= 1.4
+BuildRequires: mozilla-nss-devel >= 1.4
+
+%description nss
+NSS plugin for XML Security Library provides NSS based crypto services
+for the xmlsec library
+
+%package nss-devel
+Summary: NSS crypto plugin for XML Security Library
+Group: Development/Libraries
+Requires: xmlsec1 = %{version}
+Requires: xmlsec1-devel = %{version}
+Requires: xmlsec1-nss = %{version}
+Requires: libxml2-devel >= 2.7.4
+Requires: libxslt-devel >= 1.0.20
+Requires: mozilla-nss-devel >= 1.4
+
+%description nss-devel
+Libraries, includes, etc. for developing XML Security applications with NSS
+
+%prep
+%setup -q
+
+%build
+# Needed for snapshot releases.
+if [ ! -f configure ]; then
+%ifarch alpha
+ CFLAGS="$RPM_OPT_FLAGS" ./autogen.sh --host=alpha-redhat-linux --prefix=%prefix --sysconfdir="/etc" --mandir=%{_mandir}
+%else
+ CFLAGS="$RPM_OPT_FLAGS" ./autogen.sh --prefix=%prefix --sysconfdir="/etc" --mandir=%{_mandir}
+%endif
+else
+%ifarch alpha
+ CFLAGS="$RPM_OPT_FLAGS" ./configure --host=alpha-redhat-linux --prefix=%prefix --sysconfdir="/etc" --mandir=%{_mandir}
+%else
+ CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=%prefix --sysconfdir="/etc" --mandir=%{_mandir}
+%endif
+fi
+if [ "$SMP" != "" ]; then
+ (make "MAKE=make -k -j $SMP"; exit 0)
+ make
+else
+ make
+fi
+
+%install
+rm -rf $RPM_BUILD_ROOT
+mkdir -p $RPM_BUILD_ROOT/usr/bin
+mkdir -p $RPM_BUILD_ROOT/usr/include/xmlsec1
+mkdir -p $RPM_BUILD_ROOT/usr/lib
+mkdir -p $RPM_BUILD_ROOT/usr/man/man1
+make prefix=$RPM_BUILD_ROOT%{prefix} mandir=$RPM_BUILD_ROOT%{_mandir} install
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%post -p /sbin/ldconfig
+
+%postun -p /sbin/ldconfig
+
+%files
+%defattr(-, root, root)
+
+%doc AUTHORS ChangeLog NEWS README Copyright
+%doc %{_mandir}/man1/xmlsec1.1*
+
+%{prefix}/lib/libxmlsec1.so.*
+%{prefix}/lib/libxmlsec1.so
+%{prefix}/bin/xmlsec1
+
+%files devel
+%defattr(-, root, root)
+
+%{prefix}/bin/xmlsec1-config
+%{prefix}/include/xmlsec1/xmlsec/*.h
+%{prefix}/include/xmlsec1/xmlsec/private/*.h
+%{prefix}/lib/libxmlsec1.*a
+%{prefix}/lib/pkgconfig/xmlsec1.pc
+%{prefix}/lib/xmlsec1Conf.sh
+%{prefix}/share/doc/xmlsec1/*
+%{prefix}/share/aclocal/xmlsec1.m4
+%doc AUTHORS HACKING ChangeLog NEWS README Copyright
+%doc %{_mandir}/man1/xmlsec1-config.1*
+
+%files openssl
+%defattr(-, root, root)
+
+%{prefix}/lib/libxmlsec1-openssl.so.*
+%{prefix}/lib/libxmlsec1-openssl.so
+
+%files openssl-devel
+%defattr(-, root, root)
+
+%{prefix}/include/xmlsec1/xmlsec/openssl/*.h
+%{prefix}/lib/libxmlsec1-openssl.*a
+%{prefix}/lib/pkgconfig/xmlsec1-openssl.pc
+
+%files nss
+%defattr(-, root, root)
+
+%{prefix}/lib/libxmlsec1-nss.so.*
+%{prefix}/lib/libxmlsec1-nss.so
+
+%files nss-devel
+%defattr(-, root, root)
+
+%{prefix}/include/xmlsec1/xmlsec/nss/*.h
+%{prefix}/lib/libxmlsec1-nss.*a
+%{prefix}/lib/pkgconfig/xmlsec1-nss.pc
+
+%changelog
diff --git a/xmlsec1Conf.sh b/xmlsec1Conf.sh
new file mode 100644
index 00000000..81f73952
--- /dev/null
+++ b/xmlsec1Conf.sh
@@ -0,0 +1,13 @@
+#
+# Configuration file for using the XML library in GNOME applications
+#
+prefix="/usr"
+exec_prefix="${prefix}"
+libdir="${exec_prefix}/lib"
+includedir="${prefix}/include"
+
+XMLSEC_LIBDIR="${exec_prefix}/lib"
+XMLSEC_INCLUDEDIR=" -D__XMLSEC_FUNCTION__=__FUNCTION__ -DXMLSEC_NO_GOST=1 -DXMLSEC_NO_XKMS=1 -DXMLSEC_DL_LIBLTDL=1, -I${prefix}/include/xmlsec1 -I/usr/include/libxml2 -I/usr/include/libxml2 -DXMLSEC_OPENSSL_098=1 -DXMLSEC_CRYPTO_OPENSSL=1 -DXMLSEC_CRYPTO=\\\"openssl\\\""
+XMLSEC_LIBS="-L${exec_prefix}/lib -lxmlsec1-openssl -lxmlsec1 -lltdl -lxml2 -lxslt -lxml2 -lssl -lcrypto "
+MODULE_VERSION="xmlsec-1.2.18-openssl"
+
diff --git a/xmlsecConf.sh.in b/xmlsecConf.sh.in
new file mode 100644
index 00000000..19e12161
--- /dev/null
+++ b/xmlsecConf.sh.in
@@ -0,0 +1,13 @@
+#
+# Configuration file for using the XML library in GNOME applications
+#
+prefix="@prefix@"
+exec_prefix="@exec_prefix@"
+libdir="@libdir@"
+includedir="@includedir@"
+
+XMLSEC_LIBDIR="@XMLSEC_LIBDIR@"
+XMLSEC_INCLUDEDIR="@XMLSEC_CFLAGS@ -DXMLSEC_CRYPTO=\\\"@XMLSEC_CRYPTO@\\\""
+XMLSEC_LIBS="@XMLSEC_LIBS@"
+MODULE_VERSION="xmlsec-@VERSION@-@XMLSEC_CRYPTO@"
+